Commit 54884edf authored by Quanah Gibson-Mount's avatar Quanah Gibson-Mount
Browse files

ITS#5593

parent 9dd2d1d1
......@@ -15,6 +15,7 @@ OpenLDAP 2.4.11 Engineering
Fixed slapd sortvals binary search (ITS#5578)
Fixed slapd syncrepl updates with multiple masters (ITS#5597)
Fixed slapd syncrepl/slapo-syncprov contextCSN updates as internal ops (ITS#5596)
Added slapd-ldap/slapd-meta option to filter out search references (ITS#5593)
Fixed slapd-meta link to slapd-ldap (ITS#5355)
Fixed slapd-sock, back-shell buffer count (ITS#5558)
Fixed slapo-dynlist dg attrs lookup (ITS#5583)
......
......@@ -384,6 +384,13 @@ returns in case of no activity.
The value is in seconds, and it can be specified as for
.BR idle-timeout .
.TP
.B norefs <NO|yes>
If
.BR yes ,
do not return search reference responses.
By default, they are returned unless request is LDAPv2.
.TP
.B protocol\-version {0,2,3}
This directive indicates what protocol version must be used to contact
......
......@@ -127,6 +127,15 @@ If the value is set to \fBreport\fP, the search is continuated to the end
but, in case at least one target returned an error code, the first
non-success error code is returned.
.TP
.B norefs <NO|yes>
If
.BR yes ,
do not return search reference responses.
By default, they are returned unless request is LDAPv2.
If set before any target specification, it affects all targets, unless
overridden by any per-target directive.
.TP
.B protocol\-version {0,2,3}
This directive indicates what protocol version must be used to contact
......
......@@ -315,6 +315,8 @@ typedef struct ldapinfo_t {
#define LDAP_BACK_F_ST_RESPONSE (0x00040000U)
#endif /* SLAP_CONTROL_X_SESSION_TRACKING */
#define LDAP_BACK_F_NOREFS (0x00080000U)
#define LDAP_BACK_ISSET_F(ff,f) ( ( (ff) & (f) ) == (f) )
#define LDAP_BACK_ISMASK_F(ff,m,f) ( ( (ff) & (m) ) == (f) )
......@@ -353,6 +355,8 @@ typedef struct ldapinfo_t {
#define LDAP_BACK_ST_RESPONSE(li) LDAP_BACK_ISSET( (li), LDAP_BACK_F_ST_RESPONSE)
#endif /* SLAP_CONTROL_X_SESSION_TRACKING */
#define LDAP_BACK_NOREFS(li) LDAP_BACK_ISSET( (li), LDAP_BACK_F_NOREFS)
int li_version;
/* cached connections;
......
......@@ -70,6 +70,8 @@ enum {
LDAP_BACK_CFG_CANCEL,
LDAP_BACK_CFG_QUARANTINE,
LDAP_BACK_CFG_ST_REQUEST,
LDAP_BACK_CFG_NOREFS,
LDAP_BACK_CFG_REWRITE,
LDAP_BACK_CFG_LAST
......@@ -306,6 +308,14 @@ static ConfigTable ldapcfg[] = {
"SINGLE-VALUE )",
NULL, NULL },
#endif /* SLAP_CONTROL_X_SESSION_TRACKING */
{ "norefs", "true|FALSE", 2, 2, 0,
ARG_MAGIC|ARG_ON_OFF|LDAP_BACK_CFG_NOREFS,
ldap_back_cf_gen, "( OLcfgDbAt:3.25 "
"NAME 'olcDbNorefs' "
"DESC 'Do not return search reference responses' "
"SYNTAX OMsBoolean "
"SINGLE-VALUE )",
NULL, NULL },
{ "suffixmassage", "[virtual]> <real", 2, 3, 0,
ARG_STRING|ARG_MAGIC|LDAP_BACK_CFG_REWRITE,
ldap_back_cf_gen, NULL, NULL, NULL },
......@@ -345,6 +355,10 @@ static ConfigOCs ldapocs[] = {
"$ olcDbQuarantine "
"$ olcDbUseTemporaryConn "
"$ olcDbConnectionPoolMax "
#ifdef SLAP_CONTROL_X_SESSION_TRACKING
"$ olcDbSessionTrackingRequest "
#endif /* SLAP_CONTROL_X_SESSION_TRACKING */
"$ olcDbNorefs "
") )",
Cft_Database, ldapcfg},
{ NULL, 0, NULL }
......@@ -1134,6 +1148,10 @@ ldap_back_cf_gen( ConfigArgs *c )
break;
#endif /* SLAP_CONTROL_X_SESSION_TRACKING */
case LDAP_BACK_CFG_NOREFS:
c->value_int = LDAP_BACK_NOREFS( li );
break;
default:
/* FIXME: we need to handle all... */
assert( 0 );
......@@ -1256,6 +1274,10 @@ ldap_back_cf_gen( ConfigArgs *c )
break;
#endif /* SLAP_CONTROL_X_SESSION_TRACKING */
case LDAP_BACK_CFG_NOREFS:
li->li_flags &= ~LDAP_BACK_F_NOREFS;
break;
default:
/* FIXME: we need to handle all... */
assert( 0 );
......@@ -1900,6 +1922,15 @@ done_url:;
break;
#endif /* SLAP_CONTROL_X_SESSION_TRACKING */
case LDAP_BACK_CFG_NOREFS:
if ( c->value_int ) {
li->li_flags |= LDAP_BACK_F_NOREFS;
} else {
li->li_flags &= ~LDAP_BACK_F_NOREFS;
}
break;
case LDAP_BACK_CFG_REWRITE:
snprintf( c->cr_msg, sizeof( c->cr_msg ),
"rewrite/remap capabilities have been moved "
......
......@@ -363,6 +363,11 @@ retry:
}
} else if ( rc == LDAP_RES_SEARCH_REFERENCE ) {
if ( LDAP_BACK_NOREFS( li ) ) {
ldap_msgfree( res );
continue;
}
do_retry = 0;
rc = ldap_parse_reference( lc->lc_ld, res,
&references, &rs->sr_ctrls, 1 );
......
......@@ -315,6 +315,8 @@ typedef struct metatarget_t {
#define META_BACK_TGT_ST_RESPONSE(mt) META_BACK_TGT_ISSET( (mt), LDAP_BACK_F_ST_RESPONSE )
#endif /* SLAP_CONTROL_X_SESSION_TRACKING */
#define META_BACK_TGT_NOREFS(mt) META_BACK_TGT_ISSET( (mt), LDAP_BACK_F_NOREFS )
int mt_version;
time_t mt_network_timeout;
struct timeval mt_bind_timeout;
......
......@@ -1453,6 +1453,36 @@ idassert-authzFrom "dn:<rootdn>"
return 1;
}
/* do not return search references */
} else if ( strcasecmp( argv[ 0 ], "norefs" ) == 0 ) {
unsigned *flagsp = mi->mi_ntargets ?
&mi->mi_targets[ mi->mi_ntargets - 1 ]->mt_flags
: &mi->mi_flags;
if ( argc != 2 ) {
Debug( LDAP_DEBUG_ANY,
"%s: line %d: \"norefs {TRUE|false}\" needs 1 argument.\n",
fname, lineno, 0 );
return( 1 );
}
/* this is the default; we add it because the default might change... */
switch ( check_true_false( argv[ 1 ] ) ) {
case 1:
*flagsp |= LDAP_BACK_F_NOREFS;
break;
case 0:
*flagsp &= ~LDAP_BACK_F_NOREFS;
break;
default:
Debug( LDAP_DEBUG_ANY,
"%s: line %d: \"norefs {TRUE|false}\": unknown argument \"%s\".\n",
fname, lineno, argv[ 1 ] );
return( 1 );
}
/* anything else */
} else {
return SLAP_CONF_UNKNOWN;
......
......@@ -1155,6 +1155,10 @@ really_bad:;
char **references = NULL;
int cnt;
if ( META_BACK_TGT_NOREFS( mi->mi_targets[ i ] ) ) {
continue;
}
if ( candidates[ i ].sr_type == REP_INTERMEDIATE ) {
/* don't retry any more... */
candidates[ i ].sr_type = REP_RESULT;
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment