X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=servers%2Fslapd%2Fconfig.c;h=b90ae1ec756fe1d74fc26682732269dc4a591417;hb=8149863204f44539ec0d227f99a65490c970f661;hp=b4917de41c9a87f31e8d6f65ea72239eca6b3388;hpb=93e1da43e98fcdefa09a8baba2ea0c3245939fb4;p=openldap diff --git a/servers/slapd/config.c b/servers/slapd/config.c index b4917de41c..b90ae1ec75 100644 --- a/servers/slapd/config.c +++ b/servers/slapd/config.c @@ -2,7 +2,7 @@ /* $OpenLDAP$ */ /* This work is part of OpenLDAP Software . * - * Copyright 1998-2007 The OpenLDAP Foundation. + * Copyright 1998-2009 The OpenLDAP Foundation. * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -62,8 +62,11 @@ slap_mask_t global_allows = 0; slap_mask_t global_disallows = 0; int global_gentlehup = 0; int global_idletimeout = 0; +int global_writetimeout = 0; char *global_host = NULL; +struct berval global_host_bv = BER_BVNULL; char *global_realm = NULL; +char *sasl_host = NULL; char **default_passwd_hash = NULL; struct berval default_search_base = BER_BVNULL; struct berval default_search_nbase = BER_BVNULL; @@ -85,7 +88,6 @@ int slapi_plugins_used = 0; static int fp_getline(FILE *fp, ConfigArgs *c); static void fp_getline_init(ConfigArgs *c); -static int fp_parse_line(ConfigArgs *c); static char *strtok_quote(char *line, char *sep, char **quote_ptr); static char *strtok_quote_ldif(char **line); @@ -124,7 +126,9 @@ ConfigTable *config_find_keyword(ConfigTable *Conf, ConfigArgs *c) { int config_check_vals(ConfigTable *Conf, ConfigArgs *c, int check_only ) { int rc, arg_user, arg_type, arg_syn, iarg; + unsigned uiarg; long larg; + unsigned long ularg; ber_len_t barg; if(Conf->arg_type == ARG_IGNORED) { @@ -141,54 +145,54 @@ int config_check_vals(ConfigTable *Conf, ConfigArgs *c, int check_only ) { c->argv[1] = ""; } if(Conf->min_args && (c->argc < Conf->min_args)) { - snprintf( c->msg, sizeof( c->msg ), "<%s> missing <%s> argument", - c->argv[0], Conf->what ); - Debug(LDAP_DEBUG_CONFIG|LDAP_DEBUG_NONE, "%s: keyword %s\n", c->log, c->msg, 0 ); + snprintf( c->cr_msg, sizeof( c->cr_msg ), "<%s> missing <%s> argument", + c->argv[0], Conf->what ? Conf->what : "" ); + Debug(LDAP_DEBUG_CONFIG|LDAP_DEBUG_NONE, "%s: keyword %s\n", c->log, c->cr_msg, 0 ); return(ARG_BAD_CONF); } if(Conf->max_args && (c->argc > Conf->max_args)) { char *ignored = " ignored"; - snprintf( c->msg, sizeof( c->msg ), "<%s> extra cruft after <%s>", + snprintf( c->cr_msg, sizeof( c->cr_msg ), "<%s> extra cruft after <%s>", c->argv[0], Conf->what ); ignored = ""; Debug(LDAP_DEBUG_CONFIG|LDAP_DEBUG_NONE, "%s: %s%s.