- }
-
- /* set database suffix */
- } else if ( strcasecmp( cargv[0], "suffix" ) == 0 ) {
- Backend *tmp_be;
- struct berval dn, pdn, ndn;
-
- if ( cargc < 2 ) {
- Debug( LDAP_DEBUG_ANY, "%s: line %d: "
- "missing dn in \"suffix <dn>\" line\n",
- fname, lineno, 0 );
-
- return( 1 );
-
- } else if ( cargc > 2 ) {
- Debug( LDAP_DEBUG_ANY, "%s: line %d: extra cruft "
- "after <dn> in \"suffix %s\" line (ignored)\n",
- fname, lineno, cargv[1] );
- }
-
- if ( be == NULL ) {
- Debug( LDAP_DEBUG_ANY, "%s: line %d: suffix line "
- "must appear inside a database definition\n",
- fname, lineno, 0 );
- return( 1 );
-
-#if defined(SLAPD_MONITOR_DN)
- /* "cn=Monitor" is reserved for monitoring slap */
- } else if ( strcasecmp( cargv[1], SLAPD_MONITOR_DN ) == 0 ) {
- Debug( LDAP_DEBUG_ANY, "%s: line %d: \""
- "%s\" is reserved for monitoring slapd\n",
- fname, lineno, SLAPD_MONITOR_DN );
- return( 1 );
-#endif /* SLAPD_MONITOR_DN */
- }
-
- if ( load_ucdata( NULL ) < 0 ) return 1;
-
- dn.bv_val = cargv[1];
- dn.bv_len = strlen( cargv[1] );
-
- rc = dnPrettyNormal( NULL, &dn, &pdn, &ndn, NULL );
- if( rc != LDAP_SUCCESS ) {
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d: suffix DN is invalid\n",
- fname, lineno, 0 );
- return( 1 );
- }
-
- tmp_be = select_backend( &ndn, 0, 0 );
- if ( tmp_be == be ) {
- Debug( LDAP_DEBUG_ANY, "%s: line %d: suffix "
- "already served by this backend (ignored)\n",
- fname, lineno, 0 );
- free( pdn.bv_val );
- free( ndn.bv_val );
-
- } else if ( tmp_be != NULL ) {
- Debug( LDAP_DEBUG_ANY, "%s: line %d: suffix "
- "already served by a preceeding backend \"%s\"\n",
- fname, lineno, tmp_be->be_suffix[0].bv_val );
- free( pdn.bv_val );
- free( ndn.bv_val );
- return( 1 );
-
- } else if( pdn.bv_len == 0 && default_search_nbase.bv_len ) {
- Debug( LDAP_DEBUG_ANY, "%s: line %d: "
- "suffix DN empty and default "
- "search base provided \"%s\" (assuming okay)\n",
- fname, lineno, default_search_base.bv_val );
- }
-
- ber_bvarray_add( &be->be_suffix, &pdn );
- ber_bvarray_add( &be->be_nsuffix, &ndn );
-
- /* set max deref depth */
- } else if ( strcasecmp( cargv[0], "maxDerefDepth" ) == 0 ) {
- int i;
- if ( cargc < 2 ) {
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d: missing depth in \"maxDerefDepth <depth>\" line\n",
- fname, lineno, 0 );
-
- return( 1 );
- }
- if ( be == NULL ) {
- Debug( LDAP_DEBUG_ANY,
-"%s: line %d: depth line must appear inside a database definition.\n",
- fname, lineno, 0 );
- return 1;
- }
-
- i = strtol( cargv[1], &next, 10 );
- if ( next == NULL || next[0] != '\0' ) {
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d: unable to parse depth \"%s\" in \"maxDerefDepth <depth>\" "
- "line.\n", fname, lineno, cargv[1] );
- return 1;
- }
-
- if (i < 0) {
- Debug( LDAP_DEBUG_ANY,
-"%s: line %d: depth must be positive.\n",
- fname, lineno, 0 );
- return 1;
-
-
- }
- be->be_max_deref_depth = i;
-
- /* set magic "root" dn for this database */
- } else if ( strcasecmp( cargv[0], "rootdn" ) == 0 ) {
- if ( cargc < 2 ) {
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d: missing dn in \"rootdn <dn>\" line\n",
- fname, lineno, 0 );
-
- return( 1 );
- }
-
- if ( be == NULL ) {
- Debug( LDAP_DEBUG_ANY,
-"%s: line %d: rootdn line must appear inside a database definition.\n",
- fname, lineno, 0 );
- return 1;
-
- } else {
- struct berval dn;
-
- if ( load_ucdata( NULL ) < 0 ) return 1;
-
- dn.bv_val = cargv[1];
- dn.bv_len = strlen( cargv[1] );
-
- rc = dnPrettyNormal( NULL, &dn,
- &be->be_rootdn,
- &be->be_rootndn, NULL );
-
- if( rc != LDAP_SUCCESS ) {
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d: rootdn DN is invalid\n",
- fname, lineno, 0 );
- return( 1 );
- }
- }
-
- /* set super-secret magic database password */
- } else if ( strcasecmp( cargv[0], "rootpw" ) == 0 ) {
- if ( cargc < 2 ) {
- Debug( LDAP_DEBUG_ANY, "%s: line %d: "
- "missing passwd in \"rootpw <passwd>\" line\n",
- fname, lineno, 0 );
-
- return( 1 );
- }
-
- if ( be == NULL ) {
- Debug( LDAP_DEBUG_ANY, "%s: line %d: "
- "rootpw line must appear inside a database "
- "definition.\n",
- fname, lineno, 0 );
- return 1;
-
- } else {
- Backend *tmp_be = select_backend( &be->be_rootndn, 0, 0 );
-
- if( tmp_be != be ) {
- Debug( LDAP_DEBUG_ANY, "%s: line %d: "
- "rootpw can only be set when rootdn is under suffix\n",
- fname, lineno, 0 );
- return 1;
- }
-
- be->be_rootpw.bv_val = ch_strdup( cargv[1] );
- be->be_rootpw.bv_len = strlen( be->be_rootpw.bv_val );
- }
-
- /* make this database read-only */
- } else if ( strcasecmp( cargv[0], "readonly" ) == 0 ) {
- if ( cargc < 2 ) {
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d: missing on|off in \"readonly <on|off>\" line\n",
- fname, lineno, 0 );
-
- return( 1 );
- }
- if ( be == NULL ) {
- if ( strcasecmp( cargv[1], "on" ) == 0 ) {
- frontendDB->be_restrictops |= SLAP_RESTRICT_OP_WRITES;
- } else {
- frontendDB->be_restrictops &= ~SLAP_RESTRICT_OP_WRITES;
- }
-
- } else {
- if ( strcasecmp( cargv[1], "on" ) == 0 ) {
- be->be_restrictops |= SLAP_RESTRICT_OP_WRITES;
- } else {
- be->be_restrictops &= ~SLAP_RESTRICT_OP_WRITES;
- }
- }
-
- /* restricts specific operations */
- } else if ( strcasecmp( cargv[0], "restrict" ) == 0 ) {
- slap_mask_t restrictops = 0;
- struct restrictable_exops_t {
- char *name;
- int flag;
- } restrictable_exops[] = {
- { LDAP_EXOP_START_TLS, SLAP_RESTRICT_EXOP_START_TLS },
- { LDAP_EXOP_MODIFY_PASSWD, SLAP_RESTRICT_EXOP_MODIFY_PASSWD },
- { LDAP_EXOP_X_WHO_AM_I, SLAP_RESTRICT_EXOP_WHOAMI },
- { LDAP_EXOP_X_CANCEL, SLAP_RESTRICT_EXOP_CANCEL },
- { NULL, 0 }
- };
- int i;
-
- if ( cargc < 2 ) {
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d: missing <op_list> in \"restrict <op_list>\" "
- "line.\n", fname, lineno, 0 );
- return 1;
- }
-
- for ( i = 1; i < cargc; i++ ) {
- if ( strcasecmp( cargv[ i ], "read" ) == 0 ) {
- restrictops |= SLAP_RESTRICT_OP_READS;
-
- } else if ( strcasecmp( cargv[ i ], "write" ) == 0 ) {
- restrictops |= SLAP_RESTRICT_OP_WRITES;
-
- } else if ( strcasecmp( cargv[ i ], "add" ) == 0 ) {
- restrictops |= SLAP_RESTRICT_OP_ADD;
-
- } else if ( strcasecmp( cargv[ i ], "bind" ) == 0 ) {
- restrictops |= SLAP_RESTRICT_OP_BIND;
-
- } else if ( strcasecmp( cargv[ i ], "compare" ) == 0 ) {
- restrictops |= SLAP_RESTRICT_OP_COMPARE;
-
- } else if ( strcasecmp( cargv[ i ], "delete" ) == 0 ) {
- restrictops |= SLAP_RESTRICT_OP_DELETE;
-
- } else if ( strncasecmp( cargv[ i ], "extended",
- STRLENOF( "extended" ) ) == 0 )
- {
- char *e = cargv[ i ] + STRLENOF( "extended" );
-
- if ( e[0] == '=' ) {
- int j;
-
- e++;
- for ( j = 0; restrictable_exops[ j ].name; j++ ) {
- if ( strcmp( e, restrictable_exops[j].name ) == 0 )
- {
- restrictops |= restrictable_exops[ j ].flag;
- break;
- }
- }
-
- if ( restrictable_exops[ j ].name == NULL ) {
- goto restrict_unknown;
- }
-
- restrictops &= ~SLAP_RESTRICT_OP_EXTENDED;
-
- } else if ( e[0] == '\0' ) {
- restrictops &= ~SLAP_RESTRICT_EXOP_MASK;
- restrictops |= SLAP_RESTRICT_OP_EXTENDED;
-
- } else {
- goto restrict_unknown;
- }
-
- } else if ( strcasecmp( cargv[ i ], "modify" ) == 0 ) {
- restrictops |= SLAP_RESTRICT_OP_MODIFY;
-
- } else if ( strcasecmp( cargv[ i ], "rename" ) == 0
- || strcasecmp( cargv[ i ], "modrdn" ) == 0 )
- {
- restrictops |= SLAP_RESTRICT_OP_RENAME;
-
- } else if ( strcasecmp( cargv[ i ], "search" ) == 0 ) {
- restrictops |= SLAP_RESTRICT_OP_SEARCH;
-
- } else {
-restrict_unknown:;
-
- Debug( LDAP_DEBUG_ANY, "%s: line %d: "
- "unknown operation %s in \"allow <features>\" line\n",
- fname, lineno, cargv[i] );
- return 1;
- }
- }
-
- if ( be == NULL ) {
- frontendDB->be_restrictops |= restrictops;
- } else {
- be->be_restrictops |= restrictops;
- }
-
- /* allow these features */
- } else if ( strcasecmp( cargv[0], "allows" ) == 0 ||
- strcasecmp( cargv[0], "allow" ) == 0 )
- {
- slap_mask_t allows = 0;
-
- if ( be != NULL ) {
- Debug( LDAP_DEBUG_ANY,
-"%s: line %d: allow line must appear prior to database definitions\n",
- fname, lineno, 0 );
-
- }
-
- if ( cargc < 2 ) {
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d: missing feature(s) in \"allow <features>\" line\n",
- fname, lineno, 0 );
-
- return( 1 );
- }
-
- for( i=1; i < cargc; i++ ) {
- if( strcasecmp( cargv[i], "bind_v2" ) == 0 ) {
- allows |= SLAP_ALLOW_BIND_V2;
-
- } else if( strcasecmp( cargv[i], "bind_anon_cred" ) == 0 ) {
- allows |= SLAP_ALLOW_BIND_ANON_CRED;
-
- } else if( strcasecmp( cargv[i], "bind_anon_dn" ) == 0 ) {
- allows |= SLAP_ALLOW_BIND_ANON_DN;
-
- } else if( strcasecmp( cargv[i], "update_anon" ) == 0 ) {
- allows |= SLAP_ALLOW_UPDATE_ANON;
-
- } else {
- Debug( LDAP_DEBUG_ANY, "%s: line %d: "
- "unknown feature %s in \"allow <features>\" line\n",
- fname, lineno, cargv[i] );
-
- return 1;
- }
- }
-
- global_allows |= allows;
-
- /* disallow these features */
- } else if ( strcasecmp( cargv[0], "disallows" ) == 0 ||
- strcasecmp( cargv[0], "disallow" ) == 0 )
- {
- slap_mask_t disallows = 0;
-
- if ( be != NULL ) {
- Debug( LDAP_DEBUG_ANY,
-"%s: line %d: disallow line must appear prior to database definitions\n",
- fname, lineno, 0 );
-
- }
-
- if ( cargc < 2 ) {
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d: missing feature(s) in \"disallow <features>\" line\n",
- fname, lineno, 0 );
-
- return( 1 );
- }
-
- for( i=1; i < cargc; i++ ) {
- if( strcasecmp( cargv[i], "bind_anon" ) == 0 ) {
- disallows |= SLAP_DISALLOW_BIND_ANON;
-
- } else if( strcasecmp( cargv[i], "bind_simple" ) == 0 ) {
- disallows |= SLAP_DISALLOW_BIND_SIMPLE;
-
- } else if( strcasecmp( cargv[i], "bind_krbv4" ) == 0 ) {
- disallows |= SLAP_DISALLOW_BIND_KRBV4;
-
- } else if( strcasecmp( cargv[i], "tls_2_anon" ) == 0 ) {
- disallows |= SLAP_DISALLOW_TLS_2_ANON;
-
- } else if( strcasecmp( cargv[i], "tls_authc" ) == 0 ) {
- disallows |= SLAP_DISALLOW_TLS_AUTHC;
-
- } else {
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d: unknown feature %s in \"disallow <features>\" line\n",
- fname, lineno, cargv[i] );
-
- return 1;
- }
- }
-
- global_disallows |= disallows;
-
- /* require these features */
- } else if ( strcasecmp( cargv[0], "requires" ) == 0 ||
- strcasecmp( cargv[0], "require" ) == 0 )
- {
- slap_mask_t requires = 0;
-
- if ( cargc < 2 ) {
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d: missing feature(s) in \"require <features>\" line\n",
- fname, lineno, 0 );
-
- return( 1 );
- }
-
- for( i=1; i < cargc; i++ ) {
- if( strcasecmp( cargv[i], "bind" ) == 0 ) {
- requires |= SLAP_REQUIRE_BIND;
-
- } else if( strcasecmp( cargv[i], "LDAPv3" ) == 0 ) {
- requires |= SLAP_REQUIRE_LDAP_V3;
-
- } else if( strcasecmp( cargv[i], "authc" ) == 0 ) {
- requires |= SLAP_REQUIRE_AUTHC;
-
- } else if( strcasecmp( cargv[i], "SASL" ) == 0 ) {
- requires |= SLAP_REQUIRE_SASL;
-
- } else if( strcasecmp( cargv[i], "strong" ) == 0 ) {
- requires |= SLAP_REQUIRE_STRONG;
-
- } else if( strcasecmp( cargv[i], "none" ) != 0 ) {
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d: unknown feature %s in \"require <features>\" line\n",
- fname, lineno, cargv[i] );
-
- return( 1 );
- }
- }
-
- if ( be == NULL ) {
- frontendDB->be_requires = requires;
- } else {
- be->be_requires = requires;
- }
-
- } else if ( strcasecmp( cargv[0], "security" ) == 0 ) {
- slap_ssf_set_t *set;
-
- if ( cargc < 2 ) {
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d: missing factor(s) in \"security <factors>\" line\n",
- fname, lineno, 0 );
-
- return( 1 );
- }
-
- if ( be == NULL ) {
- set = &frontendDB->be_ssf_set;
- } else {
- set = &be->be_ssf_set;
- }
-
- for( i=1; i < cargc; i++ ) {
- slap_ssf_t *tgt;
- char *src;
-
- if ( strncasecmp( cargv[i], "ssf=",
- STRLENOF("ssf=") ) == 0 )
- {
- tgt = &set->sss_ssf;
- src = &cargv[i][STRLENOF("ssf=")];
-
- } else if ( strncasecmp( cargv[i], "transport=",
- STRLENOF("transport=") ) == 0 )
- {
- tgt = &set->sss_transport;
- src = &cargv[i][STRLENOF("transport=")];
-
- } else if ( strncasecmp( cargv[i], "tls=",
- STRLENOF("tls=") ) == 0 )
- {
- tgt = &set->sss_tls;
- src = &cargv[i][STRLENOF("tls=")];
-
- } else if ( strncasecmp( cargv[i], "sasl=",
- STRLENOF("sasl=") ) == 0 )
- {
- tgt = &set->sss_sasl;
- src = &cargv[i][STRLENOF("sasl=")];
-
- } else if ( strncasecmp( cargv[i], "update_ssf=",
- STRLENOF("update_ssf=") ) == 0 )
- {
- tgt = &set->sss_update_ssf;
- src = &cargv[i][STRLENOF("update_ssf=")];
-
- } else if ( strncasecmp( cargv[i], "update_transport=",
- STRLENOF("update_transport=") ) == 0 )
- {
- tgt = &set->sss_update_transport;
- src = &cargv[i][STRLENOF("update_transport=")];
-
- } else if ( strncasecmp( cargv[i], "update_tls=",
- STRLENOF("update_tls=") ) == 0 )
- {
- tgt = &set->sss_update_tls;
- src = &cargv[i][STRLENOF("update_tls=")];
-
- } else if ( strncasecmp( cargv[i], "update_sasl=",
- STRLENOF("update_sasl=") ) == 0 )
- {
- tgt = &set->sss_update_sasl;
- src = &cargv[i][STRLENOF("update_sasl=")];
-
- } else if ( strncasecmp( cargv[i], "simple_bind=",
- STRLENOF("simple_bind=") ) == 0 )
- {
- tgt = &set->sss_simple_bind;
- src = &cargv[i][STRLENOF("simple_bind=")];
-
- } else {
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d: unknown factor %s in \"security <factors>\" line\n",
- fname, lineno, cargv[i] );
-
- return( 1 );
- }
-
- *tgt = strtol( src, &next, 10 );
- if ( next == NULL || next[0] != '\0' ) {
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d: unable to parse factor \"%s\" in \"security <factors>\" line\n",
- fname, lineno, cargv[i] );
-
- return( 1 );
- }
- }
-
- /* where to send clients when we don't hold it */
- } else if ( strcasecmp( cargv[0], "referral" ) == 0 ) {
- if ( cargc < 2 ) {
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d: missing URL in \"referral <URL>\" line\n",
- fname, lineno, 0 );
-
- return( 1 );
- }
-
- if( validate_global_referral( cargv[1] ) ) {
- Debug( LDAP_DEBUG_ANY, "%s: line %d: "
- "invalid URL (%s) in \"referral\" line.\n",
- fname, lineno, cargv[1] );
- return 1;
- }
-
- vals[0].bv_val = cargv[1];
- vals[0].bv_len = strlen( vals[0].bv_val );
- if( value_add( &default_referral, vals ) )
- return LDAP_OTHER;
-
- /* start of a new database definition */
- } else if ( strcasecmp( cargv[0], "debug" ) == 0 ) {
- int level;
- if ( cargc < 3 ) {
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d: Error in debug directive, \"debug subsys level\"\n",
- fname, lineno, 0 );
- return( 1 );
- }
- level = strtol( cargv[2], &next, 10 );
- if ( next == NULL || next[0] != '\0' ){
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d: unable to parse level \"%s\" in debug directive, "
- "\"debug <subsys> <level>\"\n", fname, lineno , cargv[2] );
- return( 1 );
- }
-
- if ( level <= 0 ) level = lutil_mnem2level( cargv[2] );
- lutil_set_debug_level( cargv[1], level );
- /* specify an Object Identifier macro */
- } else if ( strcasecmp( cargv[0], "objectidentifier" ) == 0 ) {
- rc = parse_oidm( fname, lineno, cargc, cargv );
- if( rc ) return rc;
-
- /* specify an objectclass */
- } else if ( strcasecmp( cargv[0], "objectclass" ) == 0 ) {
- if ( cargc < 2 ) {
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d: illegal objectclass format.\n",
- fname, lineno, 0 );
- return( 1 );
-
- } else if ( *cargv[1] == '(' /*')'*/) {
- char * p;
- p = strchr(saveline,'(' /*')'*/);
- rc = parse_oc( fname, lineno, p, cargv );
- if( rc ) return rc;
-
- } else {
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d: old objectclass format not supported.\n",
- fname, lineno, 0 );
- }
-
- } else if ( strcasecmp( cargv[0], "ditcontentrule" ) == 0 ) {
- char * p;
- p = strchr(saveline,'(' /*')'*/);
- rc = parse_cr( fname, lineno, p, cargv );
- if( rc ) return rc;
-
- /* specify an attribute type */
- } else if (( strcasecmp( cargv[0], "attributetype" ) == 0 )
- || ( strcasecmp( cargv[0], "attribute" ) == 0 ))
- {
- if ( cargc < 2 ) {
- Debug( LDAP_DEBUG_ANY, "%s: line %d: "
- "illegal attribute type format.\n",
- fname, lineno, 0 );
- return( 1 );
-
- } else if ( *cargv[1] == '(' /*')'*/) {
- char * p;
- p = strchr(saveline,'(' /*')'*/);
- rc = parse_at( fname, lineno, p, cargv );
- if( rc ) return rc;
-
- } else {
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d: old attribute type format not supported.\n",
- fname, lineno, 0 );
-
- }
-
- /* define attribute option(s) */
- } else if ( strcasecmp( cargv[0], "attributeoptions" ) == 0 ) {
- ad_define_option( NULL, NULL, 0 );
- for ( i = 1; i < cargc; i++ )
- if ( ad_define_option( cargv[i], fname, lineno ) != 0 )
- return 1;
-
- /* turn on/off schema checking */
- } else if ( strcasecmp( cargv[0], "schemacheck" ) == 0 ) {
- if ( cargc < 2 ) {
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d: missing on|off in \"schemacheck <on|off>\" line\n",
- fname, lineno, 0 );
-
- return( 1 );
- }
- if ( strcasecmp( cargv[1], "off" ) == 0 ) {
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d: schema checking disabled! your mileage may vary!\n",
- fname, lineno, 0 );
- global_schemacheck = 0;
- } else {
- global_schemacheck = 1;
- }
-
- /* specify access control info */
- } else if ( strcasecmp( cargv[0], "access" ) == 0 ) {
- parse_acl( be, fname, lineno, cargc, cargv );
-
- /* debug level to log things to syslog */
- } else if ( strcasecmp( cargv[0], "loglevel" ) == 0 ) {
- if ( cargc < 2 ) {
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d: missing level(s) in \"loglevel <level> [...]\" line\n",
- fname, lineno, 0 );
-
- return( 1 );
- }
-
- ldap_syslog = 0;
-
- for( i=1; i < cargc; i++ ) {
- int level;
-
- if ( isdigit( cargv[i][0] ) ) {
- level = strtol( cargv[i], &next, 10 );
- if ( next == NULL || next[0] != '\0' ) {
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d: unable to parse level \"%s\" "
- "in \"loglevel <level> [...]\" line.\n",
- fname, lineno , cargv[i] );
- return( 1 );
- }
-
- } else {
- static struct {
- int i;
- char *s;
- } int_2_level[] = {
- { LDAP_DEBUG_TRACE, "Trace" },
- { LDAP_DEBUG_PACKETS, "Packets" },
- { LDAP_DEBUG_ARGS, "Args" },
- { LDAP_DEBUG_CONNS, "Conns" },
- { LDAP_DEBUG_BER, "BER" },
- { LDAP_DEBUG_FILTER, "Filter" },
- { LDAP_DEBUG_CONFIG, "Config" },
- { LDAP_DEBUG_ACL, "ACL" },
- { LDAP_DEBUG_STATS, "Stats" },
- { LDAP_DEBUG_STATS2, "Stats2" },
- { LDAP_DEBUG_SHELL, "Shell" },
- { LDAP_DEBUG_PARSE, "Parse" },
- { LDAP_DEBUG_CACHE, "Cache" },
- { LDAP_DEBUG_INDEX, "Index" },
- { -1, "Any" },
- { 0, NULL }
- };
- int j;
-
- for ( j = 0; int_2_level[j].s; j++ ) {
- if ( strcasecmp( cargv[i], int_2_level[j].s ) == 0 ) {
- level = int_2_level[j].i;
- break;
- }
- }
-
- if ( int_2_level[j].s == NULL ) {
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d: unknown level \"%s\" "
- "in \"loglevel <level> [...]\" line.\n",
- fname, lineno , cargv[i] );
- return( 1 );
- }
- }
-
- ldap_syslog |= level;
- }
-
- /* list of sync replication information in this backend (slave only) */
- } else if ( strcasecmp( cargv[0], "syncrepl" ) == 0 ) {
-
- if ( be == NULL ) {
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d: syncrepl line must appear inside "
- "a database definition.\n", fname, lineno, 0);
- return 1;
-
- } else if ( SLAP_SHADOW( be )) {
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d: syncrepl: database already shadowed.\n",
- fname, lineno, 0);
- return 1;
-
- } else if ( add_syncrepl( be, cargv, cargc )) {
- return 1;
- }
-
- SLAP_DBFLAGS(be) |= ( SLAP_DBFLAG_SHADOW | SLAP_DBFLAG_SYNC_SHADOW );
-
- /* list of replicas of the data in this backend (master only) */
- } else if ( strcasecmp( cargv[0], "replica" ) == 0 ) {
- if ( cargc < 2 ) {
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d: missing host or uri in \"replica <host[:port]>\" line\n",
- fname, lineno, 0 );
-
- return( 1 );
- }
- if ( be == NULL ) {
- Debug( LDAP_DEBUG_ANY,
-"%s: line %d: replica line must appear inside a database definition\n",
- fname, lineno, 0 );
- return 1;
-
- } else {
- int nr = -1;
-
- for ( i = 1; i < cargc; i++ ) {
- if ( strncasecmp( cargv[i], "host=", 5 )
- == 0 ) {
- nr = add_replica_info( be,
- cargv[i] + 5 );
- break;
- } else if (strncasecmp( cargv[i], "uri=", 4 )
- == 0 ) {
- if ( ldap_url_parse( cargv[ i ] + 4, &ludp )
- != LDAP_SUCCESS ) {
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d: replica line contains invalid "
- "uri definition.\n", fname, lineno, 0);
- return 1;
- }
- if (ludp->lud_host == NULL ) {
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d: replica line contains invalid "
- "uri definition - missing hostname.\n", fname, lineno, 0);
- return 1;
- }
- replicahost = ch_malloc( strlen( cargv[ i ] ) );
- if ( replicahost == NULL ) {
- Debug( LDAP_DEBUG_ANY,
- "out of memory in read_config\n", 0, 0, 0 );
- ldap_free_urldesc( ludp );
- exit( EXIT_FAILURE );
- }
- sprintf(replicahost, "%s:%d",
- ludp->lud_host, ludp->lud_port);
- nr = add_replica_info( be, replicahost );
- ldap_free_urldesc( ludp );
- ch_free(replicahost);
- break;
- }
- }
- if ( i == cargc ) {
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d: missing host or uri in \"replica\" line\n",
- fname, lineno, 0 );
- return 1;
-
- } else if ( nr == -1 ) {
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d: unable to add replica \"%s\"\n",
- fname, lineno, cargv[i] + 5 );
- return 1;
- } else {
- for ( i = 1; i < cargc; i++ ) {
- if ( strncasecmp( cargv[i], "suffix=", 7 ) == 0 ) {
-
- switch ( add_replica_suffix( be, nr, cargv[i] + 7 ) ) {
- case 1:
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d: suffix \"%s\" in \"replica\" line is not valid for backend (ignored)\n",
- fname, lineno, cargv[i] + 7 );
- break;
-
- case 2:
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d: unable to normalize suffix in \"replica\" line (ignored)\n",
- fname, lineno, 0 );
- break;
- }
-
- } else if ( strncasecmp( cargv[i], "attr", 4 ) == 0 ) {
- int exclude = 0;
- char *arg = cargv[i] + 4;
-
- if ( arg[0] == '!' ) {
- arg++;
- exclude = 1;
- }
-
- if ( arg[0] != '=' ) {
- continue;
- }
-
- if ( add_replica_attrs( be, nr, arg + 1, exclude ) ) {
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d: attribute \"%s\" in \"replica\" line is unknown\n",
- fname, lineno, arg + 1 );
- return( 1 );
- }
- }
- }
- }
- }
-
- } else if ( strcasecmp( cargv[0], "replicationInterval" ) == 0 ) {
- /* ignore */
-
- /* dn of slave entity allowed to write to replica */
- } else if ( strcasecmp( cargv[0], "updatedn" ) == 0 ) {
- if ( cargc < 2 ) {
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d: missing dn in \"updatedn <dn>\" line\n",
- fname, lineno, 0 );
-
- return( 1 );
- }
- if ( be == NULL ) {
- Debug( LDAP_DEBUG_ANY,
-"%s: line %d: updatedn line must appear inside a database definition\n",
- fname, lineno, 0 );
- return 1;
-
- } else if ( SLAP_SHADOW(be) ) {
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d: updatedn: database already shadowed.\n",
- fname, lineno, 0);
- return 1;
-
- } else {
- struct berval dn;
-
- if ( load_ucdata( NULL ) < 0 ) return 1;
-
- dn.bv_val = cargv[1];
- dn.bv_len = strlen( cargv[1] );
-
- rc = dnNormalize( 0, NULL, NULL, &dn, &be->be_update_ndn, NULL );
- if( rc != LDAP_SUCCESS ) {
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d: updatedn DN is invalid\n",
- fname, lineno, 0 );
- return 1;
- }
-
- }
- SLAP_DBFLAGS(be) |= ( SLAP_DBFLAG_SHADOW | SLAP_DBFLAG_SLURP_SHADOW );
-
- } else if ( strcasecmp( cargv[0], "updateref" ) == 0 ) {
- if ( cargc < 2 ) {
- Debug( LDAP_DEBUG_ANY, "%s: line %d: "
- "missing url in \"updateref <ldapurl>\" line\n",
- fname, lineno, 0 );
-
- return( 1 );
- }
- if ( be == NULL ) {
- Debug( LDAP_DEBUG_ANY, "%s: line %d: updateref"
- " line must appear inside a database definition\n",
- fname, lineno, 0 );
- return 1;
-
- } else if ( !SLAP_SHADOW(be) ) {
- Debug( LDAP_DEBUG_ANY, "%s: line %d: "
- "updateref line must after syncrepl or updatedn.\n",
- fname, lineno, 0 );
- return 1;
- }
-
- if( validate_global_referral( cargv[1] ) ) {
- Debug( LDAP_DEBUG_ANY, "%s: line %d: "
- "invalid URL (%s) in \"updateref\" line.\n",
- fname, lineno, cargv[1] );
- return 1;
- }
-
- vals[0].bv_val = cargv[1];
- vals[0].bv_len = strlen( vals[0].bv_val );
- if( value_add( &be->be_update_refs, vals ) ) {
- return LDAP_OTHER;
- }
-
- /* replication log file to which changes are appended */
- } else if ( strcasecmp( cargv[0], "replogfile" ) == 0 ) {
- if ( cargc < 2 ) {
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d: missing filename in \"replogfile <filename>\" line\n",
- fname, lineno, 0 );
-
- return( 1 );
- }
- if ( be ) {
- be->be_replogfile = ch_strdup( cargv[1] );
- } else {
- replogfile = ch_strdup( cargv[1] );
- }
-
- /* file from which to read additional rootdse attrs */
- } else if ( strcasecmp( cargv[0], "rootDSE" ) == 0) {
- if ( cargc < 2 ) {
- Debug( LDAP_DEBUG_ANY, "%s: line %d: "
- "missing filename in \"rootDSE <filename>\" line.\n",
- fname, lineno, 0 );
- return 1;
- }
-
- if( read_root_dse_file( cargv[1] ) ) {
- Debug( LDAP_DEBUG_ANY, "%s: line %d: "
- "could not read \"rootDSE <filename>\" line\n",
- fname, lineno, 0 );
- return 1;
- }
-
- /* maintain lastmodified{by,time} attributes */
- } else if ( strcasecmp( cargv[0], "lastmod" ) == 0 ) {
- if ( cargc < 2 ) {
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d: missing on|off in \"lastmod <on|off>\" line\n",
- fname, lineno, 0 );
-
- return( 1 );
- }
-
- if ( be == NULL ) {
- Debug( LDAP_DEBUG_ANY, "%s: line %d: lastmod"
- " line must appear inside a database definition\n",
- fname, lineno, 0 );
- return 1;
-
- } else if ( SLAP_NOLASTMODCMD(be) ) {
- Debug( LDAP_DEBUG_ANY, "%s: line %d: lastmod"
- " not available for %s databases\n",
- fname, lineno, be->bd_info->bi_type );
- return 1;
- }
-
- if ( strcasecmp( cargv[1], "on" ) == 0 ) {
- SLAP_DBFLAGS(be) &= ~SLAP_DBFLAG_NOLASTMOD;
- } else {
- SLAP_DBFLAGS(be) |= SLAP_DBFLAG_NOLASTMOD;
- }
-
-#ifdef SIGHUP
- /* turn on/off gentle SIGHUP handling */
- } else if ( strcasecmp( cargv[0], "gentlehup" ) == 0 ) {
- if ( cargc < 2 ) {
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d: missing on|off in \"gentlehup <on|off>\" line\n",
- fname, lineno, 0 );
- return( 1 );
- }
- if ( strcasecmp( cargv[1], "off" ) == 0 ) {
- global_gentlehup = 0;
- } else {
- global_gentlehup = 1;
- }
-#endif
-
- /* set idle timeout value */
- } else if ( strcasecmp( cargv[0], "idletimeout" ) == 0 ) {
- int i;
- if ( cargc < 2 ) {
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d: missing timeout value in \"idletimeout <seconds>\" line\n",
- fname, lineno, 0 );
-
- return( 1 );
- }
-
- i = atoi( cargv[1] );
-
- if( i < 0 ) {
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d: timeout value (%d) invalid \"idletimeout <seconds>\" line\n",
- fname, lineno, i );
-
- return( 1 );
- }
-
- global_idletimeout = i;
-
- /* include another config file */
- } else if ( strcasecmp( cargv[0], "include" ) == 0 ) {
- if ( cargc < 2 ) {
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d: missing filename in \"include <filename>\" line\n",
- fname, lineno, 0 );
-
- return( 1 );
- }
- savefname = ch_strdup( cargv[1] );
- savelineno = lineno;
-
- if ( read_config( savefname, depth+1 ) != 0 ) {
- return( 1 );
- }
-
- free( savefname );
- lineno = savelineno - 1;
-
- /* location of kerberos srvtab file */
- } else if ( strcasecmp( cargv[0], "srvtab" ) == 0 ) {
- if ( cargc < 2 ) {
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d: missing filename in \"srvtab <filename>\" line\n",
- fname, lineno, 0 );
-
- return( 1 );
- }
- ldap_srvtab = ch_strdup( cargv[1] );
-
-#ifdef SLAPD_MODULES
- } else if (strcasecmp( cargv[0], "moduleload") == 0 ) {
- if ( cargc < 2 ) {
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d: missing filename in \"moduleload <filename>\" line\n",
- fname, lineno, 0 );
-
- exit( EXIT_FAILURE );
- }
- if (module_load(cargv[1], cargc - 2, (cargc > 2) ? cargv + 2 : NULL)) {
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d: failed to load or initialize module %s\n",
- fname, lineno, cargv[1]);
-
- exit( EXIT_FAILURE );
- }
- } else if (strcasecmp( cargv[0], "modulepath") == 0 ) {
- if ( cargc != 2 ) {
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d: missing path in \"modulepath <path>\" line\n",
- fname, lineno, 0 );
-
- exit( EXIT_FAILURE );
- }
- if (module_path( cargv[1] )) {
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d: failed to set module search path to %s\n",
- fname, lineno, cargv[1]);
-
- exit( EXIT_FAILURE );
- }
-
-#endif /*SLAPD_MODULES*/
-
-#ifdef HAVE_TLS
- } else if ( !strcasecmp( cargv[0], "TLSRandFile" ) ) {
- rc = ldap_pvt_tls_set_option( NULL,
- LDAP_OPT_X_TLS_RANDOM_FILE,
- cargv[1] );
- if ( rc )
- return rc;
-
- } else if ( !strcasecmp( cargv[0], "TLSCipherSuite" ) ) {
- rc = ldap_pvt_tls_set_option( NULL,
- LDAP_OPT_X_TLS_CIPHER_SUITE,
- cargv[1] );
- if ( rc )
- return rc;
-
- } else if ( !strcasecmp( cargv[0], "TLSCertificateFile" ) ) {
- rc = ldap_pvt_tls_set_option( NULL,
- LDAP_OPT_X_TLS_CERTFILE,
- cargv[1] );
- if ( rc )
- return rc;
-
- } else if ( !strcasecmp( cargv[0], "TLSCertificateKeyFile" ) ) {
- rc = ldap_pvt_tls_set_option( NULL,
- LDAP_OPT_X_TLS_KEYFILE,
- cargv[1] );
- if ( rc )
- return rc;
-
- } else if ( !strcasecmp( cargv[0], "TLSCACertificatePath" ) ) {
- rc = ldap_pvt_tls_set_option( NULL,
- LDAP_OPT_X_TLS_CACERTDIR,
- cargv[1] );
- if ( rc )
- return rc;
-
- } else if ( !strcasecmp( cargv[0], "TLSCACertificateFile" ) ) {
- rc = ldap_pvt_tls_set_option( NULL,
- LDAP_OPT_X_TLS_CACERTFILE,
- cargv[1] );
- if ( rc )
- return rc;
- } else if ( !strcasecmp( cargv[0], "TLSVerifyClient" ) ) {
- if ( isdigit( (unsigned char) cargv[1][0] ) ) {
- i = atoi(cargv[1]);
- rc = ldap_pvt_tls_set_option( NULL,
- LDAP_OPT_X_TLS_REQUIRE_CERT,
- &i );
- } else {
- rc = ldap_int_tls_config( NULL,
- LDAP_OPT_X_TLS_REQUIRE_CERT,
- cargv[1] );
- }
-
- if ( rc )
- return rc;
-
-#endif
-
- } else if ( !strcasecmp( cargv[0], "reverse-lookup" ) ) {
-#ifdef SLAPD_RLOOKUPS
- if ( cargc < 2 ) {
- Debug( LDAP_DEBUG_ANY,
-"%s: line %d: reverse-lookup: missing \"on\" or \"off\"\n",
- fname, lineno, 0 );
- return( 1 );
- }
-
- if ( !strcasecmp( cargv[1], "on" ) ) {
- use_reverse_lookup = 1;
- } else if ( !strcasecmp( cargv[1], "off" ) ) {
- use_reverse_lookup = 0;
- } else {
- Debug( LDAP_DEBUG_ANY,
-"%s: line %d: reverse-lookup: must be \"on\" (default) or \"off\"\n",
- fname, lineno, 0 );
- return( 1 );
- }
-
-#else /* !SLAPD_RLOOKUPS */
- Debug( LDAP_DEBUG_ANY,
-"%s: line %d: reverse lookups are not configured (ignored).\n",
- fname, lineno, 0 );
-#endif /* !SLAPD_RLOOKUPS */
-
- /* Netscape plugins */
- } else if ( strcasecmp( cargv[0], "plugin" ) == 0 ) {
-#if defined( LDAP_SLAPI )
-
-#ifdef notdef /* allow global plugins, too */
- /*
- * a "plugin" line must be inside a database
- * definition, since we implement pre-,post-
- * and extended operation plugins
- */
- if ( be == NULL ) {
- Debug( LDAP_DEBUG_ANY, "%s: line %d: plugin "
- "line must appear inside a database "
- "definition\n", fname, lineno, 0 );
- return( 1 );
- }
-#endif /* notdef */
-
- if ( slapi_int_read_config( be, fname, lineno, cargc, cargv )
- != LDAP_SUCCESS )
- {
- Debug( LDAP_DEBUG_ANY, "%s: line %d: SLAPI "
- "config read failed.\n", fname, lineno, 0 );
- return( 1 );
- }
- slapi_plugins_used++;
-
-#else /* !defined( LDAP_SLAPI ) */
- Debug( LDAP_DEBUG_ANY, "%s: line %d: SLAPI "
- "not supported.\n", fname, lineno, 0 );
- return( 1 );
-
-#endif /* !defined( LDAP_SLAPI ) */
-
- /* Netscape plugins */
- } else if ( strcasecmp( cargv[0], "pluginlog" ) == 0 ) {
-#if defined( LDAP_SLAPI )
- if ( cargc < 2 ) {
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d: missing file name "
- "in pluginlog <filename> line.\n",
- fname, lineno, 0 );
- return( 1 );
- }
-
- if ( slapi_log_file != NULL ) {
- ch_free( slapi_log_file );
- }
-
- slapi_log_file = ch_strdup( cargv[1] );
-#endif /* !defined( LDAP_SLAPI ) */
-
- /* pass anything else to the current backend info/db config routine */
- } else {
- if ( bi != NULL ) {
- if ( bi->bi_config ) {
- rc = (*bi->bi_config)( bi, fname, lineno, cargc, cargv );
-
- switch ( rc ) {
- case 0:
- break;
-
- case SLAP_CONF_UNKNOWN:
- Debug( LDAP_DEBUG_ANY,
-"%s: line %d: unknown directive \"%s\" inside backend info definition (ignored)\n",
- fname, lineno, cargv[0] );
- break;
-
- default:
- return 1;
- }
- }
-
- } else if ( be != NULL ) {
- if ( be->be_config ) {
- rc = (*be->be_config)( be, fname, lineno, cargc, cargv );
-
- switch ( rc ) {
- case 0:
- break;
-
- case SLAP_CONF_UNKNOWN:
- Debug( LDAP_DEBUG_ANY,
-"%s: line %d: unknown directive \"%s\" inside backend database definition (ignored)\n",
- fname, lineno, cargv[0] );
- break;
-
- default:
- return 1;
- }
- }
-
- } else {
- if ( frontendDB->be_config ) {
- rc = (*frontendDB->be_config)( frontendDB, fname, lineno, cargc, cargv );
-
- switch ( rc ) {
- case 0:
- break;
-
- case SLAP_CONF_UNKNOWN:
- Debug( LDAP_DEBUG_ANY,
-"%s: line %d: unknown directive \"%s\" inside global database definition (ignored)\n",
- fname, lineno, cargv[0] );
- break;