1 /* config.c - configuration file handling routines */
4 * Copyright 1998-2002 The OpenLDAP Foundation, All Rights Reserved.
5 * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
9 #include "slapi_common.h"
13 #include <ac/string.h>
15 #include <ac/signal.h>
16 #include <ac/socket.h>
27 * defaults for various global variables
29 struct slap_limits_set deflimit = {
30 SLAPD_DEFAULT_TIMELIMIT, /* backward compatible limits */
33 SLAPD_DEFAULT_SIZELIMIT, /* backward compatible limits */
35 -1, /* no limit on unchecked size */
37 0 /* hide number of entries left */
40 AccessControl *global_acl = NULL;
41 slap_access_t global_default_access = ACL_READ;
42 slap_mask_t global_restrictops = 0;
43 slap_mask_t global_allows = 0;
44 slap_mask_t global_disallows = 0;
45 slap_mask_t global_requires = 0;
46 slap_ssf_set_t global_ssf_set;
48 int global_gentlehup = 0;
49 int global_idletimeout = 0;
50 char *global_host = NULL;
51 char *global_realm = NULL;
52 char *ldap_srvtab = "";
53 char *default_passwd_hash = NULL;
54 int cargc = 0, cargv_size = 0;
56 struct berval default_search_base = { 0, NULL };
57 struct berval default_search_nbase = { 0, NULL };
58 unsigned num_subordinates = 0;
59 struct berval global_schemadn = { 0, NULL };
60 struct berval global_schemandn = { 0, NULL };
62 ber_len_t sockbuf_max_incoming = SLAP_SB_MAX_INCOMING_DEFAULT;
63 ber_len_t sockbuf_max_incoming_auth= SLAP_SB_MAX_INCOMING_AUTH;
65 char *slapd_pid_file = NULL;
66 char *slapd_args_file = NULL;
68 char *strtok_quote_ptr;
71 int use_reverse_lookup = 1;
72 #else /* !SLAPD_RLOOKUPS */
73 int use_reverse_lookup = 0;
74 #endif /* !SLAPD_RLOOKUPS */
76 static char *fp_getline(FILE *fp, int *lineno);
77 static void fp_getline_init(int *lineno);
78 static int fp_parse_line(int lineno, char *line);
80 static char *strtok_quote(char *line, char *sep);
81 static int load_ucdata(char *path);
84 read_config( const char *fname, int depth )
87 char *line, *savefname, *saveline;
91 struct berval vals[2];
93 static int lastmod = 1;
94 static BackendInfo *bi = NULL;
95 static BackendDB *be = NULL;
97 vals[1].bv_val = NULL;
100 cargv = ch_calloc( ARGS_STEP + 1, sizeof(*cargv) );
101 cargv_size = ARGS_STEP + 1;
104 if ( (fp = fopen( fname, "r" )) == NULL ) {
107 LDAP_LOG( CONFIG, ENTRY,
108 "read_config: " "could not open config file \"%s\": %s (%d)\n",
109 fname, strerror(errno), errno );
111 Debug( LDAP_DEBUG_ANY,
112 "could not open config file \"%s\": %s (%d)\n",
113 fname, strerror(errno), errno );
119 LDAP_LOG( CONFIG, ENTRY,
120 "read_config: reading config file %s\n", fname, 0, 0 );
122 Debug( LDAP_DEBUG_CONFIG, "reading config file %s\n", fname, 0, 0 );
126 fp_getline_init( &lineno );
128 while ( (line = fp_getline( fp, &lineno )) != NULL ) {
129 /* skip comments and blank lines */
130 if ( line[0] == '#' || line[0] == '\0' ) {
134 /* fp_parse_line is destructive, we save a copy */
135 saveline = ch_strdup( line );
137 if ( fp_parse_line( lineno, line ) != 0 ) {
143 LDAP_LOG( CONFIG, INFO,
144 "%s: line %d: bad config line (ignored)\n", fname, lineno, 0 );
146 Debug( LDAP_DEBUG_ANY,
147 "%s: line %d: bad config line (ignored)\n",
154 if ( strcasecmp( cargv[0], "backend" ) == 0 ) {
157 LDAP_LOG( CONFIG, CRIT,
158 "%s : line %d: missing type in \"backend\" line.\n",
161 Debug( LDAP_DEBUG_ANY,
162 "%s: line %d: missing type in \"backend <type>\" line\n",
171 LDAP_LOG( CONFIG, CRIT,
172 "%s: line %d: backend line must appear before any "
173 "database definition.\n", fname, lineno , 0 );
175 Debug( LDAP_DEBUG_ANY,
176 "%s: line %d: backend line must appear before any database definition\n",
183 bi = backend_info( cargv[1] );
187 LDAP_LOG( CONFIG, CRIT,
188 "read_config: backend %s initialization failed.\n",
191 Debug( LDAP_DEBUG_ANY,
192 "backend %s initialization failed.\n",
198 } else if ( strcasecmp( cargv[0], "database" ) == 0 ) {
201 LDAP_LOG( CONFIG, CRIT,
202 "%s: line %d: missing type in \"database <type>\" line\n",
205 Debug( LDAP_DEBUG_ANY,
206 "%s: line %d: missing type in \"database <type>\" line\n",
214 be = backend_db_init( cargv[1] );
218 LDAP_LOG( CONFIG, CRIT,
219 "database %s initialization failed.\n", cargv[1], 0, 0 );
221 Debug( LDAP_DEBUG_ANY,
222 "database %s initialization failed.\n",
229 /* set thread concurrency */
230 } else if ( strcasecmp( cargv[0], "concurrency" ) == 0 ) {
234 LDAP_LOG( CONFIG, CRIT,
235 "%s: line %d: missing level in \"concurrency <level\" "
236 " line\n", fname, lineno, 0 );
238 Debug( LDAP_DEBUG_ANY,
239 "%s: line %d: missing level in \"concurrency <level>\" line\n",
246 c = atoi( cargv[1] );
250 LDAP_LOG( CONFIG, CRIT,
251 "%s: line %d: invalid level (%d) in "
252 "\"concurrency <level>\" line.\n", fname, lineno, c );
254 Debug( LDAP_DEBUG_ANY,
255 "%s: line %d: invalid level (%d) in \"concurrency <level>\" line\n",
262 ldap_pvt_thread_set_concurrency( c );
264 /* set sockbuf max */
265 } else if ( strcasecmp( cargv[0], "sockbuf_max_incoming" ) == 0 ) {
269 LDAP_LOG( CONFIG, CRIT,
270 "%s: line %d: missing max in \"sockbuf_max_incoming "
271 "<bytes>\" line\n", fname, lineno, 0 );
273 Debug( LDAP_DEBUG_ANY,
274 "%s: line %d: missing max in \"sockbuf_max_incoming <bytes>\" line\n",
281 max = atol( cargv[1] );
285 LDAP_LOG( CONFIG, CRIT,
286 "%s: line %d: invalid max value (%ld) in "
287 "\"sockbuf_max_incoming <bytes>\" line.\n",
288 fname, lineno, max );
290 Debug( LDAP_DEBUG_ANY,
291 "%s: line %d: invalid max value (%ld) in "
292 "\"sockbuf_max_incoming <bytes>\" line.\n",
293 fname, lineno, max );
299 sockbuf_max_incoming = max;
301 /* set sockbuf max authenticated */
302 } else if ( strcasecmp( cargv[0], "sockbuf_max_incoming_auth" ) == 0 ) {
306 LDAP_LOG( CONFIG, CRIT,
307 "%s: line %d: missing max in \"sockbuf_max_incoming_auth "
308 "<bytes>\" line\n", fname, lineno, 0 );
310 Debug( LDAP_DEBUG_ANY,
311 "%s: line %d: missing max in \"sockbuf_max_incoming_auth <bytes>\" line\n",
318 max = atol( cargv[1] );
322 LDAP_LOG( CONFIG, CRIT,
323 "%s: line %d: invalid max value (%ld) in "
324 "\"sockbuf_max_incoming_auth <bytes>\" line.\n",
325 fname, lineno, max );
327 Debug( LDAP_DEBUG_ANY,
328 "%s: line %d: invalid max value (%ld) in "
329 "\"sockbuf_max_incoming_auth <bytes>\" line.\n",
330 fname, lineno, max );
336 sockbuf_max_incoming_auth = max;
338 /* default search base */
339 } else if ( strcasecmp( cargv[0], "defaultSearchBase" ) == 0 ) {
342 LDAP_LOG( CONFIG, CRIT,
343 "%s: line %d: missing dn in \"defaultSearchBase <dn\" "
344 "line\n", fname, lineno, 0 );
346 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
