[Fedora-directory-commits] ldapserver/ldap/servers/plugins/chainingdb cb.h, 1.6, 1.7 cb_conn_stateless.c, 1.9, 1.10 cb_instance.c, 1.12, 1.13
Richard Allen Megginson
rmeggins at fedoraproject.org
Tue Dec 2 15:29:32 UTC 2008
- Previous message (by thread): [Fedora-directory-commits] directoryconsole/src/com/netscape/admin/dirserv/panel BlankPanel.java, 1.2, 1.3 ChainingInstanceAuthPanel.java, 1.1.1.1, 1.2 DSEntry.java, 1.1.1.1, 1.2 NewChainingInstancePanel.java, 1.1.1.1, 1.2 NewChainingPanel.java, 1.1.1.1, 1.2
- Next message (by thread): [Fedora-directory-commits] ldapserver/ldap/servers/plugins/replication repl5_connection.c, 1.12, 1.13 windows_connection.c, 1.21, 1.22
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: rmeggins
Update of /cvs/dirsec/ldapserver/ldap/servers/plugins/chainingdb
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv1168/ldapserver/ldap/servers/plugins/chainingdb
Modified Files:
cb.h cb_conn_stateless.c cb_instance.c
Log Message:
Resolves: bug 469261
Bug Description: Support server-to-server SASL - console chaining, server cleanup
Reviewed by: nkinder (Thanks!)
Fix Description: There are two sets of diffs here. The first set adds tls, gssapi, and digest to the chaining database (aka database link) panels in the console. I had to add support for revert to some of the code to make the Reset button work without having to retrieve the values from the server each time. We already store the original values locally in the _origModel - I added code to allow the use of that in the Reset button.
The second set of diffs is for the server.
1) I had to add support for "SIMPLE" for bindMechanism - this translates to LDAP_SASL_SIMPLE for the actual mechanism. This value is NULL, so I had to add handling for NULL values in the cb config code (slapi_ch_* work fine with NULL values).
2) Added some more debugging/tracing code
3) The server to server SSL code would only work if the server were configured to be an SSL server. But for the server to be an SSL client, it only needs NSS initialized and to have the CA cert. It also needs to configured some of the SSL settings and install the correct policy. I changed the server code to do this.
Platforms tested: RHEL5
Flag Day: no
Doc impact: Yes
Index: cb.h
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/servers/plugins/chainingdb/cb.h,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- cb.h 5 Nov 2008 18:21:05 -0000 1.6
+++ cb.h 2 Dec 2008 15:29:30 -0000 1.7
@@ -168,6 +168,8 @@
#define CB_DEF_STARTTLS "off" /* CB_CONFIG_STARTTLS */
#define CB_DEF_BINDMECH LDAP_SASL_SIMPLE /* CB_CONFIG_BINDMECH */
+#define CB_SIMPLE_BINDMECH "SIMPLE" /* will be translated to LDAP_SASL_SIMPLE */
+
typedef void *cb_config_get_fn_t(void *arg);
typedef int cb_config_set_fn_t(void *arg, void *value, char *errorbuf, int phase, int apply);
typedef struct _cb_instance_config_info {
Index: cb_conn_stateless.c
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/servers/plugins/chainingdb/cb_conn_stateless.c,v
retrieving revision 1.9
retrieving revision 1.10
diff -u -r1.9 -r1.10
--- cb_conn_stateless.c 5 Nov 2008 18:21:05 -0000 1.9
+++ cb_conn_stateless.c 2 Dec 2008 15:29:30 -0000 1.10
@@ -318,15 +318,6 @@
int version=LDAP_VERSION3;
- /* check wether the security libraries are correctly initialized */
- if (secure && slapd_security_library_is_initialized() != 1) {
- slapi_log_error(
- SLAPI_LOG_FATAL, CB_PLUGIN_SUBSYSTEM,
- "SSL Not Initialized, Chaining Backend over SSL FAILED\n");
- rc = LDAP_CONNECT_ERROR;
- goto unlock_and_return;
- }
-
/*
* we have not exceeded the maximum number of connections allowed,
* so we initialize a new one and add it to the end of our list.
Index: cb_instance.c
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/servers/plugins/chainingdb/cb_instance.c,v
retrieving revision 1.12
retrieving revision 1.13
diff -u -r1.12 -r1.13
--- cb_instance.c 13 Nov 2008 23:08:17 -0000 1.12
+++ cb_instance.c 2 Dec 2008 15:29:30 -0000 1.13
@@ -1380,11 +1380,17 @@
( phase != CB_CONFIG_PHASE_STARTUP )) {
/* Dynamic modif */
- charray_add(&inst->pool->waste_basket,inst->pool->mech);
+ if (inst->pool->mech) {
+ charray_add(&inst->pool->waste_basket,inst->pool->mech);
+ }
rc=CB_REOPEN_CONN;
}
- inst->pool->mech=slapi_ch_strdup((char *) value);
+ if (value && !PL_strcasecmp((char *) value, CB_SIMPLE_BINDMECH)) {
+ inst->pool->mech=slapi_ch_strdup(LDAP_SASL_SIMPLE);
+ } else {
+ inst->pool->mech=slapi_ch_strdup((char *) value);
+ }
PR_RWLock_Unlock(inst->rwl_config_lock);
}
return rc;
@@ -1513,8 +1519,12 @@
/* Remember the get function for strings returns memory
* that must be freed. */
tmp_string = (char *) config->config_get_fn(arg);
- PR_snprintf(buf, CB_BUFSIZE, "%s", (char *) tmp_string);
- slapi_ch_free((void **)&tmp_string);
+ if (tmp_string) {
+ PR_snprintf(buf, CB_BUFSIZE, "%s", (char *) tmp_string);
+ slapi_ch_free_string(&tmp_string);
+ } else {
+ buf[0] = '\0';
+ }
break;
case CB_CONFIG_TYPE_ONOFF:
if ((int) ((uintptr_t)config->config_get_fn(arg))) {
@@ -1606,8 +1616,11 @@
val.bv_val = buf;
val.bv_len = strlen(buf);
- if (val.bv_len)
- slapi_entry_attr_replace(e, config->config_name, vals);
+ if (val.bv_len) {
+ slapi_entry_attr_replace(e, config->config_name, vals);
+ } else {
+ slapi_entry_attr_delete(e, config->config_name);
+ }
}
*returncode = LDAP_SUCCESS;
- Previous message (by thread): [Fedora-directory-commits] directoryconsole/src/com/netscape/admin/dirserv/panel BlankPanel.java, 1.2, 1.3 ChainingInstanceAuthPanel.java, 1.1.1.1, 1.2 DSEntry.java, 1.1.1.1, 1.2 NewChainingInstancePanel.java, 1.1.1.1, 1.2 NewChainingPanel.java, 1.1.1.1, 1.2
- Next message (by thread): [Fedora-directory-commits] ldapserver/ldap/servers/plugins/replication repl5_connection.c, 1.12, 1.13 windows_connection.c, 1.21, 1.22
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the Fedora-directory-commits
mailing list