upstream/openldap
1
0
Fork 0
mirror of https://git.openldap.org/openldap/openldap.git synced 2026-01-06 15:10:22 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

further fixing of back-ldap config; added enum_to_verb call to ease mapping enumerations to strings...

Browse source
This commit is contained in:
Pierangelo Masarati 2005-05-23 14:14:34 +00:00
parent bf110af723
commit 672c39024e
4 changed files with 186 additions and 89 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

26
servers/slapd/back-ldap/chain.c
View file

@ -740,12 +740,11 @@ chain_cfadd( Operation *op, SlapReply *rs, Entry *p, ConfigArgs *ca )
return 0;
}
#define LDAP_BACK_C_MASK 0x80000000U
static slap_verbmasks chaining_mode[] = {
{ BER_BVC("referralsRequired"), (LDAP_REFERRALS_REQUIRED|LDAP_BACK_C_MASK) },
{ BER_BVC("referralsPreferred"), (LDAP_REFERRALS_PREFERRED|LDAP_BACK_C_MASK) },
{ BER_BVC("chainingRequired"), (LDAP_CHAINING_REQUIRED|LDAP_BACK_C_MASK) },
{ BER_BVC("chainingPreferred"), (LDAP_CHAINING_PREFERRED|LDAP_BACK_C_MASK) },
{ BER_BVC("referralsRequired"), LDAP_REFERRALS_REQUIRED },
{ BER_BVC("referralsPreferred"), LDAP_REFERRALS_PREFERRED },
{ BER_BVC("chainingRequired"), LDAP_CHAINING_REQUIRED },
{ BER_BVC("chainingPreferred"), LDAP_CHAINING_PREFERRED },
{ BER_BVNULL, 0 }
};
@ -761,26 +760,23 @@ chain_cf_gen( ConfigArgs *c )
switch( c->type ) {
#ifdef LDAP_CONTROL_X_CHAINING_BEHAVIOR
case PC_CHAINING: {
BerVarray resolve = NULL;
BerVarray continuation = NULL;
struct berval resolve = BER_BVNULL,
continuation = BER_BVNULL;
if ( !( lc->lc_flags & LDAP_CHAIN_F_CHAINING ) ) {
return 1;
}
mask_to_verbs( chaining_mode, ( ( ( lc->lc_chaining_ctrlflag & SLAP_CH_RESOLVE_MASK ) >> SLAP_CH_RESOLVE_SHIFT ) | LDAP_BACK_C_MASK ), &resolve );
mask_to_verbs( chaining_mode, ( ( ( lc->lc_chaining_ctrlflag & SLAP_CH_CONTINUATION_MASK ) >> SLAP_CH_CONTINUATION_SHIFT ) | LDAP_BACK_C_MASK ), &continuation );
enum_to_verb( chaining_mode, ( ( lc->lc_chaining_ctrlflag & SLAP_CH_RESOLVE_MASK ) >> SLAP_CH_RESOLVE_SHIFT ), &resolve );
enum_to_verb( chaining_mode, ( ( lc->lc_chaining_ctrlflag & SLAP_CH_CONTINUATION_MASK ) >> SLAP_CH_CONTINUATION_SHIFT ), &continuation );
c->value_bv.bv_len = STRLENOF( "resolve=" ) + resolve[0].bv_len
c->value_bv.bv_len = STRLENOF( "resolve=" ) + resolve.bv_len
+ STRLENOF( " " )
+ STRLENOF( "continuation=" ) + continuation[0].bv_len;
+ STRLENOF( "continuation=" ) + continuation.bv_len;
c->value_bv.bv_val = ch_malloc( c->value_bv.bv_len + 1 );
snprintf( c->value_bv.bv_val, c->value_bv.bv_len + 1,
"resolve=%s continuation=%s",
resolve[0].bv_val, continuation[0].bv_val );
ber_bvarray_free( resolve );
ber_bvarray_free( continuation );
resolve.bv_val, continuation.bv_val );
if ( lc->lc_chaining_ctrl.ldctl_iscritical ) {
c->value_bv.bv_val = ch_realloc( c->value_bv.bv_val,

232
servers/slapd/back-ldap/config.c
View file

@ -72,7 +72,7 @@ static ConfigTable ldapcfg[] = {
"SINGLE-VALUE )",
NULL, NULL },
{ "tls", "what", 2, 2, 0,
ARG_STRING|ARG_MAGIC|LDAP_BACK_CFG_TLS,
ARG_BERVAL|ARG_MAGIC|LDAP_BACK_CFG_TLS,
ldap_back_cf_gen, "( OLcfgDbAt:3.1 "
"NAME 'olcDbStartTLS' "
"DESC 'StartTLS' "
@ -172,7 +172,7 @@ static ConfigTable ldapcfg[] = {
"X-ORDERED 'VALUES' )",
NULL, NULL },
{ "rebind-as-user", "NO|yes", 1, 2, 0,
ARG_STRING|ARG_MAGIC|LDAP_BACK_CFG_REBIND,
ARG_BERVAL|ARG_MAGIC|LDAP_BACK_CFG_REBIND,
ldap_back_cf_gen, "( OLcfgDbAt:3.10 "
"NAME 'olcDbRebindAsUser' "
"DESC 'Rebind as user' "
@ -180,7 +180,7 @@ static ConfigTable ldapcfg[] = {
"SINGLE-VALUE )",
NULL, NULL },
{ "chase-referrals", "YES|no", 2, 2, 0,
ARG_STRING|ARG_MAGIC|LDAP_BACK_CFG_CHASE,
ARG_BERVAL|ARG_MAGIC|LDAP_BACK_CFG_CHASE,
ldap_back_cf_gen, "( OLcfgDbAt:3.11 "
"NAME 'olcDbChaseReferrals' "
"DESC 'Chase referrals' "
@ -188,7 +188,7 @@ static ConfigTable ldapcfg[] = {
"SINGLE-VALUE )",
NULL, NULL },
{ "t-f-support", "NO|yes|discover", 2, 2, 0,
ARG_STRING|ARG_MAGIC|LDAP_BACK_CFG_T_F,
ARG_BERVAL|ARG_MAGIC|LDAP_BACK_CFG_T_F,
ldap_back_cf_gen, "( OLcfgDbAt:3.12 "
"NAME 'olcDbTFSupport' "
"DESC 'Absolute filters support' "
@ -196,7 +196,7 @@ static ConfigTable ldapcfg[] = {
"SINGLE-VALUE )",
NULL, NULL },
{ "proxy-whoami", "NO|yes", 1, 2, 0,
ARG_STRING|ARG_MAGIC|LDAP_BACK_CFG_WHOAMI,
ARG_BERVAL|ARG_MAGIC|LDAP_BACK_CFG_WHOAMI,
ldap_back_cf_gen, "( OLcfgDbAt:3.13 "
"NAME 'olcDbProxyWhoAmI' "
"DESC 'Proxy whoAmI exop' "
@ -240,9 +240,8 @@ static ConfigOCs ldapocs[] = {
{ NULL, 0, NULL }
};
#define LDAP_BACK_C_MASK 0x80000000U
#define LDAP_BACK_C_NO (0x0U|LDAP_BACK_C_MASK)
#define LDAP_BACK_C_YES (0x1U|LDAP_BACK_C_MASK)
#define LDAP_BACK_C_NO (0x0U)
#define LDAP_BACK_C_YES (0x1U)
static slap_verbmasks yn_mode[] = {
{ BER_BVC( "yes" ), LDAP_BACK_C_YES},
{ BER_BVC( "no" ), LDAP_BACK_C_NO },
@ -258,17 +257,17 @@ static slap_verbmasks idassert_mode[] = {
};
static slap_verbmasks tls_mode[] = {
{ BER_BVC( "propagate" ), (LDAP_BACK_C_MASK|LDAP_BACK_F_TLS_PROPAGATE_MASK) },
{ BER_BVC( "try-propagate" ), (LDAP_BACK_C_MASK|LDAP_BACK_F_PROPAGATE_TLS) },
{ BER_BVC( "start" ), (LDAP_BACK_C_MASK|LDAP_BACK_F_TLS_USE_MASK) },
{ BER_BVC( "try-start" ), (LDAP_BACK_C_MASK|LDAP_BACK_F_USE_TLS) },
{ BER_BVC( "propagate" ), LDAP_BACK_F_TLS_PROPAGATE_MASK },
{ BER_BVC( "try-propagate" ), LDAP_BACK_F_PROPAGATE_TLS },
{ BER_BVC( "start" ), LDAP_BACK_F_TLS_USE_MASK },
{ BER_BVC( "try-start" ), LDAP_BACK_F_USE_TLS },
{ BER_BVC( "none" ), LDAP_BACK_C_NO },
{ BER_BVNULL, 0 }
};
static slap_verbmasks t_f_mode[] = {
{ BER_BVC( "yes" ), (LDAP_BACK_C_MASK|LDAP_BACK_F_SUPPORT_T_F) },
{ BER_BVC( "discover" ), (LDAP_BACK_C_MASK|LDAP_BACK_F_SUPPORT_T_F_DISCOVER) },
{ BER_BVC( "yes" ), LDAP_BACK_F_SUPPORT_T_F },
{ BER_BVC( "discover" ), LDAP_BACK_F_SUPPORT_T_F_DISCOVER },
{ BER_BVC( "no" ), LDAP_BACK_C_NO },
{ BER_BVNULL, 0 }
};
@ -281,7 +280,9 @@ ldap_back_cf_gen( ConfigArgs *c )
int i;
if ( c->op == SLAP_CONFIG_EMIT ) {
struct berval bv = BER_BVNULL;
rc = 0;
switch( c->type ) {
case LDAP_BACK_CFG_URI:
if ( li->url != NULL ) {
@ -292,21 +293,17 @@ ldap_back_cf_gen( ConfigArgs *c )
}
break;
case LDAP_BACK_CFG_TLS: {
BerVarray bva = NULL;
mask_to_verbs( tls_mode, ( ( li->flags & LDAP_BACK_F_TLS_MASK ) | LDAP_BACK_C_MASK ), &bva );
if ( bva == NULL ) {
case LDAP_BACK_CFG_TLS:
enum_to_verb( tls_mode, ( li->flags & LDAP_BACK_F_TLS_MASK ), &bv );
if ( BER_BVISNULL( &bv ) ) {
/* there's something wrong... */
assert( 0 );
rc = 1;
} else {
c->value_string = bva[ 0 ].bv_val;
free( bva );
ber_dupbv( &c->value_bv, &bv );
}
break;
}
case LDAP_BACK_CFG_ACL_AUTHCDN:
case LDAP_BACK_CFG_ACL_PASSWD:
@ -361,7 +358,8 @@ ldap_back_cf_gen( ConfigArgs *c )
case LDAP_BACK_CFG_IDASSERT_BIND: {
int i;
struct berval bv = BER_BVNULL,
mode = BER_BVNULL;
bc = BER_BVNULL;
char *ptr;
if ( li->idassert_authmethod != LDAP_AUTH_NONE ) {
switch ( li->idassert_mode ) {
@ -370,44 +368,86 @@ ldap_back_cf_gen( ConfigArgs *c )
break;
default: {
BerVarray bva = NULL;
mask_to_verbs( idassert_mode, li->idassert_mode, &bva );
if ( bva == NULL ) {
struct berval mode = BER_BVNULL;
enum_to_verb( idassert_mode, li->idassert_mode, &mode );
if ( BER_BVISNULL( &mode ) ) {
/* there's something wrong... */
assert( 0 );
rc = 1;
} else {
mode = bva[ 0 ];
free( bva );
bv.bv_len = STRLENOF( "mode=" ) + mode.bv_len;
bv.bv_val = ch_malloc( bv.bv_len + 1 );
ptr = lutil_strcopy( bv.bv_val, "mode=" );
ptr = lutil_strcopy( ptr, mode.bv_val );
}
break;
}
}
if ( li->idassert_flags & LDAP_BACK_AUTH_NATIVE_AUTHZ ) {
ber_len_t len = bv.bv_len + STRLENOF( "authz=native" );
if ( !BER_BVISEMPTY( &bv ) ) {
len += STRLENOF( " " );
}
bv.bv_val = ch_realloc( bv.bv_val, len + 1 );
ptr = bv.bv_val + bv.bv_len;
if ( !BER_BVISEMPTY( &bv ) ) {
ptr = lutil_strcopy( ptr, " " );
}
(void)lutil_strcopy( ptr, "authz=native" );
}
if ( li->idassert_flags & LDAP_BACK_AUTH_OVERRIDE ) {
ber_len_t len = bv.bv_len + STRLENOF( "flags=override" );
if ( !BER_BVISEMPTY( &bv ) ) {
len += STRLENOF( " " );
}
bv.bv_val = ch_realloc( bv.bv_val, len + 1 );
ptr = bv.bv_val + bv.bv_len;
if ( !BER_BVISEMPTY( &bv ) ) {
ptr = lutil_strcopy( ptr, " " );
}
(void)lutil_strcopy( ptr, "flags=override" );
}
}
bindconf_unparse( &li->idassert_sb, &bv );
if ( !BER_BVISNULL( &mode ) ) {
bindconf_unparse( &li->idassert_sb, &bc );
if ( !BER_BVISNULL( &bv ) ) {
char *ptr;
c->value_bv.bv_len = STRLENOF( "mode=" ) + mode.bv_len + bv.bv_len;
c->value_bv.bv_val = ch_malloc( c->value_bv.bv_len + 1 );
c->value_bv.bv_len = bv.bv_len + bc.bv_len;
c->value_bv.bv_val = ch_realloc( bv.bv_val, c->value_bv.bv_len + 1 );
ptr = lutil_strcopy( c->value_bv.bv_val, "mode=" );
ptr = lutil_strcopy( ptr, mode.bv_val );
ptr = lutil_strcopy( ptr, bv.bv_val );
assert( bc.bv_val[ 0 ] == ' ' );
free( mode.bv_val );
free( bv.bv_val );
ptr = lutil_strcopy( c->value_bv.bv_val, bv.bv_val );
(void)lutil_strcopy( ptr, bc.bv_val );
free( bc.bv_val );
} else {
for ( i = 0; isspace( bv.bv_val[ i ] ); i++ )
for ( i = 0; isspace( bc.bv_val[ i ] ); i++ )
/* count spaces */ ;
if ( i ) {
bv.bv_len -= i;
AC_MEMCPY( bv.bv_val, &bv.bv_val[ i ], bv.bv_len + 1 );
bc.bv_len -= i;
AC_MEMCPY( bc.bv_val, &bc.bv_val[ i ], bc.bv_len + 1 );
}
c->value_bv = bv;
@ -416,69 +456,53 @@ ldap_back_cf_gen( ConfigArgs *c )
break;
}
case LDAP_BACK_CFG_REBIND: {
BerVarray bva = NULL;
mask_to_verbs( yn_mode, ( ( li->flags & LDAP_BACK_F_SAVECRED ) | LDAP_BACK_C_MASK ), &bva );
if ( bva == NULL ) {
case LDAP_BACK_CFG_REBIND:
enum_to_verb( yn_mode, ( ( li->flags & LDAP_BACK_F_SAVECRED ) == LDAP_BACK_F_SAVECRED ), &bv );
if ( BER_BVISNULL( &bv ) ) {
/* there's something wrong... */
assert( 0 );
rc = 1;
} else {
c->value_string = bva[ 0 ].bv_val;
free( bva );
ber_dupbv( &c->value_bv, &bv );
