2 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
4 * Copyright 1998-2004 The OpenLDAP Foundation.
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted only as authorized by the OpenLDAP
11 * A copy of this license is available in the file LICENSE in the
12 * top-level directory of the distribution or, alternatively, at
13 * <http://www.OpenLDAP.org/license.html>.
15 /* Portions Copyright (c) 1995 Regents of the University of Michigan.
16 * All rights reserved.
18 * Redistribution and use in source and binary forms are permitted
19 * provided that this notice is preserved and that due credit is given
20 * to the University of Michigan at Ann Arbor. The name of the University
21 * may not be used to endorse or promote products derived from this
22 * software without specific prior written permission. This software
23 * is provided ``as is'' without express or implied warranty.
30 #include <ac/socket.h>
31 #include <ac/string.h>
33 #include <ac/unistd.h>
42 #include "slapi/slapi.h"
46 static RETSIGTYPE wait4child( int sig );
49 #ifdef HAVE_NT_SERVICE_MANAGER
50 #define MAIN_RETURN(x) return
51 static struct sockaddr_in bind_addr;
53 #define SERVICE_EXIT( e, n ) do { \
54 if ( is_NT_Service ) { \
55 lutil_ServiceStatus.dwWin32ExitCode = (e); \
56 lutil_ServiceStatus.dwServiceSpecificExitCode = (n); \
61 #define SERVICE_EXIT( e, n )
62 #define MAIN_RETURN(x) return(x)
65 typedef int (MainFunc) LDAP_P(( int argc, char *argv[] ));
66 extern MainFunc slapadd, slapcat, slapdn, slapindex, slappasswd,
67 slaptest, slapauth, slapacl;
76 {"slapindex", slapindex},
77 {"slappasswd", slappasswd},
78 {"slaptest", slaptest},
79 {"slapauth", slapauth},
81 /* NOTE: new tools must be added in chronological order,
82 * not in alphabetical order, because for backwards
83 * compatibility name[4] is used to identify the
84 * tools; so name[4]=='a' must refer to "slapadd" and
85 * not to "slapauth". Alphabetical order can be used
86 * for tools whose name[4] is not used yet */
91 * when more than one slapd is running on one machine, each one might have
92 * it's own LOCAL for syslogging and must have its own pid/args files
95 #ifndef HAVE_MKVERSION
96 const char Versionstr[] =
97 OPENLDAP_PACKAGE " " OPENLDAP_VERSION " Standalone LDAP Server (slapd)";
101 #define DEFAULT_SYSLOG_USER LOG_LOCAL4
103 typedef struct _str2intDispatch {
107 } STRDISP, *STRDISP_P;
109 /* table to compute syslog-options to integer */
110 static STRDISP syslog_types[] = {
111 { "LOCAL0", sizeof("LOCAL0"), LOG_LOCAL0 },
112 { "LOCAL1", sizeof("LOCAL1"), LOG_LOCAL1 },
113 { "LOCAL2", sizeof("LOCAL2"), LOG_LOCAL2 },
114 { "LOCAL3", sizeof("LOCAL3"), LOG_LOCAL3 },
115 { "LOCAL4", sizeof("LOCAL4"), LOG_LOCAL4 },
116 { "LOCAL5", sizeof("LOCAL5"), LOG_LOCAL5 },
117 { "LOCAL6", sizeof("LOCAL6"), LOG_LOCAL6 },
118 { "LOCAL7", sizeof("LOCAL7"), LOG_LOCAL7 },
120 { "USER", sizeof("USER"), LOG_USER },
123 { "DAEMON", sizeof("DAEMON"), LOG_DAEMON },
128 static int cnvt_str2int( char *, STRDISP_P, int );
129 #endif /* LOG_LOCAL4 */
131 #define CHECK_NONE 0x00
132 #define CHECK_CONFIG 0x01
133 static int check = CHECK_NONE;
134 static int version = 0;
137 slapd_opt_slp( const char *val, void *arg )
140 /* NULL is default */
141 if ( val == NULL || strcasecmp( val, "on" ) == 0 ) {
142 SLAPD_GLOBAL(register_slp) = 1;
144 } else if ( strcasecmp( val, "off" ) == 0 ) {
145 SLAPD_GLOBAL(register_slp) = 0;
147 /* NOTE: add support for URL specification? */
150 fprintf(stderr, "unrecognized value \"%s\" for SLP option\n", val );
157 fputs( "slapd: SLP support is not available\n", stderr );
163 * Option helper structure:
165 * oh_nam is left-hand part of <option>[=<value>]
166 * oh_fnc is handler function
167 * oh_arg is an optional arg to oh_fnc
168 * oh_usage is the one-line usage string related to the option,
169 * which is assumed to start with <option>[=<value>]
171 * please leave valid options in the structure, and optionally #ifdef
172 * their processing inside the helper, so that reasonable and helpful
173 * error messages can be generated if a disabled option is requested.
