#ifdef SLAP_AUTH_REWRITE
static BerVarray authz_rewrites;
#endif
+static AccessControl *defacl_parsed = NULL;
static struct berval cfdir;
* OLcfg{Bk|Db}{Oc|At}:3 -> back-ldap
* OLcfg{Bk|Db}{Oc|At}:4 -> back-monitor
* OLcfg{Bk|Db}{Oc|At}:5 -> back-relay
- * OLcfg{Bk|Db}{Oc|At}:6 -> back-sql
+ * OLcfg{Bk|Db}{Oc|At}:6 -> back-sql(/back-ndb)
* OLcfg{Bk|Db}{Oc|At}:7 -> back-sock
* OLcfg{Bk|Db}{Oc|At}:8 -> back-null
+ * OLcfg{Bk|Db}{Oc|At}:9 -> back-passwd
+ * OLcfg{Bk|Db}{Oc|At}:10 -> back-shell
+ * OLcfg{Bk|Db}{Oc|At}:11 -> back-perl
+ * OLcfg{Bk|Db}{Oc|At}:12 -> back-mdb
*/
/*
{ "timelimit", "limit", 2, 0, 0, ARG_MAY_DB|ARG_MAGIC,
&config_timelimit, "( OLcfgGlAt:67 NAME 'olcTimeLimit' "
"SYNTAX OMsDirectoryString )", NULL, NULL },
- { "TLSCACertificateFile", NULL, 0, 0, 0,
+ { "TLSCACertificateFile", NULL, 2, 2, 0,
#ifdef HAVE_TLS
CFG_TLS_CA_FILE|ARG_STRING|ARG_MAGIC, &config_tls_option,
#else
#endif
"( OLcfgGlAt:68 NAME 'olcTLSCACertificateFile' "
"SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
- { "TLSCACertificatePath", NULL, 0, 0, 0,
+ { "TLSCACertificatePath", NULL, 2, 2, 0,
#ifdef HAVE_TLS
CFG_TLS_CA_PATH|ARG_STRING|ARG_MAGIC, &config_tls_option,
#else
#endif
"( OLcfgGlAt:69 NAME 'olcTLSCACertificatePath' "
"SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
- { "TLSCertificateFile", NULL, 0, 0, 0,
+ { "TLSCertificateFile", NULL, 2, 2, 0,
#ifdef HAVE_TLS
CFG_TLS_CERT_FILE|ARG_STRING|ARG_MAGIC, &config_tls_option,
#else
#endif
"( OLcfgGlAt:70 NAME 'olcTLSCertificateFile' "
"SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
- { "TLSCertificateKeyFile", NULL, 0, 0, 0,
+ { "TLSCertificateKeyFile", NULL, 2, 2, 0,
#ifdef HAVE_TLS
CFG_TLS_CERT_KEY|ARG_STRING|ARG_MAGIC, &config_tls_option,
#else
#endif
"( OLcfgGlAt:71 NAME 'olcTLSCertificateKeyFile' "
"SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
- { "TLSCipherSuite", NULL, 0, 0, 0,
+ { "TLSCipherSuite", NULL, 2, 2, 0,
#ifdef HAVE_TLS
CFG_TLS_CIPHER|ARG_STRING|ARG_MAGIC, &config_tls_option,
#else
#endif
"( OLcfgGlAt:72 NAME 'olcTLSCipherSuite' "
"SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
- { "TLSCRLCheck", NULL, 0, 0, 0,
+ { "TLSCRLCheck", NULL, 2, 2, 0,
#if defined(HAVE_TLS) && defined(HAVE_OPENSSL_CRL)
CFG_TLS_CRLCHECK|ARG_STRING|ARG_MAGIC, &config_tls_config,
#else
#endif
"( OLcfgGlAt:73 NAME 'olcTLSCRLCheck' "
"SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
- { "TLSCRLFile", NULL, 0, 0, 0,
+ { "TLSCRLFile", NULL, 2, 2, 0,
#if defined(HAVE_GNUTLS)
CFG_TLS_CRL_FILE|ARG_STRING|ARG_MAGIC, &config_tls_option,
#else
#endif
"( OLcfgGlAt:82 NAME 'olcTLSCRLFile' "
"SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
- { "TLSRandFile", NULL, 0, 0, 0,
+ { "TLSRandFile", NULL, 2, 2, 0,
#ifdef HAVE_TLS
CFG_TLS_RAND|ARG_STRING|ARG_MAGIC, &config_tls_option,
#else
#endif
"( OLcfgGlAt:74 NAME 'olcTLSRandFile' "
"SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
- { "TLSVerifyClient", NULL, 0, 0, 0,
+ { "TLSVerifyClient", NULL, 2, 2, 0,
#ifdef HAVE_TLS
CFG_TLS_VERIFY|ARG_STRING|ARG_MAGIC, &config_tls_config,
#else
#endif
"( OLcfgGlAt:75 NAME 'olcTLSVerifyClient' "
"SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
- { "TLSDHParamFile", NULL, 0, 0, 0,
+ { "TLSDHParamFile", NULL, 2, 2, 0,
