X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=servers%2Fslapd%2Fback-ldap%2Fconfig.c;h=e5541a2a61a42d79f61eca1dca887c84501c77d5;hb=93390425dfe797a3fa7abfdc76f99b9c4c2536ee;hp=d03c1ea08fa08538023dc1a8cedc85dbcd5b95de;hpb=96e1632d4aa250079c5e4d9ee0010ccd9c90bf1d;p=openldap diff --git a/servers/slapd/back-ldap/config.c b/servers/slapd/back-ldap/config.c index d03c1ea08f..e5541a2a61 100644 --- a/servers/slapd/back-ldap/config.c +++ b/servers/slapd/back-ldap/config.c @@ -1,38 +1,24 @@ /* config.c - ldap backend configuration file routine */ /* $OpenLDAP$ */ -/* - * Copyright 1998-2003 The OpenLDAP Foundation, All Rights Reserved. - * COPYING RESTRICTIONS APPLY, see COPYRIGHT file - */ -/* This is an altered version */ -/* - * Copyright 1999, Howard Chu, All rights reserved. - * - * Permission is granted to anyone to use this software for any purpose - * on any computer system, and to alter it and redistribute it, subject - * to the following restrictions: - * - * 1. The author is not responsible for the consequences of use of this - * software, no matter how awful, even if they arise from flaws in it. - * - * 2. The origin of this software must not be misrepresented, either by - * explicit claim or by omission. Since few users ever read sources, - * credits should appear in the documentation. - * - * 3. Altered versions must be plainly marked as such, and must not be - * misrepresented as being the original software. Since few users - * ever read sources, credits should appear in the documentation. - * - * 4. This notice may not be removed or altered. +/* This work is part of OpenLDAP Software . * + * Copyright 2003 The OpenLDAP Foundation. + * Portions Copyright 1999-2003 Howard Chu. + * Portions Copyright 2000-2003 Pierangelo Masarati. + * All rights reserved. * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted only as authorized by the OpenLDAP + * Public License. * - * Copyright 2000, Pierangelo Masarati, All rights reserved. - * - * This software is being modified by Pierangelo Masarati. - * The previously reported conditions apply to the modified code as well. - * Changes in the original code are highlighted where required. - * Credits for the original code go to the author, Howard Chu. + * A copy of this license is available in the file LICENSE in the + * top-level directory of the distribution or, alternatively, at + * . + */ +/* ACKNOWLEDGEMENTS: + * This work was initially developed by the Howard Chu for inclusion + * in OpenLDAP Software and subsequently enhanced by Pierangelo + * Masarati. */ #include "portable.h" @@ -113,7 +99,29 @@ ldap_back_db_config( return( 1 ); } ber_str2bv( argv[1], 0, 1, &li->bindpw ); - + +#ifdef LDAP_BACK_PROXY_AUTHZ + /* name to use for proxyAuthz propagation */ + } else if ( strcasecmp( argv[0], "proxyauthzdn" ) == 0 ) { + if (argc != 2) { + fprintf( stderr, + "%s: line %d: missing name in \"proxyauthzdn \" line\n", + fname, lineno ); + return( 1 ); + } + ber_str2bv( argv[1], 0, 1, &li->proxyauthzdn ); + + /* password to use for proxyAuthz propagation */ + } else if ( strcasecmp( argv[0], "proxyauthzpw" ) == 0 ) { + if (argc != 2) { + fprintf( stderr, + "%s: line %d: missing password in \"proxyauthzpw \" line\n", + fname, lineno ); + return( 1 ); + } + ber_str2bv( argv[1], 0, 1, &li->proxyauthzpw ); +#endif /* LDAP_BACK_PROXY_AUTHZ */ + /* save bind creds for referral rebinds? */ } else if ( strcasecmp( argv[0], "rebind-as-user" ) == 0 ) { if (argc != 1) { @@ -132,7 +140,8 @@ ldap_back_db_config( fname, lineno ); return( 1 ); } - load_extop( (struct berval *)&slap_EXOP_WHOAMI, ldap_back_exop_whoami ); + load_extop( (struct berval *)&slap_EXOP_WHOAMI, + 0, ldap_back_exop_whoami ); /* dn massaging */ } else if ( strcasecmp( argv[0], "suffixmassage" ) == 0 ) { @@ -162,7 +171,7 @@ ldap_back_db_config( } ber_str2bv( argv[1], 0, 0, &bvnc ); - if ( dnPrettyNormal( NULL, &bvnc, &pvnc, &nvnc ) != LDAP_SUCCESS ) { + if ( dnPrettyNormal( NULL, &bvnc, &pvnc, &nvnc, NULL ) != LDAP_SUCCESS ) { fprintf( stderr, "%s: line %d: suffix DN %s is invalid\n", fname, lineno, bvnc.bv_val ); return( 1 ); @@ -180,7 +189,7 @@ ldap_back_db_config( } ber_str2bv( argv[2], 0, 0, &brnc ); - if ( dnPrettyNormal( NULL, &brnc, &prnc, &nrnc ) != LDAP_SUCCESS ) { + if ( dnPrettyNormal( NULL, &brnc, &prnc, &nrnc, NULL ) != LDAP_SUCCESS ) { fprintf( stderr, "%s: line %d: suffix DN %s is invalid\n", fname, lineno, brnc.bv_val ); free( nvnc.bv_val ); @@ -221,11 +230,11 @@ ldap_back_db_config( return( rc ); #else /* !ENABLE_REWRITE */ - ber_bvarray_add( &li->suffix_massage, &pvnc ); - ber_bvarray_add( &li->suffix_massage, &nvnc ); + ber_bvarray_add( &li->rwmap.rwm_suffix_massage, &pvnc ); + ber_bvarray_add( &li->rwmap.rwm_suffix_massage, &nvnc ); - ber_bvarray_add( &li->suffix_massage, &prnc ); - ber_bvarray_add( &li->suffix_massage, &nrnc ); + ber_bvarray_add( &li->rwmap.rwm_suffix_massage, &prnc ); + ber_bvarray_add( &li->rwmap.rwm_suffix_massage, &nrnc ); #endif /* !ENABLE_REWRITE */ /* rewrite stuff ... */ @@ -247,9 +256,7 @@ ldap_back_db_config( /* anything else */ } else { - fprintf( stderr, "%s: line %d: unknown directive \"%s\" " - "in ldap database definition (ignored)\n", - fname, lineno, argv[0] ); + return SLAP_CONF_UNKNOWN; } return 0; } @@ -420,25 +427,23 @@ ldap_back_exop_whoami( if ( op->oq_extended.rs_reqdata != NULL ) { /* no request data should be provided */ rs->sr_text = "no request data expected"; - return LDAP_PROTOCOL_ERROR; + return rs->sr_err = LDAP_PROTOCOL_ERROR; } - { - rs->sr_err = backend_check_restrictions( op, rs, + rs->sr_err = backend_check_restrictions( op, rs, (struct berval *)&slap_EXOP_WHOAMI ); - - if( rs->sr_err != LDAP_SUCCESS ) return rs->sr_err; - } + if( rs->sr_err != LDAP_SUCCESS ) return rs->sr_err; /* if auth'd by back-ldap and request is proxied, forward it */ if ( op->o_conn->c_authz_backend && !strcmp(op->o_conn->c_authz_backend->be_type, "ldap" ) && !dn_match(&op->o_ndn, &op->o_conn->c_ndn)) { struct ldapconn *lc; - LDAPControl c, *ctrls[2] = {&c, NULL}; + LDAPControl c, *ctrls[2] = {NULL, NULL}; LDAPMessage *res; Operation op2 = *op; ber_int_t msgid; + ctrls[0] = &c; op2.o_ndn = op->o_conn->c_ndn; lc = ldap_back_getconn(&op2, rs); if (!lc || !ldap_back_dobind( lc, op, rs )) {