Commit 54884edf authored by Quanah Gibson-Mount's avatar Quanah Gibson-Mount
Browse files

ITS#5593

parent 9dd2d1d1
...@@ -15,6 +15,7 @@ OpenLDAP 2.4.11 Engineering ...@@ -15,6 +15,7 @@ OpenLDAP 2.4.11 Engineering
Fixed slapd sortvals binary search (ITS#5578) Fixed slapd sortvals binary search (ITS#5578)
Fixed slapd syncrepl updates with multiple masters (ITS#5597) Fixed slapd syncrepl updates with multiple masters (ITS#5597)
Fixed slapd syncrepl/slapo-syncprov contextCSN updates as internal ops (ITS#5596) Fixed slapd syncrepl/slapo-syncprov contextCSN updates as internal ops (ITS#5596)
Added slapd-ldap/slapd-meta option to filter out search references (ITS#5593)
Fixed slapd-meta link to slapd-ldap (ITS#5355) Fixed slapd-meta link to slapd-ldap (ITS#5355)
Fixed slapd-sock, back-shell buffer count (ITS#5558) Fixed slapd-sock, back-shell buffer count (ITS#5558)
Fixed slapo-dynlist dg attrs lookup (ITS#5583) Fixed slapo-dynlist dg attrs lookup (ITS#5583)
......
...@@ -384,6 +384,13 @@ returns in case of no activity. ...@@ -384,6 +384,13 @@ returns in case of no activity.
The value is in seconds, and it can be specified as for The value is in seconds, and it can be specified as for
.BR idle-timeout . .BR idle-timeout .
.TP
.B norefs <NO|yes>
If
.BR yes ,
do not return search reference responses.
By default, they are returned unless request is LDAPv2.
.TP .TP
.B protocol\-version {0,2,3} .B protocol\-version {0,2,3}
This directive indicates what protocol version must be used to contact This directive indicates what protocol version must be used to contact
......
...@@ -127,6 +127,15 @@ If the value is set to \fBreport\fP, the search is continuated to the end ...@@ -127,6 +127,15 @@ If the value is set to \fBreport\fP, the search is continuated to the end
but, in case at least one target returned an error code, the first but, in case at least one target returned an error code, the first
non-success error code is returned. non-success error code is returned.
.TP
.B norefs <NO|yes>
If
.BR yes ,
do not return search reference responses.
By default, they are returned unless request is LDAPv2.
If set before any target specification, it affects all targets, unless
overridden by any per-target directive.
.TP .TP
.B protocol\-version {0,2,3} .B protocol\-version {0,2,3}
This directive indicates what protocol version must be used to contact This directive indicates what protocol version must be used to contact
......
...@@ -315,6 +315,8 @@ typedef struct ldapinfo_t { ...@@ -315,6 +315,8 @@ typedef struct ldapinfo_t {
#define LDAP_BACK_F_ST_RESPONSE (0x00040000U) #define LDAP_BACK_F_ST_RESPONSE (0x00040000U)
#endif /* SLAP_CONTROL_X_SESSION_TRACKING */ #endif /* SLAP_CONTROL_X_SESSION_TRACKING */
#define LDAP_BACK_F_NOREFS (0x00080000U)
#define LDAP_BACK_ISSET_F(ff,f) ( ( (ff) & (f) ) == (f) ) #define LDAP_BACK_ISSET_F(ff,f) ( ( (ff) & (f) ) == (f) )
#define LDAP_BACK_ISMASK_F(ff,m,f) ( ( (ff) & (m) ) == (f) ) #define LDAP_BACK_ISMASK_F(ff,m,f) ( ( (ff) & (m) ) == (f) )
...@@ -353,6 +355,8 @@ typedef struct ldapinfo_t { ...@@ -353,6 +355,8 @@ typedef struct ldapinfo_t {
#define LDAP_BACK_ST_RESPONSE(li) LDAP_BACK_ISSET( (li), LDAP_BACK_F_ST_RESPONSE) #define LDAP_BACK_ST_RESPONSE(li) LDAP_BACK_ISSET( (li), LDAP_BACK_F_ST_RESPONSE)
#endif /* SLAP_CONTROL_X_SESSION_TRACKING */ #endif /* SLAP_CONTROL_X_SESSION_TRACKING */
#define LDAP_BACK_NOREFS(li) LDAP_BACK_ISSET( (li), LDAP_BACK_F_NOREFS)
int li_version; int li_version;
/* cached connections; /* cached connections;
......
...@@ -70,6 +70,8 @@ enum { ...@@ -70,6 +70,8 @@ enum {
LDAP_BACK_CFG_CANCEL, LDAP_BACK_CFG_CANCEL,
LDAP_BACK_CFG_QUARANTINE, LDAP_BACK_CFG_QUARANTINE,
LDAP_BACK_CFG_ST_REQUEST, LDAP_BACK_CFG_ST_REQUEST,
LDAP_BACK_CFG_NOREFS,
LDAP_BACK_CFG_REWRITE, LDAP_BACK_CFG_REWRITE,
LDAP_BACK_CFG_LAST LDAP_BACK_CFG_LAST
...@@ -306,6 +308,14 @@ static ConfigTable ldapcfg[] = { ...@@ -306,6 +308,14 @@ static ConfigTable ldapcfg[] = {
"SINGLE-VALUE )", "SINGLE-VALUE )",
NULL, NULL }, NULL, NULL },
#endif /* SLAP_CONTROL_X_SESSION_TRACKING */ #endif /* SLAP_CONTROL_X_SESSION_TRACKING */
{ "norefs", "true|FALSE", 2, 2, 0,
ARG_MAGIC|ARG_ON_OFF|LDAP_BACK_CFG_NOREFS,
ldap_back_cf_gen, "( OLcfgDbAt:3.25 "
"NAME 'olcDbNorefs' "
"DESC 'Do not return search reference responses' "
"SYNTAX OMsBoolean "
"SINGLE-VALUE )",
NULL, NULL },
{ "suffixmassage", "[virtual]> <real", 2, 3, 0, { "suffixmassage", "[virtual]> <real", 2, 3, 0,
ARG_STRING|ARG_MAGIC|LDAP_BACK_CFG_REWRITE, ARG_STRING|ARG_MAGIC|LDAP_BACK_CFG_REWRITE,
ldap_back_cf_gen, NULL, NULL, NULL }, ldap_back_cf_gen, NULL, NULL, NULL },
...@@ -345,6 +355,10 @@ static ConfigOCs ldapocs[] = { ...@@ -345,6 +355,10 @@ static ConfigOCs ldapocs[] = {
"$ olcDbQuarantine " "$ olcDbQuarantine "
"$ olcDbUseTemporaryConn " "$ olcDbUseTemporaryConn "
"$ olcDbConnectionPoolMax " "$ olcDbConnectionPoolMax "
#ifdef SLAP_CONTROL_X_SESSION_TRACKING
"$ olcDbSessionTrackingRequest "
#endif /* SLAP_CONTROL_X_SESSION_TRACKING */
"$ olcDbNorefs "
") )", ") )",
Cft_Database, ldapcfg}, Cft_Database, ldapcfg},
{ NULL, 0, NULL } { NULL, 0, NULL }
...@@ -1134,6 +1148,10 @@ ldap_back_cf_gen( ConfigArgs *c ) ...@@ -1134,6 +1148,10 @@ ldap_back_cf_gen( ConfigArgs *c )
break; break;
#endif /* SLAP_CONTROL_X_SESSION_TRACKING */ #endif /* SLAP_CONTROL_X_SESSION_TRACKING */
case LDAP_BACK_CFG_NOREFS:
c->value_int = LDAP_BACK_NOREFS( li );
break;
default: default:
/* FIXME: we need to handle all... */ /* FIXME: we need to handle all... */
assert( 0 ); assert( 0 );
...@@ -1256,6 +1274,10 @@ ldap_back_cf_gen( ConfigArgs *c ) ...@@ -1256,6 +1274,10 @@ ldap_back_cf_gen( ConfigArgs *c )
break; break;
#endif /* SLAP_CONTROL_X_SESSION_TRACKING */ #endif /* SLAP_CONTROL_X_SESSION_TRACKING */
case LDAP_BACK_CFG_NOREFS:
li->li_flags &= ~LDAP_BACK_F_NOREFS;
break;
default: default:
/* FIXME: we need to handle all... */ /* FIXME: we need to handle all... */
assert( 0 ); assert( 0 );
...@@ -1900,6 +1922,15 @@ done_url:; ...@@ -1900,6 +1922,15 @@ done_url:;
break; break;
#endif /* SLAP_CONTROL_X_SESSION_TRACKING */ #endif /* SLAP_CONTROL_X_SESSION_TRACKING */
case LDAP_BACK_CFG_NOREFS:
if ( c->value_int ) {
li->li_flags |= LDAP_BACK_F_NOREFS;
} else {
li->li_flags &= ~LDAP_BACK_F_NOREFS;
}
break;
case LDAP_BACK_CFG_REWRITE: case LDAP_BACK_CFG_REWRITE:
snprintf( c->cr_msg, sizeof( c->cr_msg ), snprintf( c->cr_msg, sizeof( c->cr_msg ),
"rewrite/remap capabilities have been moved " "rewrite/remap capabilities have been moved "
......
