/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2005-2017 The OpenLDAP Foundation.
+ * Copyright 2005-2018 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
CFG_DISABLED,
CFG_THREADQS,
CFG_TLS_ECNAME,
+ CFG_TLS_CACERT,
+ CFG_TLS_CERT,
+ CFG_TLS_KEY,
CFG_LAST
};
"SYNTAX OMsInteger SINGLE-VALUE )", NULL, NULL },
{ "timelimit", "limit", 2, 0, 0, ARG_MAY_DB|ARG_MAGIC,
&config_timelimit, "( OLcfgGlAt:67 NAME 'olcTimeLimit' "
- "SYNTAX OMsDirectoryString )", NULL, NULL },
+ "SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
+ { "TLSCACertificate", NULL, 2, 2, 0,
+#ifdef HAVE_TLS
+ CFG_TLS_CACERT|ARG_BINARY|ARG_MAGIC, &config_tls_option,
+#else
+ ARG_IGNORED, NULL,
+#endif
+ "( OLcfgGlAt:97 NAME 'olcTLSCACertificate' "
+ "DESC 'X.509 certificate, must use ;binary' "
+ "SYNTAX 1.3.6.1.4.1.1466.115.121.1.8 SINGLE-VALUE )", NULL, NULL },
{ "TLSCACertificateFile", NULL, 2, 2, 0,
#ifdef HAVE_TLS
CFG_TLS_CA_FILE|ARG_STRING|ARG_MAGIC, &config_tls_option,
#endif
"( OLcfgGlAt:69 NAME 'olcTLSCACertificatePath' "
"SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
+ { "TLSCertificate", NULL, 2, 2, 0,
+#ifdef HAVE_TLS
+ CFG_TLS_CERT|ARG_BINARY|ARG_MAGIC, &config_tls_option,
+#else
+ ARG_IGNORED, NULL,
+#endif
+ "( OLcfgGlAt:98 NAME 'olcTLSCertificate' "
+ "DESC 'X.509 certificate, must use ;binary' "
+ "SYNTAX 1.3.6.1.4.1.1466.115.121.1.8 SINGLE-VALUE )", NULL, NULL },
{ "TLSCertificateFile", NULL, 2, 2, 0,
#ifdef HAVE_TLS
CFG_TLS_CERT_FILE|ARG_STRING|ARG_MAGIC, &config_tls_option,
#endif
"( OLcfgGlAt:70 NAME 'olcTLSCertificateFile' "
"SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
+ { "TLSCertificateKey", NULL, 2, 2, 0,
+#ifdef HAVE_TLS
+ CFG_TLS_KEY|ARG_BINARY|ARG_MAGIC, &config_tls_option,
+#else
+ ARG_IGNORED, NULL,
+#endif
+ "( OLcfgGlAt:99 NAME 'olcTLSCertificateKey' "
+ "DESC 'X.509 privateKey, must use ;binary' "
+ "SYNTAX 1.3.6.1.4.1.4203.666.2.13 SINGLE-VALUE )", NULL, NULL },
{ "TLSCertificateKeyFile", NULL, 2, 2, 0,
#ifdef HAVE_TLS
CFG_TLS_CERT_KEY|ARG_STRING|ARG_MAGIC, &config_tls_option,
"olcTimeLimit $ olcTLSCACertificateFile $ "
"olcTLSCACertificatePath $ olcTLSCertificateFile $ "
"olcTLSCertificateKeyFile $ olcTLSCipherSuite $ olcTLSCRLCheck $ "
+ "olcTLSCACertificate $ olcTLSCertificate $ olcTLSCertificateKey $ "
"olcTLSRandFile $ olcTLSVerifyClient $ olcTLSDHParamFile $ olcTLSECName $ "
"olcTLSCRLFile $ olcTLSProtocolMin $ olcToolThreads $ olcWriteTimeout $ "
"olcObjectIdentifier $ olcAttributeTypes $ olcObjectClasses $ "
static int
config_tls_option(ConfigArgs *c) {
- int flag;
+ int flag, rc;
+ int berval = 0;
LDAP *ld = slap_tls_ld;
switch(c->type) {
case CFG_TLS_RAND: flag = LDAP_OPT_X_TLS_RANDOM_FILE; ld = NULL; break;
#ifdef HAVE_GNUTLS
case CFG_TLS_CRL_FILE: flag = LDAP_OPT_X_TLS_CRLFILE; break;
#endif
+ case CFG_TLS_CACERT: flag = LDAP_OPT_X_TLS_CACERT; berval = 1; break;
+ case CFG_TLS_CERT: flag = LDAP_OPT_X_TLS_CERT; berval = 1; break;
+ case CFG_TLS_KEY: flag = LDAP_OPT_X_TLS_KEY; berval = 1; break;
default: Debug(LDAP_DEBUG_ANY, "%s: "
"unknown tls_option <0x%x>\n",
c->log, c->type, 0);
return 1;
}
if (c->op == SLAP_CONFIG_EMIT) {
- return ldap_pvt_tls_get_option( ld, flag, &c->value_string );
+ return ldap_pvt_tls_get_option( ld, flag, berval ? (void *)&c->value_bv : (void *)&c->value_string );
} else if ( c->op == LDAP_MOD_DELETE ) {
c->cleanup = config_tls_cleanup;
return ldap_pvt_tls_set_option( ld, flag, NULL );
}
- ch_free(c->value_string);
+ if ( !berval ) ch_free(c->value_string);
c->cleanup = config_tls_cleanup;
- return(ldap_pvt_tls_set_option(ld, flag, c->argv[1]));
