]> git.sur5r.net Git - openldap/blob - servers/slapd/config.c
projects / openldap / blob
? search:


6bc3b79b310d95c17c13a38395911d705173f6b2
[openldap] / servers / slapd / config.c
1 /* config.c - configuration file handling routines */
2 /* $OpenLDAP$ */
3 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
4  *
5  * Copyright 1998-2005 The OpenLDAP Foundation.
6  * All rights reserved.
7  *
8  * Redistribution and use in source and binary forms, with or without
9  * modification, are permitted only as authorized by the OpenLDAP
10  * Public License.
11  *
12  * A copy of this license is available in the file LICENSE in the
13  * top-level directory of the distribution or, alternatively, at
14  * <http://www.OpenLDAP.org/license.html>.
15  */
16 /* Portions Copyright (c) 1995 Regents of the University of Michigan.
17  * All rights reserved.
18  *
19  * Redistribution and use in source and binary forms are permitted
20  * provided that this notice is preserved and that due credit is given
21  * to the University of Michigan at Ann Arbor. The name of the University
22  * may not be used to endorse or promote products derived from this
23  * software without specific prior written permission. This software
24  * is provided ``as is'' without express or implied warranty.
25  */
26
27 #include "portable.h"
28
29 #include <stdio.h>
30
31 #include <ac/string.h>
32 #include <ac/ctype.h>
33 #include <ac/signal.h>
34 #include <ac/socket.h>
35 #include <ac/errno.h>
36
37 #include "slap.h"
38 #ifdef LDAP_SLAPI
39 #include "slapi/slapi.h"
40 #endif
41 #include "lutil.h"
42 #ifdef HAVE_LIMITS_H
43 #include <limits.h>
44 #endif /* HAVE_LIMITS_H */
45 #ifndef PATH_MAX
46 #define PATH_MAX 4096
47 #endif /* ! PATH_MAX */
48 #include "config.h"
49
50 #define ARGS_STEP       512
51
52 /*
53  * defaults for various global variables
54  */
55 slap_mask_t             global_allows = 0;
56 slap_mask_t             global_disallows = 0;
57 int             global_gentlehup = 0;
58 int             global_idletimeout = 0;
59 char    *global_host = NULL;
60 char    *global_realm = NULL;
61 char            *ldap_srvtab = "";
62 char            **default_passwd_hash = NULL;
63 struct berval default_search_base = BER_BVNULL;
64 struct berval default_search_nbase = BER_BVNULL;
65
66 ber_len_t sockbuf_max_incoming = SLAP_SB_MAX_INCOMING_DEFAULT;
67 ber_len_t sockbuf_max_incoming_auth= SLAP_SB_MAX_INCOMING_AUTH;
68
69 int     slap_conn_max_pending = SLAP_CONN_MAX_PENDING_DEFAULT;
70 int     slap_conn_max_pending_auth = SLAP_CONN_MAX_PENDING_AUTH;
71
72 char   *slapd_pid_file  = NULL;
73 char   *slapd_args_file = NULL;
74
75 char   *strtok_quote_ptr;
76
77 int use_reverse_lookup = 0;
78
79 #ifdef LDAP_SLAPI
80 int slapi_plugins_used = 0;
81 #endif
82
83 static int fp_getline(FILE *fp, ConfigArgs *c);
84 static void fp_getline_init(ConfigArgs *c);
85 static int fp_parse_line(ConfigArgs *c);
86
87 static char     *strtok_quote(char *line, char *sep);
88 #if 0
89 static int load_ucdata(char *path);
90 #endif
91
92 int read_config_file(const char *fname, int depth, ConfigArgs *cf);
93
94 static int add_syncrepl LDAP_P(( Backend *, char **, int ));
95 static int parse_syncrepl_line LDAP_P(( char **, int, syncinfo_t *));
96
97 int config_generic(ConfigArgs *c);
98 int config_search_base(ConfigArgs *c);
99 int config_passwd_hash(ConfigArgs *c);
100 int config_schema_dn(ConfigArgs *c);
101 int config_sizelimit(ConfigArgs *c);
102 int config_timelimit(ConfigArgs *c);
103 int config_limits(ConfigArgs *c); 
104 int config_overlay(ConfigArgs *c);
105 int config_suffix(ConfigArgs *c); 
106 int config_deref_depth(ConfigArgs *c);
107 int config_rootdn(ConfigArgs *c);
108 int config_rootpw(ConfigArgs *c);
109 int config_restrict(ConfigArgs *c);
110 int config_allows(ConfigArgs *c);
111 int config_disallows(ConfigArgs *c);
112 int config_requires(ConfigArgs *c);
113 int config_security(ConfigArgs *c);
114 int config_referral(ConfigArgs *c);
115 int config_loglevel(ConfigArgs *c);
116 int config_syncrepl(ConfigArgs *c);
117 int config_replica(ConfigArgs *c);
118 int config_updatedn(ConfigArgs *c);
119 int config_updateref(ConfigArgs *c);
120 int config_include(ConfigArgs *c);
121 #ifdef HAVE_TLS
122 int config_tls_option(ConfigArgs *c);
123 int config_tls_verify(ConfigArgs *c);
124 #endif
125 #ifdef LDAP_SLAPI
126 int config_plugin(ConfigArgs *c);
127 #endif
128 int config_pluginlog(ConfigArgs *c);
129
130 enum {
131         CFG_ACL = 1,
132         CFG_BACKEND,
133         CFG_DATABASE,
134         CFG_TLS_RAND,
135         CFG_TLS_CIPHER,
136         CFG_TLS_CERT_FILE,
137         CFG_TLS_CERT_KEY,
138         CFG_TLS_CA_PATH,
139         CFG_TLS_CA_FILE,
140         CFG_TLS_VERIFY,
141         CFG_TLS_CRLCHECK,
142         CFG_SIZE,
143         CFG_TIME,
144         CFG_CONCUR,
145         CFG_THREADS,
146         CFG_SALT,
147         CFG_LIMITS,
148         CFG_RO,
149         CFG_REWRITE,
150         CFG_DEPTH,
151         CFG_OID,
152         CFG_OC,
153         CFG_DIT,
154         CFG_ATTR,
155         CFG_ATOPT,
156         CFG_CHECK,
157         CFG_AUDITLOG,
158         CFG_REPLOG,
159         CFG_ROOTDSE,
160         CFG_LOGFILE,
161         CFG_PLUGIN,
162         CFG_MODLOAD,
163         CFG_MODPATH,
164         CFG_LASTMOD,
165         CFG_AZPOLICY,
166         CFG_AZREGEXP,
167         CFG_SASLSECP
168 };
169
170 typedef struct {
171         char *name, *oid;
172 } OidRec;
173
174 static OidRec OidMacros[] = {
175         { "OLcfg", "1.3.6.1.4.1.4203.666.11.1" },
176         { "OLcfgAt", "OLcfg:3" },
177         { "OLcfgOc", "OLcfg:4" },
178         { "OMsyn", "1.3.6.1.4.1.1466.115.121.1" },
179         { "OMsInteger", "OMsyn:2" },
180         { "OMsBoolean", "OMsyn:7" },
181         { "OMsDN", "OMsyn:12" },
182         { "OMsDirectoryString", "OMsyn:15" },
183         { "OMsOctetString", "OMsyn:40" },
184         { NULL, NULL }
185 };
186
187 /* alphabetical ordering */
188
189 ConfigTable SystemConfiguration[] = {
190         { "access",     NULL, 0, 0, 0, ARG_MAGIC|CFG_ACL,
191                 &config_generic, "( OLcfgAt:1 NAME 'olcAccess' "
192                         "DESC 'Access Control List' "
193                         "EQUALITY caseIgnoreMatch "
194                         "SYNTAX OMsDirectoryString X-ORDERED 'VALUES' )", NULL, NULL },
195         { "allows",     "features", 2, 0, 5, ARG_PRE_DB|ARG_MAGIC,
196                 &config_allows, "( OLcfgAt:2 NAME 'olcAllows' "
197                         "DESC 'Allowed set of deprecated features' "
198                         "EQUALITY caseIgnoreMatch "
199                         "SYNTAX OMsDirectoryString )", NULL, NULL },
200         { "argsfile", "file", 2, 2, 0, ARG_STRING,
201                 &slapd_args_file, "( OLcfgAt:3 NAME 'olcArgsFile' "
202                         "DESC 'File for slapd command line options' "
203                         "EQUALITY caseIgnoreMatch "
204                         "SYNTAX OMsDirectoryString )", NULL, NULL },
205         /* Use standard 'attributeTypes' attr */
206         { "attribute",  "attribute", 2, 0, 9, ARG_PAREN|ARG_MAGIC|CFG_ATTR,
207                 &config_generic, NULL, NULL, NULL },
208         { "attributeoptions", NULL, 0, 0, 0, ARG_MAGIC|CFG_ATOPT,
209                 &config_generic, "( OLcfgAt:5 NAME 'olcAttributeOptions' "
210                         "EQUALITY caseIgnoreMatch "
211                         "SYNTAX OMsDirectoryString )", NULL, NULL },
212 #ifdef SLAP_AUTH_REWRITE
213         { "auth-rewrite", NULL, 2, 2, 14, ARG_MAGIC|CFG_REWRITE,
214                 &config_generic, "( OLcfgAt:6 NAME 'olcAuthRewrite' "
215                         "EQUALITY caseIgnoreMatch "
216                         "SYNTAX OMsDirectoryString )", NULL, NULL },
217 #endif
218         { "authz-policy", "policy", 2, 2, 0, ARG_MAGIC|CFG_AZPOLICY,
219                 &config_generic, "( OLcfgAt:7 NAME 'olcAuthzPolicy' "
220                         "EQUALITY caseIgnoreMatch "
221                         "SYNTAX OMsDirectoryString )", NULL, NULL },
222         { "authz-regexp", NULL, 3, 3, 0, ARG_MAGIC|CFG_AZREGEXP,
223                 &config_generic, "( OLcfgAt:8 NAME 'olcAuthzRegexp' "
224                         "EQUALITY caseIgnoreMatch "
225                         "SYNTAX OMsDirectoryString X-ORDERED 'VALUES' )", NULL, NULL },
226         { "backend", "type", 2, 2, 0, ARG_PRE_DB|ARG_MAGIC|CFG_BACKEND,
227                 &config_generic, "( OLcfgAt:9 NAME 'olcBackend' "
228                         "DESC 'A type of backend' "
229                         "EQUALITY caseIgnoreMatch "
230                         "SYNTAX OMsDirectoryString )", NULL, NULL },
231         { "concurrency", "level", 2, 2, 0, ARG_LONG|ARG_NONZERO|ARG_MAGIC|CFG_CONCUR,
232                 &config_generic, "( OLcfgAt:10 NAME 'olcConcurrency' "
233                         "SYNTAX OMsInteger )", NULL, NULL },
234         { "conn_max_pending", "max", 2, 2, 0, ARG_LONG,
235                 &slap_conn_max_pending, "( OLcfgAt:11 NAME 'olcConnMaxPending' "
236                         "SYNTAX OMsInteger )", NULL, NULL },
237         { "conn_max_pending_auth", "max", 2, 2, 0, ARG_LONG,
238                 &slap_conn_max_pending_auth, "( OLcfgAt:12 NAME 'olcConnMaxPendingAuth' "
239                         "SYNTAX OMsInteger )", NULL, NULL },
240         { "database", "type", 2, 2, 0, ARG_MAGIC|CFG_DATABASE,
241                 &config_generic, "( OLcfgAt:13 NAME 'olcDatabase' "
242                         "DESC 'The backend type for a database instance' "
243                         "SUP olcBackend )", NULL, NULL },
244         { "defaultSearchBase", "dn", 2, 2, 0, ARG_DN|ARG_MAGIC,
245                 &config_search_base, "( OLcfgAt:14 NAME 'olcDefaultSearchBase' "
246                         "SYNTAX OMsDN )", NULL, NULL },
247         { "disallows", "features", 2, 0, 8, ARG_PRE_DB|ARG_MAGIC,
248                 &config_disallows, "( OLcfgAt:15 NAME 'olcDisallows' "
249                         "EQUALITY caseIgnoreMatch "
250                         "SYNTAX OMsDirectoryString )", NULL, NULL },
251         /* use standard schema */
252         { "ditcontentrule",     NULL, 0, 0, 0, ARG_MAGIC|CFG_DIT,
253                 &config_generic, NULL, NULL, NULL },
254 #ifdef SIGHUP
255         { "gentlehup", "on|off", 2, 2, 0, ARG_ON_OFF,
256                 &global_gentlehup, "( OLcfgAt:17 NAME 'olcGentleHUP' "
257                         "SYNTAX OMsBoolean )", NULL, NULL },
258 #else
259         { "gentlehup", NULL, 2, 2, 0, ARG_IGNORED,
260                 NULL, NULL, NULL, NULL },
261 #endif
262         { "idletimeout", "timeout", 2, 2, 0, ARG_INT,
263                 &global_idletimeout, "( OLcfgAt:18 NAME 'olcIdleTimeout' "
264                         "SYNTAX OMsInteger )", NULL, NULL },
265 /* XXX -- special case? */
266         { "include", "file", 2, 2, 0, ARG_MAGIC,
267                 &config_include, "( OLcfgAt:19 NAME 'olcInclude' "
268                         "SUP labeledURI )", NULL, NULL },
269         { "index_substr_if_minlen", "min", 2, 2, 0, ARG_INT|ARG_NONZERO,
270                 &index_substr_if_minlen, "( OLcfgAt:20 NAME 'olcIndexSubstrIfMinLen' "
271                         "SYNTAX OMsInteger )", NULL, NULL },
272         { "index_substr_if_maxlen", "max", 2, 2, 0, ARG_INT|ARG_NONZERO|ARG_SPECIAL,
273                 &index_substr_if_maxlen, "( OLcfgAt:21 NAME 'olcIndexSubstrIfMaxLen' "
274                         "SYNTAX OMsInteger )", NULL, NULL },
275         { "index_substr_any_len", "len", 2, 2, 0, ARG_INT|ARG_NONZERO,
276                 &index_substr_any_len, "( OLcfgAt:22 NAME 'olcIndexSubstrAnyLen' "
277                         "SYNTAX OMsInteger )", NULL, NULL },
278         { "index_substr_step", "step", 2, 2, 0, ARG_INT|ARG_NONZERO,
279                 &index_substr_any_step, "( OLcfgAt:23 NAME 'olcIndexSubstrAnyStep' "
280                         "SYNTAX OMsInteger )", NULL, NULL },
281         { "lastmod", "on|off", 2, 2, 0, ARG_DB|ARG_ON_OFF|ARG_MAGIC|CFG_LASTMOD,
282                 &config_generic, "( OLcfgAt:24 NAME 'olcLastMod' "
283                         "SYNTAX OMsBoolean )", NULL, NULL },
284         { "limits", "limits", 2, 0, 0, ARG_DB|ARG_MAGIC|CFG_LIMITS,
285                 &config_generic, "( OLcfgAt:25 NAME 'olcLimits' "
286                         "SYNTAX OMsDirectoryString )", NULL, NULL },
287         { "localSSF", "ssf", 2, 2, 0, ARG_LONG,
288                 &local_ssf, "( OLcfgAt:26 NAME 'olcLocalSSF' "
289                         "SYNTAX OMsInteger )", NULL, NULL },
290         { "logfile", "file", 2, 2, 0, ARG_MAGIC|CFG_LOGFILE,
291                 &config_generic, "( OLcfgAt:27 NAME 'olcLogFile' "
292                         "SYNTAX OMsDirectoryString )", NULL, NULL },
293         { "loglevel", "level", 2, 0, 0, ARG_MAGIC,
294                 &config_loglevel, "( OLcfgAt:28 NAME 'olcLogLevel' "
295                         "SYNTAX OMsDirectoryString )", NULL, NULL },
296         { "maxDerefDepth", "depth", 2, 2, 0, ARG_DB|ARG_INT|ARG_MAGIC|CFG_DEPTH,
297                 &config_generic, "( OLcfgAt:29 NAME 'olcMaxDerefDepth' "
298                         "SYNTAX OMsInteger )", NULL, NULL },
299 #ifdef SLAPD_MODULES
300         { "moduleload", "file", 2, 2, 0, ARG_MAGIC|CFG_MODLOAD,
301                 &config_generic, "( OLcfgAt:30 NAME 'olcModuleLoad' "
302                         "SYNTAX OMsDirectoryString )", NULL, NULL },
303         { "modulepath", "path", 2, 2, 0, ARG_MAGIC|CFG_MODPATH,
304                 &config_generic, "( OLcfgAt:31 NAME 'olcModulePath' "
305                         "SYNTAX OMsDirectoryString )", NULL, NULL },
306 #endif
307         /* use standard schema */
308         { "objectclass", "objectclass", 2, 0, 0, ARG_PAREN|ARG_MAGIC|CFG_OC,
309                 &config_generic, NULL, NULL, NULL },
310         { "objectidentifier", NULL,     0, 0, 0, ARG_MAGIC|CFG_OID,
311                 &config_generic, "( OLcfgAt:33 NAME 'olcObjectIdentifier' "
312                         "SYNTAX OMsDirectoryString )", NULL, NULL },
313         { "overlay", "overlay", 2, 2, 0, ARG_MAGIC,
314                 &config_overlay, "( OLcfgAt:34 NAME 'olcOverlay' "
315                         "SUP olcDatabase )", NULL, NULL },
316         { "password-crypt-salt-format", "salt", 2, 2, 0, ARG_MAGIC|CFG_SALT,
317                 &config_generic, "( OLcfgAt:35 NAME 'olcPasswordCryptSaltFormat' "
318                         "SYNTAX OMsDirectoryString )", NULL, NULL },
319         { "password-hash", "hash", 2, 2, 0, ARG_MAGIC,
320                 &config_passwd_hash, "( OLcfgAt:36 NAME 'olcPasswordHash' "
321                         "SYNTAX OMsDirectoryString )", NULL, NULL },
322         { "pidfile", "file", 2, 2, 0, ARG_STRING,
323                 &slapd_pid_file, "( OLcfgAt:37 NAME 'olcPidFile' "
324                         "SYNTAX OMsDirectoryString )", NULL, NULL },
325 #ifdef LDAP_SLAPI
326         { "plugin", NULL, 0, 0, 0, ARG_MAGIC|CFG_PLUGIN,
327                 &config_generic, "( OLcfgAt:38 NAME 'olcPlugin' "
328                         "SYNTAX OMsDirectoryString )", NULL, NULL },
329         { "pluginlog", "filename", 2, 2, 0, ARG_STRING,
330                 &slapi_log_file, "( OLcfgAt:39 NAME 'olcPluginLogFile' "
331                         "SYNTAX OMsDirectoryString )", NULL, NULL },
332 #else
333         { "plugin", NULL, 0, 0, 0, ARG_IGNORED,
334                 NULL, NULL, NULL, NULL },
335         { "pluginlog", NULL, 0, 0, 0, ARG_IGNORED,
336                 NULL, NULL, NULL, NULL },
337 #endif
338         { "readonly", "on|off", 2, 2, 0, ARG_ON_OFF|ARG_MAGIC|CFG_RO,
339                 &config_generic, "( OLcfgAt:40 NAME 'olcReadOnly' "
340                         "SYNTAX OMsBoolean )", NULL, NULL },
341         { "referral", "url", 2, 2, 0, ARG_MAGIC,
342                 &config_referral, "( OLcfgAt:41 NAME 'olcReferral' "
343                         "SUP labeledURI )", NULL, NULL },
344         { "replica", "host or uri", 2, 0, 0, ARG_DB|ARG_MAGIC,
345                 &config_replica, "( OLcfgAt:42 NAME 'olcReplica' "
346                         "SUP labeledURI )", NULL, NULL },
347         { "replica-pidfile", NULL, 0, 0, 0, ARG_IGNORED,
348                 NULL, "( OLcfgAt:43 NAME 'olcReplicaPidFile' "
349                         "SYNTAX OMsDirectoryString )", NULL, NULL },
350         { "replica-argsfile", NULL, 0, 0, 0, ARG_IGNORED,
351                 NULL, "( OLcfgAt:44 NAME 'olcReplicaArgsFile' "
352                         "SYNTAX OMsDirectoryString )", NULL, NULL },
353         { "replicationInterval", NULL, 0, 0, 0, ARG_IGNORED,
354                 NULL, "( OLcfgAt:45 NAME 'olcReplicationInterval' "
355                         "SYNTAX OMsInteger )", NULL, NULL },
356         { "replogfile", "filename", 2, 2, 0, ARG_MAGIC|ARG_STRING|CFG_REPLOG,
357                 &config_generic, "( OLcfgAt:46 NAME 'olcReplogFile' "
358                         "SYNTAX OMsDirectoryString )", NULL, NULL },
359         { "require", "features", 2, 0, 7, ARG_MAGIC,
360                 &config_requires, "( OLcfgAt:47 NAME 'olcRequires' "
361                         "SYNTAX OMsDirectoryString )", NULL, NULL },
362         { "restrict", "op_list", 2, 0, 0, ARG_MAGIC,
363                 &config_restrict, "( OLcfgAt:48 NAME 'olcRestrict' "
364                         "SYNTAX OMsDirectoryString )", NULL, NULL },
365 #ifdef SLAPD_RLOOKUPS
366         { "reverse-lookup", "on|off", 2, 2, 0, ARG_ON_OFF,
367                 &use_reverse_lookup, "( OLcfgAt:49 NAME 'olcReverseLookup' "
368                         "SYNTAX OMsBoolean )", NULL, NULL },
369 #else
370         { "reverse-lookup", NULL, 2, 2, 0, ARG_IGNORED,
371                 NULL, NULL, NULL, NULL },
372 #endif
373         { "rootdn", "dn", 2, 2, 0, ARG_DB|ARG_DN|ARG_MAGIC,
374                 &config_rootdn, "( OLcfgAt:50 NAME 'olcRootDN' "
375                         "SYNTAX OMsDN )", NULL, NULL },
376         { "rootDSE", "file", 2, 2, 0, ARG_MAGIC|CFG_ROOTDSE,
377                 &config_generic, "( OLcfgAt:51 NAME 'olcRootDSE' "
378                         "SYNTAX OMsDirectoryString )", NULL, NULL },
379         { "rootpw", "password", 2, 2, 0, ARG_DB|ARG_MAGIC,
380                 &config_rootpw, "( OLcfgAt:52 NAME 'olcRootPW' "
381                         "SYNTAX OMsOctetString )", NULL, NULL },
382         { "sasl-authz-policy", NULL, 2, 2, 0, ARG_MAGIC|CFG_AZPOLICY,
383                 &config_generic, NULL, NULL, NULL },
384 #ifdef HAVE_CYRUS_SASL
385         { "sasl-host", "host", 2, 2, 0, ARG_STRING|ARG_UNIQUE,
386                 &global_host, "( OLcfgAt:53 NAME 'olcSaslHost' "
387                         "SYNTAX OMsDirectoryString )", NULL, NULL },
388         { "sasl-realm", "realm", 2, 2, 0, ARG_STRING|ARG_UNIQUE,
389                 &global_realm, "( OLcfgAt:54 NAME 'olcSaslRealm' "
390                         "SYNTAX OMsDirectoryString )", NULL, NULL },
391         { "sasl-regexp", NULL, 2, 2, 0, ARG_MAGIC|CFG_AZREGEXP,
392                 &config_generic, NULL, NULL, NULL },
393         { "sasl-secprops", "properties", 2, 2, 0, ARG_MAGIC|CFG_SASLSECP,
394                 &config_generic, "( OLcfgAt:56 NAME 'olcSaslSecProps' "
395                         "SYNTAX OMsDirectoryString )", NULL, NULL },
396 #else
397         { "sasl-host", NULL, 2, 2, 0, ARG_IGNORED,
398                 NULL, NULL, NULL, NULL },
399         { "sasl-realm", NULL, 2, 2, 0, ARG_IGNORED,
400                 NULL, NULL, NULL, NULL },
401         { "sasl-regexp", NULL, 2, 2, 0, ARG_MAGIC|CFG_AZREGEXP,
402                 &config_generic, NULL, NULL, NULL },
403         { "sasl-secprops", NULL, 2, 2, 0, ARG_IGNORED,
404                 NULL, NULL, NULL, NULL },
405 #endif
406         { "saslRegexp", NULL, 2, 2, 0, ARG_MAGIC|CFG_AZREGEXP,
407                 &config_generic, NULL, NULL, NULL },
408         { "schemacheck", "on|off", 2, 2, 0, ARG_ON_OFF|ARG_MAGIC|CFG_CHECK,
409                 &config_generic, "( OLcfgAt:57 NAME 'olcSchemaCheck' "
410                         "SYNTAX OMsBoolean )", NULL, NULL },
411         { "schemadn", "dn", 2, 2, 0, ARG_DN|ARG_MAGIC,
412                 &config_schema_dn, "( OLcfgAt:58 NAME 'olcSchemaDN' "
413                         "SYNTAX OMsDN )", NULL, NULL },
414         { "security", "factors", 2, 0, 0, ARG_MAGIC,
415                 &config_security, "( OLcfgAt:59 NAME 'olcSecurity' "
416                         "SYNTAX OMsDirectoryString )", NULL, NULL },
417         { "sizelimit", "limit", 2, 2, 0, ARG_MAGIC|CFG_SIZE,
418                 &config_sizelimit, "( OLcfgAt:60 NAME 'olcSizeLimit' "
419                         "SYNTAX OMsInteger )", NULL, NULL },
420         { "sockbuf_max_incoming", "max", 2, 2, 0, ARG_LONG,
421                 &sockbuf_max_incoming, "( OLcfgAt:61 NAME 'olcSockbufMaxIncoming' "
422                         "SYNTAX OMsInteger )", NULL, NULL },
423         { "sockbuf_max_incoming_auth", "max", 2, 2, 0, ARG_LONG,
424                 &sockbuf_max_incoming_auth, "( OLcfgAt:62 NAME 'olcSuckbufMaxIncomingAuth' "
425                         "SYNTAX OMsInteger )", NULL, NULL },
426 #ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
427         { "srvtab", "file", 2, 2, 0, ARG_STRING,
428                 &ldap_srvtab, "( OLcfgAt:63 NAME 'olcSrvtab' "
429                         "SYNTAX OMsDirectoryString )", NULL, NULL },
430 #endif
431         { "suffix",     "suffix", 2, 2, 0, ARG_DB|ARG_DN|ARG_MAGIC,
432                 &config_suffix, "( OLcfgAt:64 NAME 'olcSuffix' "
433                         "SYNTAX OMsDN )", NULL, NULL },
434         { "syncrepl", NULL, 0, 0, 0, ARG_DB|ARG_MAGIC,
435                 &config_syncrepl, "( OLcfgAt:65 NAME 'olcSyncrepl' "
436                         "SYNTAX OMsDirectoryString )", NULL, NULL },
437         { "threads", "count", 2, 2, 0, ARG_INT|ARG_MAGIC|CFG_THREADS,
438                 &config_generic, "( OLcfgAt:66 NAME 'olcThreads' "
439                         "SYNTAX OMsInteger )", NULL, NULL },
440         { "timelimit", "limit", 2, 2, 0, ARG_MAGIC|CFG_TIME,
441                 &config_timelimit, "( OLcfgAt:67 NAME 'olcTimeLimit' "
442                         "SYNTAX OMsInteger )", NULL, NULL },
443 #ifdef HAVE_TLS
444         { "TLSCACertificateFile", NULL, 0, 0, 0, CFG_TLS_CA_FILE|ARG_MAGIC,
445                 &config_tls_option, "( OLcfgAt:68 NAME 'olcTLSCACertificateFile' "
446                         "SYNTAX OMsDirectoryString )", NULL, NULL },
447         { "TLSCACertificatePath", NULL, 0, 0, 0, CFG_TLS_CA_PATH|ARG_MAGIC,
448                 &config_tls_option, "( OLcfgAt:69 NAME 'olcTLSCACertificatePath' "
449                         "SYNTAX OMsDirectoryString )", NULL, NULL },
450         { "TLSCertificateFile", NULL, 0, 0, 0, CFG_TLS_CERT_FILE|ARG_MAGIC,
451                 &config_tls_option, "( OLcfgAt:70 NAME 'olcTLSCertificateFile' "
452                         "SYNTAX OMsDirectoryString )", NULL, NULL },
453         { "TLSCertificateKeyFile", NULL, 0, 0, 0, CFG_TLS_CERT_KEY|ARG_MAGIC,
454                 &config_tls_option, "( OLcfgAt:71 NAME 'olcTLSCertificateKeyFile' "
455                         "SYNTAX OMsDirectoryString )", NULL, NULL },
456         { "TLSCipherSuite",     NULL, 0, 0, 0, CFG_TLS_CIPHER|ARG_MAGIC,
457                 &config_tls_option, "( OLcfgAt:72 NAME 'olcTLSCipherSuite' "
458                         "SYNTAX OMsDirectoryString )", NULL, NULL },
459         { "TLSCRLCheck", NULL, 0, 0, 0, CFG_TLS_CRLCHECK|ARG_MAGIC,
460                 &config_tls_option,     "( OLcfgAt:73 NAME 'olcTLSCRLCheck' "
461                         "SYNTAX OMsDirectoryString )", NULL, NULL },
462         { "TLSRandFile", NULL, 0, 0, 0, CFG_TLS_RAND|ARG_MAGIC,
463                 &config_tls_option, "( OLcfgAt:74 NAME 'olcTLSRandFile' "
464                         "SYNTAX OMsDirectoryString )", NULL, NULL },
465         { "TLSVerifyClient", NULL, 0, 0, 0, CFG_TLS_VERIFY|ARG_MAGIC,
466                 &config_tls_verify, "( OLcfgAt:75 NAME 'olcTLSVerifyClient' "
467                         "SYNTAX OMsDirectoryString )", NULL, NULL },
468 #endif
469         { "ucdata-path", "path", 2, 2, 0, ARG_IGNORED,
470                 NULL, NULL, NULL, NULL },
471         { "updatedn", "dn", 2, 2, 0, ARG_DB|ARG_MAGIC,
472                 &config_updatedn, "( OLcfgAt:76 NAME 'olcUpdateDN' "
473                         "SYNTAX OMsDN )", NULL, NULL },
474         { "updateref", "url", 2, 2, 0, ARG_DB|ARG_MAGIC,
475                 &config_updateref, "( OLcfgAt:77 NAME 'olcUpdateRef' "
476                         "SUP labeledURI )", NULL, NULL },
477         { NULL, NULL, 0, 0, 0, ARG_IGNORED,
478                 NULL, NULL, NULL, NULL }
479 };
480
481
482 ConfigArgs *
483 new_config_args( BackendDB *be, const char *fname, int lineno, int argc, char **argv )
484 {
485         ConfigArgs *c;
486         c = ch_calloc( 1, sizeof( ConfigArgs ) );
487         if ( c == NULL ) return(NULL);
488         c->be     = be; 
489         c->fname  = fname;
490         c->argc   = argc;
491         c->argv   = argv; 
492         c->lineno = lineno;
493         snprintf( c->log, sizeof( c->log ), "%s: line %lu", fname, lineno );
494         return(c);
495 }
496
497 int parse_config_table(ConfigTable *Conf, ConfigArgs *c) {
498         int i, rc, arg_user, arg_type, iarg;
499         long larg;
500         ber_len_t barg;
501         for(i = 0; Conf[i].name; i++)
502                 if( (Conf[i].length && (!strncasecmp(c->argv[0], Conf[i].name, Conf[i].length))) ||
503                         (!strcasecmp(c->argv[0], Conf[i].name)) ) break;
504         if(!Conf[i].name) return(ARG_UNKNOWN);
505         arg_type = Conf[i].arg_type;
506         if(arg_type == ARG_IGNORED) {
507                 Debug(LDAP_DEBUG_CONFIG, "%s: keyword <%s> ignored\n",
508                         c->log, Conf[i].name, 0);
509                 return(0);
510         }
511         if(Conf[i].min_args && (c->argc < Conf[i].min_args)) {
512                 Debug(LDAP_DEBUG_CONFIG, "%s: keyword <%s> missing <%s> argument\n",
513                         c->log, Conf[i].name, Conf[i].what);
514                 return(ARG_BAD_CONF);
515         }
516         if(Conf[i].max_args && (c->argc > Conf[i].max_args)) {
517                 Debug(LDAP_DEBUG_CONFIG, "%s: extra cruft after <%s> in <%s> line (ignored)\n",
518                         c->log, Conf[i].what, Conf[i].name);
519         }
520         if((arg_type & ARG_DB) && !c->be) {
521                 Debug(LDAP_DEBUG_CONFIG, "%s: keyword <%s> allowed only within database declaration\n",
522                         c->log, Conf[i].name, 0);
523                 return(ARG_BAD_CONF);
524         }
525         if((arg_type & ARG_PRE_DB) && c->be) {
526                 Debug(LDAP_DEBUG_CONFIG, "%s: keyword <%s> must appear before any database declaration\n",
527                         c->log, Conf[i].name, 0);
528                 return(ARG_BAD_CONF);
529         }
530         if((arg_type & ARG_PAREN) && *c->argv[1] != '(' /*')'*/) {
531                 Debug(LDAP_DEBUG_CONFIG, "%s: old <%s> format not supported\n",
532                         c->log, Conf[i].name, 0);
533                 return(ARG_BAD_CONF);
534         }
535         if((arg_type & ARGS_POINTER) && !Conf[i].arg_item) {
536                 Debug(LDAP_DEBUG_CONFIG, "%s: null arg_item for <%s>\n",
537                         c->log, Conf[i].name, 0);
538                 return(ARG_BAD_CONF);
539         }
540         c->type = arg_user = (arg_type & ARGS_USERLAND);
541         c->value_int = c->value_long = c->value_ber_t = 0;
542         c->value_string = NULL;
543         BER_BVZERO( &c->value_dn );
544         BER_BVZERO( &c->value_ndn );
545         if(arg_type & ARGS_NUMERIC) {
546                 int j;
547                 iarg = 0; larg = 0; barg = 0;
548                 switch(arg_type & ARGS_NUMERIC) {
549                         case ARG_INT:           iarg = atoi(c->argv[1]);                break;
550                         case ARG_LONG:          larg = atol(c->argv[1]);                break;
551                         case ARG_BER_LEN_T:     barg = (ber_len_t)atol(c->argv[1]);     break;
552                         case ARG_ON_OFF:
553                                 if(!strcasecmp(c->argv[1], "on")) {
554                                         iarg = 1;
555                                 } else if(!strcasecmp(c->argv[1], "off")) {
556                                         iarg = 0;
557                                 } else {
558                                         Debug(LDAP_DEBUG_CONFIG, "%s: ignoring ", c->log, 0, 0);
559                                         Debug(LDAP_DEBUG_CONFIG, "invalid %s value (%s) in <%s> line\n",
560                                                 Conf[i].what, c->argv[1], Conf[i].name);
561                                         return(0);
562                                 }
563                                 break;
564                 }
565                 j = (arg_type & ARG_NONZERO) ? 1 : 0;
566                 rc = (Conf == SystemConfiguration) ? ((arg_type & ARG_SPECIAL) && (larg < index_substr_if_maxlen)) : 0;
567                 if(iarg < j || larg < j || barg < j || rc) {
568                         larg = larg ? larg : (barg ? barg : iarg);
569                         Debug(LDAP_DEBUG_CONFIG, "%s: " , c->log, 0, 0);
570                         Debug(LDAP_DEBUG_CONFIG, "invalid %s value (%ld) in <%s> line\n", Conf[i].what, larg, Conf[i].name);
571                         return(ARG_BAD_CONF);
572                 }
573                 c->value_int = iarg;
574                 c->value_long = larg;
575                 c->value_ber_t = barg;
576         }
577         if(arg_type & ARG_STRING) c->value_string = ch_strdup(c->argv[1]);
578         if(arg_type & ARG_DN) {
579                 struct berval bv;
580                 ber_str2bv( c->argv[1], 0, 0, &bv );
581                 rc = dnPrettyNormal( NULL, &bv, &c->value_dn, &c->value_ndn, NULL );
582                 if ( rc != LDAP_SUCCESS ) {
583                         Debug(LDAP_DEBUG_CONFIG, "%s: " , c->log, 0, 0);
584                         Debug(LDAP_DEBUG_CONFIG, "%s DN is invalid %d (%s)\n",
585                                 Conf[i].name, rc, ldap_err2string( rc ));
586                         return(ARG_BAD_CONF);
587                 }
588         }
589         if(arg_type & ARG_MAGIC) {
590                 if(!c->be) c->be = frontendDB;
591                 rc = (*((ConfigDriver*)Conf[i].arg_item))(c);
592                 if(c->be == frontendDB) c->be = NULL;
593                 if(rc) {
594                         Debug(LDAP_DEBUG_CONFIG, "%s: handler for <%s> exited with %d!",
595                                 c->log, Conf[i].name, rc);
596                         return(ARG_BAD_CONF);
597                 }
598                 return(0);
599         }
600         if(arg_type & ARGS_POINTER) switch(arg_type & ARGS_POINTER) {
601                         case ARG_ON_OFF:
602                         case ARG_INT:           *((int*)Conf[i].arg_item)               = iarg;                 break;
603                         case ARG_LONG:          *((long*)Conf[i].arg_item)              = larg;                 break;
604                         case ARG_BER_LEN_T:     *((ber_len_t*)Conf[i].arg_item)         = barg;                 break;
605                         case ARG_STRING: {
606                                 char *cc = *((char**)Conf[i].arg_item);
607                                 if(cc) {
608                                         if (arg_type & ARG_UNIQUE) {
609                                                 Debug(LDAP_DEBUG_CONFIG, "%s: already set %s!\n",
610                                                         c->log, Conf[i].name, 0 );
611                                                 return(ARG_BAD_CONF);
612                                         }
613                                         ch_free(cc);    /* potential memory leak */
614                                 }
615                                 *(char **)Conf[i].arg_item = c->value_string;
616                                 break;
617                                 }
618         }
619         return(arg_user);
620 }
621
622 int
623 init_config_schema(ConfigTable *ct) {
624         LDAPAttributeType *at;
625         int i, code;
626         const char *err;
627
628         for (i=0; ct[i].name; i++ ) {
629                 if ( !ct[i].attribute ) continue;
630                 at = ldap_str2attributetype( ct[i].attribute,
631                         &code, &err, LDAP_SCHEMA_ALLOW_ALL );
632                 if ( !at ) {
633                         fprintf( stderr, "init_config_schema: AttributeType \"%s\": %s, %s\n",
634                                 ct[i].attribute, ldap_scherr2str(code), err );
635                         return code;
636                 }
637                 code = at_add( at, &err );
638                 if ( code ) {
639                         fprintf( stderr, "init_config_schema: AttributeType \"%s\": %s, %s\n",
640                                 ct[i].attribute, scherr2str(code), err );
641                         return code;
642                 }
643                 code = slap_str2ad( at->at_names[0], &ct[i].ad, &err );
644                 if ( code ) {
645                         fprintf( stderr, "init_config_schema: AttributeType \"%s\": %s\n",
646                                 ct[i].attribute, err );
647                         return code;
648                 }
649         }
650 }
651
652 int
653 read_config(const char *fname, int depth) {
654         int i;
655         char *argv[3];
656
657         for (i=0; OidMacros[i].name; i++ ) {
658                 argv[1] = OidMacros[i].name;
659                 argv[2] = OidMacros[i].oid;
660                 parse_oidm( "slapd", i, 3, argv );
661         }
662         i = init_config_schema(SystemConfiguration);
663         if ( i ) return i;
664         return read_config_file(fname, depth, NULL);
665 }
666
667 int
668 read_config_file(const char *fname, int depth, ConfigArgs *cf)
669 {
670         FILE *fp;
671         ConfigArgs *c;
672         int rc;
673
674         c = ch_calloc( 1, sizeof( ConfigArgs ) );
675         if ( c == NULL ) {
676                 return 1;
677         }
678
679         if ( depth ) {
680                 memcpy( c, cf, sizeof( ConfigArgs ) );
681         } else {
682                 c->depth = depth; /* XXX */
683                 c->bi = NULL;
684                 c->be = NULL;
685         }
686
687         c->fname = fname;
688         c->argv = ch_calloc( ARGS_STEP + 1, sizeof( *c->argv ) );
689         c->argv_size = ARGS_STEP + 1;
690
691         fp = fopen( fname, "r" );
692         if ( fp == NULL ) {
693                 ldap_syslog = 1;
694                 Debug(LDAP_DEBUG_ANY,
695                     "could not open config file \"%s\": %s (%d)\n",
696                     fname, strerror(errno), errno);
697                 return(1);
698         }
699
700         Debug(LDAP_DEBUG_CONFIG, "reading config file %s\n", fname, 0, 0);
701
702         fp_getline_init(c);
703
704         while ( fp_getline( fp, c ) ) {
705                 /* skip comments and blank lines */
706                 if ( c->line[0] == '#' || c->line[0] == '\0' ) {
707                         continue;
708                 }
709
710                 snprintf( c->log, sizeof( c->log ), "%s: line %lu",
711                                 c->fname, c->lineno );
712
713                 if ( fp_parse_line( c ) ) {
714                         goto badline;
715                 }
716
717                 if ( c->argc < 1 ) {
718                         Debug(LDAP_DEBUG_CONFIG, "%s: bad config line (ignored)\n", c->log, 0, 0);
719                         continue;
720                 }
721
722                 rc = parse_config_table( SystemConfiguration, c );
723                 if ( !rc ) {
724                         continue;
725                 }
726                 if ( rc & ARGS_USERLAND ) {
727                         switch(rc) {    /* XXX a usertype would be opaque here */
728                         default:
729                                 Debug(LDAP_DEBUG_CONFIG, "%s: unknown user type <%d>\n",
730                                         c->log, *c->argv, 0);
731                                 goto badline;
732                         }
733
734                 } else if ( rc == ARG_BAD_CONF || rc != ARG_UNKNOWN ) {
735                         goto badline;
736                         
737                 } else if ( c->bi && c->bi->bi_config ) {               /* XXX to check: could both be/bi_config? oops */
738                         rc = (*c->bi->bi_config)(c->bi, c->fname, c->lineno, c->argc, c->argv);
739                         if ( rc ) {
740                                 switch(rc) {
741                                 case SLAP_CONF_UNKNOWN:
742                                         Debug(LDAP_DEBUG_CONFIG, "%s: "
743                                                 "unknown directive <%s> inside backend info definition (ignored)\n",
744                                                 c->log, *c->argv, 0);
745                                         continue;
746                                 default:
747                                         goto badline;
748                                 }
749                         }
750                         
751                 } else if ( c->be && c->be->be_config ) {
752                         rc = (*c->be->be_config)(c->be, c->fname, c->lineno, c->argc, c->argv);
753                         if ( rc ) {
754                                 switch(rc) {
755                                 case SLAP_CONF_UNKNOWN:
756                                         Debug( LDAP_DEBUG_CONFIG, "%s: "
757                                                 "unknown directive <%s> inside backend database definition (ignored)\n",
758                                                 c->log, *c->argv, 0);
759                                         continue;
760                                 default:
761                                         goto badline;
762                                 }
763                         }
764
765                 } else if ( frontendDB->be_config ) {
766                         rc = (*frontendDB->be_config)(frontendDB, c->fname, (int)c->lineno, c->argc, c->argv);
767                         if ( rc ) {
768                                 switch(rc) {
769                                 case SLAP_CONF_UNKNOWN:
770                                         Debug( LDAP_DEBUG_CONFIG, "%s: "
771                                                 "unknown directive <%s> inside global database definition (ignored)\n",
772                                                 c->log, *c->argv, 0);
773                                         continue;
774                                 default:
775                                         goto badline;
776                                 }
777                         }
778                         
779                 } else {
780                         Debug(LDAP_DEBUG_CONFIG, "%s: "
781                                 "unknown directive <%s> outside backend info and database definitions (ignored)\n",
782                                 c->log, *c->argv, 0);
783                         continue;
784
785                 }
786         }
787
788         fclose(fp);
789
790         if ( BER_BVISNULL( &frontendDB->be_schemadn ) ) {
791                 ber_str2bv( SLAPD_SCHEMA_DN, STRLENOF( SLAPD_SCHEMA_DN ), 1,
792                         &frontendDB->be_schemadn );
793                 rc = dnNormalize( 0, NULL, NULL, &frontendDB->be_schemadn, &frontendDB->be_schemandn, NULL );
794                 if ( rc != LDAP_SUCCESS ) {
795                         Debug(LDAP_DEBUG_ANY, "%s: "
796                                 "unable to normalize default schema DN \"%s\"\n",
797                                 c->log, frontendDB->be_schemadn.bv_val, 0 );
798                         /* must not happen */
799                         assert( 0 );
800                 }
801         }
802
803         ch_free(c->argv);
804         ch_free(c);
805         return(0);
806
807 badline:
808         fclose(fp);
809         ch_free(c->argv);
810         ch_free(c);
811         return(1);
812 }
813
814 int
815 config_generic(ConfigArgs *c) {
816         char *p = strchr(c->line,'(' /*')'*/);
817         int i;
818
819         switch(c->type) {
820                 case CFG_BACKEND:
821                         if(!(c->bi = backend_info(c->argv[1]))) {
822                                 Debug(LDAP_DEBUG_ANY, "%s: "
823                                         "backend %s failed init!\n", c->log, c->argv[1], 0);
824                                 return(1);
825                         }
826                         break;
827
828                 case CFG_DATABASE:
829                         c->bi = NULL;
830                         if(!(c->be = backend_db_init(c->argv[1]))) {
831                                 Debug(LDAP_DEBUG_ANY, "%s: "
832                                         "database %s failed init!\n", c->log, c->argv[1], 0);
833                                 return(1);
834                         }
835                         break;
836
837                 case CFG_CONCUR:
838                         ldap_pvt_thread_set_concurrency(c->value_long);
839                         break;
840
841                 case CFG_THREADS:
842                         ldap_pvt_thread_pool_maxthreads(&connection_pool, c->value_int);
843                         connection_pool_max = c->value_int;     /* save for reference */
844                         break;
845
846                 case CFG_SALT:
847                         lutil_salt_format(c->argv[1]);
848                         break;
849
850                 case CFG_LIMITS:
851                         if(limits_parse(c->be, c->fname, c->lineno, c->argc, c->argv))
852                                 return(1);
853                         break;
854
855                 case CFG_RO:
856                         if(c->value_int)
857                                 c->be->be_restrictops |= SLAP_RESTRICT_OP_WRITES;
858                         else
859                                 c->be->be_restrictops &= ~SLAP_RESTRICT_OP_WRITES;
860                         break;
861
862                 case CFG_AZPOLICY:
863                         if (slap_sasl_setpolicy( c->argv[1] )) {
864                                 Debug(LDAP_DEBUG_ANY, "%s: unable to parse value \"%s\" in"
865                                         " \"authz-policy <policy>\"\n",
866                                         c->log, c->argv[1], 0 );
867                                 return(1);
868                         }
869                         break;
870                 
871                 case CFG_AZREGEXP:
872                         if (slap_sasl_regexp_config( c->argv[1], c->argv[2] ))
873                                 return(1);
874                         break;
875                                 
876 #ifdef HAVE_CYRUS_SASL
877                 case CFG_SASLSECP:
878                         {
879                         char *txt = slap_sasl_secprops( c->argv[1] );
880                         if ( txt ) {
881                                 Debug(LDAP_DEBUG_ANY, "%s: sasl-secprops: %s\n",
882                                         c->log, txt, 0 );
883                                 return(1);
884                         }
885                         break;
886 #endif
887
888                 case CFG_DEPTH:
889                         c->be->be_max_deref_depth = c->value_int;
890                         break;
891
892                 case CFG_OID:
893                         if(parse_oidm(c->fname, c->lineno, c->argc, c->argv)) return(1);
894                         break;
895
896                 case CFG_OC:
897                         if(parse_oc(c->fname, c->lineno, p, c->argv)) return(1);
898                         break;
899
900                 case CFG_DIT:
901                         if(parse_cr(c->fname, c->lineno, p, c->argv)) return(1);
902                         break;
903
904                 case CFG_ATTR:
905                         if(parse_at(c->fname, c->lineno, p, c->argv)) return(1);
906                         break;
907
908                 case CFG_ATOPT:
909                         ad_define_option(NULL, NULL, 0);
910                         for(i = 1; i < c->argc; i++)
911                                 if(ad_define_option(c->argv[i], c->fname, c->lineno))
912                                         return(1);
913                         break;
914
915                 case CFG_CHECK:
916                         global_schemacheck = c->value_int;
917                         if(!global_schemacheck) Debug(LDAP_DEBUG_ANY, "%s: "
918                                 "schema checking disabled! your mileage may vary!\n",
919                                 c->log, 0, 0);
920                         break;
921
922                 case CFG_ACL:
923                         parse_acl(c->be, c->fname, c->lineno, c->argc, c->argv);
924                         break;
925
926 #if 0
927                 case CFG_AUDITLOG:
928                         c->be->be_auditlogfile = c->value_string;
929                         break;
930 #endif
931
932                 case CFG_REPLOG:
933                         if(SLAP_MONITOR(c->be)) {
934                                 Debug(LDAP_DEBUG_ANY, "%s: "
935                                         "\"replogfile\" should not be used "
936                                         "inside monitor database\n",
937                                         c->log, 0, 0);
938                                 return(0);      /* FIXME: should this be an error? */
939                         }
940
941                         c->be->be_replogfile = c->value_string;
942                         break;
943
944                 case CFG_ROOTDSE:
945                         if(read_root_dse_file(c->argv[1])) {
946                                 Debug(LDAP_DEBUG_ANY, "%s: "
947                                         "could not read \"rootDSE <filename>\" line\n",
948                                         c->log, 0, 0);
949                                 return(1);
950                         }
951                         break;
952
953                 case CFG_LOGFILE: {
954                         FILE *logfile = fopen(c->argv[1], "w");
955                         if(logfile) lutil_debug_file(logfile);
956                         break;
957                         }
958
959                 case CFG_LASTMOD:
960                         if(SLAP_NOLASTMODCMD(c->be)) {
961                                 Debug(LDAP_DEBUG_ANY, "%s: "
962                                         "lastmod not available for %s databases\n",
963                                         c->log, c->be->bd_info->bi_type, 0);
964                                 return(1);
965                         }
966                         if(c->value_int)
967                                 SLAP_DBFLAGS(c->be) &= ~SLAP_DBFLAG_NOLASTMOD;
968                         else
969                                 SLAP_DBFLAGS(c->be) |= SLAP_DBFLAG_NOLASTMOD;
970                         break;
971
972 #ifdef SLAPD_MODULES
973                 case CFG_MODLOAD:
974                         if(module_load(c->argv[1], c->argc - 2, (c->argc > 2) ? c->argv + 2 : NULL))
975                                 return(1);
976                         break;
977
978                 case CFG_MODPATH:
979                         if(module_path(c->argv[1])) return(1);
980                         break;
981 #endif
982
983 #ifdef LDAP_SLAPI
984                 case CFG_PLUGIN:
985                         if(slapi_int_read_config(c->be, c->fname, c->lineno, c->argc, c->argv) != LDAP_SUCCESS)
986                                 return(1);
987                         slapi_plugins_used++;
988                         break;
989 #endif
990
991 #ifdef SLAP_AUTH_REWRITE
992                 case CFG_REWRITE:
993                         if(slap_sasl_rewrite_config(c->fname, c->lineno, c->argc, c->argv))
994                                 return(1);
995                         break;
996 #endif
997
998
999                 default:
1000                         Debug(LDAP_DEBUG_ANY, "%s: unknown CFG_TYPE %d"
1001                                 "(ignored)\n", c->log, c->type, 0);
1002
1003         }
1004         return(0);
1005 }
1006
1007
1008 int
1009 config_search_base(ConfigArgs *c) {
1010         struct berval dn;
1011         int rc;
1012         if(c->bi || c->be != frontendDB) {
1013                 Debug(LDAP_DEBUG_ANY, "%s: defaultSearchBase line must appear "
1014                         "prior to any backend or database definition\n",
1015                         c->log, 0, 0);
1016                 return(1);
1017         }
1018
1019         if(default_search_nbase.bv_len) {
1020                 Debug(LDAP_DEBUG_ANY, "%s: "
1021                         "default search base \"%s\" already defined "
1022                         "(discarding old)\n",
1023                         c->log, default_search_base.bv_val, 0);
1024                 free(default_search_base.bv_val);
1025                 free(default_search_nbase.bv_val);
1026         }
1027
1028         default_search_base = c->value_dn;
1029         default_search_nbase = c->value_ndn;
1030         return(0);
1031 }
1032
1033 int
1034 config_passwd_hash(ConfigArgs *c) {
1035         int i;
1036         if(default_passwd_hash) {
1037                 Debug(LDAP_DEBUG_ANY, "%s: "
1038                         "already set default password_hash\n",
1039                         c->log, 0, 0);
1040                 return(1);
1041         }
1042         for(i = 1; i < c->argc; i++) {
1043                 if(!lutil_passwd_scheme(c->argv[i])) {
1044                         Debug(LDAP_DEBUG_ANY, "%s: "
1045                                 "password scheme \"%s\" not available\n",
1046                                 c->log, c->argv[i], 0);
1047                 } else {
1048                         ldap_charray_add(&default_passwd_hash, c->argv[i]);
1049                 }
1050                 if(!default_passwd_hash) {
1051                         Debug(LDAP_DEBUG_ANY, "%s: no valid hashes found\n",
1052                                 c->log, 0, 0 );
1053                         return(1);
1054                 }
1055         }
1056         return(0);
1057 }
1058
1059 int
1060 config_schema_dn(ConfigArgs *c) {
1061         struct berval dn;
1062         int rc;
1063         c->be->be_schemadn = c->value_dn;
1064         c->be->be_schemandn = c->value_ndn;
1065         return(0);
1066 }
1067
1068 int
1069 config_sizelimit(ConfigArgs *c) {
1070         int i, rc = 0;
1071         char *next;
1072         struct slap_limits_set *lim = &c->be->be_def_limit;
1073         for(i = 1; i < c->argc; i++) {
1074                 if(!strncasecmp(c->argv[i], "size", 4)) {
1075                         rc = limits_parse_one(c->argv[i], lim);
1076                         if ( rc ) {
1077                                 Debug(LDAP_DEBUG_ANY, "%s: "
1078                                         "unable to parse value \"%s\" in \"sizelimit <limit>\" line\n",
1079                                         c->log, c->argv[i], 0);
1080                                 return(1);
1081                         }
1082                 } else {
1083                         if(!strcasecmp(c->argv[i], "unlimited")) {
1084                                 lim->lms_s_soft = -1;
1085                         } else {
1086                                 lim->lms_s_soft = strtol(c->argv[i], &next, 0);
1087                                 if(next == c->argv[i]) {
1088                                         Debug(LDAP_DEBUG_ANY, "%s: "
1089                                                 "unable to parse limit \"%s\" in \"sizelimit <limit>\" line\n",
1090                                                 c->log, c->argv[i], 0);
1091                                         return(1);
1092                                 } else if(next[0] != '\0') {
1093                                         Debug(LDAP_DEBUG_ANY, "%s: "
1094                                                 "trailing chars \"%s\" in \"sizelimit <limit>\" line (ignored)\n",
1095                                                 c->log, next, 0);
1096                                 }
1097                         }
1098                         lim->lms_s_hard = 0;
1099                 }
1100         }
1101         return(0);
1102 }
1103
1104 int
1105 config_timelimit(ConfigArgs *c) {
1106         int i, rc = 0;
1107         char *next;
1108         struct slap_limits_set *lim = &c->be->be_def_limit;
1109         for(i = 1; i < c->argc; i++) {
1110                 if(!strncasecmp(c->argv[i], "time", 4)) {
1111                         rc = limits_parse_one(c->argv[i], lim);
1112                         if ( rc ) {
1113                                 Debug(LDAP_DEBUG_ANY, "%s: "
1114                                         "unable to parse value \"%s\" in \"timelimit <limit>\" line\n",
1115                                         c->log, c->argv[i], 0);
1116                                 return(1);
1117                         }
1118                 } else {
1119                         if(!strcasecmp(c->argv[i], "unlimited")) {
1120                                 lim->lms_t_soft = -1;
1121                         } else {
1122                                 lim->lms_t_soft = strtol(c->argv[i], &next, 0);
1123                                 if(next == c->argv[i]) {
1124                                         Debug(LDAP_DEBUG_ANY, "%s: "
1125                                                 "unable to parse limit \"%s\" in \"timelimit <limit>\" line\n",
1126                                                 c->log, c->argv[i], 0);
1127                                         return(1);
1128                                 } else if(next[0] != '\0') {
1129                                         Debug(LDAP_DEBUG_ANY, "%s: "
1130                                                 "trailing chars \"%s\" in \"timelimit <limit>\" line (ignored)\n",
1131                                                 c->log, next, 0);
1132                                 }
1133                         }
1134                         lim->lms_t_hard = 0;
1135                 }
1136         }
1137         return(0);
1138 }
1139
1140 int
1141 config_overlay(ConfigArgs *c) {
1142         if(c->argv[1][0] == '-' && overlay_config(c->be, &c->argv[1][1])) {
1143                 /* log error */
1144                 Debug(LDAP_DEBUG_ANY, "%s: (optional) %s overlay \"%s\" configuration failed (ignored)\n",
1145                         c->log, c->be == frontendDB ? "global " : "", c->argv[1][1]);
1146         } else if(overlay_config(c->be, c->argv[1])) {
1147                 return(1);
1148         }
1149         return(0);
1150 }
1151
1152 int
1153 config_suffix(ConfigArgs *c) {
1154         Backend *tbe;
1155         struct berval pdn, ndn;
1156         int rc;
1157 #ifdef SLAPD_MONITOR_DN
1158         if(!strcasecmp(c->argv[1], SLAPD_MONITOR_DN)) {
1159                 Debug(LDAP_DEBUG_ANY, "%s: "
1160                         "\"%s\" is reserved for monitoring slapd\n",
1161                         c->log, SLAPD_MONITOR_DN, 0);
1162                 return(1);
1163         }
1164 #endif
1165
1166         pdn = c->value_dn;
1167         ndn = c->value_ndn;
1168         tbe = select_backend(&ndn, 0, 0);
1169         if(tbe == c->be) {
1170                 Debug(LDAP_DEBUG_ANY, "%s: suffix already served by this backend! (ignored)\n",
1171                         c->log, 0, 0);
1172                 free(pdn.bv_val);
1173                 free(ndn.bv_val);
1174         } else if(tbe) {
1175                 Debug(LDAP_DEBUG_ANY, "%s: suffix already served by a preceding backend \"%s\"\n",
1176                         c->log, tbe->be_suffix[0].bv_val, 0);
1177                 free(pdn.bv_val);
1178                 free(ndn.bv_val);
1179                 return(1);
1180         } else if(pdn.bv_len == 0 && default_search_nbase.bv_len) {
1181                 Debug(LDAP_DEBUG_ANY, "%s: suffix DN empty and default search "
1182                         "base provided \"%s\" (assuming okay)\n",
1183                         c->log, default_search_base.bv_val, 0);
1184         }
1185         ber_bvarray_add(&c->be->be_suffix, &pdn);
1186         ber_bvarray_add(&c->be->be_nsuffix, &ndn);
1187         return(0);
1188 }
1189
1190 int
1191 config_rootdn(ConfigArgs *c) {
1192         c->be->be_rootdn = c->value_dn;
1193         c->be->be_rootndn = c->value_ndn;
1194         return(0);
1195 }
1196
1197 int
1198 config_rootpw(ConfigArgs *c) {
1199         Backend *tbe = select_backend(&c->be->be_rootndn, 0, 0);
1200         if(tbe != c->be) {
1201                 Debug(LDAP_DEBUG_ANY, "%s: "
1202                         "rootpw can only be set when rootdn is under suffix\n",
1203                         c->log, 0, 0);
1204                 return(1);
1205         }
1206         ber_str2bv(c->argv[1], 0, 1, &c->be->be_rootpw);
1207         return(0);
1208 }
1209
1210 /* restrictops, allows, disallows, requires, loglevel */
1211
1212 struct verb_mask_list { char *word; int mask; };
1213
1214 int
1215 verb_to_mask(ConfigArgs *c, struct verb_mask_list *v, int word) {
1216         int j;
1217         for(j = 0; v[j].word; j++)
1218                 if(!strcasecmp(c->argv[word], v[j].word))
1219                         break;
1220         return(j);
1221 }
1222
1223 int
1224 verbs_to_mask(ConfigArgs *c, struct verb_mask_list *v, slap_mask_t *m) {
1225         int i, j;
1226         for(i = 1; i < c->argc; i++) {
1227                 j = verb_to_mask(c, v, i);
1228                 if(!v[j].word) return(1);
1229                 *m |= v[j].mask;
1230         }
1231         return(0);
1232 }
1233
1234 int
1235 config_restrict(ConfigArgs *c) {
1236         slap_mask_t restrictops = 0;
1237         int i, j;
1238         struct verb_mask_list restrictable_exops[] = {
1239                 { LDAP_EXOP_START_TLS,          SLAP_RESTRICT_EXOP_START_TLS },
1240                 { LDAP_EXOP_MODIFY_PASSWD,      SLAP_RESTRICT_EXOP_MODIFY_PASSWD },
1241                 { LDAP_EXOP_X_WHO_AM_I,         SLAP_RESTRICT_EXOP_WHOAMI },
1242                 { LDAP_EXOP_X_CANCEL,           SLAP_RESTRICT_EXOP_CANCEL },
1243                 { NULL, 0 }
1244         };
1245         struct verb_mask_list restrictable_ops[] = {
1246                 { "bind",               SLAP_RESTRICT_OP_BIND },
1247                 { "add",                SLAP_RESTRICT_OP_ADD },
1248                 { "modify",             SLAP_RESTRICT_OP_MODIFY },
1249                 { "modrdn",             SLAP_RESTRICT_OP_RENAME },
1250                 { "rename",             SLAP_RESTRICT_OP_RENAME },
1251                 { "delete",             SLAP_RESTRICT_OP_DELETE },
1252                 { "search",             SLAP_RESTRICT_OP_SEARCH },
1253                 { "compare",            SLAP_RESTRICT_OP_COMPARE },
1254                 { "read",               SLAP_RESTRICT_OP_READS },
1255                 { "write",              SLAP_RESTRICT_OP_WRITES },
1256                 { NULL, 0 }
1257         };
1258
1259         for(i = 1; i < c->argc; i++) {
1260                 j = verb_to_mask(c, restrictable_ops, i);
1261                 if(restrictable_ops[j].word) {
1262                         restrictops |= restrictable_ops[j].mask;
1263                         continue;
1264                 } else if(!strncasecmp(c->argv[i], "extended", STRLENOF("extended"))) {
1265                         char *e = c->argv[i] + STRLENOF("extended");
1266                         if(e[0] == '=') {
1267                                 int k = verb_to_mask(c, restrictable_exops, e[1]);
1268                                 if(restrictable_exops[k].word) {
1269                                         restrictops |= restrictable_exops[k].mask;
1270                                         continue;
1271                                 } else break;
1272                         } else if(!e[0]) {
1273                                 restrictops &= ~SLAP_RESTRICT_EXOP_MASK;
1274                                 restrictops |= SLAP_RESTRICT_OP_EXTENDED;
1275                         } else break;
1276                 }
1277         }
1278         if(i < c->argc) {
1279                 c->be->be_restrictops |= restrictops;
1280                 return(0);
1281         }
1282         Debug(LDAP_DEBUG_ANY, "%s: "
1283                 "unknown operation %s in \"restrict <features>\" line\n",
1284                 c->log, c->argv[i], 0);
1285         return(1);
1286 }
1287
1288 int
1289 config_allows(ConfigArgs *c) {
1290         slap_mask_t allows = 0;
1291         int i;
1292         struct verb_mask_list allowable_ops[] = {
1293                 { "bind_v2",            SLAP_ALLOW_BIND_V2 },
1294                 { "bind_anon_cred",     SLAP_ALLOW_BIND_ANON_CRED },
1295                 { "bind_anon_dn",       SLAP_ALLOW_BIND_ANON_DN },
1296                 { "update_anon",        SLAP_ALLOW_UPDATE_ANON },
1297                 { NULL, 0 }
1298         };
1299         i = verbs_to_mask(c, allowable_ops, &allows);
1300         if ( i ) {
1301                 Debug(LDAP_DEBUG_ANY, "%s: "
1302                         "unknown feature %s in \"allow <features>\" line\n",
1303                         c->log, c->argv[i], 0);
1304                 return(1);
1305         }
1306         global_allows |= allows;
1307         return(0);
1308 }
1309
1310 int
1311 config_disallows(ConfigArgs *c) {
1312         slap_mask_t disallows = 0;
1313         int i;
1314         struct verb_mask_list disallowable_ops[] = {
1315                 { "bind_anon",          SLAP_DISALLOW_BIND_ANON },
1316                 { "bind_simple",        SLAP_DISALLOW_BIND_SIMPLE },
1317                 { "bind_krb4",          SLAP_DISALLOW_BIND_KRBV4 },
1318                 { "tls_2_anon",         SLAP_DISALLOW_TLS_2_ANON },
1319                 { "tls_authc",          SLAP_DISALLOW_TLS_AUTHC },
1320                 { NULL, 0 }
1321         };
1322         i = verbs_to_mask(c, disallowable_ops, &disallows);
1323         if ( i ) {
1324                 Debug(LDAP_DEBUG_ANY, "%s: "
1325                         "unknown feature %s in \"disallow <features>\" line\n",
1326                         c->log, c->argv[i], 0);
1327                 return(1);
1328         }
1329         global_disallows |= disallows;
1330         return(0);
1331 }
1332
1333 int
1334 config_requires(ConfigArgs *c) {
1335         slap_mask_t requires = 0;
1336         int i;
1337         struct verb_mask_list requires_ops[] = {
1338                 { "bind",               SLAP_REQUIRE_BIND },
1339                 { "LDAPv3",             SLAP_REQUIRE_LDAP_V3 },
1340                 { "authc",              SLAP_REQUIRE_AUTHC },
1341                 { "sasl",               SLAP_REQUIRE_SASL },
1342                 { "strong",             SLAP_REQUIRE_STRONG },
1343                 { NULL, 0 }
1344         };
1345         i = verbs_to_mask(c, requires_ops, &requires);
1346         if ( i ) {
1347                 Debug(LDAP_DEBUG_ANY, "%s: "
1348                         "unknown feature %s in \"require <features>\" line\n",
1349                         c->log, c->argv[i], 0);
1350                 return(1);
1351         }
1352         c->be->be_requires = requires;
1353         return(0);
1354 }
1355
1356 int
1357 config_loglevel(ConfigArgs *c) {
1358         int i;
1359         char *next;
1360         struct verb_mask_list loglevel_ops[] = {
1361                 { "Trace",      LDAP_DEBUG_TRACE },
1362                 { "Packets",    LDAP_DEBUG_PACKETS },
1363                 { "Args",       LDAP_DEBUG_ARGS },
1364                 { "Conns",      LDAP_DEBUG_CONNS },
1365                 { "BER",        LDAP_DEBUG_BER },
1366                 { "Filter",     LDAP_DEBUG_FILTER },
1367                 { "Config",     LDAP_DEBUG_CONFIG },
1368                 { "ACL",        LDAP_DEBUG_ACL },
1369                 { "Stats",      LDAP_DEBUG_STATS },
1370                 { "Stats2",     LDAP_DEBUG_STATS2 },
1371                 { "Shell",      LDAP_DEBUG_SHELL },
1372                 { "Parse",      LDAP_DEBUG_PARSE },
1373                 { "Cache",      LDAP_DEBUG_CACHE },
1374                 { "Index",      LDAP_DEBUG_INDEX },
1375                 { "Any",        -1 },
1376                 { NULL, 0 }
1377         };
1378         ldap_syslog = 0;
1379
1380         for( i=1; i < c->argc; i++ ) {
1381                 int     level;
1382
1383                 if ( isdigit( c->argv[i][0] ) ) {
1384                         level = strtol( c->argv[i], &next, 10 );
1385                         if ( next == NULL || next[0] != '\0' ) {
1386                                 Debug( LDAP_DEBUG_ANY,
1387                                         "%s: unable to parse level \"%s\" "
1388                                         "in \"loglevel <level> [...]\" line.\n",
1389                                         c->log, c->argv[i], 0);
1390                                 return( 1 );
1391                         }
1392                 } else {
1393                         int j = verb_to_mask(c, loglevel_ops, c->argv[i][0]);
1394                         if(!loglevel_ops[j].word) {
1395                                 Debug( LDAP_DEBUG_ANY,
1396                                         "%s: unknown level \"%s\" "
1397                                         "in \"loglevel <level> [...]\" line.\n",
1398                                         c->log, c->argv[i], 0);
1399                                 return( 1 );
1400                         }
1401                         level = loglevel_ops[j].mask;
1402                 }
1403                 ldap_syslog |= level;
1404         }
1405         return(0);
1406 }
1407
1408 int
1409 config_syncrepl(ConfigArgs *c) {
1410         if(SLAP_SHADOW(c->be)) {
1411                 Debug(LDAP_DEBUG_ANY, "%s: "
1412                         "syncrepl: database already shadowed.\n",
1413                         c->log, 0, 0);
1414                 return(1);
1415         } else if(add_syncrepl(c->be, c->argv, c->argc)) {
1416                 return(1);
1417         }
1418         SLAP_DBFLAGS(c->be) |= (SLAP_DBFLAG_SHADOW | SLAP_DBFLAG_SYNC_SHADOW);
1419         return(0);
1420 }
1421
1422 int
1423 config_referral(ConfigArgs *c) {
1424         struct berval vals[2];
1425         if(validate_global_referral(c->argv[1])) {
1426                 Debug(LDAP_DEBUG_ANY, "%s: "
1427                         "invalid URL (%s) in \"referral\" line.\n",
1428                         c->log, c->argv[1], 0);
1429                 return(1);
1430         }
1431
1432         ber_str2bv(c->argv[1], 0, 1, &vals[0]);
1433         vals[1].bv_val = NULL; vals[1].bv_len = 0;
1434         if(value_add(&default_referral, vals)) return(LDAP_OTHER);
1435         return(0);
1436 }
1437
1438 int
1439 config_security(ConfigArgs *c) {
1440         slap_ssf_set_t *set = &c->be->be_ssf_set;
1441         char *next;
1442         int i;
1443         for(i = 1; i < c->argc; i++) {
1444                 slap_ssf_t *tgt;
1445                 char *src;
1446                 if(!strncasecmp(c->argv[i], "ssf=", 4)) {
1447                         tgt = &set->sss_ssf;
1448                         src = &c->argv[i][4];
1449                 } else if(!strncasecmp(c->argv[i], "transport=", 10)) {
1450                         tgt = &set->sss_transport;
1451                         src = &c->argv[i][10];
1452                 } else if(!strncasecmp(c->argv[i], "tls=", 4)) {
1453                         tgt = &set->sss_tls;
1454                         src = &c->argv[i][4];
1455                 } else if(!strncasecmp(c->argv[i], "sasl=", 5)) {
1456                         tgt = &set->sss_sasl;
1457                         src = &c->argv[i][5];
1458                 } else if(!strncasecmp(c->argv[i], "update_ssf=", 11)) {
1459                         tgt = &set->sss_update_ssf;
1460                         src = &c->argv[i][11];
1461                 } else if(!strncasecmp(c->argv[i], "update_transport=", 17)) {
1462                         tgt = &set->sss_update_transport;
1463                         src = &c->argv[i][17];
1464                 } else if(!strncasecmp(c->argv[i], "update_tls=", 11)) {
1465                         tgt = &set->sss_update_tls;
1466                         src = &c->argv[i][11];
1467                 } else if(!strncasecmp(c->argv[i], "update_sasl=", 12)) {
1468                         tgt = &set->sss_update_sasl;
1469                         src = &c->argv[i][12];
1470                 } else if(!strncasecmp(c->argv[i], "simple_bind=", 12)) {
1471                         tgt = &set->sss_simple_bind;
1472                         src = &c->argv[i][12];
1473                 } else {
1474                         Debug(LDAP_DEBUG_ANY, "%s: "
1475                                 "unknown factor %s in \"security <factors>\" line\n",
1476                                 c->log, c->argv[i], 0);
1477                         return(1);
1478                 }
1479
1480                 *tgt = strtol(src, &next, 10);
1481                 if(next == NULL || next[0] != '\0' ) {
1482                         Debug(LDAP_DEBUG_ANY, "%s: "
1483                                 "unable to parse factor \"%s\" in \"security <factors>\" line\n",
1484                                 c->log, c->argv[i], 0);
1485                         return(1);
1486                 }
1487         }
1488         return(0);
1489 }
1490
1491 int
1492 config_replica(ConfigArgs *c) {
1493         int i, nr = -1;
1494         char *replicahost, *replicalog = NULL;
1495         LDAPURLDesc *ludp;
1496
1497         if(SLAP_MONITOR(c->be)) {
1498                 Debug(LDAP_DEBUG_ANY, "%s: "
1499                         "\"replica\" should not be used inside monitor database\n",
1500                         c->log, 0, 0);
1501                 return(0);      /* FIXME: should this be an error? */
1502         }
1503
1504         for(i = 1; i < c->argc; i++) {
1505                 if(!strncasecmp(c->argv[i], "host=", STRLENOF("host="))) {
1506                         replicalog = c->argv[i] + STRLENOF("host=");
1507                         nr = add_replica_info(c->be, c->argv[i] + STRLENOF("host="));
1508                         break;
1509                 } else if(!strncasecmp(c->argv[i], "uri=", STRLENOF("uri="))) {
1510                         if(ldap_url_parse(c->argv[i] + STRLENOF("uri="), &ludp) != LDAP_SUCCESS) {
1511                                 Debug(LDAP_DEBUG_ANY, "%s: "
1512                                         "replica line contains invalid "
1513                                         "uri definition.\n", c->log, 0, 0);
1514                                 return(1);
1515                         }
1516                         if(!ludp->lud_host) {
1517                                 Debug(LDAP_DEBUG_ANY, "%s: "
1518                                         "replica line contains invalid "
1519                                         "uri definition - missing hostname.\n",
1520                                         c->log, 0, 0);
1521                                 return(1);
1522                         }
1523                         replicahost = ch_malloc(strlen(c->argv[i]));
1524                         if(!replicahost) {
1525                                 Debug(LDAP_DEBUG_ANY,
1526                                         "out of memory in read_config\n", 0, 0, 0);
1527                                 ldap_free_urldesc(ludp);
1528                                 exit(EXIT_FAILURE);
1529                         }
1530                         sprintf(replicahost, "%s:%d", ludp->lud_host, ludp->lud_port);
1531                         replicalog = c->argv[i] + STRLENOF("uri=");
1532                         nr = add_replica_info(c->be, replicahost);
1533                         ldap_free_urldesc(ludp);
1534                         ch_free(replicahost);
1535                         break;
1536                 }
1537         }
1538         if(i == c->argc) {
1539                 Debug(LDAP_DEBUG_ANY, "%s: "
1540                         "missing host or uri in \"replica\" line\n",
1541                         c->log, 0, 0);
1542                 return(1);
1543         } else if(nr == -1) {
1544                 Debug(LDAP_DEBUG_ANY, "%s: "
1545                         "unable to add replica \"%s\"\n",
1546                         c->log, replicalog, 0);
1547                 return(1);
1548         } else {
1549                 for(i = 1; i < c->argc; i++) {
1550                         if(!strncasecmp(c->argv[i], "suffix=", STRLENOF( "suffix="))) {
1551                                 switch(add_replica_suffix(c->be, nr, c->argv[i] + STRLENOF("suffix="))) {
1552                                         case 1:
1553                                                 Debug(LDAP_DEBUG_ANY, "%s: "
1554                                                 "suffix \"%s\" in \"replica\" line is not valid for backend (ignored)\n",
1555                                                 c->log, c->argv[i] + STRLENOF("suffix="), 0);
1556                                                 break;
1557                                         case 2:
1558                                                 Debug(LDAP_DEBUG_ANY, "%s: "
1559                                                 "unable to normalize suffix in \"replica\" line (ignored)\n",
1560                                                 c->log, 0, 0);
1561                                                 break;
1562                                 }
1563
1564                         } else if(!strncasecmp(c->argv[i], "attr", STRLENOF("attr"))) {
1565                                 int exclude = 0;
1566                                 char *arg = c->argv[i] + STRLENOF("attr");
1567                                 if(arg[0] == '!') {
1568                                         arg++;
1569                                         exclude = 1;
1570                                 }
1571                                 if(arg[0] != '=') {
1572                                         continue;
1573                                 }
1574                                 if(add_replica_attrs(c->be, nr, arg + 1, exclude)) {
1575                                         Debug(LDAP_DEBUG_ANY, "%s: "
1576                                                 "attribute \"%s\" in \"replica\" line is unknown\n",
1577                                                 c->log, arg + 1, 0);
1578                                         return(1);
1579                                 }
1580                         }
1581                 }
1582         }
1583         return(0);
1584 }
1585
1586 int
1587 config_updatedn(ConfigArgs *c) {
1588         struct berval dn;
1589         int rc;
1590         if(SLAP_SHADOW(c->be)) {
1591                 Debug(LDAP_DEBUG_ANY, "%s: "
1592                         "updatedn: database already shadowed.\n",
1593                         c->log, 0, 0);
1594                 return(1);
1595         }
1596
1597         ber_str2bv(c->argv[1], 0, 0, &dn);
1598
1599         rc = dnNormalize(0, NULL, NULL, &dn, &c->be->be_update_ndn, NULL);
1600
1601         if(rc != LDAP_SUCCESS) {
1602                 Debug(LDAP_DEBUG_ANY, "%s: "
1603                         "updatedn DN is invalid: %d (%s)\n",
1604                         c->log, rc, ldap_err2string( rc ));
1605                 return(1);
1606         }
1607
1608         SLAP_DBFLAGS(c->be) |= (SLAP_DBFLAG_SHADOW | SLAP_DBFLAG_SLURP_SHADOW);
1609         return(0);
1610 }
1611
1612 int
1613 config_updateref(ConfigArgs *c) {
1614         struct berval vals[2];
1615         if(!SLAP_SHADOW(c->be)) {
1616                 Debug(LDAP_DEBUG_ANY, "%s: "
1617                         "updateref line must after syncrepl or updatedn.\n",
1618                         c->log, 0, 0);
1619                 return(1);
1620         }
1621
1622         if(validate_global_referral(c->argv[1])) {
1623                 Debug(LDAP_DEBUG_ANY, "%s: "
1624                         "invalid URL (%s) in \"updateref\" line.\n",
1625                         c->log, c->argv[1], 0);
1626                 return(1);
1627         }
1628         ber_str2bv(c->argv[1], 0, 0, &vals[0]);
1629         vals[1].bv_val = NULL;
1630         if(value_add(&c->be->be_update_refs, vals)) return(LDAP_OTHER);
1631         return(0);
1632 }
1633
1634 /* XXX meaningless in ldif */
1635
1636 int
1637 config_include(ConfigArgs *c) {
1638         char *savefname = ch_strdup(c->argv[1]);
1639         unsigned long savelineno = c->lineno;
1640         int rc;
1641         rc = read_config_file(savefname, c->depth + 1, c);
1642         free(savefname);
1643         c->lineno = savelineno - 1;
1644         return(rc);
1645 }
1646
1647 #ifdef HAVE_TLS
1648 int
1649 config_tls_option(ConfigArgs *c) {
1650         int flag;
1651         switch(c->type) {
1652         case CFG_TLS_RAND:              flag = LDAP_OPT_X_TLS_RANDOM_FILE;      break;
1653         case CFG_TLS_CIPHER:            flag = LDAP_OPT_X_TLS_CIPHER_SUITE;     break;
1654         case CFG_TLS_CERT_FILE: flag = LDAP_OPT_X_TLS_CERTFILE;         break;  
1655         case CFG_TLS_CERT_KEY:  flag = LDAP_OPT_X_TLS_KEYFILE;          break;
1656         case CFG_TLS_CA_PATH:   flag = LDAP_OPT_X_TLS_CACERTDIR;        break;
1657         case CFG_TLS_CA_FILE:   flag = LDAP_OPT_X_TLS_CACERTFILE;       break;
1658 #ifdef HAVE_OPENSSL_CRL
1659         case CFG_TLS_CRLCHECK:  flag = LDAP_OPT_X_TLS_CRLCHECK;         break;
1660 #endif
1661                 default:                Debug(LDAP_DEBUG_ANY, "%s: "
1662                                                 "unknown tls_option <%x>\n",
1663                                                 c->log, c->type, 0);
1664         }
1665         return(ldap_pvt_tls_set_option(NULL, flag, c->argv[1]));
1666 }
1667
1668 int
1669 config_tls_verify(ConfigArgs *c) {
1670         int i;
1671         if(isdigit((unsigned char)c->argv[1][0])) {
1672                 i = atoi(c->argv[1]);
1673                 return(ldap_pvt_tls_set_option(NULL, LDAP_OPT_X_TLS_REQUIRE_CERT, &i));
1674         } else {
1675                 return(ldap_int_tls_config(NULL, LDAP_OPT_X_TLS_REQUIRE_CERT, c->argv[1]));
1676         }
1677 }
1678 #endif
1679
1680 /* -------------------------------------- */
1681
1682
1683 static char *
1684 strtok_quote( char *line, char *sep )
1685 {
1686         int             inquote;
1687         char            *tmp;
1688         static char     *next;
1689
1690         strtok_quote_ptr = NULL;
1691         if ( line != NULL ) {
1692                 next = line;
1693         }
1694         while ( *next && strchr( sep, *next ) ) {
1695                 next++;
1696         }
1697
1698         if ( *next == '\0' ) {
1699                 next = NULL;
1700                 return( NULL );
1701         }
1702         tmp = next;
1703
1704         for ( inquote = 0; *next; ) {
1705                 switch ( *next ) {
1706                 case '"':
1707                         if ( inquote ) {
1708                                 inquote = 0;
1709                         } else {
1710                                 inquote = 1;
1711                         }
1712                         AC_MEMCPY( next, next + 1, strlen( next + 1 ) + 1 );
1713                         break;
1714
1715                 case '\\':
1716                         if ( next[1] )
1717                                 AC_MEMCPY( next,
1718                                             next + 1, strlen( next + 1 ) + 1 );
1719                         next++;         /* dont parse the escaped character */
1720                         break;
1721
1722                 default:
1723                         if ( ! inquote ) {
1724                                 if ( strchr( sep, *next ) != NULL ) {
1725                                         strtok_quote_ptr = next;
1726                                         *next++ = '\0';
1727                                         return( tmp );
1728                                 }
1729                         }
1730                         next++;
1731                         break;
1732                 }
1733         }
1734
1735         return( tmp );
1736 }
1737
1738 static char     buf[BUFSIZ];
1739 static char     *line;
1740 static size_t lmax, lcur;
1741
1742 #define CATLINE( buf ) \
1743         do { \
1744                 size_t len = strlen( buf ); \
1745                 while ( lcur + len + 1 > lmax ) { \
1746                         lmax += BUFSIZ; \
1747                         line = (char *) ch_realloc( line, lmax ); \
1748                 } \
1749                 strcpy( line + lcur, buf ); \
1750                 lcur += len; \
1751         } while( 0 )
1752
1753 static void
1754 fp_getline_init(ConfigArgs *c) {
1755         c->lineno = -1;
1756         buf[0] = '\0';
1757 }
1758
1759 static int
1760 fp_getline( FILE *fp, ConfigArgs *c )
1761 {
1762         char    *p;
1763
1764         lcur = 0;
1765         CATLINE(buf);
1766         c->lineno++;
1767
1768         /* avoid stack of bufs */
1769         if ( strncasecmp( line, "include", STRLENOF( "include" ) ) == 0 ) {
1770                 buf[0] = '\0';
1771                 c->line = line;
1772                 return(1);
1773         }
1774
1775         while ( fgets( buf, sizeof( buf ), fp ) ) {
1776                 p = strchr( buf, '\n' );
1777                 if ( p ) {
1778                         if ( p > buf && p[-1] == '\r' ) {
1779                                 --p;
1780                         }
1781                         *p = '\0';
1782                 }
1783                 /* XXX ugly */
1784                 c->line = line;
1785                 if ( line[0]
1786                                 && ( p = line + strlen( line ) - 1 )[0] == '\\'
1787                                 && p[-1] != '\\' )
1788                 {
1789                         p[0] = '\0';
1790                         lcur--;
1791                         
1792                 } else {
1793                         if ( !isspace( (unsigned char)buf[0] ) ) {
1794                                 return(1);
1795                         }
1796                         buf[0] = ' ';
1797                 }
1798                 CATLINE(buf);
1799                 c->lineno++;
1800         }
1801
1802         buf[0] = '\0';
1803         c->line = line;
1804         return(line[0] ? 1 : 0);
1805 }
1806
1807 static int
1808 fp_parse_line(ConfigArgs *c)
1809 {
1810         char *token;
1811         char *tline = ch_strdup(c->line);
1812         char *hide[] = { "rootpw", "replica", "bindpw", "pseudorootpw", "dbpasswd", '\0' };
1813         int i;
1814
1815         c->argc = 0;
1816         token = strtok_quote(tline, " \t");
1817
1818         if(token) for(i = 0; hide[i]; i++) if(!strcasecmp(token, hide[i])) break;
1819         if(strtok_quote_ptr) *strtok_quote_ptr = ' ';
1820         Debug(LDAP_DEBUG_CONFIG, "line %lu (%s%s)\n", c->lineno, hide[i] ? hide[i] : c->line, hide[i] ? " ***" : "");
1821         if(strtok_quote_ptr) *strtok_quote_ptr = '\0';
1822
1823         for(; token; token = strtok_quote(NULL, " \t")) {
1824                 if(c->argc == c->argv_size - 1) {
1825                         char **tmp;
1826                         tmp = ch_realloc(c->argv, (c->argv_size + ARGS_STEP) * sizeof(*c->argv));
1827                         if(!tmp) {
1828                                 Debug(LDAP_DEBUG_ANY, "line %lu: out of memory\n", c->lineno, 0, 0);
1829                                 return -1;
1830                         }
1831                         c->argv = tmp;
1832                         c->argv_size += ARGS_STEP;
1833                 }
1834                 c->argv[c->argc++] = token;
1835         }
1836         c->argv[c->argc] = NULL;
1837         return(0);
1838 }
1839
1840
1841 #if 0
1842 /* Loads ucdata, returns 1 if loading, 0 if already loaded, -1 on error */
1843 static int
1844 load_ucdata( char *path )
1845 {
1846 #if 0
1847         static int loaded = 0;
1848         int err;
1849         
1850         if ( loaded ) {
1851                 return( 0 );
1852         }
1853         err = ucdata_load( path ? path : SLAPD_DEFAULT_UCDATA, UCDATA_ALL );
1854         if ( err ) {
1855                 Debug( LDAP_DEBUG_ANY, "error loading ucdata (error %d)\n",
1856                        err, 0, 0 );
1857
1858                 return( -1 );
1859         }
1860         loaded = 1;
1861         return( 1 );
