]> git.sur5r.net Git - openldap/blob - servers/slapd/bconfig.c
e259a02e433a8bf643e293a052ce1c51cc45e8b0
[openldap] / servers / slapd / bconfig.c
1 /* bconfig.c - the config backend */
2 /* $OpenLDAP$ */
3 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
4  *
5  * Copyright 2005 The OpenLDAP Foundation.
6  * All rights reserved.
7  *
8  * Redistribution and use in source and binary forms, with or without
9  * modification, are permitted only as authorized by the OpenLDAP
10  * Public License.
11  *
12  * A copy of this license is available in the file LICENSE in the
13  * top-level directory of the distribution or, alternatively, at
14  * <http://www.OpenLDAP.org/license.html>.
15  */
16 /* ACKNOWLEDGEMENTS:
17  * This work was originally developed by Howard Chu for inclusion
18  * in OpenLDAP Software.
19  */
20
21 #include "portable.h"
22
23 #include <stdio.h>
24 #include <ac/string.h>
25 #include <ac/ctype.h>
26 #include <ac/errno.h>
27 #include <sys/stat.h>
28
29 #include "slap.h"
30
31 #ifdef LDAP_SLAPI
32 #include "slapi/slapi.h"
33 #endif
34
35 #include <lutil.h>
36
37 #include "config.h"
38
39 static struct berval config_rdn = BER_BVC("cn=config");
40 static struct berval schema_rdn = BER_BVC("cn=schema");
41
42 #define IFMT    "{%d}"
43
44 #ifdef SLAPD_MODULES
45 typedef struct modpath_s {
46         struct modpath_s *mp_next;
47         struct berval mp_path;
48         BerVarray mp_loads;
49 } ModPaths;
50
51 static ModPaths modpaths, *modlast = &modpaths, *modcur = &modpaths;
52 #endif
53
54 typedef struct ConfigFile {
55         struct ConfigFile *c_sibs;
56         struct ConfigFile *c_kids;
57         struct berval c_file;
58         AttributeType *c_at_head, *c_at_tail;
59         ContentRule *c_cr_head, *c_cr_tail;
60         ObjectClass *c_oc_head, *c_oc_tail;
61         OidMacro *c_om_head, *c_om_tail;
62         BerVarray c_dseFiles;
63 } ConfigFile;
64
65 typedef struct {
66         ConfigFile *cb_config;
67         CfEntryInfo *cb_root;
68         BackendDB       cb_db;  /* underlying database */
69         int             cb_got_ldif;
70         int             cb_use_ldif;
71 } CfBackInfo;
72
73 /* These do nothing in slapd, they're kept only to make them
74  * editable here.
75  */
76 static char *replica_pidFile, *replica_argsFile;
77 static int replicationInterval;
78
79 static char     *passwd_salt;
80 static char     *logfileName;
81 static BerVarray authz_rewrites;
82
83 static struct berval cfdir;
84
85 /* Private state */
86 static AttributeDescription *cfAd_backend, *cfAd_database, *cfAd_overlay,
87         *cfAd_include;
88
89 static ConfigFile cf_prv, *cfn = &cf_prv;
90
91 static Avlnode *CfOcTree;
92
93 static int config_add_internal( CfBackInfo *cfb, Entry *e, SlapReply *rs,
94         int *renumber );
95
96 static ConfigDriver config_fname;
97 static ConfigDriver config_cfdir;
98 static ConfigDriver config_generic;
99 static ConfigDriver config_search_base;
100 static ConfigDriver config_passwd_hash;
101 static ConfigDriver config_schema_dn;
102 static ConfigDriver config_sizelimit;
103 static ConfigDriver config_timelimit;
104 static ConfigDriver config_overlay;
105 static ConfigDriver config_suffix; 
106 static ConfigDriver config_deref_depth;
107 static ConfigDriver config_rootdn;
108 static ConfigDriver config_rootpw;
109 static ConfigDriver config_restrict;
110 static ConfigDriver config_allows;
111 static ConfigDriver config_disallows;
112 static ConfigDriver config_requires;
113 static ConfigDriver config_security;
114 static ConfigDriver config_referral;
115 static ConfigDriver config_loglevel;
116 static ConfigDriver config_replica;
117 static ConfigDriver config_updatedn;
118 static ConfigDriver config_updateref;
119 static ConfigDriver config_include;
120 #ifdef HAVE_TLS
121 static ConfigDriver config_tls_option;
122 static ConfigDriver config_tls_config;
123 #endif
124 extern ConfigDriver syncrepl_config;
125
126 enum {
127         CFG_ACL = 1,
128         CFG_BACKEND,
129         CFG_DATABASE,
130         CFG_TLS_RAND,
131         CFG_TLS_CIPHER,
132         CFG_TLS_CERT_FILE,
133         CFG_TLS_CERT_KEY,
134         CFG_TLS_CA_PATH,
135         CFG_TLS_CA_FILE,
136         CFG_TLS_VERIFY,
137         CFG_TLS_CRLCHECK,
138         CFG_CONCUR,
139         CFG_THREADS,
140         CFG_SALT,
141         CFG_LIMITS,
142         CFG_RO,
143         CFG_REWRITE,
144         CFG_DEPTH,
145         CFG_OID,
146         CFG_OC,
147         CFG_DIT,
148         CFG_ATTR,
149         CFG_ATOPT,
150         CFG_CHECK,
151         CFG_REPLOG,
152         CFG_ROOTDSE,
153         CFG_LOGFILE,
154         CFG_PLUGIN,
155         CFG_MODLOAD,
156         CFG_MODPATH,
157         CFG_LASTMOD,
158         CFG_AZPOLICY,
159         CFG_AZREGEXP,
160         CFG_SASLSECP,
161         CFG_SSTR_IF_MAX,
162         CFG_SSTR_IF_MIN,
163 };
164
165 typedef struct {
166         char *name, *oid;
167 } OidRec;
168
169 static OidRec OidMacros[] = {
170         /* OpenLDAProot:666.11.1 */
171         { "OLcfg", "1.3.6.1.4.1.4203.666.11.1" },
172         { "OLcfgAt", "OLcfg:3" },
173         { "OLcfgGlAt", "OLcfgAt:0" },
174         { "OLcfgBkAt", "OLcfgAt:1" },
175         { "OLcfgDbAt", "OLcfgAt:2" },
176         { "OLcfgOvAt", "OLcfgAt:3" },
177         { "OLcfgOc", "OLcfg:4" },
178         { "OLcfgGlOc", "OLcfgOc:0" },
179         { "OLcfgBkOc", "OLcfgOc:1" },
180         { "OLcfgDbOc", "OLcfgOc:2" },
181         { "OLcfgOvOc", "OLcfgOc:3" },
182         { "OMsyn", "1.3.6.1.4.1.1466.115.121.1" },
183         { "OMsInteger", "OMsyn:27" },
184         { "OMsBoolean", "OMsyn:7" },
185         { "OMsDN", "OMsyn:12" },
186         { "OMsDirectoryString", "OMsyn:15" },
187         { "OMsOctetString", "OMsyn:40" },
188         { NULL, NULL }
189 };
190
191 /*
192  * OLcfg{Bk|Db}{Oc|At}:0                -> common
193  * OLcfg{Bk|Db}{Oc|At}:1                -> bdb
194  * OLcfg{Bk|Db}{Oc|At}:2                -> ldif
195  * OLcfg{Bk|Db}{Oc|At}:3                -> ldap?
196  */
197
198 /* alphabetical ordering */
199
200 static ConfigTable config_back_cf_table[] = {
201         /* This attr is read-only */
202         { "", "", 0, 0, 0, ARG_MAGIC,
203                 &config_fname, "( OLcfgGlAt:78 NAME 'olcConfigFile' "
204                         "DESC 'File for slapd configuration directives' "
205                         "EQUALITY caseIgnoreMatch "
206                         "SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
207         { "", "", 0, 0, 0, ARG_MAGIC,
208                 &config_cfdir, "( OLcfgGlAt:79 NAME 'olcConfigDir' "
209                         "DESC 'Directory for slapd configuration backend' "
210                         "EQUALITY caseIgnoreMatch "
211                         "SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
212         { "access",     NULL, 0, 0, 0, ARG_MAY_DB|ARG_MAGIC|CFG_ACL,
213                 &config_generic, "( OLcfgGlAt:1 NAME 'olcAccess' "
214                         "DESC 'Access Control List' "
215                         "EQUALITY caseIgnoreMatch "
216                         "SYNTAX OMsDirectoryString X-ORDERED 'VALUES' )", NULL, NULL },
217         { "allows",     "features", 2, 0, 5, ARG_PRE_DB|ARG_MAGIC,
218                 &config_allows, "( OLcfgGlAt:2 NAME 'olcAllows' "
219                         "DESC 'Allowed set of deprecated features' "
220                         "EQUALITY caseIgnoreMatch "
221                         "SYNTAX OMsDirectoryString )", NULL, NULL },
222         { "argsfile", "file", 2, 2, 0, ARG_STRING,
223                 &slapd_args_file, "( OLcfgGlAt:3 NAME 'olcArgsFile' "
224                         "DESC 'File for slapd command line options' "
225                         "EQUALITY caseIgnoreMatch "
226                         "SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
227         { "attribute",  "attribute", 2, 0, 9,
228                 ARG_PAREN|ARG_MAGIC|CFG_ATTR|ARG_NO_DELETE|ARG_NO_INSERT,
229                 &config_generic, "( OLcfgGlAt:4 NAME 'olcAttributeTypes' "
230                         "DESC 'OpenLDAP attributeTypes' "
231                         "EQUALITY caseIgnoreMatch "
232                         "SYNTAX OMsDirectoryString X-ORDERED 'VALUES' )",
233                                 NULL, NULL },
234         { "attributeoptions", NULL, 0, 0, 0, ARG_MAGIC|CFG_ATOPT,
235                 &config_generic, "( OLcfgGlAt:5 NAME 'olcAttributeOptions' "
236                         "EQUALITY caseIgnoreMatch "
237                         "SYNTAX OMsDirectoryString )", NULL, NULL },
238         { "authid-rewrite", NULL, 2, 0, 0,
239 #ifdef SLAP_AUTH_REWRITE
240                 ARG_MAGIC|CFG_REWRITE|ARG_NO_INSERT, &config_generic,
241 #else
242                 ARG_IGNORED, NULL,
243 #endif
244                  "( OLcfgGlAt:6 NAME 'olcAuthIDRewrite' "
245                         "EQUALITY caseIgnoreMatch "
246                         "SYNTAX OMsDirectoryString X-ORDERED 'VALUES' )", NULL, NULL },
247         { "authz-policy", "policy", 2, 2, 0, ARG_STRING|ARG_MAGIC|CFG_AZPOLICY,
248                 &config_generic, "( OLcfgGlAt:7 NAME 'olcAuthzPolicy' "
249                         "EQUALITY caseIgnoreMatch "
250                         "SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
251         { "authz-regexp", NULL, 3, 3, 0, ARG_MAGIC|CFG_AZREGEXP|ARG_NO_INSERT,
252                 &config_generic, "( OLcfgGlAt:8 NAME 'olcAuthzRegexp' "
253                         "EQUALITY caseIgnoreMatch "
254                         "SYNTAX OMsDirectoryString X-ORDERED 'VALUES' )", NULL, NULL },
255         { "backend", "type", 2, 2, 0, ARG_PRE_DB|ARG_MAGIC|CFG_BACKEND,
256                 &config_generic, "( OLcfgGlAt:9 NAME 'olcBackend' "
257                         "DESC 'A type of backend' "
258                         "EQUALITY caseIgnoreMatch "
259                         "SYNTAX OMsDirectoryString SINGLE-VALUE X-ORDERED 'SIBLINGS' )",
260                                 NULL, NULL },
261         { "concurrency", "level", 2, 2, 0, ARG_INT|ARG_MAGIC|CFG_CONCUR,
262                 &config_generic, "( OLcfgGlAt:10 NAME 'olcConcurrency' "
263                         "SYNTAX OMsInteger SINGLE-VALUE )", NULL, NULL },
264         { "conn_max_pending", "max", 2, 2, 0, ARG_INT,
265                 &slap_conn_max_pending, "( OLcfgGlAt:11 NAME 'olcConnMaxPending' "
266                         "SYNTAX OMsInteger SINGLE-VALUE )", NULL, NULL },
267         { "conn_max_pending_auth", "max", 2, 2, 0, ARG_INT,
268                 &slap_conn_max_pending_auth, "( OLcfgGlAt:12 NAME 'olcConnMaxPendingAuth' "
269                         "SYNTAX OMsInteger SINGLE-VALUE )", NULL, NULL },
270         { "database", "type", 2, 2, 0, ARG_MAGIC|CFG_DATABASE,
271                 &config_generic, "( OLcfgGlAt:13 NAME 'olcDatabase' "
272                         "DESC 'The backend type for a database instance' "
273                         "SUP olcBackend SINGLE-VALUE X-ORDERED 'SIBLINGS' )", NULL, NULL },
274         { "defaultSearchBase", "dn", 2, 2, 0, ARG_PRE_BI|ARG_PRE_DB|ARG_DN|ARG_MAGIC,
275                 &config_search_base, "( OLcfgGlAt:14 NAME 'olcDefaultSearchBase' "
276                         "SYNTAX OMsDN SINGLE-VALUE )", NULL, NULL },
277         { "disallows", "features", 2, 0, 8, ARG_PRE_DB|ARG_MAGIC,
278                 &config_disallows, "( OLcfgGlAt:15 NAME 'olcDisallows' "
279                         "EQUALITY caseIgnoreMatch "
280                         "SYNTAX OMsDirectoryString )", NULL, NULL },
281         { "ditcontentrule",     NULL, 0, 0, 0, ARG_MAGIC|CFG_DIT|ARG_NO_DELETE|ARG_NO_INSERT,
282                 &config_generic, "( OLcfgGlAt:16 NAME 'olcDitContentRules' "
283                         "DESC 'OpenLDAP DIT content rules' "
284                         "EQUALITY caseIgnoreMatch "
285                         "SYNTAX OMsDirectoryString X-ORDERED 'VALUES' )",
286                         NULL, NULL },
287         { "gentlehup", "on|off", 2, 2, 0,
288 #ifdef SIGHUP
289                 ARG_ON_OFF, &global_gentlehup,
290 #else
291                 ARG_IGNORED, NULL,
292 #endif
293                 "( OLcfgGlAt:17 NAME 'olcGentleHUP' "
294                         "SYNTAX OMsBoolean SINGLE-VALUE )", NULL, NULL },
295         { "idletimeout", "timeout", 2, 2, 0, ARG_INT,
296                 &global_idletimeout, "( OLcfgGlAt:18 NAME 'olcIdleTimeout' "
297                         "SYNTAX OMsInteger SINGLE-VALUE )", NULL, NULL },
298         { "include", "file", 2, 2, 0, ARG_MAGIC,
299                 &config_include, "( OLcfgGlAt:19 NAME 'olcInclude' "
300                         "SUP labeledURI )", NULL, NULL },
301         { "index_substr_if_minlen", "min", 2, 2, 0, ARG_INT|ARG_NONZERO|ARG_MAGIC|CFG_SSTR_IF_MIN,
302                 &config_generic, "( OLcfgGlAt:20 NAME 'olcIndexSubstrIfMinLen' "
303                         "SYNTAX OMsInteger SINGLE-VALUE )", NULL, NULL },
304         { "index_substr_if_maxlen", "max", 2, 2, 0, ARG_INT|ARG_NONZERO|ARG_MAGIC|CFG_SSTR_IF_MAX,
305                 &config_generic, "( OLcfgGlAt:21 NAME 'olcIndexSubstrIfMaxLen' "
306                         "SYNTAX OMsInteger SINGLE-VALUE )", NULL, NULL },
307         { "index_substr_any_len", "len", 2, 2, 0, ARG_INT|ARG_NONZERO,
308                 &index_substr_any_len, "( OLcfgGlAt:22 NAME 'olcIndexSubstrAnyLen' "
309                         "SYNTAX OMsInteger SINGLE-VALUE )", NULL, NULL },
310         { "index_substr_step", "step", 2, 2, 0, ARG_INT|ARG_NONZERO,
311                 &index_substr_any_step, "( OLcfgGlAt:23 NAME 'olcIndexSubstrAnyStep' "
312                         "SYNTAX OMsInteger SINGLE-VALUE )", NULL, NULL },
313         { "lastmod", "on|off", 2, 2, 0, ARG_DB|ARG_ON_OFF|ARG_MAGIC|CFG_LASTMOD,
314                 &config_generic, "( OLcfgDbAt:0.4 NAME 'olcLastMod' "
315                         "SYNTAX OMsBoolean SINGLE-VALUE )", NULL, NULL },
316         { "limits", "limits", 2, 0, 0, ARG_DB|ARG_MAGIC|CFG_LIMITS,
317                 &config_generic, "( OLcfgDbAt:0.5 NAME 'olcLimits' "
318                         "SYNTAX OMsDirectoryString X-ORDERED 'VALUES' )", NULL, NULL },
319         { "localSSF", "ssf", 2, 2, 0, ARG_INT,
320                 &local_ssf, "( OLcfgGlAt:26 NAME 'olcLocalSSF' "
321                         "SYNTAX OMsInteger SINGLE-VALUE )", NULL, NULL },
322         { "logfile", "file", 2, 2, 0, ARG_STRING|ARG_MAGIC|CFG_LOGFILE,
323                 &config_generic, "( OLcfgGlAt:27 NAME 'olcLogFile' "
324                         "SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
325         { "loglevel", "level", 2, 0, 0, ARG_MAGIC,
326                 &config_loglevel, "( OLcfgGlAt:28 NAME 'olcLogLevel' "
327                         "SYNTAX OMsDirectoryString )", NULL, NULL },
328         { "maxDerefDepth", "depth", 2, 2, 0, ARG_DB|ARG_INT|ARG_MAGIC|CFG_DEPTH,
329                 &config_generic, "( OLcfgDbAt:0.6 NAME 'olcMaxDerefDepth' "
330                         "SYNTAX OMsInteger SINGLE-VALUE )", NULL, NULL },
331         { "moduleload", "file", 2, 0, 0,
332 #ifdef SLAPD_MODULES
333                 ARG_MAGIC|CFG_MODLOAD, &config_generic,
334 #else
335                 ARG_IGNORED, NULL,
336 #endif
337                 "( OLcfgGlAt:30 NAME 'olcModuleLoad' "
338                         "SYNTAX OMsDirectoryString X-ORDERED 'VALUES' )", NULL, NULL },
339         { "modulepath", "path", 2, 2, 0,
340 #ifdef SLAPD_MODULES
341                 ARG_MAGIC|CFG_MODPATH|ARG_NO_DELETE|ARG_NO_INSERT, &config_generic,
342 #else
343                 ARG_IGNORED, NULL,
344 #endif
345                 "( OLcfgGlAt:31 NAME 'olcModulePath' "
346                         "SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
347         { "objectclass", "objectclass", 2, 0, 0, ARG_PAREN|ARG_MAGIC|CFG_OC|ARG_NO_DELETE|ARG_NO_INSERT,
348                 &config_generic, "( OLcfgGlAt:32 NAME 'olcObjectClasses' "
349                 "DESC 'OpenLDAP object classes' "
350                 "EQUALITY caseIgnoreMatch "
351                 "SYNTAX OMsDirectoryString X-ORDERED 'VALUES' )",
352                         NULL, NULL },
353         { "objectidentifier", NULL,     0, 0, 0, ARG_MAGIC|CFG_OID,
354                 &config_generic, "( OLcfgGlAt:33 NAME 'olcObjectIdentifier' "
355                         "SYNTAX OMsDirectoryString X-ORDERED 'VALUES' )", NULL, NULL },
356         { "overlay", "overlay", 2, 2, 0, ARG_MAGIC,
357                 &config_overlay, "( OLcfgGlAt:34 NAME 'olcOverlay' "
358                         "SUP olcDatabase SINGLE-VALUE X-ORDERED 'SIBLINGS' )", NULL, NULL },
359         { "password-crypt-salt-format", "salt", 2, 2, 0, ARG_STRING|ARG_MAGIC|CFG_SALT,
360                 &config_generic, "( OLcfgGlAt:35 NAME 'olcPasswordCryptSaltFormat' "
361                         "SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
362         { "password-hash", "hash", 2, 2, 0, ARG_MAGIC,
363                 &config_passwd_hash, "( OLcfgGlAt:36 NAME 'olcPasswordHash' "
364                         "SYNTAX OMsDirectoryString )", NULL, NULL },
365         { "pidfile", "file", 2, 2, 0, ARG_STRING,
366                 &slapd_pid_file, "( OLcfgGlAt:37 NAME 'olcPidFile' "
367                         "SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
368         { "plugin", NULL, 0, 0, 0,
369 #ifdef LDAP_SLAPI
370                 ARG_MAGIC|CFG_PLUGIN, &config_generic,
371 #else
372                 ARG_IGNORED, NULL,
373 #endif
374                 "( OLcfgGlAt:38 NAME 'olcPlugin' "
375                         "SYNTAX OMsDirectoryString )", NULL, NULL },
376         { "pluginlog", "filename", 2, 2, 0,
377 #ifdef LDAP_SLAPI
378                 ARG_STRING, &slapi_log_file,
379 #else
380                 ARG_IGNORED, NULL,
381 #endif
382                 "( OLcfgGlAt:39 NAME 'olcPluginLogFile' "
383                         "SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
384         { "readonly", "on|off", 2, 2, 0, ARG_MAY_DB|ARG_ON_OFF|ARG_MAGIC|CFG_RO,
385                 &config_generic, "( OLcfgGlAt:40 NAME 'olcReadOnly' "
386                         "SYNTAX OMsBoolean SINGLE-VALUE )", NULL, NULL },
387         { "referral", "url", 2, 2, 0, ARG_MAGIC,
388                 &config_referral, "( OLcfgGlAt:41 NAME 'olcReferral' "
389                         "SUP labeledURI SINGLE-VALUE )", NULL, NULL },
390         { "replica", "host or uri", 2, 0, 0, ARG_DB|ARG_MAGIC,
391                 &config_replica, "( OLcfgDbAt:0.7 NAME 'olcReplica' "
392                         "SUP labeledURI )", NULL, NULL },
393         { "replica-argsfile", NULL, 0, 0, 0, ARG_STRING,
394                 &replica_argsFile, "( OLcfgGlAt:43 NAME 'olcReplicaArgsFile' "
395                         "SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
396         { "replica-pidfile", NULL, 0, 0, 0, ARG_STRING,
397                 &replica_pidFile, "( OLcfgGlAt:44 NAME 'olcReplicaPidFile' "
398                         "SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
399         { "replicationInterval", NULL, 0, 0, 0, ARG_INT,
400                 &replicationInterval, "( OLcfgGlAt:45 NAME 'olcReplicationInterval' "
401                         "SYNTAX OMsInteger SINGLE-VALUE )", NULL, NULL },
402         { "replogfile", "filename", 2, 2, 0, ARG_MAY_DB|ARG_MAGIC|ARG_STRING|CFG_REPLOG,
403                 &config_generic, "( OLcfgGlAt:46 NAME 'olcReplogFile' "
404                         "SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
405         { "require", "features", 2, 0, 7, ARG_MAY_DB|ARG_MAGIC,
406                 &config_requires, "( OLcfgGlAt:47 NAME 'olcRequires' "
407                         "SYNTAX OMsDirectoryString )", NULL, NULL },
408         { "restrict", "op_list", 2, 0, 0, ARG_MAY_DB|ARG_MAGIC,
409                 &config_restrict, "( OLcfgGlAt:48 NAME 'olcRestrict' "
410                         "SYNTAX OMsDirectoryString )", NULL, NULL },
411         { "reverse-lookup", "on|off", 2, 2, 0,
412 #ifdef SLAPD_RLOOKUPS
413                 ARG_ON_OFF, &use_reverse_lookup,
414 #else
415                 ARG_IGNORED, NULL,
416 #endif
417                 "( OLcfgGlAt:49 NAME 'olcReverseLookup' "
418                         "SYNTAX OMsBoolean SINGLE-VALUE )", NULL, NULL },
419         { "rootdn", "dn", 2, 2, 0, ARG_DB|ARG_DN|ARG_MAGIC,
420                 &config_rootdn, "( OLcfgDbAt:0.8 NAME 'olcRootDN' "
421                         "SYNTAX OMsDN SINGLE-VALUE )", NULL, NULL },
422         { "rootDSE", "file", 2, 2, 0, ARG_MAGIC|CFG_ROOTDSE,
423                 &config_generic, "( OLcfgGlAt:51 NAME 'olcRootDSE' "
424                         "SYNTAX OMsDirectoryString )", NULL, NULL },
425         { "rootpw", "password", 2, 2, 0, ARG_BERVAL|ARG_DB|ARG_MAGIC,
426                 &config_rootpw, "( OLcfgDbAt:0.9 NAME 'olcRootPW' "
427                         "SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
428         { "sasl-authz-policy", NULL, 2, 2, 0, ARG_MAGIC|CFG_AZPOLICY,
429                 &config_generic, NULL, NULL, NULL },
430         { "sasl-host", "host", 2, 2, 0,
431 #ifdef HAVE_CYRUS_SASL
432                 ARG_STRING|ARG_UNIQUE, &global_host,
433 #else
434                 ARG_IGNORED, NULL,
435 #endif
436                 "( OLcfgGlAt:53 NAME 'olcSaslHost' "
437                         "SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
438         { "sasl-realm", "realm", 2, 2, 0,
439 #ifdef HAVE_CYRUS_SASL
440                 ARG_STRING|ARG_UNIQUE, &global_realm,
441 #else
442                 ARG_IGNORED, NULL,
443 #endif
444                 "( OLcfgGlAt:54 NAME 'olcSaslRealm' "
445                         "SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
446         { "sasl-regexp", NULL, 3, 3, 0, ARG_MAGIC|CFG_AZREGEXP,
447                 &config_generic, NULL, NULL, NULL },
448         { "sasl-secprops", "properties", 2, 2, 0,
449 #ifdef HAVE_CYRUS_SASL
450                 ARG_MAGIC|CFG_SASLSECP, &config_generic,
451 #else
452                 ARG_IGNORED, NULL,
453 #endif
454                 "( OLcfgGlAt:56 NAME 'olcSaslSecProps' "
455                         "SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
456         { "saslRegexp", NULL, 3, 3, 0, ARG_MAGIC|CFG_AZREGEXP,
457                 &config_generic, NULL, NULL, NULL },
458         { "schemacheck", "on|off", 2, 2, 0, ARG_ON_OFF|ARG_MAGIC|CFG_CHECK,
459                 &config_generic, "( OLcfgGlAt:57 NAME 'olcSchemaCheck' "
460                         "SYNTAX OMsBoolean SINGLE-VALUE )", NULL, NULL },
461         { "schemadn", "dn", 2, 2, 0, ARG_MAY_DB|ARG_DN|ARG_MAGIC,
462                 &config_schema_dn, "( OLcfgGlAt:58 NAME 'olcSchemaDN' "
463                         "SYNTAX OMsDN SINGLE-VALUE )", NULL, NULL },
464         { "security", "factors", 2, 0, 0, ARG_MAY_DB|ARG_MAGIC,
465                 &config_security, "( OLcfgGlAt:59 NAME 'olcSecurity' "
466                         "SYNTAX OMsDirectoryString )", NULL, NULL },
467         { "sizelimit", "limit", 2, 0, 0, ARG_MAY_DB|ARG_MAGIC,
468                 &config_sizelimit, "( OLcfgGlAt:60 NAME 'olcSizeLimit' "
469                         "SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
470         { "sockbuf_max_incoming", "max", 2, 2, 0, ARG_BER_LEN_T,
471                 &sockbuf_max_incoming, "( OLcfgGlAt:61 NAME 'olcSockbufMaxIncoming' "
472                         "SYNTAX OMsInteger SINGLE-VALUE )", NULL, NULL },
473         { "sockbuf_max_incoming_auth", "max", 2, 2, 0, ARG_BER_LEN_T,
474                 &sockbuf_max_incoming_auth, "( OLcfgGlAt:62 NAME 'olcSockbufMaxIncomingAuth' "
475                         "SYNTAX OMsInteger SINGLE-VALUE )", NULL, NULL },
476         { "srvtab", "file", 2, 2, 0,
477 #ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
478                 ARG_STRING, &ldap_srvtab,
479 #else
480                 ARG_IGNORED, NULL,
481 #endif
482                 "( OLcfgGlAt:63 NAME 'olcSrvtab' "
483                         "SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
