#ifdef SLAPD_LDBM
#include "back-ldbm/external.h"
#endif
+#ifdef SLAPD_META
+#include "back-meta/external.h"
+#endif
+#ifdef SLAPD_MONITOR
+#include "back-monitor/external.h"
+#endif
#ifdef SLAPD_PASSWD
#include "back-passwd/external.h"
#endif
#if defined(SLAPD_LDBM) && !defined(SLAPD_LDBM_DYNAMIC)
{"ldbm", ldbm_back_initialize},
#endif
+#if defined(SLAPD_META) && !defined(SLAPD_META_DYNAMIC)
+ {"meta", meta_back_initialize},
+#endif
+#if defined(SLAPD_MONITOR) && !defined(SLAPD_MONITOR_DYNAMIC)
+ {"monitor", monitor_back_initialize},
+#endif
#if defined(SLAPD_PASSWD) && !defined(SLAPD_PASSWD_DYNAMIC)
{"passwd", passwd_back_initialize},
#endif
len = strlen( backends[i].be_nsuffix[j] );
if ( len > dnlen ) {
+ /* suffix is longer than DN */
continue;
}
- if ( strcmp( backends[i].be_nsuffix[j],
- dn + (dnlen - len) ) == 0 )
- {
+
+ if ( len && len < dnlen && !DN_SEPARATOR( dn[(dnlen-len)-1] ) ) {
+ /* make sure we have a separator */
+ continue;
+ }
+
+
+ if ( strcmp( backends[i].be_nsuffix[j], &dn[dnlen-len] ) == 0 ) {
if( be == NULL ) {
be = &backends[i];
Backend *be,
Connection *conn,
Operation *op,
- const char *extoid,
+ const void *opdata,
const char **text )
{
int rc;
return LDAP_OTHER;
}
- if (( extoid == NULL || strcmp( extoid, LDAP_EXOP_START_TLS ) ) ) {
+ if ( op->o_tag != LDAP_REQ_EXTENDED
+ || strcmp( (const char *) opdata, LDAP_EXOP_START_TLS ) )
+ {
/* these checks don't apply to StartTLS */
if( op->o_tag == LDAP_REQ_EXTENDED ) {
updateop++;
}
- if( op->o_ssf < ssf->sss_ssf ) {
- *text = "confidentiality required";
- return LDAP_CONFIDENTIALITY_REQUIRED;
- }
if( op->o_transport_ssf < ssf->sss_transport ) {
*text = "transport confidentiality required";
return LDAP_CONFIDENTIALITY_REQUIRED;
}
+
if( op->o_tls_ssf < ssf->sss_tls ) {
*text = "TLS confidentiality required";
return LDAP_CONFIDENTIALITY_REQUIRED;
}
- if( op->o_sasl_ssf < ssf->sss_sasl ) {
- *text = "SASL confidentiality required";
- return LDAP_CONFIDENTIALITY_REQUIRED;
- }
- if( updateop ) {
- if( op->o_ssf < ssf->sss_update_ssf ) {
- *text = "update confidentiality required";
+ if( op->o_tag != LDAP_REQ_BIND || opdata == NULL ) {
+ /* these checks don't apply to SASL bind */
+
+ if( op->o_sasl_ssf < ssf->sss_sasl ) {
+ *text = "SASL confidentiality required";
return LDAP_CONFIDENTIALITY_REQUIRED;
}
+
+ if( op->o_ssf < ssf->sss_ssf ) {
+ *text = "confidentiality required";
+ return LDAP_CONFIDENTIALITY_REQUIRED;
+ }
+ }
+
+ if( updateop ) {
if( op->o_transport_ssf < ssf->sss_update_transport ) {
*text = "transport update confidentiality required";
return LDAP_CONFIDENTIALITY_REQUIRED;
}
+
if( op->o_tls_ssf < ssf->sss_update_tls ) {
*text = "TLS update confidentiality required";
return LDAP_CONFIDENTIALITY_REQUIRED;
}
+
if( op->o_sasl_ssf < ssf->sss_update_sasl ) {
*text = "SASL update confidentiality required";
return LDAP_CONFIDENTIALITY_REQUIRED;
}
+
+ if( op->o_ssf < ssf->sss_update_ssf ) {
+ *text = "update confidentiality required";
+ return LDAP_CONFIDENTIALITY_REQUIRED;
+ }
+
+ if( op->o_ndn == NULL ) {
+ *text = "modifications require authentication";
+ return LDAP_OPERATIONS_ERROR;
+ }
}
}
- if (( extoid == NULL || strcmp( extoid, LDAP_EXOP_START_TLS ) )
- || op->o_tag == LDAP_REQ_BIND )
+ if ( op->o_tag != LDAP_REQ_BIND && ( op->o_tag != LDAP_REQ_EXTENDED ||
+ strcmp( (const char *) opdata, LDAP_EXOP_START_TLS ) ) )
{
- /* these checks don't apply to StartTLS or Bind */
+ /* these checks don't apply to Bind or StartTLS */
if( requires & SLAP_REQUIRE_STRONG ) {
/* should check mechanism */