mirror of
https://git.openldap.org/openldap/openldap.git
synced 2026-05-28 04:35:57 -04:00
ITS#10494 backend: Honour require none
This commit is contained in:
Ondřej Kuzník
Quanah Gibson-Mount
parent
24afb5a2fa
commit
9d0b3b43c6
3 changed files with 11 additions and 5 deletions
|
|
@ -1123,7 +1123,11 @@ backend_check_restrictions(
|
|||
}
|
||||
|
||||
restrictops |= op->o_bd->be_restrictops;
|
||||
requires |= op->o_bd->be_requires;
|
||||
if ( op->o_bd->be_requires & SLAP_REQUIRE_NONE ) {
|
||||
requires = op->o_bd->be_requires & ~SLAP_REQUIRE_NONE;
|
||||
} else {
|
||||
requires |= op->o_bd->be_requires;
|
||||
}
|
||||
bssf = &op->o_bd->be_ssf_set.sss_ssf;
|
||||
fssf = &ssfs.sss_ssf;
|
||||
for ( i=0; i < (int)(sizeof(ssfs)/sizeof(slap_ssf_t)); i++ ) {
|
||||
|
|
|
|||
|
|
@ -3677,11 +3677,12 @@ config_disallows(ConfigArgs *c) {
|
|||
|
||||
static int
|
||||
config_requires(ConfigArgs *c) {
|
||||
slap_mask_t requires = frontendDB->be_requires;
|
||||
slap_mask_t requires = 0, have_none = 0;
|
||||
int i, argc = c->argc;
|
||||
char **argv = c->argv;
|
||||
|
||||
slap_verbmasks requires_ops[] = {
|
||||
{ BER_BVC("none"), SLAP_REQUIRE_NONE },
|
||||
{ BER_BVC("bind"), SLAP_REQUIRE_BIND },
|
||||
{ BER_BVC("LDAPv3"), SLAP_REQUIRE_LDAP_V3 },
|
||||
{ BER_BVC("authc"), SLAP_REQUIRE_AUTHC },
|
||||
|
|
@ -3704,9 +3705,9 @@ config_requires(ConfigArgs *c) {
|
|||
if ( strcasecmp( c->argv[ 1 ], "none" ) == 0 ) {
|
||||
argv++;
|
||||
argc--;
|
||||
requires = 0;
|
||||
have_none = c->be != frontendDB ? SLAP_REQUIRE_NONE : 0;
|
||||
}
|
||||
i = verbs_to_mask(argc, argv, requires_ops, &requires);
|
||||
i = verbs_to_mask(argc, argv, requires_ops+1, &requires);
|
||||
if ( i ) {
|
||||
if (strcasecmp( c->argv[ i ], "none" ) == 0 ) {
|
||||
snprintf( c->cr_msg, sizeof( c->cr_msg ), "<%s> \"none\" (#%d) must be listed first", c->argv[0], i - 1 );
|
||||
|
|
@ -3719,7 +3720,7 @@ config_requires(ConfigArgs *c) {
|
|||
}
|
||||
return(1);
|
||||
}
|
||||
c->be->be_requires = requires;
|
||||
c->be->be_requires = requires | have_none;
|
||||
return(0);
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -1992,6 +1992,7 @@ struct BackendDB {
|
|||
#define SLAP_REQUIRE_AUTHC 0x0004U /* authentication before op */
|
||||
#define SLAP_REQUIRE_SASL 0x0008U /* SASL before op */
|
||||
#define SLAP_REQUIRE_STRONG 0x0010U /* strong authentication before op */
|
||||
#define SLAP_REQUIRE_NONE 0x8000U /* do not inherit require from frontend */
|
||||
|
||||
/* Required Security Strength Factor */
|
||||
slap_ssf_set_t be_ssf_set;
|
||||
|
|
|
|||
Loading…
Reference in a new issue