mirror of
https://git.openldap.org/openldap/openldap.git
synced 2024-12-21 03:10:25 +08:00
Consolidate a few more init calls into slap_init(). Fixes ITS#3962,
unintentional changed default of TLSVerifyClient.
This commit is contained in:
parent
cc51385939
commit
975de9aa5b
@ -92,6 +92,8 @@ slap_init( int mode, const char *name )
|
||||
assert( mode );
|
||||
|
||||
if ( slapMode != SLAP_UNDEFINED_MODE ) {
|
||||
/* Make sure we write something to stderr */
|
||||
ldap_debug |= 1;
|
||||
Debug( LDAP_DEBUG_ANY,
|
||||
"%s init: init called twice (old=%d, new=%d)\n",
|
||||
name, slapMode, mode );
|
||||
@ -101,6 +103,25 @@ slap_init( int mode, const char *name )
|
||||
|
||||
slapMode = mode;
|
||||
|
||||
#ifdef SLAPD_MODULES
|
||||
if ( module_init() != 0 ) {
|
||||
ldap_debug |= 1;
|
||||
Debug( LDAP_DEBUG_ANY,
|
||||
"%s: module_init failed\n",
|
||||
name, 0, 0 );
|
||||
return 1;
|
||||
}
|
||||
#endif
|
||||
|
||||
if ( slap_schema_init( ) != 0 ) {
|
||||
ldap_debug |= 1;
|
||||
Debug( LDAP_DEBUG_ANY,
|
||||
"%s: slap_schema_init failed\n",
|
||||
name, 0, 0 );
|
||||
return 1;
|
||||
}
|
||||
|
||||
|
||||
switch ( slapMode & SLAP_MODE ) {
|
||||
case SLAP_SERVER_MODE:
|
||||
ldap_pvt_thread_pool_init( &connection_pool,
|
||||
@ -153,6 +174,7 @@ slap_init( int mode, const char *name )
|
||||
break;
|
||||
|
||||
default:
|
||||
ldap_debug |= 1;
|
||||
Debug( LDAP_DEBUG_ANY,
|
||||
"%s init: undefined mode (%d).\n", name, mode, 0 );
|
||||
|
||||
@ -160,6 +182,49 @@ slap_init( int mode, const char *name )
|
||||
break;
|
||||
}
|
||||
|
||||
if ( slap_controls_init( ) != 0 ) {
|
||||
ldap_debug |= 1;
|
||||
Debug( LDAP_DEBUG_ANY,
|
||||
"%s: slap_controls_init failed\n",
|
||||
name, 0, 0 );
|
||||
return 1;
|
||||
}
|
||||
|
||||
#ifdef HAVE_TLS
|
||||
/* Library defaults to full certificate checking. This is correct when
|
||||
* a client is verifying a server because all servers should have a
|
||||
* valid cert. But few clients have valid certs, so we want our default
|
||||
* to be no checking. The config file can override this as usual.
|
||||
*/
|
||||
rc = 0;
|
||||
(void) ldap_pvt_tls_set_option( NULL, LDAP_OPT_X_TLS_REQUIRE_CERT, &rc );
|
||||
#endif
|
||||
|
||||
if ( frontend_init() ) {
|
||||
ldap_debug |= 1;
|
||||
Debug( LDAP_DEBUG_ANY,
|
||||
"%s: frontend_init failed\n",
|
||||
name, 0, 0 );
|
||||
return 1;
|
||||
}
|
||||
|
||||
if ( overlay_init() ) {
|
||||
ldap_debug |= 1;
|
||||
Debug( LDAP_DEBUG_ANY,
|
||||
"%s: overlay_init failed\n",
|
||||
name, 0, 0 );
|
||||
return 1;
|
||||
}
|
||||
|
||||
#ifdef SLAP_DYNACL
|
||||
if ( acl_init() ) {
|
||||
ldap_debug |= 1;
|
||||
Debug( LDAP_DEBUG_ANY,
|
||||
"%s: acl_init failed\n",
|
||||
name, 0, 0 );
|
||||
return 1;
|
||||
}
|
||||
#endif /* SLAP_DYNACL */
|
||||
return rc;
|
||||
}
|
||||
|
||||
|
@ -604,60 +604,12 @@ unhandled_option:;
|
||||
lutil_passwd_init();
|
||||
slap_op_init();
|
||||
|
||||
#ifdef SLAPD_MODULES
|
||||
if ( module_init() != 0 ) {
|
||||
rc = 1;
|
||||
SERVICE_EXIT( ERROR_SERVICE_SPECIFIC_ERROR, 17 );
|
||||
goto destroy;
|
||||
}
|
||||
#endif
|
||||
|
||||
if ( slap_schema_init( ) != 0 ) {
|
||||
Debug( LDAP_DEBUG_ANY,
|
||||
"schema initialization error\n",
|
||||
0, 0, 0 );
|
||||
|
||||
goto destroy;
|
||||
}
|
||||
|
||||
if ( slap_init( serverMode, serverName ) != 0 ) {
|
||||
rc = 1;
|
||||
rc = slap_init( serverMode, serverName );
|
||||
if ( rc ) {
|
||||
SERVICE_EXIT( ERROR_SERVICE_SPECIFIC_ERROR, 18 );
|
||||
goto destroy;
|
||||
}
|
||||
|
||||
if ( slap_controls_init( ) != 0 ) {
|
||||
Debug( LDAP_DEBUG_ANY,
|
||||
"controls initialization error\n",
|
||||
0, 0, 0 );
|
||||
|
||||
goto destroy;
|
||||
}
|
||||
|
||||
#ifdef HAVE_TLS
|
||||
/* Library defaults to full certificate checking. This is correct when
|
||||
* a client is verifying a server because all servers should have a
|
||||
* valid cert. But few clients have valid certs, so we want our default
|
||||
* to be no checking. The config file can override this as usual.
|
||||
*/
|
||||
rc = 0;
|
||||
(void) ldap_pvt_tls_set_option( NULL, LDAP_OPT_X_TLS_REQUIRE_CERT, &rc );
|
||||
#endif
|
||||
|
||||
if ( frontend_init() ) {
|
||||
goto destroy;
|
||||
}
|
||||
|
||||
if ( overlay_init() ) {
|
||||
goto destroy;
|
||||
}
|
||||
|
||||
#ifdef SLAP_DYNACL
|
||||
if ( acl_init() ) {
|
||||
goto destroy;
|
||||
}
|
||||
#endif /* SLAP_DYNACL */
|
||||
|
||||
if ( read_config( configfile, configdir ) != 0 ) {
|
||||
rc = 1;
|
||||
SERVICE_EXIT( ERROR_SERVICE_SPECIFIC_ERROR, 19 );
|
||||
|
@ -393,44 +393,12 @@ slap_tool_init(
|
||||
* initialize stuff and figure out which backend we're dealing with
|
||||
*/
|
||||
|
||||
#ifdef SLAPD_MODULES
|
||||
if ( module_init() != 0 ) {
|
||||
fprintf( stderr, "%s: module_init failed!\n", progname );
|
||||
exit( EXIT_FAILURE );
|
||||
}
|
||||
#endif
|
||||
|
||||
rc = slap_schema_init();
|
||||
|
||||
if ( rc != 0 ) {
|
||||
fprintf( stderr, "%s: slap_schema_init failed!\n", progname );
|
||||
exit( EXIT_FAILURE );
|
||||
}
|
||||
|
||||
rc = slap_init( mode, progname );
|
||||
|
||||
if ( rc != 0 ) {
|
||||
fprintf( stderr, "%s: slap_init failed!\n", progname );
|
||||
exit( EXIT_FAILURE );
|
||||
}
|
||||
|
||||
if ( frontend_init() ) {
|
||||
fprintf( stderr, "%s: frontend_init failed!\n", progname );
|
||||
exit( EXIT_FAILURE );
|
||||
}
|
||||
|
||||
if ( overlay_init() ) {
|
||||
fprintf( stderr, "%s: overlay_init failed!\n", progname );
|
||||
exit( EXIT_FAILURE );
|
||||
}
|
||||
|
||||
#ifdef SLAP_DYNACL
|
||||
if ( acl_init() ) {
|
||||
fprintf( stderr, "%s: acl_init failed!\n", progname );
|
||||
exit( EXIT_FAILURE );
|
||||
}
|
||||
#endif /* SLAP_DYNACL */
|
||||
|
||||
rc = read_config( conffile, confdir );
|
||||
|
||||
if ( rc != 0 ) {
|
||||
|
Loading…
Reference in New Issue
Block a user