\n", - c->log, c->msg, ignored ); + c->log, c->cr_msg, ignored ); return(ARG_BAD_CONF); } if((arg_syn & ARG_DB) && !c->be) { - snprintf( c->msg, sizeof( c->msg ), "<%s> only allowed within database declaration", + snprintf( c->cr_msg, sizeof( c->cr_msg ), "<%s> only allowed within database declaration", c->argv[0] ); Debug(LDAP_DEBUG_CONFIG|LDAP_DEBUG_NONE, "%s: keyword %s\n", - c->log, c->msg, 0); + c->log, c->cr_msg, 0); return(ARG_BAD_CONF); } if((arg_syn & ARG_PRE_BI) && c->bi) { - snprintf( c->msg, sizeof( c->msg ), "<%s> must occur before any backend %sdeclaration", + snprintf( c->cr_msg, sizeof( c->cr_msg ), "<%s> must occur before any backend %sdeclaration", c->argv[0], (arg_syn & ARG_PRE_DB) ? "or database " : "" ); Debug(LDAP_DEBUG_CONFIG|LDAP_DEBUG_NONE, "%s: keyword %s\n", - c->log, c->msg, 0 ); + c->log, c->cr_msg, 0 ); return(ARG_BAD_CONF); } if((arg_syn & ARG_PRE_DB) && c->be && c->be != frontendDB) { - snprintf( c->msg, sizeof( c->msg ), "<%s> must occur before any database declaration", + snprintf( c->cr_msg, sizeof( c->cr_msg ), "<%s> must occur before any database declaration", c->argv[0] ); Debug(LDAP_DEBUG_CONFIG|LDAP_DEBUG_NONE, "%s: keyword %s\n", - c->log, c->msg, 0); + c->log, c->cr_msg, 0); return(ARG_BAD_CONF); } if((arg_syn & ARG_PAREN) && *c->argv[1] != '(' /*')'*/) { - snprintf( c->msg, sizeof( c->msg ), "<%s> old format not supported", c->argv[0] ); + snprintf( c->cr_msg, sizeof( c->cr_msg ), "<%s> old format not supported", c->argv[0] ); Debug(LDAP_DEBUG_CONFIG|LDAP_DEBUG_NONE, "%s: %s\n", - c->log, c->msg, 0); + c->log, c->cr_msg, 0); return(ARG_BAD_CONF); } if(arg_type && !Conf->arg_item && !(arg_syn & ARG_OFFSET)) { - snprintf( c->msg, sizeof( c->msg ), "<%s> invalid config_table, arg_item is NULL", + snprintf( c->cr_msg, sizeof( c->cr_msg ), "<%s> invalid config_table, arg_item is NULL", c->argv[0] ); Debug(LDAP_DEBUG_CONFIG|LDAP_DEBUG_NONE, "%s: %s\n", - c->log, c->msg, 0); + c->log, c->cr_msg, 0); return(ARG_BAD_CONF); } c->type = arg_user; @@ -204,47 +208,77 @@ int config_check_vals(ConfigTable *Conf, ConfigArgs *c, int check_only ) { ber_str2bv( c->argv[1], 0, 0, &bv ); rc = dnPrettyNormal( NULL, &bv, &c->value_dn, &c->value_ndn, NULL ); if ( rc != LDAP_SUCCESS ) { - snprintf( c->msg, sizeof( c->msg ), "<%s> invalid DN %d (%s)", + snprintf( c->cr_msg, sizeof( c->cr_msg ), "<%s> invalid DN %d (%s)", c->argv[0], rc, ldap_err2string( rc )); - Debug(LDAP_DEBUG_CONFIG|LDAP_DEBUG_NONE, "%s: %s\n" , c->log, c->msg, 0); + Debug(LDAP_DEBUG_CONFIG|LDAP_DEBUG_NONE, "%s: %s\n" , c->log, c->cr_msg, 0); return(ARG_BAD_CONF); } if ( check_only ) { ch_free( c->value_ndn.bv_val ); ch_free( c->value_dn.bv_val ); } + } else if(arg_type == ARG_ATDESC) { + const char *text = NULL; + c->value_ad = NULL; + rc = slap_str2ad( c->argv[1], &c->value_ad, &text ); + if ( rc != LDAP_SUCCESS ) { + snprintf( c->cr_msg, sizeof( c->cr_msg ), "<%s> invalid AttributeDescription %d (%s)", + c->argv[0], rc, text ); + Debug(LDAP_DEBUG_CONFIG|LDAP_DEBUG_NONE, "%s: %s\n" , c->log, c->cr_msg, 0); + return(ARG_BAD_CONF); + } } else { /* all numeric */ int j; iarg = 0; larg = 0; barg = 0; switch(arg_type) { case ARG_INT: if ( lutil_atoix( &iarg, c->argv[1], 0 ) != 0 ) { - snprintf( c->msg, sizeof( c->msg ), + snprintf( c->cr_msg, sizeof( c->cr_msg ), "<%s> unable to parse \"%s\" as int", c->argv[0], c->argv[1] ); Debug(LDAP_DEBUG_CONFIG|LDAP_DEBUG_NONE, "%s: %s\n", - c->log, c->msg, 0); + c->log, c->cr_msg, 0); + return(ARG_BAD_CONF); + } + break; + case ARG_UINT: + if ( lutil_atoux( &uiarg, c->argv[1], 0 ) != 0 ) { + snprintf( c->cr_msg, sizeof( c->cr_msg ), + "<%s> unable to parse \"%s\" as unsigned int", + c->argv[0], c->argv[1] ); + Debug(LDAP_DEBUG_CONFIG|LDAP_DEBUG_NONE, "%s: %s\n", + c->log, c->cr_msg, 0); return(ARG_BAD_CONF); } break; case ARG_LONG: if ( lutil_atolx( &larg, c->argv[1], 0 ) != 0 ) { - snprintf( c->msg, sizeof( c->msg ), + snprintf( c->cr_msg, sizeof( c->cr_msg ), "<%s> unable to parse \"%s\" as long", c->argv[0], c->argv[1] ); Debug(LDAP_DEBUG_CONFIG|LDAP_DEBUG_NONE, "%s: %s\n", - c->log, c->msg, 0); + c->log, c->cr_msg, 0); + return(ARG_BAD_CONF); + } + break; + case ARG_ULONG: + if ( lutil_atoulx( &ularg, c->argv[1], 0 ) != 0 ) { + snprintf( c->cr_msg, sizeof( c->cr_msg ), + "<%s> unable to parse \"%s\" as unsigned long", + c->argv[0], c->argv[1] ); + Debug(LDAP_DEBUG_CONFIG|LDAP_DEBUG_NONE, "%s: %s\n", + c->log, c->cr_msg, 0); return(ARG_BAD_CONF); } break; case ARG_BER_LEN_T: { unsigned long l; if ( lutil_atoulx( &l, c->argv[1], 0 ) != 0 ) { - snprintf( c->msg, sizeof( c->msg ), + snprintf( c->cr_msg, sizeof( c->cr_msg ), "<%s> unable to parse \"%s\" as ber_len_t", c->argv[0], c->argv[1] ); Debug(LDAP_DEBUG_CONFIG|LDAP_DEBUG_NONE, "%s: %s\n", - c->log, c->msg, 0); + c->log, c->cr_msg, 0); return(ARG_BAD_CONF); } barg = (ber_len_t)l; @@ -263,10 +297,10 @@ int config_check_vals(ConfigTable *Conf, ConfigArgs *c, int check_only ) { { iarg = 0; } else { - snprintf( c->msg, sizeof( c->msg ), "<%s> invalid value", + snprintf( c->cr_msg, sizeof( c->cr_msg ), "<%s> invalid value", c->argv[0] ); Debug(LDAP_DEBUG_ANY|LDAP_DEBUG_NONE, "%s: %s\n", - c->log, c->msg, 0 ); + c->log, c->cr_msg, 0 ); return(ARG_BAD_CONF); } break; @@ -274,16 +308,18 @@ int config_check_vals(ConfigTable *Conf, ConfigArgs *c, int check_only ) { j = (arg_type & ARG_NONZERO) ? 1 : 0; if(iarg < j && larg < j && barg < j ) { larg = larg ? larg : (barg ? barg : iarg); - snprintf( c->msg, sizeof( c->msg ), "<%s> invalid value", + snprintf( c->cr_msg, sizeof( c->cr_msg ), "<%s> invalid value", c->argv[0] ); Debug(LDAP_DEBUG_ANY|LDAP_DEBUG_NONE, "%s: %s\n", - c->log, c->msg, 0 ); + c->log, c->cr_msg, 0 ); return(ARG_BAD_CONF); } switch(arg_type) { case ARG_ON_OFF: case ARG_INT: c->value_int = iarg; break; + case ARG_UINT: c->value_uint = uiarg; break; case ARG_LONG: c->value_long = larg; break; + case ARG_ULONG: c->value_ulong = ularg; break; case ARG_BER_LEN_T: c->value_ber_t = barg; break; } } @@ -297,17 +333,17 @@ int config_set_vals(ConfigTable *Conf, ConfigArgs *c) { arg_type = Conf->arg_type; if(arg_type & ARG_MAGIC) { if(!c->be) c->be = frontendDB; - c->msg[0] = '\0'; + c->cr_msg[0] = '\0'; rc = (*((ConfigDriver*)Conf->arg_item))(c); #if 0 if(c->be == frontendDB) c->be = NULL; #endif if(rc) { - if ( !c->msg[0] ) { - snprintf( c->msg, sizeof( c->msg ), "<%s> handler exited with %d", + if ( !c->cr_msg[0] ) { + snprintf( c->cr_msg, sizeof( c->cr_msg ), "<%s> handler exited with %d", c->argv[0], rc ); Debug(LDAP_DEBUG_CONFIG, "%s: %s!