/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2005 The OpenLDAP Foundation.
+ * Copyright 1998-2006 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
#include "lutil.h"
#include "config.h"
+#ifdef HAVE_TLS
+#include <openssl/ssl.h>
+#endif
+
#define ARGS_STEP 512
/*
{
iarg = 0;
} else {
- snprintf( c->msg, sizeof( c->msg ), "<%s> invalid value, ignored",
+ snprintf( c->msg, sizeof( c->msg ), "<%s> invalid value",
c->argv[0] );
- Debug(LDAP_DEBUG_CONFIG, "%s: %s\n",
+ Debug(LDAP_DEBUG_ANY, "%s: %s\n",
c->log, c->msg, 0 );
- return(0);
+ return(ARG_BAD_CONF);
}
break;
}
j = (arg_type & ARG_NONZERO) ? 1 : 0;
if(iarg < j && larg < j && barg < j ) {
larg = larg ? larg : (barg ? barg : iarg);
- snprintf( c->msg, sizeof( c->msg ), "<%s> invalid value, ignored",
+ snprintf( c->msg, sizeof( c->msg ), "<%s> invalid value",
c->argv[0] );
- Debug(LDAP_DEBUG_CONFIG, "%s: %s\n",
+ Debug(LDAP_DEBUG_ANY, "%s: %s\n",
c->log, c->msg, 0 );
return(ARG_BAD_CONF);
}
}
}
code = slap_str2ad( at->at_names[0], &ct[i].ad, &err );
- if ( freeit ) {
+ if ( freeit || code ) {
ldap_attributetype_free( at );
} else {
ldap_memfree( at );
if ( code && code != SLAP_SCHERR_CLASS_DUP ) {
fprintf( stderr, "init_config_ocs: objectclass \"%s\": %s, %s\n",
ocs[i].co_def, scherr2str(code), err );
+ ldap_objectclass_free(oc);
return code;
}
ocs[i].co_oc = oc_find(oc->oc_names[0]);
- ldap_memfree(oc);
+ if ( code )
+ ldap_objectclass_free(oc);
+ else
+ ldap_memfree(oc);
}
return 0;
}
if ( !ptr || !*ptr )
return NULL;
- while( isspace( *ptr )) ptr++;
+ while( isspace( (unsigned char) *ptr )) ptr++;
if ( *ptr == '"' ) {
inquote = 1;
for (;*ptr;ptr++) {
if ( *ptr == '"' ) {
- if ( inquote && ( !ptr[1] || isspace(ptr[1]))) {
+ if ( inquote && ( !ptr[1] || isspace((unsigned char) ptr[1]))) {
*ptr++ = '\0';
break;
}
}
if ( inquote )
continue;
- if ( isspace( *ptr )) {
+ if ( isspace( (unsigned char) *ptr )) {
*ptr++ = '\0';
break;
}
if ( !*ptr ) {
*line = NULL;
} else {
- while ( isspace( *ptr )) ptr++;
+ while ( isspace( (unsigned char) *ptr )) ptr++;
*line = ptr;
}
return beg;
Debug(LDAP_DEBUG_ANY,
"could not stat config file \"%s\": %s (%d)\n",
fname, strerror(errno), errno);
+ ch_free( c );
return(1);
}
Debug(LDAP_DEBUG_ANY,
"regular file expected, got \"%s\"\n",
fname, 0, 0 );
+ ch_free( c );
return(1);
}
Debug(LDAP_DEBUG_ANY,
"could not open config file \"%s\": %s (%d)\n",
fname, strerror(errno), errno);
+ ch_free( c );
return(1);
}
}
if ( c->argc < 1 ) {
- Debug( SLAPD_DEBUG_CONFIG_ERROR, "%s: bad config line"
- SLAPD_CONF_UNKNOWN_IGNORED ".\n",
+ Debug( LDAP_DEBUG_ANY, "%s: bad config line.\n",
c->log, 0, 0);
-#ifdef SLAPD_CONF_UNKNOWN_BAILOUT
rc = 1;
goto done;
-#else /* ! SLAPD_CONF_UNKNOWN_BAILOUT */
- continue;
-#endif /* ! SLAPD_CONF_UNKNOWN_BAILOUT */
}
c->op = SLAP_CONFIG_ADD;
if ( rc ) {
switch(rc) {
case SLAP_CONF_UNKNOWN:
- Debug( SLAPD_DEBUG_CONFIG_ERROR, "%s: "
- "unknown directive <%s> inside backend info definition"
- SLAPD_CONF_UNKNOWN_IGNORED ".\n",
+ Debug( LDAP_DEBUG_ANY, "%s: unknown directive "
+ "<%s> inside backend info definition.\n",
c->log, *c->argv, 0);
-#ifndef SLAPD_CONF_UNKNOWN_BAILOUT
- continue;
-#endif /* ! SLAPD_CONF_UNKNOWN_BAILOUT */
default:
rc = 1;
goto done;
rc = (*c->be->be_config)(c->be, c->fname, c->lineno,
c->argc, c->argv);
}
- if ( rc ) {
- switch(rc) {
- case SLAP_CONF_UNKNOWN:
- Debug( SLAPD_DEBUG_CONFIG_ERROR, "%s: "
- "unknown directive <%s> inside backend database "
- "definition" SLAPD_CONF_UNKNOWN_IGNORED ".\n",
- c->log, *c->argv, 0);
-#ifndef SLAPD_CONF_UNKNOWN_BAILOUT
- continue;
-#endif /* ! SLAPD_CONF_UNKNOWN_BAILOUT */
- default:
- rc = 1;
- goto done;
- }
+ if ( rc == SLAP_CONF_UNKNOWN && SLAP_ISGLOBALOVERLAY( frontendDB ) )
+ {
+ /* global overlays may need
+ * definitions inside other databases...
+ */
+ rc = (*frontendDB->be_config)( frontendDB,
+ c->fname, (int)c->lineno, c->argc, c->argv );
+ }
+
+ switch ( rc ) {
+ case 0:
+ break;
+
+ case SLAP_CONF_UNKNOWN:
+ Debug( LDAP_DEBUG_ANY, "%s: unknown directive "
+ "<%s> inside backend database definition.\n",
+ c->log, *c->argv, 0);
+
+ default:
+ rc = 1;
+ goto done;
}
} else if ( frontendDB->be_config ) {
- rc = (*frontendDB->be_config)(frontendDB, c->fname, (int)c->lineno, c->argc, c->argv);
+ rc = (*frontendDB->be_config)( frontendDB,
+ c->fname, (int)c->lineno, c->argc, c->argv);
if ( rc ) {
switch(rc) {
case SLAP_CONF_UNKNOWN:
- Debug( SLAPD_DEBUG_CONFIG_ERROR, "%s: "
- "unknown directive <%s> inside global database definition"
- SLAPD_CONF_UNKNOWN_IGNORED ".\n",
+ Debug( LDAP_DEBUG_ANY, "%s: unknown directive "
+ "<%s> inside global database definition.\n",
c->log, *c->argv, 0);
-#ifndef SLAPD_CONF_UNKNOWN_BAILOUT
- continue;
-#endif /* ! SLAPD_CONF_UNKNOWN_BAILOUT */
+
default:
rc = 1;
goto done;
}
} else {
- Debug( SLAPD_DEBUG_CONFIG_ERROR, "%s: "
- "unknown directive <%s> outside backend info and database definitions"
- SLAPD_CONF_UNKNOWN_IGNORED ".\n",
+ Debug( LDAP_DEBUG_ANY, "%s: unknown directive "
+ "<%s> outside backend info and database definitions.\n",
c->log, *c->argv, 0);
-#ifdef SLAPD_CONF_UNKNOWN_BAILOUT
rc = 1;
goto done;
-#else /* ! SLAPD_CONF_UNKNOWN_BAILOUT */
- continue;
-#endif /* ! SLAPD_CONF_UNKNOWN_BAILOUT */
}
}
int
verb_to_mask(const char *word, slap_verbmasks *v) {
int i;
- for(i = 0; !BER_BVISNULL(&v[i].word); i++)
- if(!strcasecmp(word, v[i].word.bv_val))
- break;
+ for(i = 0; !BER_BVISNULL(&v[i].word); i++) {
+ if(!strcasecmp(word, v[i].word.bv_val)) break;
+ }
return(i);
}
assert( *vp == NULL );
- for ( i = 0; !BER_BVISNULL( &v[ i ].word ); i++ )
- ;
+ for ( i = 0; !BER_BVISNULL( &v[ i ].word ); i++ ) /* EMPTY */;
*vp = ch_calloc( i + 1, sizeof( slap_verbmasks ) );
{ BER_BVC("realm="), offsetof(slap_bindconf, sb_realm), 'b', 0, NULL },
{ BER_BVC("authcID="), offsetof(slap_bindconf, sb_authcId), 'b', 0, NULL },
{ BER_BVC("authzID="), offsetof(slap_bindconf, sb_authzId), 'b', 1, NULL },
+#ifdef HAVE_TLS
+ { BER_BVC("tls_cert="), offsetof(slap_bindconf, sb_tls_cert), 's', 1, NULL },
+ { BER_BVC("tls_key="), offsetof(slap_bindconf, sb_tls_key), 's', 1, NULL },
+ { BER_BVC("tls_cacert="), offsetof(slap_bindconf, sb_tls_cacert), 's', 1, NULL },
+ { BER_BVC("tls_cacertdir="), offsetof(slap_bindconf, sb_tls_cacertdir), 's', 1, NULL },
+ { BER_BVC("tls_reqcert="), offsetof(slap_bindconf, sb_tls_reqcert), 's', 1, NULL },
+ { BER_BVC("tls_cipher_suite="), offsetof(slap_bindconf, sb_tls_cipher_suite), 's', 1, NULL },
+#ifdef HAVE_OPENSSL_CRL
+ { BER_BVC("tls_crlcheck="), offsetof(slap_bindconf, sb_tls_crlcheck), 's', 1, NULL },
+#endif
+#endif
{ BER_BVNULL, 0, 0, 0, NULL }
};
ch_free( bc->sb_authzId.bv_val );
BER_BVZERO( &bc->sb_authzId );
}
+#ifdef HAVE_TLS
+ if ( bc->sb_tls_ctx ) {
+ SSL_CTX_free( bc->sb_tls_ctx );
+ bc->sb_tls_ctx = NULL;
+ }
+ if ( bc->sb_tls_cert ) {
+ ch_free( bc->sb_tls_cert );
+ bc->sb_tls_cert = NULL;
+ }
+ if ( bc->sb_tls_key ) {
+ ch_free( bc->sb_tls_key );
+ bc->sb_tls_key = NULL;
+ }
+ if ( bc->sb_tls_cacert ) {
+ ch_free( bc->sb_tls_cacert );
+ bc->sb_tls_cacert = NULL;
+ }
+ if ( bc->sb_tls_cacertdir ) {
+ ch_free( bc->sb_tls_cacertdir );
+ bc->sb_tls_cacertdir = NULL;
+ }
+ if ( bc->sb_tls_reqcert ) {
+ ch_free( bc->sb_tls_reqcert );
+ bc->sb_tls_reqcert = NULL;
+ }
+ if ( bc->sb_tls_cipher_suite ) {
+ ch_free( bc->sb_tls_cipher_suite );
+ bc->sb_tls_cipher_suite = NULL;
+ }
+#ifdef HAVE_OPENSSL_CRL
+ if ( bc->sb_tls_crlcheck ) {
+ ch_free( bc->sb_tls_crlcheck );
+ bc->sb_tls_crlcheck = NULL;
+ }
+#endif
+#endif
}
+#ifdef HAVE_TLS
+static struct {
+ const char *key;
+ size_t offset;
+ int opt;
+} bindtlsopts[] = {
+ { "tls_cert", offsetof(slap_bindconf, sb_tls_cert), LDAP_OPT_X_TLS_CERTFILE },
+ { "tls_key", offsetof(slap_bindconf, sb_tls_key), LDAP_OPT_X_TLS_KEYFILE },
+ { "tls_cacert", offsetof(slap_bindconf, sb_tls_cacert), LDAP_OPT_X_TLS_CACERTFILE },
+ { "tls_cacertdir", offsetof(slap_bindconf, sb_tls_cacertdir), LDAP_OPT_X_TLS_CACERTDIR },
+ { "tls_cipher_suite", offsetof(slap_bindconf, sb_tls_cipher_suite), LDAP_OPT_X_TLS_CIPHER_SUITE },
+ {0, 0}
+};
+
+int bindconf_tls_set( slap_bindconf *bc, LDAP *ld )
+{
+ int i, rc, newctx = 0, res = 0;
+ char *ptr = (char *)bc, **word;
+
+ for (i=0; bindtlsopts[i].opt; i++) {
+ word = (char **)(ptr + bindtlsopts[i].offset);
+ if ( *word ) {
+ rc = ldap_set_option( ld, bindtlsopts[i].opt, *word );
+ if ( rc ) {
+ Debug( LDAP_DEBUG_ANY,
+ "bindconf_tls_set: failed to set %s to %s\n",
+ bindtlsopts[i].key, *word, 0 );
+ res = -1;
+ } else
+ newctx = 1;
+ }
+ }
+ if ( bc->sb_tls_reqcert ) {
+ rc = ldap_int_tls_config( ld, LDAP_OPT_X_TLS_REQUIRE_CERT,
+ bc->sb_tls_reqcert );
+ if ( rc ) {
+ Debug( LDAP_DEBUG_ANY,
+ "bindconf_tls_set: failed to set tls_reqcert to %s\n",
+ bc->sb_tls_reqcert, 0, 0 );
+ res = -1;
+ } else
+ newctx = 1;
+ }
+#ifdef HAVE_OPENSSL_CRL
+ if ( bc->sb_tls_crlcheck ) {
+ rc = ldap_int_tls_config( ld, LDAP_OPT_X_TLS_CRLCHECK,
+ bc->sb_tls_crlcheck );
+ if ( rc ) {
+ Debug( LDAP_DEBUG_ANY,
+ "bindconf_tls_set: failed to set tls_crlcheck to %s\n",
+ bc->sb_tls_crlcheck, 0, 0 );
+ res = -1;
+ } else
+ newctx = 1;
+ }
+#endif
+ if ( newctx ) {
+ int opt = 0;
+ rc = ldap_set_option( ld, LDAP_OPT_X_TLS_NEWCTX, &opt );
+ if ( rc )
+ res = rc;
+ else
+ ldap_get_option( ld, LDAP_OPT_X_TLS_CTX, &bc->sb_tls_ctx );
+ }
+
+ return res;
+}
+#endif
/* -------------------------------------- */
c.argc = argc;
c.argv = argv;
c.valx = -1;
+ c.line = line;
+ c.op = SLAP_CONFIG_ADD;
snprintf( c.log, sizeof( c.log ), "%s: line %d", fname, lineno );
rc = SLAP_CONF_UNKNOWN;
projects / openldap / blobdiff