1 /* config.c - configuration file handling routines */
4 * Copyright 1998-2003 The OpenLDAP Foundation, All Rights Reserved.
5 * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
12 #include <ac/string.h>
14 #include <ac/signal.h>
15 #include <ac/socket.h>
28 * defaults for various global variables
30 struct slap_limits_set deflimit = {
31 SLAPD_DEFAULT_TIMELIMIT, /* backward compatible limits */
34 SLAPD_DEFAULT_SIZELIMIT, /* backward compatible limits */
36 -1, /* no limit on unchecked size */
38 0 /* hide number of entries left */
41 AccessControl *global_acl = NULL;
42 slap_access_t global_default_access = ACL_READ;
43 slap_mask_t global_restrictops = 0;
44 slap_mask_t global_allows = 0;
45 slap_mask_t global_disallows = 0;
46 slap_mask_t global_requires = 0;
47 slap_ssf_set_t global_ssf_set;
49 int global_gentlehup = 0;
50 int global_idletimeout = 0;
51 char *global_host = NULL;
52 char *global_realm = NULL;
53 char *ldap_srvtab = "";
54 char *default_passwd_hash = NULL;
55 int cargc = 0, cargv_size = 0;
57 struct berval default_search_base = { 0, NULL };
58 struct berval default_search_nbase = { 0, NULL };
59 unsigned num_subordinates = 0;
60 struct berval global_schemadn = { 0, NULL };
61 struct berval global_schemandn = { 0, NULL };
63 ber_len_t sockbuf_max_incoming = SLAP_SB_MAX_INCOMING_DEFAULT;
64 ber_len_t sockbuf_max_incoming_auth= SLAP_SB_MAX_INCOMING_AUTH;
66 int slap_conn_max_pending = SLAP_CONN_MAX_PENDING_DEFAULT;
67 int slap_conn_max_pending_auth = SLAP_CONN_MAX_PENDING_AUTH;
69 char *slapd_pid_file = NULL;
70 char *slapd_args_file = NULL;
72 char *strtok_quote_ptr;
74 int use_reverse_lookup = 0;
76 static char *fp_getline(FILE *fp, int *lineno);
77 static void fp_getline_init(int *lineno);
78 static int fp_parse_line(int lineno, char *line);
80 static char *strtok_quote(char *line, char *sep);
81 static int load_ucdata(char *path);
84 read_config( const char *fname, int depth )
87 char *line, *savefname, *saveline;
91 struct berval vals[2];
93 static int lastmod = 1;
94 static BackendInfo *bi = NULL;
95 static BackendDB *be = NULL;
97 vals[1].bv_val = NULL;
100 cargv = ch_calloc( ARGS_STEP + 1, sizeof(*cargv) );
101 cargv_size = ARGS_STEP + 1;
104 if ( (fp = fopen( fname, "r" )) == NULL ) {
107 LDAP_LOG( CONFIG, ENTRY,
108 "read_config: " "could not open config file \"%s\": %s (%d)\n",
109 fname, strerror(errno), errno );
111 Debug( LDAP_DEBUG_ANY,
112 "could not open config file \"%s\": %s (%d)\n",
113 fname, strerror(errno), errno );
119 LDAP_LOG( CONFIG, ENTRY,
120 "read_config: reading config file %s\n", fname, 0, 0 );
122 Debug( LDAP_DEBUG_CONFIG, "reading config file %s\n", fname, 0, 0 );
126 fp_getline_init( &lineno );
128 while ( (line = fp_getline( fp, &lineno )) != NULL ) {
129 /* skip comments and blank lines */
130 if ( line[0] == '#' || line[0] == '\0' ) {
134 /* fp_parse_line is destructive, we save a copy */
135 saveline = ch_strdup( line );
137 if ( fp_parse_line( lineno, line ) != 0 ) {
143 LDAP_LOG( CONFIG, INFO,
144 "%s: line %d: bad config line (ignored)\n", fname, lineno, 0 );
146 Debug( LDAP_DEBUG_ANY,
147 "%s: line %d: bad config line (ignored)\n",
154 if ( strcasecmp( cargv[0], "backend" ) == 0 ) {
157 LDAP_LOG( CONFIG, CRIT,
158 "%s : line %d: missing type in \"backend\" line.\n",
161 Debug( LDAP_DEBUG_ANY,
162 "%s: line %d: missing type in \"backend <type>\" line\n",
171 LDAP_LOG( CONFIG, CRIT,
172 "%s: line %d: backend line must appear before any "
173 "database definition.\n", fname, lineno , 0 );
175 Debug( LDAP_DEBUG_ANY,
176 "%s: line %d: backend line must appear before any database definition\n",
183 bi = backend_info( cargv[1] );
187 LDAP_LOG( CONFIG, CRIT,
188 "read_config: backend %s initialization failed.\n",
191 Debug( LDAP_DEBUG_ANY,
192 "backend %s initialization failed.\n",
198 } else if ( strcasecmp( cargv[0], "database" ) == 0 ) {
201 LDAP_LOG( CONFIG, CRIT,
202 "%s: line %d: missing type in \"database <type>\" line\n",
205 Debug( LDAP_DEBUG_ANY,
206 "%s: line %d: missing type in \"database <type>\" line\n",
214 be = backend_db_init( cargv[1] );
218 LDAP_LOG( CONFIG, CRIT,
219 "database %s initialization failed.\n", cargv[1], 0, 0 );
221 Debug( LDAP_DEBUG_ANY,
222 "database %s initialization failed.\n",
229 /* set thread concurrency */
230 } else if ( strcasecmp( cargv[0], "concurrency" ) == 0 ) {
234 LDAP_LOG( CONFIG, CRIT,
235 "%s: line %d: missing level in \"concurrency <level\" "
236 " line\n", fname, lineno, 0 );
238 Debug( LDAP_DEBUG_ANY,
239 "%s: line %d: missing level in \"concurrency <level>\" line\n",
246 c = atoi( cargv[1] );
250 LDAP_LOG( CONFIG, CRIT,
251 "%s: line %d: invalid level (%d) in "
252 "\"concurrency <level>\" line.\n", fname, lineno, c );
254 Debug( LDAP_DEBUG_ANY,
255 "%s: line %d: invalid level (%d) in \"concurrency <level>\" line\n",
262 ldap_pvt_thread_set_concurrency( c );
264 /* set sockbuf max */
265 } else if ( strcasecmp( cargv[0], "sockbuf_max_incoming" ) == 0 ) {
269 LDAP_LOG( CONFIG, CRIT,
270 "%s: line %d: missing max in \"sockbuf_max_incoming "
271 "<bytes>\" line\n", fname, lineno, 0 );
273 Debug( LDAP_DEBUG_ANY,
274 "%s: line %d: missing max in \"sockbuf_max_incoming <bytes>\" line\n",
281 max = atol( cargv[1] );
285 LDAP_LOG( CONFIG, CRIT,
286 "%s: line %d: invalid max value (%ld) in "
287 "\"sockbuf_max_incoming <bytes>\" line.\n",
288 fname, lineno, max );
290 Debug( LDAP_DEBUG_ANY,
291 "%s: line %d: invalid max value (%ld) in "
292 "\"sockbuf_max_incoming <bytes>\" line.\n",
293 fname, lineno, max );
299 sockbuf_max_incoming = max;
301 /* set sockbuf max authenticated */
302 } else if ( strcasecmp( cargv[0], "sockbuf_max_incoming_auth" ) == 0 ) {
306 LDAP_LOG( CONFIG, CRIT,
307 "%s: line %d: missing max in \"sockbuf_max_incoming_auth "
308 "<bytes>\" line\n", fname, lineno, 0 );
310 Debug( LDAP_DEBUG_ANY,
311 "%s: line %d: missing max in \"sockbuf_max_incoming_auth <bytes>\" line\n",
318 max = atol( cargv[1] );
322 LDAP_LOG( CONFIG, CRIT,
323 "%s: line %d: invalid max value (%ld) in "
324 "\"sockbuf_max_incoming_auth <bytes>\" line.\n",
325 fname, lineno, max );
327 Debug( LDAP_DEBUG_ANY,
328 "%s: line %d: invalid max value (%ld) in "
329 "\"sockbuf_max_incoming_auth <bytes>\" line.\n",
330 fname, lineno, max );
336 sockbuf_max_incoming_auth = max;
338 /* set conn pending max */
339 } else if ( strcasecmp( cargv[0], "conn_max_pending" ) == 0 ) {
343 LDAP_LOG( CONFIG, CRIT,
344 "%s: line %d: missing max in \"conn_max_pending "
345 "<requests>\" line\n", fname, lineno, 0 );
