NULL, "requested protocol version not supported", NULL, NULL );
goto cleanup;
- } else if (( global_disallows & SLAP_DISALLOW_BIND_V2 ) &&
+ } else if (!( global_allows & SLAP_ALLOW_BIND_V2 ) &&
version < LDAP_VERSION3 )
{
send_ldap_result( conn, op, rc = LDAP_PROTOCOL_ERROR,
text = NULL;
if( cred.bv_len &&
- ( global_disallows & SLAP_DISALLOW_BIND_ANON_CRED ))
+ !( global_allows & SLAP_ALLOW_BIND_ANON_CRED ))
{
/* cred is not empty, disallow */
rc = LDAP_INVALID_CREDENTIALS;
} else if ( ndn != NULL && *ndn != '\0' &&
- ( global_disallows & SLAP_DISALLOW_BIND_ANON_DN ))
+ !( global_allows & SLAP_ALLOW_BIND_ANON_DN ))
{
/* DN is not empty, disallow */
rc = LDAP_UNWILLING_TO_PERFORM;
allows = 0;
for( i=1; i < cargc; i++ ) {
- if( strcasecmp( cargv[i], "tls_2_anon" ) == 0 ) {
- allows |= SLAP_ALLOW_TLS_2_ANON;
+ if( strcasecmp( cargv[i], "bind_v2" ) == 0 ) {
+ allows |= SLAP_ALLOW_BIND_V2;
+
+ } else if( strcasecmp( cargv[i], "bind_anon_cred" ) == 0 ) {
+ allows |= SLAP_ALLOW_BIND_ANON_CRED;
+
+ } else if( strcasecmp( cargv[i], "bind_anon_dn" ) == 0 ) {
+ allows |= SLAP_ALLOW_BIND_ANON_DN;
} else if( strcasecmp( cargv[i], "none" ) != 0 ) {
#ifdef NEW_LOGGING
disallows = 0;
for( i=1; i < cargc; i++ ) {
- if( strcasecmp( cargv[i], "bind_v2" ) == 0 ) {
- disallows |= SLAP_DISALLOW_BIND_V2;
-
- } else if( strcasecmp( cargv[i], "bind_anon" ) == 0 ) {
+ if( strcasecmp( cargv[i], "bind_anon" ) == 0 ) {
disallows |= SLAP_DISALLOW_BIND_ANON;
- } else if( strcasecmp( cargv[i], "bind_anon_cred" ) == 0 ) {
- disallows |= SLAP_DISALLOW_BIND_ANON_CRED;
-
- } else if( strcasecmp( cargv[i], "bind_anon_dn" ) == 0 ) {
- disallows |= SLAP_DISALLOW_BIND_ANON_DN;
-
} else if( strcasecmp( cargv[i], "bind_simple" ) == 0 ) {
disallows |= SLAP_DISALLOW_BIND_SIMPLE;
} else if( strcasecmp( cargv[i], "bind_krbv4" ) == 0 ) {
disallows |= SLAP_DISALLOW_BIND_KRBV4;
+ } else if( strcasecmp( cargv[i], "tls_2_anon" ) == 0 ) {
+ disallows |= SLAP_DISALLOW_TLS_2_ANON;
+
} else if( strcasecmp( cargv[i], "tls_authc" ) == 0 ) {
disallows |= SLAP_DISALLOW_TLS_AUTHC;
/* supportedLDAPVersion */
for ( i=LDAP_VERSION_MIN; i<=LDAP_VERSION_MAX; i++ ) {
- if (( global_disallows & SLAP_DISALLOW_BIND_V2 ) &&
+ if (!( global_allows & SLAP_ALLOW_BIND_V2 ) &&
( i < LDAP_VERSION3 ) )
{
/* version 2 and lower are disallowed */
}
}
+ /* it's a REALLY bad idea to disable schema checks */
if( !global_schemacheck ) return LDAP_SUCCESS;
/* find the object class attribute - could error out here */
return structural_class( ocmod->sml_bvalues, sc,
text, textbuf, textlen );
-}
\ No newline at end of file
+}
#include "ldap_defaults.h"
+#include <stdio.h>
#include <ac/stdlib.h>
#include <sys/types.h>
| SLAP_RESTRICT_OP_MODIFY \
| SLAP_RESTRICT_OP_RENAME )
-#define SLAP_ALLOW_TLS_2_ANON 0x0001U /* StartTLS -> Anonymous */
+#define SLAP_ALLOW_BIND_V2 0x0001U /* LDAPv2 bind */
+#define SLAP_ALLOW_BIND_ANON_CRED 0x0002U /* cred should be empty */
+#define SLAP_ALLOW_BIND_ANON_DN 0x0003U /* dn should be empty */
-#define SLAP_DISALLOW_BIND_V2 0x0001U /* LDAPv2 bind */
-#define SLAP_DISALLOW_BIND_ANON 0x0002U /* no anonymous */
-#define SLAP_DISALLOW_BIND_ANON_CRED \
- 0x0004U /* cred should be empty */
-#define SLAP_DISALLOW_BIND_ANON_DN \
- 0x0008U /* dn should be empty */
+#define SLAP_DISALLOW_BIND_ANON 0x0001U /* no anonymous */
+#define SLAP_DISALLOW_BIND_SIMPLE 0x0002U /* simple authentication */
+#define SLAP_DISALLOW_BIND_KRBV4 0x0004U /* Kerberos V4 authentication */
-#define SLAP_DISALLOW_BIND_SIMPLE 0x0010U /* simple authentication */
-#define SLAP_DISALLOW_BIND_KRBV4 0x0020U /* Kerberos V4 authentication */
-
-#define SLAP_DISALLOW_TLS_AUTHC 0x0100U /* TLS while authenticated */
+#define SLAP_DISALLOW_TLS_2_ANON 0x0010U /* StartTLS -> Anonymous */
+#define SLAP_DISALLOW_TLS_AUTHC 0x0020U /* TLS while authenticated */
slap_mask_t be_requires; /* pre-operation requirements */
#define SLAP_REQUIRE_BIND 0x0001U /* bind before op */
goto done;
}
- if ( ( global_disallows & SLAP_DISALLOW_TLS_AUTHC ) &&
+ if ( !( global_disallows & SLAP_DISALLOW_TLS_2_ANON ) &&
( conn->c_dn != NULL ) )
{
- *text = "cannot start TLS after authentication";
- rc = LDAP_OPERATIONS_ERROR;
- goto done;
+ /* force to anonymous */
+ connection2anonymous( conn );
}
- if ( ( global_allows & SLAP_ALLOW_TLS_2_ANON ) &&
+ if ( ( global_disallows & SLAP_DISALLOW_TLS_AUTHC ) &&
( conn->c_dn != NULL ) )
{
- /* force to anonymous */
- connection2anonymous( conn );
+ *text = "cannot start TLS after authentication";
+ rc = LDAP_OPERATIONS_ERROR;
+ goto done;
}
/* fail if TLS could not be initialized */
projects / openldap / commitdiff