ITS#3842 from jtownsend@opendarwin.org - don't free slap_listeners until

[openldap] / servers / slapd / back-ldap / config.c

diff --git a/servers/slapd/back-ldap/config.c b/servers/slapd/back-ldap/config.c
index fc0102b1a924fee34094765d65edd35259df362a..16e1cd0a5c3674f57cedfba9ed86ac6d2db742f9 100644 (file)
--- a/servers/slapd/back-ldap/config.c
+++ b/servers/slapd/back-ldap/config.c
@@ -362,6 +362,9 @@ ldap_back_cf_gen( ConfigArgs *c )
                        char            *ptr;
 
                        if ( li->idassert_authmethod != LDAP_AUTH_NONE ) {
+                               ber_len_t       len = bv.bv_len
+                                       + STRLENOF( "flags=override,non-prescriptive" );
+
                                switch ( li->idassert_mode ) {
                                case LDAP_BACK_IDASSERT_OTHERID:
                                case LDAP_BACK_IDASSERT_OTHERDN:
@@ -405,26 +408,34 @@ ldap_back_cf_gen( ConfigArgs *c )
                                        (void)lutil_strcopy( ptr, "authz=native" );
                                }
 
-                               if ( li->idassert_flags & LDAP_BACK_AUTH_OVERRIDE ) {
-                                       ber_len_t       len = bv.bv_len + STRLENOF( "flags=override" );
+                               /* flags */
+                               if ( !BER_BVISEMPTY( &bv ) ) {
+                                       len += STRLENOF( " " );
+                               }
 
-                                       if ( !BER_BVISEMPTY( &bv ) ) {
-                                               len += STRLENOF( " " );
-                                       }
+                               bv.bv_val = ch_realloc( bv.bv_val, len + 1 );
 
-                                       bv.bv_val = ch_realloc( bv.bv_val, len + 1 );
+                               ptr = &bv.bv_val[ bv.bv_len ];
 
-                                       ptr = bv.bv_val + bv.bv_len;
+                               if ( !BER_BVISEMPTY( &bv ) ) {
+                                       ptr = lutil_strcopy( ptr, " " );
+                               }
 
-                                       if ( !BER_BVISEMPTY( &bv ) ) {
-                                               ptr = lutil_strcopy( ptr, " " );
-                                       }
+                               ptr = lutil_strcopy( ptr, "flags=" );
 
-                                       (void)lutil_strcopy( ptr, "flags=override" );
+                               if ( li->idassert_flags & LDAP_BACK_AUTH_PRESCRIPTIVE ) {
+                                       ptr = lutil_strcopy( ptr, "prescriptive" );
+                               } else {
+                                       ptr = lutil_strcopy( ptr, "non-prescriptive" );
                                }
-                       }
 
+                               if ( li->idassert_flags & LDAP_BACK_AUTH_OVERRIDE ) {
+                                       ptr = lutil_strcopy( ptr, ",override" );
+                               }
 
+                               bv.bv_len = ( ptr - bv.bv_val );
+                               /* end-of-flags */
+                       }
 
                        bindconf_unparse( &li->idassert_sb, &bc );
 
@@ -529,6 +540,7 @@ ldap_back_cf_gen( ConfigArgs *c )
                        /* NOTE: don't worry about locking: if we got here,
                         * other threads are suspended. */
                        avl_free( li->conntree, ldap_back_conn_free );
+                       li->conntree = NULL;
                        
                        break;
 
@@ -823,6 +835,12 @@ ldap_back_cf_gen( ConfigArgs *c )
                                if ( strcasecmp( c->argv[ i ], "override" ) == 0 ) {
                                        li->idassert_flags |= LDAP_BACK_AUTH_OVERRIDE;
 
+                               } else if ( strcasecmp( c->argv[ i ], "prescriptive" ) == 0 ) {
+                                       li->idassert_flags |= LDAP_BACK_AUTH_PRESCRIPTIVE;
+
+                               } else if ( strcasecmp( c->argv[ i ], "non-prescriptive" ) == 0 ) {
+                                       li->idassert_flags &= ( ~LDAP_BACK_AUTH_PRESCRIPTIVE );
+
                                } else {
                                        Debug( LDAP_DEBUG_ANY,
                                                "%s: line %d: unknown flag #%d "
@@ -950,6 +968,12 @@ ldap_back_cf_gen( ConfigArgs *c )
                                        if ( strcasecmp( flags[ j ], "override" ) == 0 ) {
                                                li->idassert_flags |= LDAP_BACK_AUTH_OVERRIDE;
 
+                                       } else if ( strcasecmp( flags[ j ], "prescriptive" ) == 0 ) {
+                                               li->idassert_flags |= LDAP_BACK_AUTH_PRESCRIPTIVE;
+
+                                       } else if ( strcasecmp( flags[ j ], "non-prescriptive" ) == 0 ) {
+                                               li->idassert_flags &= ( ~LDAP_BACK_AUTH_PRESCRIPTIVE );
+
                                        } else {
                                                fprintf( stderr, "%s: %d: "
                                                        "\"idassert-bind <args>\": "
@@ -1572,6 +1596,11 @@ retry:
                if (rs->sr_err != LDAP_SUCCESS) {
                        rs->sr_err = slap_map_api2result( rs );
                }
+
+               if ( lc != NULL ) {
+                       ldap_back_release_conn( &op2, rs, lc );
+               }
+
        } else {
        /* else just do the same as before */
                bv = (struct berval *) ch_malloc( sizeof(struct berval) );