add sb_version to slap_bindconf;

rework slap_client_connect() and slap_discover_feature() accordingly

diff --git a/servers/slapd/back-ldap/chain.c b/servers/slapd/back-ldap/chain.c
index 6bf0deac50322b2d117d8f26e4ddf3735eb5eba1..e03b919bb41a4bdf9410c6a2f85614d9d4a11d7d 100644 (file)
--- a/servers/slapd/back-ldap/chain.c
+++ b/servers/slapd/back-ldap/chain.c
@@ -478,6 +478,8 @@ Document: draft-ietf-ldapbis-protocol-27.txt
                        lip->li_bvuri = bvuri;
                        rc = ldap_chain_db_open_one( op->o_bd );
                        if ( rc != 0 ) {
+                               lip->li_uri = NULL;
+                               lip->li_bvuri = NULL;
                                (void)ldap_chain_db_destroy_one( op->o_bd );
                                goto cleanup;
                        }
@@ -632,6 +634,8 @@ ldap_chain_search(
                        lip->li_bvuri = bvuri;
                        rc = ldap_chain_db_open_one( op->o_bd );
                        if ( rc != 0 ) {
+                               lip->li_uri = NULL;
+                               lip->li_bvuri = NULL;
                                (void)ldap_chain_db_destroy_one( op->o_bd );
                                goto cleanup;
                        }

diff --git a/servers/slapd/back-ldap/config.c b/servers/slapd/back-ldap/config.c
index cd93d834c5eb0b1eef43597d0153fe4bab0d5f72..fab18dcb8a75308af04fae5b0c8b1934c5686b2c 100644 (file)
--- a/servers/slapd/back-ldap/config.c
+++ b/servers/slapd/back-ldap/config.c
@@ -1549,6 +1549,7 @@ done_url:;
                        && mask == LDAP_BACK_F_T_F_DISCOVER
                        && !LDAP_BACK_T_F( li ) )
                {
+                       slap_bindconf   sb = { 0 };
                        int             rc;
 
                        if ( li->li_uri == NULL ) {
@@ -1559,7 +1560,12 @@ done_url:;
                                return 1;
                        }
 
-                       rc = slap_discover_feature( li->li_uri, li->li_version,
+                       ber_str2bv( li->li_uri, 0, 0, &sb.sb_uri );
+                       sb.sb_version = li->li_version;
+                       sb.sb_method = LDAP_AUTH_SIMPLE;
+                       BER_BVSTR( &sb.sb_binddn, "" );
+
+                       rc = slap_discover_feature( &sb,
                                        slap_schema.si_ad_supportedFeatures->ad_cname.bv_val,
                                        LDAP_FEATURE_ABSOLUTE_FILTERS );
                        if ( rc == LDAP_COMPARE_TRUE ) {
@@ -1688,6 +1694,7 @@ done_url:;
                        && mask == LDAP_BACK_F_CANCEL_EXOP_DISCOVER
                        && !LDAP_BACK_CANCEL( li ) )
                {
+                       slap_bindconf   sb = { 0 };
                        int             rc;
 
                        if ( li->li_uri == NULL ) {
@@ -1698,7 +1705,12 @@ done_url:;
                                return 1;
                        }
 
-                       rc = slap_discover_feature( li->li_uri, li->li_version,
+                       ber_str2bv( li->li_uri, 0, 0, &sb.sb_uri );
+                       sb.sb_version = li->li_version;
+                       sb.sb_method = LDAP_AUTH_SIMPLE;
+                       BER_BVSTR( &sb.sb_binddn, "" );
+
+                       rc = slap_discover_feature( &sb,
                                        slap_schema.si_ad_supportedExtension->ad_cname.bv_val,
                                        LDAP_EXOP_CANCEL );
                        if ( rc == LDAP_COMPARE_TRUE ) {

diff --git a/servers/slapd/back-ldap/init.c b/servers/slapd/back-ldap/init.c
index 06cc1beda8c9b65bbf780a6f078913bcc513355a..42ef7877fd1d25221a4e1aaa2d9ca0daddc6fd22 100644 (file)
--- a/servers/slapd/back-ldap/init.c
+++ b/servers/slapd/back-ldap/init.c
@@ -154,6 +154,9 @@ ldap_back_db_open( BackendDB *be )
 {
        ldapinfo_t      *li = (ldapinfo_t *)be->be_private;
 
+       slap_bindconf   sb = { 0 };
+       int             rc;
+
        Debug( LDAP_DEBUG_TRACE,
                "ldap_back_db_open: URI=%s\n",
                li->li_uri != NULL ? li->li_uri : "", 0, 0 );
@@ -171,39 +174,15 @@ ldap_back_db_open( BackendDB *be )
                break;
        }
 
