int nmatches, regmatch_t *matches );
static slap_control_t acl_mask(
- AccessControl *ac, slap_access_mask_t *mask,
+ AccessControl *ac, slap_mask_t *mask,
Backend *be, Connection *conn, Operation *op,
Entry *e,
AttributeDescription *desc,
#ifdef LDAP_DEBUG
char accessmaskbuf[ACCESSMASK_MAXLEN];
#endif
- slap_access_mask_t mask;
+ slap_mask_t mask;
slap_control_t control;
const char *attr = desc ? desc->ad_cname->bv_val : NULL;
static slap_control_t
acl_mask(
AccessControl *a,
- slap_access_mask_t *mask,
+ slap_mask_t *mask,
Backend *be,
Connection *conn,
Operation *op,
accessmask2str( *mask, accessmaskbuf ) );
for ( i = 1, b = a->acl_access; b != NULL; b = b->a_next, i++ ) {
- slap_access_mask_t oldmask, modmask;
+ slap_mask_t oldmask, modmask;
ACL_INVALIDATE( modmask );
/* this case works different from the others above.
* since aci's themselves give permissions, we need
- * to first check b->a_mask, the ACL's access level.
+ * to first check b->a_access_mask, the ACL's access level.
*/
if( op->o_ndn == NULL || op->o_ndn[0] == '\0' ) {
/* first check if the right being requested
* is allowed by the ACL clause.
*/
- if ( ! ACL_GRANT( b->a_mask, *mask ) ) {
+ if ( ! ACL_GRANT( b->a_access_mask, *mask ) ) {
continue;
}
}
/* remove anything that the ACL clause does not allow */
- tgrant &= b->a_mask & ACL_PRIV_MASK;
+ tgrant &= b->a_access_mask & ACL_PRIV_MASK;
tdeny &= ACL_PRIV_MASK;
/* see if we have anything to contribute */
} else
#endif
{
- modmask = b->a_mask;
+ modmask = b->a_access_mask;
}
b = (Access *) ch_calloc( 1, sizeof(Access) );
- ACL_INVALIDATE( b->a_mask );
+ ACL_INVALIDATE( b->a_access_mask );
if ( ++i == argc ) {
fprintf( stderr,
if( i == argc || ( strcasecmp( left, "stop" ) == 0 )) {
/* out of arguments or plain stop */
- ACL_PRIV_ASSIGN(b->a_mask, ACL_PRIV_ADDITIVE);
+ ACL_PRIV_ASSIGN(b->a_access_mask, ACL_PRIV_ADDITIVE);
b->a_type = ACL_STOP;
access_append( &a->acl_access, b );
if( strcasecmp( left, "continue" ) == 0 ) {
/* plain continue */
- ACL_PRIV_ASSIGN(b->a_mask, ACL_PRIV_ADDITIVE);
+ ACL_PRIV_ASSIGN(b->a_access_mask, ACL_PRIV_ADDITIVE);
b->a_type = ACL_CONTINUE;
access_append( &a->acl_access, b );
if( strcasecmp( left, "break" ) == 0 ) {
/* plain continue */
- ACL_PRIV_ASSIGN(b->a_mask, ACL_PRIV_ADDITIVE);
+ ACL_PRIV_ASSIGN(b->a_access_mask, ACL_PRIV_ADDITIVE);
b->a_type = ACL_BREAK;
access_append( &a->acl_access, b );
if ( strcasecmp( left, "by" ) == 0 ) {
/* we've gone too far */
--i;
- ACL_PRIV_ASSIGN(b->a_mask, ACL_PRIV_ADDITIVE);
+ ACL_PRIV_ASSIGN(b->a_access_mask, ACL_PRIV_ADDITIVE);
b->a_type = ACL_STOP;
access_append( &a->acl_access, b );
/* get <access> */
if( strncasecmp( left, "self", 4 ) == 0 ) {
b->a_dn_self = 1;
- ACL_PRIV_ASSIGN( b->a_mask, str2accessmask( &left[4] ) );
+ ACL_PRIV_ASSIGN( b->a_access_mask, str2accessmask( &left[4] ) );
} else {
- ACL_PRIV_ASSIGN( b->a_mask, str2accessmask( left ) );
+ ACL_PRIV_ASSIGN( b->a_access_mask, str2accessmask( left ) );
}
- if( ACL_IS_INVALID( b->a_mask ) ) {
+ if( ACL_IS_INVALID( b->a_access_mask ) ) {
fprintf( stderr,
"%s: line %d: expecting <access> got \"%s\"\n",
fname, lineno, left );
}
char *
-accessmask2str( slap_access_mask_t mask, char *buf )
+accessmask2str( slap_mask_t mask, char *buf )
{
int none=1;
return buf;
}
-slap_access_mask_t
+slap_mask_t
str2accessmask( const char *str )
{
- slap_access_mask_t mask;
+ slap_mask_t mask;
if( !ASCII_ALPHA(str[0]) ) {
int i;
fprintf( stderr, " %s%s",
b->a_dn_self ? "self" : "",
- accessmask2str( b->a_mask, maskbuf ) );
+ accessmask2str( b->a_access_mask, maskbuf ) );
if( b->a_type == ACL_BREAK ) {
fprintf( stderr, " break" );
if ( method == LDAP_AUTH_SASL ) {
char *edn;
- unsigned long ssf = 0;
+ slap_ssf_t ssf = 0;
if ( version < LDAP_VERSION3 ) {
Debug( LDAP_DEBUG_ANY, "do_bind: sasl with LDAPv%ld\n",
const char* peername,
const char* sockname,
int use_tls,
- unsigned ssf,
+ slap_ssf_t ssf,
char *authid )
{
unsigned long id;
} else if ( rc == 0 ) {
void *ssl;
- unsigned ssf;
+ slap_ssf_t ssf;
char *authid;
c->c_needs_tls_accept = 0;
/* we need to let SASL know */
ssl = (void *)ldap_pvt_tls_sb_handle( c->c_sb );
- ssf = (unsigned)ldap_pvt_tls_get_strength( ssl );
+ ssf = (slap_ssf_t) ldap_pvt_tls_get_strength( ssl );
authid = (char *)ldap_pvt_tls_get_peer( ssl );
slap_sasl_external( c, ssf, authid );
}
ber_int_t s;
socklen_t len = sizeof(from);
long id;
- unsigned ssf = 0;
+ slap_ssf_t ssf = 0;
char *authid = NULL;
char *dnsname;
static extop_list_t *find_extop( extop_list_t *list, char *oid );
-static int extop_callback(
- Connection *conn, Operation *op,
- int msg, int arg, void *argp);
-
char *
get_supported_extop (int index)
{
text = NULL;
refs = NULL;
- rc = (ext->ext_main)( extop_callback, conn, op,
+ rc = (ext->ext_main)( conn, op,
reqoid, reqdata,
&rspoid, &rspdata, &rspctrls, &text, &refs );
return(ext);
}
return(NULL);
-}
-
-int
-extop_callback(
- Connection *conn, Operation *op,
- int msg, int arg, void *argp)
-{
- if (argp == NULL)
- return(-1);
-
- switch (msg) {
- case SLAPD_EXTOP_GETVERSION:
- *(int *)argp = 1;
- return(0);
-
- case SLAPD_EXTOP_GETPROTO:
- *(int *)argp = op->o_protocol;
- return(0);
-
- case SLAPD_EXTOP_GETAUTH:
- *(int *)argp = op->o_authtype;
- return(0);
-
- case SLAPD_EXTOP_GETDN:
- *(char **)argp = op->o_dn;
- return(0);
-
- case SLAPD_EXTOP_GETCLIENT:
- if (conn->c_peer_domain != NULL && *conn->c_peer_domain != 0) {
- *(char **)argp = conn->c_peer_domain;
- return(0);
- }
- if (conn->c_peer_name != NULL && *conn->c_peer_name != 0) {
- *(char **)argp = conn->c_peer_name;
- return(0);
- }
- break;
-
- default:
- break;
- }
- return(-1);
-}
+}
\ No newline at end of file
#include <lutil.h>
int passwd_extop(
- SLAP_EXTOP_CALLBACK_FN ext_callback,
Connection *conn, Operation *op,
const char *reqoid,
struct berval *reqdata,
LDAP_SLAPD_F (slap_access_t) str2access LDAP_P(( const char *str ));
#define ACCESSMASK_MAXLEN sizeof("unknown (+wrscan)")
-LDAP_SLAPD_F (char *) accessmask2str LDAP_P(( slap_access_mask_t mask, char* ));
-LDAP_SLAPD_F (slap_access_mask_t) str2accessmask LDAP_P(( const char *str ));
+LDAP_SLAPD_F (char *) accessmask2str LDAP_P(( slap_mask_t mask, char* ));
+LDAP_SLAPD_F (slap_mask_t) str2accessmask LDAP_P(( const char *str ));
/*
* at.c
const char* peername,
const char* sockname,
int use_tls,
- unsigned ssf,
+ slap_ssf_t ssf,
char *id ));
LDAP_SLAPD_F (void) connection_closing LDAP_P(( Connection *c ));
* extended.c
*/
-#define SLAPD_EXTOP_GETVERSION 0
-#define SLAPD_EXTOP_GETPROTO 1
-#define SLAPD_EXTOP_GETAUTH 2
-#define SLAPD_EXTOP_GETDN 3
-#define SLAPD_EXTOP_GETCLIENT 4
-
-typedef int (*SLAP_EXTOP_CALLBACK_FN) LDAP_P((
- Connection *conn, Operation *op,
- int msg, int arg, void *argp ));
-
typedef int (*SLAP_EXTOP_MAIN_FN) LDAP_P((
- SLAP_EXTOP_CALLBACK_FN,
Connection *conn, Operation *op,
const char * reqoid,
struct berval * reqdata,
LDAP_SLAPD_F (char **) slap_sasl_mechs( Connection *c );
LDAP_SLAPD_F (int) slap_sasl_external( Connection *c,
- unsigned ssf, /* relative strength of external security */
+ slap_ssf_t ssf, /* relative strength of external security */
char *authid ); /* asserted authenication id */
LDAP_SLAPD_F (int) slap_sasl_reset( Connection *c );
Connection *conn, Operation *op,
const char *dn, const char *ndn,
const char *mech, struct berval *cred,
- char **edn, unsigned long *ssf ));
+ char **edn, slap_ssf_t *ssf ));
/* oc.c */
LDAP_SLAPD_F (int) oc_schema_info( Entry *e );
*/
LDAP_SLAPD_F (int) starttls_extop LDAP_P((
- SLAP_EXTOP_CALLBACK_FN,
Connection *conn, Operation *op,
const char * reqoid,
struct berval * reqdata,
* passwd.c
*/
LDAP_SLAPD_F (int) passwd_extop LDAP_P((
- SLAP_EXTOP_CALLBACK_FN,
Connection *conn, Operation *op,
const char * reqoid,
struct berval * reqdata,
int slap_sasl_external(
Connection *conn,
- unsigned ssf,
+ slap_ssf_t ssf,
char *auth_id )
{
#ifdef HAVE_CYRUS_SASL
return LDAP_UNAVAILABLE;
}
- memset( &extprops, 0L, sizeof(extprops) );
+ memset( &extprops, '\0', sizeof(extprops) );
extprops.ssf = ssf;
extprops.auth_id = auth_id;
const char *mech,
struct berval *cred,
char **edn,
- unsigned long *ssfp )
+ slap_ssf_t *ssfp )
{
int rc = 1;
caseIgnoreIA5SubstringsFilter,
NULL},
- {"( 1.3.6.1.4.1.4203.666.4.3 NAME 'caseExactIA5SubstringsMatch' "
+ {"( 1.3.6.1.4.1.4203.1.2.1 NAME 'caseExactIA5SubstringsMatch' "
"SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )",
SLAP_MR_SUBSTR,
NULL, NULL,
LDAP_SLAPD_F (int) slap_debug;
+typedef unsigned slap_ssf_t;
+typedef unsigned long slap_mask_t;
+
+
/*
* Index types
*/
#define SLAP_INDEX_LANG 0x4000UL /* use index with lang subtypes */
#define SLAP_INDEX_AUTO_LANG 0x8000UL /* use mask with lang subtypes */
-typedef unsigned long slap_mask_t;
-
/*
* there is a single index for each attribute. these prefixes ensure
* that there is no collision among keys.
ACL_STYLE_EXACT = ACL_STYLE_BASE
} slap_style_t;
-typedef unsigned long slap_access_mask_t;
/* the "by" part */
typedef struct slap_access {
#define ACL_LVL_ASSIGN_READ(m) ACL_PRIV_ASSIGN((m),ACL_LVL_READ)
#define ACL_LVL_ASSIGN_WRITE(m) ACL_PRIV_ASSIGN((m),ACL_LVL_WRITE)
- slap_access_mask_t a_mask;
+ slap_mask_t a_access_mask;
slap_style_t a_dn_style;
char *a_dn_pat;
pidfile %LOCALSTATEDIR%/slapd.pid
argsfile %LOCALSTATEDIR%/slapd.args
-# Load dynamic backend modules
-
+# Load dynamic backend modules:
# modulepath %MODULEDIR%
-# moduleload back_bdb2.la
# moduleload back_ldap.la
# moduleload back_ldbm.la
# moduleload back_passwd.la
-# moduleload back_perl.la
# moduleload back_shell.la
-# moduleload back_bdb2.la
-# moduleload back_tcl.la
#######################################################################
# ldbm database definitions
#suffix "o=My Organization Name, c=US"
rootdn "cn=Manager, dc=my-domain, dc=com"
#rootdn "cn=Manager, o=My Organization Name, c=US"
-# cleartext passwords, especially for the rootdn, should
+# Cleartext passwords, especially for the rootdn, should
# be avoid. See slappasswd(8) and slapd.conf(5) for details.
+# Use of strong authentication encouraged.
rootpw secret
-# database directory
-# this directory MUST exist prior to running slapd AND
+# The database directory MUST exist prior to running slapd AND
# should only be accessable by the slapd/tools. Mode 700 recommended.
directory %LOCALSTATEDIR%/openldap-ldbm
+# Indices to maintain
+index objectClass eq
int
starttls_extop (
- SLAP_EXTOP_CALLBACK_FN cb,
Connection *conn,
Operation *op,
const char * reqoid,
"Usage: %s [options]\n"
" -h hash\tpassword scheme\n"
" -s secret\tnew password\n"
+ " -u\t\tgenerate RFC2307 values\n"
" -v\t\tincrease verbosity\n"
, s );
struct berval *hash = NULL;
while( (i = getopt( argc, argv,
- "d:h:s:v" )) != EOF )
+ "d:h:s:vu" )) != EOF )
{
switch (i) {
case 'h': /* scheme */
}
break;
+ case 'u': /* RFC2307 userPassword */
+ break;
+
case 'v': /* verbose */
verbose++;
break;
cknewpw = getpassphrase("Re-enter new password: ");
if( strncmp( newpw, cknewpw, strlen(newpw) )) {
- fprintf( stderr, "passwords do not match\n" );
+ fprintf( stderr, "Password values do not match\n" );
return EXIT_FAILURE;
}
}
}
if( lutil_passwd( hash, &passwd, NULL ) ) {
- fprintf( stderr, "Password verificaiton failed.\n");
+ fprintf( stderr, "Password verification failed.\n");
return EXIT_FAILURE;
}
projects / openldap / commitdiff