]> git.sur5r.net Git - openldap/blob - servers/slapd/bconfig.c
ITS#4017 add TLSDHParamDir for Diffie-Hellman key parameters
[openldap] / servers / slapd / bconfig.c
1 /* bconfig.c - the config backend */
2 /* $OpenLDAP$ */
3 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
4  *
5  * Copyright 2005 The OpenLDAP Foundation.
6  * All rights reserved.
7  *
8  * Redistribution and use in source and binary forms, with or without
9  * modification, are permitted only as authorized by the OpenLDAP
10  * Public License.
11  *
12  * A copy of this license is available in the file LICENSE in the
13  * top-level directory of the distribution or, alternatively, at
14  * <http://www.OpenLDAP.org/license.html>.
15  */
16 /* ACKNOWLEDGEMENTS:
17  * This work was originally developed by Howard Chu for inclusion
18  * in OpenLDAP Software.
19  */
20
21 #include "portable.h"
22
23 #include <stdio.h>
24 #include <ac/string.h>
25 #include <ac/ctype.h>
26 #include <ac/errno.h>
27 #include <sys/stat.h>
28
29 #include "slap.h"
30
31 #ifdef LDAP_SLAPI
32 #include "slapi/slapi.h"
33 #endif
34
35 #include <ldif.h>
36 #include <lutil.h>
37
38 #include "config.h"
39
40 static struct berval config_rdn = BER_BVC("cn=config");
41 static struct berval schema_rdn = BER_BVC("cn=schema");
42
43 #define IFMT    "{%d}"
44
45 #ifdef SLAPD_MODULES
46 typedef struct modpath_s {
47         struct modpath_s *mp_next;
48         struct berval mp_path;
49         BerVarray mp_loads;
50 } ModPaths;
51
52 static ModPaths modpaths, *modlast = &modpaths, *modcur = &modpaths;
53 #endif
54
55 typedef struct ConfigFile {
56         struct ConfigFile *c_sibs;
57         struct ConfigFile *c_kids;
58         struct berval c_file;
59         AttributeType *c_at_head, *c_at_tail;
60         ContentRule *c_cr_head, *c_cr_tail;
61         ObjectClass *c_oc_head, *c_oc_tail;
62         OidMacro *c_om_head, *c_om_tail;
63         BerVarray c_dseFiles;
64 } ConfigFile;
65
66 typedef struct {
67         ConfigFile *cb_config;
68         CfEntryInfo *cb_root;
69         BackendDB       cb_db;  /* underlying database */
70         int             cb_got_ldif;
71         int             cb_use_ldif;
72 } CfBackInfo;
73
74 /* These do nothing in slapd, they're kept only to make them
75  * editable here.
76  */
77 static char *replica_pidFile, *replica_argsFile;
78 static int replicationInterval;
79
80 static char     *passwd_salt;
81 static char     *logfileName;
82 #ifdef SLAP_AUTH_REWRITE
83 static BerVarray authz_rewrites;
84 #endif
85
86 static struct berval cfdir;
87
88 /* Private state */
89 static AttributeDescription *cfAd_backend, *cfAd_database, *cfAd_overlay,
90         *cfAd_include;
91
92 static ConfigFile *cfn;
93
94 static Avlnode *CfOcTree;
95
96 static int config_add_internal( CfBackInfo *cfb, Entry *e, ConfigArgs *ca,
97         SlapReply *rs, int *renumber );
98
99 static ConfigDriver config_fname;
100 static ConfigDriver config_cfdir;
101 static ConfigDriver config_generic;
102 static ConfigDriver config_search_base;
103 static ConfigDriver config_passwd_hash;
104 static ConfigDriver config_schema_dn;
105 static ConfigDriver config_sizelimit;
106 static ConfigDriver config_timelimit;
107 static ConfigDriver config_overlay;
108 static ConfigDriver config_subordinate; 
109 static ConfigDriver config_suffix; 
110 static ConfigDriver config_rootdn;
111 static ConfigDriver config_rootpw;
112 static ConfigDriver config_restrict;
113 static ConfigDriver config_allows;
114 static ConfigDriver config_disallows;
115 static ConfigDriver config_requires;
116 static ConfigDriver config_security;
117 static ConfigDriver config_referral;
118 static ConfigDriver config_loglevel;
119 static ConfigDriver config_replica;
120 static ConfigDriver config_updatedn;
121 static ConfigDriver config_updateref;
122 static ConfigDriver config_include;
123 #ifdef HAVE_TLS
124 static ConfigDriver config_tls_option;
125 static ConfigDriver config_tls_config;
126 #endif
127 extern ConfigDriver syncrepl_config;
128
129 enum {
130         CFG_ACL = 1,
131         CFG_BACKEND,
132         CFG_DATABASE,
133         CFG_TLS_RAND,
134         CFG_TLS_CIPHER,
135         CFG_TLS_CERT_FILE,
136         CFG_TLS_CERT_KEY,
137         CFG_TLS_CA_PATH,
138         CFG_TLS_CA_FILE,
139         CFG_TLS_DH_DIR,
140         CFG_TLS_VERIFY,
141         CFG_TLS_CRLCHECK,
142         CFG_CONCUR,
143         CFG_THREADS,
144         CFG_SALT,
145         CFG_LIMITS,
146         CFG_RO,
147         CFG_REWRITE,
148         CFG_DEPTH,
149         CFG_OID,
150         CFG_OC,
151         CFG_DIT,
152         CFG_ATTR,
153         CFG_ATOPT,
154         CFG_REPLOG,
155         CFG_ROOTDSE,
156         CFG_LOGFILE,
157         CFG_PLUGIN,
158         CFG_MODLOAD,
159         CFG_MODPATH,
160         CFG_LASTMOD,
161         CFG_AZPOLICY,
162         CFG_AZREGEXP,
163         CFG_SASLSECP,
164         CFG_SSTR_IF_MAX,
165         CFG_SSTR_IF_MIN,
166
167         CFG_LAST
168 };
169
170 typedef struct {
171         char *name, *oid;
172 } OidRec;
173
174 static OidRec OidMacros[] = {
175         /* OpenLDAProot:666.11.1 */
176         { "OLcfg", "1.3.6.1.4.1.4203.666.11.1" },
177         { "OLcfgAt", "OLcfg:3" },
178         { "OLcfgGlAt", "OLcfgAt:0" },
179         { "OLcfgBkAt", "OLcfgAt:1" },
180         { "OLcfgDbAt", "OLcfgAt:2" },
181         { "OLcfgOvAt", "OLcfgAt:3" },
182         { "OLcfgOc", "OLcfg:4" },
183         { "OLcfgGlOc", "OLcfgOc:0" },
184         { "OLcfgBkOc", "OLcfgOc:1" },
185         { "OLcfgDbOc", "OLcfgOc:2" },
186         { "OLcfgOvOc", "OLcfgOc:3" },
187         { "OMsyn", "1.3.6.1.4.1.1466.115.121.1" },
188         { "OMsInteger", "OMsyn:27" },
189         { "OMsBoolean", "OMsyn:7" },
190         { "OMsDN", "OMsyn:12" },
191         { "OMsDirectoryString", "OMsyn:15" },
192         { "OMsOctetString", "OMsyn:40" },
193         { NULL, NULL }
194 };
195
196 /*
197  * OLcfg{Bk|Db}{Oc|At}:0                -> common
198  * OLcfg{Bk|Db}{Oc|At}:1                -> bdb
199  * OLcfg{Bk|Db}{Oc|At}:2                -> ldif
200  * OLcfg{Bk|Db}{Oc|At}:3                -> ldap?
201  */
202
203 /* alphabetical ordering */
204
205 static ConfigTable config_back_cf_table[] = {
206         /* This attr is read-only */
207         { "", "", 0, 0, 0, ARG_MAGIC,
208                 &config_fname, "( OLcfgGlAt:78 NAME 'olcConfigFile' "
209                         "DESC 'File for slapd configuration directives' "
210                         "EQUALITY caseIgnoreMatch "
211                         "SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
212         { "", "", 0, 0, 0, ARG_MAGIC,
213                 &config_cfdir, "( OLcfgGlAt:79 NAME 'olcConfigDir' "
214                         "DESC 'Directory for slapd configuration backend' "
215                         "EQUALITY caseIgnoreMatch "
216                         "SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
217         { "access",     NULL, 0, 0, 0, ARG_MAY_DB|ARG_MAGIC|CFG_ACL,
218                 &config_generic, "( OLcfgGlAt:1 NAME 'olcAccess' "
219                         "DESC 'Access Control List' "
220                         "EQUALITY caseIgnoreMatch "
221                         "SYNTAX OMsDirectoryString X-ORDERED 'VALUES' )", NULL, NULL },
222         { "allows",     "features", 2, 0, 5, ARG_PRE_DB|ARG_MAGIC,
223                 &config_allows, "( OLcfgGlAt:2 NAME 'olcAllows' "
224                         "DESC 'Allowed set of deprecated features' "
225                         "EQUALITY caseIgnoreMatch "
226                         "SYNTAX OMsDirectoryString )", NULL, NULL },
227         { "argsfile", "file", 2, 2, 0, ARG_STRING,
228                 &slapd_args_file, "( OLcfgGlAt:3 NAME 'olcArgsFile' "
229                         "DESC 'File for slapd command line options' "
230                         "EQUALITY caseIgnoreMatch "
231                         "SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
232         { "attributeoptions", NULL, 0, 0, 0, ARG_MAGIC|CFG_ATOPT,
233                 &config_generic, "( OLcfgGlAt:5 NAME 'olcAttributeOptions' "
234                         "EQUALITY caseIgnoreMatch "
235                         "SYNTAX OMsDirectoryString )", NULL, NULL },
236         { "attribute",  "attribute", 2, 0, 9,
237                 ARG_PAREN|ARG_MAGIC|CFG_ATTR|ARG_NO_DELETE|ARG_NO_INSERT,
238                 &config_generic, "( OLcfgGlAt:4 NAME 'olcAttributeTypes' "
239                         "DESC 'OpenLDAP attributeTypes' "
240                         "EQUALITY caseIgnoreMatch "
241                         "SYNTAX OMsDirectoryString X-ORDERED 'VALUES' )",
242                                 NULL, NULL },
243         { "authid-rewrite", NULL, 2, 0, STRLENOF( "authid-rewrite" ),
244 #ifdef SLAP_AUTH_REWRITE
245                 ARG_MAGIC|CFG_REWRITE|ARG_NO_INSERT, &config_generic,
246 #else
247                 ARG_IGNORED, NULL,
248 #endif
249                  "( OLcfgGlAt:6 NAME 'olcAuthIDRewrite' "
250                         "EQUALITY caseIgnoreMatch "
251                         "SYNTAX OMsDirectoryString X-ORDERED 'VALUES' )", NULL, NULL },
252         { "authz-policy", "policy", 2, 2, 0, ARG_STRING|ARG_MAGIC|CFG_AZPOLICY,
253                 &config_generic, "( OLcfgGlAt:7 NAME 'olcAuthzPolicy' "
254                         "EQUALITY caseIgnoreMatch "
255                         "SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
256         { "authz-regexp", NULL, 3, 3, 0, ARG_MAGIC|CFG_AZREGEXP|ARG_NO_INSERT,
257                 &config_generic, "( OLcfgGlAt:8 NAME 'olcAuthzRegexp' "
258                         "EQUALITY caseIgnoreMatch "
259                         "SYNTAX OMsDirectoryString X-ORDERED 'VALUES' )", NULL, NULL },
260         { "backend", "type", 2, 2, 0, ARG_PRE_DB|ARG_MAGIC|CFG_BACKEND,
261                 &config_generic, "( OLcfgGlAt:9 NAME 'olcBackend' "
262                         "DESC 'A type of backend' "
263                         "EQUALITY caseIgnoreMatch "
264                         "SYNTAX OMsDirectoryString SINGLE-VALUE X-ORDERED 'SIBLINGS' )",
265                                 NULL, NULL },
266         { "concurrency", "level", 2, 2, 0, ARG_INT|ARG_MAGIC|CFG_CONCUR,
267                 &config_generic, "( OLcfgGlAt:10 NAME 'olcConcurrency' "
268                         "SYNTAX OMsInteger SINGLE-VALUE )", NULL, NULL },
269         { "conn_max_pending", "max", 2, 2, 0, ARG_INT,
270                 &slap_conn_max_pending, "( OLcfgGlAt:11 NAME 'olcConnMaxPending' "
271                         "SYNTAX OMsInteger SINGLE-VALUE )", NULL, NULL },
272         { "conn_max_pending_auth", "max", 2, 2, 0, ARG_INT,
273                 &slap_conn_max_pending_auth, "( OLcfgGlAt:12 NAME 'olcConnMaxPendingAuth' "
274                         "SYNTAX OMsInteger SINGLE-VALUE )", NULL, NULL },
275         { "database", "type", 2, 2, 0, ARG_MAGIC|CFG_DATABASE,
276                 &config_generic, "( OLcfgGlAt:13 NAME 'olcDatabase' "
277                         "DESC 'The backend type for a database instance' "
278                         "SUP olcBackend SINGLE-VALUE X-ORDERED 'SIBLINGS' )", NULL, NULL },
279         { "defaultSearchBase", "dn", 2, 2, 0, ARG_PRE_BI|ARG_PRE_DB|ARG_DN|ARG_QUOTE|ARG_MAGIC,
280                 &config_search_base, "( OLcfgGlAt:14 NAME 'olcDefaultSearchBase' "
281                         "SYNTAX OMsDN SINGLE-VALUE )", NULL, NULL },
282         { "disallows", "features", 2, 0, 8, ARG_PRE_DB|ARG_MAGIC,
283                 &config_disallows, "( OLcfgGlAt:15 NAME 'olcDisallows' "
284                         "EQUALITY caseIgnoreMatch "
285                         "SYNTAX OMsDirectoryString )", NULL, NULL },
286         { "ditcontentrule",     NULL, 0, 0, 0, ARG_MAGIC|CFG_DIT|ARG_NO_DELETE|ARG_NO_INSERT,
287                 &config_generic, "( OLcfgGlAt:16 NAME 'olcDitContentRules' "
288                         "DESC 'OpenLDAP DIT content rules' "
289                         "EQUALITY caseIgnoreMatch "
290                         "SYNTAX OMsDirectoryString X-ORDERED 'VALUES' )",
291                         NULL, NULL },
292         { "gentlehup", "on|off", 2, 2, 0,
293 #ifdef SIGHUP
294                 ARG_ON_OFF, &global_gentlehup,
295 #else
296                 ARG_IGNORED, NULL,
297 #endif
298                 "( OLcfgGlAt:17 NAME 'olcGentleHUP' "
299                         "SYNTAX OMsBoolean SINGLE-VALUE )", NULL, NULL },
300         { "idletimeout", "timeout", 2, 2, 0, ARG_INT,
301                 &global_idletimeout, "( OLcfgGlAt:18 NAME 'olcIdleTimeout' "
302                         "SYNTAX OMsInteger SINGLE-VALUE )", NULL, NULL },
303         { "include", "file", 2, 2, 0, ARG_MAGIC,
304                 &config_include, "( OLcfgGlAt:19 NAME 'olcInclude' "
305                         "SUP labeledURI )", NULL, NULL },
306         { "index_substr_if_minlen", "min", 2, 2, 0, ARG_INT|ARG_NONZERO|ARG_MAGIC|CFG_SSTR_IF_MIN,
307                 &config_generic, "( OLcfgGlAt:20 NAME 'olcIndexSubstrIfMinLen' "
308                         "SYNTAX OMsInteger SINGLE-VALUE )", NULL, NULL },
309         { "index_substr_if_maxlen", "max", 2, 2, 0, ARG_INT|ARG_NONZERO|ARG_MAGIC|CFG_SSTR_IF_MAX,
310                 &config_generic, "( OLcfgGlAt:21 NAME 'olcIndexSubstrIfMaxLen' "
311                         "SYNTAX OMsInteger SINGLE-VALUE )", NULL, NULL },
312         { "index_substr_any_len", "len", 2, 2, 0, ARG_INT|ARG_NONZERO,
313                 &index_substr_any_len, "( OLcfgGlAt:22 NAME 'olcIndexSubstrAnyLen' "
314                         "SYNTAX OMsInteger SINGLE-VALUE )", NULL, NULL },
315         { "index_substr_any_step", "step", 2, 2, 0, ARG_INT|ARG_NONZERO,
316                 &index_substr_any_step, "( OLcfgGlAt:23 NAME 'olcIndexSubstrAnyStep' "
317                         "SYNTAX OMsInteger SINGLE-VALUE )", NULL, NULL },
318         { "lastmod", "on|off", 2, 2, 0, ARG_DB|ARG_ON_OFF|ARG_MAGIC|CFG_LASTMOD,
319                 &config_generic, "( OLcfgDbAt:0.4 NAME 'olcLastMod' "
320                         "SYNTAX OMsBoolean SINGLE-VALUE )", NULL, NULL },
321         { "limits", "limits", 2, 0, 0, ARG_DB|ARG_MAGIC|CFG_LIMITS,
322                 &config_generic, "( OLcfgDbAt:0.5 NAME 'olcLimits' "
323                         "SYNTAX OMsDirectoryString X-ORDERED 'VALUES' )", NULL, NULL },
324         { "localSSF", "ssf", 2, 2, 0, ARG_INT,
325                 &local_ssf, "( OLcfgGlAt:26 NAME 'olcLocalSSF' "
326                         "SYNTAX OMsInteger SINGLE-VALUE )", NULL, NULL },
327         { "logfile", "file", 2, 2, 0, ARG_STRING|ARG_MAGIC|CFG_LOGFILE,
328                 &config_generic, "( OLcfgGlAt:27 NAME 'olcLogFile' "
329                         "SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
330         { "loglevel", "level", 2, 0, 0, ARG_MAGIC,
331                 &config_loglevel, "( OLcfgGlAt:28 NAME 'olcLogLevel' "
332                         "SYNTAX OMsDirectoryString )", NULL, NULL },
333         { "maxDerefDepth", "depth", 2, 2, 0, ARG_DB|ARG_INT|ARG_MAGIC|CFG_DEPTH,
334                 &config_generic, "( OLcfgDbAt:0.6 NAME 'olcMaxDerefDepth' "
335                         "SYNTAX OMsInteger SINGLE-VALUE )", NULL, NULL },
336         { "moduleload", "file", 2, 0, 0,
337 #ifdef SLAPD_MODULES
338                 ARG_MAGIC|CFG_MODLOAD, &config_generic,
339 #else
340                 ARG_IGNORED, NULL,
341 #endif
342                 "( OLcfgGlAt:30 NAME 'olcModuleLoad' "
343                         "SYNTAX OMsDirectoryString X-ORDERED 'VALUES' )", NULL, NULL },
344         { "modulepath", "path", 2, 2, 0,
345 #ifdef SLAPD_MODULES
346                 ARG_MAGIC|CFG_MODPATH|ARG_NO_DELETE|ARG_NO_INSERT, &config_generic,
347 #else
348                 ARG_IGNORED, NULL,
349 #endif
350                 "( OLcfgGlAt:31 NAME 'olcModulePath' "
351                         "SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
352         { "objectclass", "objectclass", 2, 0, 0, ARG_PAREN|ARG_MAGIC|CFG_OC|ARG_NO_DELETE|ARG_NO_INSERT,
353                 &config_generic, "( OLcfgGlAt:32 NAME 'olcObjectClasses' "
354                 "DESC 'OpenLDAP object classes' "
355                 "EQUALITY caseIgnoreMatch "
356                 "SYNTAX OMsDirectoryString X-ORDERED 'VALUES' )",
357                         NULL, NULL },
358         { "objectidentifier", NULL,     0, 0, 0, ARG_MAGIC|CFG_OID,
359                 &config_generic, "( OLcfgGlAt:33 NAME 'olcObjectIdentifier' "
360                         "SYNTAX OMsDirectoryString X-ORDERED 'VALUES' )", NULL, NULL },
361         { "overlay", "overlay", 2, 2, 0, ARG_MAGIC,
362                 &config_overlay, "( OLcfgGlAt:34 NAME 'olcOverlay' "
363                         "SUP olcDatabase SINGLE-VALUE X-ORDERED 'SIBLINGS' )", NULL, NULL },
364         { "password-crypt-salt-format", "salt", 2, 2, 0, ARG_STRING|ARG_MAGIC|CFG_SALT,
365                 &config_generic, "( OLcfgGlAt:35 NAME 'olcPasswordCryptSaltFormat' "
366                         "SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
367         { "password-hash", "hash", 2, 2, 0, ARG_MAGIC,
368                 &config_passwd_hash, "( OLcfgGlAt:36 NAME 'olcPasswordHash' "
369                         "SYNTAX OMsDirectoryString )", NULL, NULL },
370         { "pidfile", "file", 2, 2, 0, ARG_STRING,
371                 &slapd_pid_file, "( OLcfgGlAt:37 NAME 'olcPidFile' "
372                         "SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
373         { "plugin", NULL, 0, 0, 0,
374 #ifdef LDAP_SLAPI
375                 ARG_MAGIC|CFG_PLUGIN, &config_generic,
376 #else
377                 ARG_IGNORED, NULL,
378 #endif
379                 "( OLcfgGlAt:38 NAME 'olcPlugin' "
380                         "SYNTAX OMsDirectoryString )", NULL, NULL },
381         { "pluginlog", "filename", 2, 2, 0,
382 #ifdef LDAP_SLAPI
383                 ARG_STRING, &slapi_log_file,
384 #else
385                 ARG_IGNORED, NULL,
386 #endif
387                 "( OLcfgGlAt:39 NAME 'olcPluginLogFile' "
388                         "SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
389         { "readonly", "on|off", 2, 2, 0, ARG_MAY_DB|ARG_ON_OFF|ARG_MAGIC|CFG_RO,
390                 &config_generic, "( OLcfgGlAt:40 NAME 'olcReadOnly' "
391                         "SYNTAX OMsBoolean SINGLE-VALUE )", NULL, NULL },
392         { "referral", "url", 2, 2, 0, ARG_MAGIC,
393                 &config_referral, "( OLcfgGlAt:41 NAME 'olcReferral' "
394                         "SUP labeledURI SINGLE-VALUE )", NULL, NULL },
395         { "replica", "host or uri", 2, 0, 0, ARG_DB|ARG_MAGIC,
396                 &config_replica, "( OLcfgDbAt:0.7 NAME 'olcReplica' "
397                         "SUP labeledURI X-ORDERED 'VALUES' )", NULL, NULL },
398         { "replica-argsfile", NULL, 0, 0, 0, ARG_STRING,
399                 &replica_argsFile, "( OLcfgGlAt:43 NAME 'olcReplicaArgsFile' "
400                         "SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
401         { "replica-pidfile", NULL, 0, 0, 0, ARG_STRING,
402                 &replica_pidFile, "( OLcfgGlAt:44 NAME 'olcReplicaPidFile' "
403                         "SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
404         { "replicationInterval", NULL, 0, 0, 0, ARG_INT,
405                 &replicationInterval, "( OLcfgGlAt:45 NAME 'olcReplicationInterval' "
406                         "SYNTAX OMsInteger SINGLE-VALUE )", NULL, NULL },
407         { "replogfile", "filename", 2, 2, 0, ARG_MAY_DB|ARG_MAGIC|ARG_STRING|CFG_REPLOG,
408                 &config_generic, "( OLcfgGlAt:46 NAME 'olcReplogFile' "
409                         "SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
410         { "require", "features", 2, 0, 7, ARG_MAY_DB|ARG_MAGIC,
411                 &config_requires, "( OLcfgGlAt:47 NAME 'olcRequires' "
412                         "SYNTAX OMsDirectoryString )", NULL, NULL },
413         { "restrict", "op_list", 2, 0, 0, ARG_MAY_DB|ARG_MAGIC,
414                 &config_restrict, "( OLcfgGlAt:48 NAME 'olcRestrict' "
415                         "SYNTAX OMsDirectoryString )", NULL, NULL },
416         { "reverse-lookup", "on|off", 2, 2, 0,
417 #ifdef SLAPD_RLOOKUPS
418                 ARG_ON_OFF, &use_reverse_lookup,
419 #else
420                 ARG_IGNORED, NULL,
421 #endif
422                 "( OLcfgGlAt:49 NAME 'olcReverseLookup' "
423                         "SYNTAX OMsBoolean SINGLE-VALUE )", NULL, NULL },
424         { "rootdn", "dn", 2, 2, 0, ARG_DB|ARG_DN|ARG_QUOTE|ARG_MAGIC,
425                 &config_rootdn, "( OLcfgDbAt:0.8 NAME 'olcRootDN' "
426                         "SYNTAX OMsDN SINGLE-VALUE )", NULL, NULL },
427         { "rootDSE", "file", 2, 2, 0, ARG_MAGIC|CFG_ROOTDSE,
428                 &config_generic, "( OLcfgGlAt:51 NAME 'olcRootDSE' "
429                         "SYNTAX OMsDirectoryString )", NULL, NULL },
430         { "rootpw", "password", 2, 2, 0, ARG_BERVAL|ARG_DB|ARG_MAGIC,
431                 &config_rootpw, "( OLcfgDbAt:0.9 NAME 'olcRootPW' "
432                         "SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
433         { "sasl-authz-policy", NULL, 2, 2, 0, ARG_MAGIC|CFG_AZPOLICY,
434                 &config_generic, NULL, NULL, NULL },
435         { "sasl-host", "host", 2, 2, 0,
436 #ifdef HAVE_CYRUS_SASL
437                 ARG_STRING|ARG_UNIQUE, &global_host,
438 #else
439                 ARG_IGNORED, NULL,
440 #endif
441                 "( OLcfgGlAt:53 NAME 'olcSaslHost' "
442                         "SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
443         { "sasl-realm", "realm", 2, 2, 0,
444 #ifdef HAVE_CYRUS_SASL
445                 ARG_STRING|ARG_UNIQUE, &global_realm,
446 #else
447                 ARG_IGNORED, NULL,
448 #endif
449                 "( OLcfgGlAt:54 NAME 'olcSaslRealm' "
450                         "SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
451         { "sasl-regexp", NULL, 3, 3, 0, ARG_MAGIC|CFG_AZREGEXP,
452                 &config_generic, NULL, NULL, NULL },
453         { "sasl-secprops", "properties", 2, 2, 0,
454 #ifdef HAVE_CYRUS_SASL
455                 ARG_MAGIC|CFG_SASLSECP, &config_generic,
456 #else
457                 ARG_IGNORED, NULL,
458 #endif
459                 "( OLcfgGlAt:56 NAME 'olcSaslSecProps' "
460                         "SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
461         { "saslRegexp", NULL, 3, 3, 0, ARG_MAGIC|CFG_AZREGEXP,
462                 &config_generic, NULL, NULL, NULL },
463         { "schemadn", "dn", 2, 2, 0, ARG_MAY_DB|ARG_DN|ARG_QUOTE|ARG_MAGIC,
464                 &config_schema_dn, "( OLcfgGlAt:58 NAME 'olcSchemaDN' "
465                         "SYNTAX OMsDN SINGLE-VALUE )", NULL, NULL },
466         { "security", "factors", 2, 0, 0, ARG_MAY_DB|ARG_MAGIC,
467                 &config_security, "( OLcfgGlAt:59 NAME 'olcSecurity' "
468                         "SYNTAX OMsDirectoryString )", NULL, NULL },
469         { "sizelimit", "limit", 2, 0, 0, ARG_MAY_DB|ARG_MAGIC,
470                 &config_sizelimit, "( OLcfgGlAt:60 NAME 'olcSizeLimit' "
471                         "SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
472         { "sockbuf_max_incoming", "max", 2, 2, 0, ARG_BER_LEN_T,
473                 &sockbuf_max_incoming, "( OLcfgGlAt:61 NAME 'olcSockbufMaxIncoming' "
474                         "SYNTAX OMsInteger SINGLE-VALUE )", NULL, NULL },
475         { "sockbuf_max_incoming_auth", "max", 2, 2, 0, ARG_BER_LEN_T,
476                 &sockbuf_max_incoming_auth, "( OLcfgGlAt:62 NAME 'olcSockbufMaxIncomingAuth' "
477                         "SYNTAX OMsInteger SINGLE-VALUE )", NULL, NULL },
478         { "srvtab", "file", 2, 2, 0,
479 #ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
480                 ARG_STRING, &ldap_srvtab,
481 #else
482                 ARG_IGNORED, NULL,
483 #endif
484                 "( OLcfgGlAt:63 NAME 'olcSrvtab' "
485                         "SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
486         { "subordinate", "[advertise]", 1, 2, 0, ARG_DB|ARG_MAGIC,
487                 &config_subordinate, "( OLcfgDbAt:0.15 NAME 'olcSubordinate' "
488                         "SYNTAX OMsDirectoryString )", NULL, NULL },
489         { "suffix",     "suffix", 2, 2, 0, ARG_DB|ARG_DN|ARG_QUOTE|ARG_MAGIC,
490                 &config_suffix, "( OLcfgDbAt:0.10 NAME 'olcSuffix' "
491                         "SYNTAX OMsDN )", NULL, NULL },
492         { "syncrepl", NULL, 0, 0, 0, ARG_DB|ARG_MAGIC,
493                 &syncrepl_config, "( OLcfgDbAt:0.11 NAME 'olcSyncrepl' "
494                         "SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
495         { "threads", "count", 2, 2, 0, ARG_INT|ARG_MAGIC|CFG_THREADS,
496                 &config_generic, "( OLcfgGlAt:66 NAME 'olcThreads' "
497                         "SYNTAX OMsInteger SINGLE-VALUE )", NULL, NULL },
498         { "timelimit", "limit", 2, 0, 0, ARG_MAY_DB|ARG_MAGIC,
499                 &config_timelimit, "( OLcfgGlAt:67 NAME 'olcTimeLimit' "
500                         "SYNTAX OMsDirectoryString )", NULL, NULL },
501         { "TLSCACertificateFile", NULL, 0, 0, 0,
502 #ifdef HAVE_TLS
503                 CFG_TLS_CA_FILE|ARG_STRING|ARG_MAGIC, &config_tls_option,
504 #else
505                 ARG_IGNORED, NULL,
506 #endif
507                 "( OLcfgGlAt:68 NAME 'olcTLSCACertificateFile' "
508                         "SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
509         { "TLSCACertificatePath", NULL, 0, 0, 0,
510 #ifdef HAVE_TLS
511                 CFG_TLS_CA_PATH|ARG_STRING|ARG_MAGIC, &config_tls_option,
512 #else
513                 ARG_IGNORED, NULL,
514 #endif
515                 "( OLcfgGlAt:69 NAME 'olcTLSCACertificatePath' "
516                         "SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
517         { "TLSCertificateFile", NULL, 0, 0, 0,
518 #ifdef HAVE_TLS
519                 CFG_TLS_CERT_FILE|ARG_STRING|ARG_MAGIC, &config_tls_option,
520 #else
521                 ARG_IGNORED, NULL,
522 #endif
523                 "( OLcfgGlAt:70 NAME 'olcTLSCertificateFile' "
524                         "SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
525         { "TLSCertificateKeyFile", NULL, 0, 0, 0,
526 #ifdef HAVE_TLS
527                 CFG_TLS_CERT_KEY|ARG_STRING|ARG_MAGIC, &config_tls_option,
528 #else
529                 ARG_IGNORED, NULL,
530 #endif
531                 "( OLcfgGlAt:71 NAME 'olcTLSCertificateKeyFile' "
532                         "SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
533         { "TLSCipherSuite",     NULL, 0, 0, 0,
534 #ifdef HAVE_TLS
535                 CFG_TLS_CIPHER|ARG_STRING|ARG_MAGIC, &config_tls_option,
536 #else
537                 ARG_IGNORED, NULL,
538 #endif
539                 "( OLcfgGlAt:72 NAME 'olcTLSCipherSuite' "
540                         "SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
541         { "TLSCRLCheck", NULL, 0, 0, 0,
542 #if defined(HAVE_TLS) && defined(HAVE_OPENSSL_CRL)
543                 CFG_TLS_CRLCHECK|ARG_STRING|ARG_MAGIC, &config_tls_config,
544 #else
545                 ARG_IGNORED, NULL,
546 #endif
547                 "( OLcfgGlAt:73 NAME 'olcTLSCRLCheck' "
548                         "SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
549         { "TLSRandFile", NULL, 0, 0, 0,
550 #ifdef HAVE_TLS
551                 CFG_TLS_RAND|ARG_STRING|ARG_MAGIC, &config_tls_option,
552 #else
553                 ARG_IGNORED, NULL,
554 #endif
555                 "( OLcfgGlAt:74 NAME 'olcTLSRandFile' "
556                         "SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
557         { "TLSVerifyClient", NULL, 0, 0, 0,
558 #ifdef HAVE_TLS
559                 CFG_TLS_VERIFY|ARG_STRING|ARG_MAGIC, &config_tls_config,
560 #else
561                 ARG_IGNORED, NULL,
562 #endif
563                 "( OLcfgGlAt:75 NAME 'olcTLSVerifyClient' "
564                         "SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
565         { "TLSDHParamDir", NULL, 0, 0, 0,
566 #ifdef HAVE_TLS
567                 CFG_TLS_DH_DIR|ARG_STRING|ARG_MAGIC, &config_tls_option,
568 #else
569                 ARG_IGNORED, NULL,
570 #endif
571                 "( OLcfgGlAt:77 NAME 'olcTLSDHParamDir' "
572                         "SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
573         { "ucdata-path", "path", 2, 2, 0, ARG_IGNORED,
574                 NULL, NULL, NULL, NULL },
575         { "updatedn", "dn", 2, 2, 0, ARG_DB|ARG_DN|ARG_QUOTE|ARG_MAGIC,
576                 &config_updatedn, "( OLcfgDbAt:0.12 NAME 'olcUpdateDN' "
577                         "SYNTAX OMsDN SINGLE-VALUE )", NULL, NULL },
578         { "updateref", "url", 2, 2, 0, ARG_DB|ARG_MAGIC,
579                 &config_updateref, "( OLcfgDbAt:0.13 NAME 'olcUpdateRef' "
580                         "SUP labeledURI )", NULL, NULL },
581         { NULL, NULL, 0, 0, 0, ARG_IGNORED,
582                 NULL, NULL, NULL, NULL }
583 };
584
585 /* Routines to check if a child can be added to this type */
586 static ConfigLDAPadd cfAddSchema, cfAddInclude, cfAddDatabase,
587         cfAddBackend, cfAddModule, cfAddOverlay;
588
589 /* NOTE: be careful when defining array members
590  * that can be conditionally compiled */
591 #define CFOC_GLOBAL     cf_ocs[1]
592 #define CFOC_SCHEMA     cf_ocs[2]
593 #define CFOC_BACKEND    cf_ocs[3]
594 #define CFOC_DATABASE   cf_ocs[4]
595 #define CFOC_OVERLAY    cf_ocs[5]
596 #define CFOC_INCLUDE    cf_ocs[6]
597 #define CFOC_FRONTEND   cf_ocs[7]
598 #ifdef SLAPD_MODULES
599 #define CFOC_MODULE     cf_ocs[8]
600 #endif /* SLAPD_MODULES */
601
602 static ConfigOCs cf_ocs[] = {
603         { "( OLcfgGlOc:0 "
604                 "NAME 'olcConfig' "
605                 "DESC 'OpenLDAP configuration object' "
606                 "ABSTRACT SUP top )", Cft_Abstract, NULL },
607         { "( OLcfgGlOc:1 "
608                 "NAME 'olcGlobal' "
609                 "DESC 'OpenLDAP Global configuration options' "
610                 "SUP olcConfig STRUCTURAL "
611                 "MAY ( cn $ olcConfigFile $ olcConfigDir $ olcAllows $ olcArgsFile $ "
612                  "olcAttributeOptions $ olcAuthIDRewrite $ "
613                  "olcAuthzPolicy $ olcAuthzRegexp $ olcConcurrency $ "
614                  "olcConnMaxPending $ olcConnMaxPendingAuth $ "
615                  "olcDisallows $ olcGentleHUP $ olcIdleTimeout $ "
616                  "olcIndexSubstrIfMaxLen $ olcIndexSubstrIfMinLen $ "
617                  "olcIndexSubstrAnyLen $ olcIndexSubstrAnyStep $ olcLocalSSF $ "
618                  "olcLogLevel $ "
619                  "olcPasswordCryptSaltFormat $ olcPasswordHash $ olcPidFile $ "
620                  "olcPluginLogFile $ olcReadOnly $ olcReferral $ "
621                  "olcReplicaPidFile $ olcReplicaArgsFile $ olcReplicationInterval $ "
622                  "olcReplogFile $ olcRequires $ olcRestrict $ olcReverseLookup $ "
623                  "olcRootDSE $ "
624                  "olcSaslHost $ olcSaslRealm $ olcSaslSecProps $ "
625                  "olcSecurity $ olcSizeLimit $ "
626                  "olcSockbufMaxIncoming $ olcSockbufMaxIncomingAuth $ olcSrvtab $ "
627                  "olcThreads $ olcTimeLimit $ olcTLSCACertificateFile $ "
628                  "olcTLSCACertificatePath $ olcTLSCertificateFile $ "
629                  "olcTLSCertificateKeyFile $ olcTLSCipherSuite $ olcTLSCRLCheck $ "
630                  "olcTLSRandFile $ olcTLSVerifyClient $ olcTLSDHParamDir $ "
631                  "olcObjectIdentifier $ olcAttributeTypes $ olcObjectClasses $ "
632                  "olcDitContentRules ) )", Cft_Global },
633         { "( OLcfgGlOc:2 "
634                 "NAME 'olcSchemaConfig' "
635                 "DESC 'OpenLDAP schema object' "
636                 "SUP olcConfig STRUCTURAL "
637                 "MAY ( cn $ olcObjectIdentifier $ olcAttributeTypes $ "
638                  "olcObjectClasses $ olcDitContentRules ) )",
639                         Cft_Schema, NULL, cfAddSchema },
640         { "( OLcfgGlOc:3 "
641                 "NAME 'olcBackendConfig' "
642                 "DESC 'OpenLDAP Backend-specific options' "
643                 "SUP olcConfig STRUCTURAL "
644                 "MUST olcBackend )", Cft_Backend, NULL, cfAddBackend },
645         { "( OLcfgGlOc:4 "
646                 "NAME 'olcDatabaseConfig' "
647                 "DESC 'OpenLDAP Database-specific options' "
648                 "SUP olcConfig STRUCTURAL "
649                 "MUST olcDatabase "
650                 "MAY ( olcSuffix $ olcSubordinate $ olcAccess $ olcLastMod $ olcLimits $ "
651                  "olcMaxDerefDepth $ olcPlugin $ olcReadOnly $ olcReplica $ "
652                  "olcReplogFile $ olcRequires $ olcRestrict $ olcRootDN $ olcRootPW $ "
653                  "olcSchemaDN $ olcSecurity $ olcSizeLimit $ olcSyncrepl $ "
654                  "olcTimeLimit $ olcUpdateDN $ olcUpdateRef ) )",
655                         Cft_Database, NULL, cfAddDatabase },
656         { "( OLcfgGlOc:5 "
657                 "NAME 'olcOverlayConfig' "
658                 "DESC 'OpenLDAP Overlay-specific options' "
659                 "SUP olcConfig STRUCTURAL "
660                 "MUST olcOverlay )", Cft_Overlay, NULL, cfAddOverlay },
661         { "( OLcfgGlOc:6 "
662                 "NAME 'olcIncludeFile' "
663                 "DESC 'OpenLDAP configuration include file' "
664                 "SUP olcConfig STRUCTURAL "
665                 "MUST olcInclude "
666                 "MAY ( cn $ olcRootDSE ) )",
667                 Cft_Include, NULL, cfAddInclude },
668         /* This should be STRUCTURAL like all the other database classes, but
669          * that would mean inheriting all of the olcDatabaseConfig attributes,
670          * which causes them to be merged twice in config_build_entry.
671          */
672         { "( OLcfgGlOc:7 "
673                 "NAME 'olcFrontendConfig' "
674                 "DESC 'OpenLDAP frontend configuration' "
675                 "AUXILIARY "
676                 "MAY olcDefaultSearchBase )",
677                 Cft_Database, NULL, NULL },
678 #ifdef SLAPD_MODULES
679         { "( OLcfgGlOc:8 "
680                 "NAME 'olcModuleList' "
681                 "DESC 'OpenLDAP dynamic module info' "
682                 "SUP olcConfig STRUCTURAL "
683                 "MAY ( cn $ olcModulePath $ olcModuleLoad ) )",
684                 Cft_Module, NULL, cfAddModule },
685 #endif
686         { NULL, 0, NULL }
687 };
688
689 static int
690 config_generic(ConfigArgs *c) {
691         char *p;
692         int i;
693
694         if ( c->op == SLAP_CONFIG_EMIT ) {
695                 int rc = 0;
696                 switch(c->type) {
697                 case CFG_CONCUR:
698                         c->value_int = ldap_pvt_thread_get_concurrency();
699                         break;
700                 case CFG_THREADS:
701                         c->value_int = connection_pool_max;
702                         break;
703                 case CFG_SALT:
704                         if ( passwd_salt )
705                                 c->value_string = ch_strdup( passwd_salt );
706                         else
707                                 rc = 1;
708                         break;
709                 case CFG_LIMITS:
710                         if ( c->be->be_limits ) {
711                                 char buf[4096*3];
712                                 struct berval bv;
713                                 int i;
714
715                                 for ( i=0; c->be->be_limits[i]; i++ ) {
716                                         bv.bv_len = sprintf( buf, IFMT, i );
717                                         bv.bv_val = buf+bv.bv_len;
718                                         limits_unparse( c->be->be_limits[i], &bv );
719                                         bv.bv_len += bv.bv_val - buf;
720                                         bv.bv_val = buf;
721                                         value_add_one( &c->rvalue_vals, &bv );
722                                 }
723                         }
724                         if ( !c->rvalue_vals ) rc = 1;
725                         break;
726                 case CFG_RO:
727                         c->value_int = (c->be->be_restrictops & SLAP_RESTRICT_OP_WRITES) ==
728                                 SLAP_RESTRICT_OP_WRITES;
729                         break;
730                 case CFG_AZPOLICY:
731                         c->value_string = ch_strdup( slap_sasl_getpolicy());
732                         break;
733                 case CFG_AZREGEXP:
734                         slap_sasl_regexp_unparse( &c->rvalue_vals );
735                         if ( !c->rvalue_vals ) rc = 1;
736                         break;
737 #ifdef HAVE_CYRUS_SASL
738                 case CFG_SASLSECP: {
739                         struct berval bv = BER_BVNULL;
740                         slap_sasl_secprops_unparse( &bv );
741                         if ( !BER_BVISNULL( &bv )) {
742                                 ber_bvarray_add( &c->rvalue_vals, &bv );
743                         } else {
744                                 rc = 1;
745                         }
746                         }
747                         break;
748 #endif
749                 case CFG_DEPTH:
750                         c->value_int = c->be->be_max_deref_depth;
751                         break;
752                 case CFG_OID: {
753                         ConfigFile *cf = c->private;
754                         if ( !cf )
755                                 oidm_unparse( &c->rvalue_vals, NULL, NULL, 1 );
756                         else if ( cf->c_om_head )
757                                 oidm_unparse( &c->rvalue_vals, cf->c_om_head,
758                                         cf->c_om_tail, 0 );
759                         if ( !c->rvalue_vals )
760                                 rc = 1;
761                         }
762                         break;
763                 case CFG_OC: {
764                         ConfigFile *cf = c->private;
765                         if ( !cf )
766                                 oc_unparse( &c->rvalue_vals, NULL, NULL, 1 );
767                         else if ( cf->c_oc_head )
768                                 oc_unparse( &c->rvalue_vals, cf->c_oc_head,
769                                         cf->c_oc_tail, 0 );
770                         if ( !c->rvalue_vals )
771                                 rc = 1;
772                         }
773                         break;
774                 case CFG_ATTR: {
775                         ConfigFile *cf = c->private;
776                         if ( !cf )
777                                 at_unparse( &c->rvalue_vals, NULL, NULL, 1 );
778                         else if ( cf->c_at_head )
779                                 at_unparse( &c->rvalue_vals, cf->c_at_head,
780                                         cf->c_at_tail, 0 );
781                         if ( !c->rvalue_vals )
782                                 rc = 1;
783                         }
784                         break;
785                 case CFG_DIT: {
786                         ConfigFile *cf = c->private;
787                         if ( !cf )
788                                 cr_unparse( &c->rvalue_vals, NULL, NULL, 1 );
789                         else if ( cf->c_cr_head )
790                                 cr_unparse( &c->rvalue_vals, cf->c_cr_head,
791                                         cf->c_cr_tail, 0 );
792                         if ( !c->rvalue_vals )
793                                 rc = 1;
794                         }
795                         break;
796                         
797                 case CFG_ACL: {
798                         AccessControl *a;
799                         char *src, *dst, ibuf[11];
800                         struct berval bv, abv;
801                         for (i=0, a=c->be->be_acl; a; i++,a=a->acl_next) {
802                                 abv.bv_len = sprintf( ibuf, IFMT, i );
803                                 acl_unparse( a, &bv );
804                                 abv.bv_val = ch_malloc( abv.bv_len + bv.bv_len + 1 );
805                                 AC_MEMCPY( abv.bv_val, ibuf, abv.bv_len );
806                                 /* Turn TAB / EOL into plain space */
807                                 for (src=bv.bv_val,dst=abv.bv_val+abv.bv_len; *src; src++) {
808                                         if (isspace(*src)) *dst++ = ' ';
809                                         else *dst++ = *src;
810                                 }
811                                 *dst = '\0';
812                                 if (dst[-1] == ' ') {
813                                         dst--;
814                                         *dst = '\0';
815                                 }
816                                 abv.bv_len = dst - abv.bv_val;
817                                 ber_bvarray_add( &c->rvalue_vals, &abv );
818                         }
819                         rc = (!i);
820                         break;
821                 }
822                 case CFG_REPLOG:
823                         if ( c->be->be_replogfile )
824                                 c->value_string = ch_strdup( c->be->be_replogfile );
825                         break;
826                 case CFG_ROOTDSE: {
827                         ConfigFile *cf = c->private;
828                         if ( cf->c_dseFiles ) {
829                                 value_add( &c->rvalue_vals, cf->c_dseFiles );
830                         } else {
831                                 rc = 1;
832                         }
833                         }
834                         break;
835                 case CFG_LOGFILE:
836                         if ( logfileName )
837                                 c->value_string = ch_strdup( logfileName );
838                         else
839                                 rc = 1;
840                         break;
841                 case CFG_LASTMOD:
842                         c->value_int = (SLAP_NOLASTMOD(c->be) == 0);
843                         break;
844                 case CFG_SSTR_IF_MAX:
845                         c->value_int = index_substr_if_maxlen;
846                         break;
847                 case CFG_SSTR_IF_MIN:
848                         c->value_int = index_substr_if_minlen;
849                         break;
850 #ifdef SLAPD_MODULES
851                 case CFG_MODLOAD: {
852                         ModPaths *mp = c->private;
853                         if (mp->mp_loads) {
854                                 int i;
855                                 for (i=0; !BER_BVISNULL(&mp->mp_loads[i]); i++) {
856                                         struct berval bv;
857                                         bv.bv_val = c->log;
858                                         bv.bv_len = sprintf( bv.bv_val, IFMT "%s", i,
859                                                 mp->mp_loads[i].bv_val );
860                                         value_add_one( &c->rvalue_vals, &bv );
861                                 }
862                         }
863
864                         rc = c->rvalue_vals ? 0 : 1;
865                         }
866                         break;
867                 case CFG_MODPATH: {
868                         ModPaths *mp = c->private;
869                         if ( !BER_BVISNULL( &mp->mp_path ))
870                                 value_add_one( &c->rvalue_vals, &mp->mp_path );
871
872                         rc = c->rvalue_vals ? 0 : 1;
873                         }
874                         break;
875 #endif
876 #ifdef LDAP_SLAPI
877                 case CFG_PLUGIN:
878                         slapi_int_plugin_unparse( c->be, &c->rvalue_vals );
879                         if ( !c->rvalue_vals ) rc = 1;
880                         break;
881 #endif
882 #ifdef SLAP_AUTH_REWRITE
883                 case CFG_REWRITE:
884                         if ( authz_rewrites ) {
885                                 struct berval bv, idx;
886                                 char ibuf[32];
887                                 int i;
888
889                                 idx.bv_val = ibuf;
890                                 for ( i=0; !BER_BVISNULL( &authz_rewrites[i] ); i++ ) {
891                                         idx.bv_len = sprintf( idx.bv_val, IFMT, i );
892                                         bv.bv_len = idx.bv_len + authz_rewrites[i].bv_len;
893                                         bv.bv_val = ch_malloc( bv.bv_len + 1 );
894                                         strcpy( bv.bv_val, idx.bv_val );
895                                         strcpy( bv.bv_val+idx.bv_len, authz_rewrites[i].bv_val );
896                                         ber_bvarray_add( &c->rvalue_vals, &bv );
897                                 }
898                         }
899                         if ( !c->rvalue_vals ) rc = 1;
900                         break;
901 #endif
902                 default:
903                         rc = 1;
904                 }
905                 return rc;
906         } else if ( c->op == LDAP_MOD_DELETE ) {
907                 int rc = 0;
908                 switch(c->type) {
909                 /* single-valued attrs, no-ops */
910                 case CFG_CONCUR:
911                 case CFG_THREADS:
912                 case CFG_RO:
913                 case CFG_AZPOLICY:
914                 case CFG_DEPTH:
915                 case CFG_LASTMOD:
916                 case CFG_SASLSECP:
917                 case CFG_SSTR_IF_MAX:
918                 case CFG_SSTR_IF_MIN:
919                         break;
920
921                 /* no-ops, requires slapd restart */
922                 case CFG_PLUGIN:
923                 case CFG_MODLOAD:
924                 case CFG_AZREGEXP:
925                 case CFG_REWRITE:
926                         sprintf(c->log, "change requires slapd restart");
927                         break;
928
929                 case CFG_SALT:
930                         ch_free( passwd_salt );
931                         passwd_salt = NULL;
932                         break;
933
934                 case CFG_REPLOG:
935                         ch_free( c->be->be_replogfile );
936                         c->be->be_replogfile = NULL;
937                         break;
938
939                 case CFG_LOGFILE:
940                         ch_free( logfileName );
941                         logfileName = NULL;
942                         break;
943
944                 case CFG_ACL:
945                         if ( c->valx < 0 ) {
946                                 AccessControl *end;
947                                 if ( c->be == frontendDB )
948                                         end = NULL;
949                                 else
950                                         end = frontendDB->be_acl;
951                                 acl_destroy( c->be->be_acl, end );
952                         } else {
953                                 AccessControl **prev, *a;
954                                 int i;
955                                 for (i=0, prev = &c->be->be_acl; i < c->valx;
956                                         i++ ) {
957                                         a = *prev;
958                                         prev = &a->acl_next;
959                                 }
960                                 a = *prev;
961                                 *prev = a->acl_next;
962                                 acl_free( a );
963                         }
964                         break;
965
966                 case CFG_LIMITS:
967                         /* FIXME: there is no limits_free function */
968                 case CFG_ATOPT:
969                         /* FIXME: there is no ad_option_free function */
970                 case CFG_ROOTDSE:
971                         /* FIXME: there is no way to remove attributes added by
972                                 a DSE file */
973                 case CFG_OID:
974                 case CFG_OC:
975                 case CFG_DIT:
976                 case CFG_ATTR:
977                 case CFG_MODPATH:
978                 default:
979                         rc = 1;
980                         break;
981                 }
982                 return rc;
983         }
984
985         p = strchr(c->line,'(' /*')'*/);
986
987         switch(c->type) {
988                 case CFG_BACKEND:
989                         if(!(c->bi = backend_info(c->argv[1]))) {
990                                 sprintf( c->msg, "<%s> failed init", c->argv[0] );
991                                 Debug(LDAP_DEBUG_ANY, "%s: %s (%s)!\n",
992                                         c->log, c->msg, c->argv[1] );
993                                 return(1);
994                         }
995                         break;
996
997                 case CFG_DATABASE:
998                         c->bi = NULL;
999                         /* NOTE: config is always the first backend!
1000                          */
1001                         if ( !strcasecmp( c->argv[1], "config" )) {
1002                                 c->be = LDAP_STAILQ_FIRST(&backendDB);
1003                         } else if ( !strcasecmp( c->argv[1], "frontend" )) {
1004                                 c->be = frontendDB;
1005                         } else {
1006                                 c->be = backend_db_init(c->argv[1]);
1007                                 if ( !c->be ) {
1008                                         sprintf( c->msg, "<%s> failed init", c->argv[0] );
1009                                         Debug(LDAP_DEBUG_ANY, "%s: %s (%s)!\n",
1010                                                 c->log, c->msg, c->argv[1] );
1011                                         return(1);
1012                                 }
1013                         }
1014                         break;
1015
1016                 case CFG_CONCUR:
1017                         ldap_pvt_thread_set_concurrency(c->value_int);
1018                         break;
1019
1020                 case CFG_THREADS:
1021                         ldap_pvt_thread_pool_maxthreads(&connection_pool, c->value_int);
1022                         connection_pool_max = c->value_int;     /* save for reference */
1023                         break;
1024
1025                 case CFG_SALT:
1026                         if ( passwd_salt ) ch_free( passwd_salt );
1027                         passwd_salt = c->value_string;
1028                         lutil_salt_format(passwd_salt);
1029                         break;
1030
1031                 case CFG_LIMITS:
1032                         if(limits_parse(c->be, c->fname, c->lineno, c->argc, c->argv))
1033                                 return(1);
1034                         break;
1035
1036                 case CFG_RO:
1037                         if(c->value_int)
1038                                 c->be->be_restrictops |= SLAP_RESTRICT_OP_WRITES;
1039                         else
1040                                 c->be->be_restrictops &= ~SLAP_RESTRICT_OP_WRITES;
1041                         break;
1042
1043                 case CFG_AZPOLICY:
1044                         ch_free(c->value_string);
1045                         if (slap_sasl_setpolicy( c->argv[1] )) {
1046                                 sprintf( c->msg, "<%s> unable to parse value", c->argv[0] );
1047                                 Debug(LDAP_DEBUG_ANY, "%s: %s \"%s\"\n",
1048                                         c->log, c->msg, c->argv[1] );
1049                                 return(1);
1050                         }
1051                         break;
1052                 
1053                 case CFG_AZREGEXP:
1054                         if (slap_sasl_regexp_config( c->argv[1], c->argv[2] ))
1055                                 return(1);
1056                         break;
1057                                 
1058 #ifdef HAVE_CYRUS_SASL
1059                 case CFG_SASLSECP:
1060                         {
1061                         char *txt = slap_sasl_secprops( c->argv[1] );
1062                         if ( txt ) {
1063                                 snprintf( c->msg, sizeof(c->msg), "<%s> %s",
1064                                         c->argv[0], txt );
1065                                 Debug(LDAP_DEBUG_ANY, "%s: %s\n", c->log, c->msg, 0 );
1066                                 return(1);
1067                         }
1068                         break;
1069                         }
1070 #endif
1071
1072                 case CFG_DEPTH:
1073                         c->be->be_max_deref_depth = c->value_int;
1074                         break;
1075
1076                 case CFG_OID: {
1077                         OidMacro *om;
1078
1079                         if(parse_oidm(c->fname, c->lineno, c->argc, c->argv, 1, &om))
1080                                 return(1);
1081                         if (!cfn->c_om_head) cfn->c_om_head = om;
1082                         cfn->c_om_tail = om;
1083                         }
1084                         break;
1085
1086                 case CFG_OC: {
1087                         ObjectClass *oc;
1088
1089                         if(parse_oc(c->fname, c->lineno, p, c->argv, &oc)) return(1);
1090                         if (!cfn->c_oc_head) cfn->c_oc_head = oc;
1091                         cfn->c_oc_tail = oc;
1092                         }
1093                         break;
1094
1095                 case CFG_DIT: {
1096                         ContentRule *cr;
1097
1098                         if(parse_cr(c->fname, c->lineno, p, c->argv, &cr)) return(1);
1099                         if (!cfn->c_cr_head) cfn->c_cr_head = cr;
1100                         cfn->c_cr_tail = cr;
1101                         }
1102                         break;
1103
1104                 case CFG_ATTR: {
1105                         AttributeType *at;
1106
1107                         if(parse_at(c->fname, c->lineno, p, c->argv, &at)) return(1);
1108                         if (!cfn->c_at_head) cfn->c_at_head = at;
1109                         cfn->c_at_tail = at;
1110                         }
1111                         break;
1112
1113                 case CFG_ATOPT:
1114                         ad_define_option(NULL, NULL, 0);
1115                         for(i = 1; i < c->argc; i++)
1116                                 if(ad_define_option(c->argv[i], c->fname, c->lineno))
1117                                         return(1);
1118                         break;
1119
1120                 case CFG_ACL:
1121                         parse_acl(c->be, c->fname, c->lineno, c->argc, c->argv, c->valx);
1122                         break;
1123
1124                 case CFG_REPLOG:
1125                         if(SLAP_MONITOR(c->be)) {
1126                                 Debug(LDAP_DEBUG_ANY, "%s: "
1127                                         "\"replogfile\" should not be used "
1128                                         "inside monitor database\n",
1129                                         c->log, 0, 0);
1130                                 return(0);      /* FIXME: should this be an error? */
1131                         }
1132
1133                         c->be->be_replogfile = c->value_string;
1134                         break;
1135
1136                 case CFG_ROOTDSE:
1137                         if(read_root_dse_file(c->argv[1])) {
1138                                 sprintf( c->msg, "<%s> could not read file", c->argv[0] );
1139                                 Debug(LDAP_DEBUG_ANY, "%s: %s %s\n",
1140                                         c->log, c->msg, c->argv[1] );
1141                                 return(1);
1142                         }
1143                         {
1144                                 struct berval bv;
1145                                 ber_str2bv( c->argv[1], 0, 1, &bv );
1146                                 ber_bvarray_add( &cfn->c_dseFiles, &bv );
1147                         }
1148                         break;
1149
1150                 case CFG_LOGFILE: {
1151                                 FILE *logfile;
1152                                 if ( logfileName ) ch_free( logfileName );
1153                                 logfileName = c->value_string;
1154                                 logfile = fopen(logfileName, "w");
1155                                 if(logfile) lutil_debug_file(logfile);
1156                         } break;
1157
1158                 case CFG_LASTMOD:
1159                         if(SLAP_NOLASTMODCMD(c->be)) {
1160                                 sprintf( c->msg, "<%s> not available for %s database",
1161                                         c->argv[0], c->be->bd_info->bi_type );
1162                                 Debug(LDAP_DEBUG_ANY, "%s: %s\n",
1163                                         c->log, c->msg, 0 );
1164                                 return(1);
1165                         }
1166                         if(c->value_int)
1167                                 SLAP_DBFLAGS(c->be) &= ~SLAP_DBFLAG_NOLASTMOD;
1168                         else
1169                                 SLAP_DBFLAGS(c->be) |= SLAP_DBFLAG_NOLASTMOD;
1170                         break;
1171
1172                 case CFG_SSTR_IF_MAX:
1173                         if (c->value_int < index_substr_if_minlen) {
1174                                 sprintf( c->msg, "<%s> invalid value", c->argv[0] );
1175                                 Debug(LDAP_DEBUG_ANY, "%s: %s (%d)\n",
1176                                         c->log, c->msg, c->value_int );
1177                                 return(1);
1178                         }
1179                         index_substr_if_maxlen = c->value_int;
1180                         break;
1181
1182                 case CFG_SSTR_IF_MIN:
1183                         if (c->value_int > index_substr_if_maxlen) {
1184                                 sprintf( c->msg, "<%s> invalid value", c->argv[0] );
1185                                 Debug(LDAP_DEBUG_ANY, "%s: %s (%d)\n",
1186                                         c->log, c->msg, c->value_int );
1187                                 return(1);
1188                         }
1189                         index_substr_if_minlen = c->value_int;
1190                         break;
1191
1192 #ifdef SLAPD_MODULES
1193                 case CFG_MODLOAD:
1194                         /* If we're just adding a module on an existing modpath,
1195                          * make sure we've selected the current path.
1196                          */
1197                         if ( c->op == LDAP_MOD_ADD && c->private && modcur != c->private ) {
1198                                 modcur = c->private;
1199                                 /* This should never fail */
1200                                 if ( module_path( modcur->mp_path.bv_val )) {
1201                                         sprintf( c->msg, "<%s> module path no longer valid",
1202                                                 c->argv[0] );
1203                                         Debug(LDAP_DEBUG_ANY, "%s: %s (%s)\n",
1204                                                 c->log, c->msg, modcur->mp_path.bv_val );
1205                                         return(1);
1206                                 }
1207                         }
1208                         if(module_load(c->argv[1], c->argc - 2, (c->argc > 2) ? c->argv + 2 : NULL))
1209                                 return(1);
1210                         /* Record this load on the current path */
1211                         {
1212                                 struct berval bv;
1213                                 char *ptr;
1214                                 if ( c->op == SLAP_CONFIG_ADD ) {
1215                                         ptr = c->line + STRLENOF("moduleload");
1216                                         while (!isspace(*ptr)) ptr++;
1217                                         while (isspace(*ptr)) ptr++;
1218                                 } else {
1219                                         ptr = c->line;
1220                                 }
1221                                 ber_str2bv(ptr, 0, 1, &bv);
1222                                 ber_bvarray_add( &modcur->mp_loads, &bv );
1223                         }
1224                         break;
1225
1226                 case CFG_MODPATH:
1227                         if(module_path(c->argv[1])) return(1);
1228                         /* Record which path was used with each module */
1229                         {
1230                                 ModPaths *mp;
1231
1232                                 if (!modpaths.mp_loads) {
1233                                         mp = &modpaths;
1234                                 } else {
1235                                         mp = ch_malloc( sizeof( ModPaths ));
1236                                         modlast->mp_next = mp;
1237                                 }
1238                                 ber_str2bv(c->argv[1], 0, 1, &mp->mp_path);
1239                                 mp->mp_next = NULL;
1240                                 mp->mp_loads = NULL;
1241                                 modlast = mp;
1242                                 c->private = mp;
1243                                 modcur = mp;
1244                         }
1245                         
1246                         break;
1247 #endif
1248
1249 #ifdef LDAP_SLAPI
1250                 case CFG_PLUGIN:
1251                         if(slapi_int_read_config(c->be, c->fname, c->lineno, c->argc, c->argv) != LDAP_SUCCESS)
1252                                 return(1);
1253                         slapi_plugins_used++;
1254                         break;
1255 #endif
1256
1257 #ifdef SLAP_AUTH_REWRITE
1258                 case CFG_REWRITE: {
1259                         struct berval bv;
1260                         char *line;
1261                         
1262                         if(slap_sasl_rewrite_config(c->fname, c->lineno, c->argc, c->argv))
1263                                 return(1);
1264
1265                         if ( c->argc > 1 ) {
1266                                 char    *s;
1267
1268                                 /* quote all args but the first */
1269                                 line = ldap_charray2str( c->argv, "\" \"" );
1270                                 ber_str2bv( line, 0, 0, &bv );
1271                                 s = strchr( bv.bv_val, '"' );
1272                                 assert( s != NULL );
1273                                 /* move the trailing quote of argv[0] to the end */
1274                                 AC_MEMCPY( s, s + 1, bv.bv_len - ( s - bv.bv_val ) );
1275                                 bv.bv_val[ bv.bv_len - 1 ] = '"';
1276
1277                         } else {
1278                                 ber_str2bv( c->argv[ 0 ], 0, 1, &bv );
1279                         }
1280                         
1281                         ber_bvarray_add( &authz_rewrites, &bv );
1282                         }
1283                         break;
1284 #endif
1285
1286
1287                 default:
1288                         Debug( SLAPD_DEBUG_CONFIG_ERROR,
1289                                 "%s: unknown CFG_TYPE %d"
1290                                 SLAPD_CONF_UNKNOWN_IGNORED ".\n",
1291                                 c->log, c->type, 0 );
1292 #ifdef SLAPD_CONF_UNKNOWN_BAILOUT
1293                         return 1;
1294 #endif /* SLAPD_CONF_UNKNOWN_BAILOUT */
1295
1296         }
1297         return(0);
1298 }
1299
1300
1301 static int
1302 config_fname(ConfigArgs *c) {
1303         if(c->op == SLAP_CONFIG_EMIT) {
1304                 if (c->private) {
1305                         ConfigFile *cf = c->private;
1306                         value_add_one( &c->rvalue_vals, &cf->c_file );
1307                         return 0;
1308                 }
1309                 return 1;
1310         }
1311         return(0);
1312 }
1313
1314 static int
1315 config_cfdir(ConfigArgs *c) {
1316         if(c->op == SLAP_CONFIG_EMIT) {
1317                 if ( !BER_BVISEMPTY( &cfdir )) {
1318                         value_add_one( &c->rvalue_vals, &cfdir );
1319                         return 0;
1320                 }
1321                 return 1;
1322         }
1323         return(0);
1324 }
1325
1326 static int
1327 config_search_base(ConfigArgs *c) {
1328         if(c->op == SLAP_CONFIG_EMIT) {
1329                 int rc = 1;
1330                 if (!BER_BVISEMPTY(&default_search_base)) {
1331                         value_add_one(&c->rvalue_vals, &default_search_base);
1332                         value_add_one(&c->rvalue_nvals, &default_search_nbase);
1333                         rc = 0;
1334                 }
1335                 return rc;
1336         } else if( c->op == LDAP_MOD_DELETE ) {
1337                 ch_free( default_search_base.bv_val );
1338                 ch_free( default_search_nbase.bv_val );
1339                 BER_BVZERO( &default_search_base );
1340                 BER_BVZERO( &default_search_nbase );
1341                 return 0;
1342         }
1343
1344         if(c->bi || c->be != frontendDB) {
1345                 Debug(LDAP_DEBUG_ANY, "%s: defaultSearchBase line must appear "
1346                         "prior to any backend or database definition\n",
1347                         c->log, 0, 0);
1348                 return(1);
1349         }
1350
1351         if(default_search_nbase.bv_len) {
1352                 free(default_search_base.bv_val);
1353                 free(default_search_nbase.bv_val);
1354         }
1355
1356         default_search_base = c->value_dn;
1357         default_search_nbase = c->value_ndn;
1358         return(0);
1359 }
1360
1361 static int
1362 config_passwd_hash(ConfigArgs *c) {
1363         int i;
1364         if (c->op == SLAP_CONFIG_EMIT) {
1365                 struct berval bv;
1366                 for (i=0; default_passwd_hash && default_passwd_hash[i]; i++) {
1367                         ber_str2bv(default_passwd_hash[i], 0, 0, &bv);
1368                         value_add_one(&c->rvalue_vals, &bv);
1369                 }
1370                 return i ? 0 : 1;
1371         } else if ( c->op == LDAP_MOD_DELETE ) {
1372                 if ( c->valx < 0 ) {
1373                         ldap_charray_free( default_passwd_hash );
1374                         default_passwd_hash = NULL;
1375                 } else {
1376                         i = c->valx;
1377                         ch_free( default_passwd_hash[i] );
1378                         for (; default_passwd_hash[i]; i++ )
1379                                 default_passwd_hash[i] = default_passwd_hash[i+1];
1380                 }
1381                 return 0;
1382         }
1383         if(default_passwd_hash) {
1384                 Debug(LDAP_DEBUG_ANY, "%s: "
1385                         "already set default password_hash\n",
1386                         c->log, 0, 0);
1387                 return(1);
1388         }
1389         for(i = 1; i < c->argc; i++) {
1390                 if(!lutil_passwd_scheme(c->argv[i])) {
1391                         sprintf( c->msg, "<%s> scheme not available", c->argv[0] );
1392                         Debug(LDAP_DEBUG_ANY, "%s: %s (%s)\n",
1393                                 c->log, c->msg, c->argv[i]);
1394                 } else {
1395                         ldap_charray_add(&default_passwd_hash, c->argv[i]);
1396                 }
1397                 if(!default_passwd_hash) {
1398                         sprintf( c->msg, "<%s> no valid hashes found", c->argv[0] );
1399                         Debug(LDAP_DEBUG_ANY, "%s: %s\n",
1400                                 c->log, c->msg, 0 );
1401                         return(1);
1402                 }
1403         }
1404         return(0);
1405 }
1406
1407 static int
1408 config_schema_dn(ConfigArgs *c) {
1409         if ( c->op == SLAP_CONFIG_EMIT ) {
1410                 int rc = 1;
1411                 if ( !BER_BVISEMPTY( &c->be->be_schemadn )) {
1412                         value_add_one(&c->rvalue_vals, &c->be->be_schemadn);
1413                         value_add_one(&c->rvalue_nvals, &c->be->be_schemandn);
1414                         rc = 0;
1415                 }
1416                 return rc;
1417         } else if ( c->op == LDAP_MOD_DELETE ) {
1418                 ch_free( c->be->be_schemadn.bv_val );
1419                 ch_free( c->be->be_schemandn.bv_val );
1420                 BER_BVZERO( &c->be->be_schemadn );
1421                 BER_BVZERO( &c->be->be_schemandn );
1422                 return 0;
1423         }
1424         ch_free( c->be->be_schemadn.bv_val );
1425         ch_free( c->be->be_schemandn.bv_val );
1426         c->be->be_schemadn = c->value_dn;
1427         c->be->be_schemandn = c->value_ndn;
1428         return(0);
1429 }
1430
1431 static int
1432 config_sizelimit(ConfigArgs *c) {
1433         int i, rc = 0;
1434         char *next;
1435         struct slap_limits_set *lim = &c->be->be_def_limit;
1436         if (c->op == SLAP_CONFIG_EMIT) {
1437                 char buf[8192];
1438                 struct berval bv;
1439                 bv.bv_val = buf;
1440                 bv.bv_len = 0;
1441                 limits_unparse_one( lim, SLAP_LIMIT_SIZE, &bv );
1442                 if ( !BER_BVISEMPTY( &bv ))
1443                         value_add_one( &c->rvalue_vals, &bv );
1444                 else
1445                         rc = 1;
1446                 return rc;
1447         } else if ( c->op == LDAP_MOD_DELETE ) {
1448                 /* Reset to defaults */
1449                 lim->lms_s_soft = SLAPD_DEFAULT_SIZELIMIT;
1450                 lim->lms_s_hard = 0;
1451                 lim->lms_s_unchecked = -1;
1452                 lim->lms_s_pr = 0;
1453                 lim->lms_s_pr_hide = 0;
1454                 lim->lms_s_pr_total = 0;
1455                 return 0;
1456         }
1457         for(i = 1; i < c->argc; i++) {
1458                 if(!strncasecmp(c->argv[i], "size", 4)) {
1459                         rc = limits_parse_one(c->argv[i], lim);
1460                         if ( rc ) {
1461                                 sprintf( c->msg, "<%s> unable to parse value", c->argv[0] );
1462                                 Debug(LDAP_DEBUG_ANY, "%s: %s \"%s\"\n",
1463                                         c->log, c->msg, c->argv[i]);
1464                                 return(1);
1465                         }
1466                 } else {
1467                         if(!strcasecmp(c->argv[i], "unlimited")) {
1468                                 lim->lms_s_soft = -1;
1469                         } else {
1470                                 lim->lms_s_soft = strtol(c->argv[i], &next, 0);
1471                                 if(next == c->argv[i]) {
1472                                         sprintf( c->msg, "<%s> unable to parse limit", c->argv[0]);
1473                                         Debug(LDAP_DEBUG_ANY, "%s: %s \"%s\"\n",
1474                                                 c->log, c->msg, c->argv[i]);
1475                                         return(1);
1476                                 } else if(next[0] != '\0') {
1477                                         Debug( SLAPD_DEBUG_CONFIG_ERROR, "%s: "
1478                                                 "trailing chars \"%s\" in \"sizelimit <limit>\" line"
1479                                                 SLAPD_CONF_UNKNOWN_IGNORED ".\n",
1480                                                 c->log, next, 0);
1481 #ifdef SLAPD_CONF_UNKNOWN_BAILOUT
1482                                         return 1;
1483 #endif /* SLAPD_CONF_UNKNOWN_BAILOUT */
1484                                 }
1485                         }
1486                         lim->lms_s_hard = 0;
1487                 }
1488         }
1489         return(0);
1490 }
1491
1492 static int
1493 config_timelimit(ConfigArgs *c) {
1494         int i, rc = 0;
1495         char *next;
1496         struct slap_limits_set *lim = &c->be->be_def_limit;
1497         if (c->op == SLAP_CONFIG_EMIT) {
1498                 char buf[8192];
1499                 struct berval bv;
1500                 bv.bv_val = buf;
1501                 bv.bv_len = 0;
1502                 limits_unparse_one( lim, SLAP_LIMIT_TIME, &bv );
1503                 if ( !BER_BVISEMPTY( &bv ))
1504                         value_add_one( &c->rvalue_vals, &bv );
1505                 else
1506                         rc = 1;
1507                 return rc;
1508         } else if ( c->op == LDAP_MOD_DELETE ) {
1509                 /* Reset to defaults */
1510                 lim->lms_t_soft = SLAPD_DEFAULT_TIMELIMIT;
1511                 lim->lms_t_hard = 0;
1512                 return 0;
1513         }
1514         for(i = 1; i < c->argc; i++) {
1515                 if(!strncasecmp(c->argv[i], "time", 4)) {
1516                         rc = limits_parse_one(c->argv[i], lim);
1517                         if ( rc ) {
1518                                 sprintf( c->msg, "<%s> unable to parse value", c->argv[0] );
1519                                 Debug(LDAP_DEBUG_ANY, "%s: %s \"%s\"\n",
1520                                         c->log, c->msg, c->argv[i]);
1521                                 return(1);
1522                         }
1523                 } else {
1524                         if(!strcasecmp(c->argv[i], "unlimited")) {
1525                                 lim->lms_t_soft = -1;
1526                         } else {
1527                                 lim->lms_t_soft = strtol(c->argv[i], &next, 0);
1528                                 if(next == c->argv[i]) {
1529                                         sprintf( c->msg, "<%s> unable to parse limit", c->argv[0]);
1530                                         Debug(LDAP_DEBUG_ANY, "%s: %s \"%s\"\n",
1531                                                 c->log, c->msg, c->argv[i]);
1532                                         return(1);
1533                                 } else if(next[0] != '\0') {
1534                                         Debug( SLAPD_DEBUG_CONFIG_ERROR, "%s: "
1535                                                 "trailing chars \"%s\" in \"timelimit <limit>\" line"
1536                                                 SLAPD_CONF_UNKNOWN_IGNORED ".\n",
1537                                                 c->log, next, 0);
1538 #ifdef SLAPD_CONF_UNKNOWN_BAILOUT
1539                                         return 1;
1540 #endif /* SLAPD_CONF_UNKNOWN_BAILOUT */
1541                                 }
1542                         }
1543                         lim->lms_t_hard = 0;
1544                 }
1545         }
1546         return(0);
1547 }
1548
1549 static int
1550 config_overlay(ConfigArgs *c) {
1551         slap_overinfo *oi;
1552         if (c->op == SLAP_CONFIG_EMIT) {
1553                 return 1;
1554         } else if ( c->op == LDAP_MOD_DELETE ) {
1555                 assert(0);
1556         }
1557         if(c->argv[1][0] == '-' && overlay_config(c->be, &c->argv[1][1])) {
1558                 /* log error */
1559                 Debug( SLAPD_DEBUG_CONFIG_ERROR, "%s: (optional) %s overlay \"%s\" configuration failed"
1560                         SLAPD_CONF_UNKNOWN_IGNORED ".\n",
1561                         c->log, c->be == frontendDB ? "global " : "", &c->argv[1][1]);
1562 #ifdef SLAPD_CONF_UNKNOWN_BAILOUT
1563                 return 1;
1564 #endif /* SLAPD_CONF_UNKNOWN_BAILOUT */
1565         } else if(overlay_config(c->be, c->argv[1])) {
1566                 return(1);
1567         }
1568         /* Setup context for subsequent config directives.
