From ed0d8d0a9403f704c56d22a685e8c68da00c069e Mon Sep 17 00:00:00 2001 From: Pierangelo Masarati Date: Tue, 13 Jun 2006 00:16:45 +0000 Subject: [PATCH] fix "require" inheritance and handling of "none" (ITS#4574) --- doc/man/man5/slapd.conf.5 | 9 ++++++--- servers/slapd/bconfig.c | 14 +++++++++++--- 2 files changed, 17 insertions(+), 6 deletions(-) diff --git a/doc/man/man5/slapd.conf.5 b/doc/man/man5/slapd.conf.5 index e513d4af2c..4de9d4d4f9 100644 --- a/doc/man/man5/slapd.conf.5 +++ b/doc/man/man5/slapd.conf.5 @@ -754,7 +754,9 @@ instance that handles that replication log. .B require Specify a set of conditions (separated by white space) to require (default none). -The directive may be specified globally and/or per-database. +The directive may be specified globally and/or per-database; +databases inherit global conditions, so per-database specifications +are additive. .B bind requires bind operation prior to directory operations. .B LDAPv3 @@ -768,8 +770,9 @@ requires strong authentication prior to directory operations. The strong keyword allows protected "simple" authentication as well as SASL authentication. .B none -may be used to require no conditions (useful for clearly globally -set conditions within a particular database). +may be used to require no conditions (useful to clear out globally +set conditions within a particular database); it must occur first +in the list of conditions. .TP .B reverse-lookup on | off Enable/disable client name unverified reverse lookup (default is diff --git a/servers/slapd/bconfig.c b/servers/slapd/bconfig.c index f890030a24..0c58ed5573 100644 --- a/servers/slapd/bconfig.c +++ b/servers/slapd/bconfig.c @@ -2145,8 +2145,10 @@ config_disallows(ConfigArgs *c) { static int config_requires(ConfigArgs *c) { - slap_mask_t requires = 0; - int i; + slap_mask_t requires = frontendDB->be_requires; + int i, argc = c->argc; + char **argv = c->argv; + slap_verbmasks requires_ops[] = { { BER_BVC("bind"), SLAP_REQUIRE_BIND }, { BER_BVC("LDAPv3"), SLAP_REQUIRE_LDAP_V3 }, @@ -2166,7 +2168,13 @@ config_requires(ConfigArgs *c) { } return 0; } - i = verbs_to_mask(c->argc, c->argv, requires_ops, &requires); + /* "none" can only be first, to wipe out default/global values */ + if ( strcasecmp( c->argv[ 1 ], "none" ) == 0 ) { + argv++; + argc--; + requires = 0; + } + i = verbs_to_mask(argc, argv, requires_ops, &requires); if ( i ) { snprintf( c->msg, sizeof( c->msg ), "<%s> unknown feature", c->argv[0] ); Debug(LDAP_DEBUG_ANY, "%s: %s %s\n", -- 2.39.5