175 struct option_helper {
176 struct berval oh_name;
177 int (*oh_fnc)(const char *val, void *arg);
179 const char *oh_usage;
180 } option_helpers[] = {
181 { BER_BVC("slp"), slapd_opt_slp, NULL, "slp[={on|off}] enable/disable SLP" },
189 "usage: %s options\n", name );
191 "\t-4\t\tIPv4 only\n"
192 "\t-6\t\tIPv6 only\n"
193 "\t-T {add|auth|cat|dn|index|passwd|test}\n"
194 "\t\t\tRun in Tool mode\n"
195 "\t-c cookie\tSync cookie of consumer\n"
196 "\t-d level\tDebug level" "\n"
197 "\t-f filename\tConfiguration file\n"
198 #if defined(HAVE_SETUID) && defined(HAVE_SETGID)
199 "\t-g group\tGroup (id or name) to run as\n"
201 "\t-h URLs\t\tList of URLs to serve\n"
203 "\t-l facility\tSyslog facility (default: LOCAL4)\n"
205 "\t-n serverName\tService name\n"
206 "\t-o <opt>[=val] generic means to specify options" );
207 if ( !BER_BVISNULL( &option_helpers[0].oh_name ) ) {
210 fprintf( stderr, "; supported options:\n" );
211 for ( i = 0; !BER_BVISNULL( &option_helpers[i].oh_name ); i++) {
212 fprintf( stderr, "\t\t%s\n", option_helpers[i].oh_usage );
215 fprintf( stderr, "\n" );
219 "\t-r directory\tSandbox directory to chroot to\n"
221 "\t-s level\tSyslog level\n"
222 #if defined(HAVE_SETUID) && defined(HAVE_SETGID)
223 "\t-u user\t\tUser (id or name) to run as\n"
225 "\t-V\t\tprint version info (-VV only)\n"
229 #ifdef HAVE_NT_SERVICE_MANAGER
230 void WINAPI ServiceMain( DWORD argc, LPTSTR *argv )
232 int main( int argc, char **argv )
235 int i, no_detach = 0;
238 #if defined(HAVE_SETUID) && defined(HAVE_SETGID)
239 char *username = NULL;
240 char *groupname = NULL;
242 #if defined(HAVE_CHROOT)
243 char *sandbox = NULL;
246 int syslogUser = DEFAULT_SYSLOG_USER;
250 char **g_argv = argv;
252 #ifdef HAVE_NT_SERVICE_MANAGER
253 char *configfile = ".\\slapd.conf";
255 char *configfile = SLAPD_DEFAULT_CONFIGFILE;
258 int serverMode = SLAP_SERVER_MODE;
260 struct berval cookie = BER_BVNULL;
261 struct sync_cookie *scp = NULL;
262 struct sync_cookie *scp_entry = NULL;
266 if( ( leakfile = fopen( "slapd.leak", "w" )) == NULL ) {
270 char *serverNamePrefix = "";
275 config_init(); /* sets frontendDB */
277 serverName = lutil_progname( "slapd", argc, argv );
279 if ( strcmp( serverName, "slapd" ) ) {
280 for (i=0; tools[i].name; i++) {
281 if ( !strcmp( serverName, tools[i].name ) ) {
282 rc = tools[i].func(argc, argv);
288 #ifdef HAVE_NT_SERVICE_MANAGER
293 char *regService = NULL;
295 if ( is_NT_Service ) {
296 lutil_CommenceStartupProcessing( serverName, slap_sig_shutdown );
297 if ( strcmp(serverName, SERVICE_NAME) )
298 regService = serverName;
301 i = (int*)lutil_getRegParam( regService, "DebugLevel" );
304 Debug( LDAP_DEBUG_ANY,
305 "new debug level from registry is: %d\n", slap_debug, 0, 0 );
308 newUrls = (char *) lutil_getRegParam(regService, "Urls");
313 urls = ch_strdup(newUrls);
314 Debug(LDAP_DEBUG_ANY, "new urls from registry: %s\n",
318 newConfigFile = (char*)lutil_getRegParam( regService, "ConfigFile" );
319 if ( newConfigFile != NULL ) {
320 configfile = newConfigFile;
321 Debug ( LDAP_DEBUG_ANY, "new config file from registry is: %s\n", configfile, 0, 0 );
326 while ( (i = getopt( argc, argv,
327 "c:d:f:h:n:o:s:StT:V"
337 #if defined(HAVE_SETUID) && defined(HAVE_SETGID)
344 slap_inet4or6 = AF_INET;
347 slap_inet4or6 = AF_INET6;
351 case 'h': /* listen URLs */
352 if ( urls != NULL ) free( urls );
353 urls = ch_strdup( optarg );
356 case 'c': /* provide sync cookie, override if exist in replica */
357 scp = (struct sync_cookie *) ch_calloc( 1, sizeof( struct sync_cookie ));
358 ber_str2bv( optarg, strlen( optarg ), 1, &cookie );
359 ber_bvarray_add( &scp->octet_str, &cookie );
360 slap_parse_sync_cookie( scp );
362 LDAP_STAILQ_FOREACH( scp_entry, &SLAPD_GLOBAL(sync_cookie), sc_next ) {
363 if ( scp->rid == scp_entry->rid ) {
364 Debug( LDAP_DEBUG_ANY,
365 "main: duplicated replica id in cookies\n",
367 slap_sync_cookie_free( scp, 1 );
371 LDAP_STAILQ_INSERT_TAIL( &SLAPD_GLOBAL(sync_cookie), scp, sc_next );
374 case 'd': /* set debug level and 'do not detach' flag */
377 slap_debug |= atoi( optarg );
379 if ( atoi( optarg ) != 0 )
380 fputs( "must compile with LDAP_DEBUG for debugging\n",
385 case 'f': /* read config file */
386 configfile = ch_strdup( optarg );
390 char *val = strchr( optarg, '=' );
397 opt.bv_len = ( val - optarg );
401 opt.bv_len = strlen( optarg );
404 for ( i = 0; !BER_BVISNULL( &option_helpers[i].oh_name ); i++ ) {
405 if ( ber_bvstrcasecmp( &option_helpers[i].oh_name, &opt ) == 0 ) {
406 assert( option_helpers[i].oh_fnc != NULL );
407 if ( (*option_helpers[i].oh_fnc)( val, option_helpers[i].oh_arg ) == -1 ) {
408 /* we assume the option parsing helper
409 * issues appropriate and self-explanatory
410 * error messages... */
417 if ( BER_BVISNULL( &option_helpers[i].oh_name ) ) {
418 goto unhandled_option;
423 case 's': /* set syslog level */
424 ldap_syslog = atoi( optarg );
428 case 'l': /* set syslog local user */
429 syslogUser = cnvt_str2int( optarg,
430 syslog_types, DEFAULT_SYSLOG_USER );
436 if( sandbox ) free(sandbox);
437 sandbox = ch_strdup( optarg );
441 #if defined(HAVE_SETUID) && defined(HAVE_SETGID)
442 case 'u': /* user name */
443 if( username ) free(username);
444 username = ch_strdup( optarg );
447 case 'g': /* group name */
448 if( groupname ) free(groupname);
449 groupname = ch_strdup( optarg );
451 #endif /* SETUID && GETUID */
453 case 'n': /* NT service name */
454 serverName = ch_strdup( optarg );
458 /* deprecated; use slaptest instead */
459 fprintf( stderr, "option -t deprecated; "
460 "use slaptest command instead\n" );
461 check |= CHECK_CONFIG;
469 /* try full option string first */
470 for ( i = 0; tools[i].name; i++ ) {
471 if ( strcmp( optarg, &tools[i].name[4] ) == 0 ) {
472 rc = tools[i].func( argc, argv );
477 /* try bits of option string (backward compatibility for single char) */
478 l = strlen( optarg );
479 for ( i = 0; tools[i].name; i++ ) {
480 if ( strncmp( optarg, &tools[i].name[4], l ) == 0 ) {
481 rc = tools[i].func( argc, argv );
488 serverNamePrefix = "slap";
489 fprintf( stderr, "program name \"%s%s\" unrecognized; "
490 "aborting...\n", serverNamePrefix, serverName );
496 SERVICE_EXIT( ERROR_SERVICE_SPECIFIC_ERROR, 15 );
501 (void) ldap_pvt_thread_initialize();
503 lutil_set_debug_level( "slapd", slap_debug );
504 ber_set_option(NULL, LBER_OPT_DEBUG_LEVEL, &slap_debug);
505 ldap_set_option(NULL, LDAP_OPT_DEBUG_LEVEL, &slap_debug);
506 ldif_debug = slap_debug;
509 fprintf( stderr, "%s\n", Versionstr );
510 if ( version > 1 ) goto stop;
516 logName = ch_strdup( serverName );
519 logName = serverName;
523 openlog( logName, OPENLOG_OPTIONS, syslogUser );
525 openlog( logName, OPENLOG_OPTIONS );
532 Debug( LDAP_DEBUG_ANY, "%s", Versionstr, 0, 0 );
534 if( check == CHECK_NONE && slapd_daemon_init( urls ) != 0 ) {
536 SERVICE_EXIT( ERROR_SERVICE_SPECIFIC_ERROR, 16 );
540 #if defined(HAVE_CHROOT)
542 if ( chdir( sandbox ) ) {
547 if ( chroot( sandbox ) ) {
555 #if defined(HAVE_SETUID) && defined(HAVE_SETGID)
556 if ( username != NULL || groupname != NULL ) {
557 slap_init_user( username, groupname );
566 if ( module_init() != 0 ) {
568 SERVICE_EXIT( ERROR_SERVICE_SPECIFIC_ERROR, 17 );
573 if ( slap_schema_init( ) != 0 ) {
574 Debug( LDAP_DEBUG_ANY,
575 "schema initialization error\n",
581 if ( slap_init( serverMode, serverName ) != 0 ) {
583 SERVICE_EXIT( ERROR_SERVICE_SPECIFIC_ERROR, 18 );
587 if ( slap_controls_init( ) != 0 ) {
588 Debug( LDAP_DEBUG_ANY,
589 "controls initialization error\n",
596 /* Library defaults to full certificate checking. This is correct when
597 * a client is verifying a server because all servers should have a
598 * valid cert. But few clients have valid certs, so we want our default
599 * to be no checking. The config file can override this as usual.
602 (void) ldap_pvt_tls_set_option( NULL, LDAP_OPT_X_TLS_REQUIRE_CERT, &rc );
606 if ( slapi_int_initialize() != 0 ) {
607 Debug( LDAP_DEBUG_ANY,
608 "slapi initialization error\n",
613 #endif /* LDAP_SLAPI */
615 if ( frontend_init() ) {
619 if ( overlay_init() ) {
623 if ( read_config( configfile, 0 ) != 0 ) {
625 SERVICE_EXIT( ERROR_SERVICE_SPECIFIC_ERROR, 19 );
627 if ( check & CHECK_CONFIG ) {
628 fprintf( stderr, "config check failed\n" );
634 if ( check & CHECK_CONFIG ) {
635 fprintf( stderr, "config check succeeded\n" );
637 check &= ~CHECK_CONFIG;
638 if ( check == CHECK_NONE ) {
644 if ( glue_sub_init( ) != 0 ) {
645 Debug( LDAP_DEBUG_ANY,
646 "subordinate config error\n",
651 if ( slap_schema_check( ) != 0 ) {
652 Debug( LDAP_DEBUG_ANY,
653 "schema prep error\n",
660 rc = ldap_pvt_tls_init();
662 Debug( LDAP_DEBUG_ANY,
663 "main: TLS init failed: %d\n",
666 SERVICE_EXIT( ERROR_SERVICE_SPECIFIC_ERROR, 20 );
671 void *def_ctx = NULL;
673 /* Save existing default ctx, if any */
674 ldap_pvt_tls_get_option( NULL, LDAP_OPT_X_TLS_CTX, &def_ctx );
676 /* Force new ctx to be created */
677 ldap_pvt_tls_set_option( NULL, LDAP_OPT_X_TLS_CTX, NULL );
679 rc = ldap_pvt_tls_init_def_ctx();
681 Debug( LDAP_DEBUG_ANY,
682 "main: TLS init def ctx failed: %d\n",
685 SERVICE_EXIT( ERROR_SERVICE_SPECIFIC_ERROR, 20 );
688 /* Retrieve slapd's own ctx */
689 ldap_pvt_tls_get_option( NULL, LDAP_OPT_X_TLS_CTX, &SLAPD_GLOBAL(tls_ctx) );
690 /* Restore previous ctx */
691 ldap_pvt_tls_set_option( NULL, LDAP_OPT_X_TLS_CTX, def_ctx );
695 (void) SIGNAL( LDAP_SIGUSR1, slap_sig_wake );
696 (void) SIGNAL( LDAP_SIGUSR2, slap_sig_shutdown );
699 (void) SIGNAL( SIGPIPE, SIG_IGN );
702 (void) SIGNAL( SIGHUP, slap_sig_shutdown );
704 (void) SIGNAL( SIGINT, slap_sig_shutdown );
705 (void) SIGNAL( SIGTERM, slap_sig_shutdown );
707 (void) SIGNAL( LDAP_SIGCHLD, wait4child );
710 /* SIGBREAK is generated when Ctrl-Break is pressed. */
711 (void) SIGNAL( SIGBREAK, slap_sig_shutdown );
715 lutil_detach( no_detach, 0 );
716 #endif /* HAVE_WINSOCK */
723 * FIXME: moved here from slapd_daemon_task()
724 * because back-monitor db_open() needs it
726 time( &SLAPD_GLOBAL(starttime) );
728 if ( slap_startup( NULL ) != 0 ) {
730 SERVICE_EXIT( ERROR_SERVICE_SPECIFIC_ERROR, 21 );
734 Debug( LDAP_DEBUG_ANY, "slapd starting\n", 0, 0, 0 );
737 if ( SLAPD_GLOBAL(pid_file) != NULL ) {
738 FILE *fp = fopen( SLAPD_GLOBAL(pid_file), "w" );
741 fprintf( fp, "%d\n", (int) getpid() );
745 free(SLAPD_GLOBAL(pid_file));
746 SLAPD_GLOBAL(pid_file) = NULL;
750 if ( SLAPD_GLOBAL(args_file) != NULL ) {
751 FILE *fp = fopen( SLAPD_GLOBAL(args_file), "w" );
754 for ( i = 0; i < g_argc; i++ ) {
755 fprintf( fp, "%s ", g_argv[i] );
760 free(SLAPD_GLOBAL(args_file));
761 SLAPD_GLOBAL(args_file) = NULL;
765 #ifdef HAVE_NT_EVENT_LOG
767 lutil_LogStartedEvent( serverName, slap_debug, configfile, urls );
772 #ifdef HAVE_NT_SERVICE_MANAGER
773 /* Throw away the event that we used during the startup process. */
775 ldap_pvt_thread_cond_destroy( &started_event );
779 /* remember an error during shutdown */
780 rc |= slap_shutdown( NULL );
783 /* remember an error during destroy */
784 rc |= slap_destroy();
786 while ( !LDAP_STAILQ_EMPTY( &SLAPD_GLOBAL(sync_cookie) )) {
787 scp = LDAP_STAILQ_FIRST( &SLAPD_GLOBAL(sync_cookie) );
788 LDAP_STAILQ_REMOVE_HEAD( &SLAPD_GLOBAL(sync_cookie), sc_next );
801 #ifdef HAVE_NT_EVENT_LOG
803 lutil_LogStoppedEvent( serverName );
806 Debug( LDAP_DEBUG_ANY, "slapd stopped.\n", 0, 0, 0 );
809 #ifdef HAVE_NT_SERVICE_MANAGER
810 lutil_ReportShutdownComplete();
816 slapd_daemon_destroy();
822 lutil_passwd_destroy();
825 ldap_pvt_tls_destroy();
828 if ( SLAPD_GLOBAL(pid_file) != NULL ) {
829 unlink( SLAPD_GLOBAL(pid_file) );
831 if ( SLAPD_GLOBAL(args_file) != NULL ) {
832 unlink( SLAPD_GLOBAL(args_file) );
838 mal_dumpleaktrace( leakfile );
848 * Catch and discard terminated child processes, to avoid zombies.
852 wait4child( int sig )
854 int save_errno = errno;
859 while ( waitpid( (pid_t)-1, NULL, WNOHANG ) > 0 || errno == EINTR )
862 while ( wait3( NULL, WNOHANG, NULL ) > 0 || errno == EINTR )
868 (void) SIGNAL_REINSTALL( sig, wait4child );
872 #endif /* LDAP_SIGCHLD */
878 * Convert a string to an integer by means of a dispatcher table
879 * if the string is not in the table return the default
883 cnvt_str2int( char *stringVal, STRDISP_P dispatcher, int defaultVal )
885 int retVal = defaultVal;
888 for (disp = dispatcher; disp->stringVal; disp++) {
890 if (!strncasecmp (stringVal, disp->stringVal, disp->abbr)) {
892 retVal = disp->intVal;
901 #endif /* LOG_LOCAL4 */
projects / openldap / blob