X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=servers%2Fslapd%2Fbconfig.c;h=eeed0cdc49b7774a4a2cdb7a1b81e6aeb458537b;hb=6d1aa51604a7ae9c44287af5201afc9f43b5e91e;hp=b7237c7c0fdddb8e4755c7ad666611ac00259e17;hpb=4af9eb971559e3a1f0432615e93ec870dc753ddb;p=openldap

diff --git a/servers/slapd/bconfig.c b/servers/slapd/bconfig.c
index b7237c7c0f..eeed0cdc49 100644
--- a/servers/slapd/bconfig.c
+++ b/servers/slapd/bconfig.c
@@ -145,6 +145,7 @@ enum {
 	CFG_DATABASE,
 	CFG_TLS_RAND,
 	CFG_TLS_CIPHER,
+	CFG_TLS_PROTOCOL_MIN,
 	CFG_TLS_CERT_FILE,
 	CFG_TLS_CERT_KEY,
 	CFG_TLS_CA_PATH,
@@ -685,6 +686,14 @@ static ConfigTable config_back_cf_table[] = {
 #endif
 		"( OLcfgGlAt:77 NAME 'olcTLSDHParamFile' "
 			"SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
+	{ "TLSProtocolMin",	NULL, 0, 0, 0,
+#ifdef HAVE_TLS
+		CFG_TLS_PROTOCOL_MIN|ARG_STRING|ARG_MAGIC, &config_tls_config,
+#else
+		ARG_IGNORED, NULL,
+#endif
+		"( OLcfgGlAt:87 NAME 'olcTLSProtocolMin' "
+			"SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
 	{ "tool-threads", "count", 2, 2, 0, ARG_INT|ARG_MAGIC|CFG_TTHREADS,
 		&config_generic, "( OLcfgGlAt:80 NAME 'olcToolThreads' "
 			"SYNTAX OMsInteger SINGLE-VALUE )", NULL, NULL },
@@ -1774,20 +1783,28 @@ sortval_reject:
 				*sip = si;
 
 				if (( slapMode & SLAP_SERVER_MODE ) && c->argc > 2 ) {
+					Listener **l = slapd_get_listeners();
+					int i, isMe = 0;
+
+					/* Try a straight compare with Listener strings */
+					for ( i=0; l && l[i]; i++ ) {
+						if ( !strcasecmp( c->argv[2], l[i]->sl_url.bv_val )) {
+							isMe = 1;
+							break;
+						}
+					}
+
 					/* If hostname is empty, or is localhost, or matches
 					 * our hostname, this serverID refers to this host.
 					 * Compare it against listeners and ports.
 					 */
-					if ( !lud->lud_host || !lud->lud_host[0] ||
+					if ( !isMe && ( !lud->lud_host || !lud->lud_host[0] ||
 						!strncasecmp("localhost", lud->lud_host,
 							STRLENOF("localhost")) ||
-						!strcasecmp( global_host, lud->lud_host )) {
-						Listener **l = slapd_get_listeners();
-						int i;
+						!strcasecmp( global_host, lud->lud_host ))) {
 
 						for ( i=0; l && l[i]; i++ ) {
 							LDAPURLDesc *lu2;
-							int isMe = 0;
 							ldap_url_parse( l[i]->sl_url.bv_val, &lu2 );
 							do {
 								if ( strcasecmp( lud->lud_scheme,
@@ -1816,15 +1833,17 @@ sortval_reject:
 							} while(0);
 							ldap_free_urldesc( lu2 );
 							if ( isMe ) {
-								slap_serverID = si->si_num;
-								Debug( LDAP_DEBUG_CONFIG,
-									"%s: SID=%d (listener=%s)\n",
-									c->log, slap_serverID,
-									l[i]->sl_url.bv_val );
 								break;
 							}
 						}
 					}
+					if ( isMe ) {
+						slap_serverID = si->si_num;
+						Debug( LDAP_DEBUG_CONFIG,
+							"%s: SID=%d (listener=%s)\n",
+							c->log, slap_serverID,
+							l[i]->sl_url.bv_val );
+					}
 				}
 				if ( c->argc > 2 )
 					ldap_free_urldesc( lud );
@@ -3207,6 +3226,7 @@ config_tls_config(ConfigArgs *c) {
 	switch(c->type) {
 	case CFG_TLS_CRLCHECK:	flag = LDAP_OPT_X_TLS_CRLCHECK; break;
 	case CFG_TLS_VERIFY:	flag = LDAP_OPT_X_TLS_REQUIRE_CERT; break;
+	case CFG_TLS_PROTOCOL_MIN: flag = LDAP_OPT_X_TLS_PROTOCOL_MIN; break;
 	default:
 		Debug(LDAP_DEBUG_ANY, "%s: "
 				"unknown tls_option <0x%x>\n",
@@ -3229,7 +3249,7 @@ config_tls_config(ConfigArgs *c) {
 		}
 		return(ldap_pvt_tls_set_option(slap_tls_ld, flag, &i));
 	} else {
-		return(ldap_int_tls_config(slap_tls_ld, flag, c->argv[1]));
+		return(ldap_pvt_tls_config(slap_tls_ld, flag, c->argv[1]));
 	}
 }
 #endif
@@ -3799,14 +3819,15 @@ config_rename_kids( CfEntryInfo *ce )
 	struct berval rdn, nrdn;
 
