mirror/openldap
2
0
Fork 0
mirror of https://git.openldap.org/openldap/openldap.git synced 2025-02-23 14:09:39 +08:00
Code Issues Packages Projects Releases Wiki Activity

Only enable verifycredentials if libldap does

Browse Source
This commit is contained in:
Ondřej Kuzník 2017-05-23 10:04:10 +01:00 committed by Ondřej Kuzník
parent 1dfeca3539
commit 1082486874
5 changed files with 29 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
servers/lloadd/backend.c
View File

@ -121,8 +121,11 @@ backend_select( Operation *op )
continue;
}
if ( op->o_tag == LDAP_REQ_BIND &&
!(lload_features & LLOAD_FEATURE_VC) ) {
if ( op->o_tag == LDAP_REQ_BIND
#ifdef LDAP_API_FEATURE_VERIFY_CREDENTIALS
&& !(lload_features & LLOAD_FEATURE_VC)
#endif /* LDAP_API_FEATURE_VERIFY_CREDENTIALS */
) {
head = &b->b_bindconns;
} else {
head = &b->b_conns;
@ -181,7 +184,10 @@ backend_retry( Backend *b )
ldap_pvt_thread_mutex_lock( &b->b_mutex );
requested = b->b_numconns;
if ( !(lload_features & LLOAD_FEATURE_VC) ) {
#ifdef LDAP_API_FEATURE_VERIFY_CREDENTIALS
if ( !(lload_features & LLOAD_FEATURE_VC) )
#endif /* LDAP_API_FEATURE_VERIFY_CREDENTIALS */
{
requested += b->b_numbindconns;
}
if ( b->b_active + b->b_bindavail + b->b_opening < requested ) {

8
servers/lloadd/bind.c
View File

@ -116,6 +116,7 @@ fail:
return 1;
}
#ifdef LDAP_API_FEATURE_VERIFY_CREDENTIALS
/*
* On entering the function, we've put a reference on both connections and hold
* upstream's c_io_mutex.
@ -245,6 +246,7 @@ fail:
operation_send_reject( op, result, msg, 1 );
return 1;
}
#endif /* LDAP_API_FEATURE_VERIFY_CREDENTIALS */
void
client_reset( Connection *c )
@ -329,9 +331,13 @@ client_bind( Connection *client, Operation *op )
op->o_upstream = upstream;
op->o_upstream_connid = upstream->c_connid;
#ifdef LDAP_API_FEATURE_VERIFY_CREDENTIALS
if ( lload_features & LLOAD_FEATURE_VC ) {
rc = request_bind_as_vc( op );
} else {
} else
#endif /* LDAP_API_FEATURE_VERIFY_CREDENTIALS */
{
rc = request_bind( op );
}

2
servers/lloadd/config.c
View File

@ -1058,7 +1058,9 @@ static int
config_feature( ConfigArgs *c )
{
slap_verbmasks features[] = {
#ifdef LDAP_API_FEATURE_VERIFY_CREDENTIALS
{ BER_BVC("vc"), LLOAD_FEATURE_VC },
#endif /* LDAP_API_FEATURE_VERIFY_CREDENTIALS */
{ BER_BVC("proxyauthz"), LLOAD_FEATURE_PROXYAUTHZ },
{ BER_BVNULL, 0 }
};

2
servers/lloadd/slap.h
View File

@ -232,7 +232,9 @@ typedef struct config_reply_s ConfigReply; /* config.h */
typedef struct Listener Listener;
typedef enum {
#ifdef LDAP_API_FEATURE_VERIFY_CREDENTIALS
LLOAD_FEATURE_VC = 1 << 0,
#endif /* LDAP_API_FEATURE_VERIFY_CREDENTIALS */
LLOAD_FEATURE_PROXYAUTHZ = 1 << 1,
} lload_features_t;

11
servers/lloadd/upstream.c
View File

@ -140,6 +140,7 @@ done:
return forward_final_response( op, ber );
}
#ifdef LDAP_API_FEATURE_VERIFY_CREDENTIALS
static int
handle_vc_bind_response( Operation *op, BerElement *ber )
{
@ -259,6 +260,7 @@ done:
ber_free( ber, 1 );
return rc;
}
#endif /* LDAP_API_FEATURE_VERIFY_CREDENTIALS */
static int
handle_unsolicited( Connection *c, BerElement *ber )
@ -358,9 +360,11 @@ handle_one_response( Connection *c )
handler = handle_bind_response;
break;
case LDAP_RES_EXTENDED:
#ifdef LDAP_API_FEATURE_VERIFY_CREDENTIALS
if ( op->o_tag == LDAP_REQ_BIND ) {
handler = handle_vc_bind_response;
}
#endif /* LDAP_API_FEATURE_VERIFY_CREDENTIALS */
break;
}
if ( !handler ) {
@ -827,8 +831,11 @@ upstream_init( ber_socket_t s, Backend *b )
* connection into the bind conn pool. Start off by allocating one for
* general use, then one for binds, then we start filling up the general
* connection pool, finally the bind pool */
if ( !(lload_features & LLOAD_FEATURE_VC) && b->b_active &&
b->b_numbindconns ) {
if (
#ifdef LDAP_API_FEATURE_VERIFY_CREDENTIALS
!(lload_features & LLOAD_FEATURE_VC) &&
#endif /* LDAP_API_FEATURE_VERIFY_CREDENTIALS */
b->b_active && b->b_numbindconns ) {
if ( !b->b_bindavail ) {
is_bindconn = 1;
} else if ( b->b_active >= b->b_numconns &&