From c54cd8b7f1e39a2e9008e0b9ce97a61bf13e84bf Mon Sep 17 00:00:00 2001 From: Howard Chu Date: Wed, 23 Feb 2005 12:03:14 +0000 Subject: [PATCH] Added replica retrieval --- servers/slapd/config.c | 376 ++++++++++++++++++++++++------------- servers/slapd/proto-slap.h | 2 +- servers/slapd/repl.c | 4 +- servers/slapd/slap.h | 34 ++-- servers/slapd/syncrepl.c | 38 +--- 5 files changed, 283 insertions(+), 171 deletions(-) diff --git a/servers/slapd/config.c b/servers/slapd/config.c index caf38175a5..2040b689f4 100644 --- a/servers/slapd/config.c +++ b/servers/slapd/config.c @@ -480,7 +480,7 @@ static ConfigTable SystemConfiguration[] = { "SYNTAX OMsInteger )", NULL, NULL }, { "TLSCACertificateFile", NULL, 0, 0, 0, #ifdef HAVE_TLS - CFG_TLS_CA_FILE|ARG_MAGIC, &config_tls_option, + CFG_TLS_CA_FILE|ARG_STRING|ARG_MAGIC, &config_tls_option, #else ARG_IGNORED, NULL, #endif @@ -488,7 +488,7 @@ static ConfigTable SystemConfiguration[] = { "SYNTAX OMsDirectoryString )", NULL, NULL }, { "TLSCACertificatePath", NULL, 0, 0, 0, #ifdef HAVE_TLS - CFG_TLS_CA_PATH|ARG_MAGIC, &config_tls_option, + CFG_TLS_CA_PATH|ARG_STRING|ARG_MAGIC, &config_tls_option, #else ARG_IGNORED, NULL, #endif @@ -496,7 +496,7 @@ static ConfigTable SystemConfiguration[] = { "SYNTAX OMsDirectoryString )", NULL, NULL }, { "TLSCertificateFile", NULL, 0, 0, 0, #ifdef HAVE_TLS - CFG_TLS_CERT_FILE|ARG_MAGIC, &config_tls_option, + CFG_TLS_CERT_FILE|ARG_STRING|ARG_MAGIC, &config_tls_option, #else ARG_IGNORED, NULL, #endif @@ -504,7 +504,7 @@ static ConfigTable SystemConfiguration[] = { "SYNTAX OMsDirectoryString )", NULL, NULL }, { "TLSCertificateKeyFile", NULL, 0, 0, 0, #ifdef HAVE_TLS - CFG_TLS_CERT_KEY|ARG_MAGIC, &config_tls_option, + CFG_TLS_CERT_KEY|ARG_STRING|ARG_MAGIC, &config_tls_option, #else ARG_IGNORED, NULL, #endif @@ -512,7 +512,7 @@ static ConfigTable SystemConfiguration[] = { "SYNTAX OMsDirectoryString )", NULL, NULL }, { "TLSCipherSuite", NULL, 0, 0, 0, #ifdef HAVE_TLS - CFG_TLS_CIPHER|ARG_MAGIC, &config_tls_option, + CFG_TLS_CIPHER|ARG_STRING|ARG_MAGIC, &config_tls_option, #else ARG_IGNORED, NULL, #endif @@ -520,7 +520,7 @@ static ConfigTable SystemConfiguration[] = { "SYNTAX OMsDirectoryString )", NULL, NULL }, { "TLSCRLCheck", NULL, 0, 0, 0, #ifdef HAVE_TLS - CFG_TLS_CRLCHECK|ARG_MAGIC, &config_tls_config, + CFG_TLS_CRLCHECK|ARG_STRING|ARG_MAGIC, &config_tls_config, #else ARG_IGNORED, NULL, #endif @@ -528,7 +528,7 @@ static ConfigTable SystemConfiguration[] = { "SYNTAX OMsDirectoryString )", NULL, NULL }, { "TLSRandFile", NULL, 0, 0, 0, #ifdef HAVE_TLS - CFG_TLS_RAND|ARG_MAGIC, &config_tls_option, + CFG_TLS_RAND|ARG_STRING|ARG_MAGIC, &config_tls_option, #else ARG_IGNORED, NULL, #endif @@ -536,7 +536,7 @@ static ConfigTable SystemConfiguration[] = { "SYNTAX OMsDirectoryString )", NULL, NULL }, { "TLSVerifyClient", NULL, 0, 0, 0, #ifdef HAVE_TLS - CFG_TLS_VERIFY|ARG_MAGIC, &config_tls_config, + CFG_TLS_VERIFY|ARG_STRING|ARG_MAGIC, &config_tls_config, #else ARG_IGNORED, NULL, #endif @@ -1917,13 +1917,194 @@ config_security(ConfigArgs *c) { return(0); } +static struct verb_mask_list tlskey[] = { + { "no", SB_TLS_OFF }, + { "yes", SB_TLS_ON }, + { "critical", SB_TLS_CRITICAL } +}; + +static struct verb_mask_list methkey[] = { + { "simple", LDAP_AUTH_SIMPLE }, +#ifdef HAVE_CYRUS_SASL + { "sasl", LDAP_AUTH_SASL }, +#endif + { NULL, 0 } +}; + +typedef struct cf_aux_table { + struct berval key; + int off; + int quote; + struct verb_mask_list *aux; +} cf_aux_table; + +static cf_aux_table bindkey[] = { + { BER_BVC("starttls="), offsetof(slap_bindconf, sb_tls), 0, tlskey }, + { BER_BVC("bindmethod="), offsetof(slap_bindconf, sb_method), 0, methkey }, + { BER_BVC("binddn="), offsetof(slap_bindconf, sb_binddn), 1, NULL }, + { BER_BVC("credentials="), offsetof(slap_bindconf, sb_cred), 1, NULL }, + { BER_BVC("saslmech="), offsetof(slap_bindconf, sb_saslmech), 0, NULL }, + { BER_BVC("secprops="), offsetof(slap_bindconf, sb_secprops), 0, NULL }, + { BER_BVC("realm="), offsetof(slap_bindconf, sb_realm), 0, NULL }, + { BER_BVC("authcID="), offsetof(slap_bindconf, sb_authcId), 0, NULL }, + { BER_BVC("authzID="), offsetof(slap_bindconf, sb_authzId), 1, NULL }, + { BER_BVNULL, 0, NULL } +}; + +int bindconf_parse( char *word, slap_bindconf *bc ) { + int i, rc = 0; + char **cptr; + cf_aux_table *tab; + + for (tab = bindkey; !BER_BVISNULL(&tab->key); tab++) { + if ( !strncasecmp( word, tab->key.bv_val, tab->key.bv_len )) { + cptr = (char **)((char *)bc + tab->off); + if ( tab->aux ) { + int j; + rc = 1; + for (j=0; tab->aux[j].word; j++) { + if (!strcasecmp(word+tab->key.bv_len, tab->aux[j].word)) { + int *ptr = (int *)cptr; + *ptr = tab->aux[j].mask; + rc = 0; + } + } + if (rc ) { + Debug(LDAP_DEBUG_ANY, "invalid bind config value %s\n", + word, 0, 0 ); + } + return rc; + } + *cptr = ch_strdup(word+tab->key.bv_len); + return 0; + } + } + return rc; +} + +int bindconf_unparse( slap_bindconf *bc, struct berval *bv ) { + char buf[BUFSIZ], *ptr; + cf_aux_table *tab; + char **cptr; + struct berval tmp; + + ptr = buf; + for (tab = bindkey; !BER_BVISNULL(&tab->key); tab++) { + cptr = (char **)((char *)bc + tab->off); + if ( tab->aux ) { + int *ip = (int *)cptr, i; + for ( i=0; tab->aux[i].word; i++ ) { + if ( *ip == tab->aux[i].mask ) { + *ptr++ = ' '; + ptr = lutil_strcopy( ptr, tab->key.bv_val ); + ptr = lutil_strcopy( ptr, tab->aux[i].word ); + break; + } + } + } else