1 /* config.c - configuration file handling routines */
4 * Copyright 1998-2003 The OpenLDAP Foundation, All Rights Reserved.
5 * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
12 #include <ac/string.h>
14 #include <ac/signal.h>
15 #include <ac/socket.h>
28 * defaults for various global variables
30 struct slap_limits_set deflimit = {
31 SLAPD_DEFAULT_TIMELIMIT, /* backward compatible limits */
34 SLAPD_DEFAULT_SIZELIMIT, /* backward compatible limits */
36 -1, /* no limit on unchecked size */
38 0 /* hide number of entries left */
41 AccessControl *global_acl = NULL;
42 slap_access_t global_default_access = ACL_READ;
43 slap_mask_t global_restrictops = 0;
44 slap_mask_t global_allows = 0;
45 slap_mask_t global_disallows = 0;
46 slap_mask_t global_requires = 0;
47 slap_ssf_set_t global_ssf_set;
49 int global_gentlehup = 0;
50 int global_idletimeout = 0;
51 char *global_host = NULL;
52 char *global_realm = NULL;
53 char *ldap_srvtab = "";
54 char *default_passwd_hash = NULL;
55 int cargc = 0, cargv_size = 0;
57 struct berval default_search_base = { 0, NULL };
58 struct berval default_search_nbase = { 0, NULL };
59 unsigned num_subordinates = 0;
60 struct berval global_schemadn = { 0, NULL };
61 struct berval global_schemandn = { 0, NULL };
63 ber_len_t sockbuf_max_incoming = SLAP_SB_MAX_INCOMING_DEFAULT;
64 ber_len_t sockbuf_max_incoming_auth= SLAP_SB_MAX_INCOMING_AUTH;
66 char *slapd_pid_file = NULL;
67 char *slapd_args_file = NULL;
69 char *strtok_quote_ptr;
71 int use_reverse_lookup = 0;
73 static char *fp_getline(FILE *fp, int *lineno);
74 static void fp_getline_init(int *lineno);
75 static int fp_parse_line(int lineno, char *line);
77 static char *strtok_quote(char *line, char *sep);
78 static int load_ucdata(char *path);
81 read_config( const char *fname, int depth )
84 char *line, *savefname, *saveline;
88 struct berval vals[2];
90 static int lastmod = 1;
91 static BackendInfo *bi = NULL;
92 static BackendDB *be = NULL;
94 vals[1].bv_val = NULL;
97 cargv = ch_calloc( ARGS_STEP + 1, sizeof(*cargv) );
98 cargv_size = ARGS_STEP + 1;
101 if ( (fp = fopen( fname, "r" )) == NULL ) {
104 LDAP_LOG( CONFIG, ENTRY,
105 "read_config: " "could not open config file \"%s\": %s (%d)\n",
106 fname, strerror(errno), errno );
108 Debug( LDAP_DEBUG_ANY,
109 "could not open config file \"%s\": %s (%d)\n",
110 fname, strerror(errno), errno );
116 LDAP_LOG( CONFIG, ENTRY,
117 "read_config: reading config file %s\n", fname, 0, 0 );
119 Debug( LDAP_DEBUG_CONFIG, "reading config file %s\n", fname, 0, 0 );
123 fp_getline_init( &lineno );
125 while ( (line = fp_getline( fp, &lineno )) != NULL ) {
126 /* skip comments and blank lines */
127 if ( line[0] == '#' || line[0] == '\0' ) {
131 /* fp_parse_line is destructive, we save a copy */
132 saveline = ch_strdup( line );
134 if ( fp_parse_line( lineno, line ) != 0 ) {
140 LDAP_LOG( CONFIG, INFO,
141 "%s: line %d: bad config line (ignored)\n", fname, lineno, 0 );
143 Debug( LDAP_DEBUG_ANY,
144 "%s: line %d: bad config line (ignored)\n",
151 if ( strcasecmp( cargv[0], "backend" ) == 0 ) {
154 LDAP_LOG( CONFIG, CRIT,
155 "%s : line %d: missing type in \"backend\" line.\n",
158 Debug( LDAP_DEBUG_ANY,
159 "%s: line %d: missing type in \"backend <type>\" line\n",
168 LDAP_LOG( CONFIG, CRIT,
169 "%s: line %d: backend line must appear before any "
170 "database definition.\n", fname, lineno , 0 );
172 Debug( LDAP_DEBUG_ANY,
173 "%s: line %d: backend line must appear before any database definition\n",
180 bi = backend_info( cargv[1] );
184 LDAP_LOG( CONFIG, CRIT,
185 "read_config: backend %s initialization failed.\n",
188 Debug( LDAP_DEBUG_ANY,
189 "backend %s initialization failed.\n",
195 } else if ( strcasecmp( cargv[0], "database" ) == 0 ) {
198 LDAP_LOG( CONFIG, CRIT,
199 "%s: line %d: missing type in \"database <type>\" line\n",
202 Debug( LDAP_DEBUG_ANY,
203 "%s: line %d: missing type in \"database <type>\" line\n",
211 be = backend_db_init( cargv[1] );
215 LDAP_LOG( CONFIG, CRIT,
216 "database %s initialization failed.\n", cargv[1], 0, 0 );
218 Debug( LDAP_DEBUG_ANY,
219 "database %s initialization failed.\n",
226 /* set thread concurrency */
227 } else if ( strcasecmp( cargv[0], "concurrency" ) == 0 ) {
231 LDAP_LOG( CONFIG, CRIT,
232 "%s: line %d: missing level in \"concurrency <level\" "
233 " line\n", fname, lineno, 0 );
235 Debug( LDAP_DEBUG_ANY,
236 "%s: line %d: missing level in \"concurrency <level>\" line\n",
243 c = atoi( cargv[1] );
247 LDAP_LOG( CONFIG, CRIT,
248 "%s: line %d: invalid level (%d) in "
249 "\"concurrency <level>\" line.\n", fname, lineno, c );
251 Debug( LDAP_DEBUG_ANY,
252 "%s: line %d: invalid level (%d) in \"concurrency <level>\" line\n",
259 ldap_pvt_thread_set_concurrency( c );
261 /* set sockbuf max */
262 } else if ( strcasecmp( cargv[0], "sockbuf_max_incoming" ) == 0 ) {
266 LDAP_LOG( CONFIG, CRIT,
267 "%s: line %d: missing max in \"sockbuf_max_incoming "
268 "<bytes>\" line\n", fname, lineno, 0 );
270 Debug( LDAP_DEBUG_ANY,
271 "%s: line %d: missing max in \"sockbuf_max_incoming <bytes>\" line\n",
278 max = atol( cargv[1] );
282 LDAP_LOG( CONFIG, CRIT,
283 "%s: line %d: invalid max value (%ld) in "
284 "\"sockbuf_max_incoming <bytes>\" line.\n",
285 fname, lineno, max );
287 Debug( LDAP_DEBUG_ANY,
288 "%s: line %d: invalid max value (%ld) in "
289 "\"sockbuf_max_incoming <bytes>\" line.\n",
290 fname, lineno, max );
296 sockbuf_max_incoming = max;
298 /* set sockbuf max authenticated */
299 } else if ( strcasecmp( cargv[0], "sockbuf_max_incoming_auth" ) == 0 ) {
303 LDAP_LOG( CONFIG, CRIT,
304 "%s: line %d: missing max in \"sockbuf_max_incoming_auth "
305 "<bytes>\" line\n", fname, lineno, 0 );
307 Debug( LDAP_DEBUG_ANY,
308 "%s: line %d: missing max in \"sockbuf_max_incoming_auth <bytes>\" line\n",
315 max = atol( cargv[1] );
319 LDAP_LOG( CONFIG, CRIT,
320 "%s: line %d: invalid max value (%ld) in "
321 "\"sockbuf_max_incoming_auth <bytes>\" line.\n",
322 fname, lineno, max );
324 Debug( LDAP_DEBUG_ANY,
325 "%s: line %d: invalid max value (%ld) in "
326 "\"sockbuf_max_incoming_auth <bytes>\" line.\n",
327 fname, lineno, max );
333 sockbuf_max_incoming_auth = max;
335 /* default search base */
336 } else if ( strcasecmp( cargv[0], "defaultSearchBase" ) == 0 ) {
339 LDAP_LOG( CONFIG, CRIT,
340 "%s: line %d: missing dn in \"defaultSearchBase <dn\" "
341 "line\n", fname, lineno, 0 );
343 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
344 "missing dn in \"defaultSearchBase <dn>\" line\n",
350 } else if ( cargc > 2 ) {
352 LDAP_LOG( CONFIG, INFO,
353 "%s: line %d: extra cruft after <dn> in "
354 "\"defaultSearchBase %s\" line (ignored)\n",
355 fname, lineno, cargv[1] );
357 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
358 "extra cruft after <dn> in \"defaultSearchBase %s\", "
360 fname, lineno, cargv[1] );
364 if ( bi != NULL || be != NULL ) {
366 LDAP_LOG( CONFIG, CRIT,
367 "%s: line %d: defaultSearchBase line must appear "
368 "prior to any backend or database definitions\n",
371 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
372 "defaultSearchBaase line must appear prior to "
373 "any backend or database definition\n",
380 if ( default_search_nbase.bv_len ) {
382 LDAP_LOG( CONFIG, INFO, "%s: line %d: "
383 "default search base \"%s\" already defined "
384 "(discarding old)\n", fname, lineno,
385 default_search_base.bv_val );
387 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
388 "default search base \"%s\" already defined "
389 "(discarding old)\n",
390 fname, lineno, default_search_base.bv_val );
393 free( default_search_base.bv_val );
394 free( default_search_nbase.bv_val );
397 if ( load_ucdata( NULL ) < 0 ) return 1;
402 dn.bv_val = cargv[1];
403 dn.bv_len = strlen( dn.bv_val );
405 rc = dnPrettyNormal( NULL, &dn,
406 &default_search_base,
407 &default_search_nbase );
409 if( rc != LDAP_SUCCESS ) {
411 LDAP_LOG( CONFIG, CRIT,
412 "%s: line %d: defaultSearchBase DN is invalid.\n",
415 Debug( LDAP_DEBUG_ANY,
416 "%s: line %d: defaultSearchBase DN is invalid\n",
423 /* set maximum threads in thread pool */
424 } else if ( strcasecmp( cargv[0], "threads" ) == 0 ) {
428 LDAP_LOG( CONFIG, CRIT,
429 "%s: line %d: missing count in \"threads <count>\" line\n",
432 Debug( LDAP_DEBUG_ANY,
433 "%s: line %d: missing count in \"threads <count>\" line\n",
440 c = atoi( cargv[1] );
444 LDAP_LOG( CONFIG, CRIT,
445 "%s: line %d: invalid level (%d) in \"threads <count>\""
446 "line\n", fname, lineno, c );
448 Debug( LDAP_DEBUG_ANY,
449 "%s: line %d: invalid level (%d) in \"threads <count>\" line\n",
456 ldap_pvt_thread_pool_maxthreads( &connection_pool, c );
458 /* save for later use */
459 connection_pool_max = c;
461 /* get pid file name */
462 } else if ( strcasecmp( cargv[0], "pidfile" ) == 0 ) {
465 LDAP_LOG( CONFIG, CRIT,
466 "%s: line %d missing file name in \"pidfile <file>\" "
467 "line.\n", fname, lineno, 0 );
469 Debug( LDAP_DEBUG_ANY,
470 "%s: line %d: missing file name in \"pidfile <file>\" line\n",
477 slapd_pid_file = ch_strdup( cargv[1] );
479 /* get args file name */
480 } else if ( strcasecmp( cargv[0], "argsfile" ) == 0 ) {
483 LDAP_LOG( CONFIG, CRIT,
484 "%s: %d: missing file name in "
485 "\"argsfile <file>\" line.\n",
488 Debug( LDAP_DEBUG_ANY,
489 "%s: line %d: missing file name in \"argsfile <file>\" line\n",
496 slapd_args_file = ch_strdup( cargv[1] );
498 /* default password hash */
499 } else if ( strcasecmp( cargv[0], "password-hash" ) == 0 ) {
502 LDAP_LOG( CONFIG, CRIT,
503 "%s: line %d: missing hash in "
504 "\"password-hash <hash>\" line.\n",
507 Debug( LDAP_DEBUG_ANY,
508 "%s: line %d: missing hash in \"password-hash <hash>\" line\n",
514 if ( default_passwd_hash != NULL ) {
516 LDAP_LOG( CONFIG, CRIT,
517 "%s: line %d: already set default password_hash!\n",
520 Debug( LDAP_DEBUG_ANY,
521 "%s: line %d: already set default password_hash!\n",
529 if ( lutil_passwd_scheme( cargv[1] ) == 0 ) {
531 LDAP_LOG( CONFIG, CRIT,
532 "%s: line %d: password scheme \"%s\" not available\n",
533 fname, lineno, cargv[1] );
535 Debug( LDAP_DEBUG_ANY,
536 "%s: line %d: password scheme \"%s\" not available\n",
537 fname, lineno, cargv[1] );
542 default_passwd_hash = ch_strdup( cargv[1] );
544 } else if ( strcasecmp( cargv[0], "password-crypt-salt-format" ) == 0 )
548 LDAP_LOG( CONFIG, CRIT,
549 "%s: line %d: missing format in "
550 "\"password-crypt-salt-format <format>\" line\n",
553 Debug( LDAP_DEBUG_ANY, "%s: line %d: missing format in "
554 "\"password-crypt-salt-format <format>\" line\n",
561 lutil_salt_format( cargv[1] );
563 /* SASL config options */
564 } else if ( strncasecmp( cargv[0], "sasl", 4 ) == 0 ) {
565 if ( slap_sasl_config( cargc, cargv, line, fname, lineno ) )
568 } else if ( strcasecmp( cargv[0], "schemadn" ) == 0 ) {
572 LDAP_LOG( CONFIG, CRIT,
573 "%s: line %d: missing dn in "
574 "\"schemadn <dn>\" line.\n", fname, lineno, 0 );
576 Debug( LDAP_DEBUG_ANY,
577 "%s: line %d: missing dn in \"schemadn <dn>\" line\n",
582 ber_str2bv( cargv[1], 0, 0, &dn );
584 rc = dnPrettyNormal( NULL, &dn, &be->be_schemadn,
587 rc = dnPrettyNormal( NULL, &dn, &global_schemadn,
590 if ( rc != LDAP_SUCCESS ) {
592 LDAP_LOG( CONFIG, CRIT,
593 "%s: line %d: schemadn DN is invalid.\n",
596 Debug( LDAP_DEBUG_ANY,
597 "%s: line %d: schemadn DN is invalid\n",
603 /* set UCDATA path */
604 } else if ( strcasecmp( cargv[0], "ucdata-path" ) == 0 ) {
608 LDAP_LOG( CONFIG, CRIT,
609 "%s: line %d: missing path in "
610 "\"ucdata-path <path>\" line.\n", fname, lineno, 0 );
612 Debug( LDAP_DEBUG_ANY,
613 "%s: line %d: missing path in \"ucdata-path <path>\" line\n",
620 err = load_ucdata( cargv[1] );
624 LDAP_LOG( CONFIG, CRIT,
625 "%s: line %d: ucdata already loaded, ucdata-path "
626 "must be set earlier in the file and/or be "
627 "specified only once!\n", fname, lineno, 0 );
629 Debug( LDAP_DEBUG_ANY,
630 "%s: line %d: ucdata already loaded, ucdata-path must be set earlier in the file and/or be specified only once!\n",
639 } else if ( strcasecmp( cargv[0], "sizelimit" ) == 0 ) {
641 struct slap_limits_set *lim;
645 LDAP_LOG( CONFIG, CRIT,
646 "%s: line %d: missing limit in \"sizelimit <limit>\" "
647 "line.\n", fname, lineno, 0 );
649 Debug( LDAP_DEBUG_ANY,
650 "%s: line %d: missing limit in \"sizelimit <limit>\" line\n",
660 lim = &be->be_def_limit;
663 for ( i = 1; i < cargc; i++ ) {
664 if ( strncasecmp( cargv[i], "size", 4 ) == 0 ) {
665 rc = parse_limit( cargv[i], lim );
668 LDAP_LOG( CONFIG, CRIT,
669 "%s: line %d: unable "
670 "to parse value \"%s\" in \"sizelimit "
671 "<limit>\" line.\n", fname, lineno, cargv[i] );
673 Debug( LDAP_DEBUG_ANY,
674 "%s: line %d: unable "
675 "to parse value \"%s\" "
678 fname, lineno, cargv[i] );
684 if ( strcasecmp( cargv[i], "unlimited" ) == 0 ) {
685 lim->lms_s_soft = -1;
689 lim->lms_s_soft = strtol( cargv[i] , &next, 0 );
690 if ( next == cargv[i] ) {
692 LDAP_LOG( CONFIG, CRIT,
693 "%s: line %d: unable to parse limit \"%s\" in \"sizelimit <limit>\" "
694 "line.\n", fname, lineno, cargv[i] );
696 Debug( LDAP_DEBUG_ANY,
697 "%s: line %d: unable to parse limit \"%s\" in \"sizelimit <limit>\" line\n",
698 fname, lineno, cargv[i] );
702 } else if ( next[0] != '\0' ) {
704 LDAP_LOG( CONFIG, CRIT,
705 "%s: line %d: trailing chars \"%s\" in \"sizelimit <limit>\" "
706 "line ignored.\n", fname, lineno, next );
708 Debug( LDAP_DEBUG_ANY,
709 "%s: line %d: trailing chars \"%s\" in \"sizelimit <limit>\" line ignored\n",
710 fname, lineno, next );
719 } else if ( strcasecmp( cargv[0], "timelimit" ) == 0 ) {
721 struct slap_limits_set *lim;
725 LDAP_LOG( CONFIG, CRIT,
726 "%s: line %d missing limit in \"timelimit <limit>\" "
727 "line.\n", fname, lineno, 0 );
729 Debug( LDAP_DEBUG_ANY,
730 "%s: line %d: missing limit in \"timelimit <limit>\" line\n",
740 lim = &be->be_def_limit;
743 for ( i = 1; i < cargc; i++ ) {
744 if ( strncasecmp( cargv[i], "time", 4 ) == 0 ) {
745 rc = parse_limit( cargv[i], lim );
748 LDAP_LOG( CONFIG, CRIT,
749 "%s: line %d: unable to parse value \"%s\" "
750 "in \"timelimit <limit>\" line.\n",
751 fname, lineno, cargv[i] );
753 Debug( LDAP_DEBUG_ANY,
754 "%s: line %d: unable "
755 "to parse value \"%s\" "
758 fname, lineno, cargv[i] );
764 if ( strcasecmp( cargv[i], "unlimited" ) == 0 ) {
765 lim->lms_t_soft = -1;
769 lim->lms_t_soft = strtol( cargv[i] , &next, 0 );
770 if ( next == cargv[i] ) {
772 LDAP_LOG( CONFIG, CRIT,
773 "%s: line %d: unable to parse limit \"%s\" in \"timelimit <limit>\" "
774 "line.\n", fname, lineno, cargv[i] );
776 Debug( LDAP_DEBUG_ANY,
777 "%s: line %d: unable to parse limit \"%s\" in \"timelimit <limit>\" line\n",
778 fname, lineno, cargv[i] );
782 } else if ( next[0] != '\0' ) {
784 LDAP_LOG( CONFIG, CRIT,
785 "%s: line %d: trailing chars \"%s\" in \"timelimit <limit>\" "
786 "line ignored.\n", fname, lineno, next );
788 Debug( LDAP_DEBUG_ANY,
789 "%s: line %d: trailing chars \"%s\" in \"timelimit <limit>\" line ignored\n",
790 fname, lineno, next );
798 /* set regex-based limits */
799 } else if ( strcasecmp( cargv[0], "limits" ) == 0 ) {
802 LDAP_LOG( CONFIG, WARNING,
803 "%s: line %d \"limits\" allowed only in database "
804 "environment.\n", fname, lineno, 0 );
806 Debug( LDAP_DEBUG_ANY,
807 "%s: line %d \"limits\" allowed only in database environment.\n%s",
813 if ( parse_limits( be, fname, lineno, cargc, cargv ) ) {
817 /* mark this as a subordinate database */
818 } else if ( strcasecmp( cargv[0], "subordinate" ) == 0 ) {
821 LDAP_LOG( CONFIG, INFO, "%s: line %d: "
822 "subordinate keyword must appear inside a database "
823 "definition.\n", fname, lineno, 0 );
825 Debug( LDAP_DEBUG_ANY, "%s: line %d: suffix line "
826 "must appear inside a database definition.\n",
832 be->be_flags |= SLAP_BFLAG_GLUE_SUBORDINATE;
836 /* set database suffix */
837 } else if ( strcasecmp( cargv[0], "suffix" ) == 0 ) {
839 struct berval dn, pdn, ndn;
843 LDAP_LOG( CONFIG, CRIT,
844 "%s: line %d: missing dn in \"suffix <dn>\" line.\n",
847 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
848 "missing dn in \"suffix <dn>\" line\n",
854 } else if ( cargc > 2 ) {
856 LDAP_LOG( CONFIG, INFO,
857 "%s: line %d: extra cruft after <dn> in \"suffix %s\""
858 " line (ignored).\n", fname, lineno, cargv[1] );
860 Debug( LDAP_DEBUG_ANY, "%s: line %d: extra cruft "
861 "after <dn> in \"suffix %s\" line (ignored)\n",
862 fname, lineno, cargv[1] );
868 LDAP_LOG( CONFIG, INFO,
869 "%s: line %d: suffix line must appear inside a database "
870 "definition.\n", fname, lineno, 0 );
872 Debug( LDAP_DEBUG_ANY, "%s: line %d: suffix line "
873 "must appear inside a database definition\n",
878 #if defined(SLAPD_MONITOR_DN)
879 /* "cn=Monitor" is reserved for monitoring slap */
880 } else if ( strcasecmp( cargv[1], SLAPD_MONITOR_DN ) == 0 ) {
882 LDAP_LOG( CONFIG, CRIT, "%s: line %d: \""
883 SLAPD_MONITOR_DN "\" is reserved for monitoring slapd\n",
886 Debug( LDAP_DEBUG_ANY, "%s: line %d: \""
887 SLAPD_MONITOR_DN "\" is reserved for monitoring slapd\n",
891 #endif /* SLAPD_MONITOR_DN */
894 if ( load_ucdata( NULL ) < 0 ) return 1;
896 dn.bv_val = cargv[1];
897 dn.bv_len = strlen( cargv[1] );
899 rc = dnPrettyNormal( NULL, &dn, &pdn, &ndn );
900 if( rc != LDAP_SUCCESS ) {
902 LDAP_LOG( CONFIG, CRIT,
903 "%s: line %d: suffix DN is invalid.\n",
906 Debug( LDAP_DEBUG_ANY,
907 "%s: line %d: suffix DN is invalid\n",
913 tmp_be = select_backend( &ndn, 0, 0 );
914 if ( tmp_be == be ) {
916 LDAP_LOG( CONFIG, INFO,
917 "%s: line %d: suffix already served by this backend "
918 "(ignored)\n", fname, lineno, 0 );
920 Debug( LDAP_DEBUG_ANY, "%s: line %d: suffix "
921 "already served by this backend (ignored)\n",
927 } else if ( tmp_be != NULL ) {
929 LDAP_LOG( CONFIG, INFO,
930 "%s: line %d: suffix already served by a preceding "
931 "backend \"%s\"\n", fname, lineno,
932 tmp_be->be_suffix[0].bv_val );
934 Debug( LDAP_DEBUG_ANY, "%s: line %d: suffix "
935 "already served by a preceeding backend \"%s\"\n",
936 fname, lineno, tmp_be->be_suffix[0].bv_val );
942 } else if( pdn.bv_len == 0 && default_search_nbase.bv_len ) {
944 LDAP_LOG( CONFIG, INFO,
945 "%s: line %d: suffix DN empty and default search "
946 "base provided \"%s\" (assuming okay).\n",
947 fname, lineno, default_search_base.bv_val );
949 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
950 "suffix DN empty and default "
951 "search base provided \"%s\" (assuming okay)\n",
952 fname, lineno, default_search_base.bv_val );
956 ber_bvarray_add( &be->be_suffix, &pdn );
957 ber_bvarray_add( &be->be_nsuffix, &ndn );
959 /* set max deref depth */
960 } else if ( strcasecmp( cargv[0], "maxDerefDepth" ) == 0 ) {
964 LDAP_LOG( CONFIG, CRIT,
965 "%s: line %d: missing depth in \"maxDerefDepth <depth>\""
966 " line\n", fname, lineno, 0 );
968 Debug( LDAP_DEBUG_ANY,
969 "%s: line %d: missing depth in \"maxDerefDepth <depth>\" line\n",
977 LDAP_LOG( CONFIG, INFO,
978 "%s: line %d: depth line must appear inside a database "
979 "definition.\n", fname, lineno ,0 );
981 Debug( LDAP_DEBUG_ANY,
982 "%s: line %d: depth line must appear inside a database definition.\n",
987 } else if ((i = atoi(cargv[1])) < 0) {
989 LDAP_LOG( CONFIG, INFO,
990 "%s: line %d: depth must be positive.\n",
993 Debug( LDAP_DEBUG_ANY,
994 "%s: line %d: depth must be positive.\n",
1001 be->be_max_deref_depth = i;
1005 /* set magic "root" dn for this database */
1006 } else if ( strcasecmp( cargv[0], "rootdn" ) == 0 ) {
1009 LDAP_LOG( CONFIG, INFO,
1010 "%s: line %d: missing dn in \"rootdn <dn>\" line.\n",
1013 Debug( LDAP_DEBUG_ANY,
1014 "%s: line %d: missing dn in \"rootdn <dn>\" line\n",
1023 LDAP_LOG( CONFIG, INFO,
1024 "%s: line %d: rootdn line must appear inside a database "
1025 "definition.\n", fname, lineno ,0 );
1027 Debug( LDAP_DEBUG_ANY,
1028 "%s: line %d: rootdn line must appear inside a database definition.\n",
1036 if ( load_ucdata( NULL ) < 0 ) return 1;
1038 dn.bv_val = cargv[1];
1039 dn.bv_len = strlen( cargv[1] );
1041 rc = dnPrettyNormal( NULL, &dn,
1045 if( rc != LDAP_SUCCESS ) {
1047 LDAP_LOG( CONFIG, CRIT,
1048 "%s: line %d: rootdn DN is invalid.\n",
1051 Debug( LDAP_DEBUG_ANY,
1052 "%s: line %d: rootdn DN is invalid\n",
1059 /* set super-secret magic database password */
1060 } else if ( strcasecmp( cargv[0], "rootpw" ) == 0 ) {
1063 LDAP_LOG( CONFIG, CRIT,
1064 "%s: line %d: missing passwd in \"rootpw <passwd>\""
1065 " line\n", fname, lineno ,0 );
1067 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
1068 "missing passwd in \"rootpw <passwd>\" line\n",
1077 LDAP_LOG( CONFIG, INFO, "%s: line %d: "
1078 "rootpw line must appear inside a database "
1079 "definition.\n", fname, lineno ,0 );
1081 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
1082 "rootpw line must appear inside a database "
1089 Backend *tmp_be = select_backend( &be->be_rootndn, 0, 0 );
1091 if( tmp_be != be ) {
1093 LDAP_LOG( CONFIG, INFO,
1095 "rootpw can only be set when rootdn is under suffix\n",
1096 fname, lineno, "" );
1098 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
1099 "rootpw can only be set when rootdn is under suffix\n",
1105 be->be_rootpw.bv_val = ch_strdup( cargv[1] );
1106 be->be_rootpw.bv_len = strlen( be->be_rootpw.bv_val );
1109 /* make this database read-only */
1110 } else if ( strcasecmp( cargv[0], "readonly" ) == 0 ) {
1113 LDAP_LOG( CONFIG, CRIT,
1114 "%s: line %d: missing on|off in \"readonly <on|off>\" "
1115 "line.\n", fname, lineno ,0 );
1117 Debug( LDAP_DEBUG_ANY,
1118 "%s: line %d: missing on|off in \"readonly <on|off>\" line\n",
1125 if ( strcasecmp( cargv[1], "on" ) == 0 ) {
1126 global_restrictops |= SLAP_RESTRICT_OP_WRITES;
1128 global_restrictops &= ~SLAP_RESTRICT_OP_WRITES;
1131 if ( strcasecmp( cargv[1], "on" ) == 0 ) {
1132 be->be_restrictops |= SLAP_RESTRICT_OP_WRITES;
1134 be->be_restrictops &= ~SLAP_RESTRICT_OP_WRITES;
1139 /* allow these features */
1140 } else if ( strcasecmp( cargv[0], "allows" ) == 0 ||
1141 strcasecmp( cargv[0], "allow" ) == 0 )
1147 LDAP_LOG( CONFIG, INFO,
1148 "%s: line %d: allow line must appear prior to "
1149 "database definitions.\n", fname, lineno ,0 );
1151 Debug( LDAP_DEBUG_ANY,
1152 "%s: line %d: allow line must appear prior to database definitions\n",
1160 LDAP_LOG( CONFIG, CRIT,
1161 "%s: line %d: missing feature(s) in \"allow <features>\""
1162 " line\n", fname, lineno ,0 );
1164 Debug( LDAP_DEBUG_ANY,
1165 "%s: line %d: missing feature(s) in \"allow <features>\" line\n",
1174 for( i=1; i < cargc; i++ ) {
1175 if( strcasecmp( cargv[i], "bind_v2" ) == 0 ) {
1176 allows |= SLAP_ALLOW_BIND_V2;
1178 } else if( strcasecmp( cargv[i], "bind_anon_cred" ) == 0 ) {
1179 allows |= SLAP_ALLOW_BIND_ANON_CRED;
1181 } else if( strcasecmp( cargv[i], "bind_anon_dn" ) == 0 ) {
1182 allows |= SLAP_ALLOW_BIND_ANON_DN;
1184 } else if( strcasecmp( cargv[i], "update_anon" ) == 0 ) {
1185 allows |= SLAP_ALLOW_UPDATE_ANON;
1187 } else if( strcasecmp( cargv[i], "none" ) != 0 ) {
1189 LDAP_LOG( CONFIG, CRIT, "%s: line %d: "
1190 "unknown feature %s in \"allow <features>\" line.\n",
1191 fname, lineno, cargv[1] );
1193 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
1194 "unknown feature %s in \"allow <features>\" line\n",
1195 fname, lineno, cargv[i] );
1202 global_allows = allows;
1204 /* disallow these features */
1205 } else if ( strcasecmp( cargv[0], "disallows" ) == 0 ||
1206 strcasecmp( cargv[0], "disallow" ) == 0 )
1208 slap_mask_t disallows;
1212 LDAP_LOG( CONFIG, INFO,
1213 "%s: line %d: disallow line must appear prior to "
1214 "database definitions.\n", fname, lineno ,0 );
1216 Debug( LDAP_DEBUG_ANY,
1217 "%s: line %d: disallow line must appear prior to database definitions\n",
1225 LDAP_LOG( CONFIG, CRIT,
1226 "%s: line %d: missing feature(s) in \"disallow <features>\""
1227 " line.\n", fname, lineno ,0 );
1229 Debug( LDAP_DEBUG_ANY,
1230 "%s: line %d: missing feature(s) in \"disallow <features>\" line\n",
1239 for( i=1; i < cargc; i++ ) {
1240 if( strcasecmp( cargv[i], "bind_anon" ) == 0 ) {
1241 disallows |= SLAP_DISALLOW_BIND_ANON;
1243 } else if( strcasecmp( cargv[i], "bind_simple" ) == 0 ) {
1244 disallows |= SLAP_DISALLOW_BIND_SIMPLE;
1246 } else if( strcasecmp( cargv[i], "bind_krbv4" ) == 0 ) {
1247 disallows |= SLAP_DISALLOW_BIND_KRBV4;
1249 } else if( strcasecmp( cargv[i], "tls_2_anon" ) == 0 ) {
1250 disallows |= SLAP_DISALLOW_TLS_2_ANON;
1252 } else if( strcasecmp( cargv[i], "tls_authc" ) == 0 ) {
1253 disallows |= SLAP_DISALLOW_TLS_AUTHC;
1255 } else if( strcasecmp( cargv[i], "none" ) != 0 ) {
1257 LDAP_LOG( CONFIG, CRIT,
1258 "%s: line %d: unknown feature %s in "
1259 "\"disallow <features>\" line.\n",
1260 fname, lineno, cargv[i] );
1262 Debug( LDAP_DEBUG_ANY,
1263 "%s: line %d: unknown feature %s in \"disallow <features>\" line\n",
1264 fname, lineno, cargv[i] );
1271 global_disallows = disallows;
1273 /* require these features */
1274 } else if ( strcasecmp( cargv[0], "requires" ) == 0 ||
1275 strcasecmp( cargv[0], "require" ) == 0 )
1277 slap_mask_t requires;
1281 LDAP_LOG( CONFIG, CRIT,
1282 "%s: line %d: missing feature(s) in "
1283 "\"require <features>\" line.\n", fname, lineno ,0 );
1285 Debug( LDAP_DEBUG_ANY,
1286 "%s: line %d: missing feature(s) in \"require <features>\" line\n",
1295 for( i=1; i < cargc; i++ ) {
1296 if( strcasecmp( cargv[i], "bind" ) == 0 ) {
1297 requires |= SLAP_REQUIRE_BIND;
1299 } else if( strcasecmp( cargv[i], "LDAPv3" ) == 0 ) {
1300 requires |= SLAP_REQUIRE_LDAP_V3;
1302 } else if( strcasecmp( cargv[i], "authc" ) == 0 ) {
1303 requires |= SLAP_REQUIRE_AUTHC;
1305 } else if( strcasecmp( cargv[i], "SASL" ) == 0 ) {
1306 requires |= SLAP_REQUIRE_SASL;
1308 } else if( strcasecmp( cargv[i], "strong" ) == 0 ) {
1309 requires |= SLAP_REQUIRE_STRONG;
1311 } else if( strcasecmp( cargv[i], "none" ) != 0 ) {
1313 LDAP_LOG( CONFIG, CRIT,
1314 "%s: line %d: unknown feature %s in "
1315 "\"require <features>\" line.\n",
1316 fname, lineno , cargv[i] );
1318 Debug( LDAP_DEBUG_ANY,
1319 "%s: line %d: unknown feature %s in \"require <features>\" line\n",
1320 fname, lineno, cargv[i] );
1328 global_requires = requires;
1330 be->be_requires = requires;
1333 /* required security factors */
1334 } else if ( strcasecmp( cargv[0], "security" ) == 0 ) {
1335 slap_ssf_set_t *set;
1339 LDAP_LOG( CONFIG, CRIT,
1340 "%s: line %d: missing factor(s) in \"security <factors>\""
1341 " line.\n", fname, lineno ,0 );
1343 Debug( LDAP_DEBUG_ANY,
1344 "%s: line %d: missing factor(s) in \"security <factors>\" line\n",
1352 set = &global_ssf_set;
1354 set = &be->be_ssf_set;
1357 for( i=1; i < cargc; i++ ) {
1358 if( strncasecmp( cargv[i], "ssf=",
1359 sizeof("ssf") ) == 0 )
1362 atoi( &cargv[i][sizeof("ssf")] );
1364 } else if( strncasecmp( cargv[i], "transport=",
1365 sizeof("transport") ) == 0 )
1367 set->sss_transport =
1368 atoi( &cargv[i][sizeof("transport")] );
1370 } else if( strncasecmp( cargv[i], "tls=",
1371 sizeof("tls") ) == 0 )
1374 atoi( &cargv[i][sizeof("tls")] );
1376 } else if( strncasecmp( cargv[i], "sasl=",
1377 sizeof("sasl") ) == 0 )
1380 atoi( &cargv[i][sizeof("sasl")] );
1382 } else if( strncasecmp( cargv[i], "update_ssf=",
1383 sizeof("update_ssf") ) == 0 )
1385 set->sss_update_ssf =
1386 atoi( &cargv[i][sizeof("update_ssf")] );
1388 } else if( strncasecmp( cargv[i], "update_transport=",
1389 sizeof("update_transport") ) == 0 )
1391 set->sss_update_transport =
1392 atoi( &cargv[i][sizeof("update_transport")] );
1394 } else if( strncasecmp( cargv[i], "update_tls=",
1395 sizeof("update_tls") ) == 0 )
1397 set->sss_update_tls =
1398 atoi( &cargv[i][sizeof("update_tls")] );
1400 } else if( strncasecmp( cargv[i], "update_sasl=",
1401 sizeof("update_sasl") ) == 0 )
1403 set->sss_update_sasl =
1404 atoi( &cargv[i][sizeof("update_sasl")] );
1406 } else if( strncasecmp( cargv[i], "simple_bind=",
1407 sizeof("simple_bind") ) == 0 )
1409 set->sss_simple_bind =
1410 atoi( &cargv[i][sizeof("simple_bind")] );
1414 LDAP_LOG( CONFIG, CRIT,
1415 "%s: line %d: unknown factor %S in "
1416 "\"security <factors>\" line.\n",
1417 fname, lineno, cargv[1] );
1419 Debug( LDAP_DEBUG_ANY,
1420 "%s: line %d: unknown factor %s in \"security <factors>\" line\n",
1421 fname, lineno, cargv[i] );
1427 /* where to send clients when we don't hold it */
1428 } else if ( strcasecmp( cargv[0], "referral" ) == 0 ) {
1431 LDAP_LOG( CONFIG, CRIT,
1432 "%s: line %d: missing URL in \"referral <URL>\""
1433 " line.\n", fname, lineno , 0 );
1435 Debug( LDAP_DEBUG_ANY,
1436 "%s: line %d: missing URL in \"referral <URL>\" line\n",
1443 if( validate_global_referral( cargv[1] ) ) {
1445 LDAP_LOG( CONFIG, CRIT,
1446 "%s: line %d: invalid URL (%s) in \"referral\" line.\n",
1447 fname, lineno, cargv[1] );
1449 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
1450 "invalid URL (%s) in \"referral\" line.\n",
1451 fname, lineno, cargv[1] );
1456 vals[0].bv_val = cargv[1];
1457 vals[0].bv_len = strlen( vals[0].bv_val );
1458 if( value_add( &default_referral, vals ) )
1462 } else if ( strcasecmp( cargv[0], "logfile" ) == 0 ) {
1466 LDAP_LOG( CONFIG, CRIT,
1467 "%s: line %d: Error in logfile directive, "
1468 "\"logfile <filename>\"\n", fname, lineno , 0 );
1470 Debug( LDAP_DEBUG_ANY,
1471 "%s: line %d: Error in logfile directive, \"logfile filename\"\n",
1477 logfile = fopen( cargv[1], "w" );
1478 if ( logfile != NULL ) lutil_debug_file( logfile );
1481 /* start of a new database definition */
1482 } else if ( strcasecmp( cargv[0], "debug" ) == 0 ) {
1486 LDAP_LOG( CONFIG, CRIT,
1487 "%s: line %d: Error in debug directive, "
1488 "\"debug <subsys> <level>\"\n", fname, lineno , 0 );
1490 Debug( LDAP_DEBUG_ANY,
1491 "%s: line %d: Error in debug directive, \"debug subsys level\"\n",
1497 level = atoi( cargv[2] );
1498 if ( level <= 0 ) level = lutil_mnem2level( cargv[2] );
1499 lutil_set_debug_level( cargv[1], level );
1500 /* specify an Object Identifier macro */
1501 } else if ( strcasecmp( cargv[0], "objectidentifier" ) == 0 ) {
1502 rc = parse_oidm( fname, lineno, cargc, cargv );
1505 /* specify an objectclass */
1506 } else if ( strcasecmp( cargv[0], "objectclass" ) == 0 ) {
1509 LDAP_LOG( CONFIG, INFO,
1510 "%s: line %d: illegal objectclass format.\n",
1511 fname, lineno , 0 );
1513 Debug( LDAP_DEBUG_ANY,
1514 "%s: line %d: illegal objectclass format.\n",
1519 } else if ( *cargv[1] == '(' /*')'*/) {
1521 p = strchr(saveline,'(' /*')'*/);
1522 rc = parse_oc( fname, lineno, p, cargv );
1527 LDAP_LOG( CONFIG, INFO,
1528 "%s: line %d: old objectclass format not supported\n",
1529 fname, lineno , 0 );
1531 Debug( LDAP_DEBUG_ANY,
1532 "%s: line %d: old objectclass format not supported.\n",
1537 #ifdef SLAP_EXTENDED_SCHEMA
1538 } else if ( strcasecmp( cargv[0], "ditcontentrule" ) == 0 ) {
1540 p = strchr(saveline,'(' /*')'*/);
1541 rc = parse_cr( fname, lineno, p, cargv );
1545 /* specify an attribute type */
1546 } else if (( strcasecmp( cargv[0], "attributetype" ) == 0 )
1547 || ( strcasecmp( cargv[0], "attribute" ) == 0 ))
1551 LDAP_LOG( CONFIG, INFO, "%s: line %d: "
1552 "illegal attribute type format.\n",
1553 fname, lineno , 0 );
1555 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
1556 "illegal attribute type format.\n",
1561 } else if ( *cargv[1] == '(' /*')'*/) {
1563 p = strchr(saveline,'(' /*')'*/);
1564 rc = parse_at( fname, lineno, p, cargv );
1569 LDAP_LOG( CONFIG, INFO,
1570 "%s: line %d: old attribute type format not supported.\n",
1571 fname, lineno , 0 );
1573 Debug( LDAP_DEBUG_ANY,
1574 "%s: line %d: old attribute type format not supported.\n",
1580 /* define attribute option(s) */
