/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2003-2005 The OpenLDAP Foundation.
+ * Copyright 2003-2006 The OpenLDAP Foundation.
* Portions Copyright 1999-2003 Howard Chu.
* Portions Copyright 2000-2003 Pierangelo Masarati.
* All rights reserved.
LDAP_BACK_CFG_T_F,
LDAP_BACK_CFG_WHOAMI,
LDAP_BACK_CFG_TIMEOUT,
+ LDAP_BACK_CFG_IDLE_TIMEOUT,
LDAP_BACK_CFG_REWRITE,
LDAP_BACK_CFG_LAST
"SYNTAX OMsDirectoryString "
"SINGLE-VALUE )",
NULL, NULL },
+ { "idle-timeout", "timeout", 2, 0, 0,
+ ARG_MAGIC|LDAP_BACK_CFG_IDLE_TIMEOUT,
+ ldap_back_cf_gen, "( OLcfgDbAt:3.15 "
+ "NAME 'olcDbIdleTimeout' "
+ "DESC 'connection idle timeout' "
+ "SYNTAX OMsDirectoryString "
+ "SINGLE-VALUE )",
+ NULL, NULL },
{ "suffixmassage", "[virtual]> <real", 2, 3, 0,
ARG_STRING|ARG_MAGIC|LDAP_BACK_CFG_REWRITE,
ldap_back_cf_gen, NULL, NULL, NULL },
"$ olcDbTFSupport "
"$ olcDbProxyWhoAmI "
"$ olcDbTimeout "
+ "$ olcDbIdleTimeout "
") )",
Cft_Database, ldapcfg},
{ NULL, 0, NULL }
case LDAP_BACK_CFG_TLS:
enum_to_verb( tls_mode, ( li->li_flags & LDAP_BACK_F_TLS_MASK ), &bv );
- if ( BER_BVISNULL( &bv ) ) {
- /* there's something wrong... */
- assert( 0 );
- rc = 1;
-
- } else {
- value_add_one( &c->rvalue_vals, &bv );
- }
+ assert( !BER_BVISNULL( &bv ) );
+ value_add_one( &c->rvalue_vals, &bv );
break;
case LDAP_BACK_CFG_ACL_AUTHCDN:
case LDAP_BACK_CFG_ACL_BIND: {
int i;
+ if ( li->li_acl_authmethod == LDAP_AUTH_NONE ) {
+ return 1;
+ }
+
bindconf_unparse( &li->li_acl, &bv );
for ( i = 0; isspace( bv.bv_val[ i ] ); i++ )
struct berval bc = BER_BVNULL;
char *ptr;
+ if ( li->li_idassert_authmethod == LDAP_AUTH_NONE ) {
+ return 1;
+ }
+
if ( li->li_idassert_authmethod != LDAP_AUTH_NONE ) {
ber_len_t len;
case LDAP_BACK_CFG_TIMEOUT:
BER_BVZERO( &bv );
+ for ( i = 0; i < LDAP_BACK_OP_LAST; i++ ) {
+ if ( li->li_timeout[ i ] != 0 ) {
+ break;
+ }
+ }
+
+ if ( i == LDAP_BACK_OP_LAST ) {
+ return 1;
+ }
+
slap_cf_aux_table_unparse( li->li_timeout, &bv, timeout_table );
- if ( !BER_BVISNULL( &bv ) ) {
- for ( i = 0; isspace( bv.bv_val[ i ] ); i++ )
- /* count spaces */ ;
+ if ( BER_BVISNULL( &bv ) ) {
+ return 1;
+ }
- if ( i ) {
- bv.bv_len -= i;
- AC_MEMCPY( bv.bv_val, &bv.bv_val[ i ],
- bv.bv_len + 1 );
- }
+ for ( i = 0; isspace( bv.bv_val[ i ] ); i++ )
+ /* count spaces */ ;
- ber_bvarray_add( &c->rvalue_vals, &bv );
+ if ( i ) {
+ bv.bv_len -= i;
+ AC_MEMCPY( bv.bv_val, &bv.bv_val[ i ],
+ bv.bv_len + 1 );
}
+
+ ber_bvarray_add( &c->rvalue_vals, &bv );
break;
+ case LDAP_BACK_CFG_IDLE_TIMEOUT: {
+ char buf[ SLAP_TEXT_BUFLEN ];
+
+ if ( li->li_idle_timeout == 0 ) {
+ return 1;
+ }
+
+ lutil_unparse_time( buf, sizeof( buf ), li->li_idle_timeout );
+ ber_str2bv( buf, 0, 0, &bv );
+ value_add_one( &c->rvalue_vals, &bv );
+ } break;
+
default:
/* FIXME: we need to handle all... */
assert( 0 );
}
break;
+ case LDAP_BACK_CFG_IDLE_TIMEOUT:
+ li->li_idle_timeout = 0;
+ break;
+
default:
/* FIXME: we need to handle all... */
assert( 0 );
char **urllist = NULL;
int urlrc = LDAP_URL_SUCCESS, i;
- if ( c->argc != 2 ) {
- fprintf( stderr, "%s: line %d: "
- "missing uri "
- "in \"uri <uri>\" line\n",
- c->fname, c->lineno );
- return 1;
- }
-
if ( li->li_uri != NULL ) {
ch_free( li->li_uri );
li->li_uri = NULL;
why = "unknown reason";
break;
}
- fprintf( stderr, "%s: line %d: "
+ snprintf( c->msg, sizeof( c->msg),
"unable to parse uri \"%s\" "
- "in \"uri <uri>\" line: %s\n",
- c->fname, c->lineno, c->value_string, why );
+ "in \"uri <uri>\" line: %s",
+ c->value_string, why );
+ Debug( LDAP_DEBUG_ANY, "%s: %s.\n", c->log, c->msg, 0 );
urlrc = 1;
goto done_url;
}
|| tmpludp->lud_filter != NULL
|| tmpludp->lud_exts != NULL )
{
- fprintf( stderr, "%s: line %d: "
+ snprintf( c->msg, sizeof( c->msg ),
"warning, only protocol, "
"host and port allowed "
"in \"uri <uri>\" statement "
- "for uri #%d of \"%s\"\n",
- c->fname, c->lineno, i, c->value_string );
+ "for uri #%d of \"%s\"",
+ i, c->value_string );
+ Debug( LDAP_DEBUG_ANY, "%s: %s.\n", c->log, c->msg, 0 );
}
}
urllist[ i ] = ldap_url_desc2str( &tmplud );
if ( urllist[ i ] == NULL ) {
- fprintf( stderr, "%s: line %d: "
+ snprintf( c->msg, sizeof( c->msg),
"unable to rebuild uri "
"in \"uri <uri>\" statement "
- "for \"%s\"\n",
- c->fname, c->lineno, c->argv[ 1 ] );
+ "for \"%s\"",
+ c->argv[ 1 ] );
+ Debug( LDAP_DEBUG_ANY, "%s: %s.\n", c->log, c->msg, 0 );
urlrc = 1;
goto done_url;
}
break;
default:
- fprintf( stderr, "%s: line %d: "
+ snprintf( c->msg, sizeof( c->msg),
"\"acl-authcDN <DN>\" incompatible "
- "with auth method %d.",
- c->fname, c->lineno, li->li_acl_authmethod );
+ "with auth method %d",
+ li->li_acl_authmethod );
+ Debug( LDAP_DEBUG_ANY, "%s: %s.\n", c->log, c->msg, 0 );
return 1;
}
if ( !BER_BVISNULL( &li->li_acl_authcDN ) ) {
break;
default:
- fprintf( stderr, "%s: line %d: "
+ snprintf( c->msg, sizeof( c->msg ),
"\"acl-passwd <cred>\" incompatible "
- "with auth method %d.",
- c->fname, c->lineno, li->li_acl_authmethod );
+ "with auth method %d",
+ li->li_acl_authmethod );
+ Debug( LDAP_DEBUG_ANY, "%s: %s.\n", c->log, c->msg, 0 );
return 1;
}
if ( !BER_BVISNULL( &li->li_acl_passwd ) ) {
break;
default:
- fprintf( stderr, "%s: line %d: "
+ snprintf( c->msg, sizeof( c->msg ),
"\"idassert-authcDN <DN>\" incompatible "
- "with auth method %d.",
- c->fname, c->lineno, li->li_idassert_authmethod );
+ "with auth method %d",
+ li->li_idassert_authmethod );
+ Debug( LDAP_DEBUG_ANY, "%s: %s.\n", c->log, c->msg, 0 );
return 1;
}
if ( !BER_BVISNULL( &li->li_idassert_authcDN ) ) {
break;
default:
- fprintf( stderr, "%s: line %d: "
+ snprintf( c->msg, sizeof( c->msg ),
"\"idassert-passwd <cred>\" incompatible "
- "with auth method %d.",
- c->fname, c->lineno, li->li_idassert_authmethod );
+ "with auth method %d",
+ li->li_idassert_authmethod );
+ Debug( LDAP_DEBUG_ANY, "%s: %s.\n", c->log, c->msg, 0 );
return 1;
}
if ( !BER_BVISNULL( &li->li_idassert_passwd ) ) {
ber_str2bv( c->argv[ 1 ], 0, 0, &in );
rc = authzNormalize( 0, NULL, NULL, &in, &bv, NULL );
if ( rc != LDAP_SUCCESS ) {
- fprintf( stderr, "%s: %d: "
+ snprintf( c->msg, sizeof( c->msg ),
"\"idassert-authzFrom <authz>\": "
- "invalid syntax.\n",
- c->fname, c->lineno );
+ "invalid syntax" );
+ Debug( LDAP_DEBUG_ANY, "%s: %s.\n", c->log, c->msg, 0 );
return 1;
}
#else /* !SLAP_AUTHZ_SYNTAX */
case LDAP_BACK_CFG_IDASSERT_METHOD:
/* no longer supported */
- fprintf( stderr, "%s: %d: "
+ snprintf( c->msg, sizeof( c->msg ),
"\"idassert-method <args>\": "
- "no longer supported; use \"idassert-bind\".\n",
- c->fname, c->lineno );
+ "no longer supported; use \"idassert-bind\"" );
+ Debug( LDAP_DEBUG_ANY, "%s: %s.\n", c->log, c->msg, 0 );
return 1;
case LDAP_BACK_CFG_IDASSERT_BIND:
j = verb_to_mask( argvi, idassert_mode );
if ( BER_BVISNULL( &idassert_mode[ j ].word ) ) {
- fprintf( stderr, "%s: %d: "
+ snprintf( c->msg, sizeof( c->msg ),
"\"idassert-bind <args>\": "
- "unknown mode \"%s\".\n",
- c->fname, c->lineno, argvi );
+ "unknown mode \"%s\"",
+ argvi );
+ Debug( LDAP_DEBUG_ANY, "%s: %s.\n", c->log, c->msg, 0 );
return 1;
}
if ( strcasecmp( argvi, "native" ) == 0 ) {
if ( li->li_idassert_authmethod != LDAP_AUTH_SASL ) {
- fprintf( stderr, "%s: %d: "
+ snprintf( c->msg, sizeof( c->msg ),
"\"idassert-bind <args>\": "
"authz=\"native\" incompatible "
- "with auth method.\n",
- c->fname, c->lineno );
+ "with auth method" );
+ Debug( LDAP_DEBUG_ANY, "%s: %s.\n", c->log, c->msg, 0 );
return 1;
}
li->li_idassert_flags |= LDAP_BACK_AUTH_NATIVE_AUTHZ;
li->li_idassert_flags &= ~LDAP_BACK_AUTH_NATIVE_AUTHZ;
} else {
- fprintf( stderr, "%s: %d: "
+ snprintf( c->msg, sizeof( c->msg ),
"\"idassert-bind <args>\": "
- "unknown authz \"%s\".\n",
- c->fname, c->lineno, argvi );
+ "unknown authz \"%s\"",
+ argvi );
+ Debug( LDAP_DEBUG_ANY, "%s: %s.\n", c->log, c->msg, 0 );
return 1;
}
int j;
if ( flags == NULL ) {
- fprintf( stderr, "%s: %d: "
+ snprintf( c->msg, sizeof( c->msg ),
"\"idassert-bind <args>\": "
- "unable to parse flags \"%s\".\n",
- c->fname, c->lineno, argvi );
+ "unable to parse flags \"%s\"",
+ argvi );
+ Debug( LDAP_DEBUG_ANY, "%s: %s.\n", c->log, c->msg, 0 );
return 1;
}
li->li_idassert_flags &= ( ~LDAP_BACK_AUTH_PRESCRIPTIVE );
} else {
- fprintf( stderr, "%s: %d: "
+ snprintf( c->msg, sizeof( c->msg ),
"\"idassert-bind <args>\": "
- "unknown flag \"%s\".\n",
+ "unknown flag \"%s\"",
c->fname, c->lineno, flags[ j ] );
+ Debug( LDAP_DEBUG_ANY, "%s: %s.\n", c->log, c->msg, 0 );
return 1;
}
}
break;
case LDAP_BACK_CFG_TIMEOUT:
- if ( c->argc < 2 ) {
- return 1;
- }
-
for ( i = 1; i < c->argc; i++ ) {
if ( isdigit( c->argv[ i ][ 0 ] ) ) {
int j;
}
break;
+ case LDAP_BACK_CFG_IDLE_TIMEOUT: {
+ unsigned long t;
+
+ if ( lutil_parse_time( c->argv[ 1 ], &t ) != 0 ) {
+ snprintf( c->msg, sizeof( c->msg),
+ "unable to parse idle timeout \"%s\"",
+ c->argv[ 1 ] );
+ Debug( LDAP_DEBUG_ANY, "%s: %s.\n", c->log, c->msg, 0 );
+ return 1;
+ }
+ li->li_idle_timeout = (time_t)t;
+ } break;
+
case LDAP_BACK_CFG_REWRITE:
- fprintf( stderr, "%s: line %d: "
+ snprintf( c->msg, sizeof( c->msg ),
"rewrite/remap capabilities have been moved "
"to the \"rwm\" overlay; see slapo-rwm(5) "
"for details (hint: add \"overlay rwm\" "
- "and prefix all directives with \"rwm-\").\n",
- c->fname, c->lineno );
+ "and prefix all directives with \"rwm-\")" );
+ Debug( LDAP_DEBUG_ANY, "%s: %s.\n", c->log, c->msg, 0 );
return 1;
default:
retry:
rs->sr_err = ldap_whoami( lc->lc_ld, ctrls, NULL, &msgid );
if ( rs->sr_err == LDAP_SUCCESS ) {
- if ( ldap_result( lc->lc_ld, msgid, 1, NULL, &res ) == -1 ) {
+ if ( ldap_result( lc->lc_ld, msgid, LDAP_MSG_ALL, NULL, &res ) == -1 ) {
ldap_get_option( lc->lc_ld, LDAP_OPT_ERROR_NUMBER,
&rs->sr_err );
if ( rs->sr_err == LDAP_SERVER_DOWN && doretry ) {