347 "missing dn in \"defaultSearchBase <dn>\" line\n",
353 } else if ( cargc > 2 ) {
355 LDAP_LOG( CONFIG, INFO,
356 "%s: line %d: extra cruft after <dn> in "
357 "\"defaultSearchBase %s\" line (ignored)\n",
358 fname, lineno, cargv[1] );
360 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
361 "extra cruft after <dn> in \"defaultSearchBase %s\", "
363 fname, lineno, cargv[1] );
367 if ( bi != NULL || be != NULL ) {
369 LDAP_LOG( CONFIG, CRIT,
370 "%s: line %d: defaultSearchBase line must appear "
371 "prior to any backend or database definitions\n",
374 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
375 "defaultSearchBaase line must appear prior to "
376 "any backend or database definition\n",
383 if ( default_search_nbase.bv_len ) {
385 LDAP_LOG( CONFIG, INFO, "%s: line %d: "
386 "default search base \"%s\" already defined "
387 "(discarding old)\n", fname, lineno,
388 default_search_base.bv_val );
390 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
391 "default search base \"%s\" already defined "
392 "(discarding old)\n",
393 fname, lineno, default_search_base.bv_val );
396 free( default_search_base.bv_val );
397 free( default_search_nbase.bv_val );
400 if ( load_ucdata( NULL ) < 0 ) return 1;
405 dn.bv_val = cargv[1];
406 dn.bv_len = strlen( dn.bv_val );
408 rc = dnPrettyNormal( NULL, &dn,
409 &default_search_base,
410 &default_search_nbase );
412 if( rc != LDAP_SUCCESS ) {
414 LDAP_LOG( CONFIG, CRIT,
415 "%s: line %d: defaultSearchBase DN is invalid.\n",
418 Debug( LDAP_DEBUG_ANY,
419 "%s: line %d: defaultSearchBase DN is invalid\n",
426 /* set maximum threads in thread pool */
427 } else if ( strcasecmp( cargv[0], "threads" ) == 0 ) {
431 LDAP_LOG( CONFIG, CRIT,
432 "%s: line %d: missing count in \"threads <count>\" line\n",
435 Debug( LDAP_DEBUG_ANY,
436 "%s: line %d: missing count in \"threads <count>\" line\n",
443 c = atoi( cargv[1] );
447 LDAP_LOG( CONFIG, CRIT,
448 "%s: line %d: invalid level (%d) in \"threads <count>\""
449 "line\n", fname, lineno, c );
451 Debug( LDAP_DEBUG_ANY,
452 "%s: line %d: invalid level (%d) in \"threads <count>\" line\n",
459 ldap_pvt_thread_pool_maxthreads( &connection_pool, c );
461 /* save for later use */
462 connection_pool_max = c;
464 /* get pid file name */
465 } else if ( strcasecmp( cargv[0], "pidfile" ) == 0 ) {
468 LDAP_LOG( CONFIG, CRIT,
469 "%s: line %d missing file name in \"pidfile <file>\" "
470 "line.\n", fname, lineno, 0 );
472 Debug( LDAP_DEBUG_ANY,
473 "%s: line %d: missing file name in \"pidfile <file>\" line\n",
480 slapd_pid_file = ch_strdup( cargv[1] );
482 /* get args file name */
483 } else if ( strcasecmp( cargv[0], "argsfile" ) == 0 ) {
486 LDAP_LOG( CONFIG, CRIT,
487 "%s: %d: missing file name in "
488 "\"argsfile <file>\" line.\n",
491 Debug( LDAP_DEBUG_ANY,
492 "%s: line %d: missing file name in \"argsfile <file>\" line\n",
499 slapd_args_file = ch_strdup( cargv[1] );
501 /* default password hash */
502 } else if ( strcasecmp( cargv[0], "password-hash" ) == 0 ) {
505 LDAP_LOG( CONFIG, CRIT,
506 "%s: line %d: missing hash in "
507 "\"password-hash <hash>\" line.\n",
510 Debug( LDAP_DEBUG_ANY,
511 "%s: line %d: missing hash in \"password-hash <hash>\" line\n",
517 if ( default_passwd_hash != NULL ) {
519 LDAP_LOG( CONFIG, CRIT,
520 "%s: line %d: already set default password_hash!\n",
523 Debug( LDAP_DEBUG_ANY,
524 "%s: line %d: already set default password_hash!\n",
532 if ( lutil_passwd_scheme( cargv[1] ) == 0 ) {
534 LDAP_LOG( CONFIG, CRIT,
535 "%s: line %d: password scheme \"%s\" not available\n",
536 fname, lineno, cargv[1] );
538 Debug( LDAP_DEBUG_ANY,
539 "%s: line %d: password scheme \"%s\" not available\n",
540 fname, lineno, cargv[1] );
545 default_passwd_hash = ch_strdup( cargv[1] );
547 } else if ( strcasecmp( cargv[0], "password-crypt-salt-format" ) == 0 )
551 LDAP_LOG( CONFIG, CRIT,
552 "%s: line %d: missing format in "
553 "\"password-crypt-salt-format <format>\" line\n",
556 Debug( LDAP_DEBUG_ANY, "%s: line %d: missing format in "
557 "\"password-crypt-salt-format <format>\" line\n",
564 lutil_salt_format( cargv[1] );
566 /* SASL config options */
567 } else if ( strncasecmp( cargv[0], "sasl", 4 ) == 0 ) {
568 if ( slap_sasl_config( cargc, cargv, line, fname, lineno ) )
571 } else if ( strcasecmp( cargv[0], "schemadn" ) == 0 ) {
575 LDAP_LOG( CONFIG, CRIT,
576 "%s: line %d: missing dn in "
577 "\"schemadn <dn>\" line.\n", fname, lineno, 0 );
579 Debug( LDAP_DEBUG_ANY,
580 "%s: line %d: missing dn in \"schemadn <dn>\" line\n",
585 ber_str2bv( cargv[1], 0, 0, &dn );
587 rc = dnPrettyNormal( NULL, &dn, &be->be_schemadn,
590 rc = dnPrettyNormal( NULL, &dn, &global_schemadn,
593 if ( rc != LDAP_SUCCESS ) {
595 LDAP_LOG( CONFIG, CRIT,
596 "%s: line %d: schemadn DN is invalid.\n",
599 Debug( LDAP_DEBUG_ANY,
600 "%s: line %d: schemadn DN is invalid\n",
606 /* set UCDATA path */
607 } else if ( strcasecmp( cargv[0], "ucdata-path" ) == 0 ) {
611 LDAP_LOG( CONFIG, CRIT,
612 "%s: line %d: missing path in "
613 "\"ucdata-path <path>\" line.\n", fname, lineno, 0 );
615 Debug( LDAP_DEBUG_ANY,
616 "%s: line %d: missing path in \"ucdata-path <path>\" line\n",
623 err = load_ucdata( cargv[1] );
627 LDAP_LOG( CONFIG, CRIT,
628 "%s: line %d: ucdata already loaded, ucdata-path "
629 "must be set earlier in the file and/or be "
630 "specified only once!\n", fname, lineno, 0 );
632 Debug( LDAP_DEBUG_ANY,
633 "%s: line %d: ucdata already loaded, ucdata-path must be set earlier in the file and/or be specified only once!\n",
642 } else if ( strcasecmp( cargv[0], "sizelimit" ) == 0 ) {
644 struct slap_limits_set *lim;
648 LDAP_LOG( CONFIG, CRIT,
649 "%s: line %d: missing limit in \"sizelimit <limit>\" "
650 "line.\n", fname, lineno, 0 );
652 Debug( LDAP_DEBUG_ANY,
653 "%s: line %d: missing limit in \"sizelimit <limit>\" line\n",
663 lim = &be->be_def_limit;
666 for ( i = 1; i < cargc; i++ ) {
667 if ( strncasecmp( cargv[i], "size", 4 ) == 0 ) {
668 rc = parse_limit( cargv[i], lim );
671 LDAP_LOG( CONFIG, CRIT,
672 "%s: line %d: unable "
673 "to parse value \"%s\" in \"sizelimit "
674 "<limit>\" line.\n", fname, lineno, cargv[i] );
676 Debug( LDAP_DEBUG_ANY,
677 "%s: line %d: unable "
678 "to parse value \"%s\" "
681 fname, lineno, cargv[i] );
687 if ( strcasecmp( cargv[i], "unlimited" ) == 0 ) {
688 lim->lms_s_soft = -1;
692 lim->lms_s_soft = strtol( cargv[i] , &next, 0 );
693 if ( next == cargv[i] ) {
695 LDAP_LOG( CONFIG, CRIT,
696 "%s: line %d: unable to parse limit \"%s\" in \"sizelimit <limit>\" "
