Skip to content
GitLab
Commit 10824868 authored by Ondřej Kuzník's avatar Ondřej Kuzník Committed by Ondřej Kuzník
Browse files

Only enable verifycredentials if libldap does

parent 1dfeca35
Hide whitespace changes
Inline Side-by-side
servers/lloadd/backend.c
View file @ 10824868
......@@ -121,8 +121,11 @@ backend_select( Operation *op )
continue;
}
if ( op->o_tag == LDAP_REQ_BIND &&
!(lload_features & LLOAD_FEATURE_VC) ) {
if ( op->o_tag == LDAP_REQ_BIND
#ifdef LDAP_API_FEATURE_VERIFY_CREDENTIALS
&& !(lload_features & LLOAD_FEATURE_VC)
#endif /* LDAP_API_FEATURE_VERIFY_CREDENTIALS */
) {
head = &b->b_bindconns;
} else {
head = &b->b_conns;
......@@ -181,7 +184,10 @@ backend_retry( Backend *b )
ldap_pvt_thread_mutex_lock( &b->b_mutex );
requested = b->b_numconns;
if ( !(lload_features & LLOAD_FEATURE_VC) ) {
#ifdef LDAP_API_FEATURE_VERIFY_CREDENTIALS
if ( !(lload_features & LLOAD_FEATURE_VC) )
#endif /* LDAP_API_FEATURE_VERIFY_CREDENTIALS */
{
requested += b->b_numbindconns;
}
if ( b->b_active + b->b_bindavail + b->b_opening < requested ) {
......
servers/lloadd/bind.c
View file @ 10824868
......@@ -116,6 +116,7 @@ fail:
return 1;
}
#ifdef LDAP_API_FEATURE_VERIFY_CREDENTIALS
/*
* On entering the function, we've put a reference on both connections and hold
* upstream's c_io_mutex.
......@@ -245,6 +246,7 @@ fail:
operation_send_reject( op, result, msg, 1 );
return 1;
}
#endif /* LDAP_API_FEATURE_VERIFY_CREDENTIALS */
void
client_reset( Connection *c )
......@@ -329,9 +331,13 @@ client_bind( Connection *client, Operation *op )
op->o_upstream = upstream;
op->o_upstream_connid = upstream->c_connid;
#ifdef LDAP_API_FEATURE_VERIFY_CREDENTIALS
if ( lload_features & LLOAD_FEATURE_VC ) {
rc = request_bind_as_vc( op );
} else {
} else
#endif /* LDAP_API_FEATURE_VERIFY_CREDENTIALS */
{
rc = request_bind( op );
}
......
servers/lloadd/config.c
View file @ 10824868
......@@ -1058,7 +1058,9 @@ static int
config_feature( ConfigArgs *c )
{
slap_verbmasks features[] = {
#ifdef LDAP_API_FEATURE_VERIFY_CREDENTIALS
{ BER_BVC("vc"), LLOAD_FEATURE_VC },
#endif /* LDAP_API_FEATURE_VERIFY_CREDENTIALS */
{ BER_BVC("proxyauthz"), LLOAD_FEATURE_PROXYAUTHZ },
{ BER_BVNULL, 0 }
};
......
servers/lloadd/slap.h
View file @ 10824868
......@@ -232,7 +232,9 @@ typedef struct config_reply_s ConfigReply; /* config.h */
typedef struct Listener Listener;
typedef enum {
#ifdef LDAP_API_FEATURE_VERIFY_CREDENTIALS
LLOAD_FEATURE_VC = 1 << 0,
#endif /* LDAP_API_FEATURE_VERIFY_CREDENTIALS */
LLOAD_FEATURE_PROXYAUTHZ = 1 << 1,
} lload_features_t;
......
servers/lloadd/upstream.c
View file @ 10824868
......@@ -140,6 +140,7 @@ done:
return forward_final_response( op, ber );
}
#ifdef LDAP_API_FEATURE_VERIFY_CREDENTIALS
static int
handle_vc_bind_response( Operation *op, BerElement *ber )
{
......@@ -259,6 +260,7 @@ done:
ber_free( ber, 1 );
return rc;
}
#endif /* LDAP_API_FEATURE_VERIFY_CREDENTIALS */
static int
handle_unsolicited( Connection *c, BerElement *ber )
......@@ -358,9 +360,11 @@ handle_one_response( Connection *c )
handler = handle_bind_response;
break;
case LDAP_RES_EXTENDED:
#ifdef LDAP_API_FEATURE_VERIFY_CREDENTIALS
if ( op->o_tag == LDAP_REQ_BIND ) {
handler = handle_vc_bind_response;
}
#endif /* LDAP_API_FEATURE_VERIFY_CREDENTIALS */
break;
}
if ( !handler ) {
......@@ -827,8 +831,11 @@ upstream_init( ber_socket_t s, Backend *b )
* connection into the bind conn pool. Start off by allocating one for
* general use, then one for binds, then we start filling up the general
* connection pool, finally the bind pool */
if ( !(lload_features & LLOAD_FEATURE_VC) && b->b_active &&
b->b_numbindconns ) {
if (
#ifdef LDAP_API_FEATURE_VERIFY_CREDENTIALS
!(lload_features & LLOAD_FEATURE_VC) &&
#endif /* LDAP_API_FEATURE_VERIFY_CREDENTIALS */
b->b_active && b->b_numbindconns ) {
if ( !b->b_bindavail ) {
is_bindconn = 1;
} else if ( b->b_active >= b->b_numconns &&
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment