]> git.sur5r.net Git - openldap/blob - servers/slapd/bconfig.c
be9de3f5ea354990d7611a73962dab18147891f5
[openldap] / servers / slapd / bconfig.c
1 /* bconfig.c - the config backend */
2 /* $OpenLDAP$ */
3 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
4  *
5  * Copyright 2005 The OpenLDAP Foundation.
6  * All rights reserved.
7  *
8  * Redistribution and use in source and binary forms, with or without
9  * modification, are permitted only as authorized by the OpenLDAP
10  * Public License.
11  *
12  * A copy of this license is available in the file LICENSE in the
13  * top-level directory of the distribution or, alternatively, at
14  * <http://www.OpenLDAP.org/license.html>.
15  */
16 /* ACKNOWLEDGEMENTS:
17  * This work was originally developed by Howard Chu for inclusion
18  * in OpenLDAP Software.
19  */
20
21 #include "portable.h"
22
23 #include <stdio.h>
24 #include <ac/string.h>
25 #include <ac/ctype.h>
26 #include <ac/errno.h>
27 #include <sys/stat.h>
28
29 #include "slap.h"
30
31 #ifdef LDAP_SLAPI
32 #include "slapi/slapi.h"
33 #endif
34
35 #include <ldif.h>
36 #include <lutil.h>
37
38 #include "config.h"
39
40 static struct berval config_rdn = BER_BVC("cn=config");
41 static struct berval schema_rdn = BER_BVC("cn=schema");
42
43 #define IFMT    "{%d}"
44
45 #ifdef SLAPD_MODULES
46 typedef struct modpath_s {
47         struct modpath_s *mp_next;
48         struct berval mp_path;
49         BerVarray mp_loads;
50 } ModPaths;
51
52 static ModPaths modpaths, *modlast = &modpaths, *modcur = &modpaths;
53 #endif
54
55 typedef struct ConfigFile {
56         struct ConfigFile *c_sibs;
57         struct ConfigFile *c_kids;
58         struct berval c_file;
59         AttributeType *c_at_head, *c_at_tail;
60         ContentRule *c_cr_head, *c_cr_tail;
61         ObjectClass *c_oc_head, *c_oc_tail;
62         OidMacro *c_om_head, *c_om_tail;
63         BerVarray c_dseFiles;
64 } ConfigFile;
65
66 typedef struct {
67         ConfigFile *cb_config;
68         CfEntryInfo *cb_root;
69         BackendDB       cb_db;  /* underlying database */
70         int             cb_got_ldif;
71         int             cb_use_ldif;
72 } CfBackInfo;
73
74 /* These do nothing in slapd, they're kept only to make them
75  * editable here.
76  */
77 static char *replica_pidFile, *replica_argsFile;
78 static int replicationInterval;
79
80 static char     *passwd_salt;
81 static char     *logfileName;
82 #ifdef SLAP_AUTH_REWRITE
83 static BerVarray authz_rewrites;
84 #endif
85
86 static struct berval cfdir;
87
88 /* Private state */
89 static AttributeDescription *cfAd_backend, *cfAd_database, *cfAd_overlay,
90         *cfAd_include;
91
92 static ConfigFile *cfn;
93
94 static Avlnode *CfOcTree;
95
96 static int config_add_internal( CfBackInfo *cfb, Entry *e, ConfigArgs *ca,
97         SlapReply *rs, int *renumber );
98
99 static ConfigDriver config_fname;
100 static ConfigDriver config_cfdir;
101 static ConfigDriver config_generic;
102 static ConfigDriver config_search_base;
103 static ConfigDriver config_passwd_hash;
104 static ConfigDriver config_schema_dn;
105 static ConfigDriver config_sizelimit;
106 static ConfigDriver config_timelimit;
107 static ConfigDriver config_overlay;
108 static ConfigDriver config_subordinate; 
109 static ConfigDriver config_suffix; 
110 static ConfigDriver config_rootdn;
111 static ConfigDriver config_rootpw;
112 static ConfigDriver config_restrict;
113 static ConfigDriver config_allows;
114 static ConfigDriver config_disallows;
115 static ConfigDriver config_requires;
116 static ConfigDriver config_security;
117 static ConfigDriver config_referral;
118 static ConfigDriver config_loglevel;
119 static ConfigDriver config_replica;
120 static ConfigDriver config_updatedn;
121 static ConfigDriver config_updateref;
122 static ConfigDriver config_include;
123 #ifdef HAVE_TLS
124 static ConfigDriver config_tls_option;
125 static ConfigDriver config_tls_config;
126 #endif
127 extern ConfigDriver syncrepl_config;
128
129 enum {
130         CFG_ACL = 1,
131         CFG_BACKEND,
132         CFG_DATABASE,
133         CFG_TLS_RAND,
134         CFG_TLS_CIPHER,
135         CFG_TLS_CERT_FILE,
136         CFG_TLS_CERT_KEY,
137         CFG_TLS_CA_PATH,
138         CFG_TLS_CA_FILE,
139         CFG_TLS_VERIFY,
140         CFG_TLS_CRLCHECK,
141         CFG_CONCUR,
142         CFG_THREADS,
143         CFG_SALT,
144         CFG_LIMITS,
145         CFG_RO,
146         CFG_REWRITE,
147         CFG_DEPTH,
148         CFG_OID,
149         CFG_OC,
150         CFG_DIT,
151         CFG_ATTR,
152         CFG_ATOPT,
153         CFG_REPLOG,
154         CFG_ROOTDSE,
155         CFG_LOGFILE,
156         CFG_PLUGIN,
157         CFG_MODLOAD,
158         CFG_MODPATH,
159         CFG_LASTMOD,
160         CFG_AZPOLICY,
161         CFG_AZREGEXP,
162         CFG_SASLSECP,
163         CFG_SSTR_IF_MAX,
164         CFG_SSTR_IF_MIN,
165
166         CFG_LAST
167 };
168
169 typedef struct {
170         char *name, *oid;
171 } OidRec;
172
173 static OidRec OidMacros[] = {
174         /* OpenLDAProot:666.11.1 */
175         { "OLcfg", "1.3.6.1.4.1.4203.666.11.1" },
176         { "OLcfgAt", "OLcfg:3" },
177         { "OLcfgGlAt", "OLcfgAt:0" },
178         { "OLcfgBkAt", "OLcfgAt:1" },
179         { "OLcfgDbAt", "OLcfgAt:2" },
180         { "OLcfgOvAt", "OLcfgAt:3" },
181         { "OLcfgOc", "OLcfg:4" },
182         { "OLcfgGlOc", "OLcfgOc:0" },
183         { "OLcfgBkOc", "OLcfgOc:1" },
184         { "OLcfgDbOc", "OLcfgOc:2" },
185         { "OLcfgOvOc", "OLcfgOc:3" },
186         { "OMsyn", "1.3.6.1.4.1.1466.115.121.1" },
187         { "OMsInteger", "OMsyn:27" },
188         { "OMsBoolean", "OMsyn:7" },
189         { "OMsDN", "OMsyn:12" },
190         { "OMsDirectoryString", "OMsyn:15" },
191         { "OMsOctetString", "OMsyn:40" },
192         { NULL, NULL }
193 };
194
195 /*
196  * OLcfg{Bk|Db}{Oc|At}:0                -> common
197  * OLcfg{Bk|Db}{Oc|At}:1                -> bdb
198  * OLcfg{Bk|Db}{Oc|At}:2                -> ldif
199  * OLcfg{Bk|Db}{Oc|At}:3                -> ldap?
200  */
201
202 /* alphabetical ordering */
203
204 static ConfigTable config_back_cf_table[] = {
205         /* This attr is read-only */
206         { "", "", 0, 0, 0, ARG_MAGIC,
207                 &config_fname, "( OLcfgGlAt:78 NAME 'olcConfigFile' "
208                         "DESC 'File for slapd configuration directives' "
209                         "EQUALITY caseIgnoreMatch "
210                         "SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
211         { "", "", 0, 0, 0, ARG_MAGIC,
212                 &config_cfdir, "( OLcfgGlAt:79 NAME 'olcConfigDir' "
213                         "DESC 'Directory for slapd configuration backend' "
214                         "EQUALITY caseIgnoreMatch "
215                         "SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
216         { "access",     NULL, 0, 0, 0, ARG_MAY_DB|ARG_MAGIC|CFG_ACL,
217                 &config_generic, "( OLcfgGlAt:1 NAME 'olcAccess' "
218                         "DESC 'Access Control List' "
219                         "EQUALITY caseIgnoreMatch "
220                         "SYNTAX OMsDirectoryString X-ORDERED 'VALUES' )", NULL, NULL },
221         { "allows",     "features", 2, 0, 5, ARG_PRE_DB|ARG_MAGIC,
222                 &config_allows, "( OLcfgGlAt:2 NAME 'olcAllows' "
223                         "DESC 'Allowed set of deprecated features' "
224                         "EQUALITY caseIgnoreMatch "
225                         "SYNTAX OMsDirectoryString )", NULL, NULL },
226         { "argsfile", "file", 2, 2, 0, ARG_STRING,
227                 &slapd_args_file, "( OLcfgGlAt:3 NAME 'olcArgsFile' "
228                         "DESC 'File for slapd command line options' "
229                         "EQUALITY caseIgnoreMatch "
230                         "SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
231         { "attributeoptions", NULL, 0, 0, 0, ARG_MAGIC|CFG_ATOPT,
232                 &config_generic, "( OLcfgGlAt:5 NAME 'olcAttributeOptions' "
233                         "EQUALITY caseIgnoreMatch "
234                         "SYNTAX OMsDirectoryString )", NULL, NULL },
235         { "attribute",  "attribute", 2, 0, 9,
236                 ARG_PAREN|ARG_MAGIC|CFG_ATTR|ARG_NO_DELETE|ARG_NO_INSERT,
237                 &config_generic, "( OLcfgGlAt:4 NAME 'olcAttributeTypes' "
238                         "DESC 'OpenLDAP attributeTypes' "
239                         "EQUALITY caseIgnoreMatch "
240                         "SYNTAX OMsDirectoryString X-ORDERED 'VALUES' )",
241                                 NULL, NULL },
242         { "authid-rewrite", NULL, 2, 0, STRLENOF( "authid-rewrite" ),
243 #ifdef SLAP_AUTH_REWRITE
244                 ARG_MAGIC|CFG_REWRITE|ARG_NO_INSERT, &config_generic,
245 #else
246                 ARG_IGNORED, NULL,
247 #endif
248                  "( OLcfgGlAt:6 NAME 'olcAuthIDRewrite' "
249                         "EQUALITY caseIgnoreMatch "
250                         "SYNTAX OMsDirectoryString X-ORDERED 'VALUES' )", NULL, NULL },
251         { "authz-policy", "policy", 2, 2, 0, ARG_STRING|ARG_MAGIC|CFG_AZPOLICY,
252                 &config_generic, "( OLcfgGlAt:7 NAME 'olcAuthzPolicy' "
253                         "EQUALITY caseIgnoreMatch "
254                         "SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
255         { "authz-regexp", NULL, 3, 3, 0, ARG_MAGIC|CFG_AZREGEXP|ARG_NO_INSERT,
256                 &config_generic, "( OLcfgGlAt:8 NAME 'olcAuthzRegexp' "
257                         "EQUALITY caseIgnoreMatch "
258                         "SYNTAX OMsDirectoryString X-ORDERED 'VALUES' )", NULL, NULL },
259         { "backend", "type", 2, 2, 0, ARG_PRE_DB|ARG_MAGIC|CFG_BACKEND,
260                 &config_generic, "( OLcfgGlAt:9 NAME 'olcBackend' "
261                         "DESC 'A type of backend' "
262                         "EQUALITY caseIgnoreMatch "
263                         "SYNTAX OMsDirectoryString SINGLE-VALUE X-ORDERED 'SIBLINGS' )",
264                                 NULL, NULL },
265         { "concurrency", "level", 2, 2, 0, ARG_INT|ARG_MAGIC|CFG_CONCUR,
266                 &config_generic, "( OLcfgGlAt:10 NAME 'olcConcurrency' "
267                         "SYNTAX OMsInteger SINGLE-VALUE )", NULL, NULL },
268         { "conn_max_pending", "max", 2, 2, 0, ARG_INT,
269                 &slap_conn_max_pending, "( OLcfgGlAt:11 NAME 'olcConnMaxPending' "
270                         "SYNTAX OMsInteger SINGLE-VALUE )", NULL, NULL },
271         { "conn_max_pending_auth", "max", 2, 2, 0, ARG_INT,
272                 &slap_conn_max_pending_auth, "( OLcfgGlAt:12 NAME 'olcConnMaxPendingAuth' "
273                         "SYNTAX OMsInteger SINGLE-VALUE )", NULL, NULL },
274         { "database", "type", 2, 2, 0, ARG_MAGIC|CFG_DATABASE,
275                 &config_generic, "( OLcfgGlAt:13 NAME 'olcDatabase' "
276                         "DESC 'The backend type for a database instance' "
277                         "SUP olcBackend SINGLE-VALUE X-ORDERED 'SIBLINGS' )", NULL, NULL },
278         { "defaultSearchBase", "dn", 2, 2, 0, ARG_PRE_BI|ARG_PRE_DB|ARG_DN|ARG_QUOTE|ARG_MAGIC,
279                 &config_search_base, "( OLcfgGlAt:14 NAME 'olcDefaultSearchBase' "
280                         "SYNTAX OMsDN SINGLE-VALUE )", NULL, NULL },
281         { "disallows", "features", 2, 0, 8, ARG_PRE_DB|ARG_MAGIC,
282                 &config_disallows, "( OLcfgGlAt:15 NAME 'olcDisallows' "
283                         "EQUALITY caseIgnoreMatch "
284                         "SYNTAX OMsDirectoryString )", NULL, NULL },
285         { "ditcontentrule",     NULL, 0, 0, 0, ARG_MAGIC|CFG_DIT|ARG_NO_DELETE|ARG_NO_INSERT,
286                 &config_generic, "( OLcfgGlAt:16 NAME 'olcDitContentRules' "
287                         "DESC 'OpenLDAP DIT content rules' "
288                         "EQUALITY caseIgnoreMatch "
289                         "SYNTAX OMsDirectoryString X-ORDERED 'VALUES' )",
290                         NULL, NULL },
291         { "gentlehup", "on|off", 2, 2, 0,
292 #ifdef SIGHUP
293                 ARG_ON_OFF, &global_gentlehup,
294 #else
295                 ARG_IGNORED, NULL,
296 #endif
297                 "( OLcfgGlAt:17 NAME 'olcGentleHUP' "
298                         "SYNTAX OMsBoolean SINGLE-VALUE )", NULL, NULL },
299         { "idletimeout", "timeout", 2, 2, 0, ARG_INT,
300                 &global_idletimeout, "( OLcfgGlAt:18 NAME 'olcIdleTimeout' "
301                         "SYNTAX OMsInteger SINGLE-VALUE )", NULL, NULL },
302         { "include", "file", 2, 2, 0, ARG_MAGIC,
303                 &config_include, "( OLcfgGlAt:19 NAME 'olcInclude' "
304                         "SUP labeledURI )", NULL, NULL },
305         { "index_substr_if_minlen", "min", 2, 2, 0, ARG_INT|ARG_NONZERO|ARG_MAGIC|CFG_SSTR_IF_MIN,
306                 &config_generic, "( OLcfgGlAt:20 NAME 'olcIndexSubstrIfMinLen' "
307                         "SYNTAX OMsInteger SINGLE-VALUE )", NULL, NULL },
308         { "index_substr_if_maxlen", "max", 2, 2, 0, ARG_INT|ARG_NONZERO|ARG_MAGIC|CFG_SSTR_IF_MAX,
309                 &config_generic, "( OLcfgGlAt:21 NAME 'olcIndexSubstrIfMaxLen' "
310                         "SYNTAX OMsInteger SINGLE-VALUE )", NULL, NULL },
311         { "index_substr_any_len", "len", 2, 2, 0, ARG_INT|ARG_NONZERO,
312                 &index_substr_any_len, "( OLcfgGlAt:22 NAME 'olcIndexSubstrAnyLen' "
313                         "SYNTAX OMsInteger SINGLE-VALUE )", NULL, NULL },
314         { "index_substr_any_step", "step", 2, 2, 0, ARG_INT|ARG_NONZERO,
315                 &index_substr_any_step, "( OLcfgGlAt:23 NAME 'olcIndexSubstrAnyStep' "
316                         "SYNTAX OMsInteger SINGLE-VALUE )", NULL, NULL },
317         { "lastmod", "on|off", 2, 2, 0, ARG_DB|ARG_ON_OFF|ARG_MAGIC|CFG_LASTMOD,
318                 &config_generic, "( OLcfgDbAt:0.4 NAME 'olcLastMod' "
319                         "SYNTAX OMsBoolean SINGLE-VALUE )", NULL, NULL },
320         { "limits", "limits", 2, 0, 0, ARG_DB|ARG_MAGIC|CFG_LIMITS,
321                 &config_generic, "( OLcfgDbAt:0.5 NAME 'olcLimits' "
322                         "SYNTAX OMsDirectoryString X-ORDERED 'VALUES' )", NULL, NULL },
323         { "localSSF", "ssf", 2, 2, 0, ARG_INT,
324                 &local_ssf, "( OLcfgGlAt:26 NAME 'olcLocalSSF' "
325                         "SYNTAX OMsInteger SINGLE-VALUE )", NULL, NULL },
326         { "logfile", "file", 2, 2, 0, ARG_STRING|ARG_MAGIC|CFG_LOGFILE,
327                 &config_generic, "( OLcfgGlAt:27 NAME 'olcLogFile' "
328                         "SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
329         { "loglevel", "level", 2, 0, 0, ARG_MAGIC,
330                 &config_loglevel, "( OLcfgGlAt:28 NAME 'olcLogLevel' "
331                         "SYNTAX OMsDirectoryString )", NULL, NULL },
332         { "maxDerefDepth", "depth", 2, 2, 0, ARG_DB|ARG_INT|ARG_MAGIC|CFG_DEPTH,
333                 &config_generic, "( OLcfgDbAt:0.6 NAME 'olcMaxDerefDepth' "
334                         "SYNTAX OMsInteger SINGLE-VALUE )", NULL, NULL },
335         { "moduleload", "file", 2, 0, 0,
336 #ifdef SLAPD_MODULES
337                 ARG_MAGIC|CFG_MODLOAD, &config_generic,
338 #else
339                 ARG_IGNORED, NULL,
340 #endif
341                 "( OLcfgGlAt:30 NAME 'olcModuleLoad' "
342                         "SYNTAX OMsDirectoryString X-ORDERED 'VALUES' )", NULL, NULL },
343         { "modulepath", "path", 2, 2, 0,
344 #ifdef SLAPD_MODULES
345                 ARG_MAGIC|CFG_MODPATH|ARG_NO_DELETE|ARG_NO_INSERT, &config_generic,
346 #else
347                 ARG_IGNORED, NULL,
348 #endif
349                 "( OLcfgGlAt:31 NAME 'olcModulePath' "
350                         "SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
351         { "objectclass", "objectclass", 2, 0, 0, ARG_PAREN|ARG_MAGIC|CFG_OC|ARG_NO_DELETE|ARG_NO_INSERT,
352                 &config_generic, "( OLcfgGlAt:32 NAME 'olcObjectClasses' "
353                 "DESC 'OpenLDAP object classes' "
354                 "EQUALITY caseIgnoreMatch "
355                 "SYNTAX OMsDirectoryString X-ORDERED 'VALUES' )",
356                         NULL, NULL },
357         { "objectidentifier", NULL,     0, 0, 0, ARG_MAGIC|CFG_OID,
358                 &config_generic, "( OLcfgGlAt:33 NAME 'olcObjectIdentifier' "
359                         "SYNTAX OMsDirectoryString X-ORDERED 'VALUES' )", NULL, NULL },
360         { "overlay", "overlay", 2, 2, 0, ARG_MAGIC,
361                 &config_overlay, "( OLcfgGlAt:34 NAME 'olcOverlay' "
362                         "SUP olcDatabase SINGLE-VALUE X-ORDERED 'SIBLINGS' )", NULL, NULL },
363         { "password-crypt-salt-format", "salt", 2, 2, 0, ARG_STRING|ARG_MAGIC|CFG_SALT,
364                 &config_generic, "( OLcfgGlAt:35 NAME 'olcPasswordCryptSaltFormat' "
365                         "SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
366         { "password-hash", "hash", 2, 2, 0, ARG_MAGIC,
367                 &config_passwd_hash, "( OLcfgGlAt:36 NAME 'olcPasswordHash' "
368                         "SYNTAX OMsDirectoryString )", NULL, NULL },
369         { "pidfile", "file", 2, 2, 0, ARG_STRING,
370                 &slapd_pid_file, "( OLcfgGlAt:37 NAME 'olcPidFile' "
371                         "SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
372         { "plugin", NULL, 0, 0, 0,
373 #ifdef LDAP_SLAPI
374                 ARG_MAGIC|CFG_PLUGIN, &config_generic,
375 #else
376                 ARG_IGNORED, NULL,
377 #endif
378                 "( OLcfgGlAt:38 NAME 'olcPlugin' "
379                         "SYNTAX OMsDirectoryString )", NULL, NULL },
380         { "pluginlog", "filename", 2, 2, 0,
381 #ifdef LDAP_SLAPI
382                 ARG_STRING, &slapi_log_file,
383 #else
384                 ARG_IGNORED, NULL,
385 #endif
386                 "( OLcfgGlAt:39 NAME 'olcPluginLogFile' "
387                         "SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
388         { "readonly", "on|off", 2, 2, 0, ARG_MAY_DB|ARG_ON_OFF|ARG_MAGIC|CFG_RO,
389                 &config_generic, "( OLcfgGlAt:40 NAME 'olcReadOnly' "
390                         "SYNTAX OMsBoolean SINGLE-VALUE )", NULL, NULL },
391         { "referral", "url", 2, 2, 0, ARG_MAGIC,
392                 &config_referral, "( OLcfgGlAt:41 NAME 'olcReferral' "
393                         "SUP labeledURI SINGLE-VALUE )", NULL, NULL },
394         { "replica", "host or uri", 2, 0, 0, ARG_DB|ARG_MAGIC,
395                 &config_replica, "( OLcfgDbAt:0.7 NAME 'olcReplica' "
396                         "SUP labeledURI X-ORDERED 'VALUES' )", NULL, NULL },
397         { "replica-argsfile", NULL, 0, 0, 0, ARG_STRING,
398                 &replica_argsFile, "( OLcfgGlAt:43 NAME 'olcReplicaArgsFile' "
399                         "SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
400         { "replica-pidfile", NULL, 0, 0, 0, ARG_STRING,
401                 &replica_pidFile, "( OLcfgGlAt:44 NAME 'olcReplicaPidFile' "
402                         "SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
403         { "replicationInterval", NULL, 0, 0, 0, ARG_INT,
404                 &replicationInterval, "( OLcfgGlAt:45 NAME 'olcReplicationInterval' "
405                         "SYNTAX OMsInteger SINGLE-VALUE )", NULL, NULL },
406         { "replogfile", "filename", 2, 2, 0, ARG_MAY_DB|ARG_MAGIC|ARG_STRING|CFG_REPLOG,
407                 &config_generic, "( OLcfgGlAt:46 NAME 'olcReplogFile' "
408                         "SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
409         { "require", "features", 2, 0, 7, ARG_MAY_DB|ARG_MAGIC,
410                 &config_requires, "( OLcfgGlAt:47 NAME 'olcRequires' "
411                         "SYNTAX OMsDirectoryString )", NULL, NULL },
412         { "restrict", "op_list", 2, 0, 0, ARG_MAY_DB|ARG_MAGIC,
413                 &config_restrict, "( OLcfgGlAt:48 NAME 'olcRestrict' "
414                         "SYNTAX OMsDirectoryString )", NULL, NULL },
415         { "reverse-lookup", "on|off", 2, 2, 0,
416 #ifdef SLAPD_RLOOKUPS
417                 ARG_ON_OFF, &use_reverse_lookup,
418 #else
419                 ARG_IGNORED, NULL,
420 #endif
421                 "( OLcfgGlAt:49 NAME 'olcReverseLookup' "
422                         "SYNTAX OMsBoolean SINGLE-VALUE )", NULL, NULL },
423         { "rootdn", "dn", 2, 2, 0, ARG_DB|ARG_DN|ARG_QUOTE|ARG_MAGIC,
424                 &config_rootdn, "( OLcfgDbAt:0.8 NAME 'olcRootDN' "
425                         "SYNTAX OMsDN SINGLE-VALUE )", NULL, NULL },
426         { "rootDSE", "file", 2, 2, 0, ARG_MAGIC|CFG_ROOTDSE,
427                 &config_generic, "( OLcfgGlAt:51 NAME 'olcRootDSE' "
428                         "SYNTAX OMsDirectoryString )", NULL, NULL },
429         { "rootpw", "password", 2, 2, 0, ARG_BERVAL|ARG_DB|ARG_MAGIC,
430                 &config_rootpw, "( OLcfgDbAt:0.9 NAME 'olcRootPW' "
431                         "SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
432         { "sasl-authz-policy", NULL, 2, 2, 0, ARG_MAGIC|CFG_AZPOLICY,
433                 &config_generic, NULL, NULL, NULL },
434         { "sasl-host", "host", 2, 2, 0,
435 #ifdef HAVE_CYRUS_SASL
436                 ARG_STRING|ARG_UNIQUE, &global_host,
437 #else
438                 ARG_IGNORED, NULL,
439 #endif
440                 "( OLcfgGlAt:53 NAME 'olcSaslHost' "
441                         "SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
442         { "sasl-realm", "realm", 2, 2, 0,
443 #ifdef HAVE_CYRUS_SASL
444                 ARG_STRING|ARG_UNIQUE, &global_realm,
445 #else
446                 ARG_IGNORED, NULL,
447 #endif
448                 "( OLcfgGlAt:54 NAME 'olcSaslRealm' "
449                         "SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
450         { "sasl-regexp", NULL, 3, 3, 0, ARG_MAGIC|CFG_AZREGEXP,
451                 &config_generic, NULL, NULL, NULL },
452         { "sasl-secprops", "properties", 2, 2, 0,
453 #ifdef HAVE_CYRUS_SASL
454                 ARG_MAGIC|CFG_SASLSECP, &config_generic,
455 #else
456                 ARG_IGNORED, NULL,
457 #endif
458                 "( OLcfgGlAt:56 NAME 'olcSaslSecProps' "
459                         "SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
460         { "saslRegexp", NULL, 3, 3, 0, ARG_MAGIC|CFG_AZREGEXP,
461                 &config_generic, NULL, NULL, NULL },
462         { "schemadn", "dn", 2, 2, 0, ARG_MAY_DB|ARG_DN|ARG_QUOTE|ARG_MAGIC,
463                 &config_schema_dn, "( OLcfgGlAt:58 NAME 'olcSchemaDN' "
464                         "SYNTAX OMsDN SINGLE-VALUE )", NULL, NULL },
465         { "security", "factors", 2, 0, 0, ARG_MAY_DB|ARG_MAGIC,
466                 &config_security, "( OLcfgGlAt:59 NAME 'olcSecurity' "
467                         "SYNTAX OMsDirectoryString )", NULL, NULL },
468         { "sizelimit", "limit", 2, 0, 0, ARG_MAY_DB|ARG_MAGIC,
469                 &config_sizelimit, "( OLcfgGlAt:60 NAME 'olcSizeLimit' "
470                         "SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
471         { "sockbuf_max_incoming", "max", 2, 2, 0, ARG_BER_LEN_T,
472                 &sockbuf_max_incoming, "( OLcfgGlAt:61 NAME 'olcSockbufMaxIncoming' "
473                         "SYNTAX OMsInteger SINGLE-VALUE )", NULL, NULL },
474         { "sockbuf_max_incoming_auth", "max", 2, 2, 0, ARG_BER_LEN_T,
475                 &sockbuf_max_incoming_auth, "( OLcfgGlAt:62 NAME 'olcSockbufMaxIncomingAuth' "
476                         "SYNTAX OMsInteger SINGLE-VALUE )", NULL, NULL },
477         { "srvtab", "file", 2, 2, 0,
478 #ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
479                 ARG_STRING, &ldap_srvtab,
480 #else
481                 ARG_IGNORED, NULL,
482 #endif
483                 "( OLcfgGlAt:63 NAME 'olcSrvtab' "
484                         "SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
485         { "subordinate", "[advertise]", 1, 2, 0, ARG_DB|ARG_MAGIC,
486                 &config_subordinate, "( OLcfgDbAt:0.15 NAME 'olcSubordinate' "
487                         "SYNTAX OMsDirectoryString )", NULL, NULL },
488         { "suffix",     "suffix", 2, 2, 0, ARG_DB|ARG_DN|ARG_QUOTE|ARG_MAGIC,
489                 &config_suffix, "( OLcfgDbAt:0.10 NAME 'olcSuffix' "
490                         "SYNTAX OMsDN )", NULL, NULL },
491         { "syncrepl", NULL, 0, 0, 0, ARG_DB|ARG_MAGIC,
