]> git.sur5r.net Git - openldap/blob - servers/slapd/bconfig.c
3e88c3f9095b69e95c616cfc385d969823759945
[openldap] / servers / slapd / bconfig.c
1 /* bconfig.c - the config backend */
2 /* $OpenLDAP$ */
3 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
4  *
5  * Copyright 2005 The OpenLDAP Foundation.
6  * All rights reserved.
7  *
8  * Redistribution and use in source and binary forms, with or without
9  * modification, are permitted only as authorized by the OpenLDAP
10  * Public License.
11  *
12  * A copy of this license is available in the file LICENSE in the
13  * top-level directory of the distribution or, alternatively, at
14  * <http://www.OpenLDAP.org/license.html>.
15  */
16 /* ACKNOWLEDGEMENTS:
17  * This work was originally developed by Howard Chu for inclusion
18  * in OpenLDAP Software.
19  */
20
21 #include "portable.h"
22
23 #include <stdio.h>
24 #include <ac/string.h>
25 #include <ac/ctype.h>
26 #include <ac/errno.h>
27 #include <sys/stat.h>
28
29 #include "slap.h"
30
31 #ifdef LDAP_SLAPI
32 #include "slapi/slapi.h"
33 #endif
34
35 #include <ldif.h>
36 #include <lutil.h>
37
38 #include "config.h"
39
40 static struct berval config_rdn = BER_BVC("cn=config");
41 static struct berval schema_rdn = BER_BVC("cn=schema");
42
43 #define IFMT    "{%d}"
44
45 #ifdef SLAPD_MODULES
46 typedef struct modpath_s {
47         struct modpath_s *mp_next;
48         struct berval mp_path;
49         BerVarray mp_loads;
50 } ModPaths;
51
52 static ModPaths modpaths, *modlast = &modpaths, *modcur = &modpaths;
53 #endif
54
55 typedef struct ConfigFile {
56         struct ConfigFile *c_sibs;
57         struct ConfigFile *c_kids;
58         struct berval c_file;
59         AttributeType *c_at_head, *c_at_tail;
60         ContentRule *c_cr_head, *c_cr_tail;
61         ObjectClass *c_oc_head, *c_oc_tail;
62         OidMacro *c_om_head, *c_om_tail;
63         BerVarray c_dseFiles;
64 } ConfigFile;
65
66 typedef struct {
67         ConfigFile *cb_config;
68         CfEntryInfo *cb_root;
69         BackendDB       cb_db;  /* underlying database */
70         int             cb_got_ldif;
71         int             cb_use_ldif;
72 } CfBackInfo;
73
74 /* These do nothing in slapd, they're kept only to make them
75  * editable here.
76  */
77 static char *replica_pidFile, *replica_argsFile;
78 static int replicationInterval;
79
80 static char     *passwd_salt;
81 static char     *logfileName;
82 static BerVarray authz_rewrites;
83
84 static struct berval cfdir;
85
86 /* Private state */
87 static AttributeDescription *cfAd_backend, *cfAd_database, *cfAd_overlay,
88         *cfAd_include;
89
90 static ConfigFile *cfn;
91
92 static Avlnode *CfOcTree;
93
94 static int config_add_internal( CfBackInfo *cfb, Entry *e, ConfigArgs *ca,
95         SlapReply *rs, int *renumber );
96
97 static ConfigDriver config_fname;
98 static ConfigDriver config_cfdir;
99 static ConfigDriver config_generic;
100 static ConfigDriver config_search_base;
101 static ConfigDriver config_passwd_hash;
102 static ConfigDriver config_schema_dn;
103 static ConfigDriver config_sizelimit;
104 static ConfigDriver config_timelimit;
105 static ConfigDriver config_overlay;
106 static ConfigDriver config_suffix; 
107 static ConfigDriver config_deref_depth;
108 static ConfigDriver config_rootdn;
109 static ConfigDriver config_rootpw;
110 static ConfigDriver config_restrict;
111 static ConfigDriver config_allows;
112 static ConfigDriver config_disallows;
113 static ConfigDriver config_requires;
114 static ConfigDriver config_security;
115 static ConfigDriver config_referral;
116 static ConfigDriver config_loglevel;
117 static ConfigDriver config_replica;
118 static ConfigDriver config_updatedn;
119 static ConfigDriver config_updateref;
120 static ConfigDriver config_include;
121 #ifdef HAVE_TLS
122 static ConfigDriver config_tls_option;
123 static ConfigDriver config_tls_config;
124 #endif
125 extern ConfigDriver syncrepl_config;
126
127 enum {
128         CFG_ACL = 1,
129         CFG_BACKEND,
130         CFG_DATABASE,
131         CFG_TLS_RAND,
132         CFG_TLS_CIPHER,
133         CFG_TLS_CERT_FILE,
134         CFG_TLS_CERT_KEY,
135         CFG_TLS_CA_PATH,
136         CFG_TLS_CA_FILE,
137         CFG_TLS_VERIFY,
138         CFG_TLS_CRLCHECK,
139         CFG_CONCUR,
140         CFG_THREADS,
141         CFG_SALT,
142         CFG_LIMITS,
143         CFG_RO,
144         CFG_REWRITE,
145         CFG_DEPTH,
146         CFG_OID,
147         CFG_OC,
148         CFG_DIT,
149         CFG_ATTR,
150         CFG_ATOPT,
151         CFG_REPLOG,
152         CFG_ROOTDSE,
153         CFG_LOGFILE,
154         CFG_PLUGIN,
155         CFG_MODLOAD,
156         CFG_MODPATH,
157         CFG_LASTMOD,
158         CFG_AZPOLICY,
159         CFG_AZREGEXP,
160         CFG_SASLSECP,
161         CFG_SSTR_IF_MAX,
162         CFG_SSTR_IF_MIN,
163
164         CFG_LAST
165 };
166
167 typedef struct {
168         char *name, *oid;
169 } OidRec;
170
171 static OidRec OidMacros[] = {
172         /* OpenLDAProot:666.11.1 */
173         { "OLcfg", "1.3.6.1.4.1.4203.666.11.1" },
174         { "OLcfgAt", "OLcfg:3" },
175         { "OLcfgGlAt", "OLcfgAt:0" },
176         { "OLcfgBkAt", "OLcfgAt:1" },
177         { "OLcfgDbAt", "OLcfgAt:2" },
178         { "OLcfgOvAt", "OLcfgAt:3" },
179         { "OLcfgOc", "OLcfg:4" },
180         { "OLcfgGlOc", "OLcfgOc:0" },
181         { "OLcfgBkOc", "OLcfgOc:1" },
182         { "OLcfgDbOc", "OLcfgOc:2" },
183         { "OLcfgOvOc", "OLcfgOc:3" },
184         { "OMsyn", "1.3.6.1.4.1.1466.115.121.1" },
185         { "OMsInteger", "OMsyn:27" },
186         { "OMsBoolean", "OMsyn:7" },
187         { "OMsDN", "OMsyn:12" },
188         { "OMsDirectoryString", "OMsyn:15" },
189         { "OMsOctetString", "OMsyn:40" },
190         { NULL, NULL }
191 };
192
193 /*
194  * OLcfg{Bk|Db}{Oc|At}:0                -> common
195  * OLcfg{Bk|Db}{Oc|At}:1                -> bdb
196  * OLcfg{Bk|Db}{Oc|At}:2                -> ldif
197  * OLcfg{Bk|Db}{Oc|At}:3                -> ldap?
198  */
199
200 /* alphabetical ordering */
201
202 static ConfigTable config_back_cf_table[] = {
203         /* This attr is read-only */
204         { "", "", 0, 0, 0, ARG_MAGIC,
205                 &config_fname, "( OLcfgGlAt:78 NAME 'olcConfigFile' "
206                         "DESC 'File for slapd configuration directives' "
207                         "EQUALITY caseIgnoreMatch "
208                         "SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
209         { "", "", 0, 0, 0, ARG_MAGIC,
210                 &config_cfdir, "( OLcfgGlAt:79 NAME 'olcConfigDir' "
211                         "DESC 'Directory for slapd configuration backend' "
212                         "EQUALITY caseIgnoreMatch "
213                         "SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
214         { "access",     NULL, 0, 0, 0, ARG_MAY_DB|ARG_MAGIC|CFG_ACL,
215                 &config_generic, "( OLcfgGlAt:1 NAME 'olcAccess' "
216                         "DESC 'Access Control List' "
217                         "EQUALITY caseIgnoreMatch "
218                         "SYNTAX OMsDirectoryString X-ORDERED 'VALUES' )", NULL, NULL },
219         { "allows",     "features", 2, 0, 5, ARG_PRE_DB|ARG_MAGIC,
220                 &config_allows, "( OLcfgGlAt:2 NAME 'olcAllows' "
221                         "DESC 'Allowed set of deprecated features' "
222                         "EQUALITY caseIgnoreMatch "
223                         "SYNTAX OMsDirectoryString )", NULL, NULL },
224         { "argsfile", "file", 2, 2, 0, ARG_STRING,
225                 &slapd_args_file, "( OLcfgGlAt:3 NAME 'olcArgsFile' "
226                         "DESC 'File for slapd command line options' "
227                         "EQUALITY caseIgnoreMatch "
228                         "SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
229         { "attributeoptions", NULL, 0, 0, 0, ARG_MAGIC|CFG_ATOPT,
230                 &config_generic, "( OLcfgGlAt:5 NAME 'olcAttributeOptions' "
231                         "EQUALITY caseIgnoreMatch "
232                         "SYNTAX OMsDirectoryString )", NULL, NULL },
233         { "attribute",  "attribute", 2, 0, 9,
234                 ARG_PAREN|ARG_MAGIC|CFG_ATTR|ARG_NO_DELETE|ARG_NO_INSERT,
235                 &config_generic, "( OLcfgGlAt:4 NAME 'olcAttributeTypes' "
236                         "DESC 'OpenLDAP attributeTypes' "
237                         "EQUALITY caseIgnoreMatch "
238                         "SYNTAX OMsDirectoryString X-ORDERED 'VALUES' )",
239                                 NULL, NULL },
240         { "authid-rewrite", NULL, 2, 0, STRLENOF( "authid-rewrite" ),
241 #ifdef SLAP_AUTH_REWRITE
242                 ARG_MAGIC|CFG_REWRITE|ARG_NO_INSERT, &config_generic,
243 #else
244                 ARG_IGNORED, NULL,
245 #endif
246                  "( OLcfgGlAt:6 NAME 'olcAuthIDRewrite' "
247                         "EQUALITY caseIgnoreMatch "
248                         "SYNTAX OMsDirectoryString X-ORDERED 'VALUES' )", NULL, NULL },
249         { "authz-policy", "policy", 2, 2, 0, ARG_STRING|ARG_MAGIC|CFG_AZPOLICY,
250                 &config_generic, "( OLcfgGlAt:7 NAME 'olcAuthzPolicy' "
251                         "EQUALITY caseIgnoreMatch "
252                         "SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
253         { "authz-regexp", NULL, 3, 3, 0, ARG_MAGIC|CFG_AZREGEXP|ARG_NO_INSERT,
254                 &config_generic, "( OLcfgGlAt:8 NAME 'olcAuthzRegexp' "
255                         "EQUALITY caseIgnoreMatch "
256                         "SYNTAX OMsDirectoryString X-ORDERED 'VALUES' )", NULL, NULL },
257         { "backend", "type", 2, 2, 0, ARG_PRE_DB|ARG_MAGIC|CFG_BACKEND,
258                 &config_generic, "( OLcfgGlAt:9 NAME 'olcBackend' "
259                         "DESC 'A type of backend' "
260                         "EQUALITY caseIgnoreMatch "
261                         "SYNTAX OMsDirectoryString SINGLE-VALUE X-ORDERED 'SIBLINGS' )",
262                                 NULL, NULL },
263         { "concurrency", "level", 2, 2, 0, ARG_INT|ARG_MAGIC|CFG_CONCUR,
264                 &config_generic, "( OLcfgGlAt:10 NAME 'olcConcurrency' "
265                         "SYNTAX OMsInteger SINGLE-VALUE )", NULL, NULL },
266         { "conn_max_pending", "max", 2, 2, 0, ARG_INT,
267                 &slap_conn_max_pending, "( OLcfgGlAt:11 NAME 'olcConnMaxPending' "
268                         "SYNTAX OMsInteger SINGLE-VALUE )", NULL, NULL },
269         { "conn_max_pending_auth", "max", 2, 2, 0, ARG_INT,
270                 &slap_conn_max_pending_auth, "( OLcfgGlAt:12 NAME 'olcConnMaxPendingAuth' "
271                         "SYNTAX OMsInteger SINGLE-VALUE )", NULL, NULL },
272         { "database", "type", 2, 2, 0, ARG_MAGIC|CFG_DATABASE,
273                 &config_generic, "( OLcfgGlAt:13 NAME 'olcDatabase' "
274                         "DESC 'The backend type for a database instance' "
275                         "SUP olcBackend SINGLE-VALUE X-ORDERED 'SIBLINGS' )", NULL, NULL },
276         { "defaultSearchBase", "dn", 2, 2, 0, ARG_PRE_BI|ARG_PRE_DB|ARG_DN|ARG_QUOTE|ARG_MAGIC,
277                 &config_search_base, "( OLcfgGlAt:14 NAME 'olcDefaultSearchBase' "
278                         "SYNTAX OMsDN SINGLE-VALUE )", NULL, NULL },
279         { "disallows", "features", 2, 0, 8, ARG_PRE_DB|ARG_MAGIC,
280                 &config_disallows, "( OLcfgGlAt:15 NAME 'olcDisallows' "
281                         "EQUALITY caseIgnoreMatch "
282                         "SYNTAX OMsDirectoryString )", NULL, NULL },
283         { "ditcontentrule",     NULL, 0, 0, 0, ARG_MAGIC|CFG_DIT|ARG_NO_DELETE|ARG_NO_INSERT,
284                 &config_generic, "( OLcfgGlAt:16 NAME 'olcDitContentRules' "
285                         "DESC 'OpenLDAP DIT content rules' "
286                         "EQUALITY caseIgnoreMatch "
287                         "SYNTAX OMsDirectoryString X-ORDERED 'VALUES' )",
288                         NULL, NULL },
289         { "gentlehup", "on|off", 2, 2, 0,
290 #ifdef SIGHUP
291                 ARG_ON_OFF, &global_gentlehup,
292 #else
293                 ARG_IGNORED, NULL,
294 #endif
295                 "( OLcfgGlAt:17 NAME 'olcGentleHUP' "
296                         "SYNTAX OMsBoolean SINGLE-VALUE )", NULL, NULL },
297         { "idletimeout", "timeout", 2, 2, 0, ARG_INT,
298                 &global_idletimeout, "( OLcfgGlAt:18 NAME 'olcIdleTimeout' "
299                         "SYNTAX OMsInteger SINGLE-VALUE )", NULL, NULL },
300         { "include", "file", 2, 2, 0, ARG_MAGIC,
301                 &config_include, "( OLcfgGlAt:19 NAME 'olcInclude' "
302                         "SUP labeledURI )", NULL, NULL },
303         { "index_substr_if_minlen", "min", 2, 2, 0, ARG_INT|ARG_NONZERO|ARG_MAGIC|CFG_SSTR_IF_MIN,
304                 &config_generic, "( OLcfgGlAt:20 NAME 'olcIndexSubstrIfMinLen' "
305                         "SYNTAX OMsInteger SINGLE-VALUE )", NULL, NULL },
306         { "index_substr_if_maxlen", "max", 2, 2, 0, ARG_INT|ARG_NONZERO|ARG_MAGIC|CFG_SSTR_IF_MAX,
307                 &config_generic, "( OLcfgGlAt:21 NAME 'olcIndexSubstrIfMaxLen' "
308                         "SYNTAX OMsInteger SINGLE-VALUE )", NULL, NULL },
309         { "index_substr_any_len", "len", 2, 2, 0, ARG_INT|ARG_NONZERO,
310                 &index_substr_any_len, "( OLcfgGlAt:22 NAME 'olcIndexSubstrAnyLen' "
311                         "SYNTAX OMsInteger SINGLE-VALUE )", NULL, NULL },
312         { "index_substr_any_step", "step", 2, 2, 0, ARG_INT|ARG_NONZERO,
313                 &index_substr_any_step, "( OLcfgGlAt:23 NAME 'olcIndexSubstrAnyStep' "
314                         "SYNTAX OMsInteger SINGLE-VALUE )", NULL, NULL },
315         { "lastmod", "on|off", 2, 2, 0, ARG_DB|ARG_ON_OFF|ARG_MAGIC|CFG_LASTMOD,
316                 &config_generic, "( OLcfgDbAt:0.4 NAME 'olcLastMod' "
317                         "SYNTAX OMsBoolean SINGLE-VALUE )", NULL, NULL },
318         { "limits", "limits", 2, 0, 0, ARG_DB|ARG_MAGIC|CFG_LIMITS,
319                 &config_generic, "( OLcfgDbAt:0.5 NAME 'olcLimits' "
320                         "SYNTAX OMsDirectoryString X-ORDERED 'VALUES' )", NULL, NULL },
321         { "localSSF", "ssf", 2, 2, 0, ARG_INT,
322                 &local_ssf, "( OLcfgGlAt:26 NAME 'olcLocalSSF' "
323                         "SYNTAX OMsInteger SINGLE-VALUE )", NULL, NULL },
324         { "logfile", "file", 2, 2, 0, ARG_STRING|ARG_MAGIC|CFG_LOGFILE,
325                 &config_generic, "( OLcfgGlAt:27 NAME 'olcLogFile' "
326                         "SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
327         { "loglevel", "level", 2, 0, 0, ARG_MAGIC,
328                 &config_loglevel, "( OLcfgGlAt:28 NAME 'olcLogLevel' "
329                         "SYNTAX OMsDirectoryString )", NULL, NULL },
330         { "maxDerefDepth", "depth", 2, 2, 0, ARG_DB|ARG_INT|ARG_MAGIC|CFG_DEPTH,
331                 &config_generic, "( OLcfgDbAt:0.6 NAME 'olcMaxDerefDepth' "
332                         "SYNTAX OMsInteger SINGLE-VALUE )", NULL, NULL },
333         { "moduleload", "file", 2, 0, 0,
334 #ifdef SLAPD_MODULES
335                 ARG_MAGIC|CFG_MODLOAD, &config_generic,
336 #else
337                 ARG_IGNORED, NULL,
338 #endif
339                 "( OLcfgGlAt:30 NAME 'olcModuleLoad' "
340                         "SYNTAX OMsDirectoryString X-ORDERED 'VALUES' )", NULL, NULL },
341         { "modulepath", "path", 2, 2, 0,
342 #ifdef SLAPD_MODULES
343                 ARG_MAGIC|CFG_MODPATH|ARG_NO_DELETE|ARG_NO_INSERT, &config_generic,
344 #else
345                 ARG_IGNORED, NULL,
346 #endif
347                 "( OLcfgGlAt:31 NAME 'olcModulePath' "
348                         "SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
349         { "objectclass", "objectclass", 2, 0, 0, ARG_PAREN|ARG_MAGIC|CFG_OC|ARG_NO_DELETE|ARG_NO_INSERT,
350                 &config_generic, "( OLcfgGlAt:32 NAME 'olcObjectClasses' "
351                 "DESC 'OpenLDAP object classes' "
352                 "EQUALITY caseIgnoreMatch "
353                 "SYNTAX OMsDirectoryString X-ORDERED 'VALUES' )",
354                         NULL, NULL },
355         { "objectidentifier", NULL,     0, 0, 0, ARG_MAGIC|CFG_OID,
356                 &config_generic, "( OLcfgGlAt:33 NAME 'olcObjectIdentifier' "
357                         "SYNTAX OMsDirectoryString X-ORDERED 'VALUES' )", NULL, NULL },
358         { "overlay", "overlay", 2, 2, 0, ARG_MAGIC,
359                 &config_overlay, "( OLcfgGlAt:34 NAME 'olcOverlay' "
360                         "SUP olcDatabase SINGLE-VALUE X-ORDERED 'SIBLINGS' )", NULL, NULL },
361         { "password-crypt-salt-format", "salt", 2, 2, 0, ARG_STRING|ARG_MAGIC|CFG_SALT,
362                 &config_generic, "( OLcfgGlAt:35 NAME 'olcPasswordCryptSaltFormat' "
363                         "SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
364         { "password-hash", "hash", 2, 2, 0, ARG_MAGIC,
365                 &config_passwd_hash, "( OLcfgGlAt:36 NAME 'olcPasswordHash' "
366                         "SYNTAX OMsDirectoryString )", NULL, NULL },
367         { "pidfile", "file", 2, 2, 0, ARG_STRING,
368                 &slapd_pid_file, "( OLcfgGlAt:37 NAME 'olcPidFile' "
369                         "SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
370         { "plugin", NULL, 0, 0, 0,
371 #ifdef LDAP_SLAPI
372                 ARG_MAGIC|CFG_PLUGIN, &config_generic,
373 #else
374                 ARG_IGNORED, NULL,
375 #endif
376                 "( OLcfgGlAt:38 NAME 'olcPlugin' "
377                         "SYNTAX OMsDirectoryString )", NULL, NULL },
378         { "pluginlog", "filename", 2, 2, 0,
379 #ifdef LDAP_SLAPI
380                 ARG_STRING, &slapi_log_file,
381 #else
382                 ARG_IGNORED, NULL,
383 #endif
384                 "( OLcfgGlAt:39 NAME 'olcPluginLogFile' "
385                         "SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
386         { "readonly", "on|off", 2, 2, 0, ARG_MAY_DB|ARG_ON_OFF|ARG_MAGIC|CFG_RO,
387                 &config_generic, "( OLcfgGlAt:40 NAME 'olcReadOnly' "
388                         "SYNTAX OMsBoolean SINGLE-VALUE )", NULL, NULL },
389         { "referral", "url", 2, 2, 0, ARG_MAGIC,
390                 &config_referral, "( OLcfgGlAt:41 NAME 'olcReferral' "
391                         "SUP labeledURI SINGLE-VALUE )", NULL, NULL },
392         { "replica", "host or uri", 2, 0, 0, ARG_DB|ARG_MAGIC,
393                 &config_replica, "( OLcfgDbAt:0.7 NAME 'olcReplica' "
394                         "SUP labeledURI )", NULL, NULL },
395         { "replica-argsfile", NULL, 0, 0, 0, ARG_STRING,
396                 &replica_argsFile, "( OLcfgGlAt:43 NAME 'olcReplicaArgsFile' "
397                         "SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
398         { "replica-pidfile", NULL, 0, 0, 0, ARG_STRING,
399                 &replica_pidFile, "( OLcfgGlAt:44 NAME 'olcReplicaPidFile' "
400                         "SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
401         { "replicationInterval", NULL, 0, 0, 0, ARG_INT,
402                 &replicationInterval, "( OLcfgGlAt:45 NAME 'olcReplicationInterval' "
403                         "SYNTAX OMsInteger SINGLE-VALUE )", NULL, NULL },
404         { "replogfile", "filename", 2, 2, 0, ARG_MAY_DB|ARG_MAGIC|ARG_STRING|CFG_REPLOG,
405                 &config_generic, "( OLcfgGlAt:46 NAME 'olcReplogFile' "
406                         "SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
407         { "require", "features", 2, 0, 7, ARG_MAY_DB|ARG_MAGIC,
408                 &config_requires, "( OLcfgGlAt:47 NAME 'olcRequires' "
409                         "SYNTAX OMsDirectoryString )", NULL, NULL },
410         { "restrict", "op_list", 2, 0, 0, ARG_MAY_DB|ARG_MAGIC,
411                 &config_restrict, "( OLcfgGlAt:48 NAME 'olcRestrict' "
412                         "SYNTAX OMsDirectoryString )", NULL, NULL },
413         { "reverse-lookup", "on|off", 2, 2, 0,
414 #ifdef SLAPD_RLOOKUPS
415                 ARG_ON_OFF, &use_reverse_lookup,
416 #else
417                 ARG_IGNORED, NULL,
418 #endif
419                 "( OLcfgGlAt:49 NAME 'olcReverseLookup' "
420                         "SYNTAX OMsBoolean SINGLE-VALUE )", NULL, NULL },
421         { "rootdn", "dn", 2, 2, 0, ARG_DB|ARG_DN|ARG_QUOTE|ARG_MAGIC,
422                 &config_rootdn, "( OLcfgDbAt:0.8 NAME 'olcRootDN' "
423                         "SYNTAX OMsDN SINGLE-VALUE )", NULL, NULL },
424         { "rootDSE", "file", 2, 2, 0, ARG_MAGIC|CFG_ROOTDSE,
425                 &config_generic, "( OLcfgGlAt:51 NAME 'olcRootDSE' "
426                         "SYNTAX OMsDirectoryString )", NULL, NULL },
427         { "rootpw", "password", 2, 2, 0, ARG_BERVAL|ARG_DB|ARG_MAGIC,
428                 &config_rootpw, "( OLcfgDbAt:0.9 NAME 'olcRootPW' "
429                         "SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
430         { "sasl-authz-policy", NULL, 2, 2, 0, ARG_MAGIC|CFG_AZPOLICY,
431                 &config_generic, NULL, NULL, NULL },
432         { "sasl-host", "host", 2, 2, 0,
433 #ifdef HAVE_CYRUS_SASL
434                 ARG_STRING|ARG_UNIQUE, &global_host,
435 #else
436                 ARG_IGNORED, NULL,
437 #endif
438                 "( OLcfgGlAt:53 NAME 'olcSaslHost' "
439                         "SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
440         { "sasl-realm", "realm", 2, 2, 0,
441 #ifdef HAVE_CYRUS_SASL
442                 ARG_STRING|ARG_UNIQUE, &global_realm,
443 #else
444                 ARG_IGNORED, NULL,
445 #endif
446                 "( OLcfgGlAt:54 NAME 'olcSaslRealm' "
447                         "SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
448         { "sasl-regexp", NULL, 3, 3, 0, ARG_MAGIC|CFG_AZREGEXP,
449                 &config_generic, NULL, NULL, NULL },
450         { "sasl-secprops", "properties", 2, 2, 0,
451 #ifdef HAVE_CYRUS_SASL
452                 ARG_MAGIC|CFG_SASLSECP, &config_generic,
453 #else
454                 ARG_IGNORED, NULL,
455 #endif
456                 "( OLcfgGlAt:56 NAME 'olcSaslSecProps' "
457                         "SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
458         { "saslRegexp", NULL, 3, 3, 0, ARG_MAGIC|CFG_AZREGEXP,
459                 &config_generic, NULL, NULL, NULL },
460         { "schemadn", "dn", 2, 2, 0, ARG_MAY_DB|ARG_DN|ARG_QUOTE|ARG_MAGIC,
461                 &config_schema_dn, "( OLcfgGlAt:58 NAME 'olcSchemaDN' "
462                         "SYNTAX OMsDN SINGLE-VALUE )", NULL, NULL },
463         { "security", "factors", 2, 0, 0, ARG_MAY_DB|ARG_MAGIC,
464                 &config_security, "( OLcfgGlAt:59 NAME 'olcSecurity' "
465                         "SYNTAX OMsDirectoryString )", NULL, NULL },
466         { "sizelimit", "limit", 2, 0, 0, ARG_MAY_DB|ARG_MAGIC,
467                 &config_sizelimit, "( OLcfgGlAt:60 NAME 'olcSizeLimit' "
468                         "SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
469         { "sockbuf_max_incoming", "max", 2, 2, 0, ARG_BER_LEN_T,
470                 &sockbuf_max_incoming, "( OLcfgGlAt:61 NAME 'olcSockbufMaxIncoming' "
471                         "SYNTAX OMsInteger SINGLE-VALUE )", NULL, NULL },
472         { "sockbuf_max_incoming_auth", "max", 2, 2, 0, ARG_BER_LEN_T,
473                 &sockbuf_max_incoming_auth, "( OLcfgGlAt:62 NAME 'olcSockbufMaxIncomingAuth' "
474                         "SYNTAX OMsInteger SINGLE-VALUE )", NULL, NULL },
475         { "srvtab", "file", 2, 2, 0,
476 #ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
477                 ARG_STRING, &ldap_srvtab,
478 #else
479                 ARG_IGNORED, NULL,
480 #endif
481                 "( OLcfgGlAt:63 NAME 'olcSrvtab' "
482                         "SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
483         { "suffix",     "suffix", 2, 2, 0, ARG_DB|ARG_DN|ARG_QUOTE|ARG_MAGIC,
