X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=servers%2Fslapd%2Fback-meta%2Fconfig.c;h=fecc0a4e89c283163785bda7527ff9d485017092;hb=8a197d1a6c4f43925adf0a1372651b529081f6ae;hp=6cdfbc60fc85a67824032040beaeecb3fc5ed25c;hpb=9a00bbb35fd40d6181ef0b4bb1440bfd183cd6f5;p=openldap
diff --git a/servers/slapd/back-meta/config.c b/servers/slapd/back-meta/config.c
index 6cdfbc60fc..fecc0a4e89 100644
--- a/servers/slapd/back-meta/config.c
+++ b/servers/slapd/back-meta/config.c
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software .
*
- * Copyright 1999-2007 The OpenLDAP Foundation.
+ * Copyright 1999-2010 The OpenLDAP Foundation.
* Portions Copyright 2001-2003 Pierangelo Masarati.
* Portions Copyright 1999-2003 Howard Chu.
* All rights reserved.
@@ -111,30 +111,18 @@ meta_back_db_config(
/* URI of server to query */
if ( strcasecmp( argv[ 0 ], "uri" ) == 0 ) {
int i = mi->mi_ntargets;
-#if 0
- int j;
-#endif /* uncomment if uri MUST be a branch of suffix */
- LDAPURLDesc *ludp, *tmpludp;
+ LDAPURLDesc *ludp;
struct berval dn;
int rc;
int c;
metatarget_t *mt;
+
+ char **uris = NULL;
- switch ( argc ) {
- case 1:
+ if ( argc == 1 ) {
Debug( LDAP_DEBUG_ANY,
"%s: line %d: missing URI "
- "in \"uri ://[:port]/\" line\n",
- fname, lineno, 0 );
- return 1;
-
- case 2:
- break;
-
- default:
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d: too many args "
"in \"uri ://[:port]/\" line\n",
fname, lineno, 0 );
return 1;
@@ -186,93 +174,123 @@ meta_back_db_config(
mt->mt_timeout[ c ] = mi->mi_timeout[ c ];
}
- /*
- * uri MUST be legal!
- */
- if ( ldap_url_parselist_ext( &ludp, argv[ 1 ], "\t",
- LDAP_PVT_URL_PARSE_NONE ) != LDAP_SUCCESS )
- {
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d: unable to parse URI"
- " in \"uri ://[:port]/\" line\n",
- fname, lineno, 0 );
- return 1;
- }
+ for ( c = 1; c < argc; c++ ) {
+ char **tmpuris = ldap_str2charray( argv[ c ], "\t" );
- /*
- * uri MUST have the part!
- */
- if ( ludp->lud_dn == NULL ) {
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d: missing "
+ if ( tmpuris == NULL ) {
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: unable to parse URIs #%d"
" in \"uri ://[:port]/\" line\n",
- fname, lineno, 0 );
- return 1;
+ fname, lineno, c - 1 );
+ return 1;
+ }
- } else if ( ludp->lud_dn[ 0 ] == '\0' ) {
- int j = -1;
+ if ( c == 0 ) {
+ uris = tmpuris;
- for ( j = 0; !BER_BVISNULL( &be->be_nsuffix[ j ] ); j++ ) {
- if ( BER_BVISEMPTY( &be->be_nsuffix[ j ] ) ) {
- break;
- }
+ } else {
+ ldap_charray_merge( &uris, tmpuris );
+ ldap_charray_free( tmpuris );
}
+ }
+
+ for ( c = 0; uris[ c ] != NULL; c++ ) {
+ char *tmpuri = NULL;
- if ( BER_BVISNULL( &be->be_nsuffix[ j ] ) ) {
+ /*
+ * uri MUST be legal!
+ */
+ if ( ldap_url_parselist_ext( &ludp, uris[ c ], "\t",
+ LDAP_PVT_URL_PARSE_NONE ) != LDAP_SUCCESS
+ || ludp->lud_next != NULL )
+ {
Debug( LDAP_DEBUG_ANY,
- "%s: line %d: missing "
+ "%s: line %d: unable to parse URI #%d"
" in \"uri ://[:port]/\" line\n",
- fname, lineno, 0 );
+ fname, lineno, c );
+ ldap_charray_free( uris );
return 1;
}
- }
- /*
- * copies and stores uri and suffix
- */
- ber_str2bv( ludp->lud_dn, 0, 0, &dn );
- rc = dnPrettyNormal( NULL, &dn, &mt->mt_psuffix,
- &mt->mt_nsuffix, NULL );
- if( rc != LDAP_SUCCESS ) {
- Debug( LDAP_DEBUG_ANY, "%s: line %d: "
- "target \"%s\" DN is invalid\n",
- fname, lineno, argv[ 1 ] );
- return( 1 );
- }
+ if ( c == 0 ) {
- ludp->lud_dn[ 0 ] = '\0';
+ /*
+ * uri MUST have the part!
+ */
+ if ( ludp->lud_dn == NULL ) {
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: missing "
+ " in \"uri ://[:port]/\" line\n",
+ fname, lineno, 0 );
+ ldap_free_urllist( ludp );
+ ldap_charray_free( uris );
+ return 1;
+ }
- switch ( ludp->lud_scope ) {
- case LDAP_SCOPE_DEFAULT:
- mt->mt_scope = LDAP_SCOPE_SUBTREE;
- break;
+ /*
+ * copies and stores uri and suffix
+ */
+ ber_str2bv( ludp->lud_dn, 0, 0, &dn );
+ rc = dnPrettyNormal( NULL, &dn, &mt->mt_psuffix,
+ &mt->mt_nsuffix, NULL );
+ if ( rc != LDAP_SUCCESS ) {
+ Debug( LDAP_DEBUG_ANY, "%s: line %d: "
+ "target \"%s\" DN is invalid\n",
+ fname, lineno, argv[ 1 ] );
+ ldap_free_urllist( ludp );
+ ldap_charray_free( uris );
+ return( 1 );
+ }
- case LDAP_SCOPE_SUBTREE:
- case LDAP_SCOPE_SUBORDINATE:
- mt->mt_scope = ludp->lud_scope;
- break;
+ ludp->lud_dn[ 0 ] = '\0';
- default:
- Debug( LDAP_DEBUG_ANY, "%s: line %d: "
- "invalid scope for target \"%s\"\n",
- fname, lineno, argv[ 1 ] );
- return( 1 );
- }
+ switch ( ludp->lud_scope ) {
+ case LDAP_SCOPE_DEFAULT:
+ mt->mt_scope = LDAP_SCOPE_SUBTREE;
+ break;
+
+ case LDAP_SCOPE_SUBTREE:
+ case LDAP_SCOPE_SUBORDINATE:
+ mt->mt_scope = ludp->lud_scope;
+ break;
- /* check all, to apply the scope check on the first one */
- for ( tmpludp = ludp; tmpludp; tmpludp = tmpludp->lud_next ) {
- if ( tmpludp->lud_dn != NULL && tmpludp->lud_dn[ 0 ] != '\0' ) {
- Debug( LDAP_DEBUG_ANY, "%s: line %d: "
- "multiple URIs must have "
- "no DN part\n",
+ default:
+ Debug( LDAP_DEBUG_ANY, "%s: line %d: "
+ "invalid scope for target \"%s\"\n",
+ fname, lineno, argv[ 1 ] );
+ ldap_free_urllist( ludp );
+ ldap_charray_free( uris );
+ return( 1 );
+ }
+
+ } else {
+ /* check all, to apply the scope check on the first one */
+ if ( ludp->lud_dn != NULL && ludp->lud_dn[ 0 ] != '\0' ) {
+ Debug( LDAP_DEBUG_ANY, "%s: line %d: "
+ "multiple URIs must have "
+ "no DN part\n",
+ fname, lineno, 0 );
+ ldap_free_urllist( ludp );
+ ldap_charray_free( uris );
+ return( 1 );
+
+ }
+ }
+
+ tmpuri = ldap_url_list2urls( ludp );
+ ldap_free_urllist( ludp );
+ if ( tmpuri == NULL ) {
+ Debug( LDAP_DEBUG_ANY, "%s: line %d: no memory?\n",
fname, lineno, 0 );
+ ldap_charray_free( uris );
return( 1 );
-
}
+ ldap_memfree( uris[ c ] );
+ uris[ c ] = tmpuri;
}
- mt->mt_uri = ldap_url_list2urls( ludp );
- ldap_free_urllist( ludp );
+ mt->mt_uri = ldap_charray2str( uris, " " );
+ ldap_charray_free( uris );
if ( mt->mt_uri == NULL) {
Debug( LDAP_DEBUG_ANY, "%s: line %d: no memory?\n",
fname, lineno, 0 );
@@ -282,26 +300,18 @@ meta_back_db_config(
/*
* uri MUST be a branch of suffix!
*/
-#if 0 /* too strict a constraint */
- if ( select_backend( &mt->mt_nsuffix, 0 ) != be ) {
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d: of URI does not refer to current backend"
- " in \"uri ://[:port]/\" line\n",
- fname, lineno, 0 );
- return 1;
+ for ( c = 0; !BER_BVISNULL( &be->be_nsuffix[ c ] ); c++ ) {
+ if ( dnIsSuffix( &mt->mt_nsuffix, &be->be_nsuffix[ c ] ) ) {
+ break;
+ }
}
-#else
- /*
- * uri MUST be a branch of a suffix!
- */
- if ( select_backend( &mt->mt_nsuffix, 0 ) == NULL ) {
+
+ if ( BER_BVISNULL( &be->be_nsuffix[ c ] ) ) {
Debug( LDAP_DEBUG_ANY,
- "%s: line %d: of URI does not resolve to a backend"
- " in \"uri ://[:port]/\" line\n",
+ "%s: line %d: of URI must be within the naming context of this database.\n",
fname, lineno, 0 );
return 1;
}
-#endif
/* subtree-exclude */
} else if ( strcasecmp( argv[ 0 ], "subtree-exclude" ) == 0 ) {
@@ -630,6 +640,10 @@ meta_back_db_config(
/* save bind creds for referral rebinds? */
} else if ( strcasecmp( argv[ 0 ], "rebind-as-user" ) == 0 ) {
+ unsigned *flagsp = mi->mi_ntargets ?
+ &mi->mi_targets[ mi->mi_ntargets - 1 ]->mt_flags
+ : &mi->mi_flags;
+
if ( argc > 2 ) {
Debug( LDAP_DEBUG_ANY,
"%s: line %d: \"rebind-as-user {NO|yes}\" takes 1 argument.\n",
@@ -641,16 +655,16 @@ meta_back_db_config(
Debug( LDAP_DEBUG_ANY,
"%s: line %d: deprecated use of \"rebind-as-user {FALSE|true}\" with no arguments.\n",
fname, lineno, 0 );
- mi->mi_flags |= LDAP_BACK_F_SAVECRED;
+ *flagsp |= LDAP_BACK_F_SAVECRED;
} else {
switch ( check_true_false( argv[ 1 ] ) ) {
case 0:
- mi->mi_flags &= ~LDAP_BACK_F_SAVECRED;
+ *flagsp &= ~LDAP_BACK_F_SAVECRED;
break;
case 1:
- mi->mi_flags |= LDAP_BACK_F_SAVECRED;
+ *flagsp |= LDAP_BACK_F_SAVECRED;
break;
default:
@@ -792,7 +806,7 @@ meta_back_db_config(
{
if ( argc != 2 ) {
Debug( LDAP_DEBUG_ANY,
- "%s: line %d: \"[pseudo]root-bind-defer {FALSE|true}\" takes 1 argument\n",
+ "%s: line %d: \"[pseudo]root-bind-defer {TRUE|false}\" takes 1 argument\n",
fname, lineno, 0 );
return( 1 );
}
@@ -808,7 +822,7 @@ meta_back_db_config(
default:
Debug( LDAP_DEBUG_ANY,
- "%s: line %d: \"[pseudo]root-bind-defer {FALSE|true}\": invalid arg \"%s\".\n",
+ "%s: line %d: \"[pseudo]root-bind-defer {TRUE|false}\": invalid arg \"%s\".\n",
fname, lineno, argv[ 1 ] );
return 1;
}
@@ -1072,14 +1086,16 @@ idassert-authzFrom "dn:"
return 1;
}
- if ( snprintf( binddn, sizeof( binddn ), "binddn=%s", argv[ 1 ] ) >= sizeof( binddn ) ) {
+ if ( sizeof( binddn ) <= (unsigned) snprintf( binddn,
+ sizeof( binddn ), "binddn=%s", argv[ 1 ] ))
+ {
Debug( LDAP_DEBUG_ANY, "%s: line %d: \"pseudorootdn\" too long.\n",
fname, lineno, 0 );
return 1;
}
cargv[ 2 ] = binddn;
- rc = slap_idassert_parse_cf( fname, lineno, cargc, cargv, &mi->mi_targets[ mi->mi_ntargets - 1 ]->mt_idassert );
+ rc = mi->mi_ldap_extra->idassert_parse_cf( fname, lineno, cargc, cargv, &mi->mi_targets[ mi->mi_ntargets - 1 ]->mt_idassert );
if ( rc == 0 ) {
struct berval bv;
@@ -1149,7 +1165,7 @@ idassert-authzFrom "dn:"
return 1;
}
- return slap_idassert_parse_cf( fname, lineno, argc, argv, &mi->mi_targets[ mi->mi_ntargets - 1 ]->mt_idassert );
+ return mi->mi_ldap_extra->idassert_parse_cf( fname, lineno, argc, argv, &mi->mi_targets[ mi->mi_ntargets - 1 ]->mt_idassert );
/* idassert-authzFrom */
} else if ( strcasecmp( argv[ 0 ], "idassert-authzFrom" ) == 0 ) {
@@ -1178,7 +1194,7 @@ idassert-authzFrom "dn:"
return 1;
}
- return slap_idassert_authzfrom_parse_cf( fname, lineno, argv[ 1 ], &mi->mi_targets[ mi->mi_ntargets - 1 ]->mt_idassert );
+ return mi->mi_ldap_extra->idassert_authzfrom_parse_cf( fname, lineno, argv[ 1 ], &mi->mi_targets[ mi->mi_ntargets - 1 ]->mt_idassert );
/* quarantine */
} else if ( strcasecmp( argv[ 0 ], "quarantine" ) == 0 ) {
@@ -1222,20 +1238,21 @@ idassert-authzFrom "dn:"
ldap_pvt_thread_mutex_init( &mi->mi_targets[ mi->mi_ntargets - 1 ]->mt_quarantine_mutex );
}
- if ( slap_retry_info_parse( argv[ 1 ], ri, buf, sizeof( buf ) ) ) {
+ if ( mi->mi_ldap_extra->retry_info_parse( argv[ 1 ], ri, buf, sizeof( buf ) ) ) {
Debug( LDAP_DEBUG_ANY,
"%s line %d: %s.\n",
fname, lineno, buf );
return 1;
}
- if ( mi->mi_ntargets ) {
+ if ( mi->mi_ntargets == 0 ) {
mi->mi_flags |= LDAP_BACK_F_QUARANTINE;
} else {
mi->mi_targets[ mi->mi_ntargets - 1 ]->mt_flags |= LDAP_BACK_F_QUARANTINE;
}
+#ifdef SLAP_CONTROL_X_SESSION_TRACKING
/* session tracking request */
} else if ( strcasecmp( argv[ 0 ], "session-tracking-request" ) == 0 ) {
unsigned *flagsp = mi->mi_ntargets ?
@@ -1265,11 +1282,12 @@ idassert-authzFrom "dn:"
fname, lineno, argv[ 1 ] );
return( 1 );
}
+#endif /* SLAP_CONTROL_X_SESSION_TRACKING */
/* dn massaging */
} else if ( strcasecmp( argv[ 0 ], "suffixmassage" ) == 0 ) {
- BackendDB *tmp_be;
- int i = mi->mi_ntargets - 1, rc;
+ BackendDB *tmp_bd;
+ int i = mi->mi_ntargets - 1, c, rc;
struct berval dn, nvnc, pvnc, nrnc, prnc;
if ( i < 0 ) {
@@ -1300,17 +1318,22 @@ idassert-authzFrom "dn:"
ber_str2bv( argv[ 1 ], 0, 0, &dn );
if ( dnPrettyNormal( NULL, &dn, &pvnc, &nvnc, NULL ) != LDAP_SUCCESS ) {
Debug( LDAP_DEBUG_ANY, "%s: line %d: "
- "suffix '%s' is invalid\n",
+ "suffix \"%s\" is invalid\n",
fname, lineno, argv[ 1 ] );
return 1;
}
-
- tmp_be = select_backend( &nvnc, 0 );
- if ( tmp_be != NULL && tmp_be != be ) {
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d: suffix already in use by another backend in"
- " \"suffixMassage \"\n",
- fname, lineno, 0 );
+
+ for ( c = 0; !BER_BVISNULL( &be->be_nsuffix[ c ] ); c++ ) {
+ if ( dnIsSuffix( &nvnc, &be->be_nsuffix[ 0 ] ) ) {
+ break;
+ }
+ }
+
+ if ( BER_BVISNULL( &be->be_nsuffix[ c ] ) ) {
+ Debug( LDAP_DEBUG_ANY, "%s: line %d: "
+ " \"%s\" must be within the database naming context, in "
+ "\"suffixMassage \"\n",
+ fname, lineno, pvnc.bv_val );
free( pvnc.bv_val );
free( nvnc.bv_val );
return 1;
@@ -1319,33 +1342,24 @@ idassert-authzFrom "dn:"
ber_str2bv( argv[ 2 ], 0, 0, &dn );
if ( dnPrettyNormal( NULL, &dn, &prnc, &nrnc, NULL ) != LDAP_SUCCESS ) {
Debug( LDAP_DEBUG_ANY, "%s: line %d: "
- "massaged suffix '%s' is invalid\n",
+ "massaged suffix \"%s\" is invalid\n",
fname, lineno, argv[ 2 ] );
free( pvnc.bv_val );
free( nvnc.bv_val );
return 1;
}
-#if 0
- tmp_be = select_backend( &nrnc, 0 );
- if ( tmp_be != NULL ) {
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d: massaged suffix already in use by another backend in"
- " \"suffixMassage \"\n",
- fname, lineno, 0 );
- free( pvnc.bv_val );
- free( nvnc.bv_val );
- free( prnc.bv_val );
- free( nrnc.bv_val );
- return 1;
+ tmp_bd = select_backend( &nrnc, 0 );
+ if ( tmp_bd != NULL && tmp_bd->be_private == be->be_private ) {
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: warning: \"%s\" resolves to this database, in "
+ "\"suffixMassage \"\n",
+ fname, lineno, prnc.bv_val );
}
-#endif
-
+
/*
* The suffix massaging is emulated by means of the
* rewrite capabilities
- * FIXME: no extra rewrite capabilities should be added
- * to the database
*/
rc = suffix_massage_config( mi->mi_targets[ i ]->mt_rwmap.rwm_rw,
&pvnc, &nvnc, &prnc, &nrnc );
@@ -1445,6 +1459,66 @@ idassert-authzFrom "dn:"
return 1;
}
+ /* do not return search references */
+ } else if ( strcasecmp( argv[ 0 ], "norefs" ) == 0 ) {
+ unsigned *flagsp = mi->mi_ntargets ?
+ &mi->mi_targets[ mi->mi_ntargets - 1 ]->mt_flags
+ : &mi->mi_flags;
+
+ if ( argc != 2 ) {
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: \"norefs {TRUE|false}\" needs 1 argument.\n",
+ fname, lineno, 0 );
+ return( 1 );
+ }
+
+ /* this is the default; we add it because the default might change... */
+ switch ( check_true_false( argv[ 1 ] ) ) {
+ case 1:
+ *flagsp |= LDAP_BACK_F_NOREFS;
+ break;
+
+ case 0:
+ *flagsp &= ~LDAP_BACK_F_NOREFS;
+ break;
+
+ default:
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: \"norefs {TRUE|false}\": unknown argument \"%s\".\n",
+ fname, lineno, argv[ 1 ] );
+ return( 1 );
+ }
+
+ /* do not propagate undefined search filters */
+ } else if ( strcasecmp( argv[ 0 ], "noundeffilter" ) == 0 ) {
+ unsigned *flagsp = mi->mi_ntargets ?
+ &mi->mi_targets[ mi->mi_ntargets - 1 ]->mt_flags
+ : &mi->mi_flags;
+
+ if ( argc != 2 ) {
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: \"noundeffilter {TRUE|false}\" needs 1 argument.\n",
+ fname, lineno, 0 );
+ return( 1 );
+ }
+
+ /* this is the default; we add it because the default might change... */
+ switch ( check_true_false( argv[ 1 ] ) ) {
+ case 1:
+ *flagsp |= LDAP_BACK_F_NOUNDEFFILTER;
+ break;
+
+ case 0:
+ *flagsp &= ~LDAP_BACK_F_NOUNDEFFILTER;
+ break;
+
+ default:
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: \"noundeffilter {TRUE|false}\": unknown argument \"%s\".\n",
+ fname, lineno, argv[ 1 ] );
+ return( 1 );
+ }
+
/* anything else */
} else {
return SLAP_CONF_UNKNOWN;
@@ -1488,6 +1562,11 @@ ldap_back_map_config(
return 1;
}
+ if ( !is_oc && map->map == NULL ) {
+ /* only init if required */
+ ldap_back_map_init( map, &mapping );
+ }
+
if ( strcmp( argv[ 2 ], "*" ) == 0 ) {
if ( argc < 4 || strcmp( argv[ 3 ], "*" ) == 0 ) {
map->drop_missing = ( argc < 4 );
@@ -1634,11 +1713,6 @@ ldap_back_map_config(
mapping_cmp, mapping_dup );
success_return:;
- if ( !is_oc && map->map == NULL ) {
- /* only init if required */
- ldap_back_map_init( map, &mapping );
- }
-
return 0;
error_return:;