From 9715e7f008ed51912265486048b0183591e69c18 Mon Sep 17 00:00:00 2001 From: Kurt Zeilenga Date: Mon, 28 Aug 2000 18:58:13 +0000 Subject: [PATCH] Add disallow and requires to man page. Fix sasl ssf handling bug. --- doc/man/man5/slapd.conf.5 | 34 ++++++++++++++++++++++++++++++++++ servers/slapd/backend.c | 2 +- servers/slapd/bind.c | 4 ++++ 3 files changed, 39 insertions(+), 1 deletion(-) diff --git a/doc/man/man5/slapd.conf.5 b/doc/man/man5/slapd.conf.5 index a78833769f..cef9f2c2d2 100644 --- a/doc/man/man5/slapd.conf.5 +++ b/doc/man/man5/slapd.conf.5 @@ -125,6 +125,18 @@ recommended that directives be used instead. .RE .TP +.B disallow +Specify a set of features (separated by white space) to disallow. +.B bind_v2 +disables acceptance of LDAPv2 bind requests. +.B bind_anon +disables acceptance of anonymous bind requests. +.B bind_anon_cred +disables anonymous bind creditials are not empty (e.g. when +DN is empty). +.B bind_anon_dn +disables anonymous bind when DN is not empty. +.TP .B idletimeout Specify the number of seconds to wait before forcibly closing an idle client connections. A idletimeout of 0 disables this @@ -229,6 +241,28 @@ Specify the referral to pass back when cannot find a local database to handle a request. If specified multiple times, each url is provided. .TP +.B require +Specify a set of conditions (separated by white space) to require. +The directive may be specified globally and/or per-database. +.B bind +requires bind operation prior to directory operations. +.B LDAPv3 +requires session to be using LDAP version 3. +.B authc +requires authentication prior to directory operations. +.B SASL +requires SASL authentication prior to directory operations. +.B strong +requires strong authentication prior to directory operations. +Currently +.B SASL +and +.B strong +conditions are currently same. +.B none +may be used to require no conditions (useful for clearly globally +set conditions within a particular database). +.TP .B sasl-realm Used to specify Cyrus SASL realm. .TP diff --git a/servers/slapd/backend.c b/servers/slapd/backend.c index ca38d9f330..3cc017ca2f 100644 --- a/servers/slapd/backend.c +++ b/servers/slapd/backend.c @@ -733,7 +733,7 @@ backend_check_restrictions( if( op->o_authmech == NULL || op->o_dn == NULL || *op->o_dn == '\0' ) { - *text = "SASL authentication required"; + *text = "strong authentication required"; return LDAP_STRONG_AUTH_REQUIRED; } } diff --git a/servers/slapd/bind.c b/servers/slapd/bind.c index 446104f6ed..1e2fdbc36b 100644 --- a/servers/slapd/bind.c +++ b/servers/slapd/bind.c @@ -251,6 +251,10 @@ do_bind( conn->c_dn = edn; conn->c_authmech = mech; if( ssf ) conn->c_sasl_layers++; + conn->c_sasl_ssf = ssf; + if( ssf > conn->c_ssf ) { + conn->c_ssf = ssf; + } ldap_pvt_thread_mutex_unlock( &conn->c_mutex ); } else if ( rc == LDAP_SASL_BIND_IN_PROGRESS ) { -- 2.39.5