484         { "suffix",     "suffix", 2, 2, 0, ARG_DB|ARG_DN|ARG_MAGIC,
485                 &config_suffix, "( OLcfgDbAt:0.10 NAME 'olcSuffix' "
486                         "SYNTAX OMsDN )", NULL, NULL },
487         { "syncrepl", NULL, 0, 0, 0, ARG_DB|ARG_MAGIC,
488                 &syncrepl_config, "( OLcfgDbAt:0.11 NAME 'olcSyncrepl' "
489                         "SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
490         { "threads", "count", 2, 2, 0, ARG_INT|ARG_MAGIC|CFG_THREADS,
491                 &config_generic, "( OLcfgGlAt:66 NAME 'olcThreads' "
492                         "SYNTAX OMsInteger SINGLE-VALUE )", NULL, NULL },
493         { "timelimit", "limit", 2, 0, 0, ARG_MAY_DB|ARG_MAGIC,
494                 &config_timelimit, "( OLcfgGlAt:67 NAME 'olcTimeLimit' "
495                         "SYNTAX OMsDirectoryString )", NULL, NULL },
496         { "TLSCACertificateFile", NULL, 0, 0, 0,
497 #ifdef HAVE_TLS
498                 CFG_TLS_CA_FILE|ARG_STRING|ARG_MAGIC, &config_tls_option,
499 #else
500                 ARG_IGNORED, NULL,
501 #endif
502                 "( OLcfgGlAt:68 NAME 'olcTLSCACertificateFile' "
503                         "SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
504         { "TLSCACertificatePath", NULL, 0, 0, 0,
505 #ifdef HAVE_TLS
506                 CFG_TLS_CA_PATH|ARG_STRING|ARG_MAGIC, &config_tls_option,
507 #else
508                 ARG_IGNORED, NULL,
509 #endif
510                 "( OLcfgGlAt:69 NAME 'olcTLSCACertificatePath' "
511                         "SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
512         { "TLSCertificateFile", NULL, 0, 0, 0,
513 #ifdef HAVE_TLS
514                 CFG_TLS_CERT_FILE|ARG_STRING|ARG_MAGIC, &config_tls_option,
515 #else
516                 ARG_IGNORED, NULL,
517 #endif
518                 "( OLcfgGlAt:70 NAME 'olcTLSCertificateFile' "
519                         "SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
520         { "TLSCertificateKeyFile", NULL, 0, 0, 0,
521 #ifdef HAVE_TLS
522                 CFG_TLS_CERT_KEY|ARG_STRING|ARG_MAGIC, &config_tls_option,
523 #else
524                 ARG_IGNORED, NULL,
525 #endif
526                 "( OLcfgGlAt:71 NAME 'olcTLSCertificateKeyFile' "
527                         "SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
528         { "TLSCipherSuite",     NULL, 0, 0, 0,
529 #ifdef HAVE_TLS
530                 CFG_TLS_CIPHER|ARG_STRING|ARG_MAGIC, &config_tls_option,
531 #else
532                 ARG_IGNORED, NULL,
533 #endif
534                 "( OLcfgGlAt:72 NAME 'olcTLSCipherSuite' "
535                         "SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
536         { "TLSCRLCheck", NULL, 0, 0, 0,
537 #if defined(HAVE_TLS) && defined(HAVE_OPENSSL_CRL)
538                 CFG_TLS_CRLCHECK|ARG_STRING|ARG_MAGIC, &config_tls_config,
539 #else
540                 ARG_IGNORED, NULL,
541 #endif
542                 "( OLcfgGlAt:73 NAME 'olcTLSCRLCheck' "
543                         "SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
544         { "TLSRandFile", NULL, 0, 0, 0,
545 #ifdef HAVE_TLS
546                 CFG_TLS_RAND|ARG_STRING|ARG_MAGIC, &config_tls_option,
547 #else
548                 ARG_IGNORED, NULL,
549 #endif
550                 "( OLcfgGlAt:74 NAME 'olcTLSRandFile' "
551                         "SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
552         { "TLSVerifyClient", NULL, 0, 0, 0,
553 #ifdef HAVE_TLS
554                 CFG_TLS_VERIFY|ARG_STRING|ARG_MAGIC, &config_tls_config,
555 #else
556                 ARG_IGNORED, NULL,
557 #endif
558                 "( OLcfgGlAt:75 NAME 'olcTLSVerifyClient' "
559                         "SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
560         { "ucdata-path", "path", 2, 2, 0, ARG_IGNORED,
561                 NULL, NULL, NULL, NULL },
562         { "updatedn", "dn", 2, 2, 0, ARG_DB|ARG_MAGIC,
563                 &config_updatedn, "( OLcfgDbAt:0.12 NAME 'olcUpdateDN' "
564                         "SYNTAX OMsDN SINGLE-VALUE )", NULL, NULL },
565         { "updateref", "url", 2, 2, 0, ARG_DB|ARG_MAGIC,
566                 &config_updateref, "( OLcfgDbAt:0.13 NAME 'olcUpdateRef' "
567                         "SUP labeledURI )", NULL, NULL },
568         { NULL, NULL, 0, 0, 0, ARG_IGNORED,
569                 NULL, NULL, NULL, NULL }
570 };
571
572 /* Routines to check if a child can be added to this type */
573 static ConfigLDAPadd cfAddSchema, cfAddInclude, cfAddDatabase,
574         cfAddBackend, cfAddModule, cfAddOverlay;
575
576 #define CFOC_GLOBAL     cf_ocs[1]
577 #define CFOC_SCHEMA     cf_ocs[2]
578 #define CFOC_BACKEND    cf_ocs[3]
579 #define CFOC_DATABASE   cf_ocs[4]
580 #define CFOC_OVERLAY    cf_ocs[5]
581 #define CFOC_INCLUDE    cf_ocs[6]
582 #define CFOC_MODULE     cf_ocs[7]
583
584 static ConfigOCs cf_ocs[] = {
585         { "( OLcfgGlOc:1 "
586                 "NAME 'olcConfig' "
587                 "DESC 'OpenLDAP configuration object' "
588                 "ABSTRACT SUP top )", Cft_Abstract, NULL },
589         { "( OLcfgGlOc:2 "
590                 "NAME 'olcGlobal' "
591                 "DESC 'OpenLDAP Global configuration options' "
592                 "SUP olcConfig STRUCTURAL "
593                 "MAY ( cn $ olcConfigFile $ olcConfigDir $ olcAllows $ olcArgsFile $ "
594                  "olcAttributeOptions $ olcAuthIDRewrite $ "
595                  "olcAuthzPolicy $ olcAuthzRegexp $ olcConcurrency $ "
596                  "olcConnMaxPending $ olcConnMaxPendingAuth $ olcDefaultSearchBase $ "
597                  "olcDisallows $ olcGentleHUP $ olcIdleTimeout $ "
598                  "olcIndexSubstrIfMaxLen $ olcIndexSubstrIfMinLen $ "
599                  "olcIndexSubstrAnyLen $ olcIndexSubstrAnyStep $ olcLocalSSF $ "
600                  "olcLogLevel $ "
601                  "olcPasswordCryptSaltFormat $ olcPasswordHash $ olcPidFile $ "
602                  "olcPluginLogFile $ olcReadOnly $ olcReferral $ "
603                  "olcReplicaPidFile $ olcReplicaArgsFile $ olcReplicationInterval $ "
604                  "olcReplogFile $ olcRequires $ olcRestrict $ olcReverseLookup $ "
605                  "olcRootDSE $ olcRootPW $ "
606                  "olcSaslHost $ olcSaslRealm $ olcSaslSecProps $ "
607                  "olcSchemaCheck $ olcSecurity $ olcSizeLimit $ "
608                  "olcSockbufMaxIncoming $ olcSockbufMaxIncomingAuth $ olcSrvtab $ "
609                  "olcThreads $ olcTimeLimit $ olcTLSCACertificateFile $ "
610                  "olcTLSCACertificatePath $ olcTLSCertificateFile $ "
611                  "olcTLSCertificateKeyFile $ olcTLSCipherSuite $ olcTLSCRLCheck $ "
612                  "olcTLSRandFile $ olcTLSVerifyClient $ "
613                  "olcObjectIdentifier $ olcAttributeTypes $ olcObjectClasses $ "
614                  "olcDitContentRules ) )", Cft_Global },
615         { "( OLcfgGlOc:3 "
616                 "NAME 'olcSchemaConfig' "
617                 "DESC 'OpenLDAP schema object' "
618                 "SUP olcConfig STRUCTURAL "
619                 "MAY ( cn $ olcObjectIdentifier $ olcAttributeTypes $ "
620                  "olcObjectClasses $ olcDitContentRules ) )",
621                         Cft_Schema, NULL, cfAddSchema },
622         { "( OLcfgGlOc:4 "
623                 "NAME 'olcBackendConfig' "
624                 "DESC 'OpenLDAP Backend-specific options' "
625                 "SUP olcConfig STRUCTURAL "
626                 "MUST olcBackend )", Cft_Backend, NULL, cfAddBackend },
627         { "( OLcfgGlOc:5 "
628                 "NAME 'olcDatabaseConfig' "
629                 "DESC 'OpenLDAP Database-specific options' "
630                 "SUP olcConfig STRUCTURAL "
631                 "MUST olcDatabase "
632                 "MAY ( olcSuffix $ olcAccess $ olcLastMod $ olcLimits $ "
633                  "olcMaxDerefDepth $ olcPlugin $ olcReadOnly $ olcReplica $ "
634                  "olcReplogFile $ olcRequires $ olcRestrict $ olcRootDN $ olcRootPW $ "
635                  "olcSchemaDN $ olcSecurity $ olcSizeLimit $ olcSyncrepl $ "
636                  "olcTimeLimit $ olcUpdateDN $ olcUpdateRef ) )",
637                         Cft_Database, NULL, cfAddDatabase },
638         { "( OLcfgGlOc:6 "
639                 "NAME 'olcOverlayConfig' "
640                 "DESC 'OpenLDAP Overlay-specific options' "
641                 "SUP olcConfig STRUCTURAL "
642                 "MUST olcOverlay )", Cft_Overlay, NULL, cfAddOverlay },
643         { "( OLcfgGlOc:7 "
644                 "NAME 'olcIncludeFile' "
645                 "DESC 'OpenLDAP configuration include file' "
646                 "SUP olcConfig STRUCTURAL "
647                 "MUST olcInclude "
648                 "MAY ( cn $ olcRootDSE ) )",
649                 Cft_Include, NULL, cfAddInclude },
650 #ifdef SLAPD_MODULES
651         { "( OLcfgGlOc:8 "
652                 "NAME 'olcModuleList' "
653                 "DESC 'OpenLDAP dynamic module info' "
654                 "SUP olcConfig STRUCTURAL "
655                 "MUST ( olcModulePath $ olcModuleLoad ) "
656                 "MAY cn )", Cft_Module, NULL, cfAddModule },
657 #endif
658         { NULL, 0, NULL }
659 };
660
661 static int
662 config_generic(ConfigArgs *c) {
663         char *p;
664         int i;
665
666         if ( c->op == SLAP_CONFIG_EMIT ) {
667                 int rc = 0;
668                 switch(c->type) {
669                 case CFG_CONCUR:
670                         c->value_int = ldap_pvt_thread_get_concurrency();
671                         break;
672                 case CFG_THREADS:
673                         c->value_int = connection_pool_max;
674                         break;
675                 case CFG_SALT:
676                         if ( passwd_salt )
677                                 c->value_string = ch_strdup( passwd_salt );
678                         else
679                                 rc = 1;
680                         break;
681                 case CFG_LIMITS:
682                         if ( c->be->be_limits ) {
683                                 char buf[4096*3];
684                                 struct berval bv;
685                                 int i;
686
687                                 for ( i=0; c->be->be_limits[i]; i++ ) {
688                                         bv.bv_len = sprintf( buf, IFMT, i );
689                                         bv.bv_val = buf+bv.bv_len;
690                                         limits_unparse( c->be->be_limits[i], &bv );
691                                         bv.bv_len += bv.bv_val - buf;
692                                         bv.bv_val = buf;
693                                         value_add_one( &c->rvalue_vals, &bv );
694                                 }
695                         }
696                         if ( !c->rvalue_vals ) rc = 1;
697                         break;
698                 case CFG_RO:
699                         c->value_int = (c->be->be_restrictops & SLAP_RESTRICT_OP_WRITES) != 0;
700                         break;
701                 case CFG_AZPOLICY:
702                         c->value_string = ch_strdup( slap_sasl_getpolicy());
703                         break;
704                 case CFG_AZREGEXP:
705                         slap_sasl_regexp_unparse( &c->rvalue_vals );
706                         if ( !c->rvalue_vals ) rc = 1;
707                         break;
708 #ifdef HAVE_CYRUS_SASL
709                 case CFG_SASLSECP: {
710                         struct berval bv = BER_BVNULL;
711                         slap_sasl_secprops_unparse( &bv );
712                         if ( !BER_BVISNULL( &bv )) {
713                                 ber_bvarray_add( &c->rvalue_vals, &bv );
714                         } else {
715                                 rc = 1;
716                         }
717                         }
718                         break;
719 #endif
720                 case CFG_DEPTH:
721                         c->value_int = c->be->be_max_deref_depth;
722                         break;
723                 case CFG_OID: {
724                         ConfigFile *cf = c->private;
725                         if ( !cf )
726                                 oidm_unparse( &c->rvalue_vals, NULL, NULL, 1 );
727                         else if ( cf->c_om_head )
728                                 oidm_unparse( &c->rvalue_vals, cf->c_om_head,
729                                         cf->c_om_tail, 0 );
730                         if ( !c->rvalue_vals )
731                                 rc = 1;
732                         }
733                         break;
734                 case CFG_OC: {
735                         ConfigFile *cf = c->private;
736                         if ( !cf )
737                                 oc_unparse( &c->rvalue_vals, NULL, NULL, 1 );
738                         else if ( cf->c_oc_head )
739                                 oc_unparse( &c->rvalue_vals, cf->c_oc_head,
740                                         cf->c_oc_tail, 0 );
741                         if ( !c->rvalue_vals )
742                                 rc = 1;
743                         }
744                         break;
745                 case CFG_ATTR: {
746                         ConfigFile *cf = c->private;
747                         if ( !cf )
748                                 at_unparse( &c->rvalue_vals, NULL, NULL, 1 );
749                         else if ( cf->c_at_head )
750                                 at_unparse( &c->rvalue_vals, cf->c_at_head,
751                                         cf->c_at_tail, 0 );
752                         if ( !c->rvalue_vals )
753                                 rc = 1;
754                         }
755                         break;
756                 case CFG_DIT: {
757                         ConfigFile *cf = c->private;
758                         if ( !cf )
759                                 cr_unparse( &c->rvalue_vals, NULL, NULL, 1 );
760                         else if ( cf->c_cr_head )
761                                 cr_unparse( &c->rvalue_vals, cf->c_cr_head,
762                                         cf->c_cr_tail, 0 );
763                         if ( !c->rvalue_vals )
764                                 rc = 1;
765                         }
766                         break;
767                         
768                 case CFG_CHECK:
769                         c->value_int = global_schemacheck;
770                         break;
771                 case CFG_ACL: {
772                         AccessControl *a;
773                         char *src, *dst, ibuf[11];
774                         struct berval bv, abv;
775                         for (i=0, a=c->be->be_acl; a; i++,a=a->acl_next) {
776                                 abv.bv_len = sprintf( ibuf, IFMT, i );
777                                 acl_unparse( a, &bv );
778                                 abv.bv_val = ch_malloc( abv.bv_len + bv.bv_len + 1 );
779                                 AC_MEMCPY( abv.bv_val, ibuf, abv.bv_len );
780                                 /* Turn TAB / EOL into plain space */
781                                 for (src=bv.bv_val,dst=abv.bv_val+abv.bv_len; *src; src++) {
782                                         if (isspace(*src)) *dst++ = ' ';
783                                         else *dst++ = *src;
784                                 }
785                                 *dst = '\0';
786                                 if (dst[-1] == ' ') {
787                                         dst--;
788                                         *dst = '\0';
789                                 }
790                                 abv.bv_len = dst - abv.bv_val;
791                                 ber_bvarray_add( &c->rvalue_vals, &abv );
792                         }
793                         rc = (!i);
794                         break;
795                 }
796                 case CFG_REPLOG:
797                         if ( c->be->be_replogfile )
798                                 c->value_string = ch_strdup( c->be->be_replogfile );
799                         break;
800                 case CFG_ROOTDSE: {
801                         ConfigFile *cf = c->private;
802                         if ( cf->c_dseFiles ) {
803                                 value_add( &c->rvalue_vals, cf->c_dseFiles );
804                         } else {
805                                 rc = 1;
806                         }
807                         }
808                         break;
809                 case CFG_LOGFILE:
810                         if ( logfileName )
811                                 c->value_string = ch_strdup( logfileName );
812                         else
813                                 rc = 1;
814                         break;
815                 case CFG_LASTMOD:
816                         c->value_int = (SLAP_NOLASTMOD(c->be) == 0);
817                         break;
818                 case CFG_SSTR_IF_MAX:
819                         c->value_int = index_substr_if_maxlen;
820                         break;
821                 case CFG_SSTR_IF_MIN:
822                         c->value_int = index_substr_if_minlen;
823                         break;
824 #ifdef SLAPD_MODULES
825                 case CFG_MODLOAD: {
826                         ModPaths *mp = c->private;
827                         if (mp->mp_loads) {
828                                 int i;
829                                 for (i=0; !BER_BVISNULL(&mp->mp_loads[i]); i++) {
830                                         struct berval bv;
831                                         bv.bv_val = c->log;
832                                         bv.bv_len = sprintf( bv.bv_val, IFMT "%s", i,
833                                                 mp->mp_loads[i].bv_val );
834                                         value_add_one( &c->rvalue_vals, &bv );
835                                 }
836                         }
837
838                         rc = c->rvalue_vals ? 0 : 1;
839                         }
840                         break;
841                 case CFG_MODPATH: {
842                         ModPaths *mp = c->private;
843                         value_add_one( &c->rvalue_vals, &mp->mp_path );
844
845                         rc = c->rvalue_vals ? 0 : 1;
846                         }
847                         break;
848 #endif
849 #ifdef LDAP_SLAPI
850                 case CFG_PLUGIN:
851                         slapi_int_plugin_unparse( c->be, &c->rvalue_vals );
852                         if ( !c->rvalue_vals ) rc = 1;
853                         break;
854 #endif
855 #ifdef SLAP_AUTH_REWRITE
856                 case CFG_REWRITE:
857                         if ( authz_rewrites ) {
858                                 struct berval bv, idx;
859                                 char ibuf[32];
860                                 int i;
861
862                                 idx.bv_val = ibuf;
863                                 for ( i=0; !BER_BVISNULL( &authz_rewrites[i] ); i++ ) {
864                                         idx.bv_len = sprintf( idx.bv_val, IFMT, i );
865                                         bv.bv_len = idx.bv_len + authz_rewrites[i].bv_len;
866                                         bv.bv_val = ch_malloc( bv.bv_len + 1 );
867                                         strcpy( bv.bv_val, idx.bv_val );
868                                         strcpy( bv.bv_val+idx.bv_len, authz_rewrites[i].bv_val );
869                                         ber_bvarray_add( &c->rvalue_vals, &bv );
870                                 }
871                         }
872                         if ( !c->rvalue_vals ) rc = 1;
873                         break;
874 #endif
875                 default:
876                         rc = 1;
877                 }
878                 return rc;
879         } else if ( c->op == LDAP_MOD_DELETE ) {
880                 int rc = 0;
881                 switch(c->type) {
882                 /* single-valued attrs, no-ops */
883                 case CFG_CONCUR:
884                 case CFG_THREADS:
885                 case CFG_RO:
886                 case CFG_AZPOLICY:
887                 case CFG_DEPTH:
888                 case CFG_CHECK:
889                 case CFG_LASTMOD:
890                 case CFG_SASLSECP:
891                 case CFG_SSTR_IF_MAX:
892                 case CFG_SSTR_IF_MIN:
893                         break;
894
895                 /* no-ops, requires slapd restart */
896                 case CFG_PLUGIN:
897                 case CFG_MODLOAD:
898                 case CFG_AZREGEXP:
899                 case CFG_REWRITE:
900                         sprintf(c->log, "change requires slapd restart");
901                         break;
902
903                 case CFG_SALT:
904                         ch_free( passwd_salt );
905                         passwd_salt = NULL;
906                         break;
907
908                 case CFG_REPLOG:
909                         ch_free( c->be->be_replogfile );
910                         c->be->be_replogfile = NULL;
911                         break;
912
913                 case CFG_LOGFILE:
914                         ch_free( logfileName );
915                         logfileName = NULL;
916                         break;
917
918                 case CFG_ACL:
919                         if ( c->valx < 0 ) {
920                                 AccessControl *end;
921                                 if ( c->be == frontendDB )
922                                         end = NULL;
923                                 else
924                                         end = frontendDB->be_acl;
925                                 acl_destroy( c->be->be_acl, end );
926                         } else {
927                                 AccessControl **prev, *a;
928                                 int i;
929                                 for (i=0, prev = &c->be->be_acl; i < c->valx;
930                                         i++ ) {
931                                         a = *prev;
932                                         prev = &a->acl_next;
933                                 }
934                                 a = *prev;
935                                 *prev = a->acl_next;
936                                 acl_free( a );
937                         }
938                         break;
939
940                 case CFG_LIMITS:
941                         /* FIXME: there is no limits_free function */
942                 case CFG_ATOPT:
943                         /* FIXME: there is no ad_option_free function */
944                 case CFG_ROOTDSE:
945                         /* FIXME: there is no way to remove attributes added by
946                                 a DSE file */
947                 case CFG_OID:
948                 case CFG_OC:
949                 case CFG_DIT:
950                 case CFG_ATTR:
951                 case CFG_MODPATH:
952                 default:
953                         rc = 1;
954                         break;
955                 }
956                 return rc;
957         }
958
959         p = strchr(c->line,'(' /*')'*/);
960
961         switch(c->type) {
962                 case CFG_BACKEND:
963                         if(!(c->bi = backend_info(c->argv[1]))) {
964                                 sprintf( c->msg, "<%s> failed init", c->argv[0] );
965                                 Debug(LDAP_DEBUG_ANY, "%s: %s (%s)!\n",
966                                         c->log, c->msg, c->argv[1] );
967                                 return(1);
968                         }
969                         break;
970
971                 case CFG_DATABASE:
972                         c->bi = NULL;
973                         /* NOTE: config is always the first backend!
974                          */
975                         if ( !strcasecmp( c->argv[1], "config" )) {
976                                 c->be = LDAP_STAILQ_FIRST(&backendDB);
977                         } else if ( !strcasecmp( c->argv[1], "frontend" )) {
978                                 c->be = frontendDB;
979                         } else if(!(c->be = backend_db_init(c->argv[1]))) {
980                                 sprintf( c->msg, "<%s> failed init", c->argv[0] );
981                                 Debug(LDAP_DEBUG_ANY, "%s: %s (%s)!\n",
982                                         c->log, c->msg, c->argv[1] );
983                                 return(1);
984                         }
985                         break;
986
987                 case CFG_CONCUR:
988                         ldap_pvt_thread_set_concurrency(c->value_int);
989                         break;
990
991                 case CFG_THREADS:
992                         ldap_pvt_thread_pool_maxthreads(&connection_pool, c->value_int);
993                         connection_pool_max = c->value_int;     /* save for reference */
994                         break;
995
996                 case CFG_SALT:
997                         if ( passwd_salt ) ch_free( passwd_salt );
998                         passwd_salt = c->value_string;
999                         lutil_salt_format(passwd_salt);
1000                         break;
1001
1002                 case CFG_LIMITS:
1003                         if(limits_parse(c->be, c->fname, c->lineno, c->argc, c->argv))
1004                                 return(1);
1005                         break;
1006
1007                 case CFG_RO:
1008                         if(c->value_int)
1009                                 c->be->be_restrictops |= SLAP_RESTRICT_OP_WRITES;
1010                         else
1011                                 c->be->be_restrictops &= ~SLAP_RESTRICT_OP_WRITES;
1012                         break;
1013
1014                 case CFG_AZPOLICY:
1015                         ch_free(c->value_string);
1016                         if (slap_sasl_setpolicy( c->argv[1] )) {
1017                                 sprintf( c->msg, "<%s> unable to parse value", c->argv[0] );
1018                                 Debug(LDAP_DEBUG_ANY, "%s: %s \"%s\"\n",
1019                                         c->log, c->msg, c->argv[1] );
1020                                 return(1);
1021                         }
1022                         break;
1023                 
1024                 case CFG_AZREGEXP:
1025                         if (slap_sasl_regexp_config( c->argv[1], c->argv[2] ))
1026                                 return(1);
1027                         break;
1028                                 
1029 #ifdef HAVE_CYRUS_SASL
1030                 case CFG_SASLSECP:
1031                         {
1032                         char *txt = slap_sasl_secprops( c->argv[1] );
1033                         if ( txt ) {
1034                                 snprintf( c->msg, sizeof(c->msg), "<%s> %s",
1035                                         c->argv[0], txt );
1036                                 Debug(LDAP_DEBUG_ANY, "%s: %s\n", c->log, c->msg, 0 );
1037                                 return(1);
1038                         }
1039                         break;
1040                         }
1041 #endif
1042
1043                 case CFG_DEPTH:
1044                         c->be->be_max_deref_depth = c->value_int;
1045                         break;
1046
1047                 case CFG_OID: {
1048                         OidMacro *om;
1049
1050                         if(parse_oidm(c->fname, c->lineno, c->argc, c->argv, 1, &om))
1051                                 return(1);
1052                         if (!cfn->c_om_head) cfn->c_om_head = om;
1053                         cfn->c_om_tail = om;
1054                         }
1055                         break;
1056
1057                 case CFG_OC: {
1058                         ObjectClass *oc;
1059
1060                         if(parse_oc(c->fname, c->lineno, p, c->argv, &oc)) return(1);
1061                         if (!cfn->c_oc_head) cfn->c_oc_head = oc;
1062                         cfn->c_oc_tail = oc;
1063                         }
1064                         break;
1065
1066                 case CFG_DIT: {
1067                         ContentRule *cr;
1068
1069                         if(parse_cr(c->fname, c->lineno, p, c->argv, &cr)) return(1);
1070                         if (!cfn->c_cr_head) cfn->c_cr_head = cr;
1071                         cfn->c_cr_tail = cr;
1072                         }
1073                         break;
1074
1075                 case CFG_ATTR: {
1076                         AttributeType *at;
1077
1078                         if(parse_at(c->fname, c->lineno, p, c->argv, &at)) return(1);
1079                         if (!cfn->c_at_head) cfn->c_at_head = at;
1080                         cfn->c_at_tail = at;
1081                         }
1082                         break;
1083
1084                 case CFG_ATOPT:
1085                         ad_define_option(NULL, NULL, 0);
1086                         for(i = 1; i < c->argc; i++)
1087                                 if(ad_define_option(c->argv[i], c->fname, c->lineno))
1088                                         return(1);
1089                         break;
1090
1091                 case CFG_CHECK:
1092                         global_schemacheck = c->value_int;
1093                         if(!global_schemacheck) Debug(LDAP_DEBUG_ANY, "%s: "
1094                                 "schema checking disabled! your mileage may vary!\n",
1095                                 c->log, 0, 0);
1096                         break;
1097
1098                 case CFG_ACL:
1099                         parse_acl(c->be, c->fname, c->lineno, c->argc, c->argv, c->valx);
1100                         break;
1101
1102                 case CFG_REPLOG:
1103                         if(SLAP_MONITOR(c->be)) {
1104                                 Debug(LDAP_DEBUG_ANY, "%s: "
1105                                         "\"replogfile\" should not be used "
1106                                         "inside monitor database\n",
1107                                         c->log, 0, 0);
1108                                 return(0);      /* FIXME: should this be an error? */
1109                         }
1110
1111                         c->be->be_replogfile = c->value_string;
1112                         break;
1113
1114                 case CFG_ROOTDSE:
1115                         if(read_root_dse_file(c->argv[1])) {
1116                                 sprintf( c->msg, "<%s> could not read file", c->argv[0] );
1117                                 Debug(LDAP_DEBUG_ANY, "%s: %s %s\n",
1118                                         c->log, c->msg, c->argv[1] );
1119                                 return(1);
1120                         }
1121                         {
1122                                 struct berval bv;
1123                                 ber_str2bv( c->argv[1], 0, 1, &bv );
1124                                 ber_bvarray_add( &cfn->c_dseFiles, &bv );
1125                         }
1126                         break;
1127
1128                 case CFG_LOGFILE: {
1129                                 FILE *logfile;
1130                                 if ( logfileName ) ch_free( logfileName );
1131                                 logfileName = c->value_string;
1132                                 logfile = fopen(logfileName, "w");
1133                                 if(logfile) lutil_debug_file(logfile);
1134                         } break;
1135
1136                 case CFG_LASTMOD:
1137                         if(SLAP_NOLASTMODCMD(c->be)) {
1138                                 sprintf( c->msg, "<%s> not available for %s database",
1139                                         c->argv[0], c->be->bd_info->bi_type );
1140                                 Debug(LDAP_DEBUG_ANY, "%s: %s\n",
1141                                         c->log, c->msg, 0 );
1142                                 return(1);
1143                         }
1144                         if(c->value_int)
1145                                 SLAP_DBFLAGS(c->be) &= ~SLAP_DBFLAG_NOLASTMOD;
1146                         else
1147                                 SLAP_DBFLAGS(c->be) |= SLAP_DBFLAG_NOLASTMOD;
1148                         break;
1149
1150                 case CFG_SSTR_IF_MAX:
1151                         if (c->value_int < index_substr_if_minlen) {
1152                                 sprintf( c->msg, "<%s> invalid value", c->argv[0] );
1153                                 Debug(LDAP_DEBUG_ANY, "%s: %s (%d)\n",
1154                                         c->log, c->msg, c->value_int );
1155                                 return(1);
1156                         }
1157                         index_substr_if_maxlen = c->value_int;
1158                         break;
1159
1160                 case CFG_SSTR_IF_MIN:
1161                         if (c->value_int > index_substr_if_maxlen) {
1162                                 sprintf( c->msg, "<%s> invalid value", c->argv[0] );
1163                                 Debug(LDAP_DEBUG_ANY, "%s: %s (%d)\n",
1164                                         c->log, c->msg, c->value_int );
1165                                 return(1);
1166                         }
1167                         index_substr_if_minlen = c->value_int;
1168                         break;
1169
1170 #ifdef SLAPD_MODULES
1171                 case CFG_MODLOAD:
1172                         if(module_load(c->argv[1], c->argc - 2, (c->argc > 2) ? c->argv + 2 : NULL))
1173                                 return(1);
1174                         /* Record this load on the current path */
1175                         {
1176                                 struct berval bv;
1177                                 ModPaths *mp;
1178                                 char *ptr = c->line + STRLENOF("moduleload");
1179                                 while (!isspace(*ptr)) ptr++;
1180                                 while (isspace(*ptr)) ptr++;
1181                                 ber_str2bv(ptr, 0, 1, &bv);
1182                                 if ( c->op == SLAP_CONFIG_ADD )
1183                                         mp = modcur;
1184                                 else
1185                                         mp = c->private;
1186                                 ber_bvarray_add( &mp->mp_loads, &bv );
1187                         }
1188                         break;
1189
1190                 case CFG_MODPATH:
1191                         if(module_path(c->argv[1])) return(1);
1192                         /* Record which path was used with each module */
1193                         {
1194                                 ModPaths *mp;
1195
1196                                 if (!modpaths.mp_loads) {
1197                                         mp = &modpaths;
1198                                 } else {
1199                                         mp = ch_malloc( sizeof( ModPaths ));
1200                                         modlast->mp_next = mp;
1201                                 }
1202                                 ber_str2bv(c->argv[1], 0, 1, &mp->mp_path);
1203                                 mp->mp_next = NULL;
1204                                 mp->mp_loads = NULL;
1205                                 modlast = mp;
1206                                 c->private = mp;
1207                                 if ( c->op == SLAP_CONFIG_ADD )
1208                                         modcur = mp;
1209                         }
1210                         
1211                         break;
1212 #endif
1213
1214 #ifdef LDAP_SLAPI
1215                 case CFG_PLUGIN:
1216                         if(slapi_int_read_config(c->be, c->fname, c->lineno, c->argc, c->argv) != LDAP_SUCCESS)
1217                                 return(1);
1218                         slapi_plugins_used++;
1219                         break;
1220 #endif
1221
1222 #ifdef SLAP_AUTH_REWRITE
1223                 case CFG_REWRITE: {
1224                         struct berval bv;
1225                         if(slap_sasl_rewrite_config(c->fname, c->lineno, c->argc, c->argv))
1226                                 return(1);
1227                         ber_str2bv( c->line, 0, 1, &bv );
1228                         ber_bvarray_add( &authz_rewrites, &bv );
1229                         }
1230                         break;
1231 #endif
1232
1233
1234                 default:
1235                         Debug( SLAPD_DEBUG_CONFIG_ERROR,
1236                                 "%s: unknown CFG_TYPE %d"
1237                                 SLAPD_CONF_UNKNOWN_IGNORED ".\n",
1238                                 c->log, c->type, 0 );
1239 #ifdef SLAPD_CONF_UNKNOWN_BAILOUT
1240                         return 1;
1241 #endif /* SLAPD_CONF_UNKNOWN_BAILOUT */
1242
1243         }
1244         return(0);
1245 }
1246
1247
1248 static int
1249 config_fname(ConfigArgs *c) {
1250         if(c->op == SLAP_CONFIG_EMIT) {
1251                 if (c->private) {
1252                         ConfigFile *cf = c->private;
1253                         value_add_one( &c->rvalue_vals, &cf->c_file );
1254                         return 0;
1255                 }
1256                 return 1;
1257         }
1258         return(0);
1259 }
1260
1261 static int
1262 config_cfdir(ConfigArgs *c) {
1263         if(c->op == SLAP_CONFIG_EMIT) {
1264                 if ( !BER_BVISEMPTY( &cfdir )) {
1265                         value_add_one( &c->rvalue_vals, &cfdir );
1266                         return 0;
1267                 }
1268                 return 1;
1269         }
1270         return(0);
1271 }
1272
1273 static int
1274 config_search_base(ConfigArgs *c) {
1275         struct berval dn;
1276
1277         if(c->op == SLAP_CONFIG_EMIT) {
1278                 int rc = 1;
1279                 if (!BER_BVISEMPTY(&default_search_base)) {
1280                         value_add_one(&c->rvalue_vals, &default_search_base);
1281                         value_add_one(&c->rvalue_nvals, &default_search_nbase);
1282                         rc = 0;
1283                 }
1284                 return rc;
1285         } else if( c->op == LDAP_MOD_DELETE ) {
1286                 ch_free( default_search_base.bv_val );
1287                 ch_free( default_search_nbase.bv_val );
1288                 BER_BVZERO( &default_search_base );
1289                 BER_BVZERO( &default_search_nbase );
1290                 return 0;
1291         }
1292
1293         if(c->bi || c->be != frontendDB) {
1294                 Debug(LDAP_DEBUG_ANY, "%s: defaultSearchBase line must appear "
1295                         "prior to any backend or database definition\n",
1296                         c->log, 0, 0);
1297                 return(1);
1298         }
1299
1300         if(default_search_nbase.bv_len) {
1301                 free(default_search_base.bv_val);
1302                 free(default_search_nbase.bv_val);
1303         }
1304
1305         default_search_base = c->value_dn;
1306         default_search_nbase = c->value_ndn;
1307         return(0);
1308 }
1309
1310 static int
1311 config_passwd_hash(ConfigArgs *c) {
1312         int i;
1313         if (c->op == SLAP_CONFIG_EMIT) {
1314                 struct berval bv;
1315                 for (i=0; default_passwd_hash && default_passwd_hash[i]; i++) {
1316                         ber_str2bv(default_passwd_hash[i], 0, 0, &bv);
1317                         value_add_one(&c->rvalue_vals, &bv);
1318                 }
1319                 return i ? 0 : 1;
1320         } else if ( c->op == LDAP_MOD_DELETE ) {
1321                 if ( c->valx < 0 ) {
1322                         ldap_charray_free( default_passwd_hash );
1323                         default_passwd_hash = NULL;
1324                 } else {
1325                         i = c->valx;
1326                         ch_free( default_passwd_hash[i] );
1327                         for (; default_passwd_hash[i]; i++ )
1328                                 default_passwd_hash[i] = default_passwd_hash[i+1];
1329                 }
1330                 return 0;
1331         }
1332         if(default_passwd_hash) {
1333                 Debug(LDAP_DEBUG_ANY, "%s: "
1334                         "already set default password_hash\n",
1335                         c->log, 0, 0);
1336                 return(1);
1337         }
1338         for(i = 1; i < c->argc; i++) {
1339                 if(!lutil_passwd_scheme(c->argv[i])) {
1340                         sprintf( c->msg, "<%s> schema not available", c->argv[0] );
1341                         Debug(LDAP_DEBUG_ANY, "%s: %s (%s)\n",
1342                                 c->log, c->msg, c->argv[i]);
1343                 } else {
1344                         ldap_charray_add(&default_passwd_hash, c->argv[i]);
1345                 }
1346                 if(!default_passwd_hash) {
1347                         sprintf( c->msg, "<%s> no valid hashes found", c->argv[0] );
1348                         Debug(LDAP_DEBUG_ANY, "%s: %s\n",
1349                                 c->log, c->msg, 0 );
1350                         return(1);
1351                 }
1352         }
1353         return(0);
1354 }
1355
1356 static int
1357 config_schema_dn(ConfigArgs *c) {
1358         if ( c->op == SLAP_CONFIG_EMIT ) {
1359                 int rc = 1;
1360                 if ( !BER_BVISEMPTY( &c->be->be_schemadn )) {
1361                         value_add_one(&c->rvalue_vals, &c->be->be_schemadn);
1362                         value_add_one(&c->rvalue_nvals, &c->be->be_schemandn);
1363                         rc = 0;
1364                 }
1365                 return rc;
1366         } else if ( c->op == LDAP_MOD_DELETE ) {
1367                 ch_free( c->be->be_schemadn.bv_val );
1368                 ch_free( c->be->be_schemandn.bv_val );
1369                 BER_BVZERO( &c->be->be_schemadn );
1370                 BER_BVZERO( &c->be->be_schemandn );
1371                 return 0;
1372         }
1373         ch_free( c->be->be_schemadn.bv_val );
1374         ch_free( c->be->be_schemandn.bv_val );
1375         c->be->be_schemadn = c->value_dn;
1376         c->be->be_schemandn = c->value_ndn;
1377         return(0);
1378 }
1379
1380 static int
1381 config_sizelimit(ConfigArgs *c) {
1382         int i, rc = 0;
1383         char *next;
1384         struct slap_limits_set *lim = &c->be->be_def_limit;
1385         if (c->op == SLAP_CONFIG_EMIT) {
1386                 char buf[8192];
1387                 struct berval bv;
1388                 bv.bv_val = buf;
1389                 bv.bv_len = 0;
1390                 limits_unparse_one( lim, SLAP_LIMIT_SIZE, &bv );
1391                 if ( !BER_BVISEMPTY( &bv ))
1392                         value_add_one( &c->rvalue_vals, &bv );
1393                 else
1394                         rc = 1;
1395                 return rc;
1396         } else if ( c->op == LDAP_MOD_DELETE ) {
1397                 /* Reset to defaults */
1398                 lim->lms_s_soft = SLAPD_DEFAULT_SIZELIMIT;
1399                 lim->lms_s_hard = 0;
1400                 lim->lms_s_unchecked = -1;
1401                 lim->lms_s_pr = 0;
1402                 lim->lms_s_pr_hide = 0;
1403                 lim->lms_s_pr_total = 0;
1404                 return 0;
1405         }
1406         for(i = 1; i < c->argc; i++) {
1407                 if(!strncasecmp(c->argv[i], "size", 4)) {
1408                         rc = limits_parse_one(c->argv[i], lim);
1409                         if ( rc ) {
1410                                 sprintf( c->msg, "<%s> unable to parse value", c->argv[0] );
1411                                 Debug(LDAP_DEBUG_ANY, "%s: %s \"%s\"\n",
1412                                         c->log, c->msg, c->argv[i]);
1413                                 return(1);
1414                         }
1415                 } else {
1416                         if(!strcasecmp(c->argv[i], "unlimited")) {
1417                                 lim->lms_s_soft = -1;
1418                         } else {
1419                                 lim->lms_s_soft = strtol(c->argv[i], &next, 0);
1420                                 if(next == c->argv[i]) {
1421                                         sprintf( c->msg, "<%s> unable to parse limit", c->argv[0]);
1422                                         Debug(LDAP_DEBUG_ANY, "%s: %s \"%s\"\n",
1423                                                 c->log, c->msg, c->argv[i]);
1424                                         return(1);
1425                                 } else if(next[0] != '\0') {
1426                                         Debug( SLAPD_DEBUG_CONFIG_ERROR, "%s: "
1427                                                 "trailing chars \"%s\" in \"sizelimit <limit>\" line"
1428                                                 SLAPD_CONF_UNKNOWN_IGNORED ".\n",
1429                                                 c->log, next, 0);
1430 #ifdef SLAPD_CONF_UNKNOWN_BAILOUT
1431                                         return 1;
1432 #endif /* SLAPD_CONF_UNKNOWN_BAILOUT */
1433                                 }
1434                         }
1435                         lim->lms_s_hard = 0;
1436                 }
1437         }
1438         return(0);
1439 }
1440
1441 static int
1442 config_timelimit(ConfigArgs *c) {
1443         int i, rc = 0;
1444         char *next;
1445         struct slap_limits_set *lim = &c->be->be_def_limit;
1446         if (c->op == SLAP_CONFIG_EMIT) {
1447                 char buf[8192];
1448                 struct berval bv;
1449                 bv.bv_val = buf;
1450                 bv.bv_len = 0;
1451                 limits_unparse_one( lim, SLAP_LIMIT_TIME, &bv );
1452                 if ( !BER_BVISEMPTY( &bv ))
1453                         value_add_one( &c->rvalue_vals, &bv );
1454                 else
1455                         rc = 1;
1456                 return rc;
1457         } else if ( c->op == LDAP_MOD_DELETE ) {
1458                 /* Reset to defaults */
1459                 lim->lms_t_soft = SLAPD_DEFAULT_TIMELIMIT;
1460                 lim->lms_t_hard = 0;
1461                 return 0;
1462         }
1463         for(i = 1; i < c->argc; i++) {
1464                 if(!strncasecmp(c->argv[i], "time", 4)) {
1465                         rc = limits_parse_one(c->argv[i], lim);
1466                         if ( rc ) {
1467                                 sprintf( c->msg, "<%s> unable to parse value", c->argv[0] );
1468                                 Debug(LDAP_DEBUG_ANY, "%s: %s \"%s\"\n",
1469                                         c->log, c->msg, c->argv[i]);
1470                                 return(1);
1471                         }
1472                 } else {
1473                         if(!strcasecmp(c->argv[i], "unlimited")) {
1474                                 lim->lms_t_soft = -1;
1475                         } else {
1476                                 lim->lms_t_soft = strtol(c->argv[i], &next, 0);
1477                                 if(next == c->argv[i]) {
1478                                         sprintf( c->msg, "<%s> unable to parse limit", c->argv[0]);
1479                                         Debug(LDAP_DEBUG_ANY, "%s: %s \"%s\"\n",
1480                                                 c->log, c->msg, c->argv[i]);
1481                                         return(1);
1482                                 } else if(next[0] != '\0') {
1483                                         Debug( SLAPD_DEBUG_CONFIG_ERROR, "%s: "
1484                                                 "trailing chars \"%s\" in \"timelimit <limit>\" line"
1485                                                 SLAPD_CONF_UNKNOWN_IGNORED ".\n",
1486                                                 c->log, next, 0);
1487 #ifdef SLAPD_CONF_UNKNOWN_BAILOUT
1488                                         return 1;
1489 #endif /* SLAPD_CONF_UNKNOWN_BAILOUT */
1490                                 }
1491                         }
1492                         lim->lms_t_hard = 0;
1493                 }
1494         }
1495         return(0);
1496 }
1497
1498 static int
1499 config_overlay(ConfigArgs *c) {
1500         if (c->op == SLAP_CONFIG_EMIT) {
1501                 return 1;
1502         } else if ( c->op == LDAP_MOD_DELETE ) {
1503                 assert(0);
1504         }
1505         if(c->argv[1][0] == '-' && overlay_config(c->be, &c->argv[1][1])) {
1506                 /* log error */
1507                 Debug( SLAPD_DEBUG_CONFIG_ERROR, "%s: (optional) %s overlay \"%s\" configuration failed"
1508                         SLAPD_CONF_UNKNOWN_IGNORED ".\n",
1509                         c->log, c->be == frontendDB ? "global " : "", c->argv[1][1]);
1510 #ifdef SLAPD_CONF_UNKNOWN_BAILOUT
1511                 return 1;
1512 #endif /* SLAPD_CONF_UNKNOWN_BAILOUT */
1513         } else if(overlay_config(c->be, c->argv[1])) {
1514                 return(1);
1515         }
1516         return(0);
1517 }
1518
1519 static int
1520 config_suffix(ConfigArgs *c) {
1521         Backend *tbe;
1522         struct berval pdn, ndn;
1523         int rc;
1524
1525         if (c->be == frontendDB || SLAP_MONITOR(c->be) ||
1526                 SLAP_CONFIG(c->be)) return 1;
1527
1528         if (c->op == SLAP_CONFIG_EMIT) {
1529                 if ( c->be->be_suffix == NULL
1530                                 || BER_BVISNULL( &c->be->be_suffix[0] ) )
1531                 {
1532                         return 1;
1533                 } else {
1534                         value_add( &c->rvalue_vals, c->be->be_suffix );
1535                         value_add( &c->rvalue_nvals, c->be->be_nsuffix );
1536                         return 0;
1537                 }
1538         } else if ( c->op == LDAP_MOD_DELETE ) {
1539                 if ( c->valx < 0 ) {
1540                         ber_bvarray_free( c->be->be_suffix );
1541                         ber_bvarray_free( c->be->be_nsuffix );
1542                         c->be->be_suffix = NULL;
1543                         c->be->be_nsuffix = NULL;
1544                 } else {
1545                         int i = c->valx;
1546                         ch_free( c->be->be_suffix[i].bv_val );
1547                         ch_free( c->be->be_nsuffix[i].bv_val );
1548                         for (; c->be->be_suffix[i].bv_val; i++) {
1549                                 c->be->be_suffix[i] = c->be->be_suffix[i+1];
1550                                 c->be->be_nsuffix[i] = c->be->be_nsuffix[i+1];
1551                         }
1552                 }
1553                 return 0;
1554         }
1555 #ifdef SLAPD_MONITOR_DN
1556         if(!strcasecmp(c->argv[1], SLAPD_MONITOR_DN)) {
1557                 sprintf( c->msg, "<%s> DN is reserved for monitoring slapd",
1558                         c->argv[0] );
1559                 Debug(LDAP_DEBUG_ANY, "%s: %s (%s)\n",
1560                         c->log, c->msg, SLAPD_MONITOR_DN);
1561                 return(1);
1562         }
1563 #endif
1564
1565         pdn = c->value_dn;
1566         ndn = c->value_ndn;
1567         tbe = select_backend(&ndn, 0, 0);
1568         if(tbe == c->be) {
1569                 Debug( SLAPD_DEBUG_CONFIG_ERROR,
1570                         "%s: suffix already served by this backend!"
1571                         SLAPD_CONF_UNKNOWN_IGNORED ".\n",
1572                         c->log, 0, 0);
1573 #ifdef SLAPD_CONF_UNKNOWN_BAILOUT
1574                 return 1;
1575 #endif /* SLAPD_CONF_UNKNOWN_BAILOUT */
1576                 free(pdn.bv_val);
1577                 free(ndn.bv_val);
1578         } else if(tbe) {
1579                 sprintf( c->msg, "<%s> suffix already served by a preceding backend",
1580                         c->argv[0] );
1581                 Debug(LDAP_DEBUG_ANY, "%s: %s \"%s\"\n",
1582                         c->log, c->msg, tbe->be_suffix[0].bv_val);
1583                 free(pdn.bv_val);
1584                 free(ndn.bv_val);
1585                 return(1);
1586         } else if(pdn.bv_len == 0 && default_search_nbase.bv_len) {
1587                 Debug(LDAP_DEBUG_ANY, "%s: suffix DN empty and default search "
1588                         "base provided \"%s\" (assuming okay)\n",
1589                         c->log, default_search_base.bv_val, 0);
1590         }
1591         ber_bvarray_add(&c->be->be_suffix, &pdn);
1592         ber_bvarray_add(&c->be->be_nsuffix, &ndn);
1593         return(0);
1594 }
1595
1596 static int
1597 config_rootdn(ConfigArgs *c) {
1598         if (c->op == SLAP_CONFIG_EMIT) {
1599                 if ( !BER_BVISNULL( &c->be->be_rootdn )) {
1600                         value_add_one(&c->rvalue_vals, &c->be->be_rootdn);
1601                         value_add_one(&c->rvalue_nvals, &c->be->be_rootndn);
1602                         return 0;
1603                 } else {
1604                         return 1;
1605                 }
1606         } else if ( c->op == LDAP_MOD_DELETE ) {
1607                 ch_free( c->be->be_rootdn.bv_val );
1608                 ch_free( c->be->be_rootndn.bv_val );
1609                 BER_BVZERO( &c->be->be_rootdn );
1610                 BER_BVZERO( &c->be->be_rootndn );
1611                 return 0;
1612         }
1613         if ( !BER_BVISNULL( &c->be->be_rootdn )) {
1614                 ch_free( c->be->be_rootdn.bv_val );
1615                 ch_free( c->be->be_rootndn.bv_val );
1616         }
1617         c->be->be_rootdn = c->value_dn;
1618         c->be->be_rootndn = c->value_ndn;
1619         return(0);
1620 }
1621
1622 static int
1623 config_rootpw(ConfigArgs *c) {
1624         Backend *tbe;
1625         /* config_add_internal sets c->be = frontendDB. While the cn=config
1626          * rootpw is technically inside a backend, we expose it in the
1627          * global entry, and need to point to it properly here.
1628          */
1629         if (c->be == frontendDB)
1630                 c->be = LDAP_STAILQ_FIRST(&backendDB);
1631
1632         if (c->op == SLAP_CONFIG_EMIT) {
1633                 if (!BER_BVISEMPTY(&c->be->be_rootpw)) {
1634                         ber_dupbv( &c->value_bv, &c->be->be_rootpw);
1635                         return 0;
1636                 }
1637                 return 1;
1638         } else if ( c->op == LDAP_MOD_DELETE ) {
1639                 ch_free( c->be->be_rootpw.bv_val );
1640                 BER_BVZERO( &c->be->be_rootpw );
1641                 return 0;
1642         }
1643
1644         tbe = select_backend(&c->be->be_rootndn, 0, 0);
1645         if(tbe != c->be) {
1646                 sprintf( c->msg, "<%s> can only be set when rootdn is under suffix",
1647                         c->argv[0] );
1648                 Debug(LDAP_DEBUG_ANY, "%s: %s\n",
1649                         c->log, c->msg, 0);
1650                 return(1);
1651         }
1652         if ( !BER_BVISNULL( &c->be->be_rootpw ))
1653                 ch_free( c->be->be_rootpw.bv_val );
1654         c->be->be_rootpw = c->value_bv;
1655         return(0);
1656 }
1657
1658 static int
1659 config_restrict(ConfigArgs *c) {
1660         slap_mask_t restrictops = 0;
1661         int i;
1662         slap_verbmasks restrictable_ops[] = {
1663                 { BER_BVC("bind"),              SLAP_RESTRICT_OP_BIND },
1664                 { BER_BVC("add"),               SLAP_RESTRICT_OP_ADD },
1665                 { BER_BVC("modify"),            SLAP_RESTRICT_OP_MODIFY },
1666                 { BER_BVC("rename"),            SLAP_RESTRICT_OP_RENAME },
1667                 { BER_BVC("modrdn"),            0 },
1668                 { BER_BVC("delete"),            SLAP_RESTRICT_OP_DELETE },
1669                 { BER_BVC("search"),            SLAP_RESTRICT_OP_SEARCH },
1670                 { BER_BVC("compare"),   SLAP_RESTRICT_OP_COMPARE },
1671                 { BER_BVC("read"),              SLAP_RESTRICT_OP_READS },
1672                 { BER_BVC("write"),             SLAP_RESTRICT_OP_WRITES },
1673                 { BER_BVC("extended"),  SLAP_RESTRICT_OP_EXTENDED },
1674                 { BER_BVC("extended=" LDAP_EXOP_START_TLS ),            SLAP_RESTRICT_EXOP_START_TLS },
1675                 { BER_BVC("extended=" LDAP_EXOP_MODIFY_PASSWD ),        SLAP_RESTRICT_EXOP_MODIFY_PASSWD },
1676                 { BER_BVC("extended=" LDAP_EXOP_X_WHO_AM_I ),           SLAP_RESTRICT_EXOP_WHOAMI },
1677                 { BER_BVC("extended=" LDAP_EXOP_X_CANCEL ),             SLAP_RESTRICT_EXOP_CANCEL },
1678                 { BER_BVNULL,   0 }
1679         };
1680
1681         if (c->op == SLAP_CONFIG_EMIT) {
1682                 return mask_to_verbs( restrictable_ops, c->be->be_restrictops,
1683                         &c->rvalue_vals );
1684         } else if ( c->op == LDAP_MOD_DELETE ) {
1685                 if ( !c->line ) {
1686                         c->be->be_restrictops = 0;
1687                 } else {
1688                         restrictops = verb_to_mask( c->line, restrictable_ops );
1689                         c->be->be_restrictops ^= restrictops;
1690                 }
1691                 return 0;
1692         }
1693         i = verbs_to_mask( c->argc, c->argv, restrictable_ops, &restrictops );
1694         if ( i ) {
1695                 sprintf( c->msg, "<%s> unknown operation", c->argv[0] );
1696                 Debug(LDAP_DEBUG_ANY, "%s: %s %s\n",
1697                         c->log, c->msg, c->argv[i]);
1698                 return(1);
1699         }
1700         if ( restrictops & SLAP_RESTRICT_OP_EXTENDED )
1701                 restrictops &= ~SLAP_RESTRICT_EXOP_MASK;
1702         c->be->be_restrictops |= restrictops;
1703         return(0);
1704 }
1705
1706 static int
1707 config_allows(ConfigArgs *c) {
1708         slap_mask_t allows = 0;
1709         int i;
1710         slap_verbmasks allowable_ops[] = {
1711                 { BER_BVC("bind_v2"),           SLAP_ALLOW_BIND_V2 },
1712                 { BER_BVC("bind_anon_cred"),    SLAP_ALLOW_BIND_ANON_CRED },
1713                 { BER_BVC("bind_anon_dn"),      SLAP_ALLOW_BIND_ANON_DN },
1714                 { BER_BVC("update_anon"),       SLAP_ALLOW_UPDATE_ANON },
1715                 { BER_BVNULL,   0 }
1716         };
1717         if (c->op == SLAP_CONFIG_EMIT) {
1718                 return mask_to_verbs( allowable_ops, global_allows, &c->rvalue_vals );
1719         } else if ( c->op == LDAP_MOD_DELETE ) {
1720                 if ( !c->line ) {
1721                         global_allows = 0;
1722                 } else {
1723                         allows = verb_to_mask( c->line, allowable_ops );
1724                         global_allows ^= allows;
1725                 }
1726                 return 0;
1727         }
1728         i = verbs_to_mask(c->argc, c->argv, allowable_ops, &allows);
1729         if ( i ) {
1730                 sprintf( c->msg, "<%s> unknown feature", c->argv[0] );
1731                 Debug(LDAP_DEBUG_ANY, "%s: %s %s\n",
1732                         c->log, c->msg, c->argv[i]);
1733                 return(1);
1734         }
1735         global_allows |= allows;
1736         return(0);
1737 }
1738
1739 static int
1740 config_disallows(ConfigArgs *c) {
1741         slap_mask_t disallows = 0;
1742         int i;
1743         slap_verbmasks disallowable_ops[] = {
1744                 { BER_BVC("bind_anon"),         SLAP_DISALLOW_BIND_ANON },
1745                 { BER_BVC("bind_simple"),       SLAP_DISALLOW_BIND_SIMPLE },
1746                 { BER_BVC("bind_krb4"),         SLAP_DISALLOW_BIND_KRBV4 },
1747                 { BER_BVC("tls_2_anon"),                SLAP_DISALLOW_TLS_2_ANON },
1748                 { BER_BVC("tls_authc"),         SLAP_DISALLOW_TLS_AUTHC },
1749                 { BER_BVNULL, 0 }
1750         };
1751         if (c->op == SLAP_CONFIG_EMIT) {
1752                 return mask_to_verbs( disallowable_ops, global_disallows, &c->rvalue_vals );
1753         } else if ( c->op == LDAP_MOD_DELETE ) {
1754                 if ( !c->line ) {
1755                         global_disallows = 0;
1756                 } else {
1757                         disallows = verb_to_mask( c->line, disallowable_ops );
1758                         global_disallows ^= disallows;
1759                 }
1760                 return 0;
1761         }
1762         i = verbs_to_mask(c->argc, c->argv, disallowable_ops, &disallows);
1763         if ( i ) {
1764                 sprintf( c->msg, "<%s> unknown feature", c->argv[0] );
1765                 Debug(LDAP_DEBUG_ANY, "%s: %s %s\n",
1766                         c->log, c->msg, c->argv[i]);
1767                 return(1);
1768         }
1769         global_disallows |= disallows;
1770         return(0);
1771 }
1772
1773 static int
1774 config_requires(ConfigArgs *c) {
1775         slap_mask_t requires = 0;
1776         int i;
1777         slap_verbmasks requires_ops[] = {
1778                 { BER_BVC("bind"),              SLAP_REQUIRE_BIND },
1779                 { BER_BVC("LDAPv3"),            SLAP_REQUIRE_LDAP_V3 },
1780                 { BER_BVC("authc"),             SLAP_REQUIRE_AUTHC },
1781                 { BER_BVC("sasl"),              SLAP_REQUIRE_SASL },
1782                 { BER_BVC("strong"),            SLAP_REQUIRE_STRONG },
1783                 { BER_BVNULL, 0 }
1784         };
1785         if (c->op == SLAP_CONFIG_EMIT) {
1786                 return mask_to_verbs( requires_ops, c->be->be_requires, &c->rvalue_vals );
1787         } else if ( c->op == LDAP_MOD_DELETE ) {
1788                 if ( !c->line ) {
1789                         c->be->be_requires = 0;
1790                 } else {
1791                         requires = verb_to_mask( c->line, requires_ops );
1792                         c->be->be_requires ^= requires;
1793                 }
1794                 return 0;
1795         }
1796         i = verbs_to_mask(c->argc, c->argv, requires_ops, &requires);
1797         if ( i ) {
1798                 sprintf( c->msg, "<%s> unknown feature", c->argv[0] );
1799                 Debug(LDAP_DEBUG_ANY, "%s: %s %s\n",
1800                         c->log, c->msg, c->argv[i]);
1801                 return(1);
1802         }
1803         c->be->be_requires = requires;
1804         return(0);
1805 }
1806
1807 static int
1808 config_loglevel(ConfigArgs *c) {
1809         int i;
1810         char *next;
1811         slap_verbmasks loglevel_ops[] = {
1812                 { BER_BVC("Trace"),     LDAP_DEBUG_TRACE },
1813                 { BER_BVC("Packets"),   LDAP_DEBUG_PACKETS },
1814                 { BER_BVC("Args"),      LDAP_DEBUG_ARGS },
1815                 { BER_BVC("Conns"),     LDAP_DEBUG_CONNS },
1816                 { BER_BVC("BER"),       LDAP_DEBUG_BER },
1817                 { BER_BVC("Filter"),    LDAP_DEBUG_FILTER },
1818                 { BER_BVC("Config"),    LDAP_DEBUG_CONFIG },
1819                 { BER_BVC("ACL"),       LDAP_DEBUG_ACL },
1820                 { BER_BVC("Stats"),     LDAP_DEBUG_STATS },
1821                 { BER_BVC("Stats2"),    LDAP_DEBUG_STATS2 },
1822                 { BER_BVC("Shell"),     LDAP_DEBUG_SHELL },
1823                 { BER_BVC("Parse"),     LDAP_DEBUG_PARSE },
1824                 { BER_BVC("Cache"),     LDAP_DEBUG_CACHE },
1825                 { BER_BVC("Index"),     LDAP_DEBUG_INDEX },
1826                 { BER_BVC("Any"),       -1 },
1827                 { BER_BVNULL,   0 }
1828         };
1829
1830         if (c->op == SLAP_CONFIG_EMIT) {
1831                 return mask_to_verbs( loglevel_ops, ldap_syslog, &c->rvalue_vals );
1832         } else if ( c->op == LDAP_MOD_DELETE ) {
1833                 if ( !c->line ) {
1834                         ldap_syslog = 0;
1835                 } else {
1836                         int level = verb_to_mask( c->line, loglevel_ops );
1837                         ldap_syslog ^= level;
1838                 }
1839                 return 0;
1840         }
1841
1842         ldap_syslog = 0;
1843
1844         for( i=1; i < c->argc; i++ ) {
1845                 int     level;
1846
1847                 if ( isdigit( c->argv[i][0] ) ) {
1848                         level = strtol( c->argv[i], &next, 10 );
1849                         if ( next == NULL || next[0] != '\0' ) {
1850                                 sprintf( c->msg, "<%s> unable to parse level", c->argv[0] );
1851                                 Debug( LDAP_DEBUG_ANY, "%s: %s \"%s\"\n",
1852                                         c->log, c->msg, c->argv[i]);
1853                                 return( 1 );
1854                         }
1855                 } else {
1856                         int j = verb_to_mask(c->argv[i], loglevel_ops);
1857                         if(BER_BVISNULL(&loglevel_ops[j].word)) {
1858                                 sprintf( c->msg, "<%s> unknown level", c->argv[0] );
1859                                 Debug( LDAP_DEBUG_ANY, "%s: %s \"%s\"\n",
1860                                         c->log, c->msg, c->argv[i]);
1861                                 return( 1 );
1862                         }
1863                         level = loglevel_ops[j].mask;
1864                 }
1865                 ldap_syslog |= level;
1866         }
1867         return(0);
1868 }
1869
1870 static int
1871 config_referral(ConfigArgs *c) {
1872         struct berval val;
1873         if (c->op == SLAP_CONFIG_EMIT) {
1874                 if ( default_referral ) {
1875                         value_add( &c->rvalue_vals, default_referral );
1876                         return 0;
1877                 } else {
1878                         return 1;
1879                 }
1880         } else if ( c->op == LDAP_MOD_DELETE ) {
1881                 if ( c->valx < 0 ) {
1882                         ber_bvarray_free( default_referral );
1883                         default_referral = NULL;
1884                 } else {
1885                         int i = c->valx;
1886                         ch_free( default_referral[i].bv_val );
1887                         for (; default_referral[i].bv_val; i++ )
1888                                 default_referral[i] = default_referral[i+1];
1889                 }
1890                 return 0;
1891         }
1892         if(validate_global_referral(c->argv[1])) {
1893                 sprintf( c->msg, "<%s> invalid URL", c->argv[0] );
1894                 Debug(LDAP_DEBUG_ANY, "%s: %s (%s)\n",
1895                         c->log, c->msg, c->argv[1]);
1896                 return(1);
1897         }
1898
1899         ber_str2bv(c->argv[1], 0, 0, &val);
1900         if(value_add_one(&default_referral, &val)) return(LDAP_OTHER);
1901         return(0);
1902 }
1903
1904 static struct {
1905         struct berval key;
1906         int off;
1907 } sec_keys[] = {
1908         { BER_BVC("ssf="), offsetof(slap_ssf_set_t, sss_ssf) },
1909         { BER_BVC("transport="), offsetof(slap_ssf_set_t, sss_transport) },
1910         { BER_BVC("tls="), offsetof(slap_ssf_set_t, sss_tls) },
1911         { BER_BVC("sasl="), offsetof(slap_ssf_set_t, sss_sasl) },
1912         { BER_BVC("update_ssf="), offsetof(slap_ssf_set_t, sss_update_ssf) },
1913         { BER_BVC("update_transport="), offsetof(slap_ssf_set_t, sss_update_transport) },
1914         { BER_BVC("update_tls="), offsetof(slap_ssf_set_t, sss_update_tls) },
1915         { BER_BVC("update_sasl="), offsetof(slap_ssf_set_t, sss_update_sasl) },
1916         { BER_BVC("simple_bind="), offsetof(slap_ssf_set_t, sss_simple_bind) },
1917         { BER_BVNULL, 0 }
1918 };
1919
1920 static int
1921 config_security(ConfigArgs *c) {
1922         slap_ssf_set_t *set = &c->be->be_ssf_set;
1923         char *next;
1924         int i, j;
1925         if (c->op == SLAP_CONFIG_EMIT) {
1926                 char numbuf[32];
1927                 struct berval bv;
1928                 slap_ssf_t *tgt;
1929                 int rc = 1;
1930
1931                 for (i=0; !BER_BVISNULL( &sec_keys[i].key ); i++) {
1932                         tgt = (slap_ssf_t *)((char *)set + sec_keys[i].off);
1933                         if ( *tgt ) {
1934                                 rc = 0;
1935                                 bv.bv_len = sprintf( numbuf, "%u", *tgt );
1936                                 bv.bv_len += sec_keys[i].key.bv_len;
1937                                 bv.bv_val = ch_malloc( bv.bv_len + 1);
1938                                 next = lutil_strcopy( bv.bv_val, sec_keys[i].key.bv_val );
1939                                 strcpy( next, numbuf );
1940                                 ber_bvarray_add( &c->rvalue_vals, &bv );
1941                         }
1942                 }
1943                 return rc;
1944         }
1945         for(i = 1; i < c->argc; i++) {
1946                 slap_ssf_t *tgt = NULL;
1947                 char *src;
1948                 for ( j=0; !BER_BVISNULL( &sec_keys[j].key ); j++ ) {
1949                         if(!strncasecmp(c->argv[i], sec_keys[j].key.bv_val,
1950                                 sec_keys[j].key.bv_len)) {
1951                                 src = c->argv[i] + sec_keys[j].key.bv_len;
1952                                 tgt = (slap_ssf_t *)((char *)set + sec_keys[j].off);
1953                                 break;
1954                         }
1955                 }
1956                 if ( !tgt ) {
1957                         sprintf( c->msg, "<%s> unknown factor", c->argv[0] );
1958                         Debug(LDAP_DEBUG_ANY, "%s: %s %s\n",
1959                                 c->log, c->msg, c->argv[i]);
1960                         return(1);
1961                 }
1962
1963                 *tgt = strtol(src, &next, 10);
1964                 if(next == NULL || next[0] != '\0' ) {
1965                         sprintf( c->msg, "<%s> unable to parse factor", c->argv[0] );
1966                         Debug(LDAP_DEBUG_ANY, "%s: %s \"%s\"\n",
1967                                 c->log, c->msg, c->argv[i]);
1968                         return(1);
1969                 }
1970         }
1971         return(0);
1972 }
1973
1974 char *
1975 anlist_unparse( AttributeName *an, char *ptr ) {
1976         int comma = 0;
1977
1978         for (; !BER_BVISNULL( &an->an_name ); an++) {
1979                 if ( comma ) *ptr++ = ',';
1980                 ptr = lutil_strcopy( ptr, an->an_name.bv_val );
1981                 comma = 1;
1982         }
1983         return ptr;
1984 }
1985
1986 static void
1987 replica_unparse( struct slap_replica_info *ri, int i, struct berval *bv )
1988 {
1989         int len;
1990         char *ptr;
1991         struct berval bc = {0};
1992         char numbuf[32];
1993
1994         len = sprintf(numbuf, IFMT, i );
1995
1996         len += strlen( ri->ri_uri ) + STRLENOF("uri=");
1997         if ( ri->ri_nsuffix ) {
1998                 for (i=0; !BER_BVISNULL( &ri->ri_nsuffix[i] ); i++) {
1999                         len += ri->ri_nsuffix[i].bv_len + STRLENOF(" suffix=\"\"");
2000                 }
2001         }
2002         if ( ri->ri_attrs ) {
2003                 len += STRLENOF("attr");
2004                 if ( ri->ri_exclude ) len++;
2005                 for (i=0; !BER_BVISNULL( &ri->ri_attrs[i].an_name ); i++) {
2006                         len += 1 + ri->ri_attrs[i].an_name.bv_len;
2007                 }
2008         }
2009         bindconf_unparse( &ri->ri_bindconf, &bc );
2010         len += bc.bv_len;
2011
2012         bv->bv_val = ch_malloc(len + 1);
2013         bv->bv_len = len;
2014
2015         ptr = lutil_strcopy( bv->bv_val, numbuf );
2016         ptr = lutil_strcopy( ptr, "uri=" );
2017         ptr = lutil_strcopy( ptr, ri->ri_uri );
2018
2019         if ( ri->ri_nsuffix ) {
2020                 for (i=0; !BER_BVISNULL( &ri->ri_nsuffix[i] ); i++) {
2021                         ptr = lutil_strcopy( ptr, " suffix=\"" );
2022                         ptr = lutil_strcopy( ptr, ri->ri_nsuffix[i].bv_val );
2023                         *ptr++ = '"';
2024                 }
2025         }
2026         if ( ri->ri_attrs ) {
2027                 ptr = lutil_strcopy( ptr, "attr" );
2028                 if ( ri->ri_exclude ) *ptr++ = '!';
2029                 *ptr++ = '=';
2030                 ptr = anlist_unparse( ri->ri_attrs, ptr );
2031         }
2032         if ( bc.bv_val ) {
2033                 strcpy( ptr, bc.bv_val );
2034                 ch_free( bc.bv_val );
2035         }
2036 }
2037
2038 static int
2039 config_replica(ConfigArgs *c) {
2040         int i, nr = -1, len;
2041         char *replicahost, *replicauri;
2042         LDAPURLDesc *ludp;
2043
2044         if (c->op == SLAP_CONFIG_EMIT) {
2045                 if (c->be->be_replica) {
2046                         struct berval bv;
2047                         for (i=0;c->be->be_replica[i]; i++) {
2048                                 replica_unparse( c->be->be_replica[i], i, &bv );
2049                                 ber_bvarray_add( &c->rvalue_vals, &bv );
2050                         }
2051                         return 0;
2052                 }
2053                 return 1;
2054         } else if ( c->op == LDAP_MOD_DELETE ) {
2055                 /* FIXME: there is no replica_free function */
2056                 if ( c->valx < 0 ) {
2057                 } else {
2058                 }
2059         }
2060         if(SLAP_MONITOR(c->be)) {
2061                 Debug(LDAP_DEBUG_ANY, "%s: "
2062                         "\"replica\" should not be used inside monitor database\n",
2063                         c->log, 0, 0);
2064                 return(0);      /* FIXME: should this be an error? */
2065         }
2066
2067         for(i = 1; i < c->argc; i++) {
2068                 if(!strncasecmp(c->argv[i], "host=", STRLENOF("host="))) {
2069                         replicahost = c->argv[i] + STRLENOF("host=");
2070                         len = strlen( replicahost );
2071                         replicauri = ch_malloc( len + STRLENOF("ldap://") + 1 );
2072                         sprintf( replicauri, "ldap://%s", replicahost );
2073                         replicahost = replicauri + STRLENOF( "ldap://");
2074                         nr = add_replica_info(c->be, replicauri, replicahost);
2075                         break;
2076                 } else if(!strncasecmp(c->argv[i], "uri=", STRLENOF("uri="))) {
2077                         if(ldap_url_parse(c->argv[i] + STRLENOF("uri="), &ludp) != LDAP_SUCCESS) {
2078                                 sprintf( c->msg, "<%s> invalid uri", c->argv[0] );
2079                                 Debug(LDAP_DEBUG_ANY, "%s: %s\n", c->log, c->msg, 0 );
2080                                 return(1);
2081                         }
2082                         if(!ludp->lud_host) {
2083                                 sprintf( c->msg, "<%s> invalid uri - missing hostname",
2084                                         c->argv[0] );
2085                                 Debug(LDAP_DEBUG_ANY, "%s: %s\n", c->log, c->msg, 0 );
2086                                 return(1);
2087                         }
2088                         ldap_free_urldesc(ludp);
2089                         replicauri = c->argv[i] + STRLENOF("uri=");
2090                         replicauri = ch_strdup( replicauri );
2091                         replicahost = strchr( replicauri, '/' );
2092                         replicahost += 2;
2093                         nr = add_replica_info(c->be, replicauri, replicahost);
2094                         break;
2095                 }
2096         }
2097         if(i == c->argc) {
2098                 sprintf( c->msg, "<%s> missing host or uri", c->argv[0] );
2099                 Debug(LDAP_DEBUG_ANY, "%s: %s\n", c->log, c->msg, 0 );
2100                 return(1);
2101         } else if(nr == -1) {
2102                 sprintf( c->msg, "<%s> unable to add replica", c->argv[0] );
2103                 Debug(LDAP_DEBUG_ANY, "%s: %s \"%s\"\n", c->log, c->msg, replicauri );
2104                 return(1);
2105         } else {
2106                 for(i = 1; i < c->argc; i++) {
2107                         if(!strncasecmp(c->argv[i], "suffix=", STRLENOF( "suffix="))) {
2108                                 switch(add_replica_suffix(c->be, nr, c->argv[i] + STRLENOF("suffix="))) {
2109                                         case 1:
2110                                                 Debug( SLAPD_DEBUG_CONFIG_ERROR, "%s: "
2111                                                 "suffix \"%s\" in \"replica\" line is not valid for backend"
2112                                                 SLAPD_CONF_UNKNOWN_IGNORED ".\n",
2113                                                 c->log, c->argv[i] + STRLENOF("suffix="), 0);
2114 #ifdef SLAPD_CONF_UNKNOWN_BAILOUT
2115                                                 return 1;
2116 #endif /* SLAPD_CONF_UNKNOWN_BAILOUT */
2117                                                 break;
2118                                         case 2:
2119                                                 Debug( SLAPD_DEBUG_CONFIG_ERROR, "%s: "
2120                                                 "unable to normalize suffix in \"replica\" line"
2121                                                 SLAPD_CONF_UNKNOWN_IGNORED ".\n",
2122                                                 c->log, 0, 0);
2123 #ifdef SLAPD_CONF_UNKNOWN_BAILOUT
2124                                                 return 1;
2125 #endif /* SLAPD_CONF_UNKNOWN_BAILOUT */
2126                                                 break;
2127                                 }
2128
2129                         } else if(!strncasecmp(c->argv[i], "attr", STRLENOF("attr"))) {
2130                                 int exclude = 0;
2131                                 char *arg = c->argv[i] + STRLENOF("attr");
2132                                 if(arg[0] == '!') {
2133                                         arg++;
2134                                         exclude = 1;
2135                                 }
2136                                 if(arg[0] != '=') {
2137                                         continue;
2138                                 }
2139                                 if(add_replica_attrs(c->be, nr, arg + 1, exclude)) {
2140                                         sprintf( c->msg, "<%s> unknown attribute", c->argv[0] );
2141                                         Debug(LDAP_DEBUG_ANY, "%s: %s \"%s\"\n",
2142                                                 c->log, c->msg, arg + 1);
2143                                         return(1);
2144                                 }
2145                         } else if ( bindconf_parse( c->argv[i],
2146                                         &c->be->be_replica[nr]->ri_bindconf ) ) {
2147                                 return(1);
2148                         }
2149                 }
2150         }
2151         return(0);
2152 }
2153
2154 static int
2155 config_updatedn(ConfigArgs *c) {
2156         struct berval dn;
2157         int rc;
2158         if (c->op == SLAP_CONFIG_EMIT) {
2159                 if (!BER_BVISEMPTY(&c->be->be_update_ndn)) {
2160                         value_add_one(&c->rvalue_vals, &c->be->be_update_ndn);
2161                         value_add_one(&c->rvalue_nvals, &c->be->be_update_ndn);
2162                         return 0;
2163                 }
2164                 return 1;
2165         } else if ( c->op == LDAP_MOD_DELETE ) {
2166                 ch_free( c->be->be_update_ndn.bv_val );
2167                 c->be->be_update_ndn.bv_val = NULL;
2168                 SLAP_DBFLAGS(c->be) ^= (SLAP_DBFLAG_SHADOW | SLAP_DBFLAG_SLURP_SHADOW);
2169                 return 0;
2170         }
2171         if(SLAP_SHADOW(c->be)) {
2172                 sprintf( c->msg, "<%s> database already shadowed", c->argv[0] );
2173                 Debug(LDAP_DEBUG_ANY, "%s: %s\n",
2174                         c->log, c->msg, 0);
2175                 return(1);
2176         }
2177
2178         ber_str2bv(c->argv[1], 0, 0, &dn);
2179
2180         rc = dnNormalize(0, NULL, NULL, &dn, &c->be->be_update_ndn, NULL);
2181
2182         if(rc != LDAP_SUCCESS) {
2183                 sprintf( c->msg, "<%s> invalid DN %d (%s)", c->argv[0],
2184                         rc, ldap_err2string(rc));
2185                 Debug(LDAP_DEBUG_ANY, "%s: %s\n",
2186                         c->log, c->msg, 0 );
2187                 return(1);
2188         }
2189
2190         SLAP_DBFLAGS(c->be) |= (SLAP_DBFLAG_SHADOW | SLAP_DBFLAG_SLURP_SHADOW);
2191         return(0);
2192 }
2193
2194 static int
2195 config_updateref(ConfigArgs *c) {
2196         struct berval val;
2197         if (c->op == SLAP_CONFIG_EMIT) {
2198                 if ( c->be->be_update_refs ) {
2199                         value_add( &c->rvalue_vals, c->be->be_update_refs );
2200                         return 0;
2201                 } else {
2202                         return 1;
2203                 }
2204         } else if ( c->op == LDAP_MOD_DELETE ) {
2205                 if ( c->valx < 0 ) {
2206                         ber_bvarray_free( c->be->be_update_refs );
2207                         c->be->be_update_refs = NULL;
2208                 } else {
2209                         int i = c->valx;
2210                         ch_free( c->be->be_update_refs[i].bv_val );
2211                         for (; c->be->be_update_refs[i].bv_val; i++)
2212                                 c->be->be_update_refs[i] = c->be->be_update_refs[i+1];
2213                 }
2214                 return 0;
2215         }
2216         if(!SLAP_SHADOW(c->be)) {
2217                 sprintf( c->msg, "<%s> must appear after syncrepl or updatedn",
2218                         c->argv[0] );
2219                 Debug(LDAP_DEBUG_ANY, "%s: %s\n",
2220                         c->log, c->msg, 0);
2221                 return(1);
2222         }
2223
2224         if(validate_global_referral(c->argv[1])) {
2225                 sprintf( c->msg, "<%s> invalid URL", c->argv[0] );
2226                 Debug(LDAP_DEBUG_ANY, "%s: %s (%s)\n",
2227                         c->log, c->msg, c->argv[1]);
2228                 return(1);
2229         }
2230         ber_str2bv(c->argv[1], 0, 0, &val);
2231         if(value_add_one(&c->be->be_update_refs, &val)) return(LDAP_OTHER);
2232         return(0);
2233 }
2234
2235 static int
2236 config_include(ConfigArgs *c) {
2237         unsigned long savelineno = c->lineno;
2238         int rc;
2239         ConfigFile *cf;
2240         ConfigFile *cfsave = cfn;
2241         ConfigFile *cf2 = NULL;
2242         if (c->op == SLAP_CONFIG_EMIT) {
2243                 if (c->private) {
2244                         ConfigFile *cf = c->private;
2245                         value_add_one( &c->rvalue_vals, &cf->c_file );
2246                         return 0;
2247                 }
2248                 return 1;
2249         } else if ( c->op == LDAP_MOD_DELETE ) {
2250         }
2251         cf = ch_calloc( 1, sizeof(ConfigFile));
2252         if ( cfn->c_kids ) {
2253                 for (cf2=cfn->c_kids; cf2 && cf2->c_sibs; cf2=cf2->c_sibs) ;
2254                 cf2->c_sibs = cf;
2255         } else {
2256                 cfn->c_kids = cf;
2257         }
2258         cfn = cf;
2259         ber_str2bv( c->argv[1], 0, 1, &cf->c_file );
2260         rc = read_config_file(c->argv[1], c->depth + 1, c, config_back_cf_table);
2261         c->lineno = savelineno - 1;
2262         cfn = cfsave;
2263         if ( rc ) {
2264                 if ( cf2 ) cf2->c_sibs = NULL;
2265                 else cfn->c_kids = NULL;
2266                 ch_free( cf->c_file.bv_val );
2267                 ch_free( cf );
2268         } else {
2269                 c->private = cf;
2270         }
2271         return(rc);
2272 }
2273
2274 #ifdef HAVE_TLS
2275 static int
2276 config_tls_option(ConfigArgs *c) {
2277         int flag;
2278         switch(c->type) {
2279         case CFG_TLS_RAND:      flag = LDAP_OPT_X_TLS_RANDOM_FILE;      break;
2280         case CFG_TLS_CIPHER:    flag = LDAP_OPT_X_TLS_CIPHER_SUITE;     break;
2281         case CFG_TLS_CERT_FILE: flag = LDAP_OPT_X_TLS_CERTFILE;         break;  
2282         case CFG_TLS_CERT_KEY:  flag = LDAP_OPT_X_TLS_KEYFILE;          break;
2283         case CFG_TLS_CA_PATH:   flag = LDAP_OPT_X_TLS_CACERTDIR;        break;
2284         case CFG_TLS_CA_FILE:   flag = LDAP_OPT_X_TLS_CACERTFILE;       break;
2285         default:                Debug(LDAP_DEBUG_ANY, "%s: "
2286                                         "unknown tls_option <0x%x>\n",
2287                                         c->log, c->type, 0);
2288         }
2289         if (c->op == SLAP_CONFIG_EMIT) {
2290                 return ldap_pvt_tls_get_option( NULL, flag, &c->value_string );
2291         } else if ( c->op == LDAP_MOD_DELETE ) {
2292                 return ldap_pvt_tls_set_option( NULL, flag, NULL );
2293         }
2294         ch_free(c->value_string);
2295         return(ldap_pvt_tls_set_option(NULL, flag, c->argv[1]));
2296 }
2297
2298 /* FIXME: this ought to be provided by libldap */
2299 static int
2300 config_tls_config(ConfigArgs *c) {
2301         int i, flag;
2302         slap_verbmasks crlkeys[] = {
2303                 { BER_BVC("none"),      LDAP_OPT_X_TLS_CRL_NONE },
2304                 { BER_BVC("peer"),      LDAP_OPT_X_TLS_CRL_PEER },
2305                 { BER_BVC("all"),       LDAP_OPT_X_TLS_CRL_ALL },
2306                 { BER_BVNULL, 0 }
2307         };
2308         slap_verbmasks vfykeys[] = {
2309                 { BER_BVC("never"),     LDAP_OPT_X_TLS_NEVER },
2310                 { BER_BVC("demand"),    LDAP_OPT_X_TLS_DEMAND },
2311                 { BER_BVC("try"),       LDAP_OPT_X_TLS_TRY },
2312                 { BER_BVC("hard"),      LDAP_OPT_X_TLS_HARD },
2313                 { BER_BVNULL, 0 }
2314         }, *keys;
2315         switch(c->type) {
2316         case CFG_TLS_CRLCHECK:  flag = LDAP_OPT_X_TLS_CRLCHECK;         keys = crlkeys; break;
2317         case CFG_TLS_VERIFY:    flag = LDAP_OPT_X_TLS_REQUIRE_CERT;     keys = vfykeys; break;
2318         default:
2319                 Debug(LDAP_DEBUG_ANY, "%s: "
2320                                 "unknown tls_option <0x%x>\n",
2321                                 c->log, c->type, 0);
2322         }
2323         if (c->op == SLAP_CONFIG_EMIT) {
2324                 ldap_pvt_tls_get_option( NULL, flag, &c->value_int );
2325                 for (i=0; !BER_BVISNULL(&keys[i].word); i++) {
2326                         if (keys[i].mask == c->value_int) {
2327                                 c->value_string = ch_strdup( keys[i].word.bv_val );
2328                                 return 0;
2329                         }
2330                 }
2331                 return 1;
2332         } else if ( c->op == LDAP_MOD_DELETE ) {
2333                 int i = 0;
2334                 return ldap_pvt_tls_set_option( NULL, flag, &i );
2335         }
2336         ch_free( c->value_string );
2337         if(isdigit((unsigned char)c->argv[1][0])) {
2338                 i = atoi(c->argv[1]);
2339                 return(ldap_pvt_tls_set_option(NULL, flag, &i));
2340         } else {
2341                 return(ldap_int_tls_config(NULL, flag, c->argv[1]));
2342         }
2343 }
2344 #endif
2345
2346 static CfEntryInfo *
2347 config_find_base( CfEntryInfo *root, struct berval *dn, CfEntryInfo **last )
2348 {
2349         struct berval cdn;
2350         char *c;
2351
2352         if ( !root ) {
2353                 *last = NULL;
2354                 return NULL;
2355         }
2356
2357         if ( dn_match( &root->ce_entry->e_nname, dn ))
2358                 return root;
2359
2360         c = dn->bv_val+dn->bv_len;
2361         for (;*c != ',';c--);
2362
2363         while(root) {
2364                 *last = root;
2365                 for (--c;c>dn->bv_val && *c != ',';c--);
2366                 cdn.bv_val = c;
2367                 if ( *c == ',' )
2368                         cdn.bv_val++;
2369                 cdn.bv_len = dn->bv_len - (cdn.bv_val - dn->bv_val);
2370
2371                 root = root->ce_kids;
2372
2373                 for (;root;root=root->ce_sibs) {
2374                         if ( dn_match( &root->ce_entry->e_nname, &cdn )) {
2375                                 if ( cdn.bv_val == dn->bv_val ) {
2376                                         return root;
2377                                 }
2378                                 break;
2379                         }
2380                 }
2381         }
2382         return root;
2383 }
2384
2385 static int
2386 config_ldif_resp( Operation *op, SlapReply *rs )
2387 {
2388         if ( rs->sr_type == REP_SEARCH ) {
2389                 CfBackInfo *cfb = op->o_callback->sc_private;
2390
2391                 cfb->cb_got_ldif = 1;
2392                 rs->sr_err = config_add_internal( cfb, rs->sr_entry, NULL, NULL );
2393         }
2394         return rs->sr_err;
2395 }
2396
2397 /* Configure and read the underlying back-ldif store */
2398 static int
2399 config_setup_ldif( BackendDB *be, const char *dir, int readit ) {
2400         CfBackInfo *cfb = be->be_private;
2401         ConfigArgs c = {0};
2402         ConfigTable *ct;
2403         char *argv[3];
2404         int rc = 0;
2405         slap_callback cb = { NULL, config_ldif_resp, NULL, NULL };
2406         Connection conn = {0};
2407         char opbuf[OPERATION_BUFFER_SIZE];
2408         Operation *op;
2409         SlapReply rs = {REP_RESULT};
2410         Filter filter = { LDAP_FILTER_PRESENT };
2411         struct berval filterstr = BER_BVC("(objectclass=*)");
2412         struct stat st;
2413
2414         /* Is the config directory available? */
2415         if ( stat( dir, &st ) < 0 ) {
2416                 /* No, so don't bother using the backing store.
2417                  * All changes will be in-memory only.
2418                  */
2419                 return 0;
2420         }
2421                 
2422         cfb->cb_db.bd_info = backend_info( "ldif" );
2423         if ( !cfb->cb_db.bd_info )
2424                 return 0;       /* FIXME: eventually this will be a fatal error */
2425
2426         if ( cfb->cb_db.bd_info->bi_db_init( &cfb->cb_db )) return 1;
2427
2428         /* Mark that back-ldif type is in use */
2429         cfb->cb_db.bd_info->bi_nDB++;
2430
2431         cfb->cb_db.be_suffix = be->be_suffix;
2432         cfb->cb_db.be_nsuffix = be->be_nsuffix;
2433         cfb->cb_db.be_rootdn = be->be_rootdn;
2434         cfb->cb_db.be_rootndn = be->be_rootndn;
2435
2436         ber_str2bv( dir, 0, 1, &cfdir );
2437
2438         c.be = &cfb->cb_db;
2439         c.fname = "slapd";
2440         c.argc = 2;
2441         argv[0] = "directory";
2442         argv[1] = (char *)dir;
2443         argv[2] = NULL;
2444         c.argv = argv;
2445
2446         ct = config_find_keyword( c.be->be_cf_ocs->co_table, &c );
2447         if ( !ct )
2448                 return 1;
2449
2450         if ( config_add_vals( ct, &c ))
2451                 return 1;
2452
2453         if ( backend_startup_one( &cfb->cb_db ))
2454                 return 1;
2455
2456         if ( readit ) {
2457                 op = (Operation *)opbuf;
2458                 connection_fake_init( &conn, op, cfb );
2459
2460                 filter.f_desc = slap_schema.si_ad_objectClass;
2461
2462                 op->o_tag = LDAP_REQ_SEARCH;
2463
2464                 op->ors_filter = &filter;
2465                 op->ors_filterstr = filterstr;
2466                 op->ors_scope = LDAP_SCOPE_SUBTREE;
2467
2468                 op->o_dn = be->be_rootdn;
2469                 op->o_ndn = be->be_rootndn;
2470
2471                 op->o_req_dn = be->be_suffix[0];
2472                 op->o_req_ndn = be->be_nsuffix[0];
2473
2474                 op->ors_tlimit = SLAP_NO_LIMIT;
2475                 op->ors_slimit = SLAP_NO_LIMIT;
2476
2477                 op->ors_attrs = slap_anlist_all_attributes;
2478                 op->ors_attrsonly = 0;
2479
2480                 op->o_callback = &cb;
2481                 cb.sc_private = cfb;
2482
2483                 op->o_bd = &cfb->cb_db;
2484                 rc = op->o_bd->be_search( op, &rs );
2485         }
2486
2487         cfb->cb_use_ldif = 1;
2488
2489         return rc;
2490 }
2491
2492 static int
2493 CfOc_cmp( const void *c1, const void *c2 ) {
2494         const ConfigOCs *co1 = c1;
2495         const ConfigOCs *co2 = c2;
2496
2497         return ber_bvcmp( co1->co_name, co2->co_name );
2498 }
2499
2500 int
2501 config_register_schema(ConfigTable *ct, ConfigOCs *ocs) {
2502         int i;
2503
2504         i = init_config_attrs( ct );
2505         if ( i ) return i;
2506
2507         /* set up the objectclasses */
2508         i = init_config_ocs( ocs );
2509         if ( i ) return i;
2510
2511         for (i=0; ocs[i].co_def; i++) {
2512                 if ( ocs[i].co_oc ) {
2513                         ocs[i].co_name = &ocs[i].co_oc->soc_cname;
2514                         if ( !ocs[i].co_table )
2515                                 ocs[i].co_table = ct;
2516                         avl_insert( &CfOcTree, &ocs[i], CfOc_cmp, avl_dup_error );
2517                 }
2518         }
2519         return 0;
2520 }
2521
2522 int
2523 read_config(const char *fname, const char *dir) {
2524         BackendDB *be;
2525         CfBackInfo *cfb;
2526         const char *cfdir, *cfname;
2527         int rc;
2528
2529         /* Setup the config backend */
2530         be = backend_db_init( "config" );
2531         if ( !be )
2532                 return 1;
2533
2534         cfb = be->be_private;
2535
2536         /* If no .conf, or a dir was specified, setup the dir */
2537         if ( !fname || dir ) {
2538                 if ( dir ) {
2539                         /* If explicitly given, check for existence */
2540                         struct stat st;
2541
2542                         if ( stat( dir, &st ) < 0 ) {
2543                                 Debug( LDAP_DEBUG_ANY,
2544                                         "invalid config directory %s, error %d\n",
2545                                                 dir, errno, 0 );
2546                                 return 1;
2547                         }
2548                         cfdir = dir;
2549                 } else {
2550                         cfdir = SLAPD_DEFAULT_CONFIGDIR;
2551                 }
2552                 /* if fname is defaulted, try reading .d */
2553                 if ( config_setup_ldif( be, cfdir, !fname ))
2554                         return 1;
2555
2556                 /* If we read the config from back-ldif, nothing to do here */
2557                 if ( cfb->cb_got_ldif )
2558                         return 0;
2559         }
2560
2561         if ( fname )
2562                 cfname = fname;
2563         else
2564                 cfname = SLAPD_DEFAULT_CONFIGFILE;
2565
2566         rc = read_config_file(cfname, 0, NULL, config_back_cf_table);
2567
2568         if ( rc == 0 )
2569                 ber_str2bv( cfname, 0, 1, &cf_prv.c_file );
2570
2571         /* If we got this far and failed, it may be a serious problem. In server
2572          * mode, we should never come to this. However, it may be alright if we're
2573          * using slapadd to create the conf dir.
2574          */
2575         while ( rc ) {
2576                 if ( slapMode & (SLAP_SERVER_MODE|SLAP_TOOL_READMAIN|SLAP_TOOL_READONLY))
2577                         break;
2578                 /* If a config file was explicitly given, fail */
2579                 if ( fname )
2580                         break;
2581                 
2582                 /* Seems to be slapadd with a config dir, let it continue */
2583                 if ( cfb->cb_use_ldif ) {
2584                         rc = 0;
2585                         cfb->cb_got_ldif = 1;
2586                 }
2587                 break;
2588         }
2589         return rc;
2590 }
2591
2592 static int
2593 config_back_bind( Operation *op, SlapReply *rs )
2594 {
2595         if ( op->orb_method == LDAP_AUTH_SIMPLE && be_isroot_pw( op )) {
2596                 ber_dupbv( &op->orb_edn, be_root_dn( op->o_bd ));
2597                 /* frontend sends result */
2598                 return LDAP_SUCCESS;
2599         }
2600
2601         rs->sr_err = LDAP_INVALID_CREDENTIALS;
2602         send_ldap_result( op, rs );
2603
2604         return rs->sr_err;
2605 }
2606
2607 static int
2608 config_send( Operation *op, SlapReply *rs, CfEntryInfo *ce, int depth )
2609 {
2610         int rc = 0;
2611
2612         if ( test_filter( op, ce->ce_entry, op->ors_filter ) == LDAP_COMPARE_TRUE )
2613         {
2614                 rs->sr_attrs = op->ors_attrs;
2615                 rs->sr_entry = ce->ce_entry;
2616                 rc = send_search_entry( op, rs );
2617         }
2618         if ( op->ors_scope == LDAP_SCOPE_SUBTREE ) {
2619                 if ( ce->ce_kids ) {
2620                         rc = config_send( op, rs, ce->ce_kids, 1 );
2621                         if ( rc ) return rc;
2622                 }
2623                 if ( depth ) {
2624                         for (ce=ce->ce_sibs; ce; ce=ce->ce_sibs) {
2625                                 rc = config_send( op, rs, ce, 0 );
2626                                 if ( rc ) break;
2627                         }
2628                 }
2629         }
2630         return rc;
2631 }
2632
2633 static ConfigTable *
2634 config_find_table( ConfigOCs **colst, int nocs, AttributeDescription *ad )
2635 {
2636         int i, j;
2637
2638         for (j=0; j<nocs; j++) {
2639                 for (i=0; colst[j]->co_table[i].name; i++)
2640                         if ( colst[j]->co_table[i].ad == ad )
2641                                 return &colst[j]->co_table[i];
2642         }
2643         return NULL;
2644 }
2645
2646 /* Sort the attributes of the entry according to the order defined
2647  * in the objectclass, with required attributes occurring before
2648  * allowed attributes. For any attributes with sequencing dependencies
2649  * (e.g., rootDN must be defined after suffix) the objectclass must
2650  * list the attributes in the desired sequence.
2651  */
2652 static void
2653 sort_attrs( Entry *e, ConfigOCs **colst, int nocs )
2654 {
2655         Attribute *a, *head = NULL, *tail = NULL, **prev;
2656         int i, j;
2657
2658         for (i=0; i<nocs; i++) {
2659                 if ( colst[i]->co_oc->soc_required ) {
2660                         AttributeType **at = colst[i]->co_oc->soc_required;
2661                         for (j=0; at[j]; j++) {
2662                                 for (a=e->e_attrs, prev=&e->e_attrs; a;
2663                                         prev = &(*prev)->a_next, a=a->a_next) {
2664                                         if ( a->a_desc == at[j]->sat_ad ) {
2665                                                 *prev = a->a_next;
2666                                                 if (!head) {
2667                                                         head = a;
2668                                                         tail = a;
2669                                                 } else {
2670                                                         tail->a_next = a;
2671                                                         tail = a;
2672                                                 }
2673                                                 break;
2674                                         }
2675                                 }
2676                         }
2677                 }
2678                 if ( colst[i]->co_oc->soc_allowed ) {
2679                         AttributeType **at = colst[i]->co_oc->soc_allowed;
2680                         for (j=0; at[j]; j++) {
2681                                 for (a=e->e_attrs, prev=&e->e_attrs; a;
2682                                         prev = &(*prev)->a_next, a=a->a_next) {
2683                                         if ( a->a_desc == at[j]->sat_ad ) {
2684                                                 *prev = a->a_next;
2685                                                 if (!head) {
2686                                                         head = a;
2687                                                         tail = a;
2688                                                 } else {
2689                                                         tail->a_next = a;
2690                                                         tail = a;
2691                                                 }
2692                                                 break;
2693                                         }
2694                                 }
2695                         }
2696                 }
2697         }
2698         if ( tail ) {
2699                 tail->a_next = e->e_attrs;
2700                 e->e_attrs = head;
2701         }
2702 }
2703
2704 static int
2705 check_vals( ConfigTable *ct, ConfigArgs *ca, void *ptr, int isAttr )
2706 {
2707         Attribute *a = NULL;
2708         AttributeDescription *ad;
2709         BerVarray vals;
2710
2711         int i, rc = 0, sort = 0;
2712
2713         if ( isAttr ) {
2714                 a = ptr;
2715                 ad = a->a_desc;
2716                 vals = a->a_vals;
2717         } else {
2718                 Modifications *ml = ptr;
2719                 ad = ml->sml_desc;
2720                 vals = ml->sml_values;
2721         }
2722
2723         if ( a && ( ad->ad_type->sat_flags & SLAP_AT_ORDERED_VAL )) {
2724                 sort = 1;
2725                 rc = ordered_value_sort( a, 1 );
2726                 if ( rc )
2727                         return rc;
2728         }
2729         for ( i=0; vals[i].bv_val; i++ ) {
2730                 ca->line = vals[i].bv_val;
2731                 if ( sort ) {
2732                         char *idx = strchr( ca->line, '}' );
2733                         if ( idx ) ca->line = idx+1;
2734                 }
2735                 rc = config_parse_vals( ct, ca, i );
2736                 if ( rc )
2737                         break;
2738         }
2739         return rc;
2740 }
2741
2742 static int
2743 check_name_index( CfEntryInfo *parent, ConfigType ce_type, Entry *e,
2744         SlapReply *rs, int *renum )
2745 {
2746         CfEntryInfo *ce;
2747         int index = -1, gotindex = 0, nsibs;
2748         int renumber = 0, tailindex = 0;
2749         char *ptr1, *ptr2;
2750         struct berval rdn;
2751
2752         if ( renum ) *renum = 0;
2753
2754         /* These entries don't get indexed/renumbered */
2755         if ( ce_type == Cft_Global ) return 0;
2756         if ( ce_type == Cft_Schema && parent->ce_type == Cft_Global ) return 0;
2757
2758         if ( ce_type == Cft_Include || ce_type == Cft_Module )
2759                 tailindex = 1;
2760
2761         /* See if the rdn has an index already */
2762         dnRdn( &e->e_name, &rdn );
2763         ptr1 = strchr( e->e_name.bv_val, '{' );
2764         if ( ptr1 && ptr1 - e->e_name.bv_val < rdn.bv_len ) {
2765                 ptr2 = strchr( ptr1, '}' );
2766                 if (!ptr2 || ptr2 - e->e_name.bv_val > rdn.bv_len)
2767                         return LDAP_NAMING_VIOLATION;
2768                 if ( ptr2-ptr1 == 1)
2769                         return LDAP_NAMING_VIOLATION;
2770                 gotindex = 1;
2771                 index = atoi(ptr1+1);
2772                 if ( index < 0 )
2773                         return LDAP_NAMING_VIOLATION;
2774         }
2775
2776         /* count related kids */
2777         for (nsibs=0, ce=parent->ce_kids; ce; ce=ce->ce_sibs) {
2778                 if ( ce->ce_type == ce_type ) nsibs++;
2779         }
2780
2781         if ( index != nsibs ) {
2782                 if ( gotindex ) {
2783                         if ( index < nsibs ) {
2784                                 if ( tailindex ) return LDAP_NAMING_VIOLATION;
2785                                 /* Siblings need to be renumbered */
2786                                 renumber = 1;
2787                         }
2788                 }
2789                 if ( !renumber ) {
2790                         struct berval ival, newrdn, nnewrdn;
2791                         struct berval rtype, rval;
2792                         Attribute *a;
2793                         AttributeDescription *ad = NULL;
2794                         char ibuf[32];
2795                         const char *text;
2796
2797                         rval.bv_val = strchr(rdn.bv_val, '=' ) + 1;
2798                         rval.bv_len = rdn.bv_len - (rval.bv_val - rdn.bv_val);
2799                         rtype.bv_val = rdn.bv_val;
2800                         rtype.bv_len = rval.bv_val - rtype.bv_val - 1;
2801
2802                         /* Find attr */
2803                         slap_bv2ad( &rtype, &ad, &text );
2804                         a = attr_find( e->e_attrs, ad );
2805                         if (!a ) return LDAP_NAMING_VIOLATION;
2806
2807                         ival.bv_val = ibuf;
2808                         ival.bv_len = sprintf( ibuf, IFMT, nsibs );
2809                         
2810                         newrdn.bv_len = rdn.bv_len + ival.bv_len;
2811                         newrdn.bv_val = ch_malloc( newrdn.bv_len+1 );
2812
2813                         if ( tailindex ) {
2814                                 ptr1 = lutil_strncopy( newrdn.bv_val, rdn.bv_val, rdn.bv_len );
2815                                 ptr1 = lutil_strcopy( ptr1, ival.bv_val );
2816                         } else {
2817                                 int xlen;
2818                                 if ( !gotindex ) {
2819                                         ptr2 = rval.bv_val;
2820                                         xlen = rval.bv_len;
2821                                 } else {
2822                                         xlen = rdn.bv_len - (ptr2 - rdn.bv_val);
2823                                 }
2824                                 ptr1 = lutil_strncopy( newrdn.bv_val, rtype.bv_val,
2825                                         rtype.bv_len );
2826                                 *ptr1++ = '=';
2827                                 ptr1 = lutil_strcopy( ptr1, ival.bv_val );
2828                                 ptr1 = lutil_strncopy( ptr1, ptr2, xlen );
2829                                 *ptr1 = '\0';
2830                         }
2831
2832                         /* Do the equivalent of ModRDN */
2833                         /* Replace DN / NDN */
2834                         newrdn.bv_len = ptr1 - newrdn.bv_val;
2835                         rdnNormalize( 0, NULL, NULL, &newrdn, &nnewrdn, NULL );
2836                         free( e->e_name.bv_val );
2837                         build_new_dn( &e->e_name, &parent->ce_entry->e_name,
2838                                 &newrdn, NULL );
2839                         free( e->e_nname.bv_val );
2840                         build_new_dn( &e->e_nname, &parent->ce_entry->e_nname,
2841                                 &nnewrdn, NULL );
2842
2843                         /* Replace attr */
2844                         free( a->a_vals[0].bv_val );
2845                         ptr1 = strchr( newrdn.bv_val, '=' ) + 1;
2846                         a->a_vals[0].bv_len = newrdn.bv_len - (ptr1 - newrdn.bv_val);
2847                         a->a_vals[0].bv_val = ch_malloc( a->a_vals[0].bv_len + 1 );
2848                         strcpy( a->a_vals[0].bv_val, ptr1 );
2849
2850                         if ( a->a_nvals != a->a_vals ) {
2851                                 free( a->a_nvals[0].bv_val );
2852                                 ptr1 = strchr( nnewrdn.bv_val, '=' ) + 1;
2853                                 a->a_nvals[0].bv_len = nnewrdn.bv_len - (ptr1 - nnewrdn.bv_val);
2854                                 a->a_nvals[0].bv_val = ch_malloc( a->a_nvals[0].bv_len + 1 );
2855                                 strcpy( a->a_nvals[0].bv_val, ptr1 );
2856                         }
2857                         free( nnewrdn.bv_val );
2858                         free( newrdn.bv_val );
2859                 }
2860         }
2861         if ( renum ) *renum = renumber;
2862         return 0;
2863 }
2864
2865 static ConfigOCs **
2866 count_ocs( Attribute *oc_at, int *nocs )
2867 {
2868         int i, j, n;
2869         ConfigOCs co, *coptr, **colst;
2870
2871         /* count the objectclasses */
2872         for ( i=0; oc_at->a_nvals[i].bv_val; i++ );
2873         n = i;
2874         colst = (ConfigOCs **)ch_malloc( n * sizeof(ConfigOCs *));
2875
2876         for ( i=0, j=0; i<n; i++) {
2877                 co.co_name = &oc_at->a_nvals[i];
2878                 coptr = avl_find( CfOcTree, &co, CfOc_cmp );
2879                 
2880                 /* ignore non-config objectclasses. probably should be
2881                  * an error, general data doesn't belong here.
2882                  */
2883                 if ( !coptr ) continue;
2884
2885                 /* Ignore the root objectclass, it has no implementation.
2886                  */
2887                 if ( coptr->co_type == Cft_Abstract ) continue;
2888                 colst[j++] = coptr;
2889         }
2890         *nocs = j;
2891         return colst;
2892 }
2893
2894 static int
2895 cfAddInclude( CfEntryInfo *p, Entry *e, ConfigArgs *ca )
2896 {
2897         if ( p->ce_type != Cft_Global && p->ce_type != Cft_Include )
2898                 return LDAP_CONSTRAINT_VIOLATION;
2899
2900         /* If we're reading from a configdir, don't parse this entry */
2901         if ( ca->lineno )
2902                 return LDAP_COMPARE_TRUE;
2903
2904         if ( p->ce_type == Cft_Global )
2905                 cfn = &cf_prv;
2906         else
2907                 cfn = p->ce_private;
2908         ca->private = cfn;
2909         return LDAP_SUCCESS;
2910 }
2911
2912 static int
2913 cfAddSchema( CfEntryInfo *p, Entry *e, ConfigArgs *ca )
2914 {
2915         ConfigFile *cfo;
2916
2917         /* This entry is hardcoded, don't re-parse it */
2918         if ( p->ce_type == Cft_Global ) {
2919                 cfn = &cf_prv;
2920                 ca->private = cfn;
2921                 return LDAP_COMPARE_TRUE;
2922         }
2923         if ( p->ce_type != Cft_Schema )
2924                 return LDAP_CONSTRAINT_VIOLATION;
2925
2926         cfn = ch_calloc( 1, sizeof(ConfigFile) );
2927         ca->private = cfn;
2928         cfo = p->ce_private;
2929         cfn->c_sibs = cfo->c_kids;
2930         cfo->c_kids = cfn;
2931         return LDAP_SUCCESS;
2932 }
2933
2934 static int
2935 cfAddDatabase( CfEntryInfo *p, Entry *e, struct config_args_s *ca )
2936 {
2937         if ( p->ce_type != Cft_Global )
2938                 return LDAP_CONSTRAINT_VIOLATION;
2939         ca->be = frontendDB;    /* just to get past check_vals */
2940         return LDAP_SUCCESS;
2941 }
2942
2943 static int
2944 cfAddBackend( CfEntryInfo *p, Entry *e, struct config_args_s *ca )
2945 {
2946         if ( p->ce_type != Cft_Global )
2947                 return LDAP_CONSTRAINT_VIOLATION;
2948         return LDAP_SUCCESS;
2949 }
2950
2951 static int
2952 cfAddModule( CfEntryInfo *p, Entry *e, struct config_args_s *ca )
2953 {
2954         if ( p->ce_type != Cft_Global )
2955                 return LDAP_CONSTRAINT_VIOLATION;
2956         return LDAP_SUCCESS;
2957 }
2958
2959 static int
2960 cfAddOverlay( CfEntryInfo *p, Entry *e, struct config_args_s *ca )
2961 {
2962         if ( p->ce_type != Cft_Database )
2963                 return LDAP_CONSTRAINT_VIOLATION;
2964         ca->be = p->ce_be;
2965         return LDAP_SUCCESS;
2966 }
2967
2968 /* Parse an LDAP entry into config directives */
2969 static int
2970 config_add_internal( CfBackInfo *cfb, Entry *e, SlapReply *rs, int *renum )
2971 {
2972         CfEntryInfo *ce, *last;
2973         ConfigOCs **colst;
2974         Attribute *a, *oc_at;
2975         int i, j, nocs, rc = 0;
2976         ConfigArgs ca = {0};
2977         struct berval pdn;
2978         ConfigTable *ct;
2979         char *ptr;
2980
2981         /* Make sure parent exists and entry does not */
2982         ce = config_find_base( cfb->cb_root, &e->e_nname, &last );
2983         if ( ce )
2984                 return LDAP_ALREADY_EXISTS;
2985
2986         dnParent( &e->e_nname, &pdn );
2987
2988         /* If last is NULL, the new entry is the root/suffix entry, 
2989          * otherwise last should be the parent.
2990          */
2991         if ( last && !dn_match( &last->ce_entry->e_nname, &pdn )) {
2992                 if ( rs )
2993                         rs->sr_matched = last->ce_entry->e_name.bv_val;
2994                 return LDAP_NO_SUCH_OBJECT;
2995         }
2996
2997         oc_at = attr_find( e->e_attrs, slap_schema.si_ad_objectClass );
2998         if ( !oc_at ) return LDAP_OBJECT_CLASS_VIOLATION;
2999
3000         /* Fake the coordinates based on whether we're part of an
3001          * LDAP Add or if reading the config dir
3002          */
3003         if ( rs ) {
3004                 ca.fname = "slapd";
3005                 ca.lineno = 0;
3006         } else {
3007                 ca.fname = cfdir.bv_val;
3008                 ca.lineno = 1;
3009         }
3010
3011         colst = count_ocs( oc_at, &nocs );
3012
3013         /* Only the root can be Cft_Global, everything else must
3014          * have a parent. Only limited nesting arrangements are allowed.
3015          */
3016         rc = LDAP_CONSTRAINT_VIOLATION;
3017         if ( colst[0]->co_type == Cft_Global && !last ) {
3018                 cfn = &cf_prv;
3019                 ca.private = cfn;
3020                 ca.be = frontendDB;     /* just to get past check_vals */
3021                 rc = LDAP_SUCCESS;
3022         }
3023
3024         /* Check whether the Add is allowed by its parent, and do
3025          * any necessary arg setup
3026          */
3027         if ( last ) {
3028                 for ( i=0; i<nocs; i++ ) {
3029                         if ( colst[i]->co_ldadd &&
3030                                 ( rc = colst[i]->co_ldadd( last, e, &ca ))
3031                                         != LDAP_CONSTRAINT_VIOLATION ) {
3032                                 break;
3033                         }
3034                 }
3035         }
3036
3037         /* Add the entry but don't parse it, we already have its contents */
3038         if ( rc == LDAP_COMPARE_TRUE ) {
3039                 rc = LDAP_SUCCESS;
3040                 goto ok;
3041         }
3042
3043         if ( rc != LDAP_SUCCESS )
3044                 goto leave;
3045
3046         /* Parse all the values and check for simple syntax errors before
3047          * performing any set actions.
3048          *
3049          * If doing an LDAPadd, check for indexed names and any necessary
3050          * renaming/renumbering. Entries that don't need indexed names are
3051          * ignored. Entries that need an indexed name and arrive without one
3052          * are assigned to the end. Entries that arrive with an index may
3053          * cause the following entries to be renumbered/bumped down.
3054          *
3055          * Note that "pseudo-indexed" entries (cn=Include{xx}, cn=Module{xx})
3056          * don't allow Adding an entry with an index that's already in use.
3057          * This is flagged as an error (LDAP_ALREADY_EXISTS) up above.
3058          *
3059          * These entries can have auto-assigned indexes (appended to the end)
3060          * but only the other types support auto-renumbering of siblings.
3061          */
3062         rc = check_name_index( last, colst[0]->co_type, e, rs, renum );
3063         if ( rc )
3064                 goto leave;
3065
3066         init_config_argv( &ca );
3067
3068         /* Make sure we process attrs in the required order */
3069         sort_attrs( e, colst, nocs );
3070
3071         for ( a=e->e_attrs; a; a=a->a_next ) {
3072                 if ( a == oc_at ) continue;
3073                 ct = config_find_table( colst, nocs, a->a_desc );
3074                 if ( !ct ) continue;    /* user data? */
3075                 rc = check_vals( ct, &ca, a, 1 );
3076                 if ( rc ) goto leave;
3077         }
3078
3079         /* Basic syntax checks are OK. Do the actual settings. */
3080         for ( a=e->e_attrs; a; a=a->a_next ) {
3081                 if ( a == oc_at ) continue;
3082                 ct = config_find_table( colst, nocs, a->a_desc );
3083                 if ( !ct ) continue;    /* user data? */
3084                 for (i=0; a->a_vals[i].bv_val; i++) {
3085                         ca.line = a->a_vals[i].bv_val;
3086                         if ( a->a_desc->ad_type->sat_flags & SLAP_AT_ORDERED ) {
3087                                 ptr = strchr( ca.line, '}' );
3088                                 if ( ptr ) ca.line = ptr+1;
3089                         }
3090                         ca.valx = i;
3091                         rc = config_parse_add( ct, &ca );
3092                         if ( rc ) {
3093                                 rc = LDAP_OTHER;
3094                                 goto leave;
3095                         }
3096                 }
3097         }
3098 ok:
3099         ce = ch_calloc( 1, sizeof(CfEntryInfo) );
3100         ce->ce_parent = last;
3101         ce->ce_entry = entry_dup( e );
3102         ce->ce_entry->e_private = ce;
3103         ce->ce_type = colst[0]->co_type;
3104         ce->ce_be = ca.be;
3105         ce->ce_bi = ca.bi;
3106         ce->ce_private = ca.private;
3107         if ( !last ) {
3108                 cfb->cb_root = ce;
3109         } else if ( last->ce_kids ) {
3110                 CfEntryInfo *c2;
3111
3112                 for (c2=last->ce_kids; c2 && c2->ce_sibs; c2 = c2->ce_sibs);
3113
3114                 c2->ce_sibs = ce;
3115         } else {
3116                 last->ce_kids = ce;
3117         }
3118
3119 leave:
3120         ch_free( ca.argv );
3121         if ( colst ) ch_free( colst );
3122         return rc;
3123 }
3124
3125 /* Parse an LDAP entry into config directives, then store in underlying
3126  * database.
3127  */
3128 static int
3129 config_back_add( Operation *op, SlapReply *rs )
3130 {
3131         CfBackInfo *cfb;
3132         CfEntryInfo *ce, *last;
3133         int renumber;
3134
3135         if ( !be_isroot( op ) ) {
3136                 rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
3137                 goto out;
3138         }
3139
3140         cfb = (CfBackInfo *)op->o_bd->be_private;
3141
3142         ldap_pvt_thread_pool_pause( &connection_pool );
3143
3144         /* Strategy:
3145          * 1) check for existence of entry
3146          * 2) check for sibling renumbering
3147          * 3) perform internal add
3148          * 4) store entry in underlying database
3149          * 5) perform any necessary renumbering
3150          */
3151         rs->sr_err = config_add_internal( cfb, op->ora_e, rs, &renumber );
3152         if ( rs->sr_err == LDAP_SUCCESS && cfb->cb_use_ldif ) {
3153                 BackendDB *be = op->o_bd;
3154                 slap_callback sc = { NULL, slap_null_cb, NULL, NULL };
3155                 op->o_bd = &cfb->cb_db;
3156                 sc.sc_next = op->o_callback;
3157                 op->o_callback = &sc;
3158                 op->o_bd->be_add( op, rs );
3159                 op->o_bd = be;
3160                 op->o_callback = sc.sc_next;
3161         }
3162         if ( renumber ) {
3163         }
3164
3165         ldap_pvt_thread_pool_resume( &connection_pool );
3166
3167 out:
3168         send_ldap_result( op, rs );
3169         return rs->sr_err;
3170 }
3171
3172 typedef struct delrec {
3173         struct delrec *next;
3174         int nidx;
3175         int idx[0];
3176 } delrec;
3177
3178 static int
3179 config_modify_internal( CfEntryInfo *ce, Operation *op, SlapReply *rs,
3180         ConfigArgs *ca )
3181 {
3182         CfBackInfo *cfb = (CfBackInfo *)op->o_bd->be_private;
3183         int rc = LDAP_UNWILLING_TO_PERFORM;
3184         Modifications *ml;
3185         Entry *e = ce->ce_entry;
3186         Attribute *save_attrs = e->e_attrs, *oc_at;
3187         ConfigTable *ct;
3188         ConfigOCs **colst;
3189         int i, nocs;
3190         char *ptr;
3191         delrec *dels = NULL, *deltail = NULL;
3192
3193         oc_at = attr_find( e->e_attrs, slap_schema.si_ad_objectClass );
3194         if ( !oc_at ) return LDAP_OBJECT_CLASS_VIOLATION;
3195
3196         colst = count_ocs( oc_at, &nocs );
3197
3198         e->e_attrs = attrs_dup( e->e_attrs );
3199
3200         init_config_argv( ca );
3201         ca->be = ce->ce_be;
3202         ca->bi = ce->ce_bi;
3203         ca->private = ce->ce_private;
3204         ca->ca_entry = e;
3205         strcpy( ca->log, "back-config" );
3206
3207         for (ml = op->orm_modlist; ml; ml=ml->sml_next) {
3208                 ct = config_find_table( colst, nocs, ml->sml_desc );
3209                 switch (ml->sml_op) {
3210                 case LDAP_MOD_DELETE:
3211                 case LDAP_MOD_REPLACE: {
3212                         BerVarray vals = NULL, nvals;
3213                         int *idx = NULL;
3214                         if ( ct && ( ct->arg_type & ARG_NO_DELETE )) {
3215                                 rc = LDAP_OTHER;
3216                                 snprintf( ca->msg, sizeof(ca->msg),
3217                                         "<%s> cannot be deleted" );
3218                                 snprintf(ca->msg, sizeof(ca->msg), "cannot delete %s",
3219                                         ml->sml_desc->ad_cname.bv_val );
3220                                 goto out;
3221                         }
3222                         if ( ml->sml_op == LDAP_MOD_REPLACE ) {
3223                                 vals = ml->sml_values;
3224                                 nvals = ml->sml_nvalues;
3225                                 ml->sml_values = NULL;
3226                                 ml->sml_nvalues = NULL;
3227                         }
3228                         /* If we're deleting by values, remember the indexes of the
3229                          * values we deleted.
3230                          */
3231                         if ( ct && ml->sml_values ) {
3232                                 delrec *d;
3233                                 for (i=0; ml->sml_values[i].bv_val; i++);
3234                                 d = ch_malloc( sizeof(delrec) + i * sizeof(int));
3235                                 d->nidx = i;
3236                                 d->next = NULL;
3237                                 if ( dels ) {
3238                                         deltail->next = d;
3239                                 } else {
3240                                         dels = d;
3241                                 }
3242                                 deltail = d;
3243                                 idx = d->idx;
3244                         }
3245                         rc = modify_delete_vindex(e, &ml->sml_mod,
3246                                 get_permissiveModify(op),
3247                                 &rs->sr_text, ca->msg, sizeof(ca->msg), idx );
3248                         if ( ml->sml_op == LDAP_MOD_REPLACE ) {
3249                                 ml->sml_values = vals;
3250                                 ml->sml_nvalues = nvals;
3251                         }
3252                         if ( !vals )
3253                                 break;
3254                         }
3255                         /* FALLTHRU: LDAP_MOD_REPLACE && vals */
3256
3257                 case LDAP_MOD_ADD:
3258                 case SLAP_MOD_SOFTADD: {
3259                         int mop = ml->sml_op;
3260                         int navals = -1;
3261                         ml->sml_op = LDAP_MOD_ADD;
3262                         if ( ct ) {
3263                                 if ( ct->arg_type & ARG_NO_INSERT ) {
3264                                         Attribute *a = attr_find( e->e_attrs, ml->sml_desc );
3265                                         if ( a ) {
3266                                                 for (i = 0; a->a_vals[i].bv_val; i++ );
3267                                                 navals = i;
3268                                         }
3269                                 }
3270                                 for ( i=0; !BER_BVISNULL( &ml->sml_values[i] ); i++ ) {
3271                                         if ( ml->sml_values[i].bv_val[0] == '{' &&
3272                                                 navals >= 0 ) {
3273                                                 int j = strtol( ml->sml_values[i].bv_val+1, NULL, 0 );
3274                                                 if ( j < navals ) {
3275                                                         rc = LDAP_OTHER;
3276                                                         snprintf(ca->msg, sizeof(ca->msg), "cannot insert %s",
3277                                                                 ml->sml_desc->ad_cname.bv_val );
3278                                                         goto out;
3279                                                 }
3280                                         }
3281                                         rc = check_vals( ct, ca, ml, 0 );
3282                                         if ( rc ) goto out;
3283                                 }
3284                         }
3285                         rc = modify_add_values(e, &ml->sml_mod,
3286                                    get_permissiveModify(op),
3287                                    &rs->sr_text, ca->msg, sizeof(ca->msg) );
3288
3289                         /* If value already exists, show success here
3290                          * and ignore this operation down below.
3291                          */
3292                         if ( mop == SLAP_MOD_SOFTADD ) {
3293                                 if ( rc == LDAP_TYPE_OR_VALUE_EXISTS )
3294                                         rc = LDAP_SUCCESS;
3295                                 else
3296                                         mop = LDAP_MOD_ADD;
3297                         }
3298                         ml->sml_op = mop;
3299                         break;
3300                         }
3301
3302                         break;
3303                 case LDAP_MOD_INCREMENT:        /* FIXME */
3304                         break;
3305                 default:
3306                         break;
3307                 }
3308                 if(rc != LDAP_SUCCESS) break;
3309         }
3310         
3311         if(rc == LDAP_SUCCESS) {
3312                 /* check that the entry still obeys the schema */
3313                 rc = entry_schema_check(op->o_bd, e, NULL,
3314                                   &rs->sr_text, ca->msg, sizeof(ca->msg) );
3315         }
3316         if ( rc == LDAP_SUCCESS ) {
3317                 /* Basic syntax checks are OK. Do the actual settings. */
3318                 for ( ml = op->orm_modlist; ml; ml = ml->sml_next ) {
3319                         ct = config_find_table( colst, nocs, ml->sml_desc );
3320                         if ( !ct ) continue;
3321
3322                         switch (ml->sml_op) {
3323                         case LDAP_MOD_DELETE:
3324                         case LDAP_MOD_REPLACE: {
3325                                 BerVarray vals = NULL, nvals;
3326                                 Attribute *a;
3327                                 delrec *d;
3328
3329                                 a = attr_find( e->e_attrs, ml->sml_desc );
3330
3331                                 if ( ml->sml_op == LDAP_MOD_REPLACE ) {
3332                                         vals = ml->sml_values;
3333                                         nvals = ml->sml_nvalues;
3334                                         ml->sml_values = NULL;
3335                                         ml->sml_nvalues = NULL;
3336                                 }
3337
3338                                 if ( ml->sml_values )
3339                                         d = dels;
3340
3341                                 /* If we didn't delete the whole attribute */
3342                                 if ( ml->sml_values && a ) {
3343                                         struct berval *mvals;
3344                                         int j;
3345
3346                                         if ( ml->sml_nvalues )
3347                                                 mvals = ml->sml_nvalues;
3348                                         else
3349                                                 mvals = ml->sml_values;
3350
3351                                         /* use the indexes we saved up above */
3352                                         for (i=0; i < d->nidx; i++) {
3353                                                 struct berval bv = *mvals++;
3354                                                 if ( a->a_desc->ad_type->sat_flags & SLAP_AT_ORDERED &&
3355                                                         bv.bv_val[0] == '{' ) {
3356                                                         ptr = strchr( bv.bv_val, '}' ) + 1;
3357                                                         bv.bv_len -= ptr - bv.bv_val;
3358                                                         bv.bv_val = ptr;
3359                                                 }
3360                                                 ca->line = bv.bv_val;
3361                                                 ca->valx = d->idx[i];
3362                                                 rc = config_del_vals( ct, ca );
3363                                                 if ( rc != LDAP_SUCCESS ) break;
3364                                                 for (j=i+1; j < d->nidx; j++)
3365                                                         if ( d->idx[j] >d->idx[i] )
3366                                                                 d->idx[j]--;
3367                                         }
3368                                 } else {
3369                                         ca->valx = -1;
3370                                         ca->line = NULL;
3371                                         rc = config_del_vals( ct, ca );
3372                                         if ( rc ) rc = LDAP_OTHER;
3373                                 }
3374                                 if ( ml->sml_values ) {
3375                                         ch_free( dels );
3376                                         dels = d->next;
3377                                 }
3378                                 if ( ml->sml_op == LDAP_MOD_REPLACE ) {
3379                                         ml->sml_values = vals;
3380                                         ml->sml_nvalues = nvals;
3381                                 }
3382                                 if ( !vals || rc != LDAP_SUCCESS )
3383                                         break;
3384                                 }
3385                                 /* FALLTHRU: LDAP_MOD_REPLACE && vals */
3386
3387                         case LDAP_MOD_ADD:
3388                                 for (i=0; ml->sml_values[i].bv_val; i++) {
3389                                         ca->line = ml->sml_values[i].bv_val;
3390                                         ca->valx = -1;
3391                                         if ( ml->sml_desc->ad_type->sat_flags & SLAP_AT_ORDERED &&
3392                                                 ca->line[0] == '{' ) {
3393                                                 ptr = strchr( ca->line, '}' );
3394                                                 if ( ptr ) {
3395                                                         ca->valx = strtol( ca->line+1, NULL, 0 );
3396                                                         ca->line = ptr+1;
3397                                                 }
3398                                         }
3399                                         rc = config_parse_add( ct, ca );
3400                                         if ( rc ) {
3401                                                 rc = LDAP_OTHER;
3402                                                 goto out;
3403                                         }
3404                                 }
3405
3406                                 break;
3407                         }
3408                 }
3409         }
3410
3411 out:
3412         if ( ca->cleanup )
3413                 ca->cleanup( ca );
3414         if ( rc == LDAP_SUCCESS ) {
3415                 attrs_free( save_attrs );
3416         } else {
3417                 attrs_free( e->e_attrs );
3418                 e->e_attrs = save_attrs;
3419         }
3420         ch_free( ca->argv );
3421         if ( colst ) ch_free( colst );
3422
3423         return rc;
3424 }
3425
3426 static int
3427 config_back_modify( Operation *op, SlapReply *rs )
3428 {
3429         CfBackInfo *cfb;
3430         CfEntryInfo *ce, *last;
3431         Modifications *ml;
3432         ConfigArgs ca = {0};
3433         struct berval rdn;
3434         char *ptr;
3435         AttributeDescription *rad = NULL;
3436
3437         if ( !be_isroot( op ) ) {
3438                 rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
3439                 goto out;
3440         }
3441
3442         cfb = (CfBackInfo *)op->o_bd->be_private;
3443
3444         ce = config_find_base( cfb->cb_root, &op->o_req_ndn, &last );
3445         if ( !ce ) {
3446                 if ( last )
3447                         rs->sr_matched = last->ce_entry->e_name.bv_val;
3448                 rs->sr_err = LDAP_NO_SUCH_OBJECT;
3449                 goto out;
3450         }
3451
3452         /* Get type of RDN */
3453         rdn = ce->ce_entry->e_nname;
3454         ptr = strchr( rdn.bv_val, '=' );
3455         rdn.bv_len = ptr - rdn.bv_val;
3456         slap_bv2ad( &rdn, &rad, &rs->sr_text );
3457
3458         /* Some basic validation... */
3459         for ( ml = op->orm_modlist; ml; ml = ml->sml_next ) {
3460                 /* Don't allow Modify of RDN; must use ModRdn for that. */
3461                 if ( ml->sml_desc == rad ) {
3462                         rs->sr_err = LDAP_NOT_ALLOWED_ON_RDN;
3463                         rs->sr_text = "Use modrdn to change the entry name";
3464                         goto out;
3465                 }
3466         }
3467
3468         ldap_pvt_thread_pool_pause( &connection_pool );
3469
3470         /* Strategy:
3471          * 1) perform the Modify on the cached Entry.
3472          * 2) verify that the Entry still satisfies the schema.
3473          * 3) perform the individual config operations.
3474          * 4) store Modified entry in underlying LDIF backend.
3475          */
3476         rs->sr_err = config_modify_internal( ce, op, rs, &ca );
3477         if ( rs->sr_err ) {
3478                 rs->sr_text = ca.msg;
3479         } else if ( cfb->cb_use_ldif ) {
3480                 BackendDB *be = op->o_bd;
3481                 slap_callback sc = { NULL, slap_null_cb, NULL, NULL };
3482                 op->o_bd = &cfb->cb_db;
3483                 sc.sc_next = op->o_callback;
3484                 op->o_callback = &sc;
3485                 op->o_bd->be_modify( op, rs );
3486                 op->o_bd = be;
3487                 op->o_callback = sc.sc_next;
3488         }
3489
3490         ldap_pvt_thread_pool_resume( &connection_pool );
3491 out:
3492         send_ldap_result( op, rs );
3493         return rs->sr_err;
3494 }
3495
3496 static int
3497 config_back_modrdn( Operation *op, SlapReply *rs )
3498 {
3499         CfBackInfo *cfb;
3500         CfEntryInfo *ce, *last;
3501
3502         if ( !be_isroot( op ) ) {
3503                 rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
3504                 goto out;
3505         }
3506
3507         cfb = (CfBackInfo *)op->o_bd->be_private;
3508
3509         ce = config_find_base( cfb->cb_root, &op->o_req_ndn, &last );
3510         if ( !ce ) {
3511                 if ( last )
3512                         rs->sr_matched = last->ce_entry->e_name.bv_val;
3513                 rs->sr_err = LDAP_NO_SUCH_OBJECT;
3514                 goto out;
3515         }
3516
3517         /* We don't allow moving objects to new parents.
3518          * Generally we only allow reordering a set of ordered entries.
