Issue #1258 - Part 2: Use binoc-central version of ldap

9 files changed, 4125 insertions, 0 deletions

diff --git a/ldap/c-sdk/liblber/bprint.c b/ldap/c-sdk/liblber/bprint.c
new file mode 100644
index 000000000..7a7ccc01f
--- /dev/null
+++ b/ldap/c-sdk/liblber/bprint.c
@@ -0,0 +1,102 @@
+/* ***** BEGIN LICENSE BLOCK *****
+ * Version: MPL 1.1/GPL 2.0/LGPL 2.1
+ * 
+ * The contents of this file are subject to the Mozilla Public License Version 
+ * 1.1 (the "License"); you may not use this file except in compliance with 
+ * the License. You may obtain a copy of the License at 
+ * http://www.mozilla.org/MPL/
+ * 
+ * Software distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+ * for the specific language governing rights and limitations under the
+ * License.
+ * 
+ * The Original Code is Mozilla Communicator client code, released
+ * March 31, 1998.
+ * 
+ * The Initial Developer of the Original Code is
+ * Netscape Communications Corporation.
+ * Portions created by the Initial Developer are Copyright (C) 1998-1999
+ * the Initial Developer. All Rights Reserved.
+ * 
+ * Contributor(s):
+ * 
+ * Alternatively, the contents of this file may be used under the terms of
+ * either of the GNU General Public License Version 2 or later (the "GPL"),
+ * or the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+ * in which case the provisions of the GPL or the LGPL are applicable instead
+ * of those above. If you wish to allow use of your version of this file only
+ * under the terms of either the GPL or the LGPL, and not to allow others to
+ * use your version of this file under the terms of the MPL, indicate your
+ * decision by deleting the provisions above and replace them with the notice
+ * and other provisions required by the GPL or the LGPL. If you do not delete
+ * the provisions above, a recipient may use your version of this file under
+ * the terms of any one of the MPL, the GPL or the LGPL.
+ * 
+ * ***** END LICENSE BLOCK ***** */
+
+/* bprint.c - a printing utility for debuging output */
+#include <string.h>
+#include "lber-int.h"
+
+#ifdef LDAP_DEBUG
+/*
+ * Print arbitrary stuff, for debugging.
+ */
+
+#define BPLEN	48
+
+void
+lber_bprint( char *data, int len )
+{
+    static char	hexdig[] = "0123456789abcdef";
+    char	out[ BPLEN ];
+    int		i = 0;
+
+    memset( out, 0, BPLEN );
+    for ( ;; ) {
+	if ( len < 1 ) {
+		char msg[BPLEN + 80];
+	    sprintf( msg, "\t%s\n", ( i == 0 ) ? "(end)" : out );
+		ber_err_print( msg );
+	    break;
+	}
+
+#ifndef HEX
+	if ( isgraph( (unsigned char)*data )) {
+	    out[ i ] = ' ';
+	    out[ i+1 ] = *data;
+	} else {
+#endif
+	    out[ i ] = hexdig[ ( *data & 0xf0 ) >> 4 ];
+	    out[ i+1 ] = hexdig[ *data & 0x0f ];
+#ifndef HEX
+	}
+#endif
+	i += 2;
+	len--;
+	data++;
+
+	if ( i > BPLEN - 2 ) {
+		char msg[BPLEN + 80];
+	    sprintf( msg, "\t%s\n", out );
+		ber_err_print( msg );
+	    memset( out, 0, BPLEN );
+	    i = 0;
+	    continue;
+	}
+	out[ i++ ] = ' ';
+    }
+}
+
+#endif
+
+void ber_err_print( char *data )
+{
+#ifdef USE_DEBUG_WIN
+	OutputDebugString( data );
+#else
+	fputs( data, stderr );
+	fflush( stderr );
+#endif
+}
diff --git a/ldap/c-sdk/liblber/decode.c b/ldap/c-sdk/liblber/decode.c
new file mode 100644
index 000000000..732dd6e64
--- /dev/null
+++ b/ldap/c-sdk/liblber/decode.c
@@ -0,0 +1,833 @@
+/* ***** BEGIN LICENSE BLOCK *****
+ * Version: MPL 1.1/GPL 2.0/LGPL 2.1
+ * 
+ * The contents of this file are subject to the Mozilla Public License Version 
+ * 1.1 (the "License"); you may not use this file except in compliance with 
+ * the License. You may obtain a copy of the License at 
+ * http://www.mozilla.org/MPL/
+ * 
+ * Software distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+ * for the specific language governing rights and limitations under the
+ * License.
+ * 
+ * The Original Code is Mozilla Communicator client code, released
+ * March 31, 1998.
+ * 
+ * The Initial Developer of the Original Code is
+ * Netscape Communications Corporation.
+ * Portions created by the Initial Developer are Copyright (C) 1998-1999
+ * the Initial Developer. All Rights Reserved.
+ * 
+ * Contributor(s):
+ * 
+ * Alternatively, the contents of this file may be used under the terms of
+ * either of the GNU General Public License Version 2 or later (the "GPL"),
+ * or the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+ * in which case the provisions of the GPL or the LGPL are applicable instead
+ * of those above. If you wish to allow use of your version of this file only
+ * under the terms of either the GPL or the LGPL, and not to allow others to
+ * use your version of this file under the terms of the MPL, indicate your
+ * decision by deleting the provisions above and replace them with the notice
+ * and other provisions required by the GPL or the LGPL. If you do not delete
+ * the provisions above, a recipient may use your version of this file under
+ * the terms of any one of the MPL, the GPL or the LGPL.
+ * 
+ * ***** END LICENSE BLOCK ***** */
+
+/*
+ * Copyright (c) 1990 Regents of the University of Michigan.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms are permitted
+ * provided that this notice is preserved and that due credit is given
+ * to the University of Michigan at Ann Arbor. The name of the University
+ * may not be used to endorse or promote products derived from this
+ * software without specific prior written permission. This software
+ * is provided ``as is'' without express or implied warranty.
+ */
+
+/* decode.c - ber input decoding routines */
+
+#include "lber-int.h"
+
+/*
+ * Note: ber_get_tag() only uses the ber_end and ber_ptr elements of ber.
+ * If that changes, the ber_peek_tag() and/or ber_skip_tag() implementations
+ * will need to be changed.
+ */
+/* return the tag - LBER_DEFAULT returned means trouble */
+ber_tag_t
+LDAP_CALL
+ber_get_tag( BerElement *ber )
+{
+	unsigned char	xbyte;
+	ber_tag_t		tag;
+	char			*tagp;
+	int				i;
+
+	if ( ber_read( ber, (char *) &xbyte, 1 ) != 1 )
+		return( LBER_DEFAULT );
+
+	if ( (xbyte & LBER_BIG_TAG_MASK) != LBER_BIG_TAG_MASK )
+		return( (ber_uint_t) xbyte );
+
+	tagp = (char *) &tag;
+	tagp[0] = xbyte;
+	for ( i = 1; i < sizeof(ber_int_t); i++ ) {
+		if ( ber_read( ber, (char *) &xbyte, 1 ) != 1 )
+			return( LBER_DEFAULT );
+
+		tagp[i] = xbyte;
+
+		if ( ! (xbyte & LBER_MORE_TAG_MASK) )
+			break;
+	}
+
+	/* tag too big! */
+	if ( i == sizeof(ber_int_t) )
+		return( LBER_DEFAULT );
+
+	/* want leading, not trailing 0's */
+	return( tag >> (sizeof(ber_int_t) - i - 1) );
+}
+
+/*
+ * Note: ber_skip_tag() only uses the ber_end and ber_ptr elements of ber.
+ * If that changes, the implementation of ber_peek_tag() will need to
+ * be changed.
+ */
+ber_tag_t
+LDAP_CALL
+ber_skip_tag( BerElement *ber, ber_len_t *len )
+{
+	ber_tag_t		tag;
+	unsigned char	lc;
+	int				noctets, diff;
+	ber_len_t		netlen;
+
+	/*
+	 * Any ber element looks like this: tag length contents.
+	 * Assuming everything's ok, we return the tag byte (we
+	 * can assume a single byte), and return the length in len.
+	 *
+	 * Assumptions:
+	 *	1) definite lengths
+	 *	2) primitive encodings used whenever possible
+	 */
+
+	/*
+	 * First, we read the tag.
+	 */
+
+	if ( (tag = ber_get_tag( ber )) == LBER_DEFAULT )
+		return( LBER_DEFAULT );
+
+	/*
+	 * Next, read the length.  The first byte contains the length of
+	 * the length.  If bit 8 is set, the length is the long form,
+	 * otherwise it's the short form.  We don't allow a length that's
+	 * greater than what we can hold in an unsigned long.
+	 */
+
+	*len = netlen = 0;
+	if ( ber_read( ber, (char *) &lc, 1 ) != 1 )
+		return( LBER_DEFAULT );
+	if ( lc & 0x80 ) {
+		noctets = (lc & 0x7f);
+		if ( noctets > sizeof(ber_uint_t) )
+			return( LBER_DEFAULT );
+		diff = sizeof(ber_int_t) - noctets;
+		if ( ber_read( ber, (char *) &netlen + diff, noctets )
+		    != noctets )
+			return( LBER_DEFAULT );
+		*len = LBER_NTOHL( netlen );
+	} else {
+		*len = lc;
+	}
+
+	return( tag );
+}
+
+
+/*
+ * Note: Previously, we passed the "ber" parameter directly to ber_skip_tag(),
+ * saving and restoring the ber_ptr element only.  We now take advantage
+ * of the fact that the only ber structure elements touched by ber_skip_tag()
+ * are ber_end and ber_ptr.  If that changes, this code must change too.
+ */
+ber_tag_t
+LDAP_CALL
+ber_peek_tag( BerElement *ber, ber_len_t *len )
+{
+	BerElement	bercopy;
+
+	bercopy.ber_end = ber->ber_end;
+	bercopy.ber_ptr = ber->ber_ptr;
+	return( ber_skip_tag( &bercopy, len ));
+}
+
+static int
+ber_getnint( BerElement *ber, ber_int_t *num, ber_slen_t len )
+{
+	int				i;
+	ber_int_t		value;
+	unsigned char	buffer[sizeof(ber_int_t)];
+	/*
+	 * The tag and length have already been stripped off.  We should
+	 * be sitting right before len bytes of 2's complement integer,
+	 * ready to be read straight into an int.  We may have to sign
+	 * extend after we read it in.
+	 */
+
+	if ( len > sizeof(ber_slen_t) )
+		return( -1 );
+
+	/* read into the low-order bytes of netnum */
+	if ( ber_read( ber, (char *) buffer, len ) != len )
+		return( -1 );
+
+	/* This sets the required sign extension */
+	if ( len != 0) {
+		value = 0x80 & buffer[0] ? (-1) : 0;
+	} else {
+		value = 0;
+	}
+		
+	for ( i = 0; i < len; i++ )
+	  value = (value << 8) | buffer[i];
+	
+	*num = value;
+	
+	return( len );
+}
+
+ber_tag_t
+LDAP_CALL
+ber_get_int( BerElement *ber, ber_int_t *num )
+{
+	ber_tag_t	tag;
+	ber_len_t	len;
+
+	if ( (tag = ber_skip_tag( ber, &len )) == LBER_DEFAULT )
+		return( LBER_DEFAULT );
+
+	/*
+     * len is being demoted to a long here --  possible conversion error
+     */
+  
+	if ( ber_getnint( ber, num, (int)len ) != (ber_slen_t)len )
+		return( LBER_DEFAULT );
+	else
+		return( tag );
+}
+
+ber_tag_t
+LDAP_CALL
+ber_get_stringb( BerElement *ber, char *buf, ber_len_t *len )
+{
+	ber_len_t	datalen;
+	ber_tag_t	tag;
+#ifdef STR_TRANSLATION
+	char		*transbuf;
+#endif /* STR_TRANSLATION */
+
+	if ( (tag = ber_skip_tag( ber, &datalen )) == LBER_DEFAULT )
+		return( LBER_DEFAULT );
+	if ( datalen > (*len - 1) )
+		return( LBER_DEFAULT );
+
+	/*
+     * datalen is being demoted to a long here --  possible conversion error
+     */
+
+	if ( ber_read( ber, buf, datalen ) != (ber_slen_t) datalen )
+		return( LBER_DEFAULT );
+
+	buf[datalen] = '\0';
+
+#ifdef STR_TRANSLATION
+	if ( datalen > 0 && ( ber->ber_options & LBER_OPT_TRANSLATE_STRINGS )
+	    != 0 && ber->ber_decode_translate_proc != NULL ) {
+		transbuf = buf;
+		++datalen;
+		if ( (*(ber->ber_decode_translate_proc))( &transbuf, &datalen,
+		    0 ) != 0 ) {
+			return( LBER_DEFAULT );
+		}
+		if ( datalen > *len ) {
+			NSLBERI_FREE( transbuf );
+			return( LBER_DEFAULT );
+		}
+		SAFEMEMCPY( buf, transbuf, datalen );
+		NSLBERI_FREE( transbuf );
+		--datalen;
+	}
+#endif /* STR_TRANSLATION */
+
+	*len = datalen;
+	return( tag );
+}
+
+ber_tag_t
+LDAP_CALL
+ber_get_stringa( BerElement *ber, char **buf )
+{
+	ber_len_t	datalen, ndatalen;
+	ber_tag_t	tag;
+
+	if ( (tag = ber_skip_tag( ber, &datalen )) == LBER_DEFAULT )
+		return( LBER_DEFAULT );
+
+	if ( ((ndatalen = (size_t)datalen + 1) < (size_t) datalen) ||
+	   ( datalen > (ber->ber_end - ber->ber_ptr) ) ||
+	   ( (*buf = (char *)NSLBERI_MALLOC( (size_t)ndatalen )) == NULL ))
+		return( LBER_DEFAULT );
+
+    /*
+     * datalen is being demoted to a long here --  possible conversion error
+     */
+	if ( ber_read( ber, *buf, datalen ) != (ber_slen_t) datalen ) {
+		NSLBERI_FREE( *buf );
+		*buf = NULL;
+		return( LBER_DEFAULT );
+	}
+
+	(*buf)[datalen] = '\0';
+
+#ifdef STR_TRANSLATION
+	if ( datalen > 0 && ( ber->ber_options & LBER_OPT_TRANSLATE_STRINGS )
+	    != 0 && ber->ber_decode_translate_proc != NULL ) {
+		++datalen;
+		if ( (*(ber->ber_decode_translate_proc))( buf, &datalen, 1 )
+		    != 0 ) {
+			NSLBERI_FREE( *buf );
+			*buf = NULL;
+			return( LBER_DEFAULT );
+		}
+	}
+#endif /* STR_TRANSLATION */
+
+	return( tag );
+}
+
+ber_tag_t
+LDAP_CALL
+ber_get_stringal( BerElement *ber, struct berval **bv )
+{
+	ber_len_t	len, nlen;
+	ber_tag_t	tag;
+
+	if ( (*bv = (struct berval *)NSLBERI_MALLOC( sizeof(struct berval) ))
+	    == NULL ) {
+		return( LBER_DEFAULT );
+	}
+	
+	(*bv)->bv_val = NULL;
+	(*bv)->bv_len = 0;
+
+	if ( (tag = ber_skip_tag( ber, &len )) == LBER_DEFAULT ) {
+		NSLBERI_FREE( *bv );
+		*bv = NULL;
+		return( LBER_DEFAULT );
+	}
+
+	if ( ((nlen = (size_t) len + 1) < (size_t)len) ||
+	     ( len > (ber->ber_end - ber->ber_ptr) ) ||
+	     (((*bv)->bv_val = (char *)NSLBERI_MALLOC( (size_t)nlen ))
+	    == NULL )) {
+		NSLBERI_FREE( *bv );
+		*bv = NULL;
+		return( LBER_DEFAULT );
+	}
+
+    /*
+     * len is being demoted to a long here --  possible conversion error
+     */
+	if ( ber_read( ber, (*bv)->bv_val, len ) != (ber_slen_t) len ) {
+		NSLBERI_FREE( (*bv)->bv_val );
+		(*bv)->bv_val = NULL;
+		NSLBERI_FREE( *bv );
+		*bv = NULL;
+		return( LBER_DEFAULT );
+	}
+
+	((*bv)->bv_val)[len] = '\0';
+	(*bv)->bv_len = len;
+
+#ifdef STR_TRANSLATION
+	if ( len > 0 && ( ber->ber_options & LBER_OPT_TRANSLATE_STRINGS ) != 0
+	    && ber->ber_decode_translate_proc != NULL ) {
+		++len;
+		if ( (*(ber->ber_decode_translate_proc))( &((*bv)->bv_val),
+		    &len, 1 ) != 0 ) {
+			NSLBERI_FREE( (*bv)->bv_val );
+			(*bv)->bv_val = NULL;
+			NSLBERI_FREE( *bv );
+			*bv = NULL;
+			return( LBER_DEFAULT );
+		}
+		(*bv)->bv_len = len - 1;
+	}
+#endif /* STR_TRANSLATION */
+
+	return( tag );
+}
+
+ber_tag_t
+LDAP_CALL
+ber_get_bitstringa( BerElement *ber, char **buf, ber_len_t *blen )
+{
+	ber_len_t		datalen;
+	ber_tag_t		tag;
+	unsigned char	unusedbits;
+
+	if ( (tag = ber_skip_tag( ber, &datalen )) == LBER_DEFAULT )
+		return( LBER_DEFAULT );
+	--datalen;
+
+	if ( (datalen > (ber->ber_end - ber->ber_ptr)) ||
+	   ( (*buf = (char *)NSLBERI_MALLOC((size_t)datalen )) == NULL ) )
+		return( LBER_DEFAULT );
+
+	if ( ber_read( ber, (char *)&unusedbits, 1 ) != 1 ) {
+		NSLBERI_FREE( *buf );
+		*buf = NULL;
+		return( LBER_DEFAULT );
+	}
+
+	/*
+     * datalen is being demoted to a long here --  possible conversion error
+     */
+	if ( ber_read( ber, *buf, datalen ) != (ber_slen_t) datalen ) {
+		NSLBERI_FREE( *buf );
+		*buf = NULL;
+		return( LBER_DEFAULT );
+	}
+
