Skip to content
GitLab
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Sign in / Register
Toggle navigation
Menu
Open sidebar
Joe Martin
OpenLDAP
Commits
cf7523a9
Commit
cf7523a9
authored
Aug 14, 2009
by
Quanah Gibson-Mount
Browse files
ITS#6190
parent
0a8ffa82
Changes
6
Hide whitespace changes
Inline
Side-by-side
CHANGES
View file @
cf7523a9
...
...
@@ -15,6 +15,7 @@ OpenLDAP 2.4.18 Engineering
Fixed slapd subordinate needs a suffix (ITS#6216)
Fixed slapd tools to properly close database (ITS#6214)
Fixed slapd uninitialized SlapReply components (ITS#6101)
Fixed slapd-meta starttls with targets (ITS#6190)
Fixed slapd-ndb startup (ITS#6203)
Fixed slapd-relay various issues (ITS#6133)
Fixed slapd-relay response/cleanup callback mismatch (ITS#6154)
...
...
servers/slapd/back-meta/back-meta.h
View file @
cf7523a9
...
...
@@ -301,6 +301,14 @@ typedef struct metatarget_t {
#define META_BACK_TGT_ISSET(mt,f) ( ( (mt)->mt_flags & (f) ) == (f) )
#define META_BACK_TGT_ISMASK(mt,m,f) ( ( (mt)->mt_flags & (m) ) == (f) )
#define META_BACK_TGT_SAVECRED(mt) META_BACK_TGT_ISSET( (mt), LDAP_BACK_F_SAVECRED )
#define META_BACK_TGT_USE_TLS(mt) META_BACK_TGT_ISSET( (mt), LDAP_BACK_F_USE_TLS )
#define META_BACK_TGT_PROPAGATE_TLS(mt) META_BACK_TGT_ISSET( (mt), LDAP_BACK_F_PROPAGATE_TLS )
#define META_BACK_TGT_TLS_CRITICAL(mt) META_BACK_TGT_ISSET( (mt), LDAP_BACK_F_TLS_CRITICAL )
#define META_BACK_TGT_CHASE_REFERRALS(mt) META_BACK_TGT_ISSET( (mt), LDAP_BACK_F_CHASE_REFERRALS )
#define META_BACK_TGT_T_F(mt) META_BACK_TGT_ISMASK( (mt), LDAP_BACK_F_T_F_MASK, LDAP_BACK_F_T_F )
#define META_BACK_TGT_T_F_DISCOVER(mt) META_BACK_TGT_ISMASK( (mt), LDAP_BACK_F_T_F_MASK2, LDAP_BACK_F_T_F_DISCOVER )
...
...
servers/slapd/back-meta/bind.c
View file @
cf7523a9
...
...
@@ -538,7 +538,7 @@ meta_back_single_bind(
LDAP_BACK_CONN_ISBOUND_SET
(
msc
);
mc
->
mc_authz_target
=
candidate
;
if
(
LDAP
_BACK_SAVECRED
(
m
i
)
)
{
if
(
META
_BACK_
TGT_
SAVECRED
(
m
t
)
)
{
if
(
!
BER_BVISNULL
(
&
msc
->
msc_cred
)
)
{
memset
(
msc
->
msc_cred
.
bv_val
,
0
,
msc
->
msc_cred
.
bv_len
);
...
...
@@ -1539,7 +1539,7 @@ meta_back_proxy_authz_bind( metaconn_t *mc, int candidate, Operation *op, SlapRe
LDAP_BACK_CONN_ISBOUND_SET
(
msc
);
ber_bvreplace
(
&
msc
->
msc_bound_ndn
,
&
binddn
);
if
(
LDAP
_BACK_SAVECRED
(
m
i
)
)
{
if
(
META
_BACK_
TGT_
SAVECRED
(
m
t
)
)
{
if
(
!
BER_BVISNULL
(
&
msc
->
msc_cred
)
)
{
memset
(
msc
->
msc_cred
.
bv_val
,
0
,
msc
->
msc_cred
.
bv_len
);
...
...
servers/slapd/back-meta/config.c
View file @
cf7523a9
...
...
@@ -640,6 +640,10 @@ meta_back_db_config(
/* save bind creds for referral rebinds? */
}
else
if
(
strcasecmp
(
argv
[
0
],
"rebind-as-user"
)
==
0
)
{
unsigned
*
flagsp
=
mi
->
mi_ntargets
?
&
mi
->
mi_targets
[
mi
->
mi_ntargets
-
1
]
->
mt_flags
:
&
mi
->
mi_flags
;
if
(
argc
>
2
)
{
Debug
(
LDAP_DEBUG_ANY
,
"%s: line %d:
\"
rebind-as-user {NO|yes}
\"
takes 1 argument.
\n
"
,
...
...
@@ -651,16 +655,16 @@ meta_back_db_config(
Debug
(
LDAP_DEBUG_ANY
,
"%s: line %d: deprecated use of
\"
rebind-as-user {FALSE|true}
\"
with no arguments.
\n
"
,
fname
,
lineno
,
0
);
mi
->
mi_
flags
|=
LDAP_BACK_F_SAVECRED
;
*
flags
p
|=
LDAP_BACK_F_SAVECRED
;
}
else
{
switch
(
check_true_false
(
argv
[
1
]
)
)
{
case
0
:
mi
->
mi_
flags
&=
~
LDAP_BACK_F_SAVECRED
;
*
flags
p
&=
~
LDAP_BACK_F_SAVECRED
;
break
;
case
1
:
mi
->
mi_
flags
|=
LDAP_BACK_F_SAVECRED
;
*
flags
p
|=
LDAP_BACK_F_SAVECRED
;
break
;
default:
...
...
servers/slapd/back-meta/conn.c
View file @
cf7523a9
...
...
@@ -418,13 +418,13 @@ retry_lock:;
/* automatically chase referrals ("chase-referrals [{yes|no}]" statement) */
ldap_set_option
(
msc
->
msc_ld
,
LDAP_OPT_REFERRALS
,
LDAP
_BACK_CHASE_REFERRALS
(
m
i
)
?
LDAP_OPT_ON
:
LDAP_OPT_OFF
);
META
_BACK_
TGT_
CHASE_REFERRALS
(
m
t
)
?
LDAP_OPT_ON
:
LDAP_OPT_OFF
);
#ifdef HAVE_TLS
/* start TLS ("tls [try-]{start|propagate}" statement) */
if
(
(
LDAP
_BACK_USE_TLS
(
m
i
)
if
(
(
META
_BACK_
TGT_
USE_TLS
(
m
t
)
||
(
op
->
o_conn
->
c_is_tls
&&
LDAP
_BACK_PROPAGATE_TLS
(
m
i
)
)
)
&&
META
_BACK_
TGT_
PROPAGATE_TLS
(
m
t
)
)
)
&&
!
is_ldaps
)
{
#ifdef SLAP_STARTTLS_ASYNCHRONOUS
...
...
@@ -526,7 +526,7 @@ retry:;
* overlay, where the "uri" can be parsed out of a referral */
if
(
rs
->
sr_err
==
LDAP_SERVER_DOWN
||
(
rs
->
sr_err
!=
LDAP_SUCCESS
&&
LDAP
_BACK_TLS_CRITICAL
(
m
i
)
)
)
&&
META
_BACK_
TGT_
TLS_CRITICAL
(
m
t
)
)
)
{
#ifdef DEBUG_205
...
...
servers/slapd/back-meta/search.c
View file @
cf7523a9
...
...
@@ -199,7 +199,7 @@ meta_search_dobind_init(
* because the connection is not shared until bind is over */
if
(
!
BER_BVISNULL
(
&
binddn
)
)
{
ber_bvreplace
(
&
msc
->
msc_bound_ndn
,
&
binddn
);
if
(
LDAP
_BACK_SAVECRED
(
m
i
)
&&
!
BER_BVISNULL
(
&
cred
)
)
{
if
(
META
_BACK_
TGT_
SAVECRED
(
m
t
)
&&
!
BER_BVISNULL
(
&
cred
)
)
{
if
(
!
BER_BVISNULL
(
&
msc
->
msc_cred
)
)
{
memset
(
msc
->
msc_cred
.
bv_val
,
0
,
msc
->
msc_cred
.
bv_len
);
...
...
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment