Added replica retrieval

author Howard Chu <hyc@openldap.org>

Wed, 23 Feb 2005 12:03:14 +0000 (12:03 +0000)

committer Howard Chu <hyc@openldap.org>

Wed, 23 Feb 2005 12:03:14 +0000 (12:03 +0000)
author Howard Chu <hyc@openldap.org>
Wed, 23 Feb 2005 12:03:14 +0000 (12:03 +0000)
committer Howard Chu <hyc@openldap.org>
Wed, 23 Feb 2005 12:03:14 +0000 (12:03 +0000)
diff --git a/servers/slapd/config.c b/servers/slapd/config.c

index caf38175a52bac1e1e9f49a61ced6f1af295dfc1..2040b689f4e174ff9ffa20cd9d0580d0cba26216 100644 (file)
--- a/servers/slapd/config.c
+++ b/servers/slapd/config.c
@@ -480,7 +480,7 @@ static ConfigTable SystemConfiguration[] = {
                         "SYNTAX OMsInteger )", NULL, NULL },
         { "TLSCACertificateFile", NULL, 0, 0, 0,
  #ifdef HAVE_TLS
-               CFG_TLS_CA_FILE|ARG_MAGIC, &config_tls_option,
+               CFG_TLS_CA_FILE|ARG_STRING|ARG_MAGIC, &config_tls_option,
  #else
                 ARG_IGNORED, NULL,
  #endif
@@ -488,7 +488,7 @@ static ConfigTable SystemConfiguration[] = {
                         "SYNTAX OMsDirectoryString )", NULL, NULL },
         { "TLSCACertificatePath", NULL, 0, 0, 0,
  #ifdef HAVE_TLS
-               CFG_TLS_CA_PATH|ARG_MAGIC, &config_tls_option,
+               CFG_TLS_CA_PATH|ARG_STRING|ARG_MAGIC, &config_tls_option,
  #else
                 ARG_IGNORED, NULL,
  #endif
@@ -496,7 +496,7 @@ static ConfigTable SystemConfiguration[] = {
                         "SYNTAX OMsDirectoryString )", NULL, NULL },
         { "TLSCertificateFile", NULL, 0, 0, 0,
  #ifdef HAVE_TLS
-               CFG_TLS_CERT_FILE|ARG_MAGIC, &config_tls_option,
+               CFG_TLS_CERT_FILE|ARG_STRING|ARG_MAGIC, &config_tls_option,
  #else
                 ARG_IGNORED, NULL,
  #endif
@@ -504,7 +504,7 @@ static ConfigTable SystemConfiguration[] = {
                         "SYNTAX OMsDirectoryString )", NULL, NULL },
         { "TLSCertificateKeyFile", NULL, 0, 0, 0,
  #ifdef HAVE_TLS
-               CFG_TLS_CERT_KEY|ARG_MAGIC, &config_tls_option,
+               CFG_TLS_CERT_KEY|ARG_STRING|ARG_MAGIC, &config_tls_option,
  #else
                 ARG_IGNORED, NULL,
  #endif
@@ -512,7 +512,7 @@ static ConfigTable SystemConfiguration[] = {
                         "SYNTAX OMsDirectoryString )", NULL, NULL },
         { "TLSCipherSuite",     NULL, 0, 0, 0,
  #ifdef HAVE_TLS
-               CFG_TLS_CIPHER|ARG_MAGIC, &config_tls_option,
+               CFG_TLS_CIPHER|ARG_STRING|ARG_MAGIC, &config_tls_option,
  #else
                 ARG_IGNORED, NULL,
  #endif
@@ -520,7 +520,7 @@ static ConfigTable SystemConfiguration[] = {
                         "SYNTAX OMsDirectoryString )", NULL, NULL },
         { "TLSCRLCheck", NULL, 0, 0, 0,
  #ifdef HAVE_TLS
-               CFG_TLS_CRLCHECK|ARG_MAGIC, &config_tls_config,
+               CFG_TLS_CRLCHECK|ARG_STRING|ARG_MAGIC, &config_tls_config,
  #else
                 ARG_IGNORED, NULL,
  #endif
@@ -528,7 +528,7 @@ static ConfigTable SystemConfiguration[] = {
                         "SYNTAX OMsDirectoryString )", NULL, NULL },
         { "TLSRandFile", NULL, 0, 0, 0,
  #ifdef HAVE_TLS
-               CFG_TLS_RAND|ARG_MAGIC, &config_tls_option,
+               CFG_TLS_RAND|ARG_STRING|ARG_MAGIC, &config_tls_option,
  #else
                 ARG_IGNORED, NULL,
  #endif
@@ -536,7 +536,7 @@ static ConfigTable SystemConfiguration[] = {
                         "SYNTAX OMsDirectoryString )", NULL, NULL },
         { "TLSVerifyClient", NULL, 0, 0, 0,
  #ifdef HAVE_TLS
-               CFG_TLS_VERIFY|ARG_MAGIC, &config_tls_config,
+               CFG_TLS_VERIFY|ARG_STRING|ARG_MAGIC, &config_tls_config,
  #else
                 ARG_IGNORED, NULL,
  #endif
@@ -1917,13 +1917,194 @@ config_security(ConfigArgs *c) {
         return(0);
  }
  
+static struct verb_mask_list tlskey[] = {
+       { "no",         SB_TLS_OFF },
+       { "yes",                SB_TLS_ON },
+       { "critical",   SB_TLS_CRITICAL }
+};
+
+static struct verb_mask_list methkey[] = {
+       { "simple",     LDAP_AUTH_SIMPLE },
+#ifdef HAVE_CYRUS_SASL
+       { "sasl",       LDAP_AUTH_SASL },
+#endif
+       { NULL, 0 }
+};
+
+typedef struct cf_aux_table {
+       struct berval key;
+       int off;
+       int quote;
+       struct verb_mask_list *aux;
+} cf_aux_table;
+
+static cf_aux_table bindkey[] = {
+       { BER_BVC("starttls="), offsetof(slap_bindconf, sb_tls), 0, tlskey },
+       { BER_BVC("bindmethod="), offsetof(slap_bindconf, sb_method), 0, methkey },
+       { BER_BVC("binddn="), offsetof(slap_bindconf, sb_binddn), 1, NULL },
+       { BER_BVC("credentials="), offsetof(slap_bindconf, sb_cred), 1, NULL },
+       { BER_BVC("saslmech="), offsetof(slap_bindconf, sb_saslmech), 0, NULL },
+       { BER_BVC("secprops="), offsetof(slap_bindconf, sb_secprops), 0, NULL },
+       { BER_BVC("realm="), offsetof(slap_bindconf, sb_realm), 0, NULL },
+       { BER_BVC("authcID="), offsetof(slap_bindconf, sb_authcId), 0, NULL },
+       { BER_BVC("authzID="), offsetof(slap_bindconf, sb_authzId), 1, NULL },
+       { BER_BVNULL, 0, NULL }
+};
+
+int bindconf_parse( char *word, slap_bindconf *bc ) {
+       int i, rc = 0;
+       char **cptr;
+       cf_aux_table *tab;
+
+       for (tab = bindkey; !BER_BVISNULL(&tab->key); tab++) {
+               if ( !strncasecmp( word, tab->key.bv_val, tab->key.bv_len )) {
+                       cptr = (char **)((char *)bc + tab->off);
+                       if ( tab->aux ) {
+                               int j;
+                               rc = 1;
+                               for (j=0; tab->aux[j].word; j++) {
+                                       if (!strcasecmp(word+tab->key.bv_len, tab->aux[j].word)) {
+                                               int *ptr = (int *)cptr;
+                                               *ptr = tab->aux[j].mask;
+                                               rc = 0;
+                                       }
+                               }
+                               if (rc ) {
+                                       Debug(LDAP_DEBUG_ANY, "invalid bind config value %s\n",
+                                               word, 0, 0 );
+                               }
+                               return rc;
+                       }
+                       *cptr = ch_strdup(word+tab->key.bv_len);
+                       return 0;
+               }
+       }
+       return rc;
+}
+
+int bindconf_unparse( slap_bindconf *bc, struct berval *bv ) {
+       char buf[BUFSIZ], *ptr;
+       cf_aux_table *tab;
+       char **cptr;
+       struct berval tmp;
+
+       ptr = buf;
+       for (tab = bindkey; !BER_BVISNULL(&tab->key); tab++) {
+               cptr = (char **)((char *)bc + tab->off);
+               if ( tab->aux ) {
+                       int *ip = (int *)cptr, i;
+                       for ( i=0; tab->aux[i].word; i++ ) {
+                               if ( *ip == tab->aux[i].mask ) {
+                                       *ptr++ = ' ';
+                                       ptr = lutil_strcopy( ptr, tab->key.bv_val );
