From: Howard Chu Date: Wed, 29 Jul 2009 09:04:39 +0000 (+0000) Subject: ITS#5942 consolidate server URL match to config_check_my_url(). X-Git-Tag: ACLCHECK_0~391 X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=bf69b8e0650d4b7059a9a58f0e4c12422ac8a2b4;p=openldap ITS#5942 consolidate server URL match to config_check_my_url(). In syncrepl, assume consumer pointing to same server but different searchbase is OK otherwise ignore config. --- diff --git a/servers/slapd/bconfig.c b/servers/slapd/bconfig.c index b10713ab6c..e4ccd84d0a 100644 --- a/servers/slapd/bconfig.c +++ b/servers/slapd/bconfig.c @@ -1824,66 +1824,13 @@ sortval_reject: *sip = si; if (( slapMode & SLAP_SERVER_MODE ) && c->argc > 2 ) { - Listener **l = slapd_get_listeners(); - int i, isMe = 0; - - /* Try a straight compare with Listener strings */ - for ( i=0; l && l[i]; i++ ) { - if ( !strcasecmp( c->argv[2], l[i]->sl_url.bv_val )) { - isMe = 1; - break; - } - } - - /* If hostname is empty, or is localhost, or matches - * our hostname, this serverID refers to this host. - * Compare it against listeners and ports. - */ - if ( !isMe && ( !lud->lud_host || !lud->lud_host[0] || - !strncasecmp("localhost", lud->lud_host, - STRLENOF("localhost")) || - !strcasecmp( global_host, lud->lud_host ))) { - - for ( i=0; l && l[i]; i++ ) { - LDAPURLDesc *lu2; - ldap_url_parse( l[i]->sl_url.bv_val, &lu2 ); - do { - if ( strcasecmp( lud->lud_scheme, - lu2->lud_scheme )) - break; - if ( lud->lud_port != lu2->lud_port ) - break; - /* Listener on ANY address */ - if ( !lu2->lud_host || !lu2->lud_host[0] ) { - isMe = 1; - break; - } - /* URL on ANY address */ - if ( !lud->lud_host || !lud->lud_host[0] ) { - isMe = 1; - break; - } - /* Listener has specific host, must - * match it - */ - if ( !strcasecmp( lud->lud_host, - lu2->lud_host )) { - isMe = 1; - break; - } - } while(0); - ldap_free_urldesc( lu2 ); - if ( isMe ) { - break; - } - } - } - if ( isMe ) { + Listener *l = config_check_my_url( c->argv[2], lud ); + if ( l ) { slap_serverID = si->si_num; Debug( LDAP_DEBUG_CONFIG, "%s: SID=%d (listener=%s)\n", c->log, slap_serverID, - l[i]->sl_url.bv_val ); + l->sl_url.bv_val ); } } if ( c->argc > 2 ) diff --git a/servers/slapd/config.c b/servers/slapd/config.c index 7fc4ae1bbe..12bd3b5cc5 100644 --- a/servers/slapd/config.c +++ b/servers/slapd/config.c @@ -2126,3 +2126,66 @@ int config_generic_wrapper( Backend *be, const char *fname, int lineno, } return rc; } + +/* See if the given URL (in plain and parsed form) matches + * any of the server's listener addresses. Return matching + * Listener or NULL for no match. + */ +Listener *config_check_my_url( const char *url, LDAPURLDesc *lud ) +{ + Listener **l = slapd_get_listeners(); + int i, isMe; + + /* Try a straight compare with Listener strings */ + for ( i=0; l && l[i]; i++ ) { + if ( !strcasecmp( url, l[i]->sl_url.bv_val )) { + return l[i]; + } + } + + isMe = 0; + /* If hostname is empty, or is localhost, or matches + * our hostname, this url refers to this host. + * Compare it against listeners and ports. + */ + if ( !lud->lud_host || !lud->lud_host[0] || + !strncasecmp("localhost", lud->lud_host, + STRLENOF("localhost")) || + !strcasecmp( global_host, lud->lud_host )) { + + for ( i=0; l && l[i]; i++ ) { + LDAPURLDesc *lu2; + ldap_url_parse( l[i]->sl_url.bv_val, &lu2 ); + do { + if ( strcasecmp( lud->lud_scheme, + lu2->lud_scheme )) + break; + if ( lud->lud_port != lu2->lud_port ) + break; + /* Listener on ANY address */ + if ( !lu2->lud_host || !lu2->lud_host[0] ) { + isMe = 1; + break; + } + /* URL on ANY address */ + if ( !lud->lud_host || !lud->lud_host[0] ) { + isMe = 1; + break; + } + /* Listener has specific host, must + * match it + */ + if ( !strcasecmp( lud->lud_host, + lu2->lud_host )) { + isMe = 1; + break; + } + } while(0); + ldap_free_urldesc( lu2 ); + if ( isMe ) { + return l[i]; + } + } + } + return NULL; +} diff --git a/servers/slapd/config.h b/servers/slapd/config.h index 99eb6b2c8e..4c929dea6d 100644 --- a/servers/slapd/config.h +++ b/servers/slapd/config.h @@ -196,6 +196,7 @@ ConfigTable * config_find_keyword(ConfigTable *ct, ConfigArgs *c); Entry * config_build_entry( Operation *op, SlapReply *rs, CfEntryInfo *parent, ConfigArgs *c, struct berval *rdn, ConfigOCs *main, ConfigOCs *extra ); +Listener *config_check_my_url(const char *url, LDAPURLDesc *lud); int config_shadow( ConfigArgs *c, int flag ); #define config_slurp_shadow(c) config_shadow((c), SLAP_DBFLAG_SLURP_SHADOW) #define config_sync_shadow(c) config_shadow((c), SLAP_DBFLAG_SYNC_SHADOW) diff --git a/servers/slapd/syncrepl.c b/servers/slapd/syncrepl.c index 07e9dd7857..627e43a3d2 100644 --- a/servers/slapd/syncrepl.c +++ b/servers/slapd/syncrepl.c @@ -4332,6 +4332,8 @@ add_syncrepl( rc = parse_syncrepl_line( c, si ); if ( rc == 0 ) { + LDAPURLDesc *lud; + /* Must be LDAPv3 because we need controls */ switch ( si->si_bindconf.sb_version ) { case 0: @@ -4349,24 +4351,35 @@ add_syncrepl( return 1; } + if ( ldap_url_parse( si->si_bindconf.sb_uri.bv_val, &lud )) { + snprintf( c->cr_msg, sizeof( c->cr_msg ), + "<%s> invalid URL", c->argv[0] ); + Debug( LDAP_DEBUG_ANY, "%s: %s %s\n", + c->log, c->cr_msg, si->si_bindconf.sb_uri.bv_val ); + return 1; + } + si->si_be = c->be; if ( slapMode & SLAP_SERVER_MODE ) { - Listener **l = slapd_get_listeners(); int isMe = 0; - - /* check if URL points to current server. If so, ignore - * this configuration. We require an exact match. Just - * in case they really want to do this, they can vary - * the case of the URL to allow it. + /* check if consumer points to current server and database. + * If so, ignore this configuration. */ - if ( l && !SLAP_DBHIDDEN( c->be ) ) { + if ( !SLAP_DBHIDDEN( c->be ) ) { int i; - for ( i=0; l[i]; i++ ) { - if ( bvmatch( &l[i]->sl_url, &si->si_bindconf.sb_uri ) ) { + /* if searchbase doesn't match current DB suffix, + * assume it's different + */ + for ( i=0; !BER_BVISNULL( &c->be->be_nsuffix[i] ); i++ ) { + if ( bvmatch( &si->si_base, &c->be->be_nsuffix[i] )) { isMe = 1; break; } } + /* if searchbase matches, see if URLs match */ + if ( isMe && config_check_my_url( si->si_bindconf.sb_uri.bv_val, + lud ) == NULL ) + isMe = 0; } if ( !isMe ) { @@ -4385,6 +4398,7 @@ add_syncrepl( /* mirrormode still needs to see this flag in tool mode */ rc = config_sync_shadow( c ) ? -1 : 0; } + ldap_free_urldesc( lud ); } #ifdef HAVE_TLS