if ( *cptr ) { + *ptr++ = ' '; + ptr = lutil_strcopy( ptr, tab->key.bv_val ); + if ( tab->quote ) *ptr++ = '"'; + ptr = lutil_strcopy( ptr, *cptr ); + if ( tab->quote ) *ptr++ = '"'; + } + } + tmp.bv_val = buf; + tmp.bv_len = ptr - buf; + ber_dupbv( bv, &tmp ); + return 0; +} + +void bindconf_free( slap_bindconf *bc ) { + if ( bc->sb_binddn ) { + ch_free( bc->sb_binddn ); + } + if ( bc->sb_cred ) { + ch_free( bc->sb_cred ); + } + if ( bc->sb_saslmech ) { + ch_free( bc->sb_saslmech ); + } + if ( bc->sb_secprops ) { + ch_free( bc->sb_secprops ); + } + if ( bc->sb_realm ) { + ch_free( bc->sb_realm ); + } + if ( bc->sb_authcId ) { + ch_free( bc->sb_authcId ); + } + if ( bc->sb_authzId ) { + ch_free( bc->sb_authzId ); + } +} + +static void +replica_unparse( struct slap_replica_info *ri, struct berval *bv ) +{ + int len; + int i; + char *ptr; + struct berval bc = {0}; + + len = strlen( ri->ri_uri ) + STRLENOF("replica uri="); + if ( ri->ri_nsuffix ) { + for (i=0; !BER_BVISNULL( &ri->ri_nsuffix[i] ); i++) { + len += ri->ri_nsuffix[i].bv_len + STRLENOF(" suffix=\"\""); + } + } + if ( ri->ri_attrs ) { + len += STRLENOF("attr"); + if ( ri->ri_exclude ) len++; + for (i=0; !BER_BVISNULL( &ri->ri_attrs[i].an_name ); i++) { + len += 1 + ri->ri_attrs[i].an_name.bv_len; + } + } + bindconf_unparse( &ri->ri_bindconf, &bc ); + len += bc.bv_len; + + bv->bv_val = ch_malloc(len + 1); + bv->bv_len = len; + + ptr = lutil_strcopy( bv->bv_val, "replica uri=" ); + ptr = lutil_strcopy( ptr, ri->ri_uri ); + + if ( ri->ri_nsuffix ) { + for (i=0; !BER_BVISNULL( &ri->ri_nsuffix[i] ); i++) { + ptr = lutil_strcopy( ptr, " suffix=\"" ); + ptr = lutil_strcopy( ptr, ri->ri_nsuffix[i].bv_val ); + *ptr++ = '"'; + } + } + if ( ri->ri_attrs ) { + int comma = 0; + ptr = lutil_strcopy( ptr, "attr" ); + if ( ri->ri_exclude ) *ptr++ = '!'; + *ptr++ = '='; + for (i=0; !BER_BVISNULL( &ri->ri_attrs[i].an_name ); i++) { + if ( comma ) *ptr++ = ','; + ptr = lutil_strcopy( ptr, ri->ri_attrs[i].an_name.bv_val ); + } + } + if ( bc.bv_val ) + strcpy( ptr, bc.bv_val ); +} + static int config_replica(ConfigArgs *c) { - int i, nr = -1; - char *replicahost, *replicalog = NULL; + int i, nr = -1, len; + char *replicahost, *replicauri; LDAPURLDesc *ludp; if (c->emit) { + if (c->be->be_replica) { + struct berval bv; + for (i=0;c->be->be_replica[i]; i++) { + replica_unparse( c->be->be_replica[i], &bv ); + ber_bvarray_add( &c->rvalue_vals, &bv ); + } + return 0; + } return 1; } if(SLAP_MONITOR(c->be)) { @@ -1935,8 +2116,12 @@ config_replica(ConfigArgs *c) { for(i = 1; i < c->argc; i++) { if(!strncasecmp(c->argv[i], "host=", STRLENOF("host="))) { - replicalog = c->argv[i] + STRLENOF("host="); - nr = add_replica_info(c->be, c->argv[i] + STRLENOF("host=")); + replicahost = c->argv[i] + STRLENOF("host="); + len = strlen( replicahost ); + replicauri = ch_malloc( len + STRLENOF("ldap://") + 1 ); + sprintf( replicauri, "ldap://%s", replicahost ); + replicahost = replicauri + STRLENOF( "ldap://"); + nr = add_replica_info(c->be, replicauri, replicahost); break; } else if(!strncasecmp(c->argv[i], "uri=", STRLENOF("uri="))) { if(ldap_url_parse(c->argv[i] + STRLENOF("uri="), &ludp) != LDAP_SUCCESS) { @@ -1952,18 +2137,12 @@ config_replica(ConfigArgs *c) { c->log, 0, 0); return(1); } - replicahost = ch_malloc(strlen(c->argv[i])); - if(!replicahost) { - Debug(LDAP_DEBUG_ANY, - "out of memory in read_config\n", 0, 0, 0); - ldap_free_urldesc(ludp); - exit(EXIT_FAILURE); - } - sprintf(replicahost, "%s:%d", ludp->lud_host, ludp->lud_port); - replicalog = c->argv[i] + STRLENOF("uri="); - nr = add_replica_info(c->be, replicahost); ldap_free_urldesc(ludp); - ch_free(replicahost); + replicauri = c->argv[i] + STRLENOF("uri="); + replicauri = ch_strdup( replicauri ); + replicahost = strchr( replicauri, '/' ); + replicahost += 2; + nr = add_replica_info(c->be, replicauri, replicahost); break; } } @@ -1975,7 +2154,7 @@ config_replica(ConfigArgs *c) { } else if(nr == -1) { Debug(LDAP_DEBUG_ANY, "%s: " "unable to add replica \"%s\"\n", - c->log, replicalog, 0); + c->log, replicauri, 0); return(1); } else { for(i = 1; i < c->argc; i++) { @@ -2009,6 +2188,9 @@ config_replica(ConfigArgs *c) { c->log, arg + 1, 0); return(1); } + } else if ( bindconf_parse( c->argv[i], + &c->be->be_replica[nr]->ri_bindconf ) ) { + return(1); } } } @@ -2062,7 +2244,7 @@ config_updateref(ConfigArgs *c) { } if(!SLAP_SHADOW(c->be)) { Debug(LDAP_DEBUG_ANY, "%s: " - "updateref line must after syncrepl or updatedn.\n", + "updateref line must come after syncrepl or updatedn.\n", c->log, 0, 0); return(1); } @@ -2079,8 +2261,6 @@ config_updateref(ConfigArgs *c) { return(0); } -/* XXX meaningless in ldif */ - static int config_include(ConfigArgs *c) { unsigned long savelineno = c->lineno; @@ -2116,33 +2296,61 @@ config_tls_option(ConfigArgs *c) { int flag; switch(c->type) { case CFG_TLS_RAND: flag = LDAP_OPT_X_TLS_RANDOM_FILE; break; - case CFG_TLS_CIPHER: flag = LDAP_OPT_X_TLS_CIPHER_SUITE; break; + case CFG_TLS_CIPHER: flag = LDAP_OPT_X_TLS_CIPHER_SUITE; break; case CFG_TLS_CERT_FILE: flag = LDAP_OPT_X_TLS_CERTFILE; break; case CFG_TLS_CERT_KEY: flag = LDAP_OPT_X_TLS_KEYFILE; break; case CFG_TLS_CA_PATH: flag = LDAP_OPT_X_TLS_CACERTDIR; break; case CFG_TLS_CA_FILE: flag = LDAP_OPT_X_TLS_CACERTFILE; break; - default: Debug(LDAP_DEBUG_ANY, "%s: " - "unknown tls_option <%x>\n", - c->log, c->type, 