X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=servers%2Fslurpd%2Fconfig.c;h=6eb02b2b83bb57762aa40aa620545df7a3ad92f8;hb=616d409817888294f748ea657b759edb5a30886a;hp=ffd25ed0290493bc286769e7968cef253d225125;hpb=177367bdb14913abb1ce90d44758f0390f626a92;p=openldap diff --git a/servers/slurpd/config.c b/servers/slurpd/config.c index ffd25ed029..6eb02b2b83 100644 --- a/servers/slurpd/config.c +++ b/servers/slurpd/config.c @@ -1,3 +1,8 @@ +/* $OpenLDAP$ */ +/* + * Copyright 1998-2000 The OpenLDAP Foundation, All Rights Reserved. + * COPYING RESTRICTIONS APPLY, see COPYRIGHT file + */ /* * Copyright (c) 1996 Regents of the University of Michigan. * All rights reserved. @@ -19,17 +24,17 @@ #include +#include #include #include #include -#include #include #include "slurp.h" #include "globals.h" -#define MAXARGS 100 +#define MAXARGS 500 /* Forward declarations */ static void add_replica LDAP_P(( char **, int )); @@ -63,7 +68,7 @@ slurpd_read_config( if ( (fp = fopen( fname, "r" )) == NULL ) { perror( fname ); - exit( 1 ); + exit( EXIT_FAILURE ); } lineno = 0; @@ -95,17 +100,45 @@ slurpd_read_config( "line %d: missing filename in \"replogfile ", lineno ); fprintf( stderr, "\" line\n" ); - exit( 1 ); + exit( EXIT_FAILURE ); } else if ( cargc > 2 && *cargv[2] != '#' ) { fprintf( stderr, "line %d: extra cruft at the end of \"replogfile %s\"", lineno, cargv[1] ); fprintf( stderr, "line (ignored)\n" ); } - sprintf( sglob->slapd_replogfile, cargv[1] ); + strcpy( sglob->slapd_replogfile, cargv[1] ); } } else if ( strcasecmp( cargv[0], "replica" ) == 0 ) { add_replica( cargv, cargc ); + + /* include another config file */ + } else if ( strcasecmp( cargv[0], "include" ) == 0 ) { + char *savefname; + int savelineno; + + if ( cargc < 2 ) { +#ifdef NEW_LOGGING + LDAP_LOG(( "config", LDAP_LEVEL_CRIT, + "%s: line %d: missing filename in \"include " + "\" line.\n", fname, lineno )); +#else + Debug( LDAP_DEBUG_ANY, + "%s: line %d: missing filename in \"include \" line\n", + fname, lineno, 0 ); +#endif + + return( 1 ); + } + savefname = strdup( cargv[1] ); + savelineno = lineno; + + if ( slurpd_read_config( savefname ) != 0 ) { + return( 1 ); + } + + free( savefname ); + lineno = savelineno - 1; } } fclose( fp ); @@ -172,11 +205,13 @@ strtok_quote( } else { inquote = 1; } - strcpy( next, next + 1 ); + AC_MEMCPY( next, next + 1, strlen( next + 1 ) + 1 ); break; case '\\': - strcpy( next, next + 1 ); + if ( next[1] ) + AC_MEMCPY( next, next + 1, strlen( next + 1 ) + 1 ); + next++; /* dont parse the escaped character */ break; default: @@ -224,13 +259,17 @@ getline( CATLINE( buf ); while ( fgets( buf, sizeof(buf), fp ) != NULL ) { if ( (p = strchr( buf, '\n' )) != NULL ) { - *p = '\0'; + if( p > buf && p[-1] == '\r' ) --p; + *p = '\0'; } lineno++; if ( ! isspace( (unsigned char) buf[0] ) ) { return( line ); } + /* change leading whitespace to space */ + buf[0] = ' '; + CATLINE( buf ); } buf[0] = '\0'; @@ -255,13 +294,13 @@ add_replica( ( nr + 1 ) * sizeof( Re * )); if ( sglob->replicas == NULL ) { fprintf( stderr, "out of memory, add_replica\n" ); - exit( 1 ); + exit( EXIT_FAILURE ); } sglob->replicas[ nr ] = NULL; if ( Ri_init( &(sglob->replicas[ nr - 1 ])) < 0 ) { fprintf( stderr, "out of memory, Ri_init\n" ); - exit( 1 ); + exit( EXIT_FAILURE ); } if ( parse_replica_line( cargv, cargc, sglob->replicas[ nr - 1] ) < 0 ) { @@ -284,7 +323,7 @@ add_replica( sglob->replicas[ nr - 1 ] ); if ( sglob->replicas[ nr - 1]->ri_stel == NULL ) { fprintf( stderr, "Failed to add status element structure\n" ); - exit( 1 ); + exit( EXIT_FAILURE ); } } } @@ -295,7 +334,7 @@ add_replica( * Parse a "replica" line from the config file. replica lines should be * in the following format: * replica host= binddn= - * bindmethod="simple|kerberos" credentials= + * bindmethod="simple" credentials= * * where: * describes the host name and port number where the @@ -303,12 +342,10 @@ add_replica( * * is the DN to bind to the replica slapd as, * - * bindmethod is either "simple" or "kerberos", and + * bindmethod is "simple", and * * are the credentials (e.g. password) for binddn. are - * only used for bindmethod=simple. For bindmethod=kerberos, the - * credentials= option should be omitted. Credentials for kerberos - * authentication are in the system srvtab file. + * only used for bindmethod=simple. * * The "replica" config file line may be split across multiple lines. If * a line begins with whitespace, it is considered a continuation of the @@ -318,6 +355,8 @@ add_replica( #define GOT_DN 2 #define GOT_METHOD 4 #define GOT_ALL ( GOT_HOST | GOT_DN | GOT_METHOD ) +#define GOT_MECH 8 + static int parse_replica_line( char **cargv, @@ -330,56 +369,83 @@ parse_replica_line( char *hp, *val; for ( i = 1; i < cargc; i++ ) { - if ( !strncasecmp( cargv[ i ], HOSTSTR, strlen( HOSTSTR ))) { - val = cargv[ i ] + strlen( HOSTSTR ) + 1; + if ( !strncasecmp( cargv[ i ], HOSTSTR, sizeof( HOSTSTR ) - 1 ) ) { + val = cargv[ i ] + sizeof( HOSTSTR ); /* '\0' string terminator accounts for '=' */ if (( hp = strchr( val, ':' )) != NULL ) { *hp = '\0'; hp++; ri->ri_port = atoi( hp ); } if ( ri->ri_port <= 0 ) { - ri->ri_port = LDAP_PORT; + ri->ri_port = 0; } ri->ri_hostname = strdup( val ); gots |= GOT_HOST; + } else if ( !strncasecmp( cargv[ i ], + SUFFIXSTR, sizeof( SUFFIXSTR ) - 1 ) ) { + /* ignore it */ ; + } else if ( !strncasecmp( cargv[ i ], TLSSTR, sizeof( TLSSTR ) - 1 ) ) { + val = cargv[ i ] + sizeof( TLSSTR ); + if( !strcasecmp( val, TLSCRITICALSTR ) ) { + ri->ri_tls = TLS_CRITICAL; + } else { + ri->ri_tls = TLS_ON; + } } else if ( !strncasecmp( cargv[ i ], - BINDDNSTR, strlen( BINDDNSTR ))) { - val = cargv[ i ] + strlen( BINDDNSTR ) + 1; + BINDDNSTR, sizeof( BINDDNSTR ) - 1 ) ) { + val = cargv[ i ] + sizeof( BINDDNSTR ); ri->ri_bind_dn = strdup( val ); gots |= GOT_DN; } else if ( !strncasecmp( cargv[ i ], BINDMETHSTR, - strlen( BINDMETHSTR ))) { - val = cargv[ i ] + strlen( BINDMETHSTR ) + 1; + sizeof( BINDMETHSTR ) - 1 ) ) { + val = cargv[ i ] + sizeof( BINDMETHSTR ); if ( !strcasecmp( val, KERBEROSSTR )) { -#ifdef HAVE_KERBEROS - ri->ri_bind_method = AUTH_KERBEROS; - if ( ri->ri_srvtab == NULL ) { - ri->ri_srvtab = strdup( sglob->default_srvtab ); - } - gots |= GOT_METHOD; -#else /* HAVE_KERBEROS */ fprintf( stderr, "Error: a bind method of \"kerberos\" was\n" ); - fprintf( stderr, "specified in the slapd configuration file,\n" ); - fprintf( stderr, "but slurpd was not built with kerberos.