+ rc = ldap_pvt_tls_set_option(ld, flag, berval ? (void *)&c->value_bv : (void *)c->argv[1]);
+ if ( berval ) ch_free(c->value_bv.bv_val);
+ return rc;
}
/* FIXME: this ought to be provided by libldap */
ConfigArgs *ca )
{
int i, j;
+ if (ad->ad_flags & SLAP_DESC_BINARY)
+ ad = ad->ad_type->sat_ad;
for (j=0; j<nocs; j++) {
for (i=0; colst[j]->co_table[i].name; i++)
build_new_dn( &e->e_nname, &parent->ce_entry->e_nname, nnewrdn, NULL );
/* Replace attr */
- rc = ldap_bv2rdn( &e->e_name, &rDN, &text, LDAP_DN_FORMAT_LDAP );
+ rc = ldap_bv2rdn( &e->e_name, &rDN, (char **)&text, LDAP_DN_FORMAT_LDAP );
if ( rc ) {
return rc;
}
config_back_add( Operation *op, SlapReply *rs )
{
CfBackInfo *cfb;
- int renumber;
+ int renumber, dopause = 1;
ConfigArgs ca;
if ( !access_allowed( op, op->ora_e, slap_schema.si_ad_entry,
rs->sr_err = SLAPD_ABANDON;
goto out;
}
- ldap_pvt_thread_pool_pause( &connection_pool );
+ if ( ldap_pvt_thread_pool_pause( &connection_pool ) < 0 )
+ dopause = 0;
/* Strategy:
* 1) check for existence of entry
}
out2:;
- ldap_pvt_thread_pool_resume( &connection_pool );
+ if ( dopause )
+ ldap_pvt_thread_pool_resume( &connection_pool );
out:;
{ int repl = op->o_dont_replicate;
rs->sr_err = SLAPD_ABANDON;
goto out;
}
- ldap_pvt_thread_pool_pause( &connection_pool );
+ if ( ldap_pvt_thread_pool_pause( &connection_pool ) < 0 )
+ do_pause = 0;
}
/* Strategy:
CfBackInfo *cfb;
CfEntryInfo *ce, *last;
struct berval rdn;
- int ixold, ixnew;
+ int ixold, ixnew, dopause = 1;
cfb = (CfBackInfo *)op->o_bd->be_private;
rs->sr_err = SLAPD_ABANDON;
goto out;
}
- ldap_pvt_thread_pool_pause( &connection_pool );
+ if ( ldap_pvt_thread_pool_pause( &connection_pool ) < 0 )
+ dopause = 0;
if ( ce->ce_type == Cft_Schema ) {
req_modrdn_s modr = op->oq_modrdn;
op->oq_modrdn = modr;
}
- ldap_pvt_thread_pool_resume( &connection_pool );
+ if ( dopause )
+ ldap_pvt_thread_pool_resume( &connection_pool );
out:
send_ldap_result( op, rs );
return rs->sr_err;
#ifdef SLAP_CONFIG_DELETE
CfBackInfo *cfb;
CfEntryInfo *ce, *last, *ce2;
+ int dopause = 1;
cfb = (CfBackInfo *)op->o_bd->be_private;
char *iptr;
int count, ixold;
- ldap_pvt_thread_pool_pause( &connection_pool );
+ if ( ldap_pvt_thread_pool_pause( &connection_pool ) < 0 )
+ dopause = 0;
if ( ce->ce_type == Cft_Overlay ){
overlay_remove( ce->ce_be, (slap_overinst *)ce->ce_bi, op );
if ( !oc_at ) {
rs->sr_err = LDAP_OTHER;
rs->sr_text = "objectclass not found";
- ldap_pvt_thread_pool_resume( &connection_pool );
+ if ( dopause ) ldap_pvt_thread_pool_resume( &connection_pool );
goto out;
}
for ( i=0; !BER_BVISNULL(&oc_at->a_nvals[i]); i++ ) {
/* FIXME: We should return a helpful error message
* here */
}
- ldap_pvt_thread_pool_resume( &connection_pool );
+ if ( dopause ) ldap_pvt_thread_pool_resume( &connection_pool );
goto out;
}
break;
if ( ce->ce_be == frontendDB || ce->ce_be == op->o_bd ){
rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
rs->sr_text = "Cannot delete config or frontend database";
- ldap_pvt_thread_pool_resume( &connection_pool );
+ if ( dopause ) ldap_pvt_thread_pool_resume( &connection_pool );
goto out;
}
if ( ce->ce_be->bd_info->bi_db_close ) {
ce->ce_entry->e_private=NULL;
entry_free(ce->ce_entry);
ch_free(ce);
- ldap_pvt_thread_pool_resume( &connection_pool );
+ if ( dopause ) ldap_pvt_thread_pool_resume( &connection_pool );
} else {
rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
}
attr_merge_normalize_one(e, slap_schema.si_ad_objectClass,
extra->co_name, NULL );
- rc = ldap_bv2rdn( rdn, &rDN, &text, LDAP_DN_FORMAT_LDAP );
+ rc = ldap_bv2rdn( rdn, &rDN, (char **)&text, LDAP_DN_FORMAT_LDAP );
if ( rc ) {
goto fail;
}
projects / openldap / blobdiff