1 /* config.c - configuration file handling routines */
4 * Copyright 1998-2003 The OpenLDAP Foundation, All Rights Reserved.
5 * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
12 #include <ac/string.h>
14 #include <ac/signal.h>
15 #include <ac/socket.h>
28 * defaults for various global variables
30 struct slap_limits_set deflimit = {
31 SLAPD_DEFAULT_TIMELIMIT, /* backward compatible limits */
34 SLAPD_DEFAULT_SIZELIMIT, /* backward compatible limits */
36 -1, /* no limit on unchecked size */
38 0 /* hide number of entries left */
41 AccessControl *global_acl = NULL;
42 slap_access_t global_default_access = ACL_READ;
43 slap_mask_t global_restrictops = 0;
44 slap_mask_t global_allows = 0;
45 slap_mask_t global_disallows = 0;
46 slap_mask_t global_requires = 0;
47 slap_ssf_set_t global_ssf_set;
49 int global_gentlehup = 0;
50 int global_idletimeout = 0;
51 char *global_host = NULL;
52 char *global_realm = NULL;
53 char *ldap_srvtab = "";
54 char *default_passwd_hash = NULL;
55 int cargc = 0, cargv_size = 0;
57 struct berval default_search_base = { 0, NULL };
58 struct berval default_search_nbase = { 0, NULL };
59 unsigned num_subordinates = 0;
60 struct berval global_schemadn = { 0, NULL };
61 struct berval global_schemandn = { 0, NULL };
63 ber_len_t sockbuf_max_incoming = SLAP_SB_MAX_INCOMING_DEFAULT;
64 ber_len_t sockbuf_max_incoming_auth= SLAP_SB_MAX_INCOMING_AUTH;
66 char *slapd_pid_file = NULL;
67 char *slapd_args_file = NULL;
69 char *strtok_quote_ptr;
71 int use_reverse_lookup = 0;
73 static char *fp_getline(FILE *fp, int *lineno);
74 static void fp_getline_init(int *lineno);
75 static int fp_parse_line(int lineno, char *line);
77 static char *strtok_quote(char *line, char *sep);
78 static int load_ucdata(char *path);
81 read_config( const char *fname, int depth )
84 char *line, *savefname, *saveline;
88 struct berval vals[2];
90 static int lastmod = 1;
91 static BackendInfo *bi = NULL;
92 static BackendDB *be = NULL;
94 vals[1].bv_val = NULL;
97 cargv = ch_calloc( ARGS_STEP + 1, sizeof(*cargv) );
98 cargv_size = ARGS_STEP + 1;
101 if ( (fp = fopen( fname, "r" )) == NULL ) {
104 LDAP_LOG( CONFIG, ENTRY,
105 "read_config: " "could not open config file \"%s\": %s (%d)\n",
106 fname, strerror(errno), errno );
108 Debug( LDAP_DEBUG_ANY,
109 "could not open config file \"%s\": %s (%d)\n",
110 fname, strerror(errno), errno );
116 LDAP_LOG( CONFIG, ENTRY,
117 "read_config: reading config file %s\n", fname, 0, 0 );
119 Debug( LDAP_DEBUG_CONFIG, "reading config file %s\n", fname, 0, 0 );
123 fp_getline_init( &lineno );
125 while ( (line = fp_getline( fp, &lineno )) != NULL ) {
126 /* skip comments and blank lines */
127 if ( line[0] == '#' || line[0] == '\0' ) {
131 /* fp_parse_line is destructive, we save a copy */
132 saveline = ch_strdup( line );
134 if ( fp_parse_line( lineno, line ) != 0 ) {
140 LDAP_LOG( CONFIG, INFO,
141 "%s: line %d: bad config line (ignored)\n", fname, lineno, 0 );
143 Debug( LDAP_DEBUG_ANY,
144 "%s: line %d: bad config line (ignored)\n",
151 if ( strcasecmp( cargv[0], "backend" ) == 0 ) {
154 LDAP_LOG( CONFIG, CRIT,
155 "%s : line %d: missing type in \"backend\" line.\n",
158 Debug( LDAP_DEBUG_ANY,
159 "%s: line %d: missing type in \"backend <type>\" line\n",
168 LDAP_LOG( CONFIG, CRIT,
169 "%s: line %d: backend line must appear before any "
170 "database definition.\n", fname, lineno , 0 );
172 Debug( LDAP_DEBUG_ANY,
173 "%s: line %d: backend line must appear before any database definition\n",
180 bi = backend_info( cargv[1] );
184 LDAP_LOG( CONFIG, CRIT,
185 "read_config: backend %s initialization failed.\n",
188 Debug( LDAP_DEBUG_ANY,
189 "backend %s initialization failed.\n",
195 } else if ( strcasecmp( cargv[0], "database" ) == 0 ) {
198 LDAP_LOG( CONFIG, CRIT,
199 "%s: line %d: missing type in \"database <type>\" line\n",
202 Debug( LDAP_DEBUG_ANY,
203 "%s: line %d: missing type in \"database <type>\" line\n",
211 be = backend_db_init( cargv[1] );
215 LDAP_LOG( CONFIG, CRIT,
216 "database %s initialization failed.\n", cargv[1], 0, 0 );
218 Debug( LDAP_DEBUG_ANY,
219 "database %s initialization failed.\n",
226 /* set thread concurrency */
227 } else if ( strcasecmp( cargv[0], "concurrency" ) == 0 ) {
231 LDAP_LOG( CONFIG, CRIT,
232 "%s: line %d: missing level in \"concurrency <level\" "
233 " line\n", fname, lineno, 0 );
235 Debug( LDAP_DEBUG_ANY,
236 "%s: line %d: missing level in \"concurrency <level>\" line\n",
243 c = atoi( cargv[1] );
247 LDAP_LOG( CONFIG, CRIT,
248 "%s: line %d: invalid level (%d) in "
249 "\"concurrency <level>\" line.\n", fname, lineno, c );
251 Debug( LDAP_DEBUG_ANY,
252 "%s: line %d: invalid level (%d) in \"concurrency <level>\" line\n",
259 ldap_pvt_thread_set_concurrency( c );
261 /* set sockbuf max */
262 } else if ( strcasecmp( cargv[0], "sockbuf_max_incoming" ) == 0 ) {
266 LDAP_LOG( CONFIG, CRIT,
267 "%s: line %d: missing max in \"sockbuf_max_incoming "
268 "<bytes>\" line\n", fname, lineno, 0 );
270 Debug( LDAP_DEBUG_ANY,
271 "%s: line %d: missing max in \"sockbuf_max_incoming <bytes>\" line\n",
278 max = atol( cargv[1] );
282 LDAP_LOG( CONFIG, CRIT,
283 "%s: line %d: invalid max value (%ld) in "
284 "\"sockbuf_max_incoming <bytes>\" line.\n",
285 fname, lineno, max );
287 Debug( LDAP_DEBUG_ANY,
288 "%s: line %d: invalid max value (%ld) in "
289 "\"sockbuf_max_incoming <bytes>\" line.\n",
290 fname, lineno, max );
296 sockbuf_max_incoming = max;
298 /* set sockbuf max authenticated */
299 } else if ( strcasecmp( cargv[0], "sockbuf_max_incoming_auth" ) == 0 ) {
303 LDAP_LOG( CONFIG, CRIT,
304 "%s: line %d: missing max in \"sockbuf_max_incoming_auth "
305 "<bytes>\" line\n", fname, lineno, 0 );
307 Debug( LDAP_DEBUG_ANY,
308 "%s: line %d: missing max in \"sockbuf_max_incoming_auth <bytes>\" line\n",
315 max = atol( cargv[1] );
319 LDAP_LOG( CONFIG, CRIT,
320 "%s: line %d: invalid max value (%ld) in "
321 "\"sockbuf_max_incoming_auth <bytes>\" line.\n",
322 fname, lineno, max );
324 Debug( LDAP_DEBUG_ANY,
325 "%s: line %d: invalid max value (%ld) in "
326 "\"sockbuf_max_incoming_auth <bytes>\" line.\n",
327 fname, lineno, max );
333 sockbuf_max_incoming_auth = max;
335 /* default search base */
336 } else if ( strcasecmp( cargv[0], "defaultSearchBase" ) == 0 ) {
339 LDAP_LOG( CONFIG, CRIT,
340 "%s: line %d: missing dn in \"defaultSearchBase <dn\" "
341 "line\n", fname, lineno, 0 );
343 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
344 "missing dn in \"defaultSearchBase <dn>\" line\n",
350 } else if ( cargc > 2 ) {
352 LDAP_LOG( CONFIG, INFO,
353 "%s: line %d: extra cruft after <dn> in "
354 "\"defaultSearchBase %s\" line (ignored)\n",
355 fname, lineno, cargv[1] );
357 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
358 "extra cruft after <dn> in \"defaultSearchBase %s\", "
360 fname, lineno, cargv[1] );
364 if ( bi != NULL || be != NULL ) {
366 LDAP_LOG( CONFIG, CRIT,
367 "%s: line %d: defaultSearchBase line must appear "
368 "prior to any backend or database definitions\n",
371 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
372 "defaultSearchBaase line must appear prior to "
373 "any backend or database definition\n",
380 if ( default_search_nbase.bv_len ) {
382 LDAP_LOG( CONFIG, INFO, "%s: line %d: "
383 "default search base \"%s\" already defined "
384 "(discarding old)\n", fname, lineno,
385 default_search_base.bv_val );
387 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
388 "default search base \"%s\" already defined "
389 "(discarding old)\n",
390 fname, lineno, default_search_base.bv_val );
393 free( default_search_base.bv_val );
394 free( default_search_nbase.bv_val );
397 if ( load_ucdata( NULL ) < 0 ) return 1;
402 dn.bv_val = cargv[1];
403 dn.bv_len = strlen( dn.bv_val );
405 rc = dnPrettyNormal( NULL, &dn,
406 &default_search_base,
407 &default_search_nbase );
409 if( rc != LDAP_SUCCESS ) {
411 LDAP_LOG( CONFIG, CRIT,
412 "%s: line %d: defaultSearchBase DN is invalid.\n",
415 Debug( LDAP_DEBUG_ANY,
416 "%s: line %d: defaultSearchBase DN is invalid\n",
423 /* set maximum threads in thread pool */
424 } else if ( strcasecmp( cargv[0], "threads" ) == 0 ) {
428 LDAP_LOG( CONFIG, CRIT,
429 "%s: line %d: missing count in \"threads <count>\" line\n",
432 Debug( LDAP_DEBUG_ANY,
433 "%s: line %d: missing count in \"threads <count>\" line\n",
440 c = atoi( cargv[1] );
444 LDAP_LOG( CONFIG, CRIT,
445 "%s: line %d: invalid level (%d) in \"threads <count>\""
446 "line\n", fname, lineno, c );
448 Debug( LDAP_DEBUG_ANY,
449 "%s: line %d: invalid level (%d) in \"threads <count>\" line\n",
456 ldap_pvt_thread_pool_maxthreads( &connection_pool, c );
458 /* save for later use */
459 connection_pool_max = c;
461 /* get pid file name */
462 } else if ( strcasecmp( cargv[0], "pidfile" ) == 0 ) {
465 LDAP_LOG( CONFIG, CRIT,
466 "%s: line %d missing file name in \"pidfile <file>\" "
467 "line.\n", fname, lineno, 0 );
469 Debug( LDAP_DEBUG_ANY,
470 "%s: line %d: missing file name in \"pidfile <file>\" line\n",
477 slapd_pid_file = ch_strdup( cargv[1] );
479 /* get args file name */
480 } else if ( strcasecmp( cargv[0], "argsfile" ) == 0 ) {
483 LDAP_LOG( CONFIG, CRIT,
484 "%s: %d: missing file name in "
485 "\"argsfile <file>\" line.\n",
488 Debug( LDAP_DEBUG_ANY,
489 "%s: line %d: missing file name in \"argsfile <file>\" line\n",
496 slapd_args_file = ch_strdup( cargv[1] );
498 /* default password hash */
499 } else if ( strcasecmp( cargv[0], "password-hash" ) == 0 ) {
502 LDAP_LOG( CONFIG, CRIT,
503 "%s: line %d: missing hash in "
504 "\"password-hash <hash>\" line.\n",
507 Debug( LDAP_DEBUG_ANY,
508 "%s: line %d: missing hash in \"password-hash <hash>\" line\n",
514 if ( default_passwd_hash != NULL ) {
516 LDAP_LOG( CONFIG, CRIT,
517 "%s: line %d: already set default password_hash!\n",
520 Debug( LDAP_DEBUG_ANY,
521 "%s: line %d: already set default password_hash!\n",
529 if ( lutil_passwd_scheme( cargv[1] ) == 0 ) {
531 LDAP_LOG( CONFIG, CRIT,
532 "%s: line %d: password scheme \"%s\" not available\n",
533 fname, lineno, cargv[1] );
535 Debug( LDAP_DEBUG_ANY,
536 "%s: line %d: password scheme \"%s\" not available\n",
537 fname, lineno, cargv[1] );
542 default_passwd_hash = ch_strdup( cargv[1] );
544 } else if ( strcasecmp( cargv[0], "password-crypt-salt-format" ) == 0 )
548 LDAP_LOG( CONFIG, CRIT,
549 "%s: line %d: missing format in "
550 "\"password-crypt-salt-format <format>\" line\n",
553 Debug( LDAP_DEBUG_ANY, "%s: line %d: missing format in "
554 "\"password-crypt-salt-format <format>\" line\n",
561 lutil_salt_format( cargv[1] );
563 /* SASL config options */
564 } else if ( strncasecmp( cargv[0], "sasl", 4 ) == 0 ) {
565 if ( slap_sasl_config( cargc, cargv, line, fname, lineno ) )
568 } else if ( strcasecmp( cargv[0], "schemadn" ) == 0 ) {
572 LDAP_LOG( CONFIG, CRIT,
573 "%s: line %d: missing dn in "
574 "\"schemadn <dn>\" line.\n", fname, lineno, 0 );
576 Debug( LDAP_DEBUG_ANY,
577 "%s: line %d: missing dn in \"schemadn <dn>\" line\n",
582 ber_str2bv( cargv[1], 0, 0, &dn );
584 rc = dnPrettyNormal( NULL, &dn, &be->be_schemadn,
587 rc = dnPrettyNormal( NULL, &dn, &global_schemadn,
590 if ( rc != LDAP_SUCCESS ) {
592 LDAP_LOG( CONFIG, CRIT,
593 "%s: line %d: schemadn DN is invalid.\n",
596 Debug( LDAP_DEBUG_ANY,
597 "%s: line %d: schemadn DN is invalid\n",
603 /* set UCDATA path */
604 } else if ( strcasecmp( cargv[0], "ucdata-path" ) == 0 ) {
608 LDAP_LOG( CONFIG, CRIT,
609 "%s: line %d: missing path in "
610 "\"ucdata-path <path>\" line.\n", fname, lineno, 0 );
612 Debug( LDAP_DEBUG_ANY,
613 "%s: line %d: missing path in \"ucdata-path <path>\" line\n",
620 err = load_ucdata( cargv[1] );
624 LDAP_LOG( CONFIG, CRIT,
625 "%s: line %d: ucdata already loaded, ucdata-path "
626 "must be set earlier in the file and/or be "
627 "specified only once!\n", fname, lineno, 0 );
629 Debug( LDAP_DEBUG_ANY,
630 "%s: line %d: ucdata already loaded, ucdata-path must be set earlier in the file and/or be specified only once!\n",
639 } else if ( strcasecmp( cargv[0], "sizelimit" ) == 0 ) {
641 struct slap_limits_set *lim;
645 LDAP_LOG( CONFIG, CRIT,
646 "%s: line %d: missing limit in \"sizelimit <limit>\" "
647 "line.\n", fname, lineno, 0 );
649 Debug( LDAP_DEBUG_ANY,
650 "%s: line %d: missing limit in \"sizelimit <limit>\" line\n",
660 lim = &be->be_def_limit;
663 for ( i = 1; i < cargc; i++ ) {
664 if ( strncasecmp( cargv[i], "size", 4 ) == 0 ) {
665 rc = parse_limit( cargv[i], lim );
668 LDAP_LOG( CONFIG, CRIT,
669 "%s: line %d: unable "
670 "to parse value \"%s\" in \"sizelimit "
671 "<limit>\" line.\n", fname, lineno, cargv[i] );
673 Debug( LDAP_DEBUG_ANY,
674 "%s: line %d: unable "
675 "to parse value \"%s\" "
678 fname, lineno, cargv[i] );
684 if ( strcasecmp( cargv[i], "unlimited" ) == 0 ) {
685 lim->lms_s_soft = -1;
689 lim->lms_s_soft = strtol( cargv[i] , &next, 0 );
690 if ( next == cargv[i] ) {
692 LDAP_LOG( CONFIG, CRIT,
693 "%s: line %d: unable to parse limit \"%s\" in \"sizelimit <limit>\" "
694 "line.\n", fname, lineno, cargv[i] );
696 Debug( LDAP_DEBUG_ANY,
697 "%s: line %d: unable to parse limit \"%s\" in \"sizelimit <limit>\" line\n",
698 fname, lineno, cargv[i] );
702 } else if ( next[0] != '\0' ) {
704 LDAP_LOG( CONFIG, CRIT,
705 "%s: line %d: trailing chars \"%s\" in \"sizelimit <limit>\" "
706 "line ignored.\n", fname, lineno, next );
708 Debug( LDAP_DEBUG_ANY,
709 "%s: line %d: trailing chars \"%s\" in \"sizelimit <limit>\" line ignored\n",
710 fname, lineno, next );
719 } else if ( strcasecmp( cargv[0], "timelimit" ) == 0 ) {
721 struct slap_limits_set *lim;
725 LDAP_LOG( CONFIG, CRIT,
726 "%s: line %d missing limit in \"timelimit <limit>\" "
727 "line.\n", fname, lineno, 0 );
729 Debug( LDAP_DEBUG_ANY,
730 "%s: line %d: missing limit in \"timelimit <limit>\" line\n",
740 lim = &be->be_def_limit;
743 for ( i = 1; i < cargc; i++ ) {
744 if ( strncasecmp( cargv[i], "time", 4 ) == 0 ) {
745 rc = parse_limit( cargv[i], lim );
748 LDAP_LOG( CONFIG, CRIT,
749 "%s: line %d: unable to parse value \"%s\" "
750 "in \"timelimit <limit>\" line.\n",
751 fname, lineno, cargv[i] );
753 Debug( LDAP_DEBUG_ANY,
754 "%s: line %d: unable "
755 "to parse value \"%s\" "
758 fname, lineno, cargv[i] );
764 if ( strcasecmp( cargv[i], "unlimited" ) == 0 ) {
765 lim->lms_t_soft = -1;
769 lim->lms_t_soft = strtol( cargv[i] , &next, 0 );
770 if ( next == cargv[i] ) {
772 LDAP_LOG( CONFIG, CRIT,
773 "%s: line %d: unable to parse limit \"%s\" in \"timelimit <limit>\" "
774 "line.\n", fname, lineno, cargv[i] );
776 Debug( LDAP_DEBUG_ANY,
777 "%s: line %d: unable to parse limit \"%s\" in \"timelimit <limit>\" line\n",
778 fname, lineno, cargv[i] );
782 } else if ( next[0] != '\0' ) {
784 LDAP_LOG( CONFIG, CRIT,
785 "%s: line %d: trailing chars \"%s\" in \"timelimit <limit>\" "
786 "line ignored.\n", fname, lineno, next );
788 Debug( LDAP_DEBUG_ANY,
789 "%s: line %d: trailing chars \"%s\" in \"timelimit <limit>\" line ignored\n",
790 fname, lineno, next );
798 /* set regex-based limits */
799 } else if ( strcasecmp( cargv[0], "limits" ) == 0 ) {
802 LDAP_LOG( CONFIG, WARNING,
803 "%s: line %d \"limits\" allowed only in database "
804 "environment.\n", fname, lineno, 0 );
806 Debug( LDAP_DEBUG_ANY,
807 "%s: line %d \"limits\" allowed only in database environment.\n%s",
813 if ( parse_limits( be, fname, lineno, cargc, cargv ) ) {
817 /* mark this as a subordinate database */
818 } else if ( strcasecmp( cargv[0], "subordinate" ) == 0 ) {
821 LDAP_LOG( CONFIG, INFO, "%s: line %d: "
822 "subordinate keyword must appear inside a database "
823 "definition.\n", fname, lineno, 0 );
825 Debug( LDAP_DEBUG_ANY, "%s: line %d: suffix line "
826 "must appear inside a database definition.\n",
832 be->be_flags |= SLAP_BFLAG_GLUE_SUBORDINATE;
836 /* set database suffix */
837 } else if ( strcasecmp( cargv[0], "suffix" ) == 0 ) {
839 struct berval dn, pdn, ndn;
843 LDAP_LOG( CONFIG, CRIT,
844 "%s: line %d: missing dn in \"suffix <dn>\" line.\n",
847 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
848 "missing dn in \"suffix <dn>\" line\n",
854 } else if ( cargc > 2 ) {
856 LDAP_LOG( CONFIG, INFO,
857 "%s: line %d: extra cruft after <dn> in \"suffix %s\""
858 " line (ignored).\n", fname, lineno, cargv[1] );
860 Debug( LDAP_DEBUG_ANY, "%s: line %d: extra cruft "
861 "after <dn> in \"suffix %s\" line (ignored)\n",
862 fname, lineno, cargv[1] );
868 LDAP_LOG( CONFIG, INFO,
869 "%s: line %d: suffix line must appear inside a database "
870 "definition.\n", fname, lineno, 0 );
872 Debug( LDAP_DEBUG_ANY, "%s: line %d: suffix line "
873 "must appear inside a database definition\n",
878 #if defined(SLAPD_MONITOR_DN)
879 /* "cn=Monitor" is reserved for monitoring slap */
880 } else if ( strcasecmp( cargv[1], SLAPD_MONITOR_DN ) == 0 ) {
882 LDAP_LOG( CONFIG, CRIT, "%s: line %d: \""
883 SLAPD_MONITOR_DN "\" is reserved for monitoring slapd\n",
886 Debug( LDAP_DEBUG_ANY, "%s: line %d: \""
887 SLAPD_MONITOR_DN "\" is reserved for monitoring slapd\n",
891 #endif /* SLAPD_MONITOR_DN */
894 if ( load_ucdata( NULL ) < 0 ) return 1;
896 dn.bv_val = cargv[1];
897 dn.bv_len = strlen( cargv[1] );
899 rc = dnPrettyNormal( NULL, &dn, &pdn, &ndn );
900 if( rc != LDAP_SUCCESS ) {
902 LDAP_LOG( CONFIG, CRIT,
903 "%s: line %d: suffix DN is invalid.\n",
906 Debug( LDAP_DEBUG_ANY,
907 "%s: line %d: suffix DN is invalid\n",
913 tmp_be = select_backend( &ndn, 0, 0 );
914 if ( tmp_be == be ) {
916 LDAP_LOG( CONFIG, INFO,
917 "%s: line %d: suffix already served by this backend "
918 "(ignored)\n", fname, lineno, 0 );
920 Debug( LDAP_DEBUG_ANY, "%s: line %d: suffix "
921 "already served by this backend (ignored)\n",
927 } else if ( tmp_be != NULL ) {
929 LDAP_LOG( CONFIG, INFO,
930 "%s: line %d: suffix already served by a preceding "
931 "backend \"%s\"\n", fname, lineno,
932 tmp_be->be_suffix[0].bv_val );
934 Debug( LDAP_DEBUG_ANY, "%s: line %d: suffix "
935 "already served by a preceeding backend \"%s\"\n",
936 fname, lineno, tmp_be->be_suffix[0].bv_val );
942 } else if( pdn.bv_len == 0 && default_search_nbase.bv_len ) {
944 LDAP_LOG( CONFIG, INFO,
945 "%s: line %d: suffix DN empty and default search "
946 "base provided \"%s\" (assuming okay).\n",
947 fname, lineno, default_search_base.bv_val );
949 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
950 "suffix DN empty and default "
951 "search base provided \"%s\" (assuming okay)\n",
952 fname, lineno, default_search_base.bv_val );
956 ber_bvarray_add( &be->be_suffix, &pdn );
957 ber_bvarray_add( &be->be_nsuffix, &ndn );
959 /* set max deref depth */
960 } else if ( strcasecmp( cargv[0], "maxDerefDepth" ) == 0 ) {
964 LDAP_LOG( CONFIG, CRIT,
965 "%s: line %d: missing depth in \"maxDerefDepth <depth>\""
966 " line\n", fname, lineno, 0 );
968 Debug( LDAP_DEBUG_ANY,
969 "%s: line %d: missing depth in \"maxDerefDepth <depth>\" line\n",
977 LDAP_LOG( CONFIG, INFO,
978 "%s: line %d: depth line must appear inside a database "
979 "definition.\n", fname, lineno ,0 );
981 Debug( LDAP_DEBUG_ANY,
982 "%s: line %d: depth line must appear inside a database definition.\n",
987 } else if ((i = atoi(cargv[1])) < 0) {
989 LDAP_LOG( CONFIG, INFO,
990 "%s: line %d: depth must be positive.\n",
993 Debug( LDAP_DEBUG_ANY,
994 "%s: line %d: depth must be positive.\n",
1001 be->be_max_deref_depth = i;
1005 /* set magic "root" dn for this database */
1006 } else if ( strcasecmp( cargv[0], "rootdn" ) == 0 ) {
1009 LDAP_LOG( CONFIG, INFO,
1010 "%s: line %d: missing dn in \"rootdn <dn>\" line.\n",
1013 Debug( LDAP_DEBUG_ANY,
1014 "%s: line %d: missing dn in \"rootdn <dn>\" line\n",
1023 LDAP_LOG( CONFIG, INFO,
1024 "%s: line %d: rootdn line must appear inside a database "
1025 "definition.\n", fname, lineno ,0 );
1027 Debug( LDAP_DEBUG_ANY,
1028 "%s: line %d: rootdn line must appear inside a database definition.\n",
1036 if ( load_ucdata( NULL ) < 0 ) return 1;
1038 dn.bv_val = cargv[1];
1039 dn.bv_len = strlen( cargv[1] );
1041 rc = dnPrettyNormal( NULL, &dn,
1045 if( rc != LDAP_SUCCESS ) {
1047 LDAP_LOG( CONFIG, CRIT,
1048 "%s: line %d: rootdn DN is invalid.\n",
1051 Debug( LDAP_DEBUG_ANY,
1052 "%s: line %d: rootdn DN is invalid\n",
1059 /* set super-secret magic database password */
1060 } else if ( strcasecmp( cargv[0], "rootpw" ) == 0 ) {
1063 LDAP_LOG( CONFIG, CRIT,
1064 "%s: line %d: missing passwd in \"rootpw <passwd>\""
1065 " line\n", fname, lineno ,0 );
1067 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
1068 "missing passwd in \"rootpw <passwd>\" line\n",
1077 LDAP_LOG( CONFIG, INFO, "%s: line %d: "
1078 "rootpw line must appear inside a database "
1079 "definition.\n", fname, lineno ,0 );
1081 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
1082 "rootpw line must appear inside a database "
1089 Backend *tmp_be = select_backend( &be->be_rootndn, 0, 0 );
1091 if( tmp_be != be ) {
1093 LDAP_LOG( CONFIG, INFO,
1095 "rootpw can only be set when rootdn is under suffix\n",
1096 fname, lineno, "" );
1098 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
1099 "rootpw can only be set when rootdn is under suffix\n",
1105 be->be_rootpw.bv_val = ch_strdup( cargv[1] );
1106 be->be_rootpw.bv_len = strlen( be->be_rootpw.bv_val );
1109 /* make this database read-only */
1110 } else if ( strcasecmp( cargv[0], "readonly" ) == 0 ) {
1113 LDAP_LOG( CONFIG, CRIT,
1114 "%s: line %d: missing on|off in \"readonly <on|off>\" "
1115 "line.\n", fname, lineno ,0 );
1117 Debug( LDAP_DEBUG_ANY,
1118 "%s: line %d: missing on|off in \"readonly <on|off>\" line\n",
1125 if ( strcasecmp( cargv[1], "on" ) == 0 ) {
1126 global_restrictops |= SLAP_RESTRICT_OP_WRITES;
1128 global_restrictops &= ~SLAP_RESTRICT_OP_WRITES;
1131 if ( strcasecmp( cargv[1], "on" ) == 0 ) {
1132 be->be_restrictops |= SLAP_RESTRICT_OP_WRITES;
1134 be->be_restrictops &= ~SLAP_RESTRICT_OP_WRITES;
1139 /* allow these features */
1140 } else if ( strcasecmp( cargv[0], "allows" ) == 0 ||
1141 strcasecmp( cargv[0], "allow" ) == 0 )
1147 LDAP_LOG( CONFIG, INFO,
1148 "%s: line %d: allow line must appear prior to "
1149 "database definitions.\n", fname, lineno ,0 );
1151 Debug( LDAP_DEBUG_ANY,
1152 "%s: line %d: allow line must appear prior to database definitions\n",
1160 LDAP_LOG( CONFIG, CRIT,
1161 "%s: line %d: missing feature(s) in \"allow <features>\""
1162 " line\n", fname, lineno ,0 );
1164 Debug( LDAP_DEBUG_ANY,
1165 "%s: line %d: missing feature(s) in \"allow <features>\" line\n",
1174 for( i=1; i < cargc; i++ ) {
1175 if( strcasecmp( cargv[i], "bind_v2" ) == 0 ) {
1176 allows |= SLAP_ALLOW_BIND_V2;
1178 } else if( strcasecmp( cargv[i], "bind_anon_cred" ) == 0 ) {
1179 allows |= SLAP_ALLOW_BIND_ANON_CRED;
1181 } else if( strcasecmp( cargv[i], "bind_anon_dn" ) == 0 ) {
1182 allows |= SLAP_ALLOW_BIND_ANON_DN;
1184 } else if( strcasecmp( cargv[i], "update_anon" ) == 0 ) {
1185 allows |= SLAP_ALLOW_UPDATE_ANON;
1187 } else if( strcasecmp( cargv[i], "none" ) != 0 ) {
1189 LDAP_LOG( CONFIG, CRIT, "%s: line %d: "
1190 "unknown feature %s in \"allow <features>\" line.\n",
1191 fname, lineno, cargv[1] );
1193 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
1194 "unknown feature %s in \"allow <features>\" line\n",
1195 fname, lineno, cargv[i] );
1202 global_allows = allows;
1204 /* disallow these features */
1205 } else if ( strcasecmp( cargv[0], "disallows" ) == 0 ||
1206 strcasecmp( cargv[0], "disallow" ) == 0 )
1208 slap_mask_t disallows;
1212 LDAP_LOG( CONFIG, INFO,
1213 "%s: line %d: disallow line must appear prior to "
1214 "database definitions.\n", fname, lineno ,0 );
1216 Debug( LDAP_DEBUG_ANY,
1217 "%s: line %d: disallow line must appear prior to database definitions\n",
1225 LDAP_LOG( CONFIG, CRIT,
1226 "%s: line %d: missing feature(s) in \"disallow <features>\""
1227 " line.\n", fname, lineno ,0 );
1229 Debug( LDAP_DEBUG_ANY,
1230 "%s: line %d: missing feature(s) in \"disallow <features>\" line\n",
1239 for( i=1; i < cargc; i++ ) {
1240 if( strcasecmp( cargv[i], "bind_anon" ) == 0 ) {
1241 disallows |= SLAP_DISALLOW_BIND_ANON;
1243 } else if( strcasecmp( cargv[i], "bind_simple" ) == 0 ) {
1244 disallows |= SLAP_DISALLOW_BIND_SIMPLE;
1246 } else if( strcasecmp( cargv[i], "bind_krbv4" ) == 0 ) {
1247 disallows |= SLAP_DISALLOW_BIND_KRBV4;
1249 } else if( strcasecmp( cargv[i], "tls_2_anon" ) == 0 ) {
1250 disallows |= SLAP_DISALLOW_TLS_2_ANON;
1252 } else if( strcasecmp( cargv[i], "tls_authc" ) == 0 ) {
1253 disallows |= SLAP_DISALLOW_TLS_AUTHC;
1255 } else if( strcasecmp( cargv[i], "none" ) != 0 ) {
1257 LDAP_LOG( CONFIG, CRIT,
1258 "%s: line %d: unknown feature %s in "
1259 "\"disallow <features>\" line.\n",
1260 fname, lineno, cargv[i] );
1262 Debug( LDAP_DEBUG_ANY,
1263 "%s: line %d: unknown feature %s in \"disallow <features>\" line\n",
1264 fname, lineno, cargv[i] );
1271 global_disallows = disallows;
1273 /* require these features */
1274 } else if ( strcasecmp( cargv[0], "requires" ) == 0 ||
1275 strcasecmp( cargv[0], "require" ) == 0 )
1277 slap_mask_t requires;
1281 LDAP_LOG( CONFIG, CRIT,
1282 "%s: line %d: missing feature(s) in "
1283 "\"require <features>\" line.\n", fname, lineno ,0 );
1285 Debug( LDAP_DEBUG_ANY,
1286 "%s: line %d: missing feature(s) in \"require <features>\" line\n",
1295 for( i=1; i < cargc; i++ ) {
1296 if( strcasecmp( cargv[i], "bind" ) == 0 ) {
1297 requires |= SLAP_REQUIRE_BIND;
1299 } else if( strcasecmp( cargv[i], "LDAPv3" ) == 0 ) {
1300 requires |= SLAP_REQUIRE_LDAP_V3;
1302 } else if( strcasecmp( cargv[i], "authc" ) == 0 ) {
1303 requires |= SLAP_REQUIRE_AUTHC;
1305 } else if( strcasecmp( cargv[i], "SASL" ) == 0 ) {
1306 requires |= SLAP_REQUIRE_SASL;
1308 } else if( strcasecmp( cargv[i], "strong" ) == 0 ) {
1309 requires |= SLAP_REQUIRE_STRONG;
1311 } else if( strcasecmp( cargv[i], "none" ) != 0 ) {
1313 LDAP_LOG( CONFIG, CRIT,
1314 "%s: line %d: unknown feature %s in "
1315 "\"require <features>\" line.\n",
1316 fname, lineno , cargv[i] );
1318 Debug( LDAP_DEBUG_ANY,
1319 "%s: line %d: unknown feature %s in \"require <features>\" line\n",
1320 fname, lineno, cargv[i] );
1328 global_requires = requires;
1330 be->be_requires = requires;
1333 /* required security factors */
1334 } else if ( strcasecmp( cargv[0], "security" ) == 0 ) {
1335 slap_ssf_set_t *set;
1339 LDAP_LOG( CONFIG, CRIT,
1340 "%s: line %d: missing factor(s) in \"security <factors>\""
1341 " line.\n", fname, lineno ,0 );
1343 Debug( LDAP_DEBUG_ANY,
1344 "%s: line %d: missing factor(s) in \"security <factors>\" line\n",
1352 set = &global_ssf_set;
1354 set = &be->be_ssf_set;
1357 for( i=1; i < cargc; i++ ) {
1358 if( strncasecmp( cargv[i], "ssf=",
1359 sizeof("ssf") ) == 0 )
1362 atoi( &cargv[i][sizeof("ssf")] );
1364 } else if( strncasecmp( cargv[i], "transport=",
1365 sizeof("transport") ) == 0 )
1367 set->sss_transport =
1368 atoi( &cargv[i][sizeof("transport")] );
1370 } else if( strncasecmp( cargv[i], "tls=",
1371 sizeof("tls") ) == 0 )
1374 atoi( &cargv[i][sizeof("tls")] );
1376 } else if( strncasecmp( cargv[i], "sasl=",
1377 sizeof("sasl") ) == 0 )
1380 atoi( &cargv[i][sizeof("sasl")] );
1382 } else if( strncasecmp( cargv[i], "update_ssf=",
1383 sizeof("update_ssf") ) == 0 )
1385 set->sss_update_ssf =
1386 atoi( &cargv[i][sizeof("update_ssf")] );
1388 } else if( strncasecmp( cargv[i], "update_transport=",
1389 sizeof("update_transport") ) == 0 )
1391 set->sss_update_transport =
1392 atoi( &cargv[i][sizeof("update_transport")] );
1394 } else if( strncasecmp( cargv[i], "update_tls=",
1395 sizeof("update_tls") ) == 0 )
1397 set->sss_update_tls =
1398 atoi( &cargv[i][sizeof("update_tls")] );
1400 } else if( strncasecmp( cargv[i], "update_sasl=",
1401 sizeof("update_sasl") ) == 0 )
1403 set->sss_update_sasl =
1404 atoi( &cargv[i][sizeof("update_sasl")] );
1406 } else if( strncasecmp( cargv[i], "simple_bind=",
1407 sizeof("simple_bind") ) == 0 )
1409 set->sss_simple_bind =
1410 atoi( &cargv[i][sizeof("simple_bind")] );
1414 LDAP_LOG( CONFIG, CRIT,
1415 "%s: line %d: unknown factor %S in "
1416 "\"security <factors>\" line.\n",
1417 fname, lineno, cargv[1] );
1419 Debug( LDAP_DEBUG_ANY,
1420 "%s: line %d: unknown factor %s in \"security <factors>\" line\n",
1421 fname, lineno, cargv[i] );
1427 /* where to send clients when we don't hold it */
1428 } else if ( strcasecmp( cargv[0], "referral" ) == 0 ) {
1431 LDAP_LOG( CONFIG, CRIT,
1432 "%s: line %d: missing URL in \"referral <URL>\""
1433 " line.\n", fname, lineno , 0 );
1435 Debug( LDAP_DEBUG_ANY,
1436 "%s: line %d: missing URL in \"referral <URL>\" line\n",
1443 if( validate_global_referral( cargv[1] ) ) {
1445 LDAP_LOG( CONFIG, CRIT,
1446 "%s: line %d: invalid URL (%s) in \"referral\" line.\n",
1447 fname, lineno, cargv[1] );
1449 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
1450 "invalid URL (%s) in \"referral\" line.\n",
1451 fname, lineno, cargv[1] );
1456 vals[0].bv_val = cargv[1];
1457 vals[0].bv_len = strlen( vals[0].bv_val );
1458 if( value_add( &default_referral, vals ) )
1462 } else if ( strcasecmp( cargv[0], "logfile" ) == 0 ) {
1466 LDAP_LOG( CONFIG, CRIT,
1467 "%s: line %d: Error in logfile directive, "
1468 "\"logfile <filename>\"\n", fname, lineno , 0 );
1470 Debug( LDAP_DEBUG_ANY,
1471 "%s: line %d: Error in logfile directive, \"logfile filename\"\n",
1477 logfile = fopen( cargv[1], "w" );
1478 if ( logfile != NULL ) lutil_debug_file( logfile );
1481 /* start of a new database definition */
1482 } else if ( strcasecmp( cargv[0], "debug" ) == 0 ) {
1486 LDAP_LOG( CONFIG, CRIT,
1487 "%s: line %d: Error in debug directive, "
1488 "\"debug <subsys> <level>\"\n", fname, lineno , 0 );
1490 Debug( LDAP_DEBUG_ANY,
1491 "%s: line %d: Error in debug directive, \"debug subsys level\"\n",
1497 level = atoi( cargv[2] );
1498 if ( level <= 0 ) level = lutil_mnem2level( cargv[2] );
1499 lutil_set_debug_level( cargv[1], level );
1500 /* specify an Object Identifier macro */
1501 } else if ( strcasecmp( cargv[0], "objectidentifier" ) == 0 ) {
1502 rc = parse_oidm( fname, lineno, cargc, cargv );
1505 /* specify an objectclass */
1506 } else if ( strcasecmp( cargv[0], "objectclass" ) == 0 ) {
1507 if ( *cargv[1] == '(' /*')'*/) {
1509 p = strchr(saveline,'(' /*')'*/);
1510 rc = parse_oc( fname, lineno, p, cargv );
1515 LDAP_LOG( CONFIG, INFO,
1516 "%s: line %d: old objectclass format not supported\n",
1517 fname, lineno , 0 );
1519 Debug( LDAP_DEBUG_ANY,
1520 "%s: line %d: old objectclass format not supported.\n",
1525 #ifdef SLAP_EXTENDED_SCHEMA
1526 } else if ( strcasecmp( cargv[0], "ditcontentrule" ) == 0 ) {
1528 p = strchr(saveline,'(' /*')'*/);
1529 rc = parse_cr( fname, lineno, p, cargv );
1533 /* specify an attribute type */
1534 } else if (( strcasecmp( cargv[0], "attributetype" ) == 0 )
1535 || ( strcasecmp( cargv[0], "attribute" ) == 0 ))
1537 if ( *cargv[1] == '(' /*')'*/) {
1539 p = strchr(saveline,'(' /*')'*/);
1540 rc = parse_at( fname, lineno, p, cargv );
1545 LDAP_LOG( CONFIG, INFO,
1546 "%s: line %d: old attribute type format not supported.\n",
1547 fname, lineno , 0 );
1549 Debug( LDAP_DEBUG_ANY,
1550 "%s: line %d: old attribute type format not supported.\n",
1556 /* define attribute option(s) */
1557 } else if ( strcasecmp( cargv[0], "attributeoptions" ) == 0 ) {
1558 ad_define_option( NULL, NULL, 0 );
1559 for ( i = 1; i < cargc; i++ )
1560 if ( ad_define_option( cargv[i], fname, lineno ) != 0 )
1563 /* turn on/off schema checking */
1564 } else if ( strcasecmp( cargv[0], "schemacheck" ) == 0 ) {
1567 LDAP_LOG( CONFIG, CRIT,
1568 "%s: line %d: missing on|off in \"schemacheck <on|off>\""
1569 " line.\n", fname, lineno , 0 );
1571 Debug( LDAP_DEBUG_ANY,
1572 "%s: line %d: missing on|off in \"schemacheck <on|off>\" line\n",
1578 if ( strcasecmp( cargv[1], "off" ) == 0 ) {
1580 LDAP_LOG( CONFIG, CRIT,
1581 "%s: line %d: schema checking disabled! your mileage may "
1582 "vary!\n", fname, lineno , 0 );
1584 Debug( LDAP_DEBUG_ANY,
1585 "%s: line %d: schema checking disabled! your mileage may vary!\n",
1588 global_schemacheck = 0;
1590 global_schemacheck = 1;
1593 /* specify access control info */
1594 } else if ( strcasecmp( cargv[0], "access" ) == 0 ) {
1595 parse_acl( be, fname, lineno, cargc, cargv );
1597 /* debug level to log things to syslog */
1598 } else if ( strcasecmp( cargv[0], "loglevel" ) == 0 ) {
1601 LDAP_LOG( CONFIG, CRIT,
1602 "%s: line %d: missing level in \"loglevel <level>\""
1603 " line.\n", fname, lineno , 0 );
1605 Debug( LDAP_DEBUG_ANY,
1606 "%s: line %d: missing level in \"loglevel <level>\" line\n",
1615 for( i=1; i < cargc; i++ ) {
1616 ldap_syslog += atoi( cargv[1] );
1619 /* list of replicas of the data in this backend (master only) */
1620 } else if ( strcasecmp( cargv[0], "replica" ) == 0 ) {
1623 LDAP_LOG( CONFIG, CRIT,
1624 "%s: line %d: missing host in \"replica "
1625 " <host[:port]\" line\n", fname, lineno , 0 );
1627 Debug( LDAP_DEBUG_ANY,
1628 "%s: line %d: missing host in \"replica <host[:port]>\" line\n",
1636 LDAP_LOG( CONFIG, INFO,
1637 "%s: line %d: replica line must appear inside "
1638 "a database definition.\n", fname, lineno, 0);
1640 Debug( LDAP_DEBUG_ANY,
1641 "%s: line %d: replica line must appear inside a database definition\n",
1649 for ( i = 1; i < cargc; i++ ) {
1650 if ( strncasecmp( cargv[i], "host=", 5 )
1652 nr = add_replica_info( be,
1659 LDAP_LOG( CONFIG, INFO,
1660 "%s: line %d: missing host in \"replica\" line\n",
1661 fname, lineno , 0 );
1663 Debug( LDAP_DEBUG_ANY,
1664 "%s: line %d: missing host in \"replica\" line\n",
1669 } else if ( nr == -1 ) {
1671 LDAP_LOG( CONFIG, INFO,
1672 "%s: line %d: unable to add"
1673 " replica \"%s\"\n",
1677 Debug( LDAP_DEBUG_ANY,
1678 "%s: line %d: unable to add replica \"%s\"\n",
1679 fname, lineno, cargv[i] + 5 );
1683 for ( i = 1; i < cargc; i++ ) {
1684 if ( strncasecmp( cargv[i], "suffix=", 7 ) == 0 ) {
1686 switch ( add_replica_suffix( be, nr, cargv[i] + 7 ) ) {
1689 LDAP_LOG( CONFIG, INFO,
1690 "%s: line %d: suffix \"%s\" in \"replica\""
1691 " line is not valid for backend(ignored)\n",
1692 fname, lineno, cargv[i] + 7 );
1694 Debug( LDAP_DEBUG_ANY,
1695 "%s: line %d: suffix \"%s\" in \"replica\" line is not valid for backend (ignored)\n",
1696 fname, lineno, cargv[i] + 7 );
1702 LDAP_LOG( CONFIG, INFO,
1703 "%s: line %d: unable to normalize suffix"
1704 " in \"replica\" line (ignored)\n",
1705 fname, lineno , 0 );
1707 Debug( LDAP_DEBUG_ANY,
1708 "%s: line %d: unable to normalize suffix in \"replica\" line (ignored)\n",
1714 } else if ( strncasecmp( cargv[i], "attr", 4 ) == 0 ) {
1716 char *arg = cargv[i] + 4;
1718 if ( arg[0] == '!' ) {
1723 if ( arg[0] != '=' ) {
1727 if ( add_replica_attrs( be, nr, arg + 1, exclude ) ) {
1729 LDAP_LOG( CONFIG, INFO,
1730 "%s: line %d: attribute \"%s\" in "
1731 "\"replica\" line is unknown\n",
1732 fname, lineno, arg + 1 );
1734 Debug( LDAP_DEBUG_ANY,
1735 "%s: line %d: attribute \"%s\" in \"replica\" line is unknown\n",
1736 fname, lineno, arg + 1 );
1745 /* dn of master entity allowed to write to replica */
1746 } else if ( strcasecmp( cargv[0], "updatedn" ) == 0 ) {
1749 LDAP_LOG( CONFIG, CRIT,
1750 "%s: line %d: missing dn in \"updatedn <dn>\""
1751 " line.\n", fname, lineno , 0 );
1753 Debug( LDAP_DEBUG_ANY,
1754 "%s: line %d: missing dn in \"updatedn <dn>\" line\n",
1762 LDAP_LOG( CONFIG, INFO,
1763 "%s: line %d: updatedn line must appear inside "
1764 "a database definition\n",
1765 fname, lineno , 0 );
1767 Debug( LDAP_DEBUG_ANY,
1768 "%s: line %d: updatedn line must appear inside a database definition\n",
1776 if ( load_ucdata( NULL ) < 0 ) return 1;
1778 dn.bv_val = cargv[1];
1779 dn.bv_len = strlen( cargv[1] );
1781 rc = dnNormalize2( NULL, &dn, &be->be_update_ndn );
1782 if( rc != LDAP_SUCCESS ) {
1784 LDAP_LOG( CONFIG, CRIT,
1785 "%s: line %d: updatedn DN is invalid.\n",
1786 fname, lineno , 0 );
1788 Debug( LDAP_DEBUG_ANY,
1789 "%s: line %d: updatedn DN is invalid\n",
1796 } else if ( strcasecmp( cargv[0], "updateref" ) == 0 ) {
1799 LDAP_LOG( CONFIG, CRIT, "%s: line %d: "
1800 "missing url in \"updateref <ldapurl>\" line.\n",
1801 fname, lineno , 0 );
1803 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
1804 "missing url in \"updateref <ldapurl>\" line\n",
1812 LDAP_LOG( CONFIG, INFO, "%s: line %d: updateref"
1813 " line must appear inside a database definition\n",
1814 fname, lineno , 0 );
1816 Debug( LDAP_DEBUG_ANY, "%s: line %d: updateref"
1817 " line must appear inside a database definition\n",
1822 } else if ( !be->be_update_ndn.bv_len ) {
1824 LDAP_LOG( CONFIG, INFO, "%s: line %d: "
1825 "updateref line must come after updatedn.\n",
1826 fname, lineno , 0 );
1828 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
1829 "updateref line must after updatedn.\n",
1835 if( validate_global_referral( cargv[1] ) ) {
1837 LDAP_LOG( CONFIG, CRIT, "%s: line %d: "
1838 "invalid URL (%s) in \"updateref\" line.\n",
1839 fname, lineno, cargv[1] );
1841 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
1842 "invalid URL (%s) in \"updateref\" line.\n",
1843 fname, lineno, cargv[1] );
1848 vals[0].bv_val = cargv[1];
1849 vals[0].bv_len = strlen( vals[0].bv_val );
1850 if( value_add( &be->be_update_refs, vals ) )
1853 /* replication log file to which changes are appended */
1854 } else if ( strcasecmp( cargv[0], "replogfile" ) == 0 ) {
1857 LDAP_LOG( CONFIG, CRIT,
1858 "%s: line %d: missing filename in \"replogfile <filename>\""
1859 " line.\n", fname, lineno , 0 );
1861 Debug( LDAP_DEBUG_ANY,
1862 "%s: line %d: missing filename in \"replogfile <filename>\" line\n",
1869 be->be_replogfile = ch_strdup( cargv[1] );
1871 replogfile = ch_strdup( cargv[1] );
1874 /* file from which to read additional rootdse attrs */
1875 } else if ( strcasecmp( cargv[0], "rootDSE" ) == 0) {
1878 LDAP_LOG( CONFIG, CRIT, "%s: line %d: "
1879 "missing filename in \"rootDSE <filename>\" line.\n",
1880 fname, lineno , 0 );
1882 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
1883 "missing filename in \"rootDSE <filename>\" line.\n",
1889 if( read_root_dse_file( cargv[1] ) ) {
1891 LDAP_LOG( CONFIG, CRIT, "%s: line %d: "
1892 "could not read \"rootDSE <filename>\" line.\n",
1893 fname, lineno , 0 );
1895 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
1896 "could not read \"rootDSE <filename>\" line\n",
1902 /* maintain lastmodified{by,time} attributes */
1903 } else if ( strcasecmp( cargv[0], "lastmod" ) == 0 ) {
1906 LDAP_LOG( CONFIG, CRIT,
1907 "%s: line %d: missing on|off in \"lastmod <on|off>\""
1908 " line.\n", fname, lineno , 0 );
1910 Debug( LDAP_DEBUG_ANY,
1911 "%s: line %d: missing on|off in \"lastmod <on|off>\" line\n",
1917 if ( strcasecmp( cargv[1], "on" ) == 0 ) {
1919 be->be_flags &= ~SLAP_BFLAG_NOLASTMOD;
1925 be->be_flags |= SLAP_BFLAG_NOLASTMOD;
1932 /* turn on/off gentle SIGHUP handling */
1933 } else if ( strcasecmp( cargv[0], "gentlehup" ) == 0 ) {
1935 Debug( LDAP_DEBUG_ANY,
1936 "%s: line %d: missing on|off in \"gentlehup <on|off>\" line\n",
1940 if ( strcasecmp( cargv[1], "off" ) == 0 ) {
1941 global_gentlehup = 0;
1943 global_gentlehup = 1;
1947 /* set idle timeout value */
1948 } else if ( strcasecmp( cargv[0], "idletimeout" ) == 0 ) {
1952 LDAP_LOG( CONFIG, CRIT,
1953 "%s: line %d: missing timeout value in "
1954 "\"idletimeout <seconds>\" line.\n", fname, lineno , 0 );
1956 Debug( LDAP_DEBUG_ANY,
1957 "%s: line %d: missing timeout value in \"idletimeout <seconds>\" line\n",
1964 i = atoi( cargv[1] );
1968 LDAP_LOG( CONFIG, CRIT,
1969 "%s: line %d: timeout value (%d) invalid "
1970 "\"idletimeout <seconds>\" line.\n", fname, lineno, i );
1972 Debug( LDAP_DEBUG_ANY,
1973 "%s: line %d: timeout value (%d) invalid \"idletimeout <seconds>\" line\n",
1980 global_idletimeout = i;
1982 /* include another config file */
1983 } else if ( strcasecmp( cargv[0], "include" ) == 0 ) {
1986 LDAP_LOG( CONFIG, CRIT,
1987 "%s: line %d: missing filename in \"include "
1988 "<filename>\" line.\n", fname, lineno , 0 );
1990 Debug( LDAP_DEBUG_ANY,
1991 "%s: line %d: missing filename in \"include <filename>\" line\n",
1997 savefname = ch_strdup( cargv[1] );
1998 savelineno = lineno;
2000 if ( read_config( savefname, depth+1 ) != 0 ) {
2005 lineno = savelineno - 1;
2007 /* location of kerberos srvtab file */
2008 } else if ( strcasecmp( cargv[0], "srvtab" ) == 0 ) {
2011 LDAP_LOG( CONFIG, CRIT,
2012 "%s: line %d: missing filename in \"srvtab "
2013 "<filename>\" line.\n", fname, lineno , 0 );
2015 Debug( LDAP_DEBUG_ANY,
2016 "%s: line %d: missing filename in \"srvtab <filename>\" line\n",
2022 ldap_srvtab = ch_strdup( cargv[1] );
2024 #ifdef SLAPD_MODULES
2025 } else if (strcasecmp( cargv[0], "moduleload") == 0 ) {
2028 LDAP_LOG( CONFIG, INFO,
2029 "%s: line %d: missing filename in \"moduleload "
2030 "<filename>\" line.\n", fname, lineno , 0 );
2032 Debug( LDAP_DEBUG_ANY,
2033 "%s: line %d: missing filename in \"moduleload <filename>\" line\n",
2037 exit( EXIT_FAILURE );
2039 if (module_load(cargv[1], cargc - 2, (cargc > 2) ? cargv + 2 : NULL)) {
2041 LDAP_LOG( CONFIG, CRIT,
2042 "%s: line %d: failed to load or initialize module %s\n",
2043 fname, lineno, cargv[1] );
2045 Debug( LDAP_DEBUG_ANY,
2046 "%s: line %d: failed to load or initialize module %s\n",
2047 fname, lineno, cargv[1]);
2050 exit( EXIT_FAILURE );
2052 } else if (strcasecmp( cargv[0], "modulepath") == 0 ) {
2055 LDAP_LOG( CONFIG, INFO,
2056 "%s: line %d: missing path in \"modulepath <path>\""
2057 " line\n", fname, lineno , 0 );
2059 Debug( LDAP_DEBUG_ANY,
2060 "%s: line %d: missing path in \"modulepath <path>\" line\n",
2064 exit( EXIT_FAILURE );
2066 if (module_path( cargv[1] )) {
2068 LDAP_LOG( CONFIG, CRIT,
2069 "%s: line %d: failed to set module search path to %s.\n",
2070 fname, lineno, cargv[1] );
2072 Debug( LDAP_DEBUG_ANY,
2073 "%s: line %d: failed to set module search path to %s\n",
2074 fname, lineno, cargv[1]);
2077 exit( EXIT_FAILURE );
2080 #endif /*SLAPD_MODULES*/
2083 } else if ( !strcasecmp( cargv[0], "TLSRandFile" ) ) {
2084 rc = ldap_pvt_tls_set_option( NULL,
2085 LDAP_OPT_X_TLS_RANDOM_FILE,
2090 } else if ( !strcasecmp( cargv[0], "TLSCipherSuite" ) ) {
2091 rc = ldap_pvt_tls_set_option( NULL,
2092 LDAP_OPT_X_TLS_CIPHER_SUITE,
2097 } else if ( !strcasecmp( cargv[0], "TLSCertificateFile" ) ) {
2098 rc = ldap_pvt_tls_set_option( NULL,
2099 LDAP_OPT_X_TLS_CERTFILE,
2104 } else if ( !strcasecmp( cargv[0], "TLSCertificateKeyFile" ) ) {
2105 rc = ldap_pvt_tls_set_option( NULL,
2106 LDAP_OPT_X_TLS_KEYFILE,
2111 } else if ( !strcasecmp( cargv[0], "TLSCACertificatePath" ) ) {
2112 rc = ldap_pvt_tls_set_option( NULL,
2113 LDAP_OPT_X_TLS_CACERTDIR,
2118 } else if ( !strcasecmp( cargv[0], "TLSCACertificateFile" ) ) {
2119 rc = ldap_pvt_tls_set_option( NULL,
2120 LDAP_OPT_X_TLS_CACERTFILE,
2124 } else if ( !strcasecmp( cargv[0], "TLSVerifyClient" ) ) {
2125 if ( isdigit( (unsigned char) cargv[1][0] ) ) {
2127 rc = ldap_pvt_tls_set_option( NULL,
2128 LDAP_OPT_X_TLS_REQUIRE_CERT,
2131 rc = ldap_int_tls_config( NULL,
2132 LDAP_OPT_X_TLS_REQUIRE_CERT,
2141 } else if ( !strcasecmp( cargv[0], "reverse-lookup" ) ) {
2142 #ifdef SLAPD_RLOOKUPS
2145 LDAP_LOG( CONFIG, INFO,
2146 "%s: line %d: reverse-lookup: missing \"on\" or \"off\"\n",
2147 fname, lineno , 0 );
2149 Debug( LDAP_DEBUG_ANY,
2150 "%s: line %d: reverse-lookup: missing \"on\" or \"off\"\n",
2156 if ( !strcasecmp( cargv[1], "on" ) ) {
2157 use_reverse_lookup = 1;
2158 } else if ( !strcasecmp( cargv[1], "off" ) ) {
2159 use_reverse_lookup = 0;
2162 LDAP_LOG( CONFIG, INFO,
2163 "%s: line %d: reverse-lookup: "
2164 "must be \"on\" (default) or \"off\"\n", fname, lineno, 0 );
2166 Debug( LDAP_DEBUG_ANY,
2167 "%s: line %d: reverse-lookup: must be \"on\" (default) or \"off\"\n",
2173 #else /* !SLAPD_RLOOKUPS */
2175 LDAP_LOG( CONFIG, INFO,
2176 "%s: line %d: reverse lookups "
2177 "are not configured (ignored).\n", fname, lineno , 0 );
2179 Debug( LDAP_DEBUG_ANY,
2180 "%s: line %d: reverse lookups are not configured (ignored).\n",
2183 #endif /* !SLAPD_RLOOKUPS */
2185 /* Netscape plugins */
2186 } else if ( strcasecmp( cargv[0], "plugin" ) == 0 ) {
2187 #if defined( LDAP_SLAPI )
2189 #ifdef notdef /* allow global plugins, too */
2191 * a "plugin" line must be inside a database
2192 * definition, since we implement pre-,post-
2193 * and extended operation plugins
2197 LDAP_LOG( CONFIG, INFO,
2198 "%s: line %d: plugin line must appear "
2199 "inside a database definition.\n",
2202 Debug( LDAP_DEBUG_ANY, "%s: line %d: plugin "
2203 "line must appear inside a database "
2204 "definition\n", fname, lineno, 0 );
2210 if ( netscape_plugin( be, fname, lineno, cargc, cargv )
2215 #else /* !defined( LDAP_SLAPI ) */
2217 LDAP_LOG( CONFIG, INFO,
2218 "%s: line %d: SLAPI not supported.\n",
2221 Debug( LDAP_DEBUG_ANY, "%s: line %d: SLAPI "
2222 "not supported.\n", fname, lineno, 0 );
2226 #endif /* !defined( LDAP_SLAPI ) */
2228 /* Netscape plugins */
2229 } else if ( strcasecmp( cargv[0], "pluginlog" ) == 0 ) {
2230 #if defined( LDAP_SLAPI )
2233 LDAP_LOG( CONFIG, INFO,
2234 "%s: line %d: missing file name "
2235 "in pluginlog <filename> line.\n",
2238 Debug( LDAP_DEBUG_ANY,
2239 "%s: line %d: missing file name "
2240 "in pluginlog <filename> line.\n",
2246 if ( slapi_log_file != NULL ) {
2247 ch_free( slapi_log_file );
2250 slapi_log_file = ch_strdup( cargv[1] );
2251 #endif /* !defined( LDAP_SLAPI ) */
2253 /* pass anything else to the current backend info/db config routine */
2256 if ( bi->bi_config == 0 ) {
2258 LDAP_LOG( CONFIG, INFO,
2259 "%s: line %d: unknown directive \"%s\" inside "
2260 "backend info definition (ignored).\n",
2261 fname, lineno, cargv[0] );
2263 Debug( LDAP_DEBUG_ANY,
2264 "%s: line %d: unknown directive \"%s\" inside backend info definition (ignored)\n",
2265 fname, lineno, cargv[0] );
2269 if ( (*bi->bi_config)( bi, fname, lineno, cargc, cargv )
2275 } else if ( be != NULL ) {
2276 if ( be->be_config == 0 ) {
2278 LDAP_LOG( CONFIG, INFO,
2279 "%s: line %d: uknown directive \"%s\" inside "
2280 "backend database definition (ignored).\n",
2281 fname, lineno, cargv[0] );
2283 Debug( LDAP_DEBUG_ANY,
2284 "%s: line %d: unknown directive \"%s\" inside backend database definition (ignored)\n",
2285 fname, lineno, cargv[0] );
2289 if ( (*be->be_config)( be, fname, lineno, cargc, cargv )
2297 LDAP_LOG( CONFIG, INFO,
2298 "%s: line %d: unknown directive \"%s\" outside backend "
2299 "info and database definitions (ignored).\n",
2300 fname, lineno, cargv[0] );
2302 Debug( LDAP_DEBUG_ANY,
2303 "%s: line %d: unknown directive \"%s\" outside backend info and database definitions (ignored)\n",
2304 fname, lineno, cargv[0] );
2313 if ( depth == 0 ) ch_free( cargv );
2315 if ( !global_schemadn.bv_val ) {
2316 ber_str2bv( SLAPD_SCHEMA_DN, sizeof(SLAPD_SCHEMA_DN)-1, 1,
2318 dnNormalize2( NULL, &global_schemadn, &global_schemandn );
2321 if ( load_ucdata( NULL ) < 0 ) return 1;
2333 char logbuf[sizeof("pseudorootpw ***")];
2336 token = strtok_quote( line, " \t" );
2340 if ( token && ( strcasecmp( token, "rootpw" ) == 0 ||
2341 strcasecmp( token, "replica" ) == 0 || /* contains "credentials" */
2342 strcasecmp( token, "bindpw" ) == 0 || /* used in back-ldap */
2343 strcasecmp( token, "pseudorootpw" ) == 0 || /* used in back-meta */
2344 strcasecmp( token, "dbpasswd" ) == 0 ) ) /* used in back-sql */
2346 snprintf( logline = logbuf, sizeof logbuf, "%s ***", token );
2349 if ( strtok_quote_ptr ) {
2350 *strtok_quote_ptr = ' ';
2354 LDAP_LOG( CONFIG, DETAIL1, "line %d (%s)\n", lineno, logline , 0 );
2356 Debug( LDAP_DEBUG_CONFIG, "line %d (%s)\n", lineno, logline, 0 );
2359 if ( strtok_quote_ptr ) {
2360 *strtok_quote_ptr = '\0';
2363 for ( ; token != NULL; token = strtok_quote( NULL, " \t" ) ) {
2364 if ( cargc == cargv_size - 1 ) {
2366 tmp = ch_realloc( cargv, (cargv_size + ARGS_STEP) *
2368 if ( tmp == NULL ) {
2370 LDAP_LOG( CONFIG, ERR, "line %d: out of memory\n", lineno, 0,0 );
2372 Debug( LDAP_DEBUG_ANY,
2373 "line %d: out of memory\n",
2379 cargv_size += ARGS_STEP;
2381 cargv[cargc++] = token;
2383 cargv[cargc] = NULL;
2388 strtok_quote( char *line, char *sep )
2394 strtok_quote_ptr = NULL;
2395 if ( line != NULL ) {
2398 while ( *next && strchr( sep, *next ) ) {
2402 if ( *next == '\0' ) {
2408 for ( inquote = 0; *next; ) {
2416 AC_MEMCPY( next, next + 1, strlen( next + 1 ) + 1 );
2422 next + 1, strlen( next + 1 ) + 1 );
2423 next++; /* dont parse the escaped character */
2428 if ( strchr( sep, *next ) != NULL ) {
2429 strtok_quote_ptr = next;
2442 static char buf[BUFSIZ];
2444 static size_t lmax, lcur;
2446 #define CATLINE( buf ) \
2448 size_t len = strlen( buf ); \
2449 while ( lcur + len + 1 > lmax ) { \
2451 line = (char *) ch_realloc( line, lmax ); \
2453 strcpy( line + lcur, buf ); \
2458 fp_getline( FILE *fp, int *lineno )
2466 /* hack attack - keeps us from having to keep a stack of bufs... */
2467 if ( strncasecmp( line, "include", 7 ) == 0 ) {
2472 while ( fgets( buf, sizeof(buf), fp ) != NULL ) {
2473 /* trim off \r\n or \n */
2474 if ( (p = strchr( buf, '\n' )) != NULL ) {
2475 if( p > buf && p[-1] == '\r' ) --p;
2479 /* trim off trailing \ and append the next line */
2480 if ( line[ 0 ] != '\0'
2481 && (p = line + strlen( line ) - 1)[ 0 ] == '\\'
2482 && p[ -1 ] != '\\' ) {
2487 if ( ! isspace( (unsigned char) buf[0] ) ) {
2491 /* change leading whitespace to a space */
2500 return( line[0] ? line : NULL );
2504 fp_getline_init( int *lineno )
2510 /* Loads ucdata, returns 1 if loading, 0 if already loaded, -1 on error */
2512 load_ucdata( char *path )
2514 static int loaded = 0;
2520 err = ucdata_load( path ? path : SLAPD_DEFAULT_UCDATA, UCDATA_ALL );
2523 LDAP_LOG( CONFIG, CRIT,
2524 "load_ucdata: Error %d loading ucdata.\n", err, 0,0 );
2526 Debug( LDAP_DEBUG_ANY, "error loading ucdata (error %d)\n",
2539 ucdata_unload( UCDATA_ALL );
2540 free( global_schemandn.bv_val );
2541 free( global_schemadn.bv_val );
2543 if ( slapd_args_file )
2544 free ( slapd_args_file );
2545 if ( slapd_pid_file )
2546 free ( slapd_pid_file );
2547 if ( default_passwd_hash )
2548 free( default_passwd_hash );
2549 acl_destroy( global_acl, NULL );
projects / openldap / blob