\n" ); - fprintf( stderr, "You must rebuild the LDAP release with\n" ); - fprintf( stderr, "kerberos support if you wish to use\n" ); - fprintf( stderr, "bindmethod=kerberos\n" ); - exit( 1 ); -#endif /* HAVE_KERBEROS */ + fprintf( stderr, "specified in the slapd configuration file.\n" ); + fprintf( stderr, "slurpd no longer supports Kerberos.\n" ); + exit( EXIT_FAILURE ); } else if ( !strcasecmp( val, SIMPLESTR )) { ri->ri_bind_method = AUTH_SIMPLE; gots |= GOT_METHOD; + } else if ( !strcasecmp( val, SASLSTR )) { + ri->ri_bind_method = AUTH_SASL; + gots |= GOT_METHOD; } else { ri->ri_bind_method = -1; } - } else if ( !strncasecmp( cargv[ i ], CREDSTR, strlen( CREDSTR ))) { - val = cargv[ i ] + strlen( CREDSTR ) + 1; + } else if ( !strncasecmp( cargv[ i ], + SASLMECHSTR, sizeof( SASLMECHSTR ) - 1 ) ) { + val = cargv[ i ] + sizeof( SASLMECHSTR ); + gots |= GOT_MECH; + ri->ri_saslmech = strdup( val ); + } else if ( !strncasecmp( cargv[ i ], + CREDSTR, sizeof( CREDSTR ) - 1 ) ) { + val = cargv[ i ] + sizeof( CREDSTR ); ri->ri_password = strdup( val ); - } else if ( !strncasecmp( cargv[ i ], BINDPSTR, strlen( BINDPSTR ))) { - val = cargv[ i ] + strlen( BINDPSTR ) + 1; - ri->ri_principal = strdup( val ); - } else if ( !strncasecmp( cargv[ i ], SRVTABSTR, strlen( SRVTABSTR ))) { - val = cargv[ i ] + strlen( SRVTABSTR ) + 1; + } else if ( !strncasecmp( cargv[ i ], + SECPROPSSTR, sizeof( SECPROPSSTR ) - 1 ) ) { + val = cargv[ i ] + sizeof( SECPROPSSTR ); + ri->ri_secprops = strdup( val ); + } else if ( !strncasecmp( cargv[ i ], + REALMSTR, sizeof( REALMSTR ) - 1 ) ) { + val = cargv[ i ] + sizeof( REALMSTR ); + ri->ri_realm = strdup( val ); + } else if ( !strncasecmp( cargv[ i ], + AUTHCSTR, sizeof( AUTHCSTR ) - 1 ) ) { + val = cargv[ i ] + sizeof( AUTHCSTR ); + ri->ri_authcId = strdup( val ); + } else if ( !strncasecmp( cargv[ i ], + OLDAUTHCSTR, sizeof( OLDAUTHCSTR ) - 1 ) ) { + /* Old authcID is provided for some backwards compatibility */ + val = cargv[ i ] + sizeof( OLDAUTHCSTR ); + ri->ri_authcId = strdup( val ); + } else if ( !strncasecmp( cargv[ i ], + AUTHZSTR, sizeof( AUTHZSTR ) - 1 ) ) { + val = cargv[ i ] + sizeof( AUTHZSTR ); + ri->ri_authzId = strdup( val ); + } else if ( !strncasecmp( cargv[ i ], + SRVTABSTR, sizeof( SRVTABSTR ) - 1 ) ) { + val = cargv[ i ] + sizeof( SRVTABSTR ); if ( ri->ri_srvtab != NULL ) { free( ri->ri_srvtab ); } @@ -390,11 +456,19 @@ parse_replica_line( cargv[ i ] ); } } - if ( gots != GOT_ALL ) { - fprintf( stderr, "Error: Malformed \"replica\" line in slapd " ); - fprintf( stderr, "config file, line %d\n", lineno ); - return -1; - } + + if ( ri->ri_bind_method == AUTH_SASL) { + if ((gots & GOT_MECH) == 0) { + fprintf( stderr, "Error: \"replica\" line needs SASLmech flag in " ); + fprintf( stderr, "slapd config file, line %d\n", lineno ); + return -1; + } + } + else if ( gots != GOT_ALL ) { + fprintf( stderr, "Error: Malformed \"replica\" line in slapd " ); + fprintf( stderr, "config file, line %d\n", lineno ); + return -1; + } return 0; }