/* config.c - ldap backend configuration file routine */
/* $OpenLDAP$ */
-/*
- * Copyright 1998-2003 The OpenLDAP Foundation, All Rights Reserved.
- * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
- */
-/* This is an altered version */
-/*
- * Copyright 1999, Howard Chu, All rights reserved. <hyc@highlandsun.com>
- *
- * Permission is granted to anyone to use this software for any purpose
- * on any computer system, and to alter it and redistribute it, subject
- * to the following restrictions:
- *
- * 1. The author is not responsible for the consequences of use of this
- * software, no matter how awful, even if they arise from flaws in it.
- *
- * 2. The origin of this software must not be misrepresented, either by
- * explicit claim or by omission. Since few users ever read sources,
- * credits should appear in the documentation.
- *
- * 3. Altered versions must be plainly marked as such, and must not be
- * misrepresented as being the original software. Since few users
- * ever read sources, credits should appear in the documentation.
- *
- * 4. This notice may not be removed or altered.
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
+ * Copyright 2003 The OpenLDAP Foundation.
+ * Portions Copyright 1999-2003 Howard Chu.
+ * Portions Copyright 2000-2003 Pierangelo Masarati.
+ * All rights reserved.
*
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
*
- * Copyright 2000, Pierangelo Masarati, All rights reserved. <ando@sys-net.it>
- *
- * This software is being modified by Pierangelo Masarati.
- * The previously reported conditions apply to the modified code as well.
- * Changes in the original code are highlighted where required.
- * Credits for the original code go to the author, Howard Chu.
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was initially developed by the Howard Chu for inclusion
+ * in OpenLDAP Software and subsequently enhanced by Pierangelo
+ * Masarati.
*/
#include "portable.h"
return( 1 );
}
ber_str2bv( argv[1], 0, 1, &li->bindpw );
-
+
+#ifdef LDAP_BACK_PROXY_AUTHZ
+ /* name to use for proxyAuthz propagation */
+ } else if ( strcasecmp( argv[0], "proxyauthzdn" ) == 0 ) {
+ if (argc != 2) {
+ fprintf( stderr,
+ "%s: line %d: missing name in \"proxyauthzdn <name>\" line\n",
+ fname, lineno );
+ return( 1 );
+ }
+ ber_str2bv( argv[1], 0, 1, &li->proxyauthzdn );
+
+ /* password to use for proxyAuthz propagation */
+ } else if ( strcasecmp( argv[0], "proxyauthzpw" ) == 0 ) {
+ if (argc != 2) {
+ fprintf( stderr,
+ "%s: line %d: missing password in \"proxyauthzpw <password>\" line\n",
+ fname, lineno );
+ return( 1 );
+ }
+ ber_str2bv( argv[1], 0, 1, &li->proxyauthzpw );
+#endif /* LDAP_BACK_PROXY_AUTHZ */
+
/* save bind creds for referral rebinds? */
} else if ( strcasecmp( argv[0], "rebind-as-user" ) == 0 ) {
if (argc != 1) {
fname, lineno );
return( 1 );
}
- load_extop( (struct berval *)&slap_EXOP_WHOAMI, ldap_back_exop_whoami );
+ load_extop( (struct berval *)&slap_EXOP_WHOAMI,
+ 0, ldap_back_exop_whoami );
/* dn massaging */
} else if ( strcasecmp( argv[0], "suffixmassage" ) == 0 ) {
}
ber_str2bv( argv[1], 0, 0, &bvnc );
- if ( dnPrettyNormal( NULL, &bvnc, &pvnc, &nvnc ) != LDAP_SUCCESS ) {
+ if ( dnPrettyNormal( NULL, &bvnc, &pvnc, &nvnc, NULL ) != LDAP_SUCCESS ) {
fprintf( stderr, "%s: line %d: suffix DN %s is invalid\n",
fname, lineno, bvnc.bv_val );
return( 1 );
}
ber_str2bv( argv[2], 0, 0, &brnc );
- if ( dnPrettyNormal( NULL, &brnc, &prnc, &nrnc ) != LDAP_SUCCESS ) {
+ if ( dnPrettyNormal( NULL, &brnc, &prnc, &nrnc, NULL ) != LDAP_SUCCESS ) {
fprintf( stderr, "%s: line %d: suffix DN %s is invalid\n",
fname, lineno, brnc.bv_val );
free( nvnc.bv_val );
* FIXME: no extra rewrite capabilities should be added
* to the database
*/
- rc = suffix_massage_config( li->rwinfo, &pvnc, &nvnc, &prnc, &nrnc );
+ rc = suffix_massage_config( li->rwmap.rwm_rw,
+ &pvnc, &nvnc, &prnc, &nrnc );
free( nvnc.bv_val );
free( pvnc.bv_val );
free( nrnc.bv_val );
return( rc );
#else /* !ENABLE_REWRITE */
- ber_bvarray_add( &li->suffix_massage, &pvnc );
- ber_bvarray_add( &li->suffix_massage, &nvnc );
+ ber_bvarray_add( &li->rwmap.rwm_suffix_massage, &pvnc );
+ ber_bvarray_add( &li->rwmap.rwm_suffix_massage, &nvnc );
- ber_bvarray_add( &li->suffix_massage, &prnc );
- ber_bvarray_add( &li->suffix_massage, &nrnc );
+ ber_bvarray_add( &li->rwmap.rwm_suffix_massage, &prnc );
+ ber_bvarray_add( &li->rwmap.rwm_suffix_massage, &nrnc );
#endif /* !ENABLE_REWRITE */
/* rewrite stuff ... */
} else if ( strncasecmp( argv[0], "rewrite", 7 ) == 0 ) {
#ifdef ENABLE_REWRITE
- return rewrite_parse( li->rwinfo, fname, lineno, argc, argv );
+ return rewrite_parse( li->rwmap.rwm_rw,
+ fname, lineno, argc, argv );
#else /* !ENABLE_REWRITE */
fprintf( stderr, "%s: line %d: rewrite capabilities "
/* objectclass/attribute mapping */
} else if ( strcasecmp( argv[0], "map" ) == 0 ) {
- return ldap_back_map_config( &li->oc_map, &li->at_map,
+ return ldap_back_map_config( &li->rwmap.rwm_oc,
+ &li->rwmap.rwm_at,
fname, lineno, argc, argv );
/* anything else */
} else {
- fprintf( stderr, "%s: line %d: unknown directive \"%s\" "
- "in ldap database definition (ignored)\n",
- fname, lineno, argv[0] );
+ return SLAP_CONF_UNKNOWN;
}
return 0;
}
if ( op->oq_extended.rs_reqdata != NULL ) {
/* no request data should be provided */
rs->sr_text = "no request data expected";
- return LDAP_PROTOCOL_ERROR;
+ return rs->sr_err = LDAP_PROTOCOL_ERROR;
}
- {
- rs->sr_err = backend_check_restrictions( op, rs,
+ rs->sr_err = backend_check_restrictions( op, rs,
(struct berval *)&slap_EXOP_WHOAMI );
-
- if( rs->sr_err != LDAP_SUCCESS ) return rs->sr_err;
- }
+ if( rs->sr_err != LDAP_SUCCESS ) return rs->sr_err;
/* if auth'd by back-ldap and request is proxied, forward it */
if ( op->o_conn->c_authz_backend && !strcmp(op->o_conn->c_authz_backend->be_type, "ldap" ) && !dn_match(&op->o_ndn, &op->o_conn->c_ndn)) {
- struct ldapinfo *li =
- (struct ldapinfo *)op->o_conn->c_authz_backend->be_private;
struct ldapconn *lc;
- LDAPControl c, *ctrls[2] = {&c, NULL};
+ LDAPControl c, *ctrls[2] = {NULL, NULL};
LDAPMessage *res;
Operation op2 = *op;
ber_int_t msgid;
+ ctrls[0] = &c;
op2.o_ndn = op->o_conn->c_ndn;
- lc = ldap_back_getconn(li, &op2, rs);
- if (!lc || !ldap_back_dobind( li, lc, op, rs )) {
+ lc = ldap_back_getconn(&op2, rs);
+ if (!lc || !ldap_back_dobind( lc, op, rs )) {
return -1;
}
c.ldctl_oid = LDAP_CONTROL_PROXY_AUTHZ;
}
ch_free(c.ldctl_value.bv_val);
if (rs->sr_err != LDAP_SUCCESS) {
- rs->sr_err = ldap_back_map_result(rs->sr_err);
+ rs->sr_err = ldap_back_map_result(rs);
}
} else {
/* else just do the same as before */
rargv[ 4 ] = NULL;
rewrite_parse( info, "<suffix massage>", ++line, 4, rargv );
#else /* normalize "matched" */
+
rargv[ 0 ] = "rewriteContext";
- rargv[ 1 ] = "matchedDn";
- rargv[ 2 ] = NULL;
- rewrite_parse( info, "<suffix massage>", ++line, 2, rargv );
+ rargv[ 1 ] = "matchedDN";
+ rargv[ 2 ] = "alias";
+ rargv[ 3 ] = "searchResult";
+ rargv[ 4 ] = NULL;
+ rewrite_parse( info, "<suffix massage>", ++line, 4, rargv );
+
+ rargv[ 0 ] = "rewriteContext";
+ rargv[ 1 ] = "searchAttrDN";
+ rargv[ 2 ] = "alias";
+ rargv[ 3 ] = "searchResult";
+ rargv[ 4 ] = NULL;
+ rewrite_parse( info, "<suffix massage>", ++line, 4, rargv );
+#if 0
rargv[ 0 ] = "rewriteRule";
rargv[ 1 ] = suffix_massage_regexize( prnc->bv_val );
rargv[ 2 ] = suffix_massage_patternize( nvnc->bv_val );
rewrite_parse( info, "<suffix massage>", ++line, 4, rargv );
ch_free( rargv[ 1 ] );
ch_free( rargv[ 2 ] );
+#endif /* 0 */
#endif /* normalize "matched" */
return 0;