697 "line.\n", fname, lineno, cargv[i] );
699 Debug( LDAP_DEBUG_ANY,
700 "%s: line %d: unable to parse limit \"%s\" in \"sizelimit <limit>\" line\n",
701 fname, lineno, cargv[i] );
705 } else if ( next[0] != '\0' ) {
707 LDAP_LOG( CONFIG, CRIT,
708 "%s: line %d: trailing chars \"%s\" in \"sizelimit <limit>\" "
709 "line ignored.\n", fname, lineno, next );
711 Debug( LDAP_DEBUG_ANY,
712 "%s: line %d: trailing chars \"%s\" in \"sizelimit <limit>\" line ignored\n",
713 fname, lineno, next );
722 } else if ( strcasecmp( cargv[0], "timelimit" ) == 0 ) {
724 struct slap_limits_set *lim;
728 LDAP_LOG( CONFIG, CRIT,
729 "%s: line %d missing limit in \"timelimit <limit>\" "
730 "line.\n", fname, lineno, 0 );
732 Debug( LDAP_DEBUG_ANY,
733 "%s: line %d: missing limit in \"timelimit <limit>\" line\n",
743 lim = &be->be_def_limit;
746 for ( i = 1; i < cargc; i++ ) {
747 if ( strncasecmp( cargv[i], "time", 4 ) == 0 ) {
748 rc = parse_limit( cargv[i], lim );
751 LDAP_LOG( CONFIG, CRIT,
752 "%s: line %d: unable to parse value \"%s\" "
753 "in \"timelimit <limit>\" line.\n",
754 fname, lineno, cargv[i] );
756 Debug( LDAP_DEBUG_ANY,
757 "%s: line %d: unable "
758 "to parse value \"%s\" "
761 fname, lineno, cargv[i] );
767 if ( strcasecmp( cargv[i], "unlimited" ) == 0 ) {
768 lim->lms_t_soft = -1;
772 lim->lms_t_soft = strtol( cargv[i] , &next, 0 );
773 if ( next == cargv[i] ) {
775 LDAP_LOG( CONFIG, CRIT,
776 "%s: line %d: unable to parse limit \"%s\" in \"timelimit <limit>\" "
777 "line.\n", fname, lineno, cargv[i] );
779 Debug( LDAP_DEBUG_ANY,
780 "%s: line %d: unable to parse limit \"%s\" in \"timelimit <limit>\" line\n",
781 fname, lineno, cargv[i] );
785 } else if ( next[0] != '\0' ) {
787 LDAP_LOG( CONFIG, CRIT,
788 "%s: line %d: trailing chars \"%s\" in \"timelimit <limit>\" "
789 "line ignored.\n", fname, lineno, next );
791 Debug( LDAP_DEBUG_ANY,
792 "%s: line %d: trailing chars \"%s\" in \"timelimit <limit>\" line ignored\n",
793 fname, lineno, next );
801 /* set regex-based limits */
802 } else if ( strcasecmp( cargv[0], "limits" ) == 0 ) {
805 LDAP_LOG( CONFIG, WARNING,
806 "%s: line %d \"limits\" allowed only in database "
807 "environment.\n", fname, lineno, 0 );
809 Debug( LDAP_DEBUG_ANY,
810 "%s: line %d \"limits\" allowed only in database environment.\n%s",
816 if ( parse_limits( be, fname, lineno, cargc, cargv ) ) {
820 /* mark this as a subordinate database */
821 } else if ( strcasecmp( cargv[0], "subordinate" ) == 0 ) {
824 LDAP_LOG( CONFIG, INFO, "%s: line %d: "
825 "subordinate keyword must appear inside a database "
826 "definition.\n", fname, lineno, 0 );
828 Debug( LDAP_DEBUG_ANY, "%s: line %d: suffix line "
829 "must appear inside a database definition.\n",
835 be->be_flags |= SLAP_BFLAG_GLUE_SUBORDINATE;
839 /* set database suffix */
840 } else if ( strcasecmp( cargv[0], "suffix" ) == 0 ) {
842 struct berval dn, pdn, ndn;
846 LDAP_LOG( CONFIG, CRIT,
847 "%s: line %d: missing dn in \"suffix <dn>\" line.\n",
850 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
851 "missing dn in \"suffix <dn>\" line\n",
857 } else if ( cargc > 2 ) {
859 LDAP_LOG( CONFIG, INFO,
860 "%s: line %d: extra cruft after <dn> in \"suffix %s\""
861 " line (ignored).\n", fname, lineno, cargv[1] );
863 Debug( LDAP_DEBUG_ANY, "%s: line %d: extra cruft "
864 "after <dn> in \"suffix %s\" line (ignored)\n",
865 fname, lineno, cargv[1] );
871 LDAP_LOG( CONFIG, INFO,
872 "%s: line %d: suffix line must appear inside a database "
873 "definition.\n", fname, lineno, 0 );
875 Debug( LDAP_DEBUG_ANY, "%s: line %d: suffix line "
876 "must appear inside a database definition\n",
881 #if defined(SLAPD_MONITOR_DN)
882 /* "cn=Monitor" is reserved for monitoring slap */
883 } else if ( strcasecmp( cargv[1], SLAPD_MONITOR_DN ) == 0 ) {
885 LDAP_LOG( CONFIG, CRIT, "%s: line %d: \""
886 SLAPD_MONITOR_DN "\" is reserved for monitoring slapd\n",
889 Debug( LDAP_DEBUG_ANY, "%s: line %d: \""
890 SLAPD_MONITOR_DN "\" is reserved for monitoring slapd\n",
894 #endif /* SLAPD_MONITOR_DN */
897 if ( load_ucdata( NULL ) < 0 ) return 1;
899 dn.bv_val = cargv[1];
900 dn.bv_len = strlen( cargv[1] );
902 rc = dnPrettyNormal( NULL, &dn, &pdn, &ndn );
903 if( rc != LDAP_SUCCESS ) {
905 LDAP_LOG( CONFIG, CRIT,
906 "%s: line %d: suffix DN is invalid.\n",
909 Debug( LDAP_DEBUG_ANY,
910 "%s: line %d: suffix DN is invalid\n",
916 tmp_be = select_backend( &ndn, 0, 0 );
917 if ( tmp_be == be ) {
919 LDAP_LOG( CONFIG, INFO,
920 "%s: line %d: suffix already served by this backend "
921 "(ignored)\n", fname, lineno, 0 );
923 Debug( LDAP_DEBUG_ANY, "%s: line %d: suffix "
924 "already served by this backend (ignored)\n",
930 } else if ( tmp_be != NULL ) {
932 LDAP_LOG( CONFIG, INFO,
933 "%s: line %d: suffix already served by a preceding "
934 "backend \"%s\"\n", fname, lineno,
935 tmp_be->be_suffix[0].bv_val );
937 Debug( LDAP_DEBUG_ANY, "%s: line %d: suffix "
938 "already served by a preceeding backend \"%s\"\n",
939 fname, lineno, tmp_be->be_suffix[0].bv_val );
945 } else if( pdn.bv_len == 0 && default_search_nbase.bv_len ) {
947 LDAP_LOG( CONFIG, INFO,
948 "%s: line %d: suffix DN empty and default search "
949 "base provided \"%s\" (assuming okay).\n",
950 fname, lineno, default_search_base.bv_val );
952 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
953 "suffix DN empty and default "
954 "search base provided \"%s\" (assuming okay)\n",
955 fname, lineno, default_search_base.bv_val );
959 ber_bvarray_add( &be->be_suffix, &pdn );
960 ber_bvarray_add( &be->be_nsuffix, &ndn );
962 /* set database suffixAlias */
963 } else if ( strcasecmp( cargv[0], "suffixAlias" ) == 0 ) {
965 struct berval alias, palias, nalias;
966 struct berval aliased, paliased, naliased;
970 LDAP_LOG( CONFIG, CRIT,
971 "%s: line %d: missing alias and aliased_dn in "
972 "\"suffixAlias <alias> <aliased_dn>\" line.\n",
975 Debug( LDAP_DEBUG_ANY,
976 "%s: line %d: missing alias and aliased_dn in "
977 "\"suffixAlias <alias> <aliased_dn>\" line.\n",
982 } else if ( cargc < 3 ) {
984 LDAP_LOG( CONFIG, CRIT,
985 "%s: line %d: missing aliased_dn in "
986 "\"suffixAlias <alias> <aliased_dn>\" line\n",
989 Debug( LDAP_DEBUG_ANY,
990 "%s: line %d: missing aliased_dn in "
991 "\"suffixAlias <alias> <aliased_dn>\" line\n",
996 } else if ( cargc > 3 ) {
998 LDAP_LOG( CONFIG, CRIT,
999 "%s: line %d: extra cruft in suffixAlias line (ignored)\n",
1002 Debug( LDAP_DEBUG_ANY,
1003 "%s: line %d: extra cruft in suffixAlias line (ignored)\n",
1010 LDAP_LOG( CONFIG, INFO,
1011 "%s: line %d: suffix line must appear inside a database "
1012 "definition.\n", fname, lineno, 0 );
1014 Debug( LDAP_DEBUG_ANY,
1015 "%s: line %d: suffixAlias line"
1016 " must appear inside a database definition.\n",
1022 if ( load_ucdata( NULL ) < 0 ) return 1;
1024 alias.bv_val = cargv[1];
1025 alias.bv_len = strlen( cargv[1] );
1027 rc = dnPrettyNormal( NULL, &alias, &palias, &nalias );
1028 if( rc != LDAP_SUCCESS ) {
1030 LDAP_LOG( CONFIG, CRIT,
1031 "%s: line %d: alias DN is invalid.\n", fname, lineno, 0 );
1033 Debug( LDAP_DEBUG_ANY,
1034 "%s: line %d: alias DN is invalid\n",
1040 tmp_be = select_backend( &nalias, 0, 0 );
1041 free( nalias.bv_val );
1042 if ( tmp_be && tmp_be != be ) {
1044 LDAP_LOG( CONFIG, INFO,
1045 "%s: line %d: suffixAlias served by a preceeding "
1046 "backend \"%s\"\n", fname, lineno,
1047 tmp_be->be_suffix[0].bv_val );
1049 Debug( LDAP_DEBUG_ANY,
1050 "%s: line %d: suffixAlias served by"
1051 " a preceeding backend \"%s\"\n",
1052 fname, lineno, tmp_be->be_suffix[0].bv_val );
1054 free( palias.bv_val );
1058 aliased.bv_val = cargv[2];
1059 aliased.bv_len = strlen( cargv[2] );
1061 rc = dnPrettyNormal( NULL, &aliased, &paliased, &naliased );
1062 if( rc != LDAP_SUCCESS ) {
1064 LDAP_LOG( CONFIG, CRIT,
1065 "%s: line %d: aliased DN is invalid.\n", fname, lineno,0 );
1067 Debug( LDAP_DEBUG_ANY,
1068 "%s: line %d: aliased DN is invalid\n",
1071 free( palias.bv_val );
1075 tmp_be = select_backend( &naliased, 0, 0 );
1076 free( naliased.bv_val );
1077 if ( tmp_be && tmp_be != be ) {
1079 LDAP_LOG( CONFIG, INFO,
1080 "%s: line %d: suffixAlias derefs to a different backend "
1081 "a preceeding backend \"%s\"\n",
1082 fname, lineno, tmp_be->be_suffix[0].bv_val );
1084 Debug( LDAP_DEBUG_ANY,
1085 "%s: line %d: suffixAlias derefs to differnet backend"
1086 " a preceeding backend \"%s\"\n",
1087 fname, lineno, tmp_be->be_suffix[0].bv_val );
1089 free( palias.bv_val );
1090 free( paliased.bv_val );
1094 ber_bvarray_add( &be->be_suffixAlias, &palias );
1095 ber_bvarray_add( &be->be_suffixAlias, &paliased );
1097 /* set max deref depth */
1098 } else if ( strcasecmp( cargv[0], "maxDerefDepth" ) == 0 ) {
1102 LDAP_LOG( CONFIG, CRIT,
1103 "%s: line %d: missing depth in \"maxDerefDepth <depth>\""
1104 " line\n", fname, lineno, 0 );
1106 Debug( LDAP_DEBUG_ANY,
1107 "%s: line %d: missing depth in \"maxDerefDepth <depth>\" line\n",
1115 LDAP_LOG( CONFIG, INFO,
1116 "%s: line %d: depth line must appear inside a database "
1117 "definition.\n", fname, lineno ,0 );
1119 Debug( LDAP_DEBUG_ANY,
1120 "%s: line %d: depth line must appear inside a database definition.\n",
1125 } else if ((i = atoi(cargv[1])) < 0) {
1127 LDAP_LOG( CONFIG, INFO,
1128 "%s: line %d: depth must be positive.\n",
1131 Debug( LDAP_DEBUG_ANY,
1132 "%s: line %d: depth must be positive.\n",
1139 be->be_max_deref_depth = i;
1143 /* set magic "root" dn for this database */
1144 } else if ( strcasecmp( cargv[0], "rootdn" ) == 0 ) {
1147 LDAP_LOG( CONFIG, INFO,
1148 "%s: line %d: missing dn in \"rootdn <dn>\" line.\n",
1151 Debug( LDAP_DEBUG_ANY,
1152 "%s: line %d: missing dn in \"rootdn <dn>\" line\n",
1161 LDAP_LOG( CONFIG, INFO,
1162 "%s: line %d: rootdn line must appear inside a database "
1163 "definition.\n", fname, lineno ,0 );
1165 Debug( LDAP_DEBUG_ANY,
1166 "%s: line %d: rootdn line must appear inside a database definition.\n",
1174 if ( load_ucdata( NULL ) < 0 ) return 1;
1176 dn.bv_val = cargv[1];
1177 dn.bv_len = strlen( cargv[1] );
1179 rc = dnPrettyNormal( NULL, &dn,
1183 if( rc != LDAP_SUCCESS ) {
1185 LDAP_LOG( CONFIG, CRIT,
1186 "%s: line %d: rootdn DN is invalid.\n",
1189 Debug( LDAP_DEBUG_ANY,
1190 "%s: line %d: rootdn DN is invalid\n",
1197 /* set super-secret magic database password */
1198 } else if ( strcasecmp( cargv[0], "rootpw" ) == 0 ) {
1201 LDAP_LOG( CONFIG, CRIT,
1202 "%s: line %d: missing passwd in \"rootpw <passwd>\""
1203 " line\n", fname, lineno ,0 );
1205 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
1206 "missing passwd in \"rootpw <passwd>\" line\n",
1215 LDAP_LOG( CONFIG, INFO, "%s: line %d: "
1216 "rootpw line must appear inside a database "
1217 "definition.\n", fname, lineno ,0 );
1219 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
1220 "rootpw line must appear inside a database "
1227 Backend *tmp_be = select_backend( &be->be_rootndn, 0, 0 );
1229 if( tmp_be != be ) {
1231 LDAP_LOG( CONFIG, INFO,
1233 "rootpw can only be set when rootdn is under suffix\n",
1234 fname, lineno, "" );
1236 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
1237 "rootpw can only be set when rootdn is under suffix\n",
1243 be->be_rootpw.bv_val = ch_strdup( cargv[1] );
1244 be->be_rootpw.bv_len = strlen( be->be_rootpw.bv_val );
1247 /* make this database read-only */
1248 } else if ( strcasecmp( cargv[0], "readonly" ) == 0 ) {
1251 LDAP_LOG( CONFIG, CRIT,
1252 "%s: line %d: missing on|off in \"readonly <on|off>\" "
1253 "line.\n", fname, lineno ,0 );
1255 Debug( LDAP_DEBUG_ANY,
1256 "%s: line %d: missing on|off in \"readonly <on|off>\" line\n",
1263 if ( strcasecmp( cargv[1], "on" ) == 0 ) {
1264 global_restrictops |= SLAP_RESTRICT_OP_WRITES;
1266 global_restrictops &= ~SLAP_RESTRICT_OP_WRITES;
1269 if ( strcasecmp( cargv[1], "on" ) == 0 ) {
1270 be->be_restrictops |= SLAP_RESTRICT_OP_WRITES;
1272 be->be_restrictops &= ~SLAP_RESTRICT_OP_WRITES;
1277 /* allow these features */
1278 } else if ( strcasecmp( cargv[0], "allows" ) == 0 ||
1279 strcasecmp( cargv[0], "allow" ) == 0 )
1285 LDAP_LOG( CONFIG, INFO,
1286 "%s: line %d: allow line must appear prior to "
1287 "database definitions.\n", fname, lineno ,0 );
1289 Debug( LDAP_DEBUG_ANY,
1290 "%s: line %d: allow line must appear prior to database definitions\n",
1298 LDAP_LOG( CONFIG, CRIT,
1299 "%s: line %d: missing feature(s) in \"allow <features>\""
1300 " line\n", fname, lineno ,0 );
1302 Debug( LDAP_DEBUG_ANY,
1303 "%s: line %d: missing feature(s) in \"allow <features>\" line\n",
1312 for( i=1; i < cargc; i++ ) {
1313 if( strcasecmp( cargv[i], "bind_v2" ) == 0 ) {
1314 allows |= SLAP_ALLOW_BIND_V2;
1316 } else if( strcasecmp( cargv[i], "bind_anon_cred" ) == 0 ) {
1317 allows |= SLAP_ALLOW_BIND_ANON_CRED;
1319 } else if( strcasecmp( cargv[i], "bind_anon_dn" ) == 0 ) {
1320 allows |= SLAP_ALLOW_BIND_ANON_DN;
1322 } else if( strcasecmp( cargv[i], "update_anon" ) == 0 ) {
1323 allows |= SLAP_ALLOW_UPDATE_ANON;
1325 } else if( strcasecmp( cargv[i], "none" ) != 0 ) {
1327 LDAP_LOG( CONFIG, CRIT, "%s: line %d: "
1328 "unknown feature %s in \"allow <features>\" line.\n",