+	*blen = datalen * 8 - unusedbits;
+	return( tag );
+}
+
+ber_tag_t
+LDAP_CALL
+ber_get_null( BerElement *ber )
+{
+	ber_len_t	len;
+	ber_tag_t	tag;
+
+	if ( (tag = ber_skip_tag( ber, &len )) == LBER_DEFAULT )
+		return( LBER_DEFAULT );
+
+	if ( len != 0 )
+		return( LBER_DEFAULT );
+
+	return( tag );
+}
+
+ber_tag_t
+LDAP_CALL
+ber_get_boolean( BerElement *ber, ber_int_t *boolval )
+{
+	int	rc;
+
+	rc = ber_get_int( ber, boolval );
+
+	return( rc );
+}
+
+ber_tag_t
+LDAP_CALL
+ber_first_element( BerElement *ber, ber_len_t *len, char **last )
+{
+	/* skip the sequence header, use the len to mark where to stop */
+	if ( ber_skip_tag( ber, len ) == LBER_DEFAULT ) {
+		return( LBER_ERROR );
+	}
+
+	*last = ber->ber_ptr + *len;
+
+	if ( *last == ber->ber_ptr ) {
+		return( LBER_END_OF_SEQORSET );
+	}
+
+	return( ber_peek_tag( ber, len ) );
+}
+
+ber_tag_t
+LDAP_CALL
+ber_next_element( BerElement *ber, ber_len_t *len, char *last )
+{
+	if ( ber->ber_ptr == last ) {
+		return( LBER_END_OF_SEQORSET );
+	}
+
+	return( ber_peek_tag( ber, len ) );
+}
+
+/* VARARGS */
+ber_tag_t
+LDAP_C
+ber_scanf( BerElement *ber, const char *fmt, ... )
+{
+	va_list			ap;
+	char			*last, *p;
+	char			*s, **ss, ***sss;
+	struct berval 	***bv, **bvp, *bval;
+	int				*i, j;
+	ber_int_t		*l, rc, tag;
+	ber_tag_t		*t;
+	ber_len_t		len;
+	size_t			array_size;
+	
+	va_start( ap, fmt );
+
+#ifdef LDAP_DEBUG
+	if ( lber_debug & 64 ) {
+		char msg[80];
+		sprintf( msg, "ber_scanf fmt (%s) ber:\n", fmt );
+		ber_err_print( msg );
+		ber_dump( ber, 1 );
+	}
+#endif
+	for ( rc = 0, p = (char *) fmt; *p && rc != LBER_DEFAULT; p++ ) {
+		switch ( *p ) {
+		case 'a':	/* octet string - allocate storage as needed */
+			ss = va_arg( ap, char ** );
+			rc = ber_get_stringa( ber, ss );
+			break;
+
+		case 'b':	/* boolean */
+			i = va_arg( ap, int * );
+			rc = ber_get_boolean( ber, i );
+			break;
+
+		case 'e':	/* enumerated */
+		case 'i':	/* int */
+			l = va_arg( ap, ber_slen_t * );
+			rc = ber_get_int( ber, l );
+			break;
+
+		case 'l':	/* length of next item */
+			l = va_arg( ap, ber_slen_t * );
+			rc = ber_peek_tag( ber, (ber_len_t *)l );
+			break;
+
+		case 'n':	/* null */
+			rc = ber_get_null( ber );
+			break;
+
+		case 's':	/* octet string - in a buffer */
+			s = va_arg( ap, char * );
+			l = va_arg( ap, ber_slen_t * );
+			rc = ber_get_stringb( ber, s, (ber_len_t *)l );
+			break;
+
+		case 'o':	/* octet string in a supplied berval */
+			bval = va_arg( ap, struct berval * );
+			ber_peek_tag( ber, &bval->bv_len );
+			rc = ber_get_stringa( ber, &bval->bv_val );
+			break;
+
+		case 'O':	/* octet string - allocate & include length */
+			bvp = va_arg( ap, struct berval ** );
+			rc = ber_get_stringal( ber, bvp );
+			break;
+
+		case 'B':	/* bit string - allocate storage as needed */
+			ss = va_arg( ap, char ** );
+			l = va_arg( ap, ber_slen_t * ); /* for length, in bits */
+			rc = ber_get_bitstringa( ber, ss, (ber_len_t *)l );
+			break;
+
+		case 't':	/* tag of next item */
+			t = va_arg( ap, ber_tag_t * );
+			*t = rc = ber_peek_tag( ber, &len );
+			break;
+
+		case 'T':	/* skip tag of next item */
+			t = va_arg( ap, ber_tag_t * );
+			*t = rc = ber_skip_tag( ber, &len );
+			break;
+
+		case 'v':	/* sequence of strings */
+			sss = va_arg( ap, char *** );
+			*sss = NULL;
+			j = 0;
+			array_size = 0;
+			for ( tag = ber_first_element( ber, &len, &last );
+			    tag != LBER_DEFAULT && tag != LBER_END_OF_SEQORSET
+			    && rc != LBER_DEFAULT;
+			    tag = ber_next_element( ber, &len, last ) ) {
+				if ( *sss == NULL ) {
+				    /* Make room for at least 15 strings */
+				    *sss = (char **)NSLBERI_MALLOC(16 * sizeof(char *) );
+					if (!*sss) {
+						rc = LBER_DEFAULT;
+						break; /* out of memory - cannot continue */
+                    }
+				    array_size = 16;
+				} else {
+				    char **save_sss = *sss;
+				    if ( (size_t)(j+2) > array_size) {
+						/* We'v overflowed our buffer */
+						*sss = (char **)NSLBERI_REALLOC( *sss, (array_size * 2) * sizeof(char *) );
+						array_size = array_size * 2;
+				    }
+					if (!*sss) {
+						rc = LBER_DEFAULT;
+						ber_svecfree(save_sss);
+						break; /* out of memory - cannot continue */
+					}
+				}
+				(*sss)[j] = NULL;
+				rc = ber_get_stringa( ber, &((*sss)[j]) );
+				j++;
+			}
+			if ( rc != LBER_DEFAULT &&
+			    tag != LBER_END_OF_SEQORSET ) {
+				rc = LBER_DEFAULT;
+			}
+			if ( *sss && (j > 0) ) {
+				(*sss)[j] = NULL;
+			}
+			break;
+
+		case 'V':	/* sequence of strings + lengths */
+			bv = va_arg( ap, struct berval *** );
+			*bv = NULL;
+			j = 0;
+			for ( tag = ber_first_element( ber, &len, &last );
+			    tag != LBER_DEFAULT && tag != LBER_END_OF_SEQORSET
+			    && rc != LBER_DEFAULT;
+			    tag = ber_next_element( ber, &len, last ) ) {
+				if ( *bv == NULL ) {
+					*bv = (struct berval **)NSLBERI_MALLOC(
+					    2 * sizeof(struct berval *) );
+					if (!*bv) {
+						rc = LBER_DEFAULT;
+						break; /* out of memory - cannot continue */
+					}
+				} else {
+					struct berval **save_bv = *bv;
+					*bv = (struct berval **)NSLBERI_REALLOC(
+					    *bv,
+					    (j + 2) * sizeof(struct berval *) );
+					if (!*bv) {
+						rc = LBER_DEFAULT;
+						ber_bvecfree(save_bv);
+						break; /* out of memory - cannot continue */
+					}
+				}
+				rc = ber_get_stringal( ber, &((*bv)[j]) );
+				j++;
+			}
+			if ( rc != LBER_DEFAULT &&
+			    tag != LBER_END_OF_SEQORSET ) {
+				rc = LBER_DEFAULT;
+			}
+			if ( *bv && (j > 0) ) {
+				(*bv)[j] = NULL;
+			}
+			break;
+
+		case 'x':	/* skip the next element - whatever it is */
+			if ( (rc = ber_skip_tag( ber, &len )) == LBER_DEFAULT )
+				break;
+			ber->ber_ptr += len;
+			break;
+
+		case '{':	/* begin sequence */
+		case '[':	/* begin set */
+			if ( *(p + 1) != 'v' && *(p + 1) != 'V' )
+				rc = ber_skip_tag( ber, &len );
+			break;
+
+		case '}':	/* end sequence */
+		case ']':	/* end set */
+			break;
+
+		default:
+			{
+				char msg[80];
+				sprintf( msg, "unknown fmt %c\n", *p );
+				ber_err_print( msg );
+			}
+			rc = LBER_DEFAULT;
+			break;
+		}
+	}
+
+	va_end( ap );
+
+	if (rc == LBER_DEFAULT) {
+	  va_start( ap, fmt );
+	  for ( p--; fmt < p && *fmt; fmt++ ) {
+		switch ( *fmt ) {
+		case 'a':	/* octet string - allocate storage as needed */
+			ss = va_arg( ap, char ** );
+			NSLBERI_FREE(*ss);
+			*ss = NULL;
+			break;
+
+		case 'b':	/* boolean */
+			i = va_arg( ap, int * );
+			break;
+
+		case 'e':	/* enumerated */
+		case 'i':	/* int */
+			l = va_arg( ap, ber_slen_t * );
+			break;
+
+		case 'l':	/* length of next item */
+			l = va_arg( ap, ber_slen_t * );
+			break;
+
+		case 'n':	/* null */
+			break;
+
+		case 's':	/* octet string - in a buffer */
+			s = va_arg( ap, char * );
+			l = va_arg( ap, ber_slen_t * );
+			break;
+
+		case 'o':	/* octet string in a supplied berval */
+			bval = va_arg( ap, struct berval * );
+			if (bval->bv_val) NSLBERI_FREE(bval->bv_val);
+			memset(bval, 0, sizeof(struct berval));
+			break;
+
+		case 'O':	/* octet string - allocate & include length */
+			bvp = va_arg( ap, struct berval ** );
+			ber_bvfree(*bvp);
+			bvp = NULL;
+			break;
+
+		case 'B':	/* bit string - allocate storage as needed */
+			ss = va_arg( ap, char ** );
+			l = va_arg( ap, ber_slen_t * ); /* for length, in bits */
+			if (*ss) NSLBERI_FREE(*ss);
+			*ss = NULL;
+			break;
+
+		case 't':	/* tag of next item */
+			t = va_arg( ap, ber_tag_t * );
+			break;
+
+		case 'T':	/* skip tag of next item */
+			t = va_arg( ap, ber_tag_t * );
+			break;
+
+		case 'v':	/* sequence of strings */
+			sss = va_arg( ap, char *** );
+			ber_svecfree(*sss);
+			*sss = NULL;
+			break;
+
+		case 'V':	/* sequence of strings + lengths */
+			bv = va_arg( ap, struct berval *** );
+			ber_bvecfree(*bv);
+			*bv = NULL;
+			break;
+
+		case 'x':	/* skip the next element - whatever it is */
+			break;
+
+		case '{':	/* begin sequence */
+		case '[':	/* begin set */
+			break;
+
+		case '}':	/* end sequence */
+		case ']':	/* end set */
+			break;
+
+		default:
+			break;
+		}
+	  } /* for */
+	  va_end( ap );
+	} /* if */
+
+	return( rc );
+}
+
+void
+LDAP_CALL
+ber_bvfree( struct berval *bv )
+{
+	if ( bv != NULL ) {
+		if ( bv->bv_val != NULL ) {
+			NSLBERI_FREE( bv->bv_val );
+		}
+		NSLBERI_FREE( (char *) bv );
+	}
+}
+
+void
+LDAP_CALL
+ber_bvecfree( struct berval **bv )
+{
+	int	i;
+
+	if ( bv != NULL ) {
+		for ( i = 0; bv[i] != NULL; i++ ) {
+			ber_bvfree( bv[i] );
+		}
+		NSLBERI_FREE( (char *) bv );
+	}
+}
+
+struct berval *
+LDAP_CALL
+ber_bvdup( const struct berval *bv )
+{
+	struct berval	*new;
+
+	if ( (new = (struct berval *)NSLBERI_MALLOC( sizeof(struct berval) ))
+	    == NULL ) {
+		return( NULL );
+	}
+	if ( bv->bv_val == NULL ) {
+	    new->bv_val = NULL;
+	    new->bv_len = 0;
+	} else {
+	    if ( (new->bv_val = (char *)NSLBERI_MALLOC( bv->bv_len + 1 ))
+		== NULL ) {
+			NSLBERI_FREE( new );
+			new = NULL;
+		    return( NULL );
+	    }
+	    SAFEMEMCPY( new->bv_val, bv->bv_val, (size_t) bv->bv_len );
+	    new->bv_val[bv->bv_len] = '\0';
+	    new->bv_len = bv->bv_len;
+	}
+
+	return( new );
+}
+
+void
+LDAP_CALL
+ber_svecfree( char **vals )
+{
+        int     i;
+
+        if ( vals == NULL )
+                return;
+        for ( i = 0; vals[i] != NULL; i++ )
+                NSLBERI_FREE( vals[i] );
+        NSLBERI_FREE( (char *) vals );
+}
+
+#ifdef STR_TRANSLATION
+void
+LDAP_CALL
+ber_set_string_translators(
+    BerElement		*ber,
+    BERTranslateProc	encode_proc,
+    BERTranslateProc	decode_proc
+)
+{
+    ber->ber_encode_translate_proc = encode_proc;
+    ber->ber_decode_translate_proc = decode_proc;
+}
+#endif /* STR_TRANSLATION */
diff --git a/ldap/c-sdk/liblber/dtest.c b/ldap/c-sdk/liblber/dtest.c
new file mode 100644
index 000000000..71f13d45a
--- /dev/null
+++ b/ldap/c-sdk/liblber/dtest.c
@@ -0,0 +1,113 @@
+/* ***** BEGIN LICENSE BLOCK *****
+ * Version: MPL 1.1/GPL 2.0/LGPL 2.1
+ * 
+ * The contents of this file are subject to the Mozilla Public License Version 
+ * 1.1 (the "License"); you may not use this file except in compliance with 
+ * the License. You may obtain a copy of the License at 
+ * http://www.mozilla.org/MPL/
+ * 
+ * Software distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+ * for the specific language governing rights and limitations under the
+ * License.
+ * 
+ * The Original Code is Mozilla Communicator client code, released
+ * March 31, 1998.
+ * 
+ * The Initial Developer of the Original Code is
+ * Netscape Communications Corporation.
+ * Portions created by the Initial Developer are Copyright (C) 1998-1999
+ * the Initial Developer. All Rights Reserved.
+ * 
+ * Contributor(s):
+ * 
+ * Alternatively, the contents of this file may be used under the terms of
+ * either of the GNU General Public License Version 2 or later (the "GPL"),
+ * or the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+ * in which case the provisions of the GPL or the LGPL are applicable instead
+ * of those above. If you wish to allow use of your version of this file only
+ * under the terms of either the GPL or the LGPL, and not to allow others to
+ * use your version of this file under the terms of the MPL, indicate your
+ * decision by deleting the provisions above and replace them with the notice
+ * and other provisions required by the GPL or the LGPL. If you do not delete
+ * the provisions above, a recipient may use your version of this file under
+ * the terms of any one of the MPL, the GPL or the LGPL.
+ * 
+ * ***** END LICENSE BLOCK ***** */
+
+/*
+ * Copyright (c) 1990 Regents of the University of Michigan.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms are permitted
+ * provided that this notice is preserved and that due credit is given
+ * to the University of Michigan at Ann Arbor. The name of the University
+ * may not be used to endorse or promote products derived from this
+ * software without specific prior written permission. This software
+ * is provided ``as is'' without express or implied warranty.
+ */
+/* dtest.c - lber decoding test program */
+
+#include <stdio.h>
+#include <string.h>
+#ifdef MACOS
+#include <stdlib.h>
+#include <console.h>
+#else /* MACOS */
+#ifdef _WIN32
+#include <windows.h>
+#else
+#include <sys/types.h>
+#include <sys/socket.h>
+#endif /* _WIN32 */
+#endif /* MACOS */
+#include "lber.h"
+
+int
+SSL_Recv( int s, char *b, unsigned l, int dummy )
+{
+	return( read( s, b, l ) );
+}
+
+SSL_Send( int s, char *b, unsigned l, int dummy )
+{
+	return( write( s, b, l ) );
+}
+
+static void usage( char *name )
+{
+	fprintf( stderr, "usage: %s < berfile\n", name );
+}
+
+main( int argc, char **argv )
+{
+	long		i, fd;
+	ber_len_t	len;
+	ber_tag_t	tag;
+	BerElement	*ber;
+	Sockbuf		*sb;
+	extern int	lber_debug;
+
+	lber_debug = 255;
+	if ( argc > 1 ) {
+		usage( argv[0] );
+		exit( 1 );
+	}
+
+	sb = ber_sockbuf_alloc();
+	fd = 0;
+	ber_sockbuf_set_option( sb, LBER_SOCKBUF_OPT_DESC, &fd );
+
+	if ( (ber = der_alloc()) == NULL ) {
+		perror( "ber_alloc" );
+		exit( 1 );
+	}
+
+	if ( (tag = ber_get_next( sb, &len, ber )) == LBER_ERROR ) {
+		perror( "ber_get_next" );
+		exit( 1 );
+	}
+	printf( "message has tag 0x%x and length %ld\n", tag, len );
+
+	return( 0 );
+}
diff --git a/ldap/c-sdk/liblber/encode.c b/ldap/c-sdk/liblber/encode.c
new file mode 100644
index 000000000..1c47b12a0
--- /dev/null
+++ b/ldap/c-sdk/liblber/encode.c
@@ -0,0 +1,699 @@
+/* ***** BEGIN LICENSE BLOCK *****
+ * Version: MPL 1.1/GPL 2.0/LGPL 2.1
+ * 
+ * The contents of this file are subject to the Mozilla Public License Version 
+ * 1.1 (the "License"); you may not use this file except in compliance with 
+ * the License. You may obtain a copy of the License at 
+ * http://www.mozilla.org/MPL/
+ * 
+ * Software distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+ * for the specific language governing rights and limitations under the
+ * License.
+ * 
+ * The Original Code is Mozilla Communicator client code, released
+ * March 31, 1998.
+ * 
+ * The Initial Developer of the Original Code is
+ * Netscape Communications Corporation.
+ * Portions created by the Initial Developer are Copyright (C) 1998-1999
+ * the Initial Developer. All Rights Reserved.