347 Debug( LDAP_DEBUG_ANY,
348 "%s: line %d: missing max in \"conn_max_pending <requests>\" line\n",
355 max = atol( cargv[1] );
359 LDAP_LOG( CONFIG, CRIT,
360 "%s: line %d: invalid max value (%ld) in "
361 "\"conn_max_pending <requests>\" line.\n",
362 fname, lineno, max );
364 Debug( LDAP_DEBUG_ANY,
365 "%s: line %d: invalid max value (%ld) in "
366 "\"conn_max_pending <requests>\" line.\n",
367 fname, lineno, max );
373 slap_conn_max_pending = max;
375 /* set conn pending max authenticated */
376 } else if ( strcasecmp( cargv[0], "conn_max_pending_auth" ) == 0 ) {
380 LDAP_LOG( CONFIG, CRIT,
381 "%s: line %d: missing max in \"conn_max_pending_auth "
382 "<requests>\" line\n", fname, lineno, 0 );
384 Debug( LDAP_DEBUG_ANY,
385 "%s: line %d: missing max in \"conn_max_pending_auth <requests>\" line\n",
392 max = atol( cargv[1] );
396 LDAP_LOG( CONFIG, CRIT,
397 "%s: line %d: invalid max value (%ld) in "
398 "\"conn_max_pending_auth <requests>\" line.\n",
399 fname, lineno, max );
401 Debug( LDAP_DEBUG_ANY,
402 "%s: line %d: invalid max value (%ld) in "
403 "\"conn_max_pending_auth <requests>\" line.\n",
404 fname, lineno, max );
410 slap_conn_max_pending_auth = max;
412 /* default search base */
413 } else if ( strcasecmp( cargv[0], "defaultSearchBase" ) == 0 ) {
416 LDAP_LOG( CONFIG, CRIT,
417 "%s: line %d: missing dn in \"defaultSearchBase <dn\" "
418 "line\n", fname, lineno, 0 );
420 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
421 "missing dn in \"defaultSearchBase <dn>\" line\n",
427 } else if ( cargc > 2 ) {
429 LDAP_LOG( CONFIG, INFO,
430 "%s: line %d: extra cruft after <dn> in "
431 "\"defaultSearchBase %s\" line (ignored)\n",
432 fname, lineno, cargv[1] );
434 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
435 "extra cruft after <dn> in \"defaultSearchBase %s\", "
437 fname, lineno, cargv[1] );
441 if ( bi != NULL || be != NULL ) {
443 LDAP_LOG( CONFIG, CRIT,
444 "%s: line %d: defaultSearchBase line must appear "
445 "prior to any backend or database definitions\n",
448 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
449 "defaultSearchBaase line must appear prior to "
450 "any backend or database definition\n",
457 if ( default_search_nbase.bv_len ) {
459 LDAP_LOG( CONFIG, INFO, "%s: line %d: "
460 "default search base \"%s\" already defined "
461 "(discarding old)\n", fname, lineno,
462 default_search_base.bv_val );
464 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
465 "default search base \"%s\" already defined "
466 "(discarding old)\n",
467 fname, lineno, default_search_base.bv_val );
470 free( default_search_base.bv_val );
471 free( default_search_nbase.bv_val );
474 if ( load_ucdata( NULL ) < 0 ) return 1;
479 dn.bv_val = cargv[1];
480 dn.bv_len = strlen( dn.bv_val );
482 rc = dnPrettyNormal( NULL, &dn,
483 &default_search_base,
484 &default_search_nbase, NULL );
486 if( rc != LDAP_SUCCESS ) {
488 LDAP_LOG( CONFIG, CRIT,
489 "%s: line %d: defaultSearchBase DN is invalid.\n",
492 Debug( LDAP_DEBUG_ANY,
493 "%s: line %d: defaultSearchBase DN is invalid\n",
500 /* set maximum threads in thread pool */
501 } else if ( strcasecmp( cargv[0], "threads" ) == 0 ) {
505 LDAP_LOG( CONFIG, CRIT,
506 "%s: line %d: missing count in \"threads <count>\" line\n",
509 Debug( LDAP_DEBUG_ANY,
510 "%s: line %d: missing count in \"threads <count>\" line\n",
517 c = atoi( cargv[1] );
521 LDAP_LOG( CONFIG, CRIT,
522 "%s: line %d: invalid level (%d) in \"threads <count>\""
523 "line\n", fname, lineno, c );
525 Debug( LDAP_DEBUG_ANY,
526 "%s: line %d: invalid level (%d) in \"threads <count>\" line\n",
533 ldap_pvt_thread_pool_maxthreads( &connection_pool, c );
535 /* save for later use */
536 connection_pool_max = c;
538 /* get pid file name */
539 } else if ( strcasecmp( cargv[0], "pidfile" ) == 0 ) {
542 LDAP_LOG( CONFIG, CRIT,
543 "%s: line %d missing file name in \"pidfile <file>\" "
544 "line.\n", fname, lineno, 0 );
546 Debug( LDAP_DEBUG_ANY,
547 "%s: line %d: missing file name in \"pidfile <file>\" line\n",
554 slapd_pid_file = ch_strdup( cargv[1] );
556 /* get args file name */
557 } else if ( strcasecmp( cargv[0], "argsfile" ) == 0 ) {
560 LDAP_LOG( CONFIG, CRIT,
561 "%s: %d: missing file name in "
562 "\"argsfile <file>\" line.\n",
565 Debug( LDAP_DEBUG_ANY,
566 "%s: line %d: missing file name in \"argsfile <file>\" line\n",
573 slapd_args_file = ch_strdup( cargv[1] );
575 /* default password hash */
576 } else if ( strcasecmp( cargv[0], "password-hash" ) == 0 ) {
579 LDAP_LOG( CONFIG, CRIT,
580 "%s: line %d: missing hash in "
581 "\"password-hash <hash>\" line.\n",
584 Debug( LDAP_DEBUG_ANY,
585 "%s: line %d: missing hash in \"password-hash <hash>\" line\n",
591 if ( default_passwd_hash != NULL ) {
593 LDAP_LOG( CONFIG, CRIT,
594 "%s: line %d: already set default password_hash!\n",
597 Debug( LDAP_DEBUG_ANY,
598 "%s: line %d: already set default password_hash!\n",
606 if ( lutil_passwd_scheme( cargv[1] ) == 0 ) {
608 LDAP_LOG( CONFIG, CRIT,
609 "%s: line %d: password scheme \"%s\" not available\n",
610 fname, lineno, cargv[1] );
612 Debug( LDAP_DEBUG_ANY,
613 "%s: line %d: password scheme \"%s\" not available\n",
614 fname, lineno, cargv[1] );
619 default_passwd_hash = ch_strdup( cargv[1] );
621 } else if ( strcasecmp( cargv[0], "password-crypt-salt-format" ) == 0 )
625 LDAP_LOG( CONFIG, CRIT,
626 "%s: line %d: missing format in "
627 "\"password-crypt-salt-format <format>\" line\n",
630 Debug( LDAP_DEBUG_ANY, "%s: line %d: missing format in "
631 "\"password-crypt-salt-format <format>\" line\n",
638 lutil_salt_format( cargv[1] );
640 /* SASL config options */
641 } else if ( strncasecmp( cargv[0], "sasl", 4 ) == 0 ) {
642 if ( slap_sasl_config( cargc, cargv, line, fname, lineno ) )
645 } else if ( strcasecmp( cargv[0], "schemadn" ) == 0 ) {
649 LDAP_LOG( CONFIG, CRIT,
650 "%s: line %d: missing dn in "
651 "\"schemadn <dn>\" line.\n", fname, lineno, 0 );
653 Debug( LDAP_DEBUG_ANY,
654 "%s: line %d: missing dn in \"schemadn <dn>\" line\n",
659 ber_str2bv( cargv[1], 0, 0, &dn );
661 rc = dnPrettyNormal( NULL, &dn, &be->be_schemadn,
662 &be->be_schemandn, NULL );
664 rc = dnPrettyNormal( NULL, &dn, &global_schemadn,
665 &global_schemandn, NULL );
667 if ( rc != LDAP_SUCCESS ) {
669 LDAP_LOG( CONFIG, CRIT,
670 "%s: line %d: schemadn DN is invalid.\n",
673 Debug( LDAP_DEBUG_ANY,
674 "%s: line %d: schemadn DN is invalid\n",
680 /* set UCDATA path */
681 } else if ( strcasecmp( cargv[0], "ucdata-path" ) == 0 ) {
685 LDAP_LOG( CONFIG, CRIT,
686 "%s: line %d: missing path in "
687 "\"ucdata-path <path>\" line.\n", fname, lineno, 0 );
689 Debug( LDAP_DEBUG_ANY,
690 "%s: line %d: missing path in \"ucdata-path <path>\" line\n",
697 err = load_ucdata( cargv[1] );
701 LDAP_LOG( CONFIG, CRIT,
702 "%s: line %d: ucdata already loaded, ucdata-path "
703 "must be set earlier in the file and/or be "
704 "specified only once!\n", fname, lineno, 0 );
706 Debug( LDAP_DEBUG_ANY,
707 "%s: line %d: ucdata already loaded, ucdata-path must be set earlier in the file and/or be specified only once!\n",
716 } else if ( strcasecmp( cargv[0], "sizelimit" ) == 0 ) {
718 struct slap_limits_set *lim;
722 LDAP_LOG( CONFIG, CRIT,
723 "%s: line %d: missing limit in \"sizelimit <limit>\" "
724 "line.\n", fname, lineno, 0 );
726 Debug( LDAP_DEBUG_ANY,
727 "%s: line %d: missing limit in \"sizelimit <limit>\" line\n",
737 lim = &be->be_def_limit;
740 for ( i = 1; i < cargc; i++ ) {
741 if ( strncasecmp( cargv[i], "size", 4 ) == 0 ) {
742 rc = parse_limit( cargv[i], lim );
745 LDAP_LOG( CONFIG, CRIT,
746 "%s: line %d: unable "
747 "to parse value \"%s\" in \"sizelimit "
748 "<limit>\" line.\n", fname, lineno, cargv[i] );
750 Debug( LDAP_DEBUG_ANY,
751 "%s: line %d: unable "
752 "to parse value \"%s\" "
755 fname, lineno, cargv[i] );
761 if ( strcasecmp( cargv[i], "unlimited" ) == 0 ) {
762 lim->lms_s_soft = -1;
766 lim->lms_s_soft = strtol( cargv[i] , &next, 0 );
767 if ( next == cargv[i] ) {
769 LDAP_LOG( CONFIG, CRIT,
770 "%s: line %d: unable to parse limit \"%s\" in \"sizelimit <limit>\" "
771 "line.\n", fname, lineno, cargv[i] );
773 Debug( LDAP_DEBUG_ANY,
774 "%s: line %d: unable to parse limit \"%s\" in \"sizelimit <limit>\" line\n",
775 fname, lineno, cargv[i] );
779 } else if ( next[0] != '\0' ) {
781 LDAP_LOG( CONFIG, CRIT,
782 "%s: line %d: trailing chars \"%s\" in \"sizelimit <limit>\" "
783 "line ignored.\n", fname, lineno, next );
785 Debug( LDAP_DEBUG_ANY,
786 "%s: line %d: trailing chars \"%s\" in \"sizelimit <limit>\" line ignored\n",
787 fname, lineno, next );
796 } else if ( strcasecmp( cargv[0], "timelimit" ) == 0 ) {
798 struct slap_limits_set *lim;
802 LDAP_LOG( CONFIG, CRIT,
803 "%s: line %d missing limit in \"timelimit <limit>\" "
804 "line.\n", fname, lineno, 0 );
806 Debug( LDAP_DEBUG_ANY,
807 "%s: line %d: missing limit in \"timelimit <limit>\" line\n",
817 lim = &be->be_def_limit;
820 for ( i = 1; i < cargc; i++ ) {
821 if ( strncasecmp( cargv[i], "time", 4 ) == 0 ) {
822 rc = parse_limit( cargv[i], lim );
825 LDAP_LOG( CONFIG, CRIT,
826 "%s: line %d: unable to parse value \"%s\" "
827 "in \"timelimit <limit>\" line.\n",
828 fname, lineno, cargv[i] );
830 Debug( LDAP_DEBUG_ANY,
831 "%s: line %d: unable "
832 "to parse value \"%s\" "
835 fname, lineno, cargv[i] );
841 if ( strcasecmp( cargv[i], "unlimited" ) == 0 ) {
842 lim->lms_t_soft = -1;
846 lim->lms_t_soft = strtol( cargv[i] , &next, 0 );
847 if ( next == cargv[i] ) {
849 LDAP_LOG( CONFIG, CRIT,
850 "%s: line %d: unable to parse limit \"%s\" in \"timelimit <limit>\" "
851 "line.\n", fname, lineno, cargv[i] );
853 Debug( LDAP_DEBUG_ANY,
854 "%s: line %d: unable to parse limit \"%s\" in \"timelimit <limit>\" line\n",
855 fname, lineno, cargv[i] );
859 } else if ( next[0] != '\0' ) {
861 LDAP_LOG( CONFIG, CRIT,
862 "%s: line %d: trailing chars \"%s\" in \"timelimit <limit>\" "
863 "line ignored.\n", fname, lineno, next );
865 Debug( LDAP_DEBUG_ANY,
866 "%s: line %d: trailing chars \"%s\" in \"timelimit <limit>\" line ignored\n",
867 fname, lineno, next );
875 /* set regex-based limits */
876 } else if ( strcasecmp( cargv[0], "limits" ) == 0 ) {
879 LDAP_LOG( CONFIG, WARNING,
880 "%s: line %d \"limits\" allowed only in database "
881 "environment.\n", fname, lineno, 0 );
883 Debug( LDAP_DEBUG_ANY,
884 "%s: line %d \"limits\" allowed only in database environment.\n%s",
890 if ( parse_limits( be, fname, lineno, cargc, cargv ) ) {
894 /* mark this as a subordinate database */
895 } else if ( strcasecmp( cargv[0], "subordinate" ) == 0 ) {
898 LDAP_LOG( CONFIG, INFO, "%s: line %d: "
899 "subordinate keyword must appear inside a database "
900 "definition.\n", fname, lineno, 0 );
902 Debug( LDAP_DEBUG_ANY, "%s: line %d: suffix line "
903 "must appear inside a database definition.\n",
909 be->be_flags |= SLAP_BFLAG_GLUE_SUBORDINATE;
913 /* set database suffix */
914 } else if ( strcasecmp( cargv[0], "suffix" ) == 0 ) {
916 struct berval dn, pdn, ndn;
920 LDAP_LOG( CONFIG, CRIT,
921 "%s: line %d: missing dn in \"suffix <dn>\" line.\n",
924 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
925 "missing dn in \"suffix <dn>\" line\n",
931 } else if ( cargc > 2 ) {
933 LDAP_LOG( CONFIG, INFO,
934 "%s: line %d: extra cruft after <dn> in \"suffix %s\""
935 " line (ignored).\n", fname, lineno, cargv[1] );
937 Debug( LDAP_DEBUG_ANY, "%s: line %d: extra cruft "
938 "after <dn> in \"suffix %s\" line (ignored)\n",
939 fname, lineno, cargv[1] );
945 LDAP_LOG( CONFIG, INFO,
946 "%s: line %d: suffix line must appear inside a database "
947 "definition.\n", fname, lineno, 0 );
949 Debug( LDAP_DEBUG_ANY, "%s: line %d: suffix line "
950 "must appear inside a database definition\n",
955 #if defined(SLAPD_MONITOR_DN)
956 /* "cn=Monitor" is reserved for monitoring slap */
957 } else if ( strcasecmp( cargv[1], SLAPD_MONITOR_DN ) == 0 ) {
959 LDAP_LOG( CONFIG, CRIT, "%s: line %d: \""
960 SLAPD_MONITOR_DN "\" is reserved for monitoring slapd\n",
963 Debug( LDAP_DEBUG_ANY, "%s: line %d: \""
964 SLAPD_MONITOR_DN "\" is reserved for monitoring slapd\n",
968 #endif /* SLAPD_MONITOR_DN */
971 if ( load_ucdata( NULL ) < 0 ) return 1;
973 dn.bv_val = cargv[1];
974 dn.bv_len = strlen( cargv[1] );
976 rc = dnPrettyNormal( NULL, &dn, &pdn, &ndn, NULL );
977 if( rc != LDAP_SUCCESS ) {
979 LDAP_LOG( CONFIG, CRIT,
980 "%s: line %d: suffix DN is invalid.\n",
983 Debug( LDAP_DEBUG_ANY,
984 "%s: line %d: suffix DN is invalid\n",
990 tmp_be = select_backend( &ndn, 0, 0 );
991 if ( tmp_be == be ) {
993 LDAP_LOG( CONFIG, INFO,
994 "%s: line %d: suffix already served by this backend "
995 "(ignored)\n", fname, lineno, 0 );
997 Debug( LDAP_DEBUG_ANY, "%s: line %d: suffix "
998 "already served by this backend (ignored)\n",
1004 } else if ( tmp_be != NULL ) {
1006 LDAP_LOG( CONFIG, INFO,
1007 "%s: line %d: suffix already served by a preceding "
1008 "backend \"%s\"\n", fname, lineno,
1009 tmp_be->be_suffix[0].bv_val );
1011 Debug( LDAP_DEBUG_ANY, "%s: line %d: suffix "
1012 "already served by a preceeding backend \"%s\"\n",
1013 fname, lineno, tmp_be->be_suffix[0].bv_val );
1019 } else if( pdn.bv_len == 0 && default_search_nbase.bv_len ) {
1021 LDAP_LOG( CONFIG, INFO,
1022 "%s: line %d: suffix DN empty and default search "
1023 "base provided \"%s\" (assuming okay).\n",
1024 fname, lineno, default_search_base.bv_val );
1026 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
1027 "suffix DN empty and default "
1028 "search base provided \"%s\" (assuming okay)\n",
1029 fname, lineno, default_search_base.bv_val );
1033 ber_bvarray_add( &be->be_suffix, &pdn );
1034 ber_bvarray_add( &be->be_nsuffix, &ndn );
1036 /* set max deref depth */
1037 } else if ( strcasecmp( cargv[0], "maxDerefDepth" ) == 0 ) {
1041 LDAP_LOG( CONFIG, CRIT,
1042 "%s: line %d: missing depth in \"maxDerefDepth <depth>\""
1043 " line\n", fname, lineno, 0 );
1045 Debug( LDAP_DEBUG_ANY,
1046 "%s: line %d: missing depth in \"maxDerefDepth <depth>\" line\n",
1054 LDAP_LOG( CONFIG, INFO,
1055 "%s: line %d: depth line must appear inside a database "
1056 "definition.\n", fname, lineno ,0 );
1058 Debug( LDAP_DEBUG_ANY,
1059 "%s: line %d: depth line must appear inside a database definition.\n",
1064 } else if ((i = atoi(cargv[1])) < 0) {
1066 LDAP_LOG( CONFIG, INFO,
1067 "%s: line %d: depth must be positive.\n",
1070 Debug( LDAP_DEBUG_ANY,
1071 "%s: line %d: depth must be positive.\n",
1078 be->be_max_deref_depth = i;
1082 /* set magic "root" dn for this database */
1083 } else if ( strcasecmp( cargv[0], "rootdn" ) == 0 ) {
1086 LDAP_LOG( CONFIG, INFO,
1087 "%s: line %d: missing dn in \"rootdn <dn>\" line.\n",
1090 Debug( LDAP_DEBUG_ANY,
1091 "%s: line %d: missing dn in \"rootdn <dn>\" line\n",
1100 LDAP_LOG( CONFIG, INFO,
1101 "%s: line %d: rootdn line must appear inside a database "
1102 "definition.\n", fname, lineno ,0 );
1104 Debug( LDAP_DEBUG_ANY,
1105 "%s: line %d: rootdn line must appear inside a database definition.\n",
1113 if ( load_ucdata( NULL ) < 0 ) return 1;
1115 dn.bv_val = cargv[1];
1116 dn.bv_len = strlen( cargv[1] );
1118 rc = dnPrettyNormal( NULL, &dn,
1120 &be->be_rootndn, NULL );
1122 if( rc != LDAP_SUCCESS ) {
1124 LDAP_LOG( CONFIG, CRIT,
1125 "%s: line %d: rootdn DN is invalid.\n",
1128 Debug( LDAP_DEBUG_ANY,
1129 "%s: line %d: rootdn DN is invalid\n",
1136 /* set super-secret magic database password */
1137 } else if ( strcasecmp( cargv[0], "rootpw" ) == 0 ) {
1140 LDAP_LOG( CONFIG, CRIT,
1141 "%s: line %d: missing passwd in \"rootpw <passwd>\""
1142 " line\n", fname, lineno ,0 );
1144 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
1145 "missing passwd in \"rootpw <passwd>\" line\n",
1154 LDAP_LOG( CONFIG, INFO, "%s: line %d: "
1155 "rootpw line must appear inside a database "
1156 "definition.\n", fname, lineno ,0 );
1158 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
1159 "rootpw line must appear inside a database "
1166 Backend *tmp_be = select_backend( &be->be_rootndn, 0, 0 );
1168 if( tmp_be != be ) {
1170 LDAP_LOG( CONFIG, INFO,
1172 "rootpw can only be set when rootdn is under suffix\n",
1173 fname, lineno, "" );
1175 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
1176 "rootpw can only be set when rootdn is under suffix\n",
1182 be->be_rootpw.bv_val = ch_strdup( cargv[1] );
1183 be->be_rootpw.bv_len = strlen( be->be_rootpw.bv_val );
1186 /* make this database read-only */
1187 } else if ( strcasecmp( cargv[0], "readonly" ) == 0 ) {
1190 LDAP_LOG( CONFIG, CRIT,
1191 "%s: line %d: missing on|off in \"readonly <on|off>\" "
1192 "line.\n", fname, lineno ,0 );
1194 Debug( LDAP_DEBUG_ANY,
1195 "%s: line %d: missing on|off in \"readonly <on|off>\" line\n",
1202 if ( strcasecmp( cargv[1], "on" ) == 0 ) {
1203 global_restrictops |= SLAP_RESTRICT_OP_WRITES;
1205 global_restrictops &= ~SLAP_RESTRICT_OP_WRITES;
1208 if ( strcasecmp( cargv[1], "on" ) == 0 ) {
1209 be->be_restrictops |= SLAP_RESTRICT_OP_WRITES;
1211 be->be_restrictops &= ~SLAP_RESTRICT_OP_WRITES;
1216 /* allow these features */
1217 } else if ( strcasecmp( cargv[0], "allows" ) == 0 ||
1218 strcasecmp( cargv[0], "allow" ) == 0 )
1224 LDAP_LOG( CONFIG, INFO,
1225 "%s: line %d: allow line must appear prior to "
1226 "database definitions.\n", fname, lineno ,0 );
1228 Debug( LDAP_DEBUG_ANY,
1229 "%s: line %d: allow line must appear prior to database definitions\n",
1237 LDAP_LOG( CONFIG, CRIT,
1238 "%s: line %d: missing feature(s) in \"allow <features>\""
1239 " line\n", fname, lineno ,0 );
1241 Debug( LDAP_DEBUG_ANY,
1242 "%s: line %d: missing feature(s) in \"allow <features>\" line\n",
1251 for( i=1; i < cargc; i++ ) {
1252 if( strcasecmp( cargv[i], "bind_v2" ) == 0 ) {
1253 allows |= SLAP_ALLOW_BIND_V2;
1255 } else if( strcasecmp( cargv[i], "bind_anon_cred" ) == 0 ) {
1256 allows |= SLAP_ALLOW_BIND_ANON_CRED;
1258 } else if( strcasecmp( cargv[i], "bind_anon_dn" ) == 0 ) {
1259 allows |= SLAP_ALLOW_BIND_ANON_DN;
1261 } else if( strcasecmp( cargv[i], "update_anon" ) == 0 ) {
1262 allows |= SLAP_ALLOW_UPDATE_ANON;
1264 } else if( strcasecmp( cargv[i], "none" ) != 0 ) {
1266 LDAP_LOG( CONFIG, CRIT, "%s: line %d: "
1267 "unknown feature %s in \"allow <features>\" line.\n",
1268 fname, lineno, cargv[1] );
1270 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
1271 "unknown feature %s in \"allow <features>\" line\n",
1272 fname, lineno, cargv[i] );
1279 global_allows = allows;
1281 /* disallow these features */
1282 } else if ( strcasecmp( cargv[0], "disallows" ) == 0 ||
1283 strcasecmp( cargv[0], "disallow" ) == 0 )
1285 slap_mask_t disallows;
1289 LDAP_LOG( CONFIG, INFO,
1290 "%s: line %d: disallow line must appear prior to "
1291 "database definitions.\n", fname, lineno ,0 );
1293 Debug( LDAP_DEBUG_ANY,
1294 "%s: line %d: disallow line must appear prior to database definitions\n",
1302 LDAP_LOG( CONFIG, CRIT,
1303 "%s: line %d: missing feature(s) in \"disallow <features>\""
1304 " line.\n", fname, lineno ,0 );
1306 Debug( LDAP_DEBUG_ANY,
1307 "%s: line %d: missing feature(s) in \"disallow <features>\" line\n",
1316 for( i=1; i < cargc; i++ ) {
1317 if( strcasecmp( cargv[i], "bind_anon" ) == 0 ) {
1318 disallows |= SLAP_DISALLOW_BIND_ANON;
1320 } else if( strcasecmp( cargv[i], "bind_simple" ) == 0 ) {
1321 disallows |= SLAP_DISALLOW_BIND_SIMPLE;
1323 } else if( strcasecmp( cargv[i], "bind_krbv4" ) == 0 ) {
1324 disallows |= SLAP_DISALLOW_BIND_KRBV4;
1326 } else if( strcasecmp( cargv[i], "tls_2_anon" ) == 0 ) {
1327 disallows |= SLAP_DISALLOW_TLS_2_ANON;
1329 } else if( strcasecmp( cargv[i], "tls_authc" ) == 0 ) {
1330 disallows |= SLAP_DISALLOW_TLS_AUTHC;
1332 } else if( strcasecmp( cargv[i], "none" ) != 0 ) {
1334 LDAP_LOG( CONFIG, CRIT,
1335 "%s: line %d: unknown feature %s in "
1336 "\"disallow <features>\" line.\n",
1337 fname, lineno, cargv[i] );
1339 Debug( LDAP_DEBUG_ANY,
1340 "%s: line %d: unknown feature %s in \"disallow <features>\" line\n",
1341 fname, lineno, cargv[i] );
1348 global_disallows = disallows;
1350 /* require these features */
1351 } else if ( strcasecmp( cargv[0], "requires" ) == 0 ||
1352 strcasecmp( cargv[0], "require" ) == 0 )
1354 slap_mask_t requires;
1358 LDAP_LOG( CONFIG, CRIT,
1359 "%s: line %d: missing feature(s) in "
1360 "\"require <features>\" line.\n", fname, lineno ,0 );
1362 Debug( LDAP_DEBUG_ANY,
1363 "%s: line %d: missing feature(s) in \"require <features>\" line\n",
1372 for( i=1; i < cargc; i++ ) {
1373 if( strcasecmp( cargv[i], "bind" ) == 0 ) {
1374 requires |= SLAP_REQUIRE_BIND;
1376 } else if( strcasecmp( cargv[i], "LDAPv3" ) == 0 ) {
1377 requires |= SLAP_REQUIRE_LDAP_V3;
1379 } else if( strcasecmp( cargv[i], "authc" ) == 0 ) {
1380 requires |= SLAP_REQUIRE_AUTHC;
1382 } else if( strcasecmp( cargv[i], "SASL" ) == 0 ) {
1383 requires |= SLAP_REQUIRE_SASL;
1385 } else if( strcasecmp( cargv[i], "strong" ) == 0 ) {
1386 requires |= SLAP_REQUIRE_STRONG;
1388 } else if( strcasecmp( cargv[i], "none" ) != 0 ) {
1390 LDAP_LOG( CONFIG, CRIT,
1391 "%s: line %d: unknown feature %s in "
1392 "\"require <features>\" line.\n",
1393 fname, lineno , cargv[i] );
1395 Debug( LDAP_DEBUG_ANY,
1396 "%s: line %d: unknown feature %s in \"require <features>\" line\n",
1397 fname, lineno, cargv[i] );
1405 global_requires = requires;
1407 be->be_requires = requires;
1410 /* required security factors */
1411 } else if ( strcasecmp( cargv[0], "security" ) == 0 ) {
1412 slap_ssf_set_t *set;
1416 LDAP_LOG( CONFIG, CRIT,
1417 "%s: line %d: missing factor(s) in \"security <factors>\""
1418 " line.\n", fname, lineno ,0 );
1420 Debug( LDAP_DEBUG_ANY,
1421 "%s: line %d: missing factor(s) in \"security <factors>\" line\n",
1429 set = &global_ssf_set;
1431 set = &be->be_ssf_set;
1434 for( i=1; i < cargc; i++ ) {
1435 if( strncasecmp( cargv[i], "ssf=",
1436 sizeof("ssf") ) == 0 )
1439 atoi( &cargv[i][sizeof("ssf")] );
1441 } else if( strncasecmp( cargv[i], "transport=",
1442 sizeof("transport") ) == 0 )
1444 set->sss_transport =
1445 atoi( &cargv[i][sizeof("transport")] );
1447 } else if( strncasecmp( cargv[i], "tls=",
1448 sizeof("tls") ) == 0 )
1451 atoi( &cargv[i][sizeof("tls")] );
1453 } else if( strncasecmp( cargv[i], "sasl=",
1454 sizeof("sasl") ) == 0 )
1457 atoi( &cargv[i][sizeof("sasl")] );
1459 } else if( strncasecmp( cargv[i], "update_ssf=",
1460 sizeof("update_ssf") ) == 0 )
1462 set->sss_update_ssf =
1463 atoi( &cargv[i][sizeof("update_ssf")] );
1465 } else if( strncasecmp( cargv[i], "update_transport=",
1466 sizeof("update_transport") ) == 0 )
1468 set->sss_update_transport =
1469 atoi( &cargv[i][sizeof("update_transport")] );
1471 } else if( strncasecmp( cargv[i], "update_tls=",
1472 sizeof("update_tls") ) == 0 )
1474 set->sss_update_tls =
1475 atoi( &cargv[i][sizeof("update_tls")] );
1477 } else if( strncasecmp( cargv[i], "update_sasl=",
1478 sizeof("update_sasl") ) == 0 )
1480 set->sss_update_sasl =
1481 atoi( &cargv[i][sizeof("update_sasl")] );
1483 } else if( strncasecmp( cargv[i], "simple_bind=",
1484 sizeof("simple_bind") ) == 0 )
1486 set->sss_simple_bind =
1487 atoi( &cargv[i][sizeof("simple_bind")] );
1491 LDAP_LOG( CONFIG, CRIT,
1492 "%s: line %d: unknown factor %S in "
1493 "\"security <factors>\" line.\n",
1494 fname, lineno, cargv[1] );
1496 Debug( LDAP_DEBUG_ANY,
1497 "%s: line %d: unknown factor %s in \"security <factors>\" line\n",
1498 fname, lineno, cargv[i] );
1504 /* where to send clients when we don't hold it */
1505 } else if ( strcasecmp( cargv[0], "referral" ) == 0 ) {
1508 LDAP_LOG( CONFIG, CRIT,
1509 "%s: line %d: missing URL in \"referral <URL>\""
1510 " line.\n", fname, lineno , 0 );
1512 Debug( LDAP_DEBUG_ANY,
1513 "%s: line %d: missing URL in \"referral <URL>\" line\n",
1520 if( validate_global_referral( cargv[1] ) ) {
1522 LDAP_LOG( CONFIG, CRIT,
1523 "%s: line %d: invalid URL (%s) in \"referral\" line.\n",
1524 fname, lineno, cargv[1] );
1526 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
1527 "invalid URL (%s) in \"referral\" line.\n",
1528 fname, lineno, cargv[1] );
1533 vals[0].bv_val = cargv[1];
1534 vals[0].bv_len = strlen( vals[0].bv_val );
1535 if( value_add( &default_referral, vals ) )
1539 } else if ( strcasecmp( cargv[0], "logfile" ) == 0 ) {
1543 LDAP_LOG( CONFIG, CRIT,
1544 "%s: line %d: Error in logfile directive, "
1545 "\"logfile <filename>\"\n", fname, lineno , 0 );
1547 Debug( LDAP_DEBUG_ANY,
1548 "%s: line %d: Error in logfile directive, \"logfile filename\"\n",
1554 logfile = fopen( cargv[1], "w" );
1555 if ( logfile != NULL ) lutil_debug_file( logfile );
1558 /* start of a new database definition */
1559 } else if ( strcasecmp( cargv[0], "debug" ) == 0 ) {
1563 LDAP_LOG( CONFIG, CRIT,
1564 "%s: line %d: Error in debug directive, "
1565 "\"debug <subsys> <level>\"\n", fname, lineno , 0 );
1567 Debug( LDAP_DEBUG_ANY,
1568 "%s: line %d: Error in debug directive, \"debug subsys level\"\n",
1574 level = atoi( cargv[2] );
1575 if ( level <= 0 ) level = lutil_mnem2level( cargv[2] );
1576 lutil_set_debug_level( cargv[1], level );
1577 /* specify an Object Identifier macro */
1578 } else if ( strcasecmp( cargv[0], "objectidentifier" ) == 0 ) {
1579 rc = parse_oidm( fname, lineno, cargc, cargv );
1582 /* specify an objectclass */
1583 } else if ( strcasecmp( cargv[0], "objectclass" ) == 0 ) {
1586 LDAP_LOG( CONFIG, INFO,
1587 "%s: line %d: illegal objectclass format.\n",
1588 fname, lineno , 0 );
1590 Debug( LDAP_DEBUG_ANY,
1591 "%s: line %d: illegal objectclass format.\n",
1596 } else if ( *cargv[1] == '(' /*')'*/) {
1598 p = strchr(saveline,'(' /*')'*/);
1599 rc = parse_oc( fname, lineno, p, cargv );
1604 LDAP_LOG( CONFIG, INFO,
1605 "%s: line %d: old objectclass format not supported\n",
1606 fname, lineno , 0 );
1608 Debug( LDAP_DEBUG_ANY,
1609 "%s: line %d: old objectclass format not supported.\n",
1614 #ifdef SLAP_EXTENDED_SCHEMA
1615 } else if ( strcasecmp( cargv[0], "ditcontentrule" ) == 0 ) {
1617 p = strchr(saveline,'(' /*')'*/);
1618 rc = parse_cr( fname, lineno, p, cargv );
1622 /* specify an attribute type */
1623 } else if (( strcasecmp( cargv[0], "attributetype" ) == 0 )
1624 || ( strcasecmp( cargv[0], "attribute" ) == 0 ))
1628 LDAP_LOG( CONFIG, INFO, "%s: line %d: "
1629 "illegal attribute type format.\n",
1630 fname, lineno , 0 );
1632 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
1633 "illegal attribute type format.\n",
1638 } else if ( *cargv[1] == '(' /*')'*/) {
1640 p = strchr(saveline,'(' /*')'*/);
1641 rc = parse_at( fname, lineno, p, cargv );
1646 LDAP_LOG( CONFIG, INFO,
1647 "%s: line %d: old attribute type format not supported.\n",
1648 fname, lineno , 0 );
1650 Debug( LDAP_DEBUG_ANY,
1651 "%s: line %d: old attribute type format not supported.\n",
1657 /* define attribute option(s) */
1658 } else if ( strcasecmp( cargv[0], "attributeoptions" ) == 0 ) {
1659 ad_define_option( NULL, NULL, 0 );
1660 for ( i = 1; i < cargc; i++ )
1661 if ( ad_define_option( cargv[i], fname, lineno ) != 0 )
1664 /* turn on/off schema checking */
1665 } else if ( strcasecmp( cargv[0], "schemacheck" ) == 0 ) {
1668 LDAP_LOG( CONFIG, CRIT,
1669 "%s: line %d: missing on|off in \"schemacheck <on|off>\""
1670 " line.\n", fname, lineno , 0 );
1672 Debug( LDAP_DEBUG_ANY,
1673 "%s: line %d: missing on|off in \"schemacheck <on|off>\" line\n",
1679 if ( strcasecmp( cargv[1], "off" ) == 0 ) {
1681 LDAP_LOG( CONFIG, CRIT,
1682 "%s: line %d: schema checking disabled! your mileage may "
1683 "vary!\n", fname, lineno , 0 );
1685 Debug( LDAP_DEBUG_ANY,
1686 "%s: line %d: schema checking disabled! your mileage may vary!\n",
1689 global_schemacheck = 0;
1691 global_schemacheck = 1;
1694 /* specify access control info */
1695 } else if ( strcasecmp( cargv[0], "access" ) == 0 ) {
1696 parse_acl( be, fname, lineno, cargc, cargv );
1698 /* debug level to log things to syslog */
1699 } else if ( strcasecmp( cargv[0], "loglevel" ) == 0 ) {
1702 LDAP_LOG( CONFIG, CRIT,
1703 "%s: line %d: missing level in \"loglevel <level>\""
1704 " line.\n", fname, lineno , 0 );
1706 Debug( LDAP_DEBUG_ANY,
1707 "%s: line %d: missing level in \"loglevel <level>\" line\n",
1716 for( i=1; i < cargc; i++ ) {
1717 ldap_syslog += atoi( cargv[1] );
1720 /* list of replicas of the data in this backend (master only) */
1721 } else if ( strcasecmp( cargv[0], "replica" ) == 0 ) {
1724 LDAP_LOG( CONFIG, CRIT,
1725 "%s: line %d: missing host in \"replica "
1726 " <host[:port]\" line\n", fname, lineno , 0 );
1728 Debug( LDAP_DEBUG_ANY,
1729 "%s: line %d: missing host in \"replica <host[:port]>\" line\n",
1737 LDAP_LOG( CONFIG, INFO,
1738 "%s: line %d: replica line must appear inside "
1739 "a database definition.\n", fname, lineno, 0);
1741 Debug( LDAP_DEBUG_ANY,
1742 "%s: line %d: replica line must appear inside a database definition\n",
1750 for ( i = 1; i < cargc; i++ ) {
1751 if ( strncasecmp( cargv[i], "host=", 5 )
1753 nr = add_replica_info( be,
1760 LDAP_LOG( CONFIG, INFO,
1761 "%s: line %d: missing host in \"replica\" line\n",
1762 fname, lineno , 0 );
1764 Debug( LDAP_DEBUG_ANY,
1765 "%s: line %d: missing host in \"replica\" line\n",
1770 } else if ( nr == -1 ) {
1772 LDAP_LOG( CONFIG, INFO,
1773 "%s: line %d: unable to add"
1774 " replica \"%s\"\n",
1778 Debug( LDAP_DEBUG_ANY,
1779 "%s: line %d: unable to add replica \"%s\"\n",
1780 fname, lineno, cargv[i] + 5 );
1784 for ( i = 1; i < cargc; i++ ) {
1785 if ( strncasecmp( cargv[i], "suffix=", 7 ) == 0 ) {
1787 switch ( add_replica_suffix( be, nr, cargv[i] + 7 ) ) {
1790 LDAP_LOG( CONFIG, INFO,
1791 "%s: line %d: suffix \"%s\" in \"replica\""
1792 " line is not valid for backend(ignored)\n",
1793 fname, lineno, cargv[i] + 7 );
1795 Debug( LDAP_DEBUG_ANY,
1796 "%s: line %d: suffix \"%s\" in \"replica\" line is not valid for backend (ignored)\n",
1797 fname, lineno, cargv[i] + 7 );
1803 LDAP_LOG( CONFIG, INFO,
1804 "%s: line %d: unable to normalize suffix"
1805 " in \"replica\" line (ignored)\n",
1806 fname, lineno , 0 );
1808 Debug( LDAP_DEBUG_ANY,
1809 "%s: line %d: unable to normalize suffix in \"replica\" line (ignored)\n",
1815 } else if ( strncasecmp( cargv[i], "attr", 4 ) == 0 ) {
1817 char *arg = cargv[i] + 4;
1819 if ( arg[0] == '!' ) {
1824 if ( arg[0] != '=' ) {
1828 if ( add_replica_attrs( be, nr, arg + 1, exclude ) ) {
1830 LDAP_LOG( CONFIG, INFO,
1831 "%s: line %d: attribute \"%s\" in "
1832 "\"replica\" line is unknown\n",
1833 fname, lineno, arg + 1 );
1835 Debug( LDAP_DEBUG_ANY,
1836 "%s: line %d: attribute \"%s\" in \"replica\" line is unknown\n",
1837 fname, lineno, arg + 1 );
1846 /* dn of master entity allowed to write to replica */
1847 } else if ( strcasecmp( cargv[0], "updatedn" ) == 0 ) {
1850 LDAP_LOG( CONFIG, CRIT,
1851 "%s: line %d: missing dn in \"updatedn <dn>\""
1852 " line.\n", fname, lineno , 0 );
1854 Debug( LDAP_DEBUG_ANY,
1855 "%s: line %d: missing dn in \"updatedn <dn>\" line\n",
1863 LDAP_LOG( CONFIG, INFO,
1864 "%s: line %d: updatedn line must appear inside "
1865 "a database definition\n",
1866 fname, lineno , 0 );
1868 Debug( LDAP_DEBUG_ANY,
1869 "%s: line %d: updatedn line must appear inside a database definition\n",
1877 if ( load_ucdata( NULL ) < 0 ) return 1;
1879 dn.bv_val = cargv[1];
1880 dn.bv_len = strlen( cargv[1] );
1882 rc = dnNormalize2( NULL, &dn, &be->be_update_ndn, NULL );
1883 if( rc != LDAP_SUCCESS ) {
1885 LDAP_LOG( CONFIG, CRIT,
1886 "%s: line %d: updatedn DN is invalid.\n",
1887 fname, lineno , 0 );
1889 Debug( LDAP_DEBUG_ANY,
1890 "%s: line %d: updatedn DN is invalid\n",
1897 } else if ( strcasecmp( cargv[0], "updateref" ) == 0 ) {
1900 LDAP_LOG( CONFIG, CRIT, "%s: line %d: "
1901 "missing url in \"updateref <ldapurl>\" line.\n",
1902 fname, lineno , 0 );
1904 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
1905 "missing url in \"updateref <ldapurl>\" line\n",
1913 LDAP_LOG( CONFIG, INFO, "%s: line %d: updateref"
1914 " line must appear inside a database definition\n",
1915 fname, lineno , 0 );
1917 Debug( LDAP_DEBUG_ANY, "%s: line %d: updateref"
1918 " line must appear inside a database definition\n",
1923 } else if ( !be->be_update_ndn.bv_len ) {
1925 LDAP_LOG( CONFIG, INFO, "%s: line %d: "
1926 "updateref line must come after updatedn.\n",
1927 fname, lineno , 0 );
1929 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
1930 "updateref line must after updatedn.\n",
1936 if( validate_global_referral( cargv[1] ) ) {
1938 LDAP_LOG( CONFIG, CRIT, "%s: line %d: "
1939 "invalid URL (%s) in \"updateref\" line.\n",
1940 fname, lineno, cargv[1] );
1942 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
1943 "invalid URL (%s) in \"updateref\" line.\n",
1944 fname, lineno, cargv[1] );
1949 vals[0].bv_val = cargv[1];