1329 fname, lineno, cargv[1] );
1331 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
1332 "unknown feature %s in \"allow <features>\" line\n",
1333 fname, lineno, cargv[i] );
1340 global_allows = allows;
1342 /* disallow these features */
1343 } else if ( strcasecmp( cargv[0], "disallows" ) == 0 ||
1344 strcasecmp( cargv[0], "disallow" ) == 0 )
1346 slap_mask_t disallows;
1350 LDAP_LOG( CONFIG, INFO,
1351 "%s: line %d: disallow line must appear prior to "
1352 "database definitions.\n", fname, lineno ,0 );
1354 Debug( LDAP_DEBUG_ANY,
1355 "%s: line %d: disallow line must appear prior to database definitions\n",
1363 LDAP_LOG( CONFIG, CRIT,
1364 "%s: line %d: missing feature(s) in \"disallow <features>\""
1365 " line.\n", fname, lineno ,0 );
1367 Debug( LDAP_DEBUG_ANY,
1368 "%s: line %d: missing feature(s) in \"disallow <features>\" line\n",
1377 for( i=1; i < cargc; i++ ) {
1378 if( strcasecmp( cargv[i], "bind_anon" ) == 0 ) {
1379 disallows |= SLAP_DISALLOW_BIND_ANON;
1381 } else if( strcasecmp( cargv[i], "bind_simple" ) == 0 ) {
1382 disallows |= SLAP_DISALLOW_BIND_SIMPLE;
1384 } else if( strcasecmp( cargv[i], "bind_krbv4" ) == 0 ) {
1385 disallows |= SLAP_DISALLOW_BIND_KRBV4;
1387 } else if( strcasecmp( cargv[i], "tls_2_anon" ) == 0 ) {
1388 disallows |= SLAP_DISALLOW_TLS_2_ANON;
1390 } else if( strcasecmp( cargv[i], "tls_authc" ) == 0 ) {
1391 disallows |= SLAP_DISALLOW_TLS_AUTHC;
1393 } else if( strcasecmp( cargv[i], "none" ) != 0 ) {
1395 LDAP_LOG( CONFIG, CRIT,
1396 "%s: line %d: unknown feature %s in "
1397 "\"disallow <features>\" line.\n",
1398 fname, lineno, cargv[i] );
1400 Debug( LDAP_DEBUG_ANY,
1401 "%s: line %d: unknown feature %s in \"disallow <features>\" line\n",
1402 fname, lineno, cargv[i] );
1409 global_disallows = disallows;
1411 /* require these features */
1412 } else if ( strcasecmp( cargv[0], "requires" ) == 0 ||
1413 strcasecmp( cargv[0], "require" ) == 0 )
1415 slap_mask_t requires;
1419 LDAP_LOG( CONFIG, CRIT,
1420 "%s: line %d: missing feature(s) in "
1421 "\"require <features>\" line.\n", fname, lineno ,0 );
1423 Debug( LDAP_DEBUG_ANY,
1424 "%s: line %d: missing feature(s) in \"require <features>\" line\n",
1433 for( i=1; i < cargc; i++ ) {
1434 if( strcasecmp( cargv[i], "bind" ) == 0 ) {
1435 requires |= SLAP_REQUIRE_BIND;
1437 } else if( strcasecmp( cargv[i], "LDAPv3" ) == 0 ) {
1438 requires |= SLAP_REQUIRE_LDAP_V3;
1440 } else if( strcasecmp( cargv[i], "authc" ) == 0 ) {
1441 requires |= SLAP_REQUIRE_AUTHC;
1443 } else if( strcasecmp( cargv[i], "SASL" ) == 0 ) {
1444 requires |= SLAP_REQUIRE_SASL;
1446 } else if( strcasecmp( cargv[i], "strong" ) == 0 ) {
1447 requires |= SLAP_REQUIRE_STRONG;
1449 } else if( strcasecmp( cargv[i], "none" ) != 0 ) {
1451 LDAP_LOG( CONFIG, CRIT,
1452 "%s: line %d: unknown feature %s in "
1453 "\"require <features>\" line.\n",
1454 fname, lineno , cargv[i] );
1456 Debug( LDAP_DEBUG_ANY,
1457 "%s: line %d: unknown feature %s in \"require <features>\" line\n",
1458 fname, lineno, cargv[i] );
1466 global_requires = requires;
1468 be->be_requires = requires;
1471 /* required security factors */
1472 } else if ( strcasecmp( cargv[0], "security" ) == 0 ) {
1473 slap_ssf_set_t *set;
1477 LDAP_LOG( CONFIG, CRIT,
1478 "%s: line %d: missing factor(s) in \"security <factors>\""
1479 " line.\n", fname, lineno ,0 );
1481 Debug( LDAP_DEBUG_ANY,
1482 "%s: line %d: missing factor(s) in \"security <factors>\" line\n",
1490 set = &global_ssf_set;
1492 set = &be->be_ssf_set;
1495 for( i=1; i < cargc; i++ ) {
1496 if( strncasecmp( cargv[i], "ssf=",
1497 sizeof("ssf") ) == 0 )
1500 atoi( &cargv[i][sizeof("ssf")] );
1502 } else if( strncasecmp( cargv[i], "transport=",
1503 sizeof("transport") ) == 0 )
1505 set->sss_transport =
1506 atoi( &cargv[i][sizeof("transport")] );
1508 } else if( strncasecmp( cargv[i], "tls=",
1509 sizeof("tls") ) == 0 )
1512 atoi( &cargv[i][sizeof("tls")] );
1514 } else if( strncasecmp( cargv[i], "sasl=",
1515 sizeof("sasl") ) == 0 )
1518 atoi( &cargv[i][sizeof("sasl")] );
1520 } else if( strncasecmp( cargv[i], "update_ssf=",
1521 sizeof("update_ssf") ) == 0 )
1523 set->sss_update_ssf =
1524 atoi( &cargv[i][sizeof("update_ssf")] );
1526 } else if( strncasecmp( cargv[i], "update_transport=",
1527 sizeof("update_transport") ) == 0 )
1529 set->sss_update_transport =
1530 atoi( &cargv[i][sizeof("update_transport")] );
1532 } else if( strncasecmp( cargv[i], "update_tls=",
1533 sizeof("update_tls") ) == 0 )
1535 set->sss_update_tls =
1536 atoi( &cargv[i][sizeof("update_tls")] );
1538 } else if( strncasecmp( cargv[i], "update_sasl=",
1539 sizeof("update_sasl") ) == 0 )
1541 set->sss_update_sasl =
1542 atoi( &cargv[i][sizeof("update_sasl")] );
1544 } else if( strncasecmp( cargv[i], "simple_bind=",
1545 sizeof("simple_bind") ) == 0 )
1547 set->sss_simple_bind =
1548 atoi( &cargv[i][sizeof("simple_bind")] );
1552 LDAP_LOG( CONFIG, CRIT,
1553 "%s: line %d: unknown factor %S in "
1554 "\"security <factors>\" line.\n",
1555 fname, lineno, cargv[1] );
1557 Debug( LDAP_DEBUG_ANY,
1558 "%s: line %d: unknown factor %s in \"security <factors>\" line\n",
1559 fname, lineno, cargv[i] );
1565 /* where to send clients when we don't hold it */
1566 } else if ( strcasecmp( cargv[0], "referral" ) == 0 ) {
1569 LDAP_LOG( CONFIG, CRIT,
1570 "%s: line %d: missing URL in \"referral <URL>\""
1571 " line.\n", fname, lineno , 0 );
1573 Debug( LDAP_DEBUG_ANY,
1574 "%s: line %d: missing URL in \"referral <URL>\" line\n",
1581 if( validate_global_referral( cargv[1] ) ) {
1583 LDAP_LOG( CONFIG, CRIT,
1584 "%s: line %d: invalid URL (%s) in \"referral\" line.\n",
1585 fname, lineno, cargv[1] );
1587 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
1588 "invalid URL (%s) in \"referral\" line.\n",
1589 fname, lineno, cargv[1] );
1594 vals[0].bv_val = cargv[1];
1595 vals[0].bv_len = strlen( vals[0].bv_val );
1596 if( value_add( &default_referral, vals ) )
1600 } else if ( strcasecmp( cargv[0], "logfile" ) == 0 ) {
1604 LDAP_LOG( CONFIG, CRIT,
1605 "%s: line %d: Error in logfile directive, "
1606 "\"logfile <filename>\"\n", fname, lineno , 0 );
1608 Debug( LDAP_DEBUG_ANY,
1609 "%s: line %d: Error in logfile directive, \"logfile filename\"\n",
1615 logfile = fopen( cargv[1], "w" );
1616 if ( logfile != NULL ) lutil_debug_file( logfile );
1619 /* start of a new database definition */
1620 } else if ( strcasecmp( cargv[0], "debug" ) == 0 ) {
1624 LDAP_LOG( CONFIG, CRIT,
1625 "%s: line %d: Error in debug directive, "
1626 "\"debug <subsys> <level>\"\n", fname, lineno , 0 );
1628 Debug( LDAP_DEBUG_ANY,
1629 "%s: line %d: Error in debug directive, \"debug subsys level\"\n",
1635 level = atoi( cargv[2] );
1636 if ( level <= 0 ) level = lutil_mnem2level( cargv[2] );
1637 lutil_set_debug_level( cargv[1], level );
1638 /* specify an Object Identifier macro */
1639 } else if ( strcasecmp( cargv[0], "objectidentifier" ) == 0 ) {
1640 rc = parse_oidm( fname, lineno, cargc, cargv );
1643 /* specify an objectclass */
1644 } else if ( strcasecmp( cargv[0], "objectclass" ) == 0 ) {
1645 if ( *cargv[1] == '(' /*')'*/) {
1647 p = strchr(saveline,'(' /*')'*/);
1648 rc = parse_oc( fname, lineno, p, cargv );
1653 LDAP_LOG( CONFIG, INFO,
1654 "%s: line %d: old objectclass format not supported\n",
1655 fname, lineno , 0 );
1657 Debug( LDAP_DEBUG_ANY,
1658 "%s: line %d: old objectclass format not supported.\n",
1663 #ifdef SLAP_EXTENDED_SCHEMA
1664 } else if ( strcasecmp( cargv[0], "ditcontentrule" ) == 0 ) {
1666 p = strchr(saveline,'(' /*')'*/);
1667 rc = parse_cr( fname, lineno, p, cargv );
1671 /* specify an attribute type */
1672 } else if (( strcasecmp( cargv[0], "attributetype" ) == 0 )
1673 || ( strcasecmp( cargv[0], "attribute" ) == 0 ))
1675 if ( *cargv[1] == '(' /*')'*/) {
1677 p = strchr(saveline,'(' /*')'*/);
1678 rc = parse_at( fname, lineno, p, cargv );
1683 LDAP_LOG( CONFIG, INFO,
1684 "%s: line %d: old attribute type format not supported.\n",
1685 fname, lineno , 0 );
1687 Debug( LDAP_DEBUG_ANY,
1688 "%s: line %d: old attribute type format not supported.\n",
1694 /* turn on/off schema checking */
1695 } else if ( strcasecmp( cargv[0], "schemacheck" ) == 0 ) {
1698 LDAP_LOG( CONFIG, CRIT,
1699 "%s: line %d: missing on|off in \"schemacheck <on|off>\""
1700 " line.\n", fname, lineno , 0 );
1702 Debug( LDAP_DEBUG_ANY,
1703 "%s: line %d: missing on|off in \"schemacheck <on|off>\" line\n",
1709 if ( strcasecmp( cargv[1], "off" ) == 0 ) {
1711 LDAP_LOG( CONFIG, CRIT,
1712 "%s: line %d: schema checking disabled! your mileage may "
1713 "vary!\n", fname, lineno , 0 );
1715 Debug( LDAP_DEBUG_ANY,
1716 "%s: line %d: schema checking disabled! your mileage may vary!\n",
1719 global_schemacheck = 0;
1721 global_schemacheck = 1;
1724 /* specify access control info */
1725 } else if ( strcasecmp( cargv[0], "access" ) == 0 ) {
1726 parse_acl( be, fname, lineno, cargc, cargv );
1728 /* debug level to log things to syslog */
1729 } else if ( strcasecmp( cargv[0], "loglevel" ) == 0 ) {
1732 LDAP_LOG( CONFIG, CRIT,
1733 "%s: line %d: missing level in \"loglevel <level>\""
1734 " line.\n", fname, lineno , 0 );
1736 Debug( LDAP_DEBUG_ANY,
1737 "%s: line %d: missing level in \"loglevel <level>\" line\n",
1746 for( i=1; i < cargc; i++ ) {
1747 ldap_syslog += atoi( cargv[1] );
1750 /* list of replicas of the data in this backend (master only) */
1751 } else if ( strcasecmp( cargv[0], "replica" ) == 0 ) {
1754 LDAP_LOG( CONFIG, CRIT,
1755 "%s: line %d: missing host in \"replica "
1756 " <host[:port]\" line\n", fname, lineno , 0 );
1758 Debug( LDAP_DEBUG_ANY,
1759 "%s: line %d: missing host in \"replica <host[:port]>\" line\n",
1767 LDAP_LOG( CONFIG, INFO,
1768 "%s: line %d: replica line must appear inside "
1769 "a database definition.\n", fname, lineno, 0);
1771 Debug( LDAP_DEBUG_ANY,
1772 "%s: line %d: replica line must appear inside a database definition\n",
1780 for ( i = 1; i < cargc; i++ ) {
1781 if ( strncasecmp( cargv[i], "host=", 5 )
1783 nr = add_replica_info( be,
1790 LDAP_LOG( CONFIG, INFO,
1791 "%s: line %d: missing host in \"replica\" line\n",
1792 fname, lineno , 0 );
1794 Debug( LDAP_DEBUG_ANY,
1795 "%s: line %d: missing host in \"replica\" line\n",
1800 } else if ( nr == -1 ) {
1802 LDAP_LOG( CONFIG, INFO,
1803 "%s: line %d: unable to add"
1804 " replica \"%s\"\n",
1808 Debug( LDAP_DEBUG_ANY,
1809 "%s: line %d: unable to add replica \"%s\"\n",
1810 fname, lineno, cargv[i] + 5 );
1814 for ( i = 1; i < cargc; i++ ) {
1815 if ( strncasecmp( cargv[i], "suffix=", 7 ) == 0 ) {
1817 switch ( add_replica_suffix( be, nr, cargv[i] + 7 ) ) {
1820 LDAP_LOG( CONFIG, INFO,
1821 "%s: line %d: suffix \"%s\" in \"replica\""
1822 " line is not valid for backend(ignored)\n",
1823 fname, lineno, cargv[i] + 7 );
1825 Debug( LDAP_DEBUG_ANY,
1826 "%s: line %d: suffix \"%s\" in \"replica\" line is not valid for backend (ignored)\n",
1827 fname, lineno, cargv[i] + 7 );
1833 LDAP_LOG( CONFIG, INFO,
1834 "%s: line %d: unable to normalize suffix"
1835 " in \"replica\" line (ignored)\n",
1836 fname, lineno , 0 );
1838 Debug( LDAP_DEBUG_ANY,
1839 "%s: line %d: unable to normalize suffix in \"replica\" line (ignored)\n",
1845 } else if ( strncasecmp( cargv[i], "attr", 4 ) == 0 ) {
1847 char *arg = cargv[i] + 4;
1849 if ( arg[0] == '!' ) {
1854 if ( arg[0] != '=' ) {
1858 if ( add_replica_attrs( be, nr, arg + 1, exclude ) ) {
1860 LDAP_LOG( CONFIG, INFO,
1861 "%s: line %d: attribute \"%s\" in "
1862 "\"replica\" line is unknown\n",
1863 fname, lineno, arg + 1 );
1865 Debug( LDAP_DEBUG_ANY,
1866 "%s: line %d: attribute \"%s\" in \"replica\" line is unknown\n",
1867 fname, lineno, arg + 1 );
1876 /* dn of master entity allowed to write to replica */
1877 } else if ( strcasecmp( cargv[0], "updatedn" ) == 0 ) {
1880 LDAP_LOG( CONFIG, CRIT,
1881 "%s: line %d: missing dn in \"updatedn <dn>\""
1882 " line.\n", fname, lineno , 0 );
1884 Debug( LDAP_DEBUG_ANY,
1885 "%s: line %d: missing dn in \"updatedn <dn>\" line\n",
1893 LDAP_LOG( CONFIG, INFO,
1894 "%s: line %d: updatedn line must appear inside "
1895 "a database definition\n",
1896 fname, lineno , 0 );
1898 Debug( LDAP_DEBUG_ANY,
1899 "%s: line %d: updatedn line must appear inside a database definition\n",
1907 if ( load_ucdata( NULL ) < 0 ) return 1;
1909 dn.bv_val = cargv[1];
1910 dn.bv_len = strlen( cargv[1] );
1912 rc = dnNormalize2( NULL, &dn, &be->be_update_ndn );
1913 if( rc != LDAP_SUCCESS ) {
1915 LDAP_LOG( CONFIG, CRIT,
1916 "%s: line %d: updatedn DN is invalid.\n",
1917 fname, lineno , 0 );
1919 Debug( LDAP_DEBUG_ANY,
1920 "%s: line %d: updatedn DN is invalid\n",
1927 } else if ( strcasecmp( cargv[0], "updateref" ) == 0 ) {
1930 LDAP_LOG( CONFIG, CRIT, "%s: line %d: "
1931 "missing url in \"updateref <ldapurl>\" line.\n",
1932 fname, lineno , 0 );
1934 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
1935 "missing url in \"updateref <ldapurl>\" line\n",
1943 LDAP_LOG( CONFIG, INFO, "%s: line %d: updateref"
1944 " line must appear inside a database definition\n",
1945 fname, lineno , 0 );
1947 Debug( LDAP_DEBUG_ANY, "%s: line %d: updateref"
1948 " line must appear inside a database definition\n",
1953 } else if ( !be->be_update_ndn.bv_len ) {
1955 LDAP_LOG( CONFIG, INFO, "%s: line %d: "
1956 "updateref line must come after updatedn.\n",
1957 fname, lineno , 0 );
1959 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
1960 "updateref line must after updatedn.\n",
1966 if( validate_global_referral( cargv[1] ) ) {
1968 LDAP_LOG( CONFIG, CRIT, "%s: line %d: "
1969 "invalid URL (%s) in \"updateref\" line.\n",
1970 fname, lineno, cargv[1] );
1972 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
1973 "invalid URL (%s) in \"updateref\" line.\n",
1974 fname, lineno, cargv[1] );
1979 vals[0].bv_val = cargv[1];
1980 vals[0].bv_len = strlen( vals[0].bv_val );
1981 if( value_add( &be->be_update_refs, vals ) )
1984 /* replication log file to which changes are appended */
1985 } else if ( strcasecmp( cargv[0], "replogfile" ) == 0 ) {
1988 LDAP_LOG( CONFIG, CRIT,
1989 "%s: line %d: missing filename in \"replogfile <filename>\""
1990 " line.\n", fname, lineno , 0 );
1992 Debug( LDAP_DEBUG_ANY,
1993 "%s: line %d: missing filename in \"replogfile <filename>\" line\n",
2000 be->be_replogfile = ch_strdup( cargv[1] );
2002 replogfile = ch_strdup( cargv[1] );
2005 /* file from which to read additional rootdse attrs */
2006 } else if ( strcasecmp( cargv[0], "rootDSE" ) == 0) {
2009 LDAP_LOG( CONFIG, CRIT, "%s: line %d: "
2010 "missing filename in \"rootDSE <filename>\" line.\n",
2011 fname, lineno , 0 );
2013 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
2014 "missing filename in \"rootDSE <filename>\" line.\n",
2020 if( read_root_dse_file( cargv[1] ) ) {
2022 LDAP_LOG( CONFIG, CRIT, "%s: line %d: "
2023 "could not read \"rootDSE <filename>\" line.\n",
2024 fname, lineno , 0 );
2026 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
2027 "could not read \"rootDSE <filename>\" line\n",
2033 /* maintain lastmodified{by,time} attributes */
2034 } else if ( strcasecmp( cargv[0], "lastmod" ) == 0 ) {
2037 LDAP_LOG( CONFIG, CRIT,
2038 "%s: line %d: missing on|off in \"lastmod <on|off>\""
2039 " line.\n", fname, lineno , 0 );
2041 Debug( LDAP_DEBUG_ANY,
2042 "%s: line %d: missing on|off in \"lastmod <on|off>\" line\n",
2048 if ( strcasecmp( cargv[1], "on" ) == 0 ) {
2050 be->be_flags &= ~SLAP_BFLAG_NOLASTMOD;
2056 be->be_flags |= SLAP_BFLAG_NOLASTMOD;
2063 /* turn on/off gentle SIGHUP handling */
2064 } else if ( strcasecmp( cargv[0], "gentlehup" ) == 0 ) {
2066 Debug( LDAP_DEBUG_ANY,
2067 "%s: line %d: missing on|off in \"gentlehup <on|off>\" line\n",
2071 if ( strcasecmp( cargv[1], "off" ) == 0 ) {
2072 global_gentlehup = 0;
2074 global_gentlehup = 1;
2078 /* set idle timeout value */
2079 } else if ( strcasecmp( cargv[0], "idletimeout" ) == 0 ) {
2083 LDAP_LOG( CONFIG, CRIT,
2084 "%s: line %d: missing timeout value in "
2085 "\"idletimeout <seconds>\" line.\n", fname, lineno , 0 );
2087 Debug( LDAP_DEBUG_ANY,
2088 "%s: line %d: missing timeout value in \"idletimeout <seconds>\" line\n",
2095 i = atoi( cargv[1] );
2099 LDAP_LOG( CONFIG, CRIT,
2100 "%s: line %d: timeout value (%d) invalid "
2101 "\"idletimeout <seconds>\" line.\n", fname, lineno, i );
2103 Debug( LDAP_DEBUG_ANY,
2104 "%s: line %d: timeout value (%d) invalid \"idletimeout <seconds>\" line\n",
2111 global_idletimeout = i;
2113 /* include another config file */
2114 } else if ( strcasecmp( cargv[0], "include" ) == 0 ) {
2117 LDAP_LOG( CONFIG, CRIT,
2118 "%s: line %d: missing filename in \"include "
2119 "<filename>\" line.\n", fname, lineno , 0 );
2121 Debug( LDAP_DEBUG_ANY,
2122 "%s: line %d: missing filename in \"include <filename>\" line\n",
2128 savefname = ch_strdup( cargv[1] );
2129 savelineno = lineno;
2131 if ( read_config( savefname, depth+1 ) != 0 ) {
2136 lineno = savelineno - 1;
2138 /* location of kerberos srvtab file */
2139 } else if ( strcasecmp( cargv[0], "srvtab" ) == 0 ) {
2142 LDAP_LOG( CONFIG, CRIT,
2143 "%s: line %d: missing filename in \"srvtab "
2144 "<filename>\" line.\n", fname, lineno , 0 );
2146 Debug( LDAP_DEBUG_ANY,
2147 "%s: line %d: missing filename in \"srvtab <filename>\" line\n",
2153 ldap_srvtab = ch_strdup( cargv[1] );
2155 #ifdef SLAPD_MODULES
2156 } else if (strcasecmp( cargv[0], "moduleload") == 0 ) {
2159 LDAP_LOG( CONFIG, INFO,
2160 "%s: line %d: missing filename in \"moduleload "
2161 "<filename>\" line.\n", fname, lineno , 0 );
2163 Debug( LDAP_DEBUG_ANY,
2164 "%s: line %d: missing filename in \"moduleload <filename>\" line\n",
2168 exit( EXIT_FAILURE );
2170 if (module_load(cargv[1], cargc - 2, (cargc > 2) ? cargv + 2 : NULL)) {
2172 LDAP_LOG( CONFIG, CRIT,
2173 "%s: line %d: failed to load or initialize module %s\n",
2174 fname, lineno, cargv[1] );
2176 Debug( LDAP_DEBUG_ANY,
2177 "%s: line %d: failed to load or initialize module %s\n",
2178 fname, lineno, cargv[1]);
2181 exit( EXIT_FAILURE );
2183 } else if (strcasecmp( cargv[0], "modulepath") == 0 ) {
2186 LDAP_LOG( CONFIG, INFO,
2187 "%s: line %d: missing path in \"modulepath <path>\""
2188 " line\n", fname, lineno , 0 );
2190 Debug( LDAP_DEBUG_ANY,
2191 "%s: line %d: missing path in \"modulepath <path>\" line\n",
2195 exit( EXIT_FAILURE );
2197 if (module_path( cargv[1] )) {
2199 LDAP_LOG( CONFIG, CRIT,
2200 "%s: line %d: failed to set module search path to %s.\n",
2201 fname, lineno, cargv[1] );
2203 Debug( LDAP_DEBUG_ANY,
2204 "%s: line %d: failed to set module search path to %s\n",
2205 fname, lineno, cargv[1]);
2208 exit( EXIT_FAILURE );
2211 #endif /*SLAPD_MODULES*/
2214 } else if ( !strcasecmp( cargv[0], "TLSRandFile" ) ) {
2215 rc = ldap_pvt_tls_set_option( NULL,
2216 LDAP_OPT_X_TLS_RANDOM_FILE,
2221 } else if ( !strcasecmp( cargv[0], "TLSCipherSuite" ) ) {
2222 rc = ldap_pvt_tls_set_option( NULL,
2223 LDAP_OPT_X_TLS_CIPHER_SUITE,
2228 } else if ( !strcasecmp( cargv[0], "TLSCertificateFile" ) ) {
2229 rc = ldap_pvt_tls_set_option( NULL,
2230 LDAP_OPT_X_TLS_CERTFILE,
2235 } else if ( !strcasecmp( cargv[0], "TLSCertificateKeyFile" ) ) {
2236 rc = ldap_pvt_tls_set_option( NULL,
2237 LDAP_OPT_X_TLS_KEYFILE,
2242 } else if ( !strcasecmp( cargv[0], "TLSCACertificatePath" ) ) {
2243 rc = ldap_pvt_tls_set_option( NULL,
2244 LDAP_OPT_X_TLS_CACERTDIR,
2249 } else if ( !strcasecmp( cargv[0], "TLSCACertificateFile" ) ) {
2250 rc = ldap_pvt_tls_set_option( NULL,
2251 LDAP_OPT_X_TLS_CACERTFILE,
2255 } else if ( !strcasecmp( cargv[0], "TLSVerifyClient" ) ) {
2256 if ( isdigit( (unsigned char) cargv[1][0] ) ) {
2258 rc = ldap_pvt_tls_set_option( NULL,
2259 LDAP_OPT_X_TLS_REQUIRE_CERT,
2262 rc = ldap_int_tls_config( NULL,
2263 LDAP_OPT_X_TLS_REQUIRE_CERT,
2272 } else if ( !strcasecmp( cargv[0], "reverse-lookup" ) ) {
2273 #ifdef SLAPD_RLOOKUPS
2276 LDAP_LOG( CONFIG, INFO,
2277 "%s: line %d: reverse-lookup: missing \"on\" or \"off\"\n",
2278 fname, lineno , 0 );
2280 Debug( LDAP_DEBUG_ANY,
2281 "%s: line %d: reverse-lookup: missing \"on\" or \"off\"\n",
2287 if ( !strcasecmp( cargv[1], "on" ) ) {
2288 use_reverse_lookup = 1;
2289 } else if ( !strcasecmp( cargv[1], "off" ) ) {
2290 use_reverse_lookup = 0;
2293 LDAP_LOG( CONFIG, INFO,
2294 "%s: line %d: reverse-lookup: "
2295 "must be \"on\" (default) or \"off\"\n", fname, lineno, 0 );
2297 Debug( LDAP_DEBUG_ANY,
2298 "%s: line %d: reverse-lookup: must be \"on\" (default) or \"off\"\n",
2304 #else /* !SLAPD_RLOOKUPS */
2306 LDAP_LOG( CONFIG, INFO,
2307 "%s: line %d: reverse lookups "
2308 "are not configured (ignored).\n", fname, lineno , 0 );
2310 Debug( LDAP_DEBUG_ANY,
2311 "%s: line %d: reverse lookups are not configured (ignored).\n",
2314 #endif /* !SLAPD_RLOOKUPS */
2316 /* Netscape plugins */
2317 } else if ( strcasecmp( cargv[0], "plugin" ) == 0 ) {
2318 #if defined( LDAP_SLAPI )
2321 * a "plugin" line must be inside a database
2322 * definition, since we implement pre-,post-
2323 * and extended operation plugins
2327 LDAP_LOG( CONFIG, INFO,
2328 "%s: line %d: plugin line must appear "
2329 "inside a database definition.\n",
2332 Debug( LDAP_DEBUG_ANY, "%s: line %d: plugin "
2333 "line must appear inside a database "
2334 "definition\n", fname, lineno, 0 );
2339 if ( netscape_plugin( be, fname, lineno, cargc, cargv )
2344 #else /* !defined( LDAP_SLAPI ) */
2346 LDAP_LOG( CONFIG, INFO,
2347 "%s: line %d: SLAPI not supported.\n",
2350 Debug( LDAP_DEBUG_ANY, "%s: line %d: SLAPI "
2351 "not supported.\n", fname, lineno, 0 );
2355 #endif /* !defined( LDAP_SLAPI ) */
2359 /* pass anything else to the current backend info/db config routine */
2362 if ( bi->bi_config == 0 ) {
2364 LDAP_LOG( CONFIG, INFO,
2365 "%s: line %d: unknown directive \"%s\" inside "
2366 "backend info definition (ignored).\n",
2367 fname, lineno, cargv[0] );
2369 Debug( LDAP_DEBUG_ANY,
2370 "%s: line %d: unknown directive \"%s\" inside backend info definition (ignored)\n",
2371 fname, lineno, cargv[0] );
2375 if ( (*bi->bi_config)( bi, fname, lineno, cargc, cargv )
2381 } else if ( be != NULL ) {
2382 if ( be->be_config == 0 ) {
2384 LDAP_LOG( CONFIG, INFO,
2385 "%s: line %d: uknown directive \"%s\" inside "
2386 "backend database definition (ignored).\n",
2387 fname, lineno, cargv[0] );
2389 Debug( LDAP_DEBUG_ANY,
2390 "%s: line %d: unknown directive \"%s\" inside backend database definition (ignored)\n",
2391 fname, lineno, cargv[0] );
2395 if ( (*be->be_config)( be, fname, lineno, cargc, cargv )
2403 LDAP_LOG( CONFIG, INFO,
2404 "%s: line %d: unknown directive \"%s\" outside backend "
2405 "info and database definitions (ignored).\n",
2406 fname, lineno, cargv[0] );
2408 Debug( LDAP_DEBUG_ANY,
2409 "%s: line %d: unknown directive \"%s\" outside backend info and database definitions (ignored)\n",
2410 fname, lineno, cargv[0] );
2419 if ( depth == 0 ) ch_free( cargv );
2421 if ( !global_schemadn.bv_val ) {
2422 ber_str2bv( SLAPD_SCHEMA_DN, sizeof(SLAPD_SCHEMA_DN)-1, 1,
2424 dnNormalize2( NULL, &global_schemadn, &global_schemandn );
2427 if ( load_ucdata( NULL ) < 0 ) return 1;
2439 char logbuf[sizeof("pseudorootpw ***")];
2442 token = strtok_quote( line, " \t" );
2446 if ( token && ( strcasecmp( token, "rootpw" ) == 0 ||
2447 strcasecmp( token, "replica" ) == 0 || /* contains "credentials" */
2448 strcasecmp( token, "bindpw" ) == 0 || /* used in back-ldap */
2449 strcasecmp( token, "pseudorootpw" ) == 0 || /* used in back-meta */
2450 strcasecmp( token, "dbpasswd" ) == 0 ) ) /* used in back-sql */
2452 snprintf( logline = logbuf, sizeof logbuf, "%s ***", token );
2455 if ( strtok_quote_ptr ) {
2456 *strtok_quote_ptr = ' ';
2460 LDAP_LOG( CONFIG, DETAIL1, "line %d (%s)\n", lineno, logline , 0 );
2462 Debug( LDAP_DEBUG_CONFIG, "line %d (%s)\n", lineno, logline, 0 );
2465 if ( strtok_quote_ptr ) {
2466 *strtok_quote_ptr = '\0';
2469 for ( ; token != NULL; token = strtok_quote( NULL, " \t" ) ) {
2470 if ( cargc == cargv_size - 1 ) {
2472 tmp = ch_realloc( cargv, (cargv_size + ARGS_STEP) *
2474 if ( tmp == NULL ) {
2476 LDAP_LOG( CONFIG, ERR, "line %d: out of memory\n", lineno, 0,0 );
2478 Debug( LDAP_DEBUG_ANY,
2479 "line %d: out of memory\n",
2485 cargv_size += ARGS_STEP;
2487 cargv[cargc++] = token;
2489 cargv[cargc] = NULL;
2494 strtok_quote( char *line, char *sep )
2500 strtok_quote_ptr = NULL;
2501 if ( line != NULL ) {
2504 while ( *next && strchr( sep, *next ) ) {
2508 if ( *next == '\0' ) {
2514 for ( inquote = 0; *next; ) {
2522 AC_MEMCPY( next, next + 1, strlen( next + 1 ) + 1 );
2528 next + 1, strlen( next + 1 ) + 1 );
2529 next++; /* dont parse the escaped character */
2534 if ( strchr( sep, *next ) != NULL ) {
2535 strtok_quote_ptr = next;
2548 static char buf[BUFSIZ];
2550 static size_t lmax, lcur;
2552 #define CATLINE( buf ) \
2554 size_t len = strlen( buf ); \
2555 while ( lcur + len + 1 > lmax ) { \
2557 line = (char *) ch_realloc( line, lmax ); \
2559 strcpy( line + lcur, buf ); \
2564 fp_getline( FILE *fp, int *lineno )
2572 /* hack attack - keeps us from having to keep a stack of bufs... */
2573 if ( strncasecmp( line, "include", 7 ) == 0 ) {
2578 while ( fgets( buf, sizeof(buf), fp ) != NULL ) {
2579 /* trim off \r\n or \n */
2580 if ( (p = strchr( buf, '\n' )) != NULL ) {
2581 if( p > buf && p[-1] == '\r' ) --p;
2585 /* trim off trailing \ and append the next line */
2586 if ( line[ 0 ] != '\0'
2587 && (p = line + strlen( line ) - 1)[ 0 ] == '\\'
2588 && p[ -1 ] != '\\' ) {
2593 if ( ! isspace( (unsigned char) buf[0] ) ) {
2597 /* change leading whitespace to a space */
2606 return( line[0] ? line : NULL );
2610 fp_getline_init( int *lineno )
2616 /* Loads ucdata, returns 1 if loading, 0 if already loaded, -1 on error */
2618 load_ucdata( char *path )
2620 static int loaded = 0;
2626 err = ucdata_load( path ? path : SLAPD_DEFAULT_UCDATA, UCDATA_ALL );
2629 LDAP_LOG( CONFIG, CRIT,
2630 "load_ucdata: Error %d loading ucdata.\n", err, 0,0 );
2632 Debug( LDAP_DEBUG_ANY, "error loading ucdata (error %d)\n",
2645 ucdata_unload( UCDATA_ALL );
2646 free( global_schemandn.bv_val );
2647 free( global_schemadn.bv_val );
2649 if ( slapd_args_file )
2650 free ( slapd_args_file );
2651 if ( slapd_pid_file )
2652 free ( slapd_pid_file );
2653 acl_destroy( global_acl, NULL );