492                 &syncrepl_config, "( OLcfgDbAt:0.11 NAME 'olcSyncrepl' "
493                         "SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
494         { "threads", "count", 2, 2, 0, ARG_INT|ARG_MAGIC|CFG_THREADS,
495                 &config_generic, "( OLcfgGlAt:66 NAME 'olcThreads' "
496                         "SYNTAX OMsInteger SINGLE-VALUE )", NULL, NULL },
497         { "timelimit", "limit", 2, 0, 0, ARG_MAY_DB|ARG_MAGIC,
498                 &config_timelimit, "( OLcfgGlAt:67 NAME 'olcTimeLimit' "
499                         "SYNTAX OMsDirectoryString )", NULL, NULL },
500         { "TLSCACertificateFile", NULL, 0, 0, 0,
501 #ifdef HAVE_TLS
502                 CFG_TLS_CA_FILE|ARG_STRING|ARG_MAGIC, &config_tls_option,
503 #else
504                 ARG_IGNORED, NULL,
505 #endif
506                 "( OLcfgGlAt:68 NAME 'olcTLSCACertificateFile' "
507                         "SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
508         { "TLSCACertificatePath", NULL, 0, 0, 0,
509 #ifdef HAVE_TLS
510                 CFG_TLS_CA_PATH|ARG_STRING|ARG_MAGIC, &config_tls_option,
511 #else
512                 ARG_IGNORED, NULL,
513 #endif
514                 "( OLcfgGlAt:69 NAME 'olcTLSCACertificatePath' "
515                         "SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
516         { "TLSCertificateFile", NULL, 0, 0, 0,
517 #ifdef HAVE_TLS
518                 CFG_TLS_CERT_FILE|ARG_STRING|ARG_MAGIC, &config_tls_option,
519 #else
520                 ARG_IGNORED, NULL,
521 #endif
522                 "( OLcfgGlAt:70 NAME 'olcTLSCertificateFile' "
523                         "SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
524         { "TLSCertificateKeyFile", NULL, 0, 0, 0,
525 #ifdef HAVE_TLS
526                 CFG_TLS_CERT_KEY|ARG_STRING|ARG_MAGIC, &config_tls_option,
527 #else
528                 ARG_IGNORED, NULL,
529 #endif
530                 "( OLcfgGlAt:71 NAME 'olcTLSCertificateKeyFile' "
531                         "SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
532         { "TLSCipherSuite",     NULL, 0, 0, 0,
533 #ifdef HAVE_TLS
534                 CFG_TLS_CIPHER|ARG_STRING|ARG_MAGIC, &config_tls_option,
535 #else
536                 ARG_IGNORED, NULL,
537 #endif
538                 "( OLcfgGlAt:72 NAME 'olcTLSCipherSuite' "
539                         "SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
540         { "TLSCRLCheck", NULL, 0, 0, 0,
541 #if defined(HAVE_TLS) && defined(HAVE_OPENSSL_CRL)
542                 CFG_TLS_CRLCHECK|ARG_STRING|ARG_MAGIC, &config_tls_config,
543 #else
544                 ARG_IGNORED, NULL,
545 #endif
546                 "( OLcfgGlAt:73 NAME 'olcTLSCRLCheck' "
547                         "SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
548         { "TLSRandFile", NULL, 0, 0, 0,
549 #ifdef HAVE_TLS
550                 CFG_TLS_RAND|ARG_STRING|ARG_MAGIC, &config_tls_option,
551 #else
552                 ARG_IGNORED, NULL,
553 #endif
554                 "( OLcfgGlAt:74 NAME 'olcTLSRandFile' "
555                         "SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
556         { "TLSVerifyClient", NULL, 0, 0, 0,
557 #ifdef HAVE_TLS
558                 CFG_TLS_VERIFY|ARG_STRING|ARG_MAGIC, &config_tls_config,
559 #else
560                 ARG_IGNORED, NULL,
561 #endif
562                 "( OLcfgGlAt:75 NAME 'olcTLSVerifyClient' "
563                         "SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
564         { "ucdata-path", "path", 2, 2, 0, ARG_IGNORED,
565                 NULL, NULL, NULL, NULL },
566         { "updatedn", "dn", 2, 2, 0, ARG_DB|ARG_DN|ARG_QUOTE|ARG_MAGIC,
567                 &config_updatedn, "( OLcfgDbAt:0.12 NAME 'olcUpdateDN' "
568                         "SYNTAX OMsDN SINGLE-VALUE )", NULL, NULL },
569         { "updateref", "url", 2, 2, 0, ARG_DB|ARG_MAGIC,
570                 &config_updateref, "( OLcfgDbAt:0.13 NAME 'olcUpdateRef' "
571                         "SUP labeledURI )", NULL, NULL },
572         { NULL, NULL, 0, 0, 0, ARG_IGNORED,
573                 NULL, NULL, NULL, NULL }
574 };
575
576 /* Routines to check if a child can be added to this type */
577 static ConfigLDAPadd cfAddSchema, cfAddInclude, cfAddDatabase,
578         cfAddBackend, cfAddModule, cfAddOverlay;
579
580 /* NOTE: be careful when defining array members
581  * that can be conditionally compiled */
582 #define CFOC_GLOBAL     cf_ocs[1]
583 #define CFOC_SCHEMA     cf_ocs[2]
584 #define CFOC_BACKEND    cf_ocs[3]
585 #define CFOC_DATABASE   cf_ocs[4]
586 #define CFOC_OVERLAY    cf_ocs[5]
587 #define CFOC_INCLUDE    cf_ocs[6]
588 #define CFOC_FRONTEND   cf_ocs[7]
589 #ifdef SLAPD_MODULES
590 #define CFOC_MODULE     cf_ocs[8]
591 #endif /* SLAPD_MODULES */
592
593 static ConfigOCs cf_ocs[] = {
594         { "( OLcfgGlOc:0 "
595                 "NAME 'olcConfig' "
596                 "DESC 'OpenLDAP configuration object' "
597                 "ABSTRACT SUP top )", Cft_Abstract, NULL },
598         { "( OLcfgGlOc:1 "
599                 "NAME 'olcGlobal' "
600                 "DESC 'OpenLDAP Global configuration options' "
601                 "SUP olcConfig STRUCTURAL "
602                 "MAY ( cn $ olcConfigFile $ olcConfigDir $ olcAllows $ olcArgsFile $ "
603                  "olcAttributeOptions $ olcAuthIDRewrite $ "
604                  "olcAuthzPolicy $ olcAuthzRegexp $ olcConcurrency $ "
605                  "olcConnMaxPending $ olcConnMaxPendingAuth $ "
606                  "olcDisallows $ olcGentleHUP $ olcIdleTimeout $ "
607                  "olcIndexSubstrIfMaxLen $ olcIndexSubstrIfMinLen $ "
608                  "olcIndexSubstrAnyLen $ olcIndexSubstrAnyStep $ olcLocalSSF $ "
609                  "olcLogLevel $ "
610                  "olcPasswordCryptSaltFormat $ olcPasswordHash $ olcPidFile $ "
611                  "olcPluginLogFile $ olcReadOnly $ olcReferral $ "
612                  "olcReplicaPidFile $ olcReplicaArgsFile $ olcReplicationInterval $ "
613                  "olcReplogFile $ olcRequires $ olcRestrict $ olcReverseLookup $ "
614                  "olcRootDSE $ "
615                  "olcSaslHost $ olcSaslRealm $ olcSaslSecProps $ "
616                  "olcSecurity $ olcSizeLimit $ "
617                  "olcSockbufMaxIncoming $ olcSockbufMaxIncomingAuth $ olcSrvtab $ "
618                  "olcThreads $ olcTimeLimit $ olcTLSCACertificateFile $ "
619                  "olcTLSCACertificatePath $ olcTLSCertificateFile $ "
620                  "olcTLSCertificateKeyFile $ olcTLSCipherSuite $ olcTLSCRLCheck $ "
621                  "olcTLSRandFile $ olcTLSVerifyClient $ "
622                  "olcObjectIdentifier $ olcAttributeTypes $ olcObjectClasses $ "
623                  "olcDitContentRules ) )", Cft_Global },
624         { "( OLcfgGlOc:2 "
625                 "NAME 'olcSchemaConfig' "
626                 "DESC 'OpenLDAP schema object' "
627                 "SUP olcConfig STRUCTURAL "
628                 "MAY ( cn $ olcObjectIdentifier $ olcAttributeTypes $ "
629                  "olcObjectClasses $ olcDitContentRules ) )",
630                         Cft_Schema, NULL, cfAddSchema },
631         { "( OLcfgGlOc:3 "
632                 "NAME 'olcBackendConfig' "
633                 "DESC 'OpenLDAP Backend-specific options' "
634                 "SUP olcConfig STRUCTURAL "
635                 "MUST olcBackend )", Cft_Backend, NULL, cfAddBackend },
636         { "( OLcfgGlOc:4 "
637                 "NAME 'olcDatabaseConfig' "
638                 "DESC 'OpenLDAP Database-specific options' "
639                 "SUP olcConfig STRUCTURAL "
640                 "MUST olcDatabase "
641                 "MAY ( olcSuffix $ olcSubordinate $ olcAccess $ olcLastMod $ olcLimits $ "
642                  "olcMaxDerefDepth $ olcPlugin $ olcReadOnly $ olcReplica $ "
643                  "olcReplogFile $ olcRequires $ olcRestrict $ olcRootDN $ olcRootPW $ "
644                  "olcSchemaDN $ olcSecurity $ olcSizeLimit $ olcSyncrepl $ "
645                  "olcTimeLimit $ olcUpdateDN $ olcUpdateRef ) )",
646                         Cft_Database, NULL, cfAddDatabase },
647         { "( OLcfgGlOc:5 "
648                 "NAME 'olcOverlayConfig' "
649                 "DESC 'OpenLDAP Overlay-specific options' "
650                 "SUP olcConfig STRUCTURAL "
651                 "MUST olcOverlay )", Cft_Overlay, NULL, cfAddOverlay },
652         { "( OLcfgGlOc:6 "
653                 "NAME 'olcIncludeFile' "
654                 "DESC 'OpenLDAP configuration include file' "
655                 "SUP olcConfig STRUCTURAL "
656                 "MUST olcInclude "
657                 "MAY ( cn $ olcRootDSE ) )",
658                 Cft_Include, NULL, cfAddInclude },
659         /* This should be STRUCTURAL like all the other database classes, but
660          * that would mean inheriting all of the olcDatabaseConfig attributes,
661          * which causes them to be merged twice in config_build_entry.
662          */
663         { "( OLcfgGlOc:7 "
664                 "NAME 'olcFrontendConfig' "
665                 "DESC 'OpenLDAP frontend configuration' "
666                 "AUXILIARY "
667                 "MAY olcDefaultSearchBase )",
668                 Cft_Database, NULL, NULL },
669 #ifdef SLAPD_MODULES
670         { "( OLcfgGlOc:8 "
671                 "NAME 'olcModuleList' "
672                 "DESC 'OpenLDAP dynamic module info' "
673                 "SUP olcConfig STRUCTURAL "
674                 "MAY ( cn $ olcModulePath $ olcModuleLoad ) )",
675                 Cft_Module, NULL, cfAddModule },
676 #endif
677         { NULL, 0, NULL }
678 };
679
680 static int
681 config_generic(ConfigArgs *c) {
682         char *p;
683         int i;
684
685         if ( c->op == SLAP_CONFIG_EMIT ) {
686                 int rc = 0;
687                 switch(c->type) {
688                 case CFG_CONCUR:
689                         c->value_int = ldap_pvt_thread_get_concurrency();
690                         break;
691                 case CFG_THREADS:
692                         c->value_int = connection_pool_max;
693                         break;
694                 case CFG_SALT:
695                         if ( passwd_salt )
696                                 c->value_string = ch_strdup( passwd_salt );
697                         else
698                                 rc = 1;
699                         break;
700                 case CFG_LIMITS:
701                         if ( c->be->be_limits ) {
702                                 char buf[4096*3];
703                                 struct berval bv;
704                                 int i;
705
706                                 for ( i=0; c->be->be_limits[i]; i++ ) {
707                                         bv.bv_len = sprintf( buf, IFMT, i );
708                                         bv.bv_val = buf+bv.bv_len;
709                                         limits_unparse( c->be->be_limits[i], &bv );
710                                         bv.bv_len += bv.bv_val - buf;
711                                         bv.bv_val = buf;
712                                         value_add_one( &c->rvalue_vals, &bv );
713                                 }
714                         }
715                         if ( !c->rvalue_vals ) rc = 1;
716                         break;
717                 case CFG_RO:
718                         c->value_int = (c->be->be_restrictops & SLAP_RESTRICT_OP_WRITES) ==
719                                 SLAP_RESTRICT_OP_WRITES;
720                         break;
721                 case CFG_AZPOLICY:
722                         c->value_string = ch_strdup( slap_sasl_getpolicy());
723                         break;
724                 case CFG_AZREGEXP:
725                         slap_sasl_regexp_unparse( &c->rvalue_vals );
726                         if ( !c->rvalue_vals ) rc = 1;
727                         break;
728 #ifdef HAVE_CYRUS_SASL
729                 case CFG_SASLSECP: {
730                         struct berval bv = BER_BVNULL;
731                         slap_sasl_secprops_unparse( &bv );
732                         if ( !BER_BVISNULL( &bv )) {
733                                 ber_bvarray_add( &c->rvalue_vals, &bv );
734                         } else {
735                                 rc = 1;
736                         }
737                         }
738                         break;
739 #endif
740                 case CFG_DEPTH:
741                         c->value_int = c->be->be_max_deref_depth;
742                         break;
743                 case CFG_OID: {
744                         ConfigFile *cf = c->private;
745                         if ( !cf )
746                                 oidm_unparse( &c->rvalue_vals, NULL, NULL, 1 );
747                         else if ( cf->c_om_head )
748                                 oidm_unparse( &c->rvalue_vals, cf->c_om_head,
749                                         cf->c_om_tail, 0 );
750                         if ( !c->rvalue_vals )
751                                 rc = 1;
752                         }
753                         break;
754                 case CFG_OC: {
755                         ConfigFile *cf = c->private;
756                         if ( !cf )
757                                 oc_unparse( &c->rvalue_vals, NULL, NULL, 1 );
758                         else if ( cf->c_oc_head )
759                                 oc_unparse( &c->rvalue_vals, cf->c_oc_head,
760                                         cf->c_oc_tail, 0 );
761                         if ( !c->rvalue_vals )
762                                 rc = 1;
763                         }
764                         break;
765                 case CFG_ATTR: {
766                         ConfigFile *cf = c->private;
767                         if ( !cf )
768                                 at_unparse( &c->rvalue_vals, NULL, NULL, 1 );
769                         else if ( cf->c_at_head )
770                                 at_unparse( &c->rvalue_vals, cf->c_at_head,
771                                         cf->c_at_tail, 0 );
772                         if ( !c->rvalue_vals )
773                                 rc = 1;
774                         }
775                         break;
776                 case CFG_DIT: {
777                         ConfigFile *cf = c->private;
778                         if ( !cf )
779                                 cr_unparse( &c->rvalue_vals, NULL, NULL, 1 );
780                         else if ( cf->c_cr_head )
781                                 cr_unparse( &c->rvalue_vals, cf->c_cr_head,
782                                         cf->c_cr_tail, 0 );
783                         if ( !c->rvalue_vals )
784                                 rc = 1;
785                         }
786                         break;
787                         
788                 case CFG_ACL: {
789                         AccessControl *a;
790                         char *src, *dst, ibuf[11];
791                         struct berval bv, abv;
792                         for (i=0, a=c->be->be_acl; a; i++,a=a->acl_next) {
793                                 abv.bv_len = sprintf( ibuf, IFMT, i );
794                                 acl_unparse( a, &bv );
795                                 abv.bv_val = ch_malloc( abv.bv_len + bv.bv_len + 1 );
796                                 AC_MEMCPY( abv.bv_val, ibuf, abv.bv_len );
797                                 /* Turn TAB / EOL into plain space */
798                                 for (src=bv.bv_val,dst=abv.bv_val+abv.bv_len; *src; src++) {
799                                         if (isspace(*src)) *dst++ = ' ';
800                                         else *dst++ = *src;
801                                 }
802                                 *dst = '\0';
803                                 if (dst[-1] == ' ') {
804                                         dst--;
805                                         *dst = '\0';
806                                 }
807                                 abv.bv_len = dst - abv.bv_val;
808                                 ber_bvarray_add( &c->rvalue_vals, &abv );
809                         }
810                         rc = (!i);
811                         break;
812                 }
813                 case CFG_REPLOG:
814                         if ( c->be->be_replogfile )
815                                 c->value_string = ch_strdup( c->be->be_replogfile );
816                         break;
817                 case CFG_ROOTDSE: {
818                         ConfigFile *cf = c->private;
819                         if ( cf->c_dseFiles ) {
820                                 value_add( &c->rvalue_vals, cf->c_dseFiles );
821                         } else {
822                                 rc = 1;
823                         }
824                         }
825                         break;
826                 case CFG_LOGFILE:
827                         if ( logfileName )
828                                 c->value_string = ch_strdup( logfileName );
829                         else
830                                 rc = 1;
831                         break;
832                 case CFG_LASTMOD:
833                         c->value_int = (SLAP_NOLASTMOD(c->be) == 0);
834                         break;
835                 case CFG_SSTR_IF_MAX:
836                         c->value_int = index_substr_if_maxlen;
837                         break;
838                 case CFG_SSTR_IF_MIN:
839                         c->value_int = index_substr_if_minlen;
840                         break;
841 #ifdef SLAPD_MODULES
842                 case CFG_MODLOAD: {
843                         ModPaths *mp = c->private;
844                         if (mp->mp_loads) {
845                                 int i;
846                                 for (i=0; !BER_BVISNULL(&mp->mp_loads[i]); i++) {
847                                         struct berval bv;
848                                         bv.bv_val = c->log;
849                                         bv.bv_len = sprintf( bv.bv_val, IFMT "%s", i,
850                                                 mp->mp_loads[i].bv_val );
851                                         value_add_one( &c->rvalue_vals, &bv );
852                                 }
853                         }
854
855                         rc = c->rvalue_vals ? 0 : 1;
856                         }
857                         break;
858                 case CFG_MODPATH: {
859                         ModPaths *mp = c->private;
860                         if ( !BER_BVISNULL( &mp->mp_path ))
861                                 value_add_one( &c->rvalue_vals, &mp->mp_path );
862
863                         rc = c->rvalue_vals ? 0 : 1;
864                         }
865                         break;
866 #endif
867 #ifdef LDAP_SLAPI
868                 case CFG_PLUGIN:
869                         slapi_int_plugin_unparse( c->be, &c->rvalue_vals );
870                         if ( !c->rvalue_vals ) rc = 1;
871                         break;
872 #endif
873 #ifdef SLAP_AUTH_REWRITE
874                 case CFG_REWRITE:
875                         if ( authz_rewrites ) {
876                                 struct berval bv, idx;
877                                 char ibuf[32];
878                                 int i;
879
880                                 idx.bv_val = ibuf;
881                                 for ( i=0; !BER_BVISNULL( &authz_rewrites[i] ); i++ ) {
882                                         idx.bv_len = sprintf( idx.bv_val, IFMT, i );
883                                         bv.bv_len = idx.bv_len + authz_rewrites[i].bv_len;
884                                         bv.bv_val = ch_malloc( bv.bv_len + 1 );
885                                         strcpy( bv.bv_val, idx.bv_val );
886                                         strcpy( bv.bv_val+idx.bv_len, authz_rewrites[i].bv_val );
887                                         ber_bvarray_add( &c->rvalue_vals, &bv );
888                                 }
889                         }
890                         if ( !c->rvalue_vals ) rc = 1;
891                         break;
892 #endif
893                 default:
894                         rc = 1;
895                 }
896                 return rc;
897         } else if ( c->op == LDAP_MOD_DELETE ) {
898                 int rc = 0;
899                 switch(c->type) {
900                 /* single-valued attrs, no-ops */
901                 case CFG_CONCUR:
902                 case CFG_THREADS:
903                 case CFG_RO:
904                 case CFG_AZPOLICY:
905                 case CFG_DEPTH:
906                 case CFG_LASTMOD:
907                 case CFG_SASLSECP:
908                 case CFG_SSTR_IF_MAX:
909                 case CFG_SSTR_IF_MIN:
910                         break;
911
912                 /* no-ops, requires slapd restart */
913                 case CFG_PLUGIN:
914                 case CFG_MODLOAD:
915                 case CFG_AZREGEXP:
916                 case CFG_REWRITE:
917                         sprintf(c->log, "change requires slapd restart");
918                         break;
919
920                 case CFG_SALT:
921                         ch_free( passwd_salt );
922                         passwd_salt = NULL;
923                         break;
924
925                 case CFG_REPLOG:
926                         ch_free( c->be->be_replogfile );
927                         c->be->be_replogfile = NULL;
928                         break;
929
930                 case CFG_LOGFILE:
931                         ch_free( logfileName );
932                         logfileName = NULL;
933                         break;
934
935                 case CFG_ACL:
936                         if ( c->valx < 0 ) {
937                                 AccessControl *end;
938                                 if ( c->be == frontendDB )
939                                         end = NULL;
940                                 else
941                                         end = frontendDB->be_acl;
942                                 acl_destroy( c->be->be_acl, end );
943                         } else {
944                                 AccessControl **prev, *a;
945                                 int i;
946                                 for (i=0, prev = &c->be->be_acl; i < c->valx;
947                                         i++ ) {
948                                         a = *prev;
949                                         prev = &a->acl_next;
950                                 }
951                                 a = *prev;
952                                 *prev = a->acl_next;
953                                 acl_free( a );
954                         }
955                         break;
956
957                 case CFG_LIMITS:
958                         /* FIXME: there is no limits_free function */
959                 case CFG_ATOPT:
960                         /* FIXME: there is no ad_option_free function */
961                 case CFG_ROOTDSE:
962                         /* FIXME: there is no way to remove attributes added by
963                                 a DSE file */
964                 case CFG_OID:
965                 case CFG_OC:
966                 case CFG_DIT:
967                 case CFG_ATTR:
968                 case CFG_MODPATH:
969                 default:
970                         rc = 1;
971                         break;
972                 }
973                 return rc;
974         }
975
976         p = strchr(c->line,'(' /*')'*/);
977
978         switch(c->type) {
979                 case CFG_BACKEND:
980                         if(!(c->bi = backend_info(c->argv[1]))) {
981                                 sprintf( c->msg, "<%s> failed init", c->argv[0] );
982                                 Debug(LDAP_DEBUG_ANY, "%s: %s (%s)!\n",
983                                         c->log, c->msg, c->argv[1] );
984                                 return(1);
985                         }
986                         break;
987
988                 case CFG_DATABASE:
989                         c->bi = NULL;
990                         /* NOTE: config is always the first backend!
991                          */
992                         if ( !strcasecmp( c->argv[1], "config" )) {
993                                 c->be = LDAP_STAILQ_FIRST(&backendDB);
994                         } else if ( !strcasecmp( c->argv[1], "frontend" )) {
995                                 c->be = frontendDB;
996                         } else {
997                                 c->be = backend_db_init(c->argv[1]);
998                                 if ( !c->be ) {
999                                         sprintf( c->msg, "<%s> failed init", c->argv[0] );
1000                                         Debug(LDAP_DEBUG_ANY, "%s: %s (%s)!\n",
1001                                                 c->log, c->msg, c->argv[1] );
1002                                         return(1);
1003                                 }
1004                         }
1005                         break;
1006
1007                 case CFG_CONCUR:
1008                         ldap_pvt_thread_set_concurrency(c->value_int);
1009                         break;
1010
1011                 case CFG_THREADS:
1012                         ldap_pvt_thread_pool_maxthreads(&connection_pool, c->value_int);
1013                         connection_pool_max = c->value_int;     /* save for reference */
1014                         break;
1015
1016                 case CFG_SALT:
1017                         if ( passwd_salt ) ch_free( passwd_salt );
1018                         passwd_salt = c->value_string;
1019                         lutil_salt_format(passwd_salt);
1020                         break;
1021
1022                 case CFG_LIMITS:
1023                         if(limits_parse(c->be, c->fname, c->lineno, c->argc, c->argv))
1024                                 return(1);
1025                         break;
1026
1027                 case CFG_RO:
1028                         if(c->value_int)
1029                                 c->be->be_restrictops |= SLAP_RESTRICT_OP_WRITES;
1030                         else
1031                                 c->be->be_restrictops &= ~SLAP_RESTRICT_OP_WRITES;
1032                         break;
1033
1034                 case CFG_AZPOLICY:
1035                         ch_free(c->value_string);
1036                         if (slap_sasl_setpolicy( c->argv[1] )) {
1037                                 sprintf( c->msg, "<%s> unable to parse value", c->argv[0] );
1038                                 Debug(LDAP_DEBUG_ANY, "%s: %s \"%s\"\n",
1039                                         c->log, c->msg, c->argv[1] );
1040                                 return(1);
1041                         }
1042                         break;
1043                 
1044                 case CFG_AZREGEXP:
1045                         if (slap_sasl_regexp_config( c->argv[1], c->argv[2] ))
1046                                 return(1);
1047                         break;
1048                                 
1049 #ifdef HAVE_CYRUS_SASL
1050                 case CFG_SASLSECP:
1051                         {
1052                         char *txt = slap_sasl_secprops( c->argv[1] );
1053                         if ( txt ) {
1054                                 snprintf( c->msg, sizeof(c->msg), "<%s> %s",
1055                                         c->argv[0], txt );
1056                                 Debug(LDAP_DEBUG_ANY, "%s: %s\n", c->log, c->msg, 0 );
1057                                 return(1);
1058                         }
1059                         break;
1060                         }
1061 #endif
1062
1063                 case CFG_DEPTH:
1064                         c->be->be_max_deref_depth = c->value_int;
1065                         break;
1066
1067                 case CFG_OID: {
1068                         OidMacro *om;
1069
1070                         if(parse_oidm(c->fname, c->lineno, c->argc, c->argv, 1, &om))
1071                                 return(1);
1072                         if (!cfn->c_om_head) cfn->c_om_head = om;
1073                         cfn->c_om_tail = om;
1074                         }
1075                         break;
1076
1077                 case CFG_OC: {
1078                         ObjectClass *oc;
1079
1080                         if(parse_oc(c->fname, c->lineno, p, c->argv, &oc)) return(1);
1081                         if (!cfn->c_oc_head) cfn->c_oc_head = oc;
1082                         cfn->c_oc_tail = oc;
1083                         }
1084                         break;
1085
1086                 case CFG_DIT: {
1087                         ContentRule *cr;
1088
1089                         if(parse_cr(c->fname, c->lineno, p, c->argv, &cr)) return(1);
1090                         if (!cfn->c_cr_head) cfn->c_cr_head = cr;
1091                         cfn->c_cr_tail = cr;
1092                         }
1093                         break;
1094
1095                 case CFG_ATTR: {
1096                         AttributeType *at;
1097
1098                         if(parse_at(c->fname, c->lineno, p, c->argv, &at)) return(1);
1099                         if (!cfn->c_at_head) cfn->c_at_head = at;
1100                         cfn->c_at_tail = at;
1101                         }
1102                         break;
1103
1104                 case CFG_ATOPT:
1105                         ad_define_option(NULL, NULL, 0);
1106                         for(i = 1; i < c->argc; i++)
1107                                 if(ad_define_option(c->argv[i], c->fname, c->lineno))
1108                                         return(1);
1109                         break;
1110
1111                 case CFG_ACL:
1112                         parse_acl(c->be, c->fname, c->lineno, c->argc, c->argv, c->valx);
1113                         break;
1114
1115                 case CFG_REPLOG:
1116                         if(SLAP_MONITOR(c->be)) {
1117                                 Debug(LDAP_DEBUG_ANY, "%s: "
1118                                         "\"replogfile\" should not be used "
1119                                         "inside monitor database\n",
1120                                         c->log, 0, 0);
1121                                 return(0);      /* FIXME: should this be an error? */
1122                         }
1123
1124                         c->be->be_replogfile = c->value_string;
1125                         break;
1126
1127                 case CFG_ROOTDSE:
1128                         if(read_root_dse_file(c->argv[1])) {
1129                                 sprintf( c->msg, "<%s> could not read file", c->argv[0] );
1130                                 Debug(LDAP_DEBUG_ANY, "%s: %s %s\n",
1131                                         c->log, c->msg, c->argv[1] );
1132                                 return(1);
1133                         }
1134                         {
1135                                 struct berval bv;
1136                                 ber_str2bv( c->argv[1], 0, 1, &bv );
1137                                 ber_bvarray_add( &cfn->c_dseFiles, &bv );
1138                         }
1139                         break;
1140
1141                 case CFG_LOGFILE: {
1142                                 FILE *logfile;
1143                                 if ( logfileName ) ch_free( logfileName );
1144                                 logfileName = c->value_string;
1145                                 logfile = fopen(logfileName, "w");
1146                                 if(logfile) lutil_debug_file(logfile);
1147                         } break;
1148
1149                 case CFG_LASTMOD:
1150                         if(SLAP_NOLASTMODCMD(c->be)) {
1151                                 sprintf( c->msg, "<%s> not available for %s database",
1152                                         c->argv[0], c->be->bd_info->bi_type );
1153                                 Debug(LDAP_DEBUG_ANY, "%s: %s\n",
1154                                         c->log, c->msg, 0 );
1155                                 return(1);
1156                         }
1157                         if(c->value_int)
1158                                 SLAP_DBFLAGS(c->be) &= ~SLAP_DBFLAG_NOLASTMOD;
1159                         else
1160                                 SLAP_DBFLAGS(c->be) |= SLAP_DBFLAG_NOLASTMOD;
1161                         break;
1162
1163                 case CFG_SSTR_IF_MAX:
1164                         if (c->value_int < index_substr_if_minlen) {
1165                                 sprintf( c->msg, "<%s> invalid value", c->argv[0] );
1166                                 Debug(LDAP_DEBUG_ANY, "%s: %s (%d)\n",
1167                                         c->log, c->msg, c->value_int );
1168                                 return(1);
1169                         }
1170                         index_substr_if_maxlen = c->value_int;
1171                         break;
1172
1173                 case CFG_SSTR_IF_MIN:
1174                         if (c->value_int > index_substr_if_maxlen) {
1175                                 sprintf( c->msg, "<%s> invalid value", c->argv[0] );
1176                                 Debug(LDAP_DEBUG_ANY, "%s: %s (%d)\n",
1177                                         c->log, c->msg, c->value_int );
1178                                 return(1);
1179                         }
1180                         index_substr_if_minlen = c->value_int;
1181                         break;
1182
1183 #ifdef SLAPD_MODULES
1184                 case CFG_MODLOAD:
1185                         /* If we're just adding a module on an existing modpath,
1186                          * make sure we've selected the current path.
1187                          */
1188                         if ( c->op == LDAP_MOD_ADD && c->private && modcur != c->private ) {
1189                                 modcur = c->private;
1190                                 /* This should never fail */
1191                                 if ( module_path( modcur->mp_path.bv_val )) {
1192                                         sprintf( c->msg, "<%s> module path no longer valid",
1193                                                 c->argv[0] );
1194                                         Debug(LDAP_DEBUG_ANY, "%s: %s (%s)\n",
1195                                                 c->log, c->msg, modcur->mp_path.bv_val );
1196                                         return(1);
1197                                 }
1198                         }
1199                         if(module_load(c->argv[1], c->argc - 2, (c->argc > 2) ? c->argv + 2 : NULL))
1200                                 return(1);
1201                         /* Record this load on the current path */
1202                         {
1203                                 struct berval bv;
1204                                 char *ptr;
1205                                 if ( c->op == SLAP_CONFIG_ADD ) {
1206                                         ptr = c->line + STRLENOF("moduleload");
1207                                         while (!isspace(*ptr)) ptr++;
1208                                         while (isspace(*ptr)) ptr++;
1209                                 } else {
1210                                         ptr = c->line;
1211                                 }
1212                                 ber_str2bv(ptr, 0, 1, &bv);
1213                                 ber_bvarray_add( &modcur->mp_loads, &bv );
1214                         }
1215                         break;
1216
1217                 case CFG_MODPATH:
1218                         if(module_path(c->argv[1])) return(1);
1219                         /* Record which path was used with each module */
1220                         {
1221                                 ModPaths *mp;
1222
1223                                 if (!modpaths.mp_loads) {
1224                                         mp = &modpaths;
1225                                 } else {
1226                                         mp = ch_malloc( sizeof( ModPaths ));
1227                                         modlast->mp_next = mp;
1228                                 }
1229                                 ber_str2bv(c->argv[1], 0, 1, &mp->mp_path);
1230                                 mp->mp_next = NULL;
1231                                 mp->mp_loads = NULL;
1232                                 modlast = mp;
1233                                 c->private = mp;
1234                                 modcur = mp;
1235                         }
1236                         
1237                         break;
1238 #endif
1239
1240 #ifdef LDAP_SLAPI
1241                 case CFG_PLUGIN:
1242                         if(slapi_int_read_config(c->be, c->fname, c->lineno, c->argc, c->argv) != LDAP_SUCCESS)
1243                                 return(1);
1244                         slapi_plugins_used++;
1245                         break;
1246 #endif
1247
1248 #ifdef SLAP_AUTH_REWRITE
1249                 case CFG_REWRITE: {
1250                         struct berval bv;
1251                         char *line;
1252                         
1253                         if(slap_sasl_rewrite_config(c->fname, c->lineno, c->argc, c->argv))
1254                                 return(1);
1255
1256                         if ( c->argc > 1 ) {
1257                                 char    *s;
1258
1259                                 /* quote all args but the first */
1260                                 line = ldap_charray2str( c->argv, "\" \"" );
1261                                 ber_str2bv( line, 0, 0, &bv );
1262                                 s = strchr( bv.bv_val, '"' );
1263                                 assert( s != NULL );
1264                                 /* move the trailing quote of argv[0] to the end */
1265                                 AC_MEMCPY( s, s + 1, bv.bv_len - ( s - bv.bv_val ) );
1266                                 bv.bv_val[ bv.bv_len - 1 ] = '"';
1267
1268                         } else {
1269                                 ber_str2bv( c->argv[ 0 ], 0, 1, &bv );
1270                         }
1271                         
1272                         ber_bvarray_add( &authz_rewrites, &bv );
1273                         }
1274                         break;
1275 #endif
1276
1277
1278                 default:
1279                         Debug( SLAPD_DEBUG_CONFIG_ERROR,
1280                                 "%s: unknown CFG_TYPE %d"
1281                                 SLAPD_CONF_UNKNOWN_IGNORED ".\n",
1282                                 c->log, c->type, 0 );
1283 #ifdef SLAPD_CONF_UNKNOWN_BAILOUT
1284                         return 1;
1285 #endif /* SLAPD_CONF_UNKNOWN_BAILOUT */
1286
1287         }
1288         return(0);
1289 }
1290
1291
1292 static int
1293 config_fname(ConfigArgs *c) {
1294         if(c->op == SLAP_CONFIG_EMIT) {
1295                 if (c->private) {
1296                         ConfigFile *cf = c->private;
1297                         value_add_one( &c->rvalue_vals, &cf->c_file );
1298                         return 0;
1299                 }
1300                 return 1;
1301         }
1302         return(0);
1303 }
1304
1305 static int
1306 config_cfdir(ConfigArgs *c) {
1307         if(c->op == SLAP_CONFIG_EMIT) {
1308                 if ( !BER_BVISEMPTY( &cfdir )) {
1309                         value_add_one( &c->rvalue_vals, &cfdir );
1310                         return 0;
1311                 }
1312                 return 1;
1313         }
1314         return(0);
1315 }
1316
1317 static int
1318 config_search_base(ConfigArgs *c) {
1319         if(c->op == SLAP_CONFIG_EMIT) {
1320                 int rc = 1;
1321                 if (!BER_BVISEMPTY(&default_search_base)) {
1322                         value_add_one(&c->rvalue_vals, &default_search_base);
1323                         value_add_one(&c->rvalue_nvals, &default_search_nbase);
1324                         rc = 0;
1325                 }
1326                 return rc;
1327         } else if( c->op == LDAP_MOD_DELETE ) {
1328                 ch_free( default_search_base.bv_val );
1329                 ch_free( default_search_nbase.bv_val );
1330                 BER_BVZERO( &default_search_base );
1331                 BER_BVZERO( &default_search_nbase );
1332                 return 0;
1333         }
1334
1335         if(c->bi || c->be != frontendDB) {
1336                 Debug(LDAP_DEBUG_ANY, "%s: defaultSearchBase line must appear "
1337                         "prior to any backend or database definition\n",
1338                         c->log, 0, 0);
1339                 return(1);
1340         }
1341
1342         if(default_search_nbase.bv_len) {
1343                 free(default_search_base.bv_val);
1344                 free(default_search_nbase.bv_val);
1345         }
1346
1347         default_search_base = c->value_dn;
1348         default_search_nbase = c->value_ndn;
1349         return(0);
1350 }
1351
1352 static int
1353 config_passwd_hash(ConfigArgs *c) {
1354         int i;
1355         if (c->op == SLAP_CONFIG_EMIT) {
1356                 struct berval bv;
1357                 for (i=0; default_passwd_hash && default_passwd_hash[i]; i++) {
1358                         ber_str2bv(default_passwd_hash[i], 0, 0, &bv);
1359                         value_add_one(&c->rvalue_vals, &bv);
1360                 }
1361                 return i ? 0 : 1;
1362         } else if ( c->op == LDAP_MOD_DELETE ) {
1363                 if ( c->valx < 0 ) {
1364                         ldap_charray_free( default_passwd_hash );
1365                         default_passwd_hash = NULL;
1366                 } else {
1367                         i = c->valx;
1368                         ch_free( default_passwd_hash[i] );
1369                         for (; default_passwd_hash[i]; i++ )
1370                                 default_passwd_hash[i] = default_passwd_hash[i+1];
1371                 }
1372                 return 0;
1373         }
1374         if(default_passwd_hash) {
1375                 Debug(LDAP_DEBUG_ANY, "%s: "
1376                         "already set default password_hash\n",
1377                         c->log, 0, 0);
1378                 return(1);
1379         }
1380         for(i = 1; i < c->argc; i++) {
1381                 if(!lutil_passwd_scheme(c->argv[i])) {
1382                         sprintf( c->msg, "<%s> scheme not available", c->argv[0] );
1383                         Debug(LDAP_DEBUG_ANY, "%s: %s (%s)\n",
1384                                 c->log, c->msg, c->argv[i]);
1385                 } else {
1386                         ldap_charray_add(&default_passwd_hash, c->argv[i]);
1387                 }
1388                 if(!default_passwd_hash) {
1389                         sprintf( c->msg, "<%s> no valid hashes found", c->argv[0] );
1390                         Debug(LDAP_DEBUG_ANY, "%s: %s\n",
1391                                 c->log, c->msg, 0 );
1392                         return(1);
1393                 }
1394         }
1395         return(0);
1396 }
1397
1398 static int
1399 config_schema_dn(ConfigArgs *c) {
1400         if ( c->op == SLAP_CONFIG_EMIT ) {
1401                 int rc = 1;
1402                 if ( !BER_BVISEMPTY( &c->be->be_schemadn )) {
1403                         value_add_one(&c->rvalue_vals, &c->be->be_schemadn);
1404                         value_add_one(&c->rvalue_nvals, &c->be->be_schemandn);
1405                         rc = 0;
1406                 }
1407                 return rc;
1408         } else if ( c->op == LDAP_MOD_DELETE ) {
1409                 ch_free( c->be->be_schemadn.bv_val );
1410                 ch_free( c->be->be_schemandn.bv_val );
1411                 BER_BVZERO( &c->be->be_schemadn );
1412                 BER_BVZERO( &c->be->be_schemandn );
1413                 return 0;
1414         }
1415         ch_free( c->be->be_schemadn.bv_val );
1416         ch_free( c->be->be_schemandn.bv_val );
1417         c->be->be_schemadn = c->value_dn;
1418         c->be->be_schemandn = c->value_ndn;
1419         return(0);
1420 }
1421
1422 static int
1423 config_sizelimit(ConfigArgs *c) {
1424         int i, rc = 0;
1425         char *next;
1426         struct slap_limits_set *lim = &c->be->be_def_limit;
1427         if (c->op == SLAP_CONFIG_EMIT) {
1428                 char buf[8192];
1429                 struct berval bv;
1430                 bv.bv_val = buf;
1431                 bv.bv_len = 0;
1432                 limits_unparse_one( lim, SLAP_LIMIT_SIZE, &bv );
1433                 if ( !BER_BVISEMPTY( &bv ))
1434                         value_add_one( &c->rvalue_vals, &bv );
1435                 else
1436                         rc = 1;
1437                 return rc;
1438         } else if ( c->op == LDAP_MOD_DELETE ) {
1439                 /* Reset to defaults */
1440                 lim->lms_s_soft = SLAPD_DEFAULT_SIZELIMIT;
1441                 lim->lms_s_hard = 0;
1442                 lim->lms_s_unchecked = -1;
1443                 lim->lms_s_pr = 0;
1444                 lim->lms_s_pr_hide = 0;
1445                 lim->lms_s_pr_total = 0;
1446                 return 0;
1447         }
1448         for(i = 1; i < c->argc; i++) {
1449                 if(!strncasecmp(c->argv[i], "size", 4)) {
1450                         rc = limits_parse_one(c->argv[i], lim);
1451                         if ( rc ) {
1452                                 sprintf( c->msg, "<%s> unable to parse value", c->argv[0] );
1453                                 Debug(LDAP_DEBUG_ANY, "%s: %s \"%s\"\n",
1454                                         c->log, c->msg, c->argv[i]);
1455                                 return(1);
1456                         }
1457                 } else {
1458                         if(!strcasecmp(c->argv[i], "unlimited")) {
1459                                 lim->lms_s_soft = -1;
1460                         } else {
1461                                 lim->lms_s_soft = strtol(c->argv[i], &next, 0);
1462                                 if(next == c->argv[i]) {
1463                                         sprintf( c->msg, "<%s> unable to parse limit", c->argv[0]);
1464                                         Debug(LDAP_DEBUG_ANY, "%s: %s \"%s\"\n",
1465                                                 c->log, c->msg, c->argv[i]);
1466                                         return(1);
1467                                 } else if(next[0] != '\0') {
1468                                         Debug( SLAPD_DEBUG_CONFIG_ERROR, "%s: "
1469                                                 "trailing chars \"%s\" in \"sizelimit <limit>\" line"
1470                                                 SLAPD_CONF_UNKNOWN_IGNORED ".\n",
1471                                                 c->log, next, 0);
1472 #ifdef SLAPD_CONF_UNKNOWN_BAILOUT
1473                                         return 1;
1474 #endif /* SLAPD_CONF_UNKNOWN_BAILOUT */
1475                                 }
1476                         }
1477                         lim->lms_s_hard = 0;
1478                 }
1479         }
1480         return(0);
1481 }
1482
1483 static int
1484 config_timelimit(ConfigArgs *c) {
1485         int i, rc = 0;
1486         char *next;
1487         struct slap_limits_set *lim = &c->be->be_def_limit;
1488         if (c->op == SLAP_CONFIG_EMIT) {
1489                 char buf[8192];
1490                 struct berval bv;
1491                 bv.bv_val = buf;
1492                 bv.bv_len = 0;
1493                 limits_unparse_one( lim, SLAP_LIMIT_TIME, &bv );
1494                 if ( !BER_BVISEMPTY( &bv ))
1495                         value_add_one( &c->rvalue_vals, &bv );
1496                 else
1497                         rc = 1;
1498                 return rc;
1499         } else if ( c->op == LDAP_MOD_DELETE ) {
1500                 /* Reset to defaults */
1501                 lim->lms_t_soft = SLAPD_DEFAULT_TIMELIMIT;
1502                 lim->lms_t_hard = 0;
1503                 return 0;
1504         }
1505         for(i = 1; i < c->argc; i++) {
1506                 if(!strncasecmp(c->argv[i], "time", 4)) {
1507                         rc = limits_parse_one(c->argv[i], lim);
1508                         if ( rc ) {
1509                                 sprintf( c->msg, "<%s> unable to parse value", c->argv[0] );
1510                                 Debug(LDAP_DEBUG_ANY, "%s: %s \"%s\"\n",
1511                                         c->log, c->msg, c->argv[i]);
1512                                 return(1);
1513                         }
1514                 } else {
1515                         if(!strcasecmp(c->argv[i], "unlimited")) {
1516                                 lim->lms_t_soft = -1;
1517                         } else {
1518                                 lim->lms_t_soft = strtol(c->argv[i], &next, 0);
1519                                 if(next == c->argv[i]) {
1520                                         sprintf( c->msg, "<%s> unable to parse limit", c->argv[0]);
1521                                         Debug(LDAP_DEBUG_ANY, "%s: %s \"%s\"\n",
1522                                                 c->log, c->msg, c->argv[i]);
1523                                         return(1);
1524                                 } else if(next[0] != '\0') {
1525                                         Debug( SLAPD_DEBUG_CONFIG_ERROR, "%s: "
1526                                                 "trailing chars \"%s\" in \"timelimit <limit>\" line"
1527                                                 SLAPD_CONF_UNKNOWN_IGNORED ".\n",
1528                                                 c->log, next, 0);
1529 #ifdef SLAPD_CONF_UNKNOWN_BAILOUT
1530                                         return 1;
1531 #endif /* SLAPD_CONF_UNKNOWN_BAILOUT */
1532                                 }
1533                         }
1534                         lim->lms_t_hard = 0;
1535                 }
1536         }
1537         return(0);
1538 }
1539
1540 static int
1541 config_overlay(ConfigArgs *c) {
1542         slap_overinfo *oi;
1543         if (c->op == SLAP_CONFIG_EMIT) {
1544                 return 1;
1545         } else if ( c->op == LDAP_MOD_DELETE ) {
1546                 assert(0);
1547         }
1548         if(c->argv[1][0] == '-' && overlay_config(c->be, &c->argv[1][1])) {
1549                 /* log error */
1550                 Debug( SLAPD_DEBUG_CONFIG_ERROR, "%s: (optional) %s overlay \"%s\" configuration failed"
1551                         SLAPD_CONF_UNKNOWN_IGNORED ".\n",
1552                         c->log, c->be == frontendDB ? "global " : "", &c->argv[1][1]);
1553 #ifdef SLAPD_CONF_UNKNOWN_BAILOUT
1554                 return 1;
1555 #endif /* SLAPD_CONF_UNKNOWN_BAILOUT */
1556         } else if(overlay_config(c->be, c->argv[1])) {
1557                 return(1);
1558         }
1559         /* Setup context for subsequent config directives.
1560          * The newly added overlay is at the head of the list.
1561          */
1562         oi = (slap_overinfo *)c->be->bd_info;
1563         c->bi = &oi->oi_list->on_bi;
1564         return(0);
1565 }
1566
1567 static int
1568 config_subordinate(ConfigArgs *c)
1569 {
1570         int rc = 1;
1571         int advertise;
1572
1573         switch( c->op ) {
1574         case SLAP_CONFIG_EMIT:
1575                 if ( SLAP_GLUE_SUBORDINATE( c->be )) {
1576                         struct berval bv;
1577
1578                         bv.bv_val = SLAP_GLUE_ADVERTISE( c->be ) ? "advertise" : "TRUE";
1579                         bv.bv_len = SLAP_GLUE_ADVERTISE( c->be ) ? STRLENOF("advertise") :
1580                                 STRLENOF("TRUE");
1581
1582                         value_add_one( &c->rvalue_vals, &bv );
1583                         rc = 0;
1584                 }
1585                 break;
1586         case LDAP_MOD_DELETE:
1587                 if ( !c->line  || strcasecmp( c->line, "advertise" )) {
1588                         glue_sub_del( c->be );
1589                 } else {
1590                         SLAP_DBFLAGS( c->be ) &= ~SLAP_DBFLAG_GLUE_ADVERTISE;
1591                 }
1592                 rc = 0;
1593                 break;
1594         case LDAP_MOD_ADD:
1595         case SLAP_CONFIG_ADD:
1596                 advertise = ( c->argc == 2 && !strcasecmp( c->argv[1], "advertise" ));
1597                 rc = glue_sub_add( c->be, advertise, CONFIG_ONLINE_ADD( c ));
1598                 break;
1599         }
1600         return rc;
1601 }
1602
1603 static int
1604 config_suffix(ConfigArgs *c)
1605 {
1606         Backend *tbe;
1607         struct berval pdn, ndn;
1608         char    *notallowed = NULL;
1609
1610         if ( c->be == frontendDB ) {
1611                 notallowed = "frontend";
1612
1613         } else if ( SLAP_MONITOR(c->be) ) {
1614                 notallowed = "monitor";
1615
1616         } else if ( SLAP_CONFIG(c->be) ) {
1617                 notallowed = "config";
1618         }
1619
1620         if ( notallowed != NULL ) {
1621                 char    buf[ SLAP_TEXT_BUFLEN ] = { '\0' };
1622
1623                 switch ( c->op ) {
1624                 case LDAP_MOD_ADD:
1625                 case LDAP_MOD_DELETE:
1626                 case LDAP_MOD_REPLACE:
1627                 case LDAP_MOD_INCREMENT:
1628                 case SLAP_CONFIG_ADD:
1629                         if ( !BER_BVISNULL( &c->value_dn ) ) {
1630                                 snprintf( buf, sizeof( buf ), "<%s> ",
1631                                                 c->value_dn.bv_val );
1632                         }
1633
1634                         Debug(LDAP_DEBUG_ANY,
1635                                 "%s: suffix %snot allowed in %s database.\n",
1636                                 c->log, buf, notallowed );
1637                         break;
1638
1639                 case SLAP_CONFIG_EMIT:
1640                         /* don't complain when emitting... */
1641                         break;
1642
1643                 default:
1644                         /* FIXME: don't know what values may be valid;
1645                          * please remove assertion, or add legal values
1646                          * to either block */
1647                         assert( 0 );
1648                         break;
1649                 }
1650
1651                 return 1;
1652         }
1653
1654         if (c->op == SLAP_CONFIG_EMIT) {
1655                 if ( c->be->be_suffix == NULL
1656                                 || BER_BVISNULL( &c->be->be_suffix[0] ) )
1657                 {
1658                         return 1;
1659                 } else {
1660                         value_add( &c->rvalue_vals, c->be->be_suffix );
1661                         value_add( &c->rvalue_nvals, c->be->be_nsuffix );
1662                         return 0;
1663                 }
1664         } else if ( c->op == LDAP_MOD_DELETE ) {
1665                 if ( c->valx < 0 ) {
1666                         ber_bvarray_free( c->be->be_suffix );
1667                         ber_bvarray_free( c->be->be_nsuffix );
1668                         c->be->be_suffix = NULL;
1669                         c->be->be_nsuffix = NULL;
1670                 } else {
1671                         int i = c->valx;
1672                         ch_free( c->be->be_suffix[i].bv_val );
1673                         ch_free( c->be->be_nsuffix[i].bv_val );
1674                         for (; c->be->be_suffix[i].bv_val; i++) {
1675                                 c->be->be_suffix[i] = c->be->be_suffix[i+1];
1676                                 c->be->be_nsuffix[i] = c->be->be_nsuffix[i+1];
1677                         }
1678                 }
1679                 return 0;
1680         }
1681
1682 #ifdef SLAPD_MONITOR_DN
1683         if(!strcasecmp(c->argv[1], SLAPD_MONITOR_DN)) {
1684                 sprintf( c->msg, "<%s> DN is reserved for monitoring slapd",
1685                         c->argv[0] );
1686                 Debug(LDAP_DEBUG_ANY, "%s: %s (%s)\n",
1687                         c->log, c->msg, SLAPD_MONITOR_DN);
1688                 return(1);
1689         }
1690 #endif
1691
1692         pdn = c->value_dn;
1693         ndn = c->value_ndn;
1694         tbe = select_backend(&ndn, 0, 0);
1695         if(tbe == c->be) {
1696                 Debug( SLAPD_DEBUG_CONFIG_ERROR,
1697                         "%s: suffix already served by this backend!"
1698                         SLAPD_CONF_UNKNOWN_IGNORED ".\n",
1699                         c->log, 0, 0);
1700 #ifdef SLAPD_CONF_UNKNOWN_BAILOUT
1701                 return 1;
1702 #endif /* SLAPD_CONF_UNKNOWN_BAILOUT */
1703                 free(pdn.bv_val);
1704                 free(ndn.bv_val);
1705         } else if(tbe) {
1706                 char    *type = tbe->bd_info->bi_type;
1707
1708                 if ( overlay_is_over( tbe ) ) {
1709                         slap_overinfo   *oi = (slap_overinfo *)tbe->bd_info->bi_private;
1710                         type = oi->oi_orig->bi_type;
1711                 }
1712
1713                 sprintf( c->msg, "<%s> namingContext \"%s\" already served by "
1714                         "a preceding %s database serving namingContext",
1715                         c->argv[0], pdn.bv_val, type );
1716                 Debug(LDAP_DEBUG_ANY, "%s: %s \"%s\"\n",
1717                         c->log, c->msg, tbe->be_suffix[0].bv_val);
1718                 free(pdn.bv_val);
1719                 free(ndn.bv_val);
1720                 return(1);
1721         } else if(pdn.bv_len == 0 && default_search_nbase.bv_len) {
1722                 Debug(LDAP_DEBUG_ANY, "%s: suffix DN empty and default search "
1723                         "base provided \"%s\" (assuming okay)\n",
1724                         c->log, default_search_base.bv_val, 0);
1725         }
1726         ber_bvarray_add(&c->be->be_suffix, &pdn);
1727         ber_bvarray_add(&c->be->be_nsuffix, &ndn);
1728         return(0);
1729 }
1730
1731 static int
1732 config_rootdn(ConfigArgs *c) {
1733         if (c->op == SLAP_CONFIG_EMIT) {
1734                 if ( !BER_BVISNULL( &c->be->be_rootdn )) {
1735                         value_add_one(&c->rvalue_vals, &c->be->be_rootdn);
1736                         value_add_one(&c->rvalue_nvals, &c->be->be_rootndn);
1737                         return 0;
1738                 } else {
1739                         return 1;
1740                 }
1741         } else if ( c->op == LDAP_MOD_DELETE ) {
1742                 ch_free( c->be->be_rootdn.bv_val );
1743                 ch_free( c->be->be_rootndn.bv_val );
1744                 BER_BVZERO( &c->be->be_rootdn );
1745                 BER_BVZERO( &c->be->be_rootndn );
1746                 return 0;
1747         }
1748         if ( !BER_BVISNULL( &c->be->be_rootdn )) {
1749                 ch_free( c->be->be_rootdn.bv_val );
1750                 ch_free( c->be->be_rootndn.bv_val );
1751         }
1752         c->be->be_rootdn = c->value_dn;
1753         c->be->be_rootndn = c->value_ndn;
1754         return(0);
1755 }
1756
1757 static int
1758 config_rootpw(ConfigArgs *c) {
1759         Backend *tbe;
1760
1761         if (c->op == SLAP_CONFIG_EMIT) {
1762                 if (!BER_BVISEMPTY(&c->be->be_rootpw)) {
1763                         /* don't copy, because "rootpw" is marked
1764                          * as CFG_BERVAL */
1765                         c->value_bv = c->be->be_rootpw;
1766                         return 0;
1767                 }
1768                 return 1;
1769         } else if ( c->op == LDAP_MOD_DELETE ) {
1770                 ch_free( c->be->be_rootpw.bv_val );
1771                 BER_BVZERO( &c->be->be_rootpw );
1772                 return 0;
1773         }
1774
1775         tbe = select_backend(&c->be->be_rootndn, 0, 0);
1776         if(tbe != c->be) {
1777                 sprintf( c->msg, "<%s> can only be set when rootdn is under suffix",
1778                         c->argv[0] );
1779                 Debug(LDAP_DEBUG_ANY, "%s: %s\n",
1780                         c->log, c->msg, 0);
1781                 return(1);
1782         }
1783         if ( !BER_BVISNULL( &c->be->be_rootpw ))
1784                 ch_free( c->be->be_rootpw.bv_val );
1785         c->be->be_rootpw = c->value_bv;
1786         return(0);
1787 }
1788
1789 static int
1790 config_restrict(ConfigArgs *c) {
1791         slap_mask_t restrictops = 0;
1792         int i;
1793         slap_verbmasks restrictable_ops[] = {
1794                 { BER_BVC("bind"),              SLAP_RESTRICT_OP_BIND },
1795                 { BER_BVC("add"),               SLAP_RESTRICT_OP_ADD },
1796                 { BER_BVC("modify"),            SLAP_RESTRICT_OP_MODIFY },
1797                 { BER_BVC("rename"),            SLAP_RESTRICT_OP_RENAME },
1798                 { BER_BVC("modrdn"),            0 },
1799                 { BER_BVC("delete"),            SLAP_RESTRICT_OP_DELETE },
1800                 { BER_BVC("search"),            SLAP_RESTRICT_OP_SEARCH },
1801                 { BER_BVC("compare"),   SLAP_RESTRICT_OP_COMPARE },
1802                 { BER_BVC("read"),              SLAP_RESTRICT_OP_READS },
1803                 { BER_BVC("write"),             SLAP_RESTRICT_OP_WRITES },
1804                 { BER_BVC("extended"),  SLAP_RESTRICT_OP_EXTENDED },
1805                 { BER_BVC("extended=" LDAP_EXOP_START_TLS ),            SLAP_RESTRICT_EXOP_START_TLS },
1806                 { BER_BVC("extended=" LDAP_EXOP_MODIFY_PASSWD ),        SLAP_RESTRICT_EXOP_MODIFY_PASSWD },
1807                 { BER_BVC("extended=" LDAP_EXOP_X_WHO_AM_I ),           SLAP_RESTRICT_EXOP_WHOAMI },
1808                 { BER_BVC("extended=" LDAP_EXOP_X_CANCEL ),             SLAP_RESTRICT_EXOP_CANCEL },
1809                 { BER_BVNULL,   0 }
1810         };
1811
1812         if (c->op == SLAP_CONFIG_EMIT) {
1813                 return mask_to_verbs( restrictable_ops, c->be->be_restrictops,
1814                         &c->rvalue_vals );
1815         } else if ( c->op == LDAP_MOD_DELETE ) {
1816                 if ( !c->line ) {
1817                         c->be->be_restrictops = 0;
1818                 } else {
1819                         restrictops = verb_to_mask( c->line, restrictable_ops );
1820                         c->be->be_restrictops ^= restrictops;
1821                 }
1822                 return 0;
1823         }
1824         i = verbs_to_mask( c->argc, c->argv, restrictable_ops, &restrictops );
1825         if ( i ) {
1826                 sprintf( c->msg, "<%s> unknown operation", c->argv[0] );
1827                 Debug(LDAP_DEBUG_ANY, "%s: %s %s\n",
1828                         c->log, c->msg, c->argv[i]);
1829                 return(1);
1830         }
1831         if ( restrictops & SLAP_RESTRICT_OP_EXTENDED )
1832                 restrictops &= ~SLAP_RESTRICT_EXOP_MASK;
1833         c->be->be_restrictops |= restrictops;
1834         return(0);
1835 }
1836
1837 static int
1838 config_allows(ConfigArgs *c) {
1839         slap_mask_t allows = 0;
1840         int i;
1841         slap_verbmasks allowable_ops[] = {
1842                 { BER_BVC("bind_v2"),           SLAP_ALLOW_BIND_V2 },
1843                 { BER_BVC("bind_anon_cred"),    SLAP_ALLOW_BIND_ANON_CRED },
1844                 { BER_BVC("bind_anon_dn"),      SLAP_ALLOW_BIND_ANON_DN },
1845                 { BER_BVC("update_anon"),       SLAP_ALLOW_UPDATE_ANON },
1846                 { BER_BVNULL,   0 }
1847         };
1848         if (c->op == SLAP_CONFIG_EMIT) {
1849                 return mask_to_verbs( allowable_ops, global_allows, &c->rvalue_vals );
1850         } else if ( c->op == LDAP_MOD_DELETE ) {
1851                 if ( !c->line ) {
1852                         global_allows = 0;
1853                 } else {
1854                         allows = verb_to_mask( c->line, allowable_ops );
1855                         global_allows ^= allows;
1856                 }
1857                 return 0;
1858         }
1859         i = verbs_to_mask(c->argc, c->argv, allowable_ops, &allows);
1860         if ( i ) {
1861                 sprintf( c->msg, "<%s> unknown feature", c->argv[0] );
1862                 Debug(LDAP_DEBUG_ANY, "%s: %s %s\n",
1863                         c->log, c->msg, c->argv[i]);
1864                 return(1);
1865         }
1866         global_allows |= allows;
1867         return(0);
1868 }
1869
1870 static int
1871 config_disallows(ConfigArgs *c) {
1872         slap_mask_t disallows = 0;
1873         int i;
1874         slap_verbmasks disallowable_ops[] = {
1875                 { BER_BVC("bind_anon"),         SLAP_DISALLOW_BIND_ANON },
1876                 { BER_BVC("bind_simple"),       SLAP_DISALLOW_BIND_SIMPLE },
1877                 { BER_BVC("bind_krb4"),         SLAP_DISALLOW_BIND_KRBV4 },
1878                 { BER_BVC("tls_2_anon"),                SLAP_DISALLOW_TLS_2_ANON },
1879                 { BER_BVC("tls_authc"),         SLAP_DISALLOW_TLS_AUTHC },
1880                 { BER_BVNULL, 0 }
1881         };
1882         if (c->op == SLAP_CONFIG_EMIT) {
1883                 return mask_to_verbs( disallowable_ops, global_disallows, &c->rvalue_vals );
1884         } else if ( c->op == LDAP_MOD_DELETE ) {
1885                 if ( !c->line ) {
1886                         global_disallows = 0;
1887                 } else {
1888                         disallows = verb_to_mask( c->line, disallowable_ops );
1889                         global_disallows ^= disallows;
1890                 }
1891                 return 0;
1892         }
1893         i = verbs_to_mask(c->argc, c->argv, disallowable_ops, &disallows);
1894         if ( i ) {
1895                 sprintf( c->msg, "<%s> unknown feature", c->argv[0] );
1896                 Debug(LDAP_DEBUG_ANY, "%s: %s %s\n",
1897                         c->log, c->msg, c->argv[i]);
1898                 return(1);
1899         }
1900         global_disallows |= disallows;
1901         return(0);
1902 }
1903
1904 static int
1905 config_requires(ConfigArgs *c) {
1906         slap_mask_t requires = 0;
1907         int i;
1908         slap_verbmasks requires_ops[] = {
1909                 { BER_BVC("bind"),              SLAP_REQUIRE_BIND },
1910                 { BER_BVC("LDAPv3"),            SLAP_REQUIRE_LDAP_V3 },
1911                 { BER_BVC("authc"),             SLAP_REQUIRE_AUTHC },
1912                 { BER_BVC("sasl"),              SLAP_REQUIRE_SASL },
1913                 { BER_BVC("strong"),            SLAP_REQUIRE_STRONG },
1914                 { BER_BVNULL, 0 }
1915         };
1916         if (c->op == SLAP_CONFIG_EMIT) {
1917                 return mask_to_verbs( requires_ops, c->be->be_requires, &c->rvalue_vals );
1918         } else if ( c->op == LDAP_MOD_DELETE ) {
1919                 if ( !c->line ) {
1920                         c->be->be_requires = 0;
1921                 } else {
1922                         requires = verb_to_mask( c->line, requires_ops );
1923                         c->be->be_requires ^= requires;
1924                 }
1925                 return 0;
1926         }
1927         i = verbs_to_mask(c->argc, c->argv, requires_ops, &requires);
1928         if ( i ) {
1929                 sprintf( c->msg, "<%s> unknown feature", c->argv[0] );
1930                 Debug(LDAP_DEBUG_ANY, "%s: %s %s\n",
1931                         c->log, c->msg, c->argv[i]);
1932                 return(1);
1933         }
1934         c->be->be_requires = requires;
1935         return(0);
1936 }
1937
1938 static slap_verbmasks   *loglevel_ops;
1939
1940 static int
1941 loglevel_init( void )
1942 {
1943         slap_verbmasks  lo[] = {
1944                 { BER_BVC("Any"),       -1 },
1945                 { BER_BVC("Trace"),     LDAP_DEBUG_TRACE },
1946                 { BER_BVC("Packets"),   LDAP_DEBUG_PACKETS },
1947                 { BER_BVC("Args"),      LDAP_DEBUG_ARGS },
1948                 { BER_BVC("Conns"),     LDAP_DEBUG_CONNS },
1949                 { BER_BVC("BER"),       LDAP_DEBUG_BER },
1950                 { BER_BVC("Filter"),    LDAP_DEBUG_FILTER },
1951                 { BER_BVC("Config"),    LDAP_DEBUG_CONFIG },
1952                 { BER_BVC("ACL"),       LDAP_DEBUG_ACL },
1953                 { BER_BVC("Stats"),     LDAP_DEBUG_STATS },
1954                 { BER_BVC("Stats2"),    LDAP_DEBUG_STATS2 },
1955                 { BER_BVC("Shell"),     LDAP_DEBUG_SHELL },
1956                 { BER_BVC("Parse"),     LDAP_DEBUG_PARSE },
1957                 { BER_BVC("Cache"),     LDAP_DEBUG_CACHE },
1958                 { BER_BVC("Index"),     LDAP_DEBUG_INDEX },
1959                 { BER_BVC("Sync"),      LDAP_DEBUG_SYNC },
1960                 { BER_BVNULL,   0 }
1961         };
1962
1963         return slap_verbmasks_init( &loglevel_ops, lo );
1964 }
1965
1966 static void
1967 loglevel_destroy( void )
1968 {
1969         if ( loglevel_ops ) {
1970                 (void)slap_verbmasks_destroy( loglevel_ops );
1971         }
1972         loglevel_ops = NULL;
1973 }
1974
1975 static slap_mask_t      loglevel_ignore[] = { -1, 0 };
1976
1977 int
1978 slap_loglevel_register( slap_mask_t m, struct berval *s )
1979 {
1980         int     rc;
1981
1982         if ( loglevel_ops == NULL ) {
1983                 loglevel_init();
1984         }
1985
1986         rc = slap_verbmasks_append( &loglevel_ops, m, s, loglevel_ignore );
1987
1988         if ( rc != 0 ) {
1989                 Debug( LDAP_DEBUG_ANY, "slap_loglevel_register(%lu, \"%s\") failed\n",
1990                         m, s->bv_val, 0 );
1991         }
1992
1993         return rc;
1994 }
1995
1996 int
1997 str2loglevel( const char *s, int *l )
1998 {
1999         int     i;
2000
2001         if ( loglevel_ops == NULL ) {
2002                 loglevel_init();
2003         }
2004
2005         i = verb_to_mask( s, loglevel_ops );
2006
2007         if ( BER_BVISNULL( &loglevel_ops[ i ].word) ) {
2008                 return -1;
2009         }
2010
2011         *l = loglevel_ops[ i ].mask;
2012
2013         return 0;
2014 }
2015
2016 static int config_syslog;
2017
2018 static int
2019 config_loglevel(ConfigArgs *c) {
2020         int i;
2021         char *next;
2022
2023         if ( loglevel_ops == NULL ) {
2024                 loglevel_init();
2025         }
2026
2027         if (c->op == SLAP_CONFIG_EMIT) {
2028                 /* Get default or commandline slapd setting */
2029                 if ( ldap_syslog && !config_syslog )
2030                         config_syslog = ldap_syslog;
2031                 return mask_to_verbs( loglevel_ops, config_syslog, &c->rvalue_vals );
2032         } else if ( c->op == LDAP_MOD_DELETE ) {
2033                 if ( !c->line ) {
2034                         config_syslog = 0;
2035                 } else {
2036                         int level = verb_to_mask( c->line, loglevel_ops );
2037                         config_syslog ^= level;
2038                 }
2039                 if ( slapMode & SLAP_SERVER_MODE ) {
2040                         ldap_syslog = config_syslog;
2041                 }
2042                 return 0;
2043         }
2044
2045         config_syslog = 0;
2046
2047         for( i=1; i < c->argc; i++ ) {
2048                 int     level;
2049
2050                 if ( isdigit( c->argv[i][0] ) || c->argv[i][0] == '-' ) {
2051                         level = strtol( c->argv[i], &next, 10 );
2052                         if ( next == NULL || next[0] != '\0' ) {
2053                                 sprintf( c->msg, "<%s> unable to parse level", c->argv[0] );
2054                                 Debug( LDAP_DEBUG_ANY, "%s: %s \"%s\"\n",
2055                                         c->log, c->msg, c->argv[i]);
2056                                 return( 1 );
2057                         }
2058                 } else {
2059                         if ( str2loglevel( c->argv[i], &level ) ) {
2060                                 sprintf( c->msg, "<%s> unknown level", c->argv[0] );
2061                                 Debug( LDAP_DEBUG_ANY, "%s: %s \"%s\"\n",
2062                                         c->log, c->msg, c->argv[i]);
2063                                 return( 1 );
2064                         }
2065                 }
2066                 config_syslog |= level;
2067         }
2068         if ( slapMode & SLAP_SERVER_MODE ) {
2069                 ldap_syslog = config_syslog;
2070         }
2071         return(0);
2072 }
2073
2074 static int
2075 config_referral(ConfigArgs *c) {
2076         struct berval val;
2077         if (c->op == SLAP_CONFIG_EMIT) {
2078                 if ( default_referral ) {
2079                         value_add( &c->rvalue_vals, default_referral );
2080                         return 0;
2081                 } else {
2082                         return 1;
2083                 }
2084         } else if ( c->op == LDAP_MOD_DELETE ) {
2085                 if ( c->valx < 0 ) {
2086                         ber_bvarray_free( default_referral );
2087                         default_referral = NULL;
2088                 } else {
2089                         int i = c->valx;
2090                         ch_free( default_referral[i].bv_val );
2091                         for (; default_referral[i].bv_val; i++ )
2092                                 default_referral[i] = default_referral[i+1];
2093                 }
2094                 return 0;
2095         }
2096         if(validate_global_referral(c->argv[1])) {
2097                 sprintf( c->msg, "<%s> invalid URL", c->argv[0] );
2098                 Debug(LDAP_DEBUG_ANY, "%s: %s (%s)\n",
2099                         c->log, c->msg, c->argv[1]);
2100                 return(1);
2101         }
2102
2103         ber_str2bv(c->argv[1], 0, 0, &val);
2104         if(value_add_one(&default_referral, &val)) return(LDAP_OTHER);
2105         return(0);
2106 }
2107
2108 static struct {
2109         struct berval key;
2110         int off;
2111 } sec_keys[] = {
2112         { BER_BVC("ssf="), offsetof(slap_ssf_set_t, sss_ssf) },
2113         { BER_BVC("transport="), offsetof(slap_ssf_set_t, sss_transport) },
2114         { BER_BVC("tls="), offsetof(slap_ssf_set_t, sss_tls) },
2115         { BER_BVC("sasl="), offsetof(slap_ssf_set_t, sss_sasl) },
2116         { BER_BVC("update_ssf="), offsetof(slap_ssf_set_t, sss_update_ssf) },
2117         { BER_BVC("update_transport="), offsetof(slap_ssf_set_t, sss_update_transport) },
2118         { BER_BVC("update_tls="), offsetof(slap_ssf_set_t, sss_update_tls) },
2119         { BER_BVC("update_sasl="), offsetof(slap_ssf_set_t, sss_update_sasl) },
2120         { BER_BVC("simple_bind="), offsetof(slap_ssf_set_t, sss_simple_bind) },
2121         { BER_BVNULL, 0 }
2122 };
2123
2124 static int
2125 config_security(ConfigArgs *c) {
2126         slap_ssf_set_t *set = &c->be->be_ssf_set;
2127         char *next;
2128         int i, j;
2129         if (c->op == SLAP_CONFIG_EMIT) {
2130                 char numbuf[32];
2131                 struct berval bv;
2132                 slap_ssf_t *tgt;
2133                 int rc = 1;
2134
2135                 for (i=0; !BER_BVISNULL( &sec_keys[i].key ); i++) {
2136                         tgt = (slap_ssf_t *)((char *)set + sec_keys[i].off);
2137                         if ( *tgt ) {
2138                                 rc = 0;
2139                                 bv.bv_len = sprintf( numbuf, "%u", *tgt );
2140                                 bv.bv_len += sec_keys[i].key.bv_len;
2141                                 bv.bv_val = ch_malloc( bv.bv_len + 1);
2142                                 next = lutil_strcopy( bv.bv_val, sec_keys[i].key.bv_val );
2143                                 strcpy( next, numbuf );
2144                                 ber_bvarray_add( &c->rvalue_vals, &bv );
2145                         }
2146                 }
2147                 return rc;
2148         }
2149         for(i = 1; i < c->argc; i++) {
2150                 slap_ssf_t *tgt = NULL;
2151                 char *src;
2152                 for ( j=0; !BER_BVISNULL( &sec_keys[j].key ); j++ ) {
2153                         if(!strncasecmp(c->argv[i], sec_keys[j].key.bv_val,
2154                                 sec_keys[j].key.bv_len)) {
2155                                 src = c->argv[i] + sec_keys[j].key.bv_len;
2156                                 tgt = (slap_ssf_t *)((char *)set + sec_keys[j].off);
2157                                 break;
2158                         }
2159                 }
2160                 if ( !tgt ) {
2161                         sprintf( c->msg, "<%s> unknown factor", c->argv[0] );
2162                         Debug(LDAP_DEBUG_ANY, "%s: %s %s\n",
2163                                 c->log, c->msg, c->argv[i]);
2164                         return(1);
2165                 }
2166
2167                 *tgt = strtol(src, &next, 10);
2168                 if(next == NULL || next[0] != '\0' ) {
2169                         sprintf( c->msg, "<%s> unable to parse factor", c->argv[0] );
2170                         Debug(LDAP_DEBUG_ANY, "%s: %s \"%s\"\n",
2171                                 c->log, c->msg, c->argv[i]);
2172                         return(1);
2173                 }
2174         }
2175         return(0);
2176 }
2177
2178 char *
2179 anlist_unparse( AttributeName *an, char *ptr ) {
2180         int comma = 0;
2181
2182         for (; !BER_BVISNULL( &an->an_name ); an++) {
2183                 if ( comma ) *ptr++ = ',';
2184                 ptr = lutil_strcopy( ptr, an->an_name.bv_val );
2185                 comma = 1;
2186         }
2187         return ptr;
2188 }
2189
2190 static void
2191 replica_unparse( struct slap_replica_info *ri, int i, struct berval *bv )
2192 {
2193         int len;
2194         char *ptr;
2195         struct berval bc = BER_BVNULL;
2196         char numbuf[32];
2197
2198         len = sprintf(numbuf, IFMT, i );
2199
2200         len += strlen( ri->ri_uri ) + STRLENOF("uri=");
2201         if ( ri->ri_nsuffix ) {
2202                 for (i=0; !BER_BVISNULL( &ri->ri_nsuffix[i] ); i++) {
2203                         len += ri->ri_nsuffix[i].bv_len + STRLENOF(" suffix=\"\"");
2204                 }
2205         }
2206         if ( ri->ri_attrs ) {
2207                 len += STRLENOF("attr");
2208                 if ( ri->ri_exclude ) len++;
2209                 for (i=0; !BER_BVISNULL( &ri->ri_attrs[i].an_name ); i++) {
2210                         len += 1 + ri->ri_attrs[i].an_name.bv_len;
2211                 }
2212         }
2213         bindconf_unparse( &ri->ri_bindconf, &bc );
2214         len += bc.bv_len;
2215
2216         bv->bv_val = ch_malloc(len + 1);
2217         bv->bv_len = len;
2218
2219         ptr = lutil_strcopy( bv->bv_val, numbuf );
2220         ptr = lutil_strcopy( ptr, "uri=" );
2221         ptr = lutil_strcopy( ptr, ri->ri_uri );
2222
2223         if ( ri->ri_nsuffix ) {
2224                 for (i=0; !BER_BVISNULL( &ri->ri_nsuffix[i] ); i++) {
2225                         ptr = lutil_strcopy( ptr, " suffix=\"" );
2226                         ptr = lutil_strcopy( ptr, ri->ri_nsuffix[i].bv_val );
2227                         *ptr++ = '"';
2228                 }
2229         }
2230         if ( ri->ri_attrs ) {
2231                 ptr = lutil_strcopy( ptr, "attr" );
2232                 if ( ri->ri_exclude ) *ptr++ = '!';
2233                 *ptr++ = '=';
2234                 ptr = anlist_unparse( ri->ri_attrs, ptr );
2235         }
2236         if ( bc.bv_val ) {
2237                 strcpy( ptr, bc.bv_val );
2238                 ch_free( bc.bv_val );
2239         }
2240 }
2241
2242 static int
2243 config_replica(ConfigArgs *c) {
2244         int i, nr = -1, len;
2245         char *replicahost, *replicauri;
2246         LDAPURLDesc *ludp;
2247
2248         if (c->op == SLAP_CONFIG_EMIT) {
2249                 if (c->be->be_replica) {
2250                         struct berval bv;
2251                         for (i=0;c->be->be_replica[i]; i++) {
2252                                 replica_unparse( c->be->be_replica[i], i, &bv );
2253                                 ber_bvarray_add( &c->rvalue_vals, &bv );
2254                         }
2255                         return 0;
2256                 }
2257                 return 1;
2258         } else if ( c->op == LDAP_MOD_DELETE ) {
2259                 /* FIXME: there is no replica_free function */
2260                 if ( c->valx < 0 ) {
2261                 } else {
2262                 }
2263         }
2264         if(SLAP_MONITOR(c->be)) {
2265                 Debug(LDAP_DEBUG_ANY, "%s: "
2266                         "\"replica\" should not be used inside monitor database\n",
2267                         c->log, 0, 0);
2268                 return(0);      /* FIXME: should this be an error? */
2269         }
2270
2271         for(i = 1; i < c->argc; i++) {
2272                 if(!strncasecmp(c->argv[i], "host=", STRLENOF("host="))) {
2273                         replicahost = c->argv[i] + STRLENOF("host=");
2274                         len = strlen( replicahost );
2275                         replicauri = ch_malloc( len + STRLENOF("ldap://") + 1 );
2276                         sprintf( replicauri, "ldap://%s", replicahost );
2277                         replicahost = replicauri + STRLENOF( "ldap://");
2278                         nr = add_replica_info(c->be, replicauri, replicahost);
2279                         break;
2280                 } else if(!strncasecmp(c->argv[i], "uri=", STRLENOF("uri="))) {
2281                         if(ldap_url_parse(c->argv[i] + STRLENOF("uri="), &ludp) != LDAP_SUCCESS) {
2282                                 sprintf( c->msg, "<%s> invalid uri", c->argv[0] );
2283                                 Debug(LDAP_DEBUG_ANY, "%s: %s\n", c->log, c->msg, 0 );
2284                                 return(1);
2285                         }
2286                         if(!ludp->lud_host) {
2287                                 ldap_free_urldesc(ludp);
2288                                 sprintf( c->msg, "<%s> invalid uri - missing hostname",
2289                                         c->argv[0] );
2290                                 Debug(LDAP_DEBUG_ANY, "%s: %s\n", c->log, c->msg, 0 );
2291                                 return(1);
2292                         }
2293                         ldap_free_urldesc(ludp);
2294                         replicauri = c->argv[i] + STRLENOF("uri=");
2295                         replicauri = ch_strdup( replicauri );
2296                         replicahost = strchr( replicauri, '/' );
2297                         replicahost += 2;
2298                         nr = add_replica_info(c->be, replicauri, replicahost);
2299                         break;
2300                 }
2301         }
2302         if(i == c->argc) {
2303                 sprintf( c->msg, "<%s> missing host or uri", c->argv[0] );
2304                 Debug(LDAP_DEBUG_ANY, "%s: %s\n", c->log, c->msg, 0 );
2305                 return(1);
2306         } else if(nr == -1) {
2307                 sprintf( c->msg, "<%s> unable to add replica", c->argv[0] );
2308                 Debug(LDAP_DEBUG_ANY, "%s: %s \"%s\"\n", c->log, c->msg, replicauri );
2309                 return(1);
2310         } else {
2311                 for(i = 1; i < c->argc; i++) {
2312                         if(!strncasecmp(c->argv[i], "suffix=", STRLENOF( "suffix="))) {
2313                                 switch(add_replica_suffix(c->be, nr, c->argv[i] + STRLENOF("suffix="))) {
2314                                         case 1:
2315                                                 Debug( SLAPD_DEBUG_CONFIG_ERROR, "%s: "
2316                                                 "suffix \"%s\" in \"replica\" line is not valid for backend"
2317                                                 SLAPD_CONF_UNKNOWN_IGNORED ".\n",
2318                                                 c->log, c->argv[i] + STRLENOF("suffix="), 0);
2319 #ifdef SLAPD_CONF_UNKNOWN_BAILOUT
2320                                                 return 1;
2321 #endif /* SLAPD_CONF_UNKNOWN_BAILOUT */
2322                                                 break;
2323                                         case 2:
2324                                                 Debug( SLAPD_DEBUG_CONFIG_ERROR, "%s: "
2325                                                 "unable to normalize suffix in \"replica\" line"
2326                                                 SLAPD_CONF_UNKNOWN_IGNORED ".\n",
2327                                                 c->log, 0, 0);
2328 #ifdef SLAPD_CONF_UNKNOWN_BAILOUT
2329                                                 return 1;
2330 #endif /* SLAPD_CONF_UNKNOWN_BAILOUT */
2331                                                 break;
2332                                 }
2333
2334                         } else if(!strncasecmp(c->argv[i], "attr", STRLENOF("attr"))) {
2335                                 int exclude = 0;
2336                                 char *arg = c->argv[i] + STRLENOF("attr");
2337                                 if(arg[0] == '!') {
2338                                         arg++;
2339                                         exclude = 1;
2340                                 }
2341                                 if(arg[0] != '=') {
2342                                         continue;
2343                                 }
2344                                 if(add_replica_attrs(c->be, nr, arg + 1, exclude)) {
2345                                         sprintf( c->msg, "<%s> unknown attribute", c->argv[0] );
2346                                         Debug(LDAP_DEBUG_ANY, "%s: %s \"%s\"\n",
2347                                                 c->log, c->msg, arg + 1);
2348                                         return(1);
2349                                 }
2350                         } else if ( bindconf_parse( c->argv[i],
2351                                         &c->be->be_replica[nr]->ri_bindconf ) ) {
2352                                 return(1);
2353                         }
2354                 }
2355         }
2356         return(0);
2357 }
2358
2359 static int
2360 config_updatedn(ConfigArgs *c) {
2361         if (c->op == SLAP_CONFIG_EMIT) {
2362                 if (!BER_BVISEMPTY(&c->be->be_update_ndn)) {
2363                         value_add_one(&c->rvalue_vals, &c->be->be_update_ndn);
2364                         value_add_one(&c->rvalue_nvals, &c->be->be_update_ndn);
2365                         return 0;
2366                 }
2367                 return 1;
2368         } else if ( c->op == LDAP_MOD_DELETE ) {
2369                 ch_free( c->be->be_update_ndn.bv_val );
2370                 BER_BVZERO( &c->be->be_update_ndn );
2371                 SLAP_DBFLAGS(c->be) ^= (SLAP_DBFLAG_SHADOW | SLAP_DBFLAG_SLURP_SHADOW);
2372                 return 0;
2373         }
2374         if(SLAP_SHADOW(c->be)) {
2375                 sprintf( c->msg, "<%s> database already shadowed", c->argv[0] );
2376                 Debug(LDAP_DEBUG_ANY, "%s: %s\n",
2377                         c->log, c->msg, 0);
2378                 return(1);
2379         }
2380
2381         ber_memfree_x( c->value_dn.bv_val, NULL );
2382         if ( !BER_BVISNULL( &c->be->be_update_ndn ) ) {
2383                 ber_memfree_x( c->be->be_update_ndn.bv_val, NULL );
2384         }
2385         c->be->be_update_ndn = c->value_ndn;
2386         BER_BVZERO( &c->value_dn );
2387         BER_BVZERO( &c->value_ndn );
2388
2389         SLAP_DBFLAGS(c->be) |= (SLAP_DBFLAG_SHADOW | SLAP_DBFLAG_SLURP_SHADOW);
2390         return(0);
2391 }
2392
2393 static int
2394 config_updateref(ConfigArgs *c) {
2395         struct berval val;
2396         if (c->op == SLAP_CONFIG_EMIT) {
2397                 if ( c->be->be_update_refs ) {
2398                         value_add( &c->rvalue_vals, c->be->be_update_refs );
2399                         return 0;
2400                 } else {
2401                         return 1;
2402                 }
2403         } else if ( c->op == LDAP_MOD_DELETE ) {
2404                 if ( c->valx < 0 ) {
2405                         ber_bvarray_free( c->be->be_update_refs );
2406                         c->be->be_update_refs = NULL;
2407                 } else {
2408                         int i = c->valx;
2409                         ch_free( c->be->be_update_refs[i].bv_val );
2410                         for (; c->be->be_update_refs[i].bv_val; i++)
2411                                 c->be->be_update_refs[i] = c->be->be_update_refs[i+1];
2412                 }
2413                 return 0;
2414         }
2415         if(!SLAP_SHADOW(c->be)) {
2416                 sprintf( c->msg, "<%s> must appear after syncrepl or updatedn",
2417                         c->argv[0] );
2418                 Debug(LDAP_DEBUG_ANY, "%s: %s\n",
2419                         c->log, c->msg, 0);
2420                 return(1);
2421         }
2422
2423         if(validate_global_referral(c->argv[1])) {
2424                 sprintf( c->msg, "<%s> invalid URL", c->argv[0] );
2425                 Debug(LDAP_DEBUG_ANY, "%s: %s (%s)\n",
2426                         c->log, c->msg, c->argv[1]);
2427                 return(1);
2428         }
2429         ber_str2bv(c->argv[1], 0, 0, &val);
2430         if(value_add_one(&c->be->be_update_refs, &val)) return(LDAP_OTHER);
2431         return(0);
2432 }
2433
2434 static int
2435 config_include(ConfigArgs *c) {
2436         int savelineno = c->lineno;
2437         int rc;
2438         ConfigFile *cf;
2439         ConfigFile *cfsave = cfn;
2440         ConfigFile *cf2 = NULL;
2441         if (c->op == SLAP_CONFIG_EMIT) {
2442                 if (c->private) {
2443                         ConfigFile *cf = c->private;
2444                         value_add_one( &c->rvalue_vals, &cf->c_file );
2445                         return 0;
2446                 }
2447                 return 1;
2448         } else if ( c->op == LDAP_MOD_DELETE ) {
2449         }
2450         cf = ch_calloc( 1, sizeof(ConfigFile));
2451         if ( cfn->c_kids ) {
2452                 for (cf2=cfn->c_kids; cf2 && cf2->c_sibs; cf2=cf2->c_sibs) ;
2453                 cf2->c_sibs = cf;
2454         } else {
2455                 cfn->c_kids = cf;
2456         }
2457         cfn = cf;
2458         ber_str2bv( c->argv[1], 0, 1, &cf->c_file );
2459         rc = read_config_file(c->argv[1], c->depth + 1, c, config_back_cf_table);
2460         c->lineno = savelineno - 1;
2461         cfn = cfsave;
2462         if ( rc ) {
2463                 if ( cf2 ) cf2->c_sibs = NULL;
2464                 else cfn->c_kids = NULL;
2465                 ch_free( cf->c_file.bv_val );
2466                 ch_free( cf );
2467         } else {
2468                 c->private = cf;
2469         }
2470         return(rc);
2471 }
2472
2473 #ifdef HAVE_TLS
2474 static int
2475 config_tls_option(ConfigArgs *c) {
2476         int flag;
2477         switch(c->type) {
2478         case CFG_TLS_RAND:      flag = LDAP_OPT_X_TLS_RANDOM_FILE;      break;
2479         case CFG_TLS_CIPHER:    flag = LDAP_OPT_X_TLS_CIPHER_SUITE;     break;
2480         case CFG_TLS_CERT_FILE: flag = LDAP_OPT_X_TLS_CERTFILE;         break;  
2481         case CFG_TLS_CERT_KEY:  flag = LDAP_OPT_X_TLS_KEYFILE;          break;
2482         case CFG_TLS_CA_PATH:   flag = LDAP_OPT_X_TLS_CACERTDIR;        break;
2483         case CFG_TLS_CA_FILE:   flag = LDAP_OPT_X_TLS_CACERTFILE;       break;
2484         default:                Debug(LDAP_DEBUG_ANY, "%s: "
2485                                         "unknown tls_option <0x%x>\n",
2486                                         c->log, c->type, 0);
2487         }
2488         if (c->op == SLAP_CONFIG_EMIT) {
2489                 return ldap_pvt_tls_get_option( NULL, flag, &c->value_string );
2490         } else if ( c->op == LDAP_MOD_DELETE ) {
2491                 return ldap_pvt_tls_set_option( NULL, flag, NULL );
2492         }
2493         ch_free(c->value_string);
2494         return(ldap_pvt_tls_set_option(NULL, flag, c->argv[1]));
2495 }
2496
2497 /* FIXME: this ought to be provided by libldap */
2498 static int
2499 config_tls_config(ConfigArgs *c) {
2500         int i, flag;
2501         slap_verbmasks crlkeys[] = {
2502                 { BER_BVC("none"),      LDAP_OPT_X_TLS_CRL_NONE },
2503                 { BER_BVC("peer"),      LDAP_OPT_X_TLS_CRL_PEER },
2504                 { BER_BVC("all"),       LDAP_OPT_X_TLS_CRL_ALL },
2505                 { BER_BVNULL, 0 }
2506         };
2507         slap_verbmasks vfykeys[] = {
2508                 { BER_BVC("never"),     LDAP_OPT_X_TLS_NEVER },
2509                 { BER_BVC("demand"),    LDAP_OPT_X_TLS_DEMAND },
2510                 { BER_BVC("try"),       LDAP_OPT_X_TLS_TRY },
2511                 { BER_BVC("hard"),      LDAP_OPT_X_TLS_HARD },
2512                 { BER_BVNULL, 0 }
2513         }, *keys;
2514         switch(c->type) {
2515         case CFG_TLS_CRLCHECK:  flag = LDAP_OPT_X_TLS_CRLCHECK;         keys = crlkeys; break;
2516         case CFG_TLS_VERIFY:    flag = LDAP_OPT_X_TLS_REQUIRE_CERT;     keys = vfykeys; break;
2517         default:
2518                 Debug(LDAP_DEBUG_ANY, "%s: "
2519                                 "unknown tls_option <0x%x>\n",
2520                                 c->log, c->type, 0);
2521         }
2522         if (c->op == SLAP_CONFIG_EMIT) {
2523                 ldap_pvt_tls_get_option( NULL, flag, &c->value_int );
2524                 for (i=0; !BER_BVISNULL(&keys[i].word); i++) {
2525                         if (keys[i].mask == c->value_int) {
2526                                 c->value_string = ch_strdup( keys[i].word.bv_val );
2527                                 return 0;
2528                         }
2529                 }
2530                 return 1;
2531         } else if ( c->op == LDAP_MOD_DELETE ) {
2532                 int i = 0;
2533                 return ldap_pvt_tls_set_option( NULL, flag, &i );
2534         }
2535         ch_free( c->value_string );
2536         if(isdigit((unsigned char)c->argv[1][0])) {
2537                 i = atoi(c->argv[1]);
2538                 return(ldap_pvt_tls_set_option(NULL, flag, &i));
2539         } else {
2540                 return(ldap_int_tls_config(NULL, flag, c->argv[1]));
2541         }
2542 }
2543 #endif
2544
2545 static CfEntryInfo *
2546 config_find_base( CfEntryInfo *root, struct berval *dn, CfEntryInfo **last )
2547 {
2548         struct berval cdn;
2549         char *c;
2550
2551         if ( !root ) {
2552                 *last = NULL;
2553                 return NULL;
2554         }
2555
2556         if ( dn_match( &root->ce_entry->e_nname, dn ))
2557                 return root;
2558
2559         c = dn->bv_val+dn->bv_len;
2560         for (;*c != ',';c--);
2561
2562         while(root) {
2563                 *last = root;
2564                 for (--c;c>dn->bv_val && *c != ',';c--);
2565                 cdn.bv_val = c;
2566                 if ( *c == ',' )
2567                         cdn.bv_val++;
2568                 cdn.bv_len = dn->bv_len - (cdn.bv_val - dn->bv_val);
2569
2570                 root = root->ce_kids;
2571
2572                 for (;root;root=root->ce_sibs) {
2573                         if ( dn_match( &root->ce_entry->e_nname, &cdn )) {
2574                                 if ( cdn.bv_val == dn->bv_val ) {
2575                                         return root;
2576                                 }
2577                                 break;
2578                         }
2579                 }
2580         }
2581         return root;
2582 }
2583
2584 typedef struct setup_cookie {
2585         CfBackInfo *cfb;
2586         ConfigArgs *ca;
2587 } setup_cookie;
2588
2589 static int
2590 config_ldif_resp( Operation *op, SlapReply *rs )
2591 {
2592         if ( rs->sr_type == REP_SEARCH ) {
2593                 setup_cookie *sc = op->o_callback->sc_private;
2594
2595                 sc->cfb->cb_got_ldif = 1;
2596                 rs->sr_err = config_add_internal( sc->cfb, rs->sr_entry, sc->ca, NULL, NULL );
2597                 if ( rs->sr_err != LDAP_SUCCESS ) {
2598                         Debug( LDAP_DEBUG_ANY, "config error processing %s: %s\n",
2599                                 rs->sr_entry->e_name.bv_val, sc->ca->msg, 0 );
2600                 }
2601         }
2602         return rs->sr_err;
2603 }
2604
2605 /* Configure and read the underlying back-ldif store */
2606 static int
2607 config_setup_ldif( BackendDB *be, const char *dir, int readit ) {
2608         CfBackInfo *cfb = be->be_private;
2609         ConfigArgs c = {0};
2610         ConfigTable *ct;
2611         char *argv[3];
2612         int rc = 0;
2613         setup_cookie sc;
2614         slap_callback cb = { NULL, config_ldif_resp, NULL, NULL };
2615         Connection conn = {0};
2616         char opbuf[OPERATION_BUFFER_SIZE];
2617         Operation *op;
2618         SlapReply rs = {REP_RESULT};
2619         Filter filter = { LDAP_FILTER_PRESENT };
2620         struct berval filterstr = BER_BVC("(objectclass=*)");
2621         struct stat st;
2622
2623         /* Is the config directory available? */
2624         if ( stat( dir, &st ) < 0 ) {
2625                 /* No, so don't bother using the backing store.