1950 vals[0].bv_len = strlen( vals[0].bv_val );
1951 if( value_add( &be->be_update_refs, vals ) )
1954 /* replication log file to which changes are appended */
1955 } else if ( strcasecmp( cargv[0], "replogfile" ) == 0 ) {
1958 LDAP_LOG( CONFIG, CRIT,
1959 "%s: line %d: missing filename in \"replogfile <filename>\""
1960 " line.\n", fname, lineno , 0 );
1962 Debug( LDAP_DEBUG_ANY,
1963 "%s: line %d: missing filename in \"replogfile <filename>\" line\n",
1970 be->be_replogfile = ch_strdup( cargv[1] );
1972 replogfile = ch_strdup( cargv[1] );
1975 /* file from which to read additional rootdse attrs */
1976 } else if ( strcasecmp( cargv[0], "rootDSE" ) == 0) {
1979 LDAP_LOG( CONFIG, CRIT, "%s: line %d: "
1980 "missing filename in \"rootDSE <filename>\" line.\n",
1981 fname, lineno , 0 );
1983 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
1984 "missing filename in \"rootDSE <filename>\" line.\n",
1990 if( read_root_dse_file( cargv[1] ) ) {
1992 LDAP_LOG( CONFIG, CRIT, "%s: line %d: "
1993 "could not read \"rootDSE <filename>\" line.\n",
1994 fname, lineno , 0 );
1996 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
1997 "could not read \"rootDSE <filename>\" line\n",
2003 /* maintain lastmodified{by,time} attributes */
2004 } else if ( strcasecmp( cargv[0], "lastmod" ) == 0 ) {
2007 LDAP_LOG( CONFIG, CRIT,
2008 "%s: line %d: missing on|off in \"lastmod <on|off>\""
2009 " line.\n", fname, lineno , 0 );
2011 Debug( LDAP_DEBUG_ANY,
2012 "%s: line %d: missing on|off in \"lastmod <on|off>\" line\n",
2018 if ( strcasecmp( cargv[1], "on" ) == 0 ) {
2020 be->be_flags &= ~SLAP_BFLAG_NOLASTMOD;
2026 be->be_flags |= SLAP_BFLAG_NOLASTMOD;
2033 /* turn on/off gentle SIGHUP handling */
2034 } else if ( strcasecmp( cargv[0], "gentlehup" ) == 0 ) {
2036 Debug( LDAP_DEBUG_ANY,
2037 "%s: line %d: missing on|off in \"gentlehup <on|off>\" line\n",
2041 if ( strcasecmp( cargv[1], "off" ) == 0 ) {
2042 global_gentlehup = 0;
2044 global_gentlehup = 1;
2048 /* set idle timeout value */
2049 } else if ( strcasecmp( cargv[0], "idletimeout" ) == 0 ) {
2053 LDAP_LOG( CONFIG, CRIT,
2054 "%s: line %d: missing timeout value in "
2055 "\"idletimeout <seconds>\" line.\n", fname, lineno , 0 );
2057 Debug( LDAP_DEBUG_ANY,
2058 "%s: line %d: missing timeout value in \"idletimeout <seconds>\" line\n",
2065 i = atoi( cargv[1] );
2069 LDAP_LOG( CONFIG, CRIT,
2070 "%s: line %d: timeout value (%d) invalid "
2071 "\"idletimeout <seconds>\" line.\n", fname, lineno, i );
2073 Debug( LDAP_DEBUG_ANY,
2074 "%s: line %d: timeout value (%d) invalid \"idletimeout <seconds>\" line\n",
2081 global_idletimeout = i;
2083 /* include another config file */
2084 } else if ( strcasecmp( cargv[0], "include" ) == 0 ) {
2087 LDAP_LOG( CONFIG, CRIT,
2088 "%s: line %d: missing filename in \"include "
2089 "<filename>\" line.\n", fname, lineno , 0 );
2091 Debug( LDAP_DEBUG_ANY,
2092 "%s: line %d: missing filename in \"include <filename>\" line\n",
2098 savefname = ch_strdup( cargv[1] );
2099 savelineno = lineno;
2101 if ( read_config( savefname, depth+1 ) != 0 ) {
2106 lineno = savelineno - 1;
2108 /* location of kerberos srvtab file */
2109 } else if ( strcasecmp( cargv[0], "srvtab" ) == 0 ) {
2112 LDAP_LOG( CONFIG, CRIT,
2113 "%s: line %d: missing filename in \"srvtab "
2114 "<filename>\" line.\n", fname, lineno , 0 );
2116 Debug( LDAP_DEBUG_ANY,
2117 "%s: line %d: missing filename in \"srvtab <filename>\" line\n",
2123 ldap_srvtab = ch_strdup( cargv[1] );
2125 #ifdef SLAPD_MODULES
2126 } else if (strcasecmp( cargv[0], "moduleload") == 0 ) {
2129 LDAP_LOG( CONFIG, INFO,
2130 "%s: line %d: missing filename in \"moduleload "
2131 "<filename>\" line.\n", fname, lineno , 0 );
2133 Debug( LDAP_DEBUG_ANY,
2134 "%s: line %d: missing filename in \"moduleload <filename>\" line\n",
2138 exit( EXIT_FAILURE );
2140 if (module_load(cargv[1], cargc - 2, (cargc > 2) ? cargv + 2 : NULL)) {
2142 LDAP_LOG( CONFIG, CRIT,
2143 "%s: line %d: failed to load or initialize module %s\n",
2144 fname, lineno, cargv[1] );
2146 Debug( LDAP_DEBUG_ANY,
2147 "%s: line %d: failed to load or initialize module %s\n",
2148 fname, lineno, cargv[1]);
2151 exit( EXIT_FAILURE );
2153 } else if (strcasecmp( cargv[0], "modulepath") == 0 ) {
2156 LDAP_LOG( CONFIG, INFO,
2157 "%s: line %d: missing path in \"modulepath <path>\""
2158 " line\n", fname, lineno , 0 );
2160 Debug( LDAP_DEBUG_ANY,
2161 "%s: line %d: missing path in \"modulepath <path>\" line\n",
2165 exit( EXIT_FAILURE );
2167 if (module_path( cargv[1] )) {
2169 LDAP_LOG( CONFIG, CRIT,
2170 "%s: line %d: failed to set module search path to %s.\n",
2171 fname, lineno, cargv[1] );
2173 Debug( LDAP_DEBUG_ANY,
2174 "%s: line %d: failed to set module search path to %s\n",
2175 fname, lineno, cargv[1]);
2178 exit( EXIT_FAILURE );
2181 #endif /*SLAPD_MODULES*/
2184 } else if ( !strcasecmp( cargv[0], "TLSRandFile" ) ) {
2185 rc = ldap_pvt_tls_set_option( NULL,
2186 LDAP_OPT_X_TLS_RANDOM_FILE,
2191 } else if ( !strcasecmp( cargv[0], "TLSCipherSuite" ) ) {
2192 rc = ldap_pvt_tls_set_option( NULL,
2193 LDAP_OPT_X_TLS_CIPHER_SUITE,
2198 } else if ( !strcasecmp( cargv[0], "TLSCertificateFile" ) ) {
2199 rc = ldap_pvt_tls_set_option( NULL,
2200 LDAP_OPT_X_TLS_CERTFILE,
2205 } else if ( !strcasecmp( cargv[0], "TLSCertificateKeyFile" ) ) {
2206 rc = ldap_pvt_tls_set_option( NULL,
2207 LDAP_OPT_X_TLS_KEYFILE,
2212 } else if ( !strcasecmp( cargv[0], "TLSCACertificatePath" ) ) {
2213 rc = ldap_pvt_tls_set_option( NULL,
2214 LDAP_OPT_X_TLS_CACERTDIR,
2219 } else if ( !strcasecmp( cargv[0], "TLSCACertificateFile" ) ) {
2220 rc = ldap_pvt_tls_set_option( NULL,
2221 LDAP_OPT_X_TLS_CACERTFILE,
2225 } else if ( !strcasecmp( cargv[0], "TLSVerifyClient" ) ) {
2226 if ( isdigit( (unsigned char) cargv[1][0] ) ) {
2228 rc = ldap_pvt_tls_set_option( NULL,
2229 LDAP_OPT_X_TLS_REQUIRE_CERT,
2232 rc = ldap_int_tls_config( NULL,
2233 LDAP_OPT_X_TLS_REQUIRE_CERT,
2242 } else if ( !strcasecmp( cargv[0], "reverse-lookup" ) ) {
2243 #ifdef SLAPD_RLOOKUPS
2246 LDAP_LOG( CONFIG, INFO,
2247 "%s: line %d: reverse-lookup: missing \"on\" or \"off\"\n",
2248 fname, lineno , 0 );
2250 Debug( LDAP_DEBUG_ANY,
2251 "%s: line %d: reverse-lookup: missing \"on\" or \"off\"\n",
2257 if ( !strcasecmp( cargv[1], "on" ) ) {
2258 use_reverse_lookup = 1;
2259 } else if ( !strcasecmp( cargv[1], "off" ) ) {
2260 use_reverse_lookup = 0;
2263 LDAP_LOG( CONFIG, INFO,
2264 "%s: line %d: reverse-lookup: "
2265 "must be \"on\" (default) or \"off\"\n", fname, lineno, 0 );