484                 &config_suffix, "( OLcfgDbAt:0.10 NAME 'olcSuffix' "
485                         "SYNTAX OMsDN )", NULL, NULL },
486         { "syncrepl", NULL, 0, 0, 0, ARG_DB|ARG_MAGIC,
487                 &syncrepl_config, "( OLcfgDbAt:0.11 NAME 'olcSyncrepl' "
488                         "SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
489         { "threads", "count", 2, 2, 0, ARG_INT|ARG_MAGIC|CFG_THREADS,
490                 &config_generic, "( OLcfgGlAt:66 NAME 'olcThreads' "
491                         "SYNTAX OMsInteger SINGLE-VALUE )", NULL, NULL },
492         { "timelimit", "limit", 2, 0, 0, ARG_MAY_DB|ARG_MAGIC,
493                 &config_timelimit, "( OLcfgGlAt:67 NAME 'olcTimeLimit' "
494                         "SYNTAX OMsDirectoryString )", NULL, NULL },
495         { "TLSCACertificateFile", NULL, 0, 0, 0,
496 #ifdef HAVE_TLS
497                 CFG_TLS_CA_FILE|ARG_STRING|ARG_MAGIC, &config_tls_option,
498 #else
499                 ARG_IGNORED, NULL,
500 #endif
501                 "( OLcfgGlAt:68 NAME 'olcTLSCACertificateFile' "
502                         "SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
503         { "TLSCACertificatePath", NULL, 0, 0, 0,
504 #ifdef HAVE_TLS
505                 CFG_TLS_CA_PATH|ARG_STRING|ARG_MAGIC, &config_tls_option,
506 #else
507                 ARG_IGNORED, NULL,
508 #endif
509                 "( OLcfgGlAt:69 NAME 'olcTLSCACertificatePath' "
510                         "SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
511         { "TLSCertificateFile", NULL, 0, 0, 0,
512 #ifdef HAVE_TLS
513                 CFG_TLS_CERT_FILE|ARG_STRING|ARG_MAGIC, &config_tls_option,
514 #else
515                 ARG_IGNORED, NULL,
516 #endif
517                 "( OLcfgGlAt:70 NAME 'olcTLSCertificateFile' "
518                         "SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
519         { "TLSCertificateKeyFile", NULL, 0, 0, 0,
520 #ifdef HAVE_TLS
521                 CFG_TLS_CERT_KEY|ARG_STRING|ARG_MAGIC, &config_tls_option,
522 #else
523                 ARG_IGNORED, NULL,
524 #endif
525                 "( OLcfgGlAt:71 NAME 'olcTLSCertificateKeyFile' "
526                         "SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
527         { "TLSCipherSuite",     NULL, 0, 0, 0,
528 #ifdef HAVE_TLS
529                 CFG_TLS_CIPHER|ARG_STRING|ARG_MAGIC, &config_tls_option,
530 #else
531                 ARG_IGNORED, NULL,
532 #endif
533                 "( OLcfgGlAt:72 NAME 'olcTLSCipherSuite' "
534                         "SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
535         { "TLSCRLCheck", NULL, 0, 0, 0,
536 #if defined(HAVE_TLS) && defined(HAVE_OPENSSL_CRL)
537                 CFG_TLS_CRLCHECK|ARG_STRING|ARG_MAGIC, &config_tls_config,
538 #else
539                 ARG_IGNORED, NULL,
540 #endif
541                 "( OLcfgGlAt:73 NAME 'olcTLSCRLCheck' "
542                         "SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
543         { "TLSRandFile", NULL, 0, 0, 0,
544 #ifdef HAVE_TLS
545                 CFG_TLS_RAND|ARG_STRING|ARG_MAGIC, &config_tls_option,
546 #else
547                 ARG_IGNORED, NULL,
548 #endif
549                 "( OLcfgGlAt:74 NAME 'olcTLSRandFile' "
550                         "SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
551         { "TLSVerifyClient", NULL, 0, 0, 0,
552 #ifdef HAVE_TLS
553                 CFG_TLS_VERIFY|ARG_STRING|ARG_MAGIC, &config_tls_config,
554 #else
555                 ARG_IGNORED, NULL,
556 #endif
557                 "( OLcfgGlAt:75 NAME 'olcTLSVerifyClient' "
558                         "SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
559         { "ucdata-path", "path", 2, 2, 0, ARG_IGNORED,
560                 NULL, NULL, NULL, NULL },
561         { "updatedn", "dn", 2, 2, 0, ARG_DB|ARG_DN|ARG_QUOTE|ARG_MAGIC,
562                 &config_updatedn, "( OLcfgDbAt:0.12 NAME 'olcUpdateDN' "
563                         "SYNTAX OMsDN SINGLE-VALUE )", NULL, NULL },
564         { "updateref", "url", 2, 2, 0, ARG_DB|ARG_MAGIC,
565                 &config_updateref, "( OLcfgDbAt:0.13 NAME 'olcUpdateRef' "
566                         "SUP labeledURI )", NULL, NULL },
567         { NULL, NULL, 0, 0, 0, ARG_IGNORED,
568                 NULL, NULL, NULL, NULL }
569 };
570
571 /* Routines to check if a child can be added to this type */
572 static ConfigLDAPadd cfAddSchema, cfAddInclude, cfAddDatabase,
573         cfAddBackend, cfAddModule, cfAddOverlay;
574
575 #define CFOC_GLOBAL     cf_ocs[1]
576 #define CFOC_SCHEMA     cf_ocs[2]
577 #define CFOC_BACKEND    cf_ocs[3]
578 #define CFOC_DATABASE   cf_ocs[4]
579 #define CFOC_OVERLAY    cf_ocs[5]
580 #define CFOC_INCLUDE    cf_ocs[6]
581 #define CFOC_MODULE     cf_ocs[7]
582
583 static ConfigOCs cf_ocs[] = {
584         { "( OLcfgGlOc:1 "
585                 "NAME 'olcConfig' "
586                 "DESC 'OpenLDAP configuration object' "
587                 "ABSTRACT SUP top )", Cft_Abstract, NULL },
588         { "( OLcfgGlOc:2 "
589                 "NAME 'olcGlobal' "
590                 "DESC 'OpenLDAP Global configuration options' "
591                 "SUP olcConfig STRUCTURAL "
592                 "MAY ( cn $ olcConfigFile $ olcConfigDir $ olcAllows $ olcArgsFile $ "
593                  "olcAttributeOptions $ olcAuthIDRewrite $ "
594                  "olcAuthzPolicy $ olcAuthzRegexp $ olcConcurrency $ "
595                  "olcConnMaxPending $ olcConnMaxPendingAuth $ olcDefaultSearchBase $ "
596                  "olcDisallows $ olcGentleHUP $ olcIdleTimeout $ "
597                  "olcIndexSubstrIfMaxLen $ olcIndexSubstrIfMinLen $ "
598                  "olcIndexSubstrAnyLen $ olcIndexSubstrAnyStep $ olcLocalSSF $ "
599                  "olcLogLevel $ "
600                  "olcPasswordCryptSaltFormat $ olcPasswordHash $ olcPidFile $ "
601                  "olcPluginLogFile $ olcReadOnly $ olcReferral $ "
602                  "olcReplicaPidFile $ olcReplicaArgsFile $ olcReplicationInterval $ "
603                  "olcReplogFile $ olcRequires $ olcRestrict $ olcReverseLookup $ "
604                  "olcRootDSE $ olcRootPW $ "
605                  "olcSaslHost $ olcSaslRealm $ olcSaslSecProps $ "
606                  "olcSecurity $ olcSizeLimit $ "
607                  "olcSockbufMaxIncoming $ olcSockbufMaxIncomingAuth $ olcSrvtab $ "
608                  "olcThreads $ olcTimeLimit $ olcTLSCACertificateFile $ "
609                  "olcTLSCACertificatePath $ olcTLSCertificateFile $ "
610                  "olcTLSCertificateKeyFile $ olcTLSCipherSuite $ olcTLSCRLCheck $ "
611                  "olcTLSRandFile $ olcTLSVerifyClient $ "
612                  "olcObjectIdentifier $ olcAttributeTypes $ olcObjectClasses $ "
613                  "olcDitContentRules ) )", Cft_Global },
614         { "( OLcfgGlOc:3 "
615                 "NAME 'olcSchemaConfig' "
616                 "DESC 'OpenLDAP schema object' "
617                 "SUP olcConfig STRUCTURAL "
618                 "MAY ( cn $ olcObjectIdentifier $ olcAttributeTypes $ "
619                  "olcObjectClasses $ olcDitContentRules ) )",
620                         Cft_Schema, NULL, cfAddSchema },
621         { "( OLcfgGlOc:4 "
622                 "NAME 'olcBackendConfig' "
623                 "DESC 'OpenLDAP Backend-specific options' "
624                 "SUP olcConfig STRUCTURAL "
625                 "MUST olcBackend )", Cft_Backend, NULL, cfAddBackend },
626         { "( OLcfgGlOc:5 "
627                 "NAME 'olcDatabaseConfig' "
628                 "DESC 'OpenLDAP Database-specific options' "
629                 "SUP olcConfig STRUCTURAL "
630                 "MUST olcDatabase "
631                 "MAY ( olcSuffix $ olcAccess $ olcLastMod $ olcLimits $ "
632                  "olcMaxDerefDepth $ olcPlugin $ olcReadOnly $ olcReplica $ "
633                  "olcReplogFile $ olcRequires $ olcRestrict $ olcRootDN $ olcRootPW $ "
634                  "olcSchemaDN $ olcSecurity $ olcSizeLimit $ olcSyncrepl $ "
635                  "olcTimeLimit $ olcUpdateDN $ olcUpdateRef ) )",
636                         Cft_Database, NULL, cfAddDatabase },
637         { "( OLcfgGlOc:6 "
638                 "NAME 'olcOverlayConfig' "
639                 "DESC 'OpenLDAP Overlay-specific options' "
640                 "SUP olcConfig STRUCTURAL "
641                 "MUST olcOverlay )", Cft_Overlay, NULL, cfAddOverlay },
642         { "( OLcfgGlOc:7 "
643                 "NAME 'olcIncludeFile' "
644                 "DESC 'OpenLDAP configuration include file' "
645                 "SUP olcConfig STRUCTURAL "
646                 "MUST olcInclude "
647                 "MAY ( cn $ olcRootDSE ) )",
648                 Cft_Include, NULL, cfAddInclude },
649 #ifdef SLAPD_MODULES
650         { "( OLcfgGlOc:8 "
651                 "NAME 'olcModuleList' "
652                 "DESC 'OpenLDAP dynamic module info' "
653                 "SUP olcConfig STRUCTURAL "
654                 "MAY ( cn $ olcModulePath $ olcModuleLoad ) )",
655                 Cft_Module, NULL, cfAddModule },
656 #endif
657         { NULL, 0, NULL }
658 };
659
660 static int
661 config_generic(ConfigArgs *c) {
662         char *p;
663         int i;
664
665         if ( c->op == SLAP_CONFIG_EMIT ) {
666                 int rc = 0;
667                 switch(c->type) {
668                 case CFG_CONCUR:
669                         c->value_int = ldap_pvt_thread_get_concurrency();
670                         break;
671                 case CFG_THREADS:
672                         c->value_int = connection_pool_max;
673                         break;
674                 case CFG_SALT:
675                         if ( passwd_salt )
676                                 c->value_string = ch_strdup( passwd_salt );
677                         else
678                                 rc = 1;
679                         break;
680                 case CFG_LIMITS:
681                         if ( c->be->be_limits ) {
682                                 char buf[4096*3];
683                                 struct berval bv;
684                                 int i;
685
686                                 for ( i=0; c->be->be_limits[i]; i++ ) {
687                                         bv.bv_len = sprintf( buf, IFMT, i );
688                                         bv.bv_val = buf+bv.bv_len;
689                                         limits_unparse( c->be->be_limits[i], &bv );
690                                         bv.bv_len += bv.bv_val - buf;
691                                         bv.bv_val = buf;
692                                         value_add_one( &c->rvalue_vals, &bv );
693                                 }
694                         }
695                         if ( !c->rvalue_vals ) rc = 1;
696                         break;
697                 case CFG_RO:
698                         c->value_int = (c->be->be_restrictops & SLAP_RESTRICT_OP_WRITES) ==
699                                 SLAP_RESTRICT_OP_WRITES;
700                         break;
701                 case CFG_AZPOLICY:
702                         c->value_string = ch_strdup( slap_sasl_getpolicy());
703                         break;
704                 case CFG_AZREGEXP:
705                         slap_sasl_regexp_unparse( &c->rvalue_vals );
706                         if ( !c->rvalue_vals ) rc = 1;
707                         break;
708 #ifdef HAVE_CYRUS_SASL
709                 case CFG_SASLSECP: {
710                         struct berval bv = BER_BVNULL;
711                         slap_sasl_secprops_unparse( &bv );
712                         if ( !BER_BVISNULL( &bv )) {
713                                 ber_bvarray_add( &c->rvalue_vals, &bv );
714                         } else {
715                                 rc = 1;
716                         }
717                         }
718                         break;
719 #endif
720                 case CFG_DEPTH:
721                         c->value_int = c->be->be_max_deref_depth;
722                         break;
723                 case CFG_OID: {
724                         ConfigFile *cf = c->private;
725                         if ( !cf )
726                                 oidm_unparse( &c->rvalue_vals, NULL, NULL, 1 );
727                         else if ( cf->c_om_head )
728                                 oidm_unparse( &c->rvalue_vals, cf->c_om_head,
729                                         cf->c_om_tail, 0 );
730                         if ( !c->rvalue_vals )
731                                 rc = 1;
732                         }
733                         break;
734                 case CFG_OC: {
735                         ConfigFile *cf = c->private;
736                         if ( !cf )
737                                 oc_unparse( &c->rvalue_vals, NULL, NULL, 1 );
738                         else if ( cf->c_oc_head )
739                                 oc_unparse( &c->rvalue_vals, cf->c_oc_head,
740                                         cf->c_oc_tail, 0 );
741                         if ( !c->rvalue_vals )
742                                 rc = 1;
743                         }
744                         break;
745                 case CFG_ATTR: {
746                         ConfigFile *cf = c->private;
747                         if ( !cf )
748                                 at_unparse( &c->rvalue_vals, NULL, NULL, 1 );
749                         else if ( cf->c_at_head )
750                                 at_unparse( &c->rvalue_vals, cf->c_at_head,
751                                         cf->c_at_tail, 0 );
752                         if ( !c->rvalue_vals )
753                                 rc = 1;
754                         }
755                         break;
756                 case CFG_DIT: {
757                         ConfigFile *cf = c->private;
758                         if ( !cf )
759                                 cr_unparse( &c->rvalue_vals, NULL, NULL, 1 );
760                         else if ( cf->c_cr_head )
761                                 cr_unparse( &c->rvalue_vals, cf->c_cr_head,
762                                         cf->c_cr_tail, 0 );
763                         if ( !c->rvalue_vals )
764                                 rc = 1;
765                         }
766                         break;
767                         
768                 case CFG_ACL: {
769                         AccessControl *a;
770                         char *src, *dst, ibuf[11];
771                         struct berval bv, abv;
772                         for (i=0, a=c->be->be_acl; a; i++,a=a->acl_next) {
773                                 abv.bv_len = sprintf( ibuf, IFMT, i );
774                                 acl_unparse( a, &bv );
775                                 abv.bv_val = ch_malloc( abv.bv_len + bv.bv_len + 1 );
776                                 AC_MEMCPY( abv.bv_val, ibuf, abv.bv_len );
777                                 /* Turn TAB / EOL into plain space */
778                                 for (src=bv.bv_val,dst=abv.bv_val+abv.bv_len; *src; src++) {
779                                         if (isspace(*src)) *dst++ = ' ';
780                                         else *dst++ = *src;
781                                 }
782                                 *dst = '\0';
783                                 if (dst[-1] == ' ') {
784                                         dst--;
785                                         *dst = '\0';
786                                 }
787                                 abv.bv_len = dst - abv.bv_val;
788                                 ber_bvarray_add( &c->rvalue_vals, &abv );
789                         }
790                         rc = (!i);
791                         break;
792                 }
793                 case CFG_REPLOG:
794                         if ( c->be->be_replogfile )
795                                 c->value_string = ch_strdup( c->be->be_replogfile );
796                         break;
797                 case CFG_ROOTDSE: {
798                         ConfigFile *cf = c->private;
799                         if ( cf->c_dseFiles ) {
800                                 value_add( &c->rvalue_vals, cf->c_dseFiles );
801                         } else {
802                                 rc = 1;
803                         }
804                         }
805                         break;
806                 case CFG_LOGFILE:
807                         if ( logfileName )
808                                 c->value_string = ch_strdup( logfileName );
809                         else
810                                 rc = 1;
811                         break;
812                 case CFG_LASTMOD:
813                         c->value_int = (SLAP_NOLASTMOD(c->be) == 0);
814                         break;
815                 case CFG_SSTR_IF_MAX:
816                         c->value_int = index_substr_if_maxlen;
817                         break;
818                 case CFG_SSTR_IF_MIN:
819                         c->value_int = index_substr_if_minlen;
820                         break;
821 #ifdef SLAPD_MODULES
822                 case CFG_MODLOAD: {
823                         ModPaths *mp = c->private;
824                         if (mp->mp_loads) {
825                                 int i;
826                                 for (i=0; !BER_BVISNULL(&mp->mp_loads[i]); i++) {
827                                         struct berval bv;
828                                         bv.bv_val = c->log;
829                                         bv.bv_len = sprintf( bv.bv_val, IFMT "%s", i,
830                                                 mp->mp_loads[i].bv_val );
831                                         value_add_one( &c->rvalue_vals, &bv );
832                                 }
833                         }
834
835                         rc = c->rvalue_vals ? 0 : 1;
836                         }
837                         break;
838                 case CFG_MODPATH: {
839                         ModPaths *mp = c->private;
840                         if ( !BER_BVISNULL( &mp->mp_path ))
841                                 value_add_one( &c->rvalue_vals, &mp->mp_path );
842
843                         rc = c->rvalue_vals ? 0 : 1;
844                         }
845                         break;
846 #endif
847 #ifdef LDAP_SLAPI
848                 case CFG_PLUGIN:
849                         slapi_int_plugin_unparse( c->be, &c->rvalue_vals );
850                         if ( !c->rvalue_vals ) rc = 1;
851                         break;
852 #endif
853 #ifdef SLAP_AUTH_REWRITE
854                 case CFG_REWRITE:
855                         if ( authz_rewrites ) {
856                                 struct berval bv, idx;
857                                 char ibuf[32];
858                                 int i;
859
860                                 idx.bv_val = ibuf;
861                                 for ( i=0; !BER_BVISNULL( &authz_rewrites[i] ); i++ ) {
862                                         idx.bv_len = sprintf( idx.bv_val, IFMT, i );
863                                         bv.bv_len = idx.bv_len + authz_rewrites[i].bv_len;
864                                         bv.bv_val = ch_malloc( bv.bv_len + 1 );
865                                         strcpy( bv.bv_val, idx.bv_val );
866                                         strcpy( bv.bv_val+idx.bv_len, authz_rewrites[i].bv_val );
867                                         ber_bvarray_add( &c->rvalue_vals, &bv );
868                                 }
869                         }
870                         if ( !c->rvalue_vals ) rc = 1;
871                         break;
872 #endif
873                 default:
874                         rc = 1;
875                 }
876                 return rc;
877         } else if ( c->op == LDAP_MOD_DELETE ) {
878                 int rc = 0;
879                 switch(c->type) {
880                 /* single-valued attrs, no-ops */
881                 case CFG_CONCUR:
882                 case CFG_THREADS:
883                 case CFG_RO:
884                 case CFG_AZPOLICY:
885                 case CFG_DEPTH:
886                 case CFG_LASTMOD:
887                 case CFG_SASLSECP:
888                 case CFG_SSTR_IF_MAX:
889                 case CFG_SSTR_IF_MIN:
890                         break;
891
892                 /* no-ops, requires slapd restart */
893                 case CFG_PLUGIN:
894                 case CFG_MODLOAD:
895                 case CFG_AZREGEXP:
896                 case CFG_REWRITE:
897                         sprintf(c->log, "change requires slapd restart");
898                         break;
899
900                 case CFG_SALT:
901                         ch_free( passwd_salt );
902                         passwd_salt = NULL;
903                         break;
904
905                 case CFG_REPLOG:
906                         ch_free( c->be->be_replogfile );
907                         c->be->be_replogfile = NULL;
908                         break;
909
910                 case CFG_LOGFILE:
911                         ch_free( logfileName );
912                         logfileName = NULL;
913                         break;
914
915                 case CFG_ACL:
916                         if ( c->valx < 0 ) {
917                                 AccessControl *end;
918                                 if ( c->be == frontendDB )
919                                         end = NULL;
920                                 else
921                                         end = frontendDB->be_acl;
922                                 acl_destroy( c->be->be_acl, end );
923                         } else {
924                                 AccessControl **prev, *a;
925                                 int i;
926                                 for (i=0, prev = &c->be->be_acl; i < c->valx;
927                                         i++ ) {
928                                         a = *prev;
929                                         prev = &a->acl_next;
930                                 }
931                                 a = *prev;
932                                 *prev = a->acl_next;
933                                 acl_free( a );
934                         }
935                         break;
936
937                 case CFG_LIMITS:
938                         /* FIXME: there is no limits_free function */
939                 case CFG_ATOPT:
940                         /* FIXME: there is no ad_option_free function */
941                 case CFG_ROOTDSE:
942                         /* FIXME: there is no way to remove attributes added by
943                                 a DSE file */
944                 case CFG_OID:
945                 case CFG_OC:
946                 case CFG_DIT:
947                 case CFG_ATTR:
948                 case CFG_MODPATH:
949                 default:
950                         rc = 1;
951                         break;
952                 }
953                 return rc;
954         }
955
956         p = strchr(c->line,'(' /*')'*/);
957
958         switch(c->type) {
959                 case CFG_BACKEND:
960                         if(!(c->bi = backend_info(c->argv[1]))) {
961                                 sprintf( c->msg, "<%s> failed init", c->argv[0] );
962                                 Debug(LDAP_DEBUG_ANY, "%s: %s (%s)!\n",
963                                         c->log, c->msg, c->argv[1] );
964                                 return(1);
965                         }
966                         break;
967
968                 case CFG_DATABASE:
969                         c->bi = NULL;
970                         /* NOTE: config is always the first backend!
971                          */
972                         if ( !strcasecmp( c->argv[1], "config" )) {
973                                 c->be = LDAP_STAILQ_FIRST(&backendDB);
974                         } else if ( !strcasecmp( c->argv[1], "frontend" )) {
975                                 c->be = frontendDB;
976                         } else {
977                                 c->be = backend_db_init(c->argv[1]);
978                                 if ( !c->be ) {
979                                         sprintf( c->msg, "<%s> failed init", c->argv[0] );
980                                         Debug(LDAP_DEBUG_ANY, "%s: %s (%s)!\n",
981                                                 c->log, c->msg, c->argv[1] );
982                                         return(1);
983                                 }
984                         }
985                         break;
986
987                 case CFG_CONCUR:
988                         ldap_pvt_thread_set_concurrency(c->value_int);
989                         break;
990
991                 case CFG_THREADS:
992                         ldap_pvt_thread_pool_maxthreads(&connection_pool, c->value_int);
993                         connection_pool_max = c->value_int;     /* save for reference */
994                         break;
995
996                 case CFG_SALT:
997                         if ( passwd_salt ) ch_free( passwd_salt );
998                         passwd_salt = c->value_string;
999                         lutil_salt_format(passwd_salt);
1000                         break;
1001
1002                 case CFG_LIMITS:
1003                         if(limits_parse(c->be, c->fname, c->lineno, c->argc, c->argv))
1004                                 return(1);
1005                         break;
1006
1007                 case CFG_RO:
1008                         if(c->value_int)
1009                                 c->be->be_restrictops |= SLAP_RESTRICT_OP_WRITES;
1010                         else
1011                                 c->be->be_restrictops &= ~SLAP_RESTRICT_OP_WRITES;
1012                         break;
1013
1014                 case CFG_AZPOLICY:
1015                         ch_free(c->value_string);
1016                         if (slap_sasl_setpolicy( c->argv[1] )) {
1017                                 sprintf( c->msg, "<%s> unable to parse value", c->argv[0] );
1018                                 Debug(LDAP_DEBUG_ANY, "%s: %s \"%s\"\n",
1019                                         c->log, c->msg, c->argv[1] );
1020                                 return(1);
1021                         }
1022                         break;
1023                 
1024                 case CFG_AZREGEXP:
1025                         if (slap_sasl_regexp_config( c->argv[1], c->argv[2] ))
1026                                 return(1);
1027                         break;
1028                                 
1029 #ifdef HAVE_CYRUS_SASL
1030                 case CFG_SASLSECP:
1031                         {
1032                         char *txt = slap_sasl_secprops( c->argv[1] );
1033                         if ( txt ) {
1034                                 snprintf( c->msg, sizeof(c->msg), "<%s> %s",
1035                                         c->argv[0], txt );
1036                                 Debug(LDAP_DEBUG_ANY, "%s: %s\n", c->log, c->msg, 0 );
1037                                 return(1);
1038                         }
1039                         break;
1040                         }
1041 #endif
1042
1043                 case CFG_DEPTH:
1044                         c->be->be_max_deref_depth = c->value_int;
1045                         break;
1046
1047                 case CFG_OID: {
1048                         OidMacro *om;
1049
1050                         if(parse_oidm(c->fname, c->lineno, c->argc, c->argv, 1, &om))
1051                                 return(1);
1052                         if (!cfn->c_om_head) cfn->c_om_head = om;
1053                         cfn->c_om_tail = om;
1054                         }
1055                         break;
1056
1057                 case CFG_OC: {
1058                         ObjectClass *oc;
1059
1060                         if(parse_oc(c->fname, c->lineno, p, c->argv, &oc)) return(1);
1061                         if (!cfn->c_oc_head) cfn->c_oc_head = oc;
1062                         cfn->c_oc_tail = oc;
1063                         }
1064                         break;
1065
1066                 case CFG_DIT: {
1067                         ContentRule *cr;
1068
1069                         if(parse_cr(c->fname, c->lineno, p, c->argv, &cr)) return(1);
1070                         if (!cfn->c_cr_head) cfn->c_cr_head = cr;
1071                         cfn->c_cr_tail = cr;
1072                         }
1073                         break;
1074
1075                 case CFG_ATTR: {
1076                         AttributeType *at;
1077
1078                         if(parse_at(c->fname, c->lineno, p, c->argv, &at)) return(1);
1079                         if (!cfn->c_at_head) cfn->c_at_head = at;
1080                         cfn->c_at_tail = at;
1081                         }
1082                         break;
1083
1084                 case CFG_ATOPT:
1085                         ad_define_option(NULL, NULL, 0);
1086                         for(i = 1; i < c->argc; i++)
1087                                 if(ad_define_option(c->argv[i], c->fname, c->lineno))
1088                                         return(1);
1089                         break;
1090
1091                 case CFG_ACL:
1092                         parse_acl(c->be, c->fname, c->lineno, c->argc, c->argv, c->valx);
1093                         break;
1094
1095                 case CFG_REPLOG:
1096                         if(SLAP_MONITOR(c->be)) {
1097                                 Debug(LDAP_DEBUG_ANY, "%s: "
1098                                         "\"replogfile\" should not be used "
1099                                         "inside monitor database\n",
1100                                         c->log, 0, 0);
1101                                 return(0);      /* FIXME: should this be an error? */
1102                         }
1103
1104                         c->be->be_replogfile = c->value_string;
1105                         break;
1106
1107                 case CFG_ROOTDSE:
1108                         if(read_root_dse_file(c->argv[1])) {
1109                                 sprintf( c->msg, "<%s> could not read file", c->argv[0] );
1110                                 Debug(LDAP_DEBUG_ANY, "%s: %s %s\n",
1111                                         c->log, c->msg, c->argv[1] );
1112                                 return(1);
1113                         }
1114                         {
1115                                 struct berval bv;
1116                                 ber_str2bv( c->argv[1], 0, 1, &bv );
1117                                 ber_bvarray_add( &cfn->c_dseFiles, &bv );
1118                         }
1119                         break;
1120
1121                 case CFG_LOGFILE: {
1122                                 FILE *logfile;
1123                                 if ( logfileName ) ch_free( logfileName );
1124                                 logfileName = c->value_string;
1125                                 logfile = fopen(logfileName, "w");
1126                                 if(logfile) lutil_debug_file(logfile);
1127                         } break;
1128
1129                 case CFG_LASTMOD:
1130                         if(SLAP_NOLASTMODCMD(c->be)) {
1131                                 sprintf( c->msg, "<%s> not available for %s database",
1132                                         c->argv[0], c->be->bd_info->bi_type );
1133                                 Debug(LDAP_DEBUG_ANY, "%s: %s\n",
1134                                         c->log, c->msg, 0 );
1135                                 return(1);
1136                         }
1137                         if(c->value_int)
1138                                 SLAP_DBFLAGS(c->be) &= ~SLAP_DBFLAG_NOLASTMOD;
1139                         else
1140                                 SLAP_DBFLAGS(c->be) |= SLAP_DBFLAG_NOLASTMOD;
1141                         break;
1142
1143                 case CFG_SSTR_IF_MAX:
1144                         if (c->value_int < index_substr_if_minlen) {
1145                                 sprintf( c->msg, "<%s> invalid value", c->argv[0] );
1146                                 Debug(LDAP_DEBUG_ANY, "%s: %s (%d)\n",
1147                                         c->log, c->msg, c->value_int );
1148                                 return(1);
1149                         }
1150                         index_substr_if_maxlen = c->value_int;
1151                         break;
1152
1153                 case CFG_SSTR_IF_MIN:
1154                         if (c->value_int > index_substr_if_maxlen) {
1155                                 sprintf( c->msg, "<%s> invalid value", c->argv[0] );
1156                                 Debug(LDAP_DEBUG_ANY, "%s: %s (%d)\n",
1157                                         c->log, c->msg, c->value_int );
1158                                 return(1);
1159                         }
1160                         index_substr_if_minlen = c->value_int;
1161                         break;
1162
1163 #ifdef SLAPD_MODULES
1164                 case CFG_MODLOAD:
1165                         /* If we're just adding a module on an existing modpath,
1166                          * make sure we've selected the current path.
1167                          */
1168                         if ( c->op == LDAP_MOD_ADD && c->private && modcur != c->private ) {
1169                                 modcur = c->private;
1170                                 /* This should never fail */
1171                                 if ( module_path( modcur->mp_path.bv_val )) {
1172                                         sprintf( c->msg, "<%s> module path no longer valid",
1173                                                 c->argv[0] );
1174                                         Debug(LDAP_DEBUG_ANY, "%s: %s (%s)\n",
1175                                                 c->log, c->msg, modcur->mp_path.bv_val );
1176                                         return(1);
1177                                 }
1178                         }
1179                         if(module_load(c->argv[1], c->argc - 2, (c->argc > 2) ? c->argv + 2 : NULL))
1180                                 return(1);
1181                         /* Record this load on the current path */
1182                         {
1183                                 struct berval bv;
1184                                 char *ptr;
1185                                 if ( c->op == SLAP_CONFIG_ADD ) {
1186                                         ptr = c->line + STRLENOF("moduleload");
1187                                         while (!isspace(*ptr)) ptr++;
1188                                         while (isspace(*ptr)) ptr++;
1189                                 } else {
1190                                         ptr = c->line;
1191                                 }
1192                                 ber_str2bv(ptr, 0, 1, &bv);
1193                                 ber_bvarray_add( &modcur->mp_loads, &bv );
1194                         }
1195                         break;
1196
1197                 case CFG_MODPATH:
1198                         if(module_path(c->argv[1])) return(1);
1199                         /* Record which path was used with each module */
1200                         {
1201                                 ModPaths *mp;
1202
1203                                 if (!modpaths.mp_loads) {
1204                                         mp = &modpaths;
1205                                 } else {
1206                                         mp = ch_malloc( sizeof( ModPaths ));
1207                                         modlast->mp_next = mp;
1208                                 }
1209                                 ber_str2bv(c->argv[1], 0, 1, &mp->mp_path);
1210                                 mp->mp_next = NULL;
1211                                 mp->mp_loads = NULL;
1212                                 modlast = mp;
1213                                 c->private = mp;
1214                                 modcur = mp;
1215                         }
1216                         
1217                         break;
1218 #endif
1219
1220 #ifdef LDAP_SLAPI
1221                 case CFG_PLUGIN:
1222                         if(slapi_int_read_config(c->be, c->fname, c->lineno, c->argc, c->argv) != LDAP_SUCCESS)
1223                                 return(1);
1224                         slapi_plugins_used++;
1225                         break;
1226 #endif
1227
1228 #ifdef SLAP_AUTH_REWRITE
1229                 case CFG_REWRITE: {
1230                         struct berval bv;
1231                         char *line;
1232                         
1233                         if(slap_sasl_rewrite_config(c->fname, c->lineno, c->argc, c->argv))
1234                                 return(1);
1235
1236                         if ( c->argc > 1 ) {
1237                                 char    *s;
1238
1239                                 /* quote all args but the first */
1240                                 line = ldap_charray2str( c->argv, "\" \"" );
1241                                 ber_str2bv( line, 0, 0, &bv );
1242                                 s = strchr( bv.bv_val, '"' );
1243                                 assert( s != NULL );
1244                                 /* move the trailing quote of argv[0] to the end */
1245                                 AC_MEMCPY( s, s + 1, bv.bv_len - ( s - bv.bv_val ) );
1246                                 bv.bv_val[ bv.bv_len - 1 ] = '"';
1247
1248                         } else {
1249                                 ber_str2bv( c->argv[ 0 ], 0, 1, &bv );
1250                         }
1251                         
1252                         ber_bvarray_add( &authz_rewrites, &bv );
1253                         }
1254                         break;
1255 #endif
1256
1257
1258                 default:
1259                         Debug( SLAPD_DEBUG_CONFIG_ERROR,
1260                                 "%s: unknown CFG_TYPE %d"
1261                                 SLAPD_CONF_UNKNOWN_IGNORED ".\n",
1262                                 c->log, c->type, 0 );
1263 #ifdef SLAPD_CONF_UNKNOWN_BAILOUT
1264                         return 1;
1265 #endif /* SLAPD_CONF_UNKNOWN_BAILOUT */
1266
1267         }
1268         return(0);
1269 }
1270
1271
1272 static int
1273 config_fname(ConfigArgs *c) {
1274         if(c->op == SLAP_CONFIG_EMIT) {
1275                 if (c->private) {
1276                         ConfigFile *cf = c->private;
1277                         value_add_one( &c->rvalue_vals, &cf->c_file );
1278                         return 0;
1279                 }
1280                 return 1;
1281         }
1282         return(0);
1283 }
1284
1285 static int
1286 config_cfdir(ConfigArgs *c) {
1287         if(c->op == SLAP_CONFIG_EMIT) {
1288                 if ( !BER_BVISEMPTY( &cfdir )) {
1289                         value_add_one( &c->rvalue_vals, &cfdir );
1290                         return 0;
1291                 }
1292                 return 1;
1293         }
1294         return(0);
1295 }
1296
1297 static int
1298 config_search_base(ConfigArgs *c) {
1299         if(c->op == SLAP_CONFIG_EMIT) {
1300                 int rc = 1;
1301                 if (!BER_BVISEMPTY(&default_search_base)) {
1302                         value_add_one(&c->rvalue_vals, &default_search_base);
1303                         value_add_one(&c->rvalue_nvals, &default_search_nbase);
1304                         rc = 0;
1305                 }
1306                 return rc;
1307         } else if( c->op == LDAP_MOD_DELETE ) {
1308                 ch_free( default_search_base.bv_val );
1309                 ch_free( default_search_nbase.bv_val );
1310                 BER_BVZERO( &default_search_base );
1311                 BER_BVZERO( &default_search_nbase );
1312                 return 0;
1313         }
1314
1315         if(c->bi || c->be != frontendDB) {
1316                 Debug(LDAP_DEBUG_ANY, "%s: defaultSearchBase line must appear "
1317                         "prior to any backend or database definition\n",
1318                         c->log, 0, 0);
1319                 return(1);
1320         }
1321
1322         if(default_search_nbase.bv_len) {
1323                 free(default_search_base.bv_val);
1324                 free(default_search_nbase.bv_val);
1325         }
1326
1327         default_search_base = c->value_dn;
1328         default_search_nbase = c->value_ndn;
1329         return(0);
1330 }
1331
1332 static int
1333 config_passwd_hash(ConfigArgs *c) {
1334         int i;
1335         if (c->op == SLAP_CONFIG_EMIT) {
1336                 struct berval bv;
1337                 for (i=0; default_passwd_hash && default_passwd_hash[i]; i++) {
1338                         ber_str2bv(default_passwd_hash[i], 0, 0, &bv);
1339                         value_add_one(&c->rvalue_vals, &bv);
1340                 }
1341                 return i ? 0 : 1;
1342         } else if ( c->op == LDAP_MOD_DELETE ) {
1343                 if ( c->valx < 0 ) {
1344                         ldap_charray_free( default_passwd_hash );
1345                         default_passwd_hash = NULL;
1346                 } else {
1347                         i = c->valx;
1348                         ch_free( default_passwd_hash[i] );
1349                         for (; default_passwd_hash[i]; i++ )
1350                                 default_passwd_hash[i] = default_passwd_hash[i+1];
1351                 }
1352                 return 0;
1353         }
1354         if(default_passwd_hash) {
1355                 Debug(LDAP_DEBUG_ANY, "%s: "
1356                         "already set default password_hash\n",
1357                         c->log, 0, 0);
1358                 return(1);
1359         }
1360         for(i = 1; i < c->argc; i++) {
1361                 if(!lutil_passwd_scheme(c->argv[i])) {
1362                         sprintf( c->msg, "<%s> schema not available", c->argv[0] );
1363                         Debug(LDAP_DEBUG_ANY, "%s: %s (%s)\n",
1364                                 c->log, c->msg, c->argv[i]);
1365                 } else {
1366                         ldap_charray_add(&default_passwd_hash, c->argv[i]);
1367                 }
1368                 if(!default_passwd_hash) {
1369                         sprintf( c->msg, "<%s> no valid hashes found", c->argv[0] );
1370                         Debug(LDAP_DEBUG_ANY, "%s: %s\n",
1371                                 c->log, c->msg, 0 );
1372                         return(1);
1373                 }
1374         }
1375         return(0);
1376 }
1377
1378 static int
1379 config_schema_dn(ConfigArgs *c) {
1380         if ( c->op == SLAP_CONFIG_EMIT ) {
1381                 int rc = 1;
1382                 if ( !BER_BVISEMPTY( &c->be->be_schemadn )) {
1383                         value_add_one(&c->rvalue_vals, &c->be->be_schemadn);
1384                         value_add_one(&c->rvalue_nvals, &c->be->be_schemandn);
1385                         rc = 0;
1386                 }
1387                 return rc;
1388         } else if ( c->op == LDAP_MOD_DELETE ) {
1389                 ch_free( c->be->be_schemadn.bv_val );
1390                 ch_free( c->be->be_schemandn.bv_val );
1391                 BER_BVZERO( &c->be->be_schemadn );
1392                 BER_BVZERO( &c->be->be_schemandn );
1393                 return 0;
1394         }
1395         ch_free( c->be->be_schemadn.bv_val );
1396         ch_free( c->be->be_schemandn.bv_val );
1397         c->be->be_schemadn = c->value_dn;
1398         c->be->be_schemandn = c->value_ndn;
1399         return(0);
1400 }
1401
1402 static int
1403 config_sizelimit(ConfigArgs *c) {
1404         int i, rc = 0;
1405         char *next;
1406         struct slap_limits_set *lim = &c->be->be_def_limit;
1407         if (c->op == SLAP_CONFIG_EMIT) {
1408                 char buf[8192];
1409                 struct berval bv;
1410                 bv.bv_val = buf;
1411                 bv.bv_len = 0;
1412                 limits_unparse_one( lim, SLAP_LIMIT_SIZE, &bv );
1413                 if ( !BER_BVISEMPTY( &bv ))
1414                         value_add_one( &c->rvalue_vals, &bv );
1415                 else
1416                         rc = 1;
1417                 return rc;
1418         } else if ( c->op == LDAP_MOD_DELETE ) {
1419                 /* Reset to defaults */
1420                 lim->lms_s_soft = SLAPD_DEFAULT_SIZELIMIT;
1421                 lim->lms_s_hard = 0;
1422                 lim->lms_s_unchecked = -1;
1423                 lim->lms_s_pr = 0;
1424                 lim->lms_s_pr_hide = 0;
1425                 lim->lms_s_pr_total = 0;
1426                 return 0;
1427         }
1428         for(i = 1; i < c->argc; i++) {
1429                 if(!strncasecmp(c->argv[i], "size", 4)) {
1430                         rc = limits_parse_one(c->argv[i], lim);
1431                         if ( rc ) {
1432                                 sprintf( c->msg, "<%s> unable to parse value", c->argv[0] );
1433                                 Debug(LDAP_DEBUG_ANY, "%s: %s \"%s\"\n",
1434                                         c->log, c->msg, c->argv[i]);
1435                                 return(1);
1436                         }
1437                 } else {
1438                         if(!strcasecmp(c->argv[i], "unlimited")) {
1439                                 lim->lms_s_soft = -1;
1440                         } else {
1441                                 lim->lms_s_soft = strtol(c->argv[i], &next, 0);
1442                                 if(next == c->argv[i]) {
1443                                         sprintf( c->msg, "<%s> unable to parse limit", c->argv[0]);
1444                                         Debug(LDAP_DEBUG_ANY, "%s: %s \"%s\"\n",
1445                                                 c->log, c->msg, c->argv[i]);
1446                                         return(1);
1447                                 } else if(next[0] != '\0') {
1448                                         Debug( SLAPD_DEBUG_CONFIG_ERROR, "%s: "
1449                                                 "trailing chars \"%s\" in \"sizelimit <limit>\" line"
1450                                                 SLAPD_CONF_UNKNOWN_IGNORED ".\n",
1451                                                 c->log, next, 0);
1452 #ifdef SLAPD_CONF_UNKNOWN_BAILOUT
1453                                         return 1;
1454 #endif /* SLAPD_CONF_UNKNOWN_BAILOUT */
1455                                 }
1456                         }
1457                         lim->lms_s_hard = 0;
1458                 }
1459         }
1460         return(0);
1461 }
1462
1463 static int
1464 config_timelimit(ConfigArgs *c) {
1465         int i, rc = 0;
1466         char *next;
1467         struct slap_limits_set *lim = &c->be->be_def_limit;
1468         if (c->op == SLAP_CONFIG_EMIT) {
1469                 char buf[8192];
1470                 struct berval bv;
1471                 bv.bv_val = buf;
1472                 bv.bv_len = 0;
1473                 limits_unparse_one( lim, SLAP_LIMIT_TIME, &bv );
1474                 if ( !BER_BVISEMPTY( &bv ))
1475                         value_add_one( &c->rvalue_vals, &bv );
1476                 else
1477                         rc = 1;
1478                 return rc;
1479         } else if ( c->op == LDAP_MOD_DELETE ) {
1480                 /* Reset to defaults */
1481                 lim->lms_t_soft = SLAPD_DEFAULT_TIMELIMIT;
1482                 lim->lms_t_hard = 0;
1483                 return 0;
1484         }
1485         for(i = 1; i < c->argc; i++) {
1486                 if(!strncasecmp(c->argv[i], "time", 4)) {
1487                         rc = limits_parse_one(c->argv[i], lim);
1488                         if ( rc ) {
1489                                 sprintf( c->msg, "<%s> unable to parse value", c->argv[0] );
1490                                 Debug(LDAP_DEBUG_ANY, "%s: %s \"%s\"\n",
1491                                         c->log, c->msg, c->argv[i]);
1492                                 return(1);
1493                         }
1494                 } else {
1495                         if(!strcasecmp(c->argv[i], "unlimited")) {
1496                                 lim->lms_t_soft = -1;
1497                         } else {
1498                                 lim->lms_t_soft = strtol(c->argv[i], &next, 0);
1499                                 if(next == c->argv[i]) {
1500                                         sprintf( c->msg, "<%s> unable to parse limit", c->argv[0]);
1501                                         Debug(LDAP_DEBUG_ANY, "%s: %s \"%s\"\n",
1502                                                 c->log, c->msg, c->argv[i]);
1503                                         return(1);
1504                                 } else if(next[0] != '\0') {
1505                                         Debug( SLAPD_DEBUG_CONFIG_ERROR, "%s: "
1506                                                 "trailing chars \"%s\" in \"timelimit <limit>\" line"
1507                                                 SLAPD_CONF_UNKNOWN_IGNORED ".\n",
1508                                                 c->log, next, 0);
1509 #ifdef SLAPD_CONF_UNKNOWN_BAILOUT
1510                                         return 1;
1511 #endif /* SLAPD_CONF_UNKNOWN_BAILOUT */
1512                                 }
1513                         }
1514                         lim->lms_t_hard = 0;
1515                 }
1516         }
1517         return(0);
1518 }
1519
1520 static int
1521 config_overlay(ConfigArgs *c) {
1522         slap_overinfo *oi;
1523         if (c->op == SLAP_CONFIG_EMIT) {
1524                 return 1;
1525         } else if ( c->op == LDAP_MOD_DELETE ) {
1526                 assert(0);
1527         }
1528         if(c->argv[1][0] == '-' && overlay_config(c->be, &c->argv[1][1])) {
1529                 /* log error */
1530                 Debug( SLAPD_DEBUG_CONFIG_ERROR, "%s: (optional) %s overlay \"%s\" configuration failed"
1531                         SLAPD_CONF_UNKNOWN_IGNORED ".\n",
1532                         c->log, c->be == frontendDB ? "global " : "", &c->argv[1][1]);
1533 #ifdef SLAPD_CONF_UNKNOWN_BAILOUT
1534                 return 1;
1535 #endif /* SLAPD_CONF_UNKNOWN_BAILOUT */
1536         } else if(overlay_config(c->be, c->argv[1])) {
1537                 return(1);
1538         }
1539         /* Setup context for subsequent config directives.
1540          * The newly added overlay is at the head of the list.
1541          */
1542         oi = (slap_overinfo *)c->be->bd_info;
1543         c->bi = &oi->oi_list->on_bi;
1544         return(0);
1545 }
1546
1547 static int
1548 config_suffix(ConfigArgs *c)
1549 {
1550         Backend *tbe;
1551         struct berval pdn, ndn;
1552         char    *notallowed = NULL;
1553
1554         if ( c->be == frontendDB ) {
1555                 notallowed = "frontend";
1556
1557         } else if ( SLAP_MONITOR(c->be) ) {
1558                 notallowed = "monitor";
1559
1560         } else if ( SLAP_CONFIG(c->be) ) {
1561                 notallowed = "config";
1562         }
1563
1564         if ( notallowed != NULL ) {
1565                 char    buf[ SLAP_TEXT_BUFLEN ] = { '\0' };
1566
1567                 if ( !BER_BVISNULL( &c->value_dn ) ) {
1568                         snprintf( buf, sizeof( buf ), "<%s> ", c->value_dn.bv_val );
1569                 }
1570
1571                 Debug(LDAP_DEBUG_ANY,
1572                         "%s: suffix %snot allowed in %s database.\n",
1573                         c->log, buf, notallowed );
1574                 return 1;
1575         }
1576
1577         if (c->op == SLAP_CONFIG_EMIT) {
1578                 if ( c->be->be_suffix == NULL
1579                                 || BER_BVISNULL( &c->be->be_suffix[0] ) )
1580                 {
1581                         return 1;
1582                 } else {
1583                         value_add( &c->rvalue_vals, c->be->be_suffix );
1584                         value_add( &c->rvalue_nvals, c->be->be_nsuffix );
1585                         return 0;
1586                 }
1587         } else if ( c->op == LDAP_MOD_DELETE ) {
1588                 if ( c->valx < 0 ) {
1589                         ber_bvarray_free( c->be->be_suffix );
1590                         ber_bvarray_free( c->be->be_nsuffix );
1591                         c->be->be_suffix = NULL;
1592                         c->be->be_nsuffix = NULL;
1593                 } else {
1594                         int i = c->valx;
1595                         ch_free( c->be->be_suffix[i].bv_val );
1596                         ch_free( c->be->be_nsuffix[i].bv_val );
1597                         for (; c->be->be_suffix[i].bv_val; i++) {
1598                                 c->be->be_suffix[i] = c->be->be_suffix[i+1];
1599                                 c->be->be_nsuffix[i] = c->be->be_nsuffix[i+1];
1600                         }
1601                 }
1602                 return 0;
1603         }
1604
1605 #ifdef SLAPD_MONITOR_DN
1606         if(!strcasecmp(c->argv[1], SLAPD_MONITOR_DN)) {
1607                 sprintf( c->msg, "<%s> DN is reserved for monitoring slapd",
1608                         c->argv[0] );
1609                 Debug(LDAP_DEBUG_ANY, "%s: %s (%s)\n",
1610                         c->log, c->msg, SLAPD_MONITOR_DN);
1611                 return(1);
1612         }
1613 #endif
1614
1615         pdn = c->value_dn;
1616         ndn = c->value_ndn;
1617         tbe = select_backend(&ndn, 0, 0);
1618         if(tbe == c->be) {
1619                 Debug( SLAPD_DEBUG_CONFIG_ERROR,
1620                         "%s: suffix already served by this backend!"
1621                         SLAPD_CONF_UNKNOWN_IGNORED ".\n",
1622                         c->log, 0, 0);
1623 #ifdef SLAPD_CONF_UNKNOWN_BAILOUT
1624                 return 1;
1625 #endif /* SLAPD_CONF_UNKNOWN_BAILOUT */
1626                 free(pdn.bv_val);
1627                 free(ndn.bv_val);
1628         } else if(tbe) {
1629                 sprintf( c->msg, "<%s> suffix already served by a preceding backend",
1630                         c->argv[0] );
1631                 Debug(LDAP_DEBUG_ANY, "%s: %s \"%s\"\n",
1632                         c->log, c->msg, tbe->be_suffix[0].bv_val);
1633                 free(pdn.bv_val);
1634                 free(ndn.bv_val);
1635                 return(1);
1636         } else if(pdn.bv_len == 0 && default_search_nbase.bv_len) {
1637                 Debug(LDAP_DEBUG_ANY, "%s: suffix DN empty and default search "
1638                         "base provided \"%s\" (assuming okay)\n",
1639                         c->log, default_search_base.bv_val, 0);
1640         }
1641         ber_bvarray_add(&c->be->be_suffix, &pdn);
1642         ber_bvarray_add(&c->be->be_nsuffix, &ndn);
1643         return(0);
1644 }
1645
1646 static int
1647 config_rootdn(ConfigArgs *c) {
1648         if (c->op == SLAP_CONFIG_EMIT) {
1649                 if ( !BER_BVISNULL( &c->be->be_rootdn )) {
1650                         value_add_one(&c->rvalue_vals, &c->be->be_rootdn);
1651                         value_add_one(&c->rvalue_nvals, &c->be->be_rootndn);
1652                         return 0;
1653                 } else {
1654                         return 1;
1655                 }
1656         } else if ( c->op == LDAP_MOD_DELETE ) {
1657                 ch_free( c->be->be_rootdn.bv_val );
1658                 ch_free( c->be->be_rootndn.bv_val );
1659                 BER_BVZERO( &c->be->be_rootdn );
1660                 BER_BVZERO( &c->be->be_rootndn );
1661                 return 0;
1662         }
1663         if ( !BER_BVISNULL( &c->be->be_rootdn )) {
1664                 ch_free( c->be->be_rootdn.bv_val );
1665                 ch_free( c->be->be_rootndn.bv_val );
1666         }
1667         c->be->be_rootdn = c->value_dn;
1668         c->be->be_rootndn = c->value_ndn;
1669         return(0);
1670 }
1671
1672 static int
1673 config_rootpw(ConfigArgs *c) {
1674         Backend *tbe;
1675         /* config_add_internal sets c->be = frontendDB. While the cn=config
1676          * rootpw is technically inside a backend, we expose it in the
1677          * global entry, and need to point to it properly here.
1678          */
1679         if (c->be == frontendDB)
1680                 c->be = LDAP_STAILQ_FIRST(&backendDB);
1681
1682         if (c->op == SLAP_CONFIG_EMIT) {
1683                 if (!BER_BVISEMPTY(&c->be->be_rootpw)) {
1684                         ber_dupbv( &c->value_bv, &c->be->be_rootpw);
1685                         return 0;
1686                 }
1687                 return 1;
1688         } else if ( c->op == LDAP_MOD_DELETE ) {
1689                 ch_free( c->be->be_rootpw.bv_val );
1690                 BER_BVZERO( &c->be->be_rootpw );
1691                 return 0;
1692         }
1693
1694         tbe = select_backend(&c->be->be_rootndn, 0, 0);
1695         if(tbe != c->be) {
1696                 sprintf( c->msg, "<%s> can only be set when rootdn is under suffix",
1697                         c->argv[0] );
1698                 Debug(LDAP_DEBUG_ANY, "%s: %s\n",
1699                         c->log, c->msg, 0);
1700                 return(1);
1701         }
1702         if ( !BER_BVISNULL( &c->be->be_rootpw ))
1703                 ch_free( c->be->be_rootpw.bv_val );
1704         c->be->be_rootpw = c->value_bv;
1705         return(0);
1706 }
1707
1708 static int
1709 config_restrict(ConfigArgs *c) {
1710         slap_mask_t restrictops = 0;
1711         int i;
1712         slap_verbmasks restrictable_ops[] = {
1713                 { BER_BVC("bind"),              SLAP_RESTRICT_OP_BIND },
1714                 { BER_BVC("add"),               SLAP_RESTRICT_OP_ADD },
1715                 { BER_BVC("modify"),            SLAP_RESTRICT_OP_MODIFY },
1716                 { BER_BVC("rename"),            SLAP_RESTRICT_OP_RENAME },
1717                 { BER_BVC("modrdn"),            0 },
1718                 { BER_BVC("delete"),            SLAP_RESTRICT_OP_DELETE },
1719                 { BER_BVC("search"),            SLAP_RESTRICT_OP_SEARCH },
1720                 { BER_BVC("compare"),   SLAP_RESTRICT_OP_COMPARE },
1721                 { BER_BVC("read"),              SLAP_RESTRICT_OP_READS },
1722                 { BER_BVC("write"),             SLAP_RESTRICT_OP_WRITES },
1723                 { BER_BVC("extended"),  SLAP_RESTRICT_OP_EXTENDED },
1724                 { BER_BVC("extended=" LDAP_EXOP_START_TLS ),            SLAP_RESTRICT_EXOP_START_TLS },
1725                 { BER_BVC("extended=" LDAP_EXOP_MODIFY_PASSWD ),        SLAP_RESTRICT_EXOP_MODIFY_PASSWD },
1726                 { BER_BVC("extended=" LDAP_EXOP_X_WHO_AM_I ),           SLAP_RESTRICT_EXOP_WHOAMI },
1727                 { BER_BVC("extended=" LDAP_EXOP_X_CANCEL ),             SLAP_RESTRICT_EXOP_CANCEL },
1728                 { BER_BVNULL,   0 }
1729         };
1730
1731         if (c->op == SLAP_CONFIG_EMIT) {
1732                 return mask_to_verbs( restrictable_ops, c->be->be_restrictops,
1733                         &c->rvalue_vals );
1734         } else if ( c->op == LDAP_MOD_DELETE ) {
1735                 if ( !c->line ) {
1736                         c->be->be_restrictops = 0;
1737                 } else {
1738                         restrictops = verb_to_mask( c->line, restrictable_ops );
1739                         c->be->be_restrictops ^= restrictops;
1740                 }
1741                 return 0;
1742         }
1743         i = verbs_to_mask( c->argc, c->argv, restrictable_ops, &restrictops );
1744         if ( i ) {
1745                 sprintf( c->msg, "<%s> unknown operation", c->argv[0] );
1746                 Debug(LDAP_DEBUG_ANY, "%s: %s %s\n",
1747                         c->log, c->msg, c->argv[i]);
1748                 return(1);
1749         }
1750         if ( restrictops & SLAP_RESTRICT_OP_EXTENDED )
1751                 restrictops &= ~SLAP_RESTRICT_EXOP_MASK;
1752         c->be->be_restrictops |= restrictops;
1753         return(0);
1754 }
1755
1756 static int
1757 config_allows(ConfigArgs *c) {
1758         slap_mask_t allows = 0;
1759         int i;
1760         slap_verbmasks allowable_ops[] = {
1761                 { BER_BVC("bind_v2"),           SLAP_ALLOW_BIND_V2 },
1762                 { BER_BVC("bind_anon_cred"),    SLAP_ALLOW_BIND_ANON_CRED },
1763                 { BER_BVC("bind_anon_dn"),      SLAP_ALLOW_BIND_ANON_DN },
1764                 { BER_BVC("update_anon"),       SLAP_ALLOW_UPDATE_ANON },
1765                 { BER_BVNULL,   0 }
1766         };
1767         if (c->op == SLAP_CONFIG_EMIT) {
1768                 return mask_to_verbs( allowable_ops, global_allows, &c->rvalue_vals );
1769         } else if ( c->op == LDAP_MOD_DELETE ) {
1770                 if ( !c->line ) {
1771                         global_allows = 0;
1772                 } else {
1773                         allows = verb_to_mask( c->line, allowable_ops );
1774                         global_allows ^= allows;
1775                 }
1776                 return 0;
1777         }
1778         i = verbs_to_mask(c->argc, c->argv, allowable_ops, &allows);
1779         if ( i ) {
1780                 sprintf( c->msg, "<%s> unknown feature", c->argv[0] );
1781                 Debug(LDAP_DEBUG_ANY, "%s: %s %s\n",
1782                         c->log, c->msg, c->argv[i]);
1783                 return(1);
1784         }
1785         global_allows |= allows;
1786         return(0);
1787 }
1788
1789 static int
1790 config_disallows(ConfigArgs *c) {
1791         slap_mask_t disallows = 0;
1792         int i;
1793         slap_verbmasks disallowable_ops[] = {
1794                 { BER_BVC("bind_anon"),         SLAP_DISALLOW_BIND_ANON },
1795                 { BER_BVC("bind_simple"),       SLAP_DISALLOW_BIND_SIMPLE },
1796                 { BER_BVC("bind_krb4"),         SLAP_DISALLOW_BIND_KRBV4 },
1797                 { BER_BVC("tls_2_anon"),                SLAP_DISALLOW_TLS_2_ANON },
1798                 { BER_BVC("tls_authc"),         SLAP_DISALLOW_TLS_AUTHC },
1799                 { BER_BVNULL, 0 }
1800         };
1801         if (c->op == SLAP_CONFIG_EMIT) {
1802                 return mask_to_verbs( disallowable_ops, global_disallows, &c->rvalue_vals );
1803         } else if ( c->op == LDAP_MOD_DELETE ) {
1804                 if ( !c->line ) {
1805                         global_disallows = 0;
1806                 } else {
1807                         disallows = verb_to_mask( c->line, disallowable_ops );
1808                         global_disallows ^= disallows;
1809                 }
1810                 return 0;
1811         }
1812         i = verbs_to_mask(c->argc, c->argv, disallowable_ops, &disallows);
1813         if ( i ) {
1814                 sprintf( c->msg, "<%s> unknown feature", c->argv[0] );
1815                 Debug(LDAP_DEBUG_ANY, "%s: %s %s\n",
1816                         c->log, c->msg, c->argv[i]);
1817                 return(1);
1818         }
1819         global_disallows |= disallows;
1820         return(0);
1821 }
1822
1823 static int
1824 config_requires(ConfigArgs *c) {
1825         slap_mask_t requires = 0;
1826         int i;
1827         slap_verbmasks requires_ops[] = {
1828                 { BER_BVC("bind"),              SLAP_REQUIRE_BIND },
1829                 { BER_BVC("LDAPv3"),            SLAP_REQUIRE_LDAP_V3 },
1830                 { BER_BVC("authc"),             SLAP_REQUIRE_AUTHC },
1831                 { BER_BVC("sasl"),              SLAP_REQUIRE_SASL },
1832                 { BER_BVC("strong"),            SLAP_REQUIRE_STRONG },
1833                 { BER_BVNULL, 0 }
1834         };
1835         if (c->op == SLAP_CONFIG_EMIT) {
1836                 return mask_to_verbs( requires_ops, c->be->be_requires, &c->rvalue_vals );
1837         } else if ( c->op == LDAP_MOD_DELETE ) {
1838                 if ( !c->line ) {
1839                         c->be->be_requires = 0;
1840                 } else {
1841                         requires = verb_to_mask( c->line, requires_ops );
1842                         c->be->be_requires ^= requires;
1843                 }
1844                 return 0;
1845         }
1846         i = verbs_to_mask(c->argc, c->argv, requires_ops, &requires);
1847         if ( i ) {
1848                 sprintf( c->msg, "<%s> unknown feature", c->argv[0] );
1849                 Debug(LDAP_DEBUG_ANY, "%s: %s %s\n",
1850                         c->log, c->msg, c->argv[i]);
1851                 return(1);
1852         }
1853         c->be->be_requires = requires;
1854         return(0);
1855 }
1856
1857 static int
1858 config_loglevel(ConfigArgs *c) {
1859         int i;
1860         char *next;
1861         slap_verbmasks loglevel_ops[] = {
1862                 { BER_BVC("Any"),       -1 },
1863                 { BER_BVC("Trace"),     LDAP_DEBUG_TRACE },
1864                 { BER_BVC("Packets"),   LDAP_DEBUG_PACKETS },
1865                 { BER_BVC("Args"),      LDAP_DEBUG_ARGS },
1866                 { BER_BVC("Conns"),     LDAP_DEBUG_CONNS },
1867                 { BER_BVC("BER"),       LDAP_DEBUG_BER },
1868                 { BER_BVC("Filter"),    LDAP_DEBUG_FILTER },
1869                 { BER_BVC("Config"),    LDAP_DEBUG_CONFIG },
1870                 { BER_BVC("ACL"),       LDAP_DEBUG_ACL },
1871                 { BER_BVC("Stats"),     LDAP_DEBUG_STATS },
1872                 { BER_BVC("Stats2"),    LDAP_DEBUG_STATS2 },
1873                 { BER_BVC("Shell"),     LDAP_DEBUG_SHELL },
1874                 { BER_BVC("Parse"),     LDAP_DEBUG_PARSE },
1875                 { BER_BVC("Cache"),     LDAP_DEBUG_CACHE },
1876                 { BER_BVC("Index"),     LDAP_DEBUG_INDEX },
1877                 { BER_BVC("Sync"),      LDAP_DEBUG_SYNC },
1878                 { BER_BVNULL,   0 }
1879         };
1880
1881         if (c->op == SLAP_CONFIG_EMIT) {
1882                 return mask_to_verbs( loglevel_ops, ldap_syslog, &c->rvalue_vals );
1883         } else if ( c->op == LDAP_MOD_DELETE ) {
1884                 if ( !c->line ) {
1885                         ldap_syslog = 0;
1886                 } else {
1887                         int level = verb_to_mask( c->line, loglevel_ops );
1888                         ldap_syslog ^= level;
1889                 }
1890                 return 0;
1891         }
1892
1893         ldap_syslog = 0;
1894
1895         for( i=1; i < c->argc; i++ ) {
1896                 int     level;
1897
1898                 if ( isdigit( c->argv[i][0] ) || c->argv[i][0] == '-' ) {
1899                         level = strtol( c->argv[i], &next, 10 );
1900                         if ( next == NULL || next[0] != '\0' ) {
1901                                 sprintf( c->msg, "<%s> unable to parse level", c->argv[0] );
1902                                 Debug( LDAP_DEBUG_ANY, "%s: %s \"%s\"\n",
1903                                         c->log, c->msg, c->argv[i]);
1904                                 return( 1 );
1905                         }
1906                 } else {
1907                         int j = verb_to_mask(c->argv[i], loglevel_ops);
1908                         if(BER_BVISNULL(&loglevel_ops[j].word)) {
1909                                 sprintf( c->msg, "<%s> unknown level", c->argv[0] );
1910                                 Debug( LDAP_DEBUG_ANY, "%s: %s \"%s\"\n",
1911                                         c->log, c->msg, c->argv[i]);
1912                                 return( 1 );
1913                         }
1914                         level = loglevel_ops[j].mask;
1915                 }
1916                 ldap_syslog |= level;
1917         }
1918         return(0);
1919 }
1920
1921 static int
1922 config_referral(ConfigArgs *c) {
1923         struct berval val;
1924         if (c->op == SLAP_CONFIG_EMIT) {
1925                 if ( default_referral ) {
1926                         value_add( &c->rvalue_vals, default_referral );
1927                         return 0;
1928                 } else {
1929                         return 1;
1930                 }
1931         } else if ( c->op == LDAP_MOD_DELETE ) {
1932                 if ( c->valx < 0 ) {
1933                         ber_bvarray_free( default_referral );
1934                         default_referral = NULL;
1935                 } else {
1936                         int i = c->valx;
1937                         ch_free( default_referral[i].bv_val );
1938                         for (; default_referral[i].bv_val; i++ )
1939                                 default_referral[i] = default_referral[i+1];
1940                 }
1941                 return 0;
1942         }
1943         if(validate_global_referral(c->argv[1])) {
1944                 sprintf( c->msg, "<%s> invalid URL", c->argv[0] );
1945                 Debug(LDAP_DEBUG_ANY, "%s: %s (%s)\n",
1946                         c->log, c->msg, c->argv[1]);
1947                 return(1);
1948         }
1949
1950         ber_str2bv(c->argv[1], 0, 0, &val);
1951         if(value_add_one(&default_referral, &val)) return(LDAP_OTHER);
1952         return(0);
1953 }
1954
1955 static struct {
1956         struct berval key;
1957         int off;
1958 } sec_keys[] = {
1959         { BER_BVC("ssf="), offsetof(slap_ssf_set_t, sss_ssf) },
1960         { BER_BVC("transport="), offsetof(slap_ssf_set_t, sss_transport) },
1961         { BER_BVC("tls="), offsetof(slap_ssf_set_t, sss_tls) },
1962         { BER_BVC("sasl="), offsetof(slap_ssf_set_t, sss_sasl) },
1963         { BER_BVC("update_ssf="), offsetof(slap_ssf_set_t, sss_update_ssf) },
1964         { BER_BVC("update_transport="), offsetof(slap_ssf_set_t, sss_update_transport) },
1965         { BER_BVC("update_tls="), offsetof(slap_ssf_set_t, sss_update_tls) },
1966         { BER_BVC("update_sasl="), offsetof(slap_ssf_set_t, sss_update_sasl) },
1967         { BER_BVC("simple_bind="), offsetof(slap_ssf_set_t, sss_simple_bind) },
1968         { BER_BVNULL, 0 }
1969 };
1970
1971 static int
1972 config_security(ConfigArgs *c) {
1973         slap_ssf_set_t *set = &c->be->be_ssf_set;
1974         char *next;
1975         int i, j;
1976         if (c->op == SLAP_CONFIG_EMIT) {
1977                 char numbuf[32];
1978                 struct berval bv;
1979                 slap_ssf_t *tgt;
1980                 int rc = 1;
1981
1982                 for (i=0; !BER_BVISNULL( &sec_keys[i].key ); i++) {
1983                         tgt = (slap_ssf_t *)((char *)set + sec_keys[i].off);
1984                         if ( *tgt ) {
1985                                 rc = 0;
1986                                 bv.bv_len = sprintf( numbuf, "%u", *tgt );
1987                                 bv.bv_len += sec_keys[i].key.bv_len;
1988                                 bv.bv_val = ch_malloc( bv.bv_len + 1);
1989                                 next = lutil_strcopy( bv.bv_val, sec_keys[i].key.bv_val );
1990                                 strcpy( next, numbuf );
1991                                 ber_bvarray_add( &c->rvalue_vals, &bv );
1992                         }
1993                 }
1994                 return rc;
1995         }
1996         for(i = 1; i < c->argc; i++) {
1997                 slap_ssf_t *tgt = NULL;
1998                 char *src;
1999                 for ( j=0; !BER_BVISNULL( &sec_keys[j].key ); j++ ) {
2000                         if(!strncasecmp(c->argv[i], sec_keys[j].key.bv_val,
2001                                 sec_keys[j].key.bv_len)) {
2002                                 src = c->argv[i] + sec_keys[j].key.bv_len;
2003                                 tgt = (slap_ssf_t *)((char *)set + sec_keys[j].off);
2004                                 break;
2005                         }
2006                 }
2007                 if ( !tgt ) {
2008                         sprintf( c->msg, "<%s> unknown factor", c->argv[0] );
2009                         Debug(LDAP_DEBUG_ANY, "%s: %s %s\n",
2010                                 c->log, c->msg, c->argv[i]);
2011                         return(1);
2012                 }
2013
2014                 *tgt = strtol(src, &next, 10);
2015                 if(next == NULL || next[0] != '\0' ) {
2016                         sprintf( c->msg, "<%s> unable to parse factor", c->argv[0] );
2017                         Debug(LDAP_DEBUG_ANY, "%s: %s \"%s\"\n",
2018                                 c->log, c->msg, c->argv[i]);
2019                         return(1);
2020                 }
2021         }
2022         return(0);
2023 }
2024
2025 char *
2026 anlist_unparse( AttributeName *an, char *ptr ) {
2027         int comma = 0;
2028
2029         for (; !BER_BVISNULL( &an->an_name ); an++) {
2030                 if ( comma ) *ptr++ = ',';
2031                 ptr = lutil_strcopy( ptr, an->an_name.bv_val );
2032                 comma = 1;
2033         }
2034         return ptr;
2035 }
2036
2037 static void
2038 replica_unparse( struct slap_replica_info *ri, int i, struct berval *bv )
2039 {
2040         int len;
2041         char *ptr;
2042         struct berval bc = {0};
2043         char numbuf[32];
2044
2045         len = sprintf(numbuf, IFMT, i );
2046
2047         len += strlen( ri->ri_uri ) + STRLENOF("uri=");
2048         if ( ri->ri_nsuffix ) {
2049                 for (i=0; !BER_BVISNULL( &ri->ri_nsuffix[i] ); i++) {
2050                         len += ri->ri_nsuffix[i].bv_len + STRLENOF(" suffix=\"\"");
2051                 }
2052         }
2053         if ( ri->ri_attrs ) {
2054                 len += STRLENOF("attr");
2055                 if ( ri->ri_exclude ) len++;
2056                 for (i=0; !BER_BVISNULL( &ri->ri_attrs[i].an_name ); i++) {
2057                         len += 1 + ri->ri_attrs[i].an_name.bv_len;
2058                 }
2059         }
2060         bindconf_unparse( &ri->ri_bindconf, &bc );
2061         len += bc.bv_len;
2062
2063         bv->bv_val = ch_malloc(len + 1);
2064         bv->bv_len = len;
2065
2066         ptr = lutil_strcopy( bv->bv_val, numbuf );
2067         ptr = lutil_strcopy( ptr, "uri=" );
2068         ptr = lutil_strcopy( ptr, ri->ri_uri );
2069
2070         if ( ri->ri_nsuffix ) {
2071                 for (i=0; !BER_BVISNULL( &ri->ri_nsuffix[i] ); i++) {
2072                         ptr = lutil_strcopy( ptr, " suffix=\"" );
2073                         ptr = lutil_strcopy( ptr, ri->ri_nsuffix[i].bv_val );
2074                         *ptr++ = '"';
2075                 }
2076         }
2077         if ( ri->ri_attrs ) {
2078                 ptr = lutil_strcopy( ptr, "attr" );
2079                 if ( ri->ri_exclude ) *ptr++ = '!';
2080                 *ptr++ = '=';
2081                 ptr = anlist_unparse( ri->ri_attrs, ptr );
2082         }
2083         if ( bc.bv_val ) {
2084                 strcpy( ptr, bc.bv_val );
2085                 ch_free( bc.bv_val );
2086         }
2087 }
2088
2089 static int
2090 config_replica(ConfigArgs *c) {
2091         int i, nr = -1, len;
2092         char *replicahost, *replicauri;
2093         LDAPURLDesc *ludp;
2094
2095         if (c->op == SLAP_CONFIG_EMIT) {
2096                 if (c->be->be_replica) {
2097                         struct berval bv;
2098                         for (i=0;c->be->be_replica[i]; i++) {
2099                                 replica_unparse( c->be->be_replica[i], i, &bv );
2100                                 ber_bvarray_add( &c->rvalue_vals, &bv );
2101                         }
2102                         return 0;
2103                 }
2104                 return 1;
2105         } else if ( c->op == LDAP_MOD_DELETE ) {
2106                 /* FIXME: there is no replica_free function */
2107                 if ( c->valx < 0 ) {
2108                 } else {
2109                 }
2110         }
2111         if(SLAP_MONITOR(c->be)) {
2112                 Debug(LDAP_DEBUG_ANY, "%s: "
2113                         "\"replica\" should not be used inside monitor database\n",
2114                         c->log, 0, 0);
2115                 return(0);      /* FIXME: should this be an error? */
2116         }
2117
2118         for(i = 1; i < c->argc; i++) {
2119                 if(!strncasecmp(c->argv[i], "host=", STRLENOF("host="))) {
2120                         replicahost = c->argv[i] + STRLENOF("host=");
2121                         len = strlen( replicahost );
2122                         replicauri = ch_malloc( len + STRLENOF("ldap://") + 1 );
2123                         sprintf( replicauri, "ldap://%s", replicahost );
2124                         replicahost = replicauri + STRLENOF( "ldap://");
2125                         nr = add_replica_info(c->be, replicauri, replicahost);
2126                         break;
2127                 } else if(!strncasecmp(c->argv[i], "uri=", STRLENOF("uri="))) {
2128                         if(ldap_url_parse(c->argv[i] + STRLENOF("uri="), &ludp) != LDAP_SUCCESS) {
2129                                 sprintf( c->msg, "<%s> invalid uri", c->argv[0] );
2130                                 Debug(LDAP_DEBUG_ANY, "%s: %s\n", c->log, c->msg, 0 );
2131                                 return(1);
2132                         }
2133                         if(!ludp->lud_host) {
2134                                 sprintf( c->msg, "<%s> invalid uri - missing hostname",
2135                                         c->argv[0] );
2136                                 Debug(LDAP_DEBUG_ANY, "%s: %s\n", c->log, c->msg, 0 );
2137                                 return(1);
2138                         }
2139                         ldap_free_urldesc(ludp);
2140                         replicauri = c->argv[i] + STRLENOF("uri=");
2141                         replicauri = ch_strdup( replicauri );
2142                         replicahost = strchr( replicauri, '/' );
2143                         replicahost += 2;
2144                         nr = add_replica_info(c->be, replicauri, replicahost);
2145                         break;
2146                 }
2147         }
2148         if(i == c->argc) {
2149                 sprintf( c->msg, "<%s> missing host or uri", c->argv[0] );
2150                 Debug(LDAP_DEBUG_ANY, "%s: %s\n", c->log, c->msg, 0 );
2151                 return(1);
2152         } else if(nr == -1) {
2153                 sprintf( c->msg, "<%s> unable to add replica", c->argv[0] );
2154                 Debug(LDAP_DEBUG_ANY, "%s: %s \"%s\"\n", c->log, c->msg, replicauri );
2155                 return(1);
2156         } else {
2157                 for(i = 1; i < c->argc; i++) {
2158                         if(!strncasecmp(c->argv[i], "suffix=", STRLENOF( "suffix="))) {
2159                                 switch(add_replica_suffix(c->be, nr, c->argv[i] + STRLENOF("suffix="))) {
2160                                         case 1:
2161                                                 Debug( SLAPD_DEBUG_CONFIG_ERROR, "%s: "
2162                                                 "suffix \"%s\" in \"replica\" line is not valid for backend"
2163                                                 SLAPD_CONF_UNKNOWN_IGNORED ".\n",
2164                                                 c->log, c->argv[i] + STRLENOF("suffix="), 0);
2165 #ifdef SLAPD_CONF_UNKNOWN_BAILOUT
2166                                                 return 1;
2167 #endif /* SLAPD_CONF_UNKNOWN_BAILOUT */
2168                                                 break;
2169                                         case 2:
2170                                                 Debug( SLAPD_DEBUG_CONFIG_ERROR, "%s: "
2171                                                 "unable to normalize suffix in \"replica\" line"
2172                                                 SLAPD_CONF_UNKNOWN_IGNORED ".\n",
2173                                                 c->log, 0, 0);
2174 #ifdef SLAPD_CONF_UNKNOWN_BAILOUT
2175                                                 return 1;
2176 #endif /* SLAPD_CONF_UNKNOWN_BAILOUT */
2177                                                 break;
2178                                 }
2179
2180                         } else if(!strncasecmp(c->argv[i], "attr", STRLENOF("attr"))) {
2181                                 int exclude = 0;
2182                                 char *arg = c->argv[i] + STRLENOF("attr");
2183                                 if(arg[0] == '!') {
2184                                         arg++;
2185                                         exclude = 1;
2186                                 }
2187                                 if(arg[0] != '=') {
2188                                         continue;
2189                                 }
2190                                 if(add_replica_attrs(c->be, nr, arg + 1, exclude)) {
2191                                         sprintf( c->msg, "<%s> unknown attribute", c->argv[0] );
2192                                         Debug(LDAP_DEBUG_ANY, "%s: %s \"%s\"\n",
2193                                                 c->log, c->msg, arg + 1);
2194                                         return(1);
2195                                 }
2196                         } else if ( bindconf_parse( c->argv[i],
2197                                         &c->be->be_replica[nr]->ri_bindconf ) ) {
2198                                 return(1);
2199                         }
2200                 }
2201         }
2202         return(0);
2203 }
2204
2205 static int
2206 config_updatedn(ConfigArgs *c) {
2207         struct berval dn;
2208         int rc;
2209         if (c->op == SLAP_CONFIG_EMIT) {
2210                 if (!BER_BVISEMPTY(&c->be->be_update_ndn)) {
2211                         value_add_one(&c->rvalue_vals, &c->be->be_update_ndn);
2212                         value_add_one(&c->rvalue_nvals, &c->be->be_update_ndn);
2213                         return 0;
2214                 }
2215                 return 1;
2216         } else if ( c->op == LDAP_MOD_DELETE ) {
2217                 ch_free( c->be->be_update_ndn.bv_val );
2218                 c->be->be_update_ndn.bv_val = NULL;
2219                 SLAP_DBFLAGS(c->be) ^= (SLAP_DBFLAG_SHADOW | SLAP_DBFLAG_SLURP_SHADOW);
2220                 return 0;
2221         }
2222         if(SLAP_SHADOW(c->be)) {
2223                 sprintf( c->msg, "<%s> database already shadowed", c->argv[0] );
2224                 Debug(LDAP_DEBUG_ANY, "%s: %s\n",
2225                         c->log, c->msg, 0);
2226                 return(1);
2227         }
2228
2229         ber_str2bv(c->argv[1], 0, 0, &dn);
2230
2231         rc = dnNormalize(0, NULL, NULL, &dn, &c->be->be_update_ndn, NULL);
2232
2233         if(rc != LDAP_SUCCESS) {
2234                 sprintf( c->msg, "<%s> invalid DN %d (%s)", c->argv[0],
2235                         rc, ldap_err2string(rc));
2236                 Debug(LDAP_DEBUG_ANY, "%s: %s\n",
2237                         c->log, c->msg, 0 );
2238                 return(1);
2239         }
2240
2241         SLAP_DBFLAGS(c->be) |= (SLAP_DBFLAG_SHADOW | SLAP_DBFLAG_SLURP_SHADOW);
2242         return(0);
2243 }
2244
2245 static int
2246 config_updateref(ConfigArgs *c) {
2247         struct berval val;
2248         if (c->op == SLAP_CONFIG_EMIT) {
2249                 if ( c->be->be_update_refs ) {
2250                         value_add( &c->rvalue_vals, c->be->be_update_refs );
2251                         return 0;
2252                 } else {
2253                         return 1;
2254                 }
2255         } else if ( c->op == LDAP_MOD_DELETE ) {
2256                 if ( c->valx < 0 ) {
2257                         ber_bvarray_free( c->be->be_update_refs );
2258                         c->be->be_update_refs = NULL;
2259                 } else {
2260                         int i = c->valx;
2261                         ch_free( c->be->be_update_refs[i].bv_val );
2262                         for (; c->be->be_update_refs[i].bv_val; i++)
2263                                 c->be->be_update_refs[i] = c->be->be_update_refs[i+1];
2264                 }
2265                 return 0;
2266         }
2267         if(!SLAP_SHADOW(c->be)) {
2268                 sprintf( c->msg, "<%s> must appear after syncrepl or updatedn",
2269                         c->argv[0] );
2270                 Debug(LDAP_DEBUG_ANY, "%s: %s\n",
2271                         c->log, c->msg, 0);
2272                 return(1);
2273         }
2274
2275         if(validate_global_referral(c->argv[1])) {
2276                 sprintf( c->msg, "<%s> invalid URL", c->argv[0] );
2277                 Debug(LDAP_DEBUG_ANY, "%s: %s (%s)\n",
2278                         c->log, c->msg, c->argv[1]);
2279                 return(1);
2280         }
2281         ber_str2bv(c->argv[1], 0, 0, &val);
2282         if(value_add_one(&c->be->be_update_refs, &val)) return(LDAP_OTHER);
2283         return(0);
2284 }
2285
2286 static int
2287 config_include(ConfigArgs *c) {
2288         int savelineno = c->lineno;
2289         int rc;
2290         ConfigFile *cf;
2291         ConfigFile *cfsave = cfn;
2292         ConfigFile *cf2 = NULL;
2293         if (c->op == SLAP_CONFIG_EMIT) {
2294                 if (c->private) {
2295                         ConfigFile *cf = c->private;
2296                         value_add_one( &c->rvalue_vals, &cf->c_file );
2297                         return 0;
2298                 }
2299                 return 1;
2300         } else if ( c->op == LDAP_MOD_DELETE ) {
2301         }
2302         cf = ch_calloc( 1, sizeof(ConfigFile));
2303         if ( cfn->c_kids ) {
2304                 for (cf2=cfn->c_kids; cf2 && cf2->c_sibs; cf2=cf2->c_sibs) ;
2305                 cf2->c_sibs = cf;
2306         } else {
2307                 cfn->c_kids = cf;
2308         }
2309         cfn = cf;
2310         ber_str2bv( c->argv[1], 0, 1, &cf->c_file );
2311         rc = read_config_file(c->argv[1], c->depth + 1, c, config_back_cf_table);
2312         c->lineno = savelineno - 1;
2313         cfn = cfsave;
2314         if ( rc ) {
2315                 if ( cf2 ) cf2->c_sibs = NULL;
2316                 else cfn->c_kids = NULL;
2317                 ch_free( cf->c_file.bv_val );
2318                 ch_free( cf );
2319         } else {
2320                 c->private = cf;
2321         }
2322         return(rc);
2323 }
2324
2325 #ifdef HAVE_TLS
2326 static int
2327 config_tls_option(ConfigArgs *c) {
2328         int flag;
2329         switch(c->type) {
2330         case CFG_TLS_RAND:      flag = LDAP_OPT_X_TLS_RANDOM_FILE;      break;
2331         case CFG_TLS_CIPHER:    flag = LDAP_OPT_X_TLS_CIPHER_SUITE;     break;
2332         case CFG_TLS_CERT_FILE: flag = LDAP_OPT_X_TLS_CERTFILE;         break;  
2333         case CFG_TLS_CERT_KEY:  flag = LDAP_OPT_X_TLS_KEYFILE;          break;
2334         case CFG_TLS_CA_PATH:   flag = LDAP_OPT_X_TLS_CACERTDIR;        break;
2335         case CFG_TLS_CA_FILE:   flag = LDAP_OPT_X_TLS_CACERTFILE;       break;
2336         default:                Debug(LDAP_DEBUG_ANY, "%s: "
2337                                         "unknown tls_option <0x%x>\n",
2338                                         c->log, c->type, 0);
2339         }
2340         if (c->op == SLAP_CONFIG_EMIT) {
2341                 return ldap_pvt_tls_get_option( NULL, flag, &c->value_string );
2342         } else if ( c->op == LDAP_MOD_DELETE ) {
2343                 return ldap_pvt_tls_set_option( NULL, flag, NULL );
2344         }
2345         ch_free(c->value_string);
2346         return(ldap_pvt_tls_set_option(NULL, flag, c->argv[1]));
2347 }
2348
2349 /* FIXME: this ought to be provided by libldap */
2350 static int
2351 config_tls_config(ConfigArgs *c) {
2352         int i, flag;
2353         slap_verbmasks crlkeys[] = {
2354                 { BER_BVC("none"),      LDAP_OPT_X_TLS_CRL_NONE },
2355                 { BER_BVC("peer"),      LDAP_OPT_X_TLS_CRL_PEER },
2356                 { BER_BVC("all"),       LDAP_OPT_X_TLS_CRL_ALL },
2357                 { BER_BVNULL, 0 }
2358         };
2359         slap_verbmasks vfykeys[] = {
2360                 { BER_BVC("never"),     LDAP_OPT_X_TLS_NEVER },
2361                 { BER_BVC("demand"),    LDAP_OPT_X_TLS_DEMAND },
2362                 { BER_BVC("try"),       LDAP_OPT_X_TLS_TRY },
2363                 { BER_BVC("hard"),      LDAP_OPT_X_TLS_HARD },
2364                 { BER_BVNULL, 0 }
2365         }, *keys;
2366         switch(c->type) {
2367         case CFG_TLS_CRLCHECK:  flag = LDAP_OPT_X_TLS_CRLCHECK;         keys = crlkeys; break;
2368         case CFG_TLS_VERIFY:    flag = LDAP_OPT_X_TLS_REQUIRE_CERT;     keys = vfykeys; break;
2369         default:
2370                 Debug(LDAP_DEBUG_ANY, "%s: "
2371                                 "unknown tls_option <0x%x>\n",
2372                                 c->log, c->type, 0);
2373         }
2374         if (c->op == SLAP_CONFIG_EMIT) {
2375                 ldap_pvt_tls_get_option( NULL, flag, &c->value_int );
2376                 for (i=0; !BER_BVISNULL(&keys[i].word); i++) {
2377                         if (keys[i].mask == c->value_int) {
2378                                 c->value_string = ch_strdup( keys[i].word.bv_val );
2379                                 return 0;
2380                         }
2381                 }
2382                 return 1;
2383         } else if ( c->op == LDAP_MOD_DELETE ) {
2384                 int i = 0;
2385                 return ldap_pvt_tls_set_option( NULL, flag, &i );
2386         }
2387         ch_free( c->value_string );
2388         if(isdigit((unsigned char)c->argv[1][0])) {
2389                 i = atoi(c->argv[1]);
2390                 return(ldap_pvt_tls_set_option(NULL, flag, &i));
2391         } else {
2392                 return(ldap_int_tls_config(NULL, flag, c->argv[1]));
2393         }
2394 }
2395 #endif
2396
2397 static CfEntryInfo *
2398 config_find_base( CfEntryInfo *root, struct berval *dn, CfEntryInfo **last )
2399 {
2400         struct berval cdn;
2401         char *c;
2402
2403         if ( !root ) {
2404                 *last = NULL;
2405                 return NULL;
2406         }
2407
2408         if ( dn_match( &root->ce_entry->e_nname, dn ))
2409                 return root;
2410
2411         c = dn->bv_val+dn->bv_len;
2412         for (;*c != ',';c--);
2413
2414         while(root) {
2415                 *last = root;
2416                 for (--c;c>dn->bv_val && *c != ',';c--);
2417                 cdn.bv_val = c;
2418                 if ( *c == ',' )
2419                         cdn.bv_val++;
2420                 cdn.bv_len = dn->bv_len - (cdn.bv_val - dn->bv_val);
2421
2422                 root = root->ce_kids;
2423
2424                 for (;root;root=root->ce_sibs) {
2425                         if ( dn_match( &root->ce_entry->e_nname, &cdn )) {
2426                                 if ( cdn.bv_val == dn->bv_val ) {
2427                                         return root;
2428                                 }
2429                                 break;
2430                         }
2431                 }
2432         }
2433         return root;
2434 }
2435
2436 typedef struct setup_cookie {
2437         CfBackInfo *cfb;
2438         ConfigArgs *ca;
2439 } setup_cookie;
2440
2441 static int
2442 config_ldif_resp( Operation *op, SlapReply *rs )
2443 {
2444         if ( rs->sr_type == REP_SEARCH ) {
2445                 setup_cookie *sc = op->o_callback->sc_private;
2446
2447                 sc->cfb->cb_got_ldif = 1;
2448                 rs->sr_err = config_add_internal( sc->cfb, rs->sr_entry, sc->ca, NULL, NULL );
2449         }
2450         return rs->sr_err;
2451 }
2452
2453 /* Configure and read the underlying back-ldif store */
2454 static int
2455 config_setup_ldif( BackendDB *be, const char *dir, int readit ) {
2456         CfBackInfo *cfb = be->be_private;
2457         ConfigArgs c = {0};
2458         ConfigTable *ct;
2459         char *argv[3];
2460         int rc = 0;
2461         setup_cookie sc;
2462         slap_callback cb = { NULL, config_ldif_resp, NULL, NULL };
2463         Connection conn = {0};
2464         char opbuf[OPERATION_BUFFER_SIZE];
2465         Operation *op;
2466         SlapReply rs = {REP_RESULT};
2467         Filter filter = { LDAP_FILTER_PRESENT };
2468         struct berval filterstr = BER_BVC("(objectclass=*)");
2469         struct stat st;
2470
2471         /* Is the config directory available? */
2472         if ( stat( dir, &st ) < 0 ) {
2473                 /* No, so don't bother using the backing store.
2474                  * All changes will be in-memory only.
2475                  */
2476                 return 0;
2477         }
2478                 
2479         cfb->cb_db.bd_info = backend_info( "ldif" );
2480         if ( !cfb->cb_db.bd_info )
2481                 return 0;       /* FIXME: eventually this will be a fatal error */
2482
2483         if ( cfb->cb_db.bd_info->bi_db_init( &cfb->cb_db )) return 1;
2484
2485         /* Mark that back-ldif type is in use */
2486         cfb->cb_db.bd_info->bi_nDB++;
2487
2488         cfb->cb_db.be_suffix = be->be_suffix;
2489         cfb->cb_db.be_nsuffix = be->be_nsuffix;
2490         cfb->cb_db.be_rootdn = be->be_rootdn;
2491         cfb->cb_db.be_rootndn = be->be_rootndn;
2492
2493         ber_str2bv( dir, 0, 1, &cfdir );
2494
2495         c.be = &cfb->cb_db;
2496         c.fname = "slapd";
2497         c.argc = 2;
2498         argv[0] = "directory";
2499         argv[1] = (char *)dir;
2500         argv[2] = NULL;
2501         c.argv = argv;
2502
2503         ct = config_find_keyword( c.be->be_cf_ocs->co_table, &c );
2504         if ( !ct )
2505                 return 1;
2506
2507         if ( config_add_vals( ct, &c ))
2508                 return 1;
2509
2510         if ( backend_startup_one( &cfb->cb_db ))
2511                 return 1;
2512
2513         if ( readit ) {
2514                 op = (Operation *)opbuf;
2515                 connection_fake_init( &conn, op, cfb );
2516
2517                 filter.f_desc = slap_schema.si_ad_objectClass;
2518
2519                 op->o_tag = LDAP_REQ_SEARCH;
2520
2521                 op->ors_filter = &filter;
2522                 op->ors_filterstr = filterstr;
2523                 op->ors_scope = LDAP_SCOPE_SUBTREE;
2524
2525                 op->o_dn = be->be_rootdn;
2526                 op->o_ndn = be->be_rootndn;
2527
2528                 op->o_req_dn = be->be_suffix[0];
2529                 op->o_req_ndn = be->be_nsuffix[0];
2530
2531                 op->ors_tlimit = SLAP_NO_LIMIT;
2532                 op->ors_slimit = SLAP_NO_LIMIT;
2533
2534                 op->ors_attrs = slap_anlist_all_attributes;
2535                 op->ors_attrsonly = 0;
2536
2537                 op->o_callback = &cb;
2538                 sc.cfb = cfb;
2539                 sc.ca = &c;
2540                 cb.sc_private = &sc;
2541
2542                 op->o_bd = &cfb->cb_db;
2543                 rc = op->o_bd->be_search( op, &rs );
2544
2545                 slap_sl_mem_destroy( NULL, op->o_tmpmemctx );
2546         }
2547
2548         cfb->cb_use_ldif = 1;
2549
2550         return rc;
2551 }
2552
2553 static int
2554 CfOc_cmp( const void *c1, const void *c2 ) {
2555         const ConfigOCs *co1 = c1;
2556         const ConfigOCs *co2 = c2;
2557
2558         return ber_bvcmp( co1->co_name, co2->co_name );
2559 }
2560
2561 int
2562 config_register_schema(ConfigTable *ct, ConfigOCs *ocs) {
2563         int i;
2564
2565         i = init_config_attrs( ct );
2566         if ( i ) return i;
2567
2568         /* set up the objectclasses */
2569         i = init_config_ocs( ocs );
2570         if ( i ) return i;
2571
2572         for (i=0; ocs[i].co_def; i++) {
2573                 if ( ocs[i].co_oc ) {
2574                         ocs[i].co_name = &ocs[i].co_oc->soc_cname;
2575                         if ( !ocs[i].co_table )
2576                                 ocs[i].co_table = ct;
2577                         avl_insert( &CfOcTree, &ocs[i], CfOc_cmp, avl_dup_error );
2578                 }
2579         }
2580         return 0;
2581 }
2582
2583 int
2584 read_config(const char *fname, const char *dir) {
2585         BackendDB *be;
2586         CfBackInfo *cfb;
2587         const char *cfdir, *cfname;
2588         int rc;
2589
2590         /* Setup the config backend */
2591         be = backend_db_init( "config" );
2592         if ( !be )
2593                 return 1;
2594
2595         cfb = be->be_private;
2596
2597         /* If no .conf, or a dir was specified, setup the dir */
2598         if ( !fname || dir ) {
2599                 if ( dir ) {
2600                         /* If explicitly given, check for existence */
2601                         struct stat st;
2602
2603                         if ( stat( dir, &st ) < 0 ) {
2604                                 Debug( LDAP_DEBUG_ANY,
2605                                         "invalid config directory %s, error %d\n",
2606                                                 dir, errno, 0 );
2607                                 return 1;
2608                         }
2609                         cfdir = dir;
2610                 } else {
2611                         cfdir = SLAPD_DEFAULT_CONFIGDIR;
2612                 }
2613                 /* if fname is defaulted, try reading .d */
2614                 rc = config_setup_ldif( be, cfdir, !fname );
2615
2616                 /* It's OK if the base object doesn't exist yet */
2617                 if ( rc && rc != LDAP_NO_SUCH_OBJECT )
2618                         return 1;
2619
2620                 /* If we read the config from back-ldif, nothing to do here */
2621                 if ( cfb->cb_got_ldif ) {
2622                         rc = 0;
2623                         goto done;
2624                 }
2625         }
2626
2627         if ( fname )
2628                 cfname = fname;
2629         else
2630                 cfname = SLAPD_DEFAULT_CONFIGFILE;
2631
2632         rc = read_config_file(cfname, 0, NULL, config_back_cf_table);
2633
2634         if ( rc == 0 )
2635                 ber_str2bv( cfname, 0, 1, &cfb->cb_config->c_file );
2636
2637         /* If we got this far and failed, it may be a serious problem. In server
2638          * mode, we should never come to this. However, it may be alright if we're
2639          * using slapadd to create the conf dir.
2640          */
2641         while ( rc ) {
2642                 if ( slapMode & (SLAP_SERVER_MODE|SLAP_TOOL_READMAIN|SLAP_TOOL_READONLY))
2643                         break;
2644                 /* If a config file was explicitly given, fail */
2645                 if ( fname )
2646                         break;
2647                 
2648                 /* Seems to be slapadd with a config dir, let it continue */
2649                 if ( cfb->cb_use_ldif ) {
2650                         rc = 0;
2651                         cfb->cb_got_ldif = 1;
2652                 }
2653                 break;
2654         }
2655
2656 done:
2657         if ( rc == 0 && BER_BVISNULL( &frontendDB->be_schemadn ) ) {
2658                 ber_str2bv( SLAPD_SCHEMA_DN, STRLENOF( SLAPD_SCHEMA_DN ), 1,
2659                         &frontendDB->be_schemadn );
2660                 rc = dnNormalize( 0, NULL, NULL, &frontendDB->be_schemadn, &frontendDB->be_schemandn, NULL );
2661                 if ( rc != LDAP_SUCCESS ) {
2662                         Debug(LDAP_DEBUG_ANY, "read_config: "
2663                                 "unable to normalize default schema DN \"%s\"\n",
2664                                 frontendDB->be_schemadn.bv_val, 0, 0 );
2665                         /* must not happen */
2666                         assert( 0 );
2667                 }
2668         }
2669         return rc;
2670 }
2671
2672 static int
2673 config_back_bind( Operation *op, SlapReply *rs )
2674 {
2675         if ( op->orb_method == LDAP_AUTH_SIMPLE && be_isroot_pw( op )) {
2676                 ber_dupbv( &op->orb_edn, be_root_dn( op->o_bd ));
2677                 /* frontend sends result */
2678                 return LDAP_SUCCESS;
2679         }
2680
2681         rs->sr_err = LDAP_INVALID_CREDENTIALS;
2682         send_ldap_result( op, rs );
2683
2684         return rs->sr_err;
2685 }
2686
2687 static int
2688 config_send( Operation *op, SlapReply *rs, CfEntryInfo *ce, int depth )
2689 {
2690         int rc = 0;
2691
2692         if ( test_filter( op, ce->ce_entry, op->ors_filter ) == LDAP_COMPARE_TRUE )
2693         {
2694                 rs->sr_attrs = op->ors_attrs;
2695                 rs->sr_entry = ce->ce_entry;
2696                 rc = send_search_entry( op, rs );
2697         }
2698         if ( op->ors_scope == LDAP_SCOPE_SUBTREE ) {
2699                 if ( ce->ce_kids ) {
2700                         rc = config_send( op, rs, ce->ce_kids, 1 );
2701                         if ( rc ) return rc;
2702                 }
2703                 if ( depth ) {
2704                         for (ce=ce->ce_sibs; ce; ce=ce->ce_sibs) {
2705                                 rc = config_send( op, rs, ce, 0 );
2706                                 if ( rc ) break;
2707                         }
2708                 }
2709         }
2710         return rc;
2711 }
2712
2713 static ConfigTable *
2714 config_find_table( ConfigOCs **colst, int nocs, AttributeDescription *ad )
2715 {
2716         int i, j;
2717
2718         for (j=0; j<nocs; j++) {
2719                 for (i=0; colst[j]->co_table[i].name; i++)
2720                         if ( colst[j]->co_table[i].ad == ad )
2721                                 return &colst[j]->co_table[i];
2722         }
2723         return NULL;
2724 }
2725
2726 /* Sort the attributes of the entry according to the order defined
2727  * in the objectclass, with required attributes occurring before
2728  * allowed attributes. For any attributes with sequencing dependencies
2729  * (e.g., rootDN must be defined after suffix) the objectclass must
2730  * list the attributes in the desired sequence.
2731  */
2732 static void
2733 sort_attrs( Entry *e, ConfigOCs **colst, int nocs )
2734 {
2735         Attribute *a, *head = NULL, *tail = NULL, **prev;
2736         int i, j;
2737
2738         for (i=0; i<nocs; i++) {
2739                 if ( colst[i]->co_oc->soc_required ) {
2740                         AttributeType **at = colst[i]->co_oc->soc_required;
2741                         for (j=0; at[j]; j++) {
2742                                 for (a=e->e_attrs, prev=&e->e_attrs; a;
2743                                         prev = &(*prev)->a_next, a=a->a_next) {
2744                                         if ( a->a_desc == at[j]->sat_ad ) {
2745                                                 *prev = a->a_next;
2746                                                 if (!head) {
2747                                                         head = a;
2748                                                         tail = a;
2749                                                 } else {
2750                                                         tail->a_next = a;
2751                                                         tail = a;
2752                                                 }
2753                                                 break;
2754                                         }
2755                                 }
2756                         }
2757                 }
2758                 if ( colst[i]->co_oc->soc_allowed ) {
2759                         AttributeType **at = colst[i]->co_oc->soc_allowed;
2760                         for (j=0; at[j]; j++) {
2761                                 for (a=e->e_attrs, prev=&e->e_attrs; a;
2762                                         prev = &(*prev)->a_next, a=a->a_next) {
2763                                         if ( a->a_desc == at[j]->sat_ad ) {
2764                                                 *prev = a->a_next;
2765                                                 if (!head) {
2766                                                         head = a;
2767                                                         tail = a;
2768                                                 } else {
2769                                                         tail->a_next = a;
2770                                                         tail = a;
2771                                                 }
2772                                                 break;
2773                                         }
2774                                 }
2775                         }
2776                 }
2777         }
2778         if ( tail ) {
2779                 tail->a_next = e->e_attrs;
2780                 e->e_attrs = head;
2781         }
2782 }
2783
2784 static int
2785 check_vals( ConfigTable *ct, ConfigArgs *ca, void *ptr, int isAttr )
2786 {
2787         Attribute *a = NULL;
2788         AttributeDescription *ad;
2789         BerVarray vals;
2790
2791         int i, rc = 0, sort = 0;
2792
2793         if ( isAttr ) {
2794                 a = ptr;
2795                 ad = a->a_desc;
2796                 vals = a->a_vals;
2797         } else {
2798                 Modifications *ml = ptr;
2799                 ad = ml->sml_desc;
2800                 vals = ml->sml_values;
2801         }
2802
2803         if ( a && ( ad->ad_type->sat_flags & SLAP_AT_ORDERED_VAL )) {
2804                 sort = 1;
2805                 rc = ordered_value_sort( a, 1 );
2806                 if ( rc )
2807                         return rc;
2808         }
2809         for ( i=0; vals[i].bv_val; i++ ) {
2810                 ca->line = vals[i].bv_val;
2811                 if ( sort ) {
2812                         char *idx = strchr( ca->line, '}' );
2813                         if ( idx ) ca->line = idx+1;
2814                 }
2815                 rc = config_parse_vals( ct, ca, i );
2816                 if ( rc ) {
2817                         break;
2818                 }
2819         }
2820         return rc;
2821 }
2822
2823 static int
2824 check_name_index( CfEntryInfo *parent, ConfigType ce_type, Entry *e,
2825         SlapReply *rs, int *renum )
2826 {
2827         CfEntryInfo *ce;
2828         int index = -1, gotindex = 0, nsibs;
2829         int renumber = 0, tailindex = 0;
2830         char *ptr1, *ptr2;
2831         struct berval rdn;
2832
2833         if ( renum ) *renum = 0;
2834
2835         /* These entries don't get indexed/renumbered */
2836         if ( ce_type == Cft_Global ) return 0;
2837         if ( ce_type == Cft_Schema && parent->ce_type == Cft_Global ) return 0;
2838
2839         if ( ce_type == Cft_Include || ce_type == Cft_Module )
2840                 tailindex = 1;
2841
2842         /* See if the rdn has an index already */
2843         dnRdn( &e->e_name, &rdn );
2844         ptr1 = strchr( e->e_name.bv_val, '{' );
2845         if ( ptr1 && ptr1 - e->e_name.bv_val < rdn.bv_len ) {
2846                 ptr2 = strchr( ptr1, '}' );
2847                 if (!ptr2 || ptr2 - e->e_name.bv_val > rdn.bv_len)
2848                         return LDAP_NAMING_VIOLATION;
2849                 if ( ptr2-ptr1 == 1)
2850                         return LDAP_NAMING_VIOLATION;
2851                 gotindex = 1;
2852                 index = atoi(ptr1+1);
2853                 if ( index < 0 )
2854                         return LDAP_NAMING_VIOLATION;
2855         }
2856
2857         /* count related kids */
2858         for (nsibs=0, ce=parent->ce_kids; ce; ce=ce->ce_sibs) {
2859                 if ( ce->ce_type == ce_type ) nsibs++;
2860         }
2861
2862         if ( index != nsibs ) {
2863                 if ( gotindex ) {
2864                         if ( index < nsibs ) {
2865                                 if ( tailindex ) return LDAP_NAMING_VIOLATION;
2866                                 /* Siblings need to be renumbered */
2867                                 renumber = 1;
2868                         }
2869                 }
2870                 if ( !renumber ) {
2871                         struct berval ival, newrdn, nnewrdn;
2872                         struct berval rtype, rval;
2873                         Attribute *a;
2874                         AttributeDescription *ad = NULL;
2875                         char ibuf[32];
2876                         const char *text;
2877
2878                         rval.bv_val = strchr(rdn.bv_val, '=' ) + 1;
2879                         rval.bv_len = rdn.bv_len - (rval.bv_val - rdn.bv_val);
2880                         rtype.bv_val = rdn.bv_val;
2881                         rtype.bv_len = rval.bv_val - rtype.bv_val - 1;
2882
2883                         /* Find attr */
2884                         slap_bv2ad( &rtype, &ad, &text );
2885                         a = attr_find( e->e_attrs, ad );
2886                         if (!a ) return LDAP_NAMING_VIOLATION;
2887
2888                         ival.bv_val = ibuf;
2889                         ival.bv_len = sprintf( ibuf, IFMT, nsibs );
2890                         
2891                         newrdn.bv_len = rdn.bv_len + ival.bv_len;
2892                         newrdn.bv_val = ch_malloc( newrdn.bv_len+1 );
2893
2894                         if ( tailindex ) {
2895                                 ptr1 = lutil_strncopy( newrdn.bv_val, rdn.bv_val, rdn.bv_len );
2896                                 ptr1 = lutil_strcopy( ptr1, ival.bv_val );
2897                         } else {
2898                                 int xlen;
2899                                 if ( !gotindex ) {
2900                                         ptr2 = rval.bv_val;
2901                                         xlen = rval.bv_len;
2902                                 } else {
2903                                         xlen = rdn.bv_len - (ptr2 - rdn.bv_val);
2904                                 }
2905                                 ptr1 = lutil_strncopy( newrdn.bv_val, rtype.bv_val,
2906                                         rtype.bv_len );
2907                                 *ptr1++ = '=';
2908                                 ptr1 = lutil_strcopy( ptr1, ival.bv_val );
2909                                 ptr1 = lutil_strncopy( ptr1, ptr2, xlen );
2910                                 *ptr1 = '\0';
2911                         }
2912
2913                         /* Do the equivalent of ModRDN */
2914                         /* Replace DN / NDN */
2915                         newrdn.bv_len = ptr1 - newrdn.bv_val;
2916                         rdnNormalize( 0, NULL, NULL, &newrdn, &nnewrdn, NULL );
2917                         free( e->e_name.bv_val );
2918                         build_new_dn( &e->e_name, &parent->ce_entry->e_name,
2919                                 &newrdn, NULL );
2920                         free( e->e_nname.bv_val );
2921                         build_new_dn( &e->e_nname, &parent->ce_entry->e_nname,
2922                                 &nnewrdn, NULL );
2923
2924                         /* Replace attr */
2925                         free( a->a_vals[0].bv_val );
2926                         ptr1 = strchr( newrdn.bv_val, '=' ) + 1;
2927                         a->a_vals[0].bv_len = newrdn.bv_len - (ptr1 - newrdn.bv_val);
2928                         a->a_vals[0].bv_val = ch_malloc( a->a_vals[0].bv_len + 1 );
2929                         strcpy( a->a_vals[0].bv_val, ptr1 );
2930
2931                         if ( a->a_nvals != a->a_vals ) {
2932                                 free( a->a_nvals[0].bv_val );
2933                                 ptr1 = strchr( nnewrdn.bv_val, '=' ) + 1;
2934                                 a->a_nvals[0].bv_len = nnewrdn.bv_len - (ptr1 - nnewrdn.bv_val);
2935                                 a->a_nvals[0].bv_val = ch_malloc( a->a_nvals[0].bv_len + 1 );
2936                                 strcpy( a->a_nvals[0].bv_val, ptr1 );
2937                         }
2938                         free( nnewrdn.bv_val );
2939                         free( newrdn.bv_val );
2940                 }
2941         }
2942         if ( renum ) *renum = renumber;
2943         return 0;
2944 }
2945
2946 static ConfigOCs **
2947 count_ocs( Attribute *oc_at, int *nocs )
2948 {
2949         int i, j, n;
2950         ConfigOCs co, *coptr, **colst;
2951
2952         /* count the objectclasses */
2953         for ( i=0; oc_at->a_nvals[i].bv_val; i++ );
2954         n = i;
2955         colst = (ConfigOCs **)ch_malloc( n * sizeof(ConfigOCs *));
2956
2957         for ( i=0, j=0; i<n; i++) {
2958                 co.co_name = &oc_at->a_nvals[i];
2959                 coptr = avl_find( CfOcTree, &co, CfOc_cmp );
2960                 
2961                 /* ignore non-config objectclasses. probably should be
2962                  * an error, general data doesn't belong here.
2963                  */
2964                 if ( !coptr ) continue;
2965
2966                 /* Ignore the root objectclass, it has no implementation.
2967                  */
2968                 if ( coptr->co_type == Cft_Abstract ) continue;
2969                 colst[j++] = coptr;
2970         }
2971         *nocs = j;
2972         return colst;
2973 }
2974
2975 static int
2976 cfAddInclude( CfEntryInfo *p, Entry *e, ConfigArgs *ca )
2977 {
2978         if ( p->ce_type != Cft_Global && p->ce_type != Cft_Include )
2979                 return LDAP_CONSTRAINT_VIOLATION;
2980
2981         /* If we're reading from a configdir, don't parse this entry */
2982         if ( ca->lineno )
2983                 return LDAP_COMPARE_TRUE;
2984
2985         cfn = p->ce_private;
2986         ca->private = cfn;
2987         return LDAP_SUCCESS;
2988 }
2989
2990 static int
2991 cfAddSchema( CfEntryInfo *p, Entry *e, ConfigArgs *ca )
2992 {
2993         ConfigFile *cfo;
2994
2995         /* This entry is hardcoded, don't re-parse it */
2996         if ( p->ce_type == Cft_Global ) {
2997                 cfn = p->ce_private;
2998                 ca->private = cfn;
2999                 return LDAP_COMPARE_TRUE;
3000         }
3001         if ( p->ce_type != Cft_Schema )
3002                 return LDAP_CONSTRAINT_VIOLATION;
3003
3004         cfn = ch_calloc( 1, sizeof(ConfigFile) );
3005         ca->private = cfn;
3006         cfo = p->ce_private;
3007         cfn->c_sibs = cfo->c_kids;
3008         cfo->c_kids = cfn;
3009         return LDAP_SUCCESS;
3010 }
3011
3012 static int
3013 cfAddDatabase( CfEntryInfo *p, Entry *e, struct config_args_s *ca )
3014 {
3015         if ( p->ce_type != Cft_Global )
3016                 return LDAP_CONSTRAINT_VIOLATION;
3017         ca->be = frontendDB;    /* just to get past check_vals */
3018         return LDAP_SUCCESS;
3019 }
3020
3021 static int
3022 cfAddBackend( CfEntryInfo *p, Entry *e, struct config_args_s *ca )
3023 {
3024         if ( p->ce_type != Cft_Global )
3025                 return LDAP_CONSTRAINT_VIOLATION;
3026         return LDAP_SUCCESS;
3027 }
3028
3029 static int
3030 cfAddModule( CfEntryInfo *p, Entry *e, struct config_args_s *ca )
3031 {
3032         if ( p->ce_type != Cft_Global )
3033                 return LDAP_CONSTRAINT_VIOLATION;
3034         return LDAP_SUCCESS;
3035 }
3036
3037 static int
3038 cfAddOverlay( CfEntryInfo *p, Entry *e, struct config_args_s *ca )
3039 {
3040         if ( p->ce_type != Cft_Database )
3041                 return LDAP_CONSTRAINT_VIOLATION;
3042         ca->be = p->ce_be;
3043         return LDAP_SUCCESS;
3044 }
3045
3046 /* Parse an LDAP entry into config directives */
3047 static int
3048 config_add_internal( CfBackInfo *cfb, Entry *e, ConfigArgs *ca, SlapReply *rs, int *renum )
3049 {
3050         CfEntryInfo *ce, *last;
3051         ConfigOCs **colst;
3052         Attribute *a, *oc_at;
3053         int i, nocs, rc = 0;
3054         struct berval pdn;
3055         ConfigTable *ct;
3056         char *ptr;
3057
3058         /* Make sure parent exists and entry does not */
3059         ce = config_find_base( cfb->cb_root, &e->e_nname, &last );
3060         if ( ce )
3061                 return LDAP_ALREADY_EXISTS;
3062
3063         dnParent( &e->e_nname, &pdn );
3064
3065         /* If last is NULL, the new entry is the root/suffix entry, 
3066          * otherwise last should be the parent.
3067          */
3068         if ( last && !dn_match( &last->ce_entry->e_nname, &pdn )) {
3069                 if ( rs )
3070                         rs->sr_matched = last->ce_entry->e_name.bv_val;
3071                 return LDAP_NO_SUCH_OBJECT;
3072         }
3073
3074         oc_at = attr_find( e->e_attrs, slap_schema.si_ad_objectClass );
3075         if ( !oc_at ) return LDAP_OBJECT_CLASS_VIOLATION;
3076
3077         memset( ca, 0, sizeof(ConfigArgs));
3078
3079         /* Fake the coordinates based on whether we're part of an
3080          * LDAP Add or if reading the config dir
3081          */
3082         if ( rs ) {
3083                 ca->fname = "slapd";
3084                 ca->lineno = 0;
3085         } else {
3086                 ca->fname = cfdir.bv_val;
3087                 ca->lineno = 1;
3088         }
3089
3090         colst = count_ocs( oc_at, &nocs );
3091
3092         /* Only the root can be Cft_Global, everything else must
3093          * have a parent. Only limited nesting arrangements are allowed.
3094          */
3095         rc = LDAP_CONSTRAINT_VIOLATION;
3096         if ( colst[0]->co_type == Cft_Global && !last ) {
3097                 cfn = cfb->cb_config;
3098                 ca->private = cfn;
3099                 ca->be = frontendDB;    /* just to get past check_vals */
3100                 rc = LDAP_SUCCESS;
3101         }
3102
3103         /* Check whether the Add is allowed by its parent, and do
3104          * any necessary arg setup
3105          */
3106         if ( last ) {
3107                 for ( i=0; i<nocs; i++ ) {
3108                         if ( colst[i]->co_ldadd &&
3109                                 ( rc = colst[i]->co_ldadd( last, e, ca ))
3110                                         != LDAP_CONSTRAINT_VIOLATION ) {
3111                                 break;
3112                         }
3113                 }
3114         }
3115
3116         /* Add the entry but don't parse it, we already have its contents */
3117         if ( rc == LDAP_COMPARE_TRUE ) {
3118                 rc = LDAP_SUCCESS;
3119                 goto ok;
3120         }
3121
3122         if ( rc != LDAP_SUCCESS )
3123                 goto leave;
3124
3125         /* Parse all the values and check for simple syntax errors before
3126          * performing any set actions.
3127          *
3128          * If doing an LDAPadd, check for indexed names and any necessary
3129          * renaming/renumbering. Entries that don't need indexed names are
3130          * ignored. Entries that need an indexed name and arrive without one
3131          * are assigned to the end. Entries that arrive with an index may
3132          * cause the following entries to be renumbered/bumped down.
3133          *
3134          * Note that "pseudo-indexed" entries (cn=Include{xx}, cn=Module{xx})
3135          * don't allow Adding an entry with an index that's already in use.
3136          * This is flagged as an error (LDAP_ALREADY_EXISTS) up above.
3137          *
3138          * These entries can have auto-assigned indexes (appended to the end)
3139          * but only the other types support auto-renumbering of siblings.
3140          */
3141         rc = check_name_index( last, colst[0]->co_type, e, rs, renum );
3142         if ( rc )
3143                 goto leave;
3144
3145         init_config_argv( ca );
3146
3147         /* Make sure we process attrs in the required order */
3148         sort_attrs( e, colst, nocs );
3149
3150         for ( a=e->e_attrs; a; a=a->a_next ) {
3151                 if ( a == oc_at ) continue;
3152                 ct = config_find_table( colst, nocs, a->a_desc );
3153                 if ( !ct ) continue;    /* user data? */
3154                 rc = check_vals( ct, ca, a, 1 );
3155                 if ( rc ) goto leave;
3156         }
3157
3158         /* Basic syntax checks are OK. Do the actual settings. */
3159         for ( a=e->e_attrs; a; a=a->a_next ) {
3160                 if ( a == oc_at ) continue;
3161                 ct = config_find_table( colst, nocs, a->a_desc );
3162                 if ( !ct ) continue;    /* user data? */
3163                 for (i=0; a->a_vals[i].bv_val; i++) {
3164                         ca->line = a->a_vals[i].bv_val;
3165                         if ( a->a_desc->ad_type->sat_flags & SLAP_AT_ORDERED ) {
3166                                 ptr = strchr( ca->line, '}' );
3167                                 if ( ptr ) ca->line = ptr+1;
3168                         }
3169                         ca->valx = i;
3170                         rc = config_parse_add( ct, ca );
3171                         if ( rc ) {
3172                                 rc = LDAP_OTHER;
3173                                 goto leave;
3174                         }
3175                 }
3176         }
3177 ok:
3178         /* Newly added databases and overlays need to be started up */
3179         if ( CONFIG_ONLINE_ADD( ca )) {
3180                 if ( colst[0]->co_type == Cft_Database ) {
3181                         rc = backend_startup_one( ca->be );
3182
3183                 } else if ( colst[0]->co_type == Cft_Overlay ) {
3184                         if ( ca->bi->bi_db_open ) {
3185                                 BackendInfo *bi_orig = ca->be->bd_info;
3186                                 ca->be->bd_info = ca->bi;
3187                                 rc = ca->bi->bi_db_open( ca->be );
3188                                 ca->be->bd_info = bi_orig;
3189                         }
3190                 }
3191                 if ( rc ) {
3192                         sprintf( ca->msg, "<%s> failed startup", ca->argv[0] );
3193                         Debug(LDAP_DEBUG_ANY, "%s: %s (%s)!\n",
3194                                 ca->log, ca->msg, ca->argv[1] );
3195                         rc = LDAP_OTHER;
3196                         goto leave;
3197                 }
3198         }
3199
3200         ce = ch_calloc( 1, sizeof(CfEntryInfo) );
3201         ce->ce_parent = last;
3202         ce->ce_entry = entry_dup( e );
3203         ce->ce_entry->e_private = ce;
3204         ce->ce_type = colst[0]->co_type;
3205         ce->ce_be = ca->be;
3206         ce->ce_bi = ca->bi;
3207         ce->ce_private = ca->private;
3208         if ( !last ) {
3209                 cfb->cb_root = ce;
3210         } else if ( last->ce_kids ) {
3211                 CfEntryInfo *c2;
3212
3213                 for (c2=last->ce_kids; c2 && c2->ce_sibs; c2 = c2->ce_sibs);
3214
3215                 c2->ce_sibs = ce;
3216         } else {
3217                 last->ce_kids = ce;
3218         }
3219
3220 leave:
3221         if ( rc ) {
3222                 if ( (colst[0]->co_type == Cft_Database) && ca->be ) {
3223                         backend_destroy_one( ca->be, 1 );
3224                 } else if ( (colst[0]->co_type == Cft_Overlay) && ca->bi ) {
3225                         overlay_destroy_one( ca->be, (slap_overinst *)ca->bi );
3226                 }
3227         }
3228
3229         ch_free( ca->argv );
3230         if ( colst ) ch_free( colst );
3231         return rc;
3232 }
3233
3234 /* Parse an LDAP entry into config directives, then store in underlying
3235  * database.
3236  */
3237 static int
3238 config_back_add( Operation *op, SlapReply *rs )
3239 {
3240         CfBackInfo *cfb;
3241         int renumber;
3242         ConfigArgs ca;
3243
3244         if ( !be_isroot( op ) ) {
3245                 rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
3246                 goto out;
3247         }
3248
3249         cfb = (CfBackInfo *)op->o_bd->be_private;
3250
3251         ldap_pvt_thread_pool_pause( &connection_pool );
3252
3253         /* Strategy:
3254          * 1) check for existence of entry
3255          * 2) check for sibling renumbering
3256          * 3) perform internal add
3257          * 4) store entry in underlying database
3258          * 5) perform any necessary renumbering
3259          */
3260         rs->sr_err = config_add_internal( cfb, op->ora_e, &ca, rs, &renumber );
3261         if ( rs->sr_err != LDAP_SUCCESS ) {
3262                 rs->sr_text = ca.msg;
3263         } else if ( cfb->cb_use_ldif ) {
3264                 BackendDB *be = op->o_bd;
3265                 slap_callback sc = { NULL, slap_null_cb, NULL, NULL };
3266                 op->o_bd = &cfb->cb_db;
3267                 sc.sc_next = op->o_callback;
3268                 op->o_callback = &sc;
3269                 op->o_bd->be_add( op, rs );
3270                 op->o_bd = be;
3271                 op->o_callback = sc.sc_next;
3272         }
3273         if ( renumber ) {
3274         }
3275
3276         ldap_pvt_thread_pool_resume( &connection_pool );
3277
3278 out:
3279         send_ldap_result( op, rs );
3280         return rs->sr_err;
3281 }
3282
3283 typedef struct delrec {
3284         struct delrec *next;
3285         int nidx;
3286         int idx[1];
3287 } delrec;
3288
3289 static int
3290 config_modify_internal( CfEntryInfo *ce, Operation *op, SlapReply *rs,
3291         ConfigArgs *ca )
3292 {
3293         int rc = LDAP_UNWILLING_TO_PERFORM;
3294         Modifications *ml;
3295         Entry *e = ce->ce_entry;
3296         Attribute *save_attrs = e->e_attrs, *oc_at;
3297         ConfigTable *ct;
3298         ConfigOCs **colst;
3299         int i, nocs;
3300         char *ptr;
3301         delrec *dels = NULL, *deltail = NULL;
3302
3303         oc_at = attr_find( e->e_attrs, slap_schema.si_ad_objectClass );
3304         if ( !oc_at ) return LDAP_OBJECT_CLASS_VIOLATION;
3305
3306         colst = count_ocs( oc_at, &nocs );
3307
3308         e->e_attrs = attrs_dup( e->e_attrs );
3309
3310         init_config_argv( ca );
3311         ca->be = ce->ce_be;
3312         ca->bi = ce->ce_bi;
3313         ca->private = ce->ce_private;
3314         ca->ca_entry = e;
3315         strcpy( ca->log, "back-config" );
3316
3317         for (ml = op->orm_modlist; ml; ml=ml->sml_next) {
3318                 ct = config_find_table( colst, nocs, ml->sml_desc );
3319                 switch (ml->sml_op) {
3320                 case LDAP_MOD_DELETE:
3321                 case LDAP_MOD_REPLACE: {
3322                         BerVarray vals = NULL, nvals;
3323                         int *idx = NULL;
3324                         if ( ct && ( ct->arg_type & ARG_NO_DELETE )) {
3325                                 rc = LDAP_OTHER;
3326                                 snprintf(ca->msg, sizeof(ca->msg), "cannot delete %s",
3327                                         ml->sml_desc->ad_cname.bv_val );
3328                                 goto out;
3329                         }
3330                         if ( ml->sml_op == LDAP_MOD_REPLACE ) {
3331                                 vals = ml->sml_values;
3332                                 nvals = ml->sml_nvalues;
3333                                 ml->sml_values = NULL;
3334                                 ml->sml_nvalues = NULL;
3335                         }
3336                         /* If we're deleting by values, remember the indexes of the
3337                          * values we deleted.
3338                          */
3339                         if ( ct && ml->sml_values ) {
3340                                 delrec *d;
3341                                 for (i=0; ml->sml_values[i].bv_val; i++);
3342                                 d = ch_malloc( sizeof(delrec) + (i - 1)* sizeof(int));
3343                                 d->nidx = i;
3344                                 d->next = NULL;
3345                                 if ( dels ) {
3346                                         deltail->next = d;
3347                                 } else {
3348                                         dels = d;
3349                                 }
3350                                 deltail = d;
3351                                 idx = d->idx;
3352                         }
3353                         rc = modify_delete_vindex(e, &ml->sml_mod,
3354                                 get_permissiveModify(op),
3355                                 &rs->sr_text, ca->msg, sizeof(ca->msg), idx );
3356                         if ( ml->sml_op == LDAP_MOD_REPLACE ) {
3357                                 ml->sml_values = vals;
3358                                 ml->sml_nvalues = nvals;
3359                         }
3360                         if ( !vals )
3361                                 break;
3362                         }
3363                         /* FALLTHRU: LDAP_MOD_REPLACE && vals */
3364
3365                 case LDAP_MOD_ADD:
3366                 case SLAP_MOD_SOFTADD: {
3367                         int mop = ml->sml_op;
3368                         int navals = -1;
3369                         ml->sml_op = LDAP_MOD_ADD;
3370                         if ( ct ) {
3371                                 if ( ct->arg_type & ARG_NO_INSERT ) {
3372                                         Attribute *a = attr_find( e->e_attrs, ml->sml_desc );
3373                                         if ( a ) {
3374                                                 for (i = 0; a->a_vals[i].bv_val; i++ );
3375                                                 navals = i;
3376                                         }
3377                                 }
3378                                 for ( i=0; !BER_BVISNULL( &ml->sml_values[i] ); i++ ) {
3379                                         if ( ml->sml_values[i].bv_val[0] == '{' &&
3380                                                 navals >= 0 ) {
3381                                                 int j = strtol( ml->sml_values[i].bv_val+1, NULL, 0 );
3382                                                 if ( j < navals ) {
3383                                                         rc = LDAP_OTHER;
3384                                                         snprintf(ca->msg, sizeof(ca->msg), "cannot insert %s",
3385                                                                 ml->sml_desc->ad_cname.bv_val );
3386                                                         goto out;
3387                                                 }
3388                                         }
3389                                         rc = check_vals( ct, ca, ml, 0 );
3390                                         if ( rc ) goto out;
3391                                 }
3392                         }
3393                         rc = modify_add_values(e, &ml->sml_mod,
3394                                    get_permissiveModify(op),
3395                                    &rs->sr_text, ca->msg, sizeof(ca->msg) );
3396
3397                         /* If value already exists, show success here
3398                          * and ignore this operation down below.
3399                          */
3400                         if ( mop == SLAP_MOD_SOFTADD ) {
3401                                 if ( rc == LDAP_TYPE_OR_VALUE_EXISTS )
3402                                         rc = LDAP_SUCCESS;
3403                                 else
3404                                         mop = LDAP_MOD_ADD;
3405                         }
3406                         ml->sml_op = mop;
3407                         break;
3408                         }
3409
3410                         break;
3411                 case LDAP_MOD_INCREMENT:        /* FIXME */
3412                         break;
3413                 default:
3414                         break;
3415                 }
3416                 if(rc != LDAP_SUCCESS) break;
3417         }
3418         
3419         if(rc == LDAP_SUCCESS) {
3420                 /* check that the entry still obeys the schema */
3421                 rc = entry_schema_check(op->o_bd, e, NULL, 0,
3422                         &rs->sr_text, ca->msg, sizeof(ca->msg) );
3423         }
3424         if ( rc == LDAP_SUCCESS ) {
3425                 /* Basic syntax checks are OK. Do the actual settings. */
3426                 for ( ml = op->orm_modlist; ml; ml = ml->sml_next ) {
3427                         ct = config_find_table( colst, nocs, ml->sml_desc );
3428                         if ( !ct ) continue;
3429
3430                         switch (ml->sml_op) {
3431                         case LDAP_MOD_DELETE:
3432                         case LDAP_MOD_REPLACE: {
3433                                 BerVarray vals = NULL, nvals;
3434                                 Attribute *a;
3435                                 delrec *d;
3436
3437                                 a = attr_find( e->e_attrs, ml->sml_desc );
3438
3439                                 if ( ml->sml_op == LDAP_MOD_REPLACE ) {
3440                                         vals = ml->sml_values;
3441                                         nvals = ml->sml_nvalues;
3442                                         ml->sml_values = NULL;
3443                                         ml->sml_nvalues = NULL;
3444                                 }
3445
3446                                 if ( ml->sml_values )
3447                                         d = dels;
3448
3449                                 /* If we didn't delete the whole attribute */
3450                                 if ( ml->sml_values && a ) {
3451                                         struct berval *mvals;
3452                                         int j;
3453
3454                                         if ( ml->sml_nvalues )
3455                                                 mvals = ml->sml_nvalues;
3456                                         else
3457                                                 mvals = ml->sml_values;
3458
3459                                         /* use the indexes we saved up above */
3460                                         for (i=0; i < d->nidx; i++) {
3461                                                 struct berval bv = *mvals++;
3462                                                 if ( a->a_desc->ad_type->sat_flags & SLAP_AT_ORDERED &&
3463                                                         bv.bv_val[0] == '{' ) {
3464                                                         ptr = strchr( bv.bv_val, '}' ) + 1;
3465                                                         bv.bv_len -= ptr - bv.bv_val;
3466                                                         bv.bv_val = ptr;
3467                                                 }
3468                                                 ca->line = bv.bv_val;
3469                                                 ca->valx = d->idx[i];
3470                                                 rc = config_del_vals( ct, ca );
3471                                                 if ( rc != LDAP_SUCCESS ) break;
3472                                                 for (j=i+1; j < d->nidx; j++)
3473                                                         if ( d->idx[j] >d->idx[i] )
3474                                                                 d->idx[j]--;
3475                                         }
3476                                 } else {
3477                                         ca->valx = -1;
3478                                         ca->line = NULL;
3479                                         rc = config_del_vals( ct, ca );
3480                                         if ( rc ) rc = LDAP_OTHER;
3481                                 }
3482                                 if ( ml->sml_values ) {
3483                                         ch_free( dels );
3484                                         dels = d->next;
3485                                 }
3486                                 if ( ml->sml_op == LDAP_MOD_REPLACE ) {
3487                                         ml->sml_values = vals;
3488                                         ml->sml_nvalues = nvals;
3489                                 }
3490                                 if ( !vals || rc != LDAP_SUCCESS )
3491                                         break;
3492                                 }
3493                                 /* FALLTHRU: LDAP_MOD_REPLACE && vals */
3494
3495                         case LDAP_MOD_ADD:
3496                                 for (i=0; ml->sml_values[i].bv_val; i++) {
3497                                         ca->line = ml->sml_values[i].bv_val;
3498                                         ca->valx = -1;
3499                                         if ( ml->sml_desc->ad_type->sat_flags & SLAP_AT_ORDERED &&
3500                                                 ca->line[0] == '{' ) {
3501                                                 ptr = strchr( ca->line, '}' );
3502                                                 if ( ptr ) {
3503                                                         ca->valx = strtol( ca->line+1, NULL, 0 );
3504                                                         ca->line = ptr+1;
3505                                                 }
3506                                         }
3507                                         rc = config_parse_add( ct, ca );
3508                                         if ( rc ) {
3509                                                 rc = LDAP_OTHER;
3510                                                 goto out;
3511                                         }
3512                                 }
3513
3514                                 break;
3515                         }
3516                 }
3517         }
3518
3519 out:
3520         if ( ca->cleanup )
3521                 ca->cleanup( ca );
3522         if ( rc == LDAP_SUCCESS ) {
3523                 attrs_free( save_attrs );
3524         } else {
3525                 attrs_free( e->e_attrs );
3526                 e->e_attrs = save_attrs;
3527         }
3528         ch_free( ca->argv );
3529         if ( colst ) ch_free( colst );
3530
3531         return rc;
3532 }
3533
3534 static int
3535 config_back_modify( Operation *op, SlapReply *rs )
3536 {
3537         CfBackInfo *cfb;
3538         CfEntryInfo *ce, *last;
3539         Modifications *ml;
3540         ConfigArgs ca = {0};
3541         struct berval rdn;
3542         char *ptr;
3543         AttributeDescription *rad = NULL;
3544
3545         if ( !be_isroot( op ) ) {
3546                 rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
3547                 goto out;
3548         }
3549
3550         cfb = (CfBackInfo *)op->o_bd->be_private;
3551
3552         ce = config_find_base( cfb->cb_root, &op->o_req_ndn, &last );
3553         if ( !ce ) {
3554                 if ( last )
3555                         rs->sr_matched = last->ce_entry->e_name.bv_val;
3556                 rs->sr_err = LDAP_NO_SUCH_OBJECT;
3557                 goto out;
3558         }
3559
3560         /* Get type of RDN */
3561         rdn = ce->ce_entry->e_nname;
3562         ptr = strchr( rdn.bv_val, '=' );
3563         rdn.bv_len = ptr - rdn.bv_val;
3564         slap_bv2ad( &rdn, &rad, &rs->sr_text );
3565
3566         /* Some basic validation... */
3567         for ( ml = op->orm_modlist; ml; ml = ml->sml_next ) {
3568                 /* Don't allow Modify of RDN; must use ModRdn for that. */
3569                 if ( ml->sml_desc == rad ) {
3570                         rs->sr_err = LDAP_NOT_ALLOWED_ON_RDN;
3571                         rs->sr_text = "Use modrdn to change the entry name";
3572                         goto out;
3573                 }
3574         }
3575
3576         ldap_pvt_thread_pool_pause( &connection_pool );
3577
3578         /* Strategy:
3579          * 1) perform the Modify on the cached Entry.
3580          * 2) verify that the Entry still satisfies the schema.
3581          * 3) perform the individual config operations.
3582          * 4) store Modified entry in underlying LDIF backend.
3583          */
3584         rs->sr_err = config_modify_internal( ce, op, rs, &ca );
3585         if ( rs->sr_err ) {
3586                 rs->sr_text = ca.msg;
3587         } else if ( cfb->cb_use_ldif ) {
3588                 BackendDB *be = op->o_bd;
3589                 slap_callback sc = { NULL, slap_null_cb, NULL, NULL };
3590                 op->o_bd = &cfb->cb_db;
3591                 sc.sc_next = op->o_callback;
3592                 op->o_callback = &sc;
3593                 op->o_bd->be_modify( op, rs );
3594                 op->o_bd = be;
3595                 op->o_callback = sc.sc_next;
3596         }
3597
3598         ldap_pvt_thread_pool_resume( &connection_pool );
3599 out:
3600         send_ldap_result( op, rs );
3601         return rs->sr_err;
3602 }
3603
3604 static int
3605 config_back_modrdn( Operation *op, SlapReply *rs )
3606 {
3607         CfBackInfo *cfb;
3608         CfEntryInfo *ce, *last;
3609
3610         if ( !be_isroot( op ) ) {
3611                 rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
3612                 goto out;
3613         }
3614
3615         cfb = (CfBackInfo *)op->o_bd->be_private;
3616
3617         ce = config_find_base( cfb->cb_root, &op->o_req_ndn, &last );
3618         if ( !ce ) {
3619                 if ( last )
3620                         rs->sr_matched = last->ce_entry->e_name.bv_val;
3621                 rs->sr_err = LDAP_NO_SUCH_OBJECT;
3622                 goto out;
3623         }
3624
3625         /* We don't allow moving objects to new parents.
3626          * Generally we only allow reordering a set of ordered entries.