#ifdef HAVE_TLS
CFG_TLS_DH_FILE|ARG_STRING|ARG_MAGIC, &config_tls_option,
#else
#endif
"( OLcfgGlAt:77 NAME 'olcTLSDHParamFile' "
"SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
- { "TLSProtocolMin", NULL, 0, 0, 0,
+ { "TLSProtocolMin", NULL, 2, 2, 0,
#ifdef HAVE_TLS
CFG_TLS_PROTOCOL_MIN|ARG_STRING|ARG_MAGIC, &config_tls_config,
#else
"NAME 'olcSchemaConfig' "
"DESC 'OpenLDAP schema object' "
"SUP olcConfig STRUCTURAL "
- "MAY ( cn $ olcObjectIdentifier $ olcAttributeTypes $ "
- "olcObjectClasses $ olcDitContentRules $ olcLdapSyntaxes ) )",
+ "MAY ( cn $ olcObjectIdentifier $ olcLdapSyntaxes $ "
+ "olcAttributeTypes $ olcObjectClasses $ olcDitContentRules ) )",
Cft_Schema, NULL, cfAddSchema },
{ "( OLcfgGlOc:3 "
"NAME 'olcBackendConfig' "
*prev = a->acl_next;
acl_free( a );
}
+ if ( SLAP_CONFIG( c->be ) && !c->be->be_acl ) {
+ Debug( LDAP_DEBUG_CONFIG, "config_generic (CFG_ACL): "
+ "Last explicit ACL for back-config removed. "
+ "Using hardcoded default\n", 0, 0, 0 );
+ c->be->be_acl = defacl_parsed;
+ }
break;
case CFG_OC: {
break;
case CFG_ACL:
+ if ( SLAP_CONFIG( c->be ) && c->be->be_acl == defacl_parsed) {
+ c->be->be_acl = NULL;
+ }
/* Don't append to the global ACL if we're on a specific DB */
i = c->valx;
if ( c->valx == -1 ) {
i++;
}
if ( parse_acl(c->be, c->fname, c->lineno, c->argc, c->argv, i ) ) {
+ if ( SLAP_CONFIG( c->be ) && !c->be->be_acl) {
+ c->be->be_acl = defacl_parsed;
+ }
return 1;
}
break;
/* FALLTHRU: LDAP_MOD_REPLACE && vals */
case LDAP_MOD_ADD:
+ if ( !a )
+ break;
for (i=0; ml->sml_values[i].bv_val; i++) {
ca->line = ml->sml_values[i].bv_val;
ca->valx = -1;
slap_callback cb = { NULL, slap_null_cb, NULL, NULL };
SlapReply rs = {REP_RESULT};
void *thrctx = NULL;
+ AccessControl *save_access;
Debug( LDAP_DEBUG_TRACE, "config_back_db_open\n", 0, 0, 0);
/* If we have no explicitly configured ACLs, don't just use
* the global ACLs. Explicitly deny access to everything.
*/
- if ( !be->bd_self->be_acl ) {
- parse_acl(be->bd_self, "config_back_db_open", 0, 6, (char **)defacl, 0 );
+ save_access = be->bd_self->be_acl;
+ be->bd_self->be_acl = NULL;
+ parse_acl(be->bd_self, "config_back_db_open", 0, 6, (char **)defacl, 0 );
+ defacl_parsed = be->bd_self->be_acl;
+ if ( save_access ) {
+ be->bd_self->be_acl = save_access;
+ } else {
+ Debug( LDAP_DEBUG_CONFIG, "config_back_db_open: "
+ "No explicit ACL for back-config configured. "
+ "Using hardcoded default\n", 0, 0, 0 );
}
thrctx = ldap_pvt_thread_pool_context();
backend_shutdown( &cfb->cb_db );
}
+ if ( defacl_parsed && be->be_acl != defacl_parsed ) {
+ acl_free( defacl_parsed );
+ defacl_parsed = NULL;
+ }
+
return 0;
}
return NOID;
}
} else {
+ if ( !strncmp( e->e_nname.bv_val +
+ STRLENOF( "olcDatabase" ), "=frontend",
+ STRLENOF( "=frontend" ) ) )
+ {
+ struct berval rdn, pdn, ndn;
+ dnParent( &e->e_nname, &pdn );
+ rdn.bv_val = ca.log;
+ rdn.bv_len = snprintf(rdn.bv_val, sizeof( ca.log ),
+ "%s=" SLAP_X_ORDERED_FMT "%s",
+ cfAd_database->ad_cname.bv_val, -1,
+ frontendDB->bd_info->bi_type );
+ build_new_dn( &ndn, &pdn, &rdn, NULL );
+ ber_memfree( e->e_name.bv_val );
+ e->e_name = ndn;
+ ber_bvreplace( &e->e_nname, &e->e_name );
+ }
entry_put_got_frontend++;
isFrontend = 1;
}