From 8eb455e7b2f2b7d52a59fbab82d31468766ebea9 Mon Sep 17 00:00:00 2001 From: Pierangelo Masarati Date: Mon, 11 Sep 2006 00:52:43 +0000 Subject: [PATCH] add sb_version to slap_bindconf; rework slap_client_connect() and slap_discover_feature() accordingly --- servers/slapd/back-ldap/chain.c | 4 ++++ servers/slapd/back-ldap/config.c | 16 +++++++++++-- servers/slapd/back-ldap/init.c | 41 +++++++------------------------- servers/slapd/back-meta/init.c | 12 ++++++---- servers/slapd/config.c | 13 +++++++--- servers/slapd/proto-slap.h | 5 ++-- servers/slapd/root_dse.c | 24 ++++--------------- servers/slapd/slap.h | 1 + servers/slapd/syncrepl.c | 21 +++++++++++++++- 9 files changed, 73 insertions(+), 64 deletions(-) diff --git a/servers/slapd/back-ldap/chain.c b/servers/slapd/back-ldap/chain.c index 6bf0deac50..e03b919bb4 100644 --- a/servers/slapd/back-ldap/chain.c +++ b/servers/slapd/back-ldap/chain.c @@ -478,6 +478,8 @@ Document: draft-ietf-ldapbis-protocol-27.txt lip->li_bvuri = bvuri; rc = ldap_chain_db_open_one( op->o_bd ); if ( rc != 0 ) { + lip->li_uri = NULL; + lip->li_bvuri = NULL; (void)ldap_chain_db_destroy_one( op->o_bd ); goto cleanup; } @@ -632,6 +634,8 @@ ldap_chain_search( lip->li_bvuri = bvuri; rc = ldap_chain_db_open_one( op->o_bd ); if ( rc != 0 ) { + lip->li_uri = NULL; + lip->li_bvuri = NULL; (void)ldap_chain_db_destroy_one( op->o_bd ); goto cleanup; } diff --git a/servers/slapd/back-ldap/config.c b/servers/slapd/back-ldap/config.c index cd93d834c5..fab18dcb8a 100644 --- a/servers/slapd/back-ldap/config.c +++ b/servers/slapd/back-ldap/config.c @@ -1549,6 +1549,7 @@ done_url:; && mask == LDAP_BACK_F_T_F_DISCOVER && !LDAP_BACK_T_F( li ) ) { + slap_bindconf sb = { 0 }; int rc; if ( li->li_uri == NULL ) { @@ -1559,7 +1560,12 @@ done_url:; return 1; } - rc = slap_discover_feature( li->li_uri, li->li_version, + ber_str2bv( li->li_uri, 0, 0, &sb.sb_uri ); + sb.sb_version = li->li_version; + sb.sb_method = LDAP_AUTH_SIMPLE; + BER_BVSTR( &sb.sb_binddn, "" ); + + rc = slap_discover_feature( &sb, slap_schema.si_ad_supportedFeatures->ad_cname.bv_val, LDAP_FEATURE_ABSOLUTE_FILTERS ); if ( rc == LDAP_COMPARE_TRUE ) { @@ -1688,6 +1694,7 @@ done_url:; && mask == LDAP_BACK_F_CANCEL_EXOP_DISCOVER && !LDAP_BACK_CANCEL( li ) ) { + slap_bindconf sb = { 0 }; int rc; if ( li->li_uri == NULL ) { @@ -1698,7 +1705,12 @@ done_url:; return 1; } - rc = slap_discover_feature( li->li_uri, li->li_version, + ber_str2bv( li->li_uri, 0, 0, &sb.sb_uri ); + sb.sb_version = li->li_version; + sb.sb_method = LDAP_AUTH_SIMPLE; + BER_BVSTR( &sb.sb_binddn, "" ); + + rc = slap_discover_feature( &sb, slap_schema.si_ad_supportedExtension->ad_cname.bv_val, LDAP_EXOP_CANCEL ); if ( rc == LDAP_COMPARE_TRUE ) { diff --git a/servers/slapd/back-ldap/init.c b/servers/slapd/back-ldap/init.c index 06cc1beda8..42ef7877fd 100644 --- a/servers/slapd/back-ldap/init.c +++ b/servers/slapd/back-ldap/init.c @@ -154,6 +154,9 @@ ldap_back_db_open( BackendDB *be ) { ldapinfo_t *li = (ldapinfo_t *)be->be_private; + slap_bindconf sb = { 0 }; + int rc; + Debug( LDAP_DEBUG_TRACE, "ldap_back_db_open: URI=%s\n", li->li_uri != NULL ? li->li_uri : "", 0, 0 ); @@ -171,39 +174,15 @@ ldap_back_db_open( BackendDB *be ) break; } -#if 0 && defined(SLAPD_MONITOR) - { - /* FIXME: disabled because namingContexts doesn't have - * a matching rule, and using an MRA filter doesn't work - * because the normalized assertion is compared to the - * non-normalized value, which in general differs from - * the normalized one. See ITS#3406 */ - struct berval filter, - base = BER_BVC( "cn=Databases," SLAPD_MONITOR ); - Attribute a = { 0 }; - - filter.bv_len = STRLENOF( "(&(namingContexts:distinguishedNameMatch:=)(monitoredInfo=ldap))" ) - + be->be_nsuffix[ 0 ].bv_len; - filter.bv_val = ch_malloc( filter.bv_len + 1 ); - snprintf( filter.bv_val, filter.bv_len + 1, - "(&(namingContexts:distinguishedNameMatch:=%s)(monitoredInfo=ldap))", - be->be_nsuffix[ 0 ].bv_val ); - - a.a_desc = slap_schema.si_ad_labeledURI; - a.a_vals = li->li_bvuri; - a.a_nvals = li->li_bvuri; - if ( monitor_back_register_entry_attrs( NULL, &a, NULL, &base, LDAP_SCOPE_SUBTREE, &filter ) ) { - /* error */ - } - - ch_free( filter.bv_val ); - } -#endif /* SLAPD_MONITOR */ + ber_str2bv( li->li_uri, 0, 0, &sb.sb_uri ); + sb.sb_version = li->li_version; + sb.sb_method = LDAP_AUTH_SIMPLE; + BER_BVSTR( &sb.sb_binddn, "" ); if ( LDAP_BACK_T_F_DISCOVER( li ) && !LDAP_BACK_T_F( li ) ) { int rc; - rc = slap_discover_feature( li->li_uri, li->li_version, + rc = slap_discover_feature( &sb, slap_schema.si_ad_supportedFeatures->ad_cname.bv_val, LDAP_FEATURE_ABSOLUTE_FILTERS ); if ( rc == LDAP_COMPARE_TRUE ) { @@ -212,9 +191,7 @@ ldap_back_db_open( BackendDB *be ) } if ( LDAP_BACK_CANCEL_DISCOVER( li ) && !LDAP_BACK_CANCEL( li ) ) { - int rc; - - rc = slap_discover_feature( li->li_uri, li->li_version, + rc = slap_discover_feature( &sb, slap_schema.si_ad_supportedExtension->ad_cname.bv_val, LDAP_EXOP_CANCEL ); if ( rc == LDAP_COMPARE_TRUE ) { diff --git a/servers/slapd/back-meta/init.c b/servers/slapd/back-meta/init.c index 7fee4d1c3f..46aee301ca 100644 --- a/servers/slapd/back-meta/init.c +++ b/servers/slapd/back-meta/init.c @@ -128,11 +128,16 @@ meta_back_db_open( int i, rc; for ( i = 0; i < mi->mi_ntargets; i++ ) { + slap_bindconf sb = { 0 }; metatarget_t *mt = mi->mi_targets[ i ]; + ber_str2bv( mt->mt_uri, 0, 0, &sb.sb_uri ); + sb.sb_version = mt->mt_version; + sb.sb_method = LDAP_AUTH_SIMPLE; + BER_BVSTR( &sb.sb_binddn, "" ); + if ( META_BACK_TGT_T_F_DISCOVER( mt ) ) { - rc = slap_discover_feature( mt->mt_uri, - mt->mt_version, + rc = slap_discover_feature( &sb, slap_schema.si_ad_supportedFeatures->ad_cname.bv_val, LDAP_FEATURE_ABSOLUTE_FILTERS ); if ( rc == LDAP_COMPARE_TRUE ) { @@ -141,8 +146,7 @@ meta_back_db_open( } if ( META_BACK_TGT_CANCEL_DISCOVER( mt ) ) { - rc = slap_discover_feature( mt->mt_uri, - mt->mt_version, + rc = slap_discover_feature( &sb, slap_schema.si_ad_supportedExtension->ad_cname.bv_val, LDAP_EXOP_CANCEL ); if ( rc == LDAP_COMPARE_TRUE ) { diff --git a/servers/slapd/config.c b/servers/slapd/config.c index a9bacd0a62..70a5a6375f 100644 --- a/servers/slapd/config.c +++ b/servers/slapd/config.c @@ -1052,8 +1052,15 @@ static slap_verbmasks methkey[] = { { BER_BVNULL, 0 } }; +static slap_verbmasks versionkey[] = { + { BER_BVC("2"), LDAP_VERSION2 }, + { BER_BVC("3"), LDAP_VERSION3 }, + { BER_BVNULL, 0 } +}; + static slap_cf_aux_table bindkey[] = { { BER_BVC("uri="), offsetof(slap_bindconf, sb_uri), 'b', 1, NULL }, + { BER_BVC("version="), offsetof(slap_bindconf, sb_version), 'd', 0, versionkey }, { BER_BVC("bindmethod="), offsetof(slap_bindconf, sb_method), 'd', 0, methkey }, { BER_BVC("binddn="), offsetof(slap_bindconf, sb_binddn), 'b', 1, NULL }, { BER_BVC("credentials="), offsetof(slap_bindconf, sb_cred), 'b', 1, NULL }, @@ -1416,7 +1423,7 @@ int bindconf_tls_set( slap_bindconf *bc, LDAP *ld ) * note: should move "version" into bindconf... */ int -slap_client_connect( LDAP **ldp, slap_bindconf *sb, int version ) +slap_client_connect( LDAP **ldp, slap_bindconf *sb ) { LDAP *ld = NULL; int rc; @@ -1431,9 +1438,9 @@ slap_client_connect( LDAP **ldp, slap_bindconf *sb, int version ) return rc; } - if ( version != 0 ) { + if ( sb->sb_version != 0 ) { ldap_set_option( ld, LDAP_OPT_PROTOCOL_VERSION, - (const void *)&version ); + (const void *)&sb->sb_version ); } #ifdef HAVE_TLS diff --git a/servers/slapd/proto-slap.h b/servers/slapd/proto-slap.h index 7f91c961cf..28a0226dfb 100644 --- a/servers/slapd/proto-slap.h +++ b/servers/slapd/proto-slap.h @@ -619,7 +619,7 @@ LDAP_SLAPD_F (int) bindconf_unparse LDAP_P(( LDAP_SLAPD_F (int) bindconf_tls_set LDAP_P(( slap_bindconf *bc, LDAP *ld )); LDAP_SLAPD_F (void) bindconf_free LDAP_P(( slap_bindconf *bc )); -LDAP_SLAPD_F (int) slap_client_connect LDAP_P(( LDAP **ldp, slap_bindconf *sb, int version )); +LDAP_SLAPD_F (int) slap_client_connect LDAP_P(( LDAP **ldp, slap_bindconf *sb )); LDAP_SLAPD_F (int) config_generic_wrapper LDAP_P(( Backend *be, const char *fname, int lineno, int argc, char **argv )); LDAP_SLAPD_F (char *) anlist_unparse LDAP_P(( AttributeName *, char *, ber_len_t buflen )); @@ -1390,8 +1390,7 @@ LDAP_SLAPD_F (int) read_root_dse_file LDAP_P(( const char *file)); LDAP_SLAPD_F (int) slap_discover_feature LDAP_P(( - const char *uri, - int version, + slap_bindconf *sb, const char *attr, const char *val )); diff --git a/servers/slapd/root_dse.c b/servers/slapd/root_dse.c index db2d83172a..670b9ca376 100644 --- a/servers/slapd/root_dse.c +++ b/servers/slapd/root_dse.c @@ -459,12 +459,11 @@ int read_root_dse_file( const char *fname ) int slap_discover_feature( - const char *uri, - int version, + slap_bindconf *sb, const char *attr, const char *val ) { - LDAP *ld; + LDAP *ld = NULL; LDAPMessage *res = NULL, *entry; int rc, i; struct berval cred = BER_BVC( "" ), @@ -472,26 +471,12 @@ slap_discover_feature( **values = NULL; char *attrs[ 2 ] = { NULL, NULL }; - ber_str2bv( val, 0, 0, &bv_val ); - attrs[ 0 ] = (char *) attr; - - rc = ldap_initialize( &ld, uri ); - if ( rc != LDAP_SUCCESS ) { - return rc; - } - - rc = ldap_set_option( ld, LDAP_OPT_PROTOCOL_VERSION, - (const void *)&version ); - if ( rc != LDAP_SUCCESS ) { - goto done; - } - - rc = ldap_sasl_bind_s( ld, "", LDAP_SASL_SIMPLE, - &cred, NULL, NULL, NULL ); + rc = slap_client_connect( &ld, sb ); if ( rc != LDAP_SUCCESS ) { goto done; } + attrs[ 0 ] = (char *) attr; rc = ldap_search_ext_s( ld, "", LDAP_SCOPE_BASE, "(objectClass=*)", attrs, 0, NULL, NULL, NULL, 0, &res ); if ( rc != LDAP_SUCCESS ) { @@ -509,6 +494,7 @@ slap_discover_feature( goto done; } + ber_str2bv( val, 0, 0, &bv_val ); for ( i = 0; values[ i ] != NULL; i++ ) { if ( bvmatch( &bv_val, values[ i ] ) ) { rc = LDAP_COMPARE_TRUE; diff --git a/servers/slapd/slap.h b/servers/slapd/slap.h index 14537159da..0bf61525d0 100644 --- a/servers/slapd/slap.h +++ b/servers/slapd/slap.h @@ -1502,6 +1502,7 @@ LDAP_SLAPD_V (int) slapMode; typedef struct slap_bindconf { struct berval sb_uri; + int sb_version; int sb_tls; int sb_method; struct berval sb_binddn; diff --git a/servers/slapd/syncrepl.c b/servers/slapd/syncrepl.c index f491b3dcd8..6906faff46 100644 --- a/servers/slapd/syncrepl.c +++ b/servers/slapd/syncrepl.c @@ -423,7 +423,7 @@ do_syncrep1( psub = &si->si_be->be_nsuffix[0]; - rc = slap_client_connect( &si->si_ld, &si->si_bindconf, LDAP_VERSION3 ); + rc = slap_client_connect( &si->si_ld, &si->si_bindconf ); if ( rc != LDAP_SUCCESS ) { goto done; } @@ -3184,6 +3184,23 @@ add_syncrepl( rc = parse_syncrepl_line( c, si ); if ( rc == 0 ) { + /* Must be LDAPv3 because we need controls */ + switch ( si->si_bindconf.sb_version ) { + case 0: + /* not explicitly set */ + si->si_bindconf.sb_version = LDAP_VERSION3; + break; + case 3: + /* explicitly set */ + break; + default: + Debug( LDAP_DEBUG_ANY, + "version %d incompatible with syncrepl\n", + si->si_bindconf.sb_version, 0, 0 ); + syncinfo_free( si ); + return 1; + } + si->si_be = c->be; init_syncrepl( si ); si->si_re = ldap_pvt_runqueue_insert( &slapd_rq, si->si_interval, @@ -3222,8 +3239,10 @@ syncrepl_unparse( syncinfo_t *si, struct berval *bv ) /* temporarily inhibit bindconf from printing URI */ uri = si->si_bindconf.sb_uri; BER_BVZERO( &si->si_bindconf.sb_uri ); + si->si_bindconf.sb_version = 0; bindconf_unparse( &si->si_bindconf, &bc ); si->si_bindconf.sb_uri = uri; + si->si_bindconf.sb_version = LDAP_VERSION3; ptr = buf; ptr += snprintf( ptr, WHATSLEFT, IDSTR "=%03ld " PROVIDERSTR "=%s", -- 2.39.5