+                                       ptr = lutil_strcopy( ptr, tab->aux[i].word );
+                                       break;
+                               }
+                       }
+               } else if ( *cptr ) {
+                       *ptr++ = ' ';
+                       ptr = lutil_strcopy( ptr, tab->key.bv_val );
+                       if ( tab->quote ) *ptr++ = '"';
+                       ptr = lutil_strcopy( ptr, *cptr );
+                       if ( tab->quote ) *ptr++ = '"';
+               }
+       }
+       tmp.bv_val = buf;
+       tmp.bv_len = ptr - buf;
+       ber_dupbv( bv, &tmp );
+       return 0;
+}
+
+void bindconf_free( slap_bindconf *bc ) {
+       if ( bc->sb_binddn ) {
+               ch_free( bc->sb_binddn );
+       }
+       if ( bc->sb_cred ) {
+               ch_free( bc->sb_cred );
+       }
+       if ( bc->sb_saslmech ) {
+               ch_free( bc->sb_saslmech );
+       }
+       if ( bc->sb_secprops ) {
+               ch_free( bc->sb_secprops );
+       }
+       if ( bc->sb_realm ) {
+               ch_free( bc->sb_realm );
+       }
+       if ( bc->sb_authcId ) {
+               ch_free( bc->sb_authcId );
+       }
+       if ( bc->sb_authzId ) {
+               ch_free( bc->sb_authzId );
+       }
+}
+
+static void
+replica_unparse( struct slap_replica_info *ri, struct berval *bv )
+{
+       int len;
+       int i;
+       char *ptr;
+       struct berval bc = {0};
+
+       len = strlen( ri->ri_uri ) + STRLENOF("replica uri=");
+       if ( ri->ri_nsuffix ) {
+               for (i=0; !BER_BVISNULL( &ri->ri_nsuffix[i] ); i++) {
+                       len += ri->ri_nsuffix[i].bv_len + STRLENOF(" suffix=\"\"");
+               }
+       }
+       if ( ri->ri_attrs ) {
+               len += STRLENOF("attr");
+               if ( ri->ri_exclude ) len++;
+               for (i=0; !BER_BVISNULL( &ri->ri_attrs[i].an_name ); i++) {
+                       len += 1 + ri->ri_attrs[i].an_name.bv_len;
+               }
+       }
+       bindconf_unparse( &ri->ri_bindconf, &bc );
+       len += bc.bv_len;
+
+       bv->bv_val = ch_malloc(len + 1);
+       bv->bv_len = len;
+
+       ptr = lutil_strcopy( bv->bv_val, "replica uri=" );
+       ptr = lutil_strcopy( ptr, ri->ri_uri );
+
+       if ( ri->ri_nsuffix ) {
+               for (i=0; !BER_BVISNULL( &ri->ri_nsuffix[i] ); i++) {
+                       ptr = lutil_strcopy( ptr, " suffix=\"" );
+                       ptr = lutil_strcopy( ptr, ri->ri_nsuffix[i].bv_val );
+                       *ptr++ = '"';
+               }
+       }
+       if ( ri->ri_attrs ) {
+               int comma = 0;
+               ptr = lutil_strcopy( ptr, "attr" );
+               if ( ri->ri_exclude ) *ptr++ = '!';
+               *ptr++ = '=';
+               for (i=0; !BER_BVISNULL( &ri->ri_attrs[i].an_name ); i++) {
+                       if ( comma ) *ptr++ = ',';
+                       ptr = lutil_strcopy( ptr, ri->ri_attrs[i].an_name.bv_val );
+               }
+       }
+       if ( bc.bv_val )
+               strcpy( ptr, bc.bv_val );
+}
+
  static int
  config_replica(ConfigArgs *c) {
-       int i, nr = -1;
-       char *replicahost, *replicalog = NULL;
+       int i, nr = -1, len;
+       char *replicahost, *replicauri;
         LDAPURLDesc *ludp;
  
