X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=servers%2Fslapd%2Fconfig.c;h=290aa1a8efb49ce78ddeedf76be6db22749288a6;hb=dbaf7c5c2503b2770c9075e30a9a63b6ff577d6f;hp=8f8e92ac61c48a01e7c1ab538bdf6757002799ee;hpb=966c47e5b4327ea847eaaad0a434525f9c32be6a;p=openldap diff --git a/servers/slapd/config.c b/servers/slapd/config.c index 8f8e92ac61..290aa1a8ef 100644 --- a/servers/slapd/config.c +++ b/servers/slapd/config.c @@ -36,13 +36,21 @@ #include #include + +#ifndef S_ISREG +#define S_ISREG(m) (((m) & _S_IFMT) == _S_IFREG) +#endif + +#if HAVE_UNISTD_H #include +#endif #include "slap.h" #ifdef LDAP_SLAPI #include "slapi/slapi.h" #endif #include "lutil.h" +#include "lutil_ldap.h" #include "config.h" #ifdef HAVE_TLS @@ -120,24 +128,27 @@ ConfigTable *config_find_keyword(ConfigTable *Conf, ConfigArgs *c) { } int config_check_vals(ConfigTable *Conf, ConfigArgs *c, int check_only ) { - int rc, arg_user, arg_type, iarg; + int rc, arg_user, arg_type, arg_syn, iarg; long larg; ber_len_t barg; - arg_type = Conf->arg_type; - if(arg_type == ARG_IGNORED) { + if(Conf->arg_type == ARG_IGNORED) { Debug(LDAP_DEBUG_CONFIG, "%s: keyword <%s> ignored\n", c->log, Conf->name, 0); return(0); } - if((arg_type & ARG_DN) && c->argc == 1) { + arg_type = Conf->arg_type & ARGS_TYPES; + arg_user = Conf->arg_type & ARGS_USERLAND; + arg_syn = Conf->arg_type & ARGS_SYNTAX; + + if((arg_type == ARG_DN) && c->argc == 1) { c->argc = 2; c->argv[1] = ""; } if(Conf->min_args && (c->argc < Conf->min_args)) { snprintf( c->msg, sizeof( c->msg ), "<%s> missing <%s> argument", c->argv[0], Conf->what ); - Debug(LDAP_DEBUG_CONFIG, "%s: keyword %s\n", c->log, c->msg, 0 ); + Debug(LDAP_DEBUG_CONFIG|LDAP_DEBUG_NONE, "%s: keyword %s\n", c->log, c->msg, 0 ); return(ARG_BAD_CONF); } if(Conf->max_args && (c->argc > Conf->max_args)) { @@ -146,61 +157,77 @@ int config_check_vals(ConfigTable *Conf, ConfigArgs *c, int check_only ) { snprintf( c->msg, sizeof( c->msg ), "<%s> extra cruft after <%s>", c->argv[0], Conf->what ); -#ifdef LDAP_DEVEL ignored = ""; -#endif /* LDAP_DEVEL */ - Debug(LDAP_DEBUG_CONFIG, "%s: %s%s.\n", + Debug(LDAP_DEBUG_CONFIG|LDAP_DEBUG_NONE, "%s: %s%s.\n", c->log, c->msg, ignored ); -#ifdef LDAP_DEVEL return(ARG_BAD_CONF); -#endif /* LDAP_DEVEL */ } - if((arg_type & ARG_DB) && !c->be) { + if((arg_syn & ARG_DB) && !c->be) { snprintf( c->msg, sizeof( c->msg ), "<%s> only allowed within database declaration", c->argv[0] ); - Debug(LDAP_DEBUG_CONFIG, "%s: keyword %s\n", + Debug(LDAP_DEBUG_CONFIG|LDAP_DEBUG_NONE, "%s: keyword %s\n", c->log, c->msg, 0); return(ARG_BAD_CONF); } - if((arg_type & ARG_PRE_BI) && c->bi) { + if((arg_syn & ARG_PRE_BI) && c->bi) { snprintf( c->msg, sizeof( c->msg ), "<%s> must occur before any backend %sdeclaration", - c->argv[0], (arg_type & ARG_PRE_DB) ? "or database " : "" ); - Debug(LDAP_DEBUG_CONFIG, "%s: keyword %s\n", + c->argv[0], (arg_syn & ARG_PRE_DB) ? "or database " : "" ); + Debug(LDAP_DEBUG_CONFIG|LDAP_DEBUG_NONE, "%s: keyword %s\n", c->log, c->msg, 0 ); return(ARG_BAD_CONF); } - if((arg_type & ARG_PRE_DB) && c->be && c->be != frontendDB) { + if((arg_syn & ARG_PRE_DB) && c->be && c->be != frontendDB) { snprintf( c->msg, sizeof( c->msg ), "<%s> must occur before any database declaration", c->argv[0] ); - Debug(LDAP_DEBUG_CONFIG, "%s: keyword %s\n", + Debug(LDAP_DEBUG_CONFIG|LDAP_DEBUG_NONE, "%s: keyword %s\n", c->log, c->msg, 0); return(ARG_BAD_CONF); } - if((arg_type & ARG_PAREN) && *c->argv[1] != '(' /*')'*/) { + if((arg_syn & ARG_PAREN) && *c->argv[1] != '(' /*')'*/) { snprintf( c->msg, sizeof( c->msg ), "<%s> old format not supported", c->argv[0] ); - Debug(LDAP_DEBUG_CONFIG, "%s: %s\n", + Debug(LDAP_DEBUG_CONFIG|LDAP_DEBUG_NONE, "%s: %s\n", c->log, c->msg, 0); return(ARG_BAD_CONF); } - if((arg_type & ARGS_POINTER) && !Conf->arg_item && !(arg_type & ARG_OFFSET)) { + if(arg_type && !Conf->arg_item && !(arg_syn & ARG_OFFSET)) { snprintf( c->msg, sizeof( c->msg ), "<%s> invalid config_table, arg_item is NULL", c->argv[0] ); - Debug(LDAP_DEBUG_CONFIG, "%s: %s\n", + Debug(LDAP_DEBUG_CONFIG|LDAP_DEBUG_NONE, "%s: %s\n", c->log, c->msg, 0); return(ARG_BAD_CONF); } - c->type = arg_user = (arg_type & ARGS_USERLAND); + c->type = arg_user; memset(&c->values, 0, sizeof(c->values)); - if(arg_type & ARGS_NUMERIC) { + if(arg_type == ARG_STRING) { + if ( !check_only ) + c->value_string = ch_strdup(c->argv[1]); + } else if(arg_type == ARG_BERVAL) { + if ( !check_only ) + ber_str2bv( c->argv[1], 0, 1, &c->value_bv ); + } else if(arg_type == ARG_DN) { + struct berval bv; + ber_str2bv( c->argv[1], 0, 0, &bv ); + rc = dnPrettyNormal( NULL, &bv, &c->value_dn, &c->value_ndn, NULL ); + if ( rc != LDAP_SUCCESS ) { + snprintf( c->msg, sizeof( c->msg ), "<%s> invalid DN %d (%s)", + c->argv[0], rc, ldap_err2string( rc )); + Debug(LDAP_DEBUG_CONFIG|LDAP_DEBUG_NONE, "%s: %s\n" , c->log, c->msg, 0); + return(ARG_BAD_CONF); + } + if ( check_only ) { + ch_free( c->value_ndn.bv_val ); + ch_free( c->value_dn.bv_val ); + } + } else { /* all numeric */ int j; iarg = 0; larg = 0; barg = 0; - switch(arg_type & ARGS_NUMERIC) { + switch(arg_type) { case ARG_INT: if ( lutil_atoix( &iarg, c->argv[1], 0 ) != 0 ) { snprintf( c->msg, sizeof( c->msg ), "<%s> unable to parse \"%s\" as int", c->argv[0], c->argv[1] ); - Debug(LDAP_DEBUG_CONFIG, "%s: %s\n", + Debug(LDAP_DEBUG_CONFIG|LDAP_DEBUG_NONE, "%s: %s\n", c->log, c->msg, 0); return(ARG_BAD_CONF); } @@ -210,7 +237,7 @@ int config_check_vals(ConfigTable *Conf, ConfigArgs *c, int check_only ) { snprintf( c->msg, sizeof( c->msg ), "<%s> unable to parse \"%s\" as long", c->argv[0], c->argv[1] ); - Debug(LDAP_DEBUG_CONFIG, "%s: %s\n", + Debug(LDAP_DEBUG_CONFIG|LDAP_DEBUG_NONE, "%s: %s\n", c->log, c->msg, 0); return(ARG_BAD_CONF); } @@ -221,7 +248,7 @@ int config_check_vals(ConfigTable *Conf, ConfigArgs *c, int check_only ) { snprintf( c->msg, sizeof( c->msg ), "<%s> unable to parse \"%s\" as ber_len_t", c->argv[0], c->argv[1] ); - Debug(LDAP_DEBUG_CONFIG, "%s: %s\n", + Debug(LDAP_DEBUG_CONFIG|LDAP_DEBUG_NONE, "%s: %s\n", c->log, c->msg, 0); return(ARG_BAD_CONF); } @@ -243,7 +270,7 @@ int config_check_vals(ConfigTable *Conf, ConfigArgs *c, int check_only ) { } else { snprintf( c->msg, sizeof( c->msg ), "<%s> invalid value", c->argv[0] ); - Debug(LDAP_DEBUG_ANY, "%s: %s\n", + Debug(LDAP_DEBUG_ANY|LDAP_DEBUG_NONE, "%s: %s\n", c->log, c->msg, 0 ); return(ARG_BAD_CONF); } @@ -254,36 +281,16 @@ int config_check_vals(ConfigTable *Conf, ConfigArgs *c, int check_only ) { larg = larg ? larg : (barg ? barg : iarg); snprintf( c->msg, sizeof( c->msg ), "<%s> invalid value", c->argv[0] ); - Debug(LDAP_DEBUG_ANY, "%s: %s\n", + Debug(LDAP_DEBUG_ANY|LDAP_DEBUG_NONE, "%s: %s\n", c->log, c->msg, 0 ); return(ARG_BAD_CONF); } - switch(arg_type & ARGS_NUMERIC) { + switch(arg_type) { case ARG_ON_OFF: case ARG_INT: c->value_int = iarg; break; case ARG_LONG: c->value_long = larg; break; case ARG_BER_LEN_T: c->value_ber_t = barg; break; } - } else if(arg_type & ARG_STRING) { - if ( !check_only ) - c->value_string = ch_strdup(c->argv[1]); - } else if(arg_type & ARG_BERVAL) { - if ( !check_only ) - ber_str2bv( c->argv[1], 0, 1, &c->value_bv ); - } else if(arg_type & ARG_DN) { - struct berval bv; - ber_str2bv( c->argv[1], 0, 0, &bv ); - rc = dnPrettyNormal( NULL, &bv, &c->value_dn, &c->value_ndn, NULL ); - if ( rc != LDAP_SUCCESS ) { - snprintf( c->msg, sizeof( c->msg ), "<%s> invalid DN %d (%s)", - c->argv[0], rc, ldap_err2string( rc )); - Debug(LDAP_DEBUG_CONFIG, "%s: %s\n" , c->log, c->msg, 0); - return(ARG_BAD_CONF); - } - if ( check_only ) { - ch_free( c->value_ndn.bv_val ); - ch_free( c->value_dn.bv_val ); - } } return 0; } @@ -312,7 +319,8 @@ int config_set_vals(ConfigTable *Conf, ConfigArgs *c) { return(0); } if(arg_type & ARG_OFFSET) { - if (c->be) + if (c->be && (!overlay_is_over(c->be) || + ((slap_overinfo *)c->be->bd_info)->oi_orig == c->bi)) ptr = c->be->be_private; else if (c->bi) ptr = c->bi->bi_private; @@ -324,11 +332,11 @@ int config_set_vals(ConfigTable *Conf, ConfigArgs *c) { return(ARG_BAD_CONF); } ptr = (void *)((char *)ptr + (long)Conf->arg_item); - } else if (arg_type & ARGS_POINTER) { + } else if (arg_type & ARGS_TYPES) { ptr = Conf->arg_item; } - if(arg_type & ARGS_POINTER) - switch(arg_type & ARGS_POINTER) { + if(arg_type & ARGS_TYPES) + switch(arg_type & ARGS_TYPES) { case ARG_ON_OFF: case ARG_INT: *(int*)ptr = c->value_int; break; case ARG_LONG: *(long*)ptr = c->value_long; break; @@ -403,7 +411,8 @@ config_get_vals(ConfigTable *cf, ConfigArgs *c) if ( rc ) return rc; } else { if ( cf->arg_type & ARG_OFFSET ) { - if ( c->be ) + if (c->be && (!overlay_is_over(c->be) || + ((slap_overinfo *)c->be->bd_info)->oi_orig == c->bi)) ptr = c->be->be_private; else if ( c->bi ) ptr = c->bi->bi_private; @@ -414,7 +423,7 @@ config_get_vals(ConfigTable *cf, ConfigArgs *c) ptr = cf->arg_item; } - switch(cf->arg_type & ARGS_POINTER) { + switch(cf->arg_type & ARGS_TYPES) { case ARG_ON_OFF: case ARG_INT: c->value_int = *(int *)ptr; break; case ARG_LONG: c->value_long = *(long *)ptr; break; @@ -427,9 +436,10 @@ config_get_vals(ConfigTable *cf, ConfigArgs *c) ber_dupbv( &c->value_bv, (struct berval *)ptr ); break; } } - if ( cf->arg_type & ARGS_POINTER) { + if ( cf->arg_type & ARGS_TYPES) { + bv.bv_len = 0; bv.bv_val = c->log; - switch(cf->arg_type & ARGS_POINTER) { + switch(cf->arg_type & ARGS_TYPES) { case ARG_INT: bv.bv_len = snprintf(bv.bv_val, sizeof( c->log ), "%d", c->value_int); break; case ARG_LONG: bv.bv_len = snprintf(bv.bv_val, sizeof( c->log ), "%ld", c->value_long); break; case ARG_BER_LEN_T: bv.bv_len = snprintf(bv.bv_val, sizeof( c->log ), "%ld", c->value_ber_t); break; @@ -449,59 +459,37 @@ config_get_vals(ConfigTable *cf, ConfigArgs *c) return 1; } break; + default: + bv.bv_val = NULL; + break; } if (bv.bv_val == c->log && bv.bv_len >= sizeof( c->log ) ) { return 1; } - if (( cf->arg_type & ARGS_POINTER ) == ARG_STRING ) + if (( cf->arg_type & ARGS_TYPES ) == ARG_STRING ) { ber_bvarray_add(&c->rvalue_vals, &bv); - else + } else if ( !BER_BVISNULL( &bv ) ) { value_add_one(&c->rvalue_vals, &bv); + } + /* else: maybe c->rvalue_vals already set? */ } return rc; } int init_config_attrs(ConfigTable *ct) { - LDAPAttributeType *at; int i, code; - const char *err; for (i=0; ct[i].name; i++ ) { - int freeit = 0; - if ( !ct[i].attribute ) continue; - at = ldap_str2attributetype( ct[i].attribute, - &code, &err, LDAP_SCHEMA_ALLOW_ALL ); - if ( !at ) { - fprintf( stderr, "init_config_attrs: AttributeType \"%s\": %s, %s\n", - ct[i].attribute, ldap_scherr2str(code), err ); - return code; - } - - code = at_add( at, 0, NULL, &err ); - if ( code ) { - if ( code == SLAP_SCHERR_ATTR_DUP ) { - freeit = 1; - - } else { - ldap_attributetype_free( at ); - fprintf( stderr, "init_config_attrs: AttributeType \"%s\": %s, %s\n", - ct[i].attribute, scherr2str(code), err ); - return code; - } - } - code = slap_str2ad( at->at_names[0], &ct[i].ad, &err ); - if ( freeit || code ) { - ldap_attributetype_free( at ); - } else { - ldap_memfree( at ); - } + code = register_at( ct[i].attribute, &ct[i].ad, 1 ); if ( code ) { - fprintf( stderr, "init_config_attrs: AttributeType \"%s\": %s\n", - ct[i].attribute, err ); + fprintf( stderr, "init_config_attrs: register_at failed\n" ); return code; } +#ifndef LDAP_DEVEL + ct[i].ad->ad_type->sat_flags |= SLAP_AT_HIDE; +#endif } return 0; @@ -509,32 +497,17 @@ init_config_attrs(ConfigTable *ct) { int init_config_ocs( ConfigOCs *ocs ) { - int i; + int i, code; for (i=0;ocs[i].co_def;i++) { - LDAPObjectClass *oc; - int code; - const char *err; - - oc = ldap_str2objectclass( ocs[i].co_def, &code, &err, - LDAP_SCHEMA_ALLOW_ALL ); - if ( !oc ) { - fprintf( stderr, "init_config_ocs: objectclass \"%s\": %s, %s\n", - ocs[i].co_def, ldap_scherr2str(code), err ); - return code; - } - code = oc_add(oc,0,NULL,&err); - if ( code && code != SLAP_SCHERR_CLASS_DUP ) { - fprintf( stderr, "init_config_ocs: objectclass \"%s\": %s, %s\n", - ocs[i].co_def, scherr2str(code), err ); - ldap_objectclass_free(oc); + code = register_oc( ocs[i].co_def, &ocs[i].co_oc, 1 ); + if ( code ) { + fprintf( stderr, "init_config_ocs: register_oc failed\n" ); return code; } - ocs[i].co_oc = oc_find(oc->oc_names[0]); - if ( code ) - ldap_objectclass_free(oc); - else - ldap_memfree(oc); +#ifndef LDAP_DEVEL + ocs[i].co_oc->soc_flags |= SLAP_OC_HIDE; +#endif } return 0; } @@ -868,14 +841,21 @@ done: /* restrictops, allows, disallows, requires, loglevel */ int -verb_to_mask(const char *word, slap_verbmasks *v) { +bverb_to_mask(struct berval *bword, slap_verbmasks *v) { int i; for(i = 0; !BER_BVISNULL(&v[i].word); i++) { - if(!strcasecmp(word, v[i].word.bv_val)) break; + if(!ber_bvstrcasecmp(bword, &v[i].word)) break; } return(i); } +int +verb_to_mask(const char *word, slap_verbmasks *v) { + struct berval bword; + ber_str2bv( word, 0, 0, &bword ); + return bverb_to_mask( &bword, v ); +} + int verbs_to_mask(int argc, char *argv[], slap_verbmasks *v, slap_mask_t *m) { int i, j; @@ -1011,12 +991,14 @@ enum_to_verb(slap_verbmasks *v, slap_mask_t m, struct berval *bv) { return -1; } +#ifdef HAVE_TLS static slap_verbmasks tlskey[] = { { BER_BVC("no"), SB_TLS_OFF }, { BER_BVC("yes"), SB_TLS_ON }, { BER_BVC("critical"), SB_TLS_CRITICAL }, { BER_BVNULL, 0 } }; +#endif static slap_verbmasks methkey[] = { { BER_BVC("none"), LDAP_AUTH_NONE }, @@ -1027,9 +1009,15 @@ static slap_verbmasks methkey[] = { { BER_BVNULL, 0 } }; +static slap_verbmasks versionkey[] = { + { BER_BVC("2"), LDAP_VERSION2 }, + { BER_BVC("3"), LDAP_VERSION3 }, + { BER_BVNULL, 0 } +}; + static slap_cf_aux_table bindkey[] = { { BER_BVC("uri="), offsetof(slap_bindconf, sb_uri), 'b', 1, NULL }, - { BER_BVC("starttls="), offsetof(slap_bindconf, sb_tls), 'd', 0, tlskey }, + { BER_BVC("version="), offsetof(slap_bindconf, sb_version), 'd', 0, versionkey }, { BER_BVC("bindmethod="), offsetof(slap_bindconf, sb_method), 'd', 0, methkey }, { BER_BVC("binddn="), offsetof(slap_bindconf, sb_binddn), 'b', 1, NULL }, { BER_BVC("credentials="), offsetof(slap_bindconf, sb_cred), 'b', 1, NULL }, @@ -1039,6 +1027,7 @@ static slap_cf_aux_table bindkey[] = { { BER_BVC("authcID="), offsetof(slap_bindconf, sb_authcId), 'b', 0, NULL }, { BER_BVC("authzID="), offsetof(slap_bindconf, sb_authzId), 'b', 1, NULL }, #ifdef HAVE_TLS + { BER_BVC("starttls="), offsetof(slap_bindconf, sb_tls), 'd', 0, tlskey }, #define aux_TLS (bindkey+10) /* beginning of TLS keywords */ @@ -1137,7 +1126,7 @@ slap_cf_aux_table_parse( const char *word, void *dst, slap_cf_aux_table *tab0, L int slap_cf_aux_table_unparse( void *src, struct berval *bv, slap_cf_aux_table *tab0 ) { - char buf[BUFSIZ], *ptr; + char buf[AC_LINE_MAX], *ptr; slap_cf_aux_table *tab; struct berval tmp; @@ -1271,10 +1260,12 @@ void bindconf_free( slap_bindconf *bc ) { BER_BVZERO( &bc->sb_authzId ); } #ifdef HAVE_TLS +#if 0 if ( bc->sb_tls_ctx ) { SSL_CTX_free( bc->sb_tls_ctx ); bc->sb_tls_ctx = NULL; } +#endif if ( bc->sb_tls_cert ) { ch_free( bc->sb_tls_cert ); bc->sb_tls_cert = NULL; @@ -1384,6 +1375,157 @@ int bindconf_tls_set( slap_bindconf *bc, LDAP *ld ) } #endif +/* + * connect to a client using the bindconf data + * note: should move "version" into bindconf... + */ +int +slap_client_connect( LDAP **ldp, slap_bindconf *sb ) +{ + LDAP *ld = NULL; + int rc; + + /* Init connection to master */ + rc = ldap_initialize( &ld, sb->sb_uri.bv_val ); + if ( rc != LDAP_SUCCESS ) { + Debug( LDAP_DEBUG_ANY, + "slap_client_connect: " + "ldap_initialize(%s) failed (%d)\n", + sb->sb_uri.bv_val, rc, 0 ); + return rc; + } + + if ( sb->sb_version != 0 ) { + ldap_set_option( ld, LDAP_OPT_PROTOCOL_VERSION, + (const void *)&sb->sb_version ); + } + +#ifdef HAVE_TLS + if ( sb->sb_tls_do_init ) { + rc = bindconf_tls_set( sb, ld ); + + } else if ( sb->sb_tls_ctx ) { + rc = ldap_set_option( ld, LDAP_OPT_X_TLS_CTX, + sb->sb_tls_ctx ); + } + + if ( rc ) { + Debug( LDAP_DEBUG_ANY, + "slap_client_connect: " + "URI=%s TLS context initialization failed (%d)\n", + sb->sb_uri.bv_val, rc, 0 ); + return rc; + } +#endif + + /* Bind */ + if ( sb->sb_tls ) { + rc = ldap_start_tls_s( ld, NULL, NULL ); + if ( rc != LDAP_SUCCESS ) { + Debug( LDAP_DEBUG_ANY, + "slap_client_connect: URI=%s " + "%s, ldap_start_tls failed (%d)\n", + sb->sb_uri.bv_val, + sb->sb_tls == SB_TLS_CRITICAL ? + "Error" : "Warning", + rc ); + if ( sb->sb_tls == SB_TLS_CRITICAL ) { + goto done; + } + } + } + + if ( sb->sb_method == LDAP_AUTH_SASL ) { +#ifdef HAVE_CYRUS_SASL + void *defaults; + + if ( sb->sb_secprops != NULL ) { + rc = ldap_set_option( ld, + LDAP_OPT_X_SASL_SECPROPS, sb->sb_secprops); + + if( rc != LDAP_OPT_SUCCESS ) { + Debug( LDAP_DEBUG_ANY, + "slap_client_connect: " + "error, ldap_set_option " + "(%s,SECPROPS,\"%s\") failed!\n", + sb->sb_uri.bv_val, sb->sb_secprops, 0 ); + goto done; + } + } + + defaults = lutil_sasl_defaults( ld, + sb->sb_saslmech.bv_val, + sb->sb_realm.bv_val, + sb->sb_authcId.bv_val, + sb->sb_cred.bv_val, + sb->sb_authzId.bv_val ); + + rc = ldap_sasl_interactive_bind_s( ld, + sb->sb_binddn.bv_val, + sb->sb_saslmech.bv_val, + NULL, NULL, + LDAP_SASL_QUIET, + lutil_sasl_interact, + defaults ); + + lutil_sasl_freedefs( defaults ); + + /* FIXME: different error behaviors according to + * 1) return code + * 2) on err policy : exit, retry, backoff ... + */ + if ( rc != LDAP_SUCCESS ) { + static struct berval bv_GSSAPI = BER_BVC( "GSSAPI" ); + + Debug( LDAP_DEBUG_ANY, "slap_client_connect: URI=%s " + "ldap_sasl_interactive_bind_s failed (%d)\n", + sb->sb_uri.bv_val, rc, 0 ); + + /* FIXME (see above comment) */ + /* if Kerberos credentials cache is not active, retry */ + if ( ber_bvcmp( &sb->sb_saslmech, &bv_GSSAPI ) == 0 && + rc == LDAP_LOCAL_ERROR ) + { + rc = LDAP_SERVER_DOWN; + } + + goto done; + } +#else /* HAVE_CYRUS_SASL */ + /* Should never get here, we trapped this at config time */ + assert(0); + Debug( LDAP_DEBUG_SYNC, "not compiled with SASL support\n", 0, 0, 0 ); + rc = LDAP_OTHER; + goto done; +#endif + + } else if ( sb->sb_method == LDAP_AUTH_SIMPLE ) { + rc = ldap_sasl_bind_s( ld, + sb->sb_binddn.bv_val, LDAP_SASL_SIMPLE, + &sb->sb_cred, NULL, NULL, NULL ); + if ( rc != LDAP_SUCCESS ) { + Debug( LDAP_DEBUG_ANY, "slap_client_connect: " + "URI=%s DN=\"%s\" " + "ldap_sasl_bind_s failed (%d)\n", + sb->sb_uri.bv_val, sb->sb_binddn.bv_val, rc ); + goto done; + } + } + +done:; + if ( rc ) { + if ( ld ) { + ldap_unbind_ext( ld, NULL, NULL ); + *ldp = NULL; + } + + } else { + *ldp = ld; + } + + return rc; +} + /* -------------------------------------- */ @@ -1442,7 +1584,7 @@ strtok_quote( char *line, char *sep, char **quote_ptr ) return( tmp ); } -static char buf[BUFSIZ]; +static char buf[AC_LINE_MAX]; static char *line; static size_t lmax, lcur; @@ -1450,7 +1592,7 @@ static size_t lmax, lcur; do { \ size_t len = strlen( buf ); \ while ( lcur + len + 1 > lmax ) { \ - lmax += BUFSIZ; \ + lmax += AC_LINE_MAX; \ line = (char *) ch_realloc( line, lmax ); \ } \ strcpy( line + lcur, buf ); \