]> git.sur5r.net Git - openldap/blob - servers/slapd/config.c
Merge remote-tracking branch 'origin/mdb.master' into OPENLDAP_REL_ENG_2_5
[openldap] / servers / slapd / config.c
1 /* config.c - configuration file handling routines */
2 /* $OpenLDAP$ */
3 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
4  *
5  * Copyright 1998-2014 The OpenLDAP Foundation.
6  * All rights reserved.
7  *
8  * Redistribution and use in source and binary forms, with or without
9  * modification, are permitted only as authorized by the OpenLDAP
10  * Public License.
11  *
12  * A copy of this license is available in the file LICENSE in the
13  * top-level directory of the distribution or, alternatively, at
14  * <http://www.OpenLDAP.org/license.html>.
15  */
16 /* Portions Copyright (c) 1995 Regents of the University of Michigan.
17  * All rights reserved.
18  *
19  * Redistribution and use in source and binary forms are permitted
20  * provided that this notice is preserved and that due credit is given
21  * to the University of Michigan at Ann Arbor. The name of the University
22  * may not be used to endorse or promote products derived from this
23  * software without specific prior written permission. This software
24  * is provided ``as is'' without express or implied warranty.
25  */
26
27 #include "portable.h"
28
29 #include <stdio.h>
30
31 #include <ac/string.h>
32 #include <ac/ctype.h>
33 #include <ac/signal.h>
34 #include <ac/socket.h>
35 #include <ac/errno.h>
36 #include <ac/unistd.h>
37
38 #include <sys/types.h>
39 #include <sys/stat.h>
40
41 #ifndef S_ISREG
42 #define S_ISREG(m)      (((m) & _S_IFMT) == _S_IFREG)
43 #endif
44
45 #include "slap.h"
46 #ifdef LDAP_SLAPI
47 #include "slapi/slapi.h"
48 #endif
49 #include "lutil.h"
50 #include "lutil_ldap.h"
51 #include "config.h"
52
53 #ifdef _WIN32
54 #define LUTIL_ATOULX    lutil_atoullx
55 #define Z       "I"
56 #else
57 #define LUTIL_ATOULX    lutil_atoulx
58 #define Z       "z"
59 #endif
60
61 #define ARGS_STEP       512
62
63 /*
64  * defaults for various global variables
65  */
66 slap_mask_t             global_allows = 0;
67 slap_mask_t             global_disallows = 0;
68 int             global_gentlehup = 0;
69 int             global_idletimeout = 0;
70 int             global_writetimeout = 0;
71 char    *global_host = NULL;
72 struct berval global_host_bv = BER_BVNULL;
73 char    *global_realm = NULL;
74 char    *sasl_host = NULL;
75 char            **default_passwd_hash = NULL;
76 struct berval default_search_base = BER_BVNULL;
77 struct berval default_search_nbase = BER_BVNULL;
78
79 ber_len_t sockbuf_max_incoming = SLAP_SB_MAX_INCOMING_DEFAULT;
80 ber_len_t sockbuf_max_incoming_auth= SLAP_SB_MAX_INCOMING_AUTH;
81
82 int     slap_conn_max_pending = SLAP_CONN_MAX_PENDING_DEFAULT;
83 int     slap_conn_max_pending_auth = SLAP_CONN_MAX_PENDING_AUTH;
84
85 char   *slapd_pid_file  = NULL;
86 char   *slapd_args_file = NULL;
87
88 int use_reverse_lookup = 0;
89
90 #ifdef LDAP_SLAPI
91 int slapi_plugins_used = 0;
92 #endif
93
94 static int fp_getline(FILE *fp, ConfigArgs *c);
95 static void fp_getline_init(ConfigArgs *c);
96
97 static char     *strtok_quote(char *line, char *sep, char **quote_ptr);
98 static char *strtok_quote_ldif(char **line);
99
100 ConfigArgs *
101 new_config_args( BackendDB *be, const char *fname, int lineno, int argc, char **argv )
102 {
103         ConfigArgs *c;
104         c = ch_calloc( 1, sizeof( ConfigArgs ) );
105         if ( c == NULL ) return(NULL);
106         c->be     = be; 
107         c->fname  = fname;
108         c->argc   = argc;
109         c->argv   = argv; 
110         c->lineno = lineno;
111         snprintf( c->log, sizeof( c->log ), "%s: line %d", fname, lineno );
112         return(c);
113 }
114
115 void
116 init_config_argv( ConfigArgs *c )
117 {
118         c->argv = ch_calloc( ARGS_STEP + 1, sizeof( *c->argv ) );
119         c->argv_size = ARGS_STEP + 1;
120 }
121
122 ConfigTable *config_find_keyword(ConfigTable *Conf, ConfigArgs *c) {
123         int i;
124
125         for(i = 0; Conf[i].name; i++)
126                 if( (Conf[i].length && (!strncasecmp(c->argv[0], Conf[i].name, Conf[i].length))) ||
127                         (!strcasecmp(c->argv[0], Conf[i].name)) ) break;
128         if ( !Conf[i].name ) return NULL;
129         return Conf+i;
130 }
131
132 int config_check_vals(ConfigTable *Conf, ConfigArgs *c, int check_only ) {
133         int rc, arg_user, arg_type, arg_syn, iarg;
134         unsigned uiarg;
135         long larg;
136         unsigned long ularg;
137         ber_len_t barg;
138         
139         if(Conf->arg_type == ARG_IGNORED) {
140                 Debug(LDAP_DEBUG_CONFIG, "%s: keyword <%s> ignored\n",
141                         c->log, Conf->name, 0);
142                 return(0);
143         }
144         arg_type = Conf->arg_type & ARGS_TYPES;
145         arg_user = Conf->arg_type & ARGS_USERLAND;
146         arg_syn = Conf->arg_type & ARGS_SYNTAX;
147
148         if((arg_type == ARG_DN) && c->argc == 1) {
149                 c->argc = 2;
150                 c->argv[1] = "";
151         }
152         if(Conf->min_args && (c->argc < Conf->min_args)) {
153                 snprintf( c->cr_msg, sizeof( c->cr_msg ), "<%s> missing <%s> argument",
154                         c->argv[0], Conf->what ? Conf->what : "" );
155                 Debug(LDAP_DEBUG_CONFIG|LDAP_DEBUG_NONE, "%s: keyword %s\n", c->log, c->cr_msg, 0 );
156                 return(ARG_BAD_CONF);
157         }
158         if(Conf->max_args && (c->argc > Conf->max_args)) {
159                 char    *ignored = " ignored";
160
161                 snprintf( c->cr_msg, sizeof( c->cr_msg ), "<%s> extra cruft after <%s>",
162                         c->argv[0], Conf->what );
163
164                 ignored = "";
165                 Debug(LDAP_DEBUG_CONFIG|LDAP_DEBUG_NONE, "%s: %s%s.\n",
166                                 c->log, c->cr_msg, ignored );
167                 return(ARG_BAD_CONF);
168         }
169         if((arg_syn & ARG_DB) && !c->be) {
170                 snprintf( c->cr_msg, sizeof( c->cr_msg ), "<%s> only allowed within database declaration",
171                         c->argv[0] );
172                 Debug(LDAP_DEBUG_CONFIG|LDAP_DEBUG_NONE, "%s: keyword %s\n",
173                         c->log, c->cr_msg, 0);
174                 return(ARG_BAD_CONF);
175         }
176         if((arg_syn & ARG_PRE_BI) && c->bi) {
177                 snprintf( c->cr_msg, sizeof( c->cr_msg ), "<%s> must occur before any backend %sdeclaration",
178                         c->argv[0], (arg_syn & ARG_PRE_DB) ? "or database " : "" );
179                 Debug(LDAP_DEBUG_CONFIG|LDAP_DEBUG_NONE, "%s: keyword %s\n",
180                         c->log, c->cr_msg, 0 );
181                 return(ARG_BAD_CONF);
182         }
183         if((arg_syn & ARG_PRE_DB) && c->be && c->be != frontendDB) {
184                 snprintf( c->cr_msg, sizeof( c->cr_msg ), "<%s> must occur before any database declaration",
185                         c->argv[0] );
186                 Debug(LDAP_DEBUG_CONFIG|LDAP_DEBUG_NONE, "%s: keyword %s\n",
187                         c->log, c->cr_msg, 0);
188                 return(ARG_BAD_CONF);
189         }
190         if((arg_syn & ARG_PAREN) && *c->argv[1] != '(' /*')'*/) {
191                 snprintf( c->cr_msg, sizeof( c->cr_msg ), "<%s> old format not supported", c->argv[0] );
192                 Debug(LDAP_DEBUG_CONFIG|LDAP_DEBUG_NONE, "%s: %s\n",
193                         c->log, c->cr_msg, 0);
194                 return(ARG_BAD_CONF);
195         }
196         if(arg_type && !Conf->arg_item && !(arg_syn & ARG_OFFSET)) {
197                 snprintf( c->cr_msg, sizeof( c->cr_msg ), "<%s> invalid config_table, arg_item is NULL",
198                         c->argv[0] );
199                 Debug(LDAP_DEBUG_CONFIG|LDAP_DEBUG_NONE, "%s: %s\n",
200                         c->log, c->cr_msg, 0);
201                 return(ARG_BAD_CONF);
202         }
203         c->type = arg_user;
204         memset(&c->values, 0, sizeof(c->values));
205         if(arg_type == ARG_STRING) {
206                 assert( c->argc == 2 );
207                 if ( !check_only )
208                         c->value_string = ch_strdup(c->argv[1]);
209         } else if(arg_type == ARG_BERVAL) {
210                 assert( c->argc == 2 );
211                 if ( !check_only )
212                         ber_str2bv( c->argv[1], 0, 1, &c->value_bv );
213         } else if(arg_type == ARG_DN) {
214                 struct berval bv;
215                 assert( c->argc == 2 );
216                 ber_str2bv( c->argv[1], 0, 0, &bv );
217                 rc = dnPrettyNormal( NULL, &bv, &c->value_dn, &c->value_ndn, NULL );
218                 if ( rc != LDAP_SUCCESS ) {
219                         snprintf( c->cr_msg, sizeof( c->cr_msg ), "<%s> invalid DN %d (%s)",
220                                 c->argv[0], rc, ldap_err2string( rc ));
221                         Debug(LDAP_DEBUG_CONFIG|LDAP_DEBUG_NONE, "%s: %s\n" , c->log, c->cr_msg, 0);
222                         return(ARG_BAD_CONF);
223                 }
224                 if ( check_only ) {
225                         ch_free( c->value_ndn.bv_val );
226                         ch_free( c->value_dn.bv_val );
227                 }
228         } else if(arg_type == ARG_ATDESC) {
229                 const char *text = NULL;
230                 assert( c->argc == 2 );
231                 c->value_ad = NULL;
232                 rc = slap_str2ad( c->argv[1], &c->value_ad, &text );
233                 if ( rc != LDAP_SUCCESS ) {
234                         snprintf( c->cr_msg, sizeof( c->cr_msg ), "<%s> invalid AttributeDescription %d (%s)",
235                                 c->argv[0], rc, text );
236                         Debug(LDAP_DEBUG_CONFIG|LDAP_DEBUG_NONE, "%s: %s\n" , c->log, c->cr_msg, 0);
237                         return(ARG_BAD_CONF);
238                 }
239         } else {        /* all numeric */
240                 int j;
241                 iarg = 0; larg = 0; barg = 0;
242                 switch(arg_type) {
243                         case ARG_INT:
244                                 assert( c->argc == 2 );
245                                 if ( lutil_atoix( &iarg, c->argv[1], 0 ) != 0 ) {
246                                         snprintf( c->cr_msg, sizeof( c->cr_msg ),
247                                                 "<%s> unable to parse \"%s\" as int",
248                                                 c->argv[0], c->argv[1] );
249                                         Debug(LDAP_DEBUG_CONFIG|LDAP_DEBUG_NONE, "%s: %s\n",
250                                                 c->log, c->cr_msg, 0);
251                                         return(ARG_BAD_CONF);
252                                 }
253                                 break;
254                         case ARG_UINT:
255                                 assert( c->argc == 2 );
256                                 if ( lutil_atoux( &uiarg, c->argv[1], 0 ) != 0 ) {
257                                         snprintf( c->cr_msg, sizeof( c->cr_msg ),
258                                                 "<%s> unable to parse \"%s\" as unsigned int",
259                                                 c->argv[0], c->argv[1] );
260                                         Debug(LDAP_DEBUG_CONFIG|LDAP_DEBUG_NONE, "%s: %s\n",
261                                                 c->log, c->cr_msg, 0);
262                                         return(ARG_BAD_CONF);
263                                 }
264                                 break;
265                         case ARG_LONG:
266                                 assert( c->argc == 2 );
267                                 if ( lutil_atolx( &larg, c->argv[1], 0 ) != 0 ) {
268                                         snprintf( c->cr_msg, sizeof( c->cr_msg ),
269                                                 "<%s> unable to parse \"%s\" as long",
270                                                 c->argv[0], c->argv[1] );
271                                         Debug(LDAP_DEBUG_CONFIG|LDAP_DEBUG_NONE, "%s: %s\n",
272                                                 c->log, c->cr_msg, 0);
273                                         return(ARG_BAD_CONF);
274                                 }
275                                 break;
276                         case ARG_ULONG:
277                                 assert( c->argc == 2 );
278                                 if ( LUTIL_ATOULX( &ularg, c->argv[1], 0 ) != 0 ) {
279                                         snprintf( c->cr_msg, sizeof( c->cr_msg ),
280                                                 "<%s> unable to parse \"%s\" as unsigned long",
281                                                 c->argv[0], c->argv[1] );
282                                         Debug(LDAP_DEBUG_CONFIG|LDAP_DEBUG_NONE, "%s: %s\n",
283                                                 c->log, c->cr_msg, 0);
284                                         return(ARG_BAD_CONF);
285                                 }
286                                 break;
287                         case ARG_BER_LEN_T: {
288                                 unsigned long   l;
289                                 assert( c->argc == 2 );
290                                 if ( lutil_atoulx( &l, c->argv[1], 0 ) != 0 ) {
291                                         snprintf( c->cr_msg, sizeof( c->cr_msg ),
292                                                 "<%s> unable to parse \"%s\" as ber_len_t",