         if (c->emit) {
+               if (c->be->be_replica) {
+                       struct berval bv;
+                       for (i=0;c->be->be_replica[i]; i++) {
+                               replica_unparse( c->be->be_replica[i], &bv );
+                               ber_bvarray_add( &c->rvalue_vals, &bv );
+                       }
+                       return 0;
+               }
                 return 1;
         }
         if(SLAP_MONITOR(c->be)) {
@@ -1935,8 +2116,12 @@ config_replica(ConfigArgs *c) {
  
         for(i = 1; i < c->argc; i++) {
                 if(!strncasecmp(c->argv[i], "host=", STRLENOF("host="))) {
-                       replicalog = c->argv[i] + STRLENOF("host=");
-                       nr = add_replica_info(c->be, c->argv[i] + STRLENOF("host="));
+                       replicahost = c->argv[i] + STRLENOF("host=");
+                       len = strlen( replicahost );
+                       replicauri = ch_malloc( len + STRLENOF("ldap://") + 1 );
+                       sprintf( replicauri, "ldap://%s", replicahost );
+                       replicahost = replicauri + STRLENOF( "ldap://");
+                       nr = add_replica_info(c->be, replicauri, replicahost);
                         break;
                 } else if(!strncasecmp(c->argv[i], "uri=", STRLENOF("uri="))) {
                         if(ldap_url_parse(c->argv[i] + STRLENOF("uri="), &ludp) != LDAP_SUCCESS) {
@@ -1952,18 +2137,12 @@ config_replica(ConfigArgs *c) {
                                         c->log, 0, 0);
                                 return(1);
                         }
-                       replicahost = ch_malloc(strlen(c->argv[i]));
-                       if(!replicahost) {
-                               Debug(LDAP_DEBUG_ANY,
-                                       "out of memory in read_config\n", 0, 0, 0);
-                               ldap_free_urldesc(ludp);
-                               exit(EXIT_FAILURE);
-                       }
-                       sprintf(replicahost, "%s:%d", ludp->lud_host, ludp->lud_port);
-                       replicalog = c->argv[i] + STRLENOF("uri=");
-                       nr = add_replica_info(c->be, replicahost);
                         ldap_free_urldesc(ludp);
-                       ch_free(replicahost);
+                       replicauri = c->argv[i] + STRLENOF("uri=");
+                       replicauri = ch_strdup( replicauri );
+                       replicahost = strchr( replicauri, '/' );
+                       replicahost += 2;
+                       nr = add_replica_info(c->be, replicauri, replicahost);
                         break;
                 }
         }
@@ -1975,7 +2154,7 @@ config_replica(ConfigArgs *c) {
         } else if(nr == -1) {
                 Debug(LDAP_DEBUG_ANY, "%s: "
                         "unable to add replica \"%s\"\n",
-                       c->log, replicalog, 0);
+                       c->log, replicauri, 0);
                 return(1);
         } else {
                 for(i = 1; i < c->argc; i++) {
@@ -2009,6 +2188,9 @@ config_replica(ConfigArgs *c) {
                                                 c->log, arg + 1, 0);
                                         return(1);
                                 }
+                       } else if ( bindconf_parse( c->argv[i],
+                                       &c->be->be_replica[nr]->ri_bindconf ) ) {
+                               return(1);
                         }
                 }
         }
@@ -2062,7 +2244,7 @@ config_updateref(ConfigArgs *c) {
         }
         if(!SLAP_SHADOW(c->be)) {
                 Debug(LDAP_DEBUG_ANY, "%s: "
-                       "updateref line must after syncrepl or updatedn.\n",
+                       "updateref line must come after syncrepl or updatedn.\n",
                         c->log, 0, 0);
                 return(1);
         }
@@ -2079,8 +2261,6 @@ config_updateref(ConfigArgs *c) {
         return(0);
  }
  
-/* XXX meaningless in ldif */
-
  static int
  config_include(ConfigArgs *c) {
         unsigned long savelineno = c->lineno;
@@ -2116,33 +2296,61 @@ config_tls_option(ConfigArgs *c) {
         int flag;
         switch(c->type) {
         case CFG_TLS_RAND:              flag = LDAP_OPT_X_TLS_RANDOM_FILE;      break;
-       case CFG_TLS_CIPHER:            flag = LDAP_OPT_X_TLS_CIPHER_SUITE;     break;
+       case CFG_TLS_CIPHER:    flag = LDAP_OPT_X_TLS_CIPHER_SUITE;     break;
         case CFG_TLS_CERT_FILE: flag = LDAP_OPT_X_TLS_CERTFILE;         break;  
         case CFG_TLS_CERT_KEY:  flag = LDAP_OPT_X_TLS_KEYFILE;          break;
         case CFG_TLS_CA_PATH:   flag = LDAP_OPT_X_TLS_CACERTDIR;        break;
         case CFG_TLS_CA_FILE:   flag = LDAP_OPT_X_TLS_CACERTFILE;       break;
-               default:                Debug(LDAP_DEBUG_ANY, "%s: "
-                                               "unknown tls_option <%x>\n",
-                                               c->log, c->type, 0);
+       default:                Debug(LDAP_DEBUG_ANY, "%s: "
+                                       "unknown tls_option <%x>\n",
+                                       c->log, c->type, 0);
         }
         if (c->emit) {
-               return 1;
+               return ldap_pvt_tls_get_option( NULL, flag, &c->value_string );
         }
+       ch_free(c->value_string);
         return(ldap_pvt_tls_set_option(NULL, flag, c->argv[1]));
  }
  
+/* FIXME: this ought to be provided by libldap */
  static int
  config_tls_config(ConfigArgs *c) {
         int i, flag;
-       if (c->emit) {
-               return 1;
-       }
+       struct verb_mask_list crlkeys[] = {
+               { "none",       LDAP_OPT_X_TLS_CRL_NONE },
+               { "peer",       LDAP_OPT_X_TLS_CRL_PEER },
+               { "all",        LDAP_OPT_X_TLS_CRL_ALL },
+               { NULL, 0 }
+       };
+       struct verb_mask_list vfykeys[] = {
+               { "never",      LDAP_OPT_X_TLS_NEVER },
+               { "demand",     LDAP_OPT_X_TLS_DEMAND },
+               { "try",        LDAP_OPT_X_TLS_TRY },
+               { "hard",       LDAP_OPT_X_TLS_HARD }
+               { NULL, 0 }
+       }, *keys;
         switch(c->type) {
  #ifdef HAVE_OPENSSL_CRL
-       case CFG_TLS_CRLCHECK:  flag = LDAP_OPT_X_TLS_CRLCHECK;         break;
+       case CFG_TLS_CRLCHECK:  flag = LDAP_OPT_X_TLS_CRLCHECK; keys = crlkeys;
+               break;
  #endif
-       case CFG_TLS_VERIFY:    flag = LDAP_OPT_X_TLS_REQUIRE_CERT;     break;
+       case CFG_TLS_VERIFY:    flag = LDAP_OPT_X_TLS_REQUIRE_CERT; keys = vfykeys;
+               break;
+       default:                Debug(LDAP_DEBUG_ANY, "%s: "
+                                       "unknown tls_option <%x>\n",
+                                       c->log, c->type, 0);
         }
+       if (c->emit) {
+               ldap_pvt_tls_get_option( NULL, flag, &c->value_int );
+               for (i=0; keys[i].word; i++) {
+                       if (keys[i].mask == c->value_int) {
+                               c->value_string = ch_strdup( keys[i].word );
+                               rc = 0;
+                       }
+               }
+               return 1;
+       }
+       ch_free( c->value_string );
         if(isdigit((unsigned char)c->argv[1][0])) {
                 i = atoi(c->argv[1]);
                 return(ldap_pvt_tls_set_option(NULL, flag, &i));
@@ -2351,8 +2559,8 @@ add_syncrepl(
                 return 1;
         }
  
-       si->si_tls = SYNCINFO_TLS_OFF;
-       si->si_bindmethod = LDAP_AUTH_SIMPLE;
+       si->si_bindconf.sb_tls = SB_TLS_OFF;
+       si->si_bindconf.sb_method = LDAP_AUTH_SIMPLE;
         si->si_schemachecking = 0;
         ber_str2bv( "(objectclass=*)", STRLENOF("(objectclass=*)"), 1,
                 &si->si_filterstr );
@@ -2411,21 +2619,9 @@ add_syncrepl(
  #define SLIMITSTR              "sizelimit"
  #define TLIMITSTR              "timelimit"
  #define SCHEMASTR              "schemachecking"
-#define BINDMETHSTR            "bindmethod"
-#define SIMPLESTR                      "simple"
-#define SASLSTR                                "sasl"
-#define BINDDNSTR              "binddn"
-#define SASLMECHSTR            "saslmech"
-#define AUTHCSTR               "authcID"
-#define AUTHZSTR               "authzID"
-#define CREDSTR                        "credentials"
-#define REALMSTR               "realm"
-#define SECPROPSSTR            "secprops"
  
  /* FIXME: undocumented */
  #define OLDAUTHCSTR            "bindprincipal"
-#define STARTTLSSTR            "starttls"
-#define CRITICALSTR                    "critical"
  #define EXATTRSSTR             "exattrs"
  #define MANAGEDSAITSTR         "manageDSAit"
  #define RETRYSTR               "retry"
@@ -2442,10 +2638,9 @@ add_syncrepl(
  /* mandatory */
  #define GOT_ID                 0x0001
  #define GOT_PROVIDER           0x0002
-#define GOT_METHOD             0x0004
  
  /* check */
-#define GOT_ALL                        (GOT_ID|GOT_PROVIDER|GOT_METHOD)
+#define GOT_ALL                        (GOT_ID|GOT_PROVIDER)
  
  static int
  parse_syncrepl_line(
@@ -2479,79 +2674,6 @@ parse_syncrepl_line(
                         val = cargv[ i ] + STRLENOF( PROVIDERSTR "=" );
                         ber_str2bv( val, 0, 1, &si->si_provideruri );
                         gots |= GOT_PROVIDER;
-               } else if ( !strncasecmp( cargv[ i ], STARTTLSSTR "=",
-                                       STRLENOF(STARTTLSSTR "=") ) )
-               {
-                       val = cargv[ i ] + STRLENOF( STARTTLSSTR "=" );
-                       if( !strcasecmp( val, CRITICALSTR ) ) {
-                               si->si_tls = SYNCINFO_TLS_CRITICAL;
-                       } else {
-                               si->si_tls = SYNCINFO_TLS_ON;
-                       }
-               } else if ( !strncasecmp( cargv[ i ], BINDMETHSTR "=",
-                               STRLENOF( BINDMETHSTR "=" ) ) )
-               {
-                       val = cargv[ i ] + STRLENOF( BINDMETHSTR "=" );
-                       if ( !strcasecmp( val, SIMPLESTR )) {
-                               si->si_bindmethod = LDAP_AUTH_SIMPLE;
-                               gots |= GOT_METHOD;
-                       } else if ( !strcasecmp( val, SASLSTR )) {
-#ifdef HAVE_CYRUS_SASL
-                               si->si_bindmethod = LDAP_AUTH_SASL;
-                               gots |= GOT_METHOD;
-#else /* HAVE_CYRUS_SASL */
-                               fprintf( stderr, "Error: parse_syncrepl_line: "
-                                       "not compiled with SASL support\n" );
-                               return -1;
-#endif /* HAVE_CYRUS_SASL */
-                       } else {
-                               si->si_bindmethod = -1;
-                       }
-               } else if ( !strncasecmp( cargv[ i ], BINDDNSTR "=",
-                                       STRLENOF( BINDDNSTR "=" ) ) )
-               {
-                       val = cargv[ i ] + STRLENOF( BINDDNSTR "=" );
-                       si->si_binddn = ch_strdup( val );
-               } else if ( !strncasecmp( cargv[ i ], CREDSTR "=",
-                                       STRLENOF( CREDSTR "=" ) ) )
-               {
-                       val = cargv[ i ] + STRLENOF( CREDSTR "=" );
-                       si->si_passwd = ch_strdup( val );
-               } else if ( !strncasecmp( cargv[ i ], SASLMECHSTR "=",
-                                       STRLENOF( SASLMECHSTR "=" ) ) )
-               {
-                       val = cargv[ i ] + STRLENOF( SASLMECHSTR "=" );
-                       si->si_saslmech = ch_strdup( val );
-               } else if ( !strncasecmp( cargv[ i ], SECPROPSSTR "=",
-                                       STRLENOF( SECPROPSSTR "=" ) ) )
-               {
-                       val = cargv[ i ] + STRLENOF( SECPROPSSTR "=" );
-                       si->si_secprops = ch_strdup( val );
-               } else if ( !strncasecmp( cargv[ i ], REALMSTR "=",
-                                       STRLENOF( REALMSTR "=" ) ) )
-               {
-                       val = cargv[ i ] + STRLENOF( REALMSTR "=" );
-                       si->si_realm = ch_strdup( val );
-               } else if ( !strncasecmp( cargv[ i ], AUTHCSTR "=",
-                                       STRLENOF( AUTHCSTR "=" ) ) )
-               {
-                       val = cargv[ i ] + STRLENOF( AUTHCSTR "=" );
-                       if ( si->si_authcId )
-                               ch_free( si->si_authcId );
-                       si->si_authcId = ch_strdup( val );
-               } else if ( !strncasecmp( cargv[ i ], OLDAUTHCSTR "=",
-                                       STRLENOF( OLDAUTHCSTR "=" ) ) ) 
-               {
-                       /* Old authcID is provided for some backwards compatibility */
-                       val = cargv[ i ] + STRLENOF( OLDAUTHCSTR "=" );
-                       if ( si->si_authcId )
-                               ch_free( si->si_authcId );
-                       si->si_authcId = ch_strdup( val );
-               } else if ( !strncasecmp( cargv[ i ], AUTHZSTR "=",
-                                       STRLENOF( AUTHZSTR "=" ) ) )
-               {
-                       val = cargv[ i ] + STRLENOF( AUTHZSTR "=" );
-                       si->si_authzId = ch_strdup( val );
                 } else if ( !strncasecmp( cargv[ i ], SCHEMASTR "=",
                                         STRLENOF( SCHEMASTR "=" ) ) )
                 {
@@ -2799,7 +2921,7 @@ parse_syncrepl_line(
                 {
                         val = cargv[ i ] + STRLENOF( TLIMITSTR "=" );
                         si->si_tlimit = atoi( val );
-               } else {
+               } else if ( bindconf_parse( cargv[i], &si->si_bindconf )) {
                         fprintf( stderr, "Error: parse_syncrepl_line: "
                                 "unknown keyword \"%s\"\n", cargv[ i ] );
                         return -1;
diff --git a/servers/slapd/proto-slap.h b/servers/slapd/proto-slap.h

