#include "slapi/slapi.h"
#endif
#include "lutil.h"
+#include "lutil_ldap.h"
#include "config.h"
#ifdef HAVE_TLS
snprintf( c->msg, sizeof( c->msg ), "<%s> extra cruft after <%s>",
c->argv[0], Conf->what );
-#ifdef LDAP_DEVEL
ignored = "";
-#endif /* LDAP_DEVEL */
Debug(LDAP_DEBUG_CONFIG, "%s: %s%s.\n",
c->log, c->msg, ignored );
-#ifdef LDAP_DEVEL
return(ARG_BAD_CONF);
-#endif /* LDAP_DEVEL */
}
if((arg_syn & ARG_DB) && !c->be) {
snprintf( c->msg, sizeof( c->msg ), "<%s> only allowed within database declaration",
return(0);
}
if(arg_type & ARG_OFFSET) {
- if (c->be)
+ if (c->be && (!overlay_is_over(c->be) ||
+ ((slap_overinfo *)c->be->bd_info)->oi_orig == c->bi))
ptr = c->be->be_private;
else if (c->bi)
ptr = c->bi->bi_private;
if ( rc ) return rc;
} else {
if ( cf->arg_type & ARG_OFFSET ) {
- if ( c->be )
+ if (c->be && (!overlay_is_over(c->be) ||
+ ((slap_overinfo *)c->be->bd_info)->oi_orig == c->bi))
ptr = c->be->be_private;
else if ( c->bi )
ptr = c->bi->bi_private;
return 1;
}
break;
+ default:
+ bv.bv_val = NULL;
+ break;
}
if (bv.bv_val == c->log && bv.bv_len >= sizeof( c->log ) ) {
return 1;
}
- if (( cf->arg_type & ARGS_TYPES ) == ARG_STRING )
+ if (( cf->arg_type & ARGS_TYPES ) == ARG_STRING ) {
ber_bvarray_add(&c->rvalue_vals, &bv);
- else
+ } else if ( !BER_BVISNULL( &bv ) ) {
value_add_one(&c->rvalue_vals, &bv);
+ }
+ /* else: maybe c->rvalue_vals already set? */
}
return rc;
}
fprintf( stderr, "init_config_attrs: AttributeType \"%s\": %s\n",
ct[i].attribute, err );
return code;
+ } else {
+#ifndef LDAP_DEVEL
+ ct[i].ad->ad_type->sat_flags |= SLAP_AT_HIDE;
+#endif
}
}
return code;
}
ocs[i].co_oc = oc_find(oc->oc_names[0]);
- if ( code )
+ if ( code ) {
ldap_objectclass_free(oc);
- else
+ } else {
ldap_memfree(oc);
+#ifndef LDAP_DEVEL
+ ocs[i].co_oc->soc_flags |= SLAP_OC_HIDE;
+#endif
+ }
}
return 0;
}
/* restrictops, allows, disallows, requires, loglevel */
int
-verb_to_mask(const char *word, slap_verbmasks *v) {
+bverb_to_mask(struct berval *bword, slap_verbmasks *v) {
int i;
for(i = 0; !BER_BVISNULL(&v[i].word); i++) {
- if(!strcasecmp(word, v[i].word.bv_val)) break;
+ if(!ber_bvstrcasecmp(bword, &v[i].word)) break;
}
return(i);
}
+int
+verb_to_mask(const char *word, slap_verbmasks *v) {
+ struct berval bword;
+ ber_str2bv( word, 0, 0, &bword );
+ return bverb_to_mask( &bword, v );
+}
+
int
verbs_to_mask(int argc, char *argv[], slap_verbmasks *v, slap_mask_t *m) {
int i, j;
int
slap_cf_aux_table_unparse( void *src, struct berval *bv, slap_cf_aux_table *tab0 )
{
- char buf[BUFSIZ], *ptr;
+ char buf[AC_LINE_MAX], *ptr;
slap_cf_aux_table *tab;
struct berval tmp;
BER_BVZERO( &bc->sb_authzId );
}
#ifdef HAVE_TLS
+#if 0
if ( bc->sb_tls_ctx ) {
SSL_CTX_free( bc->sb_tls_ctx );
bc->sb_tls_ctx = NULL;
}
+#endif
if ( bc->sb_tls_cert ) {
ch_free( bc->sb_tls_cert );
bc->sb_tls_cert = NULL;
}
#endif
+/*
+ * connect to a client using the bindconf data
+ * note: should move "version" into bindconf...
+ */
+int
+slap_client_connect( LDAP **ldp, slap_bindconf *sb, int version )
+{
+ LDAP *ld = NULL;
+ int rc;
+
+ /* Init connection to master */
+ rc = ldap_initialize( &ld, sb->sb_uri.bv_val );
+ if ( rc != LDAP_SUCCESS ) {
+ Debug( LDAP_DEBUG_ANY,
+ "slap_client_connect: "
+ "ldap_initialize(%s) failed (%d)\n",
+ sb->sb_uri.bv_val, rc, 0 );
+ return rc;
+ }
+
+ if ( version != 0 ) {
+ ldap_set_option( ld, LDAP_OPT_PROTOCOL_VERSION,
+ (const void *)&version );
+ }
+
+#ifdef HAVE_TLS
+ if ( sb->sb_tls_do_init ) {
+ rc = bindconf_tls_set( sb, ld );
+
+ } else if ( sb->sb_tls_ctx ) {
+ rc = ldap_set_option( ld, LDAP_OPT_X_TLS_CTX,
+ sb->sb_tls_ctx );
+ }
+
+ if ( rc ) {
+ Debug( LDAP_DEBUG_ANY,
+ "slap_client_connect: "
+ "URI=%s TLS context initialization failed (%d)\n",
+ sb->sb_uri.bv_val, rc, 0 );
+ return rc;
+ }
+#endif
+
+ /* Bind */
+ if ( sb->sb_tls ) {
+ rc = ldap_start_tls_s( ld, NULL, NULL );
+ if ( rc != LDAP_SUCCESS ) {
+ Debug( LDAP_DEBUG_ANY,
+ "slap_client_connect: URI=%s "
+ "%s, ldap_start_tls failed (%d)\n",
+ sb->sb_uri.bv_val,
+ sb->sb_tls == SB_TLS_CRITICAL ?
+ "Error" : "Warning",
+ rc );
+ if ( sb->sb_tls == SB_TLS_CRITICAL ) {
+ goto done;
+ }
+ }
+ }
+
+ if ( sb->sb_method == LDAP_AUTH_SASL ) {
+#ifdef HAVE_CYRUS_SASL
+ void *defaults;
+
+ if ( sb->sb_secprops != NULL ) {
+ rc = ldap_set_option( ld,
+ LDAP_OPT_X_SASL_SECPROPS, sb->sb_secprops);
+
+ if( rc != LDAP_OPT_SUCCESS ) {
+ Debug( LDAP_DEBUG_ANY,
+ "slap_client_connect: "
+ "error, ldap_set_option "
+ "(%s,SECPROPS,\"%s\") failed!\n",
+ sb->sb_uri.bv_val, sb->sb_secprops, 0 );
+ goto done;
+ }
+ }
+
+ defaults = lutil_sasl_defaults( ld,
+ sb->sb_saslmech.bv_val,
+ sb->sb_realm.bv_val,
+ sb->sb_authcId.bv_val,
+ sb->sb_cred.bv_val,
+ sb->sb_authzId.bv_val );
+
+ rc = ldap_sasl_interactive_bind_s( ld,
+ sb->sb_binddn.bv_val,
+ sb->sb_saslmech.bv_val,
+ NULL, NULL,
+ LDAP_SASL_QUIET,
+ lutil_sasl_interact,
+ defaults );
+
+ lutil_sasl_freedefs( defaults );
+
+ /* FIXME: different error behaviors according to
+ * 1) return code
+ * 2) on err policy : exit, retry, backoff ...
+ */
+ if ( rc != LDAP_SUCCESS ) {
+ static struct berval bv_GSSAPI = BER_BVC( "GSSAPI" );
+
+ Debug( LDAP_DEBUG_ANY, "slap_client_connect: URI=%s "
+ "ldap_sasl_interactive_bind_s failed (%d)\n",
+ sb->sb_uri.bv_val, rc, 0 );
+
+ /* FIXME (see above comment) */
+ /* if Kerberos credentials cache is not active, retry */
+ if ( ber_bvcmp( &sb->sb_saslmech, &bv_GSSAPI ) == 0 &&
+ rc == LDAP_LOCAL_ERROR )
+ {
+ rc = LDAP_SERVER_DOWN;
+ }
+
+ goto done;
+ }
+#else /* HAVE_CYRUS_SASL */
+ /* Should never get here, we trapped this at config time */
+ assert(0);
+ Debug( LDAP_DEBUG_SYNC, "not compiled with SASL support\n", 0, 0, 0 );
+ rc = LDAP_OTHER;
+ goto done;
+#endif
+
+ } else if ( sb->sb_method == LDAP_AUTH_SIMPLE ) {
+ rc = ldap_sasl_bind_s( ld,
+ sb->sb_binddn.bv_val, LDAP_SASL_SIMPLE,
+ &sb->sb_cred, NULL, NULL, NULL );
+ if ( rc != LDAP_SUCCESS ) {
+ Debug( LDAP_DEBUG_ANY, "slap_client_connect: "
+ "URI=%s DN=\"%s\" "
+ "ldap_sasl_bind_s failed (%d)\n",
+ sb->sb_uri.bv_val, sb->sb_binddn.bv_val, rc );
+ goto done;
+ }
+ }
+
+done:;
+ if ( rc ) {
+ if ( ld ) {
+ ldap_unbind_ext( ld, NULL, NULL );
+ *ldp = NULL;
+ }
+
+ } else {
+ *ldp = ld;
+ }
+
+ return rc;
+}
+
/* -------------------------------------- */
return( tmp );
}
-static char buf[BUFSIZ];
+static char buf[AC_LINE_MAX];
static char *line;
static size_t lmax, lcur;
do { \
size_t len = strlen( buf ); \
while ( lcur + len + 1 > lmax ) { \
- lmax += BUFSIZ; \
+ lmax += AC_LINE_MAX; \
line = (char *) ch_realloc( line, lmax ); \
} \
strcpy( line + lcur, buf ); \