1581 } else if ( strcasecmp( cargv[0], "attributeoptions" ) == 0 ) {
1582 ad_define_option( NULL, NULL, 0 );
1583 for ( i = 1; i < cargc; i++ )
1584 if ( ad_define_option( cargv[i], fname, lineno ) != 0 )
1587 /* turn on/off schema checking */
1588 } else if ( strcasecmp( cargv[0], "schemacheck" ) == 0 ) {
1591 LDAP_LOG( CONFIG, CRIT,
1592 "%s: line %d: missing on|off in \"schemacheck <on|off>\""
1593 " line.\n", fname, lineno , 0 );
1595 Debug( LDAP_DEBUG_ANY,
1596 "%s: line %d: missing on|off in \"schemacheck <on|off>\" line\n",
1602 if ( strcasecmp( cargv[1], "off" ) == 0 ) {
1604 LDAP_LOG( CONFIG, CRIT,
1605 "%s: line %d: schema checking disabled! your mileage may "
1606 "vary!\n", fname, lineno , 0 );
1608 Debug( LDAP_DEBUG_ANY,
1609 "%s: line %d: schema checking disabled! your mileage may vary!\n",
1612 global_schemacheck = 0;
1614 global_schemacheck = 1;
1617 /* specify access control info */
1618 } else if ( strcasecmp( cargv[0], "access" ) == 0 ) {
1619 parse_acl( be, fname, lineno, cargc, cargv );
1621 /* debug level to log things to syslog */
1622 } else if ( strcasecmp( cargv[0], "loglevel" ) == 0 ) {
1625 LDAP_LOG( CONFIG, CRIT,
1626 "%s: line %d: missing level in \"loglevel <level>\""
1627 " line.\n", fname, lineno , 0 );
1629 Debug( LDAP_DEBUG_ANY,
1630 "%s: line %d: missing level in \"loglevel <level>\" line\n",
1639 for( i=1; i < cargc; i++ ) {
1640 ldap_syslog += atoi( cargv[1] );
1643 /* list of replicas of the data in this backend (master only) */
1644 } else if ( strcasecmp( cargv[0], "replica" ) == 0 ) {
1647 LDAP_LOG( CONFIG, CRIT,
1648 "%s: line %d: missing host in \"replica "
1649 " <host[:port]\" line\n", fname, lineno , 0 );
1651 Debug( LDAP_DEBUG_ANY,
1652 "%s: line %d: missing host in \"replica <host[:port]>\" line\n",
1660 LDAP_LOG( CONFIG, INFO,
1661 "%s: line %d: replica line must appear inside "
1662 "a database definition.\n", fname, lineno, 0);
1664 Debug( LDAP_DEBUG_ANY,
1665 "%s: line %d: replica line must appear inside a database definition\n",
1673 for ( i = 1; i < cargc; i++ ) {
1674 if ( strncasecmp( cargv[i], "host=", 5 )
1676 nr = add_replica_info( be,
1683 LDAP_LOG( CONFIG, INFO,
1684 "%s: line %d: missing host in \"replica\" line\n",
1685 fname, lineno , 0 );
1687 Debug( LDAP_DEBUG_ANY,
1688 "%s: line %d: missing host in \"replica\" line\n",
1693 } else if ( nr == -1 ) {
1695 LDAP_LOG( CONFIG, INFO,
1696 "%s: line %d: unable to add"
1697 " replica \"%s\"\n",
1701 Debug( LDAP_DEBUG_ANY,
1702 "%s: line %d: unable to add replica \"%s\"\n",
1703 fname, lineno, cargv[i] + 5 );
1707 for ( i = 1; i < cargc; i++ ) {
1708 if ( strncasecmp( cargv[i], "suffix=", 7 ) == 0 ) {
1710 switch ( add_replica_suffix( be, nr, cargv[i] + 7 ) ) {
1713 LDAP_LOG( CONFIG, INFO,
1714 "%s: line %d: suffix \"%s\" in \"replica\""
1715 " line is not valid for backend(ignored)\n",
1716 fname, lineno, cargv[i] + 7 );
1718 Debug( LDAP_DEBUG_ANY,
1719 "%s: line %d: suffix \"%s\" in \"replica\" line is not valid for backend (ignored)\n",
1720 fname, lineno, cargv[i] + 7 );
1726 LDAP_LOG( CONFIG, INFO,
1727 "%s: line %d: unable to normalize suffix"
1728 " in \"replica\" line (ignored)\n",
1729 fname, lineno , 0 );
1731 Debug( LDAP_DEBUG_ANY,
1732 "%s: line %d: unable to normalize suffix in \"replica\" line (ignored)\n",
1738 } else if ( strncasecmp( cargv[i], "attr", 4 ) == 0 ) {
1740 char *arg = cargv[i] + 4;
1742 if ( arg[0] == '!' ) {
1747 if ( arg[0] != '=' ) {
1751 if ( add_replica_attrs( be, nr, arg + 1, exclude ) ) {
1753 LDAP_LOG( CONFIG, INFO,
1754 "%s: line %d: attribute \"%s\" in "
1755 "\"replica\" line is unknown\n",
1756 fname, lineno, arg + 1 );
1758 Debug( LDAP_DEBUG_ANY,
1759 "%s: line %d: attribute \"%s\" in \"replica\" line is unknown\n",
1760 fname, lineno, arg + 1 );
1769 /* dn of master entity allowed to write to replica */
1770 } else if ( strcasecmp( cargv[0], "updatedn" ) == 0 ) {
1773 LDAP_LOG( CONFIG, CRIT,
1774 "%s: line %d: missing dn in \"updatedn <dn>\""
1775 " line.\n", fname, lineno , 0 );
1777 Debug( LDAP_DEBUG_ANY,
1778 "%s: line %d: missing dn in \"updatedn <dn>\" line\n",
1786 LDAP_LOG( CONFIG, INFO,
1787 "%s: line %d: updatedn line must appear inside "
1788 "a database definition\n",
1789 fname, lineno , 0 );
1791 Debug( LDAP_DEBUG_ANY,
1792 "%s: line %d: updatedn line must appear inside a database definition\n",
1800 if ( load_ucdata( NULL ) < 0 ) return 1;
1802 dn.bv_val = cargv[1];
1803 dn.bv_len = strlen( cargv[1] );
1805 rc = dnNormalize2( NULL, &dn, &be->be_update_ndn );
1806 if( rc != LDAP_SUCCESS ) {
1808 LDAP_LOG( CONFIG, CRIT,
1809 "%s: line %d: updatedn DN is invalid.\n",
1810 fname, lineno , 0 );
1812 Debug( LDAP_DEBUG_ANY,
1813 "%s: line %d: updatedn DN is invalid\n",
1820 } else if ( strcasecmp( cargv[0], "updateref" ) == 0 ) {
1823 LDAP_LOG( CONFIG, CRIT, "%s: line %d: "
1824 "missing url in \"updateref <ldapurl>\" line.\n",
1825 fname, lineno , 0 );
1827 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
1828 "missing url in \"updateref <ldapurl>\" line\n",
1836 LDAP_LOG( CONFIG, INFO, "%s: line %d: updateref"
1837 " line must appear inside a database definition\n",
1838 fname, lineno , 0 );
1840 Debug( LDAP_DEBUG_ANY, "%s: line %d: updateref"
1841 " line must appear inside a database definition\n",
1846 } else if ( !be->be_update_ndn.bv_len ) {
1848 LDAP_LOG( CONFIG, INFO, "%s: line %d: "
1849 "updateref line must come after updatedn.\n",
1850 fname, lineno , 0 );
1852 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
1853 "updateref line must after updatedn.\n",
1859 if( validate_global_referral( cargv[1] ) ) {
1861 LDAP_LOG( CONFIG, CRIT, "%s: line %d: "
1862 "invalid URL (%s) in \"updateref\" line.\n",
1863 fname, lineno, cargv[1] );
1865 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
1866 "invalid URL (%s) in \"updateref\" line.\n",
1867 fname, lineno, cargv[1] );
1872 vals[0].bv_val = cargv[1];
1873 vals[0].bv_len = strlen( vals[0].bv_val );
1874 if( value_add( &be->be_update_refs, vals ) )
1877 /* replication log file to which changes are appended */
1878 } else if ( strcasecmp( cargv[0], "replogfile" ) == 0 ) {
1881 LDAP_LOG( CONFIG, CRIT,
1882 "%s: line %d: missing filename in \"replogfile <filename>\""
1883 " line.\n", fname, lineno , 0 );
1885 Debug( LDAP_DEBUG_ANY,
