- } else {
- if ( strcasecmp( cargv[i], "unlimited" ) == 0 ) {
- lim->lms_s_soft = -1;
- } else {
- char *next;
-
- lim->lms_s_soft = strtol( cargv[i] , &next, 0 );
- if ( next == cargv[i] ) {
-#ifdef NEW_LOGGING
- LDAP_LOG( CONFIG, CRIT,
- "%s: line %d: unable to parse limit \"%s\" in \"sizelimit <limit>\" "
- "line.\n", fname, lineno, cargv[i] );
-#else
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d: unable to parse limit \"%s\" in \"sizelimit <limit>\" line\n",
- fname, lineno, cargv[i] );
-#endif
- return( 1 );
-
- } else if ( next[0] != '\0' ) {
-#ifdef NEW_LOGGING
- LDAP_LOG( CONFIG, CRIT,
- "%s: line %d: trailing chars \"%s\" in \"sizelimit <limit>\" "
- "line ignored.\n", fname, lineno, next );
-#else
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d: trailing chars \"%s\" in \"sizelimit <limit>\" line ignored\n",
- fname, lineno, next );
-#endif
- }
- }
- lim->lms_s_hard = 0;
- }
- }
-
- /* set time limit */
- } else if ( strcasecmp( cargv[0], "timelimit" ) == 0 ) {
- int rc = 0, i;
- struct slap_limits_set *lim;
-
- if ( cargc < 2 ) {
-#ifdef NEW_LOGGING
- LDAP_LOG( CONFIG, CRIT,
- "%s: line %d missing limit in \"timelimit <limit>\" "
- "line.\n", fname, lineno, 0 );
-#else
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d: missing limit in \"timelimit <limit>\" line\n",
- fname, lineno, 0 );
-#endif
-
- return( 1 );
- }
-
- if ( be == NULL ) {
- lim = &deflimit;
- } else {
- lim = &be->be_def_limit;
- }
-
- for ( i = 1; i < cargc; i++ ) {
- if ( strncasecmp( cargv[i], "time", 4 ) == 0 ) {
- rc = limits_parse_one( cargv[i], lim );
- if ( rc ) {
-#ifdef NEW_LOGGING
- LDAP_LOG( CONFIG, CRIT,
- "%s: line %d: unable to parse value \"%s\" "
- "in \"timelimit <limit>\" line.\n",
- fname, lineno, cargv[i] );
-#else
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d: unable "
- "to parse value \"%s\" "
- "in \"timelimit "
- "<limit>\" line\n",
- fname, lineno, cargv[i] );
-#endif
- return( 1 );
- }
-
- } else {
- if ( strcasecmp( cargv[i], "unlimited" ) == 0 ) {
- lim->lms_t_soft = -1;
- } else {
- char *next;
-
- lim->lms_t_soft = strtol( cargv[i] , &next, 0 );
- if ( next == cargv[i] ) {
-#ifdef NEW_LOGGING
- LDAP_LOG( CONFIG, CRIT,
- "%s: line %d: unable to parse limit \"%s\" in \"timelimit <limit>\" "
- "line.\n", fname, lineno, cargv[i] );
-#else
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d: unable to parse limit \"%s\" in \"timelimit <limit>\" line\n",
- fname, lineno, cargv[i] );
-#endif
- return( 1 );
-
- } else if ( next[0] != '\0' ) {
-#ifdef NEW_LOGGING
- LDAP_LOG( CONFIG, CRIT,
- "%s: line %d: trailing chars \"%s\" in \"timelimit <limit>\" "
- "line ignored.\n", fname, lineno, next );
-#else
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d: trailing chars \"%s\" in \"timelimit <limit>\" line ignored\n",
- fname, lineno, next );
-#endif
- }
- }
- lim->lms_t_hard = 0;
- }
- }
-
- /* set regex-based limits */
- } else if ( strcasecmp( cargv[0], "limits" ) == 0 ) {
- if ( be == NULL ) {
-#ifdef NEW_LOGGING
- LDAP_LOG( CONFIG, WARNING,
- "%s: line %d \"limits\" allowed only in database "
- "environment.\n", fname, lineno, 0 );
-#else
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d \"limits\" allowed only in database environment.\n%s",
- fname, lineno, "" );
-#endif
- return( 1 );
- }
-
- if ( limits_parse( be, fname, lineno, cargc, cargv ) ) {
- return( 1 );
- }
-
- /* mark this as a subordinate database */
- } else if ( strcasecmp( cargv[0], "subordinate" ) == 0 ) {
- if ( be == NULL ) {
-#ifdef NEW_LOGGING
- LDAP_LOG( CONFIG, INFO, "%s: line %d: "
- "subordinate keyword must appear inside a database "
- "definition.\n", fname, lineno, 0 );
-#else
- Debug( LDAP_DEBUG_ANY, "%s: line %d: subordinate keyword "
- "must appear inside a database definition.\n",
- fname, lineno, 0 );
-#endif
- return 1;
-
- } else {
- SLAP_DBFLAGS(be) |= SLAP_DBFLAG_GLUE_SUBORDINATE;
- num_subordinates++;
- }
-
- /* add an overlay to this backend */
- } else if ( strcasecmp( cargv[0], "overlay" ) == 0 ) {
- if ( be == NULL ) {
-#ifdef NEW_LOGGING
- LDAP_LOG( CONFIG, INFO, "%s: line %d: "
- "overlay keyword must appear inside a database "
- "definition.\n", fname, lineno, 0 );
-#else
- Debug( LDAP_DEBUG_ANY, "%s: line %d: overlay keyword "
- "must appear inside a database definition.\n",
- fname, lineno, 0 );
-#endif
- return 1;
-
- } else {
- if ( cargv[1][0] == '-' && overlay_config( be, &cargv[1][1] ) ) {
- /* log error */
-#ifdef NEW_LOGGING
- LDAP_LOG( CONFIG, INFO, "%s: line %d: "
- "(optional) overlay \"%s\" configuration "
- "failed (ignored)\n", fname, lineno, &cargv[1][1] );
-#else
- Debug( LDAP_DEBUG_ANY, "%s: line %d: "
- "(optional) overlay \"%s\" configuration "
- "failed (ignored)\n", fname, lineno, &cargv[1][1] );
-#endif
- } else if ( overlay_config( be, cargv[1] ) ) {
- return 1;
- }
- }
-
- /* set database suffix */
- } else if ( strcasecmp( cargv[0], "suffix" ) == 0 ) {
- Backend *tmp_be;
- struct berval dn, pdn, ndn;
-
- if ( cargc < 2 ) {
-#ifdef NEW_LOGGING
- LDAP_LOG( CONFIG, CRIT,
- "%s: line %d: missing dn in \"suffix <dn>\" line.\n",
- fname, lineno, 0 );
-#else
- Debug( LDAP_DEBUG_ANY, "%s: line %d: "
- "missing dn in \"suffix <dn>\" line\n",
- fname, lineno, 0 );
-#endif
-
- return( 1 );
-
- } else if ( cargc > 2 ) {
-#ifdef NEW_LOGGING
- LDAP_LOG( CONFIG, INFO,
- "%s: line %d: extra cruft after <dn> in \"suffix %s\""
- " line (ignored).\n", fname, lineno, cargv[1] );
-#else
- Debug( LDAP_DEBUG_ANY, "%s: line %d: extra cruft "
- "after <dn> in \"suffix %s\" line (ignored)\n",
- fname, lineno, cargv[1] );
-#endif
- }
-
- if ( be == NULL ) {
-#ifdef NEW_LOGGING
- LDAP_LOG( CONFIG, INFO,
- "%s: line %d: suffix line must appear inside a database "
- "definition.\n", fname, lineno, 0 );
-#else
- Debug( LDAP_DEBUG_ANY, "%s: line %d: suffix line "
- "must appear inside a database definition\n",
- fname, lineno, 0 );
-#endif
- return( 1 );
-
-#if defined(SLAPD_MONITOR_DN)
- /* "cn=Monitor" is reserved for monitoring slap */
- } else if ( strcasecmp( cargv[1], SLAPD_MONITOR_DN ) == 0 ) {
-#ifdef NEW_LOGGING
- LDAP_LOG( CONFIG, CRIT, "%s: line %d: \""
- "%s\" is reserved for monitoring slapd\n",
- fname, lineno, SLAPD_MONITOR_DN );
-#else
- Debug( LDAP_DEBUG_ANY, "%s: line %d: \""
- "%s\" is reserved for monitoring slapd\n",
- fname, lineno, SLAPD_MONITOR_DN );
-#endif
- return( 1 );
-#endif /* SLAPD_MONITOR_DN */
- }
-
- if ( load_ucdata( NULL ) < 0 ) return 1;
-
- dn.bv_val = cargv[1];
- dn.bv_len = strlen( cargv[1] );
-
- rc = dnPrettyNormal( NULL, &dn, &pdn, &ndn, NULL );
- if( rc != LDAP_SUCCESS ) {
-#ifdef NEW_LOGGING
- LDAP_LOG( CONFIG, CRIT,
- "%s: line %d: suffix DN is invalid.\n",
- fname, lineno, 0 );
-#else
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d: suffix DN is invalid\n",
- fname, lineno, 0 );
-#endif
- return( 1 );
- }
-
- tmp_be = select_backend( &ndn, 0, 0 );
- if ( tmp_be == be ) {
-#ifdef NEW_LOGGING
- LDAP_LOG( CONFIG, INFO,
- "%s: line %d: suffix already served by this backend "
- "(ignored)\n", fname, lineno, 0 );
-#else
- Debug( LDAP_DEBUG_ANY, "%s: line %d: suffix "
- "already served by this backend (ignored)\n",
- fname, lineno, 0 );
-#endif
- free( pdn.bv_val );
- free( ndn.bv_val );
-
- } else if ( tmp_be != NULL ) {
-#ifdef NEW_LOGGING
- LDAP_LOG( CONFIG, INFO,
- "%s: line %d: suffix already served by a preceding "
- "backend \"%s\"\n", fname, lineno,
- tmp_be->be_suffix[0].bv_val );
-#else
- Debug( LDAP_DEBUG_ANY, "%s: line %d: suffix "
- "already served by a preceeding backend \"%s\"\n",
- fname, lineno, tmp_be->be_suffix[0].bv_val );
-#endif
- free( pdn.bv_val );
- free( ndn.bv_val );
- return( 1 );
-
- } else if( pdn.bv_len == 0 && default_search_nbase.bv_len ) {
-#ifdef NEW_LOGGING
- LDAP_LOG( CONFIG, INFO,
- "%s: line %d: suffix DN empty and default search "
- "base provided \"%s\" (assuming okay).\n",
- fname, lineno, default_search_base.bv_val );
-#else
- Debug( LDAP_DEBUG_ANY, "%s: line %d: "
- "suffix DN empty and default "
- "search base provided \"%s\" (assuming okay)\n",
- fname, lineno, default_search_base.bv_val );
-#endif
- }
-
- ber_bvarray_add( &be->be_suffix, &pdn );
- ber_bvarray_add( &be->be_nsuffix, &ndn );
-
- /* set max deref depth */
- } else if ( strcasecmp( cargv[0], "maxDerefDepth" ) == 0 ) {
- int i;
- if ( cargc < 2 ) {
-#ifdef NEW_LOGGING
- LDAP_LOG( CONFIG, CRIT,
- "%s: line %d: missing depth in \"maxDerefDepth <depth>\""
- " line\n", fname, lineno, 0 );
-#else
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d: missing depth in \"maxDerefDepth <depth>\" line\n",
- fname, lineno, 0 );
-#endif
-
- return( 1 );
- }
- if ( be == NULL ) {
-#ifdef NEW_LOGGING
- LDAP_LOG( CONFIG, INFO,
- "%s: line %d: depth line must appear inside a database "
- "definition.\n", fname, lineno ,0 );
-#else
- Debug( LDAP_DEBUG_ANY,
-"%s: line %d: depth line must appear inside a database definition.\n",
- fname, lineno, 0 );
-#endif
- return 1;
-
- } else if ((i = atoi(cargv[1])) < 0) {
-#ifdef NEW_LOGGING
- LDAP_LOG( CONFIG, INFO,
- "%s: line %d: depth must be positive.\n",
- fname, lineno ,0 );
-#else
- Debug( LDAP_DEBUG_ANY,
-"%s: line %d: depth must be positive.\n",
- fname, lineno, 0 );
-#endif
- return 1;
-
-
- } else {
- be->be_max_deref_depth = i;
- }
-
-
- /* set magic "root" dn for this database */
- } else if ( strcasecmp( cargv[0], "rootdn" ) == 0 ) {
- if ( cargc < 2 ) {
-#ifdef NEW_LOGGING
- LDAP_LOG( CONFIG, INFO,
- "%s: line %d: missing dn in \"rootdn <dn>\" line.\n",
- fname, lineno ,0 );
-#else
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d: missing dn in \"rootdn <dn>\" line\n",
- fname, lineno, 0 );
-#endif
-
- return( 1 );
- }
-
- if ( be == NULL ) {
-#ifdef NEW_LOGGING
- LDAP_LOG( CONFIG, INFO,
- "%s: line %d: rootdn line must appear inside a database "
- "definition.\n", fname, lineno ,0 );
-#else
- Debug( LDAP_DEBUG_ANY,
-"%s: line %d: rootdn line must appear inside a database definition.\n",
- fname, lineno, 0 );
-#endif
- return 1;
-
- } else {
- struct berval dn;
-
- if ( load_ucdata( NULL ) < 0 ) return 1;
-
- dn.bv_val = cargv[1];
- dn.bv_len = strlen( cargv[1] );
-
- rc = dnPrettyNormal( NULL, &dn,
- &be->be_rootdn,
- &be->be_rootndn, NULL );
-
- if( rc != LDAP_SUCCESS ) {
-#ifdef NEW_LOGGING
- LDAP_LOG( CONFIG, CRIT,
- "%s: line %d: rootdn DN is invalid.\n",
- fname, lineno ,0 );
-#else
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d: rootdn DN is invalid\n",
- fname, lineno, 0 );
-#endif
- return( 1 );
- }
- }
-
- /* set super-secret magic database password */
- } else if ( strcasecmp( cargv[0], "rootpw" ) == 0 ) {
- if ( cargc < 2 ) {
-#ifdef NEW_LOGGING
- LDAP_LOG( CONFIG, CRIT,
- "%s: line %d: missing passwd in \"rootpw <passwd>\""
- " line\n", fname, lineno ,0 );
-#else
- Debug( LDAP_DEBUG_ANY, "%s: line %d: "
- "missing passwd in \"rootpw <passwd>\" line\n",
- fname, lineno, 0 );
-#endif
-
- return( 1 );
- }
-
- if ( be == NULL ) {
-#ifdef NEW_LOGGING
- LDAP_LOG( CONFIG, INFO, "%s: line %d: "
- "rootpw line must appear inside a database "
- "definition.\n", fname, lineno ,0 );
-#else
- Debug( LDAP_DEBUG_ANY, "%s: line %d: "
- "rootpw line must appear inside a database "
- "definition.\n",
- fname, lineno, 0 );
-#endif
- return 1;
-
- } else {
- Backend *tmp_be = select_backend( &be->be_rootndn, 0, 0 );
-
- if( tmp_be != be ) {
-#ifdef NEW_LOGGING
- LDAP_LOG( CONFIG, INFO,
- "%s: line %d: "
- "rootpw can only be set when rootdn is under suffix\n",
- fname, lineno, "" );
-#else
- Debug( LDAP_DEBUG_ANY, "%s: line %d: "
- "rootpw can only be set when rootdn is under suffix\n",
- fname, lineno, 0 );
-#endif
- return 1;
- }
-
- be->be_rootpw.bv_val = ch_strdup( cargv[1] );
- be->be_rootpw.bv_len = strlen( be->be_rootpw.bv_val );
- }
-
- /* make this database read-only */
- } else if ( strcasecmp( cargv[0], "readonly" ) == 0 ) {
- if ( cargc < 2 ) {
-#ifdef NEW_LOGGING
- LDAP_LOG( CONFIG, CRIT,
- "%s: line %d: missing on|off in \"readonly <on|off>\" "
- "line.\n", fname, lineno ,0 );
-#else
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d: missing on|off in \"readonly <on|off>\" line\n",
- fname, lineno, 0 );
-#endif
-
- return( 1 );
- }
- if ( be == NULL ) {
- if ( strcasecmp( cargv[1], "on" ) == 0 ) {
- global_restrictops |= SLAP_RESTRICT_OP_WRITES;
- } else {
- global_restrictops &= ~SLAP_RESTRICT_OP_WRITES;
- }
- } else {
- if ( strcasecmp( cargv[1], "on" ) == 0 ) {
- be->be_restrictops |= SLAP_RESTRICT_OP_WRITES;
- } else {
- be->be_restrictops &= ~SLAP_RESTRICT_OP_WRITES;
- }
- }
-
-
- /* allow these features */
- } else if ( strcasecmp( cargv[0], "allows" ) == 0 ||
- strcasecmp( cargv[0], "allow" ) == 0 )
- {
- slap_mask_t allows;
-
- if ( be != NULL ) {
-#ifdef NEW_LOGGING
- LDAP_LOG( CONFIG, INFO,
- "%s: line %d: allow line must appear prior to "
- "database definitions.\n", fname, lineno ,0 );
-#else
- Debug( LDAP_DEBUG_ANY,
-"%s: line %d: allow line must appear prior to database definitions\n",
- fname, lineno, 0 );
-#endif
-
- }
-
- if ( cargc < 2 ) {
-#ifdef NEW_LOGGING
- LDAP_LOG( CONFIG, CRIT,
- "%s: line %d: missing feature(s) in \"allow <features>\""
- " line\n", fname, lineno ,0 );
-#else
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d: missing feature(s) in \"allow <features>\" line\n",
- fname, lineno, 0 );
-#endif
-
- return( 1 );
- }
-
- allows = 0;
-
- for( i=1; i < cargc; i++ ) {
- if( strcasecmp( cargv[i], "bind_v2" ) == 0 ) {
- allows |= SLAP_ALLOW_BIND_V2;
-
- } else if( strcasecmp( cargv[i], "bind_anon_cred" ) == 0 ) {
- allows |= SLAP_ALLOW_BIND_ANON_CRED;
-
- } else if( strcasecmp( cargv[i], "bind_anon_dn" ) == 0 ) {
- allows |= SLAP_ALLOW_BIND_ANON_DN;
-
- } else if( strcasecmp( cargv[i], "update_anon" ) == 0 ) {
- allows |= SLAP_ALLOW_UPDATE_ANON;
-
- } else if( strcasecmp( cargv[i], "none" ) != 0 ) {
-#ifdef NEW_LOGGING
- LDAP_LOG( CONFIG, CRIT, "%s: line %d: "
- "unknown feature %s in \"allow <features>\" line.\n",
- fname, lineno, cargv[1] );
-#else
- Debug( LDAP_DEBUG_ANY, "%s: line %d: "
- "unknown feature %s in \"allow <features>\" line\n",
- fname, lineno, cargv[i] );
-#endif
-
- return( 1 );
- }
- }
-
- global_allows = allows;
-
- /* disallow these features */
- } else if ( strcasecmp( cargv[0], "disallows" ) == 0 ||
- strcasecmp( cargv[0], "disallow" ) == 0 )
- {
- slap_mask_t disallows;
-
- if ( be != NULL ) {
-#ifdef NEW_LOGGING
- LDAP_LOG( CONFIG, INFO,
- "%s: line %d: disallow line must appear prior to "
- "database definitions.\n", fname, lineno ,0 );
-#else
- Debug( LDAP_DEBUG_ANY,
-"%s: line %d: disallow line must appear prior to database definitions\n",
- fname, lineno, 0 );
-#endif
-
- }
-
- if ( cargc < 2 ) {
-#ifdef NEW_LOGGING
- LDAP_LOG( CONFIG, CRIT,
- "%s: line %d: missing feature(s) in \"disallow <features>\""
- " line.\n", fname, lineno ,0 );
-#else
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d: missing feature(s) in \"disallow <features>\" line\n",
- fname, lineno, 0 );
-#endif
-
- return( 1 );
- }
-
- disallows = 0;
-
- for( i=1; i < cargc; i++ ) {
- if( strcasecmp( cargv[i], "bind_anon" ) == 0 ) {
- disallows |= SLAP_DISALLOW_BIND_ANON;
-
- } else if( strcasecmp( cargv[i], "bind_simple" ) == 0 ) {
- disallows |= SLAP_DISALLOW_BIND_SIMPLE;
-
- } else if( strcasecmp( cargv[i], "bind_krbv4" ) == 0 ) {
- disallows |= SLAP_DISALLOW_BIND_KRBV4;
-
- } else if( strcasecmp( cargv[i], "tls_2_anon" ) == 0 ) {
- disallows |= SLAP_DISALLOW_TLS_2_ANON;
-
- } else if( strcasecmp( cargv[i], "tls_authc" ) == 0 ) {
- disallows |= SLAP_DISALLOW_TLS_AUTHC;
-
- } else if( strcasecmp( cargv[i], "none" ) != 0 ) {
-#ifdef NEW_LOGGING
- LDAP_LOG( CONFIG, CRIT,
- "%s: line %d: unknown feature %s in "
- "\"disallow <features>\" line.\n",
- fname, lineno, cargv[i] );
-#else
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d: unknown feature %s in \"disallow <features>\" line\n",
- fname, lineno, cargv[i] );
-#endif
-
- return( 1 );
- }
- }
-
- global_disallows = disallows;
-
- /* require these features */
- } else if ( strcasecmp( cargv[0], "requires" ) == 0 ||
- strcasecmp( cargv[0], "require" ) == 0 )
- {
- slap_mask_t requires;
-
- if ( cargc < 2 ) {
-#ifdef NEW_LOGGING
- LDAP_LOG( CONFIG, CRIT,
- "%s: line %d: missing feature(s) in "
- "\"require <features>\" line.\n", fname, lineno ,0 );
-#else
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d: missing feature(s) in \"require <features>\" line\n",
- fname, lineno, 0 );
-#endif
-
- return( 1 );
- }
-
- requires = 0;
-
- for( i=1; i < cargc; i++ ) {
- if( strcasecmp( cargv[i], "bind" ) == 0 ) {
- requires |= SLAP_REQUIRE_BIND;
-
- } else if( strcasecmp( cargv[i], "LDAPv3" ) == 0 ) {
- requires |= SLAP_REQUIRE_LDAP_V3;
-
- } else if( strcasecmp( cargv[i], "authc" ) == 0 ) {
- requires |= SLAP_REQUIRE_AUTHC;
-
- } else if( strcasecmp( cargv[i], "SASL" ) == 0 ) {
- requires |= SLAP_REQUIRE_SASL;
-
- } else if( strcasecmp( cargv[i], "strong" ) == 0 ) {
- requires |= SLAP_REQUIRE_STRONG;
-
- } else if( strcasecmp( cargv[i], "none" ) != 0 ) {
-#ifdef NEW_LOGGING
- LDAP_LOG( CONFIG, CRIT,
- "%s: line %d: unknown feature %s in "
- "\"require <features>\" line.\n",
- fname, lineno , cargv[i] );
-#else
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d: unknown feature %s in \"require <features>\" line\n",
- fname, lineno, cargv[i] );
-#endif
-
- return( 1 );
- }
- }
-
- if ( be == NULL ) {
- global_requires = requires;
- } else {
- be->be_requires = requires;
- }
-
- /* required security factors */
- } else if ( strcasecmp( cargv[0], "security" ) == 0 ) {
- slap_ssf_set_t *set;
-
- if ( cargc < 2 ) {
-#ifdef NEW_LOGGING
- LDAP_LOG( CONFIG, CRIT,
- "%s: line %d: missing factor(s) in \"security <factors>\""
- " line.\n", fname, lineno ,0 );
-#else
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d: missing factor(s) in \"security <factors>\" line\n",
- fname, lineno, 0 );
-#endif
-
- return( 1 );
- }
-
- if ( be == NULL ) {
- set = &global_ssf_set;
- } else {
- set = &be->be_ssf_set;
- }
-
- for( i=1; i < cargc; i++ ) {
- if( strncasecmp( cargv[i], "ssf=",
- sizeof("ssf") ) == 0 )
- {
- set->sss_ssf =
- atoi( &cargv[i][sizeof("ssf")] );
-
- } else if( strncasecmp( cargv[i], "transport=",
- sizeof("transport") ) == 0 )
- {
- set->sss_transport =
- atoi( &cargv[i][sizeof("transport")] );
-
- } else if( strncasecmp( cargv[i], "tls=",
- sizeof("tls") ) == 0 )
- {
- set->sss_tls =
- atoi( &cargv[i][sizeof("tls")] );
-
- } else if( strncasecmp( cargv[i], "sasl=",
- sizeof("sasl") ) == 0 )
- {
- set->sss_sasl =
- atoi( &cargv[i][sizeof("sasl")] );
-
- } else if( strncasecmp( cargv[i], "update_ssf=",
- sizeof("update_ssf") ) == 0 )
- {
- set->sss_update_ssf =
- atoi( &cargv[i][sizeof("update_ssf")] );
-
- } else if( strncasecmp( cargv[i], "update_transport=",
- sizeof("update_transport") ) == 0 )
- {
- set->sss_update_transport =
- atoi( &cargv[i][sizeof("update_transport")] );
-
- } else if( strncasecmp( cargv[i], "update_tls=",
- sizeof("update_tls") ) == 0 )
- {
- set->sss_update_tls =
- atoi( &cargv[i][sizeof("update_tls")] );
-
- } else if( strncasecmp( cargv[i], "update_sasl=",
- sizeof("update_sasl") ) == 0 )
- {
- set->sss_update_sasl =
- atoi( &cargv[i][sizeof("update_sasl")] );
-
- } else if( strncasecmp( cargv[i], "simple_bind=",
- sizeof("simple_bind") ) == 0 )
- {
- set->sss_simple_bind =
- atoi( &cargv[i][sizeof("simple_bind")] );
-
- } else {
-#ifdef NEW_LOGGING
- LDAP_LOG( CONFIG, CRIT,
- "%s: line %d: unknown factor %S in "
- "\"security <factors>\" line.\n",
- fname, lineno, cargv[1] );
-#else
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d: unknown factor %s in \"security <factors>\" line\n",
- fname, lineno, cargv[i] );
-#endif
-
- return( 1 );
- }
- }
- /* where to send clients when we don't hold it */
- } else if ( strcasecmp( cargv[0], "referral" ) == 0 ) {
- if ( cargc < 2 ) {
-#ifdef NEW_LOGGING
- LDAP_LOG( CONFIG, CRIT,
- "%s: line %d: missing URL in \"referral <URL>\""
- " line.\n", fname, lineno , 0 );
-#else
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d: missing URL in \"referral <URL>\" line\n",
- fname, lineno, 0 );
-#endif
-
- return( 1 );
- }
-
- if( validate_global_referral( cargv[1] ) ) {
-#ifdef NEW_LOGGING
- LDAP_LOG( CONFIG, CRIT,
- "%s: line %d: invalid URL (%s) in \"referral\" line.\n",
- fname, lineno, cargv[1] );
-#else
- Debug( LDAP_DEBUG_ANY, "%s: line %d: "
- "invalid URL (%s) in \"referral\" line.\n",
- fname, lineno, cargv[1] );
-#endif
- return 1;
- }
-
- vals[0].bv_val = cargv[1];
- vals[0].bv_len = strlen( vals[0].bv_val );
- if( value_add( &default_referral, vals ) )
- return LDAP_OTHER;
-
-#ifdef NEW_LOGGING
- } else if ( strcasecmp( cargv[0], "logfile" ) == 0 ) {
- FILE *logfile;
- if ( cargc < 2 ) {
-#ifdef NEW_LOGGING
- LDAP_LOG( CONFIG, CRIT,
- "%s: line %d: Error in logfile directive, "
- "\"logfile <filename>\"\n", fname, lineno , 0 );
-#else
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d: Error in logfile directive, \"logfile filename\"\n",
- fname, lineno, 0 );
-#endif
-
- return( 1 );
- }
- logfile = fopen( cargv[1], "w" );
- if ( logfile != NULL ) lutil_debug_file( logfile );
-
-#endif
- /* start of a new database definition */
- } else if ( strcasecmp( cargv[0], "debug" ) == 0 ) {
- int level;
- if ( cargc < 3 ) {
-#ifdef NEW_LOGGING
- LDAP_LOG( CONFIG, CRIT,
- "%s: line %d: Error in debug directive, "
- "\"debug <subsys> <level>\"\n", fname, lineno , 0 );
-#else
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d: Error in debug directive, \"debug subsys level\"\n",
- fname, lineno, 0 );
-#endif
-
- return( 1 );
- }
- level = atoi( cargv[2] );
- if ( level <= 0 ) level = lutil_mnem2level( cargv[2] );
- lutil_set_debug_level( cargv[1], level );
- /* specify an Object Identifier macro */
- } else if ( strcasecmp( cargv[0], "objectidentifier" ) == 0 ) {
- rc = parse_oidm( fname, lineno, cargc, cargv );
- if( rc ) return rc;
-
- /* specify an objectclass */
- } else if ( strcasecmp( cargv[0], "objectclass" ) == 0 ) {
- if ( cargc < 2 ) {
-#ifdef NEW_LOGGING
- LDAP_LOG( CONFIG, INFO,
- "%s: line %d: illegal objectclass format.\n",
- fname, lineno , 0 );
-#else
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d: illegal objectclass format.\n",
- fname, lineno, 0 );
-#endif
- return( 1 );
-
- } else if ( *cargv[1] == '(' /*')'*/) {
- char * p;
- p = strchr(saveline,'(' /*')'*/);
- rc = parse_oc( fname, lineno, p, cargv );
- if( rc ) return rc;
-
- } else {
-#ifdef NEW_LOGGING
- LDAP_LOG( CONFIG, INFO,
- "%s: line %d: old objectclass format not supported\n",
- fname, lineno , 0 );
-#else
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d: old objectclass format not supported.\n",
- fname, lineno, 0 );
-#endif
- }
-
- } else if ( strcasecmp( cargv[0], "ditcontentrule" ) == 0 ) {
- char * p;
- p = strchr(saveline,'(' /*')'*/);
- rc = parse_cr( fname, lineno, p, cargv );
- if( rc ) return rc;
-
- /* specify an attribute type */
- } else if (( strcasecmp( cargv[0], "attributetype" ) == 0 )
- || ( strcasecmp( cargv[0], "attribute" ) == 0 ))
- {
- if ( cargc < 2 ) {
-#ifdef NEW_LOGGING
- LDAP_LOG( CONFIG, INFO, "%s: line %d: "
- "illegal attribute type format.\n",
- fname, lineno , 0 );
-#else
- Debug( LDAP_DEBUG_ANY, "%s: line %d: "
- "illegal attribute type format.\n",
- fname, lineno, 0 );
-#endif
- return( 1 );
-
- } else if ( *cargv[1] == '(' /*')'*/) {
- char * p;
- p = strchr(saveline,'(' /*')'*/);
- rc = parse_at( fname, lineno, p, cargv );
- if( rc ) return rc;
-
- } else {
-#ifdef NEW_LOGGING
- LDAP_LOG( CONFIG, INFO,
- "%s: line %d: old attribute type format not supported.\n",
- fname, lineno , 0 );
-#else
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d: old attribute type format not supported.\n",
- fname, lineno, 0 );
-#endif
-
- }
-
- /* define attribute option(s) */
- } else if ( strcasecmp( cargv[0], "attributeoptions" ) == 0 ) {
- ad_define_option( NULL, NULL, 0 );
- for ( i = 1; i < cargc; i++ )
- if ( ad_define_option( cargv[i], fname, lineno ) != 0 )
- return 1;
-
- /* turn on/off schema checking */
- } else if ( strcasecmp( cargv[0], "schemacheck" ) == 0 ) {
- if ( cargc < 2 ) {
-#ifdef NEW_LOGGING
- LDAP_LOG( CONFIG, CRIT,
- "%s: line %d: missing on|off in \"schemacheck <on|off>\""
- " line.\n", fname, lineno , 0 );
-#else
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d: missing on|off in \"schemacheck <on|off>\" line\n",
- fname, lineno, 0 );
-#endif
-
- return( 1 );
- }
- if ( strcasecmp( cargv[1], "off" ) == 0 ) {
-#ifdef NEW_LOGGING
- LDAP_LOG( CONFIG, CRIT,
- "%s: line %d: schema checking disabled! your mileage may "
- "vary!\n", fname, lineno , 0 );
-#else
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d: schema checking disabled! your mileage may vary!\n",
- fname, lineno, 0 );
-#endif
- global_schemacheck = 0;
- } else {
- global_schemacheck = 1;
- }
-
- /* specify access control info */
- } else if ( strcasecmp( cargv[0], "access" ) == 0 ) {
- parse_acl( be, fname, lineno, cargc, cargv );
-
- /* debug level to log things to syslog */
- } else if ( strcasecmp( cargv[0], "loglevel" ) == 0 ) {
- if ( cargc < 2 ) {
-#ifdef NEW_LOGGING
- LDAP_LOG( CONFIG, CRIT,
- "%s: line %d: missing level in \"loglevel <level>\""
- " line.\n", fname, lineno , 0 );
-#else
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d: missing level in \"loglevel <level>\" line\n",
- fname, lineno, 0 );
-#endif
-
- return( 1 );
- }
-
- ldap_syslog = 0;
-
- for( i=1; i < cargc; i++ ) {
- ldap_syslog += atoi( cargv[1] );
- }
-
- /* list of sync replication information in this backend (slave only) */
- } else if ( strcasecmp( cargv[0], "syncrepl" ) == 0 ) {
-
- if ( be == NULL ) {
-#ifdef NEW_LOGGING
- LDAP_LOG( CONFIG, INFO,
- "%s: line %d: syncrepl line must appear inside "
- "a database definition.\n", fname, lineno, 0);
-#else
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d: syncrepl line must appear inside "
- "a database definition.\n", fname, lineno, 0);
-#endif
- return 1;
-
- } else if ( SLAP_SHADOW( be )) {
-#ifdef NEW_LOGGING
- LDAP_LOG( CONFIG, INFO,
- "%s: line %d: syncrepl: database already shadowed.\n",
- fname, lineno, 0);
-#else
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d: syncrepl: database already shadowed.\n",
- fname, lineno, 0);
-#endif
- return 1;
-
- } else if ( add_syncrepl( be, cargv, cargc )) {
- return 1;
- }
-
- SLAP_DBFLAGS(be) |= ( SLAP_DBFLAG_SHADOW | SLAP_DBFLAG_SYNC_SHADOW );
-
- /* list of replicas of the data in this backend (master only) */
- } else if ( strcasecmp( cargv[0], "replica" ) == 0 ) {
- if ( cargc < 2 ) {
-#ifdef NEW_LOGGING
- LDAP_LOG( CONFIG, CRIT,
- "%s: line %d: missing host or uri in \"replica "
- " <host[:port]\" line\n", fname, lineno , 0 );
-#else
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d: missing host or uri in \"replica <host[:port]>\" line\n",
- fname, lineno, 0 );
-#endif
-
- return( 1 );
- }
- if ( be == NULL ) {
-#ifdef NEW_LOGGING
- LDAP_LOG( CONFIG, INFO,
- "%s: line %d: replica line must appear inside "
- "a database definition.\n", fname, lineno, 0);
-#else
- Debug( LDAP_DEBUG_ANY,
-"%s: line %d: replica line must appear inside a database definition\n",
- fname, lineno, 0 );
-#endif
- return 1;