X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=servers%2Fslapd%2Fbackend.c;h=1b26ee117f3b41e94f8b01992fc0835398df8a3d;hb=0445405299ebc97d0f11585031fb1abef031caf9;hp=dd6f0f317c211191aa2173f113d97727dbe7a2ba;hpb=f49fd8a98e6849f74e50a01165f4214b065b9b00;p=openldap diff --git a/servers/slapd/backend.c b/servers/slapd/backend.c index dd6f0f317c..1b26ee117f 100644 --- a/servers/slapd/backend.c +++ b/servers/slapd/backend.c @@ -30,6 +30,9 @@ #ifdef SLAPD_LDBM #include "back-ldbm/external.h" #endif +#ifdef SLAPD_META +#include "back-meta/external.h" +#endif #ifdef SLAPD_PASSWD #include "back-passwd/external.h" #endif @@ -62,6 +65,9 @@ static BackendInfo binfo[] = { #if defined(SLAPD_LDBM) && !defined(SLAPD_LDBM_DYNAMIC) {"ldbm", ldbm_back_initialize}, #endif +#if defined(SLAPD_META) && !defined(SLAPD_META_DYNAMIC) + {"meta", meta_back_initialize}, +#endif #if defined(SLAPD_PASSWD) && !defined(SLAPD_PASSWD_DYNAMIC) {"passwd", passwd_back_initialize}, #endif @@ -509,12 +515,18 @@ select_backend( len = strlen( backends[i].be_nsuffix[j] ); if ( len > dnlen ) { + /* suffix is longer than DN */ continue; } - if ( strcmp( backends[i].be_nsuffix[j], - dn + (dnlen - len) ) == 0 ) - { + + if ( (len < dnlen) && !(DN_SEPARATOR( dn[(dnlen-len)-1] )) ) { + /* make sure we have a separator */ + continue; + } + + + if ( strcmp( backends[i].be_nsuffix[j], &dn[dnlen-len] ) == 0 ) { if( be == NULL ) { be = &backends[i]; @@ -709,7 +721,7 @@ backend_check_restrictions( Backend *be, Connection *conn, Operation *op, - const char *extoid, + const void *opdata, const char **text ) { int rc; @@ -773,7 +785,9 @@ backend_check_restrictions( return LDAP_OTHER; } - if (( extoid == NULL || strcmp( extoid, LDAP_EXOP_START_TLS ) ) ) { + if ( op->o_tag != LDAP_REQ_EXTENDED + || strcmp( (const char *) opdata, LDAP_EXOP_START_TLS ) ) + { /* these checks don't apply to StartTLS */ if( op->o_tag == LDAP_REQ_EXTENDED ) { @@ -781,47 +795,62 @@ backend_check_restrictions( updateop++; } - if( op->o_ssf < ssf->sss_ssf ) { - *text = "confidentiality required"; - return LDAP_CONFIDENTIALITY_REQUIRED; - } if( op->o_transport_ssf < ssf->sss_transport ) { *text = "transport confidentiality required"; return LDAP_CONFIDENTIALITY_REQUIRED; } + if( op->o_tls_ssf < ssf->sss_tls ) { *text = "TLS confidentiality required"; return LDAP_CONFIDENTIALITY_REQUIRED; } - if( op->o_sasl_ssf < ssf->sss_sasl ) { - *text = "SASL confidentiality required"; - return LDAP_CONFIDENTIALITY_REQUIRED; - } - if( updateop ) { - if( op->o_ssf < ssf->sss_update_ssf ) { - *text = "update confidentiality required"; + if( op->o_tag != LDAP_REQ_BIND || opdata == NULL ) { + /* these checks don't apply to SASL bind */ + + if( op->o_sasl_ssf < ssf->sss_sasl ) { + *text = "SASL confidentiality required"; return LDAP_CONFIDENTIALITY_REQUIRED; } + + if( op->o_ssf < ssf->sss_ssf ) { + *text = "confidentiality required"; + return LDAP_CONFIDENTIALITY_REQUIRED; + } + } + + if( updateop ) { if( op->o_transport_ssf < ssf->sss_update_transport ) { *text = "transport update confidentiality required"; return LDAP_CONFIDENTIALITY_REQUIRED; } + if( op->o_tls_ssf < ssf->sss_update_tls ) { *text = "TLS update confidentiality required"; return LDAP_CONFIDENTIALITY_REQUIRED; } + if( op->o_sasl_ssf < ssf->sss_update_sasl ) { *text = "SASL update confidentiality required"; return LDAP_CONFIDENTIALITY_REQUIRED; } + + if( op->o_ssf < ssf->sss_update_ssf ) { + *text = "update confidentiality required"; + return LDAP_CONFIDENTIALITY_REQUIRED; + } + + if( op->o_ndn == NULL ) { + *text = "modifications require authentication"; + return LDAP_OPERATIONS_ERROR; + } } } - if (( extoid == NULL || strcmp( extoid, LDAP_EXOP_START_TLS ) ) - || op->o_tag == LDAP_REQ_BIND ) + if ( op->o_tag != LDAP_REQ_BIND && ( op->o_tag != LDAP_REQ_EXTENDED || + strcmp( (const char *) opdata, LDAP_EXOP_START_TLS ) ) ) { - /* these checks don't apply to StartTLS or Bind */ + /* these checks don't apply to Bind or StartTLS */ if( requires & SLAP_REQUIRE_STRONG ) { /* should check mechanism */