1 /* config.c - configuration file handling routines */
4 * Copyright 1998-2002 The OpenLDAP Foundation, All Rights Reserved.
5 * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
12 #include <ac/string.h>
14 #include <ac/signal.h>
15 #include <ac/socket.h>
25 * defaults for various global variables
27 struct slap_limits_set deflimit = {
28 SLAPD_DEFAULT_TIMELIMIT, /* backward compatible limits */
31 SLAPD_DEFAULT_SIZELIMIT, /* backward compatible limits */
33 -1 /* no limit on unchecked size */
36 AccessControl *global_acl = NULL;
37 slap_access_t global_default_access = ACL_READ;
38 slap_mask_t global_restrictops = 0;
39 slap_mask_t global_allows = 0;
40 slap_mask_t global_disallows = 0;
41 slap_mask_t global_requires = 0;
42 slap_ssf_set_t global_ssf_set;
44 int global_gentlehup = 0;
45 int global_idletimeout = 0;
46 char *global_host = NULL;
47 char *global_realm = NULL;
48 char *ldap_srvtab = "";
49 char *default_passwd_hash = NULL;
50 int cargc = 0, cargv_size = 0;
52 struct berval default_search_base = { 0, NULL };
53 struct berval default_search_nbase = { 0, NULL };
54 unsigned num_subordinates = 0;
56 ber_len_t sockbuf_max_incoming = SLAP_SB_MAX_INCOMING_DEFAULT;
57 ber_len_t sockbuf_max_incoming_auth= SLAP_SB_MAX_INCOMING_AUTH;
59 char *slapd_pid_file = NULL;
60 char *slapd_args_file = NULL;
62 char *strtok_quote_ptr;
65 int use_reverse_lookup = 1;
66 #else /* !SLAPD_RLOOKUPS */
67 int use_reverse_lookup = 0;
68 #endif /* !SLAPD_RLOOKUPS */
70 static char *fp_getline(FILE *fp, int *lineno);
71 static void fp_getline_init(int *lineno);
72 static int fp_parse_line(int lineno, char *line);
74 static char *strtok_quote(char *line, char *sep);
75 static int load_ucdata(char *path);
78 read_config( const char *fname )
81 char *line, *savefname, *saveline;
85 struct berval vals[2];
87 static int lastmod = 1;
88 static BackendInfo *bi = NULL;
89 static BackendDB *be = NULL;
91 vals[1].bv_val = NULL;
93 cargv = ch_calloc( ARGS_STEP + 1, sizeof(*cargv) );
94 cargv_size = ARGS_STEP + 1;
96 if ( (fp = fopen( fname, "r" )) == NULL ) {
99 LDAP_LOG( CONFIG, ENTRY,
100 "read_config: " "could not open config file \"%s\": %s (%d)\n",
101 fname, strerror(errno), errno );
103 Debug( LDAP_DEBUG_ANY,
104 "could not open config file \"%s\": %s (%d)\n",
105 fname, strerror(errno), errno );
111 LDAP_LOG( CONFIG, ENTRY,
112 "read_config: reading config file %s\n", fname, 0, 0 );
114 Debug( LDAP_DEBUG_CONFIG, "reading config file %s\n", fname, 0, 0 );
118 fp_getline_init( &lineno );
120 while ( (line = fp_getline( fp, &lineno )) != NULL ) {
121 /* skip comments and blank lines */
122 if ( line[0] == '#' || line[0] == '\0' ) {
126 /* fp_parse_line is destructive, we save a copy */
127 saveline = ch_strdup( line );
129 if ( fp_parse_line( lineno, line ) != 0 ) {
135 LDAP_LOG( CONFIG, INFO,
136 "%s: line %d: bad config line (ignored)\n", fname, lineno, 0 );
138 Debug( LDAP_DEBUG_ANY,
139 "%s: line %d: bad config line (ignored)\n",
146 if ( strcasecmp( cargv[0], "backend" ) == 0 ) {
149 LDAP_LOG( CONFIG, CRIT,
150 "%s : line %d: missing type in \"backend\" line.\n",
153 Debug( LDAP_DEBUG_ANY,
154 "%s: line %d: missing type in \"backend <type>\" line\n",
163 LDAP_LOG( CONFIG, CRIT,
164 "%s: line %d: backend line must appear before any "
165 "database definition.\n", fname, lineno , 0 );
167 Debug( LDAP_DEBUG_ANY,
168 "%s: line %d: backend line must appear before any database definition\n",
175 bi = backend_info( cargv[1] );
179 LDAP_LOG( CONFIG, CRIT,
180 "read_config: backend %s initialization failed.\n",
183 Debug( LDAP_DEBUG_ANY,
184 "backend %s initialization failed.\n",
190 } else if ( strcasecmp( cargv[0], "database" ) == 0 ) {
193 LDAP_LOG( CONFIG, CRIT,
194 "%s: line %d: missing type in \"database <type>\" line\n",
197 Debug( LDAP_DEBUG_ANY,
198 "%s: line %d: missing type in \"database <type>\" line\n",
206 be = backend_db_init( cargv[1] );
210 LDAP_LOG( CONFIG, CRIT,
211 "database %s initialization failed.\n", cargv[1], 0, 0 );
213 Debug( LDAP_DEBUG_ANY,
214 "database %s initialization failed.\n",
221 /* set thread concurrency */
222 } else if ( strcasecmp( cargv[0], "concurrency" ) == 0 ) {
226 LDAP_LOG( CONFIG, CRIT,
227 "%s: line %d: missing level in \"concurrency <level\" "
228 " line\n", fname, lineno, 0 );
230 Debug( LDAP_DEBUG_ANY,
231 "%s: line %d: missing level in \"concurrency <level>\" line\n",
238 c = atoi( cargv[1] );
242 LDAP_LOG( CONFIG, CRIT,
243 "%s: line %d: invalid level (%d) in "
244 "\"concurrency <level>\" line.\n", fname, lineno, c );
246 Debug( LDAP_DEBUG_ANY,
247 "%s: line %d: invalid level (%d) in \"concurrency <level>\" line\n",
254 ldap_pvt_thread_set_concurrency( c );
256 /* set sockbuf max */
257 } else if ( strcasecmp( cargv[0], "sockbuf_max_incoming" ) == 0 ) {
261 LDAP_LOG( CONFIG, CRIT,
262 "%s: line %d: missing max in \"sockbuf_max_incoming "
263 "<bytes>\" line\n", fname, lineno, 0 );
265 Debug( LDAP_DEBUG_ANY,
266 "%s: line %d: missing max in \"sockbuf_max_incoming <bytes>\" line\n",
273 max = atol( cargv[1] );
277 LDAP_LOG( CONFIG, CRIT,
278 "%s: line %d: invalid max value (%ld) in "
279 "\"sockbuf_max_incoming <bytes>\" line.\n",
280 fname, lineno, max );
282 Debug( LDAP_DEBUG_ANY,
283 "%s: line %d: invalid max value (%ld) in "
284 "\"sockbuf_max_incoming <bytes>\" line.\n",
285 fname, lineno, max );
291 sockbuf_max_incoming = max;
293 /* set sockbuf max authenticated */
294 } else if ( strcasecmp( cargv[0], "sockbuf_max_incoming_auth" ) == 0 ) {
298 LDAP_LOG( CONFIG, CRIT,
299 "%s: line %d: missing max in \"sockbuf_max_incoming_auth "
300 "<bytes>\" line\n", fname, lineno, 0 );
302 Debug( LDAP_DEBUG_ANY,
303 "%s: line %d: missing max in \"sockbuf_max_incoming_auth <bytes>\" line\n",
310 max = atol( cargv[1] );
314 LDAP_LOG( CONFIG, CRIT,
315 "%s: line %d: invalid max value (%ld) in "
316 "\"sockbuf_max_incoming_auth <bytes>\" line.\n",
317 fname, lineno, max );
319 Debug( LDAP_DEBUG_ANY,
320 "%s: line %d: invalid max value (%ld) in "
321 "\"sockbuf_max_incoming_auth <bytes>\" line.\n",
322 fname, lineno, max );
328 sockbuf_max_incoming_auth = max;
330 /* default search base */
331 } else if ( strcasecmp( cargv[0], "defaultSearchBase" ) == 0 ) {
334 LDAP_LOG( CONFIG, CRIT,
335 "%s: line %d: missing dn in \"defaultSearchBase <dn\" "
336 "line\n", fname, lineno, 0 );
338 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
339 "missing dn in \"defaultSearchBase <dn>\" line\n",
345 } else if ( cargc > 2 ) {
347 LDAP_LOG( CONFIG, INFO,
348 "%s: line %d: extra cruft after <dn> in "
349 "\"defaultSearchBase %s\" line (ignored)\n",
350 fname, lineno, cargv[1] );
352 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
353 "extra cruft after <dn> in \"defaultSearchBase %s\", "
355 fname, lineno, cargv[1] );
359 if ( bi != NULL || be != NULL ) {
361 LDAP_LOG( CONFIG, CRIT,
362 "%s: line %d: defaultSearchBase line must appear "
363 "prior to any backend or database definitions\n",
366 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
367 "defaultSearchBaase line must appear prior to "
368 "any backend or database definition\n",
375 if ( default_search_nbase.bv_len ) {
377 LDAP_LOG( CONFIG, INFO, "%s: line %d: "
378 "default search base \"%s\" already defined "
379 "(discarding old)\n", fname, lineno,
380 default_search_base.bv_val );
382 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
383 "default search base \"%s\" already defined "
384 "(discarding old)\n",
385 fname, lineno, default_search_base.bv_val );
388 free( default_search_base.bv_val );
389 free( default_search_nbase.bv_val );
392 if ( load_ucdata( NULL ) < 0 ) return 1;
397 dn.bv_val = cargv[1];
398 dn.bv_len = strlen( dn.bv_val );
400 rc = dnPrettyNormal( NULL, &dn,
401 &default_search_base,
402 &default_search_nbase );
404 if( rc != LDAP_SUCCESS ) {
406 LDAP_LOG( CONFIG, CRIT,
407 "%s: line %d: defaultSearchBase DN is invalid.\n",
410 Debug( LDAP_DEBUG_ANY,
411 "%s: line %d: defaultSearchBase DN is invalid\n",
418 /* set maximum threads in thread pool */
419 } else if ( strcasecmp( cargv[0], "threads" ) == 0 ) {
423 LDAP_LOG( CONFIG, CRIT,
424 "%s: line %d: missing count in \"threads <count>\" line\n",
427 Debug( LDAP_DEBUG_ANY,
428 "%s: line %d: missing count in \"threads <count>\" line\n",
435 c = atoi( cargv[1] );
439 LDAP_LOG( CONFIG, CRIT,
440 "%s: line %d: invalid level (%d) in \"threads <count>\""
441 "line\n", fname, lineno, c );
443 Debug( LDAP_DEBUG_ANY,
444 "%s: line %d: invalid level (%d) in \"threads <count>\" line\n",
451 ldap_pvt_thread_pool_maxthreads( &connection_pool, c );
453 /* save for later use */
454 connection_pool_max = c;
456 /* get pid file name */
457 } else if ( strcasecmp( cargv[0], "pidfile" ) == 0 ) {
460 LDAP_LOG( CONFIG, CRIT,
461 "%s: line %d missing file name in \"pidfile <file>\" "
462 "line.\n", fname, lineno, 0 );
464 Debug( LDAP_DEBUG_ANY,
465 "%s: line %d: missing file name in \"pidfile <file>\" line\n",
472 slapd_pid_file = ch_strdup( cargv[1] );
474 /* get args file name */
475 } else if ( strcasecmp( cargv[0], "argsfile" ) == 0 ) {
478 LDAP_LOG( CONFIG, CRIT,
479 "%s: %d: missing file name in "
480 "\"argsfile <file>\" line.\n",
483 Debug( LDAP_DEBUG_ANY,
484 "%s: line %d: missing file name in \"argsfile <file>\" line\n",
491 slapd_args_file = ch_strdup( cargv[1] );
493 /* default password hash */
494 } else if ( strcasecmp( cargv[0], "password-hash" ) == 0 ) {
497 LDAP_LOG( CONFIG, CRIT,
498 "%s: line %d: missing hash in "
499 "\"password-hash <hash>\" line.\n",
502 Debug( LDAP_DEBUG_ANY,
503 "%s: line %d: missing hash in \"password-hash <hash>\" line\n",
509 if ( default_passwd_hash != NULL ) {
511 LDAP_LOG( CONFIG, CRIT,
512 "%s: line %d: already set default password_hash!\n",
515 Debug( LDAP_DEBUG_ANY,
516 "%s: line %d: already set default password_hash!\n",
524 if ( lutil_passwd_scheme( cargv[1] ) == 0 ) {
526 LDAP_LOG( CONFIG, CRIT,
527 "%s: line %d: password scheme \"%s\" not available\n",
528 fname, lineno, cargv[1] );
530 Debug( LDAP_DEBUG_ANY,
531 "%s: line %d: password scheme \"%s\" not available\n",
532 fname, lineno, cargv[1] );
537 default_passwd_hash = ch_strdup( cargv[1] );
539 } else if ( strcasecmp( cargv[0], "password-crypt-salt-format" ) == 0 )
543 LDAP_LOG( CONFIG, CRIT,
544 "%s: line %d: missing format in "
545 "\"password-crypt-salt-format <format>\" line\n",
548 Debug( LDAP_DEBUG_ANY, "%s: line %d: missing format in "
549 "\"password-crypt-salt-format <format>\" line\n",
556 lutil_salt_format( cargv[1] );
558 #ifdef HAVE_CYRUS_SASL
559 /* SASL config options */
560 } else if ( strncasecmp( cargv[0], "sasl", 4 ) == 0 ) {
561 if ( slap_sasl_config( cargc, cargv, line, fname, lineno ) )
563 #endif /* HAVE_CYRUS_SASL */
565 /* set UCDATA path */
566 } else if ( strcasecmp( cargv[0], "ucdata-path" ) == 0 ) {
570 LDAP_LOG( CONFIG, CRIT,
571 "%s: line %d: missing path in "
572 "\"ucdata-path <path>\" line.\n", fname, lineno, 0 );
574 Debug( LDAP_DEBUG_ANY,
575 "%s: line %d: missing path in \"ucdata-path <path>\" line\n",
582 err = load_ucdata( cargv[1] );
586 LDAP_LOG( CONFIG, CRIT,
587 "%s: line %d: ucdata already loaded, ucdata-path "
588 "must be set earlier in the file and/or be "
589 "specified only once!\n", fname, lineno, 0 );
591 Debug( LDAP_DEBUG_ANY,
592 "%s: line %d: ucdata already loaded, ucdata-path must be set earlier in the file and/or be specified only once!\n",
601 } else if ( strcasecmp( cargv[0], "sizelimit" ) == 0 ) {
603 struct slap_limits_set *lim;
607 LDAP_LOG( CONFIG, CRIT,
608 "%s: line %d: missing limit in \"sizelimit <limit>\" "
609 "line.\n", fname, lineno, 0 );
611 Debug( LDAP_DEBUG_ANY,
612 "%s: line %d: missing limit in \"sizelimit <limit>\" line\n",
622 lim = &be->be_def_limit;
625 for ( i = 1; i < cargc; i++ ) {
626 if ( strncasecmp( cargv[i], "size", 4 ) == 0 ) {
627 rc = parse_limit( cargv[i], lim );
629 lim->lms_s_soft = atoi( cargv[i] );
635 LDAP_LOG( CONFIG, CRIT,
636 "%s: line %d: unable "
637 "to parse value \"%s\" in \"sizelimit "
638 "<limit>\" line.\n", fname, lineno, cargv[i] );
640 Debug( LDAP_DEBUG_ANY,
641 "%s: line %d: unable "
642 "to parse value \"%s\" "
645 fname, lineno, cargv[i] );