3627          */
3628         if ( op->orr_newSup ) {
3629                 rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
3630                 goto out;
3631         }
3632         ldap_pvt_thread_pool_pause( &connection_pool );
3633
3634         ldap_pvt_thread_pool_resume( &connection_pool );
3635 out:
3636         send_ldap_result( op, rs );
3637         return rs->sr_err;
3638 }
3639
3640 static int
3641 config_back_search( Operation *op, SlapReply *rs )
3642 {
3643         CfBackInfo *cfb;
3644         CfEntryInfo *ce, *last;
3645
3646         if ( !be_isroot( op ) ) {
3647                 rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
3648                 goto out;
3649         }
3650
3651         cfb = (CfBackInfo *)op->o_bd->be_private;
3652
3653         ce = config_find_base( cfb->cb_root, &op->o_req_ndn, &last );
3654         if ( !ce ) {
3655                 if ( last )
3656                         rs->sr_matched = last->ce_entry->e_name.bv_val;
3657                 rs->sr_err = LDAP_NO_SUCH_OBJECT;
3658                 goto out;
3659         }
3660         switch ( op->ors_scope ) {
3661         case LDAP_SCOPE_BASE:
3662         case LDAP_SCOPE_SUBTREE:
3663                 config_send( op, rs, ce, 0 );
3664                 break;
3665                 
3666         case LDAP_SCOPE_ONELEVEL:
3667                 for (ce = ce->ce_kids; ce; ce=ce->ce_sibs) {
3668                         config_send( op, rs, ce, 1 );
3669                 }
3670                 break;
3671         }
3672                 
3673         rs->sr_err = LDAP_SUCCESS;
3674 out:
3675         send_ldap_result( op, rs );
3676         return 0;
3677 }
3678
3679 static void
3680 config_build_attrs( Entry *e, AttributeType **at, AttributeDescription *ad,
3681         ConfigTable *ct, ConfigArgs *c )
3682 {
3683         int i, rc;
3684
3685         for (; at && *at; at++) {
3686                 /* Skip the naming attr */
3687                 if ((*at)->sat_ad == ad || (*at)->sat_ad == slap_schema.si_ad_cn )
3688                         continue;
3689                 for (i=0;ct[i].name;i++) {
3690                         if (ct[i].ad == (*at)->sat_ad) {
3691                                 rc = config_get_vals(&ct[i], c);
3692                                 if (rc == LDAP_SUCCESS) {
3693                                         if ( c->rvalue_nvals )
3694                                                 attr_merge(e, ct[i].ad, c->rvalue_vals,
3695                                                         c->rvalue_nvals);
3696                                         else
3697                                                 attr_merge_normalize(e, ct[i].ad,
3698                                                         c->rvalue_vals, NULL);
3699                                         ber_bvarray_free( c->rvalue_nvals );
3700                                         ber_bvarray_free( c->rvalue_vals );
3701                                 }
3702                                 break;
3703                         }
3704                 }
3705         }
3706 }
3707
3708 Entry *
3709 config_build_entry( Operation *op, SlapReply *rs, CfEntryInfo *parent,
3710         ConfigArgs *c, struct berval *rdn, ConfigOCs *main, ConfigOCs *extra )
3711 {
3712         Entry *e = ch_calloc( 1, sizeof(Entry) );
3713         CfEntryInfo *ce = ch_calloc( 1, sizeof(CfEntryInfo) );
3714         struct berval val;
3715         struct berval ad_name;
3716         AttributeDescription *ad = NULL;
3717         int rc;
3718         char *ptr;
3719         const char *text;
3720         Attribute *oc_at;
3721         struct berval pdn;
3722         ObjectClass *oc;
3723         CfEntryInfo *ceprev = NULL;
3724
3725         e->e_private = ce;
3726         ce->ce_entry = e;
3727         ce->ce_parent = parent;
3728         if ( parent ) {
3729                 pdn = parent->ce_entry->e_nname;
3730                 if ( parent->ce_kids )
3731                         for ( ceprev = parent->ce_kids; ceprev->ce_sibs;
3732                                 ceprev = ceprev->ce_sibs );
3733         } else {
3734                 BER_BVZERO( &pdn );
3735         }
3736
3737         ce->ce_type = main->co_type;
3738         ce->ce_private = c->private;
3739         ce->ce_be = c->be;
3740         ce->ce_bi = c->bi;
3741
3742         build_new_dn( &e->e_name, &pdn, rdn, NULL );
3743         ber_dupbv( &e->e_nname, &e->e_name );
3744
3745         attr_merge_normalize_one(e, slap_schema.si_ad_objectClass,
3746                 main->co_name, NULL );
3747         if ( extra )
3748                 attr_merge_normalize_one(e, slap_schema.si_ad_objectClass,
3749                         extra->co_name, NULL );
3750         ptr = strchr(rdn->bv_val, '=');
3751         ad_name.bv_val = rdn->bv_val;
3752         ad_name.bv_len = ptr - rdn->bv_val;
3753         rc = slap_bv2ad( &ad_name, &ad, &text );
3754         if ( rc ) {
3755                 return NULL;
3756         }
3757         val.bv_val = ptr+1;
3758         val.bv_len = rdn->bv_len - (val.bv_val - rdn->bv_val);
3759         attr_merge_normalize_one(e, ad, &val, NULL );
3760
3761         oc = main->co_oc;
3762         if ( oc->soc_required )
3763                 config_build_attrs( e, oc->soc_required, ad, main->co_table, c );
3764
3765         if ( oc->soc_allowed )
3766                 config_build_attrs( e, oc->soc_allowed, ad, main->co_table, c );
3767
3768         if ( extra ) {
3769                 oc = extra->co_oc;
3770                 if ( oc->soc_required )
3771                         config_build_attrs( e, oc->soc_required, ad, extra->co_table, c );
3772
3773                 if ( oc->soc_allowed )
3774                         config_build_attrs( e, oc->soc_allowed, ad, extra->co_table, c );
3775         }
3776
3777         oc_at = attr_find( e->e_attrs, slap_schema.si_ad_objectClass );
3778         rc = structural_class(oc_at->a_vals, &val, NULL, &text, c->msg,
3779                 sizeof(c->msg));
3780         attr_merge_normalize_one(e, slap_schema.si_ad_structuralObjectClass, &val, NULL );
3781         if ( op ) {
3782                 op->ora_e = e;
3783                 op->o_bd->be_add( op, rs );
3784         }
3785         if ( ceprev ) {
3786                 ceprev->ce_sibs = ce;
3787         } else if ( parent ) {
3788                 parent->ce_kids = ce;
3789         }
3790
3791         return e;
3792 }
3793
3794 static void
3795 config_build_schema_inc( ConfigArgs *c, CfEntryInfo *ceparent,
3796         Operation *op, SlapReply *rs )
3797 {
3798         Entry *e;
3799         ConfigFile *cf = c->private;
3800         char *ptr;
3801         struct berval bv;
3802
3803         for (; cf; cf=cf->c_sibs, c->depth++) {
3804                 c->value_dn.bv_val = c->log;
3805                 bv.bv_val = strrchr(cf->c_file.bv_val, LDAP_DIRSEP[0]);
3806                 if ( !bv.bv_val ) {
3807                         bv = cf->c_file;
3808                 } else {
3809                         bv.bv_val++;
3810                         bv.bv_len = cf->c_file.bv_len - (bv.bv_val - cf->c_file.bv_val);
3811                 }
3812                 ptr = strchr( bv.bv_val, '.' );
3813                 if ( ptr )
3814                         bv.bv_len = ptr - bv.bv_val;
3815                 c->value_dn.bv_len = sprintf(c->value_dn.bv_val, "cn=" IFMT, c->depth);
3816                 strncpy( c->value_dn.bv_val + c->value_dn.bv_len, bv.bv_val,
3817                         bv.bv_len );
3818                 c->value_dn.bv_len += bv.bv_len;
3819                 c->value_dn.bv_val[c->value_dn.bv_len] ='\0';
3820
3821                 c->private = cf;
3822                 e = config_build_entry( op, rs, ceparent, c, &c->value_dn,
3823                         &CFOC_SCHEMA, NULL );
3824                 if ( e && cf->c_kids ) {
3825                         c->private = cf->c_kids;
3826                         config_build_schema_inc( c, e->e_private, op, rs );
3827                 }
3828         }
3829 }
3830
3831 static void
3832 config_build_includes( ConfigArgs *c, CfEntryInfo *ceparent,
3833         Operation *op, SlapReply *rs )
3834 {
3835         Entry *e;
3836         int i;
3837         ConfigFile *cf = c->private;
3838
3839         for (i=0; cf; cf=cf->c_sibs, i++) {
3840                 c->value_dn.bv_val = c->log;
3841                 c->value_dn.bv_len = sprintf(c->value_dn.bv_val, "cn=include" IFMT, i);
3842                 c->private = cf;
3843                 e = config_build_entry( op, rs, ceparent, c, &c->value_dn,
3844                         &CFOC_INCLUDE, NULL );
3845                 if ( e && cf->c_kids ) {
3846                         c->private = cf->c_kids;
3847                         config_build_includes( c, e->e_private, op, rs );
3848                 }
3849         }
3850 }
3851
3852 #ifdef SLAPD_MODULES
3853
3854 static void
3855 config_build_modules( ConfigArgs *c, CfEntryInfo *ceparent,
3856         Operation *op, SlapReply *rs )
3857 {
3858         int i;
3859         ModPaths *mp;
3860
3861         for (i=0, mp=&modpaths; mp; mp=mp->mp_next, i++) {
3862                 if ( BER_BVISNULL( &mp->mp_path ) && !mp->mp_loads )
3863                         continue;
3864                 c->value_dn.bv_val = c->log;
3865                 c->value_dn.bv_len = sprintf(c->value_dn.bv_val, "cn=module" IFMT, i);
3866                 c->private = mp;
3867                 config_build_entry( op, rs, ceparent, c, &c->value_dn,
3868                         &CFOC_MODULE, NULL );
3869         }
3870 }
3871 #endif
3872
3873 static int
3874 config_back_db_open( BackendDB *be )
3875 {
3876         CfBackInfo *cfb = be->be_private;
3877         struct berval rdn;
3878         Entry *e, *parent;
3879         CfEntryInfo *ce, *ceparent;
3880         int i;
3881         BackendInfo *bi;
3882         BackendDB *bptr;
3883         ConfigArgs c;
3884         Connection conn = {0};
3885         char opbuf[OPERATION_BUFFER_SIZE];
3886         Operation *op;
3887         slap_callback cb = { NULL, slap_null_cb, NULL, NULL };
3888         SlapReply rs = {REP_RESULT};
3889
3890         /* If we read the config from back-ldif, nothing to do here */
3891         if ( cfb->cb_got_ldif )
3892                 return 0;
3893
3894         if ( cfb->cb_use_ldif ) {
3895                 op = (Operation *)opbuf;
3896                 connection_fake_init( &conn, op, cfb );
3897
3898                 op->o_dn = be->be_rootdn;
3899                 op->o_ndn = be->be_rootndn;
3900
3901                 op->o_tag = LDAP_REQ_ADD;
3902                 op->o_callback = &cb;
3903                 op->o_bd = &cfb->cb_db;
3904         } else {
3905                 op = NULL;
3906         }
3907
3908         /* create root of tree */
3909         rdn = config_rdn;
3910         c.private = cfb->cb_config;
3911         c.be = frontendDB;
3912         e = config_build_entry( op, &rs, NULL, &c, &rdn, &CFOC_GLOBAL, NULL );
3913         ce = e->e_private;
3914         cfb->cb_root = ce;
3915
3916         parent = e;
3917         ceparent = ce;
3918
3919         /* Create includeFile nodes */
3920         if ( cfb->cb_config->c_kids ) {
3921                 c.depth = 0;
3922                 c.private = cfb->cb_config->c_kids;
3923                 config_build_includes( &c, ceparent, op, &rs );
3924         }
3925
3926 #ifdef SLAPD_MODULES
3927         /* Create Module nodes... */
3928         if ( modpaths.mp_loads ) {
3929                 config_build_modules( &c, ceparent, op, &rs );
3930         }
3931 #endif
3932
3933         /* Create schema nodes... cn=schema will contain the hardcoded core
3934          * schema, read-only. Child objects will contain runtime loaded schema
3935          * files.
3936          */
3937         rdn = schema_rdn;
3938         c.private = NULL;
3939         e = config_build_entry( op, &rs, ceparent, &c, &rdn, &CFOC_SCHEMA, NULL );
3940         ce = e->e_private;
3941
3942         /* Create schema nodes for included schema... */
3943         if ( cfb->cb_config->c_kids ) {
3944                 c.depth = 0;
3945                 c.private = cfb->cb_config->c_kids;
3946                 config_build_schema_inc( &c, ce, op, &rs );
3947         }
3948
3949         /* Create backend nodes. Skip if they don't provide a cf_table.
3950          * There usually aren't any of these.
3951          */
3952         
3953         c.line = 0;
3954         LDAP_STAILQ_FOREACH( bi, &backendInfo, bi_next) {
3955                 if (!bi->bi_cf_ocs) continue;
3956                 if (!bi->bi_private) continue;
3957
3958                 rdn.bv_val = c.log;
3959                 rdn.bv_len = sprintf(rdn.bv_val, "%s=%s", cfAd_backend->ad_cname.bv_val, bi->bi_type);
3960                 c.bi = bi;
3961                 e = config_build_entry( op, &rs, ceparent, &c, &rdn, &CFOC_BACKEND,
3962                         bi->bi_cf_ocs );
3963         }
3964
3965         /* Create database nodes... */
3966         i = -1;
3967         LDAP_STAILQ_FOREACH( be, &backendDB, be_next ) {
3968                 slap_overinfo *oi = NULL;
3969                 i++;
3970                 if ( i == 0 ) {
3971                         bptr = frontendDB;
3972                 } else {
3973                         bptr = be;
3974                 }
3975                 if ( overlay_is_over( bptr )) {
3976                         oi = bptr->bd_info->bi_private;
3977                         bi = oi->oi_orig;
3978                 } else {
3979                         bi = bptr->bd_info;
3980                 }
3981                 rdn.bv_val = c.log;
3982                 rdn.bv_len = sprintf(rdn.bv_val, "%s=" IFMT "%s", cfAd_database->ad_cname.bv_val,
3983                         i, bi->bi_type);
3984                 c.be = bptr;
3985                 c.bi = bi;
3986                 e = config_build_entry( op, &rs, ceparent, &c, &rdn, &CFOC_DATABASE,
3987                         be->be_cf_ocs );
3988                 ce = e->e_private;
3989                 if ( be->be_cf_ocs && be->be_cf_ocs->co_cfadd )
3990                         be->be_cf_ocs->co_cfadd( op, &rs, e, &c );
3991                 /* Iterate through overlays */
3992                 if ( oi ) {
3993                         slap_overinst *on;
3994                         Entry *oe;
3995                         int j;
3996
3997                         for (j=0,on=oi->oi_list; on; j++,on=on->on_next) {
3998                                 rdn.bv_val = c.log;
3999                                 rdn.bv_len = sprintf(rdn.bv_val, "%s=" IFMT "%s",
4000                                         cfAd_overlay->ad_cname.bv_val, j, on->on_bi.bi_type );
4001                                 c.be = bptr;
4002                                 c.bi = &on->on_bi;
4003                                 oe = config_build_entry( op, &rs, ce, &c, &rdn,
4004                                         &CFOC_OVERLAY, c.bi->bi_cf_ocs );
4005                                 if ( c.bi->bi_cf_ocs && c.bi->bi_cf_ocs->co_cfadd )
4006                                         c.bi->bi_cf_ocs->co_cfadd( op, &rs, oe, &c );
4007                         }
4008                 }
4009         }
4010         if ( op )
4011                 slap_sl_mem_destroy( NULL, op->o_tmpmemctx );
4012
4013         return 0;
4014 }
4015
4016 static void
4017 cfb_free_cffile( ConfigFile *cf )
4018 {
4019         ConfigFile *next;
4020
4021         for (; cf; cf=next) {
4022                 next = cf->c_sibs;
4023                 if ( cf->c_kids )
4024                         cfb_free_cffile( cf->c_kids );
4025                 ch_free( cf->c_file.bv_val );
4026                 ber_bvarray_free( cf->c_dseFiles );
4027                 ch_free( cf );
4028         }
4029 }
4030
4031 static void
4032 cfb_free_entries( CfEntryInfo *ce )
4033 {
4034         CfEntryInfo *next;
4035
4036         for (; ce; ce=next) {
4037                 next = ce->ce_sibs;
4038                 if ( ce->ce_kids )
4039                         cfb_free_entries( ce->ce_kids );
4040                 ce->ce_entry->e_private = NULL;
4041                 entry_free( ce->ce_entry );
4042                 ch_free( ce );
4043         }
4044 }
4045
4046 static int
4047 config_back_db_close( BackendDB *be )
4048 {
4049         CfBackInfo *cfb = be->be_private;
4050
4051         cfb_free_entries( cfb->cb_root );
4052         cfb->cb_root = NULL;
4053
4054         backend_shutdown( &cfb->cb_db );
4055         return 0;
4056 }
4057
4058 static int
4059 config_back_db_destroy( BackendDB *be )
4060 {
4061         CfBackInfo *cfb = be->be_private;
4062
4063         cfb_free_cffile( cfb->cb_config );
4064
4065         ch_free( cfdir.bv_val );
4066
4067         avl_free( CfOcTree, NULL );
4068
4069         cfb->cb_db.be_suffix = NULL;
4070         cfb->cb_db.be_nsuffix = NULL;
4071         cfb->cb_db.be_rootdn.bv_val = NULL;
4072         cfb->cb_db.be_rootndn.bv_val = NULL;
4073         backend_destroy_one( &cfb->cb_db, 0 );
4074
4075         free( be->be_private );
4076         return 0;
4077 }
4078
4079 static int
4080 config_back_db_init( BackendDB *be )
4081 {
4082         struct berval dn;
4083         CfBackInfo *cfb;
4084
4085         cfb = ch_calloc( 1, sizeof(CfBackInfo));
4086         cfb->cb_config = ch_calloc( 1, sizeof(ConfigFile));
4087         cfn = cfb->cb_config;
4088         be->be_private = cfb;
4089
4090         ber_dupbv( &be->be_rootdn, &config_rdn );
4091         ber_dupbv( &be->be_rootndn, &be->be_rootdn );
4092         ber_dupbv( &dn, &be->be_rootdn );
4093         ber_bvarray_add( &be->be_suffix, &dn );
4094         ber_dupbv( &dn, &be->be_rootdn );
4095         ber_bvarray_add( &be->be_nsuffix, &dn );
4096
4097         /* Hide from namingContexts */
4098         SLAP_BFLAGS(be) |= SLAP_BFLAG_CONFIG;
4099
4100         return 0;
4101 }
4102
4103 static int
4104 config_back_destroy( BackendInfo *bi )
4105 {
4106         ldif_must_b64_encode_release();
4107         return 0;
4108 }
4109
4110 static int
4111 config_tool_entry_open( BackendDB *be, int mode )
4112 {
4113         CfBackInfo *cfb = be->be_private;
4114         BackendInfo *bi = cfb->cb_db.bd_info;
4115
4116         if ( bi && bi->bi_tool_entry_open )
4117                 return bi->bi_tool_entry_open( &cfb->cb_db, mode );
4118         else
4119                 return -1;
4120         
4121 }
4122
4123 static int
4124 config_tool_entry_close( BackendDB *be )
4125 {
4126         CfBackInfo *cfb = be->be_private;
4127         BackendInfo *bi = cfb->cb_db.bd_info;
4128
4129         if ( bi && bi->bi_tool_entry_close )
4130                 return bi->bi_tool_entry_close( &cfb->cb_db );
4131         else
4132                 return -1;
4133 }
4134
4135 static ID
4136 config_tool_entry_first( BackendDB *be )
4137 {
4138         CfBackInfo *cfb = be->be_private;
4139         BackendInfo *bi = cfb->cb_db.bd_info;
4140
4141         if ( bi && bi->bi_tool_entry_first )
4142                 return bi->bi_tool_entry_first( &cfb->cb_db );
4143         else
4144                 return NOID;
4145 }
4146
4147 static ID
4148 config_tool_entry_next( BackendDB *be )
4149 {
4150         CfBackInfo *cfb = be->be_private;
4151         BackendInfo *bi = cfb->cb_db.bd_info;
4152
4153         if ( bi && bi->bi_tool_entry_next )
4154                 return bi->bi_tool_entry_next( &cfb->cb_db );
4155         else
4156                 return NOID;
4157 }
4158
4159 static Entry *
4160 config_tool_entry_get( BackendDB *be, ID id )
4161 {
4162         CfBackInfo *cfb = be->be_private;
4163         BackendInfo *bi = cfb->cb_db.bd_info;
4164
4165         if ( bi && bi->bi_tool_entry_get )
4166                 return bi->bi_tool_entry_get( &cfb->cb_db, id );
4167         else
4168                 return NULL;
4169 }
4170
4171 static ID
4172 config_tool_entry_put( BackendDB *be, Entry *e, struct berval *text )
4173 {
4174         CfBackInfo *cfb = be->be_private;
4175         BackendInfo *bi = cfb->cb_db.bd_info;
4176         ConfigArgs ca;
4177
4178         if ( bi && bi->bi_tool_entry_put &&
4179                 config_add_internal( cfb, e, &ca, NULL, NULL ) == 0 )
4180                 return bi->bi_tool_entry_put( &cfb->cb_db, e, text );
4181         else
4182                 return NOID;
4183 }
4184
4185 static struct {
4186         char *name;
4187         AttributeDescription **desc;
4188 } ads[] = {
4189         { "backend", &cfAd_backend },
4190         { "database", &cfAd_database },
4191         { "include", &cfAd_include },
4192         { "overlay", &cfAd_overlay },
4193         { NULL, NULL }
4194 };
4195
4196 /* Notes:
4197  *   add / delete: all types that may be added or deleted must use an
4198  * X-ORDERED attributeType for their RDN. Adding and deleting entries
4199  * should automatically renumber the index of any siblings as needed,
4200  * so that no gaps in the numbering sequence exist after the add/delete
4201  * is completed.
4202  *   What can be added:
4203  *     schema objects
4204  *     backend objects for backend-specific config directives
4205  *     database objects
4206  *     overlay objects
4207  *
4208  *   delete: probably no support this time around.
4209  *
4210  *   modrdn: generally not done. Will be invoked automatically by add/
4211  * delete to update numbering sequence. Perform as an explicit operation
4212  * so that the renumbering effect may be replicated. Subtree rename must
4213  * be supported, since renumbering a database will affect all its child
4214  * overlays.
4215  *
4216  *  modify: must be fully supported. 
4217  */
4218
4219 int
4220 config_back_initialize( BackendInfo *bi )
4221 {
4222         ConfigTable             *ct = config_back_cf_table;
4223         char                    *argv[4];
4224         int                     i;
4225         AttributeDescription    *ad = NULL;
4226         const char              *text;
4227         static char             *controls[] = {
4228                 LDAP_CONTROL_MANAGEDSAIT,
4229                 NULL
4230         };
4231
4232         bi->bi_controls = controls;
4233
4234         bi->bi_open = 0;
4235         bi->bi_close = 0;
4236         bi->bi_config = 0;
4237         bi->bi_destroy = config_back_destroy;
4238
4239         bi->bi_db_init = config_back_db_init;
4240         bi->bi_db_config = 0;
4241         bi->bi_db_open = config_back_db_open;
4242         bi->bi_db_close = config_back_db_close;
4243         bi->bi_db_destroy = config_back_db_destroy;
4244
4245         bi->bi_op_bind = config_back_bind;
4246         bi->bi_op_unbind = 0;
4247         bi->bi_op_search = config_back_search;
4248         bi->bi_op_compare = 0;
4249         bi->bi_op_modify = config_back_modify;
4250         bi->bi_op_modrdn = config_back_modrdn;
4251         bi->bi_op_add = config_back_add;
4252         bi->bi_op_delete = 0;
4253         bi->bi_op_abandon = 0;
4254
4255         bi->bi_extended = 0;
4256
4257         bi->bi_chk_referrals = 0;
4258
4259 #ifdef SLAP_OVERLAY_ACCESS
4260         bi->bi_access_allowed = slap_access_always_allowed;
4261 #endif /* SLAP_OVERLAY_ACCESS */
4262
4263         bi->bi_connection_init = 0;
4264         bi->bi_connection_destroy = 0;
4265
4266         bi->bi_tool_entry_open = config_tool_entry_open;
4267         bi->bi_tool_entry_close = config_tool_entry_close;
4268         bi->bi_tool_entry_first = config_tool_entry_first;
4269         bi->bi_tool_entry_next = config_tool_entry_next;
4270         bi->bi_tool_entry_get = config_tool_entry_get;
4271         bi->bi_tool_entry_put = config_tool_entry_put;
4272
4273         /* Make sure we don't exceed the bits reserved for userland */
4274         assert( ( ( CFG_LAST - 1 ) & ARGS_USERLAND ) == ( CFG_LAST - 1 ) );
4275
4276         argv[3] = NULL;
4277         for (i=0; OidMacros[i].name; i++ ) {
4278                 argv[1] = OidMacros[i].name;
4279                 argv[2] = OidMacros[i].oid;
4280                 parse_oidm( "slapd", i, 3, argv, 0, NULL );
4281         }
4282
4283         bi->bi_cf_ocs = cf_ocs;
4284
4285         i = config_register_schema( ct, cf_ocs );
4286         if ( i ) return i;
4287
4288         /* setup olcRootPW to be base64-encoded when written in LDIF form;
4289          * basically, we don't care if it fails */
4290         i = slap_str2ad( "olcRootPW", &ad, &text );
4291         if ( i ) {
4292                 Debug( LDAP_DEBUG_ANY, "config_back_initialize: "
4293                         "warning, unable to get \"olcRootPW\" "
4294                         "attribute description: %d: %s\n",
4295                         i, text, 0 );
4296         } else {
4297                 (void)ldif_must_b64_encode_register( ad->ad_cname.bv_val,
4298                         ad->ad_type->sat_oid );
4299         }
4300
4301         /* set up the notable AttributeDescriptions */
4302         i = 0;
4303         for (;ct->name;ct++) {
4304                 if (strcmp(ct->name, ads[i].name)) continue;
4305                 *ads[i].desc = ct->ad;
4306                 i++;
4307                 if (!ads[i].name) break;
4308         }
4309
4310         return 0;
4311 }
4312