1862 #else
1863         /* ucdata is now hardcoded */
1864         return( 0 );
1865 #endif
1866 }
1867 #endif
1868
1869 void
1870 config_destroy( )
1871 {
1872         ucdata_unload( UCDATA_ALL );
1873         if ( frontendDB ) {
1874                 /* NOTE: in case of early exit, frontendDB can be NULL */
1875                 if ( frontendDB->be_schemandn.bv_val )
1876                         free( frontendDB->be_schemandn.bv_val );
1877                 if ( frontendDB->be_schemadn.bv_val )
1878                         free( frontendDB->be_schemadn.bv_val );
1879                 if ( frontendDB->be_acl )
1880                         acl_destroy( frontendDB->be_acl, NULL );
1881         }
1882         free( line );
1883         if ( slapd_args_file )
1884                 free ( slapd_args_file );
1885         if ( slapd_pid_file )
1886                 free ( slapd_pid_file );
1887         if ( default_passwd_hash )
1888                 ldap_charray_free( default_passwd_hash );
1889 }
1890
1891 static int
1892 add_syncrepl(
1893         Backend *be,
1894         char    **cargv,
1895         int     cargc
1896 )
1897 {
1898         syncinfo_t *si;
1899         int     rc = 0;
1900
1901         si = (syncinfo_t *) ch_calloc( 1, sizeof( syncinfo_t ) );
1902
1903         if ( si == NULL ) {
1904                 Debug( LDAP_DEBUG_ANY, "out of memory in add_syncrepl\n", 0, 0, 0 );
1905                 return 1;
1906         }
1907
1908         si->si_tls = SYNCINFO_TLS_OFF;
1909         si->si_bindmethod = LDAP_AUTH_SIMPLE;
1910         si->si_schemachecking = 0;
1911         ber_str2bv( "(objectclass=*)", STRLENOF("(objectclass=*)"), 1,
1912                 &si->si_filterstr );
1913         si->si_base.bv_val = NULL;
1914         si->si_scope = LDAP_SCOPE_SUBTREE;
1915         si->si_attrsonly = 0;
1916         si->si_anlist = (AttributeName *) ch_calloc( 1, sizeof( AttributeName ));
1917         si->si_exanlist = (AttributeName *) ch_calloc( 1, sizeof( AttributeName ));
1918         si->si_attrs = NULL;
1919         si->si_allattrs = 0;
1920         si->si_allopattrs = 0;
1921         si->si_exattrs = NULL;
1922         si->si_type = LDAP_SYNC_REFRESH_ONLY;
1923         si->si_interval = 86400;
1924         si->si_retryinterval = NULL;
1925         si->si_retrynum_init = NULL;
1926         si->si_retrynum = NULL;
1927         si->si_manageDSAit = 0;
1928         si->si_tlimit = 0;
1929         si->si_slimit = 0;
1930
1931         si->si_presentlist = NULL;
1932         LDAP_LIST_INIT( &si->si_nonpresentlist );
1933         ldap_pvt_thread_mutex_init( &si->si_mutex );
1934
1935         rc = parse_syncrepl_line( cargv, cargc, si );
1936
1937         if ( rc < 0 ) {
1938                 Debug( LDAP_DEBUG_ANY, "failed to add syncinfo\n", 0, 0, 0 );
1939                 syncinfo_free( si );    
1940                 return 1;
1941         } else {
1942                 Debug( LDAP_DEBUG_CONFIG,
1943                         "Config: ** successfully added syncrepl \"%s\"\n",
1944                         BER_BVISNULL( &si->si_provideruri ) ?
1945                         "(null)" : si->si_provideruri.bv_val, 0, 0 );
1946                 if ( !si->si_schemachecking ) {
1947                         SLAP_DBFLAGS(be) |= SLAP_DBFLAG_NO_SCHEMA_CHECK;
1948                 }
1949                 si->si_be = be;
1950                 be->be_syncinfo = si;
1951                 return 0;
1952         }
1953 }
1954
1955 /* NOTE: used & documented in slapd.conf(5) */
1956 #define IDSTR                   "rid"
1957 #define PROVIDERSTR             "provider"
1958 #define TYPESTR                 "type"
1959 #define INTERVALSTR             "interval"
1960 #define SEARCHBASESTR           "searchbase"
1961 #define FILTERSTR               "filter"
1962 #define SCOPESTR                "scope"
1963 #define ATTRSSTR                "attrs"
1964 #define ATTRSONLYSTR            "attrsonly"
1965 #define SLIMITSTR               "sizelimit"
1966 #define TLIMITSTR               "timelimit"
1967 #define SCHEMASTR               "schemachecking"
1968 #define BINDMETHSTR             "bindmethod"
1969 #define SIMPLESTR                       "simple"
1970 #define SASLSTR                         "sasl"
1971 #define BINDDNSTR               "binddn"
1972 #define SASLMECHSTR             "saslmech"
1973 #define AUTHCSTR                "authcID"
1974 #define AUTHZSTR                "authzID"
1975 #define CREDSTR                 "credentials"
1976 #define REALMSTR                "realm"
1977 #define SECPROPSSTR             "secprops"
1978
1979 /* FIXME: undocumented */
1980 #define OLDAUTHCSTR             "bindprincipal"
1981 #define STARTTLSSTR             "starttls"
1982 #define CRITICALSTR                     "critical"
1983 #define EXATTRSSTR              "exattrs"
1984 #define MANAGEDSAITSTR          "manageDSAit"
1985 #define RETRYSTR                "retry"
1986
1987 /* FIXME: unused */
1988 #define LASTMODSTR              "lastmod"
1989 #define LMGENSTR                "gen"
1990 #define LMNOSTR                 "no"
1991 #define LMREQSTR                "req"
1992 #define SRVTABSTR               "srvtab"
1993 #define SUFFIXSTR               "suffix"
1994 #define UPDATEDNSTR             "updatedn"
1995
1996 /* mandatory */
1997 #define GOT_ID                  0x0001
1998 #define GOT_PROVIDER            0x0002
1999 #define GOT_METHOD              0x0004
2000
2001 /* check */
2002 #define GOT_ALL                 (GOT_ID|GOT_PROVIDER|GOT_METHOD)
2003
2004 static int
2005 parse_syncrepl_line(
2006         char            **cargv,
2007         int             cargc,
2008         syncinfo_t      *si
2009 )
2010 {
2011         int     gots = 0;
2012         int     i;
2013         char    *val;
2014
2015         for ( i = 1; i < cargc; i++ ) {
2016                 if ( !strncasecmp( cargv[ i ], IDSTR "=",
2017                                         STRLENOF( IDSTR "=" ) ) )
2018                 {
2019                         int tmp;
2020                         /* '\0' string terminator accounts for '=' */
2021                         val = cargv[ i ] + STRLENOF( IDSTR "=" );
2022                         tmp= atoi( val );
2023                         if ( tmp >= 1000 || tmp < 0 ) {
2024                                 fprintf( stderr, "Error: parse_syncrepl_line: "
2025                                          "syncrepl id %d is out of range [0..999]\n", tmp );
2026                                 return -1;
2027                         }
2028                         si->si_rid = tmp;
2029                         gots |= GOT_ID;
2030                 } else if ( !strncasecmp( cargv[ i ], PROVIDERSTR "=",
2031                                         STRLENOF( PROVIDERSTR "=" ) ) )
2032                 {
2033                         val = cargv[ i ] + STRLENOF( PROVIDERSTR "=" );
2034                         ber_str2bv( val, 0, 1, &si->si_provideruri );
2035                         gots |= GOT_PROVIDER;
2036                 } else if ( !strncasecmp( cargv[ i ], STARTTLSSTR "=",
2037                                         STRLENOF(STARTTLSSTR "=") ) )
2038                 {
2039                         val = cargv[ i ] + STRLENOF( STARTTLSSTR "=" );
2040                         if( !strcasecmp( val, CRITICALSTR ) ) {
2041                                 si->si_tls = SYNCINFO_TLS_CRITICAL;
2042                         } else {
2043                                 si->si_tls = SYNCINFO_TLS_ON;
2044                         }
2045                 } else if ( !strncasecmp( cargv[ i ], BINDMETHSTR "=",
2046                                 STRLENOF( BINDMETHSTR "=" ) ) )
2047                 {
2048                         val = cargv[ i ] + STRLENOF( BINDMETHSTR "=" );
2049                         if ( !strcasecmp( val, SIMPLESTR )) {
2050                                 si->si_bindmethod = LDAP_AUTH_SIMPLE;
2051                                 gots |= GOT_METHOD;
2052                         } else if ( !strcasecmp( val, SASLSTR )) {
2053 #ifdef HAVE_CYRUS_SASL
2054                                 si->si_bindmethod = LDAP_AUTH_SASL;
2055                                 gots |= GOT_METHOD;
2056 #else /* HAVE_CYRUS_SASL */
2057                                 fprintf( stderr, "Error: parse_syncrepl_line: "
2058                                         "not compiled with SASL support\n" );
2059                                 return -1;
2060 #endif /* HAVE_CYRUS_SASL */
2061                         } else {
2062                                 si->si_bindmethod = -1;
2063                         }
2064                 } else if ( !strncasecmp( cargv[ i ], BINDDNSTR "=",
2065                                         STRLENOF( BINDDNSTR "=" ) ) )
2066                 {
2067                         val = cargv[ i ] + STRLENOF( BINDDNSTR "=" );
2068                         si->si_binddn = ch_strdup( val );
2069                 } else if ( !strncasecmp( cargv[ i ], CREDSTR "=",
2070                                         STRLENOF( CREDSTR "=" ) ) )
2071                 {
2072                         val = cargv[ i ] + STRLENOF( CREDSTR "=" );
2073                         si->si_passwd = ch_strdup( val );
2074                 } else if ( !strncasecmp( cargv[ i ], SASLMECHSTR "=",
2075                                         STRLENOF( SASLMECHSTR "=" ) ) )
2076                 {
2077                         val = cargv[ i ] + STRLENOF( SASLMECHSTR "=" );
2078                         si->si_saslmech = ch_strdup( val );
2079                 } else if ( !strncasecmp( cargv[ i ], SECPROPSSTR "=",
2080                                         STRLENOF( SECPROPSSTR "=" ) ) )
2081                 {
2082                         val = cargv[ i ] + STRLENOF( SECPROPSSTR "=" );
2083                         si->si_secprops = ch_strdup( val );
2084                 } else if ( !strncasecmp( cargv[ i ], REALMSTR "=",
2085                                         STRLENOF( REALMSTR "=" ) ) )
2086                 {
2087                         val = cargv[ i ] + STRLENOF( REALMSTR "=" );
2088                         si->si_realm = ch_strdup( val );
2089                 } else if ( !strncasecmp( cargv[ i ], AUTHCSTR "=",
2090                                         STRLENOF( AUTHCSTR "=" ) ) )
2091                 {
2092                         val = cargv[ i ] + STRLENOF( AUTHCSTR "=" );
2093                         if ( si->si_authcId )
2094                                 ch_free( si->si_authcId );
2095                         si->si_authcId = ch_strdup( val );
2096                 } else if ( !strncasecmp( cargv[ i ], OLDAUTHCSTR "=",
2097                                         STRLENOF( OLDAUTHCSTR "=" ) ) ) 
2098                 {
2099                         /* Old authcID is provided for some backwards compatibility */
2100                         val = cargv[ i ] + STRLENOF( OLDAUTHCSTR "=" );
2101                         if ( si->si_authcId )
2102                                 ch_free( si->si_authcId );
2103                         si->si_authcId = ch_strdup( val );
2104                 } else if ( !strncasecmp( cargv[ i ], AUTHZSTR "=",
2105                                         STRLENOF( AUTHZSTR "=" ) ) )
2106                 {
2107                         val = cargv[ i ] + STRLENOF( AUTHZSTR "=" );
2108                         si->si_authzId = ch_strdup( val );
2109                 } else if ( !strncasecmp( cargv[ i ], SCHEMASTR "=",
2110                                         STRLENOF( SCHEMASTR "=" ) ) )
2111                 {
2112                         val = cargv[ i ] + STRLENOF( SCHEMASTR "=" );
2113                         if ( !strncasecmp( val, "on", STRLENOF( "on" ) )) {
2114                                 si->si_schemachecking = 1;
2115                         } else if ( !strncasecmp( val, "off", STRLENOF( "off" ) ) ) {
2116                                 si->si_schemachecking = 0;
2117                         } else {
2118                                 si->si_schemachecking = 1;
2119                         }
2120                 } else if ( !strncasecmp( cargv[ i ], FILTERSTR "=",
2121                                         STRLENOF( FILTERSTR "=" ) ) )
2122                 {
2123                         val = cargv[ i ] + STRLENOF( FILTERSTR "=" );
2124                         ber_str2bv( val, 0, 1, &si->si_filterstr );
2125                 } else if ( !strncasecmp( cargv[ i ], SEARCHBASESTR "=",
2126                                         STRLENOF( SEARCHBASESTR "=" ) ) )
2127                 {
2128                         struct berval   bv;
2129                         int             rc;
2130
2131                         val = cargv[ i ] + STRLENOF( SEARCHBASESTR "=" );
2132                         if ( si->si_base.bv_val ) {
2133                                 ch_free( si->si_base.bv_val );
2134                         }
2135                         ber_str2bv( val, 0, 0, &bv );
2136                         rc = dnNormalize( 0, NULL, NULL, &bv, &si->si_base, NULL );
2137                         if ( rc != LDAP_SUCCESS ) {
2138                                 fprintf( stderr, "Invalid base DN \"%s\": %d (%s)\n",
2139                                         val, rc, ldap_err2string( rc ) );
2140                                 return -1;
2141                         }
2142                 } else if ( !strncasecmp( cargv[ i ], SCOPESTR "=",
2143                                         STRLENOF( SCOPESTR "=" ) ) )
2144                 {
2145                         val = cargv[ i ] + STRLENOF( SCOPESTR "=" );
2146                         if ( !strncasecmp( val, "base", STRLENOF( "base" ) )) {
2147                                 si->si_scope = LDAP_SCOPE_BASE;
2148                         } else if ( !strncasecmp( val, "one", STRLENOF( "one" ) )) {
2149                                 si->si_scope = LDAP_SCOPE_ONELEVEL;
2150 #ifdef LDAP_SCOPE_SUBORDINATE
2151                         } else if ( !strcasecmp( val, "subordinate" ) ||
2152                                 !strcasecmp( val, "children" ))
2153                         {
2154                                 si->si_scope = LDAP_SCOPE_SUBORDINATE;
2155 #endif
2156                         } else if ( !strncasecmp( val, "sub", STRLENOF( "sub" ) )) {
2157                                 si->si_scope = LDAP_SCOPE_SUBTREE;
2158                         } else {
2159                                 fprintf( stderr, "Error: parse_syncrepl_line: "
2160                                         "unknown scope \"%s\"\n", val);
2161                                 return -1;
2162                         }
2163                 } else if ( !strncasecmp( cargv[ i ], ATTRSONLYSTR "=",
2164                                         STRLENOF( ATTRSONLYSTR "=" ) ) )
2165                 {
2166                         si->si_attrsonly = 1;
2167                 } else if ( !strncasecmp( cargv[ i ], ATTRSSTR "=",
2168                                         STRLENOF( ATTRSSTR "=" ) ) )
2169                 {
2170                         val = cargv[ i ] + STRLENOF( ATTRSSTR "=" );
2171                         if ( !strncasecmp( val, ":include:", STRLENOF(":include:") ) ) {
2172                                 char *attr_fname;
2173                                 attr_fname = ch_strdup( val + STRLENOF(":include:") );
2174                                 si->si_anlist = file2anlist( si->si_anlist, attr_fname, " ,\t" );
2175                                 if ( si->si_anlist == NULL ) {
2176                                         ch_free( attr_fname );
2177                                         return -1;
2178                                 }
2179                                 ch_free( attr_fname );
2180                         } else {
2181                                 char *str, *s, *next;
2182                                 char delimstr[] = " ,\t";
2183                                 str = ch_strdup( val );
2184                                 for ( s = ldap_pvt_strtok( str, delimstr, &next );
2185                                                 s != NULL;
2186                                                 s = ldap_pvt_strtok( NULL, delimstr, &next ) )
2187                                 {
2188                                         if ( strlen(s) == 1 && *s == '*' ) {
2189                                                 si->si_allattrs = 1;
2190                                                 *(val + ( s - str )) = delimstr[0];
2191                                         }
2192                                         if ( strlen(s) == 1 && *s == '+' ) {
2193                                                 si->si_allopattrs = 1;
2194                                                 *(val + ( s - str )) = delimstr[0];
2195                                         }
2196                                 }
2197                                 ch_free( str );
2198                                 si->si_anlist = str2anlist( si->si_anlist, val, " ,\t" );
2199                                 if ( si->si_anlist == NULL ) {
2200                                         return -1;
2201                                 }
2202                         }
2203                 } else if ( !strncasecmp( cargv[ i ], EXATTRSSTR "=",
2204                                         STRLENOF( EXATTRSSTR "=" ) ) )
2205                 {
2206                         val = cargv[ i ] + STRLENOF( EXATTRSSTR "=" );
2207                         if ( !strncasecmp( val, ":include:", STRLENOF(":include:") )) {
2208                                 char *attr_fname;
2209                                 attr_fname = ch_strdup( val + STRLENOF(":include:") );
2210                                 si->si_exanlist = file2anlist(
2211                                                                         si->si_exanlist, attr_fname, " ,\t" );
2212                                 if ( si->si_exanlist == NULL ) {
2213                                         ch_free( attr_fname );
2214                                         return -1;
2215                                 }
2216                                 ch_free( attr_fname );
2217                         } else {
2218                                 si->si_exanlist = str2anlist( si->si_exanlist, val, " ,\t" );
2219                                 if ( si->si_exanlist == NULL ) {
2220                                         return -1;
2221                                 }
2222                         }
2223                 } else if ( !strncasecmp( cargv[ i ], TYPESTR "=",
2224                                         STRLENOF( TYPESTR "=" ) ) )
2225                 {
2226                         val = cargv[ i ] + STRLENOF( TYPESTR "=" );
2227                         if ( !strncasecmp( val, "refreshOnly",
2228                                                 STRLENOF("refreshOnly") ))
2229                         {
2230                                 si->si_type = LDAP_SYNC_REFRESH_ONLY;
2231                         } else if ( !strncasecmp( val, "refreshAndPersist",
2232                                                 STRLENOF("refreshAndPersist") ))
2233                         {
2234                                 si->si_type = LDAP_SYNC_REFRESH_AND_PERSIST;
2235                                 si->si_interval = 60;
2236                         } else {
2237                                 fprintf( stderr, "Error: parse_syncrepl_line: "
2238                                         "unknown sync type \"%s\"\n", val);
2239                                 return -1;
2240                         }
2241                 } else if ( !strncasecmp( cargv[ i ], INTERVALSTR "=",
2242                                         STRLENOF( INTERVALSTR "=" ) ) )
2243                 {
2244                         val = cargv[ i ] + STRLENOF( INTERVALSTR "=" );
2245                         if ( si->si_type == LDAP_SYNC_REFRESH_AND_PERSIST ) {
2246                                 si->si_interval = 0;
2247                         } else {
2248                                 char *hstr;
2249                                 char *mstr;
2250                                 char *dstr;
2251                                 char *sstr;
2252                                 int dd, hh, mm, ss;
2253                                 dstr = val;
2254                                 hstr = strchr( dstr, ':' );
2255                                 if ( hstr == NULL ) {
2256                                         fprintf( stderr, "Error: parse_syncrepl_line: "
2257                                                 "invalid interval \"%s\"\n", val );
2258                                         return -1;
2259                                 }
2260                                 *hstr++ = '\0';
2261                                 mstr = strchr( hstr, ':' );
2262                                 if ( mstr == NULL ) {
2263                                         fprintf( stderr, "Error: parse_syncrepl_line: "
2264                                                 "invalid interval \"%s\"\n", val );
2265                                         return -1;
2266                                 }
2267                                 *mstr++ = '\0';
2268                                 sstr = strchr( mstr, ':' );
2269                                 if ( sstr == NULL ) {
2270                                         fprintf( stderr, "Error: parse_syncrepl_line: "
2271                                                 "invalid interval \"%s\"\n", val );
2272                                         return -1;
2273                                 }
2274                                 *sstr++ = '\0';
2275
2276                                 dd = atoi( dstr );
2277                                 hh = atoi( hstr );
2278                                 mm = atoi( mstr );
2279                                 ss = atoi( sstr );
2280                                 if (( hh > 24 ) || ( hh < 0 ) ||
2281                                         ( mm > 60 ) || ( mm < 0 ) ||
2282                                         ( ss > 60 ) || ( ss < 0 ) || ( dd < 0 )) {
2283                                         fprintf( stderr, "Error: parse_syncrepl_line: "
2284                                                 "invalid interval \"%s\"\n", val );
2285                                         return -1;
2286                                 }
2287                                 si->si_interval = (( dd * 24 + hh ) * 60 + mm ) * 60 + ss;
2288                         }
2289                         if ( si->si_interval < 0 ) {
2290                                 fprintf( stderr, "Error: parse_syncrepl_line: "
2291                                         "invalid interval \"%ld\"\n",
2292                                         (long) si->si_interval);
2293                                 return -1;
2294                         }
2295                 } else if ( !strncasecmp( cargv[ i ], RETRYSTR "=",
2296                                         STRLENOF( RETRYSTR "=" ) ) )
2297                 {
2298                         char **retry_list;
2299                         int j, k, n;
2300
2301                         val = cargv[ i ] + STRLENOF( RETRYSTR "=" );
2302                         retry_list = (char **) ch_calloc( 1, sizeof( char * ));
2303                         retry_list[0] = NULL;
2304
2305                         slap_str2clist( &retry_list, val, " ,\t" );
2306
2307                         for ( k = 0; retry_list && retry_list[k]; k++ ) ;
2308                         n = k / 2;
2309                         if ( k % 2 ) {
2310                                 fprintf( stderr,
2311                                                 "Error: incomplete syncrepl retry list\n" );
2312                                 for ( k = 0; retry_list && retry_list[k]; k++ ) {
2313                                         ch_free( retry_list[k] );
2314                                 }
2315                                 ch_free( retry_list );
2316                                 exit( EXIT_FAILURE );
2317                         }
2318                         si->si_retryinterval = (time_t *) ch_calloc( n + 1, sizeof( time_t ));
2319                         si->si_retrynum = (int *) ch_calloc( n + 1, sizeof( int ));
2320                         si->si_retrynum_init = (int *) ch_calloc( n + 1, sizeof( int ));
2321                         for ( j = 0; j < n; j++ ) {
2322                                 si->si_retryinterval[j] = atoi( retry_list[j*2] );
2323                                 if ( *retry_list[j*2+1] == '+' ) {
2324                                         si->si_retrynum_init[j] = -1;
2325                                         si->si_retrynum[j] = -1;
2326                                         j++;
2327                                         break;
2328                                 } else {
2329                                         si->si_retrynum_init[j] = atoi( retry_list[j*2+1] );
2330                                         si->si_retrynum[j] = atoi( retry_list[j*2+1] );
2331                                 }
2332                         }
2333                         si->si_retrynum_init[j] = -2;
2334                         si->si_retrynum[j] = -2;
2335                         si->si_retryinterval[j] = 0;
2336                         
2337                         for ( k = 0; retry_list && retry_list[k]; k++ ) {
2338                                 ch_free( retry_list[k] );
2339                         }
2340                         ch_free( retry_list );
2341                 } else if ( !strncasecmp( cargv[ i ], MANAGEDSAITSTR "=",
2342                                         STRLENOF( MANAGEDSAITSTR "=" ) ) )
2343                 {
2344                         val = cargv[ i ] + STRLENOF( MANAGEDSAITSTR "=" );
2345                         si->si_manageDSAit = atoi( val );
2346                 } else if ( !strncasecmp( cargv[ i ], SLIMITSTR "=",
2347                                         STRLENOF( SLIMITSTR "=") ) )
2348                 {
2349                         val = cargv[ i ] + STRLENOF( SLIMITSTR "=" );
2350                         si->si_slimit = atoi( val );
2351                 } else if ( !strncasecmp( cargv[ i ], TLIMITSTR "=",
2352                                         STRLENOF( TLIMITSTR "=" ) ) )
2353                 {
2354                         val = cargv[ i ] + STRLENOF( TLIMITSTR "=" );
2355                         si->si_tlimit = atoi( val );
2356                 } else {
2357                         fprintf( stderr, "Error: parse_syncrepl_line: "
2358                                 "unknown keyword \"%s\"\n", cargv[ i ] );
2359                         return -1;
2360                 }
2361         }
2362
2363         if ( gots != GOT_ALL ) {
2364                 fprintf( stderr,
2365                         "Error: Malformed \"syncrepl\" line in slapd config file" );
2366                 return -1;
2367         }
2368
2369         return 0;
2370 }
2371
2372 char **
2373 slap_str2clist( char ***out, char *in, const char *brkstr )
2374 {
2375         char    *str;
2376         char    *s;
2377         char    *lasts;
2378         int     i, j;
2379         char    **new;
2380
2381         /* find last element in list */
2382         for (i = 0; *out && (*out)[i]; i++);
2383
2384         /* protect the input string from strtok */
2385         str = ch_strdup( in );
2386
2387         if ( *str == '\0' ) {
2388                 free( str );
2389                 return( *out );
2390         }
2391
2392         /* Count words in string */
2393         j=1;
2394         for ( s = str; *s; s++ ) {
2395                 if ( strchr( brkstr, *s ) != NULL ) {
2396                         j++;
2397                 }
2398         }
2399
2400         *out = ch_realloc( *out, ( i + j + 1 ) * sizeof( char * ) );
2401         new = *out + i;
2402         for ( s = ldap_pvt_strtok( str, brkstr, &lasts );
2403                 s != NULL;
2404                 s = ldap_pvt_strtok( NULL, brkstr, &lasts ) )
2405         {
2406                 *new = ch_strdup( s );
2407                 new++;
2408         }
2409
2410         *new = NULL;
2411         free( str );
2412         return( *out );
2413 }
Cloned from git://git.openldap.org/openldap.git