1569          * The newly added overlay is at the head of the list.
1570          */
1571         oi = (slap_overinfo *)c->be->bd_info;
1572         c->bi = &oi->oi_list->on_bi;
1573         return(0);
1574 }
1575
1576 static int
1577 config_subordinate(ConfigArgs *c)
1578 {
1579         int rc = 1;
1580         int advertise;
1581
1582         switch( c->op ) {
1583         case SLAP_CONFIG_EMIT:
1584                 if ( SLAP_GLUE_SUBORDINATE( c->be )) {
1585                         struct berval bv;
1586
1587                         bv.bv_val = SLAP_GLUE_ADVERTISE( c->be ) ? "advertise" : "TRUE";
1588                         bv.bv_len = SLAP_GLUE_ADVERTISE( c->be ) ? STRLENOF("advertise") :
1589                                 STRLENOF("TRUE");
1590
1591                         value_add_one( &c->rvalue_vals, &bv );
1592                         rc = 0;
1593                 }
1594                 break;
1595         case LDAP_MOD_DELETE:
1596                 if ( !c->line  || strcasecmp( c->line, "advertise" )) {
1597                         glue_sub_del( c->be );
1598                 } else {
1599                         SLAP_DBFLAGS( c->be ) &= ~SLAP_DBFLAG_GLUE_ADVERTISE;
1600                 }
1601                 rc = 0;
1602                 break;
1603         case LDAP_MOD_ADD:
1604         case SLAP_CONFIG_ADD:
1605                 advertise = ( c->argc == 2 && !strcasecmp( c->argv[1], "advertise" ));
1606                 rc = glue_sub_add( c->be, advertise, CONFIG_ONLINE_ADD( c ));
1607                 break;
1608         }
1609         return rc;
1610 }
1611
1612 static int
1613 config_suffix(ConfigArgs *c)
1614 {
1615         Backend *tbe;
1616         struct berval pdn, ndn;
1617         char    *notallowed = NULL;
1618
1619         if ( c->be == frontendDB ) {
1620                 notallowed = "frontend";
1621
1622         } else if ( SLAP_MONITOR(c->be) ) {
1623                 notallowed = "monitor";
1624
1625         } else if ( SLAP_CONFIG(c->be) ) {
1626                 notallowed = "config";
1627         }
1628
1629         if ( notallowed != NULL ) {
1630                 char    buf[ SLAP_TEXT_BUFLEN ] = { '\0' };
1631
1632                 switch ( c->op ) {
1633                 case LDAP_MOD_ADD:
1634                 case LDAP_MOD_DELETE:
1635                 case LDAP_MOD_REPLACE:
1636                 case LDAP_MOD_INCREMENT:
1637                 case SLAP_CONFIG_ADD:
1638                         if ( !BER_BVISNULL( &c->value_dn ) ) {
1639                                 snprintf( buf, sizeof( buf ), "<%s> ",
1640                                                 c->value_dn.bv_val );
1641                         }
1642
1643                         Debug(LDAP_DEBUG_ANY,
1644                                 "%s: suffix %snot allowed in %s database.\n",
1645                                 c->log, buf, notallowed );
1646                         break;
1647
1648                 case SLAP_CONFIG_EMIT:
1649                         /* don't complain when emitting... */
1650                         break;
1651
1652                 default:
1653                         /* FIXME: don't know what values may be valid;
1654                          * please remove assertion, or add legal values
1655                          * to either block */
1656                         assert( 0 );
1657                         break;
1658                 }
1659
1660                 return 1;
1661         }
1662
1663         if (c->op == SLAP_CONFIG_EMIT) {
1664                 if ( c->be->be_suffix == NULL
1665                                 || BER_BVISNULL( &c->be->be_suffix[0] ) )
1666                 {
1667                         return 1;
1668                 } else {
1669                         value_add( &c->rvalue_vals, c->be->be_suffix );
1670                         value_add( &c->rvalue_nvals, c->be->be_nsuffix );
1671                         return 0;
1672                 }
1673         } else if ( c->op == LDAP_MOD_DELETE ) {
1674                 if ( c->valx < 0 ) {
1675                         ber_bvarray_free( c->be->be_suffix );
1676                         ber_bvarray_free( c->be->be_nsuffix );
1677                         c->be->be_suffix = NULL;
1678                         c->be->be_nsuffix = NULL;
1679                 } else {
1680                         int i = c->valx;
1681                         ch_free( c->be->be_suffix[i].bv_val );
1682                         ch_free( c->be->be_nsuffix[i].bv_val );
1683                         for (; c->be->be_suffix[i].bv_val; i++) {
1684                                 c->be->be_suffix[i] = c->be->be_suffix[i+1];
1685                                 c->be->be_nsuffix[i] = c->be->be_nsuffix[i+1];
1686                         }
1687                 }
1688                 return 0;
1689         }
1690
1691 #ifdef SLAPD_MONITOR_DN
1692         if(!strcasecmp(c->argv[1], SLAPD_MONITOR_DN)) {
1693                 sprintf( c->msg, "<%s> DN is reserved for monitoring slapd",
1694                         c->argv[0] );
1695                 Debug(LDAP_DEBUG_ANY, "%s: %s (%s)\n",
1696                         c->log, c->msg, SLAPD_MONITOR_DN);
1697                 return(1);
1698         }
1699 #endif
1700
1701         pdn = c->value_dn;
1702         ndn = c->value_ndn;
1703         tbe = select_backend(&ndn, 0, 0);
1704         if(tbe == c->be) {
1705                 Debug( SLAPD_DEBUG_CONFIG_ERROR,
1706                         "%s: suffix already served by this backend!"
1707                         SLAPD_CONF_UNKNOWN_IGNORED ".\n",
1708                         c->log, 0, 0);
1709 #ifdef SLAPD_CONF_UNKNOWN_BAILOUT
1710                 return 1;
1711 #endif /* SLAPD_CONF_UNKNOWN_BAILOUT */
1712                 free(pdn.bv_val);
1713                 free(ndn.bv_val);
1714         } else if(tbe) {
1715                 char    *type = tbe->bd_info->bi_type;
1716
1717                 if ( overlay_is_over( tbe ) ) {
1718                         slap_overinfo   *oi = (slap_overinfo *)tbe->bd_info->bi_private;
1719                         type = oi->oi_orig->bi_type;
1720                 }
1721
1722                 sprintf( c->msg, "<%s> namingContext \"%s\" already served by "
1723                         "a preceding %s database serving namingContext",
1724                         c->argv[0], pdn.bv_val, type );
1725                 Debug(LDAP_DEBUG_ANY, "%s: %s \"%s\"\n",
1726                         c->log, c->msg, tbe->be_suffix[0].bv_val);
1727                 free(pdn.bv_val);
1728                 free(ndn.bv_val);
1729                 return(1);
1730         } else if(pdn.bv_len == 0 && default_search_nbase.bv_len) {
1731                 Debug(LDAP_DEBUG_ANY, "%s: suffix DN empty and default search "
1732                         "base provided \"%s\" (assuming okay)\n",
1733                         c->log, default_search_base.bv_val, 0);
1734         }
1735         ber_bvarray_add(&c->be->be_suffix, &pdn);
1736         ber_bvarray_add(&c->be->be_nsuffix, &ndn);
1737         return(0);
1738 }
1739
1740 static int
1741 config_rootdn(ConfigArgs *c) {
1742         if (c->op == SLAP_CONFIG_EMIT) {
1743                 if ( !BER_BVISNULL( &c->be->be_rootdn )) {
1744                         value_add_one(&c->rvalue_vals, &c->be->be_rootdn);
1745                         value_add_one(&c->rvalue_nvals, &c->be->be_rootndn);
1746                         return 0;
1747                 } else {
1748                         return 1;
1749                 }
1750         } else if ( c->op == LDAP_MOD_DELETE ) {
1751                 ch_free( c->be->be_rootdn.bv_val );
1752                 ch_free( c->be->be_rootndn.bv_val );
1753                 BER_BVZERO( &c->be->be_rootdn );
1754                 BER_BVZERO( &c->be->be_rootndn );
1755                 return 0;
1756         }
1757         if ( !BER_BVISNULL( &c->be->be_rootdn )) {
1758                 ch_free( c->be->be_rootdn.bv_val );
1759                 ch_free( c->be->be_rootndn.bv_val );
1760         }
1761         c->be->be_rootdn = c->value_dn;
1762         c->be->be_rootndn = c->value_ndn;
1763         return(0);
1764 }
1765
1766 static int
1767 config_rootpw(ConfigArgs *c) {
1768         Backend *tbe;
1769
1770         if (c->op == SLAP_CONFIG_EMIT) {
1771                 if (!BER_BVISEMPTY(&c->be->be_rootpw)) {
1772                         /* don't copy, because "rootpw" is marked
1773                          * as CFG_BERVAL */
1774                         c->value_bv = c->be->be_rootpw;
1775                         return 0;
1776                 }
1777                 return 1;
1778         } else if ( c->op == LDAP_MOD_DELETE ) {
1779                 ch_free( c->be->be_rootpw.bv_val );
1780                 BER_BVZERO( &c->be->be_rootpw );
1781                 return 0;
1782         }
1783
1784         tbe = select_backend(&c->be->be_rootndn, 0, 0);
1785         if(tbe != c->be) {
1786                 sprintf( c->msg, "<%s> can only be set when rootdn is under suffix",
1787                         c->argv[0] );
1788                 Debug(LDAP_DEBUG_ANY, "%s: %s\n",
1789                         c->log, c->msg, 0);
1790                 return(1);
1791         }
1792         if ( !BER_BVISNULL( &c->be->be_rootpw ))
1793                 ch_free( c->be->be_rootpw.bv_val );
1794         c->be->be_rootpw = c->value_bv;
1795         return(0);
1796 }
1797
1798 static int
1799 config_restrict(ConfigArgs *c) {
1800         slap_mask_t restrictops = 0;
1801         int i;
1802         slap_verbmasks restrictable_ops[] = {
1803                 { BER_BVC("bind"),              SLAP_RESTRICT_OP_BIND },
1804                 { BER_BVC("add"),               SLAP_RESTRICT_OP_ADD },
1805                 { BER_BVC("modify"),            SLAP_RESTRICT_OP_MODIFY },
1806                 { BER_BVC("rename"),            SLAP_RESTRICT_OP_RENAME },
1807                 { BER_BVC("modrdn"),            0 },
1808                 { BER_BVC("delete"),            SLAP_RESTRICT_OP_DELETE },
1809                 { BER_BVC("search"),            SLAP_RESTRICT_OP_SEARCH },
1810                 { BER_BVC("compare"),   SLAP_RESTRICT_OP_COMPARE },
1811                 { BER_BVC("read"),              SLAP_RESTRICT_OP_READS },
1812                 { BER_BVC("write"),             SLAP_RESTRICT_OP_WRITES },
1813                 { BER_BVC("extended"),  SLAP_RESTRICT_OP_EXTENDED },
1814                 { BER_BVC("extended=" LDAP_EXOP_START_TLS ),            SLAP_RESTRICT_EXOP_START_TLS },
1815                 { BER_BVC("extended=" LDAP_EXOP_MODIFY_PASSWD ),        SLAP_RESTRICT_EXOP_MODIFY_PASSWD },
1816                 { BER_BVC("extended=" LDAP_EXOP_X_WHO_AM_I ),           SLAP_RESTRICT_EXOP_WHOAMI },
1817                 { BER_BVC("extended=" LDAP_EXOP_X_CANCEL ),             SLAP_RESTRICT_EXOP_CANCEL },
1818                 { BER_BVNULL,   0 }
1819         };
1820
1821         if (c->op == SLAP_CONFIG_EMIT) {
1822                 return mask_to_verbs( restrictable_ops, c->be->be_restrictops,
1823                         &c->rvalue_vals );
1824         } else if ( c->op == LDAP_MOD_DELETE ) {
1825                 if ( !c->line ) {
1826                         c->be->be_restrictops = 0;
1827                 } else {
1828                         restrictops = verb_to_mask( c->line, restrictable_ops );
1829                         c->be->be_restrictops ^= restrictops;
1830                 }
1831                 return 0;
1832         }
1833         i = verbs_to_mask( c->argc, c->argv, restrictable_ops, &restrictops );
1834         if ( i ) {
1835                 sprintf( c->msg, "<%s> unknown operation", c->argv[0] );
1836                 Debug(LDAP_DEBUG_ANY, "%s: %s %s\n",
1837                         c->log, c->msg, c->argv[i]);
1838                 return(1);
1839         }
1840         if ( restrictops & SLAP_RESTRICT_OP_EXTENDED )
1841                 restrictops &= ~SLAP_RESTRICT_EXOP_MASK;
1842         c->be->be_restrictops |= restrictops;
1843         return(0);
1844 }
1845
1846 static int
1847 config_allows(ConfigArgs *c) {
1848         slap_mask_t allows = 0;
1849         int i;
1850         slap_verbmasks allowable_ops[] = {
1851                 { BER_BVC("bind_v2"),           SLAP_ALLOW_BIND_V2 },
1852                 { BER_BVC("bind_anon_cred"),    SLAP_ALLOW_BIND_ANON_CRED },
1853                 { BER_BVC("bind_anon_dn"),      SLAP_ALLOW_BIND_ANON_DN },
1854                 { BER_BVC("update_anon"),       SLAP_ALLOW_UPDATE_ANON },
1855                 { BER_BVNULL,   0 }
1856         };
1857         if (c->op == SLAP_CONFIG_EMIT) {
1858                 return mask_to_verbs( allowable_ops, global_allows, &c->rvalue_vals );
1859         } else if ( c->op == LDAP_MOD_DELETE ) {
1860                 if ( !c->line ) {
1861                         global_allows = 0;
1862                 } else {
1863                         allows = verb_to_mask( c->line, allowable_ops );
1864                         global_allows ^= allows;
1865                 }
1866                 return 0;
1867         }
1868         i = verbs_to_mask(c->argc, c->argv, allowable_ops, &allows);
1869         if ( i ) {
1870                 sprintf( c->msg, "<%s> unknown feature", c->argv[0] );
1871                 Debug(LDAP_DEBUG_ANY, "%s: %s %s\n",
1872                         c->log, c->msg, c->argv[i]);
1873                 return(1);
1874         }
1875         global_allows |= allows;
1876         return(0);
1877 }
1878
1879 static int
1880 config_disallows(ConfigArgs *c) {
1881         slap_mask_t disallows = 0;
1882         int i;
1883         slap_verbmasks disallowable_ops[] = {
1884                 { BER_BVC("bind_anon"),         SLAP_DISALLOW_BIND_ANON },
1885                 { BER_BVC("bind_simple"),       SLAP_DISALLOW_BIND_SIMPLE },
1886                 { BER_BVC("bind_krb4"),         SLAP_DISALLOW_BIND_KRBV4 },
1887                 { BER_BVC("tls_2_anon"),                SLAP_DISALLOW_TLS_2_ANON },
1888                 { BER_BVC("tls_authc"),         SLAP_DISALLOW_TLS_AUTHC },
1889                 { BER_BVNULL, 0 }
1890         };
1891         if (c->op == SLAP_CONFIG_EMIT) {
1892                 return mask_to_verbs( disallowable_ops, global_disallows, &c->rvalue_vals );
1893         } else if ( c->op == LDAP_MOD_DELETE ) {
1894                 if ( !c->line ) {
1895                         global_disallows = 0;
1896                 } else {
1897                         disallows = verb_to_mask( c->line, disallowable_ops );
1898                         global_disallows ^= disallows;
1899                 }
1900                 return 0;
1901         }
1902         i = verbs_to_mask(c->argc, c->argv, disallowable_ops, &disallows);
1903         if ( i ) {
1904                 sprintf( c->msg, "<%s> unknown feature", c->argv[0] );
1905                 Debug(LDAP_DEBUG_ANY, "%s: %s %s\n",
1906                         c->log, c->msg, c->argv[i]);
1907                 return(1);
1908         }
1909         global_disallows |= disallows;
1910         return(0);
1911 }
1912
1913 static int
1914 config_requires(ConfigArgs *c) {
1915         slap_mask_t requires = 0;
1916         int i;
1917         slap_verbmasks requires_ops[] = {
1918                 { BER_BVC("bind"),              SLAP_REQUIRE_BIND },
1919                 { BER_BVC("LDAPv3"),            SLAP_REQUIRE_LDAP_V3 },
1920                 { BER_BVC("authc"),             SLAP_REQUIRE_AUTHC },
1921                 { BER_BVC("sasl"),              SLAP_REQUIRE_SASL },
1922                 { BER_BVC("strong"),            SLAP_REQUIRE_STRONG },
1923                 { BER_BVNULL, 0 }
1924         };
1925         if (c->op == SLAP_CONFIG_EMIT) {
1926                 return mask_to_verbs( requires_ops, c->be->be_requires, &c->rvalue_vals );
1927         } else if ( c->op == LDAP_MOD_DELETE ) {
1928                 if ( !c->line ) {
1929                         c->be->be_requires = 0;
1930                 } else {
1931                         requires = verb_to_mask( c->line, requires_ops );
1932                         c->be->be_requires ^= requires;
1933                 }
1934                 return 0;
1935         }
1936         i = verbs_to_mask(c->argc, c->argv, requires_ops, &requires);
1937         if ( i ) {
1938                 sprintf( c->msg, "<%s> unknown feature", c->argv[0] );
1939                 Debug(LDAP_DEBUG_ANY, "%s: %s %s\n",
1940                         c->log, c->msg, c->argv[i]);
1941                 return(1);
1942         }
1943         c->be->be_requires = requires;
1944         return(0);
1945 }
1946
1947 static slap_verbmasks   *loglevel_ops;
1948
1949 static int
1950 loglevel_init( void )
1951 {
1952         slap_verbmasks  lo[] = {
1953                 { BER_BVC("Any"),       -1 },
1954                 { BER_BVC("Trace"),     LDAP_DEBUG_TRACE },
1955                 { BER_BVC("Packets"),   LDAP_DEBUG_PACKETS },
1956                 { BER_BVC("Args"),      LDAP_DEBUG_ARGS },
1957                 { BER_BVC("Conns"),     LDAP_DEBUG_CONNS },
1958                 { BER_BVC("BER"),       LDAP_DEBUG_BER },
1959                 { BER_BVC("Filter"),    LDAP_DEBUG_FILTER },
1960                 { BER_BVC("Config"),    LDAP_DEBUG_CONFIG },
1961                 { BER_BVC("ACL"),       LDAP_DEBUG_ACL },
1962                 { BER_BVC("Stats"),     LDAP_DEBUG_STATS },
1963                 { BER_BVC("Stats2"),    LDAP_DEBUG_STATS2 },
1964                 { BER_BVC("Shell"),     LDAP_DEBUG_SHELL },
1965                 { BER_BVC("Parse"),     LDAP_DEBUG_PARSE },
1966                 { BER_BVC("Cache"),     LDAP_DEBUG_CACHE },
1967                 { BER_BVC("Index"),     LDAP_DEBUG_INDEX },
1968                 { BER_BVC("Sync"),      LDAP_DEBUG_SYNC },
1969                 { BER_BVNULL,   0 }
1970         };
1971
1972         return slap_verbmasks_init( &loglevel_ops, lo );
1973 }
1974
1975 static void
1976 loglevel_destroy( void )
1977 {
1978         if ( loglevel_ops ) {
1979                 (void)slap_verbmasks_destroy( loglevel_ops );
1980         }
1981         loglevel_ops = NULL;
1982 }
1983
1984 static slap_mask_t      loglevel_ignore[] = { -1, 0 };
1985
1986 int
1987 slap_loglevel_register( slap_mask_t m, struct berval *s )
1988 {
1989         int     rc;
1990
1991         if ( loglevel_ops == NULL ) {
1992                 loglevel_init();
1993         }
1994
1995         rc = slap_verbmasks_append( &loglevel_ops, m, s, loglevel_ignore );
1996
1997         if ( rc != 0 ) {
1998                 Debug( LDAP_DEBUG_ANY, "slap_loglevel_register(%lu, \"%s\") failed\n",
1999                         m, s->bv_val, 0 );
2000         }
2001
2002         return rc;
2003 }
2004
2005 int
2006 str2loglevel( const char *s, int *l )
2007 {
2008         int     i;
2009
2010         if ( loglevel_ops == NULL ) {
2011                 loglevel_init();
2012         }
2013
2014         i = verb_to_mask( s, loglevel_ops );
2015
2016         if ( BER_BVISNULL( &loglevel_ops[ i ].word) ) {
2017                 return -1;
2018         }
2019
2020         *l = loglevel_ops[ i ].mask;
2021
2022         return 0;
2023 }
2024
2025 static int config_syslog;
2026
2027 static int
2028 config_loglevel(ConfigArgs *c) {
2029         int i;
2030         char *next;
2031
2032         if ( loglevel_ops == NULL ) {
2033                 loglevel_init();
2034         }
2035
2036         if (c->op == SLAP_CONFIG_EMIT) {
2037                 /* Get default or commandline slapd setting */
2038                 if ( ldap_syslog && !config_syslog )
2039                         config_syslog = ldap_syslog;
2040                 return mask_to_verbs( loglevel_ops, config_syslog, &c->rvalue_vals );
2041         } else if ( c->op == LDAP_MOD_DELETE ) {
2042                 if ( !c->line ) {
2043                         config_syslog = 0;
2044                 } else {
2045                         int level = verb_to_mask( c->line, loglevel_ops );
2046                         config_syslog ^= level;
2047                 }
2048                 if ( slapMode & SLAP_SERVER_MODE ) {
2049                         ldap_syslog = config_syslog;
2050                 }
2051                 return 0;
2052         }
2053
2054         config_syslog = 0;
2055
2056         for( i=1; i < c->argc; i++ ) {
2057                 int     level;
2058
2059                 if ( isdigit( c->argv[i][0] ) || c->argv[i][0] == '-' ) {
2060                         level = strtol( c->argv[i], &next, 10 );
2061                         if ( next == NULL || next[0] != '\0' ) {
2062                                 sprintf( c->msg, "<%s> unable to parse level", c->argv[0] );
2063                                 Debug( LDAP_DEBUG_ANY, "%s: %s \"%s\"\n",
2064                                         c->log, c->msg, c->argv[i]);
2065                                 return( 1 );
2066                         }
2067                 } else {
2068                         if ( str2loglevel( c->argv[i], &level ) ) {
2069                                 sprintf( c->msg, "<%s> unknown level", c->argv[0] );
2070                                 Debug( LDAP_DEBUG_ANY, "%s: %s \"%s\"\n",
2071                                         c->log, c->msg, c->argv[i]);
2072                                 return( 1 );
2073                         }
2074                 }
2075                 config_syslog |= level;
2076         }
2077         if ( slapMode & SLAP_SERVER_MODE ) {
2078                 ldap_syslog = config_syslog;
2079         }
2080         return(0);
2081 }
2082
2083 static int
2084 config_referral(ConfigArgs *c) {
2085         struct berval val;
2086         if (c->op == SLAP_CONFIG_EMIT) {
2087                 if ( default_referral ) {
2088                         value_add( &c->rvalue_vals, default_referral );
2089                         return 0;
2090                 } else {
2091                         return 1;
2092                 }
2093         } else if ( c->op == LDAP_MOD_DELETE ) {
2094                 if ( c->valx < 0 ) {
2095                         ber_bvarray_free( default_referral );
2096                         default_referral = NULL;
2097                 } else {
2098                         int i = c->valx;
2099                         ch_free( default_referral[i].bv_val );
2100                         for (; default_referral[i].bv_val; i++ )
2101                                 default_referral[i] = default_referral[i+1];
2102                 }
2103                 return 0;
2104         }
2105         if(validate_global_referral(c->argv[1])) {
2106                 sprintf( c->msg, "<%s> invalid URL", c->argv[0] );
2107                 Debug(LDAP_DEBUG_ANY, "%s: %s (%s)\n",
2108                         c->log, c->msg, c->argv[1]);
2109                 return(1);
2110         }
2111
2112         ber_str2bv(c->argv[1], 0, 0, &val);
2113         if(value_add_one(&default_referral, &val)) return(LDAP_OTHER);
2114         return(0);
2115 }
2116
2117 static struct {
2118         struct berval key;
2119         int off;
2120 } sec_keys[] = {
2121         { BER_BVC("ssf="), offsetof(slap_ssf_set_t, sss_ssf) },
2122         { BER_BVC("transport="), offsetof(slap_ssf_set_t, sss_transport) },
2123         { BER_BVC("tls="), offsetof(slap_ssf_set_t, sss_tls) },
2124         { BER_BVC("sasl="), offsetof(slap_ssf_set_t, sss_sasl) },
2125         { BER_BVC("update_ssf="), offsetof(slap_ssf_set_t, sss_update_ssf) },
2126         { BER_BVC("update_transport="), offsetof(slap_ssf_set_t, sss_update_transport) },
2127         { BER_BVC("update_tls="), offsetof(slap_ssf_set_t, sss_update_tls) },
2128         { BER_BVC("update_sasl="), offsetof(slap_ssf_set_t, sss_update_sasl) },
2129         { BER_BVC("simple_bind="), offsetof(slap_ssf_set_t, sss_simple_bind) },
2130         { BER_BVNULL, 0 }
2131 };
2132
2133 static int
2134 config_security(ConfigArgs *c) {
2135         slap_ssf_set_t *set = &c->be->be_ssf_set;
2136         char *next;
2137         int i, j;
2138         if (c->op == SLAP_CONFIG_EMIT) {
2139                 char numbuf[32];
2140                 struct berval bv;
2141                 slap_ssf_t *tgt;
2142                 int rc = 1;
2143
2144                 for (i=0; !BER_BVISNULL( &sec_keys[i].key ); i++) {
2145                         tgt = (slap_ssf_t *)((char *)set + sec_keys[i].off);
2146                         if ( *tgt ) {
2147                                 rc = 0;
2148                                 bv.bv_len = sprintf( numbuf, "%u", *tgt );
2149                                 bv.bv_len += sec_keys[i].key.bv_len;
2150                                 bv.bv_val = ch_malloc( bv.bv_len + 1);
2151                                 next = lutil_strcopy( bv.bv_val, sec_keys[i].key.bv_val );
2152                                 strcpy( next, numbuf );
2153                                 ber_bvarray_add( &c->rvalue_vals, &bv );
2154                         }
2155                 }
2156                 return rc;
2157         }
2158         for(i = 1; i < c->argc; i++) {
2159                 slap_ssf_t *tgt = NULL;
2160                 char *src;
2161                 for ( j=0; !BER_BVISNULL( &sec_keys[j].key ); j++ ) {
2162                         if(!strncasecmp(c->argv[i], sec_keys[j].key.bv_val,
2163                                 sec_keys[j].key.bv_len)) {
2164                                 src = c->argv[i] + sec_keys[j].key.bv_len;
2165                                 tgt = (slap_ssf_t *)((char *)set + sec_keys[j].off);
2166                                 break;
2167                         }
2168                 }
2169                 if ( !tgt ) {
2170                         sprintf( c->msg, "<%s> unknown factor", c->argv[0] );
2171                         Debug(LDAP_DEBUG_ANY, "%s: %s %s\n",
2172                                 c->log, c->msg, c->argv[i]);
2173                         return(1);
2174                 }
2175
2176                 *tgt = strtol(src, &next, 10);
2177                 if(next == NULL || next[0] != '\0' ) {
2178                         sprintf( c->msg, "<%s> unable to parse factor", c->argv[0] );
2179                         Debug(LDAP_DEBUG_ANY, "%s: %s \"%s\"\n",
2180                                 c->log, c->msg, c->argv[i]);
2181                         return(1);
2182                 }
2183         }
2184         return(0);
2185 }
2186
2187 char *
2188 anlist_unparse( AttributeName *an, char *ptr ) {
2189         int comma = 0;
2190
2191         for (; !BER_BVISNULL( &an->an_name ); an++) {
2192                 if ( comma ) *ptr++ = ',';
2193                 ptr = lutil_strcopy( ptr, an->an_name.bv_val );
2194                 comma = 1;
2195         }
2196         return ptr;
2197 }
2198
2199 static void
2200 replica_unparse( struct slap_replica_info *ri, int i, struct berval *bv )
2201 {
2202         int len;
2203         char *ptr;
2204         struct berval bc = BER_BVNULL;
2205         char numbuf[32];
2206
2207         len = sprintf(numbuf, IFMT, i );
2208
2209         len += strlen( ri->ri_uri ) + STRLENOF("uri=");
2210         if ( ri->ri_nsuffix ) {
2211                 for (i=0; !BER_BVISNULL( &ri->ri_nsuffix[i] ); i++) {
2212                         len += ri->ri_nsuffix[i].bv_len + STRLENOF(" suffix=\"\"");
2213                 }
2214         }
2215         if ( ri->ri_attrs ) {
2216                 len += STRLENOF("attr");
2217                 if ( ri->ri_exclude ) len++;
2218                 for (i=0; !BER_BVISNULL( &ri->ri_attrs[i].an_name ); i++) {
2219                         len += 1 + ri->ri_attrs[i].an_name.bv_len;
2220                 }
2221         }
2222         bindconf_unparse( &ri->ri_bindconf, &bc );
2223         len += bc.bv_len;
2224
2225         bv->bv_val = ch_malloc(len + 1);
2226         bv->bv_len = len;
2227
2228         ptr = lutil_strcopy( bv->bv_val, numbuf );
2229         ptr = lutil_strcopy( ptr, "uri=" );
2230         ptr = lutil_strcopy( ptr, ri->ri_uri );
2231
2232         if ( ri->ri_nsuffix ) {
2233                 for (i=0; !BER_BVISNULL( &ri->ri_nsuffix[i] ); i++) {
2234                         ptr = lutil_strcopy( ptr, " suffix=\"" );
2235                         ptr = lutil_strcopy( ptr, ri->ri_nsuffix[i].bv_val );
2236                         *ptr++ = '"';
2237                 }
2238         }
2239         if ( ri->ri_attrs ) {
2240                 ptr = lutil_strcopy( ptr, "attr" );
2241                 if ( ri->ri_exclude ) *ptr++ = '!';
2242                 *ptr++ = '=';
2243                 ptr = anlist_unparse( ri->ri_attrs, ptr );
2244         }
2245         if ( bc.bv_val ) {
2246                 strcpy( ptr, bc.bv_val );
2247                 ch_free( bc.bv_val );
2248         }
2249 }
2250
2251 static int
2252 config_replica(ConfigArgs *c) {
2253         int i, nr = -1, len;
2254         char *replicahost, *replicauri;
2255         LDAPURLDesc *ludp;
2256
2257         if (c->op == SLAP_CONFIG_EMIT) {
2258                 if (c->be->be_replica) {
2259                         struct berval bv;
2260                         for (i=0;c->be->be_replica[i]; i++) {
2261                                 replica_unparse( c->be->be_replica[i], i, &bv );
2262                                 ber_bvarray_add( &c->rvalue_vals, &bv );
2263                         }
2264                         return 0;
2265                 }
2266                 return 1;
2267         } else if ( c->op == LDAP_MOD_DELETE ) {
2268                 /* FIXME: there is no replica_free function */
2269                 if ( c->valx < 0 ) {
2270                 } else {
2271                 }
2272         }
2273         if(SLAP_MONITOR(c->be)) {
2274                 Debug(LDAP_DEBUG_ANY, "%s: "
2275                         "\"replica\" should not be used inside monitor database\n",
2276                         c->log, 0, 0);
2277                 return(0);      /* FIXME: should this be an error? */
2278         }
2279
2280         for(i = 1; i < c->argc; i++) {
2281                 if(!strncasecmp(c->argv[i], "host=", STRLENOF("host="))) {
2282                         replicahost = c->argv[i] + STRLENOF("host=");
2283                         len = strlen( replicahost );
2284                         replicauri = ch_malloc( len + STRLENOF("ldap://") + 1 );
2285                         sprintf( replicauri, "ldap://%s", replicahost );
2286                         replicahost = replicauri + STRLENOF( "ldap://");
2287                         nr = add_replica_info(c->be, replicauri, replicahost);
2288                         break;
2289                 } else if(!strncasecmp(c->argv[i], "uri=", STRLENOF("uri="))) {
2290                         if(ldap_url_parse(c->argv[i] + STRLENOF("uri="), &ludp) != LDAP_SUCCESS) {
2291                                 sprintf( c->msg, "<%s> invalid uri", c->argv[0] );
2292                                 Debug(LDAP_DEBUG_ANY, "%s: %s\n", c->log, c->msg, 0 );
2293                                 return(1);
2294                         }
2295                         if(!ludp->lud_host) {
2296                                 ldap_free_urldesc(ludp);
2297                                 sprintf( c->msg, "<%s> invalid uri - missing hostname",
2298                                         c->argv[0] );
2299                                 Debug(LDAP_DEBUG_ANY, "%s: %s\n", c->log, c->msg, 0 );
2300                                 return(1);
2301                         }
2302                         ldap_free_urldesc(ludp);
2303                         replicauri = c->argv[i] + STRLENOF("uri=");
2304                         replicauri = ch_strdup( replicauri );
2305                         replicahost = strchr( replicauri, '/' );
2306                         replicahost += 2;
2307                         nr = add_replica_info(c->be, replicauri, replicahost);
2308                         break;
2309                 }
2310         }
2311         if(i == c->argc) {
2312                 sprintf( c->msg, "<%s> missing host or uri", c->argv[0] );
2313                 Debug(LDAP_DEBUG_ANY, "%s: %s\n", c->log, c->msg, 0 );
2314                 return(1);
2315         } else if(nr == -1) {
2316                 sprintf( c->msg, "<%s> unable to add replica", c->argv[0] );
2317                 Debug(LDAP_DEBUG_ANY, "%s: %s \"%s\"\n", c->log, c->msg, replicauri );
2318                 return(1);
2319         } else {
2320                 for(i = 1; i < c->argc; i++) {
2321                         if(!strncasecmp(c->argv[i], "suffix=", STRLENOF( "suffix="))) {
2322                                 switch(add_replica_suffix(c->be, nr, c->argv[i] + STRLENOF("suffix="))) {
2323                                         case 1:
2324                                                 Debug( SLAPD_DEBUG_CONFIG_ERROR, "%s: "
2325                                                 "suffix \"%s\" in \"replica\" line is not valid for backend"
2326                                                 SLAPD_CONF_UNKNOWN_IGNORED ".\n",
2327                                                 c->log, c->argv[i] + STRLENOF("suffix="), 0);
2328 #ifdef SLAPD_CONF_UNKNOWN_BAILOUT
2329                                                 return 1;
2330 #endif /* SLAPD_CONF_UNKNOWN_BAILOUT */
2331                                                 break;
2332                                         case 2:
2333                                                 Debug( SLAPD_DEBUG_CONFIG_ERROR, "%s: "
2334                                                 "unable to normalize suffix in \"replica\" line"
2335                                                 SLAPD_CONF_UNKNOWN_IGNORED ".\n",
2336                                                 c->log, 0, 0);
2337 #ifdef SLAPD_CONF_UNKNOWN_BAILOUT
2338                                                 return 1;
2339 #endif /* SLAPD_CONF_UNKNOWN_BAILOUT */
2340                                                 break;
2341                                 }
2342
2343                         } else if(!strncasecmp(c->argv[i], "attr", STRLENOF("attr"))) {
2344                                 int exclude = 0;
2345                                 char *arg = c->argv[i] + STRLENOF("attr");
2346                                 if(arg[0] == '!') {
2347                                         arg++;
2348                                         exclude = 1;
2349                                 }
2350                                 if(arg[0] != '=') {
2351                                         continue;
2352                                 }
2353                                 if(add_replica_attrs(c->be, nr, arg + 1, exclude)) {
2354                                         sprintf( c->msg, "<%s> unknown attribute", c->argv[0] );
2355                                         Debug(LDAP_DEBUG_ANY, "%s: %s \"%s\"\n",
2356                                                 c->log, c->msg, arg + 1);
2357                                         return(1);
2358                                 }
2359                         } else if ( bindconf_parse( c->argv[i],
2360                                         &c->be->be_replica[nr]->ri_bindconf ) ) {
2361                                 return(1);
2362                         }
2363                 }
2364         }
2365         return(0);
2366 }
2367
2368 static int
2369 config_updatedn(ConfigArgs *c) {
2370         if (c->op == SLAP_CONFIG_EMIT) {
2371                 if (!BER_BVISEMPTY(&c->be->be_update_ndn)) {
2372                         value_add_one(&c->rvalue_vals, &c->be->be_update_ndn);
2373                         value_add_one(&c->rvalue_nvals, &c->be->be_update_ndn);
2374                         return 0;
2375                 }
2376                 return 1;
2377         } else if ( c->op == LDAP_MOD_DELETE ) {
2378                 ch_free( c->be->be_update_ndn.bv_val );
2379                 BER_BVZERO( &c->be->be_update_ndn );
2380                 SLAP_DBFLAGS(c->be) ^= (SLAP_DBFLAG_SHADOW | SLAP_DBFLAG_SLURP_SHADOW);
2381                 return 0;
2382         }
2383         if(SLAP_SHADOW(c->be)) {
2384                 sprintf( c->msg, "<%s> database already shadowed", c->argv[0] );
2385                 Debug(LDAP_DEBUG_ANY, "%s: %s\n",
2386                         c->log, c->msg, 0);
2387                 return(1);
2388         }
2389
2390         ber_memfree_x( c->value_dn.bv_val, NULL );
2391         if ( !BER_BVISNULL( &c->be->be_update_ndn ) ) {
2392                 ber_memfree_x( c->be->be_update_ndn.bv_val, NULL );
2393         }
2394         c->be->be_update_ndn = c->value_ndn;
2395         BER_BVZERO( &c->value_dn );
2396         BER_BVZERO( &c->value_ndn );
2397
2398         SLAP_DBFLAGS(c->be) |= (SLAP_DBFLAG_SHADOW | SLAP_DBFLAG_SLURP_SHADOW);
2399         return(0);
2400 }
2401
2402 static int
2403 config_updateref(ConfigArgs *c) {
2404         struct berval val;
2405         if (c->op == SLAP_CONFIG_EMIT) {
2406                 if ( c->be->be_update_refs ) {
2407                         value_add( &c->rvalue_vals, c->be->be_update_refs );
2408                         return 0;
2409                 } else {
2410                         return 1;
2411                 }
2412         } else if ( c->op == LDAP_MOD_DELETE ) {
2413                 if ( c->valx < 0 ) {
2414                         ber_bvarray_free( c->be->be_update_refs );
2415                         c->be->be_update_refs = NULL;
2416                 } else {
2417                         int i = c->valx;
2418                         ch_free( c->be->be_update_refs[i].bv_val );
2419                         for (; c->be->be_update_refs[i].bv_val; i++)
2420                                 c->be->be_update_refs[i] = c->be->be_update_refs[i+1];
2421                 }
2422                 return 0;
2423         }
2424         if(!SLAP_SHADOW(c->be)) {
2425                 sprintf( c->msg, "<%s> must appear after syncrepl or updatedn",
2426                         c->argv[0] );
2427                 Debug(LDAP_DEBUG_ANY, "%s: %s\n",
2428                         c->log, c->msg, 0);
2429                 return(1);
2430         }
2431
2432         if(validate_global_referral(c->argv[1])) {
2433                 sprintf( c->msg, "<%s> invalid URL", c->argv[0] );
2434                 Debug(LDAP_DEBUG_ANY, "%s: %s (%s)\n",
2435                         c->log, c->msg, c->argv[1]);
2436                 return(1);
2437         }
2438         ber_str2bv(c->argv[1], 0, 0, &val);
2439         if(value_add_one(&c->be->be_update_refs, &val)) return(LDAP_OTHER);
2440         return(0);
2441 }
2442
2443 static int
2444 config_include(ConfigArgs *c) {
2445         int savelineno = c->lineno;
2446         int rc;
2447         ConfigFile *cf;
2448         ConfigFile *cfsave = cfn;
2449         ConfigFile *cf2 = NULL;
2450         if (c->op == SLAP_CONFIG_EMIT) {
2451                 if (c->private) {
2452                         ConfigFile *cf = c->private;
2453                         value_add_one( &c->rvalue_vals, &cf->c_file );
2454                         return 0;
2455                 }
2456                 return 1;
2457         } else if ( c->op == LDAP_MOD_DELETE ) {
2458         }
2459         cf = ch_calloc( 1, sizeof(ConfigFile));
2460         if ( cfn->c_kids ) {
2461                 for (cf2=cfn->c_kids; cf2 && cf2->c_sibs; cf2=cf2->c_sibs) ;
2462                 cf2->c_sibs = cf;
2463         } else {
2464                 cfn->c_kids = cf;
2465         }
2466         cfn = cf;
2467         ber_str2bv( c->argv[1], 0, 1, &cf->c_file );
2468         rc = read_config_file(c->argv[1], c->depth + 1, c, config_back_cf_table);
2469         c->lineno = savelineno - 1;
2470         cfn = cfsave;
2471         if ( rc ) {
2472                 if ( cf2 ) cf2->c_sibs = NULL;
2473                 else cfn->c_kids = NULL;
2474                 ch_free( cf->c_file.bv_val );
2475                 ch_free( cf );
2476         } else {
2477                 c->private = cf;
2478         }
2479         return(rc);
2480 }
2481
2482 #ifdef HAVE_TLS
2483 static int
2484 config_tls_option(ConfigArgs *c) {
2485         int flag;
2486         switch(c->type) {
2487         case CFG_TLS_RAND:      flag = LDAP_OPT_X_TLS_RANDOM_FILE;      break;
2488         case CFG_TLS_CIPHER:    flag = LDAP_OPT_X_TLS_CIPHER_SUITE;     break;
2489         case CFG_TLS_CERT_FILE: flag = LDAP_OPT_X_TLS_CERTFILE;         break;  
2490         case CFG_TLS_CERT_KEY:  flag = LDAP_OPT_X_TLS_KEYFILE;          break;
2491         case CFG_TLS_CA_PATH:   flag = LDAP_OPT_X_TLS_CACERTDIR;        break;
2492         case CFG_TLS_CA_FILE:   flag = LDAP_OPT_X_TLS_CACERTFILE;       break;
2493         case CFG_TLS_DH_DIR:    flag = LDAP_OPT_X_TLS_DHPARAMDIR;       break;
2494         default:                Debug(LDAP_DEBUG_ANY, "%s: "
2495                                         "unknown tls_option <0x%x>\n",
2496                                         c->log, c->type, 0);
2497         }
2498         if (c->op == SLAP_CONFIG_EMIT) {
2499                 return ldap_pvt_tls_get_option( NULL, flag, &c->value_string );
2500         } else if ( c->op == LDAP_MOD_DELETE ) {
2501                 return ldap_pvt_tls_set_option( NULL, flag, NULL );
2502         }
2503         ch_free(c->value_string);
2504         return(ldap_pvt_tls_set_option(NULL, flag, c->argv[1]));
2505 }
2506
2507 /* FIXME: this ought to be provided by libldap */
2508 static int
2509 config_tls_config(ConfigArgs *c) {
2510         int i, flag;
2511         slap_verbmasks crlkeys[] = {
2512                 { BER_BVC("none"),      LDAP_OPT_X_TLS_CRL_NONE },
2513                 { BER_BVC("peer"),      LDAP_OPT_X_TLS_CRL_PEER },
2514                 { BER_BVC("all"),       LDAP_OPT_X_TLS_CRL_ALL },
2515                 { BER_BVNULL, 0 }
2516         };
2517         slap_verbmasks vfykeys[] = {
2518                 { BER_BVC("never"),     LDAP_OPT_X_TLS_NEVER },
2519                 { BER_BVC("demand"),    LDAP_OPT_X_TLS_DEMAND },
2520                 { BER_BVC("try"),       LDAP_OPT_X_TLS_TRY },
2521                 { BER_BVC("hard"),      LDAP_OPT_X_TLS_HARD },
2522                 { BER_BVNULL, 0 }
2523         }, *keys;
2524         switch(c->type) {
2525         case CFG_TLS_CRLCHECK:  flag = LDAP_OPT_X_TLS_CRLCHECK;         keys = crlkeys; break;
2526         case CFG_TLS_VERIFY:    flag = LDAP_OPT_X_TLS_REQUIRE_CERT;     keys = vfykeys; break;
2527         default:
2528                 Debug(LDAP_DEBUG_ANY, "%s: "
2529                                 "unknown tls_option <0x%x>\n",
2530                                 c->log, c->type, 0);
2531         }
2532         if (c->op == SLAP_CONFIG_EMIT) {
2533                 ldap_pvt_tls_get_option( NULL, flag, &c->value_int );
2534                 for (i=0; !BER_BVISNULL(&keys[i].word); i++) {
2535                         if (keys[i].mask == c->value_int) {
2536                                 c->value_string = ch_strdup( keys[i].word.bv_val );
2537                                 return 0;
2538                         }
2539                 }
2540                 return 1;
2541         } else if ( c->op == LDAP_MOD_DELETE ) {
2542                 int i = 0;
2543                 return ldap_pvt_tls_set_option( NULL, flag, &i );
2544         }
2545         ch_free( c->value_string );
2546         if(isdigit((unsigned char)c->argv[1][0])) {
2547                 i = atoi(c->argv[1]);
2548                 return(ldap_pvt_tls_set_option(NULL, flag, &i));
2549         } else {
2550                 return(ldap_int_tls_config(NULL, flag, c->argv[1]));
2551         }
2552 }
2553 #endif
2554
2555 static CfEntryInfo *
2556 config_find_base( CfEntryInfo *root, struct berval *dn, CfEntryInfo **last )
2557 {
2558         struct berval cdn;
2559         char *c;
2560
2561         if ( !root ) {
2562                 *last = NULL;
2563                 return NULL;
2564         }
2565
2566         if ( dn_match( &root->ce_entry->e_nname, dn ))
2567                 return root;
2568
2569         c = dn->bv_val+dn->bv_len;
2570         for (;*c != ',';c--);
2571
2572         while(root) {
2573                 *last = root;
2574                 for (--c;c>dn->bv_val && *c != ',';c--);
2575                 cdn.bv_val = c;
2576                 if ( *c == ',' )
2577                         cdn.bv_val++;
2578                 cdn.bv_len = dn->bv_len - (cdn.bv_val - dn->bv_val);
2579
2580                 root = root->ce_kids;
2581
2582                 for (;root;root=root->ce_sibs) {
2583                         if ( dn_match( &root->ce_entry->e_nname, &cdn )) {
2584                                 if ( cdn.bv_val == dn->bv_val ) {
2585                                         return root;
2586                                 }
2587                                 break;
2588                         }
2589                 }
2590         }
2591         return root;
2592 }
2593
2594 typedef struct setup_cookie {
2595         CfBackInfo *cfb;
2596         ConfigArgs *ca;
2597 } setup_cookie;
2598
2599 static int
2600 config_ldif_resp( Operation *op, SlapReply *rs )
2601 {
2602         if ( rs->sr_type == REP_SEARCH ) {
2603                 setup_cookie *sc = op->o_callback->sc_private;
2604
2605                 sc->cfb->cb_got_ldif = 1;
2606                 rs->sr_err = config_add_internal( sc->cfb, rs->sr_entry, sc->ca, NULL, NULL );
2607                 if ( rs->sr_err != LDAP_SUCCESS ) {
2608                         Debug( LDAP_DEBUG_ANY, "config error processing %s: %s\n",
2609                                 rs->sr_entry->e_name.bv_val, sc->ca->msg, 0 );
2610                 }
2611         }
2612         return rs->sr_err;
2613 }
2614
2615 /* Configure and read the underlying back-ldif store */
2616 static int
2617 config_setup_ldif( BackendDB *be, const char *dir, int readit ) {
2618         CfBackInfo *cfb = be->be_private;
2619         ConfigArgs c = {0};
2620         ConfigTable *ct;
2621         char *argv[3];
2622         int rc = 0;
2623         setup_cookie sc;
2624         slap_callback cb = { NULL, config_ldif_resp, NULL, NULL };
2625         Connection conn = {0};
2626         char opbuf[OPERATION_BUFFER_SIZE];
2627         Operation *op;
2628         SlapReply rs = {REP_RESULT};
2629         Filter filter = { LDAP_FILTER_PRESENT };
2630         struct berval filterstr = BER_BVC("(objectclass=*)");
2631         struct stat st;
2632
2633         /* Is the config directory available? */
2634         if ( stat( dir, &st ) < 0 ) {
2635                 /* No, so don't bother using the backing store.
2636                  * All changes will be in-memory only.
2637                  */
2638                 return 0;
2639         }
2640                 
2641         cfb->cb_db.bd_info = backend_info( "ldif" );
2642         if ( !cfb->cb_db.bd_info )
2643                 return 0;       /* FIXME: eventually this will be a fatal error */
2644
2645         if ( cfb->cb_db.bd_info->bi_db_init( &cfb->cb_db )) return 1;
2646
2647         /* Mark that back-ldif type is in use */
2648         cfb->cb_db.bd_info->bi_nDB++;
2649
2650         cfb->cb_db.be_suffix = be->be_suffix;
2651         cfb->cb_db.be_nsuffix = be->be_nsuffix;
2652         cfb->cb_db.be_rootdn = be->be_rootdn;
2653         cfb->cb_db.be_rootndn = be->be_rootndn;
2654
2655         ber_str2bv( dir, 0, 1, &cfdir );
2656
2657         c.be = &cfb->cb_db;
2658         c.fname = "slapd";
2659         c.argc = 2;
2660         argv[0] = "directory";
2661         argv[1] = (char *)dir;
2662         argv[2] = NULL;
2663         c.argv = argv;
2664
2665         ct = config_find_keyword( c.be->be_cf_ocs->co_table, &c );
2666         if ( !ct )
2667                 return 1;
2668
2669         if ( config_add_vals( ct, &c ))
2670                 return 1;
2671
2672         if ( backend_startup_one( &cfb->cb_db ))
2673                 return 1;
2674
2675         if ( readit ) {
2676                 void *thrctx = ldap_pvt_thread_pool_context();
2677
2678                 op = (Operation *)opbuf;
2679                 connection_fake_init( &conn, op, thrctx );
2680
2681                 filter.f_desc = slap_schema.si_ad_objectClass;
2682
2683                 op->o_tag = LDAP_REQ_SEARCH;
2684
2685                 op->ors_filter = &filter;
2686                 op->ors_filterstr = filterstr;
2687                 op->ors_scope = LDAP_SCOPE_SUBTREE;
2688
2689                 op->o_dn = be->be_rootdn;
2690                 op->o_ndn = be->be_rootndn;
2691
2692                 op->o_req_dn = be->be_suffix[0];
2693                 op->o_req_ndn = be->be_nsuffix[0];
2694
2695                 op->ors_tlimit = SLAP_NO_LIMIT;
2696                 op->ors_slimit = SLAP_NO_LIMIT;
2697
2698                 op->ors_attrs = slap_anlist_all_attributes;
2699                 op->ors_attrsonly = 0;
2700
2701                 op->o_callback = &cb;
2702                 sc.cfb = cfb;
2703                 sc.ca = &c;
2704                 cb.sc_private = &sc;
2705
2706                 op->o_bd = &cfb->cb_db;
2707                 rc = op->o_bd->be_search( op, &rs );
2708
2709                 ldap_pvt_thread_pool_context_reset( thrctx );
2710         }
2711
2712         cfb->cb_use_ldif = 1;
2713
2714         return rc;
2715 }
2716
2717 static int
2718 CfOc_cmp( const void *c1, const void *c2 ) {
2719         const ConfigOCs *co1 = c1;
2720         const ConfigOCs *co2 = c2;
2721
2722         return ber_bvcmp( co1->co_name, co2->co_name );
2723 }
2724
2725 int
2726 config_register_schema(ConfigTable *ct, ConfigOCs *ocs) {
2727         int i;
2728
2729         i = init_config_attrs( ct );
2730         if ( i ) return i;
2731
2732         /* set up the objectclasses */
2733         i = init_config_ocs( ocs );
2734         if ( i ) return i;
2735
2736         for (i=0; ocs[i].co_def; i++) {
2737                 if ( ocs[i].co_oc ) {
2738                         ocs[i].co_name = &ocs[i].co_oc->soc_cname;
2739                         if ( !ocs[i].co_table )
2740                                 ocs[i].co_table = ct;
2741                         avl_insert( &CfOcTree, &ocs[i], CfOc_cmp, avl_dup_error );
2742                 }
2743         }
2744         return 0;
2745 }
2746
2747 int
2748 read_config(const char *fname, const char *dir) {
2749         BackendDB *be;
2750         CfBackInfo *cfb;
2751         const char *cfdir, *cfname;
2752         int rc;
2753
2754         /* Setup the config backend */
2755         be = backend_db_init( "config" );
2756         if ( !be )
2757                 return 1;
2758
2759         cfb = be->be_private;
2760
2761         /* If no .conf, or a dir was specified, setup the dir */
2762         if ( !fname || dir ) {
2763                 if ( dir ) {
2764                         /* If explicitly given, check for existence */
2765                         struct stat st;
2766
2767                         if ( stat( dir, &st ) < 0 ) {
2768                                 Debug( LDAP_DEBUG_ANY,
2769                                         "invalid config directory %s, error %d\n",
2770                                                 dir, errno, 0 );
2771                                 return 1;
2772                         }
2773                         cfdir = dir;
2774                 } else {
2775                         cfdir = SLAPD_DEFAULT_CONFIGDIR;
2776                 }
2777                 /* if fname is defaulted, try reading .d */
2778                 rc = config_setup_ldif( be, cfdir, !fname );
2779
2780                 /* It's OK if the base object doesn't exist yet */
2781                 if ( rc && rc != LDAP_NO_SUCH_OBJECT )
2782                         return 1;
2783
2784                 /* If we read the config from back-ldif, nothing to do here */
2785                 if ( cfb->cb_got_ldif ) {
2786                         rc = 0;
2787                         goto done;
2788                 }
2789         }
2790
2791         if ( fname )
2792                 cfname = fname;
2793         else
2794                 cfname = SLAPD_DEFAULT_CONFIGFILE;
2795
2796         rc = read_config_file(cfname, 0, NULL, config_back_cf_table);
2797
2798         if ( rc == 0 )
2799                 ber_str2bv( cfname, 0, 1, &cfb->cb_config->c_file );
2800
2801         /* If we got this far and failed, it may be a serious problem. In server
2802          * mode, we should never come to this. However, it may be alright if we're
2803          * using slapadd to create the conf dir.
2804          */
2805         while ( rc ) {
2806                 if ( slapMode & (SLAP_SERVER_MODE|SLAP_TOOL_READMAIN|SLAP_TOOL_READONLY))
2807                         break;
2808                 /* If a config file was explicitly given, fail */
2809                 if ( fname )
2810                         break;
2811                 
2812                 /* Seems to be slapadd with a config dir, let it continue */
2813                 if ( cfb->cb_use_ldif ) {
2814                         rc = 0;
2815                         cfb->cb_got_ldif = 1;
2816                 }
2817                 break;
2818         }
2819
2820 done:
2821         if ( rc == 0 && BER_BVISNULL( &frontendDB->be_schemadn ) ) {
2822                 ber_str2bv( SLAPD_SCHEMA_DN, STRLENOF( SLAPD_SCHEMA_DN ), 1,
2823                         &frontendDB->be_schemadn );
2824                 rc = dnNormalize( 0, NULL, NULL, &frontendDB->be_schemadn, &frontendDB->be_schemandn, NULL );
2825                 if ( rc != LDAP_SUCCESS ) {
2826                         Debug(LDAP_DEBUG_ANY, "read_config: "
2827                                 "unable to normalize default schema DN \"%s\"\n",
2828                                 frontendDB->be_schemadn.bv_val, 0, 0 );
2829                         /* must not happen */
2830                         assert( 0 );
2831                 }
2832         }
2833         return rc;
2834 }
2835
2836 static int
2837 config_back_bind( Operation *op, SlapReply *rs )
2838 {
2839         if ( op->orb_method == LDAP_AUTH_SIMPLE && be_isroot_pw( op )) {
2840                 ber_dupbv( &op->orb_edn, be_root_dn( op->o_bd ));
2841                 /* frontend sends result */
2842                 return LDAP_SUCCESS;
2843         }
2844
2845         rs->sr_err = LDAP_INVALID_CREDENTIALS;
2846         send_ldap_result( op, rs );
2847
2848         return rs->sr_err;
2849 }
2850
2851 static int
2852 config_send( Operation *op, SlapReply *rs, CfEntryInfo *ce, int depth )
2853 {
2854         int rc = 0;
2855
2856         if ( test_filter( op, ce->ce_entry, op->ors_filter ) == LDAP_COMPARE_TRUE )
2857         {
2858                 rs->sr_attrs = op->ors_attrs;
2859                 rs->sr_entry = ce->ce_entry;
2860                 rc = send_search_entry( op, rs );
2861         }
2862         if ( op->ors_scope == LDAP_SCOPE_SUBTREE ) {
2863                 if ( ce->ce_kids ) {
2864                         rc = config_send( op, rs, ce->ce_kids, 1 );
2865                         if ( rc ) return rc;
2866                 }
2867                 if ( depth ) {
2868                         for (ce=ce->ce_sibs; ce; ce=ce->ce_sibs) {
2869                                 rc = config_send( op, rs, ce, 0 );
2870                                 if ( rc ) break;
2871                         }
2872                 }
2873         }
2874         return rc;
2875 }
2876
2877 static ConfigTable *
2878 config_find_table( ConfigOCs **colst, int nocs, AttributeDescription *ad )
2879 {
2880         int i, j;
2881
2882         for (j=0; j<nocs; j++) {
2883                 for (i=0; colst[j]->co_table[i].name; i++)
2884                         if ( colst[j]->co_table[i].ad == ad )
2885                                 return &colst[j]->co_table[i];
2886         }
2887         return NULL;
2888 }
2889
2890 /* Sort the attributes of the entry according to the order defined
2891  * in the objectclass, with required attributes occurring before
2892  * allowed attributes. For any attributes with sequencing dependencies
2893  * (e.g., rootDN must be defined after suffix) the objectclass must
2894  * list the attributes in the desired sequence.
2895  */
2896 static void
2897 sort_attrs( Entry *e, ConfigOCs **colst, int nocs )
2898 {
2899         Attribute *a, *head = NULL, *tail = NULL, **prev;
2900         int i, j;
2901
2902         for (i=0; i<nocs; i++) {
2903                 if ( colst[i]->co_oc->soc_required ) {
2904                         AttributeType **at = colst[i]->co_oc->soc_required;
2905                         for (j=0; at[j]; j++) {
2906                                 for (a=e->e_attrs, prev=&e->e_attrs; a;
2907                                         prev = &(*prev)->a_next, a=a->a_next) {
2908                                         if ( a->a_desc == at[j]->sat_ad ) {
2909                                                 *prev = a->a_next;
2910                                                 if (!head) {
2911                                                         head = a;
2912                                                         tail = a;
2913                                                 } else {
2914                                                         tail->a_next = a;
2915                                                         tail = a;
2916                                                 }
2917                                                 break;
2918                                         }
2919                                 }
2920                         }
2921                 }
2922                 if ( colst[i]->co_oc->soc_allowed ) {
2923                         AttributeType **at = colst[i]->co_oc->soc_allowed;
2924                         for (j=0; at[j]; j++) {
2925                                 for (a=e->e_attrs, prev=&e->e_attrs; a;
2926                                         prev = &(*prev)->a_next, a=a->a_next) {
2927                                         if ( a->a_desc == at[j]->sat_ad ) {
2928                                                 *prev = a->a_next;
2929                                                 if (!head) {
2930                                                         head = a;
2931                                                         tail = a;
2932                                                 } else {
2933                                                         tail->a_next = a;
2934                                                         tail = a;
2935                                                 }
2936                                                 break;
2937                                         }
2938                                 }
2939                         }
2940                 }
2941         }
2942         if ( tail ) {
2943                 tail->a_next = e->e_attrs;
2944                 e->e_attrs = head;
2945         }
2946 }
2947
2948 static int
2949 check_vals( ConfigTable *ct, ConfigArgs *ca, void *ptr, int isAttr )
2950 {
2951         Attribute *a = NULL;
2952         AttributeDescription *ad;
2953         BerVarray vals;
2954
2955         int i, rc = 0, sort = 0;
2956
2957         if ( isAttr ) {
2958                 a = ptr;
2959                 ad = a->a_desc;
2960                 vals = a->a_vals;
2961         } else {
2962                 Modifications *ml = ptr;
2963                 ad = ml->sml_desc;
2964                 vals = ml->sml_values;
2965         }
2966
2967         if ( a && ( ad->ad_type->sat_flags & SLAP_AT_ORDERED_VAL )) {
2968                 sort = 1;
2969                 rc = ordered_value_sort( a, 1 );
2970                 if ( rc ) {
2971                         sprintf(ca->msg, "ordered_value_sort failed on attr %s\n",
2972                                 ad->ad_cname.bv_val );
2973                         return rc;
2974                 }
2975         }
2976         for ( i=0; vals[i].bv_val; i++ ) {
2977                 ca->line = vals[i].bv_val;
2978                 if ( sort ) {
2979                         char *idx = strchr( ca->line, '}' );
2980                         if ( idx ) ca->line = idx+1;
2981                 }
2982                 rc = config_parse_vals( ct, ca, i );
2983                 if ( rc ) {
2984                         break;
2985                 }
2986         }
2987         return rc;
2988 }
2989
2990 static int
2991 check_name_index( CfEntryInfo *parent, ConfigType ce_type, Entry *e,
2992         SlapReply *rs, int *renum )
2993 {
2994         CfEntryInfo *ce;
2995         int index = -1, gotindex = 0, nsibs;
2996         int renumber = 0, tailindex = 0;
2997         char *ptr1, *ptr2;
2998         struct berval rdn;
2999
3000         if ( renum ) *renum = 0;
3001
3002         /* These entries don't get indexed/renumbered */
3003         if ( ce_type == Cft_Global ) return 0;
3004         if ( ce_type == Cft_Schema && parent->ce_type == Cft_Global ) return 0;
3005
3006         if ( ce_type == Cft_Include || ce_type == Cft_Module )
3007                 tailindex = 1;
3008
3009         /* See if the rdn has an index already */
3010         dnRdn( &e->e_name, &rdn );
3011         ptr1 = strchr( e->e_name.bv_val, '{' );
3012         if ( ptr1 && ptr1 - e->e_name.bv_val < rdn.bv_len ) {
3013                 ptr2 = strchr( ptr1, '}' );
3014                 if (!ptr2 || ptr2 - e->e_name.bv_val > rdn.bv_len)
3015                         return LDAP_NAMING_VIOLATION;
3016                 if ( ptr2-ptr1 == 1)
3017                         return LDAP_NAMING_VIOLATION;
3018                 gotindex = 1;
3019                 index = atoi(ptr1+1);
3020                 if ( index < 0 ) {
3021                         /* Special case, we allow -1 for the frontendDB */
3022                         if ( index != -1 || ce_type != Cft_Database ||
3023                                 strncmp( ptr2+1, "frontend,", STRLENOF("frontend,") ))
3024
3025                                 return LDAP_NAMING_VIOLATION;
3026                 }
3027         }
3028
3029         /* count related kids */
3030         for (nsibs=0, ce=parent->ce_kids; ce; ce=ce->ce_sibs) {
3031                 if ( ce->ce_type == ce_type ) nsibs++;
3032         }
3033
3034         if ( index != nsibs ) {
3035                 if ( gotindex ) {
3036                         if ( index < nsibs ) {
3037                                 if ( tailindex ) return LDAP_NAMING_VIOLATION;
3038                                 /* Siblings need to be renumbered */
3039                                 renumber = 1;
3040                         }
3041                 }
3042                 if ( !renumber ) {
3043                         struct berval ival, newrdn, nnewrdn;
3044                         struct berval rtype, rval;
3045                         Attribute *a;
3046                         AttributeDescription *ad = NULL;
3047                         char ibuf[32];
3048                         const char *text;
3049
3050                         rval.bv_val = strchr(rdn.bv_val, '=' ) + 1;
3051                         rval.bv_len = rdn.bv_len - (rval.bv_val - rdn.bv_val);
3052                         rtype.bv_val = rdn.bv_val;
3053                         rtype.bv_len = rval.bv_val - rtype.bv_val - 1;
3054
3055                         /* Find attr */
3056                         slap_bv2ad( &rtype, &ad, &text );
3057                         a = attr_find( e->e_attrs, ad );
3058                         if (!a ) return LDAP_NAMING_VIOLATION;
3059
3060                         ival.bv_val = ibuf;
3061                         ival.bv_len = sprintf( ibuf, IFMT, nsibs );
3062                         
3063                         newrdn.bv_len = rdn.bv_len + ival.bv_len;
3064                         newrdn.bv_val = ch_malloc( newrdn.bv_len+1 );
3065
3066                         if ( tailindex ) {
3067                                 ptr1 = lutil_strncopy( newrdn.bv_val, rdn.bv_val, rdn.bv_len );
3068                                 ptr1 = lutil_strcopy( ptr1, ival.bv_val );
3069                         } else {
3070                                 int xlen;
3071                                 if ( !gotindex ) {
3072                                         ptr2 = rval.bv_val;
3073                                         xlen = rval.bv_len;
3074                                 } else {
3075                                         xlen = rdn.bv_len - (ptr2 - rdn.bv_val);
3076                                 }
3077                                 ptr1 = lutil_strncopy( newrdn.bv_val, rtype.bv_val,
3078                                         rtype.bv_len );
3079                                 *ptr1++ = '=';
3080                                 ptr1 = lutil_strcopy( ptr1, ival.bv_val );
3081                                 ptr1 = lutil_strncopy( ptr1, ptr2, xlen );
3082                                 *ptr1 = '\0';
3083                         }
3084
3085                         /* Do the equivalent of ModRDN */
3086                         /* Replace DN / NDN */
3087                         newrdn.bv_len = ptr1 - newrdn.bv_val;
3088                         rdnNormalize( 0, NULL, NULL, &newrdn, &nnewrdn, NULL );
3089                         free( e->e_name.bv_val );
3090                         build_new_dn( &e->e_name, &parent->ce_entry->e_name,
3091                                 &newrdn, NULL );
3092                         free( e->e_nname.bv_val );
3093                         build_new_dn( &e->e_nname, &parent->ce_entry->e_nname,
3094                                 &nnewrdn, NULL );
3095
3096                         /* Replace attr */
3097                         free( a->a_vals[0].bv_val );
3098                         ptr1 = strchr( newrdn.bv_val, '=' ) + 1;
3099                         a->a_vals[0].bv_len = newrdn.bv_len - (ptr1 - newrdn.bv_val);
3100                         a->a_vals[0].bv_val = ch_malloc( a->a_vals[0].bv_len + 1 );
3101                         strcpy( a->a_vals[0].bv_val, ptr1 );
3102
3103                         if ( a->a_nvals != a->a_vals ) {
3104                                 free( a->a_nvals[0].bv_val );
3105                                 ptr1 = strchr( nnewrdn.bv_val, '=' ) + 1;
3106                                 a->a_nvals[0].bv_len = nnewrdn.bv_len - (ptr1 - nnewrdn.bv_val);
3107                                 a->a_nvals[0].bv_val = ch_malloc( a->a_nvals[0].bv_len + 1 );
3108                                 strcpy( a->a_nvals[0].bv_val, ptr1 );
3109                         }
3110                         free( nnewrdn.bv_val );
3111                         free( newrdn.bv_val );
3112                 }
3113         }
3114         if ( renum ) *renum = renumber;
3115         return 0;
3116 }
3117
3118 static ConfigOCs **
3119 count_ocs( Attribute *oc_at, int *nocs )
3120 {
3121         int i, j, n;
3122         ConfigOCs co, *coptr, **colst;
3123
3124         /* count the objectclasses */
3125         for ( i=0; oc_at->a_nvals[i].bv_val; i++ );
3126         n = i;
3127         colst = (ConfigOCs **)ch_malloc( n * sizeof(ConfigOCs *));
3128
3129         for ( i=0, j=0; i<n; i++) {
3130                 co.co_name = &oc_at->a_nvals[i];
3131                 coptr = avl_find( CfOcTree, &co, CfOc_cmp );
3132                 
3133                 /* ignore non-config objectclasses. probably should be
3134                  * an error, general data doesn't belong here.
3135                  */
3136                 if ( !coptr ) continue;
3137
3138                 /* Ignore the root objectclass, it has no implementation.
3139                  */
3140                 if ( coptr->co_type == Cft_Abstract ) continue;
3141                 colst[j++] = coptr;
3142         }
3143         *nocs = j;
3144         return colst;
3145 }
3146
3147 static int
3148 cfAddInclude( CfEntryInfo *p, Entry *e, ConfigArgs *ca )
3149 {
3150         if ( p->ce_type != Cft_Global && p->ce_type != Cft_Include )
3151                 return LDAP_CONSTRAINT_VIOLATION;
3152
3153         /* If we're reading from a configdir, don't parse this entry */
3154         if ( ca->lineno )
3155                 return LDAP_COMPARE_TRUE;
3156
3157         cfn = p->ce_private;
3158         ca->private = cfn;
3159         return LDAP_SUCCESS;
3160 }
3161
3162 static int
3163 cfAddSchema( CfEntryInfo *p, Entry *e, ConfigArgs *ca )
3164 {
3165         ConfigFile *cfo;
3166
3167         /* This entry is hardcoded, don't re-parse it */
3168         if ( p->ce_type == Cft_Global ) {
3169                 cfn = p->ce_private;
3170                 ca->private = cfn;
3171                 return LDAP_COMPARE_TRUE;
3172         }
3173         if ( p->ce_type != Cft_Schema )
3174                 return LDAP_CONSTRAINT_VIOLATION;
3175
3176         cfn = ch_calloc( 1, sizeof(ConfigFile) );
3177         ca->private = cfn;
3178         cfo = p->ce_private;
3179         cfn->c_sibs = cfo->c_kids;
3180         cfo->c_kids = cfn;
3181         return LDAP_SUCCESS;
3182 }
3183
3184 static int
3185 cfAddDatabase( CfEntryInfo *p, Entry *e, struct config_args_s *ca )
3186 {
3187         if ( p->ce_type != Cft_Global )
3188                 return LDAP_CONSTRAINT_VIOLATION;
3189         ca->be = frontendDB;    /* just to get past check_vals */
3190         return LDAP_SUCCESS;
3191 }
3192
3193 static int
3194 cfAddBackend( CfEntryInfo *p, Entry *e, struct config_args_s *ca )
3195 {
3196         if ( p->ce_type != Cft_Global )
3197                 return LDAP_CONSTRAINT_VIOLATION;
3198         return LDAP_SUCCESS;
3199 }
3200
3201 static int
3202 cfAddModule( CfEntryInfo *p, Entry *e, struct config_args_s *ca )
3203 {
3204         if ( p->ce_type != Cft_Global )
3205                 return LDAP_CONSTRAINT_VIOLATION;
3206         return LDAP_SUCCESS;
3207 }
3208
3209 static int
3210 cfAddOverlay( CfEntryInfo *p, Entry *e, struct config_args_s *ca )
3211 {
3212         if ( p->ce_type != Cft_Database )
3213                 return LDAP_CONSTRAINT_VIOLATION;
3214         ca->be = p->ce_be;
3215         return LDAP_SUCCESS;
3216 }
3217
3218 /* Parse an LDAP entry into config directives */
3219 static int
3220 config_add_internal( CfBackInfo *cfb, Entry *e, ConfigArgs *ca, SlapReply *rs, int *renum )
3221 {
3222         CfEntryInfo *ce, *last;
3223         ConfigOCs **colst;
3224         Attribute *a, *oc_at;
3225         int i, nocs, rc = 0;
3226         struct berval pdn;
3227         ConfigTable *ct;
3228         char *ptr;
3229
3230         /* Make sure parent exists and entry does not */
3231         ce = config_find_base( cfb->cb_root, &e->e_nname, &last );
3232         if ( ce )
3233                 return LDAP_ALREADY_EXISTS;
3234
3235         dnParent( &e->e_nname, &pdn );
3236
3237         /* If last is NULL, the new entry is the root/suffix entry, 
3238          * otherwise last should be the parent.