1886 "%s: line %d: missing filename in \"replogfile <filename>\" line\n",
1893 be->be_replogfile = ch_strdup( cargv[1] );
1895 replogfile = ch_strdup( cargv[1] );
1898 /* file from which to read additional rootdse attrs */
1899 } else if ( strcasecmp( cargv[0], "rootDSE" ) == 0) {
1902 LDAP_LOG( CONFIG, CRIT, "%s: line %d: "
1903 "missing filename in \"rootDSE <filename>\" line.\n",
1904 fname, lineno , 0 );
1906 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
1907 "missing filename in \"rootDSE <filename>\" line.\n",
1913 if( read_root_dse_file( cargv[1] ) ) {
1915 LDAP_LOG( CONFIG, CRIT, "%s: line %d: "
1916 "could not read \"rootDSE <filename>\" line.\n",
1917 fname, lineno , 0 );
1919 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
1920 "could not read \"rootDSE <filename>\" line\n",
1926 /* maintain lastmodified{by,time} attributes */
1927 } else if ( strcasecmp( cargv[0], "lastmod" ) == 0 ) {
1930 LDAP_LOG( CONFIG, CRIT,
1931 "%s: line %d: missing on|off in \"lastmod <on|off>\""
1932 " line.\n", fname, lineno , 0 );
1934 Debug( LDAP_DEBUG_ANY,
1935 "%s: line %d: missing on|off in \"lastmod <on|off>\" line\n",
1941 if ( strcasecmp( cargv[1], "on" ) == 0 ) {
1943 be->be_flags &= ~SLAP_BFLAG_NOLASTMOD;
1949 be->be_flags |= SLAP_BFLAG_NOLASTMOD;
1956 /* turn on/off gentle SIGHUP handling */
1957 } else if ( strcasecmp( cargv[0], "gentlehup" ) == 0 ) {
1959 Debug( LDAP_DEBUG_ANY,
1960 "%s: line %d: missing on|off in \"gentlehup <on|off>\" line\n",
1964 if ( strcasecmp( cargv[1], "off" ) == 0 ) {
1965 global_gentlehup = 0;
1967 global_gentlehup = 1;
1971 /* set idle timeout value */
1972 } else if ( strcasecmp( cargv[0], "idletimeout" ) == 0 ) {
1976 LDAP_LOG( CONFIG, CRIT,
1977 "%s: line %d: missing timeout value in "
1978 "\"idletimeout <seconds>\" line.\n", fname, lineno , 0 );
1980 Debug( LDAP_DEBUG_ANY,
1981 "%s: line %d: missing timeout value in \"idletimeout <seconds>\" line\n",
1988 i = atoi( cargv[1] );
1992 LDAP_LOG( CONFIG, CRIT,
1993 "%s: line %d: timeout value (%d) invalid "
1994 "\"idletimeout <seconds>\" line.\n", fname, lineno, i );
1996 Debug( LDAP_DEBUG_ANY,
1997 "%s: line %d: timeout value (%d) invalid \"idletimeout <seconds>\" line\n",
2004 global_idletimeout = i;
2006 /* include another config file */
2007 } else if ( strcasecmp( cargv[0], "include" ) == 0 ) {
2010 LDAP_LOG( CONFIG, CRIT,
2011 "%s: line %d: missing filename in \"include "
2012 "<filename>\" line.\n", fname, lineno , 0 );
2014 Debug( LDAP_DEBUG_ANY,
2015 "%s: line %d: missing filename in \"include <filename>\" line\n",
2021 savefname = ch_strdup( cargv[1] );
2022 savelineno = lineno;
2024 if ( read_config( savefname, depth+1 ) != 0 ) {
2029 lineno = savelineno - 1;
2031 /* location of kerberos srvtab file */
2032 } else if ( strcasecmp( cargv[0], "srvtab" ) == 0 ) {
2035 LDAP_LOG( CONFIG, CRIT,
2036 "%s: line %d: missing filename in \"srvtab "
2037 "<filename>\" line.\n", fname, lineno , 0 );
2039 Debug( LDAP_DEBUG_ANY,
2040 "%s: line %d: missing filename in \"srvtab <filename>\" line\n",
2046 ldap_srvtab = ch_strdup( cargv[1] );
2048 #ifdef SLAPD_MODULES
2049 } else if (strcasecmp( cargv[0], "moduleload") == 0 ) {
2052 LDAP_LOG( CONFIG, INFO,
2053 "%s: line %d: missing filename in \"moduleload "
2054 "<filename>\" line.\n", fname, lineno , 0 );
2056 Debug( LDAP_DEBUG_ANY,
2057 "%s: line %d: missing filename in \"moduleload <filename>\" line\n",
2061 exit( EXIT_FAILURE );
2063 if (module_load(cargv[1], cargc - 2, (cargc > 2) ? cargv + 2 : NULL)) {
2065 LDAP_LOG( CONFIG, CRIT,
2066 "%s: line %d: failed to load or initialize module %s\n",
2067 fname, lineno, cargv[1] );
2069 Debug( LDAP_DEBUG_ANY,
2070 "%s: line %d: failed to load or initialize module %s\n",
2071 fname, lineno, cargv[1]);
2074 exit( EXIT_FAILURE );
2076 } else if (strcasecmp( cargv[0], "modulepath") == 0 ) {
2079 LDAP_LOG( CONFIG, INFO,
2080 "%s: line %d: missing path in \"modulepath <path>\""
2081 " line\n", fname, lineno , 0 );
2083 Debug( LDAP_DEBUG_ANY,
2084 "%s: line %d: missing path in \"modulepath <path>\" line\n",
2088 exit( EXIT_FAILURE );
2090 if (module_path( cargv[1] )) {
2092 LDAP_LOG( CONFIG, CRIT,
2093 "%s: line %d: failed to set module search path to %s.\n",
2094 fname, lineno, cargv[1] );
2096 Debug( LDAP_DEBUG_ANY,
2097 "%s: line %d: failed to set module search path to %s\n",
2098 fname, lineno, cargv[1]);
2101 exit( EXIT_FAILURE );
2104 #endif /*SLAPD_MODULES*/
2107 } else if ( !strcasecmp( cargv[0], "TLSRandFile" ) ) {
2108 rc = ldap_pvt_tls_set_option( NULL,
2109 LDAP_OPT_X_TLS_RANDOM_FILE,
2114 } else if ( !strcasecmp( cargv[0], "TLSCipherSuite" ) ) {
2115 rc = ldap_pvt_tls_set_option( NULL,
2116 LDAP_OPT_X_TLS_CIPHER_SUITE,
2121 } else if ( !strcasecmp( cargv[0], "TLSCertificateFile" ) ) {
2122 rc = ldap_pvt_tls_set_option( NULL,
2123 LDAP_OPT_X_TLS_CERTFILE,
2128 } else if ( !strcasecmp( cargv[0], "TLSCertificateKeyFile" ) ) {
2129 rc = ldap_pvt_tls_set_option( NULL,
2130 LDAP_OPT_X_TLS_KEYFILE,
2135 } else if ( !strcasecmp( cargv[0], "TLSCACertificatePath" ) ) {
2136 rc = ldap_pvt_tls_set_option( NULL,
2137 LDAP_OPT_X_TLS_CACERTDIR,
2142 } else if ( !strcasecmp( cargv[0], "TLSCACertificateFile" ) ) {
2143 rc = ldap_pvt_tls_set_option( NULL,
2144 LDAP_OPT_X_TLS_CACERTFILE,
2148 } else if ( !strcasecmp( cargv[0], "TLSVerifyClient" ) ) {
2149 if ( isdigit( (unsigned char) cargv[1][0] ) ) {
2151 rc = ldap_pvt_tls_set_option( NULL,
2152 LDAP_OPT_X_TLS_REQUIRE_CERT,
2155 rc = ldap_int_tls_config( NULL,
2156 LDAP_OPT_X_TLS_REQUIRE_CERT,
2165 } else if ( !strcasecmp( cargv[0], "reverse-lookup" ) ) {
2166 #ifdef SLAPD_RLOOKUPS
2169 LDAP_LOG( CONFIG, INFO,
2170 "%s: line %d: reverse-lookup: missing \"on\" or \"off\"\n",
2171 fname, lineno , 0 );
2173 Debug( LDAP_DEBUG_ANY,
2174 "%s: line %d: reverse-lookup: missing \"on\" or \"off\"\n",
2180 if ( !strcasecmp( cargv[1], "on" ) ) {
2181 use_reverse_lookup = 1;
2182 } else if ( !strcasecmp( cargv[1], "off" ) ) {
2183 use_reverse_lookup = 0;
2186 LDAP_LOG( CONFIG, INFO,
2187 "%s: line %d: reverse-lookup: "
2188 "must be \"on\" (default) or \"off\"\n", fname, lineno, 0 );
2190 Debug( LDAP_DEBUG_ANY,
2191 "%s: line %d: reverse-lookup: must be \"on\" (default) or \"off\"\n",
2197 #else /* !SLAPD_RLOOKUPS */
2199 LDAP_LOG( CONFIG, INFO,
2200 "%s: line %d: reverse lookups "
