1 /* config.c - configuration file handling routines */
4 * Copyright 1998-2000 The OpenLDAP Foundation, All Rights Reserved.
5 * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
12 #include <ac/string.h>
14 #include <ac/socket.h>
23 * defaults for various global variables
25 int defsize = SLAPD_DEFAULT_SIZELIMIT;
26 int deftime = SLAPD_DEFAULT_TIMELIMIT;
27 AccessControl *global_acl = NULL;
28 slap_access_t global_default_access = ACL_READ;
29 slap_mask_t global_restrictops = 0;
30 slap_mask_t global_allows = 0;
31 slap_mask_t global_disallows = 0;
32 slap_mask_t global_requires = 0;
33 slap_ssf_set_t global_ssf_set;
35 int global_lastmod = ON;
36 int global_idletimeout = 0;
37 char *global_host = NULL;
38 char *global_realm = NULL;
39 char *ldap_srvtab = "";
40 char *default_passwd_hash;
41 char *default_search_base = NULL;
42 char *default_search_nbase = NULL;
44 ber_len_t sockbuf_max_incoming = SLAP_SB_MAX_INCOMING_DEFAULT;
46 char *slapd_pid_file = NULL;
47 char *slapd_args_file = NULL;
50 SaslRegexp_t *SaslRegexp = NULL;
51 int sasl_external_x509dn_convert;
53 static char *fp_getline(FILE *fp, int *lineno);
54 static void fp_getline_init(int *lineno);
55 static int fp_parse_line(char *line, int *argcp, char **argv);
57 static char *strtok_quote(char *line, char *sep);
58 static int load_ucdata(char *path);
61 read_config( const char *fname )
64 char *line, *savefname, *saveline;
65 int cargc, savelineno;
66 char *cargv[MAXARGS+1];
69 struct berval *vals[2];
72 static BackendInfo *bi = NULL;
73 static BackendDB *be = NULL;
78 if ( (fp = fopen( fname, "r" )) == NULL ) {
80 Debug( LDAP_DEBUG_ANY,
81 "could not open config file \"%s\" - absolute path?\n",
88 LDAP_LOG(( "config", LDAP_LEVEL_ENTRY,
89 "read_config: reading config file %s\n", fname ));
91 Debug( LDAP_DEBUG_CONFIG, "reading config file %s\n", fname, 0, 0 );
95 fp_getline_init( &lineno );
97 while ( (line = fp_getline( fp, &lineno )) != NULL ) {
98 /* skip comments and blank lines */
99 if ( line[0] == '#' || line[0] == '\0' ) {
104 LDAP_LOG(( "config", LDAP_LEVEL_DETAIL1,
105 "line %d (%s)\n", lineno, line ));
107 Debug( LDAP_DEBUG_CONFIG, "line %d (%s)\n", lineno, line, 0 );
111 /* fp_parse_line is destructive, we save a copy */
112 saveline = ch_strdup( line );
114 if ( fp_parse_line( line, &cargc, cargv ) != 0 ) {
120 LDAP_LOG(( "config", LDAP_LEVEL_INFO,
121 "%s: line %d: bad config line (ignored)\n",
124 Debug( LDAP_DEBUG_ANY,
125 "%s: line %d: bad config line (ignored)\n",
132 if ( strcasecmp( cargv[0], "backend" ) == 0 ) {
135 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
136 "%s : line %d: missing type in \"backend\" line.\n",
139 Debug( LDAP_DEBUG_ANY,
140 "%s: line %d: missing type in \"backend <type>\" line\n",
149 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
150 "%s: line %d: backend line must appear before any "
151 "database definition.\n", fname, lineno ));
153 Debug( LDAP_DEBUG_ANY,
154 "%s: line %d: backend line must appear before any database definition\n",
161 bi = backend_info( cargv[1] );
165 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
166 "read_config: backend %s initialization failed.\n",
169 Debug( LDAP_DEBUG_ANY,
170 "backend %s initialization failed.\n",
176 } else if ( strcasecmp( cargv[0], "database" ) == 0 ) {
179 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
180 "%s: line %d: missing type in \"database <type>\" line\n",
183 Debug( LDAP_DEBUG_ANY,
184 "%s: line %d: missing type in \"database <type>\" line\n",
192 be = backend_db_init( cargv[1] );
196 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
197 "database %s initialization failed.\n",
200 Debug( LDAP_DEBUG_ANY,
201 "database %s initialization failed.\n",
208 /* set thread concurrency */
209 } else if ( strcasecmp( cargv[0], "concurrency" ) == 0 ) {
213 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
214 "%s: line %d: missing level in \"concurrency <level\" line\n",
217 Debug( LDAP_DEBUG_ANY,
218 "%s: line %d: missing level in \"concurrency <level>\" line\n",
225 c = atoi( cargv[1] );
229 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
230 "%s: line %d: invalid level (%d) in "
231 "\"concurrency <level>\" line.\n",
234 Debug( LDAP_DEBUG_ANY,
235 "%s: line %d: invalid level (%d) in \"concurrency <level>\" line\n",
242 ldap_pvt_thread_set_concurrency( c );
244 /* set sockbuf max */
245 } else if ( strcasecmp( cargv[0], "sockbuf_max_incoming" ) == 0 ) {
249 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
250 "%s: line %d: missing max in \"sockbuf_max_incoming <bytes\" line\n",
253 Debug( LDAP_DEBUG_ANY,
254 "%s: line %d: missing max in \"sockbuf_max_incoming <bytes\" line\n",
261 max = atol( cargv[1] );
265 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
266 "%s: line %d: invalid max value (%ld) in "
267 "\"sockbuf_max_incoming <bytes>\" line.\n",
268 fname, lineno, max ));
270 Debug( LDAP_DEBUG_ANY,
271 "%s: line %d: invalid max value (%ld) in "
272 "\"sockbuf_max_incoming <bytes>\" line.\n",
273 fname, lineno, max );
279 sockbuf_max_incoming = max;
281 /* default search base */
282 } else if ( strcasecmp( cargv[0], "defaultSearchBase" ) == 0 ) {
285 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
286 "%s: line %d: missing dn in \"defaultSearchBase <dn\" "
287 "line\n", fname, lineno ));
289 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
290 "missing dn in \"defaultSearchBase <dn>\" line\n",
296 } else if ( cargc > 2 ) {
298 LDAP_LOG(( "config", LDAP_LEVEL_INFO,
299 "%s: line %d: extra cruft after <dn> in "
300 "\"defaultSearchBase %s\" line (ignored)\n",
301 fname, lineno, cargv[1] ));
303 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
304 "extra cruft after <dn> in \"defaultSearchBase %s\", "
306 fname, lineno, cargv[1] );
311 if ( bi != NULL || be != NULL ) {
313 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
314 "%s: line %d: defaultSearchBase line must appear "
315 "prior to any backend or database definitions\n",
318 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
319 "defaultSearchBaase line must appear prior to "
320 "any backend or database definition\n",
327 if ( default_search_nbase != NULL ) {
329 LDAP_LOG(( "config", LDAP_LEVEL_INFO,
330 "%s: line %d: default search base \"%s\" already defined "
331 "(discarding old)\n", fname, lineno, default_search_base ));
333 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
334 "default search base \"%s\" already defined "
335 "(discarding old)\n",
336 fname, lineno, default_search_base );
339 free( default_search_base );
340 free( default_search_nbase );
343 default_search_base = ch_strdup( cargv[1] );
344 default_search_nbase = ch_strdup( cargv[1] );
346 if ( load_ucdata( NULL ) < 0 ) {
349 if( dn_normalize( default_search_nbase ) == NULL ) {
351 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
352 "%s: %d: invalid default search base \"%s\"\n",
353 fname, lineno, default_search_base ));
355 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
356 "invalid default search base \"%s\"\n",
357 fname, lineno, default_search_base );
363 /* set maximum threads in thread pool */
364 } else if ( strcasecmp( cargv[0], "threads" ) == 0 ) {
368 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
369 "%s: line %d: missing count in \"threads <count>\" line\n",
372 Debug( LDAP_DEBUG_ANY,
373 "%s: line %d: missing count in \"threads <count>\" line\n",
380 c = atoi( cargv[1] );
384 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
385 "%s: line %d: invalid level (%d) in \"threads <count>\""
386 "line\n",fname, lineno, c ));
388 Debug( LDAP_DEBUG_ANY,
389 "%s: line %d: invalid level (%d) in \"threads <count>\" line\n",
396 ldap_pvt_thread_pool_maxthreads( &connection_pool, c );
398 /* get pid file name */
399 } else if ( strcasecmp( cargv[0], "pidfile" ) == 0 ) {
402 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
403 "%s: line %d missing file name in \"pidfile <file>\" line.\n",
406 Debug( LDAP_DEBUG_ANY,
407 "%s: line %d: missing file name in \"pidfile <file>\" line\n",
414 slapd_pid_file = ch_strdup( cargv[1] );
416 /* get args file name */
417 } else if ( strcasecmp( cargv[0], "argsfile" ) == 0 ) {
420 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
421 "%s: %d: missing file name in "
422 "\"argsfile <file>\" line.\n",
425 Debug( LDAP_DEBUG_ANY,
426 "%s: line %d: missing file name in \"argsfile <file>\" line\n",
433 slapd_args_file = ch_strdup( cargv[1] );
435 /* default password hash */
436 } else if ( strcasecmp( cargv[0], "password-hash" ) == 0 ) {
439 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
440 "%s: line %d: missing hash in "
441 "\"password-hash <hash>\" line.\n",
444 Debug( LDAP_DEBUG_ANY,
445 "%s: line %d: missing hash in \"password-hash <hash>\" line\n",
451 if ( default_passwd_hash != NULL ) {
453 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
454 "%s: line %d: already set default password_hash!\n",
457 Debug( LDAP_DEBUG_ANY,
458 "%s: line %d: already set default password_hash!\n",
465 default_passwd_hash = ch_strdup( cargv[1] );
469 } else if ( strcasecmp( cargv[0], "sasl-host" ) == 0 ) {
472 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
473 "%s: line %d: missing host in \"sasl-host <host>\" line\n",
476 Debug( LDAP_DEBUG_ANY,
477 "%s: line %d: missing host in \"sasl-host <host>\" line\n",
484 if ( global_host != NULL ) {
486 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
487 "%s: line %d: already set sasl-host!\n",
490 Debug( LDAP_DEBUG_ANY,
491 "%s: line %d: already set sasl-host!\n",
498 global_host = ch_strdup( cargv[1] );
502 } else if ( strcasecmp( cargv[0], "sasl-realm" ) == 0 ) {
505 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
506 "%s: line %d: missing realm in \"sasl-realm <realm>\" line.\n",
509 Debug( LDAP_DEBUG_ANY,
510 "%s: line %d: missing realm in \"sasl-realm <realm>\" line\n",
517 if ( global_realm != NULL ) {
519 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
520 "%s: line %d: already set sasl-realm!\n",
523 Debug( LDAP_DEBUG_ANY,
524 "%s: line %d: already set sasl-realm!\n",
531 global_realm = ch_strdup( cargv[1] );
534 } else if ( !strcasecmp( cargv[0], "sasl-regexp" )
535 || !strcasecmp( cargv[0], "saslregexp" ) )
540 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
541 "%s: line %d: need 2 args in "
542 "\"saslregexp <match> <replace>\"\n",
545 Debug( LDAP_DEBUG_ANY,
546 "%s: line %d: need 2 args in \"saslregexp <match> <replace>\"\n",
552 rc = slap_sasl_regexp_config( cargv[1], cargv[2] );
557 /* SASL security properties */
558 } else if ( strcasecmp( cargv[0], "sasl-secprops" ) == 0 ) {
563 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
564 "%s: line %d: missing flags in "
565 "\"sasl-secprops <properties>\" line\n",
568 Debug( LDAP_DEBUG_ANY,
569 "%s: line %d: missing flags in \"sasl-secprops <properties>\" line\n",
576 txt = slap_sasl_secprops( cargv[1] );
579 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
580 "%s: line %d sas-secprops: %s\n",
581 fname, lineno, txt ));
583 Debug( LDAP_DEBUG_ANY,
584 "%s: line %d: sasl-secprops: %s\n",
585 fname, lineno, txt );
591 } else if ( strcasecmp( cargv[0], "sasl-external-x509dn-convert" ) == 0 ) {
592 sasl_external_x509dn_convert++;
594 /* set UCDATA path */
595 } else if ( strcasecmp( cargv[0], "ucdata-path" ) == 0 ) {
599 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
600 "%s: line %d: missing path in "
601 "\"ucdata-path <path>\" line.\n",
604 Debug( LDAP_DEBUG_ANY,
605 "%s: line %d: missing path in \"ucdata-path <path>\" line\n",
612 err = load_ucdata( cargv[1] );
616 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
617 "%s: line %d: ucdata already loaded, ucdata-path "
618 "must be set earlier in the file and/or be "
619 "specified only once!\n",
622 Debug( LDAP_DEBUG_ANY,
623 "%s: line %d: ucdata already loaded, ucdata-path must be set earlier in the file and/or be specified only once!\n",
632 } else if ( strcasecmp( cargv[0], "sizelimit" ) == 0 ) {
635 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
636 "%s: line %d: missing limit in \"sizelimit <limit>\" line.\n",
639 Debug( LDAP_DEBUG_ANY,
640 "%s: line %d: missing limit in \"sizelimit <limit>\" line\n",
647 defsize = atoi( cargv[1] );
649 be->be_sizelimit = atoi( cargv[1] );
653 } else if ( strcasecmp( cargv[0], "timelimit" ) == 0 ) {
656 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
657 "%s: line %d missing limit in \"timelimit <limit>\" line.\n",
660 Debug( LDAP_DEBUG_ANY,
661 "%s: line %d: missing limit in \"timelimit <limit>\" line\n",
668 deftime = atoi( cargv[1] );
670 be->be_timelimit = atoi( cargv[1] );
673 /* set database suffix */
674 } else if ( strcasecmp( cargv[0], "suffix" ) == 0 ) {
678 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
679 "%s: line %d: missing dn in \"suffix <dn>\" line.\n",
682 Debug( LDAP_DEBUG_ANY,
683 "%s: line %d: missing dn in \"suffix <dn>\" line\n",
688 } else if ( cargc > 2 ) {
690 LDAP_LOG(( "config", LDAP_LEVEL_INFO,
691 "%s: line %d: extra cruft after <dn> in \"suffix %s\""
692 " line (ignored).\n", fname, lineno, cargv[1] ));
694 Debug( LDAP_DEBUG_ANY,
695 "%s: line %d: extra cruft after <dn> in \"suffix %s\" line (ignored)\n",
696 fname, lineno, cargv[1] );
702 LDAP_LOG(( "config", LDAP_LEVEL_INFO,
703 "%s: line %d: suffix line must appear inside a database "
704 "definition (ignored).\n", fname, lineno ));
706 Debug( LDAP_DEBUG_ANY,
707 "%s: line %d: suffix line must appear inside a database definition (ignored)\n",
711 } else if ( ( tmp_be = select_backend( cargv[1], 0 ) ) == be ) {
713 LDAP_LOG(( "config", LDAP_LEVEL_INFO,
714 "%s: line %d: suffix already served by this backend "
715 "(ignored)\n", fname, lineno ));
717 Debug( LDAP_DEBUG_ANY,
718 "%s: line %d: suffix already served by this backend (ignored)\n",
722 } else if ( tmp_be != NULL ) {
724 LDAP_LOG(( "config", LDAP_LEVEL_INFO,
725 "%s: line %d: suffix already served by a preceding "
726 "backend \"%s\" (ignored)\n", fname, lineno,
727 tmp_be->be_suffix[0] ));
729 Debug( LDAP_DEBUG_ANY,
730 "%s: line %d: suffix already served by a preceeding backend \"%s\" (ignored)\n",
731 fname, lineno, tmp_be->be_suffix[0] );
735 char *dn = ch_strdup( cargv[1] );
736 if ( load_ucdata( NULL ) < 0 ) {
739 if( dn_validate( dn ) == NULL ) {
741 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
742 "%s: line %d: suffix DN invalid\"%s\"\n",
743 fname, lineno, cargv[1] ));
745 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
746 "suffix DN invalid \"%s\"\n",
747 fname, lineno, cargv[1] );
752 } else if( *dn == '\0' && default_search_nbase != NULL ) {
754 LDAP_LOG(( "config", LDAP_LEVEL_INFO,
755 "%s: line %d: suffix DN empty and default search "
756 "base provided \"%s\" (assuming okay).\n",
757 fname, lineno, default_search_base ));
759 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
760 "suffix DN empty and default "
761 "search base provided \"%s\" (assuming okay)\n",
762 fname, lineno, default_search_base );
766 charray_add( &be->be_suffix, dn );
767 (void) ldap_pvt_str2upper( dn );
768 charray_add( &be->be_nsuffix, dn );
772 /* set database suffixAlias */
773 } else if ( strcasecmp( cargv[0], "suffixAlias" ) == 0 ) {
777 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
778 "%s: line %d: missing alias and aliased_dn in "
779 "\"suffixAlias <alias> <aliased_dn>\" line.\n",
782 Debug( LDAP_DEBUG_ANY,
783 "%s: line %d: missing alias and aliased_dn in \"suffixAlias <alias> <aliased_dn>\" line\n",
788 } else if ( cargc < 3 ) {
790 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
791 "%s: line %d: missing aliased_dn in "
792 "\"suffixAlias <alias> <aliased_dn>\" line\n",
795 Debug( LDAP_DEBUG_ANY,
796 "%s: line %d: missing aliased_dn in \"suffixAlias <alias> <aliased_dn>\" line\n",
801 } else if ( cargc > 3 ) {
803 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
804 "%s: line %d: extra cruft in suffixAlias line (ignored)\n",
807 Debug( LDAP_DEBUG_ANY,
808 "%s: line %d: extra cruft in suffixAlias line (ignored)\n",
816 LDAP_LOG(( "config", LDAP_LEVEL_INFO,
817 "%s: line %d: suffixAlias line must appear inside a "
818 "database definition (ignored).\n", fname, lineno ));
820 Debug( LDAP_DEBUG_ANY,
821 "%s: line %d: suffixAlias line"
822 " must appear inside a database definition (ignored)\n",
826 } else if ( (tmp_be = select_backend( cargv[1], 0 )) != NULL ) {
828 LDAP_LOG(( "config", LDAP_LEVEL_INFO,
829 "%s: line %d: suffixAlias served by a preceeding "
830 "backend \"%s\" (ignored).\n", fname, lineno,
831 tmp_be->be_suffix[0] ));
833 Debug( LDAP_DEBUG_ANY,
834 "%s: line %d: suffixAlias served by"
835 " a preceeding backend \"%s\" (ignored)\n",
836 fname, lineno, tmp_be->be_suffix[0] );
840 } else if ( (tmp_be = select_backend( cargv[2], 0 )) != NULL ) {
842 LDAP_LOG(( "config", LDAP_LEVEL_INFO,
843 "%s: line %d: suffixAlias derefs to a different backend "
844 "a preceeding backend \"%s\" (ignored)\n",
845 fname, lineno, tmp_be->be_suffix[0] ));
847 Debug( LDAP_DEBUG_ANY,
848 "%s: line %d: suffixAlias derefs to differnet backend"
849 " a preceeding backend \"%s\" (ignored)\n",
850 fname, lineno, tmp_be->be_suffix[0] );
855 char *alias, *aliased_dn;
857 alias = ch_strdup( cargv[1] );
858 if ( load_ucdata( NULL ) < 0 ) {
861 (void) dn_normalize( alias );
863 aliased_dn = ch_strdup( cargv[2] );
864 (void) dn_normalize( aliased_dn );
866 charray_add( &be->be_suffixAlias, alias );
867 charray_add( &be->be_suffixAlias, aliased_dn );
873 /* set max deref depth */
874 } else if ( strcasecmp( cargv[0], "maxDerefDepth" ) == 0 ) {
878 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
879 "%s: line %d: missing depth in \"maxDerefDepth <depth>\""
880 " line\n", fname, lineno ));
882 Debug( LDAP_DEBUG_ANY,
883 "%s: line %d: missing depth in \"maxDerefDepth <depth>\" line\n",
891 LDAP_LOG(( "config", LDAP_LEVEL_INFO,
892 "%s: line %d: depth line must appear inside a database "
893 "definition (ignored)\n", fname, lineno ));
895 Debug( LDAP_DEBUG_ANY,
896 "%s: line %d: depth line must appear inside a database definition (ignored)\n",
900 } else if ((i = atoi(cargv[1])) < 0) {
902 LDAP_LOG(( "config", LDAP_LEVEL_INFO,
903 "%s: line %d: depth must be positive (ignored).\n",
906 Debug( LDAP_DEBUG_ANY,
907 "%s: line %d: depth must be positive (ignored)\n",
913 be->be_max_deref_depth = i;
917 /* set magic "root" dn for this database */
918 } else if ( strcasecmp( cargv[0], "rootdn" ) == 0 ) {
921 LDAP_LOG(( "config", LDAP_LEVEL_INFO,
922 "%s: line %d: missing dn in \"rootdn <dn>\" line.\n",
925 Debug( LDAP_DEBUG_ANY,
926 "%s: line %d: missing dn in \"rootdn <dn>\" line\n",
934 LDAP_LOG(( "config", LDAP_LEVEL_INFO,
935 "%s: line %d: rootdn line must appear inside a database "
936 "definition (ignored).\n", fname, lineno ));
938 Debug( LDAP_DEBUG_ANY,
939 "%s: line %d: rootdn line must appear inside a database definition (ignored)\n",
944 be->be_root_dn = ch_strdup( cargv[1] );
945 be->be_root_ndn = ch_strdup( cargv[1] );
947 if ( load_ucdata( NULL ) < 0 ) {
950 if( dn_normalize( be->be_root_ndn ) == NULL ) {
951 free( be->be_root_dn );
952 free( be->be_root_ndn );
954 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
955 "%s: line %d: rootdn DN is invalid.\n",
958 Debug( LDAP_DEBUG_ANY,
959 "%s: line %d: rootdn DN is invalid\n",
967 /* set super-secret magic database password */
968 } else if ( strcasecmp( cargv[0], "rootpw" ) == 0 ) {
971 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
972 "%s: line %d: missing passwd in \"rootpw <passwd>\""
973 " line\n", fname, lineno ));
975 Debug( LDAP_DEBUG_ANY,
976 "%s: line %d: missing passwd in \"rootpw <passwd>\" line\n",
984 LDAP_LOG(( "config", LDAP_LEVEL_INFO,
985 "%s: line %d: rootpw line must appear inside a database "
986 "definition (ignored)\n", fname, lineno ));
988 Debug( LDAP_DEBUG_ANY,
989 "%s: line %d: rootpw line must appear inside a database definition (ignored)\n",
994 be->be_root_pw.bv_val = ch_strdup( cargv[1] );
995 be->be_root_pw.bv_len = strlen( be->be_root_pw.bv_val );
998 /* make this database read-only */
999 } else if ( strcasecmp( cargv[0], "readonly" ) == 0 ) {
1002 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
1003 "%s: line %d: missing on|off in \"readonly <on|off>\" line.\n",
1006 Debug( LDAP_DEBUG_ANY,
1007 "%s: line %d: missing on|off in \"readonly <on|off>\" line\n",
1014 if ( strcasecmp( cargv[1], "on" ) == 0 ) {
1015 global_restrictops |= SLAP_RESTRICT_OP_WRITES;
1017 global_restrictops &= ~SLAP_RESTRICT_OP_WRITES;
1020 if ( strcasecmp( cargv[1], "on" ) == 0 ) {
1021 be->be_restrictops |= SLAP_RESTRICT_OP_WRITES;
1023 be->be_restrictops &= ~SLAP_RESTRICT_OP_WRITES;
1028 /* allow these features */
1029 } else if ( strcasecmp( cargv[0], "allows" ) == 0 ||
1030 strcasecmp( cargv[0], "allow" ) == 0 )
1036 LDAP_LOG(( "config", LDAP_LEVEL_INFO,
1037 "%s: line %d: allow line must appear prior to "
1038 "database definitions.\n", fname, lineno ));
1040 Debug( LDAP_DEBUG_ANY,
1041 "%s: line %d: allow line must appear prior to database definitions\n",
1049 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
1050 "%s: line %d: missing feature(s) in \"allow <features>\""
1051 " line\n", fname, lineno ));
1053 Debug( LDAP_DEBUG_ANY,
1054 "%s: line %d: missing feature(s) in \"allow <features>\" line\n",
1063 for( i=1; i < cargc; i++ ) {
1064 if( strcasecmp( cargv[i], "tls_2_anon" ) == 0 ) {
1065 allows |= SLAP_ALLOW_TLS_2_ANON;
1067 } else if( strcasecmp( cargv[i], "none" ) != 0 ) {
1069 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
1070 "%s: line %d: unknown feature %s in "
1071 "\"allow <features>\" line.\n",
1072 fname, lineno, cargv[1] ));
1074 Debug( LDAP_DEBUG_ANY,
1075 "%s: line %d: unknown feature %s in \"allow <features>\" line\n",
1076 fname, lineno, cargv[i] );
1083 global_allows = allows;
1085 /* disallow these features */
1086 } else if ( strcasecmp( cargv[0], "disallows" ) == 0 ||
1087 strcasecmp( cargv[0], "disallow" ) == 0 )
1089 slap_mask_t disallows;
1093 LDAP_LOG(( "config", LDAP_LEVEL_INFO,
1094 "%s: line %d: disallow line must appear prior to "
1095 "database definitions.\n", fname, lineno ));
1097 Debug( LDAP_DEBUG_ANY,
1098 "%s: line %d: disallow line must appear prior to database definitions\n",
1106 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
1107 "%s: line %d: missing feature(s) in \"disallow <features>\""
1108 " line.\n", fname, lineno ));
1110 Debug( LDAP_DEBUG_ANY,
1111 "%s: line %d: missing feature(s) in \"disallow <features>\" line\n",
1120 for( i=1; i < cargc; i++ ) {
1121 if( strcasecmp( cargv[i], "bind_v2" ) == 0 ) {
1122 disallows |= SLAP_DISALLOW_BIND_V2;
1124 } else if( strcasecmp( cargv[i], "bind_anon" ) == 0 ) {
1125 disallows |= SLAP_DISALLOW_BIND_ANON;
1127 } else if( strcasecmp( cargv[i], "bind_anon_cred" ) == 0 ) {
1128 disallows |= SLAP_DISALLOW_BIND_ANON_CRED;
1130 } else if( strcasecmp( cargv[i], "bind_anon_dn" ) == 0 ) {
1131 disallows |= SLAP_DISALLOW_BIND_ANON_DN;
1133 } else if( strcasecmp( cargv[i], "bind_simple" ) == 0 ) {
1134 disallows |= SLAP_DISALLOW_BIND_SIMPLE;
1136 } else if( strcasecmp( cargv[i], "bind_krbv4" ) == 0 ) {
1137 disallows |= SLAP_DISALLOW_BIND_KRBV4;
1139 } else if( strcasecmp( cargv[i], "tls_authc" ) == 0 ) {
1140 disallows |= SLAP_DISALLOW_TLS_AUTHC;
1142 } else if( strcasecmp( cargv[i], "none" ) != 0 ) {
1144 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
1145 "%s: line %d: unknownfeature %s in "
1146 "\"disallow <features>\" line.\n",
1149 Debug( LDAP_DEBUG_ANY,
1150 "%s: line %d: unknown feature %s in \"disallow <features>\" line\n",
1151 fname, lineno, cargv[i] );
1158 global_disallows = disallows;
1160 /* require these features */
1161 } else if ( strcasecmp( cargv[0], "requires" ) == 0 ||
1162 strcasecmp( cargv[0], "require" ) == 0 )
1164 slap_mask_t requires;
1168 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
1169 "%s: line %d: missing feature(s) in "
1170 "\"require <features>\" line.\n", fname, lineno ));
1172 Debug( LDAP_DEBUG_ANY,
1173 "%s: line %d: missing feature(s) in \"require <features>\" line\n",
1182 for( i=1; i < cargc; i++ ) {
1183 if( strcasecmp( cargv[i], "bind" ) == 0 ) {
1184 requires |= SLAP_REQUIRE_BIND;
1186 } else if( strcasecmp( cargv[i], "LDAPv3" ) == 0 ) {
1187 requires |= SLAP_REQUIRE_LDAP_V3;
1189 } else if( strcasecmp( cargv[i], "authc" ) == 0 ) {
1190 requires |= SLAP_REQUIRE_AUTHC;
1192 } else if( strcasecmp( cargv[i], "SASL" ) == 0 ) {
1193 requires |= SLAP_REQUIRE_SASL;
1195 } else if( strcasecmp( cargv[i], "strong" ) == 0 ) {
1196 requires |= SLAP_REQUIRE_STRONG;
1198 } else if( strcasecmp( cargv[i], "none" ) != 0 ) {
1200 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
1201 "%s: line %d: unknown feature %s in "
1202 "\"require <features>\" line.\n",
1205 Debug( LDAP_DEBUG_ANY,
1206 "%s: line %d: unknown feature %s in \"require <features>\" line\n",
1207 fname, lineno, cargv[i] );
1215 global_requires = requires;
1217 be->be_requires = requires;
1220 /* required security factors */
1221 } else if ( strcasecmp( cargv[0], "security" ) == 0 ) {
1222 slap_ssf_set_t *set;
1226 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
1227 "%s: line %d: missing factor(s) in \"security <factors>\""
1228 " line.\n", fname, lineno ));
1230 Debug( LDAP_DEBUG_ANY,
1231 "%s: line %d: missing factor(s) in \"security <factors>\" line\n",
1239 set = &global_ssf_set;
1241 set = &be->be_ssf_set;
1244 for( i=1; i < cargc; i++ ) {
1245 if( strncasecmp( cargv[i], "ssf=",
1246 sizeof("ssf") ) == 0 )
1249 atoi( &cargv[i][sizeof("ssf")] );
1251 } else if( strncasecmp( cargv[i], "transport=",
1252 sizeof("transport") ) == 0 )
1254 set->sss_transport =
1255 atoi( &cargv[i][sizeof("transport")] );
1257 } else if( strncasecmp( cargv[i], "tls=",
1258 sizeof("tls") ) == 0 )
1261 atoi( &cargv[i][sizeof("tls")] );
1263 } else if( strncasecmp( cargv[i], "sasl=",
1264 sizeof("sasl") ) == 0 )
1267 atoi( &cargv[i][sizeof("sasl")] );
1269 } else if( strncasecmp( cargv[i], "update_ssf=",
1270 sizeof("update_ssf") ) == 0 )
1272 set->sss_update_ssf =
1273 atoi( &cargv[i][sizeof("update_ssf")] );
1275 } else if( strncasecmp( cargv[i], "update_transport=",
1276 sizeof("update_transport") ) == 0 )
1278 set->sss_update_transport =
1279 atoi( &cargv[i][sizeof("update_transport")] );
1281 } else if( strncasecmp( cargv[i], "update_tls=",
1282 sizeof("update_tls") ) == 0 )
1284 set->sss_update_tls =
1285 atoi( &cargv[i][sizeof("update_tls")] );
1287 } else if( strncasecmp( cargv[i], "update_sasl=",
1288 sizeof("update_sasl") ) == 0 )
1290 set->sss_update_sasl =
1291 atoi( &cargv[i][sizeof("update_sasl")] );
1295 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
1296 "%s: line %d: unknown factor %S in "
1297 "\"security <factors>\" line.\n",
1298 fname, lineno, cargv[1] ));
1300 Debug( LDAP_DEBUG_ANY,
1301 "%s: line %d: unknown factor %s in \"security <factors>\" line\n",
1302 fname, lineno, cargv[i] );
1308 /* where to send clients when we don't hold it */
1309 } else if ( strcasecmp( cargv[0], "referral" ) == 0 ) {
1312 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
1313 "%s: line %d: missing URL in \"referral <URL>\""
1314 " line.\n", fname, lineno ));
1316 Debug( LDAP_DEBUG_ANY,
1317 "%s: line %d: missing URL in \"referral <URL>\" line\n",
1324 vals[0]->bv_val = cargv[1];
1325 vals[0]->bv_len = strlen( vals[0]->bv_val );
1326 value_add( &default_referral, vals );
1329 } else if ( strcasecmp( cargv[0], "logfile" ) == 0 ) {
1333 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
1334 "%s: line %d: Error in logfile directive, "
1335 "\"logfile <filename>\"\n", fname, lineno ));
1337 Debug( LDAP_DEBUG_ANY,
1338 "%s: line %d: Error in logfile directive, \"logfile filename\"\n",
1344 logfile = fopen( cargv[1], "w" );
1345 if ( logfile != NULL ) lutil_debug_file( logfile );
1348 /* start of a new database definition */
1349 } else if ( strcasecmp( cargv[0], "debug" ) == 0 ) {
1353 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
1354 "%s: line %d: Error in debug directive, "
1355 "\"debug <subsys> <level>\"\n", fname, lineno ));
1357 Debug( LDAP_DEBUG_ANY,
1358 "%s: line %d: Error in debug directive, \"debug subsys level\"\n",
1364 level = atoi( cargv[2] );
1365 if ( level <= 0 ) level = lutil_mnem2level( cargv[2] );
1366 lutil_set_debug_level( cargv[1], level );
1367 /* specify an Object Identifier macro */
1368 } else if ( strcasecmp( cargv[0], "objectidentifier" ) == 0 ) {
1369 rc = parse_oidm( fname, lineno, cargc, cargv );
1372 /* specify an objectclass */
1373 } else if ( strcasecmp( cargv[0], "objectclass" ) == 0 ) {
1374 if ( *cargv[1] == '(' ) {
1376 p = strchr(saveline,'(');
1377 rc = parse_oc( fname, lineno, p, cargv );
1382 LDAP_LOG(( "config", LDAP_LEVEL_INFO,
1383 "%s: line %d: old objectclass format not supported\n",
1386 Debug( LDAP_DEBUG_ANY,
1387 "%s: line %d: old objectclass format not supported.\n",
1393 /* specify an attribute type */
1394 } else if (( strcasecmp( cargv[0], "attributetype" ) == 0 )
1395 || ( strcasecmp( cargv[0], "attribute" ) == 0 ))
1397 if ( *cargv[1] == '(' ) {
1399 p = strchr(saveline,'(');
1400 rc = parse_at( fname, lineno, p, cargv );
1405 LDAP_LOG(( "config", LDAP_LEVEL_INFO,
1406 "%s: line %d: old attribute type format not supported.\n",
1409 Debug( LDAP_DEBUG_ANY,
1410 "%s: line %d: old attribute type format not supported.\n",
1416 /* turn on/off schema checking */
1417 } else if ( strcasecmp( cargv[0], "schemacheck" ) == 0 ) {
1420 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
1421 "%s: line %d: missing on|off in "
1422 "\"schemacheck <on|off>\" line.\n",
1425 Debug( LDAP_DEBUG_ANY,
1426 "%s: line %d: missing on|off in \"schemacheck <on|off>\" line\n",
1432 if ( strcasecmp( cargv[1], "off" ) == 0 ) {
1433 global_schemacheck = 0;
1435 global_schemacheck = 1;
1438 /* specify access control info */
1439 } else if ( strcasecmp( cargv[0], "access" ) == 0 ) {
1440 parse_acl( be, fname, lineno, cargc, cargv );
1442 /* debug level to log things to syslog */
1443 } else if ( strcasecmp( cargv[0], "loglevel" ) == 0 ) {
1446 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
1447 "%s: line %d: missing level in \"loglevel <level>\""
1448 " line.\n", fname, lineno ));
1450 Debug( LDAP_DEBUG_ANY,
1451 "%s: line %d: missing level in \"loglevel <level>\" line\n",
1460 for( i=1; i < cargc; i++ ) {
1461 ldap_syslog += atoi( cargv[1] );
1464 /* list of replicas of the data in this backend (master only) */
1465 } else if ( strcasecmp( cargv[0], "replica" ) == 0 ) {
1468 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
1469 "%s: line %d: missing host in \"replica "
1470 " <host[:port]\" line\n", fname, lineno ));
1472 Debug( LDAP_DEBUG_ANY,
1473 "%s: line %d: missing host in \"replica <host[:port]>\" line\n",
1481 LDAP_LOG(( "config", LDAP_LEVEL_INFO,
1482 "%s: line %d: replica line must appear inside "
1483 "a database definition (ignored).\n", fname, lineno ));
1485 Debug( LDAP_DEBUG_ANY,
1486 "%s: line %d: replica line must appear inside a database definition (ignored)\n",
1491 for ( i = 1; i < cargc; i++ ) {
1492 if ( strncasecmp( cargv[i], "host=", 5 )
1494 charray_add( &be->be_replica,
1501 LDAP_LOG(( "config", LDAP_LEVEL_INFO,
1502 "%s: line %d: missing host in \"replica\" "
1503 "line (ignored)\n", fname, lineno ));
1505 Debug( LDAP_DEBUG_ANY,
1506 "%s: line %d: missing host in \"replica\" line (ignored)\n",
1513 /* dn of master entity allowed to write to replica */
1514 } else if ( strcasecmp( cargv[0], "updatedn" ) == 0 ) {
1517 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
1518 "%s: line %d: missing dn in \"updatedn <dn>\""
1519 " line.\n", fname, lineno ));
1521 Debug( LDAP_DEBUG_ANY,
1522 "%s: line %d: missing dn in \"updatedn <dn>\" line\n",
1530 LDAP_LOG(( "config", LDAP_LEVEL_INFO,
1531 "%s: line %d: updatedn line must appear inside "
1532 "a database definition (ignored)\n",
1535 Debug( LDAP_DEBUG_ANY,
1536 "%s: line %d: updatedn line must appear inside a database definition (ignored)\n",
1541 be->be_update_ndn = ch_strdup( cargv[1] );
1542 if ( load_ucdata( NULL ) < 0 ) {
1545 if( dn_normalize( be->be_update_ndn ) == NULL ) {
1547 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
1548 "%s: line %d: updatedn DN is invalid.\n",
1551 Debug( LDAP_DEBUG_ANY,
1552 "%s: line %d: updatedn DN is invalid\n",
1560 } else if ( strcasecmp( cargv[0], "updateref" ) == 0 ) {
1563 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
1564 "%s: line %d: missing dn in \"updateref <ldapurl>\" "
1565 "line.\n", fname, lineno ));
1567 Debug( LDAP_DEBUG_ANY,
1568 "%s: line %d: missing dn in \"updateref <ldapurl>\" line\n",
1576 LDAP_LOG(( "config", LDAP_LEVEL_INFO,
1577 "%s: line %d: updateref line must appear inside "
1578 "a database definition (ignored)\n", fname, lineno ));
1580 Debug( LDAP_DEBUG_ANY,
1581 "%s: line %d: updateref line must appear inside a database definition (ignored)\n",
1585 } else if ( be->be_update_ndn == NULL ) {
1587 LDAP_LOG(( "config", LDAP_LEVEL_INFO,
1588 "%s: line %d: updateref line must come after updatedn "
1589 "(ignored).\n", fname, lineno ));
1591 Debug( LDAP_DEBUG_ANY,
1592 "%s: line %d: updateref line must after updatedn (ignored)\n",
1597 vals[0]->bv_val = cargv[1];
1598 vals[0]->bv_len = strlen( vals[0]->bv_val );
1599 value_add( &be->be_update_refs, vals );
1602 /* replication log file to which changes are appended */
1603 } else if ( strcasecmp( cargv[0], "replogfile" ) == 0 ) {
1606 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
1607 "%s: line %d: missing filename in \"replogfile <filename>\""
1608 " line.\n", fname, lineno ));
1610 Debug( LDAP_DEBUG_ANY,
1611 "%s: line %d: missing dn in \"replogfile <filename>\" line\n",
1618 be->be_replogfile = ch_strdup( cargv[1] );
1620 replogfile = ch_strdup( cargv[1] );
1623 /* maintain lastmodified{by,time} attributes */
1624 } else if ( strcasecmp( cargv[0], "lastmod" ) == 0 ) {
1627 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
1628 "%s: line %d: missing on|off in \"lastmod <on|off>\""
1629 " line.\n", fname, lineno ));
1631 Debug( LDAP_DEBUG_ANY,
1632 "%s: line %d: missing on|off in \"lastmod <on|off>\" line\n",
1638 if ( strcasecmp( cargv[1], "on" ) == 0 ) {
1640 be->be_lastmod = ON;
1642 global_lastmod = ON;
1645 be->be_lastmod = OFF;
1647 global_lastmod = OFF;
1650 /* set idle timeout value */
1651 } else if ( strcasecmp( cargv[0], "idletimeout" ) == 0 ) {
1655 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
1656 "%s: line %d: missing timeout value in "
1657 "\"idletimeout <seconds>\" line.\n", fname, lineno ));
1659 Debug( LDAP_DEBUG_ANY,
1660 "%s: line %d: missing timeout value in \"idletimeout <seconds>\" line\n",
1667 i = atoi( cargv[1] );
1671 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
1672 "%s: line %d: timeout value (%d) invalid "
1673 "\"idletimeout <seconds>\" line.\n",
1674 fname, lineno, i ));
1676 Debug( LDAP_DEBUG_ANY,
1677 "%s: line %d: timeout value (%d) invalid \"idletimeout <seconds>\" line\n",
1684 global_idletimeout = i;
1686 /* include another config file */
1687 } else if ( strcasecmp( cargv[0], "include" ) == 0 ) {
1690 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
1691 "%s: line %d: missing filename in \"include "
1692 "<filename>\" line.\n", fname, lineno ));
1694 Debug( LDAP_DEBUG_ANY,
1695 "%s: line %d: missing filename in \"include <filename>\" line\n",
1701 savefname = ch_strdup( cargv[1] );
1702 savelineno = lineno;
1704 if ( read_config( savefname ) != 0 ) {
1709 lineno = savelineno - 1;
1711 /* location of kerberos srvtab file */
1712 } else if ( strcasecmp( cargv[0], "srvtab" ) == 0 ) {
1715 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
1716 "%s: line %d: missing filename in \"srvtab "
1717 "<filename>\" line.\n", fname, lineno ));
1719 Debug( LDAP_DEBUG_ANY,
1720 "%s: line %d: missing filename in \"srvtab <filename>\" line\n",
1726 ldap_srvtab = ch_strdup( cargv[1] );
1728 #ifdef SLAPD_MODULES
1729 } else if (strcasecmp( cargv[0], "moduleload") == 0 ) {
1732 LDAP_LOG(( "config", LDAP_LEVEL_INFO,
1733 "%s: line %d: missing filename in \"moduleload "
1734 "<filename>\" line.\n", fname, lineno ));
1736 Debug( LDAP_DEBUG_ANY,
1737 "%s: line %d: missing filename in \"moduleload <filename>\" line\n",
1741 exit( EXIT_FAILURE );
1743 if (module_load(cargv[1], cargc - 2, (cargc > 2) ? cargv + 2 : NULL)) {
1745 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
1746 "%s: line %d: failed to load or initialize module %s\n"<
1747 fname, lineno, cargv[1] ));
1749 Debug( LDAP_DEBUG_ANY,
1750 "%s: line %d: failed to load or initialize module %s\n",
1751 fname, lineno, cargv[1]);
1754 exit( EXIT_FAILURE );
1756 } else if (strcasecmp( cargv[0], "modulepath") == 0 ) {
1759 LDAP_LOG(( "config", LDAP_LEVEL_INFO,
1760 "%s: line %d: missing path in \"modulepath <path>\""
1761 " line\n", fname, lineno ));
1763 Debug( LDAP_DEBUG_ANY,
1764 "%s: line %d: missing path in \"modulepath <path>\" line\n",
1768 exit( EXIT_FAILURE );
1770 if (module_path( cargv[1] )) {
1772 LDAP_LOG(( "cofig", LDAP_LEVEL_CRIT,
1773 "%s: line %d: failed to set module search path to %s.\n",
1774 fname, lineno, cargv[1] ));
1776 Debug( LDAP_DEBUG_ANY,
1777 "%s: line %d: failed to set module search path to %s\n",
1778 fname, lineno, cargv[1]);
1781 exit( EXIT_FAILURE );
1784 #endif /*SLAPD_MODULES*/
1787 } else if ( !strcasecmp( cargv[0], "TLSProtocol" ) ) {
1788 rc = ldap_pvt_tls_set_option( NULL,
1789 LDAP_OPT_X_TLS_PROTOCOL,
1794 } else if ( !strcasecmp( cargv[0], "TLSRandFile" ) ) {
1795 rc = ldap_pvt_tls_set_option( NULL,
1796 LDAP_OPT_X_TLS_RANDOM_FILE,
1801 } else if ( !strcasecmp( cargv[0], "TLSCipherSuite" ) ) {
1802 rc = ldap_pvt_tls_set_option( NULL,
1803 LDAP_OPT_X_TLS_CIPHER_SUITE,
1808 } else if ( !strcasecmp( cargv[0], "TLSCertificateFile" ) ) {
1809 rc = ldap_pvt_tls_set_option( NULL,
1810 LDAP_OPT_X_TLS_CERTFILE,
1815 } else if ( !strcasecmp( cargv[0], "TLSCertificateKeyFile" ) ) {
1816 rc = ldap_pvt_tls_set_option( NULL,
1817 LDAP_OPT_X_TLS_KEYFILE,
1822 } else if ( !strcasecmp( cargv[0], "TLSCACertificatePath" ) ) {
1823 rc = ldap_pvt_tls_set_option( NULL,
1824 LDAP_OPT_X_TLS_CACERTDIR,
1829 } else if ( !strcasecmp( cargv[0], "TLSCACertificateFile" ) ) {
1830 rc = ldap_pvt_tls_set_option( NULL,
1831 LDAP_OPT_X_TLS_CACERTFILE,
1835 } else if ( !strcasecmp( cargv[0], "TLSVerifyClient" ) ) {
1837 rc = ldap_pvt_tls_set_option( NULL,
1838 LDAP_OPT_X_TLS_REQUIRE_CERT,
1845 /* pass anything else to the current backend info/db config routine */
1848 if ( bi->bi_config == 0 ) {
1850 LDAP_LOG(( "config", LDAP_LEVEL_INFO,
1851 "%s: line %d: unknown directive \"%s\" inside "
1852 "backend info definition (ignored).\n",
1853 fname, lineno, cargv[0] ));
1855 Debug( LDAP_DEBUG_ANY,
1856 "%s: line %d: unknown directive \"%s\" inside backend info definition (ignored)\n",
1857 fname, lineno, cargv[0] );
1861 if ( (*bi->bi_config)( bi, fname, lineno, cargc, cargv )
1867 } else if ( be != NULL ) {
1868 if ( be->be_config == 0 ) {
1870 LDAP_LOG(( "config", LDAP_LEVEL_INFO,
1871 "%s: line %d: uknown directive \"%s\" inside "
1872 "backend database definition (ignored).\n",
1873 fname, lineno, cargv[0] ));
1875 Debug( LDAP_DEBUG_ANY,
1876 "%s: line %d: unknown directive \"%s\" inside backend database definition (ignored)\n",
1877 fname, lineno, cargv[0] );
1881 if ( (*be->be_config)( be, fname, lineno, cargc, cargv )
1889 LDAP_LOG(( "config", LDAP_LEVEL_INFO,
1890 "%s: line %d: unknown directive \"%s\" outside backend "
1891 "info and database definitions (ignored).\n",
1892 fname, lineno, cargv[0] ));
1894 Debug( LDAP_DEBUG_ANY,
1895 "%s: line %d: unknown directive \"%s\" outside backend info and database definitions (ignored)\n",
1896 fname, lineno, cargv[0] );
1904 if ( load_ucdata( NULL ) < 0 ) {
1920 for ( token = strtok_quote( line, " \t" ); token != NULL;
1921 token = strtok_quote( NULL, " \t" ) ) {
1922 if ( *argcp == MAXARGS ) {
1924 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
1925 "fp_parse_line: too many tokens (%d max).\n",
1928 Debug( LDAP_DEBUG_ANY, "Too many tokens (max %d)\n",
1934 argv[(*argcp)++] = token;
1936 argv[*argcp] = NULL;
1941 strtok_quote( char *line, char *sep )
1947 if ( line != NULL ) {
1950 while ( *next && strchr( sep, *next ) ) {
1954 if ( *next == '\0' ) {
1960 for ( inquote = 0; *next; ) {
1968 AC_MEMCPY( next, next + 1, strlen( next + 1 ) + 1 );
1974 next + 1, strlen( next + 1 ) + 1 );
1975 next++; /* dont parse the escaped character */
1980 if ( strchr( sep, *next ) != NULL ) {
1993 static char buf[BUFSIZ];
1995 static int lmax, lcur;
1997 #define CATLINE( buf ) { \
1999 len = strlen( buf ); \
2000 while ( lcur + len + 1 > lmax ) { \
2002 line = (char *) ch_realloc( line, lmax ); \
2004 strcpy( line + lcur, buf ); \
2009 fp_getline( FILE *fp, int *lineno )
2017 /* hack attack - keeps us from having to keep a stack of bufs... */
2018 if ( strncasecmp( line, "include", 7 ) == 0 ) {
2023 while ( fgets( buf, sizeof(buf), fp ) != NULL ) {
2024 if ( (p = strchr( buf, '\n' )) != NULL ) {
2027 if ( ! isspace( (unsigned char) buf[0] ) ) {
2031 /* change leading whitespace to a space */
2039 return( line[0] ? line : NULL );
2043 fp_getline_init( int *lineno )
2049 /* Loads ucdata, returns 1 if loading, 0 if already loaded, -1 on error */
2051 load_ucdata( char *path )
2053 static int loaded = 0;
2059 err = ucdata_load( path ? path : SLAPD_DEFAULT_UCDATA, UCDATA_ALL );
2062 LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
2063 "load_ucdata: Error %d loading ucdata.\n", err ));
2065 Debug( LDAP_DEBUG_ANY, "error loading ucdata (error %d)\n",