]> git.sur5r.net Git - openldap/blob - servers/slapd/config.c
projects / openldap / blob
? search:


ef5bb126ed462079d3fcdb0c847395da5114eb67
[openldap] / servers / slapd / config.c
1 /* config.c - configuration file handling routines */
2 /* $OpenLDAP$ */
3 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
4  *
5  * Copyright 1998-2005 The OpenLDAP Foundation.
6  * All rights reserved.
7  *
8  * Redistribution and use in source and binary forms, with or without
9  * modification, are permitted only as authorized by the OpenLDAP
10  * Public License.
11  *
12  * A copy of this license is available in the file LICENSE in the
13  * top-level directory of the distribution or, alternatively, at
14  * <http://www.OpenLDAP.org/license.html>.
15  */
16 /* Portions Copyright (c) 1995 Regents of the University of Michigan.
17  * All rights reserved.
18  *
19  * Redistribution and use in source and binary forms are permitted
20  * provided that this notice is preserved and that due credit is given
21  * to the University of Michigan at Ann Arbor. The name of the University
22  * may not be used to endorse or promote products derived from this
23  * software without specific prior written permission. This software
24  * is provided ``as is'' without express or implied warranty.
25  */
26
27 #include "portable.h"
28
29 #include <stdio.h>
30
31 #include <ac/string.h>
32 #include <ac/ctype.h>
33 #include <ac/signal.h>
34 #include <ac/socket.h>
35 #include <ac/errno.h>
36
37 #include "slap.h"
38 #ifdef LDAP_SLAPI
39 #include "slapi/slapi.h"
40 #endif
41 #include "lutil.h"
42 #ifdef HAVE_LIMITS_H
43 #include <limits.h>
44 #endif /* HAVE_LIMITS_H */
45 #ifndef PATH_MAX
46 #define PATH_MAX 4096
47 #endif /* ! PATH_MAX */
48 #include "config.h"
49
50 #define ARGS_STEP       512
51
52 /*
53  * defaults for various global variables
54  */
55 slap_mask_t             global_allows = 0;
56 slap_mask_t             global_disallows = 0;
57 int             global_gentlehup = 0;
58 int             global_idletimeout = 0;
59 char    *global_host = NULL;
60 char    *global_realm = NULL;
61 char            *ldap_srvtab = "";
62 char            **default_passwd_hash = NULL;
63 struct berval default_search_base = BER_BVNULL;
64 struct berval default_search_nbase = BER_BVNULL;
65
66 ber_len_t sockbuf_max_incoming = SLAP_SB_MAX_INCOMING_DEFAULT;
67 ber_len_t sockbuf_max_incoming_auth= SLAP_SB_MAX_INCOMING_AUTH;
68
69 int     slap_conn_max_pending = SLAP_CONN_MAX_PENDING_DEFAULT;
70 int     slap_conn_max_pending_auth = SLAP_CONN_MAX_PENDING_AUTH;
71
72 char   *slapd_pid_file  = NULL;
73 char   *slapd_args_file = NULL;
74
75 char   *strtok_quote_ptr;
76
77 int use_reverse_lookup = 0;
78
79 #ifdef LDAP_SLAPI
80 int slapi_plugins_used = 0;
81 #endif
82
83 static int fp_getline(FILE *fp, ConfigArgs *c);
84 static void fp_getline_init(ConfigArgs *c);
85 static int fp_parse_line(ConfigArgs *c);
86
87 static char     *strtok_quote(char *line, char *sep);
88 #if 0
89 static int load_ucdata(char *path);
90 #endif
91
92 /* state info for back-config */
93 static ConfigFile cf_prv, *cfn = &cf_prv;
94
95 int read_config_file(const char *fname, int depth, ConfigArgs *cf);
96
97 static int add_syncrepl LDAP_P(( Backend *, char **, int ));
98 static int parse_syncrepl_line LDAP_P(( char **, int, syncinfo_t *));
99
100 int config_generic(ConfigArgs *c);
101 int config_search_base(ConfigArgs *c);
102 int config_passwd_hash(ConfigArgs *c);
103 int config_schema_dn(ConfigArgs *c);
104 int config_sizelimit(ConfigArgs *c);
105 int config_timelimit(ConfigArgs *c);
106 int config_limits(ConfigArgs *c); 
107 int config_overlay(ConfigArgs *c);
108 int config_suffix(ConfigArgs *c); 
109 int config_deref_depth(ConfigArgs *c);
110 int config_rootdn(ConfigArgs *c);
111 int config_rootpw(ConfigArgs *c);
112 int config_restrict(ConfigArgs *c);
113 int config_allows(ConfigArgs *c);
114 int config_disallows(ConfigArgs *c);
115 int config_requires(ConfigArgs *c);
116 int config_security(ConfigArgs *c);
117 int config_referral(ConfigArgs *c);
118 int config_loglevel(ConfigArgs *c);
119 int config_syncrepl(ConfigArgs *c);
120 int config_replica(ConfigArgs *c);
121 int config_updatedn(ConfigArgs *c);
122 int config_updateref(ConfigArgs *c);
123 int config_include(ConfigArgs *c);
124 #ifdef HAVE_TLS
125 int config_tls_option(ConfigArgs *c);
126 int config_tls_verify(ConfigArgs *c);
127 #endif
128 #ifdef LDAP_SLAPI
129 int config_plugin(ConfigArgs *c);
130 #endif
131 int config_pluginlog(ConfigArgs *c);
132
133 enum {
134         CFG_ACL = 1,
135         CFG_BACKEND,
136         CFG_DATABASE,
137         CFG_TLS_RAND,
138         CFG_TLS_CIPHER,
139         CFG_TLS_CERT_FILE,
140         CFG_TLS_CERT_KEY,
141         CFG_TLS_CA_PATH,
142         CFG_TLS_CA_FILE,
143         CFG_TLS_VERIFY,
144         CFG_TLS_CRLCHECK,
145         CFG_SIZE,
146         CFG_TIME,
147         CFG_CONCUR,
148         CFG_THREADS,
149         CFG_SALT,
150         CFG_LIMITS,
151         CFG_RO,
152         CFG_REWRITE,
153         CFG_DEPTH,
154         CFG_OID,
155         CFG_OC,
156         CFG_DIT,
157         CFG_ATTR,
158         CFG_ATOPT,
159         CFG_CHECK,
160         CFG_AUDITLOG,
161         CFG_REPLOG,
162         CFG_ROOTDSE,
163         CFG_LOGFILE,
164         CFG_PLUGIN,
165         CFG_MODLOAD,
166         CFG_MODPATH,
167         CFG_LASTMOD,
168         CFG_AZPOLICY,
169         CFG_AZREGEXP,
170         CFG_SASLSECP
171 };
172
173 typedef struct {
174         char *name, *oid;
175 } OidRec;
176
177 static OidRec OidMacros[] = {
178         { "OLcfg", "1.3.6.1.4.1.4203.666.11.1" },
179         { "OLcfgAt", "OLcfg:3" },
180         { "OLcfgOc", "OLcfg:4" },
181         { "OMsyn", "1.3.6.1.4.1.1466.115.121.1" },
182         { "OMsInteger", "OMsyn:2" },
183         { "OMsBoolean", "OMsyn:7" },
184         { "OMsDN", "OMsyn:12" },
185         { "OMsDirectoryString", "OMsyn:15" },
186         { "OMsOctetString", "OMsyn:40" },
187         { NULL, NULL }
188 };
189
190 /* alphabetical ordering */
191
192 ConfigTable SystemConfiguration[] = {
193         { "access",     NULL, 0, 0, 0, ARG_MAY_DB|ARG_MAGIC|CFG_ACL,
194                 &config_generic, "( OLcfgAt:1 NAME 'olcAccess' "
195                         "DESC 'Access Control List' "
196                         "EQUALITY caseIgnoreMatch "
197                         "SYNTAX OMsDirectoryString X-ORDERED 'VALUES' )", NULL, NULL },
198         { "allows",     "features", 2, 0, 5, ARG_PRE_DB|ARG_MAGIC,
199                 &config_allows, "( OLcfgAt:2 NAME 'olcAllows' "
200                         "DESC 'Allowed set of deprecated features' "
201                         "EQUALITY caseIgnoreMatch "
202                         "SYNTAX OMsDirectoryString )", NULL, NULL },
203         { "argsfile", "file", 2, 2, 0, ARG_STRING,
204                 &slapd_args_file, "( OLcfgAt:3 NAME 'olcArgsFile' "
205                         "DESC 'File for slapd command line options' "
206                         "EQUALITY caseIgnoreMatch "
207                         "SYNTAX OMsDirectoryString )", NULL, NULL },
208         /* Use standard 'attributeTypes' attr */
209         { "attribute",  "attribute", 2, 0, 9, ARG_PAREN|ARG_MAGIC|CFG_ATTR,
210                 &config_generic, NULL, NULL, NULL },
211         { "attributeoptions", NULL, 0, 0, 0, ARG_MAGIC|CFG_ATOPT,
212                 &config_generic, "( OLcfgAt:5 NAME 'olcAttributeOptions' "
213                         "EQUALITY caseIgnoreMatch "
214                         "SYNTAX OMsDirectoryString )", NULL, NULL },
215 #ifdef SLAP_AUTH_REWRITE
216         { "auth-rewrite", NULL, 2, 2, 14, ARG_MAGIC|CFG_REWRITE,
217                 &config_generic, "( OLcfgAt:6 NAME 'olcAuthRewrite' "
218                         "EQUALITY caseIgnoreMatch "
219                         "SYNTAX OMsDirectoryString )", NULL, NULL },
220 #endif
221         { "authz-policy", "policy", 2, 2, 0, ARG_MAGIC|CFG_AZPOLICY,
222                 &config_generic, "( OLcfgAt:7 NAME 'olcAuthzPolicy' "
223                         "EQUALITY caseIgnoreMatch "
224                         "SYNTAX OMsDirectoryString )", NULL, NULL },
225         { "authz-regexp", NULL, 3, 3, 0, ARG_MAGIC|CFG_AZREGEXP,
226                 &config_generic, "( OLcfgAt:8 NAME 'olcAuthzRegexp' "
227                         "EQUALITY caseIgnoreMatch "
228                         "SYNTAX OMsDirectoryString X-ORDERED 'VALUES' )", NULL, NULL },
229         { "backend", "type", 2, 2, 0, ARG_PRE_DB|ARG_MAGIC|CFG_BACKEND,
230                 &config_generic, "( OLcfgAt:9 NAME 'olcBackend' "
231                         "DESC 'A type of backend' "
232                         "EQUALITY caseIgnoreMatch "
233                         "SYNTAX OMsDirectoryString )", NULL, NULL },
234         { "concurrency", "level", 2, 2, 0, ARG_LONG|ARG_NONZERO|ARG_MAGIC|CFG_CONCUR,
235                 &config_generic, "( OLcfgAt:10 NAME 'olcConcurrency' "
236                         "SYNTAX OMsInteger )", NULL, NULL },
237         { "conn_max_pending", "max", 2, 2, 0, ARG_LONG,
238                 &slap_conn_max_pending, "( OLcfgAt:11 NAME 'olcConnMaxPending' "
239                         "SYNTAX OMsInteger )", NULL, NULL },
240         { "conn_max_pending_auth", "max", 2, 2, 0, ARG_LONG,
241                 &slap_conn_max_pending_auth, "( OLcfgAt:12 NAME 'olcConnMaxPendingAuth' "
242                         "SYNTAX OMsInteger )", NULL, NULL },
243         { "database", "type", 2, 2, 0, ARG_MAGIC|CFG_DATABASE,
244                 &config_generic, "( OLcfgAt:13 NAME 'olcDatabase' "
245                         "DESC 'The backend type for a database instance' "
246                         "SUP olcBackend )", NULL, NULL },
247         { "defaultSearchBase", "dn", 2, 2, 0, ARG_PRE_BI|ARG_PRE_DB|ARG_DN|ARG_MAGIC,
248                 &config_search_base, "( OLcfgAt:14 NAME 'olcDefaultSearchBase' "
249                         "SYNTAX OMsDN )", NULL, NULL },
250         { "disallows", "features", 2, 0, 8, ARG_PRE_DB|ARG_MAGIC,
251                 &config_disallows, "( OLcfgAt:15 NAME 'olcDisallows' "
252                         "EQUALITY caseIgnoreMatch "
253                         "SYNTAX OMsDirectoryString )", NULL, NULL },
254         /* use standard schema */
255         { "ditcontentrule",     NULL, 0, 0, 0, ARG_MAGIC|CFG_DIT,
256                 &config_generic, NULL, NULL, NULL },
257 #ifdef SIGHUP
258         { "gentlehup", "on|off", 2, 2, 0, ARG_ON_OFF,
259                 &global_gentlehup, "( OLcfgAt:17 NAME 'olcGentleHUP' "
260                         "SYNTAX OMsBoolean )", NULL, NULL },
261 #else
262         { "gentlehup", NULL, 2, 2, 0, ARG_IGNORED,
263                 NULL, NULL, NULL, NULL },
264 #endif
265         { "idletimeout", "timeout", 2, 2, 0, ARG_INT,
266                 &global_idletimeout, "( OLcfgAt:18 NAME 'olcIdleTimeout' "
267                         "SYNTAX OMsInteger )", NULL, NULL },
268 /* XXX -- special case? */
269         { "include", "file", 2, 2, 0, ARG_MAGIC,
270                 &config_include, "( OLcfgAt:19 NAME 'olcInclude' "
271                         "SUP labeledURI )", NULL, NULL },
272         { "index_substr_if_minlen", "min", 2, 2, 0, ARG_INT|ARG_NONZERO,
273                 &index_substr_if_minlen, "( OLcfgAt:20 NAME 'olcIndexSubstrIfMinLen' "
274                         "SYNTAX OMsInteger )", NULL, NULL },
275         { "index_substr_if_maxlen", "max", 2, 2, 0, ARG_INT|ARG_NONZERO|ARG_SPECIAL,
276                 &index_substr_if_maxlen, "( OLcfgAt:21 NAME 'olcIndexSubstrIfMaxLen' "
277                         "SYNTAX OMsInteger )", NULL, NULL },
278         { "index_substr_any_len", "len", 2, 2, 0, ARG_INT|ARG_NONZERO,
279                 &index_substr_any_len, "( OLcfgAt:22 NAME 'olcIndexSubstrAnyLen' "
280                         "SYNTAX OMsInteger )", NULL, NULL },
281         { "index_substr_step", "step", 2, 2, 0, ARG_INT|ARG_NONZERO,
282                 &index_substr_any_step, "( OLcfgAt:23 NAME 'olcIndexSubstrAnyStep' "
283                         "SYNTAX OMsInteger )", NULL, NULL },
284         { "lastmod", "on|off", 2, 2, 0, ARG_DB|ARG_ON_OFF|ARG_MAGIC|CFG_LASTMOD,
285                 &config_generic, "( OLcfgAt:24 NAME 'olcLastMod' "
286                         "SYNTAX OMsBoolean )", NULL, NULL },
287         { "limits", "limits", 2, 0, 0, ARG_DB|ARG_MAGIC|CFG_LIMITS,
288                 &config_generic, "( OLcfgAt:25 NAME 'olcLimits' "
289                         "SYNTAX OMsDirectoryString )", NULL, NULL },
290         { "localSSF", "ssf", 2, 2, 0, ARG_LONG,
291                 &local_ssf, "( OLcfgAt:26 NAME 'olcLocalSSF' "
292                         "SYNTAX OMsInteger )", NULL, NULL },
293         { "logfile", "file", 2, 2, 0, ARG_MAGIC|CFG_LOGFILE,
294                 &config_generic, "( OLcfgAt:27 NAME 'olcLogFile' "
295                         "SYNTAX OMsDirectoryString )", NULL, NULL },
296         { "loglevel", "level", 2, 0, 0, ARG_MAGIC,
297                 &config_loglevel, "( OLcfgAt:28 NAME 'olcLogLevel' "
298                         "SYNTAX OMsDirectoryString )", NULL, NULL },
299         { "maxDerefDepth", "depth", 2, 2, 0, ARG_DB|ARG_INT|ARG_MAGIC|CFG_DEPTH,
300                 &config_generic, "( OLcfgAt:29 NAME 'olcMaxDerefDepth' "
301                         "SYNTAX OMsInteger )", NULL, NULL },
302 #ifdef SLAPD_MODULES
303         { "moduleload", "file", 2, 0, 0, ARG_MAGIC|CFG_MODLOAD,
304                 &config_generic, "( OLcfgAt:30 NAME 'olcModuleLoad' "
305                         "SYNTAX OMsDirectoryString )", NULL, NULL },
306         { "modulepath", "path", 2, 2, 0, ARG_MAGIC|CFG_MODPATH,
307                 &config_generic, "( OLcfgAt:31 NAME 'olcModulePath' "
308                         "SYNTAX OMsDirectoryString )", NULL, NULL },
309 #endif
310         /* use standard schema */
311         { "objectclass", "objectclass", 2, 0, 0, ARG_PAREN|ARG_MAGIC|CFG_OC,
312                 &config_generic, NULL, NULL, NULL },
313         { "objectidentifier", NULL,     0, 0, 0, ARG_MAGIC|CFG_OID,
314                 &config_generic, "( OLcfgAt:33 NAME 'olcObjectIdentifier' "
315                         "SYNTAX OMsDirectoryString )", NULL, NULL },
316         { "overlay", "overlay", 2, 2, 0, ARG_MAGIC,
317                 &config_overlay, "( OLcfgAt:34 NAME 'olcOverlay' "
318                         "SUP olcDatabase )", NULL, NULL },
319         { "password-crypt-salt-format", "salt", 2, 2, 0, ARG_MAGIC|CFG_SALT,
320                 &config_generic, "( OLcfgAt:35 NAME 'olcPasswordCryptSaltFormat' "
321                         "SYNTAX OMsDirectoryString )", NULL, NULL },
322         { "password-hash", "hash", 2, 2, 0, ARG_MAGIC,
323                 &config_passwd_hash, "( OLcfgAt:36 NAME 'olcPasswordHash' "
324                         "SYNTAX OMsDirectoryString )", NULL, NULL },
325         { "pidfile", "file", 2, 2, 0, ARG_STRING,
326                 &slapd_pid_file, "( OLcfgAt:37 NAME 'olcPidFile' "
327                         "SYNTAX OMsDirectoryString )", NULL, NULL },
328 #ifdef LDAP_SLAPI
329         { "plugin", NULL, 0, 0, 0, ARG_MAGIC|CFG_PLUGIN,
330                 &config_generic, "( OLcfgAt:38 NAME 'olcPlugin' "
331                         "SYNTAX OMsDirectoryString )", NULL, NULL },
332         { "pluginlog", "filename", 2, 2, 0, ARG_STRING,
333                 &slapi_log_file, "( OLcfgAt:39 NAME 'olcPluginLogFile' "
334                         "SYNTAX OMsDirectoryString )", NULL, NULL },
335 #else
336         { "plugin", NULL, 0, 0, 0, ARG_IGNORED,
337                 NULL, NULL, NULL, NULL },
338         { "pluginlog", NULL, 0, 0, 0, ARG_IGNORED,
339                 NULL, NULL, NULL, NULL },
340 #endif
341         { "readonly", "on|off", 2, 2, 0, ARG_MAY_DB|ARG_ON_OFF|ARG_MAGIC|CFG_RO,
342                 &config_generic, "( OLcfgAt:40 NAME 'olcReadOnly' "
343                         "SYNTAX OMsBoolean )", NULL, NULL },
344         { "referral", "url", 2, 2, 0, ARG_MAGIC,
345                 &config_referral, "( OLcfgAt:41 NAME 'olcReferral' "
346                         "SUP labeledURI )", NULL, NULL },
347         { "replica", "host or uri", 2, 0, 0, ARG_DB|ARG_MAGIC,
348                 &config_replica, "( OLcfgAt:42 NAME 'olcReplica' "
349                         "SUP labeledURI )", NULL, NULL },
350         { "replica-pidfile", NULL, 0, 0, 0, ARG_IGNORED,
351                 NULL, "( OLcfgAt:43 NAME 'olcReplicaPidFile' "
352                         "SYNTAX OMsDirectoryString )", NULL, NULL },
353         { "replica-argsfile", NULL, 0, 0, 0, ARG_IGNORED,
354                 NULL, "( OLcfgAt:44 NAME 'olcReplicaArgsFile' "
355                         "SYNTAX OMsDirectoryString )", NULL, NULL },
356         { "replicationInterval", NULL, 0, 0, 0, ARG_IGNORED,
357                 NULL, "( OLcfgAt:45 NAME 'olcReplicationInterval' "
358                         "SYNTAX OMsInteger )", NULL, NULL },
359         { "replogfile", "filename", 2, 2, 0, ARG_MAY_DB|ARG_MAGIC|ARG_STRING|CFG_REPLOG,
360                 &config_generic, "( OLcfgAt:46 NAME 'olcReplogFile' "
361                         "SYNTAX OMsDirectoryString )", NULL, NULL },
362         { "require", "features", 2, 0, 7, ARG_MAY_DB|ARG_MAGIC,
363                 &config_requires, "( OLcfgAt:47 NAME 'olcRequires' "
364                         "SYNTAX OMsDirectoryString )", NULL, NULL },
365         { "restrict", "op_list", 2, 0, 0, ARG_MAGIC,
366                 &config_restrict, "( OLcfgAt:48 NAME 'olcRestrict' "
367                         "SYNTAX OMsDirectoryString )", NULL, NULL },
368 #ifdef SLAPD_RLOOKUPS
369         { "reverse-lookup", "on|off", 2, 2, 0, ARG_ON_OFF,
370                 &use_reverse_lookup, "( OLcfgAt:49 NAME 'olcReverseLookup' "
371                         "SYNTAX OMsBoolean )", NULL, NULL },
372 #else
373         { "reverse-lookup", NULL, 2, 2, 0, ARG_IGNORED,
374                 NULL, NULL, NULL, NULL },
375 #endif
376         { "rootdn", "dn", 2, 2, 0, ARG_DB|ARG_DN|ARG_MAGIC,
377                 &config_rootdn, "( OLcfgAt:50 NAME 'olcRootDN' "
378                         "SYNTAX OMsDN )", NULL, NULL },
379         { "rootDSE", "file", 2, 2, 0, ARG_MAGIC|CFG_ROOTDSE,
380                 &config_generic, "( OLcfgAt:51 NAME 'olcRootDSE' "
381                         "SYNTAX OMsDirectoryString )", NULL, NULL },
382         { "rootpw", "password", 2, 2, 0, ARG_DB|ARG_MAGIC,
383                 &config_rootpw, "( OLcfgAt:52 NAME 'olcRootPW' "
384                         "SYNTAX OMsOctetString )", NULL, NULL },
385         { "sasl-authz-policy", NULL, 2, 2, 0, ARG_MAGIC|CFG_AZPOLICY,
386                 &config_generic, NULL, NULL, NULL },
387 #ifdef HAVE_CYRUS_SASL
388         { "sasl-host", "host", 2, 2, 0, ARG_STRING|ARG_UNIQUE,
389                 &global_host, "( OLcfgAt:53 NAME 'olcSaslHost' "
390                         "SYNTAX OMsDirectoryString )", NULL, NULL },
391         { "sasl-realm", "realm", 2, 2, 0, ARG_STRING|ARG_UNIQUE,
392                 &global_realm, "( OLcfgAt:54 NAME 'olcSaslRealm' "
393                         "SYNTAX OMsDirectoryString )", NULL, NULL },
394         { "sasl-regexp", NULL, 2, 2, 0, ARG_MAGIC|CFG_AZREGEXP,
395                 &config_generic, NULL, NULL, NULL },
396         { "sasl-secprops", "properties", 2, 2, 0, ARG_MAGIC|CFG_SASLSECP,
397                 &config_generic, "( OLcfgAt:56 NAME 'olcSaslSecProps' "
398                         "SYNTAX OMsDirectoryString )", NULL, NULL },
399 #else
400         { "sasl-host", NULL, 2, 2, 0, ARG_IGNORED,
401                 NULL, NULL, NULL, NULL },
402         { "sasl-realm", NULL, 2, 2, 0, ARG_IGNORED,
403                 NULL, NULL, NULL, NULL },
404         { "sasl-regexp", NULL, 2, 2, 0, ARG_MAGIC|CFG_AZREGEXP,
405                 &config_generic, NULL, NULL, NULL },
406         { "sasl-secprops", NULL, 2, 2, 0, ARG_IGNORED,
407                 NULL, NULL, NULL, NULL },
408 #endif
409         { "saslRegexp", NULL, 2, 2, 0, ARG_MAGIC|CFG_AZREGEXP,
410                 &config_generic, NULL, NULL, NULL },
411         { "schemacheck", "on|off", 2, 2, 0, ARG_ON_OFF|ARG_MAGIC|CFG_CHECK,
412                 &config_generic, "( OLcfgAt:57 NAME 'olcSchemaCheck' "
413                         "SYNTAX OMsBoolean )", NULL, NULL },
414         { "schemadn", "dn", 2, 2, 0, ARG_MAY_DB|ARG_DN|ARG_MAGIC,
415                 &config_schema_dn, "( OLcfgAt:58 NAME 'olcSchemaDN' "
416                         "SYNTAX OMsDN )", NULL, NULL },
417         { "security", "factors", 2, 0, 0, ARG_MAY_DB|ARG_MAGIC,
418                 &config_security, "( OLcfgAt:59 NAME 'olcSecurity' "
419                         "SYNTAX OMsDirectoryString )", NULL, NULL },
420         { "sizelimit", "limit", 2, 2, 0, ARG_MAY_DB|ARG_MAGIC|CFG_SIZE,
421                 &config_sizelimit, "( OLcfgAt:60 NAME 'olcSizeLimit' "
422                         "SYNTAX OMsInteger )", NULL, NULL },
423         { "sockbuf_max_incoming", "max", 2, 2, 0, ARG_LONG,
424                 &sockbuf_max_incoming, "( OLcfgAt:61 NAME 'olcSockbufMaxIncoming' "
425                         "SYNTAX OMsInteger )", NULL, NULL },
426         { "sockbuf_max_incoming_auth", "max", 2, 2, 0, ARG_LONG,
427                 &sockbuf_max_incoming_auth, "( OLcfgAt:62 NAME 'olcSockbufMaxIncomingAuth' "
428                         "SYNTAX OMsInteger )", NULL, NULL },
429 #ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
430         { "srvtab", "file", 2, 2, 0, ARG_STRING,
431                 &ldap_srvtab, "( OLcfgAt:63 NAME 'olcSrvtab' "
432                         "SYNTAX OMsDirectoryString )", NULL, NULL },
433 #endif
434         { "suffix",     "suffix", 2, 2, 0, ARG_DB|ARG_DN|ARG_MAGIC,
435                 &config_suffix, "( OLcfgAt:64 NAME 'olcSuffix' "
436                         "SYNTAX OMsDN )", NULL, NULL },
437         { "syncrepl", NULL, 0, 0, 0, ARG_DB|ARG_MAGIC,
438                 &config_syncrepl, "( OLcfgAt:65 NAME 'olcSyncrepl' "
439                         "SYNTAX OMsDirectoryString )", NULL, NULL },
440         { "threads", "count", 2, 2, 0, ARG_INT|ARG_MAGIC|CFG_THREADS,
441                 &config_generic, "( OLcfgAt:66 NAME 'olcThreads' "
442                         "SYNTAX OMsInteger )", NULL, NULL },
443         { "timelimit", "limit", 2, 2, 0, ARG_MAY_DB|ARG_MAGIC|CFG_TIME,
444                 &config_timelimit, "( OLcfgAt:67 NAME 'olcTimeLimit' "
445                         "SYNTAX OMsInteger )", NULL, NULL },
446 #ifdef HAVE_TLS
447         { "TLSCACertificateFile", NULL, 0, 0, 0, CFG_TLS_CA_FILE|ARG_MAGIC,
448                 &config_tls_option, "( OLcfgAt:68 NAME 'olcTLSCACertificateFile' "
449                         "SYNTAX OMsDirectoryString )", NULL, NULL },
450         { "TLSCACertificatePath", NULL, 0, 0, 0, CFG_TLS_CA_PATH|ARG_MAGIC,
451                 &config_tls_option, "( OLcfgAt:69 NAME 'olcTLSCACertificatePath' "
452                         "SYNTAX OMsDirectoryString )", NULL, NULL },
453         { "TLSCertificateFile", NULL, 0, 0, 0, CFG_TLS_CERT_FILE|ARG_MAGIC,
454                 &config_tls_option, "( OLcfgAt:70 NAME 'olcTLSCertificateFile' "
455                         "SYNTAX OMsDirectoryString )", NULL, NULL },
456         { "TLSCertificateKeyFile", NULL, 0, 0, 0, CFG_TLS_CERT_KEY|ARG_MAGIC,
457                 &config_tls_option, "( OLcfgAt:71 NAME 'olcTLSCertificateKeyFile' "
458                         "SYNTAX OMsDirectoryString )", NULL, NULL },
459         { "TLSCipherSuite",     NULL, 0, 0, 0, CFG_TLS_CIPHER|ARG_MAGIC,
460                 &config_tls_option, "( OLcfgAt:72 NAME 'olcTLSCipherSuite' "
461                         "SYNTAX OMsDirectoryString )", NULL, NULL },
462         { "TLSCRLCheck", NULL, 0, 0, 0, CFG_TLS_CRLCHECK|ARG_MAGIC,
463                 &config_tls_option,     "( OLcfgAt:73 NAME 'olcTLSCRLCheck' "
464                         "SYNTAX OMsDirectoryString )", NULL, NULL },
465         { "TLSRandFile", NULL, 0, 0, 0, CFG_TLS_RAND|ARG_MAGIC,
466                 &config_tls_option, "( OLcfgAt:74 NAME 'olcTLSRandFile' "
467                         "SYNTAX OMsDirectoryString )", NULL, NULL },
468         { "TLSVerifyClient", NULL, 0, 0, 0, CFG_TLS_VERIFY|ARG_MAGIC,
469                 &config_tls_verify, "( OLcfgAt:75 NAME 'olcTLSVerifyClient' "
470                         "SYNTAX OMsDirectoryString )", NULL, NULL },
471 #endif
472         { "ucdata-path", "path", 2, 2, 0, ARG_IGNORED,
473                 NULL, NULL, NULL, NULL },
474         { "updatedn", "dn", 2, 2, 0, ARG_DB|ARG_MAGIC,
475                 &config_updatedn, "( OLcfgAt:76 NAME 'olcUpdateDN' "
476                         "SYNTAX OMsDN )", NULL, NULL },
477         { "updateref", "url", 2, 2, 0, ARG_DB|ARG_MAGIC,
478                 &config_updateref, "( OLcfgAt:77 NAME 'olcUpdateRef' "
479                         "SUP labeledURI )", NULL, NULL },
480         { NULL, NULL, 0, 0, 0, ARG_IGNORED,
481                 NULL, NULL, NULL, NULL }
482 };
483
484
485 ConfigArgs *
486 new_config_args( BackendDB *be, const char *fname, int lineno, int argc, char **argv )
487 {
488         ConfigArgs *c;
489         c = ch_calloc( 1, sizeof( ConfigArgs ) );
490         if ( c == NULL ) return(NULL);
491         c->be     = be; 
492         c->fname  = fname;
493         c->argc   = argc;
494         c->argv   = argv; 
495         c->lineno = lineno;
496         snprintf( c->log, sizeof( c->log ), "%s: line %lu", fname, lineno );
497         return(c);
498 }
499
500 int parse_config_table(ConfigTable *Conf, ConfigArgs *c) {
501         int i, rc, arg_user, arg_type, iarg;
502         long larg;
503         ber_len_t barg;
504         for(i = 0; Conf[i].name; i++)
505                 if( (Conf[i].length && (!strncasecmp(c->argv[0], Conf[i].name, Conf[i].length))) ||
506                         (!strcasecmp(c->argv[0], Conf[i].name)) ) break;
507         if(!Conf[i].name) return(ARG_UNKNOWN);
508         arg_type = Conf[i].arg_type;
509         if(arg_type == ARG_IGNORED) {
510                 Debug(LDAP_DEBUG_CONFIG, "%s: keyword <%s> ignored\n",
511                         c->log, Conf[i].name, 0);
512                 return(0);
513         }
514         if(Conf[i].min_args && (c->argc < Conf[i].min_args)) {
515                 Debug(LDAP_DEBUG_CONFIG, "%s: keyword <%s> missing <%s> argument\n",
516                         c->log, Conf[i].name, Conf[i].what);
517                 return(ARG_BAD_CONF);
518         }
519         if(Conf[i].max_args && (c->argc > Conf[i].max_args)) {
520                 Debug(LDAP_DEBUG_CONFIG, "%s: extra cruft after <%s> in <%s> line (ignored)\n",
521                         c->log, Conf[i].what, Conf[i].name);
522         }
523         if((arg_type & ARG_DB) && !c->be) {
524                 Debug(LDAP_DEBUG_CONFIG, "%s: keyword <%s> allowed only within database declaration\n",
525                         c->log, Conf[i].name, 0);
526                 return(ARG_BAD_CONF);
527         }
528         if((arg_type & ARG_PRE_BI) && c->bi) {
529                 Debug(LDAP_DEBUG_CONFIG, "%s: keyword <%s> must appear before any backend %sdeclaration\n",
530                         c->log, Conf[i].name, ((arg_type & ARG_PRE_DB)
531                         ? "or database " : "") );
532                 return(ARG_BAD_CONF);
533         }
534         if((arg_type & ARG_PRE_DB) && c->be && c->be != frontendDB) {
535                 Debug(LDAP_DEBUG_CONFIG, "%s: keyword <%s> must appear before any database declaration\n",
536                         c->log, Conf[i].name, 0);
537                 return(ARG_BAD_CONF);
538         }
539         if((arg_type & ARG_PAREN) && *c->argv[1] != '(' /*')'*/) {
540                 Debug(LDAP_DEBUG_CONFIG, "%s: old <%s> format not supported\n",
541                         c->log, Conf[i].name, 0);
542                 return(ARG_BAD_CONF);
543         }
544         if((arg_type & ARGS_POINTER) && !Conf[i].arg_item) {
545                 Debug(LDAP_DEBUG_CONFIG, "%s: null arg_item for <%s>\n",
546                         c->log, Conf[i].name, 0);
547                 return(ARG_BAD_CONF);
548         }
549         c->type = arg_user = (arg_type & ARGS_USERLAND);
550         memset(&c->values, 0, sizeof(c->values));
551         if(arg_type & ARGS_NUMERIC) {
552                 int j;
553                 iarg = 0; larg = 0; barg = 0;
554                 switch(arg_type & ARGS_NUMERIC) {
555                         case ARG_INT:           iarg = atoi(c->argv[1]);                break;
556                         case ARG_LONG:          larg = atol(c->argv[1]);                break;
557                         case ARG_BER_LEN_T:     barg = (ber_len_t)atol(c->argv[1]);     break;
558                         case ARG_ON_OFF:
559                                 if(!strcasecmp(c->argv[1], "on") ||
560                                         !strcasecmp(c->argv[1], "true")) {
561                                         iarg = 1;
562                                 } else if(!strcasecmp(c->argv[1], "off") ||
563                                         !strcasecmp(c->argv[1], "false")) {
564                                         iarg = 0;
565                                 } else {
566                                         Debug(LDAP_DEBUG_CONFIG, "%s: ignoring ", c->log, 0, 0);
567                                         Debug(LDAP_DEBUG_CONFIG, "invalid %s value (%s) in <%s> line\n",
568                                                 Conf[i].what, c->argv[1], Conf[i].name);
569                                         return(0);
570                                 }
571                                 break;
572                 }
573                 j = (arg_type & ARG_NONZERO) ? 1 : 0;
574                 rc = (Conf == SystemConfiguration) ? ((arg_type & ARG_SPECIAL) && (larg < index_substr_if_maxlen)) : 0;
575                 if(iarg < j || larg < j || barg < j || rc) {
576                         larg = larg ? larg : (barg ? barg : iarg);
577                         Debug(LDAP_DEBUG_CONFIG, "%s: " , c->log, 0, 0);
578                         Debug(LDAP_DEBUG_CONFIG, "invalid %s value (%ld) in <%s> line\n", Conf[i].what, larg, Conf[i].name);
579                         return(ARG_BAD_CONF);
580                 }
581                 switch(arg_type & ARGS_NUMERIC) {
582                         case ARG_ON_OFF:
583                         case ARG_INT:           c->value_int = iarg;            break;
584                         case ARG_LONG:          c->value_long = larg;           break;
585                         case ARG_BER_LEN_T:     c->value_ber_t = barg;          break;
586                 }
587         } else if(arg_type & ARG_STRING) {
588                  c->value_string = ch_strdup(c->argv[1]);
589         } else if(arg_type & ARG_DN) {
590                 struct berval bv;
591                 ber_str2bv( c->argv[1], 0, 0, &bv );
592                 rc = dnPrettyNormal( NULL, &bv, &c->value_dn, &c->value_ndn, NULL );
593                 if ( rc != LDAP_SUCCESS ) {
594                         Debug(LDAP_DEBUG_CONFIG, "%s: " , c->log, 0, 0);
595                         Debug(LDAP_DEBUG_CONFIG, "%s DN is invalid %d (%s)\n",
596                                 Conf[i].name, rc, ldap_err2string( rc ));
597                         return(ARG_BAD_CONF);
598                 }
599         }
600         if(arg_type & ARG_MAGIC) {
601                 if(!c->be) c->be = frontendDB;
602                 rc = (*((ConfigDriver*)Conf[i].arg_item))(c);
603                 if(c->be == frontendDB) c->be = NULL;
604                 if(rc) {
605                         Debug(LDAP_DEBUG_CONFIG, "%s: handler for <%s> exited with %d!",
606                                 c->log, Conf[i].name, rc);
607                         return(ARG_BAD_CONF);
608                 }
609                 return(0);
610         }
611         if(arg_type & ARGS_POINTER) switch(arg_type & ARGS_POINTER) {
612                         case ARG_ON_OFF:
613                         case ARG_INT:           *((int*)Conf[i].arg_item)               = iarg;                 break;
614                         case ARG_LONG:          *((long*)Conf[i].arg_item)              = larg;                 break;
615                         case ARG_BER_LEN_T:     *((ber_len_t*)Conf[i].arg_item)         = barg;                 break;
616                         case ARG_STRING: {
617                                 char *cc = *((char**)Conf[i].arg_item);
618                                 if(cc) {
619                                         if (arg_type & ARG_UNIQUE) {
620                                                 Debug(LDAP_DEBUG_CONFIG, "%s: already set %s!\n",
621                                                         c->log, Conf[i].name, 0 );
622                                                 return(ARG_BAD_CONF);
623                                         }
624                                         ch_free(cc);    /* potential memory leak */
625                                 }
626                                 *(char **)Conf[i].arg_item = c->value_string;
627                                 break;
628                                 }
629         }
630         return(arg_user);
631 }
632
633 int
634 config_get_vals(ConfigTable *cf, ConfigArgs *c)
635 {
636         int rc = 0;
637         struct berval bv;
638         memset(&c->values, 0, sizeof(c->values));
639         c->rvalue_vals = ch_calloc(2,sizeof(struct berval));
640         c->rvalue_nvals = NULL;
641         c->emit = 1;
642         if ( cf->arg_type & ARG_MAGIC ) {
643 #if 0
644                 rc = (*((ConfigDriver*)cf->arg_item))(c);
645                 if ( rc ) return rc;
646 #else
647                 rc = 1;
648 #endif
649         } else {
650                 switch(cf->arg_type & ARGS_POINTER) {
651                 case ARG_ON_OFF:
652                 case ARG_INT:   c->value_int = *(int *)cf->arg_item; break;
653                 case ARG_LONG:  c->value_long = *(long *)cf->arg_item; break;
654                 case ARG_BER_LEN_T:     c->value_ber_t = *(ber_len_t *)cf->arg_item; break;
655                 case ARG_STRING:        c->value_string = *(char **)cf->arg_item; break;
656                 }
657         }
658         if ( cf->arg_type & ARGS_POINTER) {
659                 bv.bv_val = c->log;
660                 switch(cf->arg_type & ARGS_POINTER) {
661                 case ARG_INT: bv.bv_len = sprintf(bv.bv_val, "%d", c->value_int); break;
662                 case ARG_LONG: bv.bv_len = sprintf(bv.bv_val, "%l", c->value_long); break;
663                 case ARG_BER_LEN_T: bv.bv_len =sprintf(bv.bv_val, "%l",c->value_ber_t); break;
664                 case ARG_ON_OFF: bv.bv_len = sprintf(bv.bv_val, "%s",
665                         c->value_int ? "TRUE" : "FALSE"); break;
666                 case ARG_STRING: ber_str2bv( c->value_string, 0, 0, &bv); break;
667                 }
668                 ber_bvarray_add(&c->rvalue_vals, &bv);
669         }
670         return rc;
671 }
672
673 int
674 init_config_attrs(ConfigTable *ct) {
675         LDAPAttributeType *at;
676         int i, code;
677         const char *err;
678
679         for (i=0; ct[i].name; i++ ) {
680                 if ( !ct[i].attribute ) continue;
681                 at = ldap_str2attributetype( ct[i].attribute,
682                         &code, &err, LDAP_SCHEMA_ALLOW_ALL );
683                 if ( !at ) {
684                         fprintf( stderr, "init_config_schema: AttributeType \"%s\": %s, %s\n",
685                                 ct[i].attribute, ldap_scherr2str(code), err );
686                         return code;
687                 }
688                 code = at_add( at, &err );
689                 if ( code ) {
690                         fprintf( stderr, "init_config_schema: AttributeType \"%s\": %s, %s\n",
691                                 ct[i].attribute, scherr2str(code), err );
692                         return code;
693                 }
694                 code = slap_str2ad( at->at_names[0], &ct[i].ad, &err );
695                 if ( code ) {
696                         fprintf( stderr, "init_config_schema: AttributeType \"%s\": %s\n",
697                                 ct[i].attribute, err );
698                         return code;
699                 }
700         }
701 }
702
703 int
704 read_config(const char *fname, int depth) {
705         int i;
706         char *argv[3];
707
708         /* Schema initialization should normally be part of bi_open */
709         for (i=0; OidMacros[i].name; i++ ) {
710                 argv[1] = OidMacros[i].name;
711                 argv[2] = OidMacros[i].oid;
712                 parse_oidm( "slapd", i, 3, argv );
713         }
714         i = init_config_attrs(SystemConfiguration);
715         if ( i ) return i;
716         
717
718         config_back_init( &cf_prv, SystemConfiguration );
719         return read_config_file(fname, depth, NULL);
720 }
721
722 int
723 read_config_file(const char *fname, int depth, ConfigArgs *cf)
724 {
725         FILE *fp;
726         ConfigArgs *c;
727         int rc;
728
729         c = ch_calloc( 1, sizeof( ConfigArgs ) );
730         if ( c == NULL ) {
731                 return 1;
732         }
733
734         if ( depth ) {
735                 memcpy( c, cf, sizeof( ConfigArgs ) );
736         } else {
737                 c->depth = depth; /* XXX */
738                 c->bi = NULL;
739                 c->be = NULL;
740         }
741
742         c->fname = fname;
743         c->argv = ch_calloc( ARGS_STEP + 1, sizeof( *c->argv ) );
744         c->argv_size = ARGS_STEP + 1;
745
746         fp = fopen( fname, "r" );
747         if ( fp == NULL ) {
748                 ldap_syslog = 1;
749                 Debug(LDAP_DEBUG_ANY,
750                     "could not open config file \"%s\": %s (%d)\n",
751                     fname, strerror(errno), errno);
752                 return(1);
753         }
754 #ifdef SLAPD_MODULES
755         cfn->c_modlast = &cfn->c_modpaths;
756 #endif
757         ber_str2bv( fname, 0, 1, &cfn->c_file );
758         fname = cfn->c_file.bv_val;
759
760         Debug(LDAP_DEBUG_CONFIG, "reading config file %s\n", fname, 0, 0);
761
762         fp_getline_init(c);
763
764         while ( fp_getline( fp, c ) ) {
765                 /* skip comments and blank lines */
766                 if ( c->line[0] == '#' || c->line[0] == '\0' ) {
767                         continue;
768                 }
769
770                 snprintf( c->log, sizeof( c->log ), "%s: line %lu",
771                                 c->fname, c->lineno );
772
773                 if ( fp_parse_line( c ) ) {
774                         goto badline;
775                 }
776
777                 if ( c->argc < 1 ) {
778                         Debug(LDAP_DEBUG_CONFIG, "%s: bad config line (ignored)\n", c->log, 0, 0);
779                         continue;
780                 }
781
782                 rc = parse_config_table( SystemConfiguration, c );
783                 if ( !rc ) {
784                         continue;
785                 }
786                 if ( rc & ARGS_USERLAND ) {
787                         switch(rc) {    /* XXX a usertype would be opaque here */
788                         default:
789                                 Debug(LDAP_DEBUG_CONFIG, "%s: unknown user type <%d>\n",
790                                         c->log, *c->argv, 0);
791                                 goto badline;
792                         }
793
794                 } else if ( rc == ARG_BAD_CONF || rc != ARG_UNKNOWN ) {
795                         goto badline;
796                         
797                 } else if ( c->bi && c->bi->bi_config ) {               /* XXX to check: could both be/bi_config? oops */
798                         rc = (*c->bi->bi_config)(c->bi, c->fname, c->lineno, c->argc, c->argv);
799                         if ( rc ) {
800                                 switch(rc) {
801                                 case SLAP_CONF_UNKNOWN:
802                                         Debug(LDAP_DEBUG_CONFIG, "%s: "
803                                                 "unknown directive <%s> inside backend info definition (ignored)\n",
804                                                 c->log, *c->argv, 0);
805                                         continue;
806                                 default:
807                                         goto badline;
808                                 }
809                         }
810                         
811                 } else if ( c->be && c->be->be_config ) {
812                         rc = (*c->be->be_config)(c->be, c->fname, c->lineno, c->argc, c->argv);
813                         if ( rc ) {
814                                 switch(rc) {
815                                 case SLAP_CONF_UNKNOWN:
816                                         Debug( LDAP_DEBUG_CONFIG, "%s: "
817                                                 "unknown directive <%s> inside backend database definition (ignored)\n",
818                                                 c->log, *c->argv, 0);
819                                         continue;
820                                 default:
821                                         goto badline;
822                                 }
823                         }
824
825                 } else if ( frontendDB->be_config ) {
826                         rc = (*frontendDB->be_config)(frontendDB, c->fname, (int)c->lineno, c->argc, c->argv);
827                         if ( rc ) {
828                                 switch(rc) {
829                                 case SLAP_CONF_UNKNOWN:
830                                         Debug( LDAP_DEBUG_CONFIG, "%s: "
831                                                 "unknown directive <%s> inside global database definition (ignored)\n",
832                                                 c->log, *c->argv, 0);
833                                         continue;
834                                 default:
835                                         goto badline;
836                                 }
837                         }
838                         
839                 } else {
840                         Debug(LDAP_DEBUG_CONFIG, "%s: "
841                                 "unknown directive <%s> outside backend info and database definitions (ignored)\n",
842                                 c->log, *c->argv, 0);
843                         continue;
844
845                 }
846         }
847
848         fclose(fp);
849
850         if ( BER_BVISNULL( &frontendDB->be_schemadn ) ) {
851                 ber_str2bv( SLAPD_SCHEMA_DN, STRLENOF( SLAPD_SCHEMA_DN ), 1,
852                         &frontendDB->be_schemadn );
853                 rc = dnNormalize( 0, NULL, NULL, &frontendDB->be_schemadn, &frontendDB->be_schemandn, NULL );
854                 if ( rc != LDAP_SUCCESS ) {
855                         Debug(LDAP_DEBUG_ANY, "%s: "
856                                 "unable to normalize default schema DN \"%s\"\n",
857                                 c->log, frontendDB->be_schemadn.bv_val, 0 );
858                         /* must not happen */
859                         assert( 0 );
860                 }
861         }
862
863         ch_free(c->argv);
864         ch_free(c);
865         return(0);
866
867 badline:
868         fclose(fp);
869         ch_free(c->argv);
870         ch_free(c);
871         return(1);
872 }
873
874 int
875 config_generic(ConfigArgs *c) {
876         char *p = strchr(c->line,'(' /*')'*/);
877         int i;
878
879         switch(c->type) {
880                 case CFG_BACKEND:
881                         if(!(c->bi = backend_info(c->argv[1]))) {
882                                 Debug(LDAP_DEBUG_ANY, "%s: "
883                                         "backend %s failed init!\n", c->log, c->argv[1], 0);
884                                 return(1);
885                         }
886                         break;
887
888                 case CFG_DATABASE:
889                         c->bi = NULL;
890                         if ( !strcasecmp( c->argv[1], "config" )) {
891                                 c->be = backendDB;
892                         } else if(!(c->be = backend_db_init(c->argv[1]))) {
893                                 Debug(LDAP_DEBUG_ANY, "%s: "
894                                         "database %s failed init!\n", c->log, c->argv[1], 0);
895                                 return(1);
896                         }
897                         break;
898
899                 case CFG_CONCUR:
900                         ldap_pvt_thread_set_concurrency(c->value_long);
901                         break;
902
903                 case CFG_THREADS:
904                         ldap_pvt_thread_pool_maxthreads(&connection_pool, c->value_int);
905                         connection_pool_max = c->value_int;     /* save for reference */
906                         break;
907
908                 case CFG_SALT:
909                         lutil_salt_format(c->argv[1]);
910                         break;
911
912                 case CFG_LIMITS:
913                         if(limits_parse(c->be, c->fname, c->lineno, c->argc, c->argv))
914                                 return(1);
915                         break;
916
917                 case CFG_RO:
918                         if(c->value_int)
919                                 c->be->be_restrictops |= SLAP_RESTRICT_OP_WRITES;
920                         else
921                                 c->be->be_restrictops &= ~SLAP_RESTRICT_OP_WRITES;
922                         break;
923
924                 case CFG_AZPOLICY:
925                         if (slap_sasl_setpolicy( c->argv[1] )) {
926                                 Debug(LDAP_DEBUG_ANY, "%s: unable to parse value \"%s\" in"
927                                         " \"authz-policy <policy>\"\n",
928                                         c->log, c->argv[1], 0 );
929                                 return(1);
930                         }
931                         break;
932                 
933                 case CFG_AZREGEXP:
934                         if (slap_sasl_regexp_config( c->argv[1], c->argv[2] ))
935                                 return(1);
936                         break;
937                                 
938 #ifdef HAVE_CYRUS_SASL
939                 case CFG_SASLSECP:
940                         {
941                         char *txt = slap_sasl_secprops( c->argv[1] );
942                         if ( txt ) {
943                                 Debug(LDAP_DEBUG_ANY, "%s: sasl-secprops: %s\n",
944                                         c->log, txt, 0 );
945                                 return(1);
946                         }
947                         break;
948                         }
949 #endif
950
951                 case CFG_DEPTH:
952                         c->be->be_max_deref_depth = c->value_int;
953                         break;
954
955                 case CFG_OID:
956                         if(parse_oidm(c->fname, c->lineno, c->argc, c->argv)) return(1);
957                         break;
958
959                 case CFG_OC:
960                         if(parse_oc(c->fname, c->lineno, p, c->argv)) return(1);
961                         break;
962
963                 case CFG_DIT:
964                         if(parse_cr(c->fname, c->lineno, p, c->argv)) return(1);
965                         break;
966
967                 case CFG_ATTR:
968                         if(parse_at(c->fname, c->lineno, p, c->argv)) return(1);
969                         break;
970
971                 case CFG_ATOPT:
972                         ad_define_option(NULL, NULL, 0);
973                         for(i = 1; i < c->argc; i++)
974                                 if(ad_define_option(c->argv[i], c->fname, c->lineno))
975                                         return(1);
976                         break;
977
978                 case CFG_CHECK:
979                         global_schemacheck = c->value_int;
980                         if(!global_schemacheck) Debug(LDAP_DEBUG_ANY, "%s: "
981                                 "schema checking disabled! your mileage may vary!\n",
982                                 c->log, 0, 0);
983                         break;
984
985                 case CFG_ACL:
986                         parse_acl(c->be, c->fname, c->lineno, c->argc, c->argv);
987                         break;
988
989                 case CFG_REPLOG:
990                         if(SLAP_MONITOR(c->be)) {
991                                 Debug(LDAP_DEBUG_ANY, "%s: "
992                                         "\"replogfile\" should not be used "
993                                         "inside monitor database\n",
994                                         c->log, 0, 0);
995                                 return(0);      /* FIXME: should this be an error? */
996                         }
997
998                         c->be->be_replogfile = c->value_string;
999                         break;
1000
1001                 case CFG_ROOTDSE:
1002                         if(read_root_dse_file(c->argv[1])) {
1003                                 Debug(LDAP_DEBUG_ANY, "%s: "
1004                                         "could not read \"rootDSE <filename>\" line\n",
1005                                         c->log, 0, 0);
1006                                 return(1);
1007                         }
1008                         {
1009                                 struct berval bv;
1010                                 ber_str2bv( c->argv[1], 0, 1, &bv );
1011                                 ber_bvarray_add( &cfn->c_dseFiles, &bv );
1012                         }
1013                         break;
1014
1015                 case CFG_LOGFILE: {
1016                         FILE *logfile = fopen(c->argv[1], "w");
1017                         if(logfile) lutil_debug_file(logfile);
1018                         break;
1019                         }
1020
1021                 case CFG_LASTMOD:
1022                         if(SLAP_NOLASTMODCMD(c->be)) {
1023                                 Debug(LDAP_DEBUG_ANY, "%s: "
1024                                         "lastmod not available for %s databases\n",
1025                                         c->log, c->be->bd_info->bi_type, 0);
1026                                 return(1);
1027                         }
1028                         if(c->value_int)
1029                                 SLAP_DBFLAGS(c->be) &= ~SLAP_DBFLAG_NOLASTMOD;
1030                         else
1031                                 SLAP_DBFLAGS(c->be) |= SLAP_DBFLAG_NOLASTMOD;
1032                         break;
1033
1034 #ifdef SLAPD_MODULES
1035                 case CFG_MODLOAD:
1036                         if(module_load(c->argv[1], c->argc - 2, (c->argc > 2) ? c->argv + 2 : NULL))
1037                                 return(1);
1038                         /* Record this load on the current path */
1039                         {
1040                                 struct berval bv;
1041                                 ber_str2bv(c->line, 0, 1, &bv);
1042                                 ber_bvarray_add( &cfn->c_modlast->mp_loads, &bv );
1043                         }
1044                         break;
1045
1046                 case CFG_MODPATH:
1047                         if(module_path(c->argv[1])) return(1);
1048                         /* Record which path was used with each module */
1049                         {
1050                                 ModPaths *mp;
1051
1052                                 if (!cfn->c_modpaths.mp_loads)
1053                                         mp = &cfn->c_modpaths;
1054                                 else
1055                                         mp = ch_malloc( sizeof( ModPaths ));
1056                                 ber_str2bv(c->argv[1], 0, 1, &mp->mp_path);
1057                                 mp->mp_next = NULL;
1058                                 mp->mp_loads = NULL;
1059                                 cfn->c_modlast->mp_next = mp;
1060                                 cfn->c_modlast = mp;
1061                         }
1062                         
1063                         break;
1064 #endif
1065
1066 #ifdef LDAP_SLAPI
1067                 case CFG_PLUGIN:
1068                         if(slapi_int_read_config(c->be, c->fname, c->lineno, c->argc, c->argv) != LDAP_SUCCESS)
1069                                 return(1);
1070                         slapi_plugins_used++;
1071                         break;
1072 #endif
1073
1074 #ifdef SLAP_AUTH_REWRITE
1075                 case CFG_REWRITE:
1076                         if(slap_sasl_rewrite_config(c->fname, c->lineno, c->argc, c->argv))
1077                                 return(1);
1078                         break;
1079 #endif
1080
1081
1082                 default:
1083                         Debug(LDAP_DEBUG_ANY, "%s: unknown CFG_TYPE %d"
1084                                 "(ignored)\n", c->log, c->type, 0);
1085
1086         }
1087         return(0);
1088 }
1089
1090
1091 int
1092 config_search_base(ConfigArgs *c) {
1093         struct berval dn;
1094         int rc;
1095         if(c->bi || c->be != frontendDB) {
1096                 Debug(LDAP_DEBUG_ANY, "%s: defaultSearchBase line must appear "
1097                         "prior to any backend or database definition\n",
1098                         c->log, 0, 0);
1099                 return(1);
1100         }
1101
1102         if(default_search_nbase.bv_len) {
1103                 Debug(LDAP_DEBUG_ANY, "%s: "
1104                         "default search base \"%s\" already defined "
1105                         "(discarding old)\n",
1106                         c->log, default_search_base.bv_val, 0);
1107                 free(default_search_base.bv_val);
1108                 free(default_search_nbase.bv_val);
1109         }
1110
1111         default_search_base = c->value_dn;
1112         default_search_nbase = c->value_ndn;
1113         return(0);
1114 }
1115
1116 int
1117 config_passwd_hash(ConfigArgs *c) {
1118         int i;
1119         if(default_passwd_hash) {
1120                 Debug(LDAP_DEBUG_ANY, "%s: "
1121                         "already set default password_hash\n",
1122                         c->log, 0, 0);
1123                 return(1);
1124         }
1125         for(i = 1; i < c->argc; i++) {
1126                 if(!lutil_passwd_scheme(c->argv[i])) {
1127                         Debug(LDAP_DEBUG_ANY, "%s: "
1128                                 "password scheme \"%s\" not available\n",
1129                                 c->log, c->argv[i], 0);
1130                 } else {
1131                         ldap_charray_add(&default_passwd_hash, c->argv[i]);
1132                 }
1133                 if(!default_passwd_hash) {
1134                         Debug(LDAP_DEBUG_ANY, "%s: no valid hashes found\n",
1135                                 c->log, 0, 0 );
1136                         return(1);
1137                 }
1138         }
1139         return(0);
1140 }
1141
1142 int
1143 config_schema_dn(ConfigArgs *c) {
1144         struct berval dn;
1145         int rc;
1146         c->be->be_schemadn = c->value_dn;
1147         c->be->be_schemandn = c->value_ndn;
1148         return(0);
1149 }
1150
1151 int
1152 config_sizelimit(ConfigArgs *c) {
1153         int i, rc = 0;
1154         char *next;
1155         struct slap_limits_set *lim = &c->be->be_def_limit;
1156         for(i = 1; i < c->argc; i++) {
1157                 if(!strncasecmp(c->argv[i], "size", 4)) {
1158                         rc = limits_parse_one(c->argv[i], lim);
1159                         if ( rc ) {
1160                                 Debug(LDAP_DEBUG_ANY, "%s: "
1161                                         "unable to parse value \"%s\" in \"sizelimit <limit>\" line\n",
1162                                         c->log, c->argv[i], 0);
1163                                 return(1);
1164                         }
1165                 } else {
1166                         if(!strcasecmp(c->argv[i], "unlimited")) {
1167                                 lim->lms_s_soft = -1;
1168                         } else {
1169                                 lim->lms_s_soft = strtol(c->argv[i], &next, 0);
1170                                 if(next == c->argv[i]) {
1171                                         Debug(LDAP_DEBUG_ANY, "%s: "
1172                                                 "unable to parse limit \"%s\" in \"sizelimit <limit>\" line\n",
1173                                                 c->log, c->argv[i], 0);
1174                                         return(1);
1175                                 } else if(next[0] != '\0') {
1176                                         Debug(LDAP_DEBUG_ANY, "%s: "
1177                                                 "trailing chars \"%s\" in \"sizelimit <limit>\" line (ignored)\n",
1178                                                 c->log, next, 0);
1179                                 }
1180                         }
1181                         lim->lms_s_hard = 0;
1182                 }
1183         }
1184         return(0);
1185 }
1186
1187 int
1188 config_timelimit(ConfigArgs *c) {
1189         int i, rc = 0;
1190         char *next;
1191         struct slap_limits_set *lim = &c->be->be_def_limit;
1192         for(i = 1; i < c->argc; i++) {
1193                 if(!strncasecmp(c->argv[i], "time", 4)) {
1194                         rc = limits_parse_one(c->argv[i], lim);
1195                         if ( rc ) {
1196                                 Debug(LDAP_DEBUG_ANY, "%s: "
1197                                         "unable to parse value \"%s\" in \"timelimit <limit>\" line\n",
1198                                         c->log, c->argv[i], 0);
1199                                 return(1);
1200                         }
1201                 } else {
1202                         if(!strcasecmp(c->argv[i], "unlimited")) {
1203                                 lim->lms_t_soft = -1;
1204                         } else {
1205                                 lim->lms_t_soft = strtol(c->argv[i], &next, 0);
1206                                 if(next == c->argv[i]) {
1207                                         Debug(LDAP_DEBUG_ANY, "%s: "
1208                                                 "unable to parse limit \"%s\" in \"timelimit <limit>\" line\n",
1209                                                 c->log, c->argv[i], 0);
1210                                         return(1);
1211                                 } else if(next[0] != '\0') {
1212                                         Debug(LDAP_DEBUG_ANY, "%s: "
1213                                                 "trailing chars \"%s\" in \"timelimit <limit>\" line (ignored)\n",
1214                                                 c->log, next, 0);
1215                                 }
1216                         }
1217                         lim->lms_t_hard = 0;
1218                 }
1219         }
1220         return(0);
1221 }
1222
1223 int
1224 config_overlay(ConfigArgs *c) {
1225         if(c->argv[1][0] == '-' && overlay_config(c->be, &c->argv[1][1])) {
1226                 /* log error */
1227                 Debug(LDAP_DEBUG_ANY, "%s: (optional) %s overlay \"%s\" configuration failed (ignored)\n",
1228                         c->log, c->be == frontendDB ? "global " : "", c->argv[1][1]);
1229         } else if(overlay_config(c->be, c->argv[1])) {
1230                 return(1);
1231         }
1232         return(0);
1233 }
1234
1235 int
1236 config_suffix(ConfigArgs *c) {
1237         Backend *tbe;
1238         struct berval pdn, ndn;
1239         int rc;
1240 #ifdef SLAPD_MONITOR_DN
1241         if(!strcasecmp(c->argv[1], SLAPD_MONITOR_DN)) {
1242                 Debug(LDAP_DEBUG_ANY, "%s: "
1243                         "\"%s\" is reserved for monitoring slapd\n",
1244                         c->log, SLAPD_MONITOR_DN, 0);
1245                 return(1);
1246         }
1247 #endif
1248
1249         pdn = c->value_dn;
1250         ndn = c->value_ndn;
1251         tbe = select_backend(&ndn, 0, 0);
1252         if(tbe == c->be) {
1253                 Debug(LDAP_DEBUG_ANY, "%s: suffix already served by this backend! (ignored)\n",
1254                         c->log, 0, 0);
1255                 free(pdn.bv_val);
1256                 free(ndn.bv_val);
1257         } else if(tbe) {
1258                 Debug(LDAP_DEBUG_ANY, "%s: suffix already served by a preceding backend \"%s\"\n",
1259                         c->log, tbe->be_suffix[0].bv_val, 0);
1260                 free(pdn.bv_val);
1261                 free(ndn.bv_val);
1262                 return(1);
1263         } else if(pdn.bv_len == 0 && default_search_nbase.bv_len) {
1264                 Debug(LDAP_DEBUG_ANY, "%s: suffix DN empty and default search "
1265                         "base provided \"%s\" (assuming okay)\n",
1266                         c->log, default_search_base.bv_val, 0);
1267         }
1268         ber_bvarray_add(&c->be->be_suffix, &pdn);
1269         ber_bvarray_add(&c->be->be_nsuffix, &ndn);
1270         return(0);
1271 }
1272
1273 int
1274 config_rootdn(ConfigArgs *c) {
1275         c->be->be_rootdn = c->value_dn;
1276         c->be->be_rootndn = c->value_ndn;
1277         return(0);
1278 }
1279
1280 int
1281 config_rootpw(ConfigArgs *c) {
1282         Backend *tbe = select_backend(&c->be->be_rootndn, 0, 0);
1283         if(tbe != c->be) {
1284                 Debug(LDAP_DEBUG_ANY, "%s: "
1285                         "rootpw can only be set when rootdn is under suffix\n",
1286                         c->log, 0, 0);
1287                 return(1);
1288         }
1289         ber_str2bv(c->argv[1], 0, 1, &c->be->be_rootpw);
1290         return(0);
1291 }
1292
1293 /* restrictops, allows, disallows, requires, loglevel */
1294
1295 struct verb_mask_list { char *word; int mask; };
1296
1297 int
1298 verb_to_mask(ConfigArgs *c, struct verb_mask_list *v, int word) {
1299         int j;
1300         for(j = 0; v[j].word; j++)
1301                 if(!strcasecmp(c->argv[word], v[j].word))
1302                         break;
1303         return(j);
1304 }
1305
1306 int
1307 verbs_to_mask(ConfigArgs *c, struct verb_mask_list *v, slap_mask_t *m) {
1308         int i, j;
1309         for(i = 1; i < c->argc; i++) {
1310                 j = verb_to_mask(c, v, i);
1311                 if(!v[j].word) return(1);
1312                 *m |= v[j].mask;
1313         }
1314         return(0);
1315 }
1316
1317 int
1318 config_restrict(ConfigArgs *c) {
1319         slap_mask_t restrictops = 0;
1320         int i, j;
1321         struct verb_mask_list restrictable_exops[] = {
1322                 { LDAP_EXOP_START_TLS,          SLAP_RESTRICT_EXOP_START_TLS },
1323                 { LDAP_EXOP_MODIFY_PASSWD,      SLAP_RESTRICT_EXOP_MODIFY_PASSWD },
1324                 { LDAP_EXOP_X_WHO_AM_I,         SLAP_RESTRICT_EXOP_WHOAMI },
1325                 { LDAP_EXOP_X_CANCEL,           SLAP_RESTRICT_EXOP_CANCEL },
1326                 { NULL, 0 }
1327         };
1328         struct verb_mask_list restrictable_ops[] = {
1329                 { "bind",               SLAP_RESTRICT_OP_BIND },
1330                 { "add",                SLAP_RESTRICT_OP_ADD },
1331                 { "modify",             SLAP_RESTRICT_OP_MODIFY },
1332                 { "modrdn",             SLAP_RESTRICT_OP_RENAME },
1333                 { "rename",             SLAP_RESTRICT_OP_RENAME },
1334                 { "delete",             SLAP_RESTRICT_OP_DELETE },
1335                 { "search",             SLAP_RESTRICT_OP_SEARCH },
1336                 { "compare",            SLAP_RESTRICT_OP_COMPARE },
1337                 { "read",               SLAP_RESTRICT_OP_READS },
1338                 { "write",              SLAP_RESTRICT_OP_WRITES },
1339                 { NULL, 0 }
1340         };
1341
1342         for(i = 1; i < c->argc; i++) {
1343                 j = verb_to_mask(c, restrictable_ops, i);
1344                 if(restrictable_ops[j].word) {
1345                         restrictops |= restrictable_ops[j].mask;
1346                         continue;
1347                 } else if(!strncasecmp(c->argv[i], "extended", STRLENOF("extended"))) {
1348                         char *e = c->argv[i] + STRLENOF("extended");
1349                         if(e[0] == '=') {
1350                                 int k = verb_to_mask(c, restrictable_exops, e[1]);
1351                                 if(restrictable_exops[k].word) {
1352                                         restrictops |= restrictable_exops[k].mask;
1353                                         continue;
1354                                 } else break;
1355                         } else if(!e[0]) {
1356                                 restrictops &= ~SLAP_RESTRICT_EXOP_MASK;
1357                                 restrictops |= SLAP_RESTRICT_OP_EXTENDED;
1358                         } else break;
1359                 }
1360         }
1361         if(i < c->argc) {
1362                 c->be->be_restrictops |= restrictops;
1363                 return(0);
1364         }
1365         Debug(LDAP_DEBUG_ANY, "%s: "
1366                 "unknown operation %s in \"restrict <features>\" line\n",
1367                 c->log, c->argv[i], 0);
1368         return(1);
1369 }
1370
1371 int
1372 config_allows(ConfigArgs *c) {
1373         slap_mask_t allows = 0;
1374         int i;
1375         struct verb_mask_list allowable_ops[] = {
1376                 { "bind_v2",            SLAP_ALLOW_BIND_V2 },
1377                 { "bind_anon_cred",     SLAP_ALLOW_BIND_ANON_CRED },
1378                 { "bind_anon_dn",       SLAP_ALLOW_BIND_ANON_DN },
1379                 { "update_anon",        SLAP_ALLOW_UPDATE_ANON },
1380                 { NULL, 0 }
1381         };
1382         i = verbs_to_mask(c, allowable_ops, &allows);
1383         if ( i ) {
1384                 Debug(LDAP_DEBUG_ANY, "%s: "
1385                         "unknown feature %s in \"allow <features>\" line\n",
1386                         c->log, c->argv[i], 0);
1387                 return(1);
1388         }
1389         global_allows |= allows;
1390         return(0);
1391 }
1392
1393 int
1394 config_disallows(ConfigArgs *c) {
1395         slap_mask_t disallows = 0;
1396         int i;
1397         struct verb_mask_list disallowable_ops[] = {
1398                 { "bind_anon",          SLAP_DISALLOW_BIND_ANON },
1399                 { "bind_simple",        SLAP_DISALLOW_BIND_SIMPLE },
1400                 { "bind_krb4",          SLAP_DISALLOW_BIND_KRBV4 },
1401                 { "tls_2_anon",         SLAP_DISALLOW_TLS_2_ANON },
1402                 { "tls_authc",          SLAP_DISALLOW_TLS_AUTHC },
1403                 { NULL, 0 }
1404         };
1405         i = verbs_to_mask(c, disallowable_ops, &disallows);
1406         if ( i ) {
1407                 Debug(LDAP_DEBUG_ANY, "%s: "
1408                         "unknown feature %s in \"disallow <features>\" line\n",
1409                         c->log, c->argv[i], 0);
1410                 return(1);
1411         }
1412         global_disallows |= disallows;
1413         return(0);
1414 }
1415
1416 int
1417 config_requires(ConfigArgs *c) {
1418         slap_mask_t requires = 0;
1419         int i;
1420         struct verb_mask_list requires_ops[] = {
1421                 { "bind",               SLAP_REQUIRE_BIND },
1422                 { "LDAPv3",             SLAP_REQUIRE_LDAP_V3 },
1423                 { "authc",              SLAP_REQUIRE_AUTHC },
1424                 { "sasl",               SLAP_REQUIRE_SASL },
1425                 { "strong",             SLAP_REQUIRE_STRONG },
1426                 { NULL, 0 }
1427         };
1428         i = verbs_to_mask(c, requires_ops, &requires);
1429         if ( i ) {
1430                 Debug(LDAP_DEBUG_ANY, "%s: "
1431                         "unknown feature %s in \"require <features>\" line\n",
1432                         c->log, c->argv[i], 0);
1433                 return(1);
1434         }
1435         c->be->be_requires = requires;
1436         return(0);
1437 }
1438
1439 int
1440 config_loglevel(ConfigArgs *c) {
1441         int i;
1442         char *next;
1443         struct verb_mask_list loglevel_ops[] = {
1444                 { "Trace",      LDAP_DEBUG_TRACE },
1445                 { "Packets",    LDAP_DEBUG_PACKETS },
1446                 { "Args",       LDAP_DEBUG_ARGS },
1447                 { "Conns",      LDAP_DEBUG_CONNS },
1448                 { "BER",        LDAP_DEBUG_BER },
1449                 { "Filter",     LDAP_DEBUG_FILTER },
1450                 { "Config",     LDAP_DEBUG_CONFIG },
1451                 { "ACL",        LDAP_DEBUG_ACL },
1452                 { "Stats",      LDAP_DEBUG_STATS },
1453                 { "Stats2",     LDAP_DEBUG_STATS2 },
1454                 { "Shell",      LDAP_DEBUG_SHELL },
1455                 { "Parse",      LDAP_DEBUG_PARSE },
1456                 { "Cache",      LDAP_DEBUG_CACHE },
1457                 { "Index",      LDAP_DEBUG_INDEX },
1458                 { "Any",        -1 },
1459                 { NULL, 0 }
1460         };
1461         ldap_syslog = 0;
1462
1463         for( i=1; i < c->argc; i++ ) {
1464                 int     level;
1465
1466                 if ( isdigit( c->argv[i][0] ) ) {
1467                         level = strtol( c->argv[i], &next, 10 );
1468                         if ( next == NULL || next[0] != '\0' ) {
1469                                 Debug( LDAP_DEBUG_ANY,
1470                                         "%s: unable to parse level \"%s\" "
1471                                         "in \"loglevel <level> [...]\" line.\n",
1472                                         c->log, c->argv[i], 0);
1473                                 return( 1 );
1474                         }
1475                 } else {
1476                         int j = verb_to_mask(c, loglevel_ops, c->argv[i][0]);
1477                         if(!loglevel_ops[j].word) {
1478                                 Debug( LDAP_DEBUG_ANY,
1479                                         "%s: unknown level \"%s\" "
1480                                         "in \"loglevel <level> [...]\" line.\n",
1481                                         c->log, c->argv[i], 0);
1482                                 return( 1 );
1483                         }
1484                         level = loglevel_ops[j].mask;
1485                 }
1486                 ldap_syslog |= level;
1487         }
1488         return(0);
1489 }
1490
1491 int
1492 config_syncrepl(ConfigArgs *c) {
1493         if(SLAP_SHADOW(c->be)) {
1494                 Debug(LDAP_DEBUG_ANY, "%s: "
1495                         "syncrepl: database already shadowed.\n",
1496                         c->log, 0, 0);
1497                 return(1);
1498         } else if(add_syncrepl(c->be, c->argv, c->argc)) {
1499                 return(1);
1500         }
1501         SLAP_DBFLAGS(c->be) |= (SLAP_DBFLAG_SHADOW | SLAP_DBFLAG_SYNC_SHADOW);
1502         return(0);
1503 }
1504
1505 int
1506 config_referral(ConfigArgs *c) {
1507         struct berval vals[2];
1508         if(validate_global_referral(c->argv[1])) {
1509                 Debug(LDAP_DEBUG_ANY, "%s: "
1510                         "invalid URL (%s) in \"referral\" line.\n",
1511                         c->log, c->argv[1], 0);
1512                 return(1);
1513         }
1514
1515         ber_str2bv(c->argv[1], 0, 1, &vals[0]);
1516         vals[1].bv_val = NULL; vals[1].bv_len = 0;
1517         if(value_add(&default_referral, vals)) return(LDAP_OTHER);
1518         return(0);
1519 }
1520
1521 int
1522 config_security(ConfigArgs *c) {
1523         slap_ssf_set_t *set = &c->be->be_ssf_set;
1524         char *next;
1525         int i;
1526         for(i = 1; i < c->argc; i++) {
1527                 slap_ssf_t *tgt;
1528                 char *src;
1529                 if(!strncasecmp(c->argv[i], "ssf=", 4)) {
1530                         tgt = &set->sss_ssf;
1531                         src = &c->argv[i][4];
1532                 } else if(!strncasecmp(c->argv[i], "transport=", 10)) {
1533                         tgt = &set->sss_transport;
1534                         src = &c->argv[i][10];
1535                 } else if(!strncasecmp(c->argv[i], "tls=", 4)) {
1536                         tgt = &set->sss_tls;
1537                         src = &c->argv[i][4];
1538                 } else if(!strncasecmp(c->argv[i], "sasl=", 5)) {
1539                         tgt = &set->sss_sasl;
1540                         src = &c->argv[i][5];
1541                 } else if(!strncasecmp(c->argv[i], "update_ssf=", 11)) {
1542                         tgt = &set->sss_update_ssf;
1543                         src = &c->argv[i][11];
1544                 } else if(!strncasecmp(c->argv[i], "update_transport=", 17)) {
1545                         tgt = &set->sss_update_transport;
1546                         src = &c->argv[i][17];
1547                 } else if(!strncasecmp(c->argv[i], "update_tls=", 11)) {
1548                         tgt = &set->sss_update_tls;
1549                         src = &c->argv[i][11];
1550                 } else if(!strncasecmp(c->argv[i], "update_sasl=", 12)) {
1551                         tgt = &set->sss_update_sasl;
1552                         src = &c->argv[i][12];
1553                 } else if(!strncasecmp(c->argv[i], "simple_bind=", 12)) {
1554                         tgt = &set->sss_simple_bind;
1555                         src = &c->argv[i][12];
1556                 } else {
1557                         Debug(LDAP_DEBUG_ANY, "%s: "
1558                                 "unknown factor %s in \"security <factors>\" line\n",
1559                                 c->log, c->argv[i], 0);
1560                         return(1);
1561                 }
1562
1563                 *tgt = strtol(src, &next, 10);
1564                 if(next == NULL || next[0] != '\0' ) {
1565                         Debug(LDAP_DEBUG_ANY, "%s: "
1566                                 "unable to parse factor \"%s\" in \"security <factors>\" line\n",
1567                                 c->log, c->argv[i], 0);
1568                         return(1);
1569                 }
1570         }
1571         return(0);
1572 }
1573
1574 int
1575 config_replica(ConfigArgs *c) {
1576         int i, nr = -1;
1577         char *replicahost, *replicalog = NULL;
1578         LDAPURLDesc *ludp;
1579
1580         if(SLAP_MONITOR(c->be)) {
1581                 Debug(LDAP_DEBUG_ANY, "%s: "
1582                         "\"replica\" should not be used inside monitor database\n",
1583                         c->log, 0, 0);
1584                 return(0);      /* FIXME: should this be an error? */
1585         }
1586
1587         for(i = 1; i < c->argc; i++) {
1588                 if(!strncasecmp(c->argv[i], "host=", STRLENOF("host="))) {
1589                         replicalog = c->argv[i] + STRLENOF("host=");
1590                         nr = add_replica_info(c->be, c->argv[i] + STRLENOF("host="));
1591                         break;
1592                 } else if(!strncasecmp(c->argv[i], "uri=", STRLENOF("uri="))) {
1593                         if(ldap_url_parse(c->argv[i] + STRLENOF("uri="), &ludp) != LDAP_SUCCESS) {
1594                                 Debug(LDAP_DEBUG_ANY, "%s: "
1595                                         "replica line contains invalid "
1596                                         "uri definition.\n", c->log, 0, 0);
1597                                 return(1);
1598                         }
1599                         if(!ludp->lud_host) {
1600                                 Debug(LDAP_DEBUG_ANY, "%s: "
1601                                         "replica line contains invalid "
1602                                         "uri definition - missing hostname.\n",
1603                                         c->log, 0, 0);
1604                                 return(1);
1605                         }
1606                         replicahost = ch_malloc(strlen(c->argv[i]));
1607                         if(!replicahost) {
1608                                 Debug(LDAP_DEBUG_ANY,
1609                                         "out of memory in read_config\n", 0, 0, 0);
1610                                 ldap_free_urldesc(ludp);
1611                                 exit(EXIT_FAILURE);
1612                         }
1613                         sprintf(replicahost, "%s:%d", ludp->lud_host, ludp->lud_port);
1614                         replicalog = c->argv[i] + STRLENOF("uri=");
1615                         nr = add_replica_info(c->be, replicahost);
1616                         ldap_free_urldesc(ludp);
1617                         ch_free(replicahost);
1618                         break;
1619                 }
1620         }
1621         if(i == c->argc) {
1622                 Debug(LDAP_DEBUG_ANY, "%s: "
1623                         "missing host or uri in \"replica\" line\n",
1624                         c->log, 0, 0);
1625                 return(1);
1626         } else if(nr == -1) {
1627                 Debug(LDAP_DEBUG_ANY, "%s: "
1628                         "unable to add replica \"%s\"\n",
1629                         c->log, replicalog, 0);
1630                 return(1);
1631         } else {
1632                 for(i = 1; i < c->argc; i++) {
1633                         if(!strncasecmp(c->argv[i], "suffix=", STRLENOF( "suffix="))) {
1634                                 switch(add_replica_suffix(c->be, nr, c->argv[i] + STRLENOF("suffix="))) {
1635                                         case 1:
1636                                                 Debug(LDAP_DEBUG_ANY, "%s: "
1637                                                 "suffix \"%s\" in \"replica\" line is not valid for backend (ignored)\n",
1638                                                 c->log, c->argv[i] + STRLENOF("suffix="), 0);
1639                                                 break;
1640                                         case 2:
1641                                                 Debug(LDAP_DEBUG_ANY, "%s: "
1642                                                 "unable to normalize suffix in \"replica\" line (ignored)\n",
1643                                                 c->log, 0, 0);
1644                                                 break;
1645                                 }
1646
1647                         } else if(!strncasecmp(c->argv[i], "attr", STRLENOF("attr"))) {
1648                                 int exclude = 0;
1649                                 char *arg = c->argv[i] + STRLENOF("attr");
1650                                 if(arg[0] == '!') {
1651                                         arg++;
1652                                         exclude = 1;
1653                                 }
1654                                 if(arg[0] != '=') {
1655                                         continue;
1656                                 }
1657                                 if(add_replica_attrs(c->be, nr, arg + 1, exclude)) {
1658                                         Debug(LDAP_DEBUG_ANY, "%s: "
1659                                                 "attribute \"%s\" in \"replica\" line is unknown\n",
1660                                                 c->log, arg + 1, 0);
1661                                         return(1);
1662                                 }
1663                         }
1664                 }
1665         }
1666         return(0);
1667 }
1668
1669 int
1670 config_updatedn(ConfigArgs *c) {
1671         struct berval dn;
1672         int rc;
1673         if(SLAP_SHADOW(c->be)) {
1674                 Debug(LDAP_DEBUG_ANY, "%s: "
1675                         "updatedn: database already shadowed.\n",
1676                         c->log, 0, 0);
1677                 return(1);
1678         }
1679
1680         ber_str2bv(c->argv[1], 0, 0, &dn);
1681
1682         rc = dnNormalize(0, NULL, NULL, &dn, &c->be->be_update_ndn, NULL);
1683
1684         if(rc != LDAP_SUCCESS) {
1685                 Debug(LDAP_DEBUG_ANY, "%s: "
1686                         "updatedn DN is invalid: %d (%s)\n",
1687                         c->log, rc, ldap_err2string( rc ));
1688                 return(1);
1689         }
1690
1691         SLAP_DBFLAGS(c->be) |= (SLAP_DBFLAG_SHADOW | SLAP_DBFLAG_SLURP_SHADOW);
1692         return(0);
1693 }
1694
1695 int
1696 config_updateref(ConfigArgs *c) {
1697         struct berval vals[2];
1698         if(!SLAP_SHADOW(c->be)) {
1699                 Debug(LDAP_DEBUG_ANY, "%s: "
1700                         "updateref line must after syncrepl or updatedn.\n",
1701                         c->log, 0, 0);
1702                 return(1);
1703         }
1704
1705         if(validate_global_referral(c->argv[1])) {
1706                 Debug(LDAP_DEBUG_ANY, "%s: "
1707                         "invalid URL (%s) in \"updateref\" line.\n",
1708                         c->log, c->argv[1], 0);
1709                 return(1);
1710         }
1711         ber_str2bv(c->argv[1], 0, 0, &vals[0]);
1712         vals[1].bv_val = NULL;
1713         if(value_add(&c->be->be_update_refs, vals)) return(LDAP_OTHER);
1714         return(0);
1715 }
1716
1717 /* XXX meaningless in ldif */
1718
1719 int
1720 config_include(ConfigArgs *c) {
1721         unsigned long savelineno = c->lineno;
1722         int rc;
1723         ConfigFile *cf = ch_calloc( 1, sizeof(ConfigFile));
1724         ConfigFile *cfsave = cfn;
1725         ConfigFile *cf2 = NULL;
1726         if ( cfn->c_kids ) {
1727                 for (cf2=cfn->c_kids; cf2 && cf2->c_sibs; cf2=cf2->c_sibs) ;
1728                 cf2->c_sibs = cf;
1729         } else {
1730                 cfn->c_kids = cf;
1731         }
1732         cfn = cf;
1733         rc = read_config_file(c->argv[1], c->depth + 1, c);
1734         c->lineno = savelineno - 1;
1735         cfn = cfsave;
1736         if ( rc ) {
1737                 if ( cf2 ) cf2->c_sibs = NULL;
1738                 else cfn->c_kids = NULL;
1739                 ch_free( cf );
1740         }
1741         return(rc);
1742 }
1743
1744 #ifdef HAVE_TLS
1745 int
1746 config_tls_option(ConfigArgs *c) {
1747         int flag;
1748         switch(c->type) {
1749         case CFG_TLS_RAND:              flag = LDAP_OPT_X_TLS_RANDOM_FILE;      break;
1750         case CFG_TLS_CIPHER:            flag = LDAP_OPT_X_TLS_CIPHER_SUITE;     break;
1751         case CFG_TLS_CERT_FILE: flag = LDAP_OPT_X_TLS_CERTFILE;         break;  
1752         case CFG_TLS_CERT_KEY:  flag = LDAP_OPT_X_TLS_KEYFILE;          break;
1753         case CFG_TLS_CA_PATH:   flag = LDAP_OPT_X_TLS_CACERTDIR;        break;
1754         case CFG_TLS_CA_FILE:   flag = LDAP_OPT_X_TLS_CACERTFILE;       break;
1755 #ifdef HAVE_OPENSSL_CRL
1756         case CFG_TLS_CRLCHECK:  flag = LDAP_OPT_X_TLS_CRLCHECK;         break;
1757 #endif
1758                 default:                Debug(LDAP_DEBUG_ANY, "%s: "
1759                                                 "unknown tls_option <%x>\n",
1760                                                 c->log, c->type, 0);
1761         }
1762         return(ldap_pvt_tls_set_option(NULL, flag, c->argv[1]));
1763 }
1764
1765 int
1766 config_tls_verify(ConfigArgs *c) {
1767         int i;
1768         if(isdigit((unsigned char)c->argv[1][0])) {
1769                 i = atoi(c->argv[1]);
1770                 return(ldap_pvt_tls_set_option(NULL, LDAP_OPT_X_TLS_REQUIRE_CERT, &i));
1771         } else {
1772                 return(ldap_int_tls_config(NULL, LDAP_OPT_X_TLS_REQUIRE_CERT, c->argv[1]));
1773         }
1774 }
1775 #endif
1776
1777 /* -------------------------------------- */
1778
1779
1780 static char *
1781 strtok_quote( char *line, char *sep )
1782 {
1783         int             inquote;
1784         char            *tmp;
1785         static char     *next;
1786
1787         strtok_quote_ptr = NULL;
1788         if ( line != NULL ) {
1789                 next = line;
1790         }
1791         while ( *next && strchr( sep, *next ) ) {
1792                 next++;
1793         }
1794
1795         if ( *next == '\0' ) {
1796                 next = NULL;
1797                 return( NULL );
1798         }
1799         tmp = next;
1800
1801         for ( inquote = 0; *next; ) {
1802                 switch ( *next ) {
1803                 case '"':
1804                         if ( inquote ) {
1805                                 inquote = 0;
1806                         } else {
1807                                 inquote = 1;
1808                         }
1809                         AC_MEMCPY( next, next + 1, strlen( next + 1 ) + 1 );
1810                         break;
1811
1812                 case '\\':
1813                         if ( next[1] )
1814                                 AC_MEMCPY( next,
1815                                             next + 1, strlen( next + 1 ) + 1 );
1816                         next++;         /* dont parse the escaped character */
1817                         break;
1818
1819                 default:
1820                         if ( ! inquote ) {
1821                                 if ( strchr( sep, *next ) != NULL ) {
1822                                         strtok_quote_ptr = next;
1823                                         *next++ = '\0';
1824                                         return( tmp );
1825                                 }
1826                         }
1827                         next++;
1828                         break;
1829                 }
1830         }
1831
1832         return( tmp );
1833 }
1834
1835 static char     buf[BUFSIZ];
1836 static char     *line;
1837 static size_t lmax, lcur;
1838
1839 #define CATLINE( buf ) \
1840         do { \
1841                 size_t len = strlen( buf ); \
1842                 while ( lcur + len + 1 > lmax ) { \
1843                         lmax += BUFSIZ; \
1844                         line = (char *) ch_realloc( line, lmax ); \
1845                 } \
1846                 strcpy( line + lcur, buf ); \
1847                 lcur += len; \
1848         } while( 0 )
1849
1850 static void
1851 fp_getline_init(ConfigArgs *c) {
1852         c->lineno = -1;
1853         buf[0] = '\0';
1854 }
1855
1856 static int
1857 fp_getline( FILE *fp, ConfigArgs *c )
1858 {
1859         char    *p;
1860
1861         lcur = 0;
1862         CATLINE(buf);
1863         c->lineno++;
1864
1865         /* avoid stack of bufs */
1866         if ( strncasecmp( line, "include", STRLENOF( "include" ) ) == 0 ) {
1867                 buf[0] = '\0';
1868                 c->line = line;
1869                 return(1);
1870         }
1871
1872         while ( fgets( buf, sizeof( buf ), fp ) ) {
1873                 p = strchr( buf, '\n' );
1874                 if ( p ) {
1875                         if ( p > buf && p[-1] == '\r' ) {
1876                                 --p;
1877                         }
1878                         *p = '\0';
1879                 }
1880                 /* XXX ugly */
1881                 c->line = line;
1882                 if ( line[0]
1883                                 && ( p = line + strlen( line ) - 1 )[0] == '\\'
1884                                 && p[-1] != '\\' )
1885                 {
1886                         p[0] = '\0';
1887                         lcur--;
1888                         
1889                 } else {
1890                         if ( !isspace( (unsigned char)buf[0] ) ) {
1891                                 return(1);
1892                         }
1893                         buf[0] = ' ';
1894                 }
1895                 CATLINE(buf);
1896                 c->lineno++;
1897         }
1898
1899         buf[0] = '\0';
1900         c->line = line;
1901         return(line[0] ? 1 : 0);
1902 }
1903
1904 static int
1905 fp_parse_line(ConfigArgs *c)
1906 {
1907         char *token;
1908         char *tline = ch_strdup(c->line);
1909         char *hide[] = { "rootpw", "replica", "bindpw", "pseudorootpw", "dbpasswd", '\0' };
1910         int i;
1911
1912         c->argc = 0;
1913         token = strtok_quote(tline, " \t");
1914
1915         if(token) for(i = 0; hide[i]; i++) if(!strcasecmp(token, hide[i])) break;
1916         if(strtok_quote_ptr) *strtok_quote_ptr = ' ';
1917         Debug(LDAP_DEBUG_CONFIG, "line %lu (%s%s)\n", c->lineno, hide[i] ? hide[i] : c->line, hide[i] ? " ***" : "");
1918         if(strtok_quote_ptr) *strtok_quote_ptr = '\0';
1919
1920         for(; token; token = strtok_quote(NULL, " \t")) {
1921                 if(c->argc == c->argv_size - 1) {
1922                         char **tmp;
1923                         tmp = ch_realloc(c->argv, (c->argv_size + ARGS_STEP) * sizeof(*c->argv));
1924                         if(!tmp) {
1925                                 Debug(LDAP_DEBUG_ANY, "line %lu: out of memory\n", c->lineno, 0, 0);
1926                                 return -1;
1927                         }
1928                         c->argv = tmp;
1929                         c->argv_size += ARGS_STEP;
1930                 }
1931                 c->argv[c->argc++] = token;
1932         }
1933         c->argv[c->argc] = NULL;
1934         return(0);
1935 }
1936
1937
1938 #if 0
1939 /* Loads ucdata, returns 1 if loading, 0 if already loaded, -1 on error */
1940 static int
1941 load_ucdata( char *path )
1942 {
1943 #if 0
1944         static int loaded = 0;
1945         int err;
1946         
1947         if ( loaded ) {
1948                 return( 0 );
1949         }
1950         err = ucdata_load( path ? path : SLAPD_DEFAULT_UCDATA, UCDATA_ALL );
1951         if ( err ) {
1952                 Debug( LDAP_DEBUG_ANY, "error loading ucdata (error %d)\n",
1953                        err, 0, 0 );
1954
1955                 return( -1 );
1956         }
1957         loaded = 1;
1958         return( 1 );
1959 #else
1960         /* ucdata is now hardcoded */
1961         return( 0 );
1962 #endif
1963 }
1964 #endif
1965
1966 void
1967 config_destroy( )
1968 {
1969         ucdata_unload( UCDATA_ALL );
1970         if ( frontendDB ) {
1971                 /* NOTE: in case of early exit, frontendDB can be NULL */
1972                 if ( frontendDB->be_schemandn.bv_val )
1973                         free( frontendDB->be_schemandn.bv_val );
1974                 if ( frontendDB->be_schemadn.bv_val )
1975                         free( frontendDB->be_schemadn.bv_val );
1976                 if ( frontendDB->be_acl )
1977                         acl_destroy( frontendDB->be_acl, NULL );
1978         }
1979         free( line );
1980         if ( slapd_args_file )
1981                 free ( slapd_args_file );
1982         if ( slapd_pid_file )
1983                 free ( slapd_pid_file );
1984         if ( default_passwd_hash )
1985                 ldap_charray_free( default_passwd_hash );
1986 }
1987
1988 static int
1989 add_syncrepl(
1990         Backend *be,
1991         char    **cargv,
1992         int     cargc
1993 )
1994 {
1995         syncinfo_t *si;
1996         int     rc = 0;
1997
1998         si = (syncinfo_t *) ch_calloc( 1, sizeof( syncinfo_t ) );
1999
2000         if ( si == NULL ) {
2001                 Debug( LDAP_DEBUG_ANY, "out of memory in add_syncrepl\n", 0, 0, 0 );
2002                 return 1;
2003         }
2004
2005         si->si_tls = SYNCINFO_TLS_OFF;
2006         si->si_bindmethod = LDAP_AUTH_SIMPLE;
2007         si->si_schemachecking = 0;
2008         ber_str2bv( "(objectclass=*)", STRLENOF("(objectclass=*)"), 1,
2009                 &si->si_filterstr );
2010         si->si_base.bv_val = NULL;
2011         si->si_scope = LDAP_SCOPE_SUBTREE;
2012         si->si_attrsonly = 0;
2013         si->si_anlist = (AttributeName *) ch_calloc( 1, sizeof( AttributeName ));
2014         si->si_exanlist = (AttributeName *) ch_calloc( 1, sizeof( AttributeName ));
2015         si->si_attrs = NULL;
2016         si->si_allattrs = 0;
2017         si->si_allopattrs = 0;
2018         si->si_exattrs = NULL;
2019         si->si_type = LDAP_SYNC_REFRESH_ONLY;
2020         si->si_interval = 86400;
2021         si->si_retryinterval = NULL;
2022         si->si_retrynum_init = NULL;
2023         si->si_retrynum = NULL;
2024         si->si_manageDSAit = 0;
2025         si->si_tlimit = 0;
2026         si->si_slimit = 0;
2027
2028         si->si_presentlist = NULL;
2029         LDAP_LIST_INIT( &si->si_nonpresentlist );
2030         ldap_pvt_thread_mutex_init( &si->si_mutex );
2031
2032         rc = parse_syncrepl_line( cargv, cargc, si );
2033
2034         if ( rc < 0 ) {
2035                 Debug( LDAP_DEBUG_ANY, "failed to add syncinfo\n", 0, 0, 0 );
2036                 syncinfo_free( si );    
2037                 return 1;
2038         } else {
2039                 Debug( LDAP_DEBUG_CONFIG,
2040                         "Config: ** successfully added syncrepl \"%s\"\n",
2041                         BER_BVISNULL( &si->si_provideruri ) ?
2042                         "(null)" : si->si_provideruri.bv_val, 0, 0 );
2043                 if ( !si->si_schemachecking ) {
2044                         SLAP_DBFLAGS(be) |= SLAP_DBFLAG_NO_SCHEMA_CHECK;
2045                 }
2046                 si->si_be = be;
2047                 be->be_syncinfo = si;
2048                 return 0;
2049         }
2050 }
2051
2052 /* NOTE: used & documented in slapd.conf(5) */
2053 #define IDSTR                   "rid"
2054 #define PROVIDERSTR             "provider"
2055 #define TYPESTR                 "type"
2056 #define INTERVALSTR             "interval"
2057 #define SEARCHBASESTR           "searchbase"
2058 #define FILTERSTR               "filter"
2059 #define SCOPESTR                "scope"
2060 #define ATTRSSTR                "attrs"
2061 #define ATTRSONLYSTR            "attrsonly"
2062 #define SLIMITSTR               "sizelimit"
2063 #define TLIMITSTR               "timelimit"
2064 #define SCHEMASTR               "schemachecking"
2065 #define BINDMETHSTR             "bindmethod"
2066 #define SIMPLESTR                       "simple"
2067 #define SASLSTR                         "sasl"
2068 #define BINDDNSTR               "binddn"
2069 #define SASLMECHSTR             "saslmech"
2070 #define AUTHCSTR                "authcID"
2071 #define AUTHZSTR                "authzID"
2072 #define CREDSTR                 "credentials"
2073 #define REALMSTR                "realm"
2074 #define SECPROPSSTR             "secprops"
2075
2076 /* FIXME: undocumented */
2077 #define OLDAUTHCSTR             "bindprincipal"
2078 #define STARTTLSSTR             "starttls"
2079 #define CRITICALSTR                     "critical"
2080 #define EXATTRSSTR              "exattrs"
2081 #define MANAGEDSAITSTR          "manageDSAit"
2082 #define RETRYSTR                "retry"
2083
2084 /* FIXME: unused */
2085 #define LASTMODSTR              "lastmod"
2086 #define LMGENSTR                "gen"
2087 #define LMNOSTR                 "no"
2088 #define LMREQSTR                "req"
2089 #define SRVTABSTR               "srvtab"
2090 #define SUFFIXSTR               "suffix"
2091 #define UPDATEDNSTR             "updatedn"
2092
2093 /* mandatory */
2094 #define GOT_ID                  0x0001
2095 #define GOT_PROVIDER            0x0002
2096 #define GOT_METHOD              0x0004
2097
2098 /* check */
2099 #define GOT_ALL                 (GOT_ID|GOT_PROVIDER|GOT_METHOD)
2100
2101 static int
2102 parse_syncrepl_line(
2103         char            **cargv,
2104         int             cargc,
2105         syncinfo_t      *si
2106 )
2107 {
2108         int     gots = 0;
2109         int     i;
2110         char    *val;
2111
2112         for ( i = 1; i < cargc; i++ ) {
2113                 if ( !strncasecmp( cargv[ i ], IDSTR "=",
2114                                         STRLENOF( IDSTR "=" ) ) )
2115                 {
2116                         int tmp;
2117                         /* '\0' string terminator accounts for '=' */
2118                         val = cargv[ i ] + STRLENOF( IDSTR "=" );
2119                         tmp= atoi( val );
2120                         if ( tmp >= 1000 || tmp < 0 ) {
2121                                 fprintf( stderr, "Error: parse_syncrepl_line: "
2122                                          "syncrepl id %d is out of range [0..999]\n", tmp );
2123                                 return -1;
2124                         }
2125                         si->si_rid = tmp;
2126                         gots |= GOT_ID;
2127                 } else if ( !strncasecmp( cargv[ i ], PROVIDERSTR "=",
2128                                         STRLENOF( PROVIDERSTR "=" ) ) )
2129                 {
2130                         val = cargv[ i ] + STRLENOF( PROVIDERSTR "=" );
2131                         ber_str2bv( val, 0, 1, &si->si_provideruri );
2132                         gots |= GOT_PROVIDER;
2133                 } else if ( !strncasecmp( cargv[ i ], STARTTLSSTR "=",
2134                                         STRLENOF(STARTTLSSTR "=") ) )
2135                 {
2136                         val = cargv[ i ] + STRLENOF( STARTTLSSTR "=" );
2137                         if( !strcasecmp( val, CRITICALSTR ) ) {
2138                                 si->si_tls = SYNCINFO_TLS_CRITICAL;
2139                         } else {
2140                                 si->si_tls = SYNCINFO_TLS_ON;
2141                         }
2142                 } else if ( !strncasecmp( cargv[ i ], BINDMETHSTR "=",
2143                                 STRLENOF( BINDMETHSTR "=" ) ) )
2144                 {
2145                         val = cargv[ i ] + STRLENOF( BINDMETHSTR "=" );
2146                         if ( !strcasecmp( val, SIMPLESTR )) {
2147                                 si->si_bindmethod = LDAP_AUTH_SIMPLE;
2148                                 gots |= GOT_METHOD;
2149                         } else if ( !strcasecmp( val, SASLSTR )) {
2150 #ifdef HAVE_CYRUS_SASL
2151                                 si->si_bindmethod = LDAP_AUTH_SASL;
2152                                 gots |= GOT_METHOD;
2153 #else /* HAVE_CYRUS_SASL */
2154                                 fprintf( stderr, "Error: parse_syncrepl_line: "
2155                                         "not compiled with SASL support\n" );
2156                                 return -1;
2157 #endif /* HAVE_CYRUS_SASL */
2158                         } else {
2159                                 si->si_bindmethod = -1;
2160                         }
2161                 } else if ( !strncasecmp( cargv[ i ], BINDDNSTR "=",
2162                                         STRLENOF( BINDDNSTR "=" ) ) )
2163                 {
2164                         val = cargv[ i ] + STRLENOF( BINDDNSTR "=" );
2165                         si->si_binddn = ch_strdup( val );
2166                 } else if ( !strncasecmp( cargv[ i ], CREDSTR "=",
2167                                         STRLENOF( CREDSTR "=" ) ) )
2168                 {
2169                         val = cargv[ i ] + STRLENOF( CREDSTR "=" );
2170                         si->si_passwd = ch_strdup( val );
2171                 } else if ( !strncasecmp( cargv[ i ], SASLMECHSTR "=",
2172                                         STRLENOF( SASLMECHSTR "=" ) ) )
2173                 {
2174                         val = cargv[ i ] + STRLENOF( SASLMECHSTR "=" );
2175                         si->si_saslmech = ch_strdup( val );
2176                 } else if ( !strncasecmp( cargv[ i ], SECPROPSSTR "=",
2177                                         STRLENOF( SECPROPSSTR "=" ) ) )
2178                 {
2179                         val = cargv[ i ] + STRLENOF( SECPROPSSTR "=" );
2180                         si->si_secprops = ch_strdup( val );
2181                 } else if ( !strncasecmp( cargv[ i ], REALMSTR "=",
2182                                         STRLENOF( REALMSTR "=" ) ) )
2183                 {
2184                         val = cargv[ i ] + STRLENOF( REALMSTR "=" );
2185                         si->si_realm = ch_strdup( val );
2186                 } else if ( !strncasecmp( cargv[ i ], AUTHCSTR "=",
2187                                         STRLENOF( AUTHCSTR "=" ) ) )
2188                 {
2189                         val = cargv[ i ] + STRLENOF( AUTHCSTR "=" );
2190                         if ( si->si_authcId )
2191                                 ch_free( si->si_authcId );
2192                         si->si_authcId = ch_strdup( val );
2193                 } else if ( !strncasecmp( cargv[ i ], OLDAUTHCSTR "=",
2194                                         STRLENOF( OLDAUTHCSTR "=" ) ) ) 
2195                 {
2196                         /* Old authcID is provided for some backwards compatibility */
2197                         val = cargv[ i ] + STRLENOF( OLDAUTHCSTR "=" );
2198                         if ( si->si_authcId )
2199                                 ch_free( si->si_authcId );
2200                         si->si_authcId = ch_strdup( val );
2201                 } else if ( !strncasecmp( cargv[ i ], AUTHZSTR "=",
2202                                         STRLENOF( AUTHZSTR "=" ) ) )
2203                 {
2204                         val = cargv[ i ] + STRLENOF( AUTHZSTR "=" );
2205                         si->si_authzId = ch_strdup( val );
2206                 } else if ( !strncasecmp( cargv[ i ], SCHEMASTR "=",
2207                                         STRLENOF( SCHEMASTR "=" ) ) )
2208                 {
2209                         val = cargv[ i ] + STRLENOF( SCHEMASTR "=" );
2210                         if ( !strncasecmp( val, "on", STRLENOF( "on" ) )) {
2211                                 si->si_schemachecking = 1;
2212                         } else if ( !strncasecmp( val, "off", STRLENOF( "off" ) ) ) {
2213                                 si->si_schemachecking = 0;
2214                         } else {
2215                                 si->si_schemachecking = 1;
2216                         }
2217                 } else if ( !strncasecmp( cargv[ i ], FILTERSTR "=",
2218                                         STRLENOF( FILTERSTR "=" ) ) )
2219                 {
2220                         val = cargv[ i ] + STRLENOF( FILTERSTR "=" );
2221                         ber_str2bv( val, 0, 1, &si->si_filterstr );
2222                 } else if ( !strncasecmp( cargv[ i ], SEARCHBASESTR "=",
2223                                         STRLENOF( SEARCHBASESTR "=" ) ) )
2224                 {
2225                         struct berval   bv;
2226                         int             rc;
2227
2228                         val = cargv[ i ] + STRLENOF( SEARCHBASESTR "=" );
2229                         if ( si->si_base.bv_val ) {
2230                                 ch_free( si->si_base.bv_val );
2231                         }
2232                         ber_str2bv( val, 0, 0, &bv );
2233                         rc = dnNormalize( 0, NULL, NULL, &bv, &si->si_base, NULL );
2234                         if ( rc != LDAP_SUCCESS ) {
2235                                 fprintf( stderr, "Invalid base DN \"%s\": %d (%s)\n",
2236                                         val, rc, ldap_err2string( rc ) );
2237                                 return -1;
2238                         }
2239                 } else if ( !strncasecmp( cargv[ i ], SCOPESTR "=",
2240                                         STRLENOF( SCOPESTR "=" ) ) )
2241                 {
2242                         val = cargv[ i ] + STRLENOF( SCOPESTR "=" );
2243                         if ( !strncasecmp( val, "base", STRLENOF( "base" ) )) {
2244                                 si->si_scope = LDAP_SCOPE_BASE;
2245                         } else if ( !strncasecmp( val, "one", STRLENOF( "one" ) )) {
2246                                 si->si_scope = LDAP_SCOPE_ONELEVEL;
2247 #ifdef LDAP_SCOPE_SUBORDINATE
2248                         } else if ( !strcasecmp( val, "subordinate" ) ||
2249                                 !strcasecmp( val, "children" ))
2250                         {
2251                                 si->si_scope = LDAP_SCOPE_SUBORDINATE;
2252 #endif
2253                         } else if ( !strncasecmp( val, "sub", STRLENOF( "sub" ) )) {
2254                                 si->si_scope = LDAP_SCOPE_SUBTREE;
2255                         } else {
2256                                 fprintf( stderr, "Error: parse_syncrepl_line: "
2257                                         "unknown scope \"%s\"\n", val);
2258                                 return -1;
2259                         }
2260                 } else if ( !strncasecmp( cargv[ i ], ATTRSONLYSTR "=",
2261                                         STRLENOF( ATTRSONLYSTR "=" ) ) )
2262                 {
2263                         si->si_attrsonly = 1;
2264                 } else if ( !strncasecmp( cargv[ i ], ATTRSSTR "=",
2265                                         STRLENOF( ATTRSSTR "=" ) ) )
2266                 {
2267                         val = cargv[ i ] + STRLENOF( ATTRSSTR "=" );
2268                         if ( !strncasecmp( val, ":include:", STRLENOF(":include:") ) ) {
2269                                 char *attr_fname;
2270                                 attr_fname = ch_strdup( val + STRLENOF(":include:") );
2271                                 si->si_anlist = file2anlist( si->si_anlist, attr_fname, " ,\t" );
2272                                 if ( si->si_anlist == NULL ) {
2273                                         ch_free( attr_fname );
2274                                         return -1;
2275                                 }
2276                                 ch_free( attr_fname );
2277                         } else {
2278                                 char *str, *s, *next;
2279                                 char delimstr[] = " ,\t";
2280                                 str = ch_strdup( val );
2281                                 for ( s = ldap_pvt_strtok( str, delimstr, &next );
2282                                                 s != NULL;
2283                                                 s = ldap_pvt_strtok( NULL, delimstr, &next ) )
2284                                 {
2285                                         if ( strlen(s) == 1 && *s == '*' ) {
2286                                                 si->si_allattrs = 1;
2287                                                 *(val + ( s - str )) = delimstr[0];
2288                                         }
2289                                         if ( strlen(s) == 1 && *s == '+' ) {
2290                                                 si->si_allopattrs = 1;
2291                                                 *(val + ( s - str )) = delimstr[0];
2292                                         }
2293                                 }
2294                                 ch_free( str );
2295                                 si->si_anlist = str2anlist( si->si_anlist, val, " ,\t" );
2296                                 if ( si->si_anlist == NULL ) {
2297                                         return -1;
2298                                 }
2299                         }
2300                 } else if ( !strncasecmp( cargv[ i ], EXATTRSSTR "=",
2301                                         STRLENOF( EXATTRSSTR "=" ) ) )
2302                 {
2303                         val = cargv[ i ] + STRLENOF( EXATTRSSTR "=" );
2304                         if ( !strncasecmp( val, ":include:", STRLENOF(":include:") )) {
2305                                 char *attr_fname;
2306                                 attr_fname = ch_strdup( val + STRLENOF(":include:") );
2307                                 si->si_exanlist = file2anlist(
2308                                                                         si->si_exanlist, attr_fname, " ,\t" );
2309                                 if ( si->si_exanlist == NULL ) {
2310                                         ch_free( attr_fname );
2311                                         return -1;
2312                                 }
2313                                 ch_free( attr_fname );
2314                         } else {
2315                                 si->si_exanlist = str2anlist( si->si_exanlist, val, " ,\t" );
2316                                 if ( si->si_exanlist == NULL ) {
2317                                         return -1;
2318                                 }
2319                         }
2320                 } else if ( !strncasecmp( cargv[ i ], TYPESTR "=",
2321                                         STRLENOF( TYPESTR "=" ) ) )
2322                 {
2323                         val = cargv[ i ] + STRLENOF( TYPESTR "=" );
2324                         if ( !strncasecmp( val, "refreshOnly",
2325                                                 STRLENOF("refreshOnly") ))
2326                         {
2327                                 si->si_type = LDAP_SYNC_REFRESH_ONLY;
2328                         } else if ( !strncasecmp( val, "refreshAndPersist",
2329                                                 STRLENOF("refreshAndPersist") ))
2330                         {
2331                                 si->si_type = LDAP_SYNC_REFRESH_AND_PERSIST;
2332                                 si->si_interval = 60;
2333                         } else {
2334                                 fprintf( stderr, "Error: parse_syncrepl_line: "
2335                                         "unknown sync type \"%s\"\n", val);
2336                                 return -1;
2337                         }
2338                 } else if ( !strncasecmp( cargv[ i ], INTERVALSTR "=",
2339                                         STRLENOF( INTERVALSTR "=" ) ) )
2340                 {
2341                         val = cargv[ i ] + STRLENOF( INTERVALSTR "=" );
2342                         if ( si->si_type == LDAP_SYNC_REFRESH_AND_PERSIST ) {
2343                                 si->si_interval = 0;
2344                         } else {
2345                                 char *hstr;
2346                                 char *mstr;
2347                                 char *dstr;
2348                                 char *sstr;
2349                                 int dd, hh, mm, ss;
2350                                 dstr = val;
2351                                 hstr = strchr( dstr, ':' );
2352                                 if ( hstr == NULL ) {
2353                                         fprintf( stderr, "Error: parse_syncrepl_line: "
2354                                                 "invalid interval \"%s\"\n", val );
2355                                         return -1;
2356                                 }
2357                                 *hstr++ = '\0';
2358                                 mstr = strchr( hstr, ':' );
2359                                 if ( mstr == NULL ) {
2360                                         fprintf( stderr, "Error: parse_syncrepl_line: "
2361                                                 "invalid interval \"%s\"\n", val );
2362                                         return -1;
2363                                 }
2364                                 *mstr++ = '\0';
2365                                 sstr = strchr( mstr, ':' );
2366                                 if ( sstr == NULL ) {
2367                                         fprintf( stderr, "Error: parse_syncrepl_line: "
2368                                                 "invalid interval \"%s\"\n", val );
2369                                         return -1;
2370                                 }
2371                                 *sstr++ = '\0';
2372
2373                                 dd = atoi( dstr );
2374                                 hh = atoi( hstr );
2375                                 mm = atoi( mstr );
2376                                 ss = atoi( sstr );
2377                                 if (( hh > 24 ) || ( hh < 0 ) ||
2378                                         ( mm > 60 ) || ( mm < 0 ) ||
2379                                         ( ss > 60 ) || ( ss < 0 ) || ( dd < 0 )) {
2380                                         fprintf( stderr, "Error: parse_syncrepl_line: "
2381                                                 "invalid interval \"%s\"\n", val );
2382                                         return -1;
2383                                 }
2384                                 si->si_interval = (( dd * 24 + hh ) * 60 + mm ) * 60 + ss;
2385                         }
2386                         if ( si->si_interval < 0 ) {
2387                                 fprintf( stderr, "Error: parse_syncrepl_line: "
2388                                         "invalid interval \"%ld\"\n",
2389                                         (long) si->si_interval);
2390                                 return -1;
2391                         }
2392                 } else if ( !strncasecmp( cargv[ i ], RETRYSTR "=",
2393                                         STRLENOF( RETRYSTR "=" ) ) )
2394                 {
2395                         char **retry_list;
2396                         int j, k, n;
2397
2398                         val = cargv[ i ] + STRLENOF( RETRYSTR "=" );
2399                         retry_list = (char **) ch_calloc( 1, sizeof( char * ));
2400                         retry_list[0] = NULL;
2401
2402                         slap_str2clist( &retry_list, val, " ,\t" );
2403
2404                         for ( k = 0; retry_list && retry_list[k]; k++ ) ;
2405                         n = k / 2;
2406                         if ( k % 2 ) {
2407                                 fprintf( stderr,
2408                                                 "Error: incomplete syncrepl retry list\n" );
2409                                 for ( k = 0; retry_list && retry_list[k]; k++ ) {
2410                                         ch_free( retry_list[k] );
2411                                 }
2412                                 ch_free( retry_list );
2413                                 exit( EXIT_FAILURE );
2414                         }
2415                         si->si_retryinterval = (time_t *) ch_calloc( n + 1, sizeof( time_t ));
2416                         si->si_retrynum = (int *) ch_calloc( n + 1, sizeof( int ));
2417                         si->si_retrynum_init = (int *) ch_calloc( n + 1, sizeof( int ));
2418                         for ( j = 0; j < n; j++ ) {
2419                                 si->si_retryinterval[j] = atoi( retry_list[j*2] );
2420                                 if ( *retry_list[j*2+1] == '+' ) {
2421                                         si->si_retrynum_init[j] = -1;
2422                                         si->si_retrynum[j] = -1;
2423                                         j++;
2424                                         break;
2425                                 } else {
2426                                         si->si_retrynum_init[j] = atoi( retry_list[j*2+1] );
2427                                         si->si_retrynum[j] = atoi( retry_list[j*2+1] );
2428                                 }
2429                         }
2430                         si->si_retrynum_init[j] = -2;
2431                         si->si_retrynum[j] = -2;
2432                         si->si_retryinterval[j] = 0;
2433                         
2434                         for ( k = 0; retry_list && retry_list[k]; k++ ) {
2435                                 ch_free( retry_list[k] );
2436                         }
2437                         ch_free( retry_list );
2438                 } else if ( !strncasecmp( cargv[ i ], MANAGEDSAITSTR "=",
2439                                         STRLENOF( MANAGEDSAITSTR "=" ) ) )
2440                 {
2441                         val = cargv[ i ] + STRLENOF( MANAGEDSAITSTR "=" );
2442                         si->si_manageDSAit = atoi( val );
2443                 } else if ( !strncasecmp( cargv[ i ], SLIMITSTR "=",
2444                                         STRLENOF( SLIMITSTR "=") ) )
2445                 {
2446                         val = cargv[ i ] + STRLENOF( SLIMITSTR "=" );
2447                         si->si_slimit = atoi( val );
2448                 } else if ( !strncasecmp( cargv[ i ], TLIMITSTR "=",
2449                                         STRLENOF( TLIMITSTR "=" ) ) )
2450                 {
2451                         val = cargv[ i ] + STRLENOF( TLIMITSTR "=" );
2452                         si->si_tlimit = atoi( val );
2453                 } else {
2454                         fprintf( stderr, "Error: parse_syncrepl_line: "
2455                                 "unknown keyword \"%s\"\n", cargv[ i ] );
2456                         return -1;
2457                 }
2458         }
2459
2460         if ( gots != GOT_ALL ) {
2461                 fprintf( stderr,
2462                         "Error: Malformed \"syncrepl\" line in slapd config file" );
2463                 return -1;
2464         }
2465
2466         return 0;
2467 }
2468
2469 char **
2470 slap_str2clist( char ***out, char *in, const char *brkstr )
2471 {
2472         char    *str;
2473         char    *s;
2474         char    *lasts;
2475         int     i, j;
2476         char    **new;
2477
2478         /* find last element in list */
2479         for (i = 0; *out && (*out)[i]; i++);
2480
2481         /* protect the input string from strtok */
2482         str = ch_strdup( in );
2483
2484         if ( *str == '\0' ) {
2485                 free( str );
2486                 return( *out );
2487         }
2488
2489         /* Count words in string */
2490         j=1;
2491         for ( s = str; *s; s++ ) {
2492                 if ( strchr( brkstr, *s ) != NULL ) {
2493                         j++;
2494                 }
2495         }
2496
2497         *out = ch_realloc( *out, ( i + j + 1 ) * sizeof( char * ) );
2498         new = *out + i;
2499         for ( s = ldap_pvt_strtok( str, brkstr, &lasts );
2500                 s != NULL;
2501                 s = ldap_pvt_strtok( NULL, brkstr, &lasts ) )
2502         {
2503                 *new = ch_strdup( s );
2504                 new++;
2505         }
2506
2507         *new = NULL;
2508         free( str );
2509         return( *out );
2510 }
Cloned from git://git.openldap.org/openldap.git