Add sasl-host option and treat sasl-realm as global only

(ie: not backend specific).

diff --git a/servers/slapd/backend.c b/servers/slapd/backend.c
index 8953d8e8de19bdd72e4fd7bb055b641b5b3b3002..309f26c2adaba3da84bc22fbdfa0b487da783d6a 100644 (file)
--- a/servers/slapd/backend.c
+++ b/servers/slapd/backend.c
@@ -400,9 +400,6 @@ backend_db_init(
        /* assign a default depth limit for alias deref */
        be->be_max_deref_depth = SLAPD_DEFAULT_MAXDEREFDEPTH; 
 
-       be->be_realm = global_realm != NULL
-               ? ch_strdup( global_realm ) : NULL;
-
        if(bi->bi_db_init) {
                rc = bi->bi_db_init( be );
        }

diff --git a/servers/slapd/config.c b/servers/slapd/config.c
index 1e0077c7d6d7d46b7df662a170744cc88dce6962..c9c245e06b7ecd1f4dbdfe5604965ad59de46288 100644 (file)
--- a/servers/slapd/config.c
+++ b/servers/slapd/config.c
@@ -32,6 +32,7 @@ slap_ssf_set_t        global_ssf_set;
 char           *replogfile;
 int            global_lastmod = ON;
 int            global_idletimeout = 0;
+char   *global_host = NULL;
 char   *global_realm = NULL;
 char           *ldap_srvtab = "";
 char           *default_passwd_hash;
@@ -225,6 +226,25 @@ read_config( const char *fname )
                                default_passwd_hash = ch_strdup( cargv[1] );
                        }
 
+               /* set SASL host */
+               } else if ( strcasecmp( cargv[0], "sasl-host" ) == 0 ) {
+                       if ( cargc < 2 ) {
+                               Debug( LDAP_DEBUG_ANY,
+           "%s: line %d: missing host in \"sasl-host <host>\" line\n",
+                                   fname, lineno, 0 );
+                               return( 1 );
+                       }
+
+                       if ( global_host != NULL ) {
+                               Debug( LDAP_DEBUG_ANY,
+                                       "%s: line %d: already set sasl-host!\n",
+                                       fname, lineno, 0 );
+                               return 1;
+
+                       } else {
+                               global_host = ch_strdup( cargv[1] );
+                       }
+
                /* set SASL realm */
                } else if ( strcasecmp( cargv[0], "sasl-realm" ) == 0 ) {
                        if ( cargc < 2 ) {
@@ -233,12 +253,10 @@ read_config( const char *fname )
                                    fname, lineno, 0 );
                                return( 1 );
                        }
-                       if ( be != NULL ) {
-                               be->be_realm = ch_strdup( cargv[1] );
 
-                       } else if ( global_realm != NULL ) {
+                       if ( global_realm != NULL ) {
                                Debug( LDAP_DEBUG_ANY,
-                                       "%s: line %d: already set global realm!\n",
+                                       "%s: line %d: already set sasl-realm!\n",
                                        fname, lineno, 0 );
                                return 1;
 

diff --git a/servers/slapd/proto-slap.h b/servers/slapd/proto-slap.h
index 2178bf67a9cce9c306625ee12ced380a9c44e8a1..5789dc79254b8a1e95e2090a3bbbad55fd75862b 100644 (file)
--- a/servers/slapd/proto-slap.h
+++ b/servers/slapd/proto-slap.h
@@ -767,6 +767,7 @@ LDAP_SLAPD_F (slap_access_t)        global_default_access;
 LDAP_SLAPD_F (int)             global_lastmod;
 LDAP_SLAPD_F (int)             global_idletimeout;
 LDAP_SLAPD_F (int)             global_schemacheck;
+LDAP_SLAPD_F (char)            *global_host;
 LDAP_SLAPD_F (char)            *global_realm;
 LDAP_SLAPD_F (char)            *default_passwd_hash;
 LDAP_SLAPD_F (int)             lber_debug;

diff --git a/servers/slapd/sasl.c b/servers/slapd/sasl.c
index 7363716c92a75072e9b319d9492bd34719b72906..f776f7d44d86b496757b77421742294833121fc6 100644 (file)
--- a/servers/slapd/sasl.c
+++ b/servers/slapd/sasl.c
@@ -25,7 +25,6 @@
 #include <lutil.h>
 #endif
 
-static char *sasl_host = NULL;
 static sasl_security_properties_t sasl_secprops;
 
 
@@ -195,13 +194,8 @@ int slap_sasl_init( void )
                return -1;
        }
 
-       if( sasl_host == NULL ) {
-               sasl_host = ldap_pvt_get_fqdn( NULL );
-       }
-
-       Debug( LDAP_DEBUG_TRACE,
-               "slap_sasl_init: %s initialized!\n",
-               sasl_host, 0, 0 );
+       Debug( LDAP_DEBUG_TRACE, "slap_sasl_init: initialized!\n",
+               0, 0, 0 );
 
        /* default security properties */
        memset( &sasl_secprops, '\0', sizeof(sasl_secprops) );
@@ -259,8 +253,12 @@ int slap_sasl_open( Connection *conn )
        session_callbacks[2].proc = NULL;
        session_callbacks[2].context = NULL;
 
+       if( global_host == NULL ) {
+               global_host = ldap_pvt_get_fqdn( NULL );
+       }
+
        /* create new SASL context */
-       sc = sasl_server_new( "ldap", sasl_host, global_realm,
+       sc = sasl_server_new( "ldap", global_host, global_realm,
                session_callbacks, SASL_SECURITY_LAYER, &ctx );
 
        if( sc != SASL_OK ) {