NOTE: The patch has been adjusted to match the base code before backporting.

From 8a259e3df16def3f05828f355e98a5089cd6e6d0 Mon Sep 17 00:00:00 2001

From: =?UTF-8?q?Ond=C5=99ej=20Kuzn=C3=ADk?= <ondra@openldap.org>

Date: Thu, 14 Jun 2018 16:14:15 +0100

Subject: [PATCH] ITS#8573 allow all libldap options in tools -o option

---

 clients/tools/common.c     |  15 ++-

 doc/devel/args             |   2 +-

 doc/man/man1/ldapcompare.1 |   9 +-

 doc/man/man1/ldapdelete.1  |   9 +-

 doc/man/man1/ldapexop.1    |   9 +-

 doc/man/man1/ldapmodify.1  |   9 +-

 doc/man/man1/ldapmodrdn.1  |   9 +-

 doc/man/man1/ldappasswd.1  |   9 +-

 doc/man/man1/ldapsearch.1  |   9 +-

 doc/man/man1/ldapwhoami.1  |  13 ++-

 doc/man/man8/slapcat.8     |   2 +-

 include/ldap_pvt.h         |   5 +

 libraries/libldap/init.c   | 231 ++++++++++++++++++++++---------------

 servers/slapd/slapcommon.c |   5 +-

 14 files changed, 200 insertions(+), 136 deletions(-)

diff --git a/clients/tools/common.c b/clients/tools/common.c

index 39db70b93..d5c3491fc 100644

--- a/clients/tools/common.c

+++ b/clients/tools/common.c

@@ -351,9 +351,9 @@ N_("  -I         use SASL Interactive mode\n"),

 N_("  -n         show what would be done but don't actually do it\n"),

 N_("  -N         do not use reverse DNS to canonicalize SASL host name\n"),

 N_("  -O props   SASL security properties\n"),

-N_("  -o <opt>[=<optparam>] general options\n"),

+N_("  -o <opt>[=<optparam>] any libldap ldap.conf options, plus\n"),

+N_("             ldif_wrap=<width> (in columns, or \"no\" for no wrapping)\n"),

 N_("             nettimeout=<timeout> (in seconds, or \"none\" or \"max\")\n"),

-N_("             ldif-wrap=<width> (in columns, or \"no\" for no wrapping)\n"),

 N_("  -p port    port on LDAP server\n"),

 N_("  -Q         use SASL Quiet mode\n"),

 N_("  -R realm   SASL realm\n"),

@@ -785,6 +785,11 @@ tool_args( int argc, char **argv )

 			if ( (cvalue = strchr( control, '=' )) != NULL ) {

 				*cvalue++ = '\0';

 			}

+			for ( next=control; *next; next++ ) {

+				if ( *next == '-' ) {

+					*next = '_';

+				}

+			}

 			if ( strcasecmp( control, "nettimeout" ) == 0 ) {

 				if( nettimeout.tv_sec != -1 ) {

@@ -814,7 +819,7 @@ tool_args( int argc, char **argv )

 	 				exit( EXIT_FAILURE );

  				}

-			} else if ( strcasecmp( control, "ldif-wrap" ) == 0 ) {

+			} else if ( strcasecmp( control, "ldif_wrap" ) == 0 ) {

 				if ( cvalue == 0 ) {

 					ldif_wrap = LDIF_LINE_WIDTH;

@@ -825,13 +830,13 @@ tool_args( int argc, char **argv )

 					unsigned int u;

 					if ( lutil_atou( &u, cvalue ) ) {

 						fprintf( stderr,

-							_("Unable to parse ldif-wrap=\"%s\"\n"), cvalue );

+							_("Unable to parse ldif_wrap=\"%s\"\n"), cvalue );

 		 				exit( EXIT_FAILURE );

 					}

 					ldif_wrap = (ber_len_t)u;

 				}

-			} else {

+			} else if ( ldap_pvt_conf_option( control, cvalue, 1 ) ) {

 				fprintf( stderr, "Invalid general option name: %s\n",

 					control );

 				usage();

diff --git a/doc/devel/args b/doc/devel/args

index 7805eff1c..31c22f948 100644

--- a/doc/devel/args

+++ b/doc/devel/args

@@ -27,7 +27,7 @@ ldapwhoami       * DE**HI**  NO QR  UVWXYZ   def*h*** *nop*    vwxy

 	-h host

 	-n no-op

 	-N no (SASLprep) normalization of simple bind password

-	-o general options (currently nettimeout and ldif-wrap only)

+	-o general libldap options (plus ldif_wrap and nettimeout for backwards comp.)

 	-p port

 	-v verbose

 	-V version

diff --git a/doc/man/man1/ldapcompare.1 b/doc/man/man1/ldapcompare.1

index 667815a26..de90498db 100644

--- a/doc/man/man1/ldapcompare.1

+++ b/doc/man/man1/ldapcompare.1

@@ -186,13 +186,14 @@ Compare extensions:

 .TP

 .BI \-o \ opt \fR[= optparam \fR]

-Specify general options.

-

-General options:

+Specify any

+.BR ldap.conf (5)

+option or one of the following:

 .nf

   nettimeout=<timeout>  (in seconds, or "none" or "max")

-  ldif-wrap=<width>     (in columns, or "no" for no wrapping)

+  ldif_wrap=<width>     (in columns, or "no" for no wrapping)

 .fi

+

 .TP

 .BI \-O \ security-properties

 Specify SASL security properties.

diff --git a/doc/man/man1/ldapdelete.1 b/doc/man/man1/ldapdelete.1

index 9e7036230..872424a65 100644

--- a/doc/man/man1/ldapdelete.1

+++ b/doc/man/man1/ldapdelete.1

@@ -192,13 +192,14 @@ Delete extensions:

 .TP

 .BI \-o \ opt \fR[= optparam \fR]

-Specify general options.

-

-General options:

+Specify any

+.BR ldap.conf (5)

+option or one of the following:

 .nf

   nettimeout=<timeout>  (in seconds, or "none" or "max")

-  ldif-wrap=<width>     (in columns, or "no" for no wrapping)

+  ldif_wrap=<width>     (in columns, or "no" for no wrapping)

 .fi

+

 .TP

 .BI \-O \ security-properties

 Specify SASL security properties.

diff --git a/doc/man/man1/ldapexop.1 b/doc/man/man1/ldapexop.1

index 5f5ae7aae..96a7c514e 100644

--- a/doc/man/man1/ldapexop.1

+++ b/doc/man/man1/ldapexop.1

@@ -189,13 +189,14 @@ Specify general extensions.  \'!\' indicates criticality.

 .TP

 .BI \-o \ opt \fR[= optparam \fR]

-Specify general options.

-

-General options:

+Specify any

+.BR ldap.conf (5)

+option or one of the following:

 .nf

   nettimeout=<timeout>  (in seconds, or "none" or "max")

-  ldif-wrap=<width>     (in columns, or "no" for no wrapping)

+  ldif_wrap=<width>     (in columns, or "no" for no wrapping)

 .fi

+

 .TP

 .BI \-O \ security-properties

 Specify SASL security properties.

diff --git a/doc/man/man1/ldapmodify.1 b/doc/man/man1/ldapmodify.1

index f884c5bfb..90f813506 100644

--- a/doc/man/man1/ldapmodify.1

+++ b/doc/man/man1/ldapmodify.1

@@ -255,13 +255,14 @@ Modify extensions:

 .TP

 .BI \-o \ opt \fR[= optparam \fR]]

-Specify general options.

-

-General options:

+Specify any

+.BR ldap.conf (5)

+option or one of the following:

 .nf

   nettimeout=<timeout>  (in seconds, or "none" or "max")

-  ldif-wrap=<width>     (in columns, or "no" for no wrapping)

+  ldif_wrap=<width>     (in columns, or "no" for no wrapping)

 .fi

+

 .TP

 .BI \-O \ security-properties

 Specify SASL security properties.

diff --git a/doc/man/man1/ldapmodrdn.1 b/doc/man/man1/ldapmodrdn.1

index fa9eac627..900ba7e0e 100644

--- a/doc/man/man1/ldapmodrdn.1

+++ b/doc/man/man1/ldapmodrdn.1

@@ -186,13 +186,14 @@ Modrdn extensions:

 .TP

 .BI \-o \ opt \fR[= optparam \fR]

-Specify general options.

-

-General options:

+Specify any

+.BR ldap.conf (5)

+option or one of the following:

 .nf

   nettimeout=<timeout>  (in seconds, or "none" or "max")

-  ldif-wrap=<width>     (in columns, or "no" for no wrapping)

+  ldif_wrap=<width>     (in columns, or "no" for no wrapping)

 .fi

+

 .TP

 .BI \-O \ security-properties

 Specify SASL security properties.

diff --git a/doc/man/man1/ldappasswd.1 b/doc/man/man1/ldappasswd.1

index d3f45b082..bf273fb25 100644

--- a/doc/man/man1/ldappasswd.1

+++ b/doc/man/man1/ldappasswd.1

@@ -188,13 +188,14 @@ Passwd Modify extensions:

 .TP

 .BI \-o \ opt \fR[= optparam \fR]]

-Specify general options.

-

-General options:

+Specify any

+.BR ldap.conf (5)

+option or one of the following:

 .nf

   nettimeout=<timeout>  (in seconds, or "none" or "max")

-  ldif-wrap=<width>     (in columns, or "no" for no wrapping)

+  ldif_wrap=<width>     (in columns, or "no" for no wrapping)

 .fi

+

 .TP

 .BI \-O \ security-properties

 Specify SASL security properties.

diff --git a/doc/man/man1/ldapsearch.1 b/doc/man/man1/ldapsearch.1

index 196179232..901e56043 100644

--- a/doc/man/man1/ldapsearch.1

+++ b/doc/man/man1/ldapsearch.1

@@ -332,13 +332,14 @@ Search extensions:

 .TP

 .BI \-o \ opt \fR[= optparam \fR]

-Specify general options.

-

-General options:

+Specify any

+.BR ldap.conf (5)

+option or one of the following:

 .nf

   nettimeout=<timeout>  (in seconds, or "none" or "max")

-  ldif-wrap=<width>     (in columns, or "no" for no wrapping)

+  ldif_wrap=<width>     (in columns, or "no" for no wrapping)

 .fi

+

 .TP

 .BI \-O \ security-properties

 Specify SASL security properties.

diff --git a/doc/man/man1/ldapwhoami.1 b/doc/man/man1/ldapwhoami.1

index b684de54a..79864c729 100644

--- a/doc/man/man1/ldapwhoami.1

+++ b/doc/man/man1/ldapwhoami.1

@@ -143,13 +143,18 @@ WhoAmI extensions:

 .TP

 .BI \-o \ opt \fR[= optparam \fR]

-Specify general options.

-

-General options:

+Specify any

+.BR ldap.conf (5)

+option or one of the following:

 .nf

   nettimeout=<timeout>  (in seconds, or "none" or "max")

-  ldif-wrap=<width>     (in columns, or "no" for no wrapping)

+  ldif_wrap=<width>     (in columns, or "no" for no wrapping)

 .fi

+

+.B -o

+option that can be passed here, check

+.BR ldap.conf (5)

+for details.

 .TP

 .BI \-O \ security-properties

 Specify SASL security properties.

diff --git a/doc/man/man8/slapcat.8 b/doc/man/man8/slapcat.8

index d05cfa643..24c8f03ea 100644

--- a/doc/man/man8/slapcat.8

+++ b/doc/man/man8/slapcat.8

@@ -149,7 +149,7 @@ Possible generic options/values are:

               syslog\-level=<level> (see `\-S' in slapd(8))

               syslog\-user=<user>   (see `\-l' in slapd(8))

-              ldif-wrap={no|<n>}

+              ldif_wrap={no|<n>}

 .in

 \fIn\fP is the number of columns allowed for the LDIF output

diff --git a/include/ldap_pvt.h b/include/ldap_pvt.h

index 61c620785..c586a95b5 100644

--- a/include/ldap_pvt.h

+++ b/include/ldap_pvt.h

@@ -321,6 +321,11 @@ struct ldapmsg;

 LDAP_F ( int ) ldap_pvt_discard LDAP_P((

 	struct ldap *ld, ber_int_t msgid ));

+/* init.c */

+LDAP_F( int )

+ldap_pvt_conf_option LDAP_P((

+	char *cmd, char *opt, int userconf ));

+

 /* messages.c */

 LDAP_F( BerElement * )

 ldap_get_message_ber LDAP_P((

diff --git a/libraries/libldap/init.c b/libraries/libldap/init.c

index 182ef7d7e..746824fbd 100644

--- a/libraries/libldap/init.c

+++ b/libraries/libldap/init.c

@@ -148,6 +148,141 @@ static const struct ol_attribute {

 #define MAX_LDAP_ATTR_LEN  sizeof("GSSAPI_ALLOW_REMOTE_PRINCIPAL")

 #define MAX_LDAP_ENV_PREFIX_LEN 8

+static int

+ldap_int_conf_option(

+	struct ldapoptions *gopts,

+	char *cmd, char *opt, int userconf )

+{

+	int i;

+

+	for(i=0; attrs[i].type != ATTR_NONE; i++) {

+		void *p;

+

+		if( !userconf && attrs[i].useronly ) {

+			continue;

+		}

+

+		if(strcasecmp(cmd, attrs[i].name) != 0) {

+			continue;

+		}

+

+		switch(attrs[i].type) {

+		case ATTR_BOOL:

+			if((strcasecmp(opt, "on") == 0)

+				|| (strcasecmp(opt, "yes") == 0)

+				|| (strcasecmp(opt, "true") == 0))

+			{

+				LDAP_BOOL_SET(gopts, attrs[i].offset);

+

+			} else {

+				LDAP_BOOL_CLR(gopts, attrs[i].offset);

+			}

+

+			break;

+

+		case ATTR_INT: {

+			char *next;

+			long l;

+			p = &((char *) gopts)[attrs[i].offset];

+			l = strtol( opt, &next, 10 );

+			if ( next != opt && next[ 0 ] == '\0' ) {

+				* (int*) p = l;

+			}

+			} break;

+

+		case ATTR_KV: {

+				const struct ol_keyvalue *kv;

+

+				for(kv = attrs[i].data;

+					kv->key != NULL;

+					kv++) {

+

+					if(strcasecmp(opt, kv->key) == 0) {

+						p = &((char *) gopts)[attrs[i].offset];

+						* (int*) p = kv->value;

+						break;

+					}

+				}

+			} break;

+

+		case ATTR_STRING:

+			p = &((char *) gopts)[attrs[i].offset];

+			if (* (char**) p != NULL) LDAP_FREE(* (char**) p);

+			* (char**) p = LDAP_STRDUP(opt);

+			break;

+		case ATTR_OPTION:

+			ldap_set_option( NULL, attrs[i].offset, opt );

+			break;

+		case ATTR_SASL:

+#ifdef HAVE_CYRUS_SASL

+			ldap_int_sasl_config( gopts, attrs[i].offset, opt );

+#endif

+			break;

+		case ATTR_GSSAPI:

+#ifdef HAVE_GSSAPI

+			ldap_int_gssapi_config( gopts, attrs[i].offset, opt );

+#endif

+			break;

+		case ATTR_TLS:

+#ifdef HAVE_TLS

+			ldap_int_tls_config( NULL, attrs[i].offset, opt );

+#endif

+			break;

+		case ATTR_OPT_TV: {

+			struct timeval tv;

+			char *next;

+			tv.tv_usec = 0;

+			tv.tv_sec = strtol( opt, &next, 10 );

+			if ( next != opt && next[ 0 ] == '\0' && tv.tv_sec > 0 ) {

+				(void)ldap_set_option( NULL, attrs[i].offset, (const void *)&tv );

+			}

+			} break;

+		case ATTR_OPT_INT: {

+			long l;

+			char *next;

+			l = strtol( opt, &next, 10 );

+			if ( next != opt && next[ 0 ] == '\0' && l > 0 && (long)((int)l) == l ) {

+				int v = (int)l;

+				(void)ldap_set_option( NULL, attrs[i].offset, (const void *)&v );

+			}

+			} break;

+		}

+

+		break;

+	}

+

+	if ( attrs[i].type == ATTR_NONE ) {

+		Debug( LDAP_DEBUG_TRACE, "ldap_int_tls_config: "

+				"unknown option '%s'",

+				cmd, 0, 0 );

+		return 1;

+	}

+

+	return 0;

+}

+

+int

+ldap_pvt_conf_option(

+	char *cmd, char *opt, int userconf )

+{

+	struct ldapoptions *gopts;

+	int rc = LDAP_OPT_ERROR;

+

+	/* Get pointer to global option structure */

+	gopts = LDAP_INT_GLOBAL_OPT();

+	if (NULL == gopts) {

+		return LDAP_NO_MEMORY;

+	}

+

+	if ( gopts->ldo_valid != LDAP_INITIALIZED ) {

+		ldap_int_initialize(gopts, NULL);

+		if ( gopts->ldo_valid != LDAP_INITIALIZED )

+			return LDAP_LOCAL_ERROR;

+	}

+

+	return ldap_int_conf_option( gopts, cmd, opt, userconf );

+}

+

 static void openldap_ldap_init_w_conf(

 	const char *file, int userconf )

 {

@@ -213,101 +348,7 @@ static void openldap_ldap_init_w_conf(

 		while(isspace((unsigned char)*start)) start++;

 		opt = start;

-		for(i=0; attrs[i].type != ATTR_NONE; i++) {

-			void *p;

-

-			if( !userconf && attrs[i].useronly ) {

-				continue;

-			}

-

-			if(strcasecmp(cmd, attrs[i].name) != 0) {

-				continue;

-			}

-

-			switch(attrs[i].type) {

-			case ATTR_BOOL:

-				if((strcasecmp(opt, "on") == 0) 

-					|| (strcasecmp(opt, "yes") == 0)

-					|| (strcasecmp(opt, "true") == 0))

-				{

-					LDAP_BOOL_SET(gopts, attrs[i].offset);

-

-				} else {

-					LDAP_BOOL_CLR(gopts, attrs[i].offset);

-				}

-

-				break;

-

-			case ATTR_INT: {

-				char *next;

-				long l;

-				p = &((char *) gopts)[attrs[i].offset];

-				l = strtol( opt, &next, 10 );

-				if ( next != opt && next[ 0 ] == '\0' ) {

-					* (int*) p = l;

-				}

-				} break;

-

-			case ATTR_KV: {

-					const struct ol_keyvalue *kv;

-

-					for(kv = attrs[i].data;

-						kv->key != NULL;

-						kv++) {

-

-						if(strcasecmp(opt, kv->key) == 0) {

-							p = &((char *) gopts)[attrs[i].offset];

-							* (int*) p = kv->value;

-							break;

-						}

-					}

-				} break;

-

-			case ATTR_STRING:

-				p = &((char *) gopts)[attrs[i].offset];

-				if (* (char**) p != NULL) LDAP_FREE(* (char**) p);

-				* (char**) p = LDAP_STRDUP(opt);

-				break;

-			case ATTR_OPTION:

-				ldap_set_option( NULL, attrs[i].offset, opt );

-				break;

-			case ATTR_SASL:

-#ifdef HAVE_CYRUS_SASL

-			   	ldap_int_sasl_config( gopts, attrs[i].offset, opt );

-#endif

-				break;

-			case ATTR_GSSAPI:

-#ifdef HAVE_GSSAPI

-				ldap_int_gssapi_config( gopts, attrs[i].offset, opt );

-#endif

-				break;

-			case ATTR_TLS:

-#ifdef HAVE_TLS

-			   	ldap_int_tls_config( NULL, attrs[i].offset, opt );

-#endif

-				break;

-			case ATTR_OPT_TV: {

-				struct timeval tv;

-				char *next;

-				tv.tv_usec = 0;

-				tv.tv_sec = strtol( opt, &next, 10 );

-				if ( next != opt && next[ 0 ] == '\0' && tv.tv_sec > 0 ) {

-					(void)ldap_set_option( NULL, attrs[i].offset, (const void *)&tv );

-				}

-				} break;

-			case ATTR_OPT_INT: {

-				long l;

-				char *next;

-				l = strtol( opt, &next, 10 );

-				if ( next != opt && next[ 0 ] == '\0' && l > 0 && (long)((int)l) == l ) {

-					int v = (int)l;

-					(void)ldap_set_option( NULL, attrs[i].offset, (const void *)&v );

-				}

-				} break;

-			}

-

-			break;

-		}

+		ldap_int_conf_option( gopts, cmd, opt, userconf );

 	}

 	fclose(fp);

diff --git a/servers/slapd/slapcommon.c b/servers/slapd/slapcommon.c

index 01574af1e..a62c69581 100644

--- a/servers/slapd/slapcommon.c

+++ b/servers/slapd/slapcommon.c

@@ -228,7 +228,8 @@ parse_slapopt( int tool, int *mode )

 			break;

 		}

-	} else if ( strncasecmp( optarg, "ldif-wrap", len ) == 0 ) {

+	} else if ( ( strncasecmp( optarg, "ldif_wrap", len ) == 0 ) ||

+			( strncasecmp( optarg, "ldif-wrap", len ) == 0 ) ) {

 		switch ( tool ) {

 		case SLAPCAT:

 			if ( strcasecmp( p, "no" ) == 0 ) {

@@ -237,7 +238,7 @@ parse_slapopt( int tool, int *mode )

 			} else {

 				unsigned int u;

 				if ( lutil_atou( &u, p ) ) {

-					Debug( LDAP_DEBUG_ANY, "unable to parse ldif-wrap=\"%s\".\n", p, 0, 0 );

+					Debug( LDAP_DEBUG_ANY, "unable to parse ldif_wrap=\"%s\".\n", p, 0, 0 );

 					return -1;

 				}

 				ldif_wrap = (ber_len_t)u;

-- 

2.29.2