}
int config_check_vals(ConfigTable *Conf, ConfigArgs *c, int check_only ) {
- int rc, arg_user, arg_type, iarg;
+ int rc, arg_user, arg_type, arg_syn, iarg;
long larg;
ber_len_t barg;
- arg_type = Conf->arg_type;
- if(arg_type == ARG_IGNORED) {
+ if(Conf->arg_type == ARG_IGNORED) {
Debug(LDAP_DEBUG_CONFIG, "%s: keyword <%s> ignored\n",
c->log, Conf->name, 0);
return(0);
}
- if((arg_type & ARG_DN) && c->argc == 1) {
+ arg_type = Conf->arg_type & ARGS_TYPES;
+ arg_user = Conf->arg_type & ARGS_USERLAND;
+ arg_syn = Conf->arg_type & ARGS_SYNTAX;
+
+ if((arg_type == ARG_DN) && c->argc == 1) {
c->argc = 2;
c->argv[1] = "";
}
return(ARG_BAD_CONF);
#endif /* LDAP_DEVEL */
}
- if((arg_type & ARG_DB) && !c->be) {
+ if((arg_syn & ARG_DB) && !c->be) {
snprintf( c->msg, sizeof( c->msg ), "<%s> only allowed within database declaration",
c->argv[0] );
Debug(LDAP_DEBUG_CONFIG, "%s: keyword %s\n",
c->log, c->msg, 0);
return(ARG_BAD_CONF);
}
- if((arg_type & ARG_PRE_BI) && c->bi) {
+ if((arg_syn & ARG_PRE_BI) && c->bi) {
snprintf( c->msg, sizeof( c->msg ), "<%s> must occur before any backend %sdeclaration",
- c->argv[0], (arg_type & ARG_PRE_DB) ? "or database " : "" );
+ c->argv[0], (arg_syn & ARG_PRE_DB) ? "or database " : "" );
Debug(LDAP_DEBUG_CONFIG, "%s: keyword %s\n",
c->log, c->msg, 0 );
return(ARG_BAD_CONF);
}
- if((arg_type & ARG_PRE_DB) && c->be && c->be != frontendDB) {
+ if((arg_syn & ARG_PRE_DB) && c->be && c->be != frontendDB) {
snprintf( c->msg, sizeof( c->msg ), "<%s> must occur before any database declaration",
c->argv[0] );
Debug(LDAP_DEBUG_CONFIG, "%s: keyword %s\n",
c->log, c->msg, 0);
return(ARG_BAD_CONF);
}
- if((arg_type & ARG_PAREN) && *c->argv[1] != '(' /*')'*/) {
+ if((arg_syn & ARG_PAREN) && *c->argv[1] != '(' /*')'*/) {
snprintf( c->msg, sizeof( c->msg ), "<%s> old format not supported", c->argv[0] );
Debug(LDAP_DEBUG_CONFIG, "%s: %s\n",
c->log, c->msg, 0);
return(ARG_BAD_CONF);
}
- if((arg_type & ARGS_POINTER) && !Conf->arg_item && !(arg_type & ARG_OFFSET)) {
+ if(arg_type && !Conf->arg_item && !(arg_syn & ARG_OFFSET)) {
snprintf( c->msg, sizeof( c->msg ), "<%s> invalid config_table, arg_item is NULL",
c->argv[0] );
Debug(LDAP_DEBUG_CONFIG, "%s: %s\n",
c->log, c->msg, 0);
return(ARG_BAD_CONF);
}
- c->type = arg_user = (arg_type & ARGS_USERLAND);
+ c->type = arg_user;
memset(&c->values, 0, sizeof(c->values));
- if(arg_type & ARGS_NUMERIC) {
+ if(arg_type == ARG_STRING) {
+ if ( !check_only )
+ c->value_string = ch_strdup(c->argv[1]);
+ } else if(arg_type == ARG_BERVAL) {
+ if ( !check_only )
+ ber_str2bv( c->argv[1], 0, 1, &c->value_bv );
+ } else if(arg_type == ARG_DN) {
+ struct berval bv;
+ ber_str2bv( c->argv[1], 0, 0, &bv );
+ rc = dnPrettyNormal( NULL, &bv, &c->value_dn, &c->value_ndn, NULL );
