Skip to content
GitLab
Commit 6ee21f11 authored by Ondřej Kuzník's avatar Ondřej Kuzník Committed by Ondřej Kuzník
Browse files

Split bind configuration from backends

parent 0e7792e8
Hide whitespace changes
Inline Side-by-side
servers/lloadd/backend.c
View file @ 6ee21f11
......@@ -39,7 +39,7 @@ upstream_name_cb( int result, struct evutil_addrinfo *res, void *arg )
if ( result || !res ) {
Debug( LDAP_DEBUG_ANY, "upstream_name_cb: "
"name resolution failed for backend '%s': %s\n",
b->b_bindconf.sb_uri.bv_val, evutil_gai_strerror( result ) );
b->b_uri.bv_val, evutil_gai_strerror( result ) );
goto fail;
}
......@@ -65,7 +65,7 @@ upstream_name_cb( int result, struct evutil_addrinfo *res, void *arg )
if ( rc && errno != EINPROGRESS && errno != EWOULDBLOCK ) {
Debug( LDAP_DEBUG_ANY, "upstream_name_cb: "
"failed to connect to server '%s'\n",
b->b_bindconf.sb_uri.bv_val );
b->b_uri.bv_val );
goto fail;
}
......@@ -115,7 +115,7 @@ backend_select( Operation *op )
if ( b->b_max_pending && b->b_n_ops_executing >= b->b_max_pending ) {
Debug( LDAP_DEBUG_CONNS, "backend_select: "
"backend %s too busy\n",
b->b_bindconf.sb_uri.bv_val );
b->b_uri.bv_val );
ldap_pvt_thread_mutex_unlock( &b->b_mutex );
b = next;
continue;
......@@ -316,7 +316,7 @@ backends_destroy( void )
Debug( LDAP_DEBUG_CONNS, "backends_destroy: "
"destroying backend uri='%s', numconns=%d, numbindconns=%d\n",
b->b_bindconf.sb_uri.bv_val, b->b_numconns, b->b_numbindconns );
b->b_uri.bv_val, b->b_numconns, b->b_numbindconns );
while ( !LDAP_CIRCLEQ_EMPTY( &b->b_bindconns ) ) {
Connection *c = LDAP_CIRCLEQ_FIRST( &b->b_bindconns );
......@@ -349,27 +349,7 @@ backends_destroy( void )
event_free( b->b_retry_event );
ch_free( b->b_host );
ch_free( b->b_bindconf.sb_uri.bv_val );
ch_free( b->b_bindconf.sb_binddn.bv_val );
ch_free( b->b_bindconf.sb_cred.bv_val );
ch_free( b->b_bindconf.sb_saslmech.bv_val );
ch_free( b->b_bindconf.sb_secprops );
ch_free( b->b_bindconf.sb_realm.bv_val );
ch_free( b->b_bindconf.sb_authcId.bv_val );
ch_free( b->b_bindconf.sb_authzId.bv_val );
#ifdef HAVE_TLS
ch_free( b->b_bindconf.sb_tls_cert );
ch_free( b->b_bindconf.sb_tls_key );
ch_free( b->b_bindconf.sb_tls_cacert );
ch_free( b->b_bindconf.sb_tls_cacertdir );
ch_free( b->b_bindconf.sb_tls_reqcert );
ch_free( b->b_bindconf.sb_tls_cipher_suite );
ch_free( b->b_bindconf.sb_tls_protocol_min );
#ifdef HAVE_OPENSSL_CRL
ch_free( b->b_bindconf.sb_tls_crlcheck );
#endif
#endif
ch_free( b->b_uri.bv_val );
ch_free( b );
}
}
servers/lloadd/config.c
View file @ 6ee21f11
......@@ -100,6 +100,7 @@ static ConfigFile *cfn;
static ConfigDriver config_fname;
static ConfigDriver config_generic;
static ConfigDriver config_backend;
static ConfigDriver config_bindconf;
#ifdef LDAP_TCP_BUFFER
static ConfigDriver config_tcp_buffer;
#endif /* LDAP_TCP_BUFFER */
......@@ -116,10 +117,12 @@ slap_b_head backend = LDAP_CIRCLEQ_HEAD_INITIALIZER(backend);
ldap_pvt_thread_mutex_t backend_mutex;
Backend *current_backend = NULL;
