X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=servers%2Fslapd%2Fback-ldap%2Fconfig.c;h=16e1cd0a5c3674f57cedfba9ed86ac6d2db742f9;hb=00dae75f7b48b6bab23503d211deb7650aba8c1b;hp=fc0102b1a924fee34094765d65edd35259df362a;hpb=1b9c9577c2122e2dec95a6724d22c39e8b8b7a7d;p=openldap diff --git a/servers/slapd/back-ldap/config.c b/servers/slapd/back-ldap/config.c index fc0102b1a9..16e1cd0a5c 100644 --- a/servers/slapd/back-ldap/config.c +++ b/servers/slapd/back-ldap/config.c @@ -362,6 +362,9 @@ ldap_back_cf_gen( ConfigArgs *c ) char *ptr; if ( li->idassert_authmethod != LDAP_AUTH_NONE ) { + ber_len_t len = bv.bv_len + + STRLENOF( "flags=override,non-prescriptive" ); + switch ( li->idassert_mode ) { case LDAP_BACK_IDASSERT_OTHERID: case LDAP_BACK_IDASSERT_OTHERDN: @@ -405,26 +408,34 @@ ldap_back_cf_gen( ConfigArgs *c ) (void)lutil_strcopy( ptr, "authz=native" ); } - if ( li->idassert_flags & LDAP_BACK_AUTH_OVERRIDE ) { - ber_len_t len = bv.bv_len + STRLENOF( "flags=override" ); + /* flags */ + if ( !BER_BVISEMPTY( &bv ) ) { + len += STRLENOF( " " ); + } - if ( !BER_BVISEMPTY( &bv ) ) { - len += STRLENOF( " " ); - } + bv.bv_val = ch_realloc( bv.bv_val, len + 1 ); - bv.bv_val = ch_realloc( bv.bv_val, len + 1 ); + ptr = &bv.bv_val[ bv.bv_len ]; - ptr = bv.bv_val + bv.bv_len; + if ( !BER_BVISEMPTY( &bv ) ) { + ptr = lutil_strcopy( ptr, " " ); + } - if ( !BER_BVISEMPTY( &bv ) ) { - ptr = lutil_strcopy( ptr, " " ); - } + ptr = lutil_strcopy( ptr, "flags=" ); - (void)lutil_strcopy( ptr, "flags=override" ); + if ( li->idassert_flags & LDAP_BACK_AUTH_PRESCRIPTIVE ) { + ptr = lutil_strcopy( ptr, "prescriptive" ); + } else { + ptr = lutil_strcopy( ptr, "non-prescriptive" ); } - } + if ( li->idassert_flags & LDAP_BACK_AUTH_OVERRIDE ) { + ptr = lutil_strcopy( ptr, ",override" ); + } + bv.bv_len = ( ptr - bv.bv_val ); + /* end-of-flags */ + } bindconf_unparse( &li->idassert_sb, &bc ); @@ -529,6 +540,7 @@ ldap_back_cf_gen( ConfigArgs *c ) /* NOTE: don't worry about locking: if we got here, * other threads are suspended. */ avl_free( li->conntree, ldap_back_conn_free ); + li->conntree = NULL; break; @@ -823,6 +835,12 @@ ldap_back_cf_gen( ConfigArgs *c ) if ( strcasecmp( c->argv[ i ], "override" ) == 0 ) { li->idassert_flags |= LDAP_BACK_AUTH_OVERRIDE; + } else if ( strcasecmp( c->argv[ i ], "prescriptive" ) == 0 ) { + li->idassert_flags |= LDAP_BACK_AUTH_PRESCRIPTIVE; + + } else if ( strcasecmp( c->argv[ i ], "non-prescriptive" ) == 0 ) { + li->idassert_flags &= ( ~LDAP_BACK_AUTH_PRESCRIPTIVE ); + } else { Debug( LDAP_DEBUG_ANY, "%s: line %d: unknown flag #%d " @@ -950,6 +968,12 @@ ldap_back_cf_gen( ConfigArgs *c ) if ( strcasecmp( flags[ j ], "override" ) == 0 ) { li->idassert_flags |= LDAP_BACK_AUTH_OVERRIDE; + } else if ( strcasecmp( flags[ j ], "prescriptive" ) == 0 ) { + li->idassert_flags |= LDAP_BACK_AUTH_PRESCRIPTIVE; + + } else if ( strcasecmp( flags[ j ], "non-prescriptive" ) == 0 ) { + li->idassert_flags &= ( ~LDAP_BACK_AUTH_PRESCRIPTIVE ); + } else { fprintf( stderr, "%s: %d: " "\"idassert-bind \": " @@ -1572,6 +1596,11 @@ retry: if (rs->sr_err != LDAP_SUCCESS) { rs->sr_err = slap_map_api2result( rs ); } + + if ( lc != NULL ) { + ldap_back_release_conn( &op2, rs, lc ); + } + } else { /* else just do the same as before */ bv = (struct berval *) ch_malloc( sizeof(struct berval) );