651 } else if ( strcasecmp( cargv[0], "timelimit" ) == 0 ) {
653 struct slap_limits_set *lim;
657 LDAP_LOG( CONFIG, CRIT,
658 "%s: line %d missing limit in \"timelimit <limit>\" "
659 "line.\n", fname, lineno, 0 );
661 Debug( LDAP_DEBUG_ANY,
662 "%s: line %d: missing limit in \"timelimit <limit>\" line\n",
672 lim = &be->be_def_limit;
675 for ( i = 1; i < cargc; i++ ) {
676 if ( strncasecmp( cargv[i], "time", 4 ) == 0 ) {
677 rc = parse_limit( cargv[i], lim );
679 lim->lms_t_soft = atoi( cargv[i] );
685 LDAP_LOG( CONFIG, CRIT,
686 "%s: line %d: unable to parse value \"%s\" "
687 "in \"timelimit <limit>\" line.\n",
688 fname, lineno, cargv[i] );
690 Debug( LDAP_DEBUG_ANY,
691 "%s: line %d: unable "
692 "to parse value \"%s\" "
695 fname, lineno, cargv[i] );
700 /* set regex-based limits */
701 } else if ( strcasecmp( cargv[0], "limits" ) == 0 ) {
704 LDAP_LOG( CONFIG, WARNING,
705 "%s: line %d \"limits\" allowed only in database "
706 "environment.\n", fname, lineno, 0 );
708 Debug( LDAP_DEBUG_ANY,
709 "%s: line %d \"limits\" allowed only in database environment.\n%s",
715 if ( parse_limits( be, fname, lineno, cargc, cargv ) ) {
719 /* mark this as a subordinate database */
720 } else if ( strcasecmp( cargv[0], "subordinate" ) == 0 ) {
723 LDAP_LOG( CONFIG, INFO, "%s: line %d: "
724 "subordinate keyword must appear inside a database "
725 "definition.\n", fname, lineno, 0 );
727 Debug( LDAP_DEBUG_ANY, "%s: line %d: suffix line "
728 "must appear inside a database definition.\n",
734 be->be_flags |= SLAP_BFLAG_GLUE_SUBORDINATE;
738 /* set database suffix */
739 } else if ( strcasecmp( cargv[0], "suffix" ) == 0 ) {
741 struct berval dn, pdn, ndn;
745 LDAP_LOG( CONFIG, CRIT,
746 "%s: line %d: missing dn in \"suffix <dn>\" line.\n",
749 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
750 "missing dn in \"suffix <dn>\" line\n",
756 } else if ( cargc > 2 ) {
758 LDAP_LOG( CONFIG, INFO,
759 "%s: line %d: extra cruft after <dn> in \"suffix %s\""
760 " line (ignored).\n", fname, lineno, cargv[1] );
762 Debug( LDAP_DEBUG_ANY, "%s: line %d: extra cruft "
763 "after <dn> in \"suffix %s\" line (ignored)\n",
764 fname, lineno, cargv[1] );
770 LDAP_LOG( CONFIG, INFO,
771 "%s: line %d: suffix line must appear inside a database "
772 "definition.\n", fname, lineno, 0 );
774 Debug( LDAP_DEBUG_ANY, "%s: line %d: suffix line "
775 "must appear inside a database definition\n",
780 #if defined(SLAPD_MONITOR_DN)
781 /* "cn=Monitor" is reserved for monitoring slap */
782 } else if ( strcasecmp( cargv[1], SLAPD_MONITOR_DN ) == 0 ) {
784 LDAP_LOG( CONFIG, CRIT, "%s: line %d: \""
785 SLAPD_MONITOR_DN "\" is reserved for monitoring slapd\n",
788 Debug( LDAP_DEBUG_ANY, "%s: line %d: \""
789 SLAPD_MONITOR_DN "\" is reserved for monitoring slapd\n",
793 #endif /* SLAPD_MONITOR_DN */
796 if ( load_ucdata( NULL ) < 0 ) return 1;
798 dn.bv_val = cargv[1];
799 dn.bv_len = strlen( cargv[1] );
801 rc = dnPrettyNormal( NULL, &dn, &pdn, &ndn );
802 if( rc != LDAP_SUCCESS ) {
804 LDAP_LOG( CONFIG, CRIT,
805 "%s: line %d: suffix DN is invalid.\n",
808 Debug( LDAP_DEBUG_ANY,
809 "%s: line %d: suffix DN is invalid\n",
815 tmp_be = select_backend( &ndn, 0, 0 );
816 if ( tmp_be == be ) {
818 LDAP_LOG( CONFIG, INFO,
819 "%s: line %d: suffix already served by this backend "
820 "(ignored)\n", fname, lineno, 0 );
822 Debug( LDAP_DEBUG_ANY, "%s: line %d: suffix "
823 "already served by this backend (ignored)\n",
829 } else if ( tmp_be != NULL ) {
831 LDAP_LOG( CONFIG, INFO,
832 "%s: line %d: suffix already served by a preceding "
833 "backend \"%s\"\n", fname, lineno,
834 tmp_be->be_suffix[0].bv_val );
836 Debug( LDAP_DEBUG_ANY, "%s: line %d: suffix "
837 "already served by a preceeding backend \"%s\"\n",
838 fname, lineno, tmp_be->be_suffix[0].bv_val );
844 } else if( pdn.bv_len == 0 && default_search_nbase.bv_len ) {
846 LDAP_LOG( CONFIG, INFO,
847 "%s: line %d: suffix DN empty and default search "
848 "base provided \"%s\" (assuming okay).\n",
849 fname, lineno, default_search_base.bv_val );
851 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
852 "suffix DN empty and default "
853 "search base provided \"%s\" (assuming okay)\n",
854 fname, lineno, default_search_base.bv_val );
858 ber_bvarray_add( &be->be_suffix, &pdn );
859 ber_bvarray_add( &be->be_nsuffix, &ndn );
861 /* set database suffixAlias */
862 } else if ( strcasecmp( cargv[0], "suffixAlias" ) == 0 ) {
864 struct berval alias, palias, nalias;
865 struct berval aliased, paliased, naliased;
869 LDAP_LOG( CONFIG, CRIT,
870 "%s: line %d: missing alias and aliased_dn in "
871 "\"suffixAlias <alias> <aliased_dn>\" line.\n",
874 Debug( LDAP_DEBUG_ANY,
875 "%s: line %d: missing alias and aliased_dn in "
876 "\"suffixAlias <alias> <aliased_dn>\" line.\n",
881 } else if ( cargc < 3 ) {
883 LDAP_LOG( CONFIG, CRIT,
884 "%s: line %d: missing aliased_dn in "
885 "\"suffixAlias <alias> <aliased_dn>\" line\n",
888 Debug( LDAP_DEBUG_ANY,
889 "%s: line %d: missing aliased_dn in "
890 "\"suffixAlias <alias> <aliased_dn>\" line\n",
895 } else if ( cargc > 3 ) {
897 LDAP_LOG( CONFIG, CRIT,
898 "%s: line %d: extra cruft in suffixAlias line (ignored)\n",
901 Debug( LDAP_DEBUG_ANY,
902 "%s: line %d: extra cruft in suffixAlias line (ignored)\n",
909 LDAP_LOG( CONFIG, INFO,
910 "%s: line %d: suffix line must appear inside a database "
911 "definition.\n", fname, lineno, 0 );
913 Debug( LDAP_DEBUG_ANY,
914 "%s: line %d: suffixAlias line"
915 " must appear inside a database definition.\n",
921 if ( load_ucdata( NULL ) < 0 ) return 1;
923 alias.bv_val = cargv[1];
924 alias.bv_len = strlen( cargv[1] );
926 rc = dnPrettyNormal( NULL, &alias, &palias, &nalias );
927 if( rc != LDAP_SUCCESS ) {
929 LDAP_LOG( CONFIG, CRIT,
930 "%s: line %d: alias DN is invalid.\n", fname, lineno, 0 );
932 Debug( LDAP_DEBUG_ANY,
933 "%s: line %d: alias DN is invalid\n",
939 tmp_be = select_backend( &nalias, 0, 0 );
940 free( nalias.bv_val );
941 if ( tmp_be && tmp_be != be ) {
943 LDAP_LOG( CONFIG, INFO,
944 "%s: line %d: suffixAlias served by a preceeding "
945 "backend \"%s\"\n", fname, lineno,
946 tmp_be->be_suffix[0].bv_val );
948 Debug( LDAP_DEBUG_ANY,
949 "%s: line %d: suffixAlias served by"
950 " a preceeding backend \"%s\"\n",
951 fname, lineno, tmp_be->be_suffix[0].bv_val );
953 free( palias.bv_val );
957 aliased.bv_val = cargv[2];
958 aliased.bv_len = strlen( cargv[2] );
960 rc = dnPrettyNormal( NULL, &aliased, &paliased, &naliased );
961 if( rc != LDAP_SUCCESS ) {
963 LDAP_LOG( CONFIG, CRIT,
964 "%s: line %d: aliased DN is invalid.\n", fname, lineno,0 );
966 Debug( LDAP_DEBUG_ANY,
967 "%s: line %d: aliased DN is invalid\n",
970 free( palias.bv_val );
974 tmp_be = select_backend( &naliased, 0, 0 );
975 free( naliased.bv_val );
976 if ( tmp_be && tmp_be != be ) {
978 LDAP_LOG( CONFIG, INFO,
979 "%s: line %d: suffixAlias derefs to a different backend "
980 "a preceeding backend \"%s\"\n",
981 fname, lineno, tmp_be->be_suffix[0].bv_val );
983 Debug( LDAP_DEBUG_ANY,
984 "%s: line %d: suffixAlias derefs to differnet backend"
985 " a preceeding backend \"%s\"\n",
986 fname, lineno, tmp_be->be_suffix[0].bv_val );
988 free( palias.bv_val );
989 free( paliased.bv_val );
993 ber_bvarray_add( &be->be_suffixAlias, &palias );
994 ber_bvarray_add( &be->be_suffixAlias, &paliased );
996 /* set max deref depth */
997 } else if ( strcasecmp( cargv[0], "maxDerefDepth" ) == 0 ) {
1001 LDAP_LOG( CONFIG, CRIT,
1002 "%s: line %d: missing depth in \"maxDerefDepth <depth>\""
1003 " line\n", fname, lineno, 0 );
1005 Debug( LDAP_DEBUG_ANY,
1006 "%s: line %d: missing depth in \"maxDerefDepth <depth>\" line\n",
1014 LDAP_LOG( CONFIG, INFO,
1015 "%s: line %d: depth line must appear inside a database "
1016 "definition.\n", fname, lineno ,0 );
1018 Debug( LDAP_DEBUG_ANY,
1019 "%s: line %d: depth line must appear inside a database definition.\n",
1024 } else if ((i = atoi(cargv[1])) < 0) {
1026 LDAP_LOG( CONFIG, INFO,
1027 "%s: line %d: depth must be positive.\n",
1030 Debug( LDAP_DEBUG_ANY,
1031 "%s: line %d: depth must be positive.\n",
1038 be->be_max_deref_depth = i;
1042 /* set magic "root" dn for this database */
1043 } else if ( strcasecmp( cargv[0], "rootdn" ) == 0 ) {
1046 LDAP_LOG( CONFIG, INFO,
1047 "%s: line %d: missing dn in \"rootdn <dn>\" line.\n",
1050 Debug( LDAP_DEBUG_ANY,
1051 "%s: line %d: missing dn in \"rootdn <dn>\" line\n",
1060 LDAP_LOG( CONFIG, INFO,
1061 "%s: line %d: rootdn line must appear inside a database "
1062 "definition.\n", fname, lineno ,0 );
1064 Debug( LDAP_DEBUG_ANY,
1065 "%s: line %d: rootdn line must appear inside a database definition.\n",
1073 if ( load_ucdata( NULL ) < 0 ) return 1;
1075 dn.bv_val = cargv[1];
1076 dn.bv_len = strlen( cargv[1] );
1078 rc = dnPrettyNormal( NULL, &dn,
1082 if( rc != LDAP_SUCCESS ) {
1084 LDAP_LOG( CONFIG, CRIT,
1085 "%s: line %d: rootdn DN is invalid.\n",
1088 Debug( LDAP_DEBUG_ANY,
1089 "%s: line %d: rootdn DN is invalid\n",
1096 /* set super-secret magic database password */
1097 } else if ( strcasecmp( cargv[0], "rootpw" ) == 0 ) {
1100 LDAP_LOG( CONFIG, CRIT,
1101 "%s: line %d: missing passwd in \"rootpw <passwd>\""
1102 " line\n", fname, lineno ,0 );
1104 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
1105 "missing passwd in \"rootpw <passwd>\" line\n",
1114 LDAP_LOG( CONFIG, INFO, "%s: line %d: "
1115 "rootpw line must appear inside a database "
1116 "definition.\n", fname, lineno ,0 );
1118 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
1119 "rootpw line must appear inside a database "
1126 Backend *tmp_be = select_backend( &be->be_rootndn, 0, 0 );
1128 if( tmp_be != be ) {
1130 LDAP_LOG( CONFIG, INFO,
1132 "rootpw can only be set when rootdn is under suffix\n",
1133 fname, lineno, "" );
1135 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
1136 "rootpw can only be set when rootdn is under suffix\n",
1142 be->be_rootpw.bv_val = ch_strdup( cargv[1] );
1143 be->be_rootpw.bv_len = strlen( be->be_rootpw.bv_val );
1146 /* make this database read-only */
1147 } else if ( strcasecmp( cargv[0], "readonly" ) == 0 ) {
1150 LDAP_LOG( CONFIG, CRIT,
1151 "%s: line %d: missing on|off in \"readonly <on|off>\" "
1152 "line.\n", fname, lineno ,0 );
1154 Debug( LDAP_DEBUG_ANY,
1155 "%s: line %d: missing on|off in \"readonly <on|off>\" line\n",
1162 if ( strcasecmp( cargv[1], "on" ) == 0 ) {
1163 global_restrictops |= SLAP_RESTRICT_OP_WRITES;
1165 global_restrictops &= ~SLAP_RESTRICT_OP_WRITES;
1168 if ( strcasecmp( cargv[1], "on" ) == 0 ) {
1169 be->be_restrictops |= SLAP_RESTRICT_OP_WRITES;
1171 be->be_restrictops &= ~SLAP_RESTRICT_OP_WRITES;
1176 /* allow these features */
1177 } else if ( strcasecmp( cargv[0], "allows" ) == 0 ||
1178 strcasecmp( cargv[0], "allow" ) == 0 )
1184 LDAP_LOG( CONFIG, INFO,
1185 "%s: line %d: allow line must appear prior to "
1186 "database definitions.\n", fname, lineno ,0 );
1188 Debug( LDAP_DEBUG_ANY,
1189 "%s: line %d: allow line must appear prior to database definitions\n",
1197 LDAP_LOG( CONFIG, CRIT,
1198 "%s: line %d: missing feature(s) in \"allow <features>\""
1199 " line\n", fname, lineno ,0 );
1201 Debug( LDAP_DEBUG_ANY,
1202 "%s: line %d: missing feature(s) in \"allow <features>\" line\n",
1211 for( i=1; i < cargc; i++ ) {
1212 if( strcasecmp( cargv[i], "bind_v2" ) == 0 ) {
1213 allows |= SLAP_ALLOW_BIND_V2;
1215 } else if( strcasecmp( cargv[i], "bind_anon_cred" ) == 0 ) {
1216 allows |= SLAP_ALLOW_BIND_ANON_CRED;
1218 } else if( strcasecmp( cargv[i], "bind_anon_dn" ) == 0 ) {
1219 allows |= SLAP_ALLOW_BIND_ANON_DN;
1221 } else if( strcasecmp( cargv[i], "none" ) != 0 ) {
1223 LDAP_LOG( CONFIG, CRIT,
1224 "%s: line %d: unknown feature %s in "
1225 "\"allow <features>\" line.\n",
1226 fname, lineno, cargv[1] );
1228 Debug( LDAP_DEBUG_ANY,
1229 "%s: line %d: unknown feature %s in \"allow <features>\" line\n",
1230 fname, lineno, cargv[i] );
1237 global_allows = allows;
1239 /* disallow these features */
1240 } else if ( strcasecmp( cargv[0], "disallows" ) == 0 ||
1241 strcasecmp( cargv[0], "disallow" ) == 0 )
1243 slap_mask_t disallows;
1247 LDAP_LOG( CONFIG, INFO,
1248 "%s: line %d: disallow line must appear prior to "
