1 /* config.c - configuration file handling routines */
4 * Copyright 1998-2003 The OpenLDAP Foundation, All Rights Reserved.
5 * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
9 #include "slapi_common.h"
13 #include <ac/string.h>
15 #include <ac/signal.h>
16 #include <ac/socket.h>
27 * defaults for various global variables
29 struct slap_limits_set deflimit = {
30 SLAPD_DEFAULT_TIMELIMIT, /* backward compatible limits */
33 SLAPD_DEFAULT_SIZELIMIT, /* backward compatible limits */
35 -1, /* no limit on unchecked size */
37 0 /* hide number of entries left */
40 AccessControl *global_acl = NULL;
41 slap_access_t global_default_access = ACL_READ;
42 slap_mask_t global_restrictops = 0;
43 slap_mask_t global_allows = 0;
44 slap_mask_t global_disallows = 0;
45 slap_mask_t global_requires = 0;
46 slap_ssf_set_t global_ssf_set;
48 int global_gentlehup = 0;
49 int global_idletimeout = 0;
50 char *global_host = NULL;
51 char *global_realm = NULL;
52 char *ldap_srvtab = "";
53 char *default_passwd_hash = NULL;
54 int cargc = 0, cargv_size = 0;
56 struct berval default_search_base = { 0, NULL };
57 struct berval default_search_nbase = { 0, NULL };
58 unsigned num_subordinates = 0;
59 struct berval global_schemadn = { 0, NULL };
60 struct berval global_schemandn = { 0, NULL };
62 ber_len_t sockbuf_max_incoming = SLAP_SB_MAX_INCOMING_DEFAULT;
63 ber_len_t sockbuf_max_incoming_auth= SLAP_SB_MAX_INCOMING_AUTH;
65 char *slapd_pid_file = NULL;
66 char *slapd_args_file = NULL;
68 char *strtok_quote_ptr;
71 int use_reverse_lookup = 1;
72 #else /* !SLAPD_RLOOKUPS */
73 int use_reverse_lookup = 0;
74 #endif /* !SLAPD_RLOOKUPS */
76 static char *fp_getline(FILE *fp, int *lineno);
77 static void fp_getline_init(int *lineno);
78 static int fp_parse_line(int lineno, char *line);
80 static char *strtok_quote(char *line, char *sep);
81 static int load_ucdata(char *path);
84 read_config( const char *fname, int depth )
87 char *line, *savefname, *saveline;
91 struct berval vals[2];
93 static int lastmod = 1;
94 static BackendInfo *bi = NULL;
95 static BackendDB *be = NULL;
97 vals[1].bv_val = NULL;
100 cargv = ch_calloc( ARGS_STEP + 1, sizeof(*cargv) );
101 cargv_size = ARGS_STEP + 1;
104 if ( (fp = fopen( fname, "r" )) == NULL ) {
107 LDAP_LOG( CONFIG, ENTRY,
108 "read_config: " "could not open config file \"%s\": %s (%d)\n",
109 fname, strerror(errno), errno );
111 Debug( LDAP_DEBUG_ANY,
112 "could not open config file \"%s\": %s (%d)\n",
113 fname, strerror(errno), errno );
119 LDAP_LOG( CONFIG, ENTRY,
120 "read_config: reading config file %s\n", fname, 0, 0 );
122 Debug( LDAP_DEBUG_CONFIG, "reading config file %s\n", fname, 0, 0 );
126 fp_getline_init( &lineno );
128 while ( (line = fp_getline( fp, &lineno )) != NULL ) {
129 /* skip comments and blank lines */
130 if ( line[0] == '#' || line[0] == '\0' ) {
134 /* fp_parse_line is destructive, we save a copy */
135 saveline = ch_strdup( line );
137 if ( fp_parse_line( lineno, line ) != 0 ) {
143 LDAP_LOG( CONFIG, INFO,
144 "%s: line %d: bad config line (ignored)\n", fname, lineno, 0 );
146 Debug( LDAP_DEBUG_ANY,
147 "%s: line %d: bad config line (ignored)\n",
154 if ( strcasecmp( cargv[0], "backend" ) == 0 ) {
157 LDAP_LOG( CONFIG, CRIT,
158 "%s : line %d: missing type in \"backend\" line.\n",
161 Debug( LDAP_DEBUG_ANY,
162 "%s: line %d: missing type in \"backend <type>\" line\n",
171 LDAP_LOG( CONFIG, CRIT,
172 "%s: line %d: backend line must appear before any "
173 "database definition.\n", fname, lineno , 0 );
175 Debug( LDAP_DEBUG_ANY,
176 "%s: line %d: backend line must appear before any database definition\n",
183 bi = backend_info( cargv[1] );
187 LDAP_LOG( CONFIG, CRIT,
188 "read_config: backend %s initialization failed.\n",
191 Debug( LDAP_DEBUG_ANY,
192 "backend %s initialization failed.\n",
198 } else if ( strcasecmp( cargv[0], "database" ) == 0 ) {
201 LDAP_LOG( CONFIG, CRIT,
202 "%s: line %d: missing type in \"database <type>\" line\n",
205 Debug( LDAP_DEBUG_ANY,
206 "%s: line %d: missing type in \"database <type>\" line\n",
214 be = backend_db_init( cargv[1] );
218 LDAP_LOG( CONFIG, CRIT,
219 "database %s initialization failed.\n", cargv[1], 0, 0 );
221 Debug( LDAP_DEBUG_ANY,
222 "database %s initialization failed.\n",
229 /* set thread concurrency */
230 } else if ( strcasecmp( cargv[0], "concurrency" ) == 0 ) {
234 LDAP_LOG( CONFIG, CRIT,
235 "%s: line %d: missing level in \"concurrency <level\" "
236 " line\n", fname, lineno, 0 );
238 Debug( LDAP_DEBUG_ANY,
239 "%s: line %d: missing level in \"concurrency <level>\" line\n",
246 c = atoi( cargv[1] );
250 LDAP_LOG( CONFIG, CRIT,
251 "%s: line %d: invalid level (%d) in "
252 "\"concurrency <level>\" line.\n", fname, lineno, c );
254 Debug( LDAP_DEBUG_ANY,
255 "%s: line %d: invalid level (%d) in \"concurrency <level>\" line\n",
262 ldap_pvt_thread_set_concurrency( c );
264 /* set sockbuf max */
265 } else if ( strcasecmp( cargv[0], "sockbuf_max_incoming" ) == 0 ) {
269 LDAP_LOG( CONFIG, CRIT,
270 "%s: line %d: missing max in \"sockbuf_max_incoming "
271 "<bytes>\" line\n", fname, lineno, 0 );
273 Debug( LDAP_DEBUG_ANY,
274 "%s: line %d: missing max in \"sockbuf_max_incoming <bytes>\" line\n",
281 max = atol( cargv[1] );
285 LDAP_LOG( CONFIG, CRIT,
286 "%s: line %d: invalid max value (%ld) in "
287 "\"sockbuf_max_incoming <bytes>\" line.\n",
288 fname, lineno, max );
290 Debug( LDAP_DEBUG_ANY,
291 "%s: line %d: invalid max value (%ld) in "
292 "\"sockbuf_max_incoming <bytes>\" line.\n",
293 fname, lineno, max );
299 sockbuf_max_incoming = max;
301 /* set sockbuf max authenticated */
302 } else if ( strcasecmp( cargv[0], "sockbuf_max_incoming_auth" ) == 0 ) {
306 LDAP_LOG( CONFIG, CRIT,
307 "%s: line %d: missing max in \"sockbuf_max_incoming_auth "
308 "<bytes>\" line\n", fname, lineno, 0 );
310 Debug( LDAP_DEBUG_ANY,
311 "%s: line %d: missing max in \"sockbuf_max_incoming_auth <bytes>\" line\n",
318 max = atol( cargv[1] );
322 LDAP_LOG( CONFIG, CRIT,
323 "%s: line %d: invalid max value (%ld) in "
324 "\"sockbuf_max_incoming_auth <bytes>\" line.\n",
325 fname, lineno, max );
327 Debug( LDAP_DEBUG_ANY,
328 "%s: line %d: invalid max value (%ld) in "
329 "\"sockbuf_max_incoming_auth <bytes>\" line.\n",
330 fname, lineno, max );
336 sockbuf_max_incoming_auth = max;
338 /* default search base */
339 } else if ( strcasecmp( cargv[0], "defaultSearchBase" ) == 0 ) {
342 LDAP_LOG( CONFIG, CRIT,
343 "%s: line %d: missing dn in \"defaultSearchBase <dn\" "
344 "line\n", fname, lineno, 0 );
346 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
347 "missing dn in \"defaultSearchBase <dn>\" line\n",
353 } else if ( cargc > 2 ) {
355 LDAP_LOG( CONFIG, INFO,
356 "%s: line %d: extra cruft after <dn> in "
357 "\"defaultSearchBase %s\" line (ignored)\n",
358 fname, lineno, cargv[1] );
360 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
361 "extra cruft after <dn> in \"defaultSearchBase %s\", "
363 fname, lineno, cargv[1] );
367 if ( bi != NULL || be != NULL ) {
369 LDAP_LOG( CONFIG, CRIT,
370 "%s: line %d: defaultSearchBase line must appear "
371 "prior to any backend or database definitions\n",
374 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
375 "defaultSearchBaase line must appear prior to "
376 "any backend or database definition\n",
383 if ( default_search_nbase.bv_len ) {
385 LDAP_LOG( CONFIG, INFO, "%s: line %d: "
386 "default search base \"%s\" already defined "
387 "(discarding old)\n", fname, lineno,
388 default_search_base.bv_val );
390 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
391 "default search base \"%s\" already defined "
392 "(discarding old)\n",
393 fname, lineno, default_search_base.bv_val );
396 free( default_search_base.bv_val );
397 free( default_search_nbase.bv_val );
400 if ( load_ucdata( NULL ) < 0 ) return 1;
405 dn.bv_val = cargv[1];
406 dn.bv_len = strlen( dn.bv_val );
408 rc = dnPrettyNormal( NULL, &dn,
409 &default_search_base,
410 &default_search_nbase );
412 if( rc != LDAP_SUCCESS ) {
414 LDAP_LOG( CONFIG, CRIT,
415 "%s: line %d: defaultSearchBase DN is invalid.\n",
418 Debug( LDAP_DEBUG_ANY,
419 "%s: line %d: defaultSearchBase DN is invalid\n",
426 /* set maximum threads in thread pool */
427 } else if ( strcasecmp( cargv[0], "threads" ) == 0 ) {
431 LDAP_LOG( CONFIG, CRIT,
432 "%s: line %d: missing count in \"threads <count>\" line\n",
435 Debug( LDAP_DEBUG_ANY,
436 "%s: line %d: missing count in \"threads <count>\" line\n",
443 c = atoi( cargv[1] );
447 LDAP_LOG( CONFIG, CRIT,
448 "%s: line %d: invalid level (%d) in \"threads <count>\""
449 "line\n", fname, lineno, c );
451 Debug( LDAP_DEBUG_ANY,
452 "%s: line %d: invalid level (%d) in \"threads <count>\" line\n",
459 ldap_pvt_thread_pool_maxthreads( &connection_pool, c );
461 /* save for later use */
462 connection_pool_max = c;
464 /* get pid file name */
465 } else if ( strcasecmp( cargv[0], "pidfile" ) == 0 ) {
468 LDAP_LOG( CONFIG, CRIT,
469 "%s: line %d missing file name in \"pidfile <file>\" "
470 "line.\n", fname, lineno, 0 );
472 Debug( LDAP_DEBUG_ANY,
473 "%s: line %d: missing file name in \"pidfile <file>\" line\n",
480 slapd_pid_file = ch_strdup( cargv[1] );
482 /* get args file name */
483 } else if ( strcasecmp( cargv[0], "argsfile" ) == 0 ) {
486 LDAP_LOG( CONFIG, CRIT,
487 "%s: %d: missing file name in "
488 "\"argsfile <file>\" line.\n",
491 Debug( LDAP_DEBUG_ANY,
492 "%s: line %d: missing file name in \"argsfile <file>\" line\n",
499 slapd_args_file = ch_strdup( cargv[1] );
501 /* default password hash */
502 } else if ( strcasecmp( cargv[0], "password-hash" ) == 0 ) {
505 LDAP_LOG( CONFIG, CRIT,
506 "%s: line %d: missing hash in "
507 "\"password-hash <hash>\" line.\n",
510 Debug( LDAP_DEBUG_ANY,
511 "%s: line %d: missing hash in \"password-hash <hash>\" line\n",
517 if ( default_passwd_hash != NULL ) {
519 LDAP_LOG( CONFIG, CRIT,
520 "%s: line %d: already set default password_hash!\n",
523 Debug( LDAP_DEBUG_ANY,
524 "%s: line %d: already set default password_hash!\n",
532 if ( lutil_passwd_scheme( cargv[1] ) == 0 ) {
534 LDAP_LOG( CONFIG, CRIT,
535 "%s: line %d: password scheme \"%s\" not available\n",
536 fname, lineno, cargv[1] );
538 Debug( LDAP_DEBUG_ANY,
539 "%s: line %d: password scheme \"%s\" not available\n",
540 fname, lineno, cargv[1] );
545 default_passwd_hash = ch_strdup( cargv[1] );
547 } else if ( strcasecmp( cargv[0], "password-crypt-salt-format" ) == 0 )
551 LDAP_LOG( CONFIG, CRIT,
552 "%s: line %d: missing format in "
553 "\"password-crypt-salt-format <format>\" line\n",
556 Debug( LDAP_DEBUG_ANY, "%s: line %d: missing format in "
557 "\"password-crypt-salt-format <format>\" line\n",
564 lutil_salt_format( cargv[1] );
566 /* SASL config options */
567 } else if ( strncasecmp( cargv[0], "sasl", 4 ) == 0 ) {
568 if ( slap_sasl_config( cargc, cargv, line, fname, lineno ) )
571 } else if ( strcasecmp( cargv[0], "schemadn" ) == 0 ) {
575 LDAP_LOG( CONFIG, CRIT,
576 "%s: line %d: missing dn in "
577 "\"schemadn <dn>\" line.\n", fname, lineno, 0 );
579 Debug( LDAP_DEBUG_ANY,
580 "%s: line %d: missing dn in \"schemadn <dn>\" line\n",
585 ber_str2bv( cargv[1], 0, 0, &dn );
587 rc = dnPrettyNormal( NULL, &dn, &be->be_schemadn,
590 rc = dnPrettyNormal( NULL, &dn, &global_schemadn,
593 if ( rc != LDAP_SUCCESS ) {
595 LDAP_LOG( CONFIG, CRIT,
596 "%s: line %d: schemadn DN is invalid.\n",
599 Debug( LDAP_DEBUG_ANY,
600 "%s: line %d: schemadn DN is invalid\n",
606 /* set UCDATA path */
607 } else if ( strcasecmp( cargv[0], "ucdata-path" ) == 0 ) {
611 LDAP_LOG( CONFIG, CRIT,
612 "%s: line %d: missing path in "
613 "\"ucdata-path <path>\" line.\n", fname, lineno, 0 );
615 Debug( LDAP_DEBUG_ANY,
616 "%s: line %d: missing path in \"ucdata-path <path>\" line\n",
623 err = load_ucdata( cargv[1] );
627 LDAP_LOG( CONFIG, CRIT,
628 "%s: line %d: ucdata already loaded, ucdata-path "
629 "must be set earlier in the file and/or be "
630 "specified only once!\n", fname, lineno, 0 );
632 Debug( LDAP_DEBUG_ANY,
633 "%s: line %d: ucdata already loaded, ucdata-path must be set earlier in the file and/or be specified only once!\n",
642 } else if ( strcasecmp( cargv[0], "sizelimit" ) == 0 ) {
644 struct slap_limits_set *lim;
648 LDAP_LOG( CONFIG, CRIT,
649 "%s: line %d: missing limit in \"sizelimit <limit>\" "
650 "line.\n", fname, lineno, 0 );
652 Debug( LDAP_DEBUG_ANY,
653 "%s: line %d: missing limit in \"sizelimit <limit>\" line\n",
663 lim = &be->be_def_limit;
666 for ( i = 1; i < cargc; i++ ) {
667 if ( strncasecmp( cargv[i], "size", 4 ) == 0 ) {
668 rc = parse_limit( cargv[i], lim );
671 LDAP_LOG( CONFIG, CRIT,
672 "%s: line %d: unable "
673 "to parse value \"%s\" in \"sizelimit "
674 "<limit>\" line.\n", fname, lineno, cargv[i] );
676 Debug( LDAP_DEBUG_ANY,
677 "%s: line %d: unable "
678 "to parse value \"%s\" "
681 fname, lineno, cargv[i] );
687 if ( strcasecmp( cargv[i], "unlimited" ) == 0 ) {
688 lim->lms_s_soft = -1;
692 lim->lms_s_soft = strtol( cargv[i] , &next, 0 );
693 if ( next == cargv[i] ) {
695 LDAP_LOG( CONFIG, CRIT,
696 "%s: line %d: unable to parse limit \"%s\" in \"sizelimit <limit>\" "
697 "line.\n", fname, lineno, cargv[i] );
699 Debug( LDAP_DEBUG_ANY,
700 "%s: line %d: unable to parse limit \"%s\" in \"sizelimit <limit>\" line\n",
701 fname, lineno, cargv[i] );
