Author: rmeggins
Update of /cvs/dirsec/ldapserver/ldap/servers/plugins/replication
In directory
cvs1.fedora.phx.redhat.com:/tmp/cvs-serv1168/ldapserver/ldap/servers/plugins/replication
Modified Files:
repl5_connection.c windows_connection.c
Log Message:
Resolves: bug 469261
Bug Description: Support server-to-server SASL - console chaining, server cleanup
Reviewed by: nkinder (Thanks!)
Fix Description: There are two sets of diffs here. The first set adds tls, gssapi, and
digest to the chaining database (aka database link) panels in the console. I had to add
support for revert to some of the code to make the Reset button work without having to
retrieve the values from the server each time. We already store the original values
locally in the _origModel - I added code to allow the use of that in the Reset button.
The second set of diffs is for the server.
1) I had to add support for "SIMPLE" for bindMechanism - this translates to
LDAP_SASL_SIMPLE for the actual mechanism. This value is NULL, so I had to add handling
for NULL values in the cb config code (slapi_ch_* work fine with NULL values).
2) Added some more debugging/tracing code
3) The server to server SSL code would only work if the server were configured to be an
SSL server. But for the server to be an SSL client, it only needs NSS initialized and to
have the CA cert. It also needs to configured some of the SSL settings and install the
correct policy. I changed the server code to do this.
Platforms tested: RHEL5
Flag Day: no
Doc impact: Yes
Index: repl5_connection.c
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/servers/plugins/replication/repl5_connection.c,v
retrieving revision 1.12
retrieving revision 1.13
diff -u -r1.12 -r1.13
--- repl5_connection.c 10 Nov 2008 23:57:47 -0000 1.12
+++ repl5_connection.c 2 Dec 2008 15:29:30 -0000 1.13
@@ -949,30 +949,25 @@
/* ugaston: if SSL has been selected in the replication agreement, SSL client
* initialisation should be done before ever trying to open any connection at all.
*/
- if ((conn->transport_flags == TRANSPORT_FLAG_TLS) ||
- (conn->transport_flags == TRANSPORT_FLAG_SSL))
- {
+ if (conn->transport_flags == TRANSPORT_FLAG_TLS) {
+ secure = 2;
+ } else if (conn->transport_flags == TRANSPORT_FLAG_SSL) {
+ secure = 1;
+ }
- /** Make sure the SSL Library has been initialized before anything else **/
- if(slapd_security_library_is_initialized() != 1)
- {
+ if (secure > 0) {
+ if (!NSS_IsInitialized()) {
slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name,
- "%s: SSL Not Initialized, Replication over SSL FAILED\n",
- agmt_get_long_name(conn->agmt));
+ "%s: SSL Not Initialized, Replication over SSL FAILED\n",
+ agmt_get_long_name(conn->agmt));
conn->last_ldap_error = LDAP_INAPPROPRIATE_AUTH;
conn->last_operation = CONN_INIT;
ber_bvfree(creds);
creds = NULL;
return CONN_SSL_NOT_ENABLED;
- } else if (conn->transport_flags == TRANSPORT_FLAG_SSL)
- {
- secure = 1;
- } else
- {
- secure = 2; /* 2 means starttls security */
}
}
-
+
if (return_value == CONN_OPERATION_SUCCESS) {
int io_timeout_ms;
/* Now we initialize the LDAP Structure and set options */
Index: windows_connection.c
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/servers/plugins/replication/windows_connection.c,v
retrieving revision 1.21
retrieving revision 1.22
diff -u -r1.21 -r1.22
--- windows_connection.c 10 Nov 2008 23:57:47 -0000 1.21
+++ windows_connection.c 2 Dec 2008 15:29:30 -0000 1.22
@@ -1193,30 +1193,25 @@
/* ugaston: if SSL has been selected in the replication agreement, SSL client
* initialisation should be done before ever trying to open any connection at all.
*/
- if ((conn->transport_flags == TRANSPORT_FLAG_TLS) ||
- (conn->transport_flags == TRANSPORT_FLAG_SSL))
- {
-
- /** Make sure the SSL Library has been initialized before anything else **/
- if(slapd_security_library_is_initialized() != 1)
- {
+ if (conn->transport_flags == TRANSPORT_FLAG_TLS) {
+ secure = 2;
+ } else if (conn->transport_flags == TRANSPORT_FLAG_SSL) {
+ secure = 1;
+ }
+
+ if (secure > 0) {
+ if (!NSS_IsInitialized()) {
slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name,
- "%s: SSL Not Initialized, Replication over SSL FAILED\n",
- agmt_get_long_name(conn->agmt));
+ "%s: SSL Not Initialized, Replication over SSL FAILED\n",
+ agmt_get_long_name(conn->agmt));
conn->last_ldap_error = LDAP_INAPPROPRIATE_AUTH;
conn->last_operation = CONN_INIT;
ber_bvfree(creds);
creds = NULL;
return CONN_SSL_NOT_ENABLED;
- } else if (conn->transport_flags == TRANSPORT_FLAG_SSL)
- {
- secure = 1;
- } else
- {
- secure = 2; /* 2 means starttls security */
}
}
-
+
if (return_value == CONN_OPERATION_SUCCESS) {
int io_timeout_ms;
/* Now we initialize the LDAP Structure and set options */
Show replies by date