0); + default: Debug(LDAP_DEBUG_ANY, "%s: " + "unknown tls_option <%x>\n", + c->log, c->type, 0); } if (c->emit) { - return 1; + return ldap_pvt_tls_get_option( NULL, flag, &c->value_string ); } + ch_free(c->value_string); return(ldap_pvt_tls_set_option(NULL, flag, c->argv[1])); } +/* FIXME: this ought to be provided by libldap */ static int config_tls_config(ConfigArgs *c) { int i, flag; - if (c->emit) { - return 1; - } + struct verb_mask_list crlkeys[] = { + { "none", LDAP_OPT_X_TLS_CRL_NONE }, + { "peer", LDAP_OPT_X_TLS_CRL_PEER }, + { "all", LDAP_OPT_X_TLS_CRL_ALL }, + { NULL, 0 } + }; + struct verb_mask_list vfykeys[] = { + { "never", LDAP_OPT_X_TLS_NEVER }, + { "demand", LDAP_OPT_X_TLS_DEMAND }, + { "try", LDAP_OPT_X_TLS_TRY }, + { "hard", LDAP_OPT_X_TLS_HARD } + { NULL, 0 } + }, *keys; switch(c->type) { #ifdef HAVE_OPENSSL_CRL - case CFG_TLS_CRLCHECK: flag = LDAP_OPT_X_TLS_CRLCHECK; break; + case CFG_TLS_CRLCHECK: flag = LDAP_OPT_X_TLS_CRLCHECK; keys = crlkeys; + break; #endif - case CFG_TLS_VERIFY: flag = LDAP_OPT_X_TLS_REQUIRE_CERT; break; + case CFG_TLS_VERIFY: flag = LDAP_OPT_X_TLS_REQUIRE_CERT; keys = vfykeys; + break; + default: Debug(LDAP_DEBUG_ANY, "%s: " + "unknown tls_option <%x>\n", + c->log, c->type, 0); } + if (c->emit) { + ldap_pvt_tls_get_option( NULL, flag, &c->value_int ); + for (i=0; keys[i].word; i++) { + if (keys[i].mask == c->value_int) { + c->value_string = ch_strdup( keys[i].word ); + rc = 0; + } + } + return 1; + } + ch_free( c->value_string ); if(isdigit((unsigned char)c->argv[1][0])) { i = atoi(c->argv[1]); return(ldap_pvt_tls_set_option(NULL, flag, &i)); @@ -2351,8 +2559,8 @@ add_syncrepl( return 1; } - si->si_tls = SYNCINFO_TLS_OFF; - si->si_bindmethod = LDAP_AUTH_SIMPLE; + si->si_bindconf.sb_tls = SB_TLS_OFF; + si->si_bindconf.sb_method = LDAP_AUTH_SIMPLE; si->si_schemachecking = 0; ber_str2bv( "(objectclass=*)", STRLENOF("(objectclass=*)"), 1, &si->si_filterstr ); @@ -2411,21 +2619,9 @@ add_syncrepl( #define SLIMITSTR "sizelimit" #define TLIMITSTR "timelimit" #define SCHEMASTR "schemachecking" -#define BINDMETHSTR "bindmethod" -#define SIMPLESTR "simple" -#define SASLSTR "sasl" -#define BINDDNSTR "binddn" -#define SASLMECHSTR "saslmech" -#define AUTHCSTR "authcID" -#define AUTHZSTR "authzID" -#define CREDSTR "credentials" -#define REALMSTR "realm" -#define SECPROPSSTR "secprops" /* FIXME: undocumented */ #define OLDAUTHCSTR "bindprincipal" -#define STARTTLSSTR "starttls" -#define CRITICALSTR "critical" #define EXATTRSSTR "exattrs" #define MANAGEDSAITSTR "manageDSAit" #define RETRYSTR "retry" @@ -2442,10 +2638,9 @@ add_syncrepl( /* mandatory */ #define GOT_ID 0x0001 #define GOT_PROVIDER 0x0002 -#define GOT_METHOD 0x0004 /* check */ -#define GOT_ALL (GOT_ID|GOT_PROVIDER|GOT_METHOD) +#define GOT_ALL (GOT_ID|GOT_PROVIDER) static int parse_syncrepl_line( @@ -2479,79 +2674,6 @@ parse_syncrepl_line( val = cargv[ i ] + STRLENOF( PROVIDERSTR "=" ); ber_str2bv( val, 0, 1, &si->si_provideruri ); gots |= GOT_PROVIDER; - } else if ( !strncasecmp( cargv[ i ], STARTTLSSTR "=", - STRLENOF(STARTTLSSTR "=") ) ) - { - val = cargv[ i ] + STRLENOF( STARTTLSSTR "=" ); - if( !strcasecmp( val, CRITICALSTR ) ) { - si->si_tls = SYNCINFO_TLS_CRITICAL; - } else { - si->si_tls = SYNCINFO_TLS_ON; - } - } else if ( !strncasecmp( cargv[ i ], BINDMETHSTR "=", - STRLENOF( BINDMETHSTR "=" ) ) ) - { - val = cargv[ i ] + STRLENOF( BINDMETHSTR "=" ); - if ( !strcasecmp( val, SIMPLESTR )) { - si->si_bindmethod = LDAP_AUTH_SIMPLE; - gots |= GOT_METHOD; - } else if ( !strcasecmp( val, SASLSTR )) { -#ifdef HAVE_CYRUS_SASL - si->si_bindmethod = LDAP_AUTH_SASL; - gots |= GOT_METHOD; -#else /* HAVE_CYRUS_SASL */ - fprintf( stderr, "Error: parse_syncrepl_line: " - "not compiled with SASL support\n" ); - return -1; -#endif /* HAVE_CYRUS_SASL */ - } else { - si->si_bindmethod = -1; - } - } else if ( !strncasecmp( cargv[ i ], BINDDNSTR "=", - STRLENOF( BINDDNSTR "=" ) ) ) - { - val = cargv[ i ] + STRLENOF( BINDDNSTR "=" ); - si->si_binddn = ch_strdup( val ); - } else if ( !strncasecmp( cargv[ i ], CREDSTR "=", - STRLENOF( CREDSTR "=" ) ) ) - { - val = cargv[ i ] + STRLENOF( CREDSTR "=" ); - si->si_passwd = ch_strdup( val ); - } else if ( !strncasecmp( cargv[ i ], SASLMECHSTR "=", - STRLENOF( SASLMECHSTR "=" ) ) ) - { - val = cargv[ i ] + STRLENOF( SASLMECHSTR "=" ); - si->si_saslmech = ch_strdup( val ); - } else if ( !strncasecmp( cargv[ i ], SECPROPSSTR "=", - STRLENOF( SECPROPSSTR "=" ) ) ) - { - val = cargv[ i ] + STRLENOF( SECPROPSSTR "=" ); - si->si_secprops = ch_strdup( val ); - } else if ( !strncasecmp( cargv[ i ], REALMSTR "=", - STRLENOF( REALMSTR "=" ) ) ) - { - val = cargv[ i ] + STRLENOF( REALMSTR "=" ); - si->si_realm = ch_strdup( val ); - } else if ( !strncasecmp( cargv[ i ], AUTHCSTR "=", - STRLENOF( AUTHCSTR "=" ) ) ) - { - val = cargv[ i ] + STRLENOF( AUTHCSTR "=" ); - if ( si->si_authcId ) - ch_free( si->si_authcId ); - si->si_authcId = ch_strdup( val ); - } else if ( !strncasecmp( cargv[ i ], OLDAUTHCSTR "=", - STRLENOF( OLDAUTHCSTR "=" ) ) ) - { - /* Old authcID is provided for some backwards compatibility */ - val = cargv[ i ] + STRLENOF( OLDAUTHCSTR "=" ); - if ( si->si_authcId ) - ch_free( si->si_authcId ); - si->si_authcId = ch_strdup( val ); - } else if ( !strncasecmp( cargv[ i ], AUTHZSTR "=", - STRLENOF( AUTHZSTR "=" ) ) ) - { - val = cargv[ i ] + STRLENOF( AUTHZSTR "=" ); - si->si_authzId = ch_strdup( val ); } else if ( !strncasecmp( cargv[ i ], SCHEMASTR "=", STRLENOF( SCHEMASTR "=" ) ) ) { @@ -2799,7 +2921,7 @@ parse_syncrepl_line( { val = cargv[ i ] + STRLENOF( TLIMITSTR "=" ); si->si_tlimit = atoi( val ); - } else { + } else if ( bindconf_parse( cargv[i], &si->si_bindconf )) { fprintf( stderr, "Error: parse_syncrepl_line: " "unknown keyword \"%s\"\n", cargv[ i ] ); return -1; diff --git a/servers/slapd/proto-slap.h b/servers/slapd/proto-slap.h index 0bb03065ac..9cc0df4dd6 100644 --- a/servers/slapd/proto-slap.h +++ b/servers/slapd/proto-slap.h @@ -1080,7 +1080,7 @@ LDAP_SLAPD_F (int) get_alias_dn LDAP_P(( * repl.c */ LDAP_SLAPD_F (int) add_replica_info LDAP_P(( Backend *be, - const char *host )); + const char *uri, const char *host )); LDAP_SLAPD_F (int) add_replica_suffix LDAP_P(( Backend *be, int nr, const char *suffix )); LDAP_SLAPD_F (int) add_replica_attrs LDAP_P(( Backend *be, diff --git a/servers/slapd/repl.c b/servers/slapd/repl.c index 28a2100a57..529416023c 100644 --- a/servers/slapd/repl.c +++ b/servers/slapd/repl.c @@ -42,6 +42,7 @@ int add_replica_info( Backend *be, + const char *uri, const char *host ) { @@ -59,7 +60,8 @@ add_replica_info( be->be_replica[ i ] = ch_calloc( sizeof( struct slap_replica_info ), 1 ); - be->be_replica[ i ]->ri_host = ch_strdup( host ); + be->be_replica[ i ]->ri_uri = uri; + be->be_replica[ i ]->ri_host = host; be->be_replica[ i ]->ri_nsuffix = NULL; be->be_replica[ i ]->ri_attrs = NULL; be->be_replica[ i + 1 ] = NULL; diff --git a/servers/slapd/slap.h b/servers/slapd/slap.h index 0adc7cdbd2..6a1858c05b 100644 --- a/servers/slapd/slap.h +++ b/servers/slapd/slap.h @@ -1392,11 +1392,29 @@ LDAP_SLAPD_V (int) slapMode; #define SLAP_TOOL_READONLY 0x0400 #define SLAP_TOOL_QUICK 0x0800 +#define SB_TLS_OFF 0 +#define SB_TLS_ON 1 +#define SB_TLS_CRITICAL 2 + +typedef struct slap_bindconf { + int sb_tls; + int sb_method; + char *sb_binddn; + char *sb_cred; + char *sb_saslmech; + char *sb_secprops; + char *sb_realm; + char *sb_authcId; + char *sb_authzId; +} slap_bindconf; + struct slap_replica_info { - char *ri_host; /* supersedes be_replica */ + char *ri_uri; /* supersedes be_replica */ + char *ri_host; /* points to host part of uri */ BerVarray ri_nsuffix; /* array of suffixes this replica accepts */ AttributeName *ri_attrs; /* attrs to replicate, NULL=all */ int ri_exclude; /* 1 => exclude ri_attrs */ + slap_bindconf ri_bindconf; /* for back-config */ }; struct slap_limits_set { @@ -1487,18 +1505,7 @@ typedef struct syncinfo_s { struct slap_backend_db *si_be; long si_rid; struct berval si_provideruri; -#define SYNCINFO_TLS_OFF 0 -#define SYNCINFO_TLS_ON 1 -#define SYNCINFO_TLS_CRITICAL 2 - int si_tls; - int si_bindmethod; - char *si_binddn; - char *si_passwd; - char *si_saslmech; - char *si_secprops; - char *si_realm; - char *si_authcId; - char *si_authzId; + slap_bindconf si_bindconf; int si_schemachecking; struct berval si_filterstr; struct berval si_base; @@ -1702,7 +1709,6 @@ struct slap_backend_db { ldap_pvt_thread_mutex_t *be_pcl_mutexp; syncinfo_t *be_syncinfo; /* For syncrepl */ - char *be_realm; void *be_pb; /* Netscape plugin */ struct ConfigTable *be_cf_table; diff --git a/servers/slapd/syncrepl.c b/servers/slapd/syncrepl.c index f9da2a59c5..9e387e8ab4 100644 --- a/servers/slapd/syncrepl.c +++ b/servers/slapd/syncrepl.c @@ -244,9 +244,9 @@ ldap_sync_search( c[0].ldctl_iscritical = si->si_type < 0; ctrls[0] = &c[0]; - if ( si->si_authzId ) { + if ( si->si_bindconf.sb_authzId ) { c[1].ldctl_oid = LDAP_CONTROL_PROXY_AUTHZ; - ber_str2bv( si->si_authzId, 0, 0, &c[1].ldctl_value ); + ber_str2bv( si->si_bindconf.sb_authzId, 0, 0, &c[1].ldctl_value ); c[1].ldctl_iscritical = 1; ctrls[1] = &c[1]; ctrls[2] = NULL; @@ -295,18 +295,18 @@ do_syncrep1( /* Bind to master */ - if ( si->si_tls ) { + if ( si->si_bindconf.sb_tls ) { rc = ldap_start_tls_s( si->si_ld, NULL, NULL ); if( rc != LDAP_SUCCESS ) { Debug( LDAP_DEBUG_ANY, "%s: ldap_start_tls failed (%d)\n", - si->si_tls == SYNCINFO_TLS_CRITICAL ? "Error" : "Warning", + si->si_bindconf.sb_tls == SB_TLS_CRITICAL ? "Error" : "Warning", rc, 0 ); - if( si->si_tls == SYNCINFO_TLS_CRITICAL ) goto done; + if( si->si_bindconf.sb_tls == SB_TLS_CRITICAL ) goto done; } } - if ( si->si_bindmethod == LDAP_AUTH_SASL ) { + if ( si->si_bindconf.sb_method == LDAP_AUTH_SASL ) { #ifdef HAVE_CYRUS_SASL void *defaults; @@ -364,7 +364,7 @@ do_syncrep1( } else { rc = ldap_bind_s( si->si_ld, - si->si_binddn, si->si_passwd, si->si_bindmethod ); + si->si_bindconf.sb_binddn, si->si_bindconf.sb_cred, si->si_bindconf.sb_method ); if ( rc != LDAP_SUCCESS ) { Debug( LDAP_DEBUG_ANY, "do_syncrep1: " "ldap_bind_s failed (%d)\n", rc, 0, 0 ); @@ -2087,27 +2087,9 @@ syncinfo_free( syncinfo_t *sie ) if ( !BER_BVISNULL( &sie->si_provideruri ) ) { ch_free( sie->si_provideruri.bv_val ); } - if ( sie->si_binddn ) { - ch_free( sie->si_binddn ); - } - if ( sie->si_passwd ) { - ch_free( sie->si_passwd ); - } - if ( sie->si_saslmech ) { - ch_free( sie->si_saslmech ); - } - if ( sie->si_secprops ) { - ch_free( sie->si_secprops ); - } - if ( sie->si_realm ) { - ch_free( sie->si_realm ); - } - if ( sie->si_authcId ) { - ch_free( sie->si_authcId ); - } - if ( sie->si_authzId ) { - ch_free( sie->si_authzId ); - } + + bindconf_free( &sie->si_bindconf ); + if ( sie->si_filterstr.bv_val ) { ch_free( sie->si_filterstr.bv_val ); } -- 2.39.5