293                                                 c->argv[0], c->argv[1] );
294                                         Debug(LDAP_DEBUG_CONFIG|LDAP_DEBUG_NONE, "%s: %s\n",
295                                                 c->log, c->cr_msg, 0);
296                                         return(ARG_BAD_CONF);
297                                 }
298                                 barg = (ber_len_t)l;
299                                 } break;
300                         case ARG_ON_OFF:
301                                 /* note: this is an explicit exception
302                                  * to the "need exactly 2 args" rule */
303                                 if (c->argc == 1) {
304                                         iarg = 1;
305                                 } else if ( !strcasecmp(c->argv[1], "on") ||
306                                         !strcasecmp(c->argv[1], "true") ||
307                                         !strcasecmp(c->argv[1], "yes") )
308                                 {
309                                         iarg = 1;
310                                 } else if ( !strcasecmp(c->argv[1], "off") ||
311                                         !strcasecmp(c->argv[1], "false") ||
312                                         !strcasecmp(c->argv[1], "no") )
313                                 {
314                                         iarg = 0;
315                                 } else {
316                                         snprintf( c->cr_msg, sizeof( c->cr_msg ), "<%s> invalid value",
317                                                 c->argv[0] );
318                                         Debug(LDAP_DEBUG_ANY|LDAP_DEBUG_NONE, "%s: %s\n",
319                                                 c->log, c->cr_msg, 0 );
320                                         return(ARG_BAD_CONF);
321                                 }
322                                 break;
323                 }
324                 j = (arg_type & ARG_NONZERO) ? 1 : 0;
325                 if(iarg < j && larg < j && barg < (unsigned)j ) {
326                         larg = larg ? larg : (barg ? (long)barg : iarg);
327                         snprintf( c->cr_msg, sizeof( c->cr_msg ), "<%s> invalid value",
328                                 c->argv[0] );
329                         Debug(LDAP_DEBUG_ANY|LDAP_DEBUG_NONE, "%s: %s\n",
330                                 c->log, c->cr_msg, 0 );
331                         return(ARG_BAD_CONF);
332                 }
333                 switch(arg_type) {
334                         case ARG_ON_OFF:
335                         case ARG_INT:           c->value_int = iarg;            break;
336                         case ARG_UINT:          c->value_uint = uiarg;          break;
337                         case ARG_LONG:          c->value_long = larg;           break;
338                         case ARG_ULONG:         c->value_ulong = ularg;         break;
339                         case ARG_BER_LEN_T:     c->value_ber_t = barg;          break;
340                 }
341         }
342         return 0;
343 }
344
345 int config_set_vals(ConfigTable *Conf, ConfigArgs *c) {
346         int rc, arg_type;
347         void *ptr = NULL;
348
349         arg_type = Conf->arg_type;
350         if(arg_type & ARG_MAGIC) {
351                 if(!c->be) c->be = frontendDB;
352                 c->cr_msg[0] = '\0';
353                 rc = (*((ConfigDriver*)Conf->arg_item))(c);
354 #if 0
355                 if(c->be == frontendDB) c->be = NULL;
356 #endif
357                 if(rc) {
358                         if ( !c->cr_msg[0] ) {
359                                 snprintf( c->cr_msg, sizeof( c->cr_msg ), "<%s> handler exited with %d",
360                                         c->argv[0], rc );
361                                 Debug(LDAP_DEBUG_CONFIG, "%s: %s!\n",
362                                         c->log, c->cr_msg, 0 );
363                         }
364                         return(ARG_BAD_CONF);
365                 }
366                 return(0);
367         }
368         if(arg_type & ARG_OFFSET) {
369                 if (c->be && c->table == Cft_Database)
370                         ptr = c->be->be_private;
371                 else if (c->bi)
372                         ptr = c->bi->bi_private;
373                 else {
374                         snprintf( c->cr_msg, sizeof( c->cr_msg ), "<%s> offset is missing base pointer",
375                                 c->argv[0] );
376                         Debug(LDAP_DEBUG_CONFIG, "%s: %s!\n",
377                                 c->log, c->cr_msg, 0);
378                         return(ARG_BAD_CONF);
379                 }
380                 ptr = (void *)((char *)ptr + (long)Conf->arg_item);
381         } else if (arg_type & ARGS_TYPES) {
382                 ptr = Conf->arg_item;
383         }
384         if(arg_type & ARGS_TYPES)
385                 switch(arg_type & ARGS_TYPES) {
386                         case ARG_ON_OFF:
387                         case ARG_INT:           *(int*)ptr = c->value_int;                      break;
388                         case ARG_UINT:          *(unsigned*)ptr = c->value_uint;                        break;
389                         case ARG_LONG:          *(long*)ptr = c->value_long;                    break;
390                         case ARG_ULONG:         *(size_t*)ptr = c->value_ulong;                 break;
391                         case ARG_BER_LEN_T:     *(ber_len_t*)ptr = c->value_ber_t;                      break;
392                         case ARG_STRING: {
393                                 char *cc = *(char**)ptr;
394                                 if(cc) {
395                                         if ((arg_type & ARG_UNIQUE) && c->op == SLAP_CONFIG_ADD ) {
396                                                 Debug(LDAP_DEBUG_CONFIG, "%s: already set %s!\n",
397                                                         c->log, Conf->name, 0 );
398                                                 return(ARG_BAD_CONF);
399                                         }
400                                         ch_free(cc);
401                                 }
402                                 *(char **)ptr = c->value_string;
403                                 break;
404                                 }
405                         case ARG_BERVAL:
406                                 *(struct berval *)ptr = c->value_bv;
407                                 break;
408                         case ARG_ATDESC:
409                                 *(AttributeDescription **)ptr = c->value_ad;
410                                 break;
411                 }
412         return(0);
413 }
414
415 int config_add_vals(ConfigTable *Conf, ConfigArgs *c) {
416         int rc, arg_type;
417
418         arg_type = Conf->arg_type;
419         if(arg_type == ARG_IGNORED) {
420                 Debug(LDAP_DEBUG_CONFIG, "%s: keyword <%s> ignored\n",
421                         c->log, Conf->name, 0);
422                 return(0);
423         }
424         rc = config_check_vals( Conf, c, 0 );
425         if ( rc ) return rc;
426         return config_set_vals( Conf, c );
427 }
428
429 int
430 config_del_vals(ConfigTable *cf, ConfigArgs *c)
431 {
432         int rc = 0;
433
434         /* If there is no handler, just ignore it */
435         if ( cf->arg_type & ARG_MAGIC ) {
436                 c->argv[0] = cf->ad->ad_cname.bv_val;
437                 c->op = LDAP_MOD_DELETE;
438                 c->type = cf->arg_type & ARGS_USERLAND;
439                 rc = (*((ConfigDriver*)cf->arg_item))(c);
440         }
441         return rc;
442 }
443
444 int
445 config_get_vals(ConfigTable *cf, ConfigArgs *c)
446 {
447         int rc = 0;
448         struct berval bv;
449         void *ptr;
450
451         if ( cf->arg_type & ARG_IGNORED ) {
452                 return 1;
453         }
454
455         memset(&c->values, 0, sizeof(c->values));
456         c->rvalue_vals = NULL;
457         c->rvalue_nvals = NULL;
458         c->op = SLAP_CONFIG_EMIT;
459         c->type = cf->arg_type & ARGS_USERLAND;
460
461         if ( cf->arg_type & ARG_MAGIC ) {
462                 rc = (*((ConfigDriver*)cf->arg_item))(c);
463                 if ( rc ) return rc;
464         } else {
465                 if ( cf->arg_type & ARG_OFFSET ) {
466                         if (c->be && c->table == Cft_Database)
467                                 ptr = c->be->be_private;
468                         else if ( c->bi )
469                                 ptr = c->bi->bi_private;
470                         else
471                                 return 1;
472                         ptr = (void *)((char *)ptr + (long)cf->arg_item);
473                 } else {
474                         ptr = cf->arg_item;
475                 }
476                 
477                 switch(cf->arg_type & ARGS_TYPES) {
478                 case ARG_ON_OFF:
479                 case ARG_INT:   c->value_int = *(int *)ptr; break;
480                 case ARG_UINT:  c->value_uint = *(unsigned *)ptr; break;
481                 case ARG_LONG:  c->value_long = *(long *)ptr; break;
482                 case ARG_ULONG: c->value_ulong = *(size_t *)ptr; break;
483                 case ARG_BER_LEN_T:     c->value_ber_t = *(ber_len_t *)ptr; break;
484                 case ARG_STRING:
485                         if ( *(char **)ptr )
486                                 c->value_string = ch_strdup(*(char **)ptr);
487                         break;
488                 case ARG_BERVAL:
489                         c->value_bv = *((struct berval *)ptr); break;
490                 case ARG_ATDESC:
491                         c->value_ad = *(AttributeDescription **)ptr; break;
492                 }
493         }
494         if ( cf->arg_type & ARGS_TYPES) {
495                 bv.bv_len = 0;
496                 bv.bv_val = c->log;
497                 switch(cf->arg_type & ARGS_TYPES) {
498                 case ARG_INT: bv.bv_len = snprintf(bv.bv_val, sizeof( c->log ), "%d", c->value_int); break;
499                 case ARG_UINT: bv.bv_len = snprintf(bv.bv_val, sizeof( c->log ), "%u", c->value_uint); break;
500                 case ARG_LONG: bv.bv_len = snprintf(bv.bv_val, sizeof( c->log ), "%ld", c->value_long); break;
501                 case ARG_ULONG: bv.bv_len = snprintf(bv.bv_val, sizeof( c->log ), "%" Z "u", c->value_ulong); break;
502                 case ARG_BER_LEN_T: bv.bv_len = snprintf(bv.bv_val, sizeof( c->log ), "%ld", c->value_ber_t); break;
503                 case ARG_ON_OFF: bv.bv_len = snprintf(bv.bv_val, sizeof( c->log ), "%s",
504                         c->value_int ? "TRUE" : "FALSE"); break;
505                 case ARG_STRING:
506                         if ( c->value_string && c->value_string[0]) {
507                                 ber_str2bv( c->value_string, 0, 0, &bv);
508                         } else {
509                                 return 1;
510                         }
511                         break;
512                 case ARG_BERVAL:
513                         if ( !BER_BVISEMPTY( &c->value_bv )) {
514                                 bv = c->value_bv;
515                         } else {
516                                 return 1;
517                         }
518                         break;
519                 case ARG_ATDESC:
520                         if ( c->value_ad ) {
521                                 bv = c->value_ad->ad_cname;
522                         } else {
523                                 return 1;
524                         }
525                         break;
526                 default:
527                         bv.bv_val = NULL;
528                         break;
529                 }
530                 if (bv.bv_val == c->log && bv.bv_len >= sizeof( c->log ) ) {
531                         return 1;
532                 }
533                 if (( cf->arg_type & ARGS_TYPES ) == ARG_STRING ) {
534                         ber_bvarray_add(&c->rvalue_vals, &bv);
535                 } else if ( !BER_BVISNULL( &bv ) ) {
536                         value_add_one(&c->rvalue_vals, &bv);
537                 }
538                 /* else: maybe c->rvalue_vals already set? */
539         }
540         return rc;
541 }
542
543 int
544 init_config_attrs(ConfigTable *ct) {
545         int i, code;
546
547         for (i=0; ct[i].name; i++ ) {
548                 if ( !ct[i].attribute ) continue;
549                 code = register_at( ct[i].attribute, &ct[i].ad, 1 );
550                 if ( code ) {
551                         fprintf( stderr, "init_config_attrs: register_at failed\n" );
552                         return code;
553                 }
554         }
555
556         return 0;
557 }
558
559 int
560 init_config_ocs( ConfigOCs *ocs ) {
561         int i, code;
562
563         for (i=0;ocs[i].co_def;i++) {
564                 code = register_oc( ocs[i].co_def, &ocs[i].co_oc, 1 );
565                 if ( code ) {
566                         fprintf( stderr, "init_config_ocs: register_oc failed\n" );
567                         return code;
568                 }
569         }
570         return 0;
571 }
572
573 /* Split an LDIF line into space-separated tokens. Words may be grouped
574  * by quotes. A quoted string may begin in the middle of a word, but must
575  * end at the end of the word (be followed by whitespace or EOS). Any other
576  * quotes are passed through unchanged. All other characters are passed
577  * through unchanged.
578  */
579 static char *
580 strtok_quote_ldif( char **line )
581 {
582         char *beg, *ptr, *quote=NULL;
583         int inquote=0;
584
585         ptr = *line;
586
587         if ( !ptr || !*ptr )
588                 return NULL;
589
590         while( isspace( (unsigned char) *ptr )) ptr++;
591
592         if ( *ptr == '"' ) {
593                 inquote = 1;
594                 ptr++;
595         }
596
597         beg = ptr;
598
599         for (;*ptr;ptr++) {
600                 if ( *ptr == '"' ) {
601                         if ( inquote && ( !ptr[1] || isspace((unsigned char) ptr[1]))) {
602                                 *ptr++ = '\0';
603                                 break;
604                         }
605                         inquote = 1;
606                         quote = ptr;
607                         continue;
608                 }
609                 if ( inquote )
610                         continue;
611                 if ( isspace( (unsigned char) *ptr )) {
612                         *ptr++ = '\0';
613                         break;
614                 }
615         }
616         if ( quote ) {
617                 while ( quote < ptr ) {
618                         *quote = quote[1];
619                         quote++;
620                 }
621         }
622         if ( !*ptr ) {
623                 *line = NULL;
624         } else {
625                 while ( isspace( (unsigned char) *ptr )) ptr++;
626                 *line = ptr;
627         }
628         return beg;
629 }
630
631 static void
632 config_parse_ldif( ConfigArgs *c )
633 {
634         char *next;
635         c->tline = ch_strdup(c->line);
636         next = c->tline;
637
638         while ((c->argv[c->argc] = strtok_quote_ldif( &next )) != NULL) {
639                 c->argc++;
640                 if ( c->argc >= c->argv_size ) {
641                         char **tmp = ch_realloc( c->argv, (c->argv_size + ARGS_STEP) *
642                                 sizeof( *c->argv ));
643                         c->argv = tmp;
644                         c->argv_size += ARGS_STEP;
645                 }
646         }
647         c->argv[c->argc] = NULL;
648 }
649
650 int
651 config_parse_vals(ConfigTable *ct, ConfigArgs *c, int valx)
652 {
653         int     rc = 0;
654
655         snprintf( c->log, sizeof( c->log ), "%s: value #%d",
656                 ct->ad->ad_cname.bv_val, valx );
657         c->argc = 1;
658         c->argv[0] = ct->ad->ad_cname.bv_val;
659
660         if ( ( ct->arg_type & ARG_QUOTE ) && c->line[ 0 ] != '"' ) {
661                 c->argv[c->argc] = c->line;
662                 c->argc++;
663                 c->argv[c->argc] = NULL;
664                 c->tline = NULL;
665         } else {
666                 config_parse_ldif( c );
667         }
668         rc = config_check_vals( ct, c, 1 );
669         ch_free( c->tline );
670         c->tline = NULL;
671
672         if ( rc )
673                 rc = LDAP_CONSTRAINT_VIOLATION;
674
675         return rc;
676 }
677
678 int
679 config_parse_add(ConfigTable *ct, ConfigArgs *c, int valx)
680 {
681         int     rc = 0;
682
683         snprintf( c->log, sizeof( c->log ), "%s: value #%d",
684                 ct->ad->ad_cname.bv_val, valx );
685         c->argc = 1;
686         c->argv[0] = ct->ad->ad_cname.bv_val;
687
688         if ( ( ct->arg_type & ARG_QUOTE ) && c->line[ 0 ] != '"' ) {
689                 c->argv[c->argc] = c->line;
690                 c->argc++;
691                 c->argv[c->argc] = NULL;
692                 c->tline = NULL;
693         } else {
694                 config_parse_ldif( c );
695         }
696         c->op = LDAP_MOD_ADD;
697         rc = config_add_vals( ct, c );
698         ch_free( c->tline );
699
700         return rc;
701 }
702
703 int
704 read_config_file(const char *fname, int depth, ConfigArgs *cf, ConfigTable *cft)
705 {
706         FILE *fp;
707         ConfigTable *ct;
708         ConfigArgs *c;
709         int rc;
710         struct stat s;
711
712         c = ch_calloc( 1, sizeof( ConfigArgs ) );
713         if ( c == NULL ) {
714                 return 1;
715         }
716
717         if ( depth ) {
718                 memcpy( c, cf, sizeof( ConfigArgs ) );
719         } else {
720                 c->depth = depth; /* XXX */
721                 c->bi = NULL;
722                 c->be = NULL;
723         }
724
725         c->valx = -1;
726         c->fname = fname;
727         init_config_argv( c );
728
729         if ( stat( fname, &s ) != 0 ) {
730                 ldap_syslog = 1;
731                 Debug(LDAP_DEBUG_ANY,
732                     "could not stat config file \"%s\": %s (%d)\n",
733                     fname, strerror(errno), errno);
734                 ch_free( c );
735                 return(1);
736         }
737
738         if ( !S_ISREG( s.st_mode ) ) {
739                 ldap_syslog = 1;
740                 Debug(LDAP_DEBUG_ANY,
741                     "regular file expected, got \"%s\"\n",
742                     fname, 0, 0 );
743                 ch_free( c );
744                 return(1);
745         }
746
747         fp = fopen( fname, "r" );
748         if ( fp == NULL ) {
749                 ldap_syslog = 1;
750                 Debug(LDAP_DEBUG_ANY,
751                     "could not open config file \"%s\": %s (%d)\n",
752                     fname, strerror(errno), errno);
753                 ch_free( c );
754                 return(1);
755         }
756
757         Debug(LDAP_DEBUG_CONFIG, "reading config file %s\n", fname, 0, 0);
758
759         fp_getline_init(c);
760
761         c->tline = NULL;
762
763         while ( fp_getline( fp, c ) ) {
764                 /* skip comments and blank lines */
765                 if ( c->line[0] == '#' || c->line[0] == '\0' ) {
766                         continue;
767                 }
768
769                 snprintf( c->log, sizeof( c->log ), "%s: line %d",
770                                 c->fname, c->lineno );
771
772                 c->argc = 0;
773                 ch_free( c->tline );
774                 if ( config_fp_parse_line( c ) ) {
775                         rc = 1;
776                         goto done;
777                 }
778
779                 if ( c->argc < 1 ) {
780                         Debug( LDAP_DEBUG_ANY, "%s: bad config line.\n",
781                                 c->log, 0, 0);
782                         rc = 1;
783                         goto done;
784                 }
785
786                 c->op = SLAP_CONFIG_ADD;
787
788                 ct = config_find_keyword( cft, c );
789                 if ( ct ) {
790                         c->table = Cft_Global;
791                         rc = config_add_vals( ct, c );
792                         if ( !rc ) continue;
793
794                         if ( rc & ARGS_USERLAND ) {
795                                 /* XXX a usertype would be opaque here */
796                                 Debug(LDAP_DEBUG_CONFIG, "%s: unknown user type <%s>\n",
797                                         c->log, c->argv[0], 0);
798                                 rc = 1;
799                                 goto done;
800
801                         } else if ( rc == ARG_BAD_CONF ) {
802                                 rc = 1;
803                                 goto done;
804                         }
805                         
806                 } else if ( c->bi && !c->be ) {
807                         rc = SLAP_CONF_UNKNOWN;
808                         if ( c->bi->bi_cf_ocs ) {
809                                 ct = config_find_keyword( c->bi->bi_cf_ocs->co_table, c );
810                                 if ( ct ) {
811                                         c->table = c->bi->bi_cf_ocs->co_type;
812                                         rc = config_add_vals( ct, c );
813                                 }
814                         }
815                         if ( c->bi->bi_config && rc == SLAP_CONF_UNKNOWN ) {
816                                 rc = (*c->bi->bi_config)(c->bi, c->fname, c->lineno,
817                                         c->argc, c->argv);
818                         }
819                         if ( rc ) {
820                                 switch(rc) {
821                                 case SLAP_CONF_UNKNOWN:
822                                         Debug( LDAP_DEBUG_ANY, "%s: unknown directive "
823                                                 "<%s> inside backend info definition.\n",
824                                                 c->log, *c->argv, 0);
825                                 default:
826                                         rc = 1;
827                                         goto done;
828                                 }
829                         }
830
831                 } else if ( c->be && c->be != frontendDB ) {
832                         rc = SLAP_CONF_UNKNOWN;
833                         if ( c->be->be_cf_ocs ) {
834                                 ct = config_find_keyword( c->be->be_cf_ocs->co_table, c );
835                                 if ( ct ) {
836                                         c->table = c->be->be_cf_ocs->co_type;
837                                         rc = config_add_vals( ct, c );
838                                 }
839                         }
840                         if ( c->be->be_config && rc == SLAP_CONF_UNKNOWN ) {
841                                 rc = (*c->be->be_config)(c->be, c->fname, c->lineno,
842                                         c->argc, c->argv);
843                         }
844                         if ( rc == SLAP_CONF_UNKNOWN && SLAP_ISGLOBALOVERLAY( frontendDB ) )
845                         {
846                                 /* global overlays may need 
847                                  * definitions inside other databases...
848                                  */
849                                 rc = (*frontendDB->be_config)( frontendDB,
850                                         c->fname, (int)c->lineno, c->argc, c->argv );
851                         }
852
853                         switch ( rc ) {
854                         case 0:
855                                 break;
856
857                         case SLAP_CONF_UNKNOWN:
858                                 Debug( LDAP_DEBUG_ANY, "%s: unknown directive "
859                                         "<%s> inside backend database definition.\n",
860                                         c->log, *c->argv, 0);
861                                 
862                         default:
863                                 rc = 1;
864                                 goto done;
865                         }
866
867                 } else if ( frontendDB->be_config ) {
868                         rc = (*frontendDB->be_config)( frontendDB,
869                                 c->fname, (int)c->lineno, c->argc, c->argv);
870                         if ( rc ) {
871                                 switch(rc) {
872                                 case SLAP_CONF_UNKNOWN:
873                                         Debug( LDAP_DEBUG_ANY, "%s: unknown directive "
874                                                 "<%s> inside global database definition.\n",
875                                                 c->log, *c->argv, 0);
876
877                                 default:
878                                         rc = 1;
879                                         goto done;
880                                 }
881                         }
882                         
883                 } else {
884                         Debug( LDAP_DEBUG_ANY, "%s: unknown directive "
885                                 "<%s> outside backend info and database definitions.\n",
886                                 c->log, *c->argv, 0);
887                         rc = 1;
888                         goto done;
889                 }
890         }
891
892         rc = 0;
893
894 done:
895         if ( cf ) {
896                 cf->be = c->be;
897                 cf->bi = c->bi;
898         }
899         ch_free(c->tline);
900         fclose(fp);
901         ch_free(c->argv);
902         ch_free(c);
903         return(rc);
904 }
905
906 /* restrictops, allows, disallows, requires, loglevel */
907
908 int
909 bverb_to_mask(struct berval *bword, slap_verbmasks *v) {
910         int i;
911         for(i = 0; !BER_BVISNULL(&v[i].word); i++) {
912                 if(!ber_bvstrcasecmp(bword, &v[i].word)) break;
913         }
914         return(i);
915 }
916
917 int
918 verb_to_mask(const char *word, slap_verbmasks *v) {
919         struct berval   bword;
920         ber_str2bv( word, 0, 0, &bword );
921         return bverb_to_mask( &bword, v );
922 }
923
924 int
925 verbs_to_mask(int argc, char *argv[], slap_verbmasks *v, slap_mask_t *m) {
926         int i, j;
927         for(i = 1; i < argc; i++) {
928                 j = verb_to_mask(argv[i], v);
929                 if(BER_BVISNULL(&v[j].word)) return i;
930                 while (!v[j].mask) j--;
931                 *m |= v[j].mask;
932         }
933         return(0);
934 }
935
936 /* Mask keywords that represent multiple bits should occur before single
937  * bit keywords in the verbmasks array.