struct slap_bindconf bindconf = {};
enum {
CFG_ACL = 1,
CFG_BACKEND,
CFG_DATABASE,
CFG_BINDCONF,
CFG_TLS_RAND,
CFG_TLS_CIPHER,
CFG_TLS_PROTOCOL_MIN,
......@@ -162,10 +165,14 @@ static ConfigTable config_back_cf_table[] = {
ARG_INT|ARG_MAGIC|CFG_CONCUR,
&config_generic,
},
{ "backend", "type", 2, 0, 0,
ARG_MAGIC|CFG_DATABASE,
{ "backend", "backend options", 2, 0, 0,
ARG_MAGIC|CFG_BACKEND,
&config_backend,
},
{ "bindconf", "backend credentials", 2, 0, 0,
ARG_MAGIC|CFG_BINDCONF,
&config_bindconf,
},
{ "gentlehup", "on|off", 2, 2, 0,
#ifdef SIGHUP
ARG_ON_OFF,
......@@ -471,31 +478,14 @@ config_backend( ConfigArgs *c )
b->b_numbindconns = 1;
for ( i = 1; i < c->argc; i++ ) {
if ( bindconf_parse( c->argv[i], b ) ) {
if ( backend_parse( c->argv[i], b ) ) {
Debug( LDAP_DEBUG_ANY, "config_backend: "
"error parsing backend configuration item '%s'\n",
c->argv[i] );
rc = -1;
goto done;
return -1;
}
}
bindconf_tls_defaults( &b->b_bindconf );
if ( b->b_bindconf.sb_method == LDAP_AUTH_SASL ) {
#ifndef HAVE_CYRUS_SASL
Debug( LDAP_DEBUG_ANY, "config_backend: "
"no sasl support available\n" );
rc = -1;
goto done;
#else /* HAVE_CYRUS_SASL */
Debug( LDAP_DEBUG_ANY, "config_backend: "
"no sasl support yet\n" );
rc = -1;
goto done;
#endif
}
if ( b->b_numconns <= 0 ) {
Debug( LDAP_DEBUG_ANY, "config_backend: "
"invalid connection pool configuration\n" );
......@@ -519,18 +509,18 @@ config_backend( ConfigArgs *c )
b->b_retry_tv.tv_sec = b->b_retry_timeout / 1000;
b->b_retry_tv.tv_usec = ( b->b_retry_timeout % 1000 ) * 1000;
if ( BER_BVISNULL( &b->b_bindconf.sb_uri ) ) {
if ( BER_BVISNULL( &b->b_uri ) ) {
Debug( LDAP_DEBUG_ANY, "config_backend: "
"backend address not specified\n" );
rc = -1;
goto done;
}
rc = ldap_url_parse( b->b_bindconf.sb_uri.bv_val, &lud );
rc = ldap_url_parse( b->b_uri.bv_val, &lud );
if ( rc != LDAP_URL_SUCCESS ) {
Debug( LDAP_DEBUG_ANY, "config_backend: "
"listen URL \"%s\" parse error=%d\n",
b->b_bindconf.sb_uri.bv_val, rc );
b->b_uri.bv_val, rc );
rc = -1;
goto done;
}
......@@ -539,7 +529,7 @@ config_backend( ConfigArgs *c )
if ( ldap_pvt_url_scheme2tls( lud->lud_scheme ) ) {
Debug( LDAP_DEBUG_ANY, "config_backend: "
"TLS not supported (%s)\n",
b->b_bindconf.sb_uri.bv_val );
b->b_uri.bv_val );
rc = -1;
goto done;
}
......@@ -581,7 +571,7 @@ config_backend( ConfigArgs *c )
if ( lud->lud_host == NULL || lud->lud_host[0] == '\0' ) {
Debug( LDAP_DEBUG_ANY, "config_backend: "
"backend url missing hostname: '%s'\n",
b->b_bindconf.sb_uri.bv_val );
b->b_uri.bv_val );
rc = -1;
goto done;
}
......@@ -603,6 +593,37 @@ done:
return rc;
}
static int
config_bindconf( ConfigArgs *c )
{
int i;
for ( i = 1; i < c->argc; i++ ) {
if ( bindconf_parse( c->argv[i], &bindconf ) ) {
Debug( LDAP_DEBUG_ANY, "config_bindconf: "
"error parsing backend configuration item '%s'\n",
c->argv[i] );
return -1;
}
}
bindconf_tls_defaults( &bindconf );
if ( bindconf.sb_method == LDAP_AUTH_SASL ) {
#ifndef HAVE_CYRUS_SASL
Debug( LDAP_DEBUG_ANY, "config_bindconf: "
"no sasl support available\n" );
return -1;
#else /* HAVE_CYRUS_SASL */
Debug( LDAP_DEBUG_ANY, "config_bindconf: "
"no sasl support yet\n" );
return -1;
#endif
}
return 0;
}
static int
config_fname( ConfigArgs *c )
{
......@@ -1882,41 +1903,8 @@ slap_keepalive_parse(
return 0;
}
static int
slap_sb_uri(
struct berval *val,
void *bcp,
slap_cf_aux_table *tab0,
const char *tabmsg,
int unparse )
{
slap_bindconf *bc = bcp;
if ( unparse ) {
if ( bc->sb_uri.bv_len >= val->bv_len ) return -1;
val->bv_len = bc->sb_uri.bv_len;
AC_MEMCPY( val->bv_val, bc->sb_uri.bv_val, val->bv_len );
} else {
bc->sb_uri = *val;
#ifdef HAVE_TLS
if ( ldap_is_ldaps_url( val->bv_val ) ) bc->sb_tls_do_init = 1;
#endif
}
return 0;
}
static slap_cf_aux_table bindkey[] = {
{ BER_BVC("uri="), offsetof(Backend, b_bindconf.sb_uri), 'x', 1, slap_sb_uri },
{ BER_BVC("bindmethod="), offsetof(Backend, b_bindconf.sb_method), 'i', 0, methkey },
{ BER_BVC("timeout="), offsetof(Backend, b_bindconf.sb_timeout_api), 'i', 0, NULL },
{ BER_BVC("network-timeout="), offsetof(Backend, b_bindconf.sb_timeout_net), 'i', 0, NULL },
{ BER_BVC("binddn="), offsetof(Backend, b_bindconf.sb_binddn), 'b', 1, NULL },
{ BER_BVC("credentials="), offsetof(Backend, b_bindconf.sb_cred), 'b', 1, NULL },
{ BER_BVC("saslmech="), offsetof(Backend, b_bindconf.sb_saslmech), 'b', 0, NULL },
{ BER_BVC("secprops="), offsetof(Backend, b_bindconf.sb_secprops), 's', 0, NULL },
{ BER_BVC("realm="), offsetof(Backend, b_bindconf.sb_realm), 'b', 0, NULL },
{ BER_BVC("authcID="), offsetof(Backend, b_bindconf.sb_authcId), 'b', 1, NULL },
{ BER_BVC("authzID="), offsetof(Backend, b_bindconf.sb_authzId), 'b', 1, NULL },
{ BER_BVC("keepalive="), offsetof(Backend, b_bindconf.sb_keepalive), 'x', 0, (slap_verbmasks *)slap_keepalive_parse },
static slap_cf_aux_table backendkey[] = {
{ BER_BVC("uri="), offsetof(Backend, b_uri), 'b', 1, NULL },
{ BER_BVC("numconns="), offsetof(Backend, b_numconns), 'i', 0, NULL },
{ BER_BVC("bindconns="), offsetof(Backend, b_numbindconns), 'i', 0, NULL },
......@@ -1924,19 +1912,34 @@ static slap_cf_aux_table bindkey[] = {
{ BER_BVC("max-pending-ops="), offsetof(Backend, b_max_pending), 'i', 0, NULL },
{ BER_BVC("conn-max-pending="), offsetof(Backend, b_max_conn_pending), 'i', 0, NULL },
{ BER_BVNULL, 0, 0, 0, NULL }
};
static slap_cf_aux_table bindkey[] = {
{ BER_BVC("bindmethod="), offsetof(slap_bindconf, sb_method), 'i', 0, methkey },
{ BER_BVC("timeout="), offsetof(slap_bindconf, sb_timeout_api), 'i', 0, NULL },
{ BER_BVC("network-timeout="), offsetof(slap_bindconf, sb_timeout_net), 'i', 0, NULL },
{ BER_BVC("binddn="), offsetof(slap_bindconf, sb_binddn), 'b', 1, NULL },
{ BER_BVC("credentials="), offsetof(slap_bindconf, sb_cred), 'b', 1, NULL },
{ BER_BVC("saslmech="), offsetof(slap_bindconf, sb_saslmech), 'b', 0, NULL },
{ BER_BVC("secprops="), offsetof(slap_bindconf, sb_secprops), 's', 0, NULL },
{ BER_BVC("realm="), offsetof(slap_bindconf, sb_realm), 'b', 0, NULL },
{ BER_BVC("authcID="), offsetof(slap_bindconf, sb_authcId), 'b', 1, NULL },
{ BER_BVC("authzID="), offsetof(slap_bindconf, sb_authzId), 'b', 1, NULL },
{ BER_BVC("keepalive="), offsetof(slap_bindconf, sb_keepalive), 'x', 0, (slap_verbmasks *)slap_keepalive_parse },
#ifdef HAVE_TLS
{ BER_BVC("starttls="), offsetof(Backend, b_bindconf.sb_tls), 'i', 0, tlskey },
{ BER_BVC("tls_cert="), offsetof(Backend, b_bindconf.sb_tls_cert), 's', 1, NULL },
{ BER_BVC("tls_key="), offsetof(Backend, b_bindconf.sb_tls_key), 's', 1, NULL },
{ BER_BVC("tls_cacert="), offsetof(Backend, b_bindconf.sb_tls_cacert), 's', 1, NULL },
{ BER_BVC("tls_cacertdir="), offsetof(Backend, b_bindconf.sb_tls_cacertdir), 's', 1, NULL },
{ BER_BVC("tls_reqcert="), offsetof(Backend, b_bindconf.sb_tls_reqcert), 's', 0, NULL },
{ BER_BVC("tls_reqsan="), offsetof(Backend, b_bindconf.sb_tls_reqsan), 's', 0, NULL },
{ BER_BVC("tls_cipher_suite="), offsetof(Backend, b_bindconf.sb_tls_cipher_suite), 's', 0, NULL },
{ BER_BVC("tls_protocol_min="), offsetof(Backend, b_bindconf.sb_tls_protocol_min), 's', 0, NULL },
{ BER_BVC("tls_ecname="), offsetof(Backend, b_bindconf.sb_tls_ecname), 's', 0, NULL },
{ BER_BVC("starttls="), offsetof(slap_bindconf, sb_tls), 'i', 0, tlskey },
{ BER_BVC("tls_cert="), offsetof(slap_bindconf, sb_tls_cert), 's', 1, NULL },
{ BER_BVC("tls_key="), offsetof(slap_bindconf, sb_tls_key), 's', 1, NULL },
{ BER_BVC("tls_cacert="), offsetof(slap_bindconf, sb_tls_cacert), 's', 1, NULL },
{ BER_BVC("tls_cacertdir="), offsetof(slap_bindconf, sb_tls_cacertdir), 's', 1, NULL },
{ BER_BVC("tls_reqcert="), offsetof(slap_bindconf, sb_tls_reqcert), 's', 0, NULL },
{ BER_BVC("tls_reqsan="), offsetof(slap_bindconf, sb_tls_reqsan), 's', 0, NULL },
{ BER_BVC("tls_cipher_suite="), offsetof(slap_bindconf, sb_tls_cipher_suite), 's', 0, NULL },
{ BER_BVC("tls_protocol_min="), offsetof(slap_bindconf, sb_tls_protocol_min), 's', 0, NULL },
{ BER_BVC("tls_ecname="), offsetof(slap_bindconf, sb_tls_ecname), 's', 0, NULL },
#ifdef HAVE_OPENSSL
{ BER_BVC("tls_crlcheck="), offsetof(Backend, b_bindconf.sb_tls_crlcheck), 's', 0, NULL },
{ BER_BVC("tls_crlcheck="), offsetof(slap_bindconf, sb_tls_crlcheck), 's', 0, NULL },
#endif
#endif
{ BER_BVNULL, 0, 0, 0, NULL }
......@@ -2212,15 +2215,21 @@ slap_tls_get_config( LDAP *ld, int opt, char **val )
}
int
bindconf_parse( const char *word, Backend *b )
backend_parse( const char *word, Backend *b )
{
return slap_cf_aux_table_parse( word, b, backendkey, "backend config" );
}
int
bindconf_parse( const char *word, slap_bindconf *bc )
{
return slap_cf_aux_table_parse( word, b, bindkey, "bind config" );
return slap_cf_aux_table_parse( word, bc, bindkey, "bind config" );
}
int
bindconf_unparse( Backend *b, struct berval *bv )
bindconf_unparse( slap_bindconf *bc, struct berval *bv )
{
return slap_cf_aux_table_unparse( b, bv, bindkey );
return slap_cf_aux_table_unparse( bc, bv, bindkey );
}
void
......
servers/lloadd/daemon.c
View file @ 6ee21f11
......@@ -1359,6 +1359,7 @@ slapd_daemon( struct event_base *daemon_base )
ldap_pvt_thread_pool_close( &connection_pool, 1 );
backends_destroy();
clients_destroy();
bindconf_free( &bindconf );
evdns_base_free( dnsbase, 0 );
ch_free( daemon_tid );
......
servers/lloadd/slap.h
View file @ 6ee21f11
......@@ -128,6 +128,7 @@ LDAP_SLAPD_V (slap_b_head) backend;
LDAP_SLAPD_V (slap_c_head) clients;
LDAP_SLAPD_V (ldap_pvt_thread_mutex_t) backend_mutex;
LDAP_SLAPD_V (Backend *) current_backend;
LDAP_SLAPD_V (struct slap_bindconf) bindconf;
LDAP_SLAPD_V (int) slapMode;
#define SLAP_UNDEFINED_MODE 0x0000
......@@ -246,9 +247,9 @@ enum lload_tls_type {
/* Can hold mutex when locking a linked connection */
struct Backend {
struct slap_bindconf b_bindconf;
ldap_pvt_thread_mutex_t b_mutex;
struct berval b_uri;
int b_proto, b_port;
enum lload_tls_type b_tls;
char *b_host;
......
servers/lloadd/upstream.c
View file @ 6ee21f11
......@@ -167,7 +167,7 @@ handle_vc_bind_response( Operation *op, BerElement *ber )
CONNECTION_LOCK(upstream);
b = (Backend *)upstream->c_private;
Debug( LDAP_DEBUG_ANY, "VC extended operation not supported on backend %s\n",
b->b_bindconf.sb_uri.bv_val );
b->b_uri.bv_val );
CONNECTION_UNLOCK(upstream);
}
......@@ -779,20 +779,20 @@ upstream_bind( void *ctx, void *arg )
CONNECTION_UNLOCK_INCREF(c);
ldap_pvt_thread_mutex_lock( &b->b_mutex );
if ( b->b_bindconf.sb_method == LDAP_AUTH_SIMPLE ) {
if ( bindconf.sb_method == LDAP_AUTH_SIMPLE ) {
/* simple bind */
ber_printf( ber, "{it{iOtON}}",
msgid, LDAP_REQ_BIND, LDAP_VERSION3,
&b->b_bindconf.sb_binddn, LDAP_AUTH_SIMPLE,
&b->b_bindconf.sb_cred );
&bindconf.sb_binddn, LDAP_AUTH_SIMPLE,
&bindconf.sb_cred );
#ifdef HAVE_CYRUS_SASL
} else {
BerValue cred = BER_BVNULL;
ber_printf( ber, "{it{iOt{OON}N}}",
msgid, LDAP_REQ_BIND, LDAP_VERSION3,
&b->b_bindconf.sb_binddn, LDAP_AUTH_SASL,
&b->b_bindconf.sb_saslmech, BER_BV_OPTIONAL( &cred ) );
&bindconf.sb_binddn, LDAP_AUTH_SASL,
&bindconf.sb_saslmech, BER_BV_OPTIONAL( &cred ) );
#endif /* HAVE_CYRUS_SASL */
}
ldap_pvt_thread_mutex_unlock( &b->b_mutex );
......@@ -857,7 +857,7 @@ upstream_init( ber_socket_t s, Backend *b )
}
}
if ( is_bindconn || b->b_bindconf.sb_method == LDAP_AUTH_NONE ) {
if ( is_bindconn || bindconf.sb_method == LDAP_AUTH_NONE ) {
if ( upstream_finish( c ) ) {
goto fail;
}
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment