]> git.sur5r.net Git - openldap/blobdiff - servers/slapd/back-meta/init.c
projects / openldap / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Happy New Year!
[openldap] / servers / slapd / back-meta / init.c
diff --git a/servers/slapd/back-meta/init.c b/servers/slapd/back-meta/init.c
index 3038b8191ea1b0b93b3fce62038d95e39b8bee67..50a94df40fdc10f8cbc494f596e14c7767927246 100644 (file)
--- a/servers/slapd/back-meta/init.c
+++ b/servers/slapd/back-meta/init.c
@@ -1,7 +1,7 @@
 /* $OpenLDAP$ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1999-2013 The OpenLDAP Foundation.
+ * Copyright 1999-2016 The OpenLDAP Foundation.
  * Portions Copyright 2001-2003 Pierangelo Masarati.
  * Portions Copyright 1999-2003 Howard Chu.
  * All rights reserved.
@@ -113,7 +113,10 @@ meta_back_db_init(
 
        /* set default flags */
        mi->mi_flags =
-               META_BACK_F_DEFER_ROOTDN_BIND;
+               META_BACK_F_DEFER_ROOTDN_BIND
+               | META_BACK_F_PROXYAUTHZ_ALWAYS
+               | META_BACK_F_PROXYAUTHZ_ANON
+               | META_BACK_F_PROXYAUTHZ_NOANON;
 
        /*
         * At present the default is no default target;
@@ -147,20 +150,106 @@ meta_back_db_init(
        return 0;
 }
 
+int
+meta_target_finish(
+       metainfo_t *mi,
+       metatarget_t *mt,
+       const char *log,
+       char *msg,
+       size_t msize
+)
+{
+       slap_bindconf   sb = { BER_BVNULL };
+       struct berval mapped;
+       int rc;
+
+       ber_str2bv( mt->mt_uri, 0, 0, &sb.sb_uri );
+       sb.sb_version = mt->mt_version;
+       sb.sb_method = LDAP_AUTH_SIMPLE;
+       BER_BVSTR( &sb.sb_binddn, "" );
+
+       if ( META_BACK_TGT_T_F_DISCOVER( mt ) ) {
+               rc = slap_discover_feature( &sb,
+                               slap_schema.si_ad_supportedFeatures->ad_cname.bv_val,
+                               LDAP_FEATURE_ABSOLUTE_FILTERS );
+               if ( rc == LDAP_COMPARE_TRUE ) {
+                       mt->mt_flags |= LDAP_BACK_F_T_F;
+               }
+       }
+
+       if ( META_BACK_TGT_CANCEL_DISCOVER( mt ) ) {
+               rc = slap_discover_feature( &sb,
+                               slap_schema.si_ad_supportedExtension->ad_cname.bv_val,
+                               LDAP_EXOP_CANCEL );
+               if ( rc == LDAP_COMPARE_TRUE ) {
+                       mt->mt_flags |= LDAP_BACK_F_CANCEL_EXOP;
+               }
+       }
+
+       if ( !( mt->mt_idassert_flags & LDAP_BACK_AUTH_OVERRIDE )
+               || mt->mt_idassert_authz != NULL )
+       {
+               mi->mi_flags &= ~META_BACK_F_PROXYAUTHZ_ALWAYS;
+       }
+
+       if ( ( mt->mt_idassert_flags & LDAP_BACK_AUTH_AUTHZ_ALL )
+               && !( mt->mt_idassert_flags & LDAP_BACK_AUTH_PRESCRIPTIVE ) )
+       {
+               snprintf( msg, msize,
+                       "%s: inconsistent idassert configuration "
+                       "(likely authz=\"*\" used with \"non-prescriptive\" flag)",
+                       log );
+               Debug( LDAP_DEBUG_ANY, "%s (target %s)\n",
+                       msg, mt->mt_uri, 0 );
+               return 1;
+       }
+
+       if ( !( mt->mt_idassert_flags & LDAP_BACK_AUTH_AUTHZ_ALL ) )
+       {
+               mi->mi_flags &= ~META_BACK_F_PROXYAUTHZ_ANON;
+       }
+
+       if ( ( mt->mt_idassert_flags & LDAP_BACK_AUTH_PRESCRIPTIVE ) )
+       {
+               mi->mi_flags &= ~META_BACK_F_PROXYAUTHZ_NOANON;
+       }
+
+       BER_BVZERO( &mapped );
+       ldap_back_map( &mt->mt_rwmap.rwm_at,
+               &slap_schema.si_ad_entryDN->ad_cname, &mapped,
+               BACKLDAP_REMAP );
+       if ( BER_BVISNULL( &mapped ) || mapped.bv_val[0] == '\0' ) {
+               mt->mt_rep_flags |= REP_NO_ENTRYDN;
+       }
+
+       BER_BVZERO( &mapped );
+       ldap_back_map( &mt->mt_rwmap.rwm_at,
+               &slap_schema.si_ad_subschemaSubentry->ad_cname, &mapped,
+               BACKLDAP_REMAP );
+       if ( BER_BVISNULL( &mapped ) || mapped.bv_val[0] == '\0' ) {
+               mt->mt_rep_flags |= REP_NO_SUBSCHEMA;
+       }
+
+       return 0;
+}
+
 int
 meta_back_db_open(
        Backend         *be,
        ConfigReply     *cr )
 {
        metainfo_t      *mi = (metainfo_t *)be->be_private;
+       char msg[SLAP_TEXT_BUFLEN];
 
-       int             i,
-                       not_always = 0,
-                       not_always_anon_proxyauthz = 0,
-                       not_always_anon_non_prescriptive = 0,
-                       rc;
+       int             i, rc;
 
        if ( mi->mi_ntargets == 0 ) {
+               /* Dynamically added, nothing to check here until
+                * some targets get added
+                */
+               if ( slapMode & SLAP_SERVER_RUNNING )
+                       return 0;
+
                Debug( LDAP_DEBUG_ANY,
                        "meta_back_db_open: no targets defined\n",
                        0, 0, 0 );
@@ -168,92 +257,11 @@ meta_back_db_open(
        }
 
        for ( i = 0; i < mi->mi_ntargets; i++ ) {
-               slap_bindconf   sb = { BER_BVNULL };
                metatarget_t    *mt = mi->mi_targets[ i ];
 
-               struct berval mapped;
-
-               ber_str2bv( mt->mt_uri, 0, 0, &sb.sb_uri );
-               sb.sb_version = mt->mt_version;
-               sb.sb_method = LDAP_AUTH_SIMPLE;
-               BER_BVSTR( &sb.sb_binddn, "" );
-
-               if ( META_BACK_TGT_T_F_DISCOVER( mt ) ) {
-                       rc = slap_discover_feature( &sb,
-                                       slap_schema.si_ad_supportedFeatures->ad_cname.bv_val,
-                                       LDAP_FEATURE_ABSOLUTE_FILTERS );
-                       if ( rc == LDAP_COMPARE_TRUE ) {
-                               mt->mt_flags |= LDAP_BACK_F_T_F;
-                       }
-               }
-
-               if ( META_BACK_TGT_CANCEL_DISCOVER( mt ) ) {
-                       rc = slap_discover_feature( &sb,
-                                       slap_schema.si_ad_supportedExtension->ad_cname.bv_val,
-                                       LDAP_EXOP_CANCEL );
-                       if ( rc == LDAP_COMPARE_TRUE ) {
-                               mt->mt_flags |= LDAP_BACK_F_CANCEL_EXOP;
-                       }
-               }
-
-               if ( not_always == 0 ) {
-                       if ( !( mt->mt_idassert_flags & LDAP_BACK_AUTH_OVERRIDE )
-                               || mt->mt_idassert_authz != NULL )
-                       {
-                               not_always = 1;
-                       }
-               }
-
-               if ( ( mt->mt_idassert_flags & LDAP_BACK_AUTH_AUTHZ_ALL )
-                       && !( mt->mt_idassert_flags & LDAP_BACK_AUTH_PRESCRIPTIVE ) )
-               {
-                       Debug( LDAP_DEBUG_ANY, "meta_back_db_open(%s): "
-                               "target #%d inconsistent idassert configuration "
-                               "(likely authz=\"*\" used with \"non-prescriptive\" flag)\n",
-                               be->be_suffix[ 0 ].bv_val, i, 0 );
+               if ( meta_target_finish( mi, mt,
+                       "meta_back_db_open", msg, sizeof( msg )))
                        return 1;
-               }
-
-               if ( not_always_anon_proxyauthz == 0 ) {
-                       if ( !( mt->mt_idassert_flags & LDAP_BACK_AUTH_AUTHZ_ALL ) )
-                       {
-                               not_always_anon_proxyauthz = 1;
-                       }
-               }
-
-               if ( not_always_anon_non_prescriptive == 0 ) {
-                       if ( ( mt->mt_idassert_flags & LDAP_BACK_AUTH_PRESCRIPTIVE ) )
-                       {
-                               not_always_anon_non_prescriptive = 1;
-                       }
-               }
-
-               BER_BVZERO( &mapped );
-               ldap_back_map( &mt->mt_rwmap.rwm_at, 
-                       &slap_schema.si_ad_entryDN->ad_cname, &mapped,
-                       BACKLDAP_REMAP );
-               if ( BER_BVISNULL( &mapped ) || mapped.bv_val[0] == '\0' ) {
-                       mt->mt_rep_flags |= REP_NO_ENTRYDN;
-               }
-
-               BER_BVZERO( &mapped );
-               ldap_back_map( &mt->mt_rwmap.rwm_at, 
-                       &slap_schema.si_ad_subschemaSubentry->ad_cname, &mapped,
-                       BACKLDAP_REMAP );
-               if ( BER_BVISNULL( &mapped ) || mapped.bv_val[0] == '\0' ) {
-                       mt->mt_rep_flags |= REP_NO_SUBSCHEMA;
-               }
-       }
-
-       if ( not_always == 0 ) {
-               mi->mi_flags |= META_BACK_F_PROXYAUTHZ_ALWAYS;
-       }
-
-       if ( not_always_anon_proxyauthz == 0 ) {
-               mi->mi_flags |= META_BACK_F_PROXYAUTHZ_ANON;
-
-       } else if ( not_always_anon_non_prescriptive == 0 ) {
-               mi->mi_flags |= META_BACK_F_PROXYAUTHZ_NOANON;
        }
 
        return 0;
@@ -332,6 +340,10 @@ target_free(
                meta_subtree_destroy( mt->mt_subtree );
                mt->mt_subtree = NULL;
        }
+       if ( mt->mt_filter ) {
+               meta_filter_destroy( mt->mt_filter );
+               mt->mt_filter = NULL;
+       }
        if ( !BER_BVISNULL( &mt->mt_psuffix ) ) {
                free( mt->mt_psuffix.bv_val );
        }
Cloned from git://git.openldap.org/openldap.git