/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2003-2008 The OpenLDAP Foundation.
+ * Copyright 2003-2009 The OpenLDAP Foundation.
* Portions Copyright 1999-2003 Howard Chu.
* Portions Copyright 2000-2003 Pierangelo Masarati.
* All rights reserved.
LDAP_BACK_CFG_CANCEL,
LDAP_BACK_CFG_QUARANTINE,
LDAP_BACK_CFG_ST_REQUEST,
+ LDAP_BACK_CFG_NOREFS,
+ LDAP_BACK_CFG_NOUNDEFFILTER,
+
LDAP_BACK_CFG_REWRITE,
LDAP_BACK_CFG_LAST
"SINGLE-VALUE )",
NULL, NULL },
#endif /* SLAP_CONTROL_X_SESSION_TRACKING */
+ { "norefs", "true|FALSE", 2, 2, 0,
+ ARG_MAGIC|ARG_ON_OFF|LDAP_BACK_CFG_NOREFS,
+ ldap_back_cf_gen, "( OLcfgDbAt:3.25 "
+ "NAME 'olcDbNoRefs' "
+ "DESC 'Do not return search reference responses' "
+ "SYNTAX OMsBoolean "
+ "SINGLE-VALUE )",
+ NULL, NULL },
+ { "noundeffilter", "true|FALSE", 2, 2, 0,
+ ARG_MAGIC|ARG_ON_OFF|LDAP_BACK_CFG_NOUNDEFFILTER,
+ ldap_back_cf_gen, "( OLcfgDbAt:3.26 "
+ "NAME 'olcDbNoUndefFilter' "
+ "DESC 'Do not propagate undefined search filters' "
+ "SYNTAX OMsBoolean "
+ "SINGLE-VALUE )",
+ NULL, NULL },
{ "suffixmassage", "[virtual]> <real", 2, 3, 0,
ARG_STRING|ARG_MAGIC|LDAP_BACK_CFG_REWRITE,
ldap_back_cf_gen, NULL, NULL, NULL },
"$ olcDbProxyWhoAmI "
"$ olcDbTimeout "
"$ olcDbIdleTimeout "
+ "$ olcDbConnTtl "
+ "$ olcDbNetworkTimeout "
+ "$ olcDbProtocolVersion "
"$ olcDbSingleConn "
"$ olcDbCancel "
"$ olcDbQuarantine "
"$ olcDbUseTemporaryConn "
"$ olcDbConnectionPoolMax "
+#ifdef SLAP_CONTROL_X_SESSION_TRACKING
+ "$ olcDbSessionTrackingRequest "
+#endif /* SLAP_CONTROL_X_SESSION_TRACKING */
+ "$ olcDbNoRefs "
+ "$ olcDbNoUndefFilter "
") )",
Cft_Database, ldapcfg},
{ NULL, 0, NULL }
slap_retry_info_t *ri,
struct berval *bvout )
{
- int i;
char buf[ BUFSIZ * 2 ],
*ptr = buf;
- struct berval bv = BER_BVNULL;
+ int i, len, restlen = (int) sizeof( buf );
+ struct berval bv;
assert( ri != NULL );
assert( bvout != NULL );
BER_BVZERO( bvout );
-#define WHATSLEFT ( sizeof( buf ) - ( ptr - buf ) )
-
for ( i = 0; ri->ri_num[ i ] != SLAP_RETRYNUM_TAIL; i++ ) {
if ( i > 0 ) {
- if ( WHATSLEFT <= 1 ) {
+ if ( --restlen <= 0 ) {
return 1;
}
*ptr++ = ';';
}
- if ( lutil_unparse_time( ptr, WHATSLEFT, (long)ri->ri_interval[i] ) ) {
+ if ( lutil_unparse_time( ptr, restlen, ri->ri_interval[i] ) < 0 ) {
return 1;
}
- ptr += strlen( ptr );
-
- if ( WHATSLEFT <= 1 ) {
+ len = (int) strlen( ptr );
+ if ( (restlen -= len + 1) <= 0 ) {
return 1;
}
+ ptr += len;
*ptr++ = ',';
if ( ri->ri_num[i] == SLAP_RETRYNUM_FOREVER ) {
- if ( WHATSLEFT <= 1 ) {
+ if ( --restlen <= 0 ) {
return 1;
}
*ptr++ = '+';
} else {
- ptr += snprintf( ptr, WHATSLEFT, "%d", ri->ri_num[i] );
- if ( WHATSLEFT <= 0 ) {
+ len = snprintf( ptr, restlen, "%d", ri->ri_num[i] );
+ if ( (restlen -= len) <= 0 || len < 0 ) {
return 1;
}
+ ptr += len;
}
}
bv.bv_val = buf;
bv.bv_len = ptr - buf;
-
ber_dupbv( bvout, &bv );
return 0;
}
} else if ( bindconf_parse( c->argv[ i ], &si->si_bc ) ) {
+ snprintf( c->cr_msg, sizeof( c->cr_msg ),
+ "\"idassert-bind <args>\": "
+ "unable to parse field \"%s\"",
+ c->argv[ i ] );
+ Debug( LDAP_DEBUG_ANY, "%s: %s.\n", c->log, c->cr_msg, 0 );
+ return 1;
+ }
+ }
+
+ if ( si->si_bc.sb_method == LDAP_AUTH_SIMPLE ) {
+ if ( BER_BVISNULL( &si->si_bc.sb_binddn )
+ || BER_BVISNULL( &si->si_bc.sb_cred ) )
+ {
+ snprintf( c->cr_msg, sizeof( c->cr_msg ),
+ "\"idassert-bind <args>\": "
+ "SIMPLE needs \"binddn\" and \"credentials\"" );
+ Debug( LDAP_DEBUG_ANY, "%s: %s.\n", c->log, c->cr_msg, 0 );
return 1;
}
}
+
bindconf_tls_defaults( &si->si_bc );
return 0;
break;
#endif /* SLAP_CONTROL_X_SESSION_TRACKING */
+ case LDAP_BACK_CFG_NOREFS:
+ c->value_int = LDAP_BACK_NOREFS( li );
+ break;
+
+ case LDAP_BACK_CFG_NOUNDEFFILTER:
+ c->value_int = LDAP_BACK_NOUNDEFFILTER( li );
+ break;
+
default:
/* FIXME: we need to handle all... */
assert( 0 );
break;
#endif /* SLAP_CONTROL_X_SESSION_TRACKING */
+ case LDAP_BACK_CFG_NOREFS:
+ li->li_flags &= ~LDAP_BACK_F_NOREFS;
+ break;
+
+ case LDAP_BACK_CFG_NOUNDEFFILTER:
+ li->li_flags &= ~LDAP_BACK_F_NOUNDEFFILTER;
+ break;
+
default:
/* FIXME: we need to handle all... */
assert( 0 );
break;
#endif /* SLAP_CONTROL_X_SESSION_TRACKING */
+ case LDAP_BACK_CFG_NOREFS:
+ if ( c->value_int ) {
+ li->li_flags |= LDAP_BACK_F_NOREFS;
+
+ } else {
+ li->li_flags &= ~LDAP_BACK_F_NOREFS;
+ }
+ break;
+
+ case LDAP_BACK_CFG_NOUNDEFFILTER:
+ if ( c->value_int ) {
+ li->li_flags |= LDAP_BACK_F_NOUNDEFFILTER;
+
+ } else {
+ li->li_flags &= ~LDAP_BACK_F_NOUNDEFFILTER;
+ }
+ break;
+
case LDAP_BACK_CFG_REWRITE:
snprintf( c->cr_msg, sizeof( c->cr_msg ),
"rewrite/remap capabilities have been moved "
retry:
rs->sr_err = ldap_whoami( lc->lc_ld, ctrls, NULL, &msgid );
if ( rs->sr_err == LDAP_SUCCESS ) {
- if ( ldap_result( lc->lc_ld, msgid, LDAP_MSG_ALL, NULL, &res ) == -1 ) {
+ /* by now, make sure no timeout is used (ITS#6282) */
+ struct timeval tv;
+ tv.tv_sec = -1;
+ if ( ldap_result( lc->lc_ld, msgid, LDAP_MSG_ALL, &tv, &res ) == -1 ) {
ldap_get_option( lc->lc_ld, LDAP_OPT_ERROR_NUMBER,
&rs->sr_err );
if ( rs->sr_err == LDAP_SERVER_DOWN && doretry ) {
projects / openldap / blobdiff