2201 "are not configured (ignored).\n", fname, lineno , 0 );
2203 Debug( LDAP_DEBUG_ANY,
2204 "%s: line %d: reverse lookups are not configured (ignored).\n",
2207 #endif /* !SLAPD_RLOOKUPS */
2209 /* Netscape plugins */
2210 } else if ( strcasecmp( cargv[0], "plugin" ) == 0 ) {
2211 #if defined( LDAP_SLAPI )
2213 #ifdef notdef /* allow global plugins, too */
2215 * a "plugin" line must be inside a database
2216 * definition, since we implement pre-,post-
2217 * and extended operation plugins
2221 LDAP_LOG( CONFIG, INFO,
2222 "%s: line %d: plugin line must appear "
2223 "inside a database definition.\n",
2226 Debug( LDAP_DEBUG_ANY, "%s: line %d: plugin "
2227 "line must appear inside a database "
2228 "definition\n", fname, lineno, 0 );
2234 if ( netscape_plugin( be, fname, lineno, cargc, cargv )
2239 #else /* !defined( LDAP_SLAPI ) */
2241 LDAP_LOG( CONFIG, INFO,
2242 "%s: line %d: SLAPI not supported.\n",
2245 Debug( LDAP_DEBUG_ANY, "%s: line %d: SLAPI "
2246 "not supported.\n", fname, lineno, 0 );
2250 #endif /* !defined( LDAP_SLAPI ) */
2252 /* Netscape plugins */
2253 } else if ( strcasecmp( cargv[0], "pluginlog" ) == 0 ) {
2254 #if defined( LDAP_SLAPI )
2257 LDAP_LOG( CONFIG, INFO,
2258 "%s: line %d: missing file name "
2259 "in pluginlog <filename> line.\n",
2262 Debug( LDAP_DEBUG_ANY,
2263 "%s: line %d: missing file name "
2264 "in pluginlog <filename> line.\n",
2270 if ( slapi_log_file != NULL ) {
2271 ch_free( slapi_log_file );
2274 slapi_log_file = ch_strdup( cargv[1] );
2275 #endif /* !defined( LDAP_SLAPI ) */
2277 /* pass anything else to the current backend info/db config routine */
2280 if ( bi->bi_config == 0 ) {
2282 LDAP_LOG( CONFIG, INFO,
2283 "%s: line %d: unknown directive \"%s\" inside "
2284 "backend info definition (ignored).\n",
2285 fname, lineno, cargv[0] );
2287 Debug( LDAP_DEBUG_ANY,
2288 "%s: line %d: unknown directive \"%s\" inside backend info definition (ignored)\n",
2289 fname, lineno, cargv[0] );
2293 if ( (*bi->bi_config)( bi, fname, lineno, cargc, cargv )
2299 } else if ( be != NULL ) {
2300 if ( be->be_config == 0 ) {
2302 LDAP_LOG( CONFIG, INFO,
2303 "%s: line %d: uknown directive \"%s\" inside "
2304 "backend database definition (ignored).\n",
2305 fname, lineno, cargv[0] );
2307 Debug( LDAP_DEBUG_ANY,
2308 "%s: line %d: unknown directive \"%s\" inside backend database definition (ignored)\n",
2309 fname, lineno, cargv[0] );
2313 if ( (*be->be_config)( be, fname, lineno, cargc, cargv )
2321 LDAP_LOG( CONFIG, INFO,
2322 "%s: line %d: unknown directive \"%s\" outside backend "
2323 "info and database definitions (ignored).\n",
2324 fname, lineno, cargv[0] );
2326 Debug( LDAP_DEBUG_ANY,
2327 "%s: line %d: unknown directive \"%s\" outside backend info and database definitions (ignored)\n",
2328 fname, lineno, cargv[0] );
2337 if ( depth == 0 ) ch_free( cargv );
2339 if ( !global_schemadn.bv_val ) {
2340 ber_str2bv( SLAPD_SCHEMA_DN, sizeof(SLAPD_SCHEMA_DN)-1, 1,
2342 dnNormalize2( NULL, &global_schemadn, &global_schemandn );
2345 if ( load_ucdata( NULL ) < 0 ) return 1;
2357 char logbuf[sizeof("pseudorootpw ***")];
2360 token = strtok_quote( line, " \t" );
2364 if ( token && ( strcasecmp( token, "rootpw" ) == 0 ||
2365 strcasecmp( token, "replica" ) == 0 || /* contains "credentials" */
2366 strcasecmp( token, "bindpw" ) == 0 || /* used in back-ldap */
2367 strcasecmp( token, "pseudorootpw" ) == 0 || /* used in back-meta */
2368 strcasecmp( token, "dbpasswd" ) == 0 ) ) /* used in back-sql */
2370 snprintf( logline = logbuf, sizeof logbuf, "%s ***", token );
2373 if ( strtok_quote_ptr ) {
2374 *strtok_quote_ptr = ' ';
2378 LDAP_LOG( CONFIG, DETAIL1, "line %d (%s)\n", lineno, logline , 0 );
2380 Debug( LDAP_DEBUG_CONFIG, "line %d (%s)\n", lineno, logline, 0 );
2383 if ( strtok_quote_ptr ) {
2384 *strtok_quote_ptr = '\0';
2387 for ( ; token != NULL; token = strtok_quote( NULL, " \t" ) ) {
2388 if ( cargc == cargv_size - 1 ) {
2390 tmp = ch_realloc( cargv, (cargv_size + ARGS_STEP) *
2392 if ( tmp == NULL ) {
2394 LDAP_LOG( CONFIG, ERR, "line %d: out of memory\n", lineno, 0,0 );
2396 Debug( LDAP_DEBUG_ANY,
2397 "line %d: out of memory\n",
2403 cargv_size += ARGS_STEP;
2405 cargv[cargc++] = token;
2407 cargv[cargc] = NULL;
2412 strtok_quote( char *line, char *sep )
2418 strtok_quote_ptr = NULL;
2419 if ( line != NULL ) {
2422 while ( *next && strchr( sep, *next ) ) {
2426 if ( *next == '\0' ) {
2432 for ( inquote = 0; *next; ) {
2440 AC_MEMCPY( next, next + 1, strlen( next + 1 ) + 1 );
2446 next + 1, strlen( next + 1 ) + 1 );
2447 next++; /* dont parse the escaped character */
2452 if ( strchr( sep, *next ) != NULL ) {
2453 strtok_quote_ptr = next;
2466 static char buf[BUFSIZ];
2468 static size_t lmax, lcur;
2470 #define CATLINE( buf ) \
2472 size_t len = strlen( buf ); \
2473 while ( lcur + len + 1 > lmax ) { \
2475 line = (char *) ch_realloc( line, lmax ); \
2477 strcpy( line + lcur, buf ); \
2482 fp_getline( FILE *fp, int *lineno )
2490 /* hack attack - keeps us from having to keep a stack of bufs... */
2491 if ( strncasecmp( line, "include", 7 ) == 0 ) {
2496 while ( fgets( buf, sizeof(buf), fp ) != NULL ) {
2497 /* trim off \r\n or \n */
2498 if ( (p = strchr( buf, '\n' )) != NULL ) {
2499 if( p > buf && p[-1] == '\r' ) --p;
2503 /* trim off trailing \ and append the next line */
2504 if ( line[ 0 ] != '\0'
2505 && (p = line + strlen( line ) - 1)[ 0 ] == '\\'
2506 && p[ -1 ] != '\\' ) {
2511 if ( ! isspace( (unsigned char) buf[0] ) ) {
2515 /* change leading whitespace to a space */
2524 return( line[0] ? line : NULL );
2528 fp_getline_init( int *lineno )
2534 /* Loads ucdata, returns 1 if loading, 0 if already loaded, -1 on error */
2536 load_ucdata( char *path )
2538 static int loaded = 0;
2544 err = ucdata_load( path ? path : SLAPD_DEFAULT_UCDATA, UCDATA_ALL );
2547 LDAP_LOG( CONFIG, CRIT,
2548 "load_ucdata: Error %d loading ucdata.\n", err, 0,0 );
2550 Debug( LDAP_DEBUG_ANY, "error loading ucdata (error %d)\n",
2563 ucdata_unload( UCDATA_ALL );
2564 free( global_schemandn.bv_val );
2565 free( global_schemadn.bv_val );
2567 if ( slapd_args_file )
2568 free ( slapd_args_file );
2569 if ( slapd_pid_file )
2570 free ( slapd_pid_file );
2571 if ( default_passwd_hash )
2572 free( default_passwd_hash );
2573 acl_destroy( global_acl, NULL );