From 5852f7188b8016e9adda452b30e914058a55c80d Mon Sep 17 00:00:00 2001 From: Kurt Zeilenga Date: Mon, 11 Sep 2000 21:57:14 +0000 Subject: [PATCH] Add 'defaultSearchBase' configuration directive to help support brain-damaged LDAPv2 clients. --- doc/man/man5/slapd.conf.5 | 4 +++ servers/slapd/config.c | 56 +++++++++++++++++++++++++++++++++++++- servers/slapd/proto-slap.h | 2 ++ servers/slapd/search.c | 7 +++++ 4 files changed, 68 insertions(+), 1 deletion(-) diff --git a/doc/man/man5/slapd.conf.5 b/doc/man/man5/slapd.conf.5 index bae64808f0..699b0696d7 100644 --- a/doc/man/man5/slapd.conf.5 +++ b/doc/man/man5/slapd.conf.5 @@ -133,6 +133,10 @@ recommended that directives be used instead. .RE .TP +.B defaultsearchbase +Specify a default search base to use when client submits a +non-base search request with an empty base DN. +.TP .B disallow Specify a set of features (separated by white space) to disallow (default none). diff --git a/servers/slapd/config.c b/servers/slapd/config.c index b364a3066e..ef8fe5e0f2 100644 --- a/servers/slapd/config.c +++ b/servers/slapd/config.c @@ -38,6 +38,8 @@ char *global_realm = NULL; char *global_ucdata_path = NULL; char *ldap_srvtab = ""; char *default_passwd_hash; +char *default_search_base = NULL; +char *default_search_nbase = NULL; char *slapd_pid_file = NULL; char *slapd_args_file = NULL; @@ -167,6 +169,47 @@ read_config( const char *fname ) ldap_pvt_thread_set_concurrency( c ); + /* default search base */ + } else if ( strcasecmp( cargv[0], "defaultSearchBase" ) == 0 ) { + if ( cargc < 2 ) { + Debug( LDAP_DEBUG_ANY, "%s: line %d: " + "missing dn in \"defaultSearchBase \" line\n", + fname, lineno, 0 ); + return 1; + + } else if ( cargc > 2 ) { + Debug( LDAP_DEBUG_ANY, "%s: line %d: " + "extra cruft after in \"defaultSearchBase %s\", " + "line (ignored)\n", + fname, lineno, cargv[1] ); + } + + if ( bi != NULL || be != NULL ) { + Debug( LDAP_DEBUG_ANY, "%s: line %d: " + "defaultSearchBaase line must appear prior to " + "any backend or database definition\n", + fname, lineno, 0 ); + return 1; + } + + if ( default_search_base != NULL ) { + Debug( LDAP_DEBUG_ANY, "%s: line %d: " + "default search base \"%s\" already defined " + "(discarding old)\n", + fname, lineno, default_search_base ); + free( default_search_base ); + } + + default_search_base = ch_strdup( cargv[1] ); + default_search_nbase = ch_strdup( cargv[1] ); + + if( dn_normalize( default_search_nbase ) == NULL ) { + Debug( LDAP_DEBUG_ANY, "%s: line %d: " + "invalid default search base \"%s\"" + "(discarding old)\n", + fname, lineno, default_search_base ); + } + /* set maximum threads in thread pool */ } else if ( strcasecmp( cargv[0], "threads" ) == 0 ) { int c; @@ -359,7 +402,18 @@ read_config( const char *fname ) fname, lineno, tmp_be->be_suffix[0] ); } else { char *dn = ch_strdup( cargv[1] ); - (void) dn_validate( dn ); + if( dn_validate( dn ) == NULL ) { + Debug( LDAP_DEBUG_ANY, "%s: line %d: " + "suffix DN invalid \"%s\"\n", + fname, lineno, cargv[1] ); + return 1; + + } else if( *dn == '\0' && default_search_nbase != NULL ) { + Debug( LDAP_DEBUG_ANY, "%s: line %d: " + "suffix DN empty and default " + "search base provided \"%s\" (assuming okay)\n", + fname, lineno, default_search_base ); + } charray_add( &be->be_suffix, dn ); (void) ldap_pvt_str2upper( dn ); charray_add( &be->be_nsuffix, dn ); diff --git a/servers/slapd/proto-slap.h b/servers/slapd/proto-slap.h index 1172140607..fbcb5e2510 100644 --- a/servers/slapd/proto-slap.h +++ b/servers/slapd/proto-slap.h @@ -776,6 +776,8 @@ LDAP_SLAPD_F (char) *global_ucdata_path; LDAP_SLAPD_F (char) *default_passwd_hash; LDAP_SLAPD_F (int) lber_debug; LDAP_SLAPD_F (int) ldap_syslog; +LDAP_SLAPD_F (char *) default_search_base; +LDAP_SLAPD_F (char *) default_search_nbase; LDAP_SLAPD_F (ldap_pvt_thread_mutex_t) num_sent_mutex; LDAP_SLAPD_F (long) num_bytes_sent; diff --git a/servers/slapd/search.c b/servers/slapd/search.c index 92e36b0ab8..1749dede27 100644 --- a/servers/slapd/search.c +++ b/servers/slapd/search.c @@ -202,6 +202,13 @@ do_search( } } + if( nbase[0] == '\0' && default_search_nbase != NULL ) { + ch_free( base ); + ch_free( nbase ); + base = ch_strdup( default_search_base ); + nbase = ch_strdup( default_search_nbase ); + } + /* * We could be serving multiple database backends. Select the * appropriate one, or send a referral to our "referral server" -- 2.39.5