+/* $OpenLDAP$ */
/*
* Copyright (c) 1996 Regents of the University of Michigan.
* All rights reserved.
#include <stdio.h>
+#include <ac/stdlib.h>
#include <ac/string.h>
#include <ac/socket.h>
#include <ac/ctype.h>
-#include <lber.h>
#include <ldap.h>
#include "slurp.h"
if ( (fp = fopen( fname, "r" )) == NULL ) {
perror( fname );
- exit( 1 );
+ exit( EXIT_FAILURE );
}
lineno = 0;
"line %d: missing filename in \"replogfile ",
lineno );
fprintf( stderr, "<filename>\" line\n" );
- exit( 1 );
+ exit( EXIT_FAILURE );
} else if ( cargc > 2 && *cargv[2] != '#' ) {
fprintf( stderr,
"line %d: extra cruft at the end of \"replogfile %s\"",
lineno, cargv[1] );
fprintf( stderr, "line (ignored)\n" );
}
- sprintf( sglob->slapd_replogfile, cargv[1] );
+ strcpy( sglob->slapd_replogfile, cargv[1] );
}
} else if ( strcasecmp( cargv[0], "replica" ) == 0 ) {
add_replica( cargv, cargc );
} else {
inquote = 1;
}
- strcpy( next, next + 1 );
+ AC_MEMCPY( next, next + 1, strlen( next + 1 ) + 1 );
break;
case '\\':
- strcpy( next, next + 1 );
+ if ( next[1] )
+ AC_MEMCPY( next, next + 1, strlen( next + 1 ) + 1 );
+ next++; /* dont parse the escaped character */
break;
default:
( nr + 1 ) * sizeof( Re * ));
if ( sglob->replicas == NULL ) {
fprintf( stderr, "out of memory, add_replica\n" );
- exit( 1 );
+ exit( EXIT_FAILURE );
}
sglob->replicas[ nr ] = NULL;
if ( Ri_init( &(sglob->replicas[ nr - 1 ])) < 0 ) {
fprintf( stderr, "out of memory, Ri_init\n" );
- exit( 1 );
+ exit( EXIT_FAILURE );
}
if ( parse_replica_line( cargv, cargc,
sglob->replicas[ nr - 1] ) < 0 ) {
sglob->replicas[ nr - 1 ] );
if ( sglob->replicas[ nr - 1]->ri_stel == NULL ) {
fprintf( stderr, "Failed to add status element structure\n" );
- exit( 1 );
+ exit( EXIT_FAILURE );
}
}
}
* Parse a "replica" line from the config file. replica lines should be
* in the following format:
* replica host=<hostname:portnumber> binddn=<binddn>
- * bindmethod="simple|kerberos" credentials=<creds>
+ * bindmethod="simple" credentials=<creds>
*
* where:
* <hostname:portnumber> describes the host name and port number where the
*
* <binddn> is the DN to bind to the replica slapd as,
*
- * bindmethod is either "simple" or "kerberos", and
+ * bindmethod is "simple", and
*
* <creds> are the credentials (e.g. password) for binddn. <creds> are
- * only used for bindmethod=simple. For bindmethod=kerberos, the
- * credentials= option should be omitted. Credentials for kerberos
- * authentication are in the system srvtab file.
+ * only used for bindmethod=simple.
*
* The "replica" config file line may be split across multiple lines. If
* a line begins with whitespace, it is considered a continuation of the
#define GOT_DN 2
#define GOT_METHOD 4
#define GOT_ALL ( GOT_HOST | GOT_DN | GOT_METHOD )
+#define GOT_MECH 8
+
static int
parse_replica_line(
char **cargv,
ri->ri_port = atoi( hp );
}
if ( ri->ri_port <= 0 ) {
- ri->ri_port = LDAP_PORT;
+ ri->ri_port = 0;
}
ri->ri_hostname = strdup( val );
gots |= GOT_HOST;
strlen( BINDMETHSTR ))) {
val = cargv[ i ] + strlen( BINDMETHSTR ) + 1;
if ( !strcasecmp( val, KERBEROSSTR )) {
-#ifdef HAVE_KERBEROS
- ri->ri_bind_method = AUTH_KERBEROS;
- if ( ri->ri_srvtab == NULL ) {
- ri->ri_srvtab = strdup( sglob->default_srvtab );
- }
- gots |= GOT_METHOD;
-#else /* HAVE_KERBEROS */
fprintf( stderr, "Error: a bind method of \"kerberos\" was\n" );
- fprintf( stderr, "specified in the slapd configuration file,\n" );
- fprintf( stderr, "but slurpd was not built with kerberos.\n" );
- fprintf( stderr, "You must rebuild the LDAP release with\n" );
- fprintf( stderr, "kerberos support if you wish to use\n" );
- fprintf( stderr, "bindmethod=kerberos\n" );
- exit( 1 );
-#endif /* HAVE_KERBEROS */
+ fprintf( stderr, "specified in the slapd configuration file.\n" );
+ fprintf( stderr, "slurpd no longer supports Kerberos.\n" );
+ exit( EXIT_FAILURE );
} else if ( !strcasecmp( val, SIMPLESTR )) {
ri->ri_bind_method = AUTH_SIMPLE;
gots |= GOT_METHOD;
+ } else if ( !strcasecmp( val, SASLSTR )) {
+ ri->ri_bind_method = AUTH_SASL;
+ gots |= GOT_METHOD;
} else {
ri->ri_bind_method = -1;
}
+ } else if ( !strncasecmp( cargv[ i ], SASLMECHSTR, strlen( SASLMECHSTR ))) {
+ val = cargv[ i ] + strlen( SASLMECHSTR ) + 1;
+ gots |= GOT_MECH;
+ ri->ri_saslmech = strdup( val );
} else if ( !strncasecmp( cargv[ i ], CREDSTR, strlen( CREDSTR ))) {
val = cargv[ i ] + strlen( CREDSTR ) + 1;
ri->ri_password = strdup( val );
- } else if ( !strncasecmp( cargv[ i ], BINDPSTR, strlen( BINDPSTR ))) {
- val = cargv[ i ] + strlen( BINDPSTR ) + 1;
- ri->ri_principal = strdup( val );
+ } else if ( !strncasecmp( cargv[ i ], AUTHCSTR, strlen( AUTHCSTR ))) {
+ val = cargv[ i ] + strlen( AUTHCSTR ) + 1;
+ ri->ri_authcId = strdup( val );
+ } else if ( !strncasecmp( cargv[ i ], OLDAUTHCSTR, strlen( OLDAUTHCSTR ))) {
+ /* Old authcID is provided for some backwards compatibility */
+ val = cargv[ i ] + strlen( OLDAUTHCSTR ) + 1;
+ ri->ri_authcId = strdup( val );
} else if ( !strncasecmp( cargv[ i ], SRVTABSTR, strlen( SRVTABSTR ))) {
val = cargv[ i ] + strlen( SRVTABSTR ) + 1;
if ( ri->ri_srvtab != NULL ) {
cargv[ i ] );
}
}
- if ( gots != GOT_ALL ) {
- fprintf( stderr, "Error: Malformed \"replica\" line in slapd " );
- fprintf( stderr, "config file, line %d\n", lineno );
- return -1;
- }
+
+ if ( ri->ri_bind_method == AUTH_SASL) {
+ if ((gots & GOT_MECH) == 0) {
+ fprintf( stderr, "Error: \"replica\" line needs SASLmech flag in " );
+ fprintf( stderr, "slapd config file, line %d\n", lineno );
+ return -1;
+ }
+ }
+ else if ( gots != GOT_ALL ) {
+ fprintf( stderr, "Error: Malformed \"replica\" line in slapd " );
+ fprintf( stderr, "config file, line %d\n", lineno );
+ return -1;
+ }
return 0;
}