}
break;
}
case LDAP_BACK_CFG_CHASE: {
BerVarray bva = NULL;
mask_to_verbs( yn_mode, ( ( li->flags & LDAP_BACK_F_CHASE_REFERRALS ) | LDAP_BACK_C_MASK ), &bva );
if ( bva == NULL ) {
case LDAP_BACK_CFG_CHASE:
enum_to_verb( yn_mode, ( ( li->flags & LDAP_BACK_F_CHASE_REFERRALS ) == LDAP_BACK_F_CHASE_REFERRALS ), &bv );
if ( BER_BVISNULL( &bv ) ) {
/* there's something wrong... */
assert( 0 );
rc = 1;
} else {
c->value_string = bva[ 0 ].bv_val;
free( bva );
ber_dupbv( &c->value_bv, &bv );
}
break;
}
case LDAP_BACK_CFG_T_F: {
BerVarray bva = NULL;
mask_to_verbs( t_f_mode, ( ( li->flags & LDAP_BACK_F_SUPPORT_T_F_MASK ) | LDAP_BACK_C_MASK ), &bva );
if ( bva == NULL ) {
case LDAP_BACK_CFG_T_F:
enum_to_verb( t_f_mode, ( ( li->flags & LDAP_BACK_F_SUPPORT_T_F_MASK ) == LDAP_BACK_F_SUPPORT_T_F_MASK ), &bv );
if ( BER_BVISNULL( &bv ) ) {
/* there's something wrong... */
assert( 0 );
rc = 1;
} else {
c->value_string = bva[ 0 ].bv_val;
free( bva );
ber_dupbv( &c->value_bv, &bv );
}
break;
}
case LDAP_BACK_CFG_WHOAMI: {
BerVarray bva = NULL;
mask_to_verbs( yn_mode, ( ( li->flags & LDAP_BACK_F_PROXY_WHOAMI ) | LDAP_BACK_C_MASK ), &bva );
if ( bva == NULL ) {
case LDAP_BACK_CFG_WHOAMI:
enum_to_verb( yn_mode, ( ( li->flags & LDAP_BACK_F_PROXY_WHOAMI ) == LDAP_BACK_F_PROXY_WHOAMI ), &bv );
if ( BER_BVISNULL( &bv ) ) {
/* there's something wrong... */
assert( 0 );
rc = 1;
} else {
c->value_string = bva[ 0 ].bv_val;
free( bva );
ber_dupbv( &c->value_bv, &bv );
}
break;
}
default:
/* we need to handle all... */
@ -691,7 +715,7 @@ ldap_back_cf_gen( ConfigArgs *c )
return 1;
}
li->flags &= ~LDAP_BACK_F_TLS_MASK;
li->flags |= ( tls_mode[i].mask & ~LDAP_BACK_C_MASK );
li->flags |= tls_mode[i].mask;
break;
case LDAP_BACK_CFG_ACL_AUTHCDN:
@ -854,6 +878,13 @@ ldap_back_cf_gen( ConfigArgs *c )
break;
case LDAP_BACK_CFG_IDASSERT_METHOD:
/* no longer supported */
fprintf( stderr, "%s: %d: "
"\"idassert-method <args>\": "
"no longer supported; use \"idassert-bind\".\n",
c->fname, c->lineno );
return 1;
case LDAP_BACK_CFG_IDASSERT_BIND:
for ( i = 1; i < c->argc; i++ ) {
if ( strncasecmp( c->argv[ i ], "mode=", STRLENOF( "mode=" ) ) == 0 ) {
@ -871,6 +902,59 @@ ldap_back_cf_gen( ConfigArgs *c )
li->idassert_mode = idassert_mode[ j ].mask;
} else if ( strncasecmp( c->argv[ i ], "authz=", STRLENOF( "authz=" ) ) == 0 ) {
char *argvi = c->argv[ i ] + STRLENOF( "authz=" );
if ( strcasecmp( argvi, "native" ) == 0 ) {
