1 /* config.c - configuration file handling routines */
4 * Copyright 1998-2002 The OpenLDAP Foundation, All Rights Reserved.
5 * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
12 #include <ac/string.h>
14 #include <ac/socket.h>
24 * defaults for various global variables
26 struct slap_limits_set deflimit = {
27 SLAPD_DEFAULT_TIMELIMIT, /* backward compatible limits */
30 SLAPD_DEFAULT_SIZELIMIT, /* backward compatible limits */
32 -1 /* no limit on unchecked size */
35 AccessControl *global_acl = NULL;
36 slap_access_t global_default_access = ACL_READ;
37 slap_mask_t global_restrictops = 0;
38 slap_mask_t global_allows = 0;
39 slap_mask_t global_disallows = 0;
40 slap_mask_t global_requires = 0;
41 slap_ssf_set_t global_ssf_set;
43 int global_idletimeout = 0;
44 char *global_host = NULL;
45 char *global_realm = NULL;
46 char *ldap_srvtab = "";
47 char *default_passwd_hash = NULL;
48 struct berval default_search_base = { 0, NULL };
49 struct berval default_search_nbase = { 0, NULL };
50 unsigned num_subordinates = 0;
52 ber_len_t sockbuf_max_incoming = SLAP_SB_MAX_INCOMING_DEFAULT;
53 ber_len_t sockbuf_max_incoming_auth= SLAP_SB_MAX_INCOMING_AUTH;
55 char *slapd_pid_file = NULL;
56 char *slapd_args_file = NULL;
58 char *strtok_quote_ptr;
61 SaslRegexp_t *SaslRegexp = NULL;
64 int use_reverse_lookup = 1;
65 #else /* !SLAPD_RLOOKUPS */
66 int use_reverse_lookup = 0;
67 #endif /* !SLAPD_RLOOKUPS */
69 static char *fp_getline(FILE *fp, int *lineno);
70 static void fp_getline_init(int *lineno);
71 static int fp_parse_line(int lineno, char *line, int *argcp, char **argv);
73 static char *strtok_quote(char *line, char *sep);
74 static int load_ucdata(char *path);
77 read_config( const char *fname )
80 char *line, *savefname, *saveline;
81 int cargc, savelineno;
82 char *cargv[MAXARGS+1];
85 struct berval vals[2];
87 static int lastmod = 1;
88 static BackendInfo *bi = NULL;
89 static BackendDB *be = NULL;
91 vals[1].bv_val = NULL;
93 if ( (fp = fopen( fname, "r" )) == NULL ) {
96 LDAP_LOG(( "config", LDAP_LEVEL_ENTRY, "read_config: "
97 "could not open config file \"%s\": %s (%d)\n",
98 fname, strerror(errno), errno ));
100 Debug( LDAP_DEBUG_ANY,
101 "could not open config file \"%s\": %s (%d)\n",
102 fname, strerror(errno), errno );
108 LDAP_LOG(( "config", LDAP_LEVEL_ENTRY,
109 "read_config: reading config file %s\n", fname ));
111 Debug( LDAP_DEBUG_CONFIG, "reading config file %s\n", fname, 0, 0 );
115 fp_getline_init( &lineno );
117 while ( (line = fp_getline( fp, &lineno )) != NULL ) {
118 /* skip comments and blank lines */
119 if ( line[0] == '#' || line[0] == '\0' ) {
123 /* fp_parse_line is destructive, we save a copy */
124 saveline = ch_strdup( line );
126 if ( fp_parse_line( lineno, line, &cargc, cargv ) != 0 ) {
132 LDAP_LOG(( "config", LDAP_LEVEL_INFO,
133 "%s: line %d: bad config line (ignored)\n",
136 Debug( LDAP_DEBUG_ANY,
137 "%s: line %d: bad config line (ignored)\n",
144 if ( strcasecmp( cargv[0], "backend" ) == 0 ) {
147 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
148 "%s : line %d: missing type in \"backend\" line.\n",
151 Debug( LDAP_DEBUG_ANY,
152 "%s: line %d: missing type in \"backend <type>\" line\n",
161 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
162 "%s: line %d: backend line must appear before any "
163 "database definition.\n", fname, lineno ));
165 Debug( LDAP_DEBUG_ANY,
166 "%s: line %d: backend line must appear before any database definition\n",
173 bi = backend_info( cargv[1] );
177 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
178 "read_config: backend %s initialization failed.\n",
181 Debug( LDAP_DEBUG_ANY,
182 "backend %s initialization failed.\n",
188 } else if ( strcasecmp( cargv[0], "database" ) == 0 ) {
191 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
192 "%s: line %d: missing type in \"database <type>\" line\n",
195 Debug( LDAP_DEBUG_ANY,
196 "%s: line %d: missing type in \"database <type>\" line\n",
204 be = backend_db_init( cargv[1] );
208 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
209 "database %s initialization failed.\n",
212 Debug( LDAP_DEBUG_ANY,
213 "database %s initialization failed.\n",
220 /* set thread concurrency */
221 } else if ( strcasecmp( cargv[0], "concurrency" ) == 0 ) {
225 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
226 "%s: line %d: missing level in \"concurrency <level\" line\n",
229 Debug( LDAP_DEBUG_ANY,
230 "%s: line %d: missing level in \"concurrency <level>\" line\n",
237 c = atoi( cargv[1] );
241 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
242 "%s: line %d: invalid level (%d) in "
243 "\"concurrency <level>\" line.\n",
246 Debug( LDAP_DEBUG_ANY,
247 "%s: line %d: invalid level (%d) in \"concurrency <level>\" line\n",
254 ldap_pvt_thread_set_concurrency( c );
256 /* set sockbuf max */
257 } else if ( strcasecmp( cargv[0], "sockbuf_max_incoming" ) == 0 ) {
261 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
262 "%s: line %d: missing max in \"sockbuf_max_incoming <bytes>\" line\n",
265 Debug( LDAP_DEBUG_ANY,
266 "%s: line %d: missing max in \"sockbuf_max_incoming <bytes>\" line\n",
273 max = atol( cargv[1] );
277 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
278 "%s: line %d: invalid max value (%ld) in "
279 "\"sockbuf_max_incoming <bytes>\" line.\n",
280 fname, lineno, max ));
282 Debug( LDAP_DEBUG_ANY,
283 "%s: line %d: invalid max value (%ld) in "
284 "\"sockbuf_max_incoming <bytes>\" line.\n",
285 fname, lineno, max );
291 sockbuf_max_incoming = max;
293 /* set sockbuf max authenticated */
294 } else if ( strcasecmp( cargv[0], "sockbuf_max_incoming_auth" ) == 0 ) {
298 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
299 "%s: line %d: missing max in \"sockbuf_max_incoming_auth <bytes>\" line\n",
302 Debug( LDAP_DEBUG_ANY,
303 "%s: line %d: missing max in \"sockbuf_max_incoming_auth <bytes>\" line\n",
310 max = atol( cargv[1] );
314 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
315 "%s: line %d: invalid max value (%ld) in "
316 "\"sockbuf_max_incoming_auth <bytes>\" line.\n",
317 fname, lineno, max ));
319 Debug( LDAP_DEBUG_ANY,
320 "%s: line %d: invalid max value (%ld) in "
321 "\"sockbuf_max_incoming_auth <bytes>\" line.\n",
322 fname, lineno, max );
328 sockbuf_max_incoming_auth = max;
330 /* default search base */
331 } else if ( strcasecmp( cargv[0], "defaultSearchBase" ) == 0 ) {
334 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
335 "%s: line %d: missing dn in \"defaultSearchBase <dn\" "
336 "line\n", fname, lineno ));
338 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
339 "missing dn in \"defaultSearchBase <dn>\" line\n",
345 } else if ( cargc > 2 ) {
347 LDAP_LOG(( "config", LDAP_LEVEL_INFO,
348 "%s: line %d: extra cruft after <dn> in "
349 "\"defaultSearchBase %s\" line (ignored)\n",
350 fname, lineno, cargv[1] ));
352 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
353 "extra cruft after <dn> in \"defaultSearchBase %s\", "
355 fname, lineno, cargv[1] );
359 if ( bi != NULL || be != NULL ) {
361 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
362 "%s: line %d: defaultSearchBase line must appear "
363 "prior to any backend or database definitions\n",
366 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
367 "defaultSearchBaase line must appear prior to "
368 "any backend or database definition\n",
375 if ( default_search_nbase.bv_len ) {
377 LDAP_LOG(( "config", LDAP_LEVEL_INFO, "%s: line %d: "
378 "default search base \"%s\" already defined "
379 "(discarding old)\n", fname, lineno,
380 default_search_base.bv_val ));
382 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
383 "default search base \"%s\" already defined "
384 "(discarding old)\n",
385 fname, lineno, default_search_base.bv_val );
388 free( default_search_base.bv_val );
389 free( default_search_nbase.bv_val );
392 if ( load_ucdata( NULL ) < 0 ) return 1;
397 dn.bv_val = cargv[1];
398 dn.bv_len = strlen( dn.bv_val );
400 rc = dnPrettyNormal( NULL, &dn,
401 &default_search_base,
402 &default_search_nbase );
404 if( rc != LDAP_SUCCESS ) {
406 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
407 "%s: line %d: defaultSearchBase DN is invalid.\n",
410 Debug( LDAP_DEBUG_ANY,
411 "%s: line %d: defaultSearchBase DN is invalid\n",
418 /* set maximum threads in thread pool */
419 } else if ( strcasecmp( cargv[0], "threads" ) == 0 ) {
423 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
424 "%s: line %d: missing count in \"threads <count>\" line\n",
427 Debug( LDAP_DEBUG_ANY,
428 "%s: line %d: missing count in \"threads <count>\" line\n",
435 c = atoi( cargv[1] );
439 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
440 "%s: line %d: invalid level (%d) in \"threads <count>\""
441 "line\n",fname, lineno, c ));
443 Debug( LDAP_DEBUG_ANY,
444 "%s: line %d: invalid level (%d) in \"threads <count>\" line\n",
451 ldap_pvt_thread_pool_maxthreads( &connection_pool, c );
453 /* save for later use */
454 connection_pool_max = c;
456 /* get pid file name */
457 } else if ( strcasecmp( cargv[0], "pidfile" ) == 0 ) {
460 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
461 "%s: line %d missing file name in \"pidfile <file>\" line.\n",
464 Debug( LDAP_DEBUG_ANY,
465 "%s: line %d: missing file name in \"pidfile <file>\" line\n",
472 slapd_pid_file = ch_strdup( cargv[1] );
474 /* get args file name */
475 } else if ( strcasecmp( cargv[0], "argsfile" ) == 0 ) {
478 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
479 "%s: %d: missing file name in "
480 "\"argsfile <file>\" line.\n",
483 Debug( LDAP_DEBUG_ANY,
484 "%s: line %d: missing file name in \"argsfile <file>\" line\n",
491 slapd_args_file = ch_strdup( cargv[1] );
493 /* default password hash */
494 } else if ( strcasecmp( cargv[0], "password-hash" ) == 0 ) {
497 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
498 "%s: line %d: missing hash in "
499 "\"password-hash <hash>\" line.\n",
502 Debug( LDAP_DEBUG_ANY,
503 "%s: line %d: missing hash in \"password-hash <hash>\" line\n",
509 if ( default_passwd_hash != NULL ) {
511 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
512 "%s: line %d: already set default password_hash!\n",
515 Debug( LDAP_DEBUG_ANY,
516 "%s: line %d: already set default password_hash!\n",
524 if ( lutil_passwd_scheme( cargv[1] ) == 0 ) {
526 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
527 "%s: line %d: password scheme \"%s\" not available\n",
528 fname, lineno, cargv[1] ));
530 Debug( LDAP_DEBUG_ANY,
531 "%s: line %d: password scheme \"%s\" not available\n",
532 fname, lineno, cargv[1] );
537 default_passwd_hash = ch_strdup( cargv[1] );
539 } else if ( strcasecmp( cargv[0], "password-crypt-salt-format" ) == 0 )
543 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
544 "%s: line %d: missing format in "
545 "\"password-crypt-salt-format <format>\" line\n",
548 Debug( LDAP_DEBUG_ANY, "%s: line %d: missing format in "
549 "\"password-crypt-salt-format <format>\" line\n",
556 lutil_salt_format( cargv[1] );
559 } else if ( strcasecmp( cargv[0], "sasl-host" ) == 0 ) {
562 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
563 "%s: line %d: missing host in \"sasl-host <host>\" line\n",
566 Debug( LDAP_DEBUG_ANY,
567 "%s: line %d: missing host in \"sasl-host <host>\" line\n",
574 if ( global_host != NULL ) {
576 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
577 "%s: line %d: already set sasl-host!\n",
580 Debug( LDAP_DEBUG_ANY,
581 "%s: line %d: already set sasl-host!\n",
588 global_host = ch_strdup( cargv[1] );
592 } else if ( strcasecmp( cargv[0], "sasl-realm" ) == 0 ) {
595 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
596 "%s: line %d: missing realm in \"sasl-realm <realm>\" line.\n",
599 Debug( LDAP_DEBUG_ANY,
600 "%s: line %d: missing realm in \"sasl-realm <realm>\" line\n",
607 if ( global_realm != NULL ) {
609 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
610 "%s: line %d: already set sasl-realm!\n",
613 Debug( LDAP_DEBUG_ANY,
614 "%s: line %d: already set sasl-realm!\n",
621 global_realm = ch_strdup( cargv[1] );
624 } else if ( !strcasecmp( cargv[0], "sasl-regexp" )
625 || !strcasecmp( cargv[0], "saslregexp" ) )
630 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
631 "%s: line %d: need 2 args in "
632 "\"saslregexp <match> <replace>\"\n",
635 Debug( LDAP_DEBUG_ANY,
636 "%s: line %d: need 2 args in \"saslregexp <match> <replace>\"\n",
642 rc = slap_sasl_regexp_config( cargv[1], cargv[2] );
647 /* SASL security properties */
648 } else if ( strcasecmp( cargv[0], "sasl-secprops" ) == 0 ) {
653 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
654 "%s: line %d: missing flags in "
655 "\"sasl-secprops <properties>\" line\n",
658 Debug( LDAP_DEBUG_ANY,
659 "%s: line %d: missing flags in \"sasl-secprops <properties>\" line\n",
666 txt = slap_sasl_secprops( cargv[1] );
669 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
670 "%s: line %d sas-secprops: %s\n",
671 fname, lineno, txt ));
673 Debug( LDAP_DEBUG_ANY,
674 "%s: line %d: sasl-secprops: %s\n",
675 fname, lineno, txt );
681 /* set UCDATA path */
682 } else if ( strcasecmp( cargv[0], "ucdata-path" ) == 0 ) {
686 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
687 "%s: line %d: missing path in "
688 "\"ucdata-path <path>\" line.\n",
691 Debug( LDAP_DEBUG_ANY,
692 "%s: line %d: missing path in \"ucdata-path <path>\" line\n",
699 err = load_ucdata( cargv[1] );
703 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
704 "%s: line %d: ucdata already loaded, ucdata-path "
705 "must be set earlier in the file and/or be "
706 "specified only once!\n",
709 Debug( LDAP_DEBUG_ANY,
710 "%s: line %d: ucdata already loaded, ucdata-path must be set earlier in the file and/or be specified only once!\n",
719 } else if ( strcasecmp( cargv[0], "sizelimit" ) == 0 ) {
721 struct slap_limits_set *lim;
725 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
726 "%s: line %d: missing limit in \"sizelimit <limit>\" line.\n",
729 Debug( LDAP_DEBUG_ANY,
730 "%s: line %d: missing limit in \"sizelimit <limit>\" line\n",
740 lim = &be->be_def_limit;
743 for ( i = 1; i < cargc; i++ ) {
744 if ( strncasecmp( cargv[i], "size", 4 ) == 0 ) {
745 rc = parse_limit( cargv[i], lim );
747 lim->lms_s_soft = atoi( cargv[i] );
753 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
754 "%s: line %d: unable "
755 "to parse value \"%s\" "
758 fname, lineno, cargv[i] ));
760 Debug( LDAP_DEBUG_ANY,
761 "%s: line %d: unable "
762 "to parse value \"%s\" "
765 fname, lineno, cargv[i] );
771 } else if ( strcasecmp( cargv[0], "timelimit" ) == 0 ) {
773 struct slap_limits_set *lim;
777 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
778 "%s: line %d missing limit in \"timelimit <limit>\" line.\n",
781 Debug( LDAP_DEBUG_ANY,
782 "%s: line %d: missing limit in \"timelimit <limit>\" line\n",
792 lim = &be->be_def_limit;
795 for ( i = 1; i < cargc; i++ ) {
796 if ( strncasecmp( cargv[i], "time", 4 ) == 0 ) {
797 rc = parse_limit( cargv[i], lim );
799 lim->lms_t_soft = atoi( cargv[i] );
805 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
806 "%s: line %d: unable "
807 "to parse value \"%s\" "
810 fname, lineno, cargv[i] ));
812 Debug( LDAP_DEBUG_ANY,
813 "%s: line %d: unable "
814 "to parse value \"%s\" "
817 fname, lineno, cargv[i] );
822 /* set regex-based limits */
823 } else if ( strcasecmp( cargv[0], "limits" ) == 0 ) {
826 LDAP_LOG(( "config", LDAP_LEVEL_WARNING,
827 "%s: line %d \"limits\" allowed only in database environment.\n",
830 Debug( LDAP_DEBUG_ANY,
831 "%s: line %d \"limits\" allowed only in database environment.\n%s",
837 if ( parse_limits( be, fname, lineno, cargc, cargv ) ) {
841 /* mark this as a subordinate database */
842 } else if ( strcasecmp( cargv[0], "subordinate" ) == 0 ) {
845 LDAP_LOG(( "config", LDAP_LEVEL_INFO, "%s: line %d: "
846 "subordinate keyword must appear inside a database "
847 "definition (ignored).\n", fname, lineno ));
849 Debug( LDAP_DEBUG_ANY, "%s: line %d: suffix line "
850 "must appear inside a database definition (ignored)\n",
854 be->be_flags |= SLAP_BFLAG_GLUE_SUBORDINATE;
858 /* set database suffix */
859 } else if ( strcasecmp( cargv[0], "suffix" ) == 0 ) {
861 struct berval dn, pdn, ndn;
865 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
866 "%s: line %d: missing dn in \"suffix <dn>\" line.\n",
869 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
870 "missing dn in \"suffix <dn>\" line\n",
876 } else if ( cargc > 2 ) {
878 LDAP_LOG(( "config", LDAP_LEVEL_INFO,
879 "%s: line %d: extra cruft after <dn> in \"suffix %s\""
880 " line (ignored).\n", fname, lineno, cargv[1] ));
882 Debug( LDAP_DEBUG_ANY, "%s: line %d: extra cruft "
883 "after <dn> in \"suffix %s\" line (ignored)\n",
884 fname, lineno, cargv[1] );
890 LDAP_LOG(( "config", LDAP_LEVEL_INFO,
891 "%s: line %d: suffix line must appear inside a database "
892 "definition.\n", fname, lineno ));
894 Debug( LDAP_DEBUG_ANY, "%s: line %d: suffix line "
895 "must appear inside a database definition\n",
900 #if defined(SLAPD_MONITOR_DN)
901 /* "cn=Monitor" is reserved for monitoring slap */
902 } else if ( strcasecmp( cargv[1], SLAPD_MONITOR_DN ) == 0 ) {
904 LDAP_LOG(( "config", LDAP_LEVEL_CRIT, "%s: line %d: \""
905 SLAPD_MONITOR_DN "\" is reserved for monitoring slapd\n",
908 Debug( LDAP_DEBUG_ANY, "%s: line %d: \""
909 SLAPD_MONITOR_DN "\" is reserved for monitoring slapd\n",
913 #endif /* SLAPD_MONITOR_DN */
916 if ( load_ucdata( NULL ) < 0 ) return 1;
918 dn.bv_val = cargv[1];
919 dn.bv_len = strlen( cargv[1] );
921 rc = dnPrettyNormal( NULL, &dn, &pdn, &ndn );
922 if( rc != LDAP_SUCCESS ) {
924 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
925 "%s: line %d: suffix DN is invalid.\n",
928 Debug( LDAP_DEBUG_ANY,
929 "%s: line %d: suffix DN is invalid\n",
935 tmp_be = select_backend( &ndn, 0, 0 );
936 if ( tmp_be == be ) {
938 LDAP_LOG(( "config", LDAP_LEVEL_INFO,
939 "%s: line %d: suffix already served by this backend "
940 "(ignored)\n", fname, lineno ));
942 Debug( LDAP_DEBUG_ANY, "%s: line %d: suffix "
943 "already served by this backend (ignored)\n",
949 } else if ( tmp_be != NULL ) {
951 LDAP_LOG(( "config", LDAP_LEVEL_INFO,
952 "%s: line %d: suffix already served by a preceding "
953 "backend \"%s\"\n", fname, lineno,
954 tmp_be->be_suffix[0].bv_val ));
956 Debug( LDAP_DEBUG_ANY, "%s: line %d: suffix "
957 "already served by a preceeding backend \"%s\"\n",
958 fname, lineno, tmp_be->be_suffix[0].bv_val );
964 } else if( pdn.bv_len == 0 && default_search_nbase.bv_len ) {
966 LDAP_LOG(( "config", LDAP_LEVEL_INFO,
967 "%s: line %d: suffix DN empty and default search "
968 "base provided \"%s\" (assuming okay).\n",
969 fname, lineno, default_search_base.bv_val ));
971 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
972 "suffix DN empty and default "
973 "search base provided \"%s\" (assuming okay)\n",
974 fname, lineno, default_search_base.bv_val );
978 ber_bvarray_add( &be->be_suffix, &pdn );
979 ber_bvarray_add( &be->be_nsuffix, &ndn );
981 /* set database suffixAlias */
982 } else if ( strcasecmp( cargv[0], "suffixAlias" ) == 0 ) {
984 struct berval alias, palias, nalias;
985 struct berval aliased, paliased, naliased;
989 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
990 "%s: line %d: missing alias and aliased_dn in "
991 "\"suffixAlias <alias> <aliased_dn>\" line.\n",
994 Debug( LDAP_DEBUG_ANY,
995 "%s: line %d: missing alias and aliased_dn in "
996 "\"suffixAlias <alias> <aliased_dn>\" line.\n",
1001 } else if ( cargc < 3 ) {
1003 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
1004 "%s: line %d: missing aliased_dn in "
1005 "\"suffixAlias <alias> <aliased_dn>\" line\n",
1008 Debug( LDAP_DEBUG_ANY,
1009 "%s: line %d: missing aliased_dn in "
1010 "\"suffixAlias <alias> <aliased_dn>\" line\n",
1015 } else if ( cargc > 3 ) {
1017 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
1018 "%s: line %d: extra cruft in suffixAlias line (ignored)\n",
1021 Debug( LDAP_DEBUG_ANY,
1022 "%s: line %d: extra cruft in suffixAlias line (ignored)\n",
1030 LDAP_LOG(( "config", LDAP_LEVEL_INFO,
1031 "%s: line %d: suffixAlias line must appear inside a "
1032 "database definition (ignored).\n", fname, lineno ));
1034 Debug( LDAP_DEBUG_ANY,
1035 "%s: line %d: suffixAlias line"
1036 " must appear inside a database definition (ignored)\n",
1041 if ( load_ucdata( NULL ) < 0 ) return 1;
1043 alias.bv_val = cargv[1];
1044 alias.bv_len = strlen( cargv[1] );
1046 rc = dnPrettyNormal( NULL, &alias, &palias, &nalias );
1047 if( rc != LDAP_SUCCESS ) {
1049 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
1050 "%s: line %d: alias DN is invalid.\n",
1053 Debug( LDAP_DEBUG_ANY,
1054 "%s: line %d: alias DN is invalid\n",
1060 tmp_be = select_backend( &nalias, 0, 0 );
1061 free( nalias.bv_val );
1062 if ( tmp_be && tmp_be != be ) {
1064 LDAP_LOG(( "config", LDAP_LEVEL_INFO,
1065 "%s: line %d: suffixAlias served by a preceeding "
1067 fname, lineno, tmp_be->be_suffix[0].bv_val ));
1069 Debug( LDAP_DEBUG_ANY,
1070 "%s: line %d: suffixAlias served by"
1071 " a preceeding backend \"%s\"\n",
1072 fname, lineno, tmp_be->be_suffix[0].bv_val );
1074 free( palias.bv_val );
1078 aliased.bv_val = cargv[2];
1079 aliased.bv_len = strlen( cargv[2] );
1081 rc = dnPrettyNormal( NULL, &aliased, &paliased, &naliased );
1082 if( rc != LDAP_SUCCESS ) {
1084 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
1085 "%s: line %d: aliased DN is invalid.\n",
1088 Debug( LDAP_DEBUG_ANY,
1089 "%s: line %d: aliased DN is invalid\n",
1092 free( palias.bv_val );
1096 tmp_be = select_backend( &naliased, 0, 0 );
1097 free( naliased.bv_val );
1098 if ( tmp_be && tmp_be != be ) {
1100 LDAP_LOG(( "config", LDAP_LEVEL_INFO,
1101 "%s: line %d: suffixAlias derefs to a different backend "
1102 "a preceeding backend \"%s\"\n",
1103 fname, lineno, tmp_be->be_suffix[0].bv_val ));
1105 Debug( LDAP_DEBUG_ANY,
1106 "%s: line %d: suffixAlias derefs to differnet backend"
1107 " a preceeding backend \"%s\"\n",
1108 fname, lineno, tmp_be->be_suffix[0].bv_val );
1110 free( palias.bv_val );
1111 free( paliased.bv_val );
1115 ber_bvarray_add( &be->be_suffixAlias, &palias );
1116 ber_bvarray_add( &be->be_suffixAlias, &paliased );
1118 /* set max deref depth */
1119 } else if ( strcasecmp( cargv[0], "maxDerefDepth" ) == 0 ) {
1123 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
1124 "%s: line %d: missing depth in \"maxDerefDepth <depth>\""
1125 " line\n", fname, lineno ));
1127 Debug( LDAP_DEBUG_ANY,
1128 "%s: line %d: missing depth in \"maxDerefDepth <depth>\" line\n",
1136 LDAP_LOG(( "config", LDAP_LEVEL_INFO,
1137 "%s: line %d: depth line must appear inside a database "
1138 "definition (ignored)\n", fname, lineno ));
1140 Debug( LDAP_DEBUG_ANY,
1141 "%s: line %d: depth line must appear inside a database definition (ignored)\n",
1145 } else if ((i = atoi(cargv[1])) < 0) {
1147 LDAP_LOG(( "config", LDAP_LEVEL_INFO,
1148 "%s: line %d: depth must be positive (ignored).\n",
1151 Debug( LDAP_DEBUG_ANY,
1152 "%s: line %d: depth must be positive (ignored)\n",
1158 be->be_max_deref_depth = i;
1162 /* set magic "root" dn for this database */
1163 } else if ( strcasecmp( cargv[0], "rootdn" ) == 0 ) {
1166 LDAP_LOG(( "config", LDAP_LEVEL_INFO,
1167 "%s: line %d: missing dn in \"rootdn <dn>\" line.\n",
1170 Debug( LDAP_DEBUG_ANY,
1171 "%s: line %d: missing dn in \"rootdn <dn>\" line\n",
1179 LDAP_LOG(( "config", LDAP_LEVEL_INFO,
1180 "%s: line %d: rootdn line must appear inside a database "
1181 "definition (ignored).\n", fname, lineno ));
1183 Debug( LDAP_DEBUG_ANY,
1184 "%s: line %d: rootdn line must appear inside a database definition (ignored)\n",
1191 if ( load_ucdata( NULL ) < 0 ) return 1;
1193 dn.bv_val = cargv[1];
1194 dn.bv_len = strlen( cargv[1] );
1196 rc = dnPrettyNormal( NULL, &dn,
1200 if( rc != LDAP_SUCCESS ) {
1202 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
1203 "%s: line %d: rootdn DN is invalid.\n",
1206 Debug( LDAP_DEBUG_ANY,
1207 "%s: line %d: rootdn DN is invalid\n",
1214 /* set super-secret magic database password */
1215 } else if ( strcasecmp( cargv[0], "rootpw" ) == 0 ) {
1218 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
1219 "%s: line %d: missing passwd in \"rootpw <passwd>\""
1220 " line\n", fname, lineno ));
1222 Debug( LDAP_DEBUG_ANY,
1223 "%s: line %d: missing passwd in \"rootpw <passwd>\" line\n",
1231 LDAP_LOG(( "config", LDAP_LEVEL_INFO,
1232 "%s: line %d: rootpw line must appear inside a database "
1233 "definition (ignored)\n", fname, lineno ));
1235 Debug( LDAP_DEBUG_ANY,
1236 "%s: line %d: rootpw line must appear inside a database definition (ignored)\n",
1241 be->be_rootpw.bv_val = ch_strdup( cargv[1] );
1242 be->be_rootpw.bv_len = strlen( be->be_rootpw.bv_val );
1245 /* make this database read-only */
1246 } else if ( strcasecmp( cargv[0], "readonly" ) == 0 ) {
1249 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
1250 "%s: line %d: missing on|off in \"readonly <on|off>\" line.\n",
1253 Debug( LDAP_DEBUG_ANY,
1254 "%s: line %d: missing on|off in \"readonly <on|off>\" line\n",
1261 if ( strcasecmp( cargv[1], "on" ) == 0 ) {
1262 global_restrictops |= SLAP_RESTRICT_OP_WRITES;
1264 global_restrictops &= ~SLAP_RESTRICT_OP_WRITES;
1267 if ( strcasecmp( cargv[1], "on" ) == 0 ) {
1268 be->be_restrictops |= SLAP_RESTRICT_OP_WRITES;
1270 be->be_restrictops &= ~SLAP_RESTRICT_OP_WRITES;
1275 /* allow these features */
1276 } else if ( strcasecmp( cargv[0], "allows" ) == 0 ||
1277 strcasecmp( cargv[0], "allow" ) == 0 )
1283 LDAP_LOG(( "config", LDAP_LEVEL_INFO,
1284 "%s: line %d: allow line must appear prior to "
1285 "database definitions.\n", fname, lineno ));
1287 Debug( LDAP_DEBUG_ANY,
1288 "%s: line %d: allow line must appear prior to database definitions\n",
1296 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
1297 "%s: line %d: missing feature(s) in \"allow <features>\""
1298 " line\n", fname, lineno ));
1300 Debug( LDAP_DEBUG_ANY,
1301 "%s: line %d: missing feature(s) in \"allow <features>\" line\n",
1310 for( i=1; i < cargc; i++ ) {
1311 if( strcasecmp( cargv[i], "bind_v2" ) == 0 ) {
1312 allows |= SLAP_ALLOW_BIND_V2;
1314 } else if( strcasecmp( cargv[i], "bind_anon_cred" ) == 0 ) {
1315 allows |= SLAP_ALLOW_BIND_ANON_CRED;
1317 } else if( strcasecmp( cargv[i], "bind_anon_dn" ) == 0 ) {
1318 allows |= SLAP_ALLOW_BIND_ANON_DN;
1320 } else if( strcasecmp( cargv[i], "none" ) != 0 ) {
1322 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
1323 "%s: line %d: unknown feature %s in "
1324 "\"allow <features>\" line.\n",
1325 fname, lineno, cargv[1] ));
1327 Debug( LDAP_DEBUG_ANY,
1328 "%s: line %d: unknown feature %s in \"allow <features>\" line\n",
1329 fname, lineno, cargv[i] );
1336 global_allows = allows;
1338 /* disallow these features */
1339 } else if ( strcasecmp( cargv[0], "disallows" ) == 0 ||
1340 strcasecmp( cargv[0], "disallow" ) == 0 )
1342 slap_mask_t disallows;
1346 LDAP_LOG(( "config", LDAP_LEVEL_INFO,
1347 "%s: line %d: disallow line must appear prior to "
1348 "database definitions.\n", fname, lineno ));
1350 Debug( LDAP_DEBUG_ANY,
1351 "%s: line %d: disallow line must appear prior to database definitions\n",
1359 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
1360 "%s: line %d: missing feature(s) in \"disallow <features>\""
1361 " line.\n", fname, lineno ));
1363 Debug( LDAP_DEBUG_ANY,
1364 "%s: line %d: missing feature(s) in \"disallow <features>\" line\n",
1373 for( i=1; i < cargc; i++ ) {
1374 if( strcasecmp( cargv[i], "bind_anon" ) == 0 ) {
1375 disallows |= SLAP_DISALLOW_BIND_ANON;
1377 } else if( strcasecmp( cargv[i], "bind_simple" ) == 0 ) {
1378 disallows |= SLAP_DISALLOW_BIND_SIMPLE;
1380 } else if( strcasecmp( cargv[i], "bind_krbv4" ) == 0 ) {
1381 disallows |= SLAP_DISALLOW_BIND_KRBV4;
1383 } else if( strcasecmp( cargv[i], "tls_2_anon" ) == 0 ) {
1384 disallows |= SLAP_DISALLOW_TLS_2_ANON;
1386 } else if( strcasecmp( cargv[i], "tls_authc" ) == 0 ) {
1387 disallows |= SLAP_DISALLOW_TLS_AUTHC;
1389 } else if( strcasecmp( cargv[i], "none" ) != 0 ) {
1391 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
1392 "%s: line %d: unknown feature %s in "
1393 "\"disallow <features>\" line.\n",
1394 fname, lineno, cargv[i] ));
1396 Debug( LDAP_DEBUG_ANY,
1397 "%s: line %d: unknown feature %s in \"disallow <features>\" line\n",
1398 fname, lineno, cargv[i] );
1405 global_disallows = disallows;
1407 /* require these features */
1408 } else if ( strcasecmp( cargv[0], "requires" ) == 0 ||
1409 strcasecmp( cargv[0], "require" ) == 0 )
1411 slap_mask_t requires;
1415 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
1416 "%s: line %d: missing feature(s) in "
1417 "\"require <features>\" line.\n", fname, lineno ));
1419 Debug( LDAP_DEBUG_ANY,
1420 "%s: line %d: missing feature(s) in \"require <features>\" line\n",
1429 for( i=1; i < cargc; i++ ) {
1430 if( strcasecmp( cargv[i], "bind" ) == 0 ) {
1431 requires |= SLAP_REQUIRE_BIND;
1433 } else if( strcasecmp( cargv[i], "LDAPv3" ) == 0 ) {
1434 requires |= SLAP_REQUIRE_LDAP_V3;
1436 } else if( strcasecmp( cargv[i], "authc" ) == 0 ) {
1437 requires |= SLAP_REQUIRE_AUTHC;
1439 } else if( strcasecmp( cargv[i], "SASL" ) == 0 ) {
1440 requires |= SLAP_REQUIRE_SASL;
1442 } else if( strcasecmp( cargv[i], "strong" ) == 0 ) {
1443 requires |= SLAP_REQUIRE_STRONG;
1445 } else if( strcasecmp( cargv[i], "none" ) != 0 ) {
1447 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
1448 "%s: line %d: unknown feature %s in "
1449 "\"require <features>\" line.\n",
1452 Debug( LDAP_DEBUG_ANY,
1453 "%s: line %d: unknown feature %s in \"require <features>\" line\n",
1454 fname, lineno, cargv[i] );
1462 global_requires = requires;
1464 be->be_requires = requires;
1467 /* required security factors */
1468 } else if ( strcasecmp( cargv[0], "security" ) == 0 ) {
1469 slap_ssf_set_t *set;
1473 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
1474 "%s: line %d: missing factor(s) in \"security <factors>\""
1475 " line.\n", fname, lineno ));
1477 Debug( LDAP_DEBUG_ANY,
1478 "%s: line %d: missing factor(s) in \"security <factors>\" line\n",
1486 set = &global_ssf_set;
1488 set = &be->be_ssf_set;
1491 for( i=1; i < cargc; i++ ) {
1492 if( strncasecmp( cargv[i], "ssf=",
1493 sizeof("ssf") ) == 0 )
1496 atoi( &cargv[i][sizeof("ssf")] );
1498 } else if( strncasecmp( cargv[i], "transport=",
1499 sizeof("transport") ) == 0 )
1501 set->sss_transport =
1502 atoi( &cargv[i][sizeof("transport")] );
1504 } else if( strncasecmp( cargv[i], "tls=",
1505 sizeof("tls") ) == 0 )
1508 atoi( &cargv[i][sizeof("tls")] );
1510 } else if( strncasecmp( cargv[i], "sasl=",
1511 sizeof("sasl") ) == 0 )
1514 atoi( &cargv[i][sizeof("sasl")] );
1516 } else if( strncasecmp( cargv[i], "update_ssf=",
1517 sizeof("update_ssf") ) == 0 )
1519 set->sss_update_ssf =
1520 atoi( &cargv[i][sizeof("update_ssf")] );
1522 } else if( strncasecmp( cargv[i], "update_transport=",
1523 sizeof("update_transport") ) == 0 )
1525 set->sss_update_transport =
1526 atoi( &cargv[i][sizeof("update_transport")] );
1528 } else if( strncasecmp( cargv[i], "update_tls=",
1529 sizeof("update_tls") ) == 0 )
1531 set->sss_update_tls =
1532 atoi( &cargv[i][sizeof("update_tls")] );
1534 } else if( strncasecmp( cargv[i], "update_sasl=",
1535 sizeof("update_sasl") ) == 0 )
1537 set->sss_update_sasl =
1538 atoi( &cargv[i][sizeof("update_sasl")] );
1542 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
1543 "%s: line %d: unknown factor %S in "
1544 "\"security <factors>\" line.\n",
1545 fname, lineno, cargv[1] ));
1547 Debug( LDAP_DEBUG_ANY,
1548 "%s: line %d: unknown factor %s in \"security <factors>\" line\n",
1549 fname, lineno, cargv[i] );
1555 /* where to send clients when we don't hold it */
1556 } else if ( strcasecmp( cargv[0], "referral" ) == 0 ) {
1559 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
1560 "%s: line %d: missing URL in \"referral <URL>\""
1561 " line.\n", fname, lineno ));
1563 Debug( LDAP_DEBUG_ANY,
1564 "%s: line %d: missing URL in \"referral <URL>\" line\n",
1571 if( validate_global_referral( cargv[1] ) ) {
1573 LDAP_LOG(( "config", LDAP_LEVEL_CRIT, "%s: line %d: "
1574 "invalid URL (%s) in \"referral\" line.\n",
1575 fname, lineno, cargv[1] ));
1577 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
1578 "invalid URL (%s) in \"referral\" line.\n",
1579 fname, lineno, cargv[1] );
1584 vals[0].bv_val = cargv[1];
1585 vals[0].bv_len = strlen( vals[0].bv_val );
1586 value_add( &default_referral, vals );
1589 } else if ( strcasecmp( cargv[0], "logfile" ) == 0 ) {
1593 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
1594 "%s: line %d: Error in logfile directive, "
1595 "\"logfile <filename>\"\n", fname, lineno ));
1597 Debug( LDAP_DEBUG_ANY,
1598 "%s: line %d: Error in logfile directive, \"logfile filename\"\n",
1604 logfile = fopen( cargv[1], "w" );
1605 if ( logfile != NULL ) lutil_debug_file( logfile );
1608 /* start of a new database definition */
1609 } else if ( strcasecmp( cargv[0], "debug" ) == 0 ) {
1613 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
1614 "%s: line %d: Error in debug directive, "
1615 "\"debug <subsys> <level>\"\n", fname, lineno ));
1617 Debug( LDAP_DEBUG_ANY,
1618 "%s: line %d: Error in debug directive, \"debug subsys level\"\n",
1624 level = atoi( cargv[2] );
1625 if ( level <= 0 ) level = lutil_mnem2level( cargv[2] );
1626 lutil_set_debug_level( cargv[1], level );
1627 /* specify an Object Identifier macro */
1628 } else if ( strcasecmp( cargv[0], "objectidentifier" ) == 0 ) {
1629 rc = parse_oidm( fname, lineno, cargc, cargv );
1632 /* specify an objectclass */
1633 } else if ( strcasecmp( cargv[0], "objectclass" ) == 0 ) {
1634 if ( *cargv[1] == '(' ) {
1636 p = strchr(saveline,'(');
1637 rc = parse_oc( fname, lineno, p, cargv );
1642 LDAP_LOG(( "config", LDAP_LEVEL_INFO,
1643 "%s: line %d: old objectclass format not supported\n",
1646 Debug( LDAP_DEBUG_ANY,
1647 "%s: line %d: old objectclass format not supported.\n",
1653 /* specify an attribute type */
1654 } else if (( strcasecmp( cargv[0], "attributetype" ) == 0 )
1655 || ( strcasecmp( cargv[0], "attribute" ) == 0 ))
1657 if ( *cargv[1] == '(' ) {
1659 p = strchr(saveline,'(');
1660 rc = parse_at( fname, lineno, p, cargv );
1665 LDAP_LOG(( "config", LDAP_LEVEL_INFO,
1666 "%s: line %d: old attribute type format not supported.\n",
1669 Debug( LDAP_DEBUG_ANY,
1670 "%s: line %d: old attribute type format not supported.\n",
1676 /* turn on/off schema checking */
1677 } else if ( strcasecmp( cargv[0], "schemacheck" ) == 0 ) {
1680 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
1681 "%s: line %d: missing on|off in "
1682 "\"schemacheck <on|off>\" line.\n",
1685 Debug( LDAP_DEBUG_ANY,
1686 "%s: line %d: missing on|off in \"schemacheck <on|off>\" line\n",
1692 if ( strcasecmp( cargv[1], "off" ) == 0 ) {
1694 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
1695 "%s: line %d: schema checking disabled! your mileage may vary!\n",
1698 Debug( LDAP_DEBUG_ANY,
1699 "%s: line %d: schema checking disabled! your mileage may vary!\n",
1702 global_schemacheck = 0;
1704 global_schemacheck = 1;
1707 /* specify access control info */
1708 } else if ( strcasecmp( cargv[0], "access" ) == 0 ) {
1709 parse_acl( be, fname, lineno, cargc, cargv );
1711 /* debug level to log things to syslog */
1712 } else if ( strcasecmp( cargv[0], "loglevel" ) == 0 ) {
1715 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
1716 "%s: line %d: missing level in \"loglevel <level>\""
1717 " line.\n", fname, lineno ));
1719 Debug( LDAP_DEBUG_ANY,
1720 "%s: line %d: missing level in \"loglevel <level>\" line\n",
1729 for( i=1; i < cargc; i++ ) {
1730 ldap_syslog += atoi( cargv[1] );
1733 /* list of replicas of the data in this backend (master only) */
1734 } else if ( strcasecmp( cargv[0], "replica" ) == 0 ) {
1737 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
1738 "%s: line %d: missing host in \"replica "
1739 " <host[:port]\" line\n", fname, lineno ));
1741 Debug( LDAP_DEBUG_ANY,
1742 "%s: line %d: missing host in \"replica <host[:port]>\" line\n",
1750 LDAP_LOG(( "config", LDAP_LEVEL_INFO,
1751 "%s: line %d: replica line must appear inside "
1752 "a database definition (ignored).\n", fname, lineno ));
1754 Debug( LDAP_DEBUG_ANY,
1755 "%s: line %d: replica line must appear inside a database definition (ignored)\n",
1762 for ( i = 1; i < cargc; i++ ) {
1763 if ( strncasecmp( cargv[i], "host=", 5 )
1765 nr = add_replica_info( be,
1772 LDAP_LOG(( "config", LDAP_LEVEL_INFO,
1773 "%s: line %d: missing host in \"replica\" "
1774 "line (ignored)\n", fname, lineno ));
1776 Debug( LDAP_DEBUG_ANY,
1777 "%s: line %d: missing host in \"replica\" line (ignored)\n",
1781 } else if ( nr == -1 ) {
1783 LDAP_LOG(( "config", LDAP_LEVEL_INFO,
1784 "%s: line %d: unable to add"
1790 Debug( LDAP_DEBUG_ANY,
1791 "%s: line %d: unable to add replica \"%s\" (ignored)\n",
1792 fname, lineno, cargv[i] + 5 );
1795 for ( i = 1; i < cargc; i++ ) {
1796 if ( strncasecmp( cargv[i], "suffix=", 7 ) == 0 ) {
1798 switch ( add_replica_suffix( be, nr, cargv[i] + 7 ) ) {
1801 LDAP_LOG(( "config", LDAP_LEVEL_INFO,
1802 "%s: line %d: suffix \"%s\" in \"replica\" line is not valid for backend (ignored)\n",
1803 fname, lineno, cargv[i] + 7 ));
1805 Debug( LDAP_DEBUG_ANY,
1806 "%s: line %d: suffix \"%s\" in \"replica\" line is not valid for backend (ignored)\n",
1807 fname, lineno, cargv[i] + 7 );
1813 LDAP_LOG(( "config", LDAP_LEVEL_INFO,
1814 "%s: line %d: unable to normalize suffix in \"replica\" line (ignored)\n",
1817 Debug( LDAP_DEBUG_ANY,
1818 "%s: line %d: unable to normalize suffix in \"replica\" line (ignored)\n",
1824 } else if ( strncasecmp( cargv[i], "attr", 4 ) == 0 ) {
1826 char *arg = cargv[i] + 4;
1828 if ( arg[0] == '!' ) {
1833 if ( arg[0] != '=' ) {
1837 if ( add_replica_attrs( be, nr, arg + 1, exclude ) ) {
1839 LDAP_LOG(( "config", LDAP_LEVEL_INFO,
1840 "%s: line %d: attribute \"%s\" in \"replica\" line is unknown\n",
1841 fname, lineno, arg + 1 ));
1843 Debug( LDAP_DEBUG_ANY,
1844 "%s: line %d: attribute \"%s\" in \"replica\" line is unknown\n",
1845 fname, lineno, arg + 1 );
1854 /* dn of master entity allowed to write to replica */
1855 } else if ( strcasecmp( cargv[0], "updatedn" ) == 0 ) {
1858 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
1859 "%s: line %d: missing dn in \"updatedn <dn>\""
1860 " line.\n", fname, lineno ));
1862 Debug( LDAP_DEBUG_ANY,
1863 "%s: line %d: missing dn in \"updatedn <dn>\" line\n",
1871 LDAP_LOG(( "config", LDAP_LEVEL_INFO,
1872 "%s: line %d: updatedn line must appear inside "
1873 "a database definition (ignored)\n",
1876 Debug( LDAP_DEBUG_ANY,
1877 "%s: line %d: updatedn line must appear inside a database definition (ignored)\n",
1884 if ( load_ucdata( NULL ) < 0 ) return 1;
1886 dn.bv_val = cargv[1];
1887 dn.bv_len = strlen( cargv[1] );
1889 rc = dnNormalize2( NULL, &dn, &be->be_update_ndn );
1890 if( rc != LDAP_SUCCESS ) {
1892 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
1893 "%s: line %d: updatedn DN is invalid.\n",
1896 Debug( LDAP_DEBUG_ANY,
1897 "%s: line %d: updatedn DN is invalid\n",
1904 } else if ( strcasecmp( cargv[0], "updateref" ) == 0 ) {
1907 LDAP_LOG(( "config", LDAP_LEVEL_CRIT, "%s: line %d: "
1908 "missing url in \"updateref <ldapurl>\" line.\n",
1911 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
1912 "missing url in \"updateref <ldapurl>\" line\n",
1920 LDAP_LOG(( "config", LDAP_LEVEL_INFO, "%s: line %d: updateref"
1921 " line must appear inside a database definition\n",
1924 Debug( LDAP_DEBUG_ANY, "%s: line %d: updateref"
1925 " line must appear inside a database definition\n",
1930 } else if ( !be->be_update_ndn.bv_len ) {
1932 LDAP_LOG(( "config", LDAP_LEVEL_INFO, "%s: line %d: "
1933 "updateref line must come after updatedn.\n",
1936 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
1937 "updateref line must after updatedn.\n",
1943 if( validate_global_referral( cargv[1] ) ) {
1945 LDAP_LOG(( "config", LDAP_LEVEL_CRIT, "%s: line %d: "
1946 "invalid URL (%s) in \"updateref\" line.\n",
1947 fname, lineno, cargv[1] ));
1949 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
1950 "invalid URL (%s) in \"updateref\" line.\n",
1951 fname, lineno, cargv[1] );
1956 vals[0].bv_val = cargv[1];
1957 vals[0].bv_len = strlen( vals[0].bv_val );
1958 value_add( &be->be_update_refs, vals );
1960 /* replication log file to which changes are appended */
1961 } else if ( strcasecmp( cargv[0], "replogfile" ) == 0 ) {
1964 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
1965 "%s: line %d: missing filename in \"replogfile <filename>\""
1966 " line.\n", fname, lineno ));
1968 Debug( LDAP_DEBUG_ANY,
1969 "%s: line %d: missing filename in \"replogfile <filename>\" line\n",
1976 be->be_replogfile = ch_strdup( cargv[1] );
1978 replogfile = ch_strdup( cargv[1] );
1981 /* file from which to read additional rootdse attrs */
1982 } else if ( strcasecmp( cargv[0], "rootDSE" ) == 0) {
1985 LDAP_LOG(( "config", LDAP_LEVEL_CRIT, "%s: line %d: "
1986 "missing filename in \"rootDSE <filename>\" line.\n",
1989 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
1990 "missing filename in \"rootDSE <filename>\" line.\n",
1996 if( read_root_dse_file( cargv[1] ) ) {
1998 LDAP_LOG(( "config", LDAP_LEVEL_CRIT, "%s: line %d: "
1999 "could not read \"rootDSE <filename>\" line.\n",
2002 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
2003 "could not read \"rootDSE <filename>\" line\n",
2009 /* maintain lastmodified{by,time} attributes */
2010 } else if ( strcasecmp( cargv[0], "lastmod" ) == 0 ) {
2013 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
2014 "%s: line %d: missing on|off in \"lastmod <on|off>\""
2015 " line.\n", fname, lineno ));
2017 Debug( LDAP_DEBUG_ANY,
2018 "%s: line %d: missing on|off in \"lastmod <on|off>\" line\n",
2024 if ( strcasecmp( cargv[1], "on" ) == 0 ) {
2026 be->be_flags &= ~SLAP_BFLAG_NOLASTMOD;
2032 be->be_flags |= SLAP_BFLAG_NOLASTMOD;
2038 /* set idle timeout value */
2039 } else if ( strcasecmp( cargv[0], "idletimeout" ) == 0 ) {
2043 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
2044 "%s: line %d: missing timeout value in "
2045 "\"idletimeout <seconds>\" line.\n", fname, lineno ));
2047 Debug( LDAP_DEBUG_ANY,
2048 "%s: line %d: missing timeout value in \"idletimeout <seconds>\" line\n",
2055 i = atoi( cargv[1] );
2059 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
2060 "%s: line %d: timeout value (%d) invalid "
2061 "\"idletimeout <seconds>\" line.\n",
2062 fname, lineno, i ));
2064 Debug( LDAP_DEBUG_ANY,
2065 "%s: line %d: timeout value (%d) invalid \"idletimeout <seconds>\" line\n",
2072 global_idletimeout = i;
2074 /* include another config file */
2075 } else if ( strcasecmp( cargv[0], "include" ) == 0 ) {
2078 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
2079 "%s: line %d: missing filename in \"include "
2080 "<filename>\" line.\n", fname, lineno ));
2082 Debug( LDAP_DEBUG_ANY,
2083 "%s: line %d: missing filename in \"include <filename>\" line\n",
2089 savefname = ch_strdup( cargv[1] );
2090 savelineno = lineno;
2092 if ( read_config( savefname ) != 0 ) {
2097 lineno = savelineno - 1;
2099 /* location of kerberos srvtab file */
2100 } else if ( strcasecmp( cargv[0], "srvtab" ) == 0 ) {
2103 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
2104 "%s: line %d: missing filename in \"srvtab "
2105 "<filename>\" line.\n", fname, lineno ));
2107 Debug( LDAP_DEBUG_ANY,
2108 "%s: line %d: missing filename in \"srvtab <filename>\" line\n",
2114 ldap_srvtab = ch_strdup( cargv[1] );
2116 #ifdef SLAPD_MODULES
2117 } else if (strcasecmp( cargv[0], "moduleload") == 0 ) {
2120 LDAP_LOG(( "config", LDAP_LEVEL_INFO,
2121 "%s: line %d: missing filename in \"moduleload "
2122 "<filename>\" line.\n", fname, lineno ));
2124 Debug( LDAP_DEBUG_ANY,
2125 "%s: line %d: missing filename in \"moduleload <filename>\" line\n",
2129 exit( EXIT_FAILURE );
2131 if (module_load(cargv[1], cargc - 2, (cargc > 2) ? cargv + 2 : NULL)) {
2133 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
2134 "%s: line %d: failed to load or initialize module %s\n",
2135 fname, lineno, cargv[1] ));
2137 Debug( LDAP_DEBUG_ANY,
2138 "%s: line %d: failed to load or initialize module %s\n",
2139 fname, lineno, cargv[1]);
2142 exit( EXIT_FAILURE );
2144 } else if (strcasecmp( cargv[0], "modulepath") == 0 ) {
2147 LDAP_LOG(( "config", LDAP_LEVEL_INFO,
2148 "%s: line %d: missing path in \"modulepath <path>\""
2149 " line\n", fname, lineno ));
2151 Debug( LDAP_DEBUG_ANY,
2152 "%s: line %d: missing path in \"modulepath <path>\" line\n",
2156 exit( EXIT_FAILURE );
2158 if (module_path( cargv[1] )) {
2160 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
2161 "%s: line %d: failed to set module search path to %s.\n",
2162 fname, lineno, cargv[1] ));
2164 Debug( LDAP_DEBUG_ANY,
2165 "%s: line %d: failed to set module search path to %s\n",
2166 fname, lineno, cargv[1]);
2169 exit( EXIT_FAILURE );
2172 #endif /*SLAPD_MODULES*/
2175 } else if ( !strcasecmp( cargv[0], "TLSRandFile" ) ) {
2176 rc = ldap_pvt_tls_set_option( NULL,
2177 LDAP_OPT_X_TLS_RANDOM_FILE,
2182 } else if ( !strcasecmp( cargv[0], "TLSCipherSuite" ) ) {
2183 rc = ldap_pvt_tls_set_option( NULL,
2184 LDAP_OPT_X_TLS_CIPHER_SUITE,
2189 } else if ( !strcasecmp( cargv[0], "TLSCertificateFile" ) ) {
2190 rc = ldap_pvt_tls_set_option( NULL,
2191 LDAP_OPT_X_TLS_CERTFILE,
2196 } else if ( !strcasecmp( cargv[0], "TLSCertificateKeyFile" ) ) {
2197 rc = ldap_pvt_tls_set_option( NULL,
2198 LDAP_OPT_X_TLS_KEYFILE,
2203 } else if ( !strcasecmp( cargv[0], "TLSCACertificatePath" ) ) {
2204 rc = ldap_pvt_tls_set_option( NULL,
2205 LDAP_OPT_X_TLS_CACERTDIR,
2210 } else if ( !strcasecmp( cargv[0], "TLSCACertificateFile" ) ) {
2211 rc = ldap_pvt_tls_set_option( NULL,
2212 LDAP_OPT_X_TLS_CACERTFILE,
2216 } else if ( !strcasecmp( cargv[0], "TLSVerifyClient" ) ) {
2217 if ( isdigit( (unsigned char) cargv[1][0] ) ) {
2219 rc = ldap_pvt_tls_set_option( NULL,
2220 LDAP_OPT_X_TLS_REQUIRE_CERT,
2223 rc = ldap_int_tls_config( NULL,
2224 LDAP_OPT_X_TLS_REQUIRE_CERT,
2233 } else if ( !strcasecmp( cargv[0], "reverse-lookup" ) ) {
2234 #ifdef SLAPD_RLOOKUPS
2237 LDAP_LOG(( "config", LDAP_LEVEL_INFO,
2238 "%s: line %d: reverse-lookup: "
2239 "missing \"on\" or \"off\"\n",
2242 Debug( LDAP_DEBUG_ANY,
2243 "%s: line %d: reverse-lookup: missing \"on\" or \"off\"\n",
2249 if ( !strcasecmp( cargv[1], "on" ) ) {
2250 use_reverse_lookup = 1;
2251 } else if ( !strcasecmp( cargv[1], "off" ) ) {
2252 use_reverse_lookup = 0;
2255 LDAP_LOG(( "config", LDAP_LEVEL_INFO,
2256 "%s: line %d: reverse-lookup: "
2257 "must be \"on\" (default) "
2261 Debug( LDAP_DEBUG_ANY,
2262 "%s: line %d: reverse-lookup: must be \"on\" (default) or \"off\"\n",
2268 #else /* !SLAPD_RLOOKUPS */
2270 LDAP_LOG(( "config", LDAP_LEVEL_INFO,
2271 "%s: line %d: reverse lookups "
2272 "are not configured (ignored).\n",
2275 Debug( LDAP_DEBUG_ANY,
2276 "%s: line %d: reverse lookups are not configured (ignored).\n",
2279 #endif /* !SLAPD_RLOOKUPS */
2281 /* pass anything else to the current backend info/db config routine */
2284 if ( bi->bi_config == 0 ) {
2286 LDAP_LOG(( "config", LDAP_LEVEL_INFO,
2287 "%s: line %d: unknown directive \"%s\" inside "
2288 "backend info definition (ignored).\n",
2289 fname, lineno, cargv[0] ));
2291 Debug( LDAP_DEBUG_ANY,
2292 "%s: line %d: unknown directive \"%s\" inside backend info definition (ignored)\n",
2293 fname, lineno, cargv[0] );
2297 if ( (*bi->bi_config)( bi, fname, lineno, cargc, cargv )
2303 } else if ( be != NULL ) {
2304 if ( be->be_config == 0 ) {
2306 LDAP_LOG(( "config", LDAP_LEVEL_INFO,
2307 "%s: line %d: uknown directive \"%s\" inside "
2308 "backend database definition (ignored).\n",
2309 fname, lineno, cargv[0] ));
2311 Debug( LDAP_DEBUG_ANY,
2312 "%s: line %d: unknown directive \"%s\" inside backend database definition (ignored)\n",
2313 fname, lineno, cargv[0] );
2317 if ( (*be->be_config)( be, fname, lineno, cargc, cargv )
2325 LDAP_LOG(( "config", LDAP_LEVEL_INFO,
2326 "%s: line %d: unknown directive \"%s\" outside backend "
2327 "info and database definitions (ignored).\n",
2328 fname, lineno, cargv[0] ));
2330 Debug( LDAP_DEBUG_ANY,
2331 "%s: line %d: unknown directive \"%s\" outside backend info and database definitions (ignored)\n",
2332 fname, lineno, cargv[0] );
2341 if ( load_ucdata( NULL ) < 0 ) return 1;
2355 char logbuf[sizeof("pseudorootpw ***")];
2358 token = strtok_quote( line, " \t" );
2362 (strcasecmp( token, "rootpw" ) == 0 ||
2363 strcasecmp( token, "replica" ) == 0 || /* contains "credentials" */
2364 strcasecmp( token, "bindpw" ) == 0 || /* used in back-ldap */
2365 strcasecmp( token, "pseudorootpw" ) == 0 || /* used in back-meta */
2366 strcasecmp( token, "dbpasswd" ) == 0 ) ) /* used in back-sql */
2367 sprintf( logline = logbuf, "%s ***", token );
2368 if ( strtok_quote_ptr )
2369 *strtok_quote_ptr = ' ';
2371 LDAP_LOG(( "config", LDAP_LEVEL_DETAIL1,
2372 "line %d (%s)\n", lineno, logline ));
2374 Debug( LDAP_DEBUG_CONFIG, "line %d (%s)\n", lineno, logline, 0 );
2376 if ( strtok_quote_ptr )
2377 *strtok_quote_ptr = '\0';
2379 for ( ; token != NULL; token = strtok_quote( NULL, " \t" ) ) {
2380 if ( *argcp == MAXARGS ) {
2382 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
2383 "fp_parse_line: too many tokens (%d max).\n",
2386 Debug( LDAP_DEBUG_ANY, "Too many tokens (max %d)\n",
2392 argv[(*argcp)++] = token;
2394 argv[*argcp] = NULL;
2399 strtok_quote( char *line, char *sep )
2405 strtok_quote_ptr = NULL;
2406 if ( line != NULL ) {
2409 while ( *next && strchr( sep, *next ) ) {
2413 if ( *next == '\0' ) {
2419 for ( inquote = 0; *next; ) {
2427 AC_MEMCPY( next, next + 1, strlen( next + 1 ) + 1 );
2433 next + 1, strlen( next + 1 ) + 1 );
2434 next++; /* dont parse the escaped character */
2439 if ( strchr( sep, *next ) != NULL ) {
2440 strtok_quote_ptr = next;
2453 static char buf[BUFSIZ];
2455 static int lmax, lcur;
2457 #define CATLINE( buf ) { \
2459 len = strlen( buf ); \
2460 while ( lcur + len + 1 > lmax ) { \
2462 line = (char *) ch_realloc( line, lmax ); \
2464 strcpy( line + lcur, buf ); \
2469 fp_getline( FILE *fp, int *lineno )
2477 /* hack attack - keeps us from having to keep a stack of bufs... */
2478 if ( strncasecmp( line, "include", 7 ) == 0 ) {
2483 while ( fgets( buf, sizeof(buf), fp ) != NULL ) {
2484 /* trim off \r\n or \n */
2485 if ( (p = strchr( buf, '\n' )) != NULL ) {
2486 if( p > buf && p[-1] == '\r' ) --p;
2490 /* trim off trailing \ and append the next line */
2491 if ( line[ 0 ] != '\0'
2492 && (p = line + strlen( line ) - 1)[ 0 ] == '\\'
2493 && p[ -1 ] != '\\' ) {
2498 if ( ! isspace( (unsigned char) buf[0] ) ) {
2502 /* change leading whitespace to a space */
2511 return( line[0] ? line : NULL );
2515 fp_getline_init( int *lineno )
2521 /* Loads ucdata, returns 1 if loading, 0 if already loaded, -1 on error */
2523 load_ucdata( char *path )
2525 static int loaded = 0;
2531 err = ucdata_load( path ? path : SLAPD_DEFAULT_UCDATA, UCDATA_ALL );
2534 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
2535 "load_ucdata: Error %d loading ucdata.\n", err ));
2537 Debug( LDAP_DEBUG_ANY, "error loading ucdata (error %d)\n",
2550 ucdata_unload( UCDATA_ALL );
2552 if ( slapd_args_file )
2553 free ( slapd_args_file );
2554 if ( slapd_pid_file )
2555 free ( slapd_pid_file );
2556 acl_destroy( global_acl, NULL );