X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=servers%2Fslapd%2Fback-ldap%2Fconfig.c;h=21d381c518e884ae89f268d3b0fed6b02c2fb65d;hb=0122f258530b7cdb3f8bd7d88524006348a0c339;hp=9a50b0f29f83f96ce9c13cb0ca48dcd33bc2b69d;hpb=da6d9eb0463255782f3fa70c61fd958d94c048cf;p=openldap

diff --git a/servers/slapd/back-ldap/config.c b/servers/slapd/back-ldap/config.c
index 9a50b0f29f..21d381c518 100644
--- a/servers/slapd/back-ldap/config.c
+++ b/servers/slapd/back-ldap/config.c
@@ -83,7 +83,7 @@ static ConfigTable ldapcfg[] = {
 			"SYNTAX OMsDirectoryString "
 			"SINGLE-VALUE )",
 		NULL, NULL },
-	{ "tls", "what", 2, 2, 0,
+	{ "tls", "what", 2, 0, 0,
 		ARG_MAGIC|LDAP_BACK_CFG_TLS,
 		ldap_back_cf_gen, "( OLcfgDbAt:3.1 "
 			"NAME 'olcDbStartTLS' "
@@ -352,6 +352,7 @@ static slap_verbmasks tls_mode[] = {
 	{ BER_BVC( "try-propagate" ),	LDAP_BACK_F_PROPAGATE_TLS },
 	{ BER_BVC( "start" ),		LDAP_BACK_F_TLS_USE_MASK },
 	{ BER_BVC( "try-start" ),	LDAP_BACK_F_USE_TLS },
+	{ BER_BVC( "ldaps" ),		LDAP_BACK_F_TLS_LDAPS },
 	{ BER_BVC( "none" ),		LDAP_BACK_F_NONE },
 	{ BER_BVNULL,			0 }
 };
@@ -380,9 +381,7 @@ static slap_cf_aux_table timeout_table[] = {
 	{ BER_BVC("modrdn="),	SLAP_OP_MODRDN * sizeof( time_t ),	'u', 0, NULL },
 	{ BER_BVC("modify="),	SLAP_OP_MODIFY * sizeof( time_t ),	'u', 0, NULL },
 	{ BER_BVC("compare="),	SLAP_OP_COMPARE * sizeof( time_t ),	'u', 0, NULL },
-#if 0	/* uses timelimit instead */
 	{ BER_BVC("search="),	SLAP_OP_SEARCH * sizeof( time_t ),	'u', 0, NULL },
-#endif
 	/* abandon makes little sense */
 #if 0	/* not implemented yet */
 	{ BER_BVC("extended="),	SLAP_OP_EXTENDED * sizeof( time_t ),	'u', 0, NULL },
@@ -551,7 +550,6 @@ slap_idassert_authzfrom_parse( ConfigArgs *c, slap_idassert_t *si )
 	int		rc;
 
  	if ( strcmp( c->argv[ 1 ], "*" ) == 0
- 		|| strcmp( c->argv[ 1 ], ".*" ) == 0
  		|| strcmp( c->argv[ 1 ], "dn:*" ) == 0
  		|| strcasecmp( c->argv[ 1 ], "dn.regex:.*" ) == 0 )
  	{
@@ -712,6 +710,7 @@ slap_idassert_parse( ConfigArgs *c, slap_idassert_t *si )
 			return 1;
 		}
 	}
+	bindconf_tls_defaults( &si->si_bc );
 
 	return 0;
 }
@@ -776,10 +775,25 @@ ldap_back_cf_gen( ConfigArgs *c )
 			}
 			break;
 
-		case LDAP_BACK_CFG_TLS:
+		case LDAP_BACK_CFG_TLS: {
+			struct berval bc = BER_BVNULL, bv2;
 			enum_to_verb( tls_mode, ( li->li_flags & LDAP_BACK_F_TLS_MASK ), &bv );
 			assert( !BER_BVISNULL( &bv ) );
-			value_add_one( &c->rvalue_vals, &bv );
+			bindconf_tls_unparse( &li->li_tls, &bc );
+
+			if ( !BER_BVISEMPTY( &bc )) {
+				bv2.bv_len = bv.bv_len + bc.bv_len + 1;
+				bv2.bv_val = ch_malloc( bv2.bv_len + 1 );
+				strcpy( bv2.bv_val, bv.bv_val );
+				bv2.bv_val[bv.bv_len] = ' ';
+				strcpy( &bv2.bv_val[bv.bv_len + 1], bc.bv_val );
+				ber_bvarray_add( &c->rvalue_vals, &bv2 );
+
+			} else {
+				value_add_one( &c->rvalue_vals, &bv );
+			}
+			ber_memfree( bc.bv_val );
+			}
 			break;
 
 		case LDAP_BACK_CFG_ACL_AUTHCDN:
@@ -1216,6 +1230,7 @@ ldap_back_cf_gen( ConfigArgs *c )
 			slap_retry_info_destroy( &li->li_quarantine );
 			ldap_pvt_thread_mutex_destroy( &li->li_quarantine_mutex );
 			li->li_isquarantined = 0;
+			li->li_flags &= ~LDAP_BACK_F_QUARANTINE;
 			break;
 
 		default:
@@ -1379,6 +1394,13 @@ done_url:;
 		}
 		li->li_flags &= ~LDAP_BACK_F_TLS_MASK;
 		li->li_flags |= tls_mode[i].mask;
+		if ( c->argc > 2 ) {
+			for ( i=2; i<c->argc; i++ ) {
+				if ( bindconf_tls_parse( c->argv[i], &li->li_tls ))
+					return 1;
+			}
+			bindconf_tls_defaults( &li->li_tls );
+		}
 		break;
 
 	case LDAP_BACK_CFG_ACL_AUTHCDN:
@@ -1437,6 +1459,7 @@ done_url:;
 				return 1;
 			}
 		}
+		bindconf_tls_defaults( &li->li_acl );
 		break;
 
 	case LDAP_BACK_CFG_IDASSERT_MODE:
@@ -1622,13 +1645,13 @@ done_url:;
 			&& mask == LDAP_BACK_F_T_F_DISCOVER
 			&& !LDAP_BACK_T_F( li ) )
 		{
-			slap_bindconf	sb = { 0 };
+			slap_bindconf	sb = { BER_BVNULL };
 			int		rc;
 
 			if ( li->li_uri == NULL ) {
 				snprintf( c->msg, sizeof( c->msg ),
-					"need URI to discover \"cancel\" support "
-					"in \"cancel exop-discover\"" );
+					"need URI to discover absolute filters support "
+					"in \"t-f-support discover\"" );
 				Debug( LDAP_DEBUG_ANY, "%s: %s.\n", c->log, c->msg, 0 );
 				return 1;
 			}
@@ -1794,7 +1817,7 @@ done_url:;
 			&& mask == LDAP_BACK_F_CANCEL_EXOP_DISCOVER
 			&& !LDAP_BACK_CANCEL( li ) )
 		{
-			slap_bindconf	sb = { 0 };
+			slap_bindconf	sb = { BER_BVNULL };
 			int		rc;
 
 			if ( li->li_uri == NULL ) {
@@ -1839,6 +1862,7 @@ done_url:;
 			/* give it a chance to retry if the pattern gets reset
 			 * via back-config */
 			li->li_isquarantined = 0;
+			li->li_flags |= LDAP_BACK_F_QUARANTINE;
 		}
 		break;
 
@@ -1982,7 +2006,7 @@ retry:
 		}
 
 		if ( lc != NULL ) {
-			ldap_back_release_conn( &op2, rs, lc );
+			ldap_back_release_conn( (ldapinfo_t *)op2.o_bd->be_private, lc );
 		}
 
 	} else {