3519          */
3520         if ( op->orr_newSup ) {
3521                 rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
3522                 goto out;
3523         }
3524         ldap_pvt_thread_pool_pause( &connection_pool );
3525
3526         ldap_pvt_thread_pool_resume( &connection_pool );
3527 out:
3528         send_ldap_result( op, rs );
3529         return rs->sr_err;
3530 }
3531
3532 static int
3533 config_back_search( Operation *op, SlapReply *rs )
3534 {
3535         CfBackInfo *cfb;
3536         CfEntryInfo *ce, *last;
3537         int rc;
3538
3539         if ( !be_isroot( op ) ) {
3540                 rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
3541                 goto out;
3542         }
3543
3544         cfb = (CfBackInfo *)op->o_bd->be_private;
3545
3546         ce = config_find_base( cfb->cb_root, &op->o_req_ndn, &last );
3547         if ( !ce ) {
3548                 if ( last )
3549                         rs->sr_matched = last->ce_entry->e_name.bv_val;
3550                 rs->sr_err = LDAP_NO_SUCH_OBJECT;
3551                 goto out;
3552         }
3553         switch ( op->ors_scope ) {
3554         case LDAP_SCOPE_BASE:
3555         case LDAP_SCOPE_SUBTREE:
3556                 config_send( op, rs, ce, 0 );
3557                 break;
3558                 
3559         case LDAP_SCOPE_ONELEVEL:
3560                 for (ce = ce->ce_kids; ce; ce=ce->ce_sibs) {
3561                         config_send( op, rs, ce, 1 );
3562                 }
3563                 break;
3564         }
3565                 
3566         rs->sr_err = LDAP_SUCCESS;
3567 out:
3568         send_ldap_result( op, rs );
3569         return 0;
3570 }
3571
3572 static void
3573 config_build_attrs( Entry *e, AttributeType **at, AttributeDescription *ad,
3574         ConfigTable *ct, ConfigArgs *c )
3575 {
3576         int i, rc;
3577
3578         for (; at && *at; at++) {
3579                 /* Skip the naming attr */
3580                 if ((*at)->sat_ad == ad || (*at)->sat_ad == slap_schema.si_ad_cn )
3581                         continue;
3582                 for (i=0;ct[i].name;i++) {
3583                         if (ct[i].ad == (*at)->sat_ad) {
3584                                 rc = config_get_vals(&ct[i], c);
3585                                 if (rc == LDAP_SUCCESS) {
3586                                         if ( c->rvalue_nvals )
3587                                                 attr_merge(e, ct[i].ad, c->rvalue_vals,
3588                                                         c->rvalue_nvals);
3589                                         else
3590                                                 attr_merge_normalize(e, ct[i].ad,
3591                                                         c->rvalue_vals, NULL);
3592                                         ber_bvarray_free( c->rvalue_nvals );
3593                                         ber_bvarray_free( c->rvalue_vals );
3594                                 }
3595                                 break;
3596                         }
3597                 }
3598         }
3599 }
3600
3601 Entry *
3602 config_build_entry( Operation *op, SlapReply *rs, CfEntryInfo *parent,
3603         ConfigArgs *c, struct berval *rdn, ConfigOCs *main, ConfigOCs *extra )
3604 {
3605         Entry *e = ch_calloc( 1, sizeof(Entry) );
3606         CfEntryInfo *ce = ch_calloc( 1, sizeof(CfEntryInfo) );
3607         struct berval val;
3608         struct berval ad_name;
3609         AttributeDescription *ad = NULL;
3610         int rc;
3611         char *ptr;
3612         const char *text;
3613         Attribute *oc_at;
3614         struct berval pdn;
3615         ObjectClass *oc;
3616         CfEntryInfo *ceprev = NULL;
3617
3618         e->e_private = ce;
3619         ce->ce_entry = e;
3620         ce->ce_parent = parent;
3621         if ( parent ) {
3622                 pdn = parent->ce_entry->e_nname;
3623                 if ( parent->ce_kids )
3624                         for ( ceprev = parent->ce_kids; ceprev->ce_sibs;
3625                                 ceprev = ceprev->ce_sibs );
3626         } else {
3627                 BER_BVZERO( &pdn );
3628         }
3629
3630         ce->ce_type = main->co_type;
3631         ce->ce_private = c->private;
3632         ce->ce_be = c->be;
3633         ce->ce_bi = c->bi;
3634
3635         build_new_dn( &e->e_name, &pdn, rdn, NULL );
3636         ber_dupbv( &e->e_nname, &e->e_name );
3637
3638         attr_merge_normalize_one(e, slap_schema.si_ad_objectClass,
3639                 main->co_name, NULL );
3640         if ( extra )
3641                 attr_merge_normalize_one(e, slap_schema.si_ad_objectClass,
3642                         extra->co_name, NULL );
3643         ptr = strchr(rdn->bv_val, '=');
3644         ad_name.bv_val = rdn->bv_val;
3645         ad_name.bv_len = ptr - rdn->bv_val;
3646         rc = slap_bv2ad( &ad_name, &ad, &text );
3647         if ( rc ) {
3648                 return NULL;
3649         }
3650         val.bv_val = ptr+1;
3651         val.bv_len = rdn->bv_len - (val.bv_val - rdn->bv_val);
3652         attr_merge_normalize_one(e, ad, &val, NULL );
3653
3654         oc = main->co_oc;
3655         if ( oc->soc_required )
3656                 config_build_attrs( e, oc->soc_required, ad, main->co_table, c );
3657
3658         if ( oc->soc_allowed )
3659                 config_build_attrs( e, oc->soc_allowed, ad, main->co_table, c );
3660
3661         if ( extra ) {
3662                 oc = extra->co_oc;
3663                 if ( oc->soc_required )
3664                         config_build_attrs( e, oc->soc_required, ad, main->co_table, c );
3665
3666                 if ( oc->soc_allowed )
3667                         config_build_attrs( e, oc->soc_allowed, ad, main->co_table, c );
3668         }
3669
3670         oc_at = attr_find( e->e_attrs, slap_schema.si_ad_objectClass );
3671         rc = structural_class(oc_at->a_vals, &val, NULL, &text, c->msg,
3672                 sizeof(c->msg));
3673         attr_merge_normalize_one(e, slap_schema.si_ad_structuralObjectClass, &val, NULL );
3674         if ( op ) {
3675                 op->ora_e = e;
3676                 op->o_bd->be_add( op, rs );
3677         }
3678         if ( ceprev ) {
3679                 ceprev->ce_sibs = ce;
3680         } else if ( parent ) {
3681                 parent->ce_kids = ce;
3682         }
3683
3684         return e;
3685 }
3686
3687 static void
3688 config_build_schema_inc( ConfigArgs *c, CfEntryInfo *ceparent,
3689         Operation *op, SlapReply *rs )
3690 {
3691         Entry *e;
3692         ConfigFile *cf = c->private;
3693         char *ptr;
3694         struct berval bv;
3695
3696         for (; cf; cf=cf->c_sibs, c->depth++) {
3697                 c->value_dn.bv_val = c->log;
3698                 bv.bv_val = strrchr(cf->c_file.bv_val, LDAP_DIRSEP[0]);
3699                 if ( !bv.bv_val ) {
3700                         bv = cf->c_file;
3701                 } else {
3702                         bv.bv_val++;
3703                         bv.bv_len = cf->c_file.bv_len - (bv.bv_val - cf->c_file.bv_val);
3704                 }
3705                 ptr = strchr( bv.bv_val, '.' );
3706                 if ( ptr )
3707                         bv.bv_len = ptr - bv.bv_val;
3708                 c->value_dn.bv_len = sprintf(c->value_dn.bv_val, "cn=" IFMT, c->depth);
3709                 strncpy( c->value_dn.bv_val + c->value_dn.bv_len, bv.bv_val,
3710                         bv.bv_len );
3711                 c->value_dn.bv_len += bv.bv_len;
3712                 c->value_dn.bv_val[c->value_dn.bv_len] ='\0';
3713
3714                 c->private = cf;
3715                 e = config_build_entry( op, rs, ceparent, c, &c->value_dn,
3716                         &CFOC_SCHEMA, NULL );
3717                 if ( e && cf->c_kids ) {
3718                         c->private = cf->c_kids;
3719                         config_build_schema_inc( c, e->e_private, op, rs );
3720                 }
3721         }
3722 }
3723
3724 static void
3725 config_build_includes( ConfigArgs *c, CfEntryInfo *ceparent,
3726         Operation *op, SlapReply *rs )
3727 {
3728         Entry *e;
3729         int i;
3730         ConfigFile *cf = c->private;
3731
3732         for (i=0; cf; cf=cf->c_sibs, i++) {
3733                 c->value_dn.bv_val = c->log;
3734                 c->value_dn.bv_len = sprintf(c->value_dn.bv_val, "cn=include" IFMT, i);
3735                 c->private = cf;
3736                 e = config_build_entry( op, rs, ceparent, c, &c->value_dn,
3737                         &CFOC_INCLUDE, NULL );
3738                 if ( e && cf->c_kids ) {
3739                         c->private = cf->c_kids;
3740                         config_build_includes( c, e->e_private, op, rs );
3741                 }
3742         }
3743 }
3744
3745 #ifdef SLAPD_MODULES
3746
3747 static void
3748 config_build_modules( ConfigArgs *c, CfEntryInfo *ceparent,
3749         Operation *op, SlapReply *rs )
3750 {
3751         int i;
3752         ModPaths *mp;
3753
3754         for (i=0, mp=&modpaths; mp; mp=mp->mp_next, i++) {
3755                 if ( BER_BVISNULL( &mp->mp_path ) && !mp->mp_loads )
3756                         continue;
3757                 c->value_dn.bv_val = c->log;
3758                 c->value_dn.bv_len = sprintf(c->value_dn.bv_val, "cn=module" IFMT, i);
3759                 c->private = mp;
3760                 config_build_entry( op, rs, ceparent, c, &c->value_dn,
3761                         &CFOC_MODULE, NULL );
3762         }
3763 }
3764 #endif
3765
3766 static int
3767 config_back_db_open( BackendDB *be )
3768 {
3769         CfBackInfo *cfb = be->be_private;
3770         struct berval rdn;
3771         Entry *e, *parent;
3772         CfEntryInfo *ce, *ceparent, *ceprev;
3773         int i, rc;
3774         BackendInfo *bi;
3775         BackendDB *bptr;
3776         ConfigArgs c;
3777         ConfigTable *ct;
3778         Connection conn = {0};
3779         char opbuf[OPERATION_BUFFER_SIZE];
3780         Operation *op;
3781         slap_callback cb = { NULL, slap_null_cb, NULL, NULL };
3782         SlapReply rs = {REP_RESULT};
3783
3784         /* If we read the config from back-ldif, nothing to do here */
3785         if ( cfb->cb_got_ldif )
3786                 return 0;
3787
3788         if ( cfb->cb_use_ldif ) {
3789                 op = (Operation *)opbuf;
3790                 connection_fake_init( &conn, op, cfb );
3791
3792                 op->o_dn = be->be_rootdn;
3793                 op->o_ndn = be->be_rootndn;
3794
3795                 op->o_tag = LDAP_REQ_ADD;
3796                 op->o_callback = &cb;
3797                 op->o_bd = &cfb->cb_db;
3798         } else {
3799                 op = NULL;
3800         }
3801
3802         /* create root of tree */
3803         rdn = config_rdn;
3804         c.private = cfb->cb_config;
3805         c.be = frontendDB;
3806         e = config_build_entry( op, &rs, NULL, &c, &rdn, &CFOC_GLOBAL, NULL );
3807         ce = e->e_private;
3808         cfb->cb_root = ce;
3809
3810         parent = e;
3811         ceparent = ce;
3812
3813         /* Create schema nodes... cn=schema will contain the hardcoded core
3814          * schema, read-only. Child objects will contain runtime loaded schema
3815          * files.
3816          */
3817         rdn = schema_rdn;
3818         c.private = NULL;
3819         e = config_build_entry( op, &rs, ceparent, &c, &rdn, &CFOC_SCHEMA, NULL );
3820
3821         /* Create includeFile nodes and schema nodes for included schema... */
3822         if ( cfb->cb_config->c_kids ) {
3823                 c.depth = 0;
3824                 c.private = cfb->cb_config->c_kids;
3825                 config_build_schema_inc( &c, ce, op, &rs );
3826                 c.private = cfb->cb_config->c_kids;
3827                 config_build_includes( &c, ceparent, op, &rs );
3828         }
3829
3830 #ifdef SLAPD_MODULES
3831         /* Create Module nodes... */
3832         if ( modpaths.mp_loads ) {
3833                 config_build_modules( &c, ceparent, op, &rs );
3834         }
3835 #endif
3836
3837         /* Create backend nodes. Skip if they don't provide a cf_table.
3838          * There usually aren't any of these.
3839          */
3840         
3841         c.line = 0;
3842         LDAP_STAILQ_FOREACH( bi, &backendInfo, bi_next) {
3843                 if (!bi->bi_cf_ocs) continue;
3844                 if (!bi->bi_private) continue;
3845
3846                 rdn.bv_val = c.log;
3847                 rdn.bv_len = sprintf(rdn.bv_val, "%s=%s", cfAd_backend->ad_cname.bv_val, bi->bi_type);
3848                 c.bi = bi;
3849                 e = config_build_entry( op, &rs, ceparent, &c, &rdn, &CFOC_BACKEND,
3850                         bi->bi_cf_ocs );
3851         }
3852
3853         /* Create database nodes... */
3854         i = -1;
3855         LDAP_STAILQ_FOREACH( be, &backendDB, be_next ) {
3856                 slap_overinfo *oi = NULL;
3857                 i++;
3858                 if ( i == 0 ) {
3859                         bptr = frontendDB;
3860                 } else {
3861                         bptr = be;
3862                 }
3863                 if ( overlay_is_over( bptr )) {
3864                         oi = bptr->bd_info->bi_private;
3865                         bi = oi->oi_orig;
3866                 } else {
3867                         bi = bptr->bd_info;
3868                 }
3869                 rdn.bv_val = c.log;
3870                 rdn.bv_len = sprintf(rdn.bv_val, "%s=" IFMT "%s", cfAd_database->ad_cname.bv_val,
3871                         i, bi->bi_type);
3872                 c.be = bptr;
3873                 c.bi = bi;
3874                 e = config_build_entry( op, &rs, ceparent, &c, &rdn, &CFOC_DATABASE,
3875                         be->be_cf_ocs );
3876                 ce = e->e_private;
3877                 /* Iterate through overlays */
3878                 if ( oi ) {
3879                         slap_overinst *on;
3880                         Entry *oe;
3881                         int j;
3882
3883                         for (j=0,on=oi->oi_list; on; j++,on=on->on_next) {
3884                                 rdn.bv_val = c.log;
3885                                 rdn.bv_len = sprintf(rdn.bv_val, "%s=" IFMT "%s",
3886                                         cfAd_overlay->ad_cname.bv_val, j, on->on_bi.bi_type );
3887                                 c.be = bptr;
3888                                 c.bi = &on->on_bi;
3889                                 oe = config_build_entry( op, &rs, ce, &c, &rdn,
3890                                         &CFOC_OVERLAY, c.bi->bi_cf_ocs );
3891                         }
3892                 }
3893         }
3894
3895         return 0;
3896 }
3897
3898 static int
3899 config_back_db_destroy( Backend *be )
3900 {
3901         free( be->be_private );
3902         return 0;
3903 }
3904
3905 static int
3906 config_back_db_init( Backend *be )
3907 {
3908         struct berval dn;
3909         CfBackInfo *cfb;
3910
3911         cfb = ch_calloc( 1, sizeof(CfBackInfo));
3912         cfb->cb_config = &cf_prv;
3913         be->be_private = cfb;
3914
3915         ber_dupbv( &be->be_rootdn, &config_rdn );
3916         ber_dupbv( &be->be_rootndn, &be->be_rootdn );
3917         ber_dupbv( &dn, &be->be_rootdn );
3918         ber_bvarray_add( &be->be_suffix, &dn );
3919         ber_dupbv( &dn, &be->be_rootdn );
3920         ber_bvarray_add( &be->be_nsuffix, &dn );
3921
3922         /* Hide from namingContexts */
3923         SLAP_BFLAGS(be) |= SLAP_BFLAG_CONFIG;
3924
3925         return 0;
3926 }
3927
3928 static int
3929 config_back_destroy( BackendInfo *bi )
3930 {
3931         ldif_must_b64_encode_release();
3932         return 0;
3933 }
3934
3935 static int
3936 config_tool_entry_open( BackendDB *be, int mode )
3937 {
3938         CfBackInfo *cfb = be->be_private;
3939         BackendInfo *bi = cfb->cb_db.bd_info;
3940
3941         if ( bi && bi->bi_tool_entry_open )
3942                 return bi->bi_tool_entry_open( &cfb->cb_db, mode );
3943         else
3944                 return -1;
3945         
3946 }
3947
3948 static int
3949 config_tool_entry_close( BackendDB *be )
3950 {
3951         CfBackInfo *cfb = be->be_private;
3952         BackendInfo *bi = cfb->cb_db.bd_info;
3953
3954         if ( bi && bi->bi_tool_entry_close )
3955                 return bi->bi_tool_entry_close( &cfb->cb_db );
3956         else
3957                 return -1;
3958 }
3959
3960 static ID
3961 config_tool_entry_first( BackendDB *be )
3962 {
3963         CfBackInfo *cfb = be->be_private;
3964         BackendInfo *bi = cfb->cb_db.bd_info;
3965
3966         if ( bi && bi->bi_tool_entry_first )
3967                 return bi->bi_tool_entry_first( &cfb->cb_db );
3968         else
3969                 return NOID;
3970 }
3971
3972 static ID
3973 config_tool_entry_next( BackendDB *be )
3974 {
3975         CfBackInfo *cfb = be->be_private;
3976         BackendInfo *bi = cfb->cb_db.bd_info;
3977
3978         if ( bi && bi->bi_tool_entry_next )
3979                 return bi->bi_tool_entry_next( &cfb->cb_db );
3980         else
3981                 return NOID;
3982 }
3983
3984 static Entry *
3985 config_tool_entry_get( BackendDB *be, ID id )
3986 {
3987         CfBackInfo *cfb = be->be_private;
3988         BackendInfo *bi = cfb->cb_db.bd_info;
3989
3990         if ( bi && bi->bi_tool_entry_get )
3991                 return bi->bi_tool_entry_get( &cfb->cb_db, id );
3992         else
3993                 return NULL;
3994 }
3995
3996 static ID
3997 config_tool_entry_put( BackendDB *be, Entry *e, struct berval *text )
3998 {
3999         CfBackInfo *cfb = be->be_private;
4000         BackendInfo *bi = cfb->cb_db.bd_info;
4001
4002         if ( bi && bi->bi_tool_entry_put &&
4003                 config_add_internal( cfb, e, NULL, NULL ) == 0 )
4004                 return bi->bi_tool_entry_put( &cfb->cb_db, e, text );
4005         else
4006                 return NOID;
4007 }
4008
4009 static struct {
4010         char *name;
4011         AttributeDescription **desc;
4012 } ads[] = {
4013         { "backend", &cfAd_backend },
4014         { "database", &cfAd_database },
4015         { "include", &cfAd_include },
4016         { "overlay", &cfAd_overlay },
4017         { NULL, NULL }
4018 };
4019
4020 /* Notes:
4021  *   add / delete: all types that may be added or deleted must use an
4022  * X-ORDERED attributeType for their RDN. Adding and deleting entries
4023  * should automatically renumber the index of any siblings as needed,
4024  * so that no gaps in the numbering sequence exist after the add/delete
4025  * is completed.
4026  *   What can be added:
4027  *     schema objects
4028  *     backend objects for backend-specific config directives
4029  *     database objects
4030  *     overlay objects
4031  *
4032  *   delete: probably no support this time around.
4033  *
4034  *   modrdn: generally not done. Will be invoked automatically by add/
4035  * delete to update numbering sequence. Perform as an explicit operation
4036  * so that the renumbering effect may be replicated. Subtree rename must
4037  * be supported, since renumbering a database will affect all its child
4038  * overlays.
4039  *
4040  *  modify: must be fully supported. 
4041  */
4042
4043 int
4044 config_back_initialize( BackendInfo *bi )
4045 {
4046         ConfigTable             *ct = config_back_cf_table;
4047         char                    *argv[4];
4048         int                     i;
4049         AttributeDescription    *ad = NULL;
4050         const char              *text;
4051         static char             *controls[] = {
4052                 LDAP_CONTROL_MANAGEDSAIT,
4053                 NULL
4054         };
4055
4056         bi->bi_controls = controls;
4057
4058         bi->bi_open = 0;
4059         bi->bi_close = 0;
4060         bi->bi_config = 0;
4061         bi->bi_destroy = config_back_destroy;
4062
4063         bi->bi_db_init = config_back_db_init;
4064         bi->bi_db_config = 0;
4065         bi->bi_db_open = config_back_db_open;
4066         bi->bi_db_close = 0;
4067         bi->bi_db_destroy = config_back_db_destroy;
4068
4069         bi->bi_op_bind = config_back_bind;
4070         bi->bi_op_unbind = 0;
4071         bi->bi_op_search = config_back_search;
4072         bi->bi_op_compare = 0;
4073         bi->bi_op_modify = config_back_modify;
4074         bi->bi_op_modrdn = config_back_modrdn;
4075         bi->bi_op_add = config_back_add;
4076         bi->bi_op_delete = 0;
4077         bi->bi_op_abandon = 0;
4078
4079         bi->bi_extended = 0;
4080
4081         bi->bi_chk_referrals = 0;
4082
4083 #ifdef SLAP_OVERLAY_ACCESS
4084         bi->bi_access_allowed = slap_access_always_allowed;
4085 #endif /* SLAP_OVERLAY_ACCESS */
4086
4087         bi->bi_connection_init = 0;
4088         bi->bi_connection_destroy = 0;
4089
4090         bi->bi_tool_entry_open = config_tool_entry_open;
4091         bi->bi_tool_entry_close = config_tool_entry_close;
4092         bi->bi_tool_entry_first = config_tool_entry_first;
4093         bi->bi_tool_entry_next = config_tool_entry_next;
4094         bi->bi_tool_entry_get = config_tool_entry_get;
4095         bi->bi_tool_entry_put = config_tool_entry_put;
4096
4097         argv[3] = NULL;
4098         for (i=0; OidMacros[i].name; i++ ) {
4099                 argv[1] = OidMacros[i].name;
4100                 argv[2] = OidMacros[i].oid;
4101                 parse_oidm( "slapd", i, 3, argv, 0, NULL );
4102         }
4103
4104         bi->bi_cf_ocs = cf_ocs;
4105
4106         i = config_register_schema( ct, cf_ocs );
4107         if ( i ) return i;
4108
4109         /* setup olcRootPW to be base64-encoded when written in LDIF form;
4110          * basically, we don't care if it fails */
4111         i = slap_str2ad( "olcRootPW", &ad, &text );
4112         if ( i ) {
4113                 Debug( LDAP_DEBUG_ANY, "config_back_initialize: "
4114                         "warning, unable to get \"olcRootPW\" "
4115                         "attribute description: %d: %s\n",
4116                         i, text, 0 );
4117         } else {
4118                 (void)ldif_must_b64_encode_register( ad->ad_cname.bv_val,
4119                         ad->ad_type->sat_oid );
4120         }
4121
4122         /* set up the notable AttributeDescriptions */
4123         i = 0;
4124         for (;ct->name;ct++) {
4125                 if (strcmp(ct->name, ads[i].name)) continue;
4126                 *ads[i].desc = ct->ad;
4127                 i++;
4128                 if (!ads[i].name) break;
4129         }
4130
4131         return 0;
4132 }
4133