index 0bb03065acbcd0bb750d6dd1fabda218a7abb0ec..9cc0df4dd6ed4c4b6fa555a6c42364db633e2bde 100644 (file)
--- a/servers/slapd/proto-slap.h
+++ b/servers/slapd/proto-slap.h
@@ -1080,7 +1080,7 @@ LDAP_SLAPD_F (int) get_alias_dn LDAP_P((
   * repl.c
   */
  LDAP_SLAPD_F (int) add_replica_info LDAP_P(( Backend *be,
-       const char *host ));
+       const char *uri, const char *host ));
  LDAP_SLAPD_F (int) add_replica_suffix LDAP_P(( Backend *be,
         int nr, const char *suffix ));
  LDAP_SLAPD_F (int) add_replica_attrs LDAP_P(( Backend *be,
diff --git a/servers/slapd/repl.c b/servers/slapd/repl.c

index 28a2100a57ca14d7298a81d71a0928d575da56d1..529416023c97fc1cd7afa356f144c50c9a4c807a 100644 (file)
--- a/servers/slapd/repl.c
+++ b/servers/slapd/repl.c
@@ -42,6 +42,7 @@
  int
  add_replica_info(
      Backend     *be,
+    const char  *uri, 
      const char  *host 
  )
  {
@@ -59,7 +60,8 @@ add_replica_info(
  
         be->be_replica[ i ] 
                 = ch_calloc( sizeof( struct slap_replica_info ), 1 );
-       be->be_replica[ i ]->ri_host = ch_strdup( host );
+       be->be_replica[ i ]->ri_uri = uri;
+       be->be_replica[ i ]->ri_host = host;
         be->be_replica[ i ]->ri_nsuffix = NULL;
         be->be_replica[ i ]->ri_attrs = NULL;
         be->be_replica[ i + 1 ] = NULL;
diff --git a/servers/slapd/slap.h b/servers/slapd/slap.h

index 0adc7cdbd234f9a03d3ad79e0f20f26441d0bdfc..6a1858c05b02c5142c1e8967df14c288712f6fc1 100644 (file)
--- a/servers/slapd/slap.h
+++ b/servers/slapd/slap.h
@@ -1392,11 +1392,29 @@ LDAP_SLAPD_V (int) slapMode;
  #define        SLAP_TOOL_READONLY      0x0400
  #define        SLAP_TOOL_QUICK         0x0800
  
+#define SB_TLS_OFF             0
+#define SB_TLS_ON              1
+#define SB_TLS_CRITICAL        2
+
+typedef struct slap_bindconf {
+       int sb_tls;
+       int sb_method;
+       char *sb_binddn;
+       char *sb_cred;
+       char *sb_saslmech;
+       char *sb_secprops;
+       char *sb_realm;
+       char *sb_authcId;
+       char *sb_authzId;
+} slap_bindconf;
+
  struct slap_replica_info {
-       char *ri_host;                          /* supersedes be_replica */
+       char *ri_uri;                           /* supersedes be_replica */
+       char *ri_host;                          /* points to host part of uri */
         BerVarray ri_nsuffix;   /* array of suffixes this replica accepts */
         AttributeName *ri_attrs;        /* attrs to replicate, NULL=all */
         int ri_exclude;                 /* 1 => exclude ri_attrs */
+       slap_bindconf ri_bindconf;      /* for back-config */
  };
  
  struct slap_limits_set {
@@ -1487,18 +1505,7 @@ typedef struct syncinfo_s {
          struct slap_backend_db *si_be;
          long                           si_rid;
          struct berval                  si_provideruri;
-#define SYNCINFO_TLS_OFF               0
-#define SYNCINFO_TLS_ON                        1
-#define SYNCINFO_TLS_CRITICAL  2
-        int                                    si_tls;
-        int                                    si_bindmethod;
-        char                           *si_binddn;
-        char                           *si_passwd;
-        char                           *si_saslmech;
-        char                           *si_secprops;
-        char                           *si_realm;
-        char                           *si_authcId;
-        char                           *si_authzId;
+               slap_bindconf           si_bindconf;
                 int                                     si_schemachecking;
          struct berval          si_filterstr;
          struct berval          si_base;
@@ -1702,7 +1709,6 @@ struct slap_backend_db {
         ldap_pvt_thread_mutex_t                                 *be_pcl_mutexp;
         syncinfo_t                                                              *be_syncinfo; /* For syncrepl */
  