938  */
939 int
940 mask_to_verbs(slap_verbmasks *v, slap_mask_t m, BerVarray *bva) {
941         int i, rc = 1;
942
943         if (m) {
944                 for (i=0; !BER_BVISNULL(&v[i].word); i++) {
945                         if (!v[i].mask) continue;
946                         if (( m & v[i].mask ) == v[i].mask ) {
947                                 value_add_one( bva, &v[i].word );
948                                 rc = 0;
949                                 m ^= v[i].mask;
950                                 if ( !m ) break;
951                         }
952                 }
953         }
954         return rc;
955 }
956
957 /* Return the verbs as a single string, separated by delim */
958 int
959 mask_to_verbstring(slap_verbmasks *v, slap_mask_t m0, char delim, struct berval *bv)
960 {
961         int i, rc = 1;
962
963         BER_BVZERO( bv );
964         if (m0) {
965                 slap_mask_t m = m0;
966                 char *ptr;
967                 for (i=0; !BER_BVISNULL(&v[i].word); i++) {
968                         if (!v[i].mask) continue;
969                         if (( m & v[i].mask ) == v[i].mask ) {
970                                 bv->bv_len += v[i].word.bv_len + 1;
971                                 rc = 0;
972                                 m ^= v[i].mask;
973                                 if ( !m ) break;
974                         }
975                 }
976                 bv->bv_val = ch_malloc(bv->bv_len);
977                 bv->bv_len--;
978                 ptr = bv->bv_val;
979                 m = m0;
980                 for (i=0; !BER_BVISNULL(&v[i].word); i++) {
981                         if (!v[i].mask) continue;
982                         if (( m & v[i].mask ) == v[i].mask ) {
983                                 ptr = lutil_strcopy(ptr, v[i].word.bv_val);
984                                 *ptr++ = delim;
985                                 m ^= v[i].mask;
986                                 if ( !m ) break;
987                         }
988                 }
989                 ptr[-1] = '\0';
990         }
991         return rc;
992 }
993
994 /* Parse a verbstring */
995 int
996 verbstring_to_mask(slap_verbmasks *v, char *str, char delim, slap_mask_t *m) {
997         int j;
998         char *d;
999         struct berval bv;
1000
1001         do {
1002                 bv.bv_val = str;
1003                 d = strchr( str, delim );
1004                 if ( d )
1005                         bv.bv_len = d - str;
1006                 else
1007                         bv.bv_len = strlen( str );
1008                 j = bverb_to_mask( &bv, v );
1009                 if(BER_BVISNULL(&v[j].word)) return 1;
1010                 while (!v[j].mask) j--;
1011                 *m |= v[j].mask;
1012                 str += bv.bv_len + 1;
1013         } while ( d );
1014         return(0);
1015 }
1016
1017 int
1018 slap_verbmasks_init( slap_verbmasks **vp, slap_verbmasks *v )
1019 {
1020         int             i;
1021
1022         assert( *vp == NULL );
1023
1024         for ( i = 0; !BER_BVISNULL( &v[ i ].word ); i++ ) /* EMPTY */;
1025
1026         *vp = ch_calloc( i + 1, sizeof( slap_verbmasks ) );
1027
1028         for ( i = 0; !BER_BVISNULL( &v[ i ].word ); i++ ) {
1029                 ber_dupbv( &(*vp)[ i ].word, &v[ i ].word );
1030                 *((slap_mask_t *)&(*vp)[ i ].mask) = v[ i ].mask;
1031         }
1032
1033         BER_BVZERO( &(*vp)[ i ].word );
1034
1035         return 0;               
1036 }
1037
1038 int
1039 slap_verbmasks_destroy( slap_verbmasks *v )
1040 {
1041         int             i;
1042
1043         assert( v != NULL );
1044
1045         for ( i = 0; !BER_BVISNULL( &v[ i ].word ); i++ ) {
1046                 ch_free( v[ i ].word.bv_val );
1047         }
1048
1049         ch_free( v );
1050
1051         return 0;
1052 }
1053
1054 int
1055 slap_verbmasks_append(
1056         slap_verbmasks  **vp,
1057         slap_mask_t     m,
1058         struct berval   *v,
1059         slap_mask_t     *ignore )
1060 {
1061         int     i;
1062
1063         if ( !m ) {
1064                 return LDAP_OPERATIONS_ERROR;
1065         }
1066
1067         for ( i = 0; !BER_BVISNULL( &(*vp)[ i ].word ); i++ ) {
1068                 if ( !(*vp)[ i ].mask ) continue;
1069
1070                 if ( ignore != NULL ) {
1071                         int     j;
1072
1073                         for ( j = 0; ignore[ j ] != 0; j++ ) {
1074                                 if ( (*vp)[ i ].mask == ignore[ j ] ) {
1075                                         goto check_next;
1076                                 }
1077                         }
1078                 }
1079
1080                 if ( ( m & (*vp)[ i ].mask ) == (*vp)[ i ].mask ) {
1081                         if ( ber_bvstrcasecmp( v, &(*vp)[ i ].word ) == 0 ) {
1082                                 /* already set; ignore */
1083                                 return LDAP_SUCCESS;
1084                         }
1085                         /* conflicts */
1086                         return LDAP_TYPE_OR_VALUE_EXISTS;
1087                 }
1088
1089                 if ( m & (*vp)[ i ].mask ) {
1090                         /* conflicts */
1091                         return LDAP_CONSTRAINT_VIOLATION;
1092                 }
1093 check_next:;
1094         }
1095
1096         *vp = ch_realloc( *vp, sizeof( slap_verbmasks ) * ( i + 2 ) );
1097         ber_dupbv( &(*vp)[ i ].word, v );
1098         *((slap_mask_t *)&(*vp)[ i ].mask) = m;
1099         BER_BVZERO( &(*vp)[ i + 1 ].word );
1100
1101         return LDAP_SUCCESS;
1102 }
1103
1104 int
1105 enum_to_verb(slap_verbmasks *v, slap_mask_t m, struct berval *bv) {
1106         int i;
1107
1108         for (i=0; !BER_BVISNULL(&v[i].word); i++) {
1109                 if ( m == v[i].mask ) {
1110                         if ( bv != NULL ) {
1111                                 *bv = v[i].word;
1112                         }
1113                         return i;
1114                 }
1115         }
1116         return -1;
1117 }
1118
1119 /* register a new verbmask */
1120 static int
1121 slap_verbmask_register( slap_verbmasks *vm_, slap_verbmasks **vmp, struct berval *bv, int mask )
1122 {
1123         slap_verbmasks  *vm = *vmp;
1124         int             i;
1125
1126         /* check for duplicate word */
1127         /* NOTE: we accept duplicate codes; the first occurrence will be used
1128          * when mapping from mask to verb */
1129         i = verb_to_mask( bv->bv_val, vm );
1130         if ( !BER_BVISNULL( &vm[ i ].word ) ) {
1131                 return -1;
1132         }
1133
1134         for ( i = 0; !BER_BVISNULL( &vm[ i ].word ); i++ )
1135                 ;
1136
1137         if ( vm == vm_ ) {
1138                 /* first time: duplicate array */
1139                 vm = ch_calloc( i + 2, sizeof( slap_verbmasks ) );
1140                 for ( i = 0; !BER_BVISNULL( &vm_[ i ].word ); i++ )
1141                 {
1142                         ber_dupbv( &vm[ i ].word, &vm_[ i ].word );
1143                         *((slap_mask_t*)&vm[ i ].mask) = vm_[ i ].mask;
1144                 }
1145
1146         } else {
1147                 vm = ch_realloc( vm, (i + 2) * sizeof( slap_verbmasks ) );
1148         }
1149
1150         ber_dupbv( &vm[ i ].word, bv );
1151         *((slap_mask_t*)&vm[ i ].mask) = mask;
1152
1153         BER_BVZERO( &vm[ i+1 ].word );
1154
1155         *vmp = vm;
1156
1157         return i;
1158 }
1159
1160 static slap_verbmasks slap_ldap_response_code_[] = {
1161         { BER_BVC("success"),                           LDAP_SUCCESS },
1162
1163         { BER_BVC("operationsError"),                   LDAP_OPERATIONS_ERROR },
1164         { BER_BVC("protocolError"),                     LDAP_PROTOCOL_ERROR },
1165         { BER_BVC("timelimitExceeded"),                 LDAP_TIMELIMIT_EXCEEDED },
1166         { BER_BVC("sizelimitExceeded"),                 LDAP_SIZELIMIT_EXCEEDED },
1167         { BER_BVC("compareFalse"),                      LDAP_COMPARE_FALSE },
1168         { BER_BVC("compareTrue"),                       LDAP_COMPARE_TRUE },
1169
1170         { BER_BVC("authMethodNotSupported"),            LDAP_AUTH_METHOD_NOT_SUPPORTED },
1171         { BER_BVC("strongAuthNotSupported"),            LDAP_STRONG_AUTH_NOT_SUPPORTED },
1172         { BER_BVC("strongAuthRequired"),                LDAP_STRONG_AUTH_REQUIRED },
1173         { BER_BVC("strongerAuthRequired"),              LDAP_STRONGER_AUTH_REQUIRED },
1174 #if 0 /* not LDAPv3 */
1175         { BER_BVC("partialResults"),                    LDAP_PARTIAL_RESULTS },
1176 #endif
1177
1178         { BER_BVC("referral"),                          LDAP_REFERRAL },
1179         { BER_BVC("adminlimitExceeded"),                LDAP_ADMINLIMIT_EXCEEDED },
1180         { BER_BVC("unavailableCriticalExtension"),      LDAP_UNAVAILABLE_CRITICAL_EXTENSION },
1181         { BER_BVC("confidentialityRequired"),           LDAP_CONFIDENTIALITY_REQUIRED },
1182         { BER_BVC("saslBindInProgress"),                LDAP_SASL_BIND_IN_PROGRESS },
1183
1184         { BER_BVC("noSuchAttribute"),                   LDAP_NO_SUCH_ATTRIBUTE },
1185         { BER_BVC("undefinedType"),                     LDAP_UNDEFINED_TYPE },
1186         { BER_BVC("inappropriateMatching"),             LDAP_INAPPROPRIATE_MATCHING },
1187         { BER_BVC("constraintViolation"),               LDAP_CONSTRAINT_VIOLATION },
1188         { BER_BVC("typeOrValueExists"),                 LDAP_TYPE_OR_VALUE_EXISTS },
1189         { BER_BVC("invalidSyntax"),                     LDAP_INVALID_SYNTAX },
1190
1191         { BER_BVC("noSuchObject"),                      LDAP_NO_SUCH_OBJECT },
1192         { BER_BVC("aliasProblem"),                      LDAP_ALIAS_PROBLEM },
1193         { BER_BVC("invalidDnSyntax"),                   LDAP_INVALID_DN_SYNTAX },
1194 #if 0 /* not LDAPv3 */
1195         { BER_BVC("isLeaf"),                            LDAP_IS_LEAF },
1196 #endif
1197         { BER_BVC("aliasDerefProblem"),                 LDAP_ALIAS_DEREF_PROBLEM },
1198
1199         { BER_BVC("proxyAuthzFailure"),                 LDAP_X_PROXY_AUTHZ_FAILURE },
1200         { BER_BVC("inappropriateAuth"),                 LDAP_INAPPROPRIATE_AUTH },
1201         { BER_BVC("invalidCredentials"),                LDAP_INVALID_CREDENTIALS },
1202         { BER_BVC("insufficientAccess"),                LDAP_INSUFFICIENT_ACCESS },
1203
1204         { BER_BVC("busy"),                              LDAP_BUSY },
1205         { BER_BVC("unavailable"),                       LDAP_UNAVAILABLE },
1206         { BER_BVC("unwillingToPerform"),                LDAP_UNWILLING_TO_PERFORM },
1207         { BER_BVC("loopDetect"),                        LDAP_LOOP_DETECT },
1208
1209         { BER_BVC("namingViolation"),                   LDAP_NAMING_VIOLATION },
1210         { BER_BVC("objectClassViolation"),              LDAP_OBJECT_CLASS_VIOLATION },
1211         { BER_BVC("notAllowedOnNonleaf"),               LDAP_NOT_ALLOWED_ON_NONLEAF },
1212         { BER_BVC("notAllowedOnRdn"),                   LDAP_NOT_ALLOWED_ON_RDN },
1213         { BER_BVC("alreadyExists"),                     LDAP_ALREADY_EXISTS },
1214         { BER_BVC("noObjectClassMods"),                 LDAP_NO_OBJECT_CLASS_MODS },
1215         { BER_BVC("resultsTooLarge"),                   LDAP_RESULTS_TOO_LARGE },
1216         { BER_BVC("affectsMultipleDsas"),               LDAP_AFFECTS_MULTIPLE_DSAS },
1217
1218         { BER_BVC("other"),                             LDAP_OTHER },
1219
1220         /* extension-specific */
1221
1222         { BER_BVC("cupResourcesExhausted"),             LDAP_CUP_RESOURCES_EXHAUSTED },
1223         { BER_BVC("cupSecurityViolation"),              LDAP_CUP_SECURITY_VIOLATION },
1224         { BER_BVC("cupInvalidData"),                    LDAP_CUP_INVALID_DATA },
1225         { BER_BVC("cupUnsupportedScheme"),              LDAP_CUP_UNSUPPORTED_SCHEME },
1226         { BER_BVC("cupReloadRequired"),                 LDAP_CUP_RELOAD_REQUIRED },
1227
1228         { BER_BVC("cancelled"),                         LDAP_CANCELLED },
1229         { BER_BVC("noSuchOperation"),                   LDAP_NO_SUCH_OPERATION },
1230         { BER_BVC("tooLate"),                           LDAP_TOO_LATE },
1231         { BER_BVC("cannotCancel"),                      LDAP_CANNOT_CANCEL },
1232
1233         { BER_BVC("assertionFailed"),                   LDAP_ASSERTION_FAILED },
1234
1235         { BER_BVC("proxiedAuthorizationDenied"),        LDAP_PROXIED_AUTHORIZATION_DENIED },
1236
1237         { BER_BVC("syncRefreshRequired"),               LDAP_SYNC_REFRESH_REQUIRED },
1238
1239         { BER_BVC("noOperation"),                       LDAP_X_NO_OPERATION },
1240
1241         { BER_BVNULL,                           0 }
1242 };
1243
1244 slap_verbmasks *slap_ldap_response_code = slap_ldap_response_code_;
1245
1246 int
1247 slap_ldap_response_code_register( struct berval *bv, int err )
1248 {
1249         return slap_verbmask_register( slap_ldap_response_code_,
1250                 &slap_ldap_response_code, bv, err );
1251 }
1252
1253 #ifdef HAVE_TLS
1254 static slap_verbmasks tlskey[] = {
1255         { BER_BVC("no"),        SB_TLS_OFF },
1256         { BER_BVC("yes"),       SB_TLS_ON },
1257         { BER_BVC("critical"),  SB_TLS_CRITICAL },
1258         { BER_BVNULL, 0 }
1259 };
1260
1261 static slap_verbmasks crlkeys[] = {
1262                 { BER_BVC("none"),      LDAP_OPT_X_TLS_CRL_NONE },
1263                 { BER_BVC("peer"),      LDAP_OPT_X_TLS_CRL_PEER },
1264                 { BER_BVC("all"),       LDAP_OPT_X_TLS_CRL_ALL },
1265                 { BER_BVNULL, 0 }
1266         };
1267
1268 static slap_verbmasks vfykeys[] = {
1269                 { BER_BVC("never"),     LDAP_OPT_X_TLS_NEVER },
1270                 { BER_BVC("allow"),     LDAP_OPT_X_TLS_ALLOW },
1271                 { BER_BVC("try"),       LDAP_OPT_X_TLS_TRY },
1272                 { BER_BVC("demand"),    LDAP_OPT_X_TLS_DEMAND },
1273                 { BER_BVC("hard"),      LDAP_OPT_X_TLS_HARD },
1274                 { BER_BVC("true"),      LDAP_OPT_X_TLS_HARD },
1275                 { BER_BVNULL, 0 }
1276         };
1277 #endif
1278
1279 static slap_verbmasks methkey[] = {
1280         { BER_BVC("none"),      LDAP_AUTH_NONE },
1281         { BER_BVC("simple"),    LDAP_AUTH_SIMPLE },
1282 #ifdef HAVE_CYRUS_SASL
1283         { BER_BVC("sasl"),      LDAP_AUTH_SASL },
1284 #endif
1285         { BER_BVNULL, 0 }
1286 };
1287
1288 static slap_verbmasks versionkey[] = {
1289         { BER_BVC("2"),         LDAP_VERSION2 },
1290         { BER_BVC("3"),         LDAP_VERSION3 },
1291         { BER_BVNULL, 0 }
1292 };
1293
1294 int
1295 slap_keepalive_parse(
1296         struct berval *val,
1297         void *bc,
1298         slap_cf_aux_table *tab0,
1299         const char *tabmsg,
1300         int unparse )
1301 {
1302         if ( unparse ) {
1303                 slap_keepalive *sk = (slap_keepalive *)bc;
1304                 int rc = snprintf( val->bv_val, val->bv_len, "%d:%d:%d",
1305                         sk->sk_idle, sk->sk_probes, sk->sk_interval );
1306                 if ( rc < 0 ) {
1307                         return -1;
1308                 }
1309
1310                 if ( (unsigned)rc >= val->bv_len ) {
1311                         return -1;
1312                 }
1313
1314                 val->bv_len = rc;
1315
1316         } else {
1317                 char *s = val->bv_val;
1318                 char *next;
1319                 slap_keepalive *sk = (slap_keepalive *)bc;
1320                 slap_keepalive sk2;
1321
1322                 if ( s[0] == ':' ) {
1323                         sk2.sk_idle = 0;
1324                         s++;
1325                         
1326                 } else {
1327                         sk2.sk_idle = strtol( s, &next, 10 );
1328                         if ( next == s || next[0] != ':' ) {
1329                                 return -1;
1330                         }
1331
1332                         if ( sk2.sk_idle < 0 ) {
1333                                 return -1;
1334                         }
1335
1336                         s = ++next;
1337                 }
1338
1339                 if ( s[0] == ':' ) {
1340                         sk2.sk_probes = 0;
1341                         s++;
1342
1343                 } else {
1344                         sk2.sk_probes = strtol( s, &next, 10 );
1345                         if ( next == s || next[0] != ':' ) {
1346                                 return -1;
1347                         }
1348
1349                         if ( sk2.sk_probes < 0 ) {
1350                                 return -1;
1351                         }
1352
1353                         s = ++next;
1354                 }
1355
1356                 if ( s == '\0' ) {
1357                         sk2.sk_interval = 0;
1358                         s++;
1359
1360                 } else {
1361                         sk2.sk_interval = strtol( s, &next, 10 );
1362                         if ( next == s || next[0] != '\0' ) {
1363                                 return -1;
1364                         }
1365
1366                         if ( sk2.sk_interval < 0 ) {
1367                                 return -1;
1368                         }
1369                 }
1370
1371                 *sk = sk2;
1372
1373                 ber_memfree( val->bv_val );
1374                 BER_BVZERO( val );
1375         }
1376
1377         return 0;
1378 }
1379
1380 static int
1381 slap_sb_uri(
1382         struct berval *val,
1383         void *bcp,
1384         slap_cf_aux_table *tab0,
1385         const char *tabmsg,
1386         int unparse )
1387 {
1388         slap_bindconf *bc = bcp;
1389         if ( unparse ) {
1390                 if ( bc->sb_uri.bv_len >= val->bv_len )
1391                         return -1;
1392                 val->bv_len = bc->sb_uri.bv_len;
1393                 AC_MEMCPY( val->bv_val, bc->sb_uri.bv_val, val->bv_len );
1394         } else {
1395                 bc->sb_uri = *val;
1396 #ifdef HAVE_TLS
1397                 if ( ldap_is_ldaps_url( val->bv_val ))
1398                         bc->sb_tls_do_init = 1;
1399 #endif
1400         }
1401         return 0;
1402 }
1403
1404 static slap_cf_aux_table bindkey[] = {
1405         { BER_BVC("uri="), 0, 'x', 1, slap_sb_uri },
1406         { BER_BVC("version="), offsetof(slap_bindconf, sb_version), 'i', 0, versionkey },
1407         { BER_BVC("bindmethod="), offsetof(slap_bindconf, sb_method), 'i', 0, methkey },
1408         { BER_BVC("timeout="), offsetof(slap_bindconf, sb_timeout_api), 'i', 0, NULL },
1409         { BER_BVC("network-timeout="), offsetof(slap_bindconf, sb_timeout_net), 'i', 0, NULL },
1410         { BER_BVC("binddn="), offsetof(slap_bindconf, sb_binddn), 'b', 1, (slap_verbmasks *)dnNormalize },
1411         { BER_BVC("credentials="), offsetof(slap_bindconf, sb_cred), 'b', 1, NULL },
1412         { BER_BVC("saslmech="), offsetof(slap_bindconf, sb_saslmech), 'b', 0, NULL },
1413         { BER_BVC("secprops="), offsetof(slap_bindconf, sb_secprops), 's', 0, NULL },
1414         { BER_BVC("realm="), offsetof(slap_bindconf, sb_realm), 'b', 0, NULL },
1415         { BER_BVC("authcID="), offsetof(slap_bindconf, sb_authcId), 'b', 1, NULL },
1416         { BER_BVC("authzID="), offsetof(slap_bindconf, sb_authzId), 'b', 1, (slap_verbmasks *)authzNormalize },
1417         { BER_BVC("keepalive="), offsetof(slap_bindconf, sb_keepalive), 'x', 0, (slap_verbmasks *)slap_keepalive_parse },
1418 #ifdef HAVE_TLS
1419         /* NOTE: replace "13" with the actual index
1420          * of the first TLS-related line */
1421 #define aux_TLS (bindkey+13)    /* beginning of TLS keywords */
1422
1423         { BER_BVC("starttls="), offsetof(slap_bindconf, sb_tls), 'i', 0, tlskey },
1424         { BER_BVC("tls_cert="), offsetof(slap_bindconf, sb_tls_cert), 's', 1, NULL },
1425         { BER_BVC("tls_key="), offsetof(slap_bindconf, sb_tls_key), 's', 1, NULL },
1426         { BER_BVC("tls_cacert="), offsetof(slap_bindconf, sb_tls_cacert), 's', 1, NULL },
1427         { BER_BVC("tls_cacertdir="), offsetof(slap_bindconf, sb_tls_cacertdir), 's', 1, NULL },
1428         { BER_BVC("tls_reqcert="), offsetof(slap_bindconf, sb_tls_reqcert), 's', 0, NULL },
1429         { BER_BVC("tls_cipher_suite="), offsetof(slap_bindconf, sb_tls_cipher_suite), 's', 0, NULL },
1430         { BER_BVC("tls_protocol_min="), offsetof(slap_bindconf, sb_tls_protocol_min), 's', 0, NULL },
1431 #ifdef HAVE_OPENSSL_CRL
1432         { BER_BVC("tls_crlcheck="), offsetof(slap_bindconf, sb_tls_crlcheck), 's', 0, NULL },
1433 #endif
1434 #endif
1435         { BER_BVNULL, 0, 0, 0, NULL }
1436 };
1437
1438 /*
1439  * 's': char *
1440  * 'b': struct berval; if !NULL, normalize using ((slap_mr_normalize_func *)aux)
1441  * 'i': int; if !NULL, compute using ((slap_verbmasks *)aux)
1442  * 'u': unsigned
1443  * 'I': long
1444  * 'U': unsigned long
1445  */
1446
1447 int
1448 slap_cf_aux_table_parse( const char *word, void *dst, slap_cf_aux_table *tab0, LDAP_CONST char *tabmsg )
1449 {
1450         int rc = SLAP_CONF_UNKNOWN;
1451         slap_cf_aux_table *tab;
1452
1453         for ( tab = tab0; !BER_BVISNULL( &tab->key ); tab++ ) {
1454                 if ( !strncasecmp( word, tab->key.bv_val, tab->key.bv_len ) ) {
1455                         char **cptr;
1456                         int *iptr, j;
1457                         unsigned *uptr;
1458                         long *lptr;
1459                         unsigned long *ulptr;
1460                         struct berval *bptr;
1461                         const char *val = word + tab->key.bv_len;
1462
1463                         switch ( tab->type ) {
1464                         case 's':
1465                                 cptr = (char **)((char *)dst + tab->off);
1466                                 *cptr = ch_strdup( val );
1467                                 rc = 0;
1468                                 break;
1469
1470                         case 'b':
1471                                 bptr = (struct berval *)((char *)dst + tab->off);
1472                                 if ( tab->aux != NULL ) {
1473                                         struct berval   dn;
1474                                         slap_mr_normalize_func *normalize = (slap_mr_normalize_func *)tab->aux;
1475
1476                                         ber_str2bv( val, 0, 0, &dn );
1477                                         rc = normalize( 0, NULL, NULL, &dn, bptr, NULL );
1478
1479                                 } else {
1480                                         ber_str2bv( val, 0, 1, bptr );
1481                                         rc = 0;
1482                                 }
1483                                 break;
1484
1485                         case 'i':
1486                                 iptr = (int *)((char *)dst + tab->off);
1487
1488                                 if ( tab->aux != NULL ) {
1489                                         slap_verbmasks *aux = (slap_verbmasks *)tab->aux;
1490
1491                                         assert( aux != NULL );
1492
1493                                         rc = 1;
1494                                         for ( j = 0; !BER_BVISNULL( &aux[j].word ); j++ ) {
1495                                                 if ( !strcasecmp( val, aux[j].word.bv_val ) ) {
1496                                                         *iptr = aux[j].mask;
1497                                                         rc = 0;
1498                                                         break;
1499                                                 }
1500                                         }
1501
1502                                 } else {
1503                                         rc = lutil_atoix( iptr, val, 0 );
1504                                 }
1505                                 break;
1506
1507                         case 'u':
1508                                 uptr = (unsigned *)((char *)dst + tab->off);
1509
1510                                 rc = lutil_atoux( uptr, val, 0 );
1511                                 break;
1512
1513                         case 'I':
1514                                 lptr = (long *)((char *)dst + tab->off);
1515
1516                                 rc = lutil_atolx( lptr, val, 0 );
1517                                 break;
1518
1519                         case 'U':
1520                                 ulptr = (unsigned long *)((char *)dst + tab->off);
1521
1522                                 rc = lutil_atoulx( ulptr, val, 0 );
1523                                 break;
1524
1525                         case 'x':
1526                                 if ( tab->aux != NULL ) {
1527                                         struct berval value;
1528                                         slap_cf_aux_table_parse_x *func = (slap_cf_aux_table_parse_x *)tab->aux;
1529
1530                                         ber_str2bv( val, 0, 1, &value );
1531
1532                                         rc = func( &value, (void *)((char *)dst + tab->off), tab, tabmsg, 0 );
1533
1534                                 } else {
1535                                         rc = 1;
1536                                 }
1537                                 break;
1538                         }
1539
1540                         if ( rc ) {
1541                                 Debug( LDAP_DEBUG_ANY, "invalid %s value %s\n",
1542                                         tabmsg, word, 0 );
1543                         }
1544                         
1545                         return rc;
1546                 }
1547         }
1548
1549         return rc;
1550 }
1551
1552 int
1553 slap_cf_aux_table_unparse( void *src, struct berval *bv, slap_cf_aux_table *tab0 )
1554 {
1555         char buf[AC_LINE_MAX], *ptr;
1556         slap_cf_aux_table *tab;
1557         struct berval tmp;
1558
1559         ptr = buf;
1560         for (tab = tab0; !BER_BVISNULL(&tab->key); tab++ ) {
1561                 char **cptr;
1562                 int *iptr, i;
1563                 unsigned *uptr;
1564                 long *lptr;
1565                 unsigned long *ulptr;
1566                 struct berval *bptr;
1567
1568                 cptr = (char **)((char *)src + tab->off);
1569
1570                 switch ( tab->type ) {
1571                 case 'b':
1572                         bptr = (struct berval *)((char *)src + tab->off);
1573                         cptr = &bptr->bv_val;
1574
1575                 case 's':
1576                         if ( *cptr ) {
1577                                 *ptr++ = ' ';
1578                                 ptr = lutil_strcopy( ptr, tab->key.bv_val );
1579                                 if ( tab->quote ) *ptr++ = '"';
1580                                 ptr = lutil_strcopy( ptr, *cptr );
1581                                 if ( tab->quote ) *ptr++ = '"';
1582                         }
1583                         break;
1584
1585                 case 'i':
1586                         iptr = (int *)((char *)src + tab->off);
1587
1588                         if ( tab->aux != NULL ) {
1589                                 slap_verbmasks *aux = (slap_verbmasks *)tab->aux;
1590
1591                                 for ( i = 0; !BER_BVISNULL( &aux[i].word ); i++ ) {
1592                                         if ( *iptr == aux[i].mask ) {
1593                                                 *ptr++ = ' ';
1594                                                 ptr = lutil_strcopy( ptr, tab->key.bv_val );
1595                                                 ptr = lutil_strcopy( ptr, aux[i].word.bv_val );
1596                                                 break;
1597                                         }
1598                                 }
1599
1600                         } else {
1601                                 *ptr++ = ' ';
1602                                 ptr = lutil_strcopy( ptr, tab->key.bv_val );
1603                                 ptr += snprintf( ptr, sizeof( buf ) - ( ptr - buf ), "%d", *iptr );
1604                         }
1605                         break;
1606
1607                 case 'u':
1608                         uptr = (unsigned *)((char *)src + tab->off);
1609                         *ptr++ = ' ';
1610                         ptr = lutil_strcopy( ptr, tab->key.bv_val );
1611                         ptr += snprintf( ptr, sizeof( buf ) - ( ptr - buf ), "%u", *uptr );
1612                         break;
1613
1614                 case 'I':
1615                         lptr = (long *)((char *)src + tab->off);
1616                         *ptr++ = ' ';
1617                         ptr = lutil_strcopy( ptr, tab->key.bv_val );
1618                         ptr += snprintf( ptr, sizeof( buf ) - ( ptr - buf ), "%ld", *lptr );
1619                         break;
1620
1621                 case 'U':
1622                         ulptr = (unsigned long *)((char *)src + tab->off);
1623                         *ptr++ = ' ';
1624                         ptr = lutil_strcopy( ptr, tab->key.bv_val );
1625                         ptr += snprintf( ptr, sizeof( buf ) - ( ptr - buf ), "%lu", *ulptr );
1626                         break;
1627
1628                 case 'x':
1629                         {
1630                                 char *saveptr=ptr;
1631                                 *ptr++ = ' ';
1632                                 ptr = lutil_strcopy( ptr, tab->key.bv_val );
1633                                 if ( tab->quote ) *ptr++ = '"';
1634                                 if ( tab->aux != NULL ) {
1635                                         struct berval value;
1636                                         slap_cf_aux_table_parse_x *func = (slap_cf_aux_table_parse_x *)tab->aux;
1637                                         int rc;
1638
1639                                         value.bv_val = ptr;
1640                                         value.bv_len = buf + sizeof( buf ) - ptr;
1641
1642                                         rc = func( &value, (void *)((char *)src + tab->off), tab, "(unparse)", 1 );
1643                                         if ( rc == 0 ) {
1644                                                 if (value.bv_len) {
1645                                                         ptr += value.bv_len;
1646                                                 } else {
1647                                                         ptr = saveptr;
1648                                                         break;
1649                                                 }
1650                                         }
1651                                 }
1652                                 if ( tab->quote ) *ptr++ = '"';
1653                         }
1654                         break;
1655
1656                 default:
1657                         assert( 0 );
1658                 }
1659         }
1660         tmp.bv_val = buf;
1661         tmp.bv_len = ptr - buf;
1662         ber_dupbv( bv, &tmp );
1663         return 0;
1664 }
1665
1666 int
1667 slap_tls_get_config( LDAP *ld, int opt, char **val )
1668 {
1669 #ifdef HAVE_TLS
1670         slap_verbmasks *keys;
1671         int i, ival;
1672
1673         *val = NULL;
1674         switch( opt ) {
1675         case LDAP_OPT_X_TLS_CRLCHECK:
1676                 keys = crlkeys;
1677                 break;
1678         case LDAP_OPT_X_TLS_REQUIRE_CERT:
1679                 keys = vfykeys;
1680                 break;
1681         case LDAP_OPT_X_TLS_PROTOCOL_MIN: {
1682                 char buf[8];
1683                 ldap_pvt_tls_get_option( ld, opt, &ival );
1684                 snprintf( buf, sizeof( buf ), "%d.%d",
1685                         ( ival >> 8 ) & 0xff, ival & 0xff );
1686                 *val = ch_strdup( buf );
1687                 return 0;
1688                 }
1689         default:
1690                 return -1;
1691         }
1692         ldap_pvt_tls_get_option( ld, opt, &ival );
1693         for (i=0; !BER_BVISNULL(&keys[i].word); i++) {
1694                 if (keys[i].mask == ival) {
1695                         *val = ch_strdup( keys[i].word.bv_val );
1696                         return 0;
1697                 }
1698         }
1699 #endif
1700         return -1;
1701 }
1702
1703 int
1704 bindconf_tls_parse( const char *word, slap_bindconf *bc )
1705 {
1706 #ifdef HAVE_TLS
1707         if ( slap_cf_aux_table_parse( word, bc, aux_TLS, "tls config" ) == 0 ) {
1708                 bc->sb_tls_do_init = 1;
1709                 return 0;
1710         }
1711 #endif
1712         return -1;
1713 }
1714
1715 int
1716 bindconf_tls_unparse( slap_bindconf *bc, struct berval *bv )
1717 {
1718 #ifdef HAVE_TLS
1719         return slap_cf_aux_table_unparse( bc, bv, aux_TLS );
1720 #endif
1721         return -1;
1722 }
1723
1724 int
1725 bindconf_parse( const char *word, slap_bindconf *bc )
1726 {
1727 #ifdef HAVE_TLS
1728         /* Detect TLS config changes explicitly */
1729         if ( bindconf_tls_parse( word, bc ) == 0 ) {
1730                 return 0;
1731         }
1732 #endif
1733         return slap_cf_aux_table_parse( word, bc, bindkey, "bind config" );
1734 }
1735
1736 int
1737 bindconf_unparse( slap_bindconf *bc, struct berval *bv )
1738 {
1739         return slap_cf_aux_table_unparse( bc, bv, bindkey );
1740 }
1741
1742 void bindconf_free( slap_bindconf *bc ) {
1743         if ( !BER_BVISNULL( &bc->sb_uri ) ) {
1744                 ch_free( bc->sb_uri.bv_val );
1745                 BER_BVZERO( &bc->sb_uri );
1746         }
1747         if ( !BER_BVISNULL( &bc->sb_binddn ) ) {
1748                 ch_free( bc->sb_binddn.bv_val );
1749                 BER_BVZERO( &bc->sb_binddn );
1750         }
1751         if ( !BER_BVISNULL( &bc->sb_cred ) ) {
1752                 ch_free( bc->sb_cred.bv_val );
1753                 BER_BVZERO( &bc->sb_cred );
1754         }
1755         if ( !BER_BVISNULL( &bc->sb_saslmech ) ) {
1756                 ch_free( bc->sb_saslmech.bv_val );
1757                 BER_BVZERO( &bc->sb_saslmech );
1758         }
1759         if ( bc->sb_secprops ) {
1760                 ch_free( bc->sb_secprops );
1761                 bc->sb_secprops = NULL;
1762         }
1763         if ( !BER_BVISNULL( &bc->sb_realm ) ) {
1764                 ch_free( bc->sb_realm.bv_val );
1765                 BER_BVZERO( &bc->sb_realm );
1766         }
1767         if ( !BER_BVISNULL( &bc->sb_authcId ) ) {
1768                 ch_free( bc->sb_authcId.bv_val );
1769                 BER_BVZERO( &bc->sb_authcId );
1770         }
1771         if ( !BER_BVISNULL( &bc->sb_authzId ) ) {
1772                 ch_free( bc->sb_authzId.bv_val );
1773                 BER_BVZERO( &bc->sb_authzId );
1774         }
1775 #ifdef HAVE_TLS
1776         if ( bc->sb_tls_cert ) {
1777                 ch_free( bc->sb_tls_cert );
1778                 bc->sb_tls_cert = NULL;
1779         }
1780         if ( bc->sb_tls_key ) {
1781                 ch_free( bc->sb_tls_key );
1782                 bc->sb_tls_key = NULL;
1783         }
1784         if ( bc->sb_tls_cacert ) {
1785                 ch_free( bc->sb_tls_cacert );
1786                 bc->sb_tls_cacert = NULL;
1787         }
1788         if ( bc->sb_tls_cacertdir ) {
1789                 ch_free( bc->sb_tls_cacertdir );
1790                 bc->sb_tls_cacertdir = NULL;
