From a60438c1ceefd1874dd31ca061c28d5fba2a8e0b Mon Sep 17 00:00:00 2001 From: Kurt Zeilenga Date: Wed, 30 Aug 2000 01:44:39 +0000 Subject: [PATCH] Add sasl-host option and treat sasl-realm as global only (ie: not backend specific). --- servers/slapd/backend.c | 3 --- servers/slapd/config.c | 26 ++++++++++++++++++++++---- servers/slapd/proto-slap.h | 1 + servers/slapd/sasl.c | 16 +++++++--------- 4 files changed, 30 insertions(+), 16 deletions(-) diff --git a/servers/slapd/backend.c b/servers/slapd/backend.c index 8953d8e8de..309f26c2ad 100644 --- a/servers/slapd/backend.c +++ b/servers/slapd/backend.c @@ -400,9 +400,6 @@ backend_db_init( /* assign a default depth limit for alias deref */ be->be_max_deref_depth = SLAPD_DEFAULT_MAXDEREFDEPTH; - be->be_realm = global_realm != NULL - ? ch_strdup( global_realm ) : NULL; - if(bi->bi_db_init) { rc = bi->bi_db_init( be ); } diff --git a/servers/slapd/config.c b/servers/slapd/config.c index 1e0077c7d6..c9c245e06b 100644 --- a/servers/slapd/config.c +++ b/servers/slapd/config.c @@ -32,6 +32,7 @@ slap_ssf_set_t global_ssf_set; char *replogfile; int global_lastmod = ON; int global_idletimeout = 0; +char *global_host = NULL; char *global_realm = NULL; char *ldap_srvtab = ""; char *default_passwd_hash; @@ -225,6 +226,25 @@ read_config( const char *fname ) default_passwd_hash = ch_strdup( cargv[1] ); } + /* set SASL host */ + } else if ( strcasecmp( cargv[0], "sasl-host" ) == 0 ) { + if ( cargc < 2 ) { + Debug( LDAP_DEBUG_ANY, + "%s: line %d: missing host in \"sasl-host \" line\n", + fname, lineno, 0 ); + return( 1 ); + } + + if ( global_host != NULL ) { + Debug( LDAP_DEBUG_ANY, + "%s: line %d: already set sasl-host!\n", + fname, lineno, 0 ); + return 1; + + } else { + global_host = ch_strdup( cargv[1] ); + } + /* set SASL realm */ } else if ( strcasecmp( cargv[0], "sasl-realm" ) == 0 ) { if ( cargc < 2 ) { @@ -233,12 +253,10 @@ read_config( const char *fname ) fname, lineno, 0 ); return( 1 ); } - if ( be != NULL ) { - be->be_realm = ch_strdup( cargv[1] ); - } else if ( global_realm != NULL ) { + if ( global_realm != NULL ) { Debug( LDAP_DEBUG_ANY, - "%s: line %d: already set global realm!\n", + "%s: line %d: already set sasl-realm!\n", fname, lineno, 0 ); return 1; diff --git a/servers/slapd/proto-slap.h b/servers/slapd/proto-slap.h index 2178bf67a9..5789dc7925 100644 --- a/servers/slapd/proto-slap.h +++ b/servers/slapd/proto-slap.h @@ -767,6 +767,7 @@ LDAP_SLAPD_F (slap_access_t) global_default_access; LDAP_SLAPD_F (int) global_lastmod; LDAP_SLAPD_F (int) global_idletimeout; LDAP_SLAPD_F (int) global_schemacheck; +LDAP_SLAPD_F (char) *global_host; LDAP_SLAPD_F (char) *global_realm; LDAP_SLAPD_F (char) *default_passwd_hash; LDAP_SLAPD_F (int) lber_debug; diff --git a/servers/slapd/sasl.c b/servers/slapd/sasl.c index 7363716c92..f776f7d44d 100644 --- a/servers/slapd/sasl.c +++ b/servers/slapd/sasl.c @@ -25,7 +25,6 @@ #include #endif -static char *sasl_host = NULL; static sasl_security_properties_t sasl_secprops; @@ -195,13 +194,8 @@ int slap_sasl_init( void ) return -1; } - if( sasl_host == NULL ) { - sasl_host = ldap_pvt_get_fqdn( NULL ); - } - - Debug( LDAP_DEBUG_TRACE, - "slap_sasl_init: %s initialized!\n", - sasl_host, 0, 0 ); + Debug( LDAP_DEBUG_TRACE, "slap_sasl_init: initialized!\n", + 0, 0, 0 ); /* default security properties */ memset( &sasl_secprops, '\0', sizeof(sasl_secprops) ); @@ -259,8 +253,12 @@ int slap_sasl_open( Connection *conn ) session_callbacks[2].proc = NULL; session_callbacks[2].context = NULL; + if( global_host == NULL ) { + global_host = ldap_pvt_get_fqdn( NULL ); + } + /* create new SASL context */ - sc = sasl_server_new( "ldap", sasl_host, global_realm, + sc = sasl_server_new( "ldap", global_host, global_realm, session_callbacks, SASL_SECURITY_LAYER, &ctx ); if( sc != SASL_OK ) { -- 2.39.5