- if ( be == NULL ) {
- lim = &frontendDB->be_def_limit;
- } else {
- lim = &be->be_def_limit;
- }
-
- for ( i = 1; i < cargc; i++ ) {
- if ( strncasecmp( cargv[i], "size", 4 ) == 0 ) {
- rc = limits_parse_one( cargv[i], lim );
- if ( rc ) {
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d: unable "
- "to parse value \"%s\" "
- "in \"sizelimit "
- "<limit>\" line\n",
- fname, lineno, cargv[i] );
- return( 1 );
- }
-
- } else {
- if ( strcasecmp( cargv[i], "unlimited" ) == 0 ) {
- lim->lms_s_soft = -1;
- } else {
- lim->lms_s_soft = strtol( cargv[i] , &next, 0 );
- if ( next == cargv[i] ) {
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d: unable to parse limit \"%s\" in \"sizelimit <limit>\" line\n",
- fname, lineno, cargv[i] );
- return( 1 );
-
- } else if ( next[0] != '\0' ) {
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d: trailing chars \"%s\" in \"sizelimit <limit>\" line ignored\n",
- fname, lineno, next );
- }
- }
- lim->lms_s_hard = 0;
- }
- }
-
- /* set time limit */
- } else if ( strcasecmp( cargv[0], "timelimit" ) == 0 ) {
- int rc = 0, i;
- struct slap_limits_set *lim;
-
- if ( cargc < 2 ) {
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d: missing limit in \"timelimit <limit>\" line\n",
- fname, lineno, 0 );
-
- return( 1 );
- }
-
- if ( be == NULL ) {
- lim = &frontendDB->be_def_limit;
- } else {
- lim = &be->be_def_limit;
- }
-
- for ( i = 1; i < cargc; i++ ) {
- if ( strncasecmp( cargv[i], "time", 4 ) == 0 ) {
- rc = limits_parse_one( cargv[i], lim );
- if ( rc ) {
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d: unable "
- "to parse value \"%s\" "
- "in \"timelimit "
- "<limit>\" line\n",
- fname, lineno, cargv[i] );
- return( 1 );
- }
-
- } else {
- if ( strcasecmp( cargv[i], "unlimited" ) == 0 ) {
- lim->lms_t_soft = -1;
- } else {
- lim->lms_t_soft = strtol( cargv[i] , &next, 0 );
- if ( next == cargv[i] ) {
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d: unable to parse limit \"%s\" in \"timelimit <limit>\" line\n",
- fname, lineno, cargv[i] );
- return( 1 );
-
- } else if ( next[0] != '\0' ) {
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d: trailing chars \"%s\" in \"timelimit <limit>\" line ignored\n",
- fname, lineno, next );
- }
- }
- lim->lms_t_hard = 0;
- }
- }
-
- /* set regex-based limits */
- } else if ( strcasecmp( cargv[0], "limits" ) == 0 ) {
- if ( be == NULL ) {
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d \"limits\" allowed only in database environment.\n%s",
- fname, lineno, "" );
- return( 1 );
- }
-
- if ( limits_parse( be, fname, lineno, cargc, cargv ) ) {
- return( 1 );
- }
-
- /* mark this as a subordinate database */
- } else if ( strcasecmp( cargv[0], "subordinate" ) == 0 ) {
- if ( be == NULL ) {
- Debug( LDAP_DEBUG_ANY, "%s: line %d: subordinate keyword "
- "must appear inside a database definition.\n",
- fname, lineno, 0 );
- return 1;
-
- } else {
- SLAP_DBFLAGS(be) |= SLAP_DBFLAG_GLUE_SUBORDINATE;
- num_subordinates++;
- }
-
- /* add an overlay to this backend */
- } else if ( strcasecmp( cargv[0], "overlay" ) == 0 ) {
- if ( be == NULL ) {
- if ( cargv[1][0] == '-' && overlay_config( frontendDB, &cargv[1][1] ) ) {
- /* log error */
- Debug( LDAP_DEBUG_ANY, "%s: line %d: "
- "(optional) global overlay \"%s\" configuration "
- "failed (ignored)\n", fname, lineno, &cargv[1][1] );
- } else if ( overlay_config( frontendDB, cargv[1] ) ) {
- return 1;
- }
-
- } else {
- if ( cargv[1][0] == '-' && overlay_config( be, &cargv[1][1] ) ) {
- /* log error */
- Debug( LDAP_DEBUG_ANY, "%s: line %d: "
- "(optional) overlay \"%s\" configuration "
- "failed (ignored)\n", fname, lineno, &cargv[1][1] );
- } else if ( overlay_config( be, cargv[1] ) ) {
- return 1;
- }
- }
-
- /* set database suffix */
- } else if ( strcasecmp( cargv[0], "suffix" ) == 0 ) {
- Backend *tmp_be;
- struct berval dn, pdn, ndn;
-
- if ( cargc < 2 ) {
- Debug( LDAP_DEBUG_ANY, "%s: line %d: "
- "missing dn in \"suffix <dn>\" line\n",
- fname, lineno, 0 );
-
- return( 1 );
-
- } else if ( cargc > 2 ) {
- Debug( LDAP_DEBUG_ANY, "%s: line %d: extra cruft "
- "after <dn> in \"suffix %s\" line (ignored)\n",
- fname, lineno, cargv[1] );
- }
-
- if ( be == NULL ) {
- Debug( LDAP_DEBUG_ANY, "%s: line %d: suffix line "
- "must appear inside a database definition\n",
- fname, lineno, 0 );
- return( 1 );
-
-#if defined(SLAPD_MONITOR_DN)
- /* "cn=Monitor" is reserved for monitoring slap */
- } else if ( strcasecmp( cargv[1], SLAPD_MONITOR_DN ) == 0 ) {
- Debug( LDAP_DEBUG_ANY, "%s: line %d: \""
- "%s\" is reserved for monitoring slapd\n",
- fname, lineno, SLAPD_MONITOR_DN );
- return( 1 );
-#endif /* SLAPD_MONITOR_DN */
- }
-
- if ( load_ucdata( NULL ) < 0 ) return 1;
-
- dn.bv_val = cargv[1];
- dn.bv_len = strlen( cargv[1] );
-
- rc = dnPrettyNormal( NULL, &dn, &pdn, &ndn, NULL );
- if( rc != LDAP_SUCCESS ) {
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d: suffix DN is invalid\n",
- fname, lineno, 0 );
- return( 1 );
- }
-
- tmp_be = select_backend( &ndn, 0, 0 );
- if ( tmp_be == be ) {
- Debug( LDAP_DEBUG_ANY, "%s: line %d: suffix "
- "already served by this backend (ignored)\n",
- fname, lineno, 0 );
- free( pdn.bv_val );
- free( ndn.bv_val );
-
- } else if ( tmp_be != NULL ) {
- Debug( LDAP_DEBUG_ANY, "%s: line %d: suffix "
- "already served by a preceeding backend \"%s\"\n",
- fname, lineno, tmp_be->be_suffix[0].bv_val );
- free( pdn.bv_val );
- free( ndn.bv_val );
- return( 1 );
-
- } else if( pdn.bv_len == 0 && default_search_nbase.bv_len ) {
- Debug( LDAP_DEBUG_ANY, "%s: line %d: "
- "suffix DN empty and default "
- "search base provided \"%s\" (assuming okay)\n",
- fname, lineno, default_search_base.bv_val );
- }
-
- ber_bvarray_add( &be->be_suffix, &pdn );
- ber_bvarray_add( &be->be_nsuffix, &ndn );
-
- /* set max deref depth */
- } else if ( strcasecmp( cargv[0], "maxDerefDepth" ) == 0 ) {
- int i;
- if ( cargc < 2 ) {
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d: missing depth in \"maxDerefDepth <depth>\" line\n",
- fname, lineno, 0 );
-
- return( 1 );
- }
- if ( be == NULL ) {
- Debug( LDAP_DEBUG_ANY,
-"%s: line %d: depth line must appear inside a database definition.\n",
- fname, lineno, 0 );
- return 1;
- }
-
- i = strtol( cargv[1], &next, 10 );
- if ( next == NULL || next[0] != '\0' ) {
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d: unable to parse depth \"%s\" in \"maxDerefDepth <depth>\" "
- "line.\n", fname, lineno, cargv[1] );
- return 1;
- }
-
- if (i < 0) {
- Debug( LDAP_DEBUG_ANY,
-"%s: line %d: depth must be positive.\n",
- fname, lineno, 0 );
- return 1;
-
-
- }
- be->be_max_deref_depth = i;
-
- /* set magic "root" dn for this database */
- } else if ( strcasecmp( cargv[0], "rootdn" ) == 0 ) {
- if ( cargc < 2 ) {
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d: missing dn in \"rootdn <dn>\" line\n",
- fname, lineno, 0 );
-
- return( 1 );
- }
-
- if ( be == NULL ) {
- Debug( LDAP_DEBUG_ANY,
-"%s: line %d: rootdn line must appear inside a database definition.\n",
- fname, lineno, 0 );
- return 1;
-
- } else {
- struct berval dn;
-
- if ( load_ucdata( NULL ) < 0 ) return 1;
-
- dn.bv_val = cargv[1];
- dn.bv_len = strlen( cargv[1] );
-
- rc = dnPrettyNormal( NULL, &dn,
- &be->be_rootdn,
- &be->be_rootndn, NULL );
-
- if( rc != LDAP_SUCCESS ) {
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d: rootdn DN is invalid\n",
- fname, lineno, 0 );
- return( 1 );
- }
- }
-
- /* set super-secret magic database password */
- } else if ( strcasecmp( cargv[0], "rootpw" ) == 0 ) {
- if ( cargc < 2 ) {
- Debug( LDAP_DEBUG_ANY, "%s: line %d: "
- "missing passwd in \"rootpw <passwd>\" line\n",
- fname, lineno, 0 );
-
- return( 1 );
- }
-
- if ( be == NULL ) {
- Debug( LDAP_DEBUG_ANY, "%s: line %d: "
- "rootpw line must appear inside a database "
- "definition.\n",
- fname, lineno, 0 );
- return 1;
-
- } else {
- Backend *tmp_be = select_backend( &be->be_rootndn, 0, 0 );
-
- if( tmp_be != be ) {
- Debug( LDAP_DEBUG_ANY, "%s: line %d: "
- "rootpw can only be set when rootdn is under suffix\n",
- fname, lineno, 0 );
- return 1;
- }
-
- be->be_rootpw.bv_val = ch_strdup( cargv[1] );
- be->be_rootpw.bv_len = strlen( be->be_rootpw.bv_val );
- }
-
- /* make this database read-only */
- } else if ( strcasecmp( cargv[0], "readonly" ) == 0 ) {
- if ( cargc < 2 ) {
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d: missing on|off in \"readonly <on|off>\" line\n",
- fname, lineno, 0 );
-
- return( 1 );
- }
- if ( be == NULL ) {
- if ( strcasecmp( cargv[1], "on" ) == 0 ) {
- frontendDB->be_restrictops |= SLAP_RESTRICT_OP_WRITES;
- } else {
- frontendDB->be_restrictops &= ~SLAP_RESTRICT_OP_WRITES;
- }
-
- } else {
- if ( strcasecmp( cargv[1], "on" ) == 0 ) {
- be->be_restrictops |= SLAP_RESTRICT_OP_WRITES;
- } else {
- be->be_restrictops &= ~SLAP_RESTRICT_OP_WRITES;
- }
- }
-
- /* restricts specific operations */
- } else if ( strcasecmp( cargv[0], "restrict" ) == 0 ) {
- slap_mask_t restrictops = 0;
- struct restrictable_exops_t {
- char *name;
- int flag;
- } restrictable_exops[] = {
- { LDAP_EXOP_START_TLS, SLAP_RESTRICT_EXOP_START_TLS },
- { LDAP_EXOP_MODIFY_PASSWD, SLAP_RESTRICT_EXOP_MODIFY_PASSWD },
- { LDAP_EXOP_X_WHO_AM_I, SLAP_RESTRICT_EXOP_WHOAMI },
- { LDAP_EXOP_X_CANCEL, SLAP_RESTRICT_EXOP_CANCEL },
- { NULL, 0 }
- };
- int i;
-
- if ( cargc < 2 ) {
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d: missing <op_list> in \"restrict <op_list>\" "
- "line.\n", fname, lineno, 0 );
- return 1;
- }
-
- for ( i = 1; i < cargc; i++ ) {
- if ( strcasecmp( cargv[ i ], "read" ) == 0 ) {
- restrictops |= SLAP_RESTRICT_OP_READS;
-
- } else if ( strcasecmp( cargv[ i ], "write" ) == 0 ) {
- restrictops |= SLAP_RESTRICT_OP_WRITES;
-
- } else if ( strcasecmp( cargv[ i ], "add" ) == 0 ) {
- restrictops |= SLAP_RESTRICT_OP_ADD;
-
- } else if ( strcasecmp( cargv[ i ], "bind" ) == 0 ) {
- restrictops |= SLAP_RESTRICT_OP_BIND;
-
- } else if ( strcasecmp( cargv[ i ], "compare" ) == 0 ) {
- restrictops |= SLAP_RESTRICT_OP_COMPARE;
-
- } else if ( strcasecmp( cargv[ i ], "delete" ) == 0 ) {
- restrictops |= SLAP_RESTRICT_OP_DELETE;
-
- } else if ( strncasecmp( cargv[ i ], "extended",
- STRLENOF( "extended" ) ) == 0 )
- {
- char *e = cargv[ i ] + STRLENOF( "extended" );
-
- if ( e[0] == '=' ) {
- int j;
-
- e++;
- for ( j = 0; restrictable_exops[ j ].name; j++ ) {
- if ( strcmp( e, restrictable_exops[j].name ) == 0 )
- {
- restrictops |= restrictable_exops[ j ].flag;
- break;
- }
- }
-
- if ( restrictable_exops[ j ].name == NULL ) {
- goto restrict_unknown;
- }
-
- restrictops &= ~SLAP_RESTRICT_OP_EXTENDED;
-
- } else if ( e[0] == '\0' ) {
- restrictops &= ~SLAP_RESTRICT_EXOP_MASK;
- restrictops |= SLAP_RESTRICT_OP_EXTENDED;
-
- } else {
- goto restrict_unknown;
- }
-
- } else if ( strcasecmp( cargv[ i ], "modify" ) == 0 ) {
- restrictops |= SLAP_RESTRICT_OP_MODIFY;
-
- } else if ( strcasecmp( cargv[ i ], "rename" ) == 0
- || strcasecmp( cargv[ i ], "modrdn" ) == 0 )
- {
- restrictops |= SLAP_RESTRICT_OP_RENAME;
-
- } else if ( strcasecmp( cargv[ i ], "search" ) == 0 ) {
- restrictops |= SLAP_RESTRICT_OP_SEARCH;
-
- } else {
-restrict_unknown:;
-
- Debug( LDAP_DEBUG_ANY, "%s: line %d: "
- "unknown operation %s in \"allow <features>\" line\n",
- fname, lineno, cargv[i] );
- return 1;
- }
- }
-
- if ( be == NULL ) {
- frontendDB->be_restrictops |= restrictops;
- } else {
- be->be_restrictops |= restrictops;
- }
-
- /* allow these features */
- } else if ( strcasecmp( cargv[0], "allows" ) == 0 ||
- strcasecmp( cargv[0], "allow" ) == 0 )
- {
- slap_mask_t allows = 0;
-
- if ( be != NULL ) {
- Debug( LDAP_DEBUG_ANY,
-"%s: line %d: allow line must appear prior to database definitions\n",
- fname, lineno, 0 );
-
- }
-
- if ( cargc < 2 ) {
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d: missing feature(s) in \"allow <features>\" line\n",
- fname, lineno, 0 );
-
- return( 1 );
- }
-
- for( i=1; i < cargc; i++ ) {
- if( strcasecmp( cargv[i], "bind_v2" ) == 0 ) {
- allows |= SLAP_ALLOW_BIND_V2;
-
- } else if( strcasecmp( cargv[i], "bind_anon_cred" ) == 0 ) {
- allows |= SLAP_ALLOW_BIND_ANON_CRED;
-
- } else if( strcasecmp( cargv[i], "bind_anon_dn" ) == 0 ) {
- allows |= SLAP_ALLOW_BIND_ANON_DN;
-
- } else if( strcasecmp( cargv[i], "update_anon" ) == 0 ) {
- allows |= SLAP_ALLOW_UPDATE_ANON;
-
- } else {
- Debug( LDAP_DEBUG_ANY, "%s: line %d: "
- "unknown feature %s in \"allow <features>\" line\n",
- fname, lineno, cargv[i] );
-
- return 1;
- }
- }
-
- global_allows |= allows;
-
- /* disallow these features */
- } else if ( strcasecmp( cargv[0], "disallows" ) == 0 ||
- strcasecmp( cargv[0], "disallow" ) == 0 )
- {
- slap_mask_t disallows = 0;
-
- if ( be != NULL ) {
- Debug( LDAP_DEBUG_ANY,
-"%s: line %d: disallow line must appear prior to database definitions\n",
- fname, lineno, 0 );
-
- }
-
- if ( cargc < 2 ) {
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d: missing feature(s) in \"disallow <features>\" line\n",
- fname, lineno, 0 );
-
- return( 1 );
- }
-
- for( i=1; i < cargc; i++ ) {
- if( strcasecmp( cargv[i], "bind_anon" ) == 0 ) {
- disallows |= SLAP_DISALLOW_BIND_ANON;
-
- } else if( strcasecmp( cargv[i], "bind_simple" ) == 0 ) {
- disallows |= SLAP_DISALLOW_BIND_SIMPLE;
-
- } else if( strcasecmp( cargv[i], "bind_krbv4" ) == 0 ) {
- disallows |= SLAP_DISALLOW_BIND_KRBV4;
-
- } else if( strcasecmp( cargv[i], "tls_2_anon" ) == 0 ) {
- disallows |= SLAP_DISALLOW_TLS_2_ANON;
-
- } else if( strcasecmp( cargv[i], "tls_authc" ) == 0 ) {
- disallows |= SLAP_DISALLOW_TLS_AUTHC;
-
- } else {
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d: unknown feature %s in \"disallow <features>\" line\n",
- fname, lineno, cargv[i] );
-
- return 1;
- }
- }
-
- global_disallows |= disallows;
-
- /* require these features */
- } else if ( strcasecmp( cargv[0], "requires" ) == 0 ||
- strcasecmp( cargv[0], "require" ) == 0 )
- {
- slap_mask_t requires = 0;
-
- if ( cargc < 2 ) {
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d: missing feature(s) in \"require <features>\" line\n",
- fname, lineno, 0 );
-
- return( 1 );
- }
-
- for( i=1; i < cargc; i++ ) {
- if( strcasecmp( cargv[i], "bind" ) == 0 ) {
- requires |= SLAP_REQUIRE_BIND;
-
- } else if( strcasecmp( cargv[i], "LDAPv3" ) == 0 ) {
- requires |= SLAP_REQUIRE_LDAP_V3;
-
- } else if( strcasecmp( cargv[i], "authc" ) == 0 ) {
- requires |= SLAP_REQUIRE_AUTHC;
-
- } else if( strcasecmp( cargv[i], "SASL" ) == 0 ) {
- requires |= SLAP_REQUIRE_SASL;
-
- } else if( strcasecmp( cargv[i], "strong" ) == 0 ) {
- requires |= SLAP_REQUIRE_STRONG;
-
- } else if( strcasecmp( cargv[i], "none" ) != 0 ) {
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d: unknown feature %s in \"require <features>\" line\n",
- fname, lineno, cargv[i] );
-
- return( 1 );
- }
- }
-
- if ( be == NULL ) {
- frontendDB->be_requires = requires;
- } else {
- be->be_requires = requires;
- }
-
- } else if ( strcasecmp( cargv[0], "security" ) == 0 ) {
- slap_ssf_set_t *set;
-
- if ( cargc < 2 ) {
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d: missing factor(s) in \"security <factors>\" line\n",
- fname, lineno, 0 );
-
- return( 1 );
- }
-
- if ( be == NULL ) {
- set = &frontendDB->be_ssf_set;
- } else {
- set = &be->be_ssf_set;
- }
-
- for( i=1; i < cargc; i++ ) {
- slap_ssf_t *tgt;
- char *src;
-
- if ( strncasecmp( cargv[i], "ssf=",
- STRLENOF("ssf=") ) == 0 )
- {
- tgt = &set->sss_ssf;
- src = &cargv[i][STRLENOF("ssf=")];
-
- } else if ( strncasecmp( cargv[i], "transport=",
- STRLENOF("transport=") ) == 0 )
- {
- tgt = &set->sss_transport;
- src = &cargv[i][STRLENOF("transport=")];
-
- } else if ( strncasecmp( cargv[i], "tls=",
- STRLENOF("tls=") ) == 0 )
- {
- tgt = &set->sss_tls;
- src = &cargv[i][STRLENOF("tls=")];
-
- } else if ( strncasecmp( cargv[i], "sasl=",
- STRLENOF("sasl=") ) == 0 )
- {
- tgt = &set->sss_sasl;
- src = &cargv[i][STRLENOF("sasl=")];
-
- } else if ( strncasecmp( cargv[i], "update_ssf=",
- STRLENOF("update_ssf=") ) == 0 )
- {
- tgt = &set->sss_update_ssf;
- src = &cargv[i][STRLENOF("update_ssf=")];
-
- } else if ( strncasecmp( cargv[i], "update_transport=",
- STRLENOF("update_transport=") ) == 0 )
- {
- tgt = &set->sss_update_transport;
- src = &cargv[i][STRLENOF("update_transport=")];
-
- } else if ( strncasecmp( cargv[i], "update_tls=",
- STRLENOF("update_tls=") ) == 0 )
- {
- tgt = &set->sss_update_tls;
- src = &cargv[i][STRLENOF("update_tls=")];
-
- } else if ( strncasecmp( cargv[i], "update_sasl=",
- STRLENOF("update_sasl=") ) == 0 )
- {
- tgt = &set->sss_update_sasl;
- src = &cargv[i][STRLENOF("update_sasl=")];
-
- } else if ( strncasecmp( cargv[i], "simple_bind=",
- STRLENOF("simple_bind=") ) == 0 )
- {
- tgt = &set->sss_simple_bind;
- src = &cargv[i][STRLENOF("simple_bind=")];
-
- } else {
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d: unknown factor %s in \"security <factors>\" line\n",
- fname, lineno, cargv[i] );
-
- return( 1 );
- }
-
- *tgt = strtol( src, &next, 10 );
- if ( next == NULL || next[0] != '\0' ) {
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d: unable to parse factor \"%s\" in \"security <factors>\" line\n",
- fname, lineno, cargv[i] );
-
- return( 1 );
- }
- }
-
- /* where to send clients when we don't hold it */
- } else if ( strcasecmp( cargv[0], "referral" ) == 0 ) {
- if ( cargc < 2 ) {
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d: missing URL in \"referral <URL>\" line\n",
- fname, lineno, 0 );
-
- return( 1 );
- }
-
- if( validate_global_referral( cargv[1] ) ) {
- Debug( LDAP_DEBUG_ANY, "%s: line %d: "
- "invalid URL (%s) in \"referral\" line.\n",
- fname, lineno, cargv[1] );
- return 1;
- }
-
- vals[0].bv_val = cargv[1];
- vals[0].bv_len = strlen( vals[0].bv_val );
- if( value_add( &default_referral, vals ) )
- return LDAP_OTHER;
-
- /* start of a new database definition */
- } else if ( strcasecmp( cargv[0], "debug" ) == 0 ) {
- int level;
- if ( cargc < 3 ) {
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d: Error in debug directive, \"debug subsys level\"\n",
- fname, lineno, 0 );
- return( 1 );
- }
- level = strtol( cargv[2], &next, 10 );
- if ( next == NULL || next[0] != '\0' ){
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d: unable to parse level \"%s\" in debug directive, "
- "\"debug <subsys> <level>\"\n", fname, lineno , cargv[2] );
- return( 1 );
- }
-
- if ( level <= 0 ) level = lutil_mnem2level( cargv[2] );
- lutil_set_debug_level( cargv[1], level );
- /* specify an Object Identifier macro */
- } else if ( strcasecmp( cargv[0], "objectidentifier" ) == 0 ) {
- rc = parse_oidm( fname, lineno, cargc, cargv );
- if( rc ) return rc;
-
- /* specify an objectclass */
- } else if ( strcasecmp( cargv[0], "objectclass" ) == 0 ) {
- if ( cargc < 2 ) {
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d: illegal objectclass format.\n",
- fname, lineno, 0 );
- return( 1 );
-
- } else if ( *cargv[1] == '(' /*')'*/) {
- char * p;
- p = strchr(saveline,'(' /*')'*/);
- rc = parse_oc( fname, lineno, p, cargv );
- if( rc ) return rc;
-
- } else {
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d: old objectclass format not supported.\n",
- fname, lineno, 0 );
- }
-
- } else if ( strcasecmp( cargv[0], "ditcontentrule" ) == 0 ) {
- char * p;
- p = strchr(saveline,'(' /*')'*/);
- rc = parse_cr( fname, lineno, p, cargv );
- if( rc ) return rc;
-
- /* specify an attribute type */
- } else if (( strcasecmp( cargv[0], "attributetype" ) == 0 )
- || ( strcasecmp( cargv[0], "attribute" ) == 0 ))
- {
- if ( cargc < 2 ) {
- Debug( LDAP_DEBUG_ANY, "%s: line %d: "
- "illegal attribute type format.\n",
- fname, lineno, 0 );
- return( 1 );
-
- } else if ( *cargv[1] == '(' /*')'*/) {
- char * p;
- p = strchr(saveline,'(' /*')'*/);
- rc = parse_at( fname, lineno, p, cargv );
- if( rc ) return rc;
-
- } else {
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d: old attribute type format not supported.\n",
- fname, lineno, 0 );
-
- }
-
- /* define attribute option(s) */
- } else if ( strcasecmp( cargv[0], "attributeoptions" ) == 0 ) {
- ad_define_option( NULL, NULL, 0 );
- for ( i = 1; i < cargc; i++ )
- if ( ad_define_option( cargv[i], fname, lineno ) != 0 )
- return 1;
-
- /* turn on/off schema checking */
- } else if ( strcasecmp( cargv[0], "schemacheck" ) == 0 ) {
- if ( cargc < 2 ) {
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d: missing on|off in \"schemacheck <on|off>\" line\n",
- fname, lineno, 0 );
-
- return( 1 );
- }
- if ( strcasecmp( cargv[1], "off" ) == 0 ) {
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d: schema checking disabled! your mileage may vary!\n",
- fname, lineno, 0 );
- global_schemacheck = 0;
- } else {
- global_schemacheck = 1;
- }
-
- /* specify access control info */
- } else if ( strcasecmp( cargv[0], "access" ) == 0 ) {
- parse_acl( be, fname, lineno, cargc, cargv );
-
- /* debug level to log things to syslog */
- } else if ( strcasecmp( cargv[0], "loglevel" ) == 0 ) {
- if ( cargc < 2 ) {
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d: missing level(s) in \"loglevel <level> [...]\" line\n",
- fname, lineno, 0 );
-
- return( 1 );
- }
-
- ldap_syslog = 0;
-
- for( i=1; i < cargc; i++ ) {
- int level;
-
- if ( isdigit( cargv[i][0] ) ) {
- level = strtol( cargv[i], &next, 10 );
- if ( next == NULL || next[0] != '\0' ) {
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d: unable to parse level \"%s\" "
- "in \"loglevel <level> [...]\" line.\n",
- fname, lineno , cargv[i] );
- return( 1 );
- }
-
- } else {
- static struct {
- int i;
- char *s;
- } int_2_level[] = {
- { LDAP_DEBUG_TRACE, "Trace" },
- { LDAP_DEBUG_PACKETS, "Packets" },
- { LDAP_DEBUG_ARGS, "Args" },
- { LDAP_DEBUG_CONNS, "Conns" },
- { LDAP_DEBUG_BER, "BER" },
- { LDAP_DEBUG_FILTER, "Filter" },
- { LDAP_DEBUG_CONFIG, "Config" },
- { LDAP_DEBUG_ACL, "ACL" },
- { LDAP_DEBUG_STATS, "Stats" },
- { LDAP_DEBUG_STATS2, "Stats2" },
- { LDAP_DEBUG_SHELL, "Shell" },
- { LDAP_DEBUG_PARSE, "Parse" },
- { LDAP_DEBUG_CACHE, "Cache" },
- { LDAP_DEBUG_INDEX, "Index" },
- { -1, "Any" },
- { 0, NULL }
- };
- int j;
-
- for ( j = 0; int_2_level[j].s; j++ ) {
- if ( strcasecmp( cargv[i], int_2_level[j].s ) == 0 ) {
- level = int_2_level[j].i;
- break;
- }
- }
-
- if ( int_2_level[j].s == NULL ) {
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d: unknown level \"%s\" "
- "in \"loglevel <level> [...]\" line.\n",
- fname, lineno , cargv[i] );
- return( 1 );
- }
- }
-
- ldap_syslog |= level;
- }
-
- /* list of sync replication information in this backend (slave only) */
- } else if ( strcasecmp( cargv[0], "syncrepl" ) == 0 ) {
-
- if ( be == NULL ) {
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d: syncrepl line must appear inside "
- "a database definition.\n", fname, lineno, 0);
- return 1;
-
- } else if ( SLAP_SHADOW( be )) {
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d: syncrepl: database already shadowed.\n",
- fname, lineno, 0);
- return 1;
-
- } else if ( add_syncrepl( be, cargv, cargc )) {
- return 1;
- }
-
- SLAP_DBFLAGS(be) |= ( SLAP_DBFLAG_SHADOW | SLAP_DBFLAG_SYNC_SHADOW );
-
- /* list of replicas of the data in this backend (master only) */
- } else if ( strcasecmp( cargv[0], "replica" ) == 0 ) {
- if ( cargc < 2 ) {
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d: missing host or uri in \"replica <host[:port]>\" line\n",
- fname, lineno, 0 );
-
- return( 1 );
- }
- if ( be == NULL ) {
- Debug( LDAP_DEBUG_ANY,
-"%s: line %d: replica line must appear inside a database definition\n",
- fname, lineno, 0 );
- return 1;
-
- } else {
- int nr = -1;
-
- for ( i = 1; i < cargc; i++ ) {
- if ( strncasecmp( cargv[i], "host=", 5 )
- == 0 ) {
- nr = add_replica_info( be,
- cargv[i] + 5 );
- break;
- } else if (strncasecmp( cargv[i], "uri=", 4 )
- == 0 ) {
- if ( ldap_url_parse( cargv[ i ] + 4, &ludp )
- != LDAP_SUCCESS ) {
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d: replica line contains invalid "
- "uri definition.\n", fname, lineno, 0);
- return 1;
- }
- if (ludp->lud_host == NULL ) {
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d: replica line contains invalid "
- "uri definition - missing hostname.\n", fname, lineno, 0);
- return 1;
- }
- replicahost = ch_malloc( strlen( cargv[ i ] ) );
- if ( replicahost == NULL ) {
- Debug( LDAP_DEBUG_ANY,
- "out of memory in read_config\n", 0, 0, 0 );
- ldap_free_urldesc( ludp );
- exit( EXIT_FAILURE );
- }
- sprintf(replicahost, "%s:%d",
- ludp->lud_host, ludp->lud_port);
- nr = add_replica_info( be, replicahost );
- ldap_free_urldesc( ludp );
- ch_free(replicahost);
- break;
- }
- }
- if ( i == cargc ) {
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d: missing host or uri in \"replica\" line\n",
- fname, lineno, 0 );
- return 1;
-
- } else if ( nr == -1 ) {
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d: unable to add replica \"%s\"\n",
- fname, lineno, cargv[i] + 5 );
- return 1;
- } else {
- for ( i = 1; i < cargc; i++ ) {
- if ( strncasecmp( cargv[i], "suffix=", 7 ) == 0 ) {
-
- switch ( add_replica_suffix( be, nr, cargv[i] + 7 ) ) {
- case 1:
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d: suffix \"%s\" in \"replica\" line is not valid for backend (ignored)\n",
- fname, lineno, cargv[i] + 7 );
- break;
-
- case 2:
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d: unable to normalize suffix in \"replica\" line (ignored)\n",
- fname, lineno, 0 );
- break;
- }
-
- } else if ( strncasecmp( cargv[i], "attr", 4 ) == 0 ) {
- int exclude = 0;
- char *arg = cargv[i] + 4;
-
- if ( arg[0] == '!' ) {
- arg++;
- exclude = 1;
- }
-
- if ( arg[0] != '=' ) {
- continue;
- }
-
- if ( add_replica_attrs( be, nr, arg + 1, exclude ) ) {
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d: attribute \"%s\" in \"replica\" line is unknown\n",
- fname, lineno, arg + 1 );
- return( 1 );
- }
- }
- }
- }
- }
-
- } else if ( strcasecmp( cargv[0], "replicationInterval" ) == 0 ) {
- /* ignore */
-
- /* dn of slave entity allowed to write to replica */
- } else if ( strcasecmp( cargv[0], "updatedn" ) == 0 ) {
- if ( cargc < 2 ) {
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d: missing dn in \"updatedn <dn>\" line\n",
- fname, lineno, 0 );
-
- return( 1 );
- }
- if ( be == NULL ) {
- Debug( LDAP_DEBUG_ANY,
-"%s: line %d: updatedn line must appear inside a database definition\n",
- fname, lineno, 0 );
- return 1;
-
- } else if ( SLAP_SHADOW(be) ) {
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d: updatedn: database already shadowed.\n",
- fname, lineno, 0);
- return 1;
-
- } else {
- struct berval dn;
-
- if ( load_ucdata( NULL ) < 0 ) return 1;
-
- dn.bv_val = cargv[1];
- dn.bv_len = strlen( cargv[1] );
-
- rc = dnNormalize( 0, NULL, NULL, &dn, &be->be_update_ndn, NULL );
- if( rc != LDAP_SUCCESS ) {
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d: updatedn DN is invalid\n",
- fname, lineno, 0 );
- return 1;
- }
-
- }
- SLAP_DBFLAGS(be) |= ( SLAP_DBFLAG_SHADOW | SLAP_DBFLAG_SLURP_SHADOW );
-
- } else if ( strcasecmp( cargv[0], "updateref" ) == 0 ) {
- if ( cargc < 2 ) {
- Debug( LDAP_DEBUG_ANY, "%s: line %d: "
- "missing url in \"updateref <ldapurl>\" line\n",
- fname, lineno, 0 );
-
- return( 1 );
- }
- if ( be == NULL ) {
- Debug( LDAP_DEBUG_ANY, "%s: line %d: updateref"
- " line must appear inside a database definition\n",
- fname, lineno, 0 );
- return 1;
-
- } else if ( !SLAP_SHADOW(be) ) {
- Debug( LDAP_DEBUG_ANY, "%s: line %d: "
- "updateref line must after syncrepl or updatedn.\n",
- fname, lineno, 0 );
- return 1;
- }
-
- if( validate_global_referral( cargv[1] ) ) {
- Debug( LDAP_DEBUG_ANY, "%s: line %d: "
- "invalid URL (%s) in \"updateref\" line.\n",
- fname, lineno, cargv[1] );
- return 1;
- }