2267 Debug( LDAP_DEBUG_ANY,
2268 "%s: line %d: reverse-lookup: must be \"on\" (default) or \"off\"\n",
2274 #else /* !SLAPD_RLOOKUPS */
2276 LDAP_LOG( CONFIG, INFO,
2277 "%s: line %d: reverse lookups "
2278 "are not configured (ignored).\n", fname, lineno , 0 );
2280 Debug( LDAP_DEBUG_ANY,
2281 "%s: line %d: reverse lookups are not configured (ignored).\n",
2284 #endif /* !SLAPD_RLOOKUPS */
2286 /* Netscape plugins */
2287 } else if ( strcasecmp( cargv[0], "plugin" ) == 0 ) {
2288 #if defined( LDAP_SLAPI )
2290 #ifdef notdef /* allow global plugins, too */
2292 * a "plugin" line must be inside a database
2293 * definition, since we implement pre-,post-
2294 * and extended operation plugins
2298 LDAP_LOG( CONFIG, INFO,
2299 "%s: line %d: plugin line must appear "
2300 "inside a database definition.\n",
2303 Debug( LDAP_DEBUG_ANY, "%s: line %d: plugin "
2304 "line must appear inside a database "
2305 "definition\n", fname, lineno, 0 );
2311 if ( netscape_plugin( be, fname, lineno, cargc, cargv )
2316 #else /* !defined( LDAP_SLAPI ) */
2318 LDAP_LOG( CONFIG, INFO,
2319 "%s: line %d: SLAPI not supported.\n",
2322 Debug( LDAP_DEBUG_ANY, "%s: line %d: SLAPI "
2323 "not supported.\n", fname, lineno, 0 );
2327 #endif /* !defined( LDAP_SLAPI ) */
2329 /* Netscape plugins */
2330 } else if ( strcasecmp( cargv[0], "pluginlog" ) == 0 ) {
2331 #if defined( LDAP_SLAPI )
2334 LDAP_LOG( CONFIG, INFO,
2335 "%s: line %d: missing file name "
2336 "in pluginlog <filename> line.\n",
2339 Debug( LDAP_DEBUG_ANY,
2340 "%s: line %d: missing file name "
2341 "in pluginlog <filename> line.\n",
2347 if ( slapi_log_file != NULL ) {
2348 ch_free( slapi_log_file );
2351 slapi_log_file = ch_strdup( cargv[1] );
2352 #endif /* !defined( LDAP_SLAPI ) */
2354 /* pass anything else to the current backend info/db config routine */
2357 if ( bi->bi_config == 0 ) {
2359 LDAP_LOG( CONFIG, INFO,
2360 "%s: line %d: unknown directive \"%s\" inside "
2361 "backend info definition (ignored).\n",
2362 fname, lineno, cargv[0] );
2364 Debug( LDAP_DEBUG_ANY,
2365 "%s: line %d: unknown directive \"%s\" inside backend info definition (ignored)\n",
2366 fname, lineno, cargv[0] );
2370 if ( (*bi->bi_config)( bi, fname, lineno, cargc, cargv )
2376 } else if ( be != NULL ) {
2377 if ( be->be_config == 0 ) {
2379 LDAP_LOG( CONFIG, INFO,
2380 "%s: line %d: uknown directive \"%s\" inside "
2381 "backend database definition (ignored).\n",
2382 fname, lineno, cargv[0] );
2384 Debug( LDAP_DEBUG_ANY,
2385 "%s: line %d: unknown directive \"%s\" inside backend database definition (ignored)\n",
2386 fname, lineno, cargv[0] );
2390 if ( (*be->be_config)( be, fname, lineno, cargc, cargv )
2398 LDAP_LOG( CONFIG, INFO,
2399 "%s: line %d: unknown directive \"%s\" outside backend "
2400 "info and database definitions (ignored).\n",
2401 fname, lineno, cargv[0] );
2403 Debug( LDAP_DEBUG_ANY,
2404 "%s: line %d: unknown directive \"%s\" outside backend info and database definitions (ignored)\n",
2405 fname, lineno, cargv[0] );
2414 if ( depth == 0 ) ch_free( cargv );
2416 if ( !global_schemadn.bv_val ) {
2417 ber_str2bv( SLAPD_SCHEMA_DN, sizeof(SLAPD_SCHEMA_DN)-1, 1,
2419 dnNormalize2( NULL, &global_schemadn, &global_schemandn, NULL );
2422 if ( load_ucdata( NULL ) < 0 ) return 1;
2434 char logbuf[sizeof("pseudorootpw ***")];
2437 token = strtok_quote( line, " \t" );
2441 if ( token && ( strcasecmp( token, "rootpw" ) == 0 ||
2442 strcasecmp( token, "replica" ) == 0 || /* contains "credentials" */
2443 strcasecmp( token, "bindpw" ) == 0 || /* used in back-ldap */
2444 strcasecmp( token, "pseudorootpw" ) == 0 || /* used in back-meta */
2445 strcasecmp( token, "dbpasswd" ) == 0 ) ) /* used in back-sql */
2447 snprintf( logline = logbuf, sizeof logbuf, "%s ***", token );
2450 if ( strtok_quote_ptr ) {
2451 *strtok_quote_ptr = ' ';
2455 LDAP_LOG( CONFIG, DETAIL1, "line %d (%s)\n", lineno, logline , 0 );
2457 Debug( LDAP_DEBUG_CONFIG, "line %d (%s)\n", lineno, logline, 0 );
2460 if ( strtok_quote_ptr ) {
2461 *strtok_quote_ptr = '\0';
2464 for ( ; token != NULL; token = strtok_quote( NULL, " \t" ) ) {
2465 if ( cargc == cargv_size - 1 ) {
2467 tmp = ch_realloc( cargv, (cargv_size + ARGS_STEP) *
2469 if ( tmp == NULL ) {
2471 LDAP_LOG( CONFIG, ERR, "line %d: out of memory\n", lineno, 0,0 );
2473 Debug( LDAP_DEBUG_ANY,
2474 "line %d: out of memory\n",
2480 cargv_size += ARGS_STEP;
2482 cargv[cargc++] = token;
2484 cargv[cargc] = NULL;
2489 strtok_quote( char *line, char *sep )
2495 strtok_quote_ptr = NULL;
2496 if ( line != NULL ) {
2499 while ( *next && strchr( sep, *next ) ) {
2503 if ( *next == '\0' ) {
2509 for ( inquote = 0; *next; ) {
2517 AC_MEMCPY( next, next + 1, strlen( next + 1 ) + 1 );
2523 next + 1, strlen( next + 1 ) + 1 );
2524 next++; /* dont parse the escaped character */
2529 if ( strchr( sep, *next ) != NULL ) {
2530 strtok_quote_ptr = next;
2543 static char buf[BUFSIZ];
2545 static size_t lmax, lcur;
2547 #define CATLINE( buf ) \
2549 size_t len = strlen( buf ); \
2550 while ( lcur + len + 1 > lmax ) { \
2552 line = (char *) ch_realloc( line, lmax ); \
2554 strcpy( line + lcur, buf ); \
2559 fp_getline( FILE *fp, int *lineno )
2567 /* hack attack - keeps us from having to keep a stack of bufs... */
2568 if ( strncasecmp( line, "include", 7 ) == 0 ) {
2573 while ( fgets( buf, sizeof(buf), fp ) != NULL ) {
2574 /* trim off \r\n or \n */
2575 if ( (p = strchr( buf, '\n' )) != NULL ) {
2576 if( p > buf && p[-1] == '\r' ) --p;
2580 /* trim off trailing \ and append the next line */
2581 if ( line[ 0 ] != '\0'
2582 && (p = line + strlen( line ) - 1)[ 0 ] == '\\'
2583 && p[ -1 ] != '\\' ) {
2588 if ( ! isspace( (unsigned char) buf[0] ) ) {
2592 /* change leading whitespace to a space */
2601 return( line[0] ? line : NULL );
2605 fp_getline_init( int *lineno )
2611 /* Loads ucdata, returns 1 if loading, 0 if already loaded, -1 on error */
2613 load_ucdata( char *path )
2615 static int loaded = 0;
2621 err = ucdata_load( path ? path : SLAPD_DEFAULT_UCDATA, UCDATA_ALL );
2624 LDAP_LOG( CONFIG, CRIT,
2625 "load_ucdata: Error %d loading ucdata.\n", err, 0,0 );
2627 Debug( LDAP_DEBUG_ANY, "error loading ucdata (error %d)\n",
2640 ucdata_unload( UCDATA_ALL );
2641 free( global_schemandn.bv_val );
2642 free( global_schemadn.bv_val );
2644 if ( slapd_args_file )
2645 free ( slapd_args_file );
2646 if ( slapd_pid_file )
2647 free ( slapd_pid_file );
2648 if ( default_passwd_hash )
2649 free( default_passwd_hash );
2650 acl_destroy( global_acl, NULL );