+ * 
+ * Contributor(s):
+ * 
+ * Alternatively, the contents of this file may be used under the terms of
+ * either of the GNU General Public License Version 2 or later (the "GPL"),
+ * or the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+ * in which case the provisions of the GPL or the LGPL are applicable instead
+ * of those above. If you wish to allow use of your version of this file only
+ * under the terms of either the GPL or the LGPL, and not to allow others to
+ * use your version of this file under the terms of the MPL, indicate your
+ * decision by deleting the provisions above and replace them with the notice
+ * and other provisions required by the GPL or the LGPL. If you do not delete
+ * the provisions above, a recipient may use your version of this file under
+ * the terms of any one of the MPL, the GPL or the LGPL.
+ * 
+ * ***** END LICENSE BLOCK ***** */
+
+/*
+ * Copyright (c) 1990 Regents of the University of Michigan.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms are permitted
+ * provided that this notice is preserved and that due credit is given
+ * to the University of Michigan at Ann Arbor. The name of the University
+ * may not be used to endorse or promote products derived from this
+ * software without specific prior written permission. This software
+ * is provided ``as is'' without express or implied warranty.
+ */
+
+/* encode.c - ber output encoding routines */
+
+#include "lber-int.h"
+
+static int
+ber_calc_taglen( ber_tag_t tag )
+{
+	int			i;
+	ber_int_t	mask;
+
+	/* find the first non-all-zero byte in the tag */
+	for ( i = sizeof(ber_int_t) - 1; i > 0; i-- ) {
+		mask = (0xff << (i * 8));
+		/* not all zero */
+		if ( tag & mask )
+			break;
+	}
+
+	return( i + 1 );
+}
+
+static int
+ber_put_tag( BerElement	*ber, ber_tag_t tag, int nosos )
+{
+	int			taglen;
+	ber_tag_t	ntag;
+
+	taglen = ber_calc_taglen( tag );
+
+	ntag = LBER_HTONL( tag );
+
+	return( ber_write( ber, ((char *) &ntag) + sizeof(ber_int_t) - taglen,
+	    taglen, nosos ) );
+}
+
+static int
+ber_calc_lenlen( ber_len_t len )
+{
+	/*
+	 * short len if it's less than 128 - one byte giving the len,
+	 * with bit 8 0.
+	 */
+
+	if ( len <= 0x7F )
+		return( 1 );
+
+	/*
+	 * long len otherwise - one byte with bit 8 set, giving the
+	 * length of the length, followed by the length itself.
+	 */
+
+	if ( len <= 0xFF )
+		return( 2 );
+	if ( len <= 0xFFFF )
+		return( 3 );
+	if ( len <= 0xFFFFFF )
+		return( 4 );
+
+	return( 5 );
+}
+
+static int
+ber_put_len( BerElement *ber, ber_len_t len, int nosos )
+{
+	int			i;
+	char		lenlen;
+	ber_int_t	mask;
+	ber_len_t	netlen;
+
+	/*
+	 * short len if it's less than 128 - one byte giving the len,
+	 * with bit 8 0.
+	 */
+
+	if ( len <= 127 ) {
+		netlen = LBER_HTONL( len );
+		return( ber_write( ber, (char *) &netlen + sizeof(ber_int_t) - 1,
+		    1, nosos ) );
+	}
+
+	/*
+	 * long len otherwise - one byte with bit 8 set, giving the
+	 * length of the length, followed by the length itself.
+	 */
+
+	/* find the first non-all-zero byte */
+	for ( i = sizeof(ber_int_t) - 1; i > 0; i-- ) {
+		mask = (0xff << (i * 8));
+		/* not all zero */
+		if ( len & mask )
+			break;
+	}
+	lenlen = ++i;
+	if ( lenlen > 4 )
+		return( -1 );
+	lenlen |= 0x80;
+
+	/* write the length of the length */
+	if ( ber_write( ber, &lenlen, 1, nosos ) != 1 )
+		return( -1 );
+
+	/* write the length itself */
+	netlen = LBER_HTONL( len );
+	if ( ber_write( ber, (char *) &netlen + (sizeof(ber_int_t) - i), i, nosos )
+	    != i )
+		return( -1 );
+
+	return( i + 1 );
+}
+
+static int
+ber_put_int_or_enum( BerElement *ber, ber_int_t num, ber_tag_t tag )
+{
+	int			i, sign, taglen;
+	int			len, lenlen;
+	ber_int_t	netnum, mask;
+
+	sign = (num < 0);
+
+	/*
+	 * high bit is set - look for first non-all-one byte
+	 * high bit is clear - look for first non-all-zero byte
+	 */
+	for ( i = sizeof(ber_int_t) - 1; i > 0; i-- ) {
+		mask = (0xff << (i * 8));
+
+		if ( sign ) {
+			/* not all ones */
+			if ( (num & mask) != mask )
+				break;
+		} else {
+			/* not all zero */
+			if ( num & mask )
+				break;
+		}
+	}
+
+	/*
+	 * we now have the "leading byte".  if the high bit on this
+	 * byte matches the sign bit, we need to "back up" a byte.
+	 */
+	mask = (num & (0x80 << (i * 8)));
+	if ( (mask && !sign) || (sign && !mask) )
+		i++;
+
+	len = i + 1;
+
+	if ( (taglen = ber_put_tag( ber, tag, 0 )) == -1 )
+		return( -1 );
+
+	if ( (lenlen = ber_put_len( ber, len, 0 )) == -1 )
+		return( -1 );
+	i++;
+	netnum = LBER_HTONL( num );
+	if ( ber_write( ber, (char *) &netnum + (sizeof(ber_int_t) - i), i, 0 ) 
+		== i) 
+		/* length of tag + length + contents */
+		return( taglen + lenlen + i );
+
+	return( -1 );
+}
+
+int
+LDAP_CALL
+ber_put_enum( BerElement *ber, ber_int_t num, ber_tag_t tag )
+{
+	if ( tag == LBER_DEFAULT )
+		tag = LBER_ENUMERATED;
+
+	return( ber_put_int_or_enum( ber, num, tag ) );
+}
+
+int
+LDAP_CALL
+ber_put_int( BerElement *ber, ber_int_t num, ber_tag_t tag )
+{
+	if ( tag == LBER_DEFAULT )
+		tag = LBER_INTEGER;
+
+	return( ber_put_int_or_enum( ber, num, tag ) );
+}
+
+int
+LDAP_CALL
+ber_put_ostring( BerElement *ber, char *str, ber_len_t len,
+	ber_tag_t tag )
+{
+	int	taglen, lenlen, rc;
+#ifdef STR_TRANSLATION
+	int	free_str;
+#endif /* STR_TRANSLATION */
+
+	if ( tag == LBER_DEFAULT )
+		tag = LBER_OCTETSTRING;
+
+	if ( (taglen = ber_put_tag( ber, tag, 0 )) == -1 )
+		return( -1 );
+
+#ifdef STR_TRANSLATION
+	if ( len > 0 && ( ber->ber_options & LBER_OPT_TRANSLATE_STRINGS ) != 0
+	    && ber->ber_encode_translate_proc != NULL ) {
+		if ( (*(ber->ber_encode_translate_proc))( &str, &len, 0 )
+		    != 0 ) {
+			return( -1 );
+		}
+		free_str = 1;
+	} else {
+		free_str = 0;
+	}
+#endif /* STR_TRANSLATION */
+
+    /*  
+     *  Note:  below is a spot where we limit ber_write 
+     *         to signed long (instead of unsigned long)
+     */
+
+	if ( (lenlen = ber_put_len( ber, len, 0 )) == -1 ||
+		ber_write( ber, str, len, 0 ) != (ber_int_t) len ) {
+		rc = -1;
+	} else {
+		/* return length of tag + length + contents */
+		rc = taglen + lenlen + len;
+	}
+
+#ifdef STR_TRANSLATION
+	if ( free_str ) {
+		NSLBERI_FREE( str );
+	}
+#endif /* STR_TRANSLATION */
+
+	return( rc );
+}
+
+int
+LDAP_CALL
+ber_put_string( BerElement *ber, char *str, ber_tag_t tag )
+{
+	return( ber_put_ostring( ber, str, (ber_len_t) strlen( str ), tag ));
+}
+
+int
+LDAP_CALL
+ber_put_bitstring( BerElement *ber, char *str,
+	ber_len_t blen /* in bits */, ber_tag_t tag )
+{
+	int		taglen, lenlen, len;
+	unsigned char	unusedbits;
+
+	if ( tag == LBER_DEFAULT )
+		tag = LBER_BITSTRING;
+
+	if ( (taglen = ber_put_tag( ber, tag, 0 )) == -1 )
+		return( -1 );
+
+	len = ( blen + 7 ) / 8;
+	unusedbits = (unsigned char) (len * 8 - blen);
+	if ( (lenlen = ber_put_len( ber, len + 1, 0 )) == -1 )
+		return( -1 );
+
+	if ( ber_write( ber, (char *)&unusedbits, 1, 0 ) != 1 )
+		return( -1 );
+
+	if ( ber_write( ber, str, len, 0 ) != len )
+		return( -1 );
+
+	/* return length of tag + length + unused bit count + contents */
+	return( taglen + 1 + lenlen + len );
+}
+
+int
+LDAP_CALL
+ber_put_null( BerElement *ber, ber_tag_t tag )
+{
+	int	taglen;
+
+	if ( tag == LBER_DEFAULT )
+		tag = LBER_NULL;
+
+	if ( (taglen = ber_put_tag( ber, tag, 0 )) == -1 )
+		return( -1 );
+
+	if ( ber_put_len( ber, 0, 0 ) != 1 )
+		return( -1 );
+
+	return( taglen + 1 );
+}
+
+int
+LDAP_CALL
+ber_put_boolean( BerElement *ber, ber_int_t boolval, ber_tag_t tag )
+{
+	int		taglen;
+	unsigned char	trueval = 0xff;
+	unsigned char	falseval = 0x00;
+
+	if ( tag == LBER_DEFAULT )
+		tag = LBER_BOOLEAN;
+
+	if ( (taglen = ber_put_tag( ber, tag, 0 )) == -1 )
+		return( -1 );
+
+	if ( ber_put_len( ber, 1, 0 ) != 1 )
+		return( -1 );
+
+	if ( ber_write( ber, (char *)(boolval ? &trueval : &falseval), 1, 0 )
+	    != 1 )
+		return( -1 );
+
+	return( taglen + 2 );
+}
+
+#define FOUR_BYTE_LEN	5
+
+
+/* the idea here is roughly this: we maintain a stack of these Seqorset
+ * structures. This is pushed when we see the beginning of a new set or
+ * sequence. It is popped when we see the end of a set or sequence.
+ * Since we don't want to malloc and free these structures all the time,
+ * we pre-allocate a small set of them within the ber element structure.
+ * thus we need to spot when we've overflowed this stack and fall back to
+ * malloc'ing instead.
+ */
+static int
+ber_start_seqorset( BerElement *ber, ber_tag_t tag )
+{
+	Seqorset	*new_sos;
+
+	/* can we fit into the local stack ? */
+	if (ber->ber_sos_stack_posn < SOS_STACK_SIZE) {
+		/* yes */
+		new_sos = &ber->ber_sos_stack[ber->ber_sos_stack_posn];
+	} else {
+		/* no */
+		if ( (new_sos = (Seqorset *)NSLBERI_MALLOC( sizeof(Seqorset)))
+		    == NULLSEQORSET ) {
+			return( -1 );
+		}
+	}
+	ber->ber_sos_stack_posn++;
+
+	if ( ber->ber_sos == NULLSEQORSET )
+		new_sos->sos_first = ber->ber_ptr;
+	else
+		new_sos->sos_first = ber->ber_sos->sos_ptr;
+
+	/* Set aside room for a 4 byte length field */
+	new_sos->sos_ptr = new_sos->sos_first + ber_calc_taglen( tag ) + FOUR_BYTE_LEN;
+	new_sos->sos_tag = tag;
+
+	new_sos->sos_next = ber->ber_sos;
+	new_sos->sos_clen = 0;
+
+	ber->ber_sos = new_sos;
+    if (ber->ber_sos->sos_ptr > ber->ber_end) {
+        nslberi_ber_realloc(ber, ber->ber_sos->sos_ptr - ber->ber_end);
+    }
+	return( 0 );
+}
+
+int
+LDAP_CALL
+ber_start_seq( BerElement *ber, ber_tag_t tag )
+{
+	if ( tag == LBER_DEFAULT )
+		tag = LBER_SEQUENCE;
+
+	return( ber_start_seqorset( ber, tag ) );
+}
+
+int
+LDAP_CALL
+ber_start_set( BerElement *ber, ber_tag_t tag )
+{
+	if ( tag == LBER_DEFAULT )
+		tag = LBER_SET;
+
+	return( ber_start_seqorset( ber, tag ) );
+}
+
+static int
+ber_put_seqorset( BerElement *ber )
+{
+	ber_len_t		len, netlen;
+	int				taglen, lenlen;
+	unsigned char	ltag = 0x80 + FOUR_BYTE_LEN - 1;
+	Seqorset		*next;
+	Seqorset		**sos = &ber->ber_sos;
+
+	if ( *sos == NULL ) {
+        /* No sequence or set to put... fatal error. */
+        return( -1 );
+	}
+
+    /*
+	 * If this is the toplevel sequence or set, we need to actually
+	 * write the stuff out.  Otherwise, it's already been put in
+	 * the appropriate buffer and will be written when the toplevel
+	 * one is written.  In this case all we need to do is update the
+	 * length and tag.
+	 */
+
+	len = (*sos)->sos_clen;
+	netlen = LBER_HTONL( len );
+	if ( sizeof(ber_int_t) > 4 && len > 0xFFFFFFFF )
+		return( -1 );
+
+	if ( ber->ber_options & LBER_OPT_USE_DER ) {
+		lenlen = ber_calc_lenlen( len );
+	} else {
+		lenlen = FOUR_BYTE_LEN;
+	}
+
+	if ( (next = (*sos)->sos_next) == NULLSEQORSET ) {
+		/* write the tag */
+		if ( (taglen = ber_put_tag( ber, (*sos)->sos_tag, 1 )) == -1 )
+			return( -1 );
+
+		if ( ber->ber_options & LBER_OPT_USE_DER ) {
+			/* Write the length in the minimum # of octets */
+			if ( ber_put_len( ber, len, 1 ) == -1 )
+				return( -1 );
+
+			if (lenlen != FOUR_BYTE_LEN) {
+				/*
+				 * We set aside FOUR_BYTE_LEN bytes for
+				 * the length field.  Move the data if
+				 * we don't actually need that much
+				 */
+				SAFEMEMCPY( (*sos)->sos_first + taglen +
+				    lenlen, (*sos)->sos_first + taglen +
+				    FOUR_BYTE_LEN, len );
+			}
+		} else {
+			/* Fill FOUR_BYTE_LEN bytes for length field */
+			/* one byte of length length */
+			if ( ber_write( ber, (char *)&ltag, 1, 1 ) != 1 )
+				return( -1 );
+
+			/* the length itself */
+			if ( ber_write( ber, (char *) &netlen + sizeof(ber_int_t)
+			    - (FOUR_BYTE_LEN - 1), FOUR_BYTE_LEN - 1, 1 )
+			    != FOUR_BYTE_LEN - 1 )
+				return( -1 );
+		}
+		/* The ber_ptr is at the set/seq start - move it to the end */
+		ber->ber_ptr += len;
+	} else {
+		ber_tag_t	ntag;
+
+		/* the tag */
+		taglen = ber_calc_taglen( (*sos)->sos_tag );
+		ntag = LBER_HTONL( (*sos)->sos_tag );
+		SAFEMEMCPY( (*sos)->sos_first, (char *) &ntag +
+		    sizeof(ber_int_t) - taglen, taglen );
+
+		if ( ber->ber_options & LBER_OPT_USE_DER ) {
+			ltag = (lenlen == 1) ? (unsigned char)len :  
+                (unsigned char) (0x80 + (lenlen - 1));
+		}
+
+		/* one byte of length length */
+		SAFEMEMCPY( (*sos)->sos_first + 1, &ltag, 1 );
+
+		if ( ber->ber_options & LBER_OPT_USE_DER ) {
+			if (lenlen > 1) {
+				/* Write the length itself */
+				SAFEMEMCPY( (*sos)->sos_first + 2,
+				    (char *)&netlen + sizeof(ber_uint_t) -
+				    (lenlen - 1),
+				    lenlen - 1 );
+			}
+			if (lenlen != FOUR_BYTE_LEN) {
+				/*
+				 * We set aside FOUR_BYTE_LEN bytes for
+				 * the length field.  Move the data if
+				 * we don't actually need that much
+				 */
+				SAFEMEMCPY( (*sos)->sos_first + taglen +
+				    lenlen, (*sos)->sos_first + taglen +
+				    FOUR_BYTE_LEN, len );
+			}
+		} else {
+			/* the length itself */
+			SAFEMEMCPY( (*sos)->sos_first + taglen + 1,
+			    (char *) &netlen + sizeof(ber_int_t) -
+			    (FOUR_BYTE_LEN - 1), FOUR_BYTE_LEN - 1 );
+		}
+
+		next->sos_clen += (taglen + lenlen + len);
+		next->sos_ptr += (taglen + lenlen + len);
+	}
+
+	/* we're done with this seqorset, so free it up */
+	/* was this one from the local stack ? */
+	if (ber->ber_sos_stack_posn <= SOS_STACK_SIZE) {
+		/* yes */
+	} else {
+		/* no */
+		NSLBERI_FREE( (char *) (*sos) );
+	}
+	ber->ber_sos_stack_posn--;
+	*sos = next;
+
+	return( taglen + lenlen + len );
+}
+
+int
+LDAP_CALL
+ber_put_seq( BerElement *ber )
+{
+	return( ber_put_seqorset( ber ) );
+}
+
+int
+LDAP_CALL
+ber_put_set( BerElement *ber )
+{
+	return( ber_put_seqorset( ber ) );
+}
+
+/* VARARGS */
+int
+LDAP_C
+ber_printf( BerElement *ber, const char *fmt, ... )
+{
+	va_list			ap;
+	char			*s, **ss;
+	struct berval	*bval, **bv;
+	int				rc, i;
+	ber_len_t		len;
+
+	va_start( ap, fmt );
+
+#ifdef LDAP_DEBUG
+	if ( lber_debug & 64 ) {
+		char msg[80];
+		sprintf( msg, "ber_printf fmt (%s)\n", fmt );
+		ber_err_print( msg );
+	}
+#endif
+
+	for ( rc = 0; *fmt && rc != -1; fmt++ ) {
+		switch ( *fmt ) {
+		case 'b':	/* boolean */
+			i = va_arg( ap, int );
+			rc = ber_put_boolean( ber, i, ber->ber_tag );
+			break;
+
+		case 'i':	/* int */
+			i = va_arg( ap, int );
+			rc = ber_put_int( ber, (ber_int_t)i, ber->ber_tag );
+			break;
+
+		case 'e':	/* enumeration */
+			i = va_arg( ap, int );
+			rc = ber_put_enum( ber, (ber_int_t)i, ber->ber_tag );
+			break;
+
+		case 'n':	/* null */
+			rc = ber_put_null( ber, ber->ber_tag );
+			break;
+
+		case 'o':	/* octet string (non-null terminated) */
+			s = va_arg( ap, char * );
+			len = va_arg( ap, int );
+			rc = ber_put_ostring( ber, s, len, ber->ber_tag );
+			break;
+
+		case 'O':	/* berval octet string */
+			if( ( bval = va_arg( ap, struct berval * ) ) == NULL )
+				break;
+			if( bval->bv_len == 0 ) {
+				rc = ber_put_ostring( ber, "", 0, ber->ber_tag );
+			} else {
+				rc = ber_put_ostring( ber, bval->bv_val, bval->bv_len,
+					ber->ber_tag );
+			}
+ 			break;
+
+		case 's':	/* string */
+			s = va_arg( ap, char * );
+			rc = ber_put_string( ber, s, ber->ber_tag );
+			break;
+
+		case 'B':	/* bit string */
+			s = va_arg( ap, char * );
+			len = va_arg( ap, int );	/* in bits */
+			rc = ber_put_bitstring( ber, s, len, ber->ber_tag );
+			break;
+
+		case 't':	/* tag for the next element */
+			ber->ber_tag = va_arg( ap, ber_tag_t );
+			ber->ber_usertag = 1;
+			break;
+
+		case 'v':	/* vector of strings */
+			if ( (ss = va_arg( ap, char ** )) == NULL )
+				break;
+			for ( i = 0; ss[i] != NULL; i++ ) {
+				if ( (rc = ber_put_string( ber, ss[i],
+				    ber->ber_tag )) == -1 )
+					break;
+			}
+			break;
+
+		case 'V':	/* sequences of strings + lengths */
+			if ( (bv = va_arg( ap, struct berval ** )) == NULL )
+				break;
+			for ( i = 0; bv[i] != NULL; i++ ) {
+				if ( (rc = ber_put_ostring( ber, bv[i]->bv_val,
+				    bv[i]->bv_len, ber->ber_tag )) == -1 )
+					break;
+			}
+			break;
+
+		case '{':	/* begin sequence */
+			rc = ber_start_seq( ber, ber->ber_tag );
+			break;
+
+		case '}':	/* end sequence */
+			rc = ber_put_seqorset( ber );
+			break;
+
+		case '[':	/* begin set */
+			rc = ber_start_set( ber, ber->ber_tag );
+			break;
+
+		case ']':	/* end set */
+			rc = ber_put_seqorset( ber );
+			break;
+
+		default: {
+				char msg[80];
+				sprintf( msg, "unknown fmt %c\n", *fmt );
+				ber_err_print( msg );
+				rc = -1;
+				break;
+			}
+		}
+
+		if ( ber->ber_usertag == 0 )
+			ber->ber_tag = LBER_DEFAULT;
+		else
+			ber->ber_usertag = 0;
+	}
+
+	va_end( ap );
+
+	return( rc );
+}
diff --git a/ldap/c-sdk/liblber/etest.c b/ldap/c-sdk/liblber/etest.c
new file mode 100644
index 000000000..f2bab358f
--- /dev/null
+++ b/ldap/c-sdk/liblber/etest.c
@@ -0,0 +1,193 @@
+/* ***** BEGIN LICENSE BLOCK *****
+ * Version: MPL 1.1/GPL 2.0/LGPL 2.1
+ * 
+ * The contents of this file are subject to the Mozilla Public License Version 
+ * 1.1 (the "License"); you may not use this file except in compliance with 
+ * the License. You may obtain a copy of the License at 
+ * http://www.mozilla.org/MPL/
+ * 
+ * Software distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+ * for the specific language governing rights and limitations under the
+ * License.
+ * 
+ * The Original Code is Mozilla Communicator client code, released
+ * March 31, 1998.
+ * 
+ * The Initial Developer of the Original Code is
+ * Netscape Communications Corporation.
+ * Portions created by the Initial Developer are Copyright (C) 1998-1999
+ * the Initial Developer. All Rights Reserved.
+ * 
+ * Contributor(s):
+ * 
+ * Alternatively, the contents of this file may be used under the terms of
+ * either of the GNU General Public License Version 2 or later (the "GPL"),
+ * or the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+ * in which case the provisions of the GPL or the LGPL are applicable instead
+ * of those above. If you wish to allow use of your version of this file only
+ * under the terms of either the GPL or the LGPL, and not to allow others to
+ * use your version of this file under the terms of the MPL, indicate your
+ * decision by deleting the provisions above and replace them with the notice
+ * and other provisions required by the GPL or the LGPL. If you do not delete
+ * the provisions above, a recipient may use your version of this file under
+ * the terms of any one of the MPL, the GPL or the LGPL.
+ * 
+ * ***** END LICENSE BLOCK ***** */
+
+/*
+ * Copyright (c) 1990 Regents of the University of Michigan.
+ * All rights reserved.
+ * Redistribution and use in source and binary forms are permitted
+ * provided that this notice is preserved and that due credit is given
+ * to the University of Michigan at Ann Arbor. The name of the University
+ * may not be used to endorse or promote products derived from this
+ * software without specific prior written permission. This software
+ * is provided ``as is'' without express or implied warranty.
+ */
+
+/* test.c - lber encoding test program */
+
+#include <stdio.h>
+#include <string.h>
+#ifdef MACOS
+#include <stdlib.h>
+#include <unix.h>
+#include <fcntl.h>
+#include <console.h>
+#else /* MACOS */
+#include <sys/types.h>
+#ifdef _WIN32
+#include <windows.h>
+#else
+#include <sys/socket.h>
+#endif /* _WIN32 */
+#endif /* MACOS */
+#include "lber.h"
+
+int
+SSL_Recv( int s, char *b, unsigned l, int dummy )
+{
+	return( read( s, b, l ) );
+}
+
+SSL_Send( int s, char *b, unsigned l, int dummy )
+{
+	return( write( s, b, l ) );
+}
+
+int
+getline( char *prompt, char c, char *buf, int bsize )
+{
+	char	*p;
+
+	if ( prompt != NULL ) {
+		fprintf( stderr, "%s: ", prompt );
+	} else {
+		fprintf( stderr, "enter value for '%c': ", c );
+	}
+	if ( fgets( buf, bsize, stdin ) == NULL ) {
+		return( -1 );
+	}
+	if ( (p = strchr( buf, '\n' )) != NULL ) {
+		*p = '\0';
+	}
+
+	return( 0 );
+}
+
+
+static void usage( char *name )
+{
+	fprintf( stderr, "usage: %s fmtstring\n", name );
+}
+
+main( int argc, char **argv )
+{
+	int		rc, fd;
+	char		*s, *p;
+	void		*arg1, *arg2;
+	Sockbuf		*sb;
+	BerElement	*ber;
+	char		fmt[2];
+	char		buf[BUFSIZ];
+	extern int	lber_debug;
+
+	lber_debug = 255;
+	if ( argc < 2 ) {
+		usage( argv[0] );
+		exit( 1 );
+	}
+
+	sb = ber_sockbuf_alloc();
+	fd = 1;
+	ber_sockbuf_set_option( sb, LBER_SOCKBUF_OPT_DESC, &fd );
+
+	if ( (ber = der_alloc()) == NULL ) {
+		perror( "ber_alloc" );
+		exit( 1 );
+	}
+
+	rc = 0;
+	fmt[1] = '\0';
+	for ( s = argv[1]; *s; s++ ) {
+		switch ( *s ) {
+		case 'i':	/* int */
+		case 'b':	/* boolean */
+		case 'e':	/* enumeration */
+			getline( NULL, *s, buf, sizeof(buf) );
+			arg1 = (void *) atoi( buf );
+			break;
+
+		case 'n':	/* null */
+			arg1 = NULL;
+			break;
+
+		case 'o':	/* octet string (non-null terminated) */
+			getline( NULL, *s, buf, sizeof(buf) );
+			arg1 = (void *) buf;
+			arg2 = (void *) strlen( buf );
+			break;
+
+		case 's':	/* string */
+			getline( NULL, *s, buf, sizeof(buf) );
+			arg1 = (void *) buf;
+			break;
+
+		case 'B':	/* bit string */
+			getline( NULL, *s, buf, sizeof(buf) );
+			arg1 = (void *) buf;
+			arg2 = (void *) strlen( buf );
+			break;
+
+		case 't':	/* tag for the next element */
+			getline( NULL, *s, buf, sizeof(buf) );
+			arg1 = (void *) buf;
+			break;
+
+		case '{':	/* begin sequence */
+		case '}':	/* end sequence */
+		case '[':	/* begin set */
+		case ']':	/* end set */
+			break;
+
+		default:
+			fprintf( stderr, "unknown fmt %c\n", *s );
+			rc = -1;
+			break;
+		}
+
+		fmt[0] = *s;
+		if ( ber_printf( ber, fmt, arg1, arg2 ) == -1 ) {
+			fprintf( stderr, "ber_printf\n" );
+			exit( 1 );
+		}
+	}
+
+	if ( ber_flush( sb, ber, 1 ) != 0 ) {
+		perror( "ber_flush" );
+		rc = -1;
+	}
+
+	return( rc );
+}
diff --git a/ldap/c-sdk/liblber/idtest.c b/ldap/c-sdk/liblber/idtest.c
new file mode 100644
index 000000000..e6f8fa4ae
--- /dev/null
+++ b/ldap/c-sdk/liblber/idtest.c
@@ -0,0 +1,100 @@
+/* ***** BEGIN LICENSE BLOCK *****
+ * Version: MPL 1.1/GPL 2.0/LGPL 2.1
+ * 
+ * The contents of this file are subject to the Mozilla Public License Version 
+ * 1.1 (the "License"); you may not use this file except in compliance with 
+ * the License. You may obtain a copy of the License at 
+ * http://www.mozilla.org/MPL/
+ * 
+ * Software distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+ * for the specific language governing rights and limitations under the
+ * License.
+ * 
+ * The Original Code is Mozilla Communicator client code, released
+ * March 31, 1998.
+ * 
+ * The Initial Developer of the Original Code is
+ * Netscape Communications Corporation.
+ * Portions created by the Initial Developer are Copyright (C) 1998-1999
+ * the Initial Developer. All Rights Reserved.
+ * 
+ * Contributor(s):
+ * 
+ * Alternatively, the contents of this file may be used under the terms of
+ * either of the GNU General Public License Version 2 or later (the "GPL"),
+ * or the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+ * in which case the provisions of the GPL or the LGPL are applicable instead
+ * of those above. If you wish to allow use of your version of this file only
+ * under the terms of either the GPL or the LGPL, and not to allow others to
+ * use your version of this file under the terms of the MPL, indicate your
+ * decision by deleting the provisions above and replace them with the notice
+ * and other provisions required by the GPL or the LGPL. If you do not delete
+ * the provisions above, a recipient may use your version of this file under
+ * the terms of any one of the MPL, the GPL or the LGPL.
+ * 
+ * ***** END LICENSE BLOCK ***** */
+
+/*
+ * Copyright (c) 1990 Regents of the University of Michigan.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms are permitted
+ * provided that this notice is preserved and that due credit is given
+ * to the University of Michigan at Ann Arbor. The name of the University
+ * may not be used to endorse or promote products derived from this
+ * software without specific prior written permission. This software
+ * is provided ``as is'' without express or implied warranty.
+ */
+
+/* idtest.c - ber decoding test program using isode libraries */
+
+#include <stdio.h>
+#include <psap.h>
+#include <quipu/attr.h>
+
+static usage( char *name )
+{
+	fprintf( stderr, "usage: %s\n", name );
+}
+
+main( int argc, char **argv )
+{
+	PE	pe;
+	PS	psin, psout, pserr;
+
+	/* read the pe from standard in */
+	if ( (psin = ps_alloc( std_open )) == NULLPS ) {
+		perror( "ps_alloc" );
+		exit( 1 );
+	}
+	if ( std_setup( psin, stdin ) == NOTOK ) {
+		perror( "std_setup" );
+		exit( 1 );
+	}
+	/* write the pe to standard out */
+	if ( (psout = ps_alloc( std_open )) == NULLPS ) {
+		perror( "ps_alloc" );
+		exit( 1 );
+	}
+	if ( std_setup( psout, stdout ) == NOTOK ) {
+		perror( "std_setup" );
+		exit( 1 );
+	}
+	/* pretty print it to standard error */
+	if ( (pserr = ps_alloc( std_open )) == NULLPS ) {
+		perror( "ps_alloc" );
+		exit( 1 );
+	}
+	if ( std_setup( pserr, stderr ) == NOTOK ) {
+		perror( "std_setup" );
+		exit( 1 );
+	}
+
+	while ( (pe = ps2pe( psin )) != NULLPE ) {
+		pe2pl( pserr, pe );
+		pe2ps( psout, pe );
+	}
+
+	exit( 0 );
+}
diff --git a/ldap/c-sdk/liblber/io.c b/ldap/c-sdk/liblber/io.c
new file mode 100644
index 000000000..fc81a9dee
--- /dev/null
+++ b/ldap/c-sdk/liblber/io.c
@@ -0,0 +1,1757 @@
+/* ***** BEGIN LICENSE BLOCK *****
+ * Version: MPL 1.1/GPL 2.0/LGPL 2.1
+ * 
+ * The contents of this file are subject to the Mozilla Public License Version 
+ * 1.1 (the "License"); you may not use this file except in compliance with 
+ * the License. You may obtain a copy of the License at 
+ * http://www.mozilla.org/MPL/
+ * 
+ * Software distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+ * for the specific language governing rights and limitations under the
+ * License.
+ * 
+ * The Original Code is Mozilla Communicator client code, released
+ * March 31, 1998.
+ * 
+ * The Initial Developer of the Original Code is
+ * Netscape Communications Corporation.
+ * Portions created by the Initial Developer are Copyright (C) 1998-1999
+ * the Initial Developer. All Rights Reserved.
+ * 
+ * Contributor(s):
+ * 
+ * Alternatively, the contents of this file may be used under the terms of
+ * either of the GNU General Public License Version 2 or later (the "GPL"),
+ * or the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+ * in which case the provisions of the GPL or the LGPL are applicable instead
+ * of those above. If you wish to allow use of your version of this file only
+ * under the terms of either the GPL or the LGPL, and not to allow others to
+ * use your version of this file under the terms of the MPL, indicate your
+ * decision by deleting the provisions above and replace them with the notice
+ * and other provisions required by the GPL or the LGPL. If you do not delete
+ * the provisions above, a recipient may use your version of this file under
+ * the terms of any one of the MPL, the GPL or the LGPL.
+ * 
+ * ***** END LICENSE BLOCK ***** */
+
+/*
+ * Copyright (c) 1990 Regents of the University of Michigan.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms are permitted
+ * provided that this notice is preserved and that due credit is given
+ * to the University of Michigan at Ann Arbor. The name of the University
+ * may not be used to endorse or promote products derived from this
+ * software without specific prior written permission. This software
+ * is provided ``as is'' without express or implied warranty.
+ */
+/* io.c - ber general i/o routines */
+
+#include "lber-int.h"
+
+#define bergetc( sb, len )    ( sb->sb_ber.ber_end > sb->sb_ber.ber_ptr ? \
+			  (unsigned char)*sb->sb_ber.ber_ptr++ : \
+			  ber_filbuf( sb, len ))
+
+# ifdef macintosh
+/*
+ * MacTCP/OpenTransport
+ */
+#  define read( s, b, l ) tcpread( s, 0, (unsigned char *)b, l, NULL )
+#  define MAX_WRITE	65535
+#  define BerWrite( sb, b, l )   tcpwrite( sb->sb_sd, (unsigned char *)(b), (l<MAX_WRITE)? l : MAX_WRITE )
+# else /* macintosh */
+#  if defined(_WIN32) || defined(_WINDOWS) || defined(XP_OS2)
+/*
+ * 32-bit Windows Socket API (under Windows NT or Windows 95)
+ */
+#   define read( s, b, l )		recv( s, b, l, 0 )
+#   define BerWrite( s, b, l )	send( s->sb_sd, b, l, 0 )
+#  else /* _WIN32 */
+/*
+ * everything else (Unix/BSD 4.3 socket API)
+ */
+#   define BerWrite( sb, b, l )	write( sb->sb_sd, b, l )
+#   define udp_read( sb, b, l, al ) recvfrom(sb->sb_sd, (char *)b, l, 0, \
+		(struct sockaddr *)sb->sb_fromaddr, \
+		(al = sizeof(struct sockaddr), &al))
+#   define udp_write( sb, b, l ) sendto(sb->sb_sd, (char *)(b), l, 0, \
+		(struct sockaddr *)sb->sb_useaddr, sizeof(struct sockaddr))
+#  endif /* _WIN32 */
+# endif /* macintosh */
+
+#ifndef udp_read
+#define udp_read( sb, b, l, al )	CLDAP NOT SUPPORTED
+#define udp_write( sb, b, l )		CLDAP NOT SUPPORTED
+#endif /* udp_read */
+
+#define EXBUFSIZ			1024
+size_t  lber_bufsize = EXBUFSIZ;
+
+#ifdef LDAP_DEBUG
+int	lber_debug;
+#endif
+
+/*
+ * function prototypes
+ */
+static void nslberi_install_compat_io_fns( Sockbuf *sb );
+static int nslberi_extread_compat( int s, void *buf, int len,
+		struct lextiof_socket_private *arg );
+static int nslberi_extwrite_compat( int s, const void *buf, int len,
+		struct lextiof_socket_private *arg );
+static ber_tag_t get_tag( Sockbuf *sb, BerElement *ber);
+static ber_len_t get_ber_len( BerElement *ber);
+static ber_len_t read_len_in_ber( Sockbuf *sb, BerElement *ber);
+
+/*
+ * internal global structure for memory allocation callback functions
+ */
+static struct lber_memalloc_fns nslberi_memalloc_fns;
+
+
+/*
+ * buffered read from "sb".
+ * returns value of first character read on success and -1 on error.
+ */
+static int
+ber_filbuf( Sockbuf *sb, ber_slen_t len )
+{
+	ssize_t	rc;
+#ifdef CLDAP
+	int	addrlen;
+#endif /* CLDAP */
+
+	if ( sb->sb_ber.ber_buf == NULL ) {
+		if ( (sb->sb_ber.ber_buf = (char *)NSLBERI_MALLOC(
+		    READBUFSIZ )) == NULL ) {
+			return( -1 );
+		}
+		sb->sb_ber.ber_flags &= ~LBER_FLAG_NO_FREE_BUFFER;
+		sb->sb_ber.ber_ptr = sb->sb_ber.ber_buf;
+		sb->sb_ber.ber_end = sb->sb_ber.ber_buf;
+	}
+
+	if ( sb->sb_naddr > 0 ) {
+#ifdef CLDAP
+		rc = udp_read(sb, sb->sb_ber.ber_buf, READBUFSIZ, addrlen );
+#ifdef LDAP_DEBUG
+		if ( lber_debug ) {
+			char msg[80];
+			sprintf( msg, "ber_filbuf udp_read %d bytes\n",
+				rc );
+			ber_err_print( msg );
+			if ( lber_debug > 1 && rc > 0 )
+				lber_bprint( sb->sb_ber.ber_buf, rc );
+		}
+#endif /* LDAP_DEBUG */
+#else /* CLDAP */
+		rc = -1;
+#endif /* CLDAP */
+	} else {
+		if ( sb->sb_ext_io_fns.lbextiofn_read != NULL ) {
+			rc = sb->sb_ext_io_fns.lbextiofn_read(
+			    sb->sb_sd, sb->sb_ber.ber_buf,
+			    ((sb->sb_options & LBER_SOCKBUF_OPT_NO_READ_AHEAD)
+			    && (len < READBUFSIZ)) ? len : READBUFSIZ,
+			    sb->sb_ext_io_fns.lbextiofn_socket_arg );
+		} else {
+#ifdef NSLDAPI_AVOID_OS_SOCKETS
+			return( -1 );
+#else
+			rc = read( sb->sb_sd, sb->sb_ber.ber_buf,
+			    ((sb->sb_options & LBER_SOCKBUF_OPT_NO_READ_AHEAD)
+			    && (len < READBUFSIZ)) ? len : READBUFSIZ );
+#endif
+		}
+	}
+
+	if ( rc > 0 ) {
+		sb->sb_ber.ber_ptr = sb->sb_ber.ber_buf + 1;
+		sb->sb_ber.ber_end = sb->sb_ber.ber_buf + rc;
+		return( (unsigned char)*sb->sb_ber.ber_buf );
+	}
+
+	return( -1 );
+}
+
+
+static ber_int_t
+BerRead( Sockbuf *sb, char *buf, ber_slen_t len )
+{
+  int c;
+  ber_int_t nread = 0;
+  
+  while (len > 0)
+    {
+      ber_int_t inberbuf = sb->sb_ber.ber_end - sb->sb_ber.ber_ptr;
+      if (inberbuf > 0)
+	{
+	  size_t tocopy = len > inberbuf ? inberbuf : len;
+	  SAFEMEMCPY(buf, sb->sb_ber.ber_ptr, tocopy);
+	  buf += tocopy;
+	  sb->sb_ber.ber_ptr += tocopy;
+	  nread += tocopy;
+	  len -= tocopy;
+	}
+      else
+	{
+	  c = ber_filbuf(sb, len);
+	  if (c < 0)
+	    {
+	      if (nread > 0)
+		break;
+               else
+                 return c;
+             }
+           *buf++ = c;
+           nread++;
+           len--;
+         }
+     }
+   return (nread);
+}
+
+
+/*
+ * Note: ber_read() only uses the ber_end and ber_ptr elements of ber.
+ * Functions like ber_get_tag(), ber_skip_tag, and ber_peek_tag() rely on
+ * that fact, so if this code is changed to use any additional elements of
+ * the ber structure, those functions will need to be changed as well.
+ */
+ber_int_t
+LDAP_CALL
+ber_read( BerElement *ber, char *buf, ber_len_t len )
+{
+	ber_len_t	actuallen;
+	ber_uint_t  nleft;
+
+	nleft = ber->ber_end - ber->ber_ptr;
+	actuallen = nleft < len ? nleft : len;
+
+	SAFEMEMCPY( buf, ber->ber_ptr, (size_t)actuallen );
+
+	ber->ber_ptr += actuallen;
+
+	return( (ber_int_t)actuallen );
+}
+
+/*
+ * enlarge the ber buffer.
+ * return 0 on success, -1 on error.
+ */
+int
+nslberi_ber_realloc( BerElement *ber, ber_len_t len )
+{
+	ber_uint_t	need, have, total;
+	size_t		have_bytes;
+	Seqorset	*s;
+	ber_int_t	off;
+	char		*oldbuf;
+	int			freeoldbuf = 0;
+
+	ber->ber_buf_reallocs++;
+
+	have_bytes = ber->ber_end - ber->ber_buf;
+	have = have_bytes / lber_bufsize;
+	need = (len < lber_bufsize ? 1 : (len + (lber_bufsize - 1)) / lber_bufsize);
+	total = have * lber_bufsize + need * lber_bufsize * ber->ber_buf_reallocs;
+	
+	oldbuf = ber->ber_buf;
+
+	if (ber->ber_buf == NULL) {
+		if ( (ber->ber_buf = (char *)NSLBERI_MALLOC( (size_t)total ))
+			 == NULL ) {
+			return( -1 );
+		}
+		ber->ber_flags &= ~LBER_FLAG_NO_FREE_BUFFER;
+	} else {
+		if ( !(ber->ber_flags & LBER_FLAG_NO_FREE_BUFFER) ) {
+			freeoldbuf = 1;
+		}
+		/* transition to malloc'd buffer */
+		if ( (ber->ber_buf = (char *)NSLBERI_MALLOC(
+			(size_t)total )) == NULL ) {
+			return( -1 );
+		}
+		ber->ber_flags &= ~LBER_FLAG_NO_FREE_BUFFER;
+		/* copy existing data into new malloc'd buffer */
+		SAFEMEMCPY( ber->ber_buf, oldbuf, have_bytes );
+	}
+
+	ber->ber_end = ber->ber_buf + total;
+
+	/*
+	 * If the stinking thing was moved, we need to go through and
+	 * reset all the sos and ber pointers.  Offsets would've been
+	 * a better idea... oh well.
+	 */
+
+	if ( ber->ber_buf != oldbuf ) {	
+		ber->ber_ptr = ber->ber_buf + (ber->ber_ptr - oldbuf);
+
+		for ( s = ber->ber_sos; s != NULLSEQORSET; s = s->sos_next ) {
+			off = s->sos_first - oldbuf;
+			s->sos_first = ber->ber_buf + off;
+
+			off = s->sos_ptr - oldbuf;
+			s->sos_ptr = ber->ber_buf + off;
+		}
+		
+		if ( freeoldbuf && oldbuf ) {
+			NSLBERI_FREE( oldbuf );
+		}
+	}
+
+	return( 0 );
+}
+
+/*
+ * returns "len" on success and -1 on failure.
+ */
+ber_int_t
+LDAP_CALL
+ber_write( BerElement *ber, char *buf, ber_len_t len, int nosos )
+{
+	if ( nosos || ber->ber_sos == NULL ) {
+		if ( ber->ber_ptr + len > ber->ber_end ) {
+			if ( nslberi_ber_realloc( ber, len ) != 0 )
+				return( -1 );
+		}
+		SAFEMEMCPY( ber->ber_ptr, buf, (size_t)len );
+		ber->ber_ptr += len;
+		return( len );
+	} else {
+		if ( ber->ber_sos->sos_ptr + len > ber->ber_end ) {
+			if ( nslberi_ber_realloc( ber, len ) != 0 )
+				return( -1 );
+		}
+		SAFEMEMCPY( ber->ber_sos->sos_ptr, buf, (size_t)len );
+		ber->ber_sos->sos_ptr += len;
+		ber->ber_sos->sos_clen += len;
+		return( len );
+	}
+}
+
+void
+LDAP_CALL
+ber_free( BerElement *ber, int freebuf )
+{
+	if ( ber != NULL ) {
+		    if ( freebuf &&
+			!(ber->ber_flags & LBER_FLAG_NO_FREE_BUFFER)) {
+			    NSLBERI_FREE(ber->ber_buf);
+		    }
+		    NSLBERI_FREE( (char *) ber );
+	}
+}
+
+/*
+ * return >= 0 on success, -1 on failure.
+ */
+int
+LDAP_CALL
+ber_flush( Sockbuf *sb, BerElement *ber, int freeit )
+{
+	ssize_t	nwritten = 0, towrite, rc;
+	int     i = 0;
+	
+	if (ber->ber_rwptr == NULL) {
+	  ber->ber_rwptr = ber->ber_buf;
+	} else if (ber->ber_rwptr >= ber->ber_end) {
+	  /* we will use the ber_rwptr to continue an exited flush,
+	     so if rwptr is not within the buffer we return an error. */
+	  return( -1 );
+	}
+	
+	/* writev section - for iDAR only!!! */
+	if (sb->sb_ext_io_fns.lbextiofn_writev != NULL) {
+
+	  /* add the sizes of the different buffers to write with writev */
+	  for (towrite = 0, i = 0; i < BER_ARRAY_QUANTITY; ++i) {
+	    /* don't add lengths of null buffers - writev will ignore them */
+	    if (ber->ber_struct[i].ldapiov_base) {
+	      towrite += ber->ber_struct[i].ldapiov_len;
+	    }
+	  }
+	  
+	  rc = sb->sb_ext_io_fns.lbextiofn_writev(sb->sb_sd, ber->ber_struct, BER_ARRAY_QUANTITY, 
+						  sb->sb_ext_io_fns.lbextiofn_socket_arg);
+	  
+	  if ( freeit )
+		ber_free( ber, 1 );
+
+	  if (rc >= 0) {
+	    /* return the number of bytes TO BE written */
+	    return (towrite - rc);
+	  } else {
+	    /* otherwise it's an error */
+	    return (rc);
+	  }
+	} /* end writev section */
+
+	towrite = ber->ber_ptr - ber->ber_rwptr;
+
+#ifdef LDAP_DEBUG
+	if ( lber_debug ) {
+		char msg[80];
+		sprintf( msg, "ber_flush: %d bytes to sd %ld%s\n", (int)towrite,
+		    sb->sb_sd, ber->ber_rwptr != ber->ber_buf ? " (re-flush)"
+		    : "" );
+		ber_err_print( msg );
+		if ( lber_debug > 1 )
+			lber_bprint( ber->ber_rwptr, towrite );
+	}
+#endif
+#if !defined(macintosh) && !defined(DOS)
+	if ( sb->sb_options & (LBER_SOCKBUF_OPT_TO_FILE | LBER_SOCKBUF_OPT_TO_FILE_ONLY) ) {
+		rc = write( sb->sb_copyfd, ber->ber_buf, towrite );
+		if ( sb->sb_options & LBER_SOCKBUF_OPT_TO_FILE_ONLY ) {
+			return( (int)rc );
+		}
+	}
+#endif
+
+	nwritten = 0;
+	do {
+		if (sb->sb_naddr > 0) {
+#ifdef CLDAP
+			rc = udp_write( sb, ber->ber_buf + nwritten,
+			    (size_t)towrite );
+#else /* CLDAP */
+			rc = -1;
+#endif /* CLDAP */
+			if ( rc <= 0 )
+				return( -1 );
+			/* fake error if write was not atomic */
+			if (rc < towrite) {
+#if !defined( macintosh ) && !defined( DOS )
+			    errno = EMSGSIZE;  /* For Win32, see portable.h */
+#endif
+			    return( -1 );
+			}
+		} else {
+			if ( sb->sb_ext_io_fns.lbextiofn_write != NULL ) {
+				if ( (rc = sb->sb_ext_io_fns.lbextiofn_write(
+				    sb->sb_sd, ber->ber_rwptr, (size_t)towrite,
+				    sb->sb_ext_io_fns.lbextiofn_socket_arg ))
+				    <= 0 ) {
+					return( -1 );
+				}
+			} else {
+#ifdef NSLDAPI_AVOID_OS_SOCKETS
+				return( -1 );
+#else
+				if ( (rc = BerWrite( sb, ber->ber_rwptr,
+				    (size_t) towrite )) <= 0 ) {
+					return( -1 );
+				}
+#endif
+			}
+		}
+		towrite -= rc;
+		nwritten += rc;
+		ber->ber_rwptr += rc;
+	} while ( towrite > 0 );
+
+	if ( freeit )
+		ber_free( ber, 1 );
+
+	return( 0 );
+}
+
+
+/* we pre-allocate a buffer to save the extra malloc later */
+BerElement *
+LDAP_CALL
+ber_alloc_t( int options )
+{
+	BerElement	*ber;
+
+	if ( (ber = (BerElement*)NSLBERI_CALLOC( 1,
+	    sizeof(struct berelement) + lber_bufsize )) == NULL ) {
+		return( NULL );
+	}
+
+	/*
+	 * for compatibility with the C LDAP API standard, we recognize
+	 * LBER_USE_DER as LBER_OPT_USE_DER.  See lber.h for a bit more info.
+	 */
+	if ( options & LBER_USE_DER ) {
+		options &= ~LBER_USE_DER;
+		options |= LBER_OPT_USE_DER;
+	}
+
+	ber->ber_tag = LBER_DEFAULT;
+	ber->ber_options = options;
+	ber->ber_buf = (char*)ber + sizeof(struct berelement);
+	ber->ber_ptr = ber->ber_buf;
+	ber->ber_end = ber->ber_buf + lber_bufsize;
+	ber->ber_flags = LBER_FLAG_NO_FREE_BUFFER;
+
+	return( ber );
+}
+
+
+BerElement *
+LDAP_CALL
+ber_alloc()
+{
+	return( ber_alloc_t( 0 ) );
+}
+
+BerElement *
+LDAP_CALL
+der_alloc()
+{
+	return( ber_alloc_t( LBER_OPT_USE_DER ) );
+}
+
+BerElement *
+LDAP_CALL
+ber_dup( BerElement *ber )
+{
+	BerElement	*new;
+
+	if ( (new = ber_alloc()) == NULL )
+		return( NULL );
+
+	*new = *ber;
+
+	return( new );
+}
+
+
+void
+LDAP_CALL
+ber_init_w_nullchar( BerElement *ber, int options )
+{
+	(void) memset( (char *)ber, '\0', sizeof(struct berelement) );
+	ber->ber_tag = LBER_DEFAULT;
+
+	/*
+	 * For compatibility with the C LDAP API standard, we recognize
+	 * LBER_USE_DER as LBER_OPT_USE_DER.  See lber.h for a bit more info.
+	 */
+	if ( options & LBER_USE_DER ) {
+		options &= ~LBER_USE_DER;
+		options |= LBER_OPT_USE_DER;
+	}
+
+	ber->ber_options = options;
+}
+
+void
+LDAP_CALL
+ber_reset( BerElement *ber, int was_writing )
+{
+	if ( was_writing ) {
+		ber->ber_end = ber->ber_ptr;
+		ber->ber_ptr = ber->ber_buf;
+	} else {
+		ber->ber_ptr = ber->ber_end;
+	}
+
+	ber->ber_rwptr = NULL;
+	ber->ber_tag_len_read = 0;
+
+	memset(ber->ber_struct, 0, BER_CONTENTS_STRUCT_SIZE);
+}
+
+/* Returns the length of the ber buffer so far,
+   taking into account sequences/sets also.
+   CAUTION: Returns 0 on null buffers as well 
+   as 0 on empty buffers!
+*/
+size_t
+LDAP_CALL
+ber_get_buf_datalen( BerElement *ber )
+{
+  size_t datalen;
+
+  if ( ( ber == NULL) || ( ber->ber_buf == NULL) || ( ber->ber_ptr == NULL ) ) {
+    datalen = 0;
+  } else if (ber->ber_sos == NULLSEQORSET) {
+    /* there are no sequences or sets yet, 
+       so just subtract ptr from the beginning of the ber buffer */
+    datalen = ber->ber_ptr - ber->ber_buf;
+  } else {
+    /* sequences exist, so just take the ptr of the sequence
+       on top of the stack and subtract the beginning of the
+       buffer from it */
+    datalen = ber->ber_sos->sos_ptr - ber->ber_buf;
+  }
+  
+  return datalen;
+}
+
+/*
+  if buf is 0 then malloc a buffer of length size
+  returns > 0 on success, 0 otherwise
+*/
+int
+LDAP_CALL
+ber_stack_init(BerElement *ber, int options, char * buf,
+        size_t size)
+{
+  if (NULL == ber)
+    return 0;
+  
+  memset(ber, 0, sizeof(*ber));
+
+  /*
+   * for compatibility with the C LDAP API standard, we recognize
+   * LBER_USE_DER as LBER_OPT_USE_DER.  See lber.h for a bit more info.
+   */
+
+  if ( options & LBER_USE_DER ) {
+    options &= ~LBER_USE_DER;
+    options |= LBER_OPT_USE_DER;
+  }
+
+  ber->ber_tag = LBER_DEFAULT;
+  ber->ber_options = options;
+  
+  if ( ber->ber_buf && !(ber->ber_flags & LBER_FLAG_NO_FREE_BUFFER)) {
+	  NSLBERI_FREE(ber->ber_buf);
+  }
+  
+  if (buf) {
+    ber->ber_buf = ber->ber_ptr = buf;
+    ber->ber_flags = LBER_FLAG_NO_FREE_BUFFER;
+  } else {
+    ber->ber_buf = ber->ber_ptr = (char *) NSLBERI_MALLOC(size);
+  }
+
+  ber->ber_end = ber->ber_buf + size;
+
+  return ber->ber_buf != 0;
+}
+
+/*
+ * This call allows to release only the data part of
+ * the target Sockbuf.
+ * Other info of this Sockbuf are kept unchanged.
+ */
+void
+LDAP_CALL
+ber_sockbuf_free_data(Sockbuf *p)
+{
+    if ( p != NULL ) {
+	if ( p->sb_ber.ber_buf != NULL &&
+	     !(p->sb_ber.ber_flags & LBER_FLAG_NO_FREE_BUFFER) ) {
+	    NSLBERI_FREE( p->sb_ber.ber_buf );
+	    p->sb_ber.ber_buf = NULL;
+	}
+    }
+}
+
+/* simply returns ber_buf in the ber ...
+   explicitly for DS MMR only...
+*/
+char *
+LDAP_CALL
+ber_get_buf_databegin (BerElement * ber)
+{
+  if (NULL != ber) {
+    return ber->ber_buf;
+  } else {
+    return NULL;
+  }
+}
+
+#ifdef LDAP_DEBUG
+
+void
+ber_dump( BerElement *ber, int inout )
+{
+	char msg[128];
+	sprintf( msg, "ber_dump: buf 0x%p, ptr 0x%p, rwptr 0x%p, end 0x%p\n",
+	    ber->ber_buf, ber->ber_ptr, ber->ber_rwptr, ber->ber_end );
+	ber_err_print( msg );
+	if ( inout == 1 ) {
+		sprintf( msg, "          current len %ld, contents:\n",
+                 (long)(ber->ber_end - ber->ber_ptr) );
+		ber_err_print( msg );
+		lber_bprint( ber->ber_ptr, ber->ber_end - ber->ber_ptr );
+	} else {
+		sprintf( msg, "          current len %ld, contents:\n",
+                 (long)(ber->ber_ptr - ber->ber_buf) );
+		ber_err_print( msg );
+		lber_bprint( ber->ber_buf, ber->ber_ptr - ber->ber_buf );
+	}
+}
+
+void
+ber_sos_dump( Seqorset *sos )
+{
+	char msg[80];
+	ber_err_print ( "*** sos dump ***\n" );
+	while ( sos != NULLSEQORSET ) {
+		sprintf( msg, "ber_sos_dump: clen %d first 0x%p ptr 0x%p\n",
+		    sos->sos_clen, sos->sos_first, sos->sos_ptr );
+		ber_err_print( msg );
+		sprintf( msg, "              current len %ld contents:\n",
+                 (long)(sos->sos_ptr - sos->sos_first) );
+		ber_err_print( msg );
+		lber_bprint( sos->sos_first, sos->sos_ptr - sos->sos_first );
+
+		sos = sos->sos_next;
+	}
+	ber_err_print( "*** end dump ***\n" );
+}
+
+#endif
+
+/* return the tag - LBER_DEFAULT returned means trouble
+ * assumes the tag is only one byte! */
+static ber_tag_t
+get_tag( Sockbuf *sb, BerElement *ber)
+{
+        unsigned char   xbyte;
+
+        if ( (BerRead( sb, (char *) &xbyte, 1 )) != 1 ) {
+                return( LBER_DEFAULT );
+        }
+
+        /* we only handle small (one byte) tags */
+        if ( (xbyte & LBER_BIG_TAG_MASK) == LBER_BIG_TAG_MASK ) {
+                return( LBER_DEFAULT );
+        }
+
+	ber->ber_tag_contents[0] = xbyte;
+	ber->ber_struct[BER_STRUCT_TAG].ldapiov_len = 1;
+	return((ber_tag_t)xbyte);
+}
+
+
+/* Error checking? */
+/* Takes a ber and returns the actual length */
+static ber_len_t
+get_ber_len( BerElement *ber)
+{
+  int noctets;
+  ber_len_t len = 0;
+  char xbyte;
+
+  xbyte = ber->ber_len_contents[0];
+  
+  /* long form */
+  if (xbyte & 0x80) {
+    noctets = (int) (xbyte & 0x7f);
+    if (noctets >= MAX_LEN_SIZE) {
+      return(LBER_DEFAULT);
+    }
+    SAFEMEMCPY((char*) &len + sizeof(ber_len_t) - noctets, &ber->ber_len_contents[1], noctets);
+    len = LBER_NTOHL(len);
+    return(len);
+  } else {
+    return((ber_len_t)(xbyte));
+  }
+}
+
+/* LBER_DEFAULT means trouble
+   reads in the length, stores it in ber->ber_struct, and returns get_ber_len */
+static ber_len_t
+read_len_in_ber( Sockbuf *sb, BerElement *ber)
+{
+  unsigned char xbyte;
+  int           noctets;
+  int           rc = 0, read_result = 0;
+
+  /*
+   * Next, read the length.  The first byte contains the length
+   * of the length.  If bit 8 is set, the length is the long
+   * form, otherwise it's the short form.  We don't allow a
+   * length that's greater than what we can hold in a ber_int_t
+   */
+  if ( ber->ber_tag_len_read == 1) {
+      /* the length of the length hasn't been read yet */
+      if ( BerRead( sb, (char *) &xbyte, 1 ) != 1 ) {
+	  return( LBER_DEFAULT );
+      }
+      ber->ber_tag_len_read = 2;
+      ber->ber_len_contents[0] = xbyte;
+  } else {
+      rc = ber->ber_tag_len_read - 2;
+      xbyte = ber->ber_len_contents[0];
+  }
+  
+  /* long form of the length value */
+  if ( xbyte & 0x80 ) {
+    noctets = (xbyte & 0x7f);
+    if ( noctets >= MAX_LEN_SIZE )
+	return( LBER_DEFAULT );
+    while (rc < noctets) {
+	read_result = BerRead( sb, &(ber->ber_len_contents[1]) + rc, noctets - rc );
+	if (read_result <= 0) {
+	    ber->ber_tag_len_read = rc + 2; /* so we can continue later - include tag and lenlen */
+	    return( LBER_DEFAULT );
+	}
+	rc += read_result;
+    }
+    ber->ber_tag_len_read = rc + 2; /* adds tag (1 byte) and lenlen (1 byte) */
+    ber->ber_struct[BER_STRUCT_LEN].ldapiov_len = 1 + noctets;
+  } else { /* short form of the length value */ 
+    ber->ber_struct[BER_STRUCT_LEN].ldapiov_len = 1;
+  }
+  return(get_ber_len(ber));
+}
+
+
+ber_tag_t
+LDAP_CALL
+ber_get_next( Sockbuf *sb, ber_len_t *len, BerElement *ber )
+{
+	ber_len_t	newlen;
+	ber_len_t	toread;
+	ber_int_t	rc;
+	ber_len_t   orig_taglen_read = 0;
+	char * orig_rwptr = ber->ber_rwptr ? ber->ber_rwptr : ber->ber_buf;
+
+#ifdef LDAP_DEBUG
+	if ( lber_debug )
+		ber_err_print( "ber_get_next\n" );
+#endif
+
+	/*
+	 * When rwptr is NULL this signifies that the tag and length have not been
+	 * read in their entirety yet. (if at all)
+	 */
+	if ( ber->ber_rwptr == NULL ) {
+
+            /* first save the amount we previously read, so we know what to return in len. */
+	    orig_taglen_read = ber->ber_tag_len_read;
+
+	    /* read the tag - if tag_len_read is greater than 0, then it has already been read. */
+	    if (ber->ber_tag_len_read == 0) {
+		if ((ber->ber_tag = get_tag(sb, ber)) == LBER_DEFAULT ) {
+		    *len = 0;
+		    return( LBER_DEFAULT );
+		}
+
+		ber->ber_tag_contents[0] = (char)ber->ber_tag; /* we only handle 1 byte tags */
+		ber->ber_tag_len_read = 1;  
+
+                /* check for validity */
+		if((sb->sb_options & LBER_SOCKBUF_OPT_VALID_TAG) &&
+		   (ber->ber_tag != sb->sb_valid_tag)) {
+		    *len = 1; /* we just read the tag so far */
+		    return( LBER_DEFAULT);
+		}              
+	    }	  
+	  
+	    /* read the length */
+	    if ((newlen = read_len_in_ber(sb, ber)) == LBER_DEFAULT ) {
+		*len = ber->ber_tag_len_read - orig_taglen_read;
+		return( LBER_DEFAULT );
+	    }
+
+	    /*
+	     * Finally, malloc a buffer for the contents and read it in.
+	     * It's this buffer that's passed to all the other ber decoding
+	     * routines.
+	     */
+	  
+#if defined( DOS ) && !( defined( _WIN32 ) || defined(XP_OS2) )
+	    if ( newlen > 65535 ) {	/* DOS can't allocate > 64K */
+		return( LBER_DEFAULT );
+	    }
+#endif /* DOS && !_WIN32 */
+	  
+	    if ( ( sb->sb_options & LBER_SOCKBUF_OPT_MAX_INCOMING_SIZE )
+		 && newlen > sb->sb_max_incoming ) {
+		return( LBER_DEFAULT );
+	    }
+	    
+	    /* check to see if we already have enough memory allocated */
+	    if ( ((ber_len_t) ber->ber_end - (ber_len_t) ber->ber_buf) < newlen) {
+			if ( ber->ber_buf && !(ber->ber_flags & LBER_FLAG_NO_FREE_BUFFER)) {
+				NSLBERI_FREE(ber->ber_buf);
+			}
+			if ( (ber->ber_buf = (char *)NSLBERI_CALLOC( 1,(size_t)newlen ))
+				 == NULL ) {
+				return( LBER_DEFAULT );
+			}
+			ber->ber_flags &= ~LBER_FLAG_NO_FREE_BUFFER;
+			orig_rwptr = ber->ber_buf;
+	    }
+	    
+	    
+	    ber->ber_len = newlen;
+	    ber->ber_ptr = ber->ber_buf;
+	    ber->ber_end = ber->ber_buf + newlen;
+	    ber->ber_rwptr = ber->ber_buf;
+	    ber->ber_tag_len_read = 0; /* now that rwptr is set, this doesn't matter */
+	}
+	
+	/* OK, we've malloc-ed the buffer; now read the rest of the expected length */
+	toread = (ber_len_t)ber->ber_end - (ber_len_t)ber->ber_rwptr;
+	do {
+	    if ( (rc = BerRead( sb, ber->ber_rwptr, (ber_int_t)toread )) <= 0 ) {
+		*len = (ber_len_t) ber->ber_rwptr - (ber_len_t) orig_rwptr;
+		return( LBER_DEFAULT );
+	    }
+	    
+	    toread -= rc;
+	    ber->ber_rwptr += rc;
+	} while ( toread > 0 );
+	
+#ifdef LDAP_DEBUG
+	if ( lber_debug ) {
+	    char msg[80];
+	    sprintf( msg, "ber_get_next: tag 0x%x len %d contents:\n",
+		     ber->ber_tag, ber->ber_len );
+	    ber_err_print( msg );
+	    if ( lber_debug > 1 )
+		ber_dump( ber, 1 );
+	}
+#endif
+	
+	*len = (ber_len_t) ber->ber_rwptr - (ber_len_t) orig_rwptr;
+	ber->ber_rwptr = NULL;
+	ber->ber_struct[BER_STRUCT_VAL].ldapiov_len = ber->ber_len;
+	return( ber->ber_tag );
+}
+
+Sockbuf *
+LDAP_CALL
+ber_sockbuf_alloc()
+{
+	return( (Sockbuf *)NSLBERI_CALLOC( 1, sizeof(struct sockbuf) ) );
+}
+
+void
+LDAP_CALL
+ber_sockbuf_free(Sockbuf *p)
+{
+	if ( p != NULL ) {
+		if ( p->sb_ber.ber_buf != NULL &&
+		    !(p->sb_ber.ber_flags & LBER_FLAG_NO_FREE_BUFFER) ) {
+			NSLBERI_FREE( p->sb_ber.ber_buf );
+		}
+		NSLBERI_FREE(p);
+	}
+}
+
+/*
+ * return 0 on success and -1 on error
+ */
+int
+LDAP_CALL
+ber_set_option( struct berelement *ber, int option, void *value )
+{
+  
+  /*
+   * memory allocation callbacks are global, so it is OK to pass
+   * NULL for ber.  Handle this as a special case.
+   */
+  if ( option == LBER_OPT_MEMALLOC_FN_PTRS ) {
+    /* struct copy */
+    nslberi_memalloc_fns = *((struct lber_memalloc_fns *)value);
+    return( 0 );
+  }
+  
+  /*
+   * lber_debug is global, so it is OK to pass
+   * NULL for ber.  Handle this as a special case.
+   */
+  if ( option == LBER_OPT_DEBUG_LEVEL ) {
+#ifdef LDAP_DEBUG
+    lber_debug = *(int *)value;
+#endif
+    return( 0 );
+  }
+
+ /*
+  * lber_bufsize is global, so it is OK to pass
+  * NULL for ber. Handle this as a special case.
+  */	
+  if ( option == LBER_OPT_BUFSIZE ) {
+	if ( *(size_t *)value > EXBUFSIZ ) {
+		lber_bufsize = *(size_t *)value;
+	}
+    return( 0 );
+  }
+
+  /*
+   * all the rest require a non-NULL ber
+   */
+  if ( !NSLBERI_VALID_BERELEMENT_POINTER( ber )) {
+    return( -1 );
+  }
+  
+  switch ( option ) {
+	case LBER_OPT_USE_DER:
+	case LBER_OPT_TRANSLATE_STRINGS:
+		if ( value != NULL ) {
+			ber->ber_options |= option;
+		} else {
+			ber->ber_options &= ~option;
+		}
+		break;
+	case LBER_OPT_REMAINING_BYTES:
+		ber->ber_end = ber->ber_ptr + *((ber_len_t *)value);
+		break;
+	case LBER_OPT_TOTAL_BYTES:
+		ber->ber_end = ber->ber_buf + *((ber_len_t *)value);
+		break;
+	case LBER_OPT_BYTES_TO_WRITE:
+		ber->ber_ptr = ber->ber_buf + *((ber_len_t *)value);
+		break;
+	default:
+		return( -1 );
+  }
+  
+  return( 0 );
+}
+
+/*
+ * return 0 on success and -1 on error
+ */
+int
+LDAP_CALL
+ber_get_option( struct berelement *ber, int option, void *value )
+{
+	/*
+	 * memory callocation callbacks are global, so it is OK to pass
+	 * NULL for ber.  Handle this as a special case
+	 */
+	if ( option == LBER_OPT_MEMALLOC_FN_PTRS ) {
+		/* struct copy */
+		*((struct lber_memalloc_fns *)value) = nslberi_memalloc_fns;
+		return( 0 );
+	}
+	
+	/*
+	 * lber_debug is global, so it is OK to pass
+	 * NULL for ber.  Handle this as a special case.
+	 */
+	if ( option == LBER_OPT_DEBUG_LEVEL ) {
+#ifdef LDAP_DEBUG
+	 *(int *)value =  lber_debug;
+#endif
+	  return( 0 );
+	}
+
+	/*
+	 * lber_bufsize is global, so it is OK to pass
+	 * NULL for ber. Handle this as a special case.