+ if ( rc != LDAP_SUCCESS ) {
+ snprintf( c->msg, sizeof( c->msg ), "<%s> invalid DN %d (%s)",
+ c->argv[0], rc, ldap_err2string( rc ));
+ Debug(LDAP_DEBUG_CONFIG, "%s: %s\n" , c->log, c->msg, 0);
+ return(ARG_BAD_CONF);
+ }
+ if ( check_only ) {
+ ch_free( c->value_ndn.bv_val );
+ ch_free( c->value_dn.bv_val );
+ }
+ } else { /* all numeric */
int j;
iarg = 0; larg = 0; barg = 0;
- switch(arg_type & ARGS_NUMERIC) {
+ switch(arg_type) {
case ARG_INT:
if ( lutil_atoix( &iarg, c->argv[1], 0 ) != 0 ) {
snprintf( c->msg, sizeof( c->msg ),
c->log, c->msg, 0 );
return(ARG_BAD_CONF);
}
- switch(arg_type & ARGS_NUMERIC) {
+ switch(arg_type) {
case ARG_ON_OFF:
case ARG_INT: c->value_int = iarg; break;
case ARG_LONG: c->value_long = larg; break;
case ARG_BER_LEN_T: c->value_ber_t = barg; break;
}
- } else if(arg_type & ARG_STRING) {
- if ( !check_only )
- c->value_string = ch_strdup(c->argv[1]);
- } else if(arg_type & ARG_BERVAL) {
- if ( !check_only )
- ber_str2bv( c->argv[1], 0, 1, &c->value_bv );
- } else if(arg_type & ARG_DN) {
- struct berval bv;
- ber_str2bv( c->argv[1], 0, 0, &bv );
- rc = dnPrettyNormal( NULL, &bv, &c->value_dn, &c->value_ndn, NULL );
- if ( rc != LDAP_SUCCESS ) {
- snprintf( c->msg, sizeof( c->msg ), "<%s> invalid DN %d (%s)",
- c->argv[0], rc, ldap_err2string( rc ));
- Debug(LDAP_DEBUG_CONFIG, "%s: %s\n" , c->log, c->msg, 0);
- return(ARG_BAD_CONF);
- }
- if ( check_only ) {
- ch_free( c->value_ndn.bv_val );
- ch_free( c->value_dn.bv_val );
- }
}
return 0;
}
return(ARG_BAD_CONF);
}
ptr = (void *)((char *)ptr + (long)Conf->arg_item);
- } else if (arg_type & ARGS_POINTER) {
+ } else if (arg_type & ARGS_TYPES) {
ptr = Conf->arg_item;
}
- if(arg_type & ARGS_POINTER)
- switch(arg_type & ARGS_POINTER) {
+ if(arg_type & ARGS_TYPES)
+ switch(arg_type & ARGS_TYPES) {
case ARG_ON_OFF:
case ARG_INT: *(int*)ptr = c->value_int; break;
case ARG_LONG: *(long*)ptr = c->value_long; break;
ptr = cf->arg_item;
}
- switch(cf->arg_type & ARGS_POINTER) {
+ switch(cf->arg_type & ARGS_TYPES) {
case ARG_ON_OFF:
case ARG_INT: c->value_int = *(int *)ptr; break;
case ARG_LONG: c->value_long = *(long *)ptr; break;
ber_dupbv( &c->value_bv, (struct berval *)ptr ); break;
}
}
- if ( cf->arg_type & ARGS_POINTER) {
+ if ( cf->arg_type & ARGS_TYPES) {
bv.bv_val = c->log;
- switch(cf->arg_type & ARGS_POINTER) {
+ switch(cf->arg_type & ARGS_TYPES) {
case ARG_INT: bv.bv_len = snprintf(bv.bv_val, sizeof( c->log ), "%d", c->value_int); break;
case ARG_LONG: bv.bv_len = snprintf(bv.bv_val, sizeof( c->log ), "%ld", c->value_long); break;
case ARG_BER_LEN_T: bv.bv_len = snprintf(bv.bv_val, sizeof( c->log ), "%ld", c->value_ber_t); break;
if (bv.bv_val == c->log && bv.bv_len >= sizeof( c->log ) ) {
