X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=servers%2Fslapd%2Fbconfig.c;h=d3f28a9d663af4f43c42b01b745d9500bd6e0abc;hb=3eb87b2faae4b9f59f1270936f70a1781c2abd7a;hp=b09b3afb2f3391416d8b2337f91e4f8ab28106e2;hpb=5c3a4e176e9539f58a1ac666ad370b4c204cd44c;p=openldap diff --git a/servers/slapd/bconfig.c b/servers/slapd/bconfig.c index b09b3afb2f..d3f28a9d66 100644 --- a/servers/slapd/bconfig.c +++ b/servers/slapd/bconfig.c @@ -38,7 +38,7 @@ static struct berval config_rdn = BER_BVC("cn=config"); static struct berval schema_rdn = BER_BVC("cn=schema"); -#define IFMT "{%02d}" +#define IFMT "{%d}" #ifdef SLAPD_MODULES typedef struct modpath_s { @@ -264,7 +264,7 @@ ConfigTable config_back_cf_table[] = { &config_generic, "( OLcfgAt:9 NAME 'olcBackend' " "DESC 'A type of backend' " "EQUALITY caseIgnoreMatch " - "SYNTAX OMsDirectoryString X-ORDERED 'VALUES' )", NULL, NULL }, + "SYNTAX OMsDirectoryString X-ORDERED 'SIBLINGS' )", NULL, NULL }, { "concurrency", "level", 2, 2, 0, ARG_INT|ARG_MAGIC|CFG_CONCUR, &config_generic, "( OLcfgAt:10 NAME 'olcConcurrency' " "SYNTAX OMsInteger SINGLE-VALUE )", NULL, NULL }, @@ -277,7 +277,7 @@ ConfigTable config_back_cf_table[] = { { "database", "type", 2, 2, 0, ARG_MAGIC|CFG_DATABASE, &config_generic, "( OLcfgAt:13 NAME 'olcDatabase' " "DESC 'The backend type for a database instance' " - "SUP olcBackend X-ORDERED 'VALUES' )", NULL, NULL }, + "SUP olcBackend X-ORDERED 'SIBLINGS' )", NULL, NULL }, { "defaultSearchBase", "dn", 2, 2, 0, ARG_PRE_BI|ARG_PRE_DB|ARG_DN|ARG_MAGIC, &config_search_base, "( OLcfgAt:14 NAME 'olcDefaultSearchBase' " "SYNTAX OMsDN SINGLE-VALUE )", NULL, NULL }, @@ -363,7 +363,7 @@ ConfigTable config_back_cf_table[] = { "SYNTAX OMsDirectoryString X-ORDERED 'VALUES' )", NULL, NULL }, { "overlay", "overlay", 2, 2, 0, ARG_MAGIC, &config_overlay, "( OLcfgAt:34 NAME 'olcOverlay' " - "SUP olcDatabase X-ORDERED 'VALUES' )", NULL, NULL }, + "SUP olcDatabase X-ORDERED 'SIBLINGS' )", NULL, NULL }, { "password-crypt-salt-format", "salt", 2, 2, 0, ARG_STRING|ARG_MAGIC|CFG_SALT, &config_generic, "( OLcfgAt:35 NAME 'olcPasswordCryptSaltFormat' " "SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL }, @@ -432,7 +432,7 @@ ConfigTable config_back_cf_table[] = { "SYNTAX OMsDirectoryString )", NULL, NULL }, { "rootpw", "password", 2, 2, 0, ARG_BERVAL|ARG_DB|ARG_MAGIC, &config_rootpw, "( OLcfgAt:52 NAME 'olcRootPW' " - "SYNTAX OMsOctetString SINGLE-VALUE )", NULL, NULL }, + "SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL }, { "sasl-authz-policy", NULL, 2, 2, 0, ARG_MAGIC|CFG_AZPOLICY, &config_generic, NULL, NULL, NULL }, { "sasl-host", "host", 2, 2, 0, @@ -542,7 +542,7 @@ ConfigTable config_back_cf_table[] = { "( OLcfgAt:72 NAME 'olcTLSCipherSuite' " "SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL }, { "TLSCRLCheck", NULL, 0, 0, 0, -#ifdef HAVE_TLS +#if defined(HAVE_TLS) && defined(HAVE_OPENSSL_CRL) CFG_TLS_CRLCHECK|ARG_STRING|ARG_MAGIC, &config_tls_config, #else ARG_IGNORED, NULL, @@ -581,13 +581,12 @@ static ConfigOCs cf_ocs[] = { { "( OLcfgOc:1 " "NAME 'olcConfig' " "DESC 'OpenLDAP configuration object' " - "ABSTRACT SUP top " - "MAY cn )", Cft_Abstract, NULL }, + "ABSTRACT SUP top )", Cft_Abstract, NULL }, { "( OLcfgOc:2 " "NAME 'olcGlobal' " "DESC 'OpenLDAP Global configuration options' " "SUP olcConfig STRUCTURAL " - "MAY ( olcConfigFile $ olcConfigDir $ olcAllows $ olcArgsFile $ " + "MAY ( cn $ olcConfigFile $ olcConfigDir $ olcAllows $ olcArgsFile $ " "olcAttributeOptions $ olcAttributeTypes $ olcAuthIDRewrite $ " "olcAuthzPolicy $ olcAuthzRegexp $ olcConcurrency $ " "olcConnMaxPending $ olcConnMaxPendingAuth $ olcDefaultSearchBase $ " @@ -612,18 +611,20 @@ static ConfigOCs cf_ocs[] = { "NAME 'olcSchemaConfig' " "DESC 'OpenLDAP schema object' " "SUP olcConfig STRUCTURAL " - "MAY ( olcObjectIdentifier $ olcAttributeTypes $ olcObjectClasses $ " - "olcDitContentRules ) )", Cft_Schema, &cfOc_schema }, + "MAY ( cn $ olcObjectIdentifier $ olcAttributeTypes $ " + "olcObjectClasses $ olcDitContentRules ) )", + Cft_Schema, &cfOc_schema }, { "( OLcfgOc:4 " "NAME 'olcBackendConfig' " "DESC 'OpenLDAP Backend-specific options' " "SUP olcConfig STRUCTURAL " - "MAY ( olcBackend ) )", Cft_Backend, &cfOc_backend }, + "MUST olcBackend )", Cft_Backend, &cfOc_backend }, { "( OLcfgOc:5 " "NAME 'olcDatabaseConfig' " "DESC 'OpenLDAP Database-specific options' " "SUP olcConfig STRUCTURAL " - "MAY ( olcDatabase $ olcSuffix $ olcAccess $ olcLastMod $ olcLimits $ " + "MUST olcDatabase " + "MAY ( olcSuffix $ olcAccess $ olcLastMod $ olcLimits $ " "olcMaxDerefDepth $ olcPlugin $ olcReadOnly $ olcReplica $ " "olcReplogFile $ olcRequires $ olcRestrict $ olcRootDN $ olcRootPW $ " "olcSchemaDN $ olcSecurity $ olcSizeLimit $ olcSyncrepl $ " @@ -633,20 +634,21 @@ static ConfigOCs cf_ocs[] = { "NAME 'olcOverlayConfig' " "DESC 'OpenLDAP Overlay-specific options' " "SUP olcConfig STRUCTURAL " - "MAY ( olcOverlay ) )", Cft_Overlay, &cfOc_overlay }, + "MUST olcOverlay )", Cft_Overlay, &cfOc_overlay }, { "( OLcfgOc:7 " "NAME 'olcIncludeFile' " "DESC 'OpenLDAP configuration include file' " "SUP olcConfig STRUCTURAL " - "MAY ( olcInclude $ olcConfigFile $ olcRootDSE ) )", + "MUST olcInclude " + "MAY ( cn $ olcRootDSE ) )", Cft_Include, &cfOc_include }, #ifdef SLAPD_MODULES { "( OLcfgOc:8 " "NAME 'olcModuleList' " "DESC 'OpenLDAP dynamic module info' " "SUP olcConfig STRUCTURAL " - "MUST olcModuleLoad )", - Cft_Module, &cfOc_module }, + "MUST olcModuleLoad " + "MAY cn )", Cft_Module, &cfOc_module }, #endif { NULL, 0, NULL } }; @@ -879,6 +881,19 @@ config_generic(ConfigArgs *c) { } p = strchr(c->line,'(' /*')'*/); + if ( c->op == LDAP_MOD_DELETE ) { + int rc = 0; + switch(c->type) { + case CFG_BACKEND: + case CFG_DATABASE: + rc = 1; + break; + case CFG_CONCUR: + ldap_pvt_thread_set_concurrency(c); + break; + + } + } switch(c->type) { case CFG_BACKEND: if(!(c->bi = backend_info(c->argv[1]))) { @@ -893,7 +908,7 @@ config_generic(ConfigArgs *c) { /* NOTE: config is always the first backend! */ if ( !strcasecmp( c->argv[1], "config" )) { - c->be = backendDB; + c->be = LDAP_STAILQ_FIRST(&backendDB); } else if ( !strcasecmp( c->argv[1], "frontend" )) { c->be = frontendDB; } else if(!(c->be = backend_db_init(c->argv[1]))) { @@ -1992,6 +2007,11 @@ config_include(ConfigArgs *c) { ConfigFile *cfsave = cfn; ConfigFile *cf2 = NULL; if (c->op == SLAP_CONFIG_EMIT) { + if (c->private) { + ConfigFile *cf = c->private; + value_add_one( &c->rvalue_vals, &cf->c_file ); + return 0; + } return 1; } cf = ch_calloc( 1, sizeof(ConfigFile)); @@ -2020,14 +2040,14 @@ static int config_tls_option(ConfigArgs *c) { int flag; switch(c->type) { - case CFG_TLS_RAND: flag = LDAP_OPT_X_TLS_RANDOM_FILE; break; + case CFG_TLS_RAND: flag = LDAP_OPT_X_TLS_RANDOM_FILE; break; case CFG_TLS_CIPHER: flag = LDAP_OPT_X_TLS_CIPHER_SUITE; break; case CFG_TLS_CERT_FILE: flag = LDAP_OPT_X_TLS_CERTFILE; break; case CFG_TLS_CERT_KEY: flag = LDAP_OPT_X_TLS_KEYFILE; break; case CFG_TLS_CA_PATH: flag = LDAP_OPT_X_TLS_CACERTDIR; break; case CFG_TLS_CA_FILE: flag = LDAP_OPT_X_TLS_CACERTFILE; break; default: Debug(LDAP_DEBUG_ANY, "%s: " - "unknown tls_option <%x>\n", + "unknown tls_option <0x%x>\n", c->log, c->type, 0); } if (c->op == SLAP_CONFIG_EMIT) { @@ -2055,15 +2075,12 @@ config_tls_config(ConfigArgs *c) { { BER_BVNULL, 0 } }, *keys; switch(c->type) { -#ifdef HAVE_OPENSSL_CRL - case CFG_TLS_CRLCHECK: flag = LDAP_OPT_X_TLS_CRLCHECK; keys = crlkeys; - break; -#endif - case CFG_TLS_VERIFY: flag = LDAP_OPT_X_TLS_REQUIRE_CERT; keys = vfykeys; - break; - default: Debug(LDAP_DEBUG_ANY, "%s: " - "unknown tls_option <%x>\n", - c->log, c->type, 0); + case CFG_TLS_CRLCHECK: flag = LDAP_OPT_X_TLS_CRLCHECK; keys = crlkeys; break; + case CFG_TLS_VERIFY: flag = LDAP_OPT_X_TLS_REQUIRE_CERT; keys = vfykeys; break; + default: + Debug(LDAP_DEBUG_ANY, "%s: " + "unknown tls_option <0x%x>\n", + c->log, c->type, 0); } if (c->op == SLAP_CONFIG_EMIT) { ldap_pvt_tls_get_option( NULL, flag, &c->value_int ); @@ -2621,10 +2638,10 @@ config_find_base( CfEntryInfo *root, struct berval *dn, CfEntryInfo **last ) while(root) { *last = root; for (--c;c>dn->bv_val && *c != ',';c--); - if ( *c == ',' ) - c++; cdn.bv_val = c; - cdn.bv_len = dn->bv_len - (c-dn->bv_val); + if ( *c == ',' ) + cdn.bv_val++; + cdn.bv_len = dn->bv_len - (cdn.bv_val - dn->bv_val); root = root->ce_kids; @@ -2844,9 +2861,9 @@ config_find_table( CfOcInfo *co, AttributeDescription *ad ) return NULL; } -/* Sort the values in an X-ORDERED attribute. +/* Sort the values in an X-ORDERED VALUES attribute. * If the values have no index, leave them in their given order. - * If the values have indexes, sort them and then strip the index. + * If the values have indexes, sort them. * If some are indexed and some are not, return Error. * * FIXME: This function probably belongs in the frontend somewhere, @@ -2880,6 +2897,7 @@ sort_vals( Attribute *a ) struct berval tmp, ntmp; char *ptr; +#if 0 /* Strip index from normalized values */ if ( !a->a_nvals || a->a_vals == a->a_nvals ) { a->a_nvals = ch_malloc( (vals+1)*sizeof(struct berval)); @@ -2898,6 +2916,7 @@ sort_vals( Attribute *a ) strcpy(a->a_nvals[i].bv_val, ptr); } } +#endif indexes = ch_malloc( vals * sizeof(int) ); for ( i=0; ia_desc->ad_type->sat_flags & SLAP_AT_ORDERED ) { + sort = 1; rc = sort_vals( a ); if ( rc ) return rc; } for ( i=0; a->a_nvals[i].bv_val; i++ ) { ca->line = a->a_nvals[i].bv_val; + if ( sort ) ca->line = strchr( ca->line, '}' ) + 1; rc = config_parse_vals( ct, ca, i ); if ( rc ) break; @@ -3000,7 +3021,7 @@ check_name_index( CfEntryInfo *parent, ConfigType ce_type, Entry *e, rval.bv_val = strchr(rdn.bv_val, '=' ) + 1; rval.bv_len = rdn.bv_len - (rval.bv_val - rdn.bv_val); rtype.bv_val = rdn.bv_val; - rtype.bv_len = rval.bv_val - rtype.bv_val - 2; + rtype.bv_len = rval.bv_val - rtype.bv_val - 1; /* Find attr */ slap_bv2ad( &rtype, &ad, &text ); @@ -3146,6 +3167,7 @@ config_add_internal( CfBackInfo *cfb, Entry *e, SlapReply *rs, int *renum ) rc = LDAP_CONSTRAINT_VIOLATION; goto leave; } + break; #ifdef SLAPD_MODULES case Cft_Module: if ( !last || last->ce_type != Cft_Global ) { @@ -3166,7 +3188,7 @@ config_add_internal( CfBackInfo *cfb, Entry *e, SlapReply *rs, int *renum ) goto ok; /* FALLTHRU */ case Cft_Global: - ca.be = backendDB; + ca.be = LDAP_STAILQ_FIRST(&backendDB); break; case Cft_Backend: @@ -3188,11 +3210,13 @@ config_add_internal( CfBackInfo *cfb, Entry *e, SlapReply *rs, int *renum ) case Cft_Overlay: ca.be = last->ce_be; type_ad = cfAd_overlay; + break; case Cft_Include: if ( !rs ) /* ignored */ break; type_ad = cfAd_include; + break; #ifdef SLAPD_MODULES case Cft_Module: { ModPaths *mp; @@ -3265,9 +3289,14 @@ config_add_internal( CfBackInfo *cfb, Entry *e, SlapReply *rs, int *renum ) /* Basic syntax checks are OK. Do the actual settings. */ if ( type_ct ) { - ca.line = type_attr->a_nvals[0].bv_val; + ca.line = type_attr->a_vals[0].bv_val; + if ( type_ad->ad_type->sat_flags & SLAP_AT_ORDERED ) + ca.line = strchr( ca.line, '}' ) + 1; rc = config_parse_add( type_ct, &ca, 0 ); - if ( rc ) goto leave; + if ( rc ) { + rc = LDAP_OTHER; + goto leave; + } } for ( a=e->e_attrs; a; a=a->a_next ) { if ( a == type_attr || a == oc_at ) continue; @@ -3277,10 +3306,15 @@ config_add_internal( CfBackInfo *cfb, Entry *e, SlapReply *rs, int *renum ) if ( ct ) break; } if ( !ct ) continue; /* user data? */ - for (i=0; a->a_nvals[i].bv_val; i++) { - ca.line = a->a_nvals[i].bv_val; + for (i=0; a->a_vals[i].bv_val; i++) { + ca.line = a->a_vals[i].bv_val; + if ( a->a_desc->ad_type->sat_flags & SLAP_AT_ORDERED ) + ca.line = strchr( ca.line, '}' ) + 1; rc = config_parse_add( ct, &ca, i ); - if ( rc ) goto leave; + if ( rc ) { + rc = LDAP_OTHER; + goto leave; + } } } ok: @@ -3354,6 +3388,14 @@ out: return rs->sr_err; } +/* Modify rules: + * for single-valued attributes, should just use REPLACE. + * any received DELETE/ADD on a single-valued attr will + * be checked (if a DEL value is provided) and then + * rewritten as a REPLACE. + * any DELETE received without a corresponding ADD will be + * rejected with LDAP_CONSTRAINT_VIOLATION. + */ static int config_back_modify( Operation *op, SlapReply *rs ) { @@ -3388,6 +3430,42 @@ out: return rs->sr_err; } +static int +config_back_modrdn( Operation *op, SlapReply *rs ) +{ + CfBackInfo *cfb; + CfEntryInfo *ce, *last; + + if ( !be_isroot( op ) ) { + rs->sr_err = LDAP_INSUFFICIENT_ACCESS; + send_ldap_result( op, rs ); + } + + cfb = (CfBackInfo *)op->o_bd->be_private; + + ce = config_find_base( cfb->cb_root, &op->o_req_ndn, &last ); + if ( !ce ) { + if ( last ) + rs->sr_matched = last->ce_entry->e_name.bv_val; + rs->sr_err = LDAP_NO_SUCH_OBJECT; + goto out; + } + + /* We don't allow moving objects to new parents. + * Generally we only allow reordering a set of ordered entries. + */ + if ( op->orr_newSup ) { + rs->sr_err = LDAP_UNWILLING_TO_PERFORM; + goto out; + } + ldap_pvt_thread_pool_pause( &connection_pool ); + + ldap_pvt_thread_pool_resume( &connection_pool ); +out: + send_ldap_result( op, rs ); + return rs->sr_err; +} + static int config_back_search( Operation *op, SlapReply *rs ) { @@ -3764,8 +3842,7 @@ config_back_db_open( BackendDB *be ) */ c.line = 0; - bi = backendInfo; - for (i=0; ibi_cf_table) continue; if (!bi->bi_private) continue; @@ -3788,12 +3865,14 @@ config_back_db_open( BackendDB *be ) } /* Create database nodes... */ - for (i=0; ibd_info->bi_private; @@ -3924,6 +4003,12 @@ config_back_initialize( BackendInfo *bi ) ConfigTable *ct = config_back_cf_table; char *argv[4]; int i; + static char *controls[] = { + LDAP_CONTROL_MANAGEDSAIT, + NULL + }; + + bi->bi_controls = controls; bi->bi_open = 0; bi->bi_close = 0; @@ -3941,7 +4026,7 @@ config_back_initialize( BackendInfo *bi ) bi->bi_op_search = config_back_search; bi->bi_op_compare = 0; bi->bi_op_modify = config_back_modify; - bi->bi_op_modrdn = 0; + bi->bi_op_modrdn = config_back_modrdn; bi->bi_op_add = config_back_add; bi->bi_op_delete = 0; bi->bi_op_abandon = 0;