3239          */
3240         if ( last && !dn_match( &last->ce_entry->e_nname, &pdn )) {
3241                 if ( rs )
3242                         rs->sr_matched = last->ce_entry->e_name.bv_val;
3243                 return LDAP_NO_SUCH_OBJECT;
3244         }
3245
3246         oc_at = attr_find( e->e_attrs, slap_schema.si_ad_objectClass );
3247         if ( !oc_at ) return LDAP_OBJECT_CLASS_VIOLATION;
3248
3249         memset( ca, 0, sizeof(ConfigArgs));
3250
3251         /* Fake the coordinates based on whether we're part of an
3252          * LDAP Add or if reading the config dir
3253          */
3254         if ( rs ) {
3255                 ca->fname = "slapd";
3256                 ca->lineno = 0;
3257         } else {
3258                 ca->fname = cfdir.bv_val;
3259                 ca->lineno = 1;
3260         }
3261
3262         colst = count_ocs( oc_at, &nocs );
3263
3264         /* Only the root can be Cft_Global, everything else must
3265          * have a parent. Only limited nesting arrangements are allowed.
3266          */
3267         rc = LDAP_CONSTRAINT_VIOLATION;
3268         if ( colst[0]->co_type == Cft_Global && !last ) {
3269                 cfn = cfb->cb_config;
3270                 ca->private = cfn;
3271                 ca->be = frontendDB;    /* just to get past check_vals */
3272                 rc = LDAP_SUCCESS;
3273         }
3274
3275         /* Check whether the Add is allowed by its parent, and do
3276          * any necessary arg setup
3277          */
3278         if ( last ) {
3279                 for ( i=0; i<nocs; i++ ) {
3280                         if ( colst[i]->co_ldadd &&
3281                                 ( rc = colst[i]->co_ldadd( last, e, ca ))
3282                                         != LDAP_CONSTRAINT_VIOLATION ) {
3283                                 break;
3284                         }
3285                 }
3286         }
3287
3288         /* Add the entry but don't parse it, we already have its contents */
3289         if ( rc == LDAP_COMPARE_TRUE ) {
3290                 rc = LDAP_SUCCESS;
3291                 goto ok;
3292         }
3293
3294         if ( rc != LDAP_SUCCESS )
3295                 goto done;
3296
3297         /* Parse all the values and check for simple syntax errors before
3298          * performing any set actions.
3299          *
3300          * If doing an LDAPadd, check for indexed names and any necessary
3301          * renaming/renumbering. Entries that don't need indexed names are
3302          * ignored. Entries that need an indexed name and arrive without one
3303          * are assigned to the end. Entries that arrive with an index may
3304          * cause the following entries to be renumbered/bumped down.
3305          *
3306          * Note that "pseudo-indexed" entries (cn=Include{xx}, cn=Module{xx})
3307          * don't allow Adding an entry with an index that's already in use.
3308          * This is flagged as an error (LDAP_ALREADY_EXISTS) up above.
3309          *
3310          * These entries can have auto-assigned indexes (appended to the end)
3311          * but only the other types support auto-renumbering of siblings.
3312          */
3313         rc = check_name_index( last, colst[0]->co_type, e, rs, renum );
3314         if ( rc )
3315                 goto done;
3316
3317         init_config_argv( ca );
3318
3319         /* Make sure we process attrs in the required order */
3320         sort_attrs( e, colst, nocs );
3321
3322         for ( a=e->e_attrs; a; a=a->a_next ) {
3323                 if ( a == oc_at ) continue;
3324                 ct = config_find_table( colst, nocs, a->a_desc );
3325                 if ( !ct ) continue;    /* user data? */
3326                 rc = check_vals( ct, ca, a, 1 );
3327                 if ( rc ) goto done;
3328         }
3329
3330         /* Basic syntax checks are OK. Do the actual settings. */
3331         for ( a=e->e_attrs; a; a=a->a_next ) {
3332                 if ( a == oc_at ) continue;
3333                 ct = config_find_table( colst, nocs, a->a_desc );
3334                 if ( !ct ) continue;    /* user data? */
3335                 for (i=0; a->a_vals[i].bv_val; i++) {
3336                         ca->line = a->a_vals[i].bv_val;
3337                         if ( a->a_desc->ad_type->sat_flags & SLAP_AT_ORDERED ) {
3338                                 ptr = strchr( ca->line, '}' );
3339                                 if ( ptr ) ca->line = ptr+1;
3340                         }
3341                         ca->valx = i;
3342                         rc = config_parse_add( ct, ca );
3343                         if ( rc ) {
3344                                 rc = LDAP_OTHER;
3345                                 goto done;
3346                         }
3347                 }
3348         }
3349 ok:
3350         /* Newly added databases and overlays need to be started up */
3351         if ( CONFIG_ONLINE_ADD( ca )) {
3352                 if ( colst[0]->co_type == Cft_Database ) {
3353                         rc = backend_startup_one( ca->be );
3354
3355                 } else if ( colst[0]->co_type == Cft_Overlay ) {
3356                         if ( ca->bi->bi_db_open ) {
3357                                 BackendInfo *bi_orig = ca->be->bd_info;
3358                                 ca->be->bd_info = ca->bi;
3359                                 rc = ca->bi->bi_db_open( ca->be );
3360                                 ca->be->bd_info = bi_orig;
3361                         }
3362                 }
3363                 if ( rc ) {
3364                         sprintf( ca->msg, "<%s> failed startup", ca->argv[0] );
3365                         Debug(LDAP_DEBUG_ANY, "%s: %s (%s)!\n",
3366                                 ca->log, ca->msg, ca->argv[1] );
3367                         rc = LDAP_OTHER;
3368                         goto done;
3369                 }
3370         }
3371
3372         ce = ch_calloc( 1, sizeof(CfEntryInfo) );
3373         ce->ce_parent = last;
3374         ce->ce_entry = entry_dup( e );
3375         ce->ce_entry->e_private = ce;
3376         ce->ce_type = colst[0]->co_type;
3377         ce->ce_be = ca->be;
3378         ce->ce_bi = ca->bi;
3379         ce->ce_private = ca->private;
3380         if ( !last ) {
3381                 cfb->cb_root = ce;
3382         } else if ( last->ce_kids ) {
3383                 CfEntryInfo *c2;
3384
3385                 for (c2=last->ce_kids; c2 && c2->ce_sibs; c2 = c2->ce_sibs);
3386
3387                 c2->ce_sibs = ce;
3388         } else {
3389                 last->ce_kids = ce;
3390         }
3391
3392 done:
3393         if ( rc ) {
3394                 if ( (colst[0]->co_type == Cft_Database) && ca->be ) {
3395                         if ( ca->be != frontendDB )
3396                                 backend_destroy_one( ca->be, 1 );
3397                 } else if ( (colst[0]->co_type == Cft_Overlay) && ca->bi ) {
3398                         overlay_destroy_one( ca->be, (slap_overinst *)ca->bi );
3399                 }
3400         }
3401
3402         ch_free( ca->argv );
3403         if ( colst ) ch_free( colst );
3404         return rc;
3405 }
3406
3407 /* Parse an LDAP entry into config directives, then store in underlying
3408  * database.
3409  */
3410 static int
3411 config_back_add( Operation *op, SlapReply *rs )
3412 {
3413         CfBackInfo *cfb;
3414         int renumber;
3415         ConfigArgs ca;
3416
3417         if ( !be_isroot( op ) ) {
3418                 rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
3419                 goto out;
3420         }
3421
3422         cfb = (CfBackInfo *)op->o_bd->be_private;
3423
3424         ldap_pvt_thread_pool_pause( &connection_pool );
3425
3426         /* Strategy:
3427          * 1) check for existence of entry
3428          * 2) check for sibling renumbering
3429          * 3) perform internal add
3430          * 4) store entry in underlying database
3431          * 5) perform any necessary renumbering
3432          */
3433         rs->sr_err = config_add_internal( cfb, op->ora_e, &ca, rs, &renumber );
3434         if ( rs->sr_err != LDAP_SUCCESS ) {
3435                 rs->sr_text = ca.msg;
3436         } else if ( cfb->cb_use_ldif ) {
3437                 BackendDB *be = op->o_bd;
3438                 slap_callback sc = { NULL, slap_null_cb, NULL, NULL };
3439                 op->o_bd = &cfb->cb_db;
3440                 sc.sc_next = op->o_callback;
3441                 op->o_callback = &sc;
3442                 op->o_bd->be_add( op, rs );
3443                 op->o_bd = be;
3444                 op->o_callback = sc.sc_next;
3445         }
3446         if ( renumber ) {
3447         }
3448
3449         ldap_pvt_thread_pool_resume( &connection_pool );
3450
3451 out:
3452         send_ldap_result( op, rs );
3453         return rs->sr_err;
3454 }
3455
3456 typedef struct delrec {
3457         struct delrec *next;
3458         int nidx;
3459         int idx[1];
3460 } delrec;
3461
3462 static int
3463 config_modify_internal( CfEntryInfo *ce, Operation *op, SlapReply *rs,
3464         ConfigArgs *ca )
3465 {
3466         int rc = LDAP_UNWILLING_TO_PERFORM;
3467         Modifications *ml;
3468         Entry *e = ce->ce_entry;
3469         Attribute *save_attrs = e->e_attrs, *oc_at;
3470         ConfigTable *ct;
3471         ConfigOCs **colst;
3472         int i, nocs;
3473         char *ptr;
3474         delrec *dels = NULL, *deltail = NULL;
3475
3476         oc_at = attr_find( e->e_attrs, slap_schema.si_ad_objectClass );
3477         if ( !oc_at ) return LDAP_OBJECT_CLASS_VIOLATION;
3478
3479         colst = count_ocs( oc_at, &nocs );
3480
3481         e->e_attrs = attrs_dup( e->e_attrs );
3482
3483         init_config_argv( ca );
3484         ca->be = ce->ce_be;
3485         ca->bi = ce->ce_bi;
3486         ca->private = ce->ce_private;
3487         ca->ca_entry = e;
3488         strcpy( ca->log, "back-config" );
3489
3490         for (ml = op->orm_modlist; ml; ml=ml->sml_next) {
3491                 ct = config_find_table( colst, nocs, ml->sml_desc );
3492                 switch (ml->sml_op) {
3493                 case LDAP_MOD_DELETE:
3494                 case LDAP_MOD_REPLACE: {
3495                         BerVarray vals = NULL, nvals;
3496                         int *idx = NULL;
3497                         if ( ct && ( ct->arg_type & ARG_NO_DELETE )) {
3498                                 rc = LDAP_OTHER;
3499                                 snprintf(ca->msg, sizeof(ca->msg), "cannot delete %s",
3500                                         ml->sml_desc->ad_cname.bv_val );
3501                                 goto out;
3502                         }
3503                         if ( ml->sml_op == LDAP_MOD_REPLACE ) {
3504                                 vals = ml->sml_values;
3505                                 nvals = ml->sml_nvalues;
3506                                 ml->sml_values = NULL;
3507                                 ml->sml_nvalues = NULL;
3508                         }
3509                         /* If we're deleting by values, remember the indexes of the
3510                          * values we deleted.
3511                          */
3512                         if ( ct && ml->sml_values ) {
3513                                 delrec *d;
3514                                 for (i=0; ml->sml_values[i].bv_val; i++);
3515                                 d = ch_malloc( sizeof(delrec) + (i - 1)* sizeof(int));
3516                                 d->nidx = i;
3517                                 d->next = NULL;
3518                                 if ( dels ) {
3519                                         deltail->next = d;
3520                                 } else {
3521                                         dels = d;
3522                                 }
3523                                 deltail = d;
3524                                 idx = d->idx;
3525                         }
3526                         rc = modify_delete_vindex(e, &ml->sml_mod,
3527                                 get_permissiveModify(op),
3528                                 &rs->sr_text, ca->msg, sizeof(ca->msg), idx );
3529                         if ( ml->sml_op == LDAP_MOD_REPLACE ) {
3530                                 ml->sml_values = vals;
3531                                 ml->sml_nvalues = nvals;
3532                         }
3533                         if ( !vals )
3534                                 break;
3535                         }
3536                         /* FALLTHRU: LDAP_MOD_REPLACE && vals */
3537
3538                 case LDAP_MOD_ADD:
3539                 case SLAP_MOD_SOFTADD: {
3540                         int mop = ml->sml_op;
3541                         int navals = -1;
3542                         ml->sml_op = LDAP_MOD_ADD;
3543                         if ( ct ) {
3544                                 if ( ct->arg_type & ARG_NO_INSERT ) {
3545                                         Attribute *a = attr_find( e->e_attrs, ml->sml_desc );
3546                                         if ( a ) {
3547                                                 for (i = 0; a->a_vals[i].bv_val; i++ );
3548                                                 navals = i;
3549                                         }
3550                                 }
3551                                 for ( i=0; !BER_BVISNULL( &ml->sml_values[i] ); i++ ) {
3552                                         if ( ml->sml_values[i].bv_val[0] == '{' &&
3553                                                 navals >= 0 ) {
3554                                                 int j = strtol( ml->sml_values[i].bv_val+1, NULL, 0 );
3555                                                 if ( j < navals ) {
3556                                                         rc = LDAP_OTHER;
3557                                                         snprintf(ca->msg, sizeof(ca->msg), "cannot insert %s",
3558                                                                 ml->sml_desc->ad_cname.bv_val );
3559                                                         goto out;
3560                                                 }
3561                                         }
3562                                         rc = check_vals( ct, ca, ml, 0 );
3563                                         if ( rc ) goto out;
3564                                 }
3565                         }
3566                         rc = modify_add_values(e, &ml->sml_mod,
3567                                    get_permissiveModify(op),
3568                                    &rs->sr_text, ca->msg, sizeof(ca->msg) );
3569
3570                         /* If value already exists, show success here
3571                          * and ignore this operation down below.
3572                          */
3573                         if ( mop == SLAP_MOD_SOFTADD ) {
3574                                 if ( rc == LDAP_TYPE_OR_VALUE_EXISTS )
3575                                         rc = LDAP_SUCCESS;
3576                                 else
3577                                         mop = LDAP_MOD_ADD;
3578                         }
3579                         ml->sml_op = mop;
3580                         break;
3581                         }
3582
3583                         break;
3584                 case LDAP_MOD_INCREMENT:        /* FIXME */
3585                         break;
3586                 default:
3587                         break;
3588                 }
3589                 if(rc != LDAP_SUCCESS) break;
3590         }
3591         
3592         if(rc == LDAP_SUCCESS) {
3593                 /* check that the entry still obeys the schema */
3594                 rc = entry_schema_check(op, e, NULL, 0,
3595                         &rs->sr_text, ca->msg, sizeof(ca->msg) );
3596         }
3597         if ( rc == LDAP_SUCCESS ) {
3598                 /* Basic syntax checks are OK. Do the actual settings. */
3599                 for ( ml = op->orm_modlist; ml; ml = ml->sml_next ) {
3600                         ct = config_find_table( colst, nocs, ml->sml_desc );
3601                         if ( !ct ) continue;
3602
3603                         switch (ml->sml_op) {
3604                         case LDAP_MOD_DELETE:
3605                         case LDAP_MOD_REPLACE: {
3606                                 BerVarray vals = NULL, nvals;
3607                                 Attribute *a;
3608                                 delrec *d;
3609
3610                                 a = attr_find( e->e_attrs, ml->sml_desc );
3611
3612                                 if ( ml->sml_op == LDAP_MOD_REPLACE ) {
3613                                         vals = ml->sml_values;
3614                                         nvals = ml->sml_nvalues;
3615                                         ml->sml_values = NULL;
3616                                         ml->sml_nvalues = NULL;
3617                                 }
3618
3619                                 if ( ml->sml_values )
3620                                         d = dels;
3621
3622                                 /* If we didn't delete the whole attribute */
3623                                 if ( ml->sml_values && a ) {
3624                                         struct berval *mvals;
3625                                         int j;
3626
3627                                         if ( ml->sml_nvalues )
3628                                                 mvals = ml->sml_nvalues;
3629                                         else
3630                                                 mvals = ml->sml_values;
3631
3632                                         /* use the indexes we saved up above */
3633                                         for (i=0; i < d->nidx; i++) {
3634                                                 struct berval bv = *mvals++;
3635                                                 if ( a->a_desc->ad_type->sat_flags & SLAP_AT_ORDERED &&
3636                                                         bv.bv_val[0] == '{' ) {
3637                                                         ptr = strchr( bv.bv_val, '}' ) + 1;
3638                                                         bv.bv_len -= ptr - bv.bv_val;
3639                                                         bv.bv_val = ptr;
3640                                                 }
3641                                                 ca->line = bv.bv_val;
3642                                                 ca->valx = d->idx[i];
3643                                                 rc = config_del_vals( ct, ca );
3644                                                 if ( rc != LDAP_SUCCESS ) break;
3645                                                 for (j=i+1; j < d->nidx; j++)
3646                                                         if ( d->idx[j] >d->idx[i] )
3647                                                                 d->idx[j]--;
3648                                         }
3649                                 } else {
3650                                         ca->valx = -1;
3651                                         ca->line = NULL;
3652                                         rc = config_del_vals( ct, ca );
3653                                         if ( rc ) rc = LDAP_OTHER;
3654                                 }
3655                                 if ( ml->sml_values ) {
3656                                         ch_free( dels );
3657                                         dels = d->next;
3658                                 }
3659                                 if ( ml->sml_op == LDAP_MOD_REPLACE ) {
3660                                         ml->sml_values = vals;
3661                                         ml->sml_nvalues = nvals;
3662                                 }
3663                                 if ( !vals || rc != LDAP_SUCCESS )
3664                                         break;
3665                                 }
3666                                 /* FALLTHRU: LDAP_MOD_REPLACE && vals */
3667
3668                         case LDAP_MOD_ADD:
3669                                 for (i=0; ml->sml_values[i].bv_val; i++) {
3670                                         ca->line = ml->sml_values[i].bv_val;
3671                                         ca->valx = -1;
3672                                         if ( ml->sml_desc->ad_type->sat_flags & SLAP_AT_ORDERED &&
3673                                                 ca->line[0] == '{' ) {
3674                                                 ptr = strchr( ca->line, '}' );
3675                                                 if ( ptr ) {
3676                                                         ca->valx = strtol( ca->line+1, NULL, 0 );
3677                                                         ca->line = ptr+1;
3678                                                 }
3679                                         }
3680                                         rc = config_parse_add( ct, ca );
3681                                         if ( rc ) {
3682                                                 rc = LDAP_OTHER;
3683                                                 goto out;
3684                                         }
3685                                 }
3686
3687                                 break;
3688                         }
3689                 }
3690         }
3691
3692 out:
3693         if ( ca->cleanup )
3694                 ca->cleanup( ca );
3695         if ( rc == LDAP_SUCCESS ) {
3696                 attrs_free( save_attrs );
3697         } else {
3698                 attrs_free( e->e_attrs );
3699                 e->e_attrs = save_attrs;
3700         }
3701         ch_free( ca->argv );
3702         if ( colst ) ch_free( colst );
3703
3704         return rc;
3705 }
3706
3707 static int
3708 config_back_modify( Operation *op, SlapReply *rs )
3709 {
3710         CfBackInfo *cfb;
3711         CfEntryInfo *ce, *last;
3712         Modifications *ml;
3713         ConfigArgs ca = {0};
3714         struct berval rdn;
3715         char *ptr;
3716         AttributeDescription *rad = NULL;
3717
3718         if ( !be_isroot( op ) ) {
3719                 rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
3720                 goto out;
3721         }
3722
3723         cfb = (CfBackInfo *)op->o_bd->be_private;
3724
3725         ce = config_find_base( cfb->cb_root, &op->o_req_ndn, &last );
3726         if ( !ce ) {
3727                 if ( last )
3728                         rs->sr_matched = last->ce_entry->e_name.bv_val;
3729                 rs->sr_err = LDAP_NO_SUCH_OBJECT;
3730                 goto out;
3731         }
3732
3733         /* Get type of RDN */
3734         rdn = ce->ce_entry->e_nname;
3735         ptr = strchr( rdn.bv_val, '=' );
3736         rdn.bv_len = ptr - rdn.bv_val;
3737         slap_bv2ad( &rdn, &rad, &rs->sr_text );
3738
3739         /* Some basic validation... */
3740         for ( ml = op->orm_modlist; ml; ml = ml->sml_next ) {
3741                 /* Don't allow Modify of RDN; must use ModRdn for that. */
3742                 if ( ml->sml_desc == rad ) {
3743                         rs->sr_err = LDAP_NOT_ALLOWED_ON_RDN;
3744                         rs->sr_text = "Use modrdn to change the entry name";
3745                         goto out;
3746                 }
3747         }
3748
3749         ldap_pvt_thread_pool_pause( &connection_pool );
3750
3751         /* Strategy:
3752          * 1) perform the Modify on the cached Entry.
3753          * 2) verify that the Entry still satisfies the schema.
3754          * 3) perform the individual config operations.
3755          * 4) store Modified entry in underlying LDIF backend.
3756          */
3757         rs->sr_err = config_modify_internal( ce, op, rs, &ca );
3758         if ( rs->sr_err ) {
3759                 rs->sr_text = ca.msg;
3760         } else if ( cfb->cb_use_ldif ) {
3761                 BackendDB *be = op->o_bd;
3762                 slap_callback sc = { NULL, slap_null_cb, NULL, NULL };
3763                 op->o_bd = &cfb->cb_db;
3764                 sc.sc_next = op->o_callback;
3765                 op->o_callback = &sc;
3766                 op->o_bd->be_modify( op, rs );
3767                 op->o_bd = be;
3768                 op->o_callback = sc.sc_next;
3769         }
3770
3771         ldap_pvt_thread_pool_resume( &connection_pool );
3772 out:
3773         send_ldap_result( op, rs );
3774         return rs->sr_err;
3775 }
3776
3777 static int
3778 config_back_modrdn( Operation *op, SlapReply *rs )
3779 {
3780         CfBackInfo *cfb;
3781         CfEntryInfo *ce, *last;
3782
3783         if ( !be_isroot( op ) ) {
3784                 rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
3785                 goto out;
3786         }
3787
3788         cfb = (CfBackInfo *)op->o_bd->be_private;
3789
3790         ce = config_find_base( cfb->cb_root, &op->o_req_ndn, &last );
3791         if ( !ce ) {
3792                 if ( last )
3793                         rs->sr_matched = last->ce_entry->e_name.bv_val;
3794                 rs->sr_err = LDAP_NO_SUCH_OBJECT;
3795                 goto out;
3796         }
3797
3798         /* We don't allow moving objects to new parents.
3799          * Generally we only allow reordering a set of ordered entries.
3800          */
3801         if ( op->orr_newSup ) {
3802                 rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
3803                 goto out;
3804         }
3805         ldap_pvt_thread_pool_pause( &connection_pool );
3806
3807         ldap_pvt_thread_pool_resume( &connection_pool );
3808 out:
3809         send_ldap_result( op, rs );
3810         return rs->sr_err;
3811 }
3812
3813 static int
3814 config_back_search( Operation *op, SlapReply *rs )
3815 {
3816         CfBackInfo *cfb;
3817         CfEntryInfo *ce, *last;
3818
3819         if ( !be_isroot( op ) ) {
3820                 rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
3821                 goto out;
3822         }
3823
3824         cfb = (CfBackInfo *)op->o_bd->be_private;
3825
3826         ce = config_find_base( cfb->cb_root, &op->o_req_ndn, &last );
3827         if ( !ce ) {
3828                 if ( last )
3829                         rs->sr_matched = last->ce_entry->e_name.bv_val;
3830                 rs->sr_err = LDAP_NO_SUCH_OBJECT;
3831                 goto out;
3832         }
3833         switch ( op->ors_scope ) {
3834         case LDAP_SCOPE_BASE:
3835         case LDAP_SCOPE_SUBTREE:
3836                 config_send( op, rs, ce, 0 );
3837                 break;
3838                 
3839         case LDAP_SCOPE_ONELEVEL:
3840                 for (ce = ce->ce_kids; ce; ce=ce->ce_sibs) {
3841                         config_send( op, rs, ce, 1 );
3842                 }
3843                 break;
3844         }
3845                 
3846         rs->sr_err = LDAP_SUCCESS;
3847 out:
3848         send_ldap_result( op, rs );
3849         return 0;
3850 }
3851
3852 static void
3853 config_build_attrs( Entry *e, AttributeType **at, AttributeDescription *ad,
3854         ConfigTable *ct, ConfigArgs *c )
3855 {
3856         int i, rc;
3857
3858         for (; at && *at; at++) {
3859                 /* Skip the naming attr */
3860                 if ((*at)->sat_ad == ad || (*at)->sat_ad == slap_schema.si_ad_cn )
3861                         continue;
3862                 for (i=0;ct[i].name;i++) {
3863                         if (ct[i].ad == (*at)->sat_ad) {
3864                                 rc = config_get_vals(&ct[i], c);
3865                                 if (rc == LDAP_SUCCESS) {
3866                                         if ( c->rvalue_nvals )
3867                                                 attr_merge(e, ct[i].ad, c->rvalue_vals,
3868                                                         c->rvalue_nvals);
3869                                         else
3870                                                 attr_merge_normalize(e, ct[i].ad,
3871                                                         c->rvalue_vals, NULL);
3872                                         ber_bvarray_free( c->rvalue_nvals );
3873                                         ber_bvarray_free( c->rvalue_vals );
3874                                 }
3875                                 break;
3876                         }
3877                 }
3878         }
3879 }
3880
3881 Entry *
3882 config_build_entry( Operation *op, SlapReply *rs, CfEntryInfo *parent,
3883         ConfigArgs *c, struct berval *rdn, ConfigOCs *main, ConfigOCs *extra )
3884 {
3885         Entry *e = ch_calloc( 1, sizeof(Entry) );
3886         CfEntryInfo *ce = ch_calloc( 1, sizeof(CfEntryInfo) );
3887         struct berval val;
3888         struct berval ad_name;
3889         AttributeDescription *ad = NULL;
3890         int rc;
3891         char *ptr;
3892         const char *text;
3893         Attribute *oc_at;
3894         struct berval pdn;
3895         ObjectClass *oc;
3896         CfEntryInfo *ceprev = NULL;
3897
3898         e->e_private = ce;
3899         ce->ce_entry = e;
3900         ce->ce_parent = parent;
3901         if ( parent ) {
3902                 pdn = parent->ce_entry->e_nname;
3903                 if ( parent->ce_kids )
3904                         for ( ceprev = parent->ce_kids; ceprev->ce_sibs;
3905                                 ceprev = ceprev->ce_sibs );
3906         } else {
3907                 BER_BVZERO( &pdn );
3908         }
3909
3910         ce->ce_type = main->co_type;
3911         ce->ce_private = c->private;
3912         ce->ce_be = c->be;
3913         ce->ce_bi = c->bi;
3914
3915         build_new_dn( &e->e_name, &pdn, rdn, NULL );
3916         ber_dupbv( &e->e_nname, &e->e_name );
3917
3918         attr_merge_normalize_one(e, slap_schema.si_ad_objectClass,
3919                 main->co_name, NULL );
3920         if ( extra )
3921                 attr_merge_normalize_one(e, slap_schema.si_ad_objectClass,
3922                         extra->co_name, NULL );
3923         ptr = strchr(rdn->bv_val, '=');
3924         ad_name.bv_val = rdn->bv_val;
3925         ad_name.bv_len = ptr - rdn->bv_val;
3926         rc = slap_bv2ad( &ad_name, &ad, &text );
3927         if ( rc ) {
3928                 return NULL;
3929         }
3930         val.bv_val = ptr+1;
3931         val.bv_len = rdn->bv_len - (val.bv_val - rdn->bv_val);
3932         attr_merge_normalize_one(e, ad, &val, NULL );
3933
3934         oc = main->co_oc;
3935         if ( oc->soc_required )
3936                 config_build_attrs( e, oc->soc_required, ad, main->co_table, c );
3937
3938         if ( oc->soc_allowed )
3939                 config_build_attrs( e, oc->soc_allowed, ad, main->co_table, c );
3940
3941         if ( extra ) {
3942                 oc = extra->co_oc;
3943                 if ( oc->soc_required )
3944                         config_build_attrs( e, oc->soc_required, ad, extra->co_table, c );
3945
3946                 if ( oc->soc_allowed )
3947                         config_build_attrs( e, oc->soc_allowed, ad, extra->co_table, c );
3948         }
3949
3950         oc_at = attr_find( e->e_attrs, slap_schema.si_ad_objectClass );
3951         rc = structural_class(oc_at->a_vals, &val, NULL, &text, c->msg,
3952                 sizeof(c->msg));
3953         attr_merge_normalize_one(e, slap_schema.si_ad_structuralObjectClass, &val, NULL );
3954         if ( op ) {
3955                 op->ora_e = e;
3956                 op->o_bd->be_add( op, rs );
3957         }
3958         if ( ceprev ) {
3959                 ceprev->ce_sibs = ce;
3960         } else if ( parent ) {
3961                 parent->ce_kids = ce;
3962         }
3963
3964         return e;
3965 }
3966
3967 static void
3968 config_build_schema_inc( ConfigArgs *c, CfEntryInfo *ceparent,
3969         Operation *op, SlapReply *rs )
3970 {
3971         Entry *e;
3972         ConfigFile *cf = c->private;
3973         char *ptr;
3974         struct berval bv;
3975
3976         for (; cf; cf=cf->c_sibs, c->depth++) {
3977                 c->value_dn.bv_val = c->log;
3978                 bv.bv_val = strrchr(cf->c_file.bv_val, LDAP_DIRSEP[0]);
3979                 if ( !bv.bv_val ) {
3980                         bv = cf->c_file;
3981                 } else {
3982                         bv.bv_val++;
3983                         bv.bv_len = cf->c_file.bv_len - (bv.bv_val - cf->c_file.bv_val);
3984                 }
3985                 ptr = strchr( bv.bv_val, '.' );
3986                 if ( ptr )
3987                         bv.bv_len = ptr - bv.bv_val;
3988                 c->value_dn.bv_len = sprintf(c->value_dn.bv_val, "cn=" IFMT, c->depth);
3989                 strncpy( c->value_dn.bv_val + c->value_dn.bv_len, bv.bv_val,
3990                         bv.bv_len );
3991                 c->value_dn.bv_len += bv.bv_len;
3992                 c->value_dn.bv_val[c->value_dn.bv_len] ='\0';
3993
3994                 c->private = cf;
3995                 e = config_build_entry( op, rs, ceparent, c, &c->value_dn,
3996                         &CFOC_SCHEMA, NULL );
3997                 if ( e && cf->c_kids ) {
3998                         c->private = cf->c_kids;
3999                         config_build_schema_inc( c, e->e_private, op, rs );
4000                 }
4001         }
4002 }
4003
4004 static void
4005 config_build_includes( ConfigArgs *c, CfEntryInfo *ceparent,
4006         Operation *op, SlapReply *rs )
4007 {
4008         Entry *e;
4009         int i;
4010         ConfigFile *cf = c->private;
4011
4012         for (i=0; cf; cf=cf->c_sibs, i++) {
4013                 c->value_dn.bv_val = c->log;
4014                 c->value_dn.bv_len = sprintf(c->value_dn.bv_val, "cn=include" IFMT, i);
4015                 c->private = cf;
4016                 e = config_build_entry( op, rs, ceparent, c, &c->value_dn,
4017                         &CFOC_INCLUDE, NULL );
4018                 if ( e && cf->c_kids ) {
4019                         c->private = cf->c_kids;
4020                         config_build_includes( c, e->e_private, op, rs );
4021                 }
4022         }
4023 }
4024
4025 #ifdef SLAPD_MODULES
4026
4027 static void
4028 config_build_modules( ConfigArgs *c, CfEntryInfo *ceparent,
4029         Operation *op, SlapReply *rs )
4030 {
4031         int i;
4032         ModPaths *mp;
4033
4034         for (i=0, mp=&modpaths; mp; mp=mp->mp_next, i++) {
4035                 if ( BER_BVISNULL( &mp->mp_path ) && !mp->mp_loads )
4036                         continue;
4037                 c->value_dn.bv_val = c->log;
4038                 c->value_dn.bv_len = sprintf(c->value_dn.bv_val, "cn=module" IFMT, i);
4039                 c->private = mp;
4040                 config_build_entry( op, rs, ceparent, c, &c->value_dn,
4041                         &CFOC_MODULE, NULL );
4042         }
4043 }
4044 #endif
4045
4046 static int
4047 config_back_db_open( BackendDB *be )
4048 {
4049         CfBackInfo *cfb = be->be_private;
4050         struct berval rdn;
4051         Entry *e, *parent;
4052         CfEntryInfo *ce, *ceparent;
4053         int i;
4054         BackendInfo *bi;
4055         ConfigArgs c;
4056         Connection conn = {0};
4057         char opbuf[OPERATION_BUFFER_SIZE];
4058         Operation *op;
4059         slap_callback cb = { NULL, slap_null_cb, NULL, NULL };
4060         SlapReply rs = {REP_RESULT};
4061         void *thrctx = NULL;
4062
4063         /* If we read the config from back-ldif, nothing to do here */
4064         if ( cfb->cb_got_ldif )
4065                 return 0;
4066
4067         if ( cfb->cb_use_ldif ) {
4068                 thrctx = ldap_pvt_thread_pool_context();
4069                 op = (Operation *)opbuf;
4070                 connection_fake_init( &conn, op, thrctx );
4071
4072                 op->o_dn = be->be_rootdn;
4073                 op->o_ndn = be->be_rootndn;
4074
4075                 op->o_tag = LDAP_REQ_ADD;
4076                 op->o_callback = &cb;
4077                 op->o_bd = &cfb->cb_db;
4078         } else {
4079                 op = NULL;
4080         }
4081
4082         /* create root of tree */
4083         rdn = config_rdn;
4084         c.private = cfb->cb_config;
4085         c.be = frontendDB;
4086         e = config_build_entry( op, &rs, NULL, &c, &rdn, &CFOC_GLOBAL, NULL );
4087         ce = e->e_private;
4088         cfb->cb_root = ce;
4089
4090         parent = e;
4091         ceparent = ce;
4092
4093         /* Create includeFile nodes */
4094         if ( cfb->cb_config->c_kids ) {
4095                 c.depth = 0;
4096                 c.private = cfb->cb_config->c_kids;
4097                 config_build_includes( &c, ceparent, op, &rs );
4098         }
4099
4100 #ifdef SLAPD_MODULES
4101         /* Create Module nodes... */
4102         if ( modpaths.mp_loads ) {
4103                 config_build_modules( &c, ceparent, op, &rs );
4104         }
4105 #endif
4106
4107         /* Create schema nodes... cn=schema will contain the hardcoded core
4108          * schema, read-only. Child objects will contain runtime loaded schema
4109          * files.
4110          */
4111         rdn = schema_rdn;
4112         c.private = NULL;
4113         e = config_build_entry( op, &rs, ceparent, &c, &rdn, &CFOC_SCHEMA, NULL );
4114         ce = e->e_private;
4115
4116         /* Create schema nodes for included schema... */
4117         if ( cfb->cb_config->c_kids ) {
4118                 c.depth = 0;
4119                 c.private = cfb->cb_config->c_kids;
4120                 config_build_schema_inc( &c, ce, op, &rs );
4121         }
4122
4123         /* Create backend nodes. Skip if they don't provide a cf_table.
4124          * There usually aren't any of these.
4125          */
4126         
4127         c.line = 0;
4128         LDAP_STAILQ_FOREACH( bi, &backendInfo, bi_next) {
4129                 if (!bi->bi_cf_ocs) continue;
4130                 if (!bi->bi_private) continue;
4131
4132                 rdn.bv_val = c.log;
4133                 rdn.bv_len = sprintf(rdn.bv_val, "%s=%s", cfAd_backend->ad_cname.bv_val, bi->bi_type);
4134                 c.bi = bi;
4135                 e = config_build_entry( op, &rs, ceparent, &c, &rdn, &CFOC_BACKEND,
4136                         bi->bi_cf_ocs );
4137         }
4138
4139         /* Create database nodes... */
4140         frontendDB->be_cf_ocs = &CFOC_FRONTEND;
4141         LDAP_STAILQ_NEXT(frontendDB, be_next) = LDAP_STAILQ_FIRST(&backendDB);
4142         for ( i = -1, be = frontendDB ; be;
4143                 i++, be = LDAP_STAILQ_NEXT( be, be_next )) {
4144                 slap_overinfo *oi = NULL;
4145
4146                 if ( overlay_is_over( be )) {
4147                         oi = be->bd_info->bi_private;
4148                         bi = oi->oi_orig;
4149                 } else {
4150                         bi = be->bd_info;
4151                 }
4152                 rdn.bv_val = c.log;
4153                 rdn.bv_len = sprintf(rdn.bv_val, "%s=" IFMT "%s", cfAd_database->ad_cname.bv_val,
4154                         i, bi->bi_type);
4155                 c.be = be;
4156                 c.bi = bi;
4157                 e = config_build_entry( op, &rs, ceparent, &c, &rdn, &CFOC_DATABASE,
4158                         be->be_cf_ocs );
4159                 ce = e->e_private;
4160                 if ( be->be_cf_ocs && be->be_cf_ocs->co_cfadd )
4161                         be->be_cf_ocs->co_cfadd( op, &rs, e, &c );
4162                 /* Iterate through overlays */
4163                 if ( oi ) {
4164                         slap_overinst *on;
4165                         Entry *oe;
4166                         int j;
4167
4168                         for (j=0,on=oi->oi_list; on; j++,on=on->on_next) {
4169                                 rdn.bv_val = c.log;
4170                                 rdn.bv_len = sprintf(rdn.bv_val, "%s=" IFMT "%s",
4171                                         cfAd_overlay->ad_cname.bv_val, j, on->on_bi.bi_type );
4172                                 c.be = be;
4173                                 c.bi = &on->on_bi;
4174                                 oe = config_build_entry( op, &rs, ce, &c, &rdn,
4175                                         &CFOC_OVERLAY, c.bi->bi_cf_ocs );
4176                                 if ( c.bi->bi_cf_ocs && c.bi->bi_cf_ocs->co_cfadd )
4177                                         c.bi->bi_cf_ocs->co_cfadd( op, &rs, oe, &c );
4178                         }
4179                 }
4180         }
4181         if ( thrctx )
4182                 ldap_pvt_thread_pool_context_reset( thrctx );
4183
4184         return 0;
4185 }
4186
4187 static void
4188 cfb_free_cffile( ConfigFile *cf )
4189 {
4190         ConfigFile *next;
4191
4192         for (; cf; cf=next) {
4193                 next = cf->c_sibs;
4194                 if ( cf->c_kids )
4195                         cfb_free_cffile( cf->c_kids );
4196                 ch_free( cf->c_file.bv_val );
4197                 ber_bvarray_free( cf->c_dseFiles );
4198                 ch_free( cf );
4199         }
4200 }
4201
4202 static void
4203 cfb_free_entries( CfEntryInfo *ce )
4204 {
4205         CfEntryInfo *next;
4206
4207         for (; ce; ce=next) {
4208                 next = ce->ce_sibs;
4209                 if ( ce->ce_kids )
4210                         cfb_free_entries( ce->ce_kids );
4211                 ce->ce_entry->e_private = NULL;
4212                 entry_free( ce->ce_entry );
4213                 ch_free( ce );
4214         }
4215 }
4216
4217 static int
4218 config_back_db_close( BackendDB *be )
4219 {
4220         CfBackInfo *cfb = be->be_private;
4221
4222         cfb_free_entries( cfb->cb_root );
4223         cfb->cb_root = NULL;
4224
4225         if ( cfb->cb_db.bd_info ) {
4226                 backend_shutdown( &cfb->cb_db );
4227         }
4228
4229         return 0;
4230 }
4231
4232 static int
4233 config_back_db_destroy( BackendDB *be )
4234 {
4235         CfBackInfo *cfb = be->be_private;
4236
4237         cfb_free_cffile( cfb->cb_config );
4238
4239         ch_free( cfdir.bv_val );
4240
4241         avl_free( CfOcTree, NULL );
4242
4243         if ( cfb->cb_db.bd_info ) {
4244                 cfb->cb_db.be_suffix = NULL;
4245                 cfb->cb_db.be_nsuffix = NULL;
4246                 BER_BVZERO( &cfb->cb_db.be_rootdn );
4247                 BER_BVZERO( &cfb->cb_db.be_rootndn );
4248
4249                 backend_destroy_one( &cfb->cb_db, 0 );
4250         }
4251
4252         free( be->be_private );
4253
4254         loglevel_destroy();
4255
4256         return 0;
4257 }
4258
4259 static int
4260 config_back_db_init( BackendDB *be )
4261 {
4262         struct berval dn;
4263         CfBackInfo *cfb;
4264
4265         cfb = ch_calloc( 1, sizeof(CfBackInfo));
4266         cfb->cb_config = ch_calloc( 1, sizeof(ConfigFile));
4267         cfn = cfb->cb_config;
4268         be->be_private = cfb;
4269
4270         ber_dupbv( &be->be_rootdn, &config_rdn );
4271         ber_dupbv( &be->be_rootndn, &be->be_rootdn );
4272         ber_dupbv( &dn, &be->be_rootdn );
4273         ber_bvarray_add( &be->be_suffix, &dn );
4274         ber_dupbv( &dn, &be->be_rootdn );
4275         ber_bvarray_add( &be->be_nsuffix, &dn );
4276
4277         /* Hide from namingContexts */
4278         SLAP_BFLAGS(be) |= SLAP_BFLAG_CONFIG;
4279
4280         return 0;
4281 }
4282
4283 static int
4284 config_back_destroy( BackendInfo *bi )
4285 {
4286         ldif_must_b64_encode_release();
4287         return 0;
4288 }
4289
4290 static int
4291 config_tool_entry_open( BackendDB *be, int mode )
4292 {
4293         CfBackInfo *cfb = be->be_private;
4294         BackendInfo *bi = cfb->cb_db.bd_info;
4295
4296         if ( bi && bi->bi_tool_entry_open )
4297                 return bi->bi_tool_entry_open( &cfb->cb_db, mode );
4298         else
4299                 return -1;
4300         
4301 }
4302
4303 static int
4304 config_tool_entry_close( BackendDB *be )
4305 {
4306         CfBackInfo *cfb = be->be_private;
4307         BackendInfo *bi = cfb->cb_db.bd_info;
4308
4309         if ( bi && bi->bi_tool_entry_close )
4310                 return bi->bi_tool_entry_close( &cfb->cb_db );
4311         else
4312                 return -1;
4313 }
4314
4315 static ID
4316 config_tool_entry_first( BackendDB *be )
4317 {
4318         CfBackInfo *cfb = be->be_private;
4319         BackendInfo *bi = cfb->cb_db.bd_info;
4320
4321         if ( bi && bi->bi_tool_entry_first )
4322                 return bi->bi_tool_entry_first( &cfb->cb_db );
4323         else
4324                 return NOID;
4325 }
4326
4327 static ID
4328 config_tool_entry_next( BackendDB *be )
4329 {
4330         CfBackInfo *cfb = be->be_private;
4331         BackendInfo *bi = cfb->cb_db.bd_info;
4332
4333         if ( bi && bi->bi_tool_entry_next )
4334                 return bi->bi_tool_entry_next( &cfb->cb_db );
4335         else
4336                 return NOID;
4337 }
4338
4339 static Entry *
4340 config_tool_entry_get( BackendDB *be, ID id )
4341 {
4342         CfBackInfo *cfb = be->be_private;
4343         BackendInfo *bi = cfb->cb_db.bd_info;
4344
4345         if ( bi && bi->bi_tool_entry_get )
4346                 return bi->bi_tool_entry_get( &cfb->cb_db, id );
4347         else
4348                 return NULL;
4349 }
4350
4351 static ID
4352 config_tool_entry_put( BackendDB *be, Entry *e, struct berval *text )
4353 {
4354         CfBackInfo *cfb = be->be_private;
4355         BackendInfo *bi = cfb->cb_db.bd_info;
4356         ConfigArgs ca;
4357
4358         if ( bi && bi->bi_tool_entry_put &&
4359                 config_add_internal( cfb, e, &ca, NULL, NULL ) == 0 )
4360                 return bi->bi_tool_entry_put( &cfb->cb_db, e, text );
4361         else
4362                 return NOID;
4363 }
4364
4365 static struct {
4366         char *name;
4367         AttributeDescription **desc;
4368 } ads[] = {
4369         { "backend", &cfAd_backend },
4370         { "database", &cfAd_database },
4371         { "include", &cfAd_include },
4372         { "overlay", &cfAd_overlay },
4373         { NULL, NULL }
4374 };
4375
4376 /* Notes:
4377  *   add / delete: all types that may be added or deleted must use an
4378  * X-ORDERED attributeType for their RDN. Adding and deleting entries
4379  * should automatically renumber the index of any siblings as needed,
4380  * so that no gaps in the numbering sequence exist after the add/delete
4381  * is completed.
4382  *   What can be added:
4383  *     schema objects
4384  *     backend objects for backend-specific config directives
4385  *     database objects
4386  *     overlay objects
4387  *
4388  *   delete: probably no support this time around.
4389  *
4390  *   modrdn: generally not done. Will be invoked automatically by add/
4391  * delete to update numbering sequence. Perform as an explicit operation
4392  * so that the renumbering effect may be replicated. Subtree rename must
4393  * be supported, since renumbering a database will affect all its child
4394  * overlays.
4395  *
4396  *  modify: must be fully supported. 
4397  */
4398
4399 int
4400 config_back_initialize( BackendInfo *bi )
4401 {
4402         ConfigTable             *ct = config_back_cf_table;
4403         char                    *argv[4];
4404         int                     i;
4405         AttributeDescription    *ad = NULL;
4406         const char              *text;
4407         static char             *controls[] = {
4408                 LDAP_CONTROL_MANAGEDSAIT,
4409                 NULL
4410         };
4411
4412         bi->bi_controls = controls;
4413
4414         bi->bi_open = 0;
4415         bi->bi_close = 0;
4416         bi->bi_config = 0;
4417         bi->bi_destroy = config_back_destroy;
4418
4419         bi->bi_db_init = config_back_db_init;
4420         bi->bi_db_config = 0;
4421         bi->bi_db_open = config_back_db_open;
4422         bi->bi_db_close = config_back_db_close;
4423         bi->bi_db_destroy = config_back_db_destroy;
4424
4425         bi->bi_op_bind = config_back_bind;
4426         bi->bi_op_unbind = 0;
4427         bi->bi_op_search = config_back_search;
4428         bi->bi_op_compare = 0;
4429         bi->bi_op_modify = config_back_modify;
4430         bi->bi_op_modrdn = config_back_modrdn;
4431         bi->bi_op_add = config_back_add;
4432         bi->bi_op_delete = 0;
4433         bi->bi_op_abandon = 0;
4434
4435         bi->bi_extended = 0;
4436
4437         bi->bi_chk_referrals = 0;
4438
4439 #ifdef SLAP_OVERLAY_ACCESS
4440         bi->bi_access_allowed = slap_access_always_allowed;
4441 #endif /* SLAP_OVERLAY_ACCESS */
4442
4443         bi->bi_connection_init = 0;
4444         bi->bi_connection_destroy = 0;
4445
4446         bi->bi_tool_entry_open = config_tool_entry_open;
4447         bi->bi_tool_entry_close = config_tool_entry_close;
4448         bi->bi_tool_entry_first = config_tool_entry_first;
4449         bi->bi_tool_entry_next = config_tool_entry_next;
4450         bi->bi_tool_entry_get = config_tool_entry_get;
4451         bi->bi_tool_entry_put = config_tool_entry_put;
4452
4453         /* Make sure we don't exceed the bits reserved for userland */
4454         assert( ( ( CFG_LAST - 1 ) & ARGS_USERLAND ) == ( CFG_LAST - 1 ) );
4455
4456         argv[3] = NULL;
4457         for (i=0; OidMacros[i].name; i++ ) {
4458                 argv[1] = OidMacros[i].name;
4459                 argv[2] = OidMacros[i].oid;
4460                 parse_oidm( "slapd", i, 3, argv, 0, NULL );
4461         }
4462
4463         bi->bi_cf_ocs = cf_ocs;
4464
4465         i = config_register_schema( ct, cf_ocs );
4466         if ( i ) return i;
4467
4468         /* setup olcRootPW to be base64-encoded when written in LDIF form;
4469          * basically, we don't care if it fails */
4470         i = slap_str2ad( "olcRootPW", &ad, &text );
4471         if ( i ) {
4472                 Debug( LDAP_DEBUG_ANY, "config_back_initialize: "
4473                         "warning, unable to get \"olcRootPW\" "
4474                         "attribute description: %d: %s\n",
4475                         i, text, 0 );
4476         } else {
4477                 (void)ldif_must_b64_encode_register( ad->ad_cname.bv_val,
4478                         ad->ad_type->sat_oid );
4479         }
4480
4481         /* set up the notable AttributeDescriptions */
4482         i = 0;
4483         for (;ct->name;ct++) {
4484                 if (strcmp(ct->name, ads[i].name)) continue;
4485                 *ads[i].desc = ct->ad;
4486                 i++;
4487                 if (!ads[i].name) break;
4488         }
4489
4490         return 0;
4491 }
4492