1791         }
1792         if ( bc->sb_tls_reqcert ) {
1793                 ch_free( bc->sb_tls_reqcert );
1794                 bc->sb_tls_reqcert = NULL;
1795         }
1796         if ( bc->sb_tls_cipher_suite ) {
1797                 ch_free( bc->sb_tls_cipher_suite );
1798                 bc->sb_tls_cipher_suite = NULL;
1799         }
1800         if ( bc->sb_tls_protocol_min ) {
1801                 ch_free( bc->sb_tls_protocol_min );
1802                 bc->sb_tls_protocol_min = NULL;
1803         }
1804 #ifdef HAVE_OPENSSL_CRL
1805         if ( bc->sb_tls_crlcheck ) {
1806                 ch_free( bc->sb_tls_crlcheck );
1807                 bc->sb_tls_crlcheck = NULL;
1808         }
1809 #endif
1810         if ( bc->sb_tls_ctx ) {
1811                 ldap_pvt_tls_ctx_free( bc->sb_tls_ctx );
1812                 bc->sb_tls_ctx = NULL;
1813         }
1814 #endif
1815 }
1816
1817 void
1818 bindconf_tls_defaults( slap_bindconf *bc )
1819 {
1820 #ifdef HAVE_TLS
1821         if ( bc->sb_tls_do_init ) {
1822                 if ( !bc->sb_tls_cacert )
1823                         ldap_pvt_tls_get_option( slap_tls_ld, LDAP_OPT_X_TLS_CACERTFILE,
1824                                 &bc->sb_tls_cacert );
1825                 if ( !bc->sb_tls_cacertdir )
1826                         ldap_pvt_tls_get_option( slap_tls_ld, LDAP_OPT_X_TLS_CACERTDIR,
1827                                 &bc->sb_tls_cacertdir );
1828                 if ( !bc->sb_tls_cert )
1829                         ldap_pvt_tls_get_option( slap_tls_ld, LDAP_OPT_X_TLS_CERTFILE,
1830                                 &bc->sb_tls_cert );
1831                 if ( !bc->sb_tls_key )
1832                         ldap_pvt_tls_get_option( slap_tls_ld, LDAP_OPT_X_TLS_KEYFILE,
1833                                 &bc->sb_tls_key );
1834                 if ( !bc->sb_tls_cipher_suite )
1835                         ldap_pvt_tls_get_option( slap_tls_ld, LDAP_OPT_X_TLS_CIPHER_SUITE,
1836                                 &bc->sb_tls_cipher_suite );
1837                 if ( !bc->sb_tls_reqcert )
1838                         bc->sb_tls_reqcert = ch_strdup("demand");
1839 #ifdef HAVE_OPENSSL_CRL
1840                 if ( !bc->sb_tls_crlcheck )
1841                         slap_tls_get_config( slap_tls_ld, LDAP_OPT_X_TLS_CRLCHECK,
1842                                 &bc->sb_tls_crlcheck );
1843 #endif
1844         }
1845 #endif
1846 }
1847
1848 #ifdef HAVE_TLS
1849 static struct {
1850         const char *key;
1851         size_t offset;
1852         int opt;
1853 } bindtlsopts[] = {
1854         { "tls_cert", offsetof(slap_bindconf, sb_tls_cert), LDAP_OPT_X_TLS_CERTFILE },
1855         { "tls_key", offsetof(slap_bindconf, sb_tls_key), LDAP_OPT_X_TLS_KEYFILE },
1856         { "tls_cacert", offsetof(slap_bindconf, sb_tls_cacert), LDAP_OPT_X_TLS_CACERTFILE },
1857         { "tls_cacertdir", offsetof(slap_bindconf, sb_tls_cacertdir), LDAP_OPT_X_TLS_CACERTDIR },
1858         { "tls_cipher_suite", offsetof(slap_bindconf, sb_tls_cipher_suite), LDAP_OPT_X_TLS_CIPHER_SUITE },
1859         { "tls_protocol_min", offsetof(slap_bindconf, sb_tls_protocol_min), LDAP_OPT_X_TLS_PROTOCOL_MIN },
1860         {0, 0}
1861 };
1862
1863 int bindconf_tls_set( slap_bindconf *bc, LDAP *ld )
1864 {
1865         int i, rc, newctx = 0, res = 0;
1866         char *ptr = (char *)bc, **word;
1867
1868         bc->sb_tls_do_init = 0;
1869
1870         for (i=0; bindtlsopts[i].opt; i++) {
1871                 word = (char **)(ptr + bindtlsopts[i].offset);
1872                 if ( *word ) {
1873                         rc = ldap_set_option( ld, bindtlsopts[i].opt, *word );
1874                         if ( rc ) {
1875                                 Debug( LDAP_DEBUG_ANY,
1876                                         "bindconf_tls_set: failed to set %s to %s\n",
1877                                                 bindtlsopts[i].key, *word, 0 );
1878                                 res = -1;
1879                         } else
1880                                 newctx = 1;
1881                 }
1882         }
1883         if ( bc->sb_tls_reqcert ) {
1884                 rc = ldap_pvt_tls_config( ld, LDAP_OPT_X_TLS_REQUIRE_CERT,
1885                         bc->sb_tls_reqcert );
1886                 if ( rc ) {
1887                         Debug( LDAP_DEBUG_ANY,
1888                                 "bindconf_tls_set: failed to set tls_reqcert to %s\n",
1889                                         bc->sb_tls_reqcert, 0, 0 );
1890                         res = -1;
1891                 } else
1892                         newctx = 1;
1893         }
1894         if ( bc->sb_tls_protocol_min ) {
1895                 rc = ldap_pvt_tls_config( ld, LDAP_OPT_X_TLS_PROTOCOL_MIN,
1896                         bc->sb_tls_protocol_min );
1897                 if ( rc ) {
1898                         Debug( LDAP_DEBUG_ANY,
1899                                 "bindconf_tls_set: failed to set tls_protocol_min to %s\n",
1900                                         bc->sb_tls_protocol_min, 0, 0 );
1901                         res = -1;
1902                 } else
1903                         newctx = 1;
1904         }
1905 #ifdef HAVE_OPENSSL_CRL
1906         if ( bc->sb_tls_crlcheck ) {
1907                 rc = ldap_pvt_tls_config( ld, LDAP_OPT_X_TLS_CRLCHECK,
1908                         bc->sb_tls_crlcheck );
1909                 if ( rc ) {
1910                         Debug( LDAP_DEBUG_ANY,
1911                                 "bindconf_tls_set: failed to set tls_crlcheck to %s\n",
1912                                         bc->sb_tls_crlcheck, 0, 0 );
1913                         res = -1;
1914                 } else
1915                         newctx = 1;
1916         }
1917 #endif
1918         if ( newctx ) {
1919                 int opt = 0;
1920
1921                 if ( bc->sb_tls_ctx ) {
1922                         ldap_pvt_tls_ctx_free( bc->sb_tls_ctx );
1923                         bc->sb_tls_ctx = NULL;
1924                 }
1925                 rc = ldap_set_option( ld, LDAP_OPT_X_TLS_NEWCTX, &opt );
1926                 if ( rc )
1927                         res = rc;
1928                 else
1929                         ldap_get_option( ld, LDAP_OPT_X_TLS_CTX, &bc->sb_tls_ctx );
1930         }
1931         
1932         return res;
1933 }
1934 #endif
1935
1936 /*
1937  * set connection keepalive options
1938  */
1939 void
1940 slap_client_keepalive(LDAP *ld, slap_keepalive *sk)
1941 {
1942         if (!sk) return;
1943
1944         if ( sk->sk_idle ) {
1945                 ldap_set_option( ld, LDAP_OPT_X_KEEPALIVE_IDLE, &sk->sk_idle );
1946         }
1947
1948         if ( sk->sk_probes ) {
1949                 ldap_set_option( ld, LDAP_OPT_X_KEEPALIVE_PROBES, &sk->sk_probes );
1950         }
1951
1952         if ( sk->sk_interval ) {
1953                 ldap_set_option( ld, LDAP_OPT_X_KEEPALIVE_INTERVAL, &sk->sk_interval );
1954         }
1955
1956         return;
1957 }
1958
1959 /*
1960  * connect to a client using the bindconf data
1961  * note: should move "version" into bindconf...
1962  */
1963 int
1964 slap_client_connect( LDAP **ldp, slap_bindconf *sb )
1965 {
1966         LDAP            *ld = NULL;
1967         int             rc;
1968         struct timeval tv;
1969
1970         /* Init connection to master */
1971         rc = ldap_initialize( &ld, sb->sb_uri.bv_val );
1972         if ( rc != LDAP_SUCCESS ) {
1973                 Debug( LDAP_DEBUG_ANY,
1974                         "slap_client_connect: "
1975                         "ldap_initialize(%s) failed (%d)\n",
1976                         sb->sb_uri.bv_val, rc, 0 );
1977                 return rc;
1978         }
1979
1980         if ( sb->sb_version != 0 ) {
1981                 ldap_set_option( ld, LDAP_OPT_PROTOCOL_VERSION,
1982                         (const void *)&sb->sb_version );
1983         }
1984
1985         if ( sb->sb_timeout_api ) {
1986                 tv.tv_sec = sb->sb_timeout_api;
1987                 tv.tv_usec = 0;
1988                 ldap_set_option( ld, LDAP_OPT_TIMEOUT, &tv );
1989         }
1990
1991         if ( sb->sb_timeout_net ) {
1992                 tv.tv_sec = sb->sb_timeout_net;
1993                 tv.tv_usec = 0;
1994                 ldap_set_option( ld, LDAP_OPT_NETWORK_TIMEOUT, &tv );
1995         }
1996
1997         /* setting network keepalive options */
1998         slap_client_keepalive(ld, &sb->sb_keepalive);
1999
2000 #ifdef HAVE_TLS
2001         if ( sb->sb_tls_do_init ) {
2002                 rc = bindconf_tls_set( sb, ld );
2003
2004         } else if ( sb->sb_tls_ctx ) {
2005                 rc = ldap_set_option( ld, LDAP_OPT_X_TLS_CTX,
2006                         sb->sb_tls_ctx );
2007         }
2008
2009         if ( rc ) {
2010                 Debug( LDAP_DEBUG_ANY,
2011                         "slap_client_connect: "
2012                         "URI=%s TLS context initialization failed (%d)\n",
2013                         sb->sb_uri.bv_val, rc, 0 );
2014                 return rc;
2015         }
2016 #endif
2017
2018         /* Bind */
2019         if ( sb->sb_tls ) {
2020                 rc = ldap_start_tls_s( ld, NULL, NULL );
2021                 if ( rc != LDAP_SUCCESS ) {
2022                         Debug( LDAP_DEBUG_ANY,
2023                                 "slap_client_connect: URI=%s "
2024                                 "%s, ldap_start_tls failed (%d)\n",
2025                                 sb->sb_uri.bv_val,
2026                                 sb->sb_tls == SB_TLS_CRITICAL ?
2027                                         "Error" : "Warning",
2028                                 rc );
2029                         if ( sb->sb_tls == SB_TLS_CRITICAL ) {
2030                                 goto done;
2031                         }
2032                 }
2033         }
2034
2035         if ( sb->sb_method == LDAP_AUTH_SASL ) {
2036 #ifdef HAVE_CYRUS_SASL
2037                 void *defaults;
2038
2039                 if ( sb->sb_secprops != NULL ) {
2040                         rc = ldap_set_option( ld,
2041                                 LDAP_OPT_X_SASL_SECPROPS, sb->sb_secprops);
2042
2043                         if( rc != LDAP_OPT_SUCCESS ) {
2044                                 Debug( LDAP_DEBUG_ANY,
2045                                         "slap_client_connect: "
2046                                         "error, ldap_set_option "
2047                                         "(%s,SECPROPS,\"%s\") failed!\n",
2048                                         sb->sb_uri.bv_val, sb->sb_secprops, 0 );
2049                                 goto done;
2050                         }
2051                 }
2052
2053                 defaults = lutil_sasl_defaults( ld,
2054                         sb->sb_saslmech.bv_val,
2055                         sb->sb_realm.bv_val,
2056                         sb->sb_authcId.bv_val,
2057                         sb->sb_cred.bv_val,
2058                         sb->sb_authzId.bv_val );
2059                 if ( defaults == NULL ) {
2060                         rc = LDAP_OTHER;
2061                         goto done;
2062                 }
2063
2064                 rc = ldap_sasl_interactive_bind_s( ld,
2065                                 sb->sb_binddn.bv_val,
2066                                 sb->sb_saslmech.bv_val,
2067                                 NULL, NULL,
2068                                 LDAP_SASL_QUIET,
2069                                 lutil_sasl_interact,
2070                                 defaults );
2071
2072                 lutil_sasl_freedefs( defaults );
2073
2074                 /* FIXME: different error behaviors according to
2075                  *      1) return code
2076                  *      2) on err policy : exit, retry, backoff ...
2077                  */
2078                 if ( rc != LDAP_SUCCESS ) {
2079                         static struct berval bv_GSSAPI = BER_BVC( "GSSAPI" );
2080
2081                         Debug( LDAP_DEBUG_ANY, "slap_client_connect: URI=%s "
2082                                 "ldap_sasl_interactive_bind_s failed (%d)\n",
2083                                 sb->sb_uri.bv_val, rc, 0 );
2084
2085                         /* FIXME (see above comment) */
2086                         /* if Kerberos credentials cache is not active, retry */
2087                         if ( ber_bvcmp( &sb->sb_saslmech, &bv_GSSAPI ) == 0 &&
2088                                 rc == LDAP_LOCAL_ERROR )
2089                         {
2090                                 rc = LDAP_SERVER_DOWN;
2091                         }
2092
2093                         goto done;
2094                 }
2095 #else /* HAVE_CYRUS_SASL */
2096                 /* Should never get here, we trapped this at config time */
2097                 assert(0);
2098                 Debug( LDAP_DEBUG_SYNC, "not compiled with SASL support\n", 0, 0, 0 );
2099                 rc = LDAP_OTHER;
2100                 goto done;
2101 #endif
2102
2103         } else if ( sb->sb_method == LDAP_AUTH_SIMPLE ) {
2104                 rc = ldap_sasl_bind_s( ld,
2105                         sb->sb_binddn.bv_val, LDAP_SASL_SIMPLE,
2106                         &sb->sb_cred, NULL, NULL, NULL );
2107                 if ( rc != LDAP_SUCCESS ) {
2108                         Debug( LDAP_DEBUG_ANY, "slap_client_connect: "
2109                                 "URI=%s DN=\"%s\" "
2110                                 "ldap_sasl_bind_s failed (%d)\n",
2111                                 sb->sb_uri.bv_val, sb->sb_binddn.bv_val, rc );
2112                         goto done;
2113                 }
2114         }
2115
2116 done:;
2117         if ( rc ) {
2118                 if ( ld ) {
2119                         ldap_unbind_ext( ld, NULL, NULL );
2120                         *ldp = NULL;
2121                 }
2122
2123         } else {
2124                 *ldp = ld;
2125         }
2126
2127         return rc;
2128 }
2129
2130 /* -------------------------------------- */
2131
2132
2133 static char *
2134 strtok_quote( char *line, char *sep, char **quote_ptr )
2135 {
2136         int             inquote;
2137         char            *tmp;
2138         static char     *next;
2139
2140         *quote_ptr = NULL;
2141         if ( line != NULL ) {
2142                 next = line;
2143         }
2144         while ( *next && strchr( sep, *next ) ) {
2145                 next++;
2146         }
2147
2148         if ( *next == '\0' ) {
2149                 next = NULL;
2150                 return( NULL );
2151         }
2152         tmp = next;
2153
2154         for ( inquote = 0; *next; ) {
2155                 switch ( *next ) {
2156                 case '"':
2157                         if ( inquote ) {
2158                                 inquote = 0;
2159                         } else {
2160                                 inquote = 1;
2161                         }
2162                         AC_MEMCPY( next, next + 1, strlen( next + 1 ) + 1 );
2163                         break;
2164
2165                 case '\\':
2166                         if ( next[1] )
2167                                 AC_MEMCPY( next,
2168                                             next + 1, strlen( next + 1 ) + 1 );
2169                         next++;         /* dont parse the escaped character */
2170                         break;
2171
2172                 default:
2173                         if ( ! inquote ) {
2174                                 if ( strchr( sep, *next ) != NULL ) {
2175                                         *quote_ptr = next;
2176                                         *next++ = '\0';
2177                                         return( tmp );
2178                                 }
2179                         }
2180                         next++;
2181                         break;
2182                 }
2183         }
2184
2185         return( tmp );
2186 }
2187
2188 static char     buf[AC_LINE_MAX];
2189 static char     *line;
2190 static size_t lmax, lcur;
2191
2192 #define CATLINE( buf ) \
2193         do { \
2194                 size_t len = strlen( buf ); \
2195                 while ( lcur + len + 1 > lmax ) { \
2196                         lmax += AC_LINE_MAX; \
2197                         line = (char *) ch_realloc( line, lmax ); \
2198                 } \
2199                 strcpy( line + lcur, buf ); \
2200                 lcur += len; \
2201         } while( 0 )
2202
2203 static void
2204 fp_getline_init(ConfigArgs *c) {
2205         c->lineno = -1;
2206         buf[0] = '\0';
2207 }
2208
2209 static int
2210 fp_getline( FILE *fp, ConfigArgs *c )
2211 {
2212         char    *p;
2213
2214         lcur = 0;
2215         CATLINE(buf);
2216         c->lineno++;
2217
2218         /* avoid stack of bufs */
2219         if ( strncasecmp( line, "include", STRLENOF( "include" ) ) == 0 ) {
2220                 buf[0] = '\0';
2221                 c->line = line;
2222                 return(1);
2223         }
2224
2225         while ( fgets( buf, sizeof( buf ), fp ) ) {
2226                 p = strchr( buf, '\n' );
2227                 if ( p ) {
2228                         if ( p > buf && p[-1] == '\r' ) {
2229                                 --p;
2230                         }
2231                         *p = '\0';
2232                 }
2233                 /* XXX ugly */
2234                 c->line = line;
2235                 if ( line[0]
2236                                 && ( p = line + strlen( line ) - 1 )[0] == '\\'
2237                                 && p[-1] != '\\' )
2238                 {
2239                         p[0] = '\0';
2240                         lcur--;
2241                         
2242                 } else {
2243                         if ( !isspace( (unsigned char)buf[0] ) ) {
2244                                 return(1);
2245                         }
2246                         buf[0] = ' ';
2247                 }
2248                 CATLINE(buf);
2249                 c->lineno++;
2250         }
2251
2252         buf[0] = '\0';
2253         c->line = line;
2254         return(line[0] ? 1 : 0);
2255 }
2256
2257 int
2258 config_fp_parse_line(ConfigArgs *c)
2259 {
2260         char *token;
2261         static char *const hide[] = {
2262                 "rootpw", "replica", "syncrepl",  /* in slapd */
2263                 "acl-bind", "acl-method", "idassert-bind",  /* in back-ldap */
2264                 "acl-passwd", "bindpw",  /* in back-<ldap/meta> */
2265                 "pseudorootpw",  /* in back-meta */
2266                 "dbpasswd",  /* in back-sql */
2267                 NULL
2268         };
2269         char *quote_ptr;
2270         int i = (int)(sizeof(hide)/sizeof(hide[0])) - 1;
2271
2272         c->tline = ch_strdup(c->line);
2273         token = strtok_quote(c->tline, " \t", &quote_ptr);
2274
2275         if(token) for(i = 0; hide[i]; i++) if(!strcasecmp(token, hide[i])) break;
2276         if(quote_ptr) *quote_ptr = ' ';
2277         Debug(LDAP_DEBUG_CONFIG, "line %d (%s%s)\n", c->lineno,
2278                 hide[i] ? hide[i] : c->line, hide[i] ? " ***" : "");
2279         if(quote_ptr) *quote_ptr = '\0';
2280
2281         for(;; token = strtok_quote(NULL, " \t", &quote_ptr)) {
2282                 if(c->argc >= c->argv_size) {
2283                         char **tmp;
2284                         tmp = ch_realloc(c->argv, (c->argv_size + ARGS_STEP) * sizeof(*c->argv));
2285                         if(!tmp) {
2286                                 Debug(LDAP_DEBUG_ANY, "line %d: out of memory\n", c->lineno, 0, 0);
2287                                 return -1;
2288                         }
2289                         c->argv = tmp;
2290                         c->argv_size += ARGS_STEP;
2291                 }
2292                 if(token == NULL)
2293                         break;
2294                 c->argv[c->argc++] = token;
2295         }
2296         c->argv[c->argc] = NULL;
2297         return(0);
2298 }
2299
2300 void
2301 config_destroy( )
2302 {
2303         ucdata_unload( UCDATA_ALL );
2304         if ( frontendDB ) {
2305                 /* NOTE: in case of early exit, frontendDB can be NULL */
2306                 if ( frontendDB->be_schemandn.bv_val )
2307                         free( frontendDB->be_schemandn.bv_val );
2308                 if ( frontendDB->be_schemadn.bv_val )
2309                         free( frontendDB->be_schemadn.bv_val );
2310                 if ( frontendDB->be_acl )
2311                         acl_destroy( frontendDB->be_acl );
2312         }
2313         free( line );
2314         if ( slapd_args_file )
2315                 free ( slapd_args_file );
2316         if ( slapd_pid_file )
2317                 free ( slapd_pid_file );
2318         if ( default_passwd_hash )
2319                 ldap_charray_free( default_passwd_hash );
2320 }
2321
2322 char **
2323 slap_str2clist( char ***out, char *in, const char *brkstr )
2324 {
2325         char    *str;
2326         char    *s;
2327         char    *lasts;
2328         int     i, j;
2329         char    **new;
2330
2331         /* find last element in list */
2332         for (i = 0; *out && (*out)[i]; i++);
2333
2334         /* protect the input string from strtok */
2335         str = ch_strdup( in );
2336
2337         if ( *str == '\0' ) {
2338                 free( str );
2339                 return( *out );
2340         }
2341
2342         /* Count words in string */
2343         j=1;
2344         for ( s = str; *s; s++ ) {
2345                 if ( strchr( brkstr, *s ) != NULL ) {
2346                         j++;
2347                 }
2348         }
2349
2350         *out = ch_realloc( *out, ( i + j + 1 ) * sizeof( char * ) );
2351         new = *out + i;
2352         for ( s = ldap_pvt_strtok( str, brkstr, &lasts );
2353                 s != NULL;
2354                 s = ldap_pvt_strtok( NULL, brkstr, &lasts ) )
2355         {
2356                 *new = ch_strdup( s );
2357                 new++;
2358         }
2359
2360         *new = NULL;
2361         free( str );
2362         return( *out );
2363 }
2364
2365 int config_generic_wrapper( Backend *be, const char *fname, int lineno,
2366         int argc, char **argv )
2367 {
2368         ConfigArgs c = { 0 };
2369         ConfigTable *ct;
2370         int rc;
2371
2372         c.be = be;
2373         c.fname = fname;
2374         c.lineno = lineno;
2375         c.argc = argc;
2376         c.argv = argv;
2377         c.valx = -1;
2378         c.line = line;
2379         c.op = SLAP_CONFIG_ADD;
2380         snprintf( c.log, sizeof( c.log ), "%s: line %d", fname, lineno );
2381
2382         rc = SLAP_CONF_UNKNOWN;
2383         ct = config_find_keyword( be->be_cf_ocs->co_table, &c );
2384         if ( ct ) {
2385                 c.table = be->be_cf_ocs->co_type;
2386                 rc = config_add_vals( ct, &c );
2387         }
2388         return rc;
2389 }
2390
2391 /* See if the given URL (in plain and parsed form) matches
2392  * any of the server's listener addresses. Return matching
2393  * Listener or NULL for no match.
2394  */
2395 Listener *config_check_my_url( const char *url, LDAPURLDesc *lud )
2396 {
2397         Listener **l = slapd_get_listeners();
2398         int i, isMe;
2399
2400         /* Try a straight compare with Listener strings */
2401         for ( i=0; l && l[i]; i++ ) {
2402                 if ( !strcasecmp( url, l[i]->sl_url.bv_val )) {
2403                         return l[i];
2404                 }
2405         }
2406
2407         isMe = 0;
2408         /* If hostname is empty, or is localhost, or matches
2409          * our hostname, this url refers to this host.
2410          * Compare it against listeners and ports.
2411          */
2412         if ( !lud->lud_host || !lud->lud_host[0] ||
2413                 !strncasecmp("localhost", lud->lud_host,
2414                         STRLENOF("localhost")) ||
2415                 !strcasecmp( global_host, lud->lud_host )) {
2416
2417                 for ( i=0; l && l[i]; i++ ) {
2418                         LDAPURLDesc *lu2;
2419                         ldap_url_parse( l[i]->sl_url.bv_val, &lu2 );
2420                         do {
2421                                 if ( strcasecmp( lud->lud_scheme,
2422                                         lu2->lud_scheme ))
2423                                         break;
2424                                 if ( lud->lud_port != lu2->lud_port )
2425                                         break;
2426                                 /* Listener on ANY address */
2427                                 if ( !lu2->lud_host || !lu2->lud_host[0] ) {
2428                                         isMe = 1;
2429                                         break;
2430                                 }
2431                                 /* URL on ANY address */
2432                                 if ( !lud->lud_host || !lud->lud_host[0] ) {
2433                                         isMe = 1;
2434                                         break;
2435                                 }
2436                                 /* Listener has specific host, must
2437                                  * match it
2438                                  */
2439                                 if ( !strcasecmp( lud->lud_host,
2440                                         lu2->lud_host )) {
2441                                         isMe = 1;
2442                                         break;
2443                                 }
2444                         } while(0);
2445                         ldap_free_urldesc( lu2 );
2446                         if ( isMe ) {
2447                                 return l[i];
2448                         }
2449                 }
2450         }
2451         return NULL;
2452 }