TLS fixes, man page updates, and updated NIS schema validators.
.SH DESCRIPTION
These routines allow LDAP entry names (Distinguished Names, or DNs)
to be obtained, parsed, converted to a user-friendly form, and tested.
-A DN has the form described in RFC 1779 "A String Representation of
-Distinguished Names", unless it is an experimental DNS-style DN
-which takes the form of an RFC 822 mail address.
+A DN has the form described in
+RFC 2253 "Lightweight Directory Access Protocol (v3):
+UTF-8 String Representation of Distinguished Names".
.LP
The
.B ldap_get_dn()
int code;
.SH DESCRIPTION
These routines are used to parse schema definitions in the syntax
-defined in RFC2252 into structs and handle these structs. These
+defined in RFC 2252 into structs and handle these structs. These
routines handle four kinds of definitions: syntaxes, matching rules,
attribute types and objectclasses. For each definition kind, four
routines are provided.
.LP
.B ldap_str2xxx()
-takes a definition in RFC2252 format in argument
+takes a definition in RFC 2252 format in argument
.IR s
as a NUL-terminated string and returns, if possible, a pointer to a
newly allocated struct of the appropriate kind. The caller is
syntax recognized. The following values are defined:
.TP
.B LDAP_SCHEMA_ALLOW_NONE
-strict parsing according to RFC2252.
+strict parsing according to RFC 2252.
.TP
.B LDAP_SCHEMA_ALLOW_NO_OID
permit definitions that do not contain an initial OID.
.LP
Routines
.B ldap_xxx2str()
-return a string representation in the format described by RFC2252 of
+return a string representation in the format described by RFC 2252 of
the struct passed in the argument. The string is a newly allocated
string that must be freed by the caller. These routines may return
NULL if no memory can be allocated for the string.
.LP
The '~=' construct is used to specify approximate matching. The
representation for <attributetype> and <attributevalue> are as
-described in RFC
1778. In addition, <attributevalue> can be a single *
+described in RFC
2254. In addition, <attributevalue> can be a single *
to achieve an attribute existence test, or can contain text and *'s
interspersed to achieve substring matching.
.LP
attribute. The filter "mail=*@terminator.rs.itd.umich.edu" will find
any entries that have a mail attribute ending in the specified string.
To put parentheses in a filter, escape them with a backslash '\\'
-character. See RFC 1588 for a more complete description of allowable
+character. See RFC 2254 for a more complete description of allowable
filters. See
.BR ldap_getfilter (3)
for routines to help in constructing search filters automatically.
Name=<Label of your choice>
Type=1
Port=7777
- Path=1<optional RFC 1779-format DN at which to start browsing>
+ Path=1<optional RFC 2253-format DN at which to start browsing>
Host=<host.running.go500gw.here>
.ft
.fi
LDAP_F (int) ldap_url_parsehosts LDAP_P((
LDAPURLDesc **ludlist,
- const char *hosts ));
+ const char *hosts,
+ int port ));
LDAP_F (char *) ldap_url_list2hosts LDAP_P((
LDAPURLDesc *ludlist ));
Debug( LDAP_DEBUG_TRACE, "ldap_int_open_connection\n", 0, 0, 0 );
- port = srv->lud_port;
- if (port == 0)
- port = ld->ld_options.ldo_defport;
- port = htons( (short) port );
-
- addr = 0;
- if ( srv->lud_host == NULL || *srv->lud_host == 0 )
- addr = htonl( INADDR_LOOPBACK );
-
switch ( ldap_pvt_url_scheme2proto( srv->lud_scheme ) ) {
case LDAP_PROTO_TCP:
+ port = htons( (short) srv->lud_port );
+
+ addr = 0;
+ if ( srv->lud_host == NULL || *srv->lud_host == 0 )
+ addr = htonl( INADDR_LOOPBACK );
+
rc = ldap_connect_to_host( ld, conn->lconn_sb, 0,
srv->lud_host, addr, port, async );
+
if ( rc == -1 ) return rc;
ber_sockbuf_add_io( conn->lconn_sb, &ber_sockbuf_io_tcp,
LBER_SBIOD_LEVEL_PROVIDER, NULL );
{
rc = ldap_pvt_tls_start( ld, conn->lconn_sb,
ld->ld_options.ldo_tls_ctx );
- if (rc != LDAP_SUCCESS)
- return rc;
+
+ if (rc != LDAP_SUCCESS) {
+ return -1;
+ }
}
#endif
int rc = LDAP_OPT_SUCCESS;
if(host != NULL) {
- rc = ldap_url_parsehosts(&ludlist, host);
+ rc = ldap_url_parsehosts( &ludlist, host,
+ lo->ldo_defport ? lo->ldo_defport : LDAP_PORT );
} else if(ld == NULL) {
/*
if ( tls_opt_trace ) {
SSL_CTX_set_info_callback( tls_def_ctx, tls_info_cb );
}
- SSL_CTX_set_verify( tls_def_ctx, (tls_opt_require_cert) ?
+ SSL_CTX_set_verify( tls_def_ctx,
+ tls_opt_require_cert ?
(SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT) :
- SSL_VERIFY_PEER, tls_verify_cb );
+ SSL_VERIFY_NONE,
+ tls_verify_cb );
SSL_CTX_set_tmp_rsa_callback( tls_def_ctx, tls_tmp_rsa_cb );
/* SSL_CTX_set_tmp_dh_callback( tls_def_ctx, tls_tmp_dh_cb ); */
}
ludp->lud_next = NULL;
ludp->lud_host = NULL;
- ludp->lud_port = 0;
+ ludp->lud_port = LDAP_PORT;
ludp->lud_dn = NULL;
ludp->lud_attrs = NULL;
ludp->lud_filter = NULL;
return LDAP_URL_ERR_MEM;
}
+ if( strcasecmp( ludp->lud_scheme, "ldaps" ) == 0 ) {
+ ludp->lud_port = LDAPS_PORT;
+ }
+
/* scan forward for '/' that marks end of hostport and begin. of dn */
p = strchr( url, '/' );
}
int
-ldap_url_parsehosts (LDAPURLDesc **ludlist, const char *hosts )
+ldap_url_parsehosts(
+ LDAPURLDesc **ludlist,
+ const char *hosts,
+ int port )
{
int i;
LDAPURLDesc *ludp;
*ludlist = NULL;
return LDAP_NO_MEMORY;
}
+ ludp->lud_port = port;
ludp->lud_host = specs[i];
specs[i] = NULL;
p = strchr(ludp->lud_host, ':');
#include "ldap_pvt.h"
#include "slap.h"
-#define MAXARGS 128
+#define MAXARGS 200
/*
* defaults for various global variables
if( conn->c_conn_state == SLAP_C_CLOSING ) {
ber_socket_t sd;
-
ber_sockbuf_ctrl( conn->c_sb, LBER_SB_OPT_GET_FD, &sd );
+
Debug( LDAP_DEBUG_TRACE,
- "connection_resched: attempting closing conn=%ld sd=%d\n",
+ "connection_resched: reaquiring locks conn=%ld sd=%d\n",
conn->c_connid, sd, 0 );
+ /* reaquire locks in the right order... this may
+ * allow another thread to close this connection,
+ * so recheck state
+ */
+ ldap_pvt_thread_mutex_unlock( &conn->c_mutex );
ldap_pvt_thread_mutex_lock( &connections_mutex );
- connection_close( conn );
+ ldap_pvt_thread_mutex_lock( &conn->c_mutex );
+
+ if( conn->c_conn_state != SLAP_C_CLOSING ) {
+ Debug( LDAP_DEBUG_TRACE,
+ "connection_resched: closed by other thread conn=%ld sd=%d\n",
+ conn->c_connid, sd, 0 );
+
+ } else {
+ Debug( LDAP_DEBUG_TRACE,
+ "connection_resched: attempting closing conn=%ld sd=%d\n",
+ conn->c_connid, sd, 0 );
+
+ connection_close( conn );
+ }
+
ldap_pvt_thread_mutex_unlock( &connections_mutex );
return 0;
}
/* recycled validatation routines */
#define berValidate blobValidate
-#define nisNetgroupTripleValidate printableStringValidate
-#define bootParameterValidate printableStringValidate
/* unimplemented validators */
#define bitStringValidate NULL
return LDAP_SUCCESS;
}
+static int
+nisNetgroupTripleValidate(
+ Syntax *syntax,
+ struct berval *val )
+{
+ char *p, *e;
+ int commas = 0;
+
+ if ( val->bv_len == 0 ) {
+ return LDAP_INVALID_SYNTAX;
+ }
+
+ p = (char *)val->bv_val;
+ e = p + val->bv_len;
+
+#if 0
+ /* syntax does not allow leading white space */
+ /* Ignore initial whitespace */
+ while ( ( p < e ) && ASCII_SPACE( *p ) ) {
+ p++;
+ }
+#endif
+
+ if ( *p != '(' /*')'*/ ) {
+ return LDAP_INVALID_SYNTAX;
+ }
+
+ for ( p++; ( p < e ) && ( *p != ')' ); p++ ) {
+ if ( *p == ',' ) {
+ commas++;
+ if ( commas > 2 ) {
+ return LDAP_INVALID_SYNTAX;
+ }
+
+ } else if ( !ATTR_CHAR( *p ) ) {
+ return LDAP_INVALID_SYNTAX;
+ }
+ }
+
+ if ( ( commas != 2 ) || ( *p != /*'('*/ ')' ) ) {
+ return LDAP_INVALID_SYNTAX;
+ }
+
+ p++;
+
+#if 0
+ /* syntax does not allow trailing white space */
+ /* Ignore trailing whitespace */
+ while ( ( p < e ) && ASCII_SPACE( *p ) ) {
+ p++;
+ }
+#endif
+
+ if (p != e) {
+ return LDAP_INVALID_SYNTAX;
+ }
+
+ return LDAP_SUCCESS;
+}
+
+static int
+bootParameterValidate(
+ Syntax *syntax,
+ struct berval *val )
+{
+ char *p, *e;
+
+ if ( val->bv_len == 0 ) {
+ return LDAP_INVALID_SYNTAX;
+ }
+
+ p = (char *)val->bv_val;
+ e = p + val->bv_len;
+
+ /* key */
+ for (; ( p < e ) && ( *p != '=' ); p++ ) {
+ if ( !ATTR_CHAR( *p ) ) {
+ return LDAP_INVALID_SYNTAX;
+ }
+ }
+
+ if ( *p != '=' ) {
+ return LDAP_INVALID_SYNTAX;
+ }
+
+ /* server */
+ for ( p++; ( p < e ) && ( *p != ':' ); p++ ) {
+ if ( !ATTR_CHAR( *p ) ) {
+ return LDAP_INVALID_SYNTAX;
+ }
+ }
+
+ if ( *p != ':' ) {
+ return LDAP_INVALID_SYNTAX;
+ }
+
+ /* path */
+ for ( p++; p < e; p++ ) {
+ if ( !ATTR_CHAR( *p ) ) {
+ return LDAP_INVALID_SYNTAX;
+ }
+ }
+
+ return LDAP_SUCCESS;
+}
+
struct syntax_defs_rec {
char *sd_desc;
int sd_flags;
projects / thirdparty / openldap.git / commitdiff