 	for (ce2 = ce->ce_kids; ce2; ce2 = ce2->ce_sibs) {
+		struct berval newdn, newndn;
 		dnRdn ( &ce2->ce_entry->e_name, &rdn );
 		dnRdn ( &ce2->ce_entry->e_nname, &nrdn );
+		build_new_dn( &newdn, &ce->ce_entry->e_name, &rdn, NULL );
+		build_new_dn( &newndn, &ce->ce_entry->e_nname, &nrdn, NULL );
 		free( ce2->ce_entry->e_name.bv_val );
 		free( ce2->ce_entry->e_nname.bv_val );
-		build_new_dn( &ce2->ce_entry->e_name, &ce->ce_entry->e_name,
-			&rdn, NULL );
-		build_new_dn( &ce2->ce_entry->e_nname, &ce->ce_entry->e_nname,
-			&nrdn, NULL );
+		ce2->ce_entry->e_name = newdn;
+		ce2->ce_entry->e_nname = newndn;
 		config_rename_kids( ce2 );
 	}
 }
@@ -4467,6 +4488,7 @@ config_add_internal( CfBackInfo *cfb, Entry *e, ConfigArgs *ca, SlapReply *rs,
 		if ( !ct ) continue;	/* user data? */
 		for (i=0; a->a_vals[i].bv_val; i++) {
 			char *iptr = NULL;
+			ca->valx = -1;
 			ca->line = a->a_vals[i].bv_val;
 			if ( a->a_desc->ad_type->sat_flags & SLAP_AT_ORDERED ) {
 				ptr = strchr( ca->line, '}' );
@@ -4478,8 +4500,6 @@ config_add_internal( CfBackInfo *cfb, Entry *e, ConfigArgs *ca, SlapReply *rs,
 			if ( a->a_desc->ad_type->sat_flags & SLAP_AT_ORDERED_SIB ) {
 				if ( iptr ) {
 					ca->valx = strtol( iptr+1, NULL, 0 );
-				} else {
-					ca->valx = -1;
 				}
 			} else {
 				ca->valx = i;
@@ -4685,7 +4705,7 @@ config_back_add( Operation *op, SlapReply *rs )
 	{
 		char textbuf[SLAP_TEXT_BUFLEN];
 		size_t textlen = sizeof textbuf;
-		rs->sr_err = entry_schema_check(op, op->ora_e, NULL, 0, 1,
+		rs->sr_err = entry_schema_check(op, op->ora_e, NULL, 0, 1, NULL,
 			&rs->sr_text, textbuf, sizeof( textbuf ) );
 		if ( rs->sr_err != LDAP_SUCCESS )
 			goto out;
@@ -4768,6 +4788,7 @@ config_modify_add( ConfigTable *ct, ConfigArgs *ca, AttributeDescription *ad,
 {
 	int rc;
 
+	ca->valx = -1;
 	if (ad->ad_type->sat_flags & SLAP_AT_ORDERED &&
 		ca->line[0] == '{' )
 	{
@@ -4931,7 +4952,7 @@ config_modify_internal( CfEntryInfo *ce, Operation *op, SlapReply *rs,
 	
 	if ( rc == LDAP_SUCCESS) {
 		/* check that the entry still obeys the schema */
-		rc = entry_schema_check(op, e, NULL, 0, 0,
+		rc = entry_schema_check(op, e, NULL, 0, 0, NULL,
 			&rs->sr_text, ca->cr_msg, sizeof(ca->cr_msg) );
 	}
 	if ( rc ) goto out_noop;