\n", - c->log, c->msg, 0 ); + c->log, c->cr_msg, 0 ); } return(ARG_BAD_CONF); } @@ -319,10 +355,10 @@ int config_set_vals(ConfigTable *Conf, ConfigArgs *c) { else if (c->bi) ptr = c->bi->bi_private; else { - snprintf( c->msg, sizeof( c->msg ), "<%s> offset is missing base pointer", + snprintf( c->cr_msg, sizeof( c->cr_msg ), "<%s> offset is missing base pointer", c->argv[0] ); Debug(LDAP_DEBUG_CONFIG, "%s: %s!\n", - c->log, c->msg, 0); + c->log, c->cr_msg, 0); return(ARG_BAD_CONF); } ptr = (void *)((char *)ptr + (long)Conf->arg_item); @@ -333,7 +369,9 @@ int config_set_vals(ConfigTable *Conf, ConfigArgs *c) { switch(arg_type & ARGS_TYPES) { case ARG_ON_OFF: case ARG_INT: *(int*)ptr = c->value_int; break; + case ARG_UINT: *(unsigned*)ptr = c->value_uint; break; case ARG_LONG: *(long*)ptr = c->value_long; break; + case ARG_ULONG: *(unsigned long*)ptr = c->value_ulong; break; case ARG_BER_LEN_T: *(ber_len_t*)ptr = c->value_ber_t; break; case ARG_STRING: { char *cc = *(char**)ptr; @@ -351,6 +389,9 @@ int config_set_vals(ConfigTable *Conf, ConfigArgs *c) { case ARG_BERVAL: *(struct berval *)ptr = c->value_bv; break; + case ARG_ATDESC: + *(AttributeDescription **)ptr = c->value_ad; + break; } return(0); } @@ -419,7 +460,9 @@ config_get_vals(ConfigTable *cf, ConfigArgs *c) switch(cf->arg_type & ARGS_TYPES) { case ARG_ON_OFF: case ARG_INT: c->value_int = *(int *)ptr; break; + case ARG_UINT: c->value_uint = *(unsigned *)ptr; break; case ARG_LONG: c->value_long = *(long *)ptr; break; + case ARG_ULONG: c->value_ulong = *(unsigned long *)ptr; break; case ARG_BER_LEN_T: c->value_ber_t = *(ber_len_t *)ptr; break; case ARG_STRING: if ( *(char **)ptr ) @@ -427,6 +470,8 @@ config_get_vals(ConfigTable *cf, ConfigArgs *c) break; case ARG_BERVAL: ber_dupbv( &c->value_bv, (struct berval *)ptr ); break; + case ARG_ATDESC: + c->value_ad = *(AttributeDescription **)ptr; break; } } if ( cf->arg_type & ARGS_TYPES) { @@ -434,7 +479,9 @@ config_get_vals(ConfigTable *cf, ConfigArgs *c) bv.bv_val = c->log; switch(cf->arg_type & ARGS_TYPES) { case ARG_INT: bv.bv_len = snprintf(bv.bv_val, sizeof( c->log ), "%d", c->value_int); break; + case ARG_UINT: bv.bv_len = snprintf(bv.bv_val, sizeof( c->log ), "%u", c->value_uint); break; case ARG_LONG: bv.bv_len = snprintf(bv.bv_val, sizeof( c->log ), "%ld", c->value_long); break; + case ARG_ULONG: bv.bv_len = snprintf(bv.bv_val, sizeof( c->log ), "%lu", c->value_ulong); break; case ARG_BER_LEN_T: bv.bv_len = snprintf(bv.bv_val, sizeof( c->log ), "%ld", c->value_ber_t); break; case ARG_ON_OFF: bv.bv_len = snprintf(bv.bv_val, sizeof( c->log ), "%s", c->value_int ? "TRUE" : "FALSE"); break; @@ -452,6 +499,13 @@ config_get_vals(ConfigTable *cf, ConfigArgs *c) return 1; } break; + case ARG_ATDESC: + if ( c->value_ad ) { + bv = c->value_ad->ad_cname; + } else { + return 1; + } + break; default: bv.bv_val = NULL; break; @@ -480,9 +534,6 @@ init_config_attrs(ConfigTable *ct) { fprintf( stderr, "init_config_attrs: register_at failed\n" ); return code; } -#ifndef LDAP_DEVEL - ct[i].ad->ad_type->sat_flags |= SLAP_AT_HIDE; -#endif } return 0; @@ -498,9 +549,6 @@ init_config_ocs( ConfigOCs *ocs ) { fprintf( stderr, "init_config_ocs: register_oc failed\n" ); return code; } -#ifndef LDAP_DEVEL - ocs[i].co_oc->soc_flags |= SLAP_OC_HIDE; -#endif } return 0; } @@ -706,7 +754,7 @@ read_config_file(const char *fname, int depth, ConfigArgs *cf, ConfigTable *cft) c->argc = 0; ch_free( c->tline ); - if ( fp_parse_line( c ) ) { + if ( config_fp_parse_line( c ) ) { rc = 1; goto done; } @@ -827,6 +875,10 @@ read_config_file(const char *fname, int depth, ConfigArgs *cf, ConfigTable *cft) rc = 0; done: + if ( cf ) { + cf->be = c->be; + cf->bi = c->bi; + } ch_free(c->tline); fclose(fp); ch_free(c->argv); @@ -987,6 +1039,140 @@ enum_to_verb(slap_verbmasks *v, slap_mask_t m, struct berval *bv) { return -1; } +/* register a new verbmask */ +static int +slap_verbmask_register( slap_verbmasks *vm_, slap_verbmasks **vmp, struct berval *bv, int mask ) +{ + slap_verbmasks *vm = *vmp; + int i; + + /* check for duplicate word */ + /* NOTE: we accept duplicate codes; the first occurrence will be used + * when mapping from mask to verb */ + i = verb_to_mask( bv->bv_val, vm ); + if ( !BER_BVISNULL( &vm[ i ].word ) ) { + return -1; + } + + for ( i = 0; !BER_BVISNULL( &vm[ i ].word ); i++ ) + ; + + if ( vm == vm_ ) { + /* first time: duplicate array */ + vm = ch_calloc( i + 2, sizeof( slap_verbmasks ) ); + for ( i = 0; !BER_BVISNULL( &vm_[ i ].word ); i++ ) + { + ber_dupbv( &vm[ i ].word, &vm_[ i ].word ); + *((slap_mask_t*)&vm[ i ].mask) = vm_[ i ].mask; + } + + } else { + vm = ch_realloc( vm, (i + 2) * sizeof( slap_verbmasks ) ); + } + + ber_dupbv( &vm[ i ].word, bv ); + *((slap_mask_t*)&vm[ i ].mask) = mask; + + BER_BVZERO( &vm[ i+1 ].word ); + + *vmp = vm; + + return i; +} + +static slap_verbmasks slap_ldap_response_code_[] = { + { BER_BVC("success"), LDAP_SUCCESS }, + + { BER_BVC("operationsError"), LDAP_OPERATIONS_ERROR }, + { BER_BVC("protocolError"), LDAP_PROTOCOL_ERROR }, + { BER_BVC("timelimitExceeded"), LDAP_TIMELIMIT_EXCEEDED }, + { BER_BVC("sizelimitExceeded"), LDAP_SIZELIMIT_EXCEEDED }, + { BER_BVC("compareFalse"), LDAP_COMPARE_FALSE }, + { BER_BVC("compareTrue"), LDAP_COMPARE_TRUE }, + + { BER_BVC("authMethodNotSupported"), LDAP_AUTH_METHOD_NOT_SUPPORTED }, + { BER_BVC("strongAuthNotSupported"), LDAP_STRONG_AUTH_NOT_SUPPORTED }, + { BER_BVC("strongAuthRequired"), LDAP_STRONG_AUTH_REQUIRED }, + { BER_BVC("strongerAuthRequired"), LDAP_STRONGER_AUTH_REQUIRED }, +#if 0 /* not LDAPv3 */ + { BER_BVC("partialResults"), LDAP_PARTIAL_RESULTS }, +#endif + + { BER_BVC("referral"), LDAP_REFERRAL }, + { BER_BVC("adminlimitExceeded"), LDAP_ADMINLIMIT_EXCEEDED }, + { BER_BVC("unavailableCriticalExtension"), LDAP_UNAVAILABLE_CRITICAL_EXTENSION }, + { BER_BVC("confidentialityRequired"), LDAP_CONFIDENTIALITY_REQUIRED }, + { BER_BVC("saslBindInProgress"), LDAP_SASL_BIND_IN_PROGRESS }, + + { BER_BVC("noSuchAttribute"), LDAP_NO_SUCH_ATTRIBUTE }, + { BER_BVC("undefinedType"), LDAP_UNDEFINED_TYPE }, + { BER_BVC("inappropriateMatching"), LDAP_INAPPROPRIATE_MATCHING }, + { BER_BVC("constraintViolation"), LDAP_CONSTRAINT_VIOLATION }, + { BER_BVC("typeOrValueExists"), LDAP_TYPE_OR_VALUE_EXISTS }, + { BER_BVC("invalidSyntax"), LDAP_INVALID_SYNTAX }, + + { BER_BVC("noSuchObject"), LDAP_NO_SUCH_OBJECT }, + { BER_BVC("aliasProblem"), LDAP_ALIAS_PROBLEM }, + { BER_BVC("invalidDnSyntax"), LDAP_INVALID_DN_SYNTAX }, +#if 0 /* not LDAPv3 */ + { BER_BVC("isLeaf"), LDAP_IS_LEAF }, +#endif + { BER_BVC("aliasDerefProblem"), LDAP_ALIAS_DEREF_PROBLEM }, + + { BER_BVC("proxyAuthzFailure"), LDAP_X_PROXY_AUTHZ_FAILURE }, + { BER_BVC("inappropriateAuth"), LDAP_INAPPROPRIATE_AUTH }, + { BER_BVC("invalidCredentials"), LDAP_INVALID_CREDENTIALS }, + { BER_BVC("insufficientAccess"), LDAP_INSUFFICIENT_ACCESS }, + + { BER_BVC("busy"), LDAP_BUSY }, + { BER_BVC("unavailable"), LDAP_UNAVAILABLE }, + { BER_BVC("unwillingToPerform"), LDAP_UNWILLING_TO_PERFORM }, + { BER_BVC("loopDetect"), LDAP_LOOP_DETECT }, + + { BER_BVC("namingViolation"), LDAP_NAMING_VIOLATION }, + { BER_BVC("objectClassViolation"), LDAP_OBJECT_CLASS_VIOLATION }, + { BER_BVC("notAllowedOnNonleaf"), LDAP_NOT_ALLOWED_ON_NONLEAF }, + { BER_BVC("notAllowedOnRdn"), LDAP_NOT_ALLOWED_ON_RDN }, + { BER_BVC("alreadyExists"), LDAP_ALREADY_EXISTS }, + { BER_BVC("noObjectClassMods"), LDAP_NO_OBJECT_CLASS_MODS }, + { BER_BVC("resultsTooLarge"), LDAP_RESULTS_TOO_LARGE }, + { BER_BVC("affectsMultipleDsas"), LDAP_AFFECTS_MULTIPLE_DSAS }, + + { BER_BVC("other"), LDAP_OTHER }, + + /* extension-specific */ + + { BER_BVC("cupResourcesExhausted"), LDAP_CUP_RESOURCES_EXHAUSTED }, + { BER_BVC("cupSecurityViolation"), LDAP_CUP_SECURITY_VIOLATION }, + { BER_BVC("cupInvalidData"), LDAP_CUP_INVALID_DATA }, + { BER_BVC("cupUnsupportedScheme"), LDAP_CUP_UNSUPPORTED_SCHEME }, + { BER_BVC("cupReloadRequired"), LDAP_CUP_RELOAD_REQUIRED }, + + { BER_BVC("cancelled"), LDAP_CANCELLED }, + { BER_BVC("noSuchOperation"), LDAP_NO_SUCH_OPERATION }, + { BER_BVC("tooLate"), LDAP_TOO_LATE }, + { BER_BVC("cannotCancel"), LDAP_CANNOT_CANCEL }, + + { BER_BVC("assertionFailed"), LDAP_ASSERTION_FAILED }, + + { BER_BVC("proxiedAuthorizationDenied"), LDAP_PROXIED_AUTHORIZATION_DENIED }, + + { BER_BVC("syncRefreshRequired"), LDAP_SYNC_REFRESH_REQUIRED }, + + { BER_BVC("noOperation"), LDAP_X_NO_OPERATION }, + + { BER_BVNULL, 