-#if 0 && defined(SLAPD_MONITOR)
-       {
-               /* FIXME: disabled because namingContexts doesn't have
-                * a matching rule, and using an MRA filter doesn't work
-                * because the normalized assertion is compared to the 
-                * non-normalized value, which in general differs from
-                * the normalized one.  See ITS#3406 */
-               struct berval   filter,
-                               base = BER_BVC( "cn=Databases," SLAPD_MONITOR );
-               Attribute       a = { 0 };
-
-               filter.bv_len = STRLENOF( "(&(namingContexts:distinguishedNameMatch:=)(monitoredInfo=ldap))" )
-                       + be->be_nsuffix[ 0 ].bv_len;
-               filter.bv_val = ch_malloc( filter.bv_len + 1 );
-               snprintf( filter.bv_val, filter.bv_len + 1,
-                               "(&(namingContexts:distinguishedNameMatch:=%s)(monitoredInfo=ldap))",
-                               be->be_nsuffix[ 0 ].bv_val );
-
-               a.a_desc = slap_schema.si_ad_labeledURI;
-               a.a_vals = li->li_bvuri;
-               a.a_nvals = li->li_bvuri;
-               if ( monitor_back_register_entry_attrs( NULL, &a, NULL, &base, LDAP_SCOPE_SUBTREE, &filter ) ) {
-                       /* error */
-               }
-
-               ch_free( filter.bv_val );
-       }
-#endif /* SLAPD_MONITOR */
+       ber_str2bv( li->li_uri, 0, 0, &sb.sb_uri );
+       sb.sb_version = li->li_version;
+       sb.sb_method = LDAP_AUTH_SIMPLE;
+       BER_BVSTR( &sb.sb_binddn, "" );
 
        if ( LDAP_BACK_T_F_DISCOVER( li ) && !LDAP_BACK_T_F( li ) ) {
                int             rc;
 
-               rc = slap_discover_feature( li->li_uri, li->li_version,
+               rc = slap_discover_feature( &sb,
                                slap_schema.si_ad_supportedFeatures->ad_cname.bv_val,
                                LDAP_FEATURE_ABSOLUTE_FILTERS );
                if ( rc == LDAP_COMPARE_TRUE ) {
@@ -212,9 +191,7 @@ ldap_back_db_open( BackendDB *be )
        }
 
        if ( LDAP_BACK_CANCEL_DISCOVER( li ) && !LDAP_BACK_CANCEL( li ) ) {
-               int             rc;
-
-               rc = slap_discover_feature( li->li_uri, li->li_version,
+               rc = slap_discover_feature( &sb,
                                slap_schema.si_ad_supportedExtension->ad_cname.bv_val,
                                LDAP_EXOP_CANCEL );
                if ( rc == LDAP_COMPARE_TRUE ) {

diff --git a/servers/slapd/back-meta/init.c b/servers/slapd/back-meta/init.c
index 7fee4d1c3feb00f74efa5c7d8d65a91c9f64dfca..46aee301ca401745680809bbc49f2b180138453b 100644 (file)
--- a/servers/slapd/back-meta/init.c
+++ b/servers/slapd/back-meta/init.c
@@ -128,11 +128,16 @@ meta_back_db_open(
        int             i, rc;
 
        for ( i = 0; i < mi->mi_ntargets; i++ ) {
+               slap_bindconf   sb = { 0 };
                metatarget_t    *mt = mi->mi_targets[ i ];
 
+               ber_str2bv( mt->mt_uri, 0, 0, &sb.sb_uri );
+               sb.sb_version = mt->mt_version;
+               sb.sb_method = LDAP_AUTH_SIMPLE;
+               BER_BVSTR( &sb.sb_binddn, "" );
+
                if ( META_BACK_TGT_T_F_DISCOVER( mt ) ) {
-                       rc = slap_discover_feature( mt->mt_uri,
-                                       mt->mt_version,
+                       rc = slap_discover_feature( &sb,
                                        slap_schema.si_ad_supportedFeatures->ad_cname.bv_val,
                                        LDAP_FEATURE_ABSOLUTE_FILTERS );
                        if ( rc == LDAP_COMPARE_TRUE ) {
@@ -141,8 +146,7 @@ meta_back_db_open(
                }
 
                if ( META_BACK_TGT_CANCEL_DISCOVER( mt ) ) {
-                       rc = slap_discover_feature( mt->mt_uri,
-                                       mt->mt_version,
+                       rc = slap_discover_feature( &sb,
                                        slap_schema.si_ad_supportedExtension->ad_cname.bv_val,
                                        LDAP_EXOP_CANCEL );
                        if ( rc == LDAP_COMPARE_TRUE ) {

diff --git a/servers/slapd/config.c b/servers/slapd/config.c
index a9bacd0a6284947ddc296ee4923babd5040c5e21..70a5a6375fd80a2ec5e1f84b364f30289ff7b293 100644 (file)
--- a/servers/slapd/config.c
+++ b/servers/slapd/config.c
@@ -1052,8 +1052,15 @@ static slap_verbmasks methkey[] = {
        { BER_BVNULL, 0 }
 };
 
+static slap_verbmasks versionkey[] = {
+       { BER_BVC("2"),         LDAP_VERSION2 },
+       { BER_BVC("3"),         LDAP_VERSION3 },
+       { BER_BVNULL, 0 }
+};
+
 static slap_cf_aux_table bindkey[] = {
        { BER_BVC("uri="), offsetof(slap_bindconf, sb_uri), 'b', 1, NULL },
+       { BER_BVC("version="), offsetof(slap_bindconf, sb_version), 'd', 0, versionkey },
        { BER_BVC("bindmethod="), offsetof(slap_bindconf, sb_method), 'd', 0, methkey },
        { BER_BVC("binddn="), offsetof(slap_bindconf, sb_binddn), 'b', 1, NULL },
        { BER_BVC("credentials="), offsetof(slap_bindconf, sb_cred), 'b', 1, NULL },
@@ -1416,7 +1423,7 @@ int bindconf_tls_set( slap_bindconf *bc, LDAP *ld )
  * note: should move "version" into bindconf...
  */
 int
-slap_client_connect( LDAP **ldp, slap_bindconf *sb, int version )
+slap_client_connect( LDAP **ldp, slap_bindconf *sb )
 {
        LDAP            *ld = NULL;
        int             rc;
@@ -1431,9 +1438,9 @@ slap_client_connect( LDAP **ldp, slap_bindconf *sb, int version )
                return rc;
        }
 
-       if ( version != 0 ) {
+       if ( sb->sb_version != 0 ) {
                ldap_set_option( ld, LDAP_OPT_PROTOCOL_VERSION,
-                       (const void *)&version );
+                       (const void *)&sb->sb_version );
        }
 
 #ifdef HAVE_TLS

diff --git a/servers/slapd/proto-slap.h b/servers/slapd/proto-slap.h
index 7f91c961cff8ce4b598d5cbd3ff296c3c09e99f1..28a0226dfb64ac70d630e8a627a768e6f9fbde60 100644 (file)
--- a/servers/slapd/proto-slap.h
+++ b/servers/slapd/proto-slap.h
@@ -619,7 +619,7 @@ LDAP_SLAPD_F (int) bindconf_unparse LDAP_P((
 LDAP_SLAPD_F (int) bindconf_tls_set LDAP_P((
        slap_bindconf *bc, LDAP *ld ));
 LDAP_SLAPD_F (void) bindconf_free LDAP_P(( slap_bindconf *bc ));
-LDAP_SLAPD_F (int) slap_client_connect LDAP_P(( LDAP **ldp, slap_bindconf *sb, int version ));
+LDAP_SLAPD_F (int) slap_client_connect LDAP_P(( LDAP **ldp, slap_bindconf *sb ));
 LDAP_SLAPD_F (int) config_generic_wrapper LDAP_P(( Backend *be,
        const char *fname, int lineno, int argc, char **argv ));
 LDAP_SLAPD_F (char *) anlist_unparse LDAP_P(( AttributeName *, char *, ber_len_t buflen ));
@@ -1390,8 +1390,7 @@ LDAP_SLAPD_F (int) read_root_dse_file LDAP_P((
        const char *file));
 
 LDAP_SLAPD_F (int) slap_discover_feature LDAP_P((
-       const char      *uri,
-       int             version,
+       slap_bindconf   *sb,
        const char      *attr,
        const char      *val ));
 

diff --git a/servers/slapd/root_dse.c b/servers/slapd/root_dse.c
index db2d83172a5fd0cd13139ebbbe738a501e784a04..670b9ca37674539c3267cedaaec9856befe800d4 100644 (file)
--- a/servers/slapd/root_dse.c
+++ b/servers/slapd/root_dse.c
@@ -459,12 +459,11 @@ int read_root_dse_file( const char *fname )
 
 int
 slap_discover_feature(
-       const char      *uri,
-       int             version,
+       slap_bindconf   *sb,
        const char      *attr,
        const char      *val )
 {
-       LDAP            *ld;
+       LDAP            *ld = NULL;
        LDAPMessage     *res = NULL, *entry;
        int             rc, i;
        struct berval   cred = BER_BVC( "" ),
@@ -472,26 +471,12 @@ slap_discover_feature(
                        **values = NULL;
        char            *attrs[ 2 ] = { NULL, NULL };
 
-       ber_str2bv( val, 0, 0, &bv_val );
-       attrs[ 0 ] = (char *) attr;
-
-       rc = ldap_initialize( &ld, uri );
-       if ( rc != LDAP_SUCCESS ) {
-               return rc;
-       }
-
-       rc = ldap_set_option( ld, LDAP_OPT_PROTOCOL_VERSION,
-               (const void *)&version );
-       if ( rc != LDAP_SUCCESS ) {
-               goto done;
-       }
-
-       rc = ldap_sasl_bind_s( ld, "", LDAP_SASL_SIMPLE,
-                       &cred, NULL, NULL, NULL );
+       rc = slap_client_connect( &ld, sb );
        if ( rc != LDAP_SUCCESS ) {
                goto done;
        }
 
+       attrs[ 0 ] = (char *) attr;
        rc = ldap_search_ext_s( ld, "", LDAP_SCOPE_BASE, "(objectClass=*)",
                        attrs, 0, NULL, NULL, NULL, 0, &res );
        if ( rc != LDAP_SUCCESS ) {
@@ -509,6 +494,7 @@ slap_discover_feature(
                goto done;
        }
 
+       ber_str2bv( val, 0, 0, &bv_val );
        for ( i = 0; values[ i ] != NULL; i++ ) {
                if ( bvmatch( &bv_val, values[ i ] ) ) {
                        rc = LDAP_COMPARE_TRUE;

diff --git a/servers/slapd/slap.h b/servers/slapd/slap.h
index 14537159da342c4e3417702e2968dda534bd7f5b..0bf61525d0f9732df719253c0751132d61304d47 100644 (file)
--- a/servers/slapd/slap.h
+++ b/servers/slapd/slap.h
@@ -1502,6 +1502,7 @@ LDAP_SLAPD_V (int) slapMode;
 
 typedef struct slap_bindconf {
        struct berval sb_uri;
+       int sb_version;
        int sb_tls;
        int sb_method;
        struct berval sb_binddn;

diff --git a/servers/slapd/syncrepl.c b/servers/slapd/syncrepl.c
index f491b3dcd8fd12020d9580dbe3b2946095d6cd83..6906faff46a683e7116c5f1d0d133cea6f5dbdcd 100644 (file)
--- a/servers/slapd/syncrepl.c
+++ b/servers/slapd/syncrepl.c
@@ -423,7 +423,7 @@ do_syncrep1(
 
        psub = &si->si_be->be_nsuffix[0];
 
-       rc = slap_client_connect( &si->si_ld, &si->si_bindconf, LDAP_VERSION3 );
+       rc = slap_client_connect( &si->si_ld, &si->si_bindconf );
        if ( rc != LDAP_SUCCESS ) {
                goto done;
        }
@@ -3184,6 +3184,23 @@ add_syncrepl(
        rc = parse_syncrepl_line( c, si );
 
        if ( rc == 0 ) {
+               /* Must be LDAPv3 because we need controls */
+               switch ( si->si_bindconf.sb_version ) {
+               case 0:
+                       /* not explicitly set */
+                       si->si_bindconf.sb_version = LDAP_VERSION3;
+                       break;
+               case 3:
+                       /* explicitly set */
+                       break;
+               default:
+                       Debug( LDAP_DEBUG_ANY,
+                               "version %d incompatible with syncrepl\n",
+                               si->si_bindconf.sb_version, 0, 0 );
+                       syncinfo_free( si );    
+                       return 1;
+               }
+
                si->si_be = c->be;
                init_syncrepl( si );
                si->si_re = ldap_pvt_runqueue_insert( &slapd_rq, si->si_interval,
@@ -3222,8 +3239,10 @@ syncrepl_unparse( syncinfo_t *si, struct berval *bv )
        /* temporarily inhibit bindconf from printing URI */
        uri = si->si_bindconf.sb_uri;
        BER_BVZERO( &si->si_bindconf.sb_uri );
+       si->si_bindconf.sb_version = 0;
        bindconf_unparse( &si->si_bindconf, &bc );
        si->si_bindconf.sb_uri = uri;
+       si->si_bindconf.sb_version = LDAP_VERSION3;
 
        ptr = buf;
        ptr += snprintf( ptr, WHATSLEFT, IDSTR "=%03ld " PROVIDERSTR "=%s",