...@@ -363,6 +363,11 @@ retry: ...@@ -363,6 +363,11 @@ retry:
} }
} else if ( rc == LDAP_RES_SEARCH_REFERENCE ) { } else if ( rc == LDAP_RES_SEARCH_REFERENCE ) {
if ( LDAP_BACK_NOREFS( li ) ) {
ldap_msgfree( res );
continue;
}
do_retry = 0; do_retry = 0;
rc = ldap_parse_reference( lc->lc_ld, res, rc = ldap_parse_reference( lc->lc_ld, res,
&references, &rs->sr_ctrls, 1 ); &references, &rs->sr_ctrls, 1 );
......
...@@ -315,6 +315,8 @@ typedef struct metatarget_t { ...@@ -315,6 +315,8 @@ typedef struct metatarget_t {
#define META_BACK_TGT_ST_RESPONSE(mt) META_BACK_TGT_ISSET( (mt), LDAP_BACK_F_ST_RESPONSE ) #define META_BACK_TGT_ST_RESPONSE(mt) META_BACK_TGT_ISSET( (mt), LDAP_BACK_F_ST_RESPONSE )
#endif /* SLAP_CONTROL_X_SESSION_TRACKING */ #endif /* SLAP_CONTROL_X_SESSION_TRACKING */
#define META_BACK_TGT_NOREFS(mt) META_BACK_TGT_ISSET( (mt), LDAP_BACK_F_NOREFS )
int mt_version; int mt_version;
time_t mt_network_timeout; time_t mt_network_timeout;
struct timeval mt_bind_timeout; struct timeval mt_bind_timeout;
......
...@@ -1453,6 +1453,36 @@ idassert-authzFrom "dn:<rootdn>" ...@@ -1453,6 +1453,36 @@ idassert-authzFrom "dn:<rootdn>"
return 1; return 1;
} }
/* do not return search references */
} else if ( strcasecmp( argv[ 0 ], "norefs" ) == 0 ) {
unsigned *flagsp = mi->mi_ntargets ?
&mi->mi_targets[ mi->mi_ntargets - 1 ]->mt_flags
: &mi->mi_flags;
if ( argc != 2 ) {
Debug( LDAP_DEBUG_ANY,
"%s: line %d: \"norefs {TRUE|false}\" needs 1 argument.\n",
fname, lineno, 0 );
return( 1 );
}
/* this is the default; we add it because the default might change... */
switch ( check_true_false( argv[ 1 ] ) ) {
case 1:
*flagsp |= LDAP_BACK_F_NOREFS;
break;
case 0:
*flagsp &= ~LDAP_BACK_F_NOREFS;
break;
default:
Debug( LDAP_DEBUG_ANY,
"%s: line %d: \"norefs {TRUE|false}\": unknown argument \"%s\".\n",
fname, lineno, argv[ 1 ] );
return( 1 );
}
/* anything else */ /* anything else */
} else { } else {
return SLAP_CONF_UNKNOWN; return SLAP_CONF_UNKNOWN;
......
...@@ -1155,6 +1155,10 @@ really_bad:; ...@@ -1155,6 +1155,10 @@ really_bad:;
char **references = NULL; char **references = NULL;
int cnt; int cnt;
if ( META_BACK_TGT_NOREFS( mi->mi_targets[ i ] ) ) {
continue;
}
if ( candidates[ i ].sr_type == REP_INTERMEDIATE ) { if ( candidates[ i ].sr_type == REP_INTERMEDIATE ) {
/* don't retry any more... */ /* don't retry any more... */
candidates[ i ].sr_type = REP_RESULT; candidates[ i ].sr_type = REP_RESULT;
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment