X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=servers%2Fslapd%2Fconfig.c;h=8c2e633bf3b76915cf3e75d4eed8d96ab3c6c836;hb=7a296e605128cc84012f9c783179453797fe2685;hp=2aaa4d5128ba63cd2492e08148460c230cb49060;hpb=bbc719ca56753b448727340d732b8183162dfdfb;p=openldap diff --git a/servers/slapd/config.c b/servers/slapd/config.c index 2aaa4d5128..8c2e633bf3 100644 --- a/servers/slapd/config.c +++ b/servers/slapd/config.c @@ -53,10 +53,6 @@ #include "lutil_ldap.h" #include "config.h" -#ifdef HAVE_TLS -#include -#endif - #define ARGS_STEP 512 /* @@ -68,6 +64,7 @@ int global_gentlehup = 0; int global_idletimeout = 0; char *global_host = NULL; char *global_realm = NULL; +char *sasl_host = NULL; char **default_passwd_hash = NULL; struct berval default_search_base = BER_BVNULL; struct berval default_search_nbase = BER_BVNULL; @@ -128,6 +125,7 @@ ConfigTable *config_find_keyword(ConfigTable *Conf, ConfigArgs *c) { int config_check_vals(ConfigTable *Conf, ConfigArgs *c, int check_only ) { int rc, arg_user, arg_type, arg_syn, iarg; + unsigned uiarg; long larg; ber_len_t barg; @@ -145,54 +143,54 @@ int config_check_vals(ConfigTable *Conf, ConfigArgs *c, int check_only ) { c->argv[1] = ""; } if(Conf->min_args && (c->argc < Conf->min_args)) { - snprintf( c->msg, sizeof( c->msg ), "<%s> missing <%s> argument", + snprintf( c->cr_msg, sizeof( c->cr_msg ), "<%s> missing <%s> argument", c->argv[0], Conf->what ); - Debug(LDAP_DEBUG_CONFIG|LDAP_DEBUG_NONE, "%s: keyword %s\n", c->log, c->msg, 0 ); + Debug(LDAP_DEBUG_CONFIG|LDAP_DEBUG_NONE, "%s: keyword %s\n", c->log, c->cr_msg, 0 ); return(ARG_BAD_CONF); } if(Conf->max_args && (c->argc > Conf->max_args)) { char *ignored = " ignored"; - snprintf( c->msg, sizeof( c->msg ), "<%s> extra cruft after <%s>", + snprintf( c->cr_msg, sizeof( c->cr_msg ), "<%s> extra cruft after <%s>", c->argv[0], Conf->what ); ignored = ""; Debug(LDAP_DEBUG_CONFIG|LDAP_DEBUG_NONE, "%s: %s%s.\n", - c->log, c->msg, ignored ); + c->log, c->cr_msg, ignored ); return(ARG_BAD_CONF); } if((arg_syn & ARG_DB) && !c->be) { - snprintf( c->msg, sizeof( c->msg ), "<%s> only allowed within database declaration", + snprintf( c->cr_msg, sizeof( c->cr_msg ), "<%s> only allowed within database declaration", c->argv[0] ); Debug(LDAP_DEBUG_CONFIG|LDAP_DEBUG_NONE, "%s: keyword %s\n", - c->log, c->msg, 0); + c->log, c->cr_msg, 0); return(ARG_BAD_CONF); } if((arg_syn & ARG_PRE_BI) && c->bi) { - snprintf( c->msg, sizeof( c->msg ), "<%s> must occur before any backend %sdeclaration", + snprintf( c->cr_msg, sizeof( c->cr_msg ), "<%s> must occur before any backend %sdeclaration", c->argv[0], (arg_syn & ARG_PRE_DB) ? "or database " : "" ); Debug(LDAP_DEBUG_CONFIG|LDAP_DEBUG_NONE, "%s: keyword %s\n", - c->log, c->msg, 0 ); + c->log, c->cr_msg, 0 ); return(ARG_BAD_CONF); } if((arg_syn & ARG_PRE_DB) && c->be && c->be != frontendDB) { - snprintf( c->msg, sizeof( c->msg ), "<%s> must occur before any database declaration", + snprintf( c->cr_msg, sizeof( c->cr_msg ), "<%s> must occur before any database declaration", c->argv[0] ); Debug(LDAP_DEBUG_CONFIG|LDAP_DEBUG_NONE, "%s: keyword %s\n", - c->log, c->msg, 0); + c->log, c->cr_msg, 0); return(ARG_BAD_CONF); } if((arg_syn & ARG_PAREN) && *c->argv[1] != '(' /*')'*/) { - snprintf( c->msg, sizeof( c->msg ), "<%s> old format not supported", c->argv[0] ); + snprintf( c->cr_msg, sizeof( c->cr_msg ), "<%s> old format not supported", c->argv[0] ); Debug(LDAP_DEBUG_CONFIG|LDAP_DEBUG_NONE, "%s: %s\n", - c->log, c->msg, 0); + c->log, c->cr_msg, 0); return(ARG_BAD_CONF); } if(arg_type && !Conf->arg_item && !(arg_syn & ARG_OFFSET)) { - snprintf( c->msg, sizeof( c->msg ), "<%s> invalid config_table, arg_item is NULL", + snprintf( c->cr_msg, sizeof( c->cr_msg ), "<%s> invalid config_table, arg_item is NULL", c->argv[0] ); Debug(LDAP_DEBUG_CONFIG|LDAP_DEBUG_NONE, "%s: %s\n", - c->log, c->msg, 0); + c->log, c->cr_msg, 0); return(ARG_BAD_CONF); } c->type = arg_user; @@ -208,9 +206,9 @@ int config_check_vals(ConfigTable *Conf, ConfigArgs *c, int check_only ) { ber_str2bv( c->argv[1], 0, 0, &bv ); rc = dnPrettyNormal( NULL, &bv, &c->value_dn, &c->value_ndn, NULL ); if ( rc != LDAP_SUCCESS ) { - snprintf( c->msg, sizeof( c->msg ), "<%s> invalid DN %d (%s)", + snprintf( c->cr_msg, sizeof( c->cr_msg ), "<%s> invalid DN %d (%s)", c->argv[0], rc, ldap_err2string( rc )); - Debug(LDAP_DEBUG_CONFIG|LDAP_DEBUG_NONE, "%s: %s\n" , c->log, c->msg, 0); + Debug(LDAP_DEBUG_CONFIG|LDAP_DEBUG_NONE, "%s: %s\n" , c->log, c->cr_msg, 0); return(ARG_BAD_CONF); } if ( check_only ) { @@ -223,32 +221,42 @@ int config_check_vals(ConfigTable *Conf, ConfigArgs *c, int check_only ) { switch(arg_type) { case ARG_INT: if ( lutil_atoix( &iarg, c->argv[1], 0 ) != 0 ) { - snprintf( c->msg, sizeof( c->msg ), + snprintf( c->cr_msg, sizeof( c->cr_msg ), "<%s> unable to parse \"%s\" as int", c->argv[0], c->argv[1] ); Debug(LDAP_DEBUG_CONFIG|LDAP_DEBUG_NONE, "%s: %s\n", - c->log, c->msg, 0); + c->log, c->cr_msg, 0); + return(ARG_BAD_CONF); + } + break; + case ARG_UINT: + if ( lutil_atoux( &uiarg, c->argv[1], 0 ) != 0 ) { + snprintf( c->cr_msg, sizeof( c->cr_msg ), + "<%s> unable to parse \"%s\" as unsigned int", + c->argv[0], c->argv[1] ); + Debug(LDAP_DEBUG_CONFIG|LDAP_DEBUG_NONE, "%s: %s\n", + c->log, c->cr_msg, 0); return(ARG_BAD_CONF); } break; case ARG_LONG: if ( lutil_atolx( &larg, c->argv[1], 0 ) != 0 ) { - snprintf( c->msg, sizeof( c->msg ), + snprintf( c->cr_msg, sizeof( c->cr_msg ), "<%s> unable to parse \"%s\" as long", c->argv[0], c->argv[1] ); Debug(LDAP_DEBUG_CONFIG|LDAP_DEBUG_NONE, "%s: %s\n", - c->log, c->msg, 0); + c->log, c->cr_msg, 0); return(ARG_BAD_CONF); } break; case ARG_BER_LEN_T: { unsigned long l; if ( lutil_atoulx( &l, c->argv[1], 0 ) != 0 ) { - snprintf( c->msg, sizeof( c->msg ), + snprintf( c->cr_msg, sizeof( c->cr_msg ), "<%s> unable to parse \"%s\" as ber_len_t", c->argv[0], c->argv[1] ); Debug(LDAP_DEBUG_CONFIG|LDAP_DEBUG_NONE, "%s: %s\n", - c->log, c->msg, 0); + c->log, c->cr_msg, 0); return(ARG_BAD_CONF); } barg = (ber_len_t)l; @@ -267,10 +275,10 @@ int config_check_vals(ConfigTable *Conf, ConfigArgs *c, int check_only ) { { iarg = 0; } else { - snprintf( c->msg, sizeof( c->msg ), "<%s> invalid value", + snprintf( c->cr_msg, sizeof( c->cr_msg ), "<%s> invalid value", c->argv[0] ); Debug(LDAP_DEBUG_ANY|LDAP_DEBUG_NONE, "%s: %s\n", - c->log, c->msg, 0 ); + c->log, c->cr_msg, 0 ); return(ARG_BAD_CONF); } break; @@ -278,15 +286,16 @@ int config_check_vals(ConfigTable *Conf, ConfigArgs *c, int check_only ) { j = (arg_type & ARG_NONZERO) ? 1 : 0; if(iarg < j && larg < j && barg < j ) { larg = larg ? larg : (barg ? barg : iarg); - snprintf( c->msg, sizeof( c->msg ), "<%s> invalid value", + snprintf( c->cr_msg, sizeof( c->cr_msg ), "<%s> invalid value", c->argv[0] ); Debug(LDAP_DEBUG_ANY|LDAP_DEBUG_NONE, "%s: %s\n", - c->log, c->msg, 0 ); + c->log, c->cr_msg, 0 ); return(ARG_BAD_CONF); } switch(arg_type) { case ARG_ON_OFF: case ARG_INT: c->value_int = iarg; break; + case ARG_UINT: c->value_uint = uiarg; break; case ARG_LONG: c->value_long = larg; break; case ARG_BER_LEN_T: c->value_ber_t = barg; break; } @@ -301,17 +310,17 @@ int config_set_vals(ConfigTable *Conf, ConfigArgs *c) { arg_type = Conf->arg_type; if(arg_type & ARG_MAGIC) { if(!c->be) c->be = frontendDB; - c->msg[0] = '\0'; + c->cr_msg[0] = '\0'; rc = (*((ConfigDriver*)Conf->arg_item))(c); #if 0 if(c->be == frontendDB) c->be = NULL; #endif if(rc) { - if ( !c->msg[0] ) { - snprintf( c->msg, sizeof( c->msg ), "<%s> handler exited with %d", + if ( !c->cr_msg[0] ) { + snprintf( c->cr_msg, sizeof( c->cr_msg ), "<%s> handler exited with %d", c->argv[0], rc ); Debug(LDAP_DEBUG_CONFIG, "%s: %s!