+	 */
+	if ( option == LBER_OPT_BUFSIZE ) {
+	  *(size_t *)value = lber_bufsize;
+	  return( 0 );
+	}
+
+	/*
+	 * all the rest require a non-NULL ber
+	 */
+	if ( !NSLBERI_VALID_BERELEMENT_POINTER( ber )) {
+		return( -1 );
+	}
+
+	switch ( option ) {
+	case LBER_OPT_USE_DER:
+	case LBER_OPT_TRANSLATE_STRINGS:
+		*((int *) value) = (ber->ber_options & option);
+		break;
+	case LBER_OPT_REMAINING_BYTES:
+		*((ber_len_t *) value) = ber->ber_end - ber->ber_ptr;
+		break;
+	case LBER_OPT_TOTAL_BYTES:
+		*((ber_len_t *) value) = ber->ber_end - ber->ber_buf;
+		break;
+	case LBER_OPT_BYTES_TO_WRITE:
+		*((ber_len_t *) value) = ber->ber_ptr - ber->ber_buf;
+		break;
+	default:
+		return( -1 );
+	}
+
+	return( 0 );
+}
+
+/*
+ * return 0 on success and -1 on error
+ */
+int
+LDAP_CALL
+ber_sockbuf_set_option( Sockbuf *sb, int option, void *value )
+{
+	struct lber_x_ext_io_fns	*extiofns;
+
+	if ( !NSLBERI_VALID_SOCKBUF_POINTER( sb )) {
+		return( -1 );
+	}
+
+        /* check for a NULL value for certain options. */
+	if (NULL == value) {
+	    switch ( option ) {
+	    case LBER_SOCKBUF_OPT_TO_FILE:
+	    case LBER_SOCKBUF_OPT_TO_FILE_ONLY:
+	    case LBER_SOCKBUF_OPT_NO_READ_AHEAD:
+	    case LBER_SOCKBUF_OPT_READ_FN:
+	    case LBER_SOCKBUF_OPT_WRITE_FN:
+	    case LBER_SOCKBUF_OPT_EXT_IO_FNS:
+	    case LBER_SOCKBUF_OPT_MAX_INCOMING_SIZE:
+		/* do nothing - it's OK to have a NULL value for these options */
+		break;
+	    default:
+		return( -1 );
+	    }
+	}
+
+	switch ( option ) {
+	case LBER_SOCKBUF_OPT_VALID_TAG:
+		sb->sb_valid_tag= *((ber_tag_t *) value);
+		/* use NULL to reset */
+		if ( value != NULL ) {
+			sb->sb_options |= option;
+		} else {
+			sb->sb_options &= ~option;
+		}
+		break;
+	case LBER_SOCKBUF_OPT_MAX_INCOMING_SIZE:
+		if ( value != NULL ) {
+		    sb->sb_max_incoming = *((ber_len_t *) value);
+		    sb->sb_options |= option;
+		} else {
+		    /* setting the max incoming to 0 seems to be the only
+		       way to tell the callers of ber_sockbuf_get_option
+		       that this option isn't set. */
+		    sb->sb_max_incoming = 0;
+		    sb->sb_options &= ~option;
+		}
+		break;
+	case LBER_SOCKBUF_OPT_TO_FILE:
+	case LBER_SOCKBUF_OPT_TO_FILE_ONLY:
+	case LBER_SOCKBUF_OPT_NO_READ_AHEAD:
+		if ( value != NULL ) {
+			sb->sb_options |= option;
+		} else {
+			sb->sb_options &= ~option;
+		}
+		break;
+	case LBER_SOCKBUF_OPT_DESC:
+		sb->sb_sd = *((LBER_SOCKET *) value);
+		break;
+	case LBER_SOCKBUF_OPT_COPYDESC:
+		sb->sb_copyfd = *((LBER_SOCKET *) value);
+		break;
+	case LBER_SOCKBUF_OPT_READ_FN:
+		sb->sb_io_fns.lbiof_read = (LDAP_IOF_READ_CALLBACK *) value;
+		nslberi_install_compat_io_fns( sb );
+		break;
+	case LBER_SOCKBUF_OPT_WRITE_FN:
+		sb->sb_io_fns.lbiof_write = (LDAP_IOF_WRITE_CALLBACK *) value;
+		nslberi_install_compat_io_fns( sb );
+		break;
+	case LBER_SOCKBUF_OPT_EXT_IO_FNS:
+		extiofns = (struct lber_x_ext_io_fns *) value;
+		if ( extiofns == NULL ) {	/* remove */
+			(void)memset( (char *)&sb->sb_ext_io_fns, '\0',
+				sizeof(sb->sb_ext_io_fns ));
+		} else if ( extiofns->lbextiofn_size
+		    == LBER_X_EXTIO_FNS_SIZE ) {
+			/* struct copy */
+			sb->sb_ext_io_fns = *extiofns;
+		} else if ( extiofns->lbextiofn_size
+			    == LBER_X_EXTIO_FNS_SIZE_REV0 ) {
+			/* backwards compatiblity for older struct */
+			sb->sb_ext_io_fns.lbextiofn_size =
+				LBER_X_EXTIO_FNS_SIZE;
+			sb->sb_ext_io_fns.lbextiofn_read =
+				extiofns->lbextiofn_read;
+			sb->sb_ext_io_fns.lbextiofn_write =
+				    extiofns->lbextiofn_write;
+			sb->sb_ext_io_fns.lbextiofn_writev = NULL;
+			sb->sb_ext_io_fns.lbextiofn_socket_arg =
+				    extiofns->lbextiofn_socket_arg;
+		} else {
+			return( -1 );
+		}
+		break;
+	case LBER_SOCKBUF_OPT_SOCK_ARG:
+		sb->sb_ext_io_fns.lbextiofn_socket_arg = 
+		(struct lextiof_socket_private *) value;
+		break;
+	default:
+		return( -1 );
+	}
+
+	return( 0 );
+}
+
+/*
+ * return 0 on success and -1 on error
+ */
+int
+LDAP_CALL
+ber_sockbuf_get_option( Sockbuf *sb, int option, void *value )
+{
+	struct lber_x_ext_io_fns	*extiofns;
+
+	if ( !NSLBERI_VALID_SOCKBUF_POINTER( sb ) || (NULL == value)) {
+		return( -1 );
+	}
+
+	switch ( option ) {
+	case LBER_SOCKBUF_OPT_VALID_TAG:
+		*((ber_tag_t *) value) = sb->sb_valid_tag;
+		break;
+	case LBER_SOCKBUF_OPT_MAX_INCOMING_SIZE:
+		*((ber_len_t *) value) = sb->sb_max_incoming;
+		break;
+	case LBER_SOCKBUF_OPT_TO_FILE:
+	case LBER_SOCKBUF_OPT_TO_FILE_ONLY:
+	case LBER_SOCKBUF_OPT_NO_READ_AHEAD:
+		*((int *) value) = (sb->sb_options & option);
+		break;
+	case LBER_SOCKBUF_OPT_DESC:
+		*((LBER_SOCKET *) value) = sb->sb_sd;
+		break;
+	case LBER_SOCKBUF_OPT_COPYDESC:
+		*((LBER_SOCKET *) value) = sb->sb_copyfd;
+		break;
+	case LBER_SOCKBUF_OPT_READ_FN:
+		*((LDAP_IOF_READ_CALLBACK **) value)
+		    = sb->sb_io_fns.lbiof_read;
+		break;
+	case LBER_SOCKBUF_OPT_WRITE_FN:
+		*((LDAP_IOF_WRITE_CALLBACK **) value)
+		    = sb->sb_io_fns.lbiof_write;
+		break;
+	case LBER_SOCKBUF_OPT_EXT_IO_FNS:
+		extiofns = (struct lber_x_ext_io_fns *) value;
+        if ( extiofns == NULL ) {
+			return( -1 );
+		} else if ( extiofns->lbextiofn_size
+			    == LBER_X_EXTIO_FNS_SIZE ) {
+			/* struct copy */
+			*extiofns = sb->sb_ext_io_fns;
+		} else if ( extiofns->lbextiofn_size
+			    == LBER_X_EXTIO_FNS_SIZE_REV0 ) {
+			/* backwards compatiblity for older struct */
+			extiofns->lbextiofn_read = sb->sb_ext_io_fns.lbextiofn_read;
+			extiofns->lbextiofn_write = sb->sb_ext_io_fns.lbextiofn_write;
+			extiofns->lbextiofn_socket_arg = sb->sb_ext_io_fns.lbextiofn_socket_arg;
+		} else {
+			return( -1 );
+		}
+		break;
+	case LBER_SOCKBUF_OPT_SOCK_ARG:
+		*((struct lextiof_socket_private **)value) = sb->sb_ext_io_fns.lbextiofn_socket_arg;
+		break;
+	default:
+		return( -1 );
+	}
+
+	return( 0 );
+}
+
+
+/* new dboreham code below: */
+
+struct byte_buffer  {
+	unsigned char *p;
+	int offset;
+	int length;
+};
+typedef struct byte_buffer byte_buffer;
+
+
+/* This call allocates us a BerElement structure plus some extra memory. 
+ * It returns a pointer to the BerElement, plus a pointer to the extra memory.
+ * This routine also allocates a ber data buffer within the same block, thus
+ * saving a call to calloc later when we read data.
+ */
+void*
+LDAP_CALL
+ber_special_alloc(size_t size, BerElement **ppBer)
+{
+	char *mem = NULL;
+
+	/* Make sure mem size requested is aligned */
+	if (0 != ( size & 0x03 )) {
+		size += (sizeof(ber_int_t) - (size & 0x03));
+	}
+
+	mem = NSLBERI_MALLOC(sizeof(struct berelement) + lber_bufsize + size );
+	if (NULL == mem) {
+		return NULL;
+	} 
+	*ppBer = (BerElement*) (mem + size);
+	memset(*ppBer,0,sizeof(struct berelement));
+	(*ppBer)->ber_tag = LBER_DEFAULT;
+	(*ppBer)->ber_buf = mem + size + sizeof(struct berelement);
+	(*ppBer)->ber_ptr = (*ppBer)->ber_buf;
+	(*ppBer)->ber_end = (*ppBer)->ber_buf + lber_bufsize;
+	(*ppBer)->ber_flags = LBER_FLAG_NO_FREE_BUFFER;
+	return (void*)mem;
+}
+
+void
+LDAP_CALL
+ber_special_free(void* buf, BerElement *ber)
+{
+	if (!(ber->ber_flags & LBER_FLAG_NO_FREE_BUFFER)) {
+		NSLBERI_FREE(ber->ber_buf);
+	}
+	NSLBERI_FREE( buf );
+}
+
+/* Copy up to bytes_to_read bytes from b into return_buffer.
+ * Returns a count of bytes copied (always >= 0).
+ */
+static int
+read_bytes(byte_buffer *b, unsigned char *return_buffer, int bytes_to_read)
+{
+	/* copy up to bytes_to_read bytes into the caller's buffer, return the number of bytes copied */
+	int bytes_to_copy = 0;
+
+	if (bytes_to_read <= (b->length - b->offset) ) {
+		bytes_to_copy = bytes_to_read;
+	} else {
+		bytes_to_copy = (b->length - b->offset);
+	}
+	if (1 == bytes_to_copy) {
+		*return_buffer = *(b->p+b->offset++);
+	} else if (bytes_to_copy <= 0) {
+		bytes_to_copy = 0;	/* never return a negative result */
+	} else {
+		SAFEMEMCPY(return_buffer,b->p+b->offset,bytes_to_copy);
+		b->offset += bytes_to_copy;
+	}
+	return bytes_to_copy;
+}
+
+/* return the tag - LBER_DEFAULT returned means trouble */
+static ber_tag_t
+get_buffer_tag(byte_buffer *sb )
+{
+	unsigned char	xbyte;
+	ber_tag_t		tag;
+	char			*tagp;
+	int				i;
+
+	if ( (i = read_bytes( sb, &xbyte, 1 )) != 1 ) {
+		return( LBER_DEFAULT );
+	}
+
+	if ( (xbyte & LBER_BIG_TAG_MASK) != LBER_BIG_TAG_MASK ) {
+		return( (ber_uint_t) xbyte );
+	}
+
+	tagp = (char *) &tag;
+	tagp[0] = xbyte;
+	for ( i = 1; i < sizeof(ber_int_t); i++ ) {
+		if ( read_bytes( sb, &xbyte, 1 ) != 1 )
+			return( LBER_DEFAULT );
+
+		tagp[i] = xbyte;
+
+		if ( ! (xbyte & LBER_MORE_TAG_MASK) )
+			break;
+	}
+
+	/* tag too big! */
+	if ( i == sizeof(ber_int_t) )
+		return( LBER_DEFAULT );
+
+	/* want leading, not trailing 0's */
+	return( tag >> (sizeof(ber_int_t) - i - 1) );
+}
+
+/* Like ber_get_next, but from a byte buffer the caller already has. */
+/* Bytes_Scanned returns the number of bytes we actually looked at in the buffer. */
+/* ber_get_next_buffer is now implemented in terms of ber_get_next_buffer_ext */
+/* and is here for backward compatibility.  This new function allows us to pass */
+/* the Sockbuf structure along */
+
+ber_uint_t
+LDAP_CALL
+ber_get_next_buffer( void *buffer, size_t buffer_size, ber_len_t *len,
+    BerElement *ber, ber_uint_t *Bytes_Scanned )
+{
+	return (ber_get_next_buffer_ext( buffer, buffer_size, len, ber,
+		Bytes_Scanned, NULL));
+}
+
+/*
+ * Returns the tag of the message or LBER_ return code if an error occurs.
+ *
+ * If there was not enough data in the buffer to complete the message this
+ * is a "soft" error. In this case, *Bytes_Scanned is set to a positive
+ * number and return code is set to LBER_DEFAULT.
+ *
+ * On overflow condition when the length is either bigger than ber_uint_t 
+ * type or the value preset via LBER_SOCKBUF_OPT_MAX_INCOMING_SIZE option,
+ * *Bytes_Scanned is set to zero and return code is set to LBER_OVERFLOW.
+ *
+ * For backward compatibility errno is also set on these error conditions:
+ *
+ * EINVAL   - LBER_SOCKBUF_OPT_VALID_TAG option set but tag doesnt match.
+ * EMSGSIZE - an overflow condition as described above for LBER_OVERFLOW.
+ */
+ber_uint_t
+LDAP_CALL
+ber_get_next_buffer_ext( void *buffer, size_t buffer_size, ber_len_t *len,
+    BerElement *ber, ber_uint_t *Bytes_Scanned, Sockbuf *sock )
+{
+	ber_tag_t		tag = 0; 
+	ber_len_t		netlen;
+	ber_len_t		toread;
+	unsigned char	lc;
+	ssize_t			rc;
+	int				noctets, diff;
+	byte_buffer		sb = {0};
+
+
+	/*
+	 * Any ber element looks like this: tag length contents.
+	 * Assuming everything's ok, we return the tag byte (we
+	 * can assume a single byte), return the length in len,
+	 * and the rest of the undecoded element in buf.
+	 *
+	 * Assumptions:
+	 *	1) small tags (less than 128)
+	 *	2) definite lengths
+	 *	3) primitive encodings used whenever possible
+	 */
+
+	/*
+	 * first time through - malloc the buffer, set up ptrs, and
+	 * read the tag and the length and as much of the rest as we can
+	 */
+
+	sb.p = buffer;
+	sb.length = buffer_size;
+
+	if ( ber->ber_rwptr == NULL ) {
+
+		/*
+		 * First, we read the tag.
+		 */
+
+        /* if we have been called before with a fragment not
+         * containing a complete length, we have no rwptr but
+         * a tag already
+         */
+		if ( ber->ber_tag == LBER_DEFAULT ) {
+			if ( (tag = get_buffer_tag( &sb )) == LBER_DEFAULT ) {
+				goto premature_exit;
+			}
+			ber->ber_tag = tag;
+		}
+		
+		if((sock->sb_options & LBER_SOCKBUF_OPT_VALID_TAG) &&
+		   (ber->ber_tag != sock->sb_valid_tag)) {
+#if !defined( macintosh ) && !defined( DOS )
+			errno = EINVAL;
+#endif
+            goto error_exit;
+		}
+
+		/* If we have been called before with an incomplete length,
+		 * the fragment of the length read is in ber->ber_len_contents
+		 * ber->ber_tag_len_read is the # of bytes of the length available
+		 * from a previous fragment
+		 */
+
+		if (ber->ber_tag_len_read) {
+			int nbytes;
+			
+			noctets = ((ber->ber_len_contents[0]) & 0x7f);
+			diff = noctets + 1 /* tag */ - ber->ber_tag_len_read;
+			
+			if ( (nbytes = read_bytes( &sb, (unsigned char *) &ber->ber_len_contents[0] +
+						   ber->ber_tag_len_read, diff )) != diff ) {
+				
+				if (nbytes > 0)
+					ber->ber_tag_len_read+=nbytes;
+				
+				goto premature_exit;
+			}
+			*len = get_ber_len(ber); /* cast ber->ber_len_contents to unsigned long */
+			
+		} else {
+			/*
+			 * Next, read the length.  The first byte contains the length
+			 * of the length.  If bit 8 is set, the length is the long
+			 * form, otherwise it's the short form.  We don't allow a
+			 * length that's greater than what we can hold in an unsigned
+			 * long.
+			 */
+
+			*len = netlen = 0;
+			if ( read_bytes( &sb, &lc, 1 ) != 1 ) {
+				goto premature_exit;
+			}
+			if ( lc & 0x80 ) {
+				int nbytes;
+				
+				noctets = (lc & 0x7f);
+				if ( noctets > sizeof(ber_uint_t) ) {
+#if !defined( macintosh ) && !defined( DOS )
+                    errno = EMSGSIZE;
+#endif
+                    *Bytes_Scanned = 0;
+                    return(LBER_OVERFLOW);
+                }
+                diff = sizeof(ber_uint_t) - noctets;
+				if ( (nbytes = read_bytes( &sb, (unsigned char *)&netlen + diff,
+							   noctets )) != noctets ) {				       
+					/*
+					 * The length is in long form and we don't get it in one
+					 * fragment, so stash partial length in the ber element
+					 * for later use
+					 */
+
+					ber->ber_tag_len_read = nbytes + 1;
+					ber->ber_len_contents[0]=lc;					
+					memset(&(ber->ber_len_contents[1]), 0, sizeof(ber_uint_t));
+					SAFEMEMCPY(&(ber->ber_len_contents[1]), (unsigned char *)&netlen + diff, nbytes);
+
+					goto premature_exit;
+                }
+                    *len = LBER_NTOHL( netlen );
+                } else {
+                    *len = lc;
+                }
+		}
+		
+        ber->ber_len = *len;
+		/* length fully decoded */
+		ber->ber_tag_len_read=0;
+		/*
+		 * Finally, malloc a buffer for the contents and read it in.
+		 * It's this buffer that's passed to all the other ber decoding
+		 * routines.
+		 */
+
+#if defined( DOS ) && !defined( _WIN32 )
+		if ( *len > 65535 ) {	/* DOS can't allocate > 64K */
+			goto premature_exit;
+		}
+#endif /* DOS && !_WIN32 */
+
+        if ( (sock != NULL)  &&
+		    ( sock->sb_options & LBER_SOCKBUF_OPT_MAX_INCOMING_SIZE )
+                    && (*len > sock->sb_max_incoming) ) {
+#if !defined( macintosh ) && !defined( DOS )
+                    errno = EMSGSIZE;
+#endif
+                    *Bytes_Scanned = 0;
+                    return( LBER_OVERFLOW );
+        }
+
+		if ( ber->ber_buf + *len > ber->ber_end ) {
+			if ( nslberi_ber_realloc( ber, *len ) != 0 )
+				goto error_exit;
+		}
+		ber->ber_ptr = ber->ber_buf;
+		ber->ber_end = ber->ber_buf + *len;
+		ber->ber_rwptr = ber->ber_buf;
+	}
+
+	toread = (ber_len_t)ber->ber_end - (ber_len_t)ber->ber_rwptr;
+	do {
+		if ( (rc = read_bytes( &sb, (unsigned char *)ber->ber_rwptr,
+		    (ber_int_t)toread )) <= 0 ) {
+			goto premature_exit;
+		}
+
+		toread -= rc;
+		ber->ber_rwptr += rc;
+	} while ( toread > 0 );
+
+	*len = ber->ber_len;
+	*Bytes_Scanned = sb.offset;
+	return( ber->ber_tag );
+
+premature_exit:
+	/*
+	 * we're here because we hit the end of the buffer before seeing
+	 * all of the PDU
+	 */
+	*Bytes_Scanned = sb.offset;
+	return(LBER_DEFAULT);
+
+error_exit:
+	*Bytes_Scanned = 0;
+	return(LBER_DEFAULT);
+}
+
+
+/* The ber_flatten routine allocates a struct berval whose contents
+ * are a BER encoding taken from the ber argument. The bvPtr pointer
+ * points to the returned berval, which must be freed using
+ * ber_bvfree().  This routine returns 0 on success and -1 on error.
+ * The use of ber_flatten on a BerElement in which all '{' and '}'
+ * format modifiers have not been properly matched can result in a
+ * berval whose contents are not a valid BER encoding. 
+ * Note that the ber_ptr is not modified.
+ */
+int
+LDAP_CALL
+ber_flatten( BerElement *ber, struct berval **bvPtr )
+{
+	struct berval *new;
+	ber_len_t len;
+
+	/* allocate a struct berval */
+	if ( (new = (struct berval *)NSLBERI_MALLOC( sizeof(struct berval) ))
+	    == NULL ) {
+		return( -1 );
+	}
+
+	/*
+	 * Copy everything from the BerElement's ber_buf to ber_ptr
+	 * into the berval structure.
+	 */
+	if ( ber == NULL ) {
+	    new->bv_val = NULL;
+	    new->bv_len = 0;
+	} else {
+ 	    len = ber->ber_ptr - ber->ber_buf; 
+	    if ( ( new->bv_val = (char *)NSLBERI_MALLOC( len + 1 )) == NULL ) {
+		    ber_bvfree( new );
+		    return( -1 );
+	    }
+ 	    SAFEMEMCPY( new->bv_val, ber->ber_buf, (size_t)len ); 
+	    new->bv_val[len] = '\0';
+	    new->bv_len = len;
+	}
+
+	/* set bvPtr pointer to point to the returned berval */
+  	*bvPtr = new; 
+
+        return( 0 );
+}
+
+
+/*
+ * The ber_init function constructs and returns a new BerElement
+ * containing a copy of the data in the bv argument.  ber_init
+ * returns the null pointer on error.
+ */
+BerElement *
+LDAP_CALL
+ber_init( const struct berval *bv )
+{
+	BerElement *ber;
+
+	/* construct BerElement */
+	if (( ber = ber_alloc_t( 0 )) != NULLBER ) {
+		/* copy data from the bv argument into BerElement */
+		/* XXXmcs: had to cast unsigned long bv_len to long */
+		if ( (ber_write ( ber, bv->bv_val, bv->bv_len, 0 ))
+		    != (ber_slen_t)bv->bv_len ) {
+			ber_free( ber, 1 );
+			return( NULL );
+		}
+	}
+	
+	/*
+	 * reset ber_ptr back to the beginning of buffer so that this new
+	 * and initialized ber element can be READ
+	 */
+	ber_reset( ber, 1);
+
+	/*
+	 * return a ptr to a new BerElement containing a copy of the data
+	 * in the bv argument or a null pointer on error
+	 */
+	return( ber );
+}
+
+
+/*
+ * memory allocation functions.
+ */
+void *
+nslberi_malloc( size_t size )
+{
+	return( nslberi_memalloc_fns.lbermem_malloc == NULL ?
+	    malloc( size ) :
+	    nslberi_memalloc_fns.lbermem_malloc( size ));
+}
+
+
+void *
+nslberi_calloc( size_t nelem, size_t elsize )
+{
+	return( nslberi_memalloc_fns.lbermem_calloc == NULL ?
+	    calloc(  nelem, elsize ) :
+	    nslberi_memalloc_fns.lbermem_calloc( nelem, elsize ));
+}
+
+
+void *
+nslberi_realloc( void *ptr, size_t size )
+{
+	return( nslberi_memalloc_fns.lbermem_realloc == NULL ?
+	    realloc( ptr, size ) :
+	    nslberi_memalloc_fns.lbermem_realloc( ptr, size ));
+}
+
+
+void
+nslberi_free( void *ptr )
+{
+	if ( nslberi_memalloc_fns.lbermem_free == NULL ) {
+		free( ptr );
+	} else {
+		nslberi_memalloc_fns.lbermem_free( ptr );
+	}
+}
+
+
+/*
+ ******************************************************************************
+ * functions to bridge the gap between new extended I/O functions that are
+ *    installed using ber_sockbuf_set_option( ..., LBER_SOCKBUF_OPT_EXT_IO_FNS,
+ *    ... ).
+ *
+ * the basic strategy is to use the new extended arg to hold a pointer to the
+ *    Sockbuf itself so we can find the old functions and call them.
+ * note that the integer socket s passed in is not used.  we use the sb_sd
+ *    from the Sockbuf itself because it is the correct type.
+ */
+static int
+nslberi_extread_compat( int s, void *buf, int len,
+	struct lextiof_socket_private *arg )
+{
+	Sockbuf	*sb = (Sockbuf *)arg;
+
+	return( sb->sb_io_fns.lbiof_read( sb->sb_sd, buf, len ));
+}
+
+
+static int
+nslberi_extwrite_compat( int s, const void *buf, int len,
+	struct lextiof_socket_private *arg )
+{
+	Sockbuf	*sb = (Sockbuf *)arg;
+
+	return( sb->sb_io_fns.lbiof_write( sb->sb_sd, buf, len ));
+}
+
+
+/*
+ * Install I/O compatiblity functions.  This can't fail.
+ */
+static void
+nslberi_install_compat_io_fns( Sockbuf *sb )
+{
+	sb->sb_ext_io_fns.lbextiofn_size = LBER_X_EXTIO_FNS_SIZE;
+	sb->sb_ext_io_fns.lbextiofn_read = nslberi_extread_compat;
+	sb->sb_ext_io_fns.lbextiofn_write = nslberi_extwrite_compat;
+	sb->sb_ext_io_fns.lbextiofn_writev = NULL;
+	sb->sb_ext_io_fns.lbextiofn_socket_arg = (void *)sb;
+}
+/*
+ * end of compat I/O functions
+ ******************************************************************************
+ */
diff --git a/ldap/c-sdk/liblber/lber-int.h b/ldap/c-sdk/liblber/lber-int.h
new file mode 100644
index 000000000..24b15bdc5
--- /dev/null
+++ b/ldap/c-sdk/liblber/lber-int.h
@@ -0,0 +1,305 @@
+/* ***** BEGIN LICENSE BLOCK *****
+ * Version: MPL 1.1/GPL 2.0/LGPL 2.1
+ * 
+ * The contents of this file are subject to the Mozilla Public License Version 
+ * 1.1 (the "License"); you may not use this file except in compliance with 
+ * the License. You may obtain a copy of the License at 
+ * http://www.mozilla.org/MPL/
+ * 
+ * Software distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+ * for the specific language governing rights and limitations under the
+ * License.
+ * 
+ * The Original Code is Mozilla Communicator client code, released
+ * March 31, 1998.
+ * 
+ * The Initial Developer of the Original Code is
+ * Netscape Communications Corporation.
+ * Portions created by the Initial Developer are Copyright (C) 1998-1999
+ * the Initial Developer. All Rights Reserved.
+ * 
+ * Contributor(s):
+ * 
+ * Alternatively, the contents of this file may be used under the terms of
+ * either of the GNU General Public License Version 2 or later (the "GPL"),
+ * or the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+ * in which case the provisions of the GPL or the LGPL are applicable instead
+ * of those above. If you wish to allow use of your version of this file only
+ * under the terms of either the GPL or the LGPL, and not to allow others to
+ * use your version of this file under the terms of the MPL, indicate your
+ * decision by deleting the provisions above and replace them with the notice
+ * and other provisions required by the GPL or the LGPL. If you do not delete
+ * the provisions above, a recipient may use your version of this file under
+ * the terms of any one of the MPL, the GPL or the LGPL.
+ * 
+ * ***** END LICENSE BLOCK ***** */
+
+/*
+ * Copyright (c) 1990 Regents of the University of Michigan.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms are permitted
+ * provided that this notice is preserved and that due credit is given
+ * to the University of Michigan at Ann Arbor. The name of the University
+ * may not be used to endorse or promote products derived from this
+ * software without specific prior written permission. This software
+ * is provided ``as is'' without express or implied warranty.
+ */
+/* lbet-int.h - internal header file for liblber */
+
+#ifndef _LBERINT_H
+#define _LBERINT_H
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#include <stdio.h>
+#include <ctype.h>
+#include <stdarg.h>
+#include <stdlib.h>
+
+#ifdef macintosh
+# include "ldap-macos.h"
+#else /* macintosh */
+#if !defined(BSDI) && !defined(DARWIN) && !defined(FREEBSD) && !defined(OPENBSD)
+# include <malloc.h>
+#endif
+# include <errno.h>
+# include <sys/types.h>
+#if defined(SUNOS4) || defined(SCOOS)
+# include <sys/time.h>
+#endif
+#if defined( _WINDOWS )
+#  define WIN32_LEAN_AND_MEAN
+#  include <windows.h>
+#  include <basetsd.h>
+#  define ssize_t SSIZE_T
+#  include <time.h>
+/* No stderr in a 16-bit Windows DLL */
+#  if defined(_WINDLL) && !defined(_WIN32)
+#    define USE_DBG_WIN
+#  endif
+# else
+/* #  include <sys/varargs.h> */
+#  include <sys/socket.h>
+#  include <netinet/in.h>
+#if !defined(XP_OS2) && !defined(DARWIN)
+#  include <unistd.h>
+#endif
+# endif /* defined( _WINDOWS ) */
+#endif /* macintosh */
+
+#include <memory.h>
+#include <string.h>
+#include "portable.h"
+
+#ifdef _WINDOWS
+#  if defined(FD_SETSIZE)
+#  else
+#    define FD_SETSIZE 256 /* set it before winsock sets it to 64! */
+#  endif
+#include <winsock.h>
+#include <io.h>
+#endif /* _WINDOWS */
+
+#ifdef XP_OS2
+#include <io.h>
+#endif /* XP_OS2 */
+
+/* No stderr in a 16-bit Windows DLL */
+#if defined(_WINDLL) && !defined(_WIN32)
+#define stderr NULL
+#endif
+
+#include "lber.h"
+
+#ifdef macintosh
+#define NSLDAPI_LBER_SOCKET_IS_PTR
+#endif
+
+#define OLD_LBER_SEQUENCE	0x10	/* w/o constructed bit - broken */
+#define OLD_LBER_SET		0x11	/* w/o constructed bit - broken */
+
+#ifndef _IFP
+#define _IFP
+typedef int (LDAP_C LDAP_CALLBACK *IFP)();
+#endif
+
+typedef struct seqorset {
+  ber_len_t	sos_clen;
+  ber_tag_t	sos_tag;
+  char		*sos_first;
+  char		*sos_ptr;
+  struct seqorset	*sos_next;
+} Seqorset;
+#define NULLSEQORSET	((Seqorset *) 0)
+
+#define SOS_STACK_SIZE 8 /* depth of the pre-allocated sos structure stack */
+
+#define MAX_TAG_SIZE (1 + sizeof(ber_int_t)) /* One byte for the length of the tag */
+#define MAX_LEN_SIZE (1 + sizeof(ber_int_t)) /* One byte for the length of the length */
+#define MAX_VALUE_PREFIX_SIZE (2 + sizeof(ber_int_t)) /* 1 byte for the tag and 1 for the len (msgid) */
+#define BER_ARRAY_QUANTITY 7 /* 0:Tag   1:Length   2:Value-prefix   3:Value   4:Value-suffix  */
+#define BER_STRUCT_TAG 0     /* 5:ControlA   6:ControlB */
+#define BER_STRUCT_LEN 1
+#define BER_STRUCT_PRE 2
+#define BER_STRUCT_VAL 3
+#define BER_STRUCT_SUF 4
+#define BER_STRUCT_CO1 5
+#define BER_STRUCT_CO2 6
+
+struct berelement {
+  ldap_x_iovec  ber_struct[BER_ARRAY_QUANTITY];   /* See above */
+
+  char          ber_tag_contents[MAX_TAG_SIZE];
+  char          ber_len_contents[MAX_LEN_SIZE];
+  char          ber_pre_contents[MAX_VALUE_PREFIX_SIZE];
+  char          ber_suf_contents[MAX_LEN_SIZE+1];
+
+  char      *ber_buf; /* update the value value when writing in case realloc is called */
+  char		*ber_ptr;
+  char		*ber_end;
+  struct seqorset	*ber_sos;
+  ber_len_t ber_tag_len_read;
+  ber_tag_t	ber_tag; /* Remove me someday */
+  ber_len_t	ber_len; /* Remove me someday */
+  int		ber_usertag;
+  char		ber_options;
+  char		*ber_rwptr;
+  BERTranslateProc ber_encode_translate_proc;
+  BERTranslateProc ber_decode_translate_proc;
+  int		ber_flags;
+#define LBER_FLAG_NO_FREE_BUFFER	1	/* don't free ber_buf */
+  unsigned  int ber_buf_reallocs;		/* realloc counter */
+  int		ber_sos_stack_posn;
+  Seqorset	ber_sos_stack[SOS_STACK_SIZE];
+};
+
+#define BER_CONTENTS_STRUCT_SIZE (sizeof(ldap_x_iovec) * BER_ARRAY_QUANTITY)
+
+#define NULLBER	((BerElement *)NULL)
+
+#ifdef LDAP_DEBUG
+void ber_dump( BerElement *ber, int inout );
+#endif
+
+
+
+/*
+ * structure for read/write I/O callback functions.
+ */
+struct nslberi_io_fns {
+    LDAP_IOF_READ_CALLBACK	*lbiof_read;
+    LDAP_IOF_WRITE_CALLBACK	*lbiof_write;
+};
+
+
+/*
+ * Old  structure for use with LBER_SOCKBUF_OPT_EXT_IO_FNS:
+ */
+struct lber_x_ext_io_fns_rev0 {
+	    /* lbextiofn_size should always be set to LBER_X_EXTIO_FNS_SIZE */
+	int				lbextiofn_size;
+	LDAP_X_EXTIOF_READ_CALLBACK	*lbextiofn_read;
+	LDAP_X_EXTIOF_WRITE_CALLBACK	*lbextiofn_write;
+	struct lextiof_socket_private	*lbextiofn_socket_arg;
+};
+#define LBER_X_EXTIO_FNS_SIZE_REV0    sizeof(struct lber_x_ext_io_fns_rev0)
+
+
+
+struct sockbuf {
+	LBER_SOCKET	sb_sd;
+	BerElement	sb_ber;
+	int		sb_naddr;	/* > 0 implies using CLDAP (UDP) */
+	void		*sb_useaddr;	/* pointer to sockaddr to use next */
+	void		*sb_fromaddr;	/* pointer to message source sockaddr */
+	void		**sb_addrs;	/* actually an array of pointers to
+					   sockaddrs */
+
+	int		sb_options;	/* to support copying ber elements */
+	LBER_SOCKET	sb_copyfd;	/* for LBER_SOCKBUF_OPT_TO_FILE* opts */
+	ber_len_t	sb_max_incoming;
+	ber_tag_t   sb_valid_tag;	/* valid tag to accept */
+	struct nslberi_io_fns
+			sb_io_fns;	/* classic I/O callback functions */
+
+	struct lber_x_ext_io_fns
+			sb_ext_io_fns;	/* extended I/O callback functions */
+};
+#define NULLSOCKBUF	((Sockbuf *)NULL)
+
+/* needed by libldap, even in non-DEBUG builds */
+void ber_err_print( char *data );
+
+#ifndef NSLBERI_LBER_INT_FRIEND
+/*
+ * Everything from this point on is excluded if NSLBERI_LBER_INT_FRIEND is
+ * defined.  The code under ../libraries/libldap defines this.
+ */
+
+#define READBUFSIZ	8192
+
+/*
+ * macros used to check validity of data structures and parameters
+ */
+#define NSLBERI_VALID_BERELEMENT_POINTER( ber ) \
+	( (ber) != NULLBER )
+
+#define NSLBERI_VALID_SOCKBUF_POINTER( sb ) \
+	( (sb) != NULLSOCKBUF )
+
+#define LBER_HTONL( l )	htonl( l )
+#define LBER_NTOHL( l )	ntohl( l )
+
+/* function prototypes */
+#ifdef LDAP_DEBUG
+void lber_bprint( char *data, int len );
+#endif
+void ber_err_print( char *data );
+void *nslberi_malloc( size_t size );
+void *nslberi_calloc( size_t nelem, size_t elsize );
+void *nslberi_realloc( void *ptr, size_t size );
+void nslberi_free( void *ptr );
+int nslberi_ber_realloc( BerElement *ber, ber_len_t len );
+
+/* blame: dboreham 
+ * slapd spends much of its time doing memcpy's for the ber code.
+ * Most of these are single-byte, so we special-case those and speed
+ * things up considerably. 
+ */
+
+#ifdef sunos4
+#define THEMEMCPY( d, s, n )	bcopy( s, d, n )
+#else /* sunos4 */
+#define THEMEMCPY( d, s, n )	memmove( d, s, n )
+#endif /* sunos4 */
+
+#ifdef SAFEMEMCPY
+#undef SAFEMEMCPY
+#define SAFEMEMCPY(d,s,n) if (1 == n) *((char*)d) = *((char*)s); else THEMEMCPY(d,s,n);
+#endif
+
+/*
+ * Memory allocation done in liblber should all go through one of the
+ * following macros. This is so we can plug-in alternative memory
+ * allocators, etc. as the need arises.
+ */
+#define NSLBERI_MALLOC( size )		nslberi_malloc( size )
+#define NSLBERI_CALLOC( nelem, elsize )	nslberi_calloc( nelem, elsize )
+#define NSLBERI_REALLOC( ptr, size )	nslberi_realloc( ptr, size )
+#define NSLBERI_FREE( ptr )		nslberi_free( ptr )
+
+/* allow the library to access the debug variable */
+
+extern int lber_debug;
+
+#endif /* !NSLBERI_LBER_INT_FRIEND */
+
+
+#ifdef __cplusplus
+}
+#endif
+#endif /* _LBERINT_H */
diff --git a/ldap/c-sdk/liblber/moz.build b/ldap/c-sdk/liblber/moz.build
new file mode 100644
index 000000000..d2adf23bf
--- /dev/null
+++ b/ldap/c-sdk/liblber/moz.build
@@ -0,0 +1,23 @@
+# vim: set filetype=python:
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+include('../common.mozbuild')
+
+Library('lber60')
+
+SOURCES += [
+    'bprint.c',
+    'decode.c',
+    'encode.c',
+    'io.c',
+]
+
+DEFINES['USE_WAITPID'] = True
+DEFINES['NEEDPROTOS'] = True
+
+LOCAL_INCLUDES += [
+    '../include'
+]
+