diff options
author | Nathan Kinder <nkinder@redhat.com> | 2006-11-06 19:33:42 +0000 |
---|---|---|
committer | Nathan Kinder <nkinder@redhat.com> | 2006-11-06 19:33:42 +0000 |
commit | 6f4bf3ed01dd5b7fba4e603b0c3f495c766d64ba (patch) | |
tree | 0788cf5db0b63684b83631f55e91e8daa48d1da6 /ldap/servers/slapd | |
parent | cd00618c33892c16160395fea526aa86e2ffc3c4 (diff) | |
download | ds-6f4bf3ed01dd5b7fba4e603b0c3f495c766d64ba.tar.gz ds-6f4bf3ed01dd5b7fba4e603b0c3f495c766d64ba.tar.xz ds-6f4bf3ed01dd5b7fba4e603b0c3f495c766d64ba.zip |
Resolves: 214238
Summary: Added new config parameter for setting the SASL plug-in path.
Diffstat (limited to 'ldap/servers/slapd')
-rw-r--r-- | ldap/servers/slapd/config.c | 13 | ||||
-rw-r--r-- | ldap/servers/slapd/libglobs.c | 40 | ||||
-rw-r--r-- | ldap/servers/slapd/main.c | 6 | ||||
-rw-r--r-- | ldap/servers/slapd/proto-slap.h | 2 | ||||
-rw-r--r-- | ldap/servers/slapd/saslbind.c | 20 | ||||
-rw-r--r-- | ldap/servers/slapd/slap.h | 2 |
6 files changed, 72 insertions, 11 deletions
diff --git a/ldap/servers/slapd/config.c b/ldap/servers/slapd/config.c index fa6961f9..4940dda9 100644 --- a/ldap/servers/slapd/config.c +++ b/ldap/servers/slapd/config.c @@ -358,6 +358,19 @@ slapd_bootstrap_config(const char *configdir) } } + /* set the sasl path; needed in main */ + workpath[0] = '\0'; + if (entry_has_attr_and_value(e, CONFIG_SASLPATH_ATTRIBUTE, + workpath, sizeof(workpath))) + { + if (config_set_saslpath(CONFIG_SASLPATH_ATTRIBUTE, + workpath, errorbuf, CONFIG_APPLY) != LDAP_SUCCESS) + { + LDAPDebug(LDAP_DEBUG_ANY, "%s: %s: %s. \n", configfile, + CONFIG_SASLPATH_ATTRIBUTE, errorbuf); + } + } + /* see if the entry is a child of the plugin base dn */ if (slapi_sdn_isparent(&plug_dn, slapi_entry_get_sdn_const(e))) diff --git a/ldap/servers/slapd/libglobs.c b/ldap/servers/slapd/libglobs.c index 4d1495c5..6af39baa 100644 --- a/ldap/servers/slapd/libglobs.c +++ b/ldap/servers/slapd/libglobs.c @@ -529,6 +529,10 @@ static struct config_get_and_set { {CONFIG_CERTDIR_ATTRIBUTE, config_set_certdir, NULL, 0, (void**)&global_slapdFrontendConfig.certdir, CONFIG_STRING, config_get_certdir}, + /* parameterizing sasl plugin path */ + {CONFIG_SASLPATH_ATTRIBUTE, config_set_saslpath, + NULL, 0, + (void**)&global_slapdFrontendConfig.saslpath, CONFIG_STRING, config_get_saslpath}, {CONFIG_REWRITE_RFC1274_ATTRIBUTE, config_set_rewrite_rfc1274, NULL, 0, (void**)&global_slapdFrontendConfig.rewrite_rfc1274, CONFIG_ON_OFF, NULL}, @@ -4305,6 +4309,42 @@ config_set_certdir(const char *attrname, char *value, char *errorbuf, int apply) return retVal; } +char * +config_get_saslpath() +{ + slapdFrontendConfig_t *slapdFrontendConfig = getFrontendConfig(); + char *retVal; + + CFG_LOCK_READ(slapdFrontendConfig); + retVal = config_copy_strval(slapdFrontendConfig->saslpath); + CFG_UNLOCK_READ(slapdFrontendConfig); + + return retVal; +} + +int +config_set_saslpath(const char *attrname, char *value, char *errorbuf, int apply) +{ + int retVal = LDAP_SUCCESS; + slapdFrontendConfig_t *slapdFrontendConfig = getFrontendConfig(); + + if ( config_value_is_null( attrname, value, errorbuf, 0 )) { + return LDAP_OPERATIONS_ERROR; + } + + if (!apply) { + return retVal; + } + + CFG_LOCK_WRITE(slapdFrontendConfig); + slapi_ch_free((void **)&slapdFrontendConfig->saslpath); + + slapdFrontendConfig->saslpath = slapi_ch_strdup(value); + + CFG_UNLOCK_WRITE(slapdFrontendConfig); + return retVal; +} + char ** config_get_errorlog_list() { diff --git a/ldap/servers/slapd/main.c b/ldap/servers/slapd/main.c index d74d6fd9..0f41080b 100644 --- a/ldap/servers/slapd/main.c +++ b/ldap/servers/slapd/main.c @@ -748,7 +748,6 @@ main( int argc, char **argv) * THE FIX: Move the two calls below before a call to * setup_internal_backends (down in this same function) */ - init_saslmechanisms(); ldapi_init_extended_ops(); @@ -777,6 +776,11 @@ main( int argc, char **argv) exit(1); } + /* We need to init sasl after we load the bootstrap config since + * the config may be setting the sasl plugin path. + */ + init_saslmechanisms(); + /* -sduloutre: must be done before any internal search */ /* do it before splitting off to other modes too -robey */ /* -richm: must be done before reading config files */ diff --git a/ldap/servers/slapd/proto-slap.h b/ldap/servers/slapd/proto-slap.h index 2b6f7d76..289de2c8 100644 --- a/ldap/servers/slapd/proto-slap.h +++ b/ldap/servers/slapd/proto-slap.h @@ -304,6 +304,7 @@ int config_set_schemadir( const char *attrname, char *value, char *errorbuf, int int config_set_lockdir( const char *attrname, char *value, char *errorbuf, int apply ); int config_set_tmpdir( const char *attrname, char *value, char *errorbuf, int apply ); int config_set_certdir( const char *attrname, char *value, char *errorbuf, int apply ); +int config_set_saslpath( const char *attrname, char *value, char *errorbuf, int apply ); int config_set_attrname_exceptions( const char *attrname, char *value, char *errorbuf, int apply ); int config_set_hash_filters( const char *attrname, char *value, char *errorbuf, int apply ); int config_set_rewrite_rfc1274( const char *attrname, char *value, char *errorbuf, int apply ); @@ -404,6 +405,7 @@ char *config_get_schemadir(); char *config_get_lockdir(); char *config_get_tmpdir(); char *config_get_certdir(); +char *config_get_saslpath(); char **config_get_errorlog_list(); char **config_get_accesslog_list(); char **config_get_auditlog_list(); diff --git a/ldap/servers/slapd/saslbind.c b/ldap/servers/slapd/saslbind.c index e521c49e..1c91fe92 100644 --- a/ldap/servers/slapd/saslbind.c +++ b/ldap/servers/slapd/saslbind.c @@ -552,15 +552,21 @@ static int ids_sasl_canon_user( } #ifdef CYRUS_SASL -#if !defined(LINUX) static int ids_sasl_getpluginpath(sasl_conn_t *conn, const char **path) { - static char *pluginpath = "../../../lib/sasl2"; + /* Try to get path from config, otherwise check for SASL_PATH environment + * variable. If neither of these are set, just default to /usr/lib/sasl2 + */ + char *pluginpath = config_get_saslpath(); + if ((!pluginpath) || (*pluginpath == '\0')) { + if (!(pluginpath = getenv("SASL_PATH"))) { + pluginpath = "/usr/lib/sasl2"; + } + } *path = pluginpath; return SASL_OK; } #endif -#endif static sasl_callback_t ids_sasl_callbacks[] = { @@ -589,18 +595,12 @@ static sasl_callback_t ids_sasl_callbacks[] = NULL }, #ifdef CYRUS_SASL - /* On Linux: we use system sasl and plugins are found in the default path - * /usr/lib/sasl2 - * On other platforms: we need to tell cyrus sasl where they are localted. - */ -#if !defined(LINUX) { SASL_CB_GETPATH, (IFP) ids_sasl_getpluginpath, NULL }, #endif -#endif { SASL_CB_LIST_END, (IFP) NULL, @@ -751,7 +751,7 @@ char **ids_sasl_listmech(Slapi_PBlock *pb) } PR_Unlock(pb->pb_conn->c_mutex); - LDAPDebug( LDAP_DEBUG_TRACE, ">= ids_sasl_listmech\n", 0, 0, 0 ); + LDAPDebug( LDAP_DEBUG_TRACE, "<= ids_sasl_listmech\n", 0, 0, 0 ); return ret; } diff --git a/ldap/servers/slapd/slap.h b/ldap/servers/slapd/slap.h index 863d19fb..a9c53de9 100644 --- a/ldap/servers/slapd/slap.h +++ b/ldap/servers/slapd/slap.h @@ -1711,6 +1711,7 @@ typedef struct _slapdEntryPoints { #define CONFIG_LOCKDIR_ATTRIBUTE "nsslapd-lockdir" #define CONFIG_TMPDIR_ATTRIBUTE "nsslapd-tmpdir" #define CONFIG_CERTDIR_ATTRIBUTE "nsslapd-certdir" +#define CONFIG_SASLPATH_ATTRIBUTE "nsslapd-saslpath" #define CONFIG_SSLCLIENTAUTH_ATTRIBUTE "nsslapd-SSLclientAuth" #define CONFIG_SSL_CHECK_HOSTNAME_ATTRIBUTE "nsslapd-ssl-check-hostname" #define CONFIG_HASH_FILTERS_ATTRIBUTE "nsslapd-hash-filters" @@ -1888,6 +1889,7 @@ typedef struct _slapdFrontendConfig { char *lockdir; /* full path name of directory containing lock files */ char *tmpdir; /* full path name of directory containing tmp files */ char *certdir; /* full path name of directory containing cert files */ + char *saslpath; /* full path name of directory containing sasl plugins */ int attrname_exceptions; /* if true, allow questionable attribute names */ int rewrite_rfc1274; /* return attrs for both v2 and v3 names */ char *schemareplace; /* see CONFIG_SCHEMAREPLACE_* #defines below */ |