\n", - c->log, c->msg, 0 ); + c->log, c->cr_msg, 0 ); } return(ARG_BAD_CONF); } @@ -323,10 +332,10 @@ int config_set_vals(ConfigTable *Conf, ConfigArgs *c) { else if (c->bi) ptr = c->bi->bi_private; else { - snprintf( c->msg, sizeof( c->msg ), "<%s> offset is missing base pointer", + snprintf( c->cr_msg, sizeof( c->cr_msg ), "<%s> offset is missing base pointer", c->argv[0] ); Debug(LDAP_DEBUG_CONFIG, "%s: %s!\n", - c->log, c->msg, 0); + c->log, c->cr_msg, 0); return(ARG_BAD_CONF); } ptr = (void *)((char *)ptr + (long)Conf->arg_item); @@ -337,6 +346,7 @@ int config_set_vals(ConfigTable *Conf, ConfigArgs *c) { switch(arg_type & ARGS_TYPES) { case ARG_ON_OFF: case ARG_INT: *(int*)ptr = c->value_int; break; + case ARG_UINT: *(unsigned*)ptr = c->value_uint; break; case ARG_LONG: *(long*)ptr = c->value_long; break; case ARG_BER_LEN_T: *(ber_len_t*)ptr = c->value_ber_t; break; case ARG_STRING: { @@ -423,6 +433,7 @@ config_get_vals(ConfigTable *cf, ConfigArgs *c) switch(cf->arg_type & ARGS_TYPES) { case ARG_ON_OFF: case ARG_INT: c->value_int = *(int *)ptr; break; + case ARG_UINT: c->value_uint = *(unsigned *)ptr; break; case ARG_LONG: c->value_long = *(long *)ptr; break; case ARG_BER_LEN_T: c->value_ber_t = *(ber_len_t *)ptr; break; case ARG_STRING: @@ -438,6 +449,7 @@ config_get_vals(ConfigTable *cf, ConfigArgs *c) bv.bv_val = c->log; switch(cf->arg_type & ARGS_TYPES) { case ARG_INT: bv.bv_len = snprintf(bv.bv_val, sizeof( c->log ), "%d", c->value_int); break; + case ARG_UINT: bv.bv_len = snprintf(bv.bv_val, sizeof( c->log ), "%u", c->value_uint); break; case ARG_LONG: bv.bv_len = snprintf(bv.bv_val, sizeof( c->log ), "%ld", c->value_long); break; case ARG_BER_LEN_T: bv.bv_len = snprintf(bv.bv_val, sizeof( c->log ), "%ld", c->value_ber_t); break; case ARG_ON_OFF: bv.bv_len = snprintf(bv.bv_val, sizeof( c->log ), "%s", @@ -831,6 +843,10 @@ read_config_file(const char *fname, int depth, ConfigArgs *cf, ConfigTable *cft) rc = 0; done: + if ( cf ) { + cf->be = c->be; + cf->bi = c->bi; + } ch_free(c->tline); fclose(fp); ch_free(c->argv); @@ -991,6 +1007,140 @@ enum_to_verb(slap_verbmasks *v, slap_mask_t m, struct berval *bv) { return -1; } +/* register a new verbmask */ +static int +slap_verbmask_register( slap_verbmasks *vm_, slap_verbmasks **vmp, struct berval *bv, int mask ) +{ + slap_verbmasks *vm = *vmp; + int i; + + /* check for duplicate word */ + /* NOTE: we accept duplicate codes; the first occurrence will be used + * when mapping from mask to verb */ + i = verb_to_mask( bv->bv_val, vm ); + if ( !BER_BVISNULL( &vm[ i ].word ) ) { + return -1; + } + + for ( i = 0; !BER_BVISNULL( &vm[ i ].word ); i++ ) + ; + + if ( vm == vm_ ) { + /* first time: duplicate array */ + vm = ch_calloc( i + 2, sizeof( slap_verbmasks ) ); + for ( i = 0; !BER_BVISNULL( &vm_[ i ].word ); i++ ) + { + ber_dupbv( &vm[ i ].word, &vm_[ i ].word ); + *((slap_mask_t*)&vm[ i ].mask) = vm_[ i ].mask; + } + + } else { + vm = ch_realloc( vm, (i + 2) * sizeof( slap_verbmasks ) ); + } + + ber_dupbv( &vm[ i ].word, bv ); + *((slap_mask_t*)&vm[ i ].mask) = mask; + + BER_BVZERO( &vm[ i+1 ].word ); + + *vmp = vm; + + return i; +} + +static slap_verbmasks slap_ldap_response_code_[] = { + { BER_BVC("success"), LDAP_SUCCESS }, + + { BER_BVC("operationsError"), LDAP_OPERATIONS_ERROR }, + { BER_BVC("protocolError"), LDAP_PROTOCOL_ERROR }, + { BER_BVC("timelimitExceeded"), LDAP_TIMELIMIT_EXCEEDED }, + { BER_BVC("sizelimitExceeded"), LDAP_SIZELIMIT_EXCEEDED }, + { BER_BVC("compareFalse"), LDAP_COMPARE_FALSE }, + { BER_BVC("compareTrue"), LDAP_COMPARE_TRUE }, + + { BER_BVC("authMethodNotSupported"), LDAP_AUTH_METHOD_NOT_SUPPORTED }, + { BER_BVC("strongAuthNotSupported"), LDAP_STRONG_AUTH_NOT_SUPPORTED }, + { BER_BVC("strongAuthRequired"), LDAP_STRONG_AUTH_REQUIRED }, + { BER_BVC("strongerAuthRequired"), LDAP_STRONGER_AUTH_REQUIRED }, +#if 0 /* not LDAPv3 */ + { BER_BVC("partialResults"), LDAP_PARTIAL_RESULTS }, +#endif + + { BER_BVC("referral"), LDAP_REFERRAL }, + { BER_BVC("adminlimitExceeded"), LDAP_ADMINLIMIT_EXCEEDED }, + { BER_BVC("unavailableCriticalExtension"), LDAP_UNAVAILABLE_CRITICAL_EXTENSION }, + { BER_BVC("confidentialityRequired"), LDAP_CONFIDENTIALITY_REQUIRED }, + { BER_BVC("saslBindInProgress"), LDAP_SASL_BIND_IN_PROGRESS }, + + { BER_BVC("noSuchAttribute"), LDAP_NO_SUCH_ATTRIBUTE }, + { BER_BVC("undefinedType"), LDAP_UNDEFINED_TYPE }, + { BER_BVC("inappropriateMatching"), LDAP_INAPPROPRIATE_MATCHING }, + { BER_BVC("constraintViolation"), LDAP_CONSTRAINT_VIOLATION }, + { BER_BVC("typeOrValueExists"), LDAP_TYPE_OR_VALUE_EXISTS }, + { BER_BVC("invalidSyntax"), LDAP_INVALID_SYNTAX }, + + { BER_BVC("noSuchObject"), LDAP_NO_SUCH_OBJECT }, + { BER_BVC("aliasProblem"), LDAP_ALIAS_PROBLEM }, + { BER_BVC("invalidDnSyntax"), LDAP_INVALID_DN_SYNTAX }, +#if 0 /* not LDAPv3 */ + { BER_BVC("isLeaf"), LDAP_IS_LEAF }, +#endif + { BER_BVC("aliasDerefProblem"), LDAP_ALIAS_DEREF_PROBLEM }, + + { BER_BVC("proxyAuthzFailure"), LDAP_X_PROXY_AUTHZ_FAILURE }, + { BER_BVC("inappropriateAuth"), LDAP_INAPPROPRIATE_AUTH }, + { BER_BVC("invalidCredentials"), LDAP_INVALID_CREDENTIALS }, + { BER_BVC("insufficientAccess"), LDAP_INSUFFICIENT_ACCESS }, + + { BER_BVC("busy"), LDAP_BUSY }, + { BER_BVC("unavailable"), LDAP_UNAVAILABLE }, + { BER_BVC("unwillingToPerform"), LDAP_UNWILLING_TO_PERFORM }, + { BER_BVC("loopDetect"), LDAP_LOOP_DETECT }, + + { BER_BVC("namingViolation"), LDAP_NAMING_VIOLATION }, + { BER_BVC("objectClassViolation"), LDAP_OBJECT_CLASS_VIOLATION }, + { BER_BVC("notAllowedOnNonleaf"), LDAP_NOT_ALLOWED_ON_NONLEAF }, + { BER_BVC("notAllowedOnRdn"), LDAP_NOT_ALLOWED_ON_RDN }, + { BER_BVC("alreadyExists"), LDAP_ALREADY_EXISTS }, + { BER_BVC("noObjectClassMods"), LDAP_NO_OBJECT_CLASS_MODS }, + { BER_BVC("resultsTooLarge"), LDAP_RESULTS_TOO_LARGE }, + { BER_BVC("affectsMultipleDsas"), LDAP_AFFECTS_MULTIPLE_DSAS }, + + { BER_BVC("other"), LDAP_OTHER }, + + /* extension-specific */ + + { BER_BVC("cupResourcesExhausted"), LDAP_CUP_RESOURCES_EXHAUSTED }, + { BER_BVC("cupSecurityViolation"), LDAP_CUP_SECURITY_VIOLATION }, + { BER_BVC("cupInvalidData"), LDAP_CUP_INVALID_DATA }, + { BER_BVC("cupUnsupportedScheme"), LDAP_CUP_UNSUPPORTED_SCHEME }, + { BER_BVC("cupReloadRequired"), LDAP_CUP_RELOAD_REQUIRED }, + + { BER_BVC("cancelled"), LDAP_CANCELLED }, + { BER_BVC("noSuchOperation"), LDAP_NO_SUCH_OPERATION }, + { BER_BVC("tooLate"), LDAP_TOO_LATE }, + { BER_BVC("cannotCancel"), LDAP_CANNOT_CANCEL }, + + { BER_BVC("assertionFailed"), LDAP_ASSERTION_FAILED }, + + { BER_BVC("proxiedAuthorizationDenied"), LDAP_PROXIED_AUTHORIZATION_DENIED }, + + { BER_BVC("syncRefreshRequired"), LDAP_SYNC_REFRESH_REQUIRED }, + + { BER_BVC("noOperation"), LDAP_X_NO_OPERATION }, + + { BER_BVNULL, 0 } +}; + +slap_verbmasks *slap_ldap_response_code = slap_ldap_response_code_; + +int +slap_ldap_response_code_register( struct berval *bv, int err ) +{ + return slap_verbmask_register( slap_ldap_response_code_, + &slap_ldap_response_code, bv, err ); +} + #ifdef HAVE_TLS static slap_verbmasks tlskey[] = { { BER_BVC("no"), SB_TLS_OFF }, @@ -1041,7 +1191,7 @@ static slap_cf_aux_table bindkey[] = { { BER_BVC("saslmech="), offsetof(slap_bindconf, sb_saslmech), 'b', 0, NULL }, { BER_BVC("secprops="), offsetof(slap_bindconf, sb_secprops), 's', 0, NULL }, { BER_BVC("realm="), offsetof(slap_bindconf, sb_realm), 'b', 0, NULL }, - { BER_BVC("authcID="), offsetof(slap_bindconf, sb_authcId), 'b', 0, (slap_verbmasks *)authzNormalize }, + { BER_BVC("authcID="), offsetof(slap_bindconf, sb_authcId), 'b', 1, NULL }, { BER_BVC("authzID="), offsetof(slap_bindconf, sb_authzId), 'b', 1, (slap_verbmasks *)authzNormalize }, #ifdef HAVE_TLS { BER_BVC("starttls="), offsetof(slap_bindconf, sb_tls), 'i', 0, tlskey }, @@ -1588,6 +1738,10 @@ slap_client_connect( LDAP **ldp, slap_bindconf *sb ) sb->sb_authcId.bv_val, sb->sb_cred.bv_val, sb->sb_authzId.bv_val ); + if ( defaults == NULL ) { + rc = LDAP_OTHER; + goto done; + } rc = ldap_sasl_interactive_bind_s( ld, sb->sb_binddn.bv_val,