705 } else if ( next[0] != '\0' ) {
707 LDAP_LOG( CONFIG, CRIT,
708 "%s: line %d: trailing chars \"%s\" in \"sizelimit <limit>\" "
709 "line ignored.\n", fname, lineno, next );
711 Debug( LDAP_DEBUG_ANY,
712 "%s: line %d: trailing chars \"%s\" in \"sizelimit <limit>\" line ignored\n",
713 fname, lineno, next );
722 } else if ( strcasecmp( cargv[0], "timelimit" ) == 0 ) {
724 struct slap_limits_set *lim;
728 LDAP_LOG( CONFIG, CRIT,
729 "%s: line %d missing limit in \"timelimit <limit>\" "
730 "line.\n", fname, lineno, 0 );
732 Debug( LDAP_DEBUG_ANY,
733 "%s: line %d: missing limit in \"timelimit <limit>\" line\n",
743 lim = &be->be_def_limit;
746 for ( i = 1; i < cargc; i++ ) {
747 if ( strncasecmp( cargv[i], "time", 4 ) == 0 ) {
748 rc = parse_limit( cargv[i], lim );
751 LDAP_LOG( CONFIG, CRIT,
752 "%s: line %d: unable to parse value \"%s\" "
753 "in \"timelimit <limit>\" line.\n",
754 fname, lineno, cargv[i] );
756 Debug( LDAP_DEBUG_ANY,
757 "%s: line %d: unable "
758 "to parse value \"%s\" "
761 fname, lineno, cargv[i] );
767 if ( strcasecmp( cargv[i], "unlimited" ) == 0 ) {
768 lim->lms_t_soft = -1;
772 lim->lms_t_soft = strtol( cargv[i] , &next, 0 );
773 if ( next == cargv[i] ) {
775 LDAP_LOG( CONFIG, CRIT,
776 "%s: line %d: unable to parse limit \"%s\" in \"timelimit <limit>\" "
777 "line.\n", fname, lineno, cargv[i] );
779 Debug( LDAP_DEBUG_ANY,
780 "%s: line %d: unable to parse limit \"%s\" in \"timelimit <limit>\" line\n",
781 fname, lineno, cargv[i] );
785 } else if ( next[0] != '\0' ) {
787 LDAP_LOG( CONFIG, CRIT,
788 "%s: line %d: trailing chars \"%s\" in \"timelimit <limit>\" "
789 "line ignored.\n", fname, lineno, next );
791 Debug( LDAP_DEBUG_ANY,
792 "%s: line %d: trailing chars \"%s\" in \"timelimit <limit>\" line ignored\n",
793 fname, lineno, next );
801 /* set regex-based limits */
802 } else if ( strcasecmp( cargv[0], "limits" ) == 0 ) {
805 LDAP_LOG( CONFIG, WARNING,
806 "%s: line %d \"limits\" allowed only in database "
807 "environment.\n", fname, lineno, 0 );
809 Debug( LDAP_DEBUG_ANY,
810 "%s: line %d \"limits\" allowed only in database environment.\n%s",
816 if ( parse_limits( be, fname, lineno, cargc, cargv ) ) {
820 /* mark this as a subordinate database */
821 } else if ( strcasecmp( cargv[0], "subordinate" ) == 0 ) {
824 LDAP_LOG( CONFIG, INFO, "%s: line %d: "
825 "subordinate keyword must appear inside a database "
826 "definition.\n", fname, lineno, 0 );
828 Debug( LDAP_DEBUG_ANY, "%s: line %d: suffix line "
829 "must appear inside a database definition.\n",
835 be->be_flags |= SLAP_BFLAG_GLUE_SUBORDINATE;
839 /* set database suffix */
840 } else if ( strcasecmp( cargv[0], "suffix" ) == 0 ) {
842 struct berval dn, pdn, ndn;
846 LDAP_LOG( CONFIG, CRIT,
847 "%s: line %d: missing dn in \"suffix <dn>\" line.\n",
850 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
851 "missing dn in \"suffix <dn>\" line\n",
857 } else if ( cargc > 2 ) {
859 LDAP_LOG( CONFIG, INFO,
860 "%s: line %d: extra cruft after <dn> in \"suffix %s\""
861 " line (ignored).\n", fname, lineno, cargv[1] );
863 Debug( LDAP_DEBUG_ANY, "%s: line %d: extra cruft "
864 "after <dn> in \"suffix %s\" line (ignored)\n",
865 fname, lineno, cargv[1] );
871 LDAP_LOG( CONFIG, INFO,
872 "%s: line %d: suffix line must appear inside a database "
873 "definition.\n", fname, lineno, 0 );
875 Debug( LDAP_DEBUG_ANY, "%s: line %d: suffix line "
876 "must appear inside a database definition\n",
881 #if defined(SLAPD_MONITOR_DN)
882 /* "cn=Monitor" is reserved for monitoring slap */
883 } else if ( strcasecmp( cargv[1], SLAPD_MONITOR_DN ) == 0 ) {
885 LDAP_LOG( CONFIG, CRIT, "%s: line %d: \""
886 SLAPD_MONITOR_DN "\" is reserved for monitoring slapd\n",
889 Debug( LDAP_DEBUG_ANY, "%s: line %d: \""
890 SLAPD_MONITOR_DN "\" is reserved for monitoring slapd\n",
894 #endif /* SLAPD_MONITOR_DN */
897 if ( load_ucdata( NULL ) < 0 ) return 1;
899 dn.bv_val = cargv[1];
900 dn.bv_len = strlen( cargv[1] );
902 rc = dnPrettyNormal( NULL, &dn, &pdn, &ndn );
903 if( rc != LDAP_SUCCESS ) {
905 LDAP_LOG( CONFIG, CRIT,
906 "%s: line %d: suffix DN is invalid.\n",
909 Debug( LDAP_DEBUG_ANY,
910 "%s: line %d: suffix DN is invalid\n",
916 tmp_be = select_backend( &ndn, 0, 0 );
917 if ( tmp_be == be ) {
919 LDAP_LOG( CONFIG, INFO,
920 "%s: line %d: suffix already served by this backend "
921 "(ignored)\n", fname, lineno, 0 );
923 Debug( LDAP_DEBUG_ANY, "%s: line %d: suffix "
924 "already served by this backend (ignored)\n",
930 } else if ( tmp_be != NULL ) {
932 LDAP_LOG( CONFIG, INFO,
933 "%s: line %d: suffix already served by a preceding "
934 "backend \"%s\"\n", fname, lineno,
935 tmp_be->be_suffix[0].bv_val );
937 Debug( LDAP_DEBUG_ANY, "%s: line %d: suffix "
938 "already served by a preceeding backend \"%s\"\n",
939 fname, lineno, tmp_be->be_suffix[0].bv_val );
945 } else if( pdn.bv_len == 0 && default_search_nbase.bv_len ) {
947 LDAP_LOG( CONFIG, INFO,
948 "%s: line %d: suffix DN empty and default search "
949 "base provided \"%s\" (assuming okay).\n",
950 fname, lineno, default_search_base.bv_val );
952 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
953 "suffix DN empty and default "
954 "search base provided \"%s\" (assuming okay)\n",
955 fname, lineno, default_search_base.bv_val );
959 ber_bvarray_add( &be->be_suffix, &pdn );
960 ber_bvarray_add( &be->be_nsuffix, &ndn );
962 /* set database suffixAlias */
963 } else if ( strcasecmp( cargv[0], "suffixAlias" ) == 0 ) {
965 struct berval alias, palias, nalias;
966 struct berval aliased, paliased, naliased;
970 LDAP_LOG( CONFIG, CRIT,
971 "%s: line %d: missing alias and aliased_dn in "
972 "\"suffixAlias <alias> <aliased_dn>\" line.\n",
975 Debug( LDAP_DEBUG_ANY,
976 "%s: line %d: missing alias and aliased_dn in "
977 "\"suffixAlias <alias> <aliased_dn>\" line.\n",
982 } else if ( cargc < 3 ) {
984 LDAP_LOG( CONFIG, CRIT,
985 "%s: line %d: missing aliased_dn in "
986 "\"suffixAlias <alias> <aliased_dn>\" line\n",
989 Debug( LDAP_DEBUG_ANY,
990 "%s: line %d: missing aliased_dn in "
991 "\"suffixAlias <alias> <aliased_dn>\" line\n",
996 } else if ( cargc > 3 ) {
998 LDAP_LOG( CONFIG, CRIT,
999 "%s: line %d: extra cruft in suffixAlias line (ignored)\n",
1002 Debug( LDAP_DEBUG_ANY,
1003 "%s: line %d: extra cruft in suffixAlias line (ignored)\n",
1010 LDAP_LOG( CONFIG, INFO,
1011 "%s: line %d: suffix line must appear inside a database "
1012 "definition.\n", fname, lineno, 0 );
1014 Debug( LDAP_DEBUG_ANY,
1015 "%s: line %d: suffixAlias line"
1016 " must appear inside a database definition.\n",
1022 if ( load_ucdata( NULL ) < 0 ) return 1;
1024 alias.bv_val = cargv[1];
1025 alias.bv_len = strlen( cargv[1] );
1027 rc = dnPrettyNormal( NULL, &alias, &palias, &nalias );
1028 if( rc != LDAP_SUCCESS ) {
1030 LDAP_LOG( CONFIG, CRIT,
1031 "%s: line %d: alias DN is invalid.\n", fname, lineno, 0 );
1033 Debug( LDAP_DEBUG_ANY,
1034 "%s: line %d: alias DN is invalid\n",
1040 tmp_be = select_backend( &nalias, 0, 0 );
1041 free( nalias.bv_val );
1042 if ( tmp_be && tmp_be != be ) {
1044 LDAP_LOG( CONFIG, INFO,
1045 "%s: line %d: suffixAlias served by a preceeding "
1046 "backend \"%s\"\n", fname, lineno,
1047 tmp_be->be_suffix[0].bv_val );
1049 Debug( LDAP_DEBUG_ANY,
1050 "%s: line %d: suffixAlias served by"
1051 " a preceeding backend \"%s\"\n",
1052 fname, lineno, tmp_be->be_suffix[0].bv_val );
1054 free( palias.bv_val );
1058 aliased.bv_val = cargv[2];
1059 aliased.bv_len = strlen( cargv[2] );
1061 rc = dnPrettyNormal( NULL, &aliased, &paliased, &naliased );
1062 if( rc != LDAP_SUCCESS ) {
1064 LDAP_LOG( CONFIG, CRIT,
1065 "%s: line %d: aliased DN is invalid.\n", fname, lineno,0 );
1067 Debug( LDAP_DEBUG_ANY,
1068 "%s: line %d: aliased DN is invalid\n",
1071 free( palias.bv_val );
1075 tmp_be = select_backend( &naliased, 0, 0 );
1076 free( naliased.bv_val );
1077 if ( tmp_be && tmp_be != be ) {
1079 LDAP_LOG( CONFIG, INFO,
1080 "%s: line %d: suffixAlias derefs to a different backend "
1081 "a preceeding backend \"%s\"\n",
1082 fname, lineno, tmp_be->be_suffix[0].bv_val );
1084 Debug( LDAP_DEBUG_ANY,
1085 "%s: line %d: suffixAlias derefs to differnet backend"
1086 " a preceeding backend \"%s\"\n",
1087 fname, lineno, tmp_be->be_suffix[0].bv_val );
1089 free( palias.bv_val );
1090 free( paliased.bv_val );
1094 ber_bvarray_add( &be->be_suffixAlias, &palias );
1095 ber_bvarray_add( &be->be_suffixAlias, &paliased );
1097 /* set max deref depth */
1098 } else if ( strcasecmp( cargv[0], "maxDerefDepth" ) == 0 ) {
1102 LDAP_LOG( CONFIG, CRIT,
1103 "%s: line %d: missing depth in \"maxDerefDepth <depth>\""
1104 " line\n", fname, lineno, 0 );
1106 Debug( LDAP_DEBUG_ANY,
1107 "%s: line %d: missing depth in \"maxDerefDepth <depth>\" line\n",
1115 LDAP_LOG( CONFIG, INFO,
1116 "%s: line %d: depth line must appear inside a database "
1117 "definition.\n", fname, lineno ,0 );
1119 Debug( LDAP_DEBUG_ANY,
1120 "%s: line %d: depth line must appear inside a database definition.\n",
1125 } else if ((i = atoi(cargv[1])) < 0) {
1127 LDAP_LOG( CONFIG, INFO,
1128 "%s: line %d: depth must be positive.\n",
1131 Debug( LDAP_DEBUG_ANY,
1132 "%s: line %d: depth must be positive.\n",
1139 be->be_max_deref_depth = i;
1143 /* set magic "root" dn for this database */
1144 } else if ( strcasecmp( cargv[0], "rootdn" ) == 0 ) {
1147 LDAP_LOG( CONFIG, INFO,
1148 "%s: line %d: missing dn in \"rootdn <dn>\" line.\n",
1151 Debug( LDAP_DEBUG_ANY,
1152 "%s: line %d: missing dn in \"rootdn <dn>\" line\n",
1161 LDAP_LOG( CONFIG, INFO,
1162 "%s: line %d: rootdn line must appear inside a database "
1163 "definition.\n", fname, lineno ,0 );
1165 Debug( LDAP_DEBUG_ANY,
1166 "%s: line %d: rootdn line must appear inside a database definition.\n",
1174 if ( load_ucdata( NULL ) < 0 ) return 1;
1176 dn.bv_val = cargv[1];
1177 dn.bv_len = strlen( cargv[1] );
1179 rc = dnPrettyNormal( NULL, &dn,
1183 if( rc != LDAP_SUCCESS ) {
1185 LDAP_LOG( CONFIG, CRIT,
1186 "%s: line %d: rootdn DN is invalid.\n",
1189 Debug( LDAP_DEBUG_ANY,
1190 "%s: line %d: rootdn DN is invalid\n",
1197 /* set super-secret magic database password */
1198 } else if ( strcasecmp( cargv[0], "rootpw" ) == 0 ) {
1201 LDAP_LOG( CONFIG, CRIT,
1202 "%s: line %d: missing passwd in \"rootpw <passwd>\""
1203 " line\n", fname, lineno ,0 );
1205 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
1206 "missing passwd in \"rootpw <passwd>\" line\n",
1215 LDAP_LOG( CONFIG, INFO, "%s: line %d: "
1216 "rootpw line must appear inside a database "
1217 "definition.\n", fname, lineno ,0 );
1219 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
1220 "rootpw line must appear inside a database "
1227 Backend *tmp_be = select_backend( &be->be_rootndn, 0, 0 );
1229 if( tmp_be != be ) {
1231 LDAP_LOG( CONFIG, INFO,
1233 "rootpw can only be set when rootdn is under suffix\n",
1234 fname, lineno, "" );
1236 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
1237 "rootpw can only be set when rootdn is under suffix\n",
1243 be->be_rootpw.bv_val = ch_strdup( cargv[1] );
1244 be->be_rootpw.bv_len = strlen( be->be_rootpw.bv_val );
1247 /* make this database read-only */
1248 } else if ( strcasecmp( cargv[0], "readonly" ) == 0 ) {
1251 LDAP_LOG( CONFIG, CRIT,
1252 "%s: line %d: missing on|off in \"readonly <on|off>\" "
1253 "line.\n", fname, lineno ,0 );
1255 Debug( LDAP_DEBUG_ANY,
1256 "%s: line %d: missing on|off in \"readonly <on|off>\" line\n",
1263 if ( strcasecmp( cargv[1], "on" ) == 0 ) {
1264 global_restrictops |= SLAP_RESTRICT_OP_WRITES;
1266 global_restrictops &= ~SLAP_RESTRICT_OP_WRITES;
1269 if ( strcasecmp( cargv[1], "on" ) == 0 ) {
1270 be->be_restrictops |= SLAP_RESTRICT_OP_WRITES;
1272 be->be_restrictops &= ~SLAP_RESTRICT_OP_WRITES;
1277 /* allow these features */
1278 } else if ( strcasecmp( cargv[0], "allows" ) == 0 ||
1279 strcasecmp( cargv[0], "allow" ) == 0 )
1285 LDAP_LOG( CONFIG, INFO,
1286 "%s: line %d: allow line must appear prior to "
1287 "database definitions.\n", fname, lineno ,0 );
1289 Debug( LDAP_DEBUG_ANY,
1290 "%s: line %d: allow line must appear prior to database definitions\n",
1298 LDAP_LOG( CONFIG, CRIT,
1299 "%s: line %d: missing feature(s) in \"allow <features>\""
1300 " line\n", fname, lineno ,0 );
1302 Debug( LDAP_DEBUG_ANY,
1303 "%s: line %d: missing feature(s) in \"allow <features>\" line\n",
1312 for( i=1; i < cargc; i++ ) {
1313 if( strcasecmp( cargv[i], "bind_v2" ) == 0 ) {
1314 allows |= SLAP_ALLOW_BIND_V2;
1316 } else if( strcasecmp( cargv[i], "bind_anon_cred" ) == 0 ) {
1317 allows |= SLAP_ALLOW_BIND_ANON_CRED;
1319 } else if( strcasecmp( cargv[i], "bind_anon_dn" ) == 0 ) {
1320 allows |= SLAP_ALLOW_BIND_ANON_DN;
1322 } else if( strcasecmp( cargv[i], "update_anon" ) == 0 ) {
1323 allows |= SLAP_ALLOW_UPDATE_ANON;
1325 } else if( strcasecmp( cargv[i], "none" ) != 0 ) {
1327 LDAP_LOG( CONFIG, CRIT, "%s: line %d: "
1328 "unknown feature %s in \"allow <features>\" line.\n",
1329 fname, lineno, cargv[1] );
1331 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
1332 "unknown feature %s in \"allow <features>\" line\n",
1333 fname, lineno, cargv[i] );
1340 global_allows = allows;
1342 /* disallow these features */
1343 } else if ( strcasecmp( cargv[0], "disallows" ) == 0 ||
1344 strcasecmp( cargv[0], "disallow" ) == 0 )
1346 slap_mask_t disallows;
1350 LDAP_LOG( CONFIG, INFO,
1351 "%s: line %d: disallow line must appear prior to "
1352 "database definitions.\n", fname, lineno ,0 );
1354 Debug( LDAP_DEBUG_ANY,
1355 "%s: line %d: disallow line must appear prior to database definitions\n",
1363 LDAP_LOG( CONFIG, CRIT,
1364 "%s: line %d: missing feature(s) in \"disallow <features>\""
1365 " line.\n", fname, lineno ,0 );
1367 Debug( LDAP_DEBUG_ANY,
1368 "%s: line %d: missing feature(s) in \"disallow <features>\" line\n",
1377 for( i=1; i < cargc; i++ ) {
1378 if( strcasecmp( cargv[i], "bind_anon" ) == 0 ) {
1379 disallows |= SLAP_DISALLOW_BIND_ANON;
1381 } else if( strcasecmp( cargv[i], "bind_simple" ) == 0 ) {
1382 disallows |= SLAP_DISALLOW_BIND_SIMPLE;
1384 } else if( strcasecmp( cargv[i], "bind_krbv4" ) == 0 ) {
1385 disallows |= SLAP_DISALLOW_BIND_KRBV4;
1387 } else if( strcasecmp( cargv[i], "tls_2_anon" ) == 0 ) {
1388 disallows |= SLAP_DISALLOW_TLS_2_ANON;
1390 } else if( strcasecmp( cargv[i], "tls_authc" ) == 0 ) {
1391 disallows |= SLAP_DISALLOW_TLS_AUTHC;
1393 } else if( strcasecmp( cargv[i], "none" ) != 0 ) {
1395 LDAP_LOG( CONFIG, CRIT,
1396 "%s: line %d: unknown feature %s in "
1397 "\"disallow <features>\" line.\n",
1398 fname, lineno, cargv[i] );
1400 Debug( LDAP_DEBUG_ANY,
1401 "%s: line %d: unknown feature %s in \"disallow <features>\" line\n",
1402 fname, lineno, cargv[i] );
1409 global_disallows = disallows;
1411 /* require these features */
1412 } else if ( strcasecmp( cargv[0], "requires" ) == 0 ||
1413 strcasecmp( cargv[0], "require" ) == 0 )
1415 slap_mask_t requires;
1419 LDAP_LOG( CONFIG, CRIT,
1420 "%s: line %d: missing feature(s) in "
1421 "\"require <features>\" line.\n", fname, lineno ,0 );
1423 Debug( LDAP_DEBUG_ANY,
1424 "%s: line %d: missing feature(s) in \"require <features>\" line\n",
1433 for( i=1; i < cargc; i++ ) {
1434 if( strcasecmp( cargv[i], "bind" ) == 0 ) {
1435 requires |= SLAP_REQUIRE_BIND;
1437 } else if( strcasecmp( cargv[i], "LDAPv3" ) == 0 ) {
1438 requires |= SLAP_REQUIRE_LDAP_V3;
1440 } else if( strcasecmp( cargv[i], "authc" ) == 0 ) {
1441 requires |= SLAP_REQUIRE_AUTHC;
1443 } else if( strcasecmp( cargv[i], "SASL" ) == 0 ) {
1444 requires |= SLAP_REQUIRE_SASL;
1446 } else if( strcasecmp( cargv[i], "strong" ) == 0 ) {
1447 requires |= SLAP_REQUIRE_STRONG;
1449 } else if( strcasecmp( cargv[i], "none" ) != 0 ) {
1451 LDAP_LOG( CONFIG, CRIT,
1452 "%s: line %d: unknown feature %s in "
1453 "\"require <features>\" line.\n",
1454 fname, lineno , cargv[i] );
1456 Debug( LDAP_DEBUG_ANY,
1457 "%s: line %d: unknown feature %s in \"require <features>\" line\n",
1458 fname, lineno, cargv[i] );
1466 global_requires = requires;
1468 be->be_requires = requires;
1471 /* required security factors */
1472 } else if ( strcasecmp( cargv[0], "security" ) == 0 ) {
1473 slap_ssf_set_t *set;
1477 LDAP_LOG( CONFIG, CRIT,
1478 "%s: line %d: missing factor(s) in \"security <factors>\""
1479 " line.\n", fname, lineno ,0 );
1481 Debug( LDAP_DEBUG_ANY,
1482 "%s: line %d: missing factor(s) in \"security <factors>\" line\n",
1490 set = &global_ssf_set;
1492 set = &be->be_ssf_set;
1495 for( i=1; i < cargc; i++ ) {
1496 if( strncasecmp( cargv[i], "ssf=",
1497 sizeof("ssf") ) == 0 )
1500 atoi( &cargv[i][sizeof("ssf")] );
1502 } else if( strncasecmp( cargv[i], "transport=",
1503 sizeof("transport") ) == 0 )
1505 set->sss_transport =
1506 atoi( &cargv[i][sizeof("transport")] );
1508 } else if( strncasecmp( cargv[i], "tls=",
1509 sizeof("tls") ) == 0 )
1512 atoi( &cargv[i][sizeof("tls")] );
1514 } else if( strncasecmp( cargv[i], "sasl=",
1515 sizeof("sasl") ) == 0 )
1518 atoi( &cargv[i][sizeof("sasl")] );
1520 } else if( strncasecmp( cargv[i], "update_ssf=",
1521 sizeof("update_ssf") ) == 0 )
1523 set->sss_update_ssf =
1524 atoi( &cargv[i][sizeof("update_ssf")] );
1526 } else if( strncasecmp( cargv[i], "update_transport=",
1527 sizeof("update_transport") ) == 0 )
1529 set->sss_update_transport =
1530 atoi( &cargv[i][sizeof("update_transport")] );
1532 } else if( strncasecmp( cargv[i], "update_tls=",
1533 sizeof("update_tls") ) == 0 )
1535 set->sss_update_tls =
1536 atoi( &cargv[i][sizeof("update_tls")] );
1538 } else if( strncasecmp( cargv[i], "update_sasl=",
1539 sizeof("update_sasl") ) == 0 )
1541 set->sss_update_sasl =
1542 atoi( &cargv[i][sizeof("update_sasl")] );
1544 } else if( strncasecmp( cargv[i], "simple_bind=",
1545 sizeof("simple_bind") ) == 0 )
1547 set->sss_simple_bind =
1548 atoi( &cargv[i][sizeof("simple_bind")] );
1552 LDAP_LOG( CONFIG, CRIT,
1553 "%s: line %d: unknown factor %S in "
1554 "\"security <factors>\" line.\n",
1555 fname, lineno, cargv[1] );
1557 Debug( LDAP_DEBUG_ANY,
1558 "%s: line %d: unknown factor %s in \"security <factors>\" line\n",
1559 fname, lineno, cargv[i] );
1565 /* where to send clients when we don't hold it */
1566 } else if ( strcasecmp( cargv[0], "referral" ) == 0 ) {
1569 LDAP_LOG( CONFIG, CRIT,
1570 "%s: line %d: missing URL in \"referral <URL>\""
1571 " line.\n", fname, lineno , 0 );
1573 Debug( LDAP_DEBUG_ANY,
1574 "%s: line %d: missing URL in \"referral <URL>\" line\n",
1581 if( validate_global_referral( cargv[1] ) ) {
1583 LDAP_LOG( CONFIG, CRIT,
1584 "%s: line %d: invalid URL (%s) in \"referral\" line.\n",
1585 fname, lineno, cargv[1] );
1587 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
1588 "invalid URL (%s) in \"referral\" line.\n",
1589 fname, lineno, cargv[1] );
1594 vals[0].bv_val = cargv[1];
1595 vals[0].bv_len = strlen( vals[0].bv_val );
1596 if( value_add( &default_referral, vals ) )
1600 } else if ( strcasecmp( cargv[0], "logfile" ) == 0 ) {
1604 LDAP_LOG( CONFIG, CRIT,
1605 "%s: line %d: Error in logfile directive, "
1606 "\"logfile <filename>\"\n", fname, lineno , 0 );
1608 Debug( LDAP_DEBUG_ANY,
1609 "%s: line %d: Error in logfile directive, \"logfile filename\"\n",
1615 logfile = fopen( cargv[1], "w" );
1616 if ( logfile != NULL ) lutil_debug_file( logfile );
1619 /* start of a new database definition */
1620 } else if ( strcasecmp( cargv[0], "debug" ) == 0 ) {
1624 LDAP_LOG( CONFIG, CRIT,
1625 "%s: line %d: Error in debug directive, "
1626 "\"debug <subsys> <level>\"\n", fname, lineno , 0 );
1628 Debug( LDAP_DEBUG_ANY,
1629 "%s: line %d: Error in debug directive, \"debug subsys level\"\n",
1635 level = atoi( cargv[2] );
1636 if ( level <= 0 ) level = lutil_mnem2level( cargv[2] );
1637 lutil_set_debug_level( cargv[1], level );
1638 /* specify an Object Identifier macro */
1639 } else if ( strcasecmp( cargv[0], "objectidentifier" ) == 0 ) {
1640 rc = parse_oidm( fname, lineno, cargc, cargv );
1643 /* specify an objectclass */
1644 } else if ( strcasecmp( cargv[0], "objectclass" ) == 0 ) {
1645 if ( *cargv[1] == '(' /*')'*/) {
1647 p = strchr(saveline,'(' /*')'*/);
1648 rc = parse_oc( fname, lineno, p, cargv );
1653 LDAP_LOG( CONFIG, INFO,
1654 "%s: line %d: old objectclass format not supported\n",
1655 fname, lineno , 0 );
1657 Debug( LDAP_DEBUG_ANY,
1658 "%s: line %d: old objectclass format not supported.\n",
1663 #ifdef SLAP_EXTENDED_SCHEMA
1664 } else if ( strcasecmp( cargv[0], "ditcontentrule" ) == 0 ) {
1666 p = strchr(saveline,'(' /*')'*/);
1667 rc = parse_cr( fname, lineno, p, cargv );
1671 /* specify an attribute type */
1672 } else if (( strcasecmp( cargv[0], "attributetype" ) == 0 )
1673 || ( strcasecmp( cargv[0], "attribute" ) == 0 ))
1675 if ( *cargv[1] == '(' /*')'*/) {
1677 p = strchr(saveline,'(' /*')'*/);
1678 rc = parse_at( fname, lineno, p, cargv );
1683 LDAP_LOG( CONFIG, INFO,
1684 "%s: line %d: old attribute type format not supported.\n",
1685 fname, lineno , 0 );
1687 Debug( LDAP_DEBUG_ANY,
1688 "%s: line %d: old attribute type format not supported.\n",
1694 /* define attribute option(s) */
1695 } else if ( strcasecmp( cargv[0], "attributeoptions" ) == 0 ) {
1696 ad_define_option( NULL, NULL, 0 );
1697 for ( i = 1; i < cargc; i++ )
1698 if ( ad_define_option( cargv[i], fname, lineno ) != 0 )
1701 /* turn on/off schema checking */
1702 } else if ( strcasecmp( cargv[0], "schemacheck" ) == 0 ) {
1705 LDAP_LOG( CONFIG, CRIT,
1706 "%s: line %d: missing on|off in \"schemacheck <on|off>\""
1707 " line.\n", fname, lineno , 0 );
1709 Debug( LDAP_DEBUG_ANY,
1710 "%s: line %d: missing on|off in \"schemacheck <on|off>\" line\n",
1716 if ( strcasecmp( cargv[1], "off" ) == 0 ) {
1718 LDAP_LOG( CONFIG, CRIT,
1719 "%s: line %d: schema checking disabled! your mileage may "
1720 "vary!\n", fname, lineno , 0 );
1722 Debug( LDAP_DEBUG_ANY,
1723 "%s: line %d: schema checking disabled! your mileage may vary!\n",
1726 global_schemacheck = 0;
1728 global_schemacheck = 1;
1731 /* specify access control info */
1732 } else if ( strcasecmp( cargv[0], "access" ) == 0 ) {
1733 parse_acl( be, fname, lineno, cargc, cargv );
1735 /* debug level to log things to syslog */
1736 } else if ( strcasecmp( cargv[0], "loglevel" ) == 0 ) {
1739 LDAP_LOG( CONFIG, CRIT,
1740 "%s: line %d: missing level in \"loglevel <level>\""
1741 " line.\n", fname, lineno , 0 );
1743 Debug( LDAP_DEBUG_ANY,
1744 "%s: line %d: missing level in \"loglevel <level>\" line\n",
1753 for( i=1; i < cargc; i++ ) {
1754 ldap_syslog += atoi( cargv[1] );
1757 /* list of replicas of the data in this backend (master only) */
1758 } else if ( strcasecmp( cargv[0], "replica" ) == 0 ) {
1761 LDAP_LOG( CONFIG, CRIT,
1762 "%s: line %d: missing host in \"replica "
1763 " <host[:port]\" line\n", fname, lineno , 0 );
1765 Debug( LDAP_DEBUG_ANY,
1766 "%s: line %d: missing host in \"replica <host[:port]>\" line\n",
1774 LDAP_LOG( CONFIG, INFO,
1775 "%s: line %d: replica line must appear inside "
1776 "a database definition.\n", fname, lineno, 0);
1778 Debug( LDAP_DEBUG_ANY,
1779 "%s: line %d: replica line must appear inside a database definition\n",
1787 for ( i = 1; i < cargc; i++ ) {
1788 if ( strncasecmp( cargv[i], "host=", 5 )
1790 nr = add_replica_info( be,
1797 LDAP_LOG( CONFIG, INFO,
1798 "%s: line %d: missing host in \"replica\" line\n",
1799 fname, lineno , 0 );
1801 Debug( LDAP_DEBUG_ANY,
1802 "%s: line %d: missing host in \"replica\" line\n",
1807 } else if ( nr == -1 ) {
1809 LDAP_LOG( CONFIG, INFO,
1810 "%s: line %d: unable to add"
1811 " replica \"%s\"\n",
1815 Debug( LDAP_DEBUG_ANY,
1816 "%s: line %d: unable to add replica \"%s\"\n",
1817 fname, lineno, cargv[i] + 5 );
1821 for ( i = 1; i < cargc; i++ ) {
1822 if ( strncasecmp( cargv[i], "suffix=", 7 ) == 0 ) {
1824 switch ( add_replica_suffix( be, nr, cargv[i] + 7 ) ) {
1827 LDAP_LOG( CONFIG, INFO,
1828 "%s: line %d: suffix \"%s\" in \"replica\""
1829 " line is not valid for backend(ignored)\n",
1830 fname, lineno, cargv[i] + 7 );
1832 Debug( LDAP_DEBUG_ANY,
1833 "%s: line %d: suffix \"%s\" in \"replica\" line is not valid for backend (ignored)\n",
1834 fname, lineno, cargv[i] + 7 );
1840 LDAP_LOG( CONFIG, INFO,
1841 "%s: line %d: unable to normalize suffix"
1842 " in \"replica\" line (ignored)\n",
1843 fname, lineno , 0 );
1845 Debug( LDAP_DEBUG_ANY,
1846 "%s: line %d: unable to normalize suffix in \"replica\" line (ignored)\n",
1852 } else if ( strncasecmp( cargv[i], "attr", 4 ) == 0 ) {
1854 char *arg = cargv[i] + 4;
1856 if ( arg[0] == '!' ) {
1861 if ( arg[0] != '=' ) {
1865 if ( add_replica_attrs( be, nr, arg + 1, exclude ) ) {
1867 LDAP_LOG( CONFIG, INFO,
1868 "%s: line %d: attribute \"%s\" in "
1869 "\"replica\" line is unknown\n",
1870 fname, lineno, arg + 1 );
1872 Debug( LDAP_DEBUG_ANY,
1873 "%s: line %d: attribute \"%s\" in \"replica\" line is unknown\n",
1874 fname, lineno, arg + 1 );
1883 /* dn of master entity allowed to write to replica */
1884 } else if ( strcasecmp( cargv[0], "updatedn" ) == 0 ) {
1887 LDAP_LOG( CONFIG, CRIT,
1888 "%s: line %d: missing dn in \"updatedn <dn>\""
1889 " line.\n", fname, lineno , 0 );
1891 Debug( LDAP_DEBUG_ANY,
1892 "%s: line %d: missing dn in \"updatedn <dn>\" line\n",
1900 LDAP_LOG( CONFIG, INFO,
1901 "%s: line %d: updatedn line must appear inside "
1902 "a database definition\n",
1903 fname, lineno , 0 );
1905 Debug( LDAP_DEBUG_ANY,
1906 "%s: line %d: updatedn line must appear inside a database definition\n",
1914 if ( load_ucdata( NULL ) < 0 ) return 1;
1916 dn.bv_val = cargv[1];
1917 dn.bv_len = strlen( cargv[1] );
1919 rc = dnNormalize2( NULL, &dn, &be->be_update_ndn );
1920 if( rc != LDAP_SUCCESS ) {
1922 LDAP_LOG( CONFIG, CRIT,
1923 "%s: line %d: updatedn DN is invalid.\n",
1924 fname, lineno , 0 );
1926 Debug( LDAP_DEBUG_ANY,
1927 "%s: line %d: updatedn DN is invalid\n",
1934 } else if ( strcasecmp( cargv[0], "updateref" ) == 0 ) {
1937 LDAP_LOG( CONFIG, CRIT, "%s: line %d: "
1938 "missing url in \"updateref <ldapurl>\" line.\n",
1939 fname, lineno , 0 );
1941 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
1942 "missing url in \"updateref <ldapurl>\" line\n",
1950 LDAP_LOG( CONFIG, INFO, "%s: line %d: updateref"
1951 " line must appear inside a database definition\n",
1952 fname, lineno , 0 );
1954 Debug( LDAP_DEBUG_ANY, "%s: line %d: updateref"
1955 " line must appear inside a database definition\n",
1960 } else if ( !be->be_update_ndn.bv_len ) {
1962 LDAP_LOG( CONFIG, INFO, "%s: line %d: "
1963 "updateref line must come after updatedn.\n",
1964 fname, lineno , 0 );
1966 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
1967 "updateref line must after updatedn.\n",
1973 if( validate_global_referral( cargv[1] ) ) {
1975 LDAP_LOG( CONFIG, CRIT, "%s: line %d: "
1976 "invalid URL (%s) in \"updateref\" line.\n",
1977 fname, lineno, cargv[1] );
1979 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
1980 "invalid URL (%s) in \"updateref\" line.\n",
1981 fname, lineno, cargv[1] );
1986 vals[0].bv_val = cargv[1];
1987 vals[0].bv_len = strlen( vals[0].bv_val );
1988 if( value_add( &be->be_update_refs, vals ) )
1991 /* replication log file to which changes are appended */
1992 } else if ( strcasecmp( cargv[0], "replogfile" ) == 0 ) {
1995 LDAP_LOG( CONFIG, CRIT,
1996 "%s: line %d: missing filename in \"replogfile <filename>\""
1997 " line.\n", fname, lineno , 0 );
1999 Debug( LDAP_DEBUG_ANY,
2000 "%s: line %d: missing filename in \"replogfile <filename>\" line\n",
2007 be->be_replogfile = ch_strdup( cargv[1] );
2009 replogfile = ch_strdup( cargv[1] );
2012 /* file from which to read additional rootdse attrs */
2013 } else if ( strcasecmp( cargv[0], "rootDSE" ) == 0) {
2016 LDAP_LOG( CONFIG, CRIT, "%s: line %d: "
2017 "missing filename in \"rootDSE <filename>\" line.\n",
2018 fname, lineno , 0 );
2020 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
2021 "missing filename in \"rootDSE <filename>\" line.\n",
2027 if( read_root_dse_file( cargv[1] ) ) {
2029 LDAP_LOG( CONFIG, CRIT, "%s: line %d: "
2030 "could not read \"rootDSE <filename>\" line.\n",
2031 fname, lineno , 0 );
2033 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
2034 "could not read \"rootDSE <filename>\" line\n",
2040 /* maintain lastmodified{by,time} attributes */
2041 } else if ( strcasecmp( cargv[0], "lastmod" ) == 0 ) {
2044 LDAP_LOG( CONFIG, CRIT,
2045 "%s: line %d: missing on|off in \"lastmod <on|off>\""
2046 " line.\n", fname, lineno , 0 );
2048 Debug( LDAP_DEBUG_ANY,
2049 "%s: line %d: missing on|off in \"lastmod <on|off>\" line\n",
2055 if ( strcasecmp( cargv[1], "on" ) == 0 ) {
2057 be->be_flags &= ~SLAP_BFLAG_NOLASTMOD;
2063 be->be_flags |= SLAP_BFLAG_NOLASTMOD;
2070 /* turn on/off gentle SIGHUP handling */
2071 } else if ( strcasecmp( cargv[0], "gentlehup" ) == 0 ) {
2073 Debug( LDAP_DEBUG_ANY,
2074 "%s: line %d: missing on|off in \"gentlehup <on|off>\" line\n",
2078 if ( strcasecmp( cargv[1], "off" ) == 0 ) {
2079 global_gentlehup = 0;
2081 global_gentlehup = 1;
2085 /* set idle timeout value */
2086 } else if ( strcasecmp( cargv[0], "idletimeout" ) == 0 ) {
2090 LDAP_LOG( CONFIG, CRIT,
2091 "%s: line %d: missing timeout value in "
2092 "\"idletimeout <seconds>\" line.\n", fname, lineno , 0 );
2094 Debug( LDAP_DEBUG_ANY,
2095 "%s: line %d: missing timeout value in \"idletimeout <seconds>\" line\n",
2102 i = atoi( cargv[1] );
2106 LDAP_LOG( CONFIG, CRIT,
2107 "%s: line %d: timeout value (%d) invalid "
2108 "\"idletimeout <seconds>\" line.\n", fname, lineno, i );
2110 Debug( LDAP_DEBUG_ANY,
2111 "%s: line %d: timeout value (%d) invalid \"idletimeout <seconds>\" line\n",
2118 global_idletimeout = i;
2120 /* include another config file */
2121 } else if ( strcasecmp( cargv[0], "include" ) == 0 ) {
2124 LDAP_LOG( CONFIG, CRIT,
2125 "%s: line %d: missing filename in \"include "
2126 "<filename>\" line.\n", fname, lineno , 0 );
2128 Debug( LDAP_DEBUG_ANY,
2129 "%s: line %d: missing filename in \"include <filename>\" line\n",
2135 savefname = ch_strdup( cargv[1] );
2136 savelineno = lineno;
2138 if ( read_config( savefname, depth+1 ) != 0 ) {
2143 lineno = savelineno - 1;
2145 /* location of kerberos srvtab file */
2146 } else if ( strcasecmp( cargv[0], "srvtab" ) == 0 ) {
2149 LDAP_LOG( CONFIG, CRIT,
2150 "%s: line %d: missing filename in \"srvtab "
2151 "<filename>\" line.\n", fname, lineno , 0 );
2153 Debug( LDAP_DEBUG_ANY,
2154 "%s: line %d: missing filename in \"srvtab <filename>\" line\n",
2160 ldap_srvtab = ch_strdup( cargv[1] );
2162 #ifdef SLAPD_MODULES
2163 } else if (strcasecmp( cargv[0], "moduleload") == 0 ) {
2166 LDAP_LOG( CONFIG, INFO,
2167 "%s: line %d: missing filename in \"moduleload "
2168 "<filename>\" line.\n", fname, lineno , 0 );
2170 Debug( LDAP_DEBUG_ANY,
2171 "%s: line %d: missing filename in \"moduleload <filename>\" line\n",
2175 exit( EXIT_FAILURE );
2177 if (module_load(cargv[1], cargc - 2, (cargc > 2) ? cargv + 2 : NULL)) {
2179 LDAP_LOG( CONFIG, CRIT,
2180 "%s: line %d: failed to load or initialize module %s\n",
2181 fname, lineno, cargv[1] );
2183 Debug( LDAP_DEBUG_ANY,
2184 "%s: line %d: failed to load or initialize module %s\n",
2185 fname, lineno, cargv[1]);
2188 exit( EXIT_FAILURE );
2190 } else if (strcasecmp( cargv[0], "modulepath") == 0 ) {
2193 LDAP_LOG( CONFIG, INFO,
2194 "%s: line %d: missing path in \"modulepath <path>\""
2195 " line\n", fname, lineno , 0 );
2197 Debug( LDAP_DEBUG_ANY,
2198 "%s: line %d: missing path in \"modulepath <path>\" line\n",
2202 exit( EXIT_FAILURE );
2204 if (module_path( cargv[1] )) {
2206 LDAP_LOG( CONFIG, CRIT,
2207 "%s: line %d: failed to set module search path to %s.\n",
2208 fname, lineno, cargv[1] );
2210 Debug( LDAP_DEBUG_ANY,
2211 "%s: line %d: failed to set module search path to %s\n",
2212 fname, lineno, cargv[1]);
2215 exit( EXIT_FAILURE );
2218 #endif /*SLAPD_MODULES*/
2221 } else if ( !strcasecmp( cargv[0], "TLSRandFile" ) ) {
2222 rc = ldap_pvt_tls_set_option( NULL,
2223 LDAP_OPT_X_TLS_RANDOM_FILE,
2228 } else if ( !strcasecmp( cargv[0], "TLSCipherSuite" ) ) {
2229 rc = ldap_pvt_tls_set_option( NULL,
2230 LDAP_OPT_X_TLS_CIPHER_SUITE,
2235 } else if ( !strcasecmp( cargv[0], "TLSCertificateFile" ) ) {
2236 rc = ldap_pvt_tls_set_option( NULL,
2237 LDAP_OPT_X_TLS_CERTFILE,
2242 } else if ( !strcasecmp( cargv[0], "TLSCertificateKeyFile" ) ) {
2243 rc = ldap_pvt_tls_set_option( NULL,
2244 LDAP_OPT_X_TLS_KEYFILE,
2249 } else if ( !strcasecmp( cargv[0], "TLSCACertificatePath" ) ) {
2250 rc = ldap_pvt_tls_set_option( NULL,
2251 LDAP_OPT_X_TLS_CACERTDIR,
2256 } else if ( !strcasecmp( cargv[0], "TLSCACertificateFile" ) ) {
2257 rc = ldap_pvt_tls_set_option( NULL,
2258 LDAP_OPT_X_TLS_CACERTFILE,
2262 } else if ( !strcasecmp( cargv[0], "TLSVerifyClient" ) ) {
2263 if ( isdigit( (unsigned char) cargv[1][0] ) ) {
2265 rc = ldap_pvt_tls_set_option( NULL,
2266 LDAP_OPT_X_TLS_REQUIRE_CERT,
2269 rc = ldap_int_tls_config( NULL,
2270 LDAP_OPT_X_TLS_REQUIRE_CERT,
2279 } else if ( !strcasecmp( cargv[0], "reverse-lookup" ) ) {
2280 #ifdef SLAPD_RLOOKUPS
2283 LDAP_LOG( CONFIG, INFO,
2284 "%s: line %d: reverse-lookup: missing \"on\" or \"off\"\n",
2285 fname, lineno , 0 );
2287 Debug( LDAP_DEBUG_ANY,
2288 "%s: line %d: reverse-lookup: missing \"on\" or \"off\"\n",
2294 if ( !strcasecmp( cargv[1], "on" ) ) {
2295 use_reverse_lookup = 1;
2296 } else if ( !strcasecmp( cargv[1], "off" ) ) {
2297 use_reverse_lookup = 0;
2300 LDAP_LOG( CONFIG, INFO,
2301 "%s: line %d: reverse-lookup: "
2302 "must be \"on\" (default) or \"off\"\n", fname, lineno, 0 );
2304 Debug( LDAP_DEBUG_ANY,
2305 "%s: line %d: reverse-lookup: must be \"on\" (default) or \"off\"\n",
2311 #else /* !SLAPD_RLOOKUPS */
2313 LDAP_LOG( CONFIG, INFO,
2314 "%s: line %d: reverse lookups "
2315 "are not configured (ignored).\n", fname, lineno , 0 );
2317 Debug( LDAP_DEBUG_ANY,
2318 "%s: line %d: reverse lookups are not configured (ignored).\n",
2321 #endif /* !SLAPD_RLOOKUPS */
2323 /* Netscape plugins */
2324 } else if ( strcasecmp( cargv[0], "plugin" ) == 0 ) {
2325 #if defined( LDAP_SLAPI )
2327 #ifdef notdef /* allow global plugins, too */
2329 * a "plugin" line must be inside a database
2330 * definition, since we implement pre-,post-
2331 * and extended operation plugins
2335 LDAP_LOG( CONFIG, INFO,
2336 "%s: line %d: plugin line must appear "
2337 "inside a database definition.\n",
2340 Debug( LDAP_DEBUG_ANY, "%s: line %d: plugin "
2341 "line must appear inside a database "
2342 "definition\n", fname, lineno, 0 );
2348 if ( netscape_plugin( be, fname, lineno, cargc, cargv )
2353 #else /* !defined( LDAP_SLAPI ) */
2355 LDAP_LOG( CONFIG, INFO,
2356 "%s: line %d: SLAPI not supported.\n",
2359 Debug( LDAP_DEBUG_ANY, "%s: line %d: SLAPI "
2360 "not supported.\n", fname, lineno, 0 );
2364 #endif /* !defined( LDAP_SLAPI ) */
2366 /* Netscape plugins */
2367 } else if ( strcasecmp( cargv[0], "pluginlog" ) == 0 ) {
2368 #if defined( LDAP_SLAPI )
2371 LDAP_LOG( CONFIG, INFO,
2372 "%s: line %d: missing file name "
2373 "in pluginlog <filename> line.\n",
2376 Debug( LDAP_DEBUG_ANY,
2377 "%s: line %d: missing file name "
2378 "in pluginlog <filename> line.\n",
2384 if ( slapi_log_file != NULL ) {
2385 ch_free( slapi_log_file );
2388 slapi_log_file = ch_strdup( cargv[1] );
2389 #endif /* !defined( LDAP_SLAPI ) */
2391 /* pass anything else to the current backend info/db config routine */
2394 if ( bi->bi_config == 0 ) {
2396 LDAP_LOG( CONFIG, INFO,
2397 "%s: line %d: unknown directive \"%s\" inside "
2398 "backend info definition (ignored).\n",
2399 fname, lineno, cargv[0] );
2401 Debug( LDAP_DEBUG_ANY,
2402 "%s: line %d: unknown directive \"%s\" inside backend info definition (ignored)\n",
2403 fname, lineno, cargv[0] );
2407 if ( (*bi->bi_config)( bi, fname, lineno, cargc, cargv )
2413 } else if ( be != NULL ) {
2414 if ( be->be_config == 0 ) {
2416 LDAP_LOG( CONFIG, INFO,
2417 "%s: line %d: uknown directive \"%s\" inside "
2418 "backend database definition (ignored).\n",
2419 fname, lineno, cargv[0] );
2421 Debug( LDAP_DEBUG_ANY,
2422 "%s: line %d: unknown directive \"%s\" inside backend database definition (ignored)\n",
2423 fname, lineno, cargv[0] );
2427 if ( (*be->be_config)( be, fname, lineno, cargc, cargv )
2435 LDAP_LOG( CONFIG, INFO,
2436 "%s: line %d: unknown directive \"%s\" outside backend "
2437 "info and database definitions (ignored).\n",
2438 fname, lineno, cargv[0] );
2440 Debug( LDAP_DEBUG_ANY,
2441 "%s: line %d: unknown directive \"%s\" outside backend info and database definitions (ignored)\n",
2442 fname, lineno, cargv[0] );
2451 if ( depth == 0 ) ch_free( cargv );
2453 if ( !global_schemadn.bv_val ) {
2454 ber_str2bv( SLAPD_SCHEMA_DN, sizeof(SLAPD_SCHEMA_DN)-1, 1,
2456 dnNormalize2( NULL, &global_schemadn, &global_schemandn );
2459 if ( load_ucdata( NULL ) < 0 ) return 1;
2471 char logbuf[sizeof("pseudorootpw ***")];
2474 token = strtok_quote( line, " \t" );
2478 if ( token && ( strcasecmp( token, "rootpw" ) == 0 ||
2479 strcasecmp( token, "replica" ) == 0 || /* contains "credentials" */
2480 strcasecmp( token, "bindpw" ) == 0 || /* used in back-ldap */
2481 strcasecmp( token, "pseudorootpw" ) == 0 || /* used in back-meta */
2482 strcasecmp( token, "dbpasswd" ) == 0 ) ) /* used in back-sql */
2484 snprintf( logline = logbuf, sizeof logbuf, "%s ***", token );
2487 if ( strtok_quote_ptr ) {
2488 *strtok_quote_ptr = ' ';
2492 LDAP_LOG( CONFIG, DETAIL1, "line %d (%s)\n", lineno, logline , 0 );
2494 Debug( LDAP_DEBUG_CONFIG, "line %d (%s)\n", lineno, logline, 0 );
2497 if ( strtok_quote_ptr ) {
2498 *strtok_quote_ptr = '\0';
2501 for ( ; token != NULL; token = strtok_quote( NULL, " \t" ) ) {
2502 if ( cargc == cargv_size - 1 ) {
2504 tmp = ch_realloc( cargv, (cargv_size + ARGS_STEP) *
2506 if ( tmp == NULL ) {
2508 LDAP_LOG( CONFIG, ERR, "line %d: out of memory\n", lineno, 0,0 );
2510 Debug( LDAP_DEBUG_ANY,
2511 "line %d: out of memory\n",
2517 cargv_size += ARGS_STEP;
2519 cargv[cargc++] = token;
2521 cargv[cargc] = NULL;
2526 strtok_quote( char *line, char *sep )
2532 strtok_quote_ptr = NULL;
2533 if ( line != NULL ) {
2536 while ( *next && strchr( sep, *next ) ) {
2540 if ( *next == '\0' ) {
2546 for ( inquote = 0; *next; ) {
2554 AC_MEMCPY( next, next + 1, strlen( next + 1 ) + 1 );
2560 next + 1, strlen( next + 1 ) + 1 );
2561 next++; /* dont parse the escaped character */
2566 if ( strchr( sep, *next ) != NULL ) {
2567 strtok_quote_ptr = next;
2580 static char buf[BUFSIZ];
2582 static size_t lmax, lcur;
2584 #define CATLINE( buf ) \
2586 size_t len = strlen( buf ); \
2587 while ( lcur + len + 1 > lmax ) { \
2589 line = (char *) ch_realloc( line, lmax ); \
2591 strcpy( line + lcur, buf ); \
2596 fp_getline( FILE *fp, int *lineno )
2604 /* hack attack - keeps us from having to keep a stack of bufs... */
2605 if ( strncasecmp( line, "include", 7 ) == 0 ) {
2610 while ( fgets( buf, sizeof(buf), fp ) != NULL ) {
2611 /* trim off \r\n or \n */
2612 if ( (p = strchr( buf, '\n' )) != NULL ) {
2613 if( p > buf && p[-1] == '\r' ) --p;
2617 /* trim off trailing \ and append the next line */
2618 if ( line[ 0 ] != '\0'
2619 && (p = line + strlen( line ) - 1)[ 0 ] == '\\'
2620 && p[ -1 ] != '\\' ) {
2625 if ( ! isspace( (unsigned char) buf[0] ) ) {
2629 /* change leading whitespace to a space */
2638 return( line[0] ? line : NULL );
2642 fp_getline_init( int *lineno )
2648 /* Loads ucdata, returns 1 if loading, 0 if already loaded, -1 on error */
2650 load_ucdata( char *path )
2652 static int loaded = 0;
2658 err = ucdata_load( path ? path : SLAPD_DEFAULT_UCDATA, UCDATA_ALL );
2661 LDAP_LOG( CONFIG, CRIT,
2662 "load_ucdata: Error %d loading ucdata.\n", err, 0,0 );
2664 Debug( LDAP_DEBUG_ANY, "error loading ucdata (error %d)\n",
2677 ucdata_unload( UCDATA_ALL );
2678 free( global_schemandn.bv_val );
2679 free( global_schemadn.bv_val );
2681 if ( slapd_args_file )
2682 free ( slapd_args_file );
2683 if ( slapd_pid_file )
2684 free ( slapd_pid_file );
2685 acl_destroy( global_acl, NULL );
projects / openldap / blob