return 1;
}
- if (( cf->arg_type & ARGS_POINTER ) == ARG_STRING )
+ if (( cf->arg_type & ARGS_TYPES ) == ARG_STRING )
ber_bvarray_add(&c->rvalue_vals, &bv);
else
value_add_one(&c->rvalue_vals, &bv);
return -1;
}
+#ifdef HAVE_TLS
static slap_verbmasks tlskey[] = {
{ BER_BVC("no"), SB_TLS_OFF },
{ BER_BVC("yes"), SB_TLS_ON },
{ BER_BVC("critical"), SB_TLS_CRITICAL },
{ BER_BVNULL, 0 }
};
+#endif
static slap_verbmasks methkey[] = {
{ BER_BVC("none"), LDAP_AUTH_NONE },
static slap_cf_aux_table bindkey[] = {
{ BER_BVC("uri="), offsetof(slap_bindconf, sb_uri), 'b', 1, NULL },
- { BER_BVC("starttls="), offsetof(slap_bindconf, sb_tls), 'd', 0, tlskey },
{ BER_BVC("bindmethod="), offsetof(slap_bindconf, sb_method), 'd', 0, methkey },
{ BER_BVC("binddn="), offsetof(slap_bindconf, sb_binddn), 'b', 1, NULL },
{ BER_BVC("credentials="), offsetof(slap_bindconf, sb_cred), 'b', 1, NULL },
{ BER_BVC("authcID="), offsetof(slap_bindconf, sb_authcId), 'b', 0, NULL },
{ BER_BVC("authzID="), offsetof(slap_bindconf, sb_authzId), 'b', 1, NULL },
#ifdef HAVE_TLS
+ { BER_BVC("starttls="), offsetof(slap_bindconf, sb_tls), 'd', 0, tlskey },
+
+#define aux_TLS (bindkey+10) /* beginning of TLS keywords */
+
{ BER_BVC("tls_cert="), offsetof(slap_bindconf, sb_tls_cert), 's', 1, NULL },
{ BER_BVC("tls_key="), offsetof(slap_bindconf, sb_tls_key), 's', 1, NULL },
{ BER_BVC("tls_cacert="), offsetof(slap_bindconf, sb_tls_cacert), 's', 1, NULL },
int
slap_cf_aux_table_parse( const char *word, void *dst, slap_cf_aux_table *tab0, LDAP_CONST char *tabmsg )
{
- int rc = 0;
+ int rc = SLAP_CONF_UNKNOWN;
slap_cf_aux_table *tab;
for (tab = tab0; !BER_BVISNULL(&tab->key); tab++ ) {
case 's':
cptr = (char **)((char *)dst + tab->off);
*cptr = ch_strdup( val );
+ rc = 0;
break;
case 'b':
bptr = (struct berval *)((char *)dst + tab->off);
ber_str2bv( val, 0, 1, bptr );
+ rc = 0;
break;
case 'd':
int
bindconf_parse( const char *word, slap_bindconf *bc )
{
+#ifdef HAVE_TLS
+ /* Detect TLS config changes explicitly */
+ if ( slap_cf_aux_table_parse( word, bc, aux_TLS, "tls config" ) == 0 ) {
+ bc->sb_tls_do_init = 1;
+ return 0;
+ }
+#endif
return slap_cf_aux_table_parse( word, bc, bindkey, "bind config" );
}
#endif
}
+#ifdef HAVE_TLS
static struct {
const char *key;
size_t offset;
int i, rc, newctx = 0, res = 0;
char *ptr = (char *)bc, **word;
+ bc->sb_tls_do_init = 0;
+
for (i=0; bindtlsopts[i].opt; i++) {
word = (char **)(ptr + bindtlsopts[i].offset);
if ( *word ) {
#endif
if ( newctx ) {
int opt = 0;
+
+ if ( bc->sb_tls_ctx ) {
+ SSL_CTX_free( bc->sb_tls_ctx );
+ bc->sb_tls_ctx = NULL;
+ }
rc = ldap_set_option( ld, LDAP_OPT_X_TLS_NEWCTX, &opt );
if ( rc )
res = rc;
return res;
}
+#endif
/* -------------------------------------- */