if ( li->idassert_authmethod != LDAP_AUTH_SASL ) {
fprintf( stderr, "%s: %d: "
"\"idassert-bind <args>\": "
"authz=\"native\" incompatible "
"with auth method.\n",
c->fname, c->lineno );
return 1;
}
li->idassert_flags |= LDAP_BACK_AUTH_NATIVE_AUTHZ;
} else if ( strcasecmp( argvi, "proxyAuthz" ) == 0 ) {
li->idassert_flags &= ~LDAP_BACK_AUTH_NATIVE_AUTHZ;
} else {
fprintf( stderr, "%s: %d: "
"\"idassert-bind <args>\": "
"unknown authz \"%s\".\n",
c->fname, c->lineno, argvi );
return 1;
}
} else if ( strncasecmp( c->argv[ i ], "flags=", STRLENOF( "flags=" ) ) == 0 ) {
char *argvi = c->argv[ i ] + STRLENOF( "flags=" );
char **flags = ldap_str2charray( argvi, "," );
int j;
if ( flags == NULL ) {
fprintf( stderr, "%s: %d: "
"\"idassert-bind <args>\": "
"unable to parse flags \"%s\".\n",
c->fname, c->lineno, argvi );
return 1;
}
for ( j = 0; flags[ j ] != NULL; j++ ) {
if ( strcasecmp( flags[ j ], "override" ) == 0 ) {
li->idassert_flags |= LDAP_BACK_AUTH_OVERRIDE;
} else {
fprintf( stderr, "%s: %d: "
"\"idassert-bind <args>\": "
"unknown flag \"%s\".\n",
c->fname, c->lineno, flags[ j ] );
return 1;
}
}
ldap_charray_free( flags );
} else if ( bindconf_parse( c->argv[ i ], &li->idassert_sb ) ) {
return 1;
}
@ -935,7 +1019,7 @@ ldap_back_cf_gen( ConfigArgs *c )
return 1;
}
li->flags &= ~LDAP_BACK_F_SUPPORT_T_F_MASK;
li->flags |= ( t_f_mode[i].mask & ~LDAP_BACK_C_MASK );
li->flags |= t_f_mode[i].mask;
break;
case LDAP_BACK_CFG_WHOAMI: {

15
servers/slapd/config.c
View file

@ -745,6 +745,21 @@ mask_to_verbs(slap_verbmasks *v, slap_mask_t m, BerVarray *bva) {
return 0;
}
int
enum_to_verb(slap_verbmasks *v, slap_mask_t m, struct berval *bv) {
int i;
for (i=0; !BER_BVISNULL(&v[i].word); i++) {
if ( m == v[i].mask ) {
if ( bv != NULL ) {
*bv = v[i].word;
}
return i;
}
}
return -1;
}
static slap_verbmasks tlskey[] = {
{ BER_BVC("no"), SB_TLS_OFF },
{ BER_BVC("yes"), SB_TLS_ON },

2
servers/slapd/proto-slap.h
View file

@ -472,6 +472,8 @@ LDAP_SLAPD_F (int) verbs_to_mask LDAP_P((
int argc, char *argv[], slap_verbmasks *v, slap_mask_t *m ));
LDAP_SLAPD_F (int) mask_to_verbs LDAP_P((
slap_verbmasks *v, slap_mask_t m, BerVarray *bva ));
LDAP_SLAPD_F (int) enum_to_verb LDAP_P((
slap_verbmasks *v, slap_mask_t m, struct berval *bv ));
LDAP_SLAPD_F (int) bindconf_parse LDAP_P((
const char *word, slap_bindconf *bc ));
LDAP_SLAPD_F (int) bindconf_unparse LDAP_P((