queue implicit binds (ITS#4409)

[openldap] / servers / slapd / back-ldap / chain.c

diff --git a/servers/slapd/back-ldap/chain.c b/servers/slapd/back-ldap/chain.c
index e5e408904a3fd491dc60a02df65abd36ace0d9a4..ddcc2a231cbf2280687ff8e0dc1940c51d610d51 100644 (file)
--- a/servers/slapd/back-ldap/chain.c
+++ b/servers/slapd/back-ldap/chain.c
@@ -2,7 +2,7 @@
 /* $OpenLDAP$ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2003-2005 The OpenLDAP Foundation.
+ * Copyright 2003-2006 The OpenLDAP Foundation.
  * Portions Copyright 2003 Howard Chu.
  * All rights reserved.
  *
@@ -78,7 +78,7 @@ typedef struct ldap_chain_t {
         * the tree?  Should be all configurable.
         */
 
-       /* "common" configuration info (all occurring before an "uri") */
+       /* "common" configuration info (anything occurring before an "uri") */
        ldapinfo_t              *lc_common_li;
 
        /* current configuration info */
@@ -748,7 +748,16 @@ cleanup:;
                        }
                        
                } else {
-                       rc = ldap_chain_op( op, rs, lback->bi_op_search, ref );
+                       /* we might get here before any database actually 
+                        * performed a search; in those cases, we need
+                        * to check limits, to make sure safe defaults
+                        * are in place */
+                       if ( op->ors_limit != NULL || limits_check( op, rs ) == 0 ) {
+                               rc = ldap_chain_op( op, rs, lback->bi_op_search, ref );
+
+                       } else {
+                               rc = SLAP_CB_CONTINUE;
+                       }
                }
                break;
 
@@ -875,9 +884,9 @@ static ConfigTable chaincfg[] = {
                        "DESC 'Chaining behavior control parameters (draft-sermersheim-ldap-chaining)' "
                        "SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
 #endif /* LDAP_CONTROL_X_CHAINING_BEHAVIOR */
-       { "chain-cache-uris", "TRUE/FALSE",
+       { "chain-cache-uri", "TRUE/FALSE",
                2, 2, 0, ARG_MAGIC|ARG_ON_OFF|CH_CACHE_URI, chain_cf_gen,
-               "( OLcfgOvAt:3.2 NAME 'olcCacheURIs' "
+               "( OLcfgOvAt:3.2 NAME 'olcCacheURI' "
                        "DESC 'Enables caching of URIs not present in configuration' "
                        "SYNTAX OMsBoolean SINGLE-VALUE )", NULL, NULL },
        { NULL, NULL, 0, 0, 0, ARG_IGNORED }
@@ -890,9 +899,9 @@ static ConfigOCs chainocs[] = {
                "SUP olcOverlayConfig "
                "MAY ( "
 #ifdef LDAP_CONTROL_X_CHAINING_BEHAVIOR
-                       "olcChainingBehavior "
+                       "olcChainingBehavior $ "
 #endif /* LDAP_CONTROL_X_CHAINING_BEHAVIOR */
-                       "$ olcCacheURIs "
+                       "olcCacheURI "
                        ") )",
                Cft_Overlay, chaincfg, NULL, chain_cfadd },
        { "( OLcfgOvOc:3.2 "
@@ -1316,11 +1325,44 @@ ldap_chain_db_config(
                BackendInfo     *bd_info = be->bd_info;
                void            *be_private = be->be_private;
                ConfigOCs       *be_cf_ocs = be->be_cf_ocs;
-               int             is_uri = 0;
+               static char     *allowed_argv[] = {
+                       /* special: put URI here, so in the meanwhile
+                        * it detects whether a new URI is being provided */
+                       "uri",
+                       "nretries",
+                       "timeout",
+                       /* flags */
+                       "tls",
+                       /* FIXME: maybe rebind-as-user should be allowed
+                        * only within known URIs... */
+                       "rebind-as-user",
+                       "chase-referrals",
+                       "t-f-support",
+                       "proxy-whoami",
+                       NULL
+               };
+               int             which_argv = -1;
 
                argv[ 0 ] += STRLENOF( "chain-" );
 
-               if ( strcasecmp( argv[ 0 ], "uri" ) == 0 ) {
+               for ( which_argv = 0; allowed_argv[ which_argv ]; which_argv++ ) {
+                       if ( strcasecmp( argv[ 0 ], allowed_argv[ which_argv ] ) == 0 ) {
+                               break;
+                       }
+               }
+
+               if ( allowed_argv[ which_argv ] == NULL ) {
+                       which_argv = -1;
+
+                       if ( lc->lc_cfg_li == lc->lc_common_li ) {
+                               Debug( LDAP_DEBUG_ANY, "%s: line %d: "
+                                       "\"%s\" only allowed within a URI directive.\n.",
+                                       fname, lineno, argv[ 0 ] );
+                               return 1;
+                       }
+               }
+
+               if ( which_argv == 0 ) {
                        rc = ldap_chain_db_init_one( be );
                        if ( rc != 0 ) {
                                Debug( LDAP_DEBUG_ANY, "%s: line %d: "
@@ -1329,7 +1371,6 @@ ldap_chain_db_config(
                                return 1;
                        }
                        lc->lc_cfg_li = be->be_private;
-                       is_uri = 1;
                }
 
                /* TODO: add checks on what other slapd-ldap(5) args
@@ -1350,7 +1391,7 @@ ldap_chain_db_config(
                be->be_private = be_private;
                be->bd_info = bd_info;
 
-               if ( is_uri ) {
+               if ( which_argv == 0 ) {
 private_destroy:;
                        if ( rc != 0 ) {
                                BackendDB               db = *be;
@@ -1459,6 +1500,9 @@ static int
 ldap_chain_db_open(
        BackendDB       *be )
 {
+       slap_overinst   *on = (slap_overinst *) be->bd_info;
+       ldap_chain_t    *lc = (ldap_chain_t *)on->on_bi.bi_private;
+
 #ifdef LDAP_CONTROL_X_CHAINING_BEHAVIOR
        int     rc = 0;
 
@@ -1468,6 +1512,13 @@ ldap_chain_db_open(
        }
 #endif /* LDAP_CONTROL_X_CHAINING_BEHAVIOR */
 
+       if ( lc->lc_common_li == NULL ) {
+               void    *be_private = be->be_private;
+               ldap_chain_db_init_common( be );
+               lc->lc_common_li = lc->lc_cfg_li = (ldapinfo_t *)be->be_private;
+               be->be_private = be_private;
+       }
+
        return ldap_chain_db_func( be, db_open );
 }
 
@@ -1730,7 +1781,7 @@ ldap_chain_parse_ctrl(
 static slap_overinst ldapchain;
 
 int
-chain_init( void )
+chain_initialize( void )
 {
        int     rc;