1249 "database definitions.\n", fname, lineno ,0 );
1251 Debug( LDAP_DEBUG_ANY,
1252 "%s: line %d: disallow line must appear prior to database definitions\n",
1260 LDAP_LOG( CONFIG, CRIT,
1261 "%s: line %d: missing feature(s) in \"disallow <features>\""
1262 " line.\n", fname, lineno ,0 );
1264 Debug( LDAP_DEBUG_ANY,
1265 "%s: line %d: missing feature(s) in \"disallow <features>\" line\n",
1274 for( i=1; i < cargc; i++ ) {
1275 if( strcasecmp( cargv[i], "bind_anon" ) == 0 ) {
1276 disallows |= SLAP_DISALLOW_BIND_ANON;
1278 } else if( strcasecmp( cargv[i], "bind_simple" ) == 0 ) {
1279 disallows |= SLAP_DISALLOW_BIND_SIMPLE;
1281 } else if( strcasecmp( cargv[i], "bind_simple_unprotected" ) == 0 ) {
1282 disallows |= SLAP_DISALLOW_BIND_SIMPLE_UNPROTECTED;
1284 } else if( strcasecmp( cargv[i], "bind_krbv4" ) == 0 ) {
1285 disallows |= SLAP_DISALLOW_BIND_KRBV4;
1287 } else if( strcasecmp( cargv[i], "tls_2_anon" ) == 0 ) {
1288 disallows |= SLAP_DISALLOW_TLS_2_ANON;
1290 } else if( strcasecmp( cargv[i], "tls_authc" ) == 0 ) {
1291 disallows |= SLAP_DISALLOW_TLS_AUTHC;
1293 } else if( strcasecmp( cargv[i], "none" ) != 0 ) {
1295 LDAP_LOG( CONFIG, CRIT,
1296 "%s: line %d: unknown feature %s in "
1297 "\"disallow <features>\" line.\n",
1298 fname, lineno, cargv[i] );
1300 Debug( LDAP_DEBUG_ANY,
1301 "%s: line %d: unknown feature %s in \"disallow <features>\" line\n",
1302 fname, lineno, cargv[i] );
1309 global_disallows = disallows;
1311 /* require these features */
1312 } else if ( strcasecmp( cargv[0], "requires" ) == 0 ||
1313 strcasecmp( cargv[0], "require" ) == 0 )
1315 slap_mask_t requires;
1319 LDAP_LOG( CONFIG, CRIT,
1320 "%s: line %d: missing feature(s) in "
1321 "\"require <features>\" line.\n", fname, lineno ,0 );
1323 Debug( LDAP_DEBUG_ANY,
1324 "%s: line %d: missing feature(s) in \"require <features>\" line\n",
1333 for( i=1; i < cargc; i++ ) {
1334 if( strcasecmp( cargv[i], "bind" ) == 0 ) {
1335 requires |= SLAP_REQUIRE_BIND;
1337 } else if( strcasecmp( cargv[i], "LDAPv3" ) == 0 ) {
1338 requires |= SLAP_REQUIRE_LDAP_V3;
1340 } else if( strcasecmp( cargv[i], "authc" ) == 0 ) {
1341 requires |= SLAP_REQUIRE_AUTHC;
1343 } else if( strcasecmp( cargv[i], "SASL" ) == 0 ) {
1344 requires |= SLAP_REQUIRE_SASL;
1346 } else if( strcasecmp( cargv[i], "strong" ) == 0 ) {
1347 requires |= SLAP_REQUIRE_STRONG;
1349 } else if( strcasecmp( cargv[i], "none" ) != 0 ) {
1351 LDAP_LOG( CONFIG, CRIT,
1352 "%s: line %d: unknown feature %s in "
1353 "\"require <features>\" line.\n",
1354 fname, lineno , cargv[i] );
1356 Debug( LDAP_DEBUG_ANY,
1357 "%s: line %d: unknown feature %s in \"require <features>\" line\n",
1358 fname, lineno, cargv[i] );
1366 global_requires = requires;
1368 be->be_requires = requires;
1371 /* required security factors */
1372 } else if ( strcasecmp( cargv[0], "security" ) == 0 ) {
1373 slap_ssf_set_t *set;
1377 LDAP_LOG( CONFIG, CRIT,
1378 "%s: line %d: missing factor(s) in \"security <factors>\""
1379 " line.\n", fname, lineno ,0 );
1381 Debug( LDAP_DEBUG_ANY,
1382 "%s: line %d: missing factor(s) in \"security <factors>\" line\n",
1390 set = &global_ssf_set;
1392 set = &be->be_ssf_set;
1395 for( i=1; i < cargc; i++ ) {
1396 if( strncasecmp( cargv[i], "ssf=",
1397 sizeof("ssf") ) == 0 )
1400 atoi( &cargv[i][sizeof("ssf")] );
1402 } else if( strncasecmp( cargv[i], "transport=",
1403 sizeof("transport") ) == 0 )
1405 set->sss_transport =
1406 atoi( &cargv[i][sizeof("transport")] );
1408 } else if( strncasecmp( cargv[i], "tls=",
1409 sizeof("tls") ) == 0 )
1412 atoi( &cargv[i][sizeof("tls")] );
1414 } else if( strncasecmp( cargv[i], "sasl=",
1415 sizeof("sasl") ) == 0 )
1418 atoi( &cargv[i][sizeof("sasl")] );
1420 } else if( strncasecmp( cargv[i], "update_ssf=",
1421 sizeof("update_ssf") ) == 0 )
1423 set->sss_update_ssf =
1424 atoi( &cargv[i][sizeof("update_ssf")] );
1426 } else if( strncasecmp( cargv[i], "update_transport=",
1427 sizeof("update_transport") ) == 0 )
1429 set->sss_update_transport =
1430 atoi( &cargv[i][sizeof("update_transport")] );
1432 } else if( strncasecmp( cargv[i], "update_tls=",
1433 sizeof("update_tls") ) == 0 )
1435 set->sss_update_tls =
1436 atoi( &cargv[i][sizeof("update_tls")] );
1438 } else if( strncasecmp( cargv[i], "update_sasl=",
1439 sizeof("update_sasl") ) == 0 )
1441 set->sss_update_sasl =
1442 atoi( &cargv[i][sizeof("update_sasl")] );
1446 LDAP_LOG( CONFIG, CRIT,
1447 "%s: line %d: unknown factor %S in "
1448 "\"security <factors>\" line.\n",
1449 fname, lineno, cargv[1] );
1451 Debug( LDAP_DEBUG_ANY,
1452 "%s: line %d: unknown factor %s in \"security <factors>\" line\n",
1453 fname, lineno, cargv[i] );
1459 /* where to send clients when we don't hold it */
1460 } else if ( strcasecmp( cargv[0], "referral" ) == 0 ) {
1463 LDAP_LOG( CONFIG, CRIT,
1464 "%s: line %d: missing URL in \"referral <URL>\""
1465 " line.\n", fname, lineno , 0 );
1467 Debug( LDAP_DEBUG_ANY,
1468 "%s: line %d: missing URL in \"referral <URL>\" line\n",
1475 if( validate_global_referral( cargv[1] ) ) {
1477 LDAP_LOG( CONFIG, CRIT,
1478 "%s: line %d: invalid URL (%s) in \"referral\" line.\n",
1479 fname, lineno, cargv[1] );
1481 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
1482 "invalid URL (%s) in \"referral\" line.\n",
1483 fname, lineno, cargv[1] );
1488 vals[0].bv_val = cargv[1];
1489 vals[0].bv_len = strlen( vals[0].bv_val );
1490 value_add( &default_referral, vals );
1493 } else if ( strcasecmp( cargv[0], "logfile" ) == 0 ) {
1497 LDAP_LOG( CONFIG, CRIT,
1498 "%s: line %d: Error in logfile directive, "
1499 "\"logfile <filename>\"\n", fname, lineno , 0 );
1501 Debug( LDAP_DEBUG_ANY,
1502 "%s: line %d: Error in logfile directive, \"logfile filename\"\n",
1508 logfile = fopen( cargv[1], "w" );
1509 if ( logfile != NULL ) lutil_debug_file( logfile );
1512 /* start of a new database definition */
1513 } else if ( strcasecmp( cargv[0], "debug" ) == 0 ) {
1517 LDAP_LOG( CONFIG, CRIT,
1518 "%s: line %d: Error in debug directive, "
1519 "\"debug <subsys> <level>\"\n", fname, lineno , 0 );
1521 Debug( LDAP_DEBUG_ANY,
1522 "%s: line %d: Error in debug directive, \"debug subsys level\"\n",
1528 level = atoi( cargv[2] );
1529 if ( level <= 0 ) level = lutil_mnem2level( cargv[2] );
1530 lutil_set_debug_level( cargv[1], level );
1531 /* specify an Object Identifier macro */
1532 } else if ( strcasecmp( cargv[0], "objectidentifier" ) == 0 ) {
1533 rc = parse_oidm( fname, lineno, cargc, cargv );
1536 /* specify an objectclass */
1537 } else if ( strcasecmp( cargv[0], "objectclass" ) == 0 ) {
1538 if ( *cargv[1] == '(' ) {
1540 p = strchr(saveline,'(');
1541 rc = parse_oc( fname, lineno, p, cargv );
1546 LDAP_LOG( CONFIG, INFO,
1547 "%s: line %d: old objectclass format not supported\n",
1548 fname, lineno , 0 );
1550 Debug( LDAP_DEBUG_ANY,
1551 "%s: line %d: old objectclass format not supported.\n",
1556 /* specify an attribute type */
1557 } else if (( strcasecmp( cargv[0], "attributetype" ) == 0 )
1558 || ( strcasecmp( cargv[0], "attribute" ) == 0 ))
1560 if ( *cargv[1] == '(' ) {
1562 p = strchr(saveline,'(');
1563 rc = parse_at( fname, lineno, p, cargv );
1568 LDAP_LOG( CONFIG, INFO,
1569 "%s: line %d: old attribute type format not supported.\n",
1570 fname, lineno , 0 );
1572 Debug( LDAP_DEBUG_ANY,
1573 "%s: line %d: old attribute type format not supported.\n",
1579 /* turn on/off schema checking */
1580 } else if ( strcasecmp( cargv[0], "schemacheck" ) == 0 ) {
1583 LDAP_LOG( CONFIG, CRIT,
1584 "%s: line %d: missing on|off in \"schemacheck <on|off>\""
1585 " line.\n", fname, lineno , 0 );
1587 Debug( LDAP_DEBUG_ANY,
1588 "%s: line %d: missing on|off in \"schemacheck <on|off>\" line\n",
1594 if ( strcasecmp( cargv[1], "off" ) == 0 ) {
1596 LDAP_LOG( CONFIG, CRIT,
1597 "%s: line %d: schema checking disabled! your mileage may "
1598 "vary!\n", fname, lineno , 0 );
1600 Debug( LDAP_DEBUG_ANY,
1601 "%s: line %d: schema checking disabled! your mileage may vary!\n",
1604 global_schemacheck = 0;
1606 global_schemacheck = 1;
1609 /* specify access control info */
1610 } else if ( strcasecmp( cargv[0], "access" ) == 0 ) {
1611 parse_acl( be, fname, lineno, cargc, cargv );
1613 /* debug level to log things to syslog */
1614 } else if ( strcasecmp( cargv[0], "loglevel" ) == 0 ) {
1617 LDAP_LOG( CONFIG, CRIT,
1618 "%s: line %d: missing level in \"loglevel <level>\""
1619 " line.\n", fname, lineno , 0 );
1621 Debug( LDAP_DEBUG_ANY,
1622 "%s: line %d: missing level in \"loglevel <level>\" line\n",
1631 for( i=1; i < cargc; i++ ) {
1632 ldap_syslog += atoi( cargv[1] );
1635 /* list of replicas of the data in this backend (master only) */
1636 } else if ( strcasecmp( cargv[0], "replica" ) == 0 ) {
1639 LDAP_LOG( CONFIG, CRIT,
1640 "%s: line %d: missing host in \"replica "
1641 " <host[:port]\" line\n", fname, lineno , 0 );
1643 Debug( LDAP_DEBUG_ANY,
1644 "%s: line %d: missing host in \"replica <host[:port]>\" line\n",
1652 LDAP_LOG( CONFIG, INFO,
1653 "%s: line %d: replica line must appear inside "
1654 "a database definition.\n", fname, lineno, 0);
1656 Debug( LDAP_DEBUG_ANY,
1657 "%s: line %d: replica line must appear inside a database definition\n",
1665 for ( i = 1; i < cargc; i++ ) {
1666 if ( strncasecmp( cargv[i], "host=", 5 )
1668 nr = add_replica_info( be,
1675 LDAP_LOG( CONFIG, INFO,
1676 "%s: line %d: missing host in \"replica\" line\n",
1677 fname, lineno , 0 );
1679 Debug( LDAP_DEBUG_ANY,
1680 "%s: line %d: missing host in \"replica\" line\n",
1685 } else if ( nr == -1 ) {
1687 LDAP_LOG( CONFIG, INFO,
1688 "%s: line %d: unable to add"
1689 " replica \"%s\"\n",
1693 Debug( LDAP_DEBUG_ANY,
1694 "%s: line %d: unable to add replica \"%s\"\n",
1695 fname, lineno, cargv[i] + 5 );
1699 for ( i = 1; i < cargc; i++ ) {
1700 if ( strncasecmp( cargv[i], "suffix=", 7 ) == 0 ) {
1702 switch ( add_replica_suffix( be, nr, cargv[i] + 7 ) ) {
1705 LDAP_LOG( CONFIG, INFO,
1706 "%s: line %d: suffix \"%s\" in \"replica\""
1707 " line is not valid for backend(ignored)\n",
1708 fname, lineno, cargv[i] + 7 );
1710 Debug( LDAP_DEBUG_ANY,
1711 "%s: line %d: suffix \"%s\" in \"replica\" line is not valid for backend (ignored)\n",
1712 fname, lineno, cargv[i] + 7 );
1718 LDAP_LOG( CONFIG, INFO,
1719 "%s: line %d: unable to normalize suffix"
1720 " in \"replica\" line (ignored)\n",
1721 fname, lineno , 0 );
1723 Debug( LDAP_DEBUG_ANY,
1724 "%s: line %d: unable to normalize suffix in \"replica\" line (ignored)\n",
1730 } else if ( strncasecmp( cargv[i], "attr", 4 ) == 0 ) {
1732 char *arg = cargv[i] + 4;
1734 if ( arg[0] == '!' ) {
1739 if ( arg[0] != '=' ) {
1743 if ( add_replica_attrs( be, nr, arg + 1, exclude ) ) {
1745 LDAP_LOG( CONFIG, INFO,
1746 "%s: line %d: attribute \"%s\" in "
1747 "\"replica\" line is unknown\n",
1748 fname, lineno, arg + 1 );
1750 Debug( LDAP_DEBUG_ANY,
1751 "%s: line %d: attribute \"%s\" in \"replica\" line is unknown\n",
1752 fname, lineno, arg + 1 );
1761 /* dn of master entity allowed to write to replica */
1762 } else if ( strcasecmp( cargv[0], "updatedn" ) == 0 ) {
1765 LDAP_LOG( CONFIG, CRIT,
1766 "%s: line %d: missing dn in \"updatedn <dn>\""
1767 " line.\n", fname, lineno , 0 );
1769 Debug( LDAP_DEBUG_ANY,
1770 "%s: line %d: missing dn in \"updatedn <dn>\" line\n",
1778 LDAP_LOG( CONFIG, INFO,
1779 "%s: line %d: updatedn line must appear inside "
1780 "a database definition\n",
1781 fname, lineno , 0 );
1783 Debug( LDAP_DEBUG_ANY,
1784 "%s: line %d: updatedn line must appear inside a database definition\n",
1792 if ( load_ucdata( NULL ) < 0 ) return 1;
1794 dn.bv_val = cargv[1];
1795 dn.bv_len = strlen( cargv[1] );
1797 rc = dnNormalize2( NULL, &dn, &be->be_update_ndn );
1798 if( rc != LDAP_SUCCESS ) {
1800 LDAP_LOG( CONFIG, CRIT,
1801 "%s: line %d: updatedn DN is invalid.\n",
1802 fname, lineno , 0 );
1804 Debug( LDAP_DEBUG_ANY,
1805 "%s: line %d: updatedn DN is invalid\n",
1812 } else if ( strcasecmp( cargv[0], "updateref" ) == 0 ) {
1815 LDAP_LOG( CONFIG, CRIT, "%s: line %d: "
1816 "missing url in \"updateref <ldapurl>\" line.\n",
1817 fname, lineno , 0 );
1819 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
1820 "missing url in \"updateref <ldapurl>\" line\n",
1828 LDAP_LOG( CONFIG, INFO, "%s: line %d: updateref"
1829 " line must appear inside a database definition\n",
1830 fname, lineno , 0 );
1832 Debug( LDAP_DEBUG_ANY, "%s: line %d: updateref"
1833 " line must appear inside a database definition\n",
1838 } else if ( !be->be_update_ndn.bv_len ) {
1840 LDAP_LOG( CONFIG, INFO, "%s: line %d: "
1841 "updateref line must come after updatedn.\n",
1842 fname, lineno , 0 );
1844 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
1845 "updateref line must after updatedn.\n",
1851 if( validate_global_referral( cargv[1] ) ) {
1853 LDAP_LOG( CONFIG, CRIT, "%s: line %d: "
1854 "invalid URL (%s) in \"updateref\" line.\n",
1855 fname, lineno, cargv[1] );
1857 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
1858 "invalid URL (%s) in \"updateref\" line.\n",
1859 fname, lineno, cargv[1] );
1864 vals[0].bv_val = cargv[1];
1865 vals[0].bv_len = strlen( vals[0].bv_val );
1866 value_add( &be->be_update_refs, vals );
1868 /* replication log file to which changes are appended */
1869 } else if ( strcasecmp( cargv[0], "replogfile" ) == 0 ) {
1872 LDAP_LOG( CONFIG, CRIT,
1873 "%s: line %d: missing filename in \"replogfile <filename>\""
1874 " line.\n", fname, lineno , 0 );
1876 Debug( LDAP_DEBUG_ANY,
1877 "%s: line %d: missing filename in \"replogfile <filename>\" line\n",
1884 be->be_replogfile = ch_strdup( cargv[1] );
1886 replogfile = ch_strdup( cargv[1] );
1889 /* file from which to read additional rootdse attrs */
1890 } else if ( strcasecmp( cargv[0], "rootDSE" ) == 0) {
1893 LDAP_LOG( CONFIG, CRIT, "%s: line %d: "
1894 "missing filename in \"rootDSE <filename>\" line.\n",
1895 fname, lineno , 0 );
1897 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
1898 "missing filename in \"rootDSE <filename>\" line.\n",
1904 if( read_root_dse_file( cargv[1] ) ) {
1906 LDAP_LOG( CONFIG, CRIT, "%s: line %d: "
1907 "could not read \"rootDSE <filename>\" line.\n",
1908 fname, lineno , 0 );
1910 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
1911 "could not read \"rootDSE <filename>\" line\n",
1917 /* maintain lastmodified{by,time} attributes */
1918 } else if ( strcasecmp( cargv[0], "lastmod" ) == 0 ) {
1921 LDAP_LOG( CONFIG, CRIT,
1922 "%s: line %d: missing on|off in \"lastmod <on|off>\""
1923 " line.\n", fname, lineno , 0 );
1925 Debug( LDAP_DEBUG_ANY,
1926 "%s: line %d: missing on|off in \"lastmod <on|off>\" line\n",
1932 if ( strcasecmp( cargv[1], "on" ) == 0 ) {
1934 be->be_flags &= ~SLAP_BFLAG_NOLASTMOD;
1940 be->be_flags |= SLAP_BFLAG_NOLASTMOD;
1947 /* turn on/off gentle SIGHUP handling */
1948 } else if ( strcasecmp( cargv[0], "gentlehup" ) == 0 ) {
1950 Debug( LDAP_DEBUG_ANY,
1951 "%s: line %d: missing on|off in \"gentlehup <on|off>\" line\n",
1955 if ( strcasecmp( cargv[1], "off" ) == 0 ) {
1956 global_gentlehup = 0;
1958 global_gentlehup = 1;
1962 /* set idle timeout value */
1963 } else if ( strcasecmp( cargv[0], "idletimeout" ) == 0 ) {
1967 LDAP_LOG( CONFIG, CRIT,
1968 "%s: line %d: missing timeout value in "
1969 "\"idletimeout <seconds>\" line.\n", fname, lineno , 0 );
1971 Debug( LDAP_DEBUG_ANY,
1972 "%s: line %d: missing timeout value in \"idletimeout <seconds>\" line\n",
1979 i = atoi( cargv[1] );
1983 LDAP_LOG( CONFIG, CRIT,
1984 "%s: line %d: timeout value (%d) invalid "
1985 "\"idletimeout <seconds>\" line.\n", fname, lineno, i );
1987 Debug( LDAP_DEBUG_ANY,
1988 "%s: line %d: timeout value (%d) invalid \"idletimeout <seconds>\" line\n",
1995 global_idletimeout = i;
1997 /* include another config file */
1998 } else if ( strcasecmp( cargv[0], "include" ) == 0 ) {
2001 LDAP_LOG( CONFIG, CRIT,
2002 "%s: line %d: missing filename in \"include "
2003 "<filename>\" line.\n", fname, lineno , 0 );
2005 Debug( LDAP_DEBUG_ANY,
2006 "%s: line %d: missing filename in \"include <filename>\" line\n",
2012 savefname = ch_strdup( cargv[1] );
2013 savelineno = lineno;
2015 if ( read_config( savefname ) != 0 ) {
2020 lineno = savelineno - 1;
2022 /* location of kerberos srvtab file */
2023 } else if ( strcasecmp( cargv[0], "srvtab" ) == 0 ) {
2026 LDAP_LOG( CONFIG, CRIT,
2027 "%s: line %d: missing filename in \"srvtab "
2028 "<filename>\" line.\n", fname, lineno , 0 );
2030 Debug( LDAP_DEBUG_ANY,
2031 "%s: line %d: missing filename in \"srvtab <filename>\" line\n",
2037 ldap_srvtab = ch_strdup( cargv[1] );
2039 #ifdef SLAPD_MODULES
2040 } else if (strcasecmp( cargv[0], "moduleload") == 0 ) {
2043 LDAP_LOG( CONFIG, INFO,
2044 "%s: line %d: missing filename in \"moduleload "
2045 "<filename>\" line.\n", fname, lineno , 0 );
2047 Debug( LDAP_DEBUG_ANY,
2048 "%s: line %d: missing filename in \"moduleload <filename>\" line\n",
2052 exit( EXIT_FAILURE );
2054 if (module_load(cargv[1], cargc - 2, (cargc > 2) ? cargv + 2 : NULL)) {
2056 LDAP_LOG( CONFIG, CRIT,
2057 "%s: line %d: failed to load or initialize module %s\n",
2058 fname, lineno, cargv[1] );
2060 Debug( LDAP_DEBUG_ANY,
2061 "%s: line %d: failed to load or initialize module %s\n",
2062 fname, lineno, cargv[1]);
2065 exit( EXIT_FAILURE );
2067 } else if (strcasecmp( cargv[0], "modulepath") == 0 ) {
2070 LDAP_LOG( CONFIG, INFO,
2071 "%s: line %d: missing path in \"modulepath <path>\""
2072 " line\n", fname, lineno , 0 );
2074 Debug( LDAP_DEBUG_ANY,
2075 "%s: line %d: missing path in \"modulepath <path>\" line\n",
2079 exit( EXIT_FAILURE );
2081 if (module_path( cargv[1] )) {
2083 LDAP_LOG( CONFIG, CRIT,
2084 "%s: line %d: failed to set module search path to %s.\n",
2085 fname, lineno, cargv[1] );
2087 Debug( LDAP_DEBUG_ANY,
2088 "%s: line %d: failed to set module search path to %s\n",
2089 fname, lineno, cargv[1]);
2092 exit( EXIT_FAILURE );
2095 #endif /*SLAPD_MODULES*/
2098 } else if ( !strcasecmp( cargv[0], "TLSRandFile" ) ) {
2099 rc = ldap_pvt_tls_set_option( NULL,
2100 LDAP_OPT_X_TLS_RANDOM_FILE,
2105 } else if ( !strcasecmp( cargv[0], "TLSCipherSuite" ) ) {
2106 rc = ldap_pvt_tls_set_option( NULL,
2107 LDAP_OPT_X_TLS_CIPHER_SUITE,
2112 } else if ( !strcasecmp( cargv[0], "TLSCertificateFile" ) ) {
2113 rc = ldap_pvt_tls_set_option( NULL,
2114 LDAP_OPT_X_TLS_CERTFILE,