-       char    *be_realm;
         void    *be_pb;         /* Netscape plugin */
         struct ConfigTable *be_cf_table;
  
diff --git a/servers/slapd/syncrepl.c b/servers/slapd/syncrepl.c

index f9da2a59c594fc139601f09ca60af4d91e6918a6..9e387e8ab44bd9181a2a5858d78a4fba90c7acc6 100644 (file)
--- a/servers/slapd/syncrepl.c
+++ b/servers/slapd/syncrepl.c
@@ -244,9 +244,9 @@ ldap_sync_search(
         c[0].ldctl_iscritical = si->si_type < 0;
         ctrls[0] = &c[0];
  
-       if ( si->si_authzId ) {
+       if ( si->si_bindconf.sb_authzId ) {
                 c[1].ldctl_oid = LDAP_CONTROL_PROXY_AUTHZ;
-               ber_str2bv( si->si_authzId, 0, 0, &c[1].ldctl_value );
+               ber_str2bv( si->si_bindconf.sb_authzId, 0, 0, &c[1].ldctl_value );
                 c[1].ldctl_iscritical = 1;
                 ctrls[1] = &c[1];
                 ctrls[2] = NULL;
@@ -295,18 +295,18 @@ do_syncrep1(
  
         /* Bind to master */
  
-       if ( si->si_tls ) {
+       if ( si->si_bindconf.sb_tls ) {
                 rc = ldap_start_tls_s( si->si_ld, NULL, NULL );
                 if( rc != LDAP_SUCCESS ) {
                         Debug( LDAP_DEBUG_ANY,
                                 "%s: ldap_start_tls failed (%d)\n",
-                               si->si_tls == SYNCINFO_TLS_CRITICAL ? "Error" : "Warning",
+                               si->si_bindconf.sb_tls == SB_TLS_CRITICAL ? "Error" : "Warning",
                                 rc, 0 );
-                       if( si->si_tls == SYNCINFO_TLS_CRITICAL ) goto done;
+                       if( si->si_bindconf.sb_tls == SB_TLS_CRITICAL ) goto done;
                 }
         }
  
-       if ( si->si_bindmethod == LDAP_AUTH_SASL ) {
+       if ( si->si_bindconf.sb_method == LDAP_AUTH_SASL ) {
  #ifdef HAVE_CYRUS_SASL
                 void *defaults;
  
@@ -364,7 +364,7 @@ do_syncrep1(
  
         } else {
                 rc = ldap_bind_s( si->si_ld,
-                       si->si_binddn, si->si_passwd, si->si_bindmethod );
+                       si->si_bindconf.sb_binddn, si->si_bindconf.sb_cred, si->si_bindconf.sb_method );
                 if ( rc != LDAP_SUCCESS ) {
                         Debug( LDAP_DEBUG_ANY, "do_syncrep1: "
                                 "ldap_bind_s failed (%d)\n", rc, 0, 0 );
@@ -2087,27 +2087,9 @@ syncinfo_free( syncinfo_t *sie )
         if ( !BER_BVISNULL( &sie->si_provideruri ) ) {
                 ch_free( sie->si_provideruri.bv_val );
         }
-       if ( sie->si_binddn ) {
-               ch_free( sie->si_binddn );
-       }
-       if ( sie->si_passwd ) {
-               ch_free( sie->si_passwd );
-       }
-       if ( sie->si_saslmech ) {
-               ch_free( sie->si_saslmech );
-       }
-       if ( sie->si_secprops ) {
-               ch_free( sie->si_secprops );
-       }
-       if ( sie->si_realm ) {
-               ch_free( sie->si_realm );
-       }
-       if ( sie->si_authcId ) {
-               ch_free( sie->si_authcId );
-       }
-       if ( sie->si_authzId ) {
-               ch_free( sie->si_authzId );
-       }
+
+       bindconf_free( &sie->si_bindconf );
+
         if ( sie->si_filterstr.bv_val ) {
                 ch_free( sie->si_filterstr.bv_val );
         }
author	Howard Chu <hyc@openldap.org>
	Wed, 23 Feb 2005 12:03:14 +0000 (12:03 +0000)
committer	Howard Chu <hyc@openldap.org>
	Wed, 23 Feb 2005 12:03:14 +0000 (12:03 +0000)
servers/slapd/config.c		patch \| blob \| history
servers/slapd/proto-slap.h		patch \| blob \| history
servers/slapd/repl.c		patch \| blob \| history
servers/slapd/slap.h		patch \| blob \| history
servers/slapd/syncrepl.c		patch \| blob \| history