0 } +}; + +slap_verbmasks *slap_ldap_response_code = slap_ldap_response_code_; + +int +slap_ldap_response_code_register( struct berval *bv, int err ) +{ + return slap_verbmask_register( slap_ldap_response_code_, + &slap_ldap_response_code, bv, err ); +} + #ifdef HAVE_TLS static slap_verbmasks tlskey[] = { { BER_BVC("no"), SB_TLS_OFF }, @@ -1037,7 +1223,7 @@ static slap_cf_aux_table bindkey[] = { { BER_BVC("saslmech="), offsetof(slap_bindconf, sb_saslmech), 'b', 0, NULL }, { BER_BVC("secprops="), offsetof(slap_bindconf, sb_secprops), 's', 0, NULL }, { BER_BVC("realm="), offsetof(slap_bindconf, sb_realm), 'b', 0, NULL }, - { BER_BVC("authcID="), offsetof(slap_bindconf, sb_authcId), 'b', 0, (slap_verbmasks *)authzNormalize }, + { BER_BVC("authcID="), offsetof(slap_bindconf, sb_authcId), 'b', 1, NULL }, { BER_BVC("authzID="), offsetof(slap_bindconf, sb_authzId), 'b', 1, (slap_verbmasks *)authzNormalize }, #ifdef HAVE_TLS { BER_BVC("starttls="), offsetof(slap_bindconf, sb_tls), 'i', 0, tlskey }, @@ -1052,6 +1238,7 @@ static slap_cf_aux_table bindkey[] = { { BER_BVC("tls_cacertdir="), offsetof(slap_bindconf, sb_tls_cacertdir), 's', 1, NULL }, { BER_BVC("tls_reqcert="), offsetof(slap_bindconf, sb_tls_reqcert), 's', 1, NULL }, { BER_BVC("tls_cipher_suite="), offsetof(slap_bindconf, sb_tls_cipher_suite), 's', 1, NULL }, + { BER_BVC("tls_protocol_min="), offsetof(slap_bindconf, sb_tls_protocol_min), 's', 1, NULL }, #ifdef HAVE_OPENSSL_CRL { BER_BVC("tls_crlcheck="), offsetof(slap_bindconf, sb_tls_crlcheck), 's', 1, NULL }, #endif @@ -1248,19 +1435,26 @@ slap_cf_aux_table_unparse( void *src, struct berval *bv, slap_cf_aux_table *tab0 int slap_tls_get_config( LDAP *ld, int opt, char **val ) { +#ifdef HAVE_TLS slap_verbmasks *keys; int i, ival; *val = NULL; switch( opt ) { -#ifdef HAVE_TLS case LDAP_OPT_X_TLS_CRLCHECK: keys = crlkeys; break; case LDAP_OPT_X_TLS_REQUIRE_CERT: keys = vfykeys; break; -#endif + case LDAP_OPT_X_TLS_PROTOCOL_MIN: { + char buf[8]; + ldap_pvt_tls_get_option( ld, opt, &ival ); + snprintf( buf, sizeof( buf ), "%d.%d", + ( ival >> 8 ) & 0xff, ival & 0xff ); + *val = ch_strdup( buf ); + return 0; + } default: return -1; } @@ -1271,6 +1465,7 @@ slap_tls_get_config( LDAP *ld, int opt, char **val ) return 0; } } +#endif return -1; } @@ -1371,6 +1566,10 @@ void bindconf_free( slap_bindconf *bc ) { ch_free( bc->sb_tls_cipher_suite ); bc->sb_tls_cipher_suite = NULL; } + if ( bc->sb_tls_protocol_min ) { + ch_free( bc->sb_tls_protocol_min ); + bc->sb_tls_protocol_min = NULL; + } #ifdef HAVE_OPENSSL_CRL if ( bc->sb_tls_crlcheck ) { ch_free( bc->sb_tls_crlcheck ); @@ -1422,6 +1621,7 @@ static struct { { "tls_cacert", offsetof(slap_bindconf, sb_tls_cacert), LDAP_OPT_X_TLS_CACERTFILE }, { "tls_cacertdir", offsetof(slap_bindconf, sb_tls_cacertdir), LDAP_OPT_X_TLS_CACERTDIR }, { "tls_cipher_suite", offsetof(slap_bindconf, sb_tls_cipher_suite), LDAP_OPT_X_TLS_CIPHER_SUITE }, + { "tls_protocol_min", offsetof(slap_bindconf, sb_tls_protocol_min), LDAP_OPT_X_TLS_PROTOCOL_MIN }, {0, 0} }; @@ -1456,6 +1656,17 @@ int bindconf_tls_set( slap_bindconf *bc, LDAP *ld ) } else newctx = 1; } + if ( bc->sb_tls_protocol_min ) { + rc = ldap_int_tls_config( ld, LDAP_OPT_X_TLS_PROTOCOL_MIN, + bc->sb_tls_protocol_min ); + if ( rc ) { + Debug( LDAP_DEBUG_ANY, + "bindconf_tls_set: failed to set tls_protocol_min to %s\n", + bc->sb_tls_protocol_min, 0, 0 ); + res = -1; + } else + newctx = 1; + } #ifdef HAVE_OPENSSL_CRL if ( bc->sb_tls_crlcheck ) { rc = ldap_int_tls_config( ld, LDAP_OPT_X_TLS_CRLCHECK, @@ -1584,6 +1795,10 @@ slap_client_connect( LDAP **ldp, slap_bindconf *sb ) sb->sb_authcId.bv_val, sb->sb_cred.bv_val, sb->sb_authzId.bv_val ); + if ( defaults == NULL ) { + rc = LDAP_OTHER; + goto done; + } rc = ldap_sasl_interactive_bind_s( ld, sb->sb_binddn.bv_val, @@ -1778,8 +1993,8 @@ fp_getline( FILE *fp, ConfigArgs *c ) return(line[0] ? 1 : 0); } -static int -fp_parse_line(ConfigArgs *c) +int +config_fp_parse_line(ConfigArgs *c) { char *token; static char *const hide[] = { @@ -1832,7 +2047,7 @@ config_destroy( ) if ( frontendDB->be_schemadn.bv_val ) free( frontendDB->be_schemadn.bv_val ); if ( frontendDB->be_acl ) - acl_destroy( frontendDB->be_acl, NULL ); + acl_destroy( frontendDB->be_acl ); } free( line ); if ( slapd_args_file ) @@ -1911,3 +2126,66 @@ int config_generic_wrapper( Backend *be, const char *fname, int lineno, } return rc; } + +/* See if the given URL (in plain and parsed form) matches + * any of the server's listener addresses. Return matching + * Listener or NULL for no match. + */ +Listener *config_check_my_url( const char *url, LDAPURLDesc *lud ) +{ + Listener **l = slapd_get_listeners(); + int i, isMe; + + /* Try a straight compare with Listener strings */ + for ( i=0; l && l[i]; i++ ) { + if ( !strcasecmp( url, l[i]->sl_url.bv_val )) { + return l[i]; + } + } + + isMe = 0; + /* If hostname is empty, or is localhost, or matches + * our hostname, this url refers to this host. + * Compare it against listeners and ports. + */ + if ( !lud->lud_host || !lud->lud_host[0] || + !strncasecmp("localhost", lud->lud_host, + STRLENOF("localhost")) || + !strcasecmp( global_host, lud->lud_host )) { + + for ( i=0; l && l[i]; i++ ) { + LDAPURLDesc *lu2; + ldap_url_parse( l[i]->sl_url.bv_val, &lu2 ); + do { + if ( strcasecmp( lud->lud_scheme, + lu2->lud_scheme )) + break; + if ( lud->lud_port != lu2->lud_port ) + break; + /* Listener on ANY address */ + if ( !lu2->lud_host || !lu2->lud_host[0] ) { + isMe = 1; + break; + } + /* URL on ANY address */ + if ( !lud->lud_host || !lud->lud_host[0] ) { + isMe = 1; + break; + } + /* Listener has specific host, must + * match it + */ + if ( !strcasecmp( lud->lud_host, + lu2->lud_host )) { + isMe = 1; + break; + } + } while(0); + ldap_free_urldesc( lu2 ); + if ( isMe ) { + return l[i]; + } + } + } + return NULL; +}