2119 } else if ( !strcasecmp( cargv[0], "TLSCertificateKeyFile" ) ) {
2120 rc = ldap_pvt_tls_set_option( NULL,
2121 LDAP_OPT_X_TLS_KEYFILE,
2126 } else if ( !strcasecmp( cargv[0], "TLSCACertificatePath" ) ) {
2127 rc = ldap_pvt_tls_set_option( NULL,
2128 LDAP_OPT_X_TLS_CACERTDIR,
2133 } else if ( !strcasecmp( cargv[0], "TLSCACertificateFile" ) ) {
2134 rc = ldap_pvt_tls_set_option( NULL,
2135 LDAP_OPT_X_TLS_CACERTFILE,
2139 } else if ( !strcasecmp( cargv[0], "TLSVerifyClient" ) ) {
2140 if ( isdigit( (unsigned char) cargv[1][0] ) ) {
2142 rc = ldap_pvt_tls_set_option( NULL,
2143 LDAP_OPT_X_TLS_REQUIRE_CERT,
2146 rc = ldap_int_tls_config( NULL,
2147 LDAP_OPT_X_TLS_REQUIRE_CERT,
2156 } else if ( !strcasecmp( cargv[0], "reverse-lookup" ) ) {
2157 #ifdef SLAPD_RLOOKUPS
2160 LDAP_LOG( CONFIG, INFO,
2161 "%s: line %d: reverse-lookup: missing \"on\" or \"off\"\n",
2162 fname, lineno , 0 );
2164 Debug( LDAP_DEBUG_ANY,
2165 "%s: line %d: reverse-lookup: missing \"on\" or \"off\"\n",
2171 if ( !strcasecmp( cargv[1], "on" ) ) {
2172 use_reverse_lookup = 1;
2173 } else if ( !strcasecmp( cargv[1], "off" ) ) {
2174 use_reverse_lookup = 0;
2177 LDAP_LOG( CONFIG, INFO,
2178 "%s: line %d: reverse-lookup: "
2179 "must be \"on\" (default) or \"off\"\n", fname, lineno, 0 );
2181 Debug( LDAP_DEBUG_ANY,
2182 "%s: line %d: reverse-lookup: must be \"on\" (default) or \"off\"\n",
2188 #else /* !SLAPD_RLOOKUPS */
2190 LDAP_LOG( CONFIG, INFO,
2191 "%s: line %d: reverse lookups "
2192 "are not configured (ignored).\n", fname, lineno , 0 );
2194 Debug( LDAP_DEBUG_ANY,
2195 "%s: line %d: reverse lookups are not configured (ignored).\n",
2198 #endif /* !SLAPD_RLOOKUPS */
2200 /* pass anything else to the current backend info/db config routine */
2203 if ( bi->bi_config == 0 ) {
2205 LDAP_LOG( CONFIG, INFO,
2206 "%s: line %d: unknown directive \"%s\" inside "
2207 "backend info definition (ignored).\n",
2208 fname, lineno, cargv[0] );
2210 Debug( LDAP_DEBUG_ANY,
2211 "%s: line %d: unknown directive \"%s\" inside backend info definition (ignored)\n",
2212 fname, lineno, cargv[0] );
2216 if ( (*bi->bi_config)( bi, fname, lineno, cargc, cargv )
2222 } else if ( be != NULL ) {
2223 if ( be->be_config == 0 ) {
2225 LDAP_LOG( CONFIG, INFO,
2226 "%s: line %d: uknown directive \"%s\" inside "
2227 "backend database definition (ignored).\n",
2228 fname, lineno, cargv[0] );
2230 Debug( LDAP_DEBUG_ANY,
2231 "%s: line %d: unknown directive \"%s\" inside backend database definition (ignored)\n",
2232 fname, lineno, cargv[0] );
2236 if ( (*be->be_config)( be, fname, lineno, cargc, cargv )
2244 LDAP_LOG( CONFIG, INFO,
2245 "%s: line %d: unknown directive \"%s\" outside backend "
2246 "info and database definitions (ignored).\n",
2247 fname, lineno, cargv[0] );
2249 Debug( LDAP_DEBUG_ANY,
2250 "%s: line %d: unknown directive \"%s\" outside backend info and database definitions (ignored)\n",
2251 fname, lineno, cargv[0] );
2260 if ( load_ucdata( NULL ) < 0 ) return 1;
2272 char logbuf[sizeof("pseudorootpw ***")];
2275 token = strtok_quote( line, " \t" );
2279 if ( token && ( strcasecmp( token, "rootpw" ) == 0 ||
2280 strcasecmp( token, "replica" ) == 0 || /* contains "credentials" */
2281 strcasecmp( token, "bindpw" ) == 0 || /* used in back-ldap */
2282 strcasecmp( token, "pseudorootpw" ) == 0 || /* used in back-meta */
2283 strcasecmp( token, "dbpasswd" ) == 0 ) ) /* used in back-sql */
2285 snprintf( logline = logbuf, sizeof logbuf, "%s ***", token );
2288 if ( strtok_quote_ptr ) {
2289 *strtok_quote_ptr = ' ';
2293 LDAP_LOG( CONFIG, DETAIL1, "line %d (%s)\n", lineno, logline , 0 );
2295 Debug( LDAP_DEBUG_CONFIG, "line %d (%s)\n", lineno, logline, 0 );
2298 if ( strtok_quote_ptr ) {
2299 *strtok_quote_ptr = '\0';
2302 for ( ; token != NULL; token = strtok_quote( NULL, " \t" ) ) {
2303 if ( cargc == cargv_size - 1 ) {
2305 tmp = ch_realloc( cargv, (cargv_size + ARGS_STEP) *
2307 if ( tmp == NULL ) {
2309 LDAP_LOG( CONFIG, ERR, "line %d: out of memory\n", lineno, 0,0 );
2311 Debug( LDAP_DEBUG_ANY,
2312 "line %d: out of memory\n",
2318 cargv_size += ARGS_STEP;
2320 cargv[cargc++] = token;
2322 cargv[cargc] = NULL;
2327 strtok_quote( char *line, char *sep )
2333 strtok_quote_ptr = NULL;
2334 if ( line != NULL ) {
2337 while ( *next && strchr( sep, *next ) ) {
2341 if ( *next == '\0' ) {
2347 for ( inquote = 0; *next; ) {
2355 AC_MEMCPY( next, next + 1, strlen( next + 1 ) + 1 );
2361 next + 1, strlen( next + 1 ) + 1 );
2362 next++; /* dont parse the escaped character */
2367 if ( strchr( sep, *next ) != NULL ) {
2368 strtok_quote_ptr = next;
2381 static char buf[BUFSIZ];
2383 static size_t lmax, lcur;
2385 #define CATLINE( buf ) \
2387 size_t len = strlen( buf ); \
2388 while ( lcur + len + 1 > lmax ) { \
2390 line = (char *) ch_realloc( line, lmax ); \
2392 strcpy( line + lcur, buf ); \
2397 fp_getline( FILE *fp, int *lineno )
2405 /* hack attack - keeps us from having to keep a stack of bufs... */
2406 if ( strncasecmp( line, "include", 7 ) == 0 ) {
2411 while ( fgets( buf, sizeof(buf), fp ) != NULL ) {
2412 /* trim off \r\n or \n */
2413 if ( (p = strchr( buf, '\n' )) != NULL ) {
2414 if( p > buf && p[-1] == '\r' ) --p;
2418 /* trim off trailing \ and append the next line */
2419 if ( line[ 0 ] != '\0'
2420 && (p = line + strlen( line ) - 1)[ 0 ] == '\\'
2421 && p[ -1 ] != '\\' ) {
2426 if ( ! isspace( (unsigned char) buf[0] ) ) {
2430 /* change leading whitespace to a space */
2439 return( line[0] ? line : NULL );
2443 fp_getline_init( int *lineno )
2449 /* Loads ucdata, returns 1 if loading, 0 if already loaded, -1 on error */
2451 load_ucdata( char *path )
2453 static int loaded = 0;
2459 err = ucdata_load( path ? path : SLAPD_DEFAULT_UCDATA, UCDATA_ALL );
2462 LDAP_LOG( CONFIG, CRIT,
2463 "load_ucdata: Error %d loading ucdata.\n", err, 0,0 );
2465 Debug( LDAP_DEBUG_ANY, "error loading ucdata (error %d)\n",
2478 ucdata_unload( UCDATA_ALL );
2480 if ( slapd_args_file )
2481 free ( slapd_args_file );
2482 if ( slapd_pid_file )
2483 free ( slapd_pid_file );
2484 acl_destroy( global_acl, NULL );