Commit 3869e3b8 authored by Kurt Zeilenga's avatar Kurt Zeilenga
Browse files

Add localSSF slapd.conf(5) directive to set SSF associated

with ldapi:// sessions.
parent 0fa3715e
......@@ -512,6 +512,14 @@ continuing with the next line of the current file.
.\"only go to stderr and are not recorded anywhere else. Specifying a logfile
.\"copies messages to both stderr and the logfile.
.TP
.B localSSF <SSF>
Specifies the Security Strength Factor (SSF) to be given local LDAP sessions,
such as those to the ldapi:// listener. For a description of SSF values,
see
.BR sasl-secprops 's
.B minssf
property description.
.TP
.B loglevel <integer> [...]
Specify the level at which debugging statements and operation
statistics should be syslogged (currently logged to the
......
......@@ -191,6 +191,28 @@ read_config( const char *fname, int depth )
return( 1 );
}
/* set local security factor */
} else if ( strcasecmp( cargv[0], "localSSF" ) == 0 ) {
long ssf;
if ( cargc < 2 ) {
Debug( LDAP_DEBUG_ANY,
"%s: line %d: missing ssf in \"localSSF <ssf>\" line\n",
fname, lineno, 0 );
return( 1 );
}
ssf = atol( cargv[1] );
if( ssf < 0 ) {
Debug( LDAP_DEBUG_ANY,
"%s: line %d: invalid ssf value (%ld) in "
"\"localSSF <ssf>\" line.\n",
fname, lineno, ssf );
return( 1 );
}
local_ssf = ssf;
/* set thread concurrency */
} else if ( strcasecmp( cargv[0], "concurrency" ) == 0 ) {
int c;
......@@ -1134,7 +1156,6 @@ restrict_unknown:;
be->be_requires = requires;
}
/* required security factors */
} else if ( strcasecmp( cargv[0], "security" ) == 0 ) {
slap_ssf_set_t *set;
......
......@@ -66,6 +66,7 @@ int slap_inet4or6 = AF_INET;
/* globals */
time_t starttime;
ber_socket_t dtblsize;
slap_ssf_t local_ssf = LDAP_PVT_SASL_LOCAL_SSF;
Listener **slap_listeners = NULL;
......@@ -1467,7 +1468,7 @@ slapd_daemon_task(
}
sprintf( peername, "PATH=%s", from.sa_un_addr.sun_path );
ssf = LDAP_PVT_SASL_LOCAL_SSF;
ssf = local_ssf;
{
uid_t uid;
gid_t gid;
......
......@@ -468,6 +468,7 @@ LDAP_SLAPD_F (void) slapd_clr_read LDAP_P((ber_socket_t s, int wake));
LDAP_SLAPD_V (volatile sig_atomic_t) slapd_abrupt_shutdown;
LDAP_SLAPD_V (volatile sig_atomic_t) slapd_shutdown;
LDAP_SLAPD_V (int) slapd_register_slp;
LDAP_SLAPD_V (slap_ssf_t) local_ssf;
/*
* dn.c
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment