Commit 10824868 authored by Ondřej Kuzník's avatar Ondřej Kuzník Committed by Ondřej Kuzník
Browse files

Only enable verifycredentials if libldap does

parent 1dfeca35
......@@ -121,8 +121,11 @@ backend_select( Operation *op )
continue;
}
if ( op->o_tag == LDAP_REQ_BIND &&
!(lload_features & LLOAD_FEATURE_VC) ) {
if ( op->o_tag == LDAP_REQ_BIND
#ifdef LDAP_API_FEATURE_VERIFY_CREDENTIALS
&& !(lload_features & LLOAD_FEATURE_VC)
#endif /* LDAP_API_FEATURE_VERIFY_CREDENTIALS */
) {
head = &b->b_bindconns;
} else {
head = &b->b_conns;
......@@ -181,7 +184,10 @@ backend_retry( Backend *b )
ldap_pvt_thread_mutex_lock( &b->b_mutex );
requested = b->b_numconns;
if ( !(lload_features & LLOAD_FEATURE_VC) ) {
#ifdef LDAP_API_FEATURE_VERIFY_CREDENTIALS
if ( !(lload_features & LLOAD_FEATURE_VC) )
#endif /* LDAP_API_FEATURE_VERIFY_CREDENTIALS */
{
requested += b->b_numbindconns;
}
if ( b->b_active + b->b_bindavail + b->b_opening < requested ) {
......
......@@ -116,6 +116,7 @@ fail:
return 1;
}
#ifdef LDAP_API_FEATURE_VERIFY_CREDENTIALS
/*
* On entering the function, we've put a reference on both connections and hold
* upstream's c_io_mutex.
......@@ -245,6 +246,7 @@ fail:
operation_send_reject( op, result, msg, 1 );
return 1;
}
#endif /* LDAP_API_FEATURE_VERIFY_CREDENTIALS */
void
client_reset( Connection *c )
......@@ -329,9 +331,13 @@ client_bind( Connection *client, Operation *op )
op->o_upstream = upstream;
op->o_upstream_connid = upstream->c_connid;
#ifdef LDAP_API_FEATURE_VERIFY_CREDENTIALS
if ( lload_features & LLOAD_FEATURE_VC ) {
rc = request_bind_as_vc( op );
} else {
} else
#endif /* LDAP_API_FEATURE_VERIFY_CREDENTIALS */
{
rc = request_bind( op );
}
......
......@@ -1058,7 +1058,9 @@ static int
config_feature( ConfigArgs *c )
{
slap_verbmasks features[] = {
#ifdef LDAP_API_FEATURE_VERIFY_CREDENTIALS
{ BER_BVC("vc"), LLOAD_FEATURE_VC },
#endif /* LDAP_API_FEATURE_VERIFY_CREDENTIALS */
{ BER_BVC("proxyauthz"), LLOAD_FEATURE_PROXYAUTHZ },
{ BER_BVNULL, 0 }
};
......
......@@ -232,7 +232,9 @@ typedef struct config_reply_s ConfigReply; /* config.h */
typedef struct Listener Listener;
typedef enum {
#ifdef LDAP_API_FEATURE_VERIFY_CREDENTIALS
LLOAD_FEATURE_VC = 1 << 0,
#endif /* LDAP_API_FEATURE_VERIFY_CREDENTIALS */
LLOAD_FEATURE_PROXYAUTHZ = 1 << 1,
} lload_features_t;
......
......@@ -140,6 +140,7 @@ done:
return forward_final_response( op, ber );
}
#ifdef LDAP_API_FEATURE_VERIFY_CREDENTIALS
static int
handle_vc_bind_response( Operation *op, BerElement *ber )
{
......@@ -259,6 +260,7 @@ done:
ber_free( ber, 1 );
return rc;
}
#endif /* LDAP_API_FEATURE_VERIFY_CREDENTIALS */
static int
handle_unsolicited( Connection *c, BerElement *ber )
......@@ -358,9 +360,11 @@ handle_one_response( Connection *c )
handler = handle_bind_response;
break;
case LDAP_RES_EXTENDED:
#ifdef LDAP_API_FEATURE_VERIFY_CREDENTIALS
if ( op->o_tag == LDAP_REQ_BIND ) {
handler = handle_vc_bind_response;
}
#endif /* LDAP_API_FEATURE_VERIFY_CREDENTIALS */
break;
}
if ( !handler ) {
......@@ -827,8 +831,11 @@ upstream_init( ber_socket_t s, Backend *b )
* connection into the bind conn pool. Start off by allocating one for
* general use, then one for binds, then we start filling up the general
* connection pool, finally the bind pool */
if ( !(lload_features & LLOAD_FEATURE_VC) && b->b_active &&
b->b_numbindconns ) {
if (
#ifdef LDAP_API_FEATURE_VERIFY_CREDENTIALS
!(lload_features & LLOAD_FEATURE_VC) &&
#endif /* LDAP_API_FEATURE_VERIFY_CREDENTIALS */
b->b_active && b->b_numbindconns ) {
if ( !b->b_bindavail ) {
is_bindconn = 1;
} else if ( b->b_active >= b->b_numconns &&
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment