From e98a1c774a0018352d7d44ad7a1d5d4abd19b5a6 Mon Sep 17 00:00:00 2001
From: Mark Reynolds <mreynolds@redhat.com>
Date: Mon, 7 Jan 2013 16:50:52 -0500
Subject: [PATCH] Ticket 534 - Add SASL mappings fallback

Bug Description:  IPA team requested that the fallback feature be configurable.

Fix Description:  Added new config setting under cn=config to turn feature "on",
                  the default is "off".

https://fedorahosted.org/389/ticket/534

Reviewed by: ?
---
 ldap/ldif/template-dse.ldif.in  |    1 +
 ldap/schema/01core389.ldif      |    1 +
 ldap/servers/slapd/libglobs.c   |   31 ++++++++++++++++++++++++++++++-
 ldap/servers/slapd/proto-slap.h |    2 ++
 ldap/servers/slapd/saslbind.c   |    3 ++-
 ldap/servers/slapd/slap.h       |    2 ++
 6 files changed, 38 insertions(+), 2 deletions(-)

diff --git a/ldap/ldif/template-dse.ldif.in b/ldap/ldif/template-dse.ldif.in
index e7837a7..b854c47 100644
--- a/ldap/ldif/template-dse.ldif.in
+++ b/ldap/ldif/template-dse.ldif.in
@@ -57,6 +57,7 @@ nsslapd-rootpw: %ds_passwd%
 nsslapd-maxdescriptors: 1024
 nsslapd-max-filter-nest-level: 40
 nsslapd-ndn-cache-enabled: off
+nsslapd-sasl-mapping-fallback: off
 
 dn: cn=features,cn=config
 objectclass: top
diff --git a/ldap/schema/01core389.ldif b/ldap/schema/01core389.ldif
index d22edaa..8a245de 100644
--- a/ldap/schema/01core389.ldif
+++ b/ldap/schema/01core389.ldif
@@ -140,6 +140,7 @@ attributeTypes: ( 2.16.840.1.113730.3.1.2136 NAME 'nsds5ReplicaCleanRUVNotified'
 attributeTypes: ( 2.16.840.1.113730.3.1.2137 NAME 'nsds5ReplicaAbortCleanRUV' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Directory Server' )
 attributeTypes: ( 2.16.840.1.113730.3.1.2111 NAME 'tombstoneNumSubordinates' DESC 'count of immediate subordinates for tombstone entries' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation X-ORIGIN '389 directory server' )
 attributeTypes: ( 2.16.840.1.113730.3.1.2138 NAME 'nsslapd-readonly' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )
+attributeTypes: ( 2.16.840.1.113730.3.1.2142 NAME 'nsslapd-sasl-mapping-fallback' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )
 #
 # objectclasses
 #
diff --git a/ldap/servers/slapd/libglobs.c b/ldap/servers/slapd/libglobs.c
index 3fcd8c9..1a414ed 100644
--- a/ldap/servers/slapd/libglobs.c
+++ b/ldap/servers/slapd/libglobs.c
@@ -251,6 +251,7 @@ int init_disk_monitoring;
 int init_disk_logging_critical;
 int init_disk_preserve_logging;
 int init_ndn_cache_enabled;
+int init_sasl_mapping_fallback;
 #ifdef MEMPOOL_EXPERIMENTAL
 int init_mempool_switch;
 #endif
@@ -427,6 +428,11 @@ static struct config_get_and_set {
 		NULL, 0,
 		(void**)&global_slapdFrontendConfig.readonly,
 		CONFIG_ON_OFF, NULL, &init_readonly},
+	{CONFIG_SASL_MAPPING_FALLBACK, config_set_sasl_mapping_fallback,
+		NULL, 0,
+		(void**)&global_slapdFrontendConfig.sasl_mapping_fallback,
+		CONFIG_ON_OFF, (ConfigGetFunc)config_get_sasl_mapping_fallback,
+		&init_sasl_mapping_fallback},
 	{CONFIG_THREADNUMBER_ATTRIBUTE, config_set_threadnumber,
 		NULL, 0,
 		(void**)&global_slapdFrontendConfig.threadnumber,
@@ -1441,6 +1447,8 @@ FrontendConfig_init () {
   init_ndn_cache_enabled = cfg->ndn_cache_enabled = LDAP_OFF;
   cfg->ndn_cache_max_size = NDN_DEFAULT_SIZE;
   cfg->ignore_vattrs = slapi_counter_new();
+  cfg->sasl_mapping_fallback = slapi_counter_new();
+  init_sasl_mapping_fallback = LDAP_OFF;
 
 #ifdef MEMPOOL_EXPERIMENTAL
   init_mempool_switch = cfg->mempool_switch = LDAP_ON;
@@ -1581,6 +1589,20 @@ config_set_ignore_vattrs (const char *attrname, char *value, char *errorbuf, int
 }
 
 int
+config_set_sasl_mapping_fallback (const char *attrname, char *value, char *errorbuf, int apply )
+{
+    slapdFrontendConfig_t *slapdFrontendConfig = getFrontendConfig();
+    int retVal = LDAP_SUCCESS;
+    int val;
+
+    retVal = config_set_onoff ( attrname, value, &val, errorbuf, apply);
+    if(retVal == LDAP_SUCCESS){
+        slapi_counter_set_value(slapdFrontendConfig->sasl_mapping_fallback, val);
+    }
+    return retVal;
+}
+
+int
 config_set_disk_monitoring( const char *attrname, char *value, char *errorbuf, int apply )
 {
     slapdFrontendConfig_t *slapdFrontendConfig = getFrontendConfig();
@@ -3129,7 +3151,6 @@ config_set_readonly( const char *attrname, char *value, char *errorbuf, int appl
   return retVal;
 }
 
-
 int
 config_set_schemacheck( const char *attrname, char *value, char *errorbuf, int apply ) {
   int retVal = LDAP_SUCCESS;
@@ -4155,6 +4176,14 @@ config_get_ignore_vattrs()
 }
 
 int
+config_get_sasl_mapping_fallback()
+{
+    slapdFrontendConfig_t *slapdFrontendConfig = getFrontendConfig();
+
+    return slapi_counter_get_value(slapdFrontendConfig->sasl_mapping_fallback);
+}
+
+int
 config_get_disk_monitoring(){
     slapdFrontendConfig_t *slapdFrontendConfig = getFrontendConfig();
     int retVal;
diff --git a/ldap/servers/slapd/proto-slap.h b/ldap/servers/slapd/proto-slap.h
index 778b916..169feb3 100644
--- a/ldap/servers/slapd/proto-slap.h
+++ b/ldap/servers/slapd/proto-slap.h
@@ -556,6 +556,8 @@ int config_set_allowed_sasl_mechs(const char *attrname, char *value, char *error
 int config_get_schemamod();
 int config_set_ignore_vattrs(const char *attrname, char *value, char *errorbuf, int apply);
 int config_get_ignore_vattrs();
+int config_set_sasl_mapping_fallback(const char *attrname, char *value, char *errorbuf, int apply);
+int config_get_sasl_mapping_fallback();
 
 PLHashNumber hashNocaseString(const void *key);
 PRIntn hashNocaseCompare(const void *v1, const void *v2);
diff --git a/ldap/servers/slapd/saslbind.c b/ldap/servers/slapd/saslbind.c
index 6181474..78031dc 100644
--- a/ldap/servers/slapd/saslbind.c
+++ b/ldap/servers/slapd/saslbind.c
@@ -377,7 +377,8 @@ static Slapi_Entry *ids_sasl_user_to_entry(
                 break;
             }
         }
-        if(map == NULL){
+        /* break if the next map is NULL, or we are not checking all the mappings */
+        if(map == NULL || !config_get_sasl_mapping_fallback()){
             break;
         }
     }
diff --git a/ldap/servers/slapd/slap.h b/ldap/servers/slapd/slap.h
index edb75b7..669c059 100644
--- a/ldap/servers/slapd/slap.h
+++ b/ldap/servers/slapd/slap.h
@@ -2054,6 +2054,7 @@ typedef struct _slapdEntryPoints {
 #define CONFIG_NDN_CACHE_SIZE "nsslapd-ndn-cache-max-size"
 #define CONFIG_ALLOWED_SASL_MECHS "nsslapd-allowed-sasl-mechanisms"
 #define CONFIG_IGNORE_VATTRS "nsslapd-ignore-virtual-attrs"
+#define CONFIG_SASL_MAPPING_FALLBACK "nsslapd-sasl-mapping-fallback"
 
 #ifdef MEMPOOL_EXPERIMENTAL
 #define CONFIG_MEMPOOL_SWITCH_ATTRIBUTE "nsslapd-mempool"
@@ -2279,6 +2280,7 @@ typedef struct _slapdFrontendConfig {
 
   /* atomic settings */
   Slapi_Counter *ignore_vattrs;
+  Slapi_Counter *sasl_mapping_fallback;
 } slapdFrontendConfig_t;
 
 /* possible values for slapdFrontendConfig_t.schemareplace */
-- 
1.7.1