2626                  * All changes will be in-memory only.
2627                  */
2628                 return 0;
2629         }
2630                 
2631         cfb->cb_db.bd_info = backend_info( "ldif" );
2632         if ( !cfb->cb_db.bd_info )
2633                 return 0;       /* FIXME: eventually this will be a fatal error */
2634
2635         if ( cfb->cb_db.bd_info->bi_db_init( &cfb->cb_db )) return 1;
2636
2637         /* Mark that back-ldif type is in use */
2638         cfb->cb_db.bd_info->bi_nDB++;
2639
2640         cfb->cb_db.be_suffix = be->be_suffix;
2641         cfb->cb_db.be_nsuffix = be->be_nsuffix;
2642         cfb->cb_db.be_rootdn = be->be_rootdn;
2643         cfb->cb_db.be_rootndn = be->be_rootndn;
2644
2645         ber_str2bv( dir, 0, 1, &cfdir );
2646
2647         c.be = &cfb->cb_db;
2648         c.fname = "slapd";
2649         c.argc = 2;
2650         argv[0] = "directory";
2651         argv[1] = (char *)dir;
2652         argv[2] = NULL;
2653         c.argv = argv;
2654
2655         ct = config_find_keyword( c.be->be_cf_ocs->co_table, &c );
2656         if ( !ct )
2657                 return 1;
2658
2659         if ( config_add_vals( ct, &c ))
2660                 return 1;
2661
2662         if ( backend_startup_one( &cfb->cb_db ))
2663                 return 1;
2664
2665         if ( readit ) {
2666                 void *thrctx = ldap_pvt_thread_pool_context();
2667
2668                 op = (Operation *)opbuf;
2669                 connection_fake_init( &conn, op, thrctx );
2670
2671                 filter.f_desc = slap_schema.si_ad_objectClass;
2672
2673                 op->o_tag = LDAP_REQ_SEARCH;
2674
2675                 op->ors_filter = &filter;
2676                 op->ors_filterstr = filterstr;
2677                 op->ors_scope = LDAP_SCOPE_SUBTREE;
2678
2679                 op->o_dn = be->be_rootdn;
2680                 op->o_ndn = be->be_rootndn;
2681
2682                 op->o_req_dn = be->be_suffix[0];
2683                 op->o_req_ndn = be->be_nsuffix[0];
2684
2685                 op->ors_tlimit = SLAP_NO_LIMIT;
2686                 op->ors_slimit = SLAP_NO_LIMIT;
2687
2688                 op->ors_attrs = slap_anlist_all_attributes;
2689                 op->ors_attrsonly = 0;
2690
2691                 op->o_callback = &cb;
2692                 sc.cfb = cfb;
2693                 sc.ca = &c;
2694                 cb.sc_private = &sc;
2695
2696                 op->o_bd = &cfb->cb_db;
2697                 rc = op->o_bd->be_search( op, &rs );
2698
2699                 ldap_pvt_thread_pool_context_reset( thrctx );
2700         }
2701
2702         cfb->cb_use_ldif = 1;
2703
2704         return rc;
2705 }
2706
2707 static int
2708 CfOc_cmp( const void *c1, const void *c2 ) {
2709         const ConfigOCs *co1 = c1;
2710         const ConfigOCs *co2 = c2;
2711
2712         return ber_bvcmp( co1->co_name, co2->co_name );
2713 }
2714
2715 int
2716 config_register_schema(ConfigTable *ct, ConfigOCs *ocs) {
2717         int i;
2718
2719         i = init_config_attrs( ct );
2720         if ( i ) return i;
2721
2722         /* set up the objectclasses */
2723         i = init_config_ocs( ocs );
2724         if ( i ) return i;
2725
2726         for (i=0; ocs[i].co_def; i++) {
2727                 if ( ocs[i].co_oc ) {
2728                         ocs[i].co_name = &ocs[i].co_oc->soc_cname;
2729                         if ( !ocs[i].co_table )
2730                                 ocs[i].co_table = ct;
2731                         avl_insert( &CfOcTree, &ocs[i], CfOc_cmp, avl_dup_error );
2732                 }
2733         }
2734         return 0;
2735 }
2736
2737 int
2738 read_config(const char *fname, const char *dir) {
2739         BackendDB *be;
2740         CfBackInfo *cfb;
2741         const char *cfdir, *cfname;
2742         int rc;
2743
2744         /* Setup the config backend */
2745         be = backend_db_init( "config" );
2746         if ( !be )
2747                 return 1;
2748
2749         cfb = be->be_private;
2750
2751         /* If no .conf, or a dir was specified, setup the dir */
2752         if ( !fname || dir ) {
2753                 if ( dir ) {
2754                         /* If explicitly given, check for existence */
2755                         struct stat st;
2756
2757                         if ( stat( dir, &st ) < 0 ) {
2758                                 Debug( LDAP_DEBUG_ANY,
2759                                         "invalid config directory %s, error %d\n",
2760                                                 dir, errno, 0 );
2761                                 return 1;
2762                         }
2763                         cfdir = dir;
2764                 } else {
2765                         cfdir = SLAPD_DEFAULT_CONFIGDIR;
2766                 }
2767                 /* if fname is defaulted, try reading .d */
2768                 rc = config_setup_ldif( be, cfdir, !fname );
2769
2770                 /* It's OK if the base object doesn't exist yet */
2771                 if ( rc && rc != LDAP_NO_SUCH_OBJECT )
2772                         return 1;
2773
2774                 /* If we read the config from back-ldif, nothing to do here */
2775                 if ( cfb->cb_got_ldif ) {
2776                         rc = 0;
2777                         goto done;
2778                 }
2779         }
2780
2781         if ( fname )
2782                 cfname = fname;
2783         else
2784                 cfname = SLAPD_DEFAULT_CONFIGFILE;
2785
2786         rc = read_config_file(cfname, 0, NULL, config_back_cf_table);
2787
2788         if ( rc == 0 )
2789                 ber_str2bv( cfname, 0, 1, &cfb->cb_config->c_file );
2790
2791         /* If we got this far and failed, it may be a serious problem. In server
2792          * mode, we should never come to this. However, it may be alright if we're
2793          * using slapadd to create the conf dir.
2794          */
2795         while ( rc ) {
2796                 if ( slapMode & (SLAP_SERVER_MODE|SLAP_TOOL_READMAIN|SLAP_TOOL_READONLY))
2797                         break;
2798                 /* If a config file was explicitly given, fail */
2799                 if ( fname )
2800                         break;
2801                 
2802                 /* Seems to be slapadd with a config dir, let it continue */
2803                 if ( cfb->cb_use_ldif ) {
2804                         rc = 0;
2805                         cfb->cb_got_ldif = 1;
2806                 }
2807                 break;
2808         }
2809
2810 done:
2811         if ( rc == 0 && BER_BVISNULL( &frontendDB->be_schemadn ) ) {
2812                 ber_str2bv( SLAPD_SCHEMA_DN, STRLENOF( SLAPD_SCHEMA_DN ), 1,
2813                         &frontendDB->be_schemadn );
2814                 rc = dnNormalize( 0, NULL, NULL, &frontendDB->be_schemadn, &frontendDB->be_schemandn, NULL );
2815                 if ( rc != LDAP_SUCCESS ) {
2816                         Debug(LDAP_DEBUG_ANY, "read_config: "
2817                                 "unable to normalize default schema DN \"%s\"\n",
2818                                 frontendDB->be_schemadn.bv_val, 0, 0 );
2819                         /* must not happen */
2820                         assert( 0 );
2821                 }
2822         }
2823         return rc;
2824 }
2825
2826 static int
2827 config_back_bind( Operation *op, SlapReply *rs )
2828 {
2829         if ( op->orb_method == LDAP_AUTH_SIMPLE && be_isroot_pw( op )) {
2830                 ber_dupbv( &op->orb_edn, be_root_dn( op->o_bd ));
2831                 /* frontend sends result */
2832                 return LDAP_SUCCESS;
2833         }
2834
2835         rs->sr_err = LDAP_INVALID_CREDENTIALS;
2836         send_ldap_result( op, rs );
2837
2838         return rs->sr_err;
2839 }
2840
2841 static int
2842 config_send( Operation *op, SlapReply *rs, CfEntryInfo *ce, int depth )
2843 {
2844         int rc = 0;
2845
2846         if ( test_filter( op, ce->ce_entry, op->ors_filter ) == LDAP_COMPARE_TRUE )
2847         {
2848                 rs->sr_attrs = op->ors_attrs;
2849                 rs->sr_entry = ce->ce_entry;
2850                 rc = send_search_entry( op, rs );
2851         }
2852         if ( op->ors_scope == LDAP_SCOPE_SUBTREE ) {
2853                 if ( ce->ce_kids ) {
2854                         rc = config_send( op, rs, ce->ce_kids, 1 );
2855                         if ( rc ) return rc;
2856                 }
2857                 if ( depth ) {
2858                         for (ce=ce->ce_sibs; ce; ce=ce->ce_sibs) {
2859                                 rc = config_send( op, rs, ce, 0 );
2860                                 if ( rc ) break;
2861                         }
2862                 }
2863         }
2864         return rc;
2865 }
2866
2867 static ConfigTable *
2868 config_find_table( ConfigOCs **colst, int nocs, AttributeDescription *ad )
2869 {
2870         int i, j;
2871
2872         for (j=0; j<nocs; j++) {
2873                 for (i=0; colst[j]->co_table[i].name; i++)
2874                         if ( colst[j]->co_table[i].ad == ad )
2875                                 return &colst[j]->co_table[i];
2876         }
2877         return NULL;
2878 }
2879
2880 /* Sort the attributes of the entry according to the order defined
2881  * in the objectclass, with required attributes occurring before
2882  * allowed attributes. For any attributes with sequencing dependencies
2883  * (e.g., rootDN must be defined after suffix) the objectclass must
2884  * list the attributes in the desired sequence.
2885  */
2886 static void
2887 sort_attrs( Entry *e, ConfigOCs **colst, int nocs )
2888 {
2889         Attribute *a, *head = NULL, *tail = NULL, **prev;
2890         int i, j;
2891
2892         for (i=0; i<nocs; i++) {
2893                 if ( colst[i]->co_oc->soc_required ) {
2894                         AttributeType **at = colst[i]->co_oc->soc_required;
2895                         for (j=0; at[j]; j++) {
2896                                 for (a=e->e_attrs, prev=&e->e_attrs; a;
2897                                         prev = &(*prev)->a_next, a=a->a_next) {
2898                                         if ( a->a_desc == at[j]->sat_ad ) {
2899                                                 *prev = a->a_next;
2900                                                 if (!head) {
2901                                                         head = a;
2902                                                         tail = a;
2903                                                 } else {
2904                                                         tail->a_next = a;
2905                                                         tail = a;
2906                                                 }
2907                                                 break;
2908                                         }
2909                                 }
2910                         }
2911                 }
2912                 if ( colst[i]->co_oc->soc_allowed ) {
2913                         AttributeType **at = colst[i]->co_oc->soc_allowed;
2914                         for (j=0; at[j]; j++) {
2915                                 for (a=e->e_attrs, prev=&e->e_attrs; a;
2916                                         prev = &(*prev)->a_next, a=a->a_next) {
2917                                         if ( a->a_desc == at[j]->sat_ad ) {
2918                                                 *prev = a->a_next;
2919                                                 if (!head) {
2920                                                         head = a;
2921                                                         tail = a;
2922                                                 } else {
2923                                                         tail->a_next = a;
2924                                                         tail = a;
2925                                                 }
2926                                                 break;
2927                                         }
2928                                 }
2929                         }
2930                 }
2931         }
2932         if ( tail ) {
2933                 tail->a_next = e->e_attrs;
2934                 e->e_attrs = head;
2935         }
2936 }
2937
2938 static int
2939 check_vals( ConfigTable *ct, ConfigArgs *ca, void *ptr, int isAttr )
2940 {
2941         Attribute *a = NULL;
2942         AttributeDescription *ad;
2943         BerVarray vals;
2944
2945         int i, rc = 0, sort = 0;
2946
2947         if ( isAttr ) {
2948                 a = ptr;
2949                 ad = a->a_desc;
2950                 vals = a->a_vals;
2951         } else {
2952                 Modifications *ml = ptr;
2953                 ad = ml->sml_desc;
2954                 vals = ml->sml_values;
2955         }
2956
2957         if ( a && ( ad->ad_type->sat_flags & SLAP_AT_ORDERED_VAL )) {
2958                 sort = 1;
2959                 rc = ordered_value_sort( a, 1 );
2960                 if ( rc ) {
2961                         sprintf(ca->msg, "ordered_value_sort failed on attr %s\n",
2962                                 ad->ad_cname.bv_val );
2963                         return rc;
2964                 }
2965         }
2966         for ( i=0; vals[i].bv_val; i++ ) {
2967                 ca->line = vals[i].bv_val;
2968                 if ( sort ) {
2969                         char *idx = strchr( ca->line, '}' );
2970                         if ( idx ) ca->line = idx+1;
2971                 }
2972                 rc = config_parse_vals( ct, ca, i );
2973                 if ( rc ) {
2974                         break;
2975                 }
2976         }
2977         return rc;
2978 }
2979
2980 static int
2981 check_name_index( CfEntryInfo *parent, ConfigType ce_type, Entry *e,
2982         SlapReply *rs, int *renum )
2983 {
2984         CfEntryInfo *ce;
2985         int index = -1, gotindex = 0, nsibs;
2986         int renumber = 0, tailindex = 0;
2987         char *ptr1, *ptr2;
2988         struct berval rdn;
2989
2990         if ( renum ) *renum = 0;
2991
2992         /* These entries don't get indexed/renumbered */
2993         if ( ce_type == Cft_Global ) return 0;
2994         if ( ce_type == Cft_Schema && parent->ce_type == Cft_Global ) return 0;
2995
2996         if ( ce_type == Cft_Include || ce_type == Cft_Module )
2997                 tailindex = 1;
2998
2999         /* See if the rdn has an index already */
3000         dnRdn( &e->e_name, &rdn );
3001         ptr1 = strchr( e->e_name.bv_val, '{' );
3002         if ( ptr1 && ptr1 - e->e_name.bv_val < rdn.bv_len ) {
3003                 ptr2 = strchr( ptr1, '}' );
3004                 if (!ptr2 || ptr2 - e->e_name.bv_val > rdn.bv_len)
3005                         return LDAP_NAMING_VIOLATION;
3006                 if ( ptr2-ptr1 == 1)
3007                         return LDAP_NAMING_VIOLATION;
3008                 gotindex = 1;
3009                 index = atoi(ptr1+1);
3010                 if ( index < 0 ) {
3011                         /* Special case, we allow -1 for the frontendDB */
3012                         if ( index != -1 || ce_type != Cft_Database ||
3013                                 strncmp( ptr2+1, "frontend,", STRLENOF("frontend,") ))
3014
3015                                 return LDAP_NAMING_VIOLATION;
3016                 }
3017         }
3018
3019         /* count related kids */
3020         for (nsibs=0, ce=parent->ce_kids; ce; ce=ce->ce_sibs) {
3021                 if ( ce->ce_type == ce_type ) nsibs++;
3022         }
3023
3024         if ( index != nsibs ) {
3025                 if ( gotindex ) {
3026                         if ( index < nsibs ) {
3027                                 if ( tailindex ) return LDAP_NAMING_VIOLATION;
3028                                 /* Siblings need to be renumbered */
3029                                 renumber = 1;
3030                         }
3031                 }
3032                 if ( !renumber ) {
3033                         struct berval ival, newrdn, nnewrdn;
3034                         struct berval rtype, rval;
3035                         Attribute *a;
3036                         AttributeDescription *ad = NULL;
3037                         char ibuf[32];
3038                         const char *text;
3039
3040                         rval.bv_val = strchr(rdn.bv_val, '=' ) + 1;
3041                         rval.bv_len = rdn.bv_len - (rval.bv_val - rdn.bv_val);
3042                         rtype.bv_val = rdn.bv_val;
3043                         rtype.bv_len = rval.bv_val - rtype.bv_val - 1;
3044
3045                         /* Find attr */
3046                         slap_bv2ad( &rtype, &ad, &text );
3047                         a = attr_find( e->e_attrs, ad );
3048                         if (!a ) return LDAP_NAMING_VIOLATION;
3049
3050                         ival.bv_val = ibuf;
3051                         ival.bv_len = sprintf( ibuf, IFMT, nsibs );
3052                         
3053                         newrdn.bv_len = rdn.bv_len + ival.bv_len;
3054                         newrdn.bv_val = ch_malloc( newrdn.bv_len+1 );
3055
3056                         if ( tailindex ) {
3057                                 ptr1 = lutil_strncopy( newrdn.bv_val, rdn.bv_val, rdn.bv_len );
3058                                 ptr1 = lutil_strcopy( ptr1, ival.bv_val );
3059                         } else {
3060                                 int xlen;
3061                                 if ( !gotindex ) {
3062                                         ptr2 = rval.bv_val;
3063                                         xlen = rval.bv_len;
3064                                 } else {
3065                                         xlen = rdn.bv_len - (ptr2 - rdn.bv_val);
3066                                 }
3067                                 ptr1 = lutil_strncopy( newrdn.bv_val, rtype.bv_val,
3068                                         rtype.bv_len );
3069                                 *ptr1++ = '=';
3070                                 ptr1 = lutil_strcopy( ptr1, ival.bv_val );
3071                                 ptr1 = lutil_strncopy( ptr1, ptr2, xlen );
3072                                 *ptr1 = '\0';
3073                         }
3074
3075                         /* Do the equivalent of ModRDN */
3076                         /* Replace DN / NDN */
3077                         newrdn.bv_len = ptr1 - newrdn.bv_val;
3078                         rdnNormalize( 0, NULL, NULL, &newrdn, &nnewrdn, NULL );
3079                         free( e->e_name.bv_val );
3080                         build_new_dn( &e->e_name, &parent->ce_entry->e_name,
3081                                 &newrdn, NULL );
3082                         free( e->e_nname.bv_val );
3083                         build_new_dn( &e->e_nname, &parent->ce_entry->e_nname,
3084                                 &nnewrdn, NULL );
3085
3086                         /* Replace attr */
3087                         free( a->a_vals[0].bv_val );
3088                         ptr1 = strchr( newrdn.bv_val, '=' ) + 1;
3089                         a->a_vals[0].bv_len = newrdn.bv_len - (ptr1 - newrdn.bv_val);
3090                         a->a_vals[0].bv_val = ch_malloc( a->a_vals[0].bv_len + 1 );
3091                         strcpy( a->a_vals[0].bv_val, ptr1 );
3092
3093                         if ( a->a_nvals != a->a_vals ) {
3094                                 free( a->a_nvals[0].bv_val );
3095                                 ptr1 = strchr( nnewrdn.bv_val, '=' ) + 1;
3096                                 a->a_nvals[0].bv_len = nnewrdn.bv_len - (ptr1 - nnewrdn.bv_val);
3097                                 a->a_nvals[0].bv_val = ch_malloc( a->a_nvals[0].bv_len + 1 );
3098                                 strcpy( a->a_nvals[0].bv_val, ptr1 );
3099                         }
3100                         free( nnewrdn.bv_val );
3101                         free( newrdn.bv_val );
3102                 }
3103         }
3104         if ( renum ) *renum = renumber;
3105         return 0;
3106 }
3107
3108 static ConfigOCs **
3109 count_ocs( Attribute *oc_at, int *nocs )
3110 {
3111         int i, j, n;
3112         ConfigOCs co, *coptr, **colst;
3113
3114         /* count the objectclasses */
3115         for ( i=0; oc_at->a_nvals[i].bv_val; i++ );
3116         n = i;
3117         colst = (ConfigOCs **)ch_malloc( n * sizeof(ConfigOCs *));
3118
3119         for ( i=0, j=0; i<n; i++) {
3120                 co.co_name = &oc_at->a_nvals[i];
3121                 coptr = avl_find( CfOcTree, &co, CfOc_cmp );
3122                 
3123                 /* ignore non-config objectclasses. probably should be
3124                  * an error, general data doesn't belong here.
3125                  */
3126                 if ( !coptr ) continue;
3127
3128                 /* Ignore the root objectclass, it has no implementation.
3129                  */
3130                 if ( coptr->co_type == Cft_Abstract ) continue;
3131                 colst[j++] = coptr;
3132         }
3133         *nocs = j;
3134         return colst;
3135 }
3136
3137 static int
3138 cfAddInclude( CfEntryInfo *p, Entry *e, ConfigArgs *ca )
3139 {
3140         if ( p->ce_type != Cft_Global && p->ce_type != Cft_Include )
3141                 return LDAP_CONSTRAINT_VIOLATION;
3142
3143         /* If we're reading from a configdir, don't parse this entry */
3144         if ( ca->lineno )
3145                 return LDAP_COMPARE_TRUE;
3146
3147         cfn = p->ce_private;
3148         ca->private = cfn;
3149         return LDAP_SUCCESS;
3150 }
3151
3152 static int
3153 cfAddSchema( CfEntryInfo *p, Entry *e, ConfigArgs *ca )
3154 {
3155         ConfigFile *cfo;
3156
3157         /* This entry is hardcoded, don't re-parse it */
3158         if ( p->ce_type == Cft_Global ) {
3159                 cfn = p->ce_private;
3160                 ca->private = cfn;
3161                 return LDAP_COMPARE_TRUE;
3162         }
3163         if ( p->ce_type != Cft_Schema )
3164                 return LDAP_CONSTRAINT_VIOLATION;
3165
3166         cfn = ch_calloc( 1, sizeof(ConfigFile) );
3167         ca->private = cfn;
3168         cfo = p->ce_private;
3169         cfn->c_sibs = cfo->c_kids;
3170         cfo->c_kids = cfn;
3171         return LDAP_SUCCESS;
3172 }
3173
3174 static int
3175 cfAddDatabase( CfEntryInfo *p, Entry *e, struct config_args_s *ca )
3176 {
3177         if ( p->ce_type != Cft_Global )
3178                 return LDAP_CONSTRAINT_VIOLATION;
3179         ca->be = frontendDB;    /* just to get past check_vals */
3180         return LDAP_SUCCESS;
3181 }
3182
3183 static int
3184 cfAddBackend( CfEntryInfo *p, Entry *e, struct config_args_s *ca )
3185 {
3186         if ( p->ce_type != Cft_Global )
3187                 return LDAP_CONSTRAINT_VIOLATION;
3188         return LDAP_SUCCESS;
3189 }
3190
3191 static int
3192 cfAddModule( CfEntryInfo *p, Entry *e, struct config_args_s *ca )
3193 {
3194         if ( p->ce_type != Cft_Global )
3195                 return LDAP_CONSTRAINT_VIOLATION;
3196         return LDAP_SUCCESS;
3197 }
3198
3199 static int
3200 cfAddOverlay( CfEntryInfo *p, Entry *e, struct config_args_s *ca )
3201 {
3202         if ( p->ce_type != Cft_Database )
3203                 return LDAP_CONSTRAINT_VIOLATION;
3204         ca->be = p->ce_be;
3205         return LDAP_SUCCESS;
3206 }
3207
3208 /* Parse an LDAP entry into config directives */
3209 static int
3210 config_add_internal( CfBackInfo *cfb, Entry *e, ConfigArgs *ca, SlapReply *rs, int *renum )
3211 {
3212         CfEntryInfo *ce, *last;
3213         ConfigOCs **colst;
3214         Attribute *a, *oc_at;
3215         int i, nocs, rc = 0;
3216         struct berval pdn;
3217         ConfigTable *ct;
3218         char *ptr;
3219
3220         /* Make sure parent exists and entry does not */
3221         ce = config_find_base( cfb->cb_root, &e->e_nname, &last );
3222         if ( ce )
3223                 return LDAP_ALREADY_EXISTS;
3224
3225         dnParent( &e->e_nname, &pdn );
3226
3227         /* If last is NULL, the new entry is the root/suffix entry, 
3228          * otherwise last should be the parent.
3229          */
3230         if ( last && !dn_match( &last->ce_entry->e_nname, &pdn )) {
3231                 if ( rs )
3232                         rs->sr_matched = last->ce_entry->e_name.bv_val;
3233                 return LDAP_NO_SUCH_OBJECT;
3234         }
3235
3236         oc_at = attr_find( e->e_attrs, slap_schema.si_ad_objectClass );
3237         if ( !oc_at ) return LDAP_OBJECT_CLASS_VIOLATION;
3238
3239         memset( ca, 0, sizeof(ConfigArgs));
3240
3241         /* Fake the coordinates based on whether we're part of an
3242          * LDAP Add or if reading the config dir
3243          */
3244         if ( rs ) {
3245                 ca->fname = "slapd";
3246                 ca->lineno = 0;
3247         } else {
3248                 ca->fname = cfdir.bv_val;
3249                 ca->lineno = 1;
3250         }
3251
3252         colst = count_ocs( oc_at, &nocs );
3253
3254         /* Only the root can be Cft_Global, everything else must
3255          * have a parent. Only limited nesting arrangements are allowed.
3256          */
3257         rc = LDAP_CONSTRAINT_VIOLATION;
3258         if ( colst[0]->co_type == Cft_Global && !last ) {
3259                 cfn = cfb->cb_config;
3260                 ca->private = cfn;
3261                 ca->be = frontendDB;    /* just to get past check_vals */
3262                 rc = LDAP_SUCCESS;
3263         }
3264
3265         /* Check whether the Add is allowed by its parent, and do
3266          * any necessary arg setup
3267          */
3268         if ( last ) {
3269                 for ( i=0; i<nocs; i++ ) {
3270                         if ( colst[i]->co_ldadd &&
3271                                 ( rc = colst[i]->co_ldadd( last, e, ca ))
3272                                         != LDAP_CONSTRAINT_VIOLATION ) {
3273                                 break;
3274                         }
3275                 }
3276         }
3277
3278         /* Add the entry but don't parse it, we already have its contents */
3279         if ( rc == LDAP_COMPARE_TRUE ) {
3280                 rc = LDAP_SUCCESS;
3281                 goto ok;
3282         }
3283
3284         if ( rc != LDAP_SUCCESS )
3285                 goto done;
3286
3287         /* Parse all the values and check for simple syntax errors before
3288          * performing any set actions.
3289          *
3290          * If doing an LDAPadd, check for indexed names and any necessary
3291          * renaming/renumbering. Entries that don't need indexed names are
3292          * ignored. Entries that need an indexed name and arrive without one
3293          * are assigned to the end. Entries that arrive with an index may
3294          * cause the following entries to be renumbered/bumped down.
3295          *
3296          * Note that "pseudo-indexed" entries (cn=Include{xx}, cn=Module{xx})
3297          * don't allow Adding an entry with an index that's already in use.
3298          * This is flagged as an error (LDAP_ALREADY_EXISTS) up above.
3299          *
3300          * These entries can have auto-assigned indexes (appended to the end)
3301          * but only the other types support auto-renumbering of siblings.
3302          */
3303         rc = check_name_index( last, colst[0]->co_type, e, rs, renum );
3304         if ( rc )
3305                 goto done;
3306
3307         init_config_argv( ca );
3308
3309         /* Make sure we process attrs in the required order */
3310         sort_attrs( e, colst, nocs );
3311
3312         for ( a=e->e_attrs; a; a=a->a_next ) {
3313                 if ( a == oc_at ) continue;
3314                 ct = config_find_table( colst, nocs, a->a_desc );
3315                 if ( !ct ) continue;    /* user data? */
3316                 rc = check_vals( ct, ca, a, 1 );
3317                 if ( rc ) goto done;
3318         }
3319
3320         /* Basic syntax checks are OK. Do the actual settings. */
3321         for ( a=e->e_attrs; a; a=a->a_next ) {
3322                 if ( a == oc_at ) continue;
3323                 ct = config_find_table( colst, nocs, a->a_desc );
3324                 if ( !ct ) continue;    /* user data? */
3325                 for (i=0; a->a_vals[i].bv_val; i++) {
3326                         ca->line = a->a_vals[i].bv_val;
3327                         if ( a->a_desc->ad_type->sat_flags & SLAP_AT_ORDERED ) {
3328                                 ptr = strchr( ca->line, '}' );
3329                                 if ( ptr ) ca->line = ptr+1;
3330                         }
3331                         ca->valx = i;
3332                         rc = config_parse_add( ct, ca );
3333                         if ( rc ) {
3334                                 rc = LDAP_OTHER;
3335                                 goto done;
3336                         }
3337                 }
3338         }
3339 ok:
3340         /* Newly added databases and overlays need to be started up */
3341         if ( CONFIG_ONLINE_ADD( ca )) {
3342                 if ( colst[0]->co_type == Cft_Database ) {
3343                         rc = backend_startup_one( ca->be );
3344
3345                 } else if ( colst[0]->co_type == Cft_Overlay ) {
3346                         if ( ca->bi->bi_db_open ) {
3347                                 BackendInfo *bi_orig = ca->be->bd_info;
3348                                 ca->be->bd_info = ca->bi;
3349                                 rc = ca->bi->bi_db_open( ca->be );
3350                                 ca->be->bd_info = bi_orig;
3351                         }
3352                 }
3353                 if ( rc ) {
3354                         sprintf( ca->msg, "<%s> failed startup", ca->argv[0] );
3355                         Debug(LDAP_DEBUG_ANY, "%s: %s (%s)!\n",
3356                                 ca->log, ca->msg, ca->argv[1] );
3357                         rc = LDAP_OTHER;
3358                         goto done;
3359                 }
3360         }
3361
3362         ce = ch_calloc( 1, sizeof(CfEntryInfo) );
3363         ce->ce_parent = last;
3364         ce->ce_entry = entry_dup( e );
3365         ce->ce_entry->e_private = ce;
3366         ce->ce_type = colst[0]->co_type;
3367         ce->ce_be = ca->be;
3368         ce->ce_bi = ca->bi;
3369         ce->ce_private = ca->private;
3370         if ( !last ) {
3371                 cfb->cb_root = ce;
3372         } else if ( last->ce_kids ) {
3373                 CfEntryInfo *c2;
3374
3375                 for (c2=last->ce_kids; c2 && c2->ce_sibs; c2 = c2->ce_sibs);
3376
3377                 c2->ce_sibs = ce;
3378         } else {
3379                 last->ce_kids = ce;
3380         }
3381
3382 done:
3383         if ( rc ) {
3384                 if ( (colst[0]->co_type == Cft_Database) && ca->be ) {
3385                         if ( ca->be != frontendDB )
3386                                 backend_destroy_one( ca->be, 1 );
3387                 } else if ( (colst[0]->co_type == Cft_Overlay) && ca->bi ) {
3388                         overlay_destroy_one( ca->be, (slap_overinst *)ca->bi );
3389                 }
3390         }
3391
3392         ch_free( ca->argv );
3393         if ( colst ) ch_free( colst );
3394         return rc;
3395 }
3396
3397 /* Parse an LDAP entry into config directives, then store in underlying
3398  * database.
3399  */
3400 static int
3401 config_back_add( Operation *op, SlapReply *rs )
3402 {
3403         CfBackInfo *cfb;
3404         int renumber;
3405         ConfigArgs ca;
3406
3407         if ( !be_isroot( op ) ) {
3408                 rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
3409                 goto out;
3410         }
3411
3412         cfb = (CfBackInfo *)op->o_bd->be_private;
3413
3414         ldap_pvt_thread_pool_pause( &connection_pool );
3415
3416         /* Strategy:
3417          * 1) check for existence of entry
3418          * 2) check for sibling renumbering
3419          * 3) perform internal add
3420          * 4) store entry in underlying database
3421          * 5) perform any necessary renumbering
3422          */
3423         rs->sr_err = config_add_internal( cfb, op->ora_e, &ca, rs, &renumber );
3424         if ( rs->sr_err != LDAP_SUCCESS ) {
3425                 rs->sr_text = ca.msg;
3426         } else if ( cfb->cb_use_ldif ) {
3427                 BackendDB *be = op->o_bd;
3428                 slap_callback sc = { NULL, slap_null_cb, NULL, NULL };
3429                 op->o_bd = &cfb->cb_db;
3430                 sc.sc_next = op->o_callback;
3431                 op->o_callback = &sc;
3432                 op->o_bd->be_add( op, rs );
3433                 op->o_bd = be;
3434                 op->o_callback = sc.sc_next;
3435         }
3436         if ( renumber ) {
3437         }
3438
3439         ldap_pvt_thread_pool_resume( &connection_pool );
3440
3441 out:
3442         send_ldap_result( op, rs );
3443         return rs->sr_err;
3444 }
3445
3446 typedef struct delrec {
3447         struct delrec *next;
3448         int nidx;
3449         int idx[1];
3450 } delrec;
3451
3452 static int
3453 config_modify_internal( CfEntryInfo *ce, Operation *op, SlapReply *rs,
3454         ConfigArgs *ca )
3455 {
3456         int rc = LDAP_UNWILLING_TO_PERFORM;
3457         Modifications *ml;
3458         Entry *e = ce->ce_entry;
3459         Attribute *save_attrs = e->e_attrs, *oc_at;
3460         ConfigTable *ct;
3461         ConfigOCs **colst;
3462         int i, nocs;
3463         char *ptr;
3464         delrec *dels = NULL, *deltail = NULL;
3465
3466         oc_at = attr_find( e->e_attrs, slap_schema.si_ad_objectClass );
3467         if ( !oc_at ) return LDAP_OBJECT_CLASS_VIOLATION;
3468
3469         colst = count_ocs( oc_at, &nocs );
3470
3471         e->e_attrs = attrs_dup( e->e_attrs );
3472
3473         init_config_argv( ca );
3474         ca->be = ce->ce_be;
3475         ca->bi = ce->ce_bi;
3476         ca->private = ce->ce_private;
3477         ca->ca_entry = e;
3478         strcpy( ca->log, "back-config" );
3479
3480         for (ml = op->orm_modlist; ml; ml=ml->sml_next) {
3481                 ct = config_find_table( colst, nocs, ml->sml_desc );
3482                 switch (ml->sml_op) {
3483                 case LDAP_MOD_DELETE:
3484                 case LDAP_MOD_REPLACE: {
3485                         BerVarray vals = NULL, nvals;
3486                         int *idx = NULL;
3487                         if ( ct && ( ct->arg_type & ARG_NO_DELETE )) {
3488                                 rc = LDAP_OTHER;
3489                                 snprintf(ca->msg, sizeof(ca->msg), "cannot delete %s",
3490                                         ml->sml_desc->ad_cname.bv_val );
3491                                 goto out;
3492                         }
3493                         if ( ml->sml_op == LDAP_MOD_REPLACE ) {
3494                                 vals = ml->sml_values;
3495                                 nvals = ml->sml_nvalues;
3496                                 ml->sml_values = NULL;
3497                                 ml->sml_nvalues = NULL;
3498                         }
3499                         /* If we're deleting by values, remember the indexes of the
3500                          * values we deleted.
3501                          */
3502                         if ( ct && ml->sml_values ) {
3503                                 delrec *d;
3504                                 for (i=0; ml->sml_values[i].bv_val; i++);
3505                                 d = ch_malloc( sizeof(delrec) + (i - 1)* sizeof(int));
3506                                 d->nidx = i;
3507                                 d->next = NULL;
3508                                 if ( dels ) {
3509                                         deltail->next = d;
3510                                 } else {
3511                                         dels = d;
3512                                 }
3513                                 deltail = d;
3514                                 idx = d->idx;
3515                         }
3516                         rc = modify_delete_vindex(e, &ml->sml_mod,
3517                                 get_permissiveModify(op),
3518                                 &rs->sr_text, ca->msg, sizeof(ca->msg), idx );
3519                         if ( ml->sml_op == LDAP_MOD_REPLACE ) {
3520                                 ml->sml_values = vals;
3521                                 ml->sml_nvalues = nvals;
3522                         }
3523                         if ( !vals )
3524                                 break;
3525                         }
3526                         /* FALLTHRU: LDAP_MOD_REPLACE && vals */
3527
3528                 case LDAP_MOD_ADD:
3529                 case SLAP_MOD_SOFTADD: {
3530                         int mop = ml->sml_op;
3531                         int navals = -1;
3532                         ml->sml_op = LDAP_MOD_ADD;
3533                         if ( ct ) {
3534                                 if ( ct->arg_type & ARG_NO_INSERT ) {
3535                                         Attribute *a = attr_find( e->e_attrs, ml->sml_desc );
3536                                         if ( a ) {
3537                                                 for (i = 0; a->a_vals[i].bv_val; i++ );
3538                                                 navals = i;
3539                                         }
3540                                 }
3541                                 for ( i=0; !BER_BVISNULL( &ml->sml_values[i] ); i++ ) {
3542                                         if ( ml->sml_values[i].bv_val[0] == '{' &&
3543                                                 navals >= 0 ) {
3544                                                 int j = strtol( ml->sml_values[i].bv_val+1, NULL, 0 );
3545                                                 if ( j < navals ) {
3546                                                         rc = LDAP_OTHER;
3547                                                         snprintf(ca->msg, sizeof(ca->msg), "cannot insert %s",
3548                                                                 ml->sml_desc->ad_cname.bv_val );
3549                                                         goto out;
3550                                                 }
3551                                         }
3552                                         rc = check_vals( ct, ca, ml, 0 );
3553                                         if ( rc ) goto out;
3554                                 }
3555                         }
3556                         rc = modify_add_values(e, &ml->sml_mod,
3557                                    get_permissiveModify(op),
3558                                    &rs->sr_text, ca->msg, sizeof(ca->msg) );
3559
3560                         /* If value already exists, show success here
3561                          * and ignore this operation down below.
3562                          */
3563                         if ( mop == SLAP_MOD_SOFTADD ) {
3564                                 if ( rc == LDAP_TYPE_OR_VALUE_EXISTS )
3565                                         rc = LDAP_SUCCESS;
3566                                 else
3567                                         mop = LDAP_MOD_ADD;
3568                         }
3569                         ml->sml_op = mop;
3570                         break;
3571                         }
3572
3573                         break;
3574                 case LDAP_MOD_INCREMENT:        /* FIXME */
3575                         break;
3576                 default:
3577                         break;
3578                 }
3579                 if(rc != LDAP_SUCCESS) break;
3580         }
3581         
3582         if(rc == LDAP_SUCCESS) {
3583                 /* check that the entry still obeys the schema */
3584                 rc = entry_schema_check(op, e, NULL, 0,
3585                         &rs->sr_text, ca->msg, sizeof(ca->msg) );
3586         }
3587         if ( rc == LDAP_SUCCESS ) {
3588                 /* Basic syntax checks are OK. Do the actual settings. */
3589                 for ( ml = op->orm_modlist; ml; ml = ml->sml_next ) {
3590                         ct = config_find_table( colst, nocs, ml->sml_desc );
3591                         if ( !ct ) continue;
3592
3593                         switch (ml->sml_op) {
3594                         case LDAP_MOD_DELETE:
3595                         case LDAP_MOD_REPLACE: {
3596                                 BerVarray vals = NULL, nvals;
3597                                 Attribute *a;
3598                                 delrec *d;
3599
3600                                 a = attr_find( e->e_attrs, ml->sml_desc );
3601
3602                                 if ( ml->sml_op == LDAP_MOD_REPLACE ) {
3603                                         vals = ml->sml_values;
3604                                         nvals = ml->sml_nvalues;
3605                                         ml->sml_values = NULL;
3606                                         ml->sml_nvalues = NULL;
3607                                 }
3608
3609                                 if ( ml->sml_values )
3610                                         d = dels;
3611
3612                                 /* If we didn't delete the whole attribute */
3613                                 if ( ml->sml_values && a ) {
3614                                         struct berval *mvals;
3615                                         int j;
3616
3617                                         if ( ml->sml_nvalues )
3618                                                 mvals = ml->sml_nvalues;
3619                                         else
3620                                                 mvals = ml->sml_values;
3621
3622                                         /* use the indexes we saved up above */
3623                                         for (i=0; i < d->nidx; i++) {
3624                                                 struct berval bv = *mvals++;
3625                                                 if ( a->a_desc->ad_type->sat_flags & SLAP_AT_ORDERED &&
3626                                                         bv.bv_val[0] == '{' ) {
3627                                                         ptr = strchr( bv.bv_val, '}' ) + 1;
3628                                                         bv.bv_len -= ptr - bv.bv_val;
3629                                                         bv.bv_val = ptr;
3630                                                 }
3631                                                 ca->line = bv.bv_val;
3632                                                 ca->valx = d->idx[i];
3633                                                 rc = config_del_vals( ct, ca );
3634                                                 if ( rc != LDAP_SUCCESS ) break;
3635                                                 for (j=i+1; j < d->nidx; j++)
3636                                                         if ( d->idx[j] >d->idx[i] )
3637                                                                 d->idx[j]--;
3638                                         }
3639                                 } else {
3640                                         ca->valx = -1;
3641                                         ca->line = NULL;
3642                                         rc = config_del_vals( ct, ca );
3643                                         if ( rc ) rc = LDAP_OTHER;
3644                                 }
3645                                 if ( ml->sml_values ) {
3646                                         ch_free( dels );
3647                                         dels = d->next;
3648                                 }
3649                                 if ( ml->sml_op == LDAP_MOD_REPLACE ) {
3650                                         ml->sml_values = vals;
3651                                         ml->sml_nvalues = nvals;
3652                                 }
3653                                 if ( !vals || rc != LDAP_SUCCESS )
3654                                         break;
3655                                 }
3656                                 /* FALLTHRU: LDAP_MOD_REPLACE && vals */
3657
3658                         case LDAP_MOD_ADD:
3659                                 for (i=0; ml->sml_values[i].bv_val; i++) {
3660                                         ca->line = ml->sml_values[i].bv_val;
3661                                         ca->valx = -1;
3662                                         if ( ml->sml_desc->ad_type->sat_flags & SLAP_AT_ORDERED &&
3663                                                 ca->line[0] == '{' ) {
3664                                                 ptr = strchr( ca->line, '}' );
3665                                                 if ( ptr ) {
3666                                                         ca->valx = strtol( ca->line+1, NULL, 0 );
3667                                                         ca->line = ptr+1;
3668                                                 }
3669                                         }
3670                                         rc = config_parse_add( ct, ca );
3671                                         if ( rc ) {
3672                                                 rc = LDAP_OTHER;
3673                                                 goto out;
3674                                         }
3675                                 }
3676
3677                                 break;
3678                         }
3679                 }
3680         }
3681
3682 out:
3683         if ( ca->cleanup )
3684                 ca->cleanup( ca );
3685         if ( rc == LDAP_SUCCESS ) {
3686                 attrs_free( save_attrs );
3687         } else {
3688                 attrs_free( e->e_attrs );
3689                 e->e_attrs = save_attrs;
3690         }
3691         ch_free( ca->argv );
3692         if ( colst ) ch_free( colst );
3693
3694         return rc;
3695 }
3696
3697 static int
3698 config_back_modify( Operation *op, SlapReply *rs )
3699 {
3700         CfBackInfo *cfb;
3701         CfEntryInfo *ce, *last;
3702         Modifications *ml;
3703         ConfigArgs ca = {0};
3704         struct berval rdn;
3705         char *ptr;
3706         AttributeDescription *rad = NULL;
3707
3708         if ( !be_isroot( op ) ) {
3709                 rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
3710                 goto out;
3711         }
3712
3713         cfb = (CfBackInfo *)op->o_bd->be_private;
3714
3715         ce = config_find_base( cfb->cb_root, &op->o_req_ndn, &last );
3716         if ( !ce ) {
3717                 if ( last )
3718                         rs->sr_matched = last->ce_entry->e_name.bv_val;
3719                 rs->sr_err = LDAP_NO_SUCH_OBJECT;
3720                 goto out;
3721         }
3722
3723         /* Get type of RDN */
3724         rdn = ce->ce_entry->e_nname;
3725         ptr = strchr( rdn.bv_val, '=' );
3726         rdn.bv_len = ptr - rdn.bv_val;
3727         slap_bv2ad( &rdn, &rad, &rs->sr_text );
3728
3729         /* Some basic validation... */
3730         for ( ml = op->orm_modlist; ml; ml = ml->sml_next ) {
3731                 /* Don't allow Modify of RDN; must use ModRdn for that. */
3732                 if ( ml->sml_desc == rad ) {
3733                         rs->sr_err = LDAP_NOT_ALLOWED_ON_RDN;
3734                         rs->sr_text = "Use modrdn to change the entry name";
3735                         goto out;
3736                 }
3737         }
3738
3739         ldap_pvt_thread_pool_pause( &connection_pool );
3740
3741         /* Strategy:
3742          * 1) perform the Modify on the cached Entry.
3743          * 2) verify that the Entry still satisfies the schema.
3744          * 3) perform the individual config operations.
3745          * 4) store Modified entry in underlying LDIF backend.
3746          */
3747         rs->sr_err = config_modify_internal( ce, op, rs, &ca );
3748         if ( rs->sr_err ) {
3749                 rs->sr_text = ca.msg;
3750         } else if ( cfb->cb_use_ldif ) {
3751                 BackendDB *be = op->o_bd;
3752                 slap_callback sc = { NULL, slap_null_cb, NULL, NULL };
3753                 op->o_bd = &cfb->cb_db;
3754                 sc.sc_next = op->o_callback;
3755                 op->o_callback = &sc;
3756                 op->o_bd->be_modify( op, rs );
3757                 op->o_bd = be;
3758                 op->o_callback = sc.sc_next;
3759         }
3760
3761         ldap_pvt_thread_pool_resume( &connection_pool );
3762 out:
3763         send_ldap_result( op, rs );
3764         return rs->sr_err;
3765 }
3766
3767 static int
3768 config_back_modrdn( Operation *op, SlapReply *rs )
3769 {
3770         CfBackInfo *cfb;
3771         CfEntryInfo *ce, *last;
3772
3773         if ( !be_isroot( op ) ) {
3774                 rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
3775                 goto out;
3776         }
3777
3778         cfb = (CfBackInfo *)op->o_bd->be_private;
3779
3780         ce = config_find_base( cfb->cb_root, &op->o_req_ndn, &last );
3781         if ( !ce ) {
3782                 if ( last )
3783                         rs->sr_matched = last->ce_entry->e_name.bv_val;
3784                 rs->sr_err = LDAP_NO_SUCH_OBJECT;
3785                 goto out;
3786         }
3787
3788         /* We don't allow moving objects to new parents.
3789          * Generally we only allow reordering a set of ordered entries.
3790          */
3791         if ( op->orr_newSup ) {
3792                 rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
3793                 goto out;
3794         }
3795         ldap_pvt_thread_pool_pause( &connection_pool );
3796
3797         ldap_pvt_thread_pool_resume( &connection_pool );
3798 out:
3799         send_ldap_result( op, rs );
3800         return rs->sr_err;
3801 }
3802
3803 static int
3804 config_back_search( Operation *op, SlapReply *rs )
3805 {
3806         CfBackInfo *cfb;
3807         CfEntryInfo *ce, *last;
3808
3809         if ( !be_isroot( op ) ) {
3810                 rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
3811                 goto out;
3812         }
3813
3814         cfb = (CfBackInfo *)op->o_bd->be_private;
3815
3816         ce = config_find_base( cfb->cb_root, &op->o_req_ndn, &last );
3817         if ( !ce ) {
3818                 if ( last )
3819                         rs->sr_matched = last->ce_entry->e_name.bv_val;
3820                 rs->sr_err = LDAP_NO_SUCH_OBJECT;
3821                 goto out;
3822         }
3823         switch ( op->ors_scope ) {
3824         case LDAP_SCOPE_BASE:
3825         case LDAP_SCOPE_SUBTREE:
3826                 config_send( op, rs, ce, 0 );
3827                 break;
3828                 
3829         case LDAP_SCOPE_ONELEVEL:
3830                 for (ce = ce->ce_kids; ce; ce=ce->ce_sibs) {
3831                         config_send( op, rs, ce, 1 );
3832                 }
3833                 break;
3834         }
3835                 
3836         rs->sr_err = LDAP_SUCCESS;
3837 out:
3838         send_ldap_result( op, rs );
3839         return 0;
3840 }
3841
3842 static void
3843 config_build_attrs( Entry *e, AttributeType **at, AttributeDescription *ad,
3844         ConfigTable *ct, ConfigArgs *c )
3845 {
3846         int i, rc;
3847
3848         for (; at && *at; at++) {
3849                 /* Skip the naming attr */
3850                 if ((*at)->sat_ad == ad || (*at)->sat_ad == slap_schema.si_ad_cn )
3851                         continue;
3852                 for (i=0;ct[i].name;i++) {
3853                         if (ct[i].ad == (*at)->sat_ad) {
3854                                 rc = config_get_vals(&ct[i], c);
3855                                 if (rc == LDAP_SUCCESS) {
3856                                         if ( c->rvalue_nvals )
3857                                                 attr_merge(e, ct[i].ad, c->rvalue_vals,
3858                                                         c->rvalue_nvals);
3859                                         else
3860                                                 attr_merge_normalize(e, ct[i].ad,
3861                                                         c->rvalue_vals, NULL);
3862                                         ber_bvarray_free( c->rvalue_nvals );
3863                                         ber_bvarray_free( c->rvalue_vals );
3864                                 }
3865                                 break;
3866                         }
3867                 }
3868         }
3869 }
3870
3871 Entry *
3872 config_build_entry( Operation *op, SlapReply *rs, CfEntryInfo *parent,
3873         ConfigArgs *c, struct berval *rdn, ConfigOCs *main, ConfigOCs *extra )
3874 {
3875         Entry *e = ch_calloc( 1, sizeof(Entry) );
3876         CfEntryInfo *ce = ch_calloc( 1, sizeof(CfEntryInfo) );
3877         struct berval val;
3878         struct berval ad_name;
3879         AttributeDescription *ad = NULL;
3880         int rc;
3881         char *ptr;
3882         const char *text;
3883         Attribute *oc_at;
3884         struct berval pdn;
3885         ObjectClass *oc;
3886         CfEntryInfo *ceprev = NULL;
3887
3888         e->e_private = ce;
3889         ce->ce_entry = e;
3890         ce->ce_parent = parent;
3891         if ( parent ) {
3892                 pdn = parent->ce_entry->e_nname;
3893                 if ( parent->ce_kids )
3894                         for ( ceprev = parent->ce_kids; ceprev->ce_sibs;
3895                                 ceprev = ceprev->ce_sibs );
3896         } else {
3897                 BER_BVZERO( &pdn );
3898         }
3899
3900         ce->ce_type = main->co_type;
3901         ce->ce_private = c->private;
3902         ce->ce_be = c->be;
3903         ce->ce_bi = c->bi;
3904
3905         build_new_dn( &e->e_name, &pdn, rdn, NULL );
3906         ber_dupbv( &e->e_nname, &e->e_name );
3907
3908         attr_merge_normalize_one(e, slap_schema.si_ad_objectClass,
3909                 main->co_name, NULL );
3910         if ( extra )
3911                 attr_merge_normalize_one(e, slap_schema.si_ad_objectClass,
3912                         extra->co_name, NULL );
3913         ptr = strchr(rdn->bv_val, '=');
3914         ad_name.bv_val = rdn->bv_val;
3915         ad_name.bv_len = ptr - rdn->bv_val;
3916         rc = slap_bv2ad( &ad_name, &ad, &text );
3917         if ( rc ) {
3918                 return NULL;
3919         }
3920         val.bv_val = ptr+1;
3921         val.bv_len = rdn->bv_len - (val.bv_val - rdn->bv_val);
3922         attr_merge_normalize_one(e, ad, &val, NULL );
3923
3924         oc = main->co_oc;
3925         if ( oc->soc_required )
3926                 config_build_attrs( e, oc->soc_required, ad, main->co_table, c );
3927
3928         if ( oc->soc_allowed )
3929                 config_build_attrs( e, oc->soc_allowed, ad, main->co_table, c );
3930
3931         if ( extra ) {
3932                 oc = extra->co_oc;
3933                 if ( oc->soc_required )
3934                         config_build_attrs( e, oc->soc_required, ad, extra->co_table, c );
3935
3936                 if ( oc->soc_allowed )
3937                         config_build_attrs( e, oc->soc_allowed, ad, extra->co_table, c );
3938         }
3939
3940         oc_at = attr_find( e->e_attrs, slap_schema.si_ad_objectClass );
3941         rc = structural_class(oc_at->a_vals, &val, NULL, &text, c->msg,
3942                 sizeof(c->msg));
3943         attr_merge_normalize_one(e, slap_schema.si_ad_structuralObjectClass, &val, NULL );
3944         if ( op ) {
3945                 op->ora_e = e;
3946                 op->o_bd->be_add( op, rs );
3947         }
3948         if ( ceprev ) {
3949                 ceprev->ce_sibs = ce;
3950         } else if ( parent ) {
3951                 parent->ce_kids = ce;
3952         }
3953
3954         return e;
3955 }
3956
3957 static void
3958 config_build_schema_inc( ConfigArgs *c, CfEntryInfo *ceparent,
3959         Operation *op, SlapReply *rs )
3960 {
3961         Entry *e;
3962         ConfigFile *cf = c->private;
3963         char *ptr;
3964         struct berval bv;
3965
3966         for (; cf; cf=cf->c_sibs, c->depth++) {
3967                 c->value_dn.bv_val = c->log;
3968                 bv.bv_val = strrchr(cf->c_file.bv_val, LDAP_DIRSEP[0]);
3969                 if ( !bv.bv_val ) {
3970                         bv = cf->c_file;
3971                 } else {
3972                         bv.bv_val++;
3973                         bv.bv_len = cf->c_file.bv_len - (bv.bv_val - cf->c_file.bv_val);
3974                 }
3975                 ptr = strchr( bv.bv_val, '.' );
3976                 if ( ptr )
3977                         bv.bv_len = ptr - bv.bv_val;
3978                 c->value_dn.bv_len = sprintf(c->value_dn.bv_val, "cn=" IFMT, c->depth);
3979                 strncpy( c->value_dn.bv_val + c->value_dn.bv_len, bv.bv_val,
3980                         bv.bv_len );
3981                 c->value_dn.bv_len += bv.bv_len;
3982                 c->value_dn.bv_val[c->value_dn.bv_len] ='\0';
3983
3984                 c->private = cf;
3985                 e = config_build_entry( op, rs, ceparent, c, &c->value_dn,
3986                         &CFOC_SCHEMA, NULL );
3987                 if ( e && cf->c_kids ) {
3988                         c->private = cf->c_kids;
3989                         config_build_schema_inc( c, e->e_private, op, rs );
3990                 }
3991         }
3992 }
3993
3994 static void
3995 config_build_includes( ConfigArgs *c, CfEntryInfo *ceparent,
3996         Operation *op, SlapReply *rs )
3997 {
3998         Entry *e;
3999         int i;
4000         ConfigFile *cf = c->private;
4001
4002         for (i=0; cf; cf=cf->c_sibs, i++) {
4003                 c->value_dn.bv_val = c->log;
4004                 c->value_dn.bv_len = sprintf(c->value_dn.bv_val, "cn=include" IFMT, i);
4005                 c->private = cf;
4006                 e = config_build_entry( op, rs, ceparent, c, &c->value_dn,
4007                         &CFOC_INCLUDE, NULL );
4008                 if ( e && cf->c_kids ) {
4009                         c->private = cf->c_kids;
4010                         config_build_includes( c, e->e_private, op, rs );
4011                 }
4012         }
4013 }
4014
4015 #ifdef SLAPD_MODULES
4016
4017 static void
4018 config_build_modules( ConfigArgs *c, CfEntryInfo *ceparent,
4019         Operation *op, SlapReply *rs )
4020 {
4021         int i;
4022         ModPaths *mp;
4023
4024         for (i=0, mp=&modpaths; mp; mp=mp->mp_next, i++) {
4025                 if ( BER_BVISNULL( &mp->mp_path ) && !mp->mp_loads )
4026                         continue;
4027                 c->value_dn.bv_val = c->log;
4028                 c->value_dn.bv_len = sprintf(c->value_dn.bv_val, "cn=module" IFMT, i);
4029                 c->private = mp;
4030                 config_build_entry( op, rs, ceparent, c, &c->value_dn,
4031                         &CFOC_MODULE, NULL );
4032         }
4033 }
4034 #endif
4035
4036 static int
4037 config_back_db_open( BackendDB *be )
4038 {
4039         CfBackInfo *cfb = be->be_private;
4040         struct berval rdn;
4041         Entry *e, *parent;
4042         CfEntryInfo *ce, *ceparent;
4043         int i;
4044         BackendInfo *bi;
4045         ConfigArgs c;
4046         Connection conn = {0};
4047         char opbuf[OPERATION_BUFFER_SIZE];
4048         Operation *op;
4049         slap_callback cb = { NULL, slap_null_cb, NULL, NULL };
4050         SlapReply rs = {REP_RESULT};
4051         void *thrctx = NULL;
4052
4053         /* If we read the config from back-ldif, nothing to do here */
4054         if ( cfb->cb_got_ldif )
4055                 return 0;
4056
4057         if ( cfb->cb_use_ldif ) {
4058                 thrctx = ldap_pvt_thread_pool_context();
4059                 op = (Operation *)opbuf;
4060                 connection_fake_init( &conn, op, thrctx );
4061
4062                 op->o_dn = be->be_rootdn;
4063                 op->o_ndn = be->be_rootndn;
4064
4065                 op->o_tag = LDAP_REQ_ADD;
4066                 op->o_callback = &cb;
4067                 op->o_bd = &cfb->cb_db;
4068         } else {
4069                 op = NULL;
4070         }
4071
4072         /* create root of tree */
4073         rdn = config_rdn;
4074         c.private = cfb->cb_config;
4075         c.be = frontendDB;
4076         e = config_build_entry( op, &rs, NULL, &c, &rdn, &CFOC_GLOBAL, NULL );
4077         ce = e->e_private;
4078         cfb->cb_root = ce;
4079
4080         parent = e;
4081         ceparent = ce;
4082
4083         /* Create includeFile nodes */
4084         if ( cfb->cb_config->c_kids ) {
4085                 c.depth = 0;
4086                 c.private = cfb->cb_config->c_kids;
4087                 config_build_includes( &c, ceparent, op, &rs );
4088         }
4089
4090 #ifdef SLAPD_MODULES
4091         /* Create Module nodes... */
4092         if ( modpaths.mp_loads ) {
4093                 config_build_modules( &c, ceparent, op, &rs );
4094         }
4095 #endif
4096
4097         /* Create schema nodes... cn=schema will contain the hardcoded core
4098          * schema, read-only. Child objects will contain runtime loaded schema
4099          * files.
4100          */
4101         rdn = schema_rdn;
4102         c.private = NULL;
4103         e = config_build_entry( op, &rs, ceparent, &c, &rdn, &CFOC_SCHEMA, NULL );
4104         ce = e->e_private;
4105
4106         /* Create schema nodes for included schema... */
4107         if ( cfb->cb_config->c_kids ) {
4108                 c.depth = 0;
4109                 c.private = cfb->cb_config->c_kids;
4110                 config_build_schema_inc( &c, ce, op, &rs );
4111         }
4112
4113         /* Create backend nodes. Skip if they don't provide a cf_table.
4114          * There usually aren't any of these.
4115          */
4116         
4117         c.line = 0;
4118         LDAP_STAILQ_FOREACH( bi, &backendInfo, bi_next) {
4119                 if (!bi->bi_cf_ocs) continue;
4120                 if (!bi->bi_private) continue;
4121
4122                 rdn.bv_val = c.log;
4123                 rdn.bv_len = sprintf(rdn.bv_val, "%s=%s", cfAd_backend->ad_cname.bv_val, bi->bi_type);
4124                 c.bi = bi;
4125                 e = config_build_entry( op, &rs, ceparent, &c, &rdn, &CFOC_BACKEND,
4126                         bi->bi_cf_ocs );
4127         }
4128
4129         /* Create database nodes... */
4130         frontendDB->be_cf_ocs = &CFOC_FRONTEND;
4131         LDAP_STAILQ_NEXT(frontendDB, be_next) = LDAP_STAILQ_FIRST(&backendDB);
4132         for ( i = -1, be = frontendDB ; be;
4133                 i++, be = LDAP_STAILQ_NEXT( be, be_next )) {
4134                 slap_overinfo *oi = NULL;
4135
4136                 if ( overlay_is_over( be )) {
4137                         oi = be->bd_info->bi_private;
4138                         bi = oi->oi_orig;
4139                 } else {
4140                         bi = be->bd_info;
4141                 }
4142                 rdn.bv_val = c.log;
4143                 rdn.bv_len = sprintf(rdn.bv_val, "%s=" IFMT "%s", cfAd_database->ad_cname.bv_val,
4144                         i, bi->bi_type);
4145                 c.be = be;
4146                 c.bi = bi;
4147                 e = config_build_entry( op, &rs, ceparent, &c, &rdn, &CFOC_DATABASE,
4148                         be->be_cf_ocs );
4149                 ce = e->e_private;
4150                 if ( be->be_cf_ocs && be->be_cf_ocs->co_cfadd )
4151                         be->be_cf_ocs->co_cfadd( op, &rs, e, &c );
4152                 /* Iterate through overlays */
4153                 if ( oi ) {
4154                         slap_overinst *on;
4155                         Entry *oe;
4156                         int j;
4157
4158                         for (j=0,on=oi->oi_list; on; j++,on=on->on_next) {
4159                                 rdn.bv_val = c.log;
4160                                 rdn.bv_len = sprintf(rdn.bv_val, "%s=" IFMT "%s",
4161                                         cfAd_overlay->ad_cname.bv_val, j, on->on_bi.bi_type );
4162                                 c.be = be;
4163                                 c.bi = &on->on_bi;
4164                                 oe = config_build_entry( op, &rs, ce, &c, &rdn,
4165                                         &CFOC_OVERLAY, c.bi->bi_cf_ocs );
4166                                 if ( c.bi->bi_cf_ocs && c.bi->bi_cf_ocs->co_cfadd )
4167                                         c.bi->bi_cf_ocs->co_cfadd( op, &rs, oe, &c );
4168                         }
4169                 }
4170         }
4171         if ( thrctx )
4172                 ldap_pvt_thread_pool_context_reset( thrctx );
4173
4174         return 0;
4175 }
4176
4177 static void
4178 cfb_free_cffile( ConfigFile *cf )
4179 {
4180         ConfigFile *next;
4181
4182         for (; cf; cf=next) {
4183                 next = cf->c_sibs;
4184                 if ( cf->c_kids )
4185                         cfb_free_cffile( cf->c_kids );
4186                 ch_free( cf->c_file.bv_val );
4187                 ber_bvarray_free( cf->c_dseFiles );
4188                 ch_free( cf );
4189         }
4190 }
4191
4192 static void
4193 cfb_free_entries( CfEntryInfo *ce )
4194 {
4195         CfEntryInfo *next;
4196
4197         for (; ce; ce=next) {
4198                 next = ce->ce_sibs;
4199                 if ( ce->ce_kids )
4200                         cfb_free_entries( ce->ce_kids );
4201                 ce->ce_entry->e_private = NULL;
4202                 entry_free( ce->ce_entry );
4203                 ch_free( ce );
4204         }
4205 }
4206
4207 static int
4208 config_back_db_close( BackendDB *be )
4209 {
4210         CfBackInfo *cfb = be->be_private;
4211
4212         cfb_free_entries( cfb->cb_root );
4213         cfb->cb_root = NULL;
4214
4215         if ( cfb->cb_db.bd_info ) {
4216                 backend_shutdown( &cfb->cb_db );
4217         }
4218
4219         return 0;
4220 }
4221
4222 static int
4223 config_back_db_destroy( BackendDB *be )
4224 {
4225         CfBackInfo *cfb = be->be_private;
4226
4227         cfb_free_cffile( cfb->cb_config );
4228
4229         ch_free( cfdir.bv_val );
4230
4231         avl_free( CfOcTree, NULL );
4232
4233         if ( cfb->cb_db.bd_info ) {
4234                 cfb->cb_db.be_suffix = NULL;
4235                 cfb->cb_db.be_nsuffix = NULL;
4236                 BER_BVZERO( &cfb->cb_db.be_rootdn );
4237                 BER_BVZERO( &cfb->cb_db.be_rootndn );
4238
4239                 backend_destroy_one( &cfb->cb_db, 0 );
4240         }
4241
4242         free( be->be_private );
4243
4244         loglevel_destroy();
4245
4246         return 0;
4247 }
4248
4249 static int
4250 config_back_db_init( BackendDB *be )
4251 {
4252         struct berval dn;
4253         CfBackInfo *cfb;
4254
4255         cfb = ch_calloc( 1, sizeof(CfBackInfo));
4256         cfb->cb_config = ch_calloc( 1, sizeof(ConfigFile));
4257         cfn = cfb->cb_config;
4258         be->be_private = cfb;
4259
4260         ber_dupbv( &be->be_rootdn, &config_rdn );
4261         ber_dupbv( &be->be_rootndn, &be->be_rootdn );
4262         ber_dupbv( &dn, &be->be_rootdn );
4263         ber_bvarray_add( &be->be_suffix, &dn );
4264         ber_dupbv( &dn, &be->be_rootdn );
4265         ber_bvarray_add( &be->be_nsuffix, &dn );
4266
4267         /* Hide from namingContexts */
4268         SLAP_BFLAGS(be) |= SLAP_BFLAG_CONFIG;
4269
4270         return 0;
4271 }
4272
4273 static int
4274 config_back_destroy( BackendInfo *bi )
4275 {
4276         ldif_must_b64_encode_release();
4277         return 0;
4278 }
4279
4280 static int
4281 config_tool_entry_open( BackendDB *be, int mode )
4282 {
4283         CfBackInfo *cfb = be->be_private;
4284         BackendInfo *bi = cfb->cb_db.bd_info;
4285
4286         if ( bi && bi->bi_tool_entry_open )
4287                 return bi->bi_tool_entry_open( &cfb->cb_db, mode );
4288         else
4289                 return -1;
4290         
4291 }
4292
4293 static int
4294 config_tool_entry_close( BackendDB *be )
4295 {
4296         CfBackInfo *cfb = be->be_private;
4297         BackendInfo *bi = cfb->cb_db.bd_info;
4298
4299         if ( bi && bi->bi_tool_entry_close )
4300                 return bi->bi_tool_entry_close( &cfb->cb_db );
4301         else
4302                 return -1;
4303 }
4304
4305 static ID
4306 config_tool_entry_first( BackendDB *be )
4307 {
4308         CfBackInfo *cfb = be->be_private;
4309         BackendInfo *bi = cfb->cb_db.bd_info;
4310
4311         if ( bi && bi->bi_tool_entry_first )
4312                 return bi->bi_tool_entry_first( &cfb->cb_db );
4313         else
4314                 return NOID;
4315 }
4316
4317 static ID
4318 config_tool_entry_next( BackendDB *be )
4319 {
4320         CfBackInfo *cfb = be->be_private;
4321         BackendInfo *bi = cfb->cb_db.bd_info;
4322
4323         if ( bi && bi->bi_tool_entry_next )
4324                 return bi->bi_tool_entry_next( &cfb->cb_db );
4325         else
4326                 return NOID;
4327 }
4328
4329 static Entry *
4330 config_tool_entry_get( BackendDB *be, ID id )
4331 {
4332         CfBackInfo *cfb = be->be_private;
4333         BackendInfo *bi = cfb->cb_db.bd_info;
4334
4335         if ( bi && bi->bi_tool_entry_get )
4336                 return bi->bi_tool_entry_get( &cfb->cb_db, id );
4337         else
4338                 return NULL;
4339 }
4340
4341 static ID
4342 config_tool_entry_put( BackendDB *be, Entry *e, struct berval *text )
4343 {
4344         CfBackInfo *cfb = be->be_private;
4345         BackendInfo *bi = cfb->cb_db.bd_info;
4346         ConfigArgs ca;
4347
4348         if ( bi && bi->bi_tool_entry_put &&
4349                 config_add_internal( cfb, e, &ca, NULL, NULL ) == 0 )
4350                 return bi->bi_tool_entry_put( &cfb->cb_db, e, text );
4351         else
4352                 return NOID;
4353 }
4354
4355 static struct {
4356         char *name;
4357         AttributeDescription **desc;
4358 } ads[] = {
4359         { "backend", &cfAd_backend },
4360         { "database", &cfAd_database },
4361         { "include", &cfAd_include },
4362         { "overlay", &cfAd_overlay },
4363         { NULL, NULL }
4364 };
4365
4366 /* Notes:
4367  *   add / delete: all types that may be added or deleted must use an
4368  * X-ORDERED attributeType for their RDN. Adding and deleting entries
4369  * should automatically renumber the index of any siblings as needed,
4370  * so that no gaps in the numbering sequence exist after the add/delete
4371  * is completed.
4372  *   What can be added:
4373  *     schema objects
4374  *     backend objects for backend-specific config directives
4375  *     database objects
4376  *     overlay objects
4377  *
4378  *   delete: probably no support this time around.
4379  *
4380  *   modrdn: generally not done. Will be invoked automatically by add/
4381  * delete to update numbering sequence. Perform as an explicit operation
4382  * so that the renumbering effect may be replicated. Subtree rename must
4383  * be supported, since renumbering a database will affect all its child
4384  * overlays.
4385  *
4386  *  modify: must be fully supported. 
4387  */
4388
4389 int
4390 config_back_initialize( BackendInfo *bi )
4391 {
4392         ConfigTable             *ct = config_back_cf_table;
4393         char                    *argv[4];
4394         int                     i;
4395         AttributeDescription    *ad = NULL;
4396         const char              *text;
4397         static char             *controls[] = {
4398                 LDAP_CONTROL_MANAGEDSAIT,
4399                 NULL
4400         };
4401
4402         bi->bi_controls = controls;
4403
4404         bi->bi_open = 0;
4405         bi->bi_close = 0;
4406         bi->bi_config = 0;
4407         bi->bi_destroy = config_back_destroy;
4408
4409         bi->bi_db_init = config_back_db_init;
4410         bi->bi_db_config = 0;
4411         bi->bi_db_open = config_back_db_open;
4412         bi->bi_db_close = config_back_db_close;
4413         bi->bi_db_destroy = config_back_db_destroy;
4414
4415         bi->bi_op_bind = config_back_bind;
4416         bi->bi_op_unbind = 0;
4417         bi->bi_op_search = config_back_search;
4418         bi->bi_op_compare = 0;
4419         bi->bi_op_modify = config_back_modify;
4420         bi->bi_op_modrdn = config_back_modrdn;
4421         bi->bi_op_add = config_back_add;
4422         bi->bi_op_delete = 0;
4423         bi->bi_op_abandon = 0;
4424
4425         bi->bi_extended = 0;
4426
4427         bi->bi_chk_referrals = 0;
4428
4429 #ifdef SLAP_OVERLAY_ACCESS
4430         bi->bi_access_allowed = slap_access_always_allowed;
4431 #endif /* SLAP_OVERLAY_ACCESS */
4432
4433         bi->bi_connection_init = 0;
4434         bi->bi_connection_destroy = 0;
4435
4436         bi->bi_tool_entry_open = config_tool_entry_open;
4437         bi->bi_tool_entry_close = config_tool_entry_close;
4438         bi->bi_tool_entry_first = config_tool_entry_first;
4439         bi->bi_tool_entry_next = config_tool_entry_next;
4440         bi->bi_tool_entry_get = config_tool_entry_get;
4441         bi->bi_tool_entry_put = config_tool_entry_put;
4442
4443         /* Make sure we don't exceed the bits reserved for userland */
4444         assert( ( ( CFG_LAST - 1 ) & ARGS_USERLAND ) == ( CFG_LAST - 1 ) );
4445
4446         argv[3] = NULL;
4447         for (i=0; OidMacros[i].name; i++ ) {
4448                 argv[1] = OidMacros[i].name;
4449                 argv[2] = OidMacros[i].oid;
4450                 parse_oidm( "slapd", i, 3, argv, 0, NULL );
4451         }
4452
4453         bi->bi_cf_ocs = cf_ocs;
4454
4455         i = config_register_schema( ct, cf_ocs );
4456         if ( i ) return i;
4457
4458         /* setup olcRootPW to be base64-encoded when written in LDIF form;
4459          * basically, we don't care if it fails */
4460         i = slap_str2ad( "olcRootPW", &ad, &text );
4461         if ( i ) {
4462                 Debug( LDAP_DEBUG_ANY, "config_back_initialize: "
4463                         "warning, unable to get \"olcRootPW\" "
4464                         "attribute description: %d: %s\n",
4465                         i, text, 0 );
4466         } else {
4467                 (void)ldif_must_b64_encode_register( ad->ad_cname.bv_val,
4468                         ad->ad_type->sat_oid );
4469         }
4470
4471         /* set up the notable AttributeDescriptions */
4472         i = 0;
4473         for (;ct->name;ct++) {
4474                 if (strcmp(ct->name, ads[i].name)) continue;
4475                 *ads[i].desc = ct->ad;
4476                 i++;
4477                 if (!ads[i].name) break;
4478         }
4479
4480         return 0;
4481 }
4482