static ConfigDriver config_sizelimit;
static ConfigDriver config_timelimit;
static ConfigDriver config_overlay;
+static ConfigDriver config_subordinate;
static ConfigDriver config_suffix;
static ConfigDriver config_rootdn;
static ConfigDriver config_rootpw;
CFG_TLS_CERT_KEY,
CFG_TLS_CA_PATH,
CFG_TLS_CA_FILE,
+ CFG_TLS_DH_DIR,
CFG_TLS_VERIFY,
CFG_TLS_CRLCHECK,
CFG_CONCUR,
"SUP labeledURI SINGLE-VALUE )", NULL, NULL },
{ "replica", "host or uri", 2, 0, 0, ARG_DB|ARG_MAGIC,
&config_replica, "( OLcfgDbAt:0.7 NAME 'olcReplica' "
- "SUP labeledURI )", NULL, NULL },
+ "SUP labeledURI X-ORDERED 'VALUES' )", NULL, NULL },
{ "replica-argsfile", NULL, 0, 0, 0, ARG_STRING,
&replica_argsFile, "( OLcfgGlAt:43 NAME 'olcReplicaArgsFile' "
"SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
#endif
"( OLcfgGlAt:63 NAME 'olcSrvtab' "
"SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
+ { "subordinate", "[advertise]", 1, 2, 0, ARG_DB|ARG_MAGIC,
+ &config_subordinate, "( OLcfgDbAt:0.15 NAME 'olcSubordinate' "
+ "SYNTAX OMsDirectoryString )", NULL, NULL },
{ "suffix", "suffix", 2, 2, 0, ARG_DB|ARG_DN|ARG_QUOTE|ARG_MAGIC,
&config_suffix, "( OLcfgDbAt:0.10 NAME 'olcSuffix' "
"SYNTAX OMsDN )", NULL, NULL },
#endif
"( OLcfgGlAt:75 NAME 'olcTLSVerifyClient' "
"SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
+ { "TLSDHParamDir", NULL, 0, 0, 0,
+#ifdef HAVE_TLS
+ CFG_TLS_DH_DIR|ARG_STRING|ARG_MAGIC, &config_tls_option,
+#else
+ ARG_IGNORED, NULL,
+#endif
+ "( OLcfgGlAt:77 NAME 'olcTLSDHParamDir' "
+ "SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
{ "ucdata-path", "path", 2, 2, 0, ARG_IGNORED,
NULL, NULL, NULL, NULL },
{ "updatedn", "dn", 2, 2, 0, ARG_DB|ARG_DN|ARG_QUOTE|ARG_MAGIC,
"MAY ( cn $ olcConfigFile $ olcConfigDir $ olcAllows $ olcArgsFile $ "
"olcAttributeOptions $ olcAuthIDRewrite $ "
"olcAuthzPolicy $ olcAuthzRegexp $ olcConcurrency $ "
- "olcConnMaxPending $ olcConnMaxPendingAuth $ olcDefaultSearchBase $ "
+ "olcConnMaxPending $ olcConnMaxPendingAuth $ "
"olcDisallows $ olcGentleHUP $ olcIdleTimeout $ "
"olcIndexSubstrIfMaxLen $ olcIndexSubstrIfMinLen $ "
"olcIndexSubstrAnyLen $ olcIndexSubstrAnyStep $ olcLocalSSF $ "
"olcThreads $ olcTimeLimit $ olcTLSCACertificateFile $ "
"olcTLSCACertificatePath $ olcTLSCertificateFile $ "
"olcTLSCertificateKeyFile $ olcTLSCipherSuite $ olcTLSCRLCheck $ "
- "olcTLSRandFile $ olcTLSVerifyClient $ "
+ "olcTLSRandFile $ olcTLSVerifyClient $ olcTLSDHParamDir $ "
"olcObjectIdentifier $ olcAttributeTypes $ olcObjectClasses $ "
"olcDitContentRules ) )", Cft_Global },
{ "( OLcfgGlOc:2 "
"DESC 'OpenLDAP Database-specific options' "
"SUP olcConfig STRUCTURAL "
"MUST olcDatabase "
- "MAY ( olcSuffix $ olcAccess $ olcLastMod $ olcLimits $ "
+ "MAY ( olcSuffix $ olcSubordinate $ olcAccess $ olcLastMod $ olcLimits $ "
"olcMaxDerefDepth $ olcPlugin $ olcReadOnly $ olcReplica $ "
"olcReplogFile $ olcRequires $ olcRestrict $ olcRootDN $ olcRootPW $ "
"olcSchemaDN $ olcSecurity $ olcSizeLimit $ olcSyncrepl $ "
}
for(i = 1; i < c->argc; i++) {
if(!lutil_passwd_scheme(c->argv[i])) {
- sprintf( c->msg, "<%s> schema not available", c->argv[0] );
+ sprintf( c->msg, "<%s> scheme not available", c->argv[0] );
Debug(LDAP_DEBUG_ANY, "%s: %s (%s)\n",
c->log, c->msg, c->argv[i]);
} else {
return(0);
}
+static int
+config_subordinate(ConfigArgs *c)
+{
+ int rc = 1;
+ int advertise;
+
+ switch( c->op ) {
+ case SLAP_CONFIG_EMIT:
+ if ( SLAP_GLUE_SUBORDINATE( c->be )) {
+ struct berval bv;
+
+ bv.bv_val = SLAP_GLUE_ADVERTISE( c->be ) ? "advertise" : "TRUE";
+ bv.bv_len = SLAP_GLUE_ADVERTISE( c->be ) ? STRLENOF("advertise") :
+ STRLENOF("TRUE");
+
+ value_add_one( &c->rvalue_vals, &bv );
+ rc = 0;
+ }
+ break;
+ case LDAP_MOD_DELETE:
+ if ( !c->line || strcasecmp( c->line, "advertise" )) {
+ glue_sub_del( c->be );
+ } else {
+ SLAP_DBFLAGS( c->be ) &= ~SLAP_DBFLAG_GLUE_ADVERTISE;
+ }
+ rc = 0;
+ break;
+ case LDAP_MOD_ADD:
+ case SLAP_CONFIG_ADD:
+ advertise = ( c->argc == 2 && !strcasecmp( c->argv[1], "advertise" ));
+ rc = glue_sub_add( c->be, advertise, CONFIG_ONLINE_ADD( c ));
+ break;
+ }
+ return rc;
+}
+
static int
config_suffix(ConfigArgs *c)
{
free(pdn.bv_val);
free(ndn.bv_val);
} else if(tbe) {
- sprintf( c->msg, "<%s> suffix already served by a preceding backend",
- c->argv[0] );
+ char *type = tbe->bd_info->bi_type;
+
+ if ( overlay_is_over( tbe ) ) {
+ slap_overinfo *oi = (slap_overinfo *)tbe->bd_info->bi_private;
+ type = oi->oi_orig->bi_type;
+ }
+
+ sprintf( c->msg, "<%s> namingContext \"%s\" already served by "
+ "a preceding %s database serving namingContext",
+ c->argv[0], pdn.bv_val, type );
Debug(LDAP_DEBUG_ANY, "%s: %s \"%s\"\n",
c->log, c->msg, tbe->be_suffix[0].bv_val);
free(pdn.bv_val);
return rc;
}
+int
+str2loglevel( const char *s, int *l )
+{
+ int i;
+
+ if ( loglevel_ops == NULL ) {
+ loglevel_init();
+ }
+
+ i = verb_to_mask( s, loglevel_ops );
+
+ if ( BER_BVISNULL( &loglevel_ops[ i ].word) ) {
+ return -1;
+ }
+
+ *l = loglevel_ops[ i ].mask;
+
+ return 0;
+}
+
+const char *
+loglevel2str( int l )
+{
+ struct berval bv = BER_BVNULL;
+
+ loglevel2bv( l, &bv );
+
+ return bv.bv_val;
+}
+
+int
+loglevel2bv( int l, struct berval *bv )
+{
+ if ( loglevel_ops == NULL ) {
+ loglevel_init();
+ }
+
+ BER_BVZERO( bv );
+
+ return enum_to_verb( loglevel_ops, l, bv ) == -1;
+}
+
+int
+loglevel2bvarray( int l, BerVarray *bva )
+{
+ if ( loglevel_ops == NULL ) {
+ loglevel_init();
+ }
+
+ return mask_to_verbs( loglevel_ops, l, bva );
+}
+
+static int config_syslog;
+
static int
config_loglevel(ConfigArgs *c) {
int i;
}
if (c->op == SLAP_CONFIG_EMIT) {
- return mask_to_verbs( loglevel_ops, ldap_syslog, &c->rvalue_vals );
+ /* Get default or commandline slapd setting */
+ if ( ldap_syslog && !config_syslog )
+ config_syslog = ldap_syslog;
+ return loglevel2bvarray( config_syslog, &c->rvalue_vals );
+
} else if ( c->op == LDAP_MOD_DELETE ) {
if ( !c->line ) {
- ldap_syslog = 0;
+ config_syslog = 0;
} else {
int level = verb_to_mask( c->line, loglevel_ops );
- ldap_syslog ^= level;
+ config_syslog ^= level;
+ }
+ if ( slapMode & SLAP_SERVER_MODE ) {
+ ldap_syslog = config_syslog;
}
return 0;
}
- ldap_syslog = 0;
+ config_syslog = 0;
for( i=1; i < c->argc; i++ ) {
int level;
return( 1 );
}
} else {
- int j = verb_to_mask(c->argv[i], loglevel_ops);
- if(BER_BVISNULL(&loglevel_ops[j].word)) {
+ if ( str2loglevel( c->argv[i], &level ) ) {
sprintf( c->msg, "<%s> unknown level", c->argv[0] );
Debug( LDAP_DEBUG_ANY, "%s: %s \"%s\"\n",
c->log, c->msg, c->argv[i]);
return( 1 );
}
- level = loglevel_ops[j].mask;
}
- ldap_syslog |= level;
+ config_syslog |= level;
+ }
+ if ( slapMode & SLAP_SERVER_MODE ) {
+ ldap_syslog = config_syslog;
}
return(0);
}
return(1);
}
if(!ludp->lud_host) {
+ ldap_free_urldesc(ludp);
sprintf( c->msg, "<%s> invalid uri - missing hostname",
c->argv[0] );
Debug(LDAP_DEBUG_ANY, "%s: %s\n", c->log, c->msg, 0 );
static int
config_updatedn(ConfigArgs *c) {
- struct berval dn;
- int rc;
if (c->op == SLAP_CONFIG_EMIT) {
if (!BER_BVISEMPTY(&c->be->be_update_ndn)) {
value_add_one(&c->rvalue_vals, &c->be->be_update_ndn);
return 1;
} else if ( c->op == LDAP_MOD_DELETE ) {
ch_free( c->be->be_update_ndn.bv_val );
- c->be->be_update_ndn.bv_val = NULL;
+ BER_BVZERO( &c->be->be_update_ndn );
SLAP_DBFLAGS(c->be) ^= (SLAP_DBFLAG_SHADOW | SLAP_DBFLAG_SLURP_SHADOW);
return 0;
}
return(1);
}
- ber_str2bv(c->argv[1], 0, 0, &dn);
-
- rc = dnNormalize(0, NULL, NULL, &dn, &c->be->be_update_ndn, NULL);
-
- if(rc != LDAP_SUCCESS) {
- sprintf( c->msg, "<%s> invalid DN %d (%s)", c->argv[0],
- rc, ldap_err2string(rc));
- Debug(LDAP_DEBUG_ANY, "%s: %s\n",
- c->log, c->msg, 0 );
- return(1);
+ ber_memfree_x( c->value_dn.bv_val, NULL );
+ if ( !BER_BVISNULL( &c->be->be_update_ndn ) ) {
+ ber_memfree_x( c->be->be_update_ndn.bv_val, NULL );
}
+ c->be->be_update_ndn = c->value_ndn;
+ BER_BVZERO( &c->value_dn );
+ BER_BVZERO( &c->value_ndn );
SLAP_DBFLAGS(c->be) |= (SLAP_DBFLAG_SHADOW | SLAP_DBFLAG_SLURP_SHADOW);
return(0);
case CFG_TLS_CERT_KEY: flag = LDAP_OPT_X_TLS_KEYFILE; break;
case CFG_TLS_CA_PATH: flag = LDAP_OPT_X_TLS_CACERTDIR; break;
case CFG_TLS_CA_FILE: flag = LDAP_OPT_X_TLS_CACERTFILE; break;
+ case CFG_TLS_DH_DIR: flag = LDAP_OPT_X_TLS_DHPARAMDIR; break;
default: Debug(LDAP_DEBUG_ANY, "%s: "
"unknown tls_option <0x%x>\n",
c->log, c->type, 0);
sc->cfb->cb_got_ldif = 1;
rs->sr_err = config_add_internal( sc->cfb, rs->sr_entry, sc->ca, NULL, NULL );
+ if ( rs->sr_err != LDAP_SUCCESS ) {
+ Debug( LDAP_DEBUG_ANY, "config error processing %s: %s\n",
+ rs->sr_entry->e_name.bv_val, sc->ca->msg, 0 );
+ }
}
return rs->sr_err;
}
setup_cookie sc;
slap_callback cb = { NULL, config_ldif_resp, NULL, NULL };
Connection conn = {0};
- char opbuf[OPERATION_BUFFER_SIZE];
+ OperationBuffer opbuf;
Operation *op;
SlapReply rs = {REP_RESULT};
Filter filter = { LDAP_FILTER_PRESENT };
return 1;
if ( readit ) {
- op = (Operation *)opbuf;
- connection_fake_init( &conn, op, cfb );
+ void *thrctx = ldap_pvt_thread_pool_context();
+
+ op = (Operation *) &opbuf;
+ connection_fake_init( &conn, op, thrctx );
filter.f_desc = slap_schema.si_ad_objectClass;
op->o_bd = &cfb->cb_db;
rc = op->o_bd->be_search( op, &rs );
- slap_sl_mem_destroy( NULL, op->o_tmpmemctx );
+ ldap_pvt_thread_pool_context_reset( thrctx );
}
cfb->cb_use_ldif = 1;
if ( a && ( ad->ad_type->sat_flags & SLAP_AT_ORDERED_VAL )) {
sort = 1;
rc = ordered_value_sort( a, 1 );
- if ( rc )
+ if ( rc ) {
+ sprintf(ca->msg, "ordered_value_sort failed on attr %s\n",
+ ad->ad_cname.bv_val );
return rc;
+ }
}
for ( i=0; vals[i].bv_val; i++ ) {
ca->line = vals[i].bv_val;
}
if ( rc != LDAP_SUCCESS )
- goto leave;
+ goto done;
/* Parse all the values and check for simple syntax errors before
* performing any set actions.
*/
rc = check_name_index( last, colst[0]->co_type, e, rs, renum );
if ( rc )
- goto leave;
+ goto done;
init_config_argv( ca );
ct = config_find_table( colst, nocs, a->a_desc );
if ( !ct ) continue; /* user data? */
rc = check_vals( ct, ca, a, 1 );
- if ( rc ) goto leave;
+ if ( rc ) goto done;
}
/* Basic syntax checks are OK. Do the actual settings. */
rc = config_parse_add( ct, ca );
if ( rc ) {
rc = LDAP_OTHER;
- goto leave;
+ goto done;
}
}
}
Debug(LDAP_DEBUG_ANY, "%s: %s (%s)!\n",
ca->log, ca->msg, ca->argv[1] );
rc = LDAP_OTHER;
- goto leave;
+ goto done;
}
}
last->ce_kids = ce;
}
-leave:
+done:
if ( rc ) {
if ( (colst[0]->co_type == Cft_Database) && ca->be ) {
if ( ca->be != frontendDB )
BackendDB *be = op->o_bd;
slap_callback sc = { NULL, slap_null_cb, NULL, NULL };
op->o_bd = &cfb->cb_db;
+ /* FIXME: there must be a better way. */
+ if ( ber_bvcmp( &op->o_bd->be_rootndn, &be->be_rootndn )) {
+ op->o_bd->be_rootdn = be->be_rootdn;
+ op->o_bd->be_rootndn= be->be_rootndn;
+ }
sc.sc_next = op->o_callback;
op->o_callback = ≻
op->o_bd->be_add( op, rs );
BackendDB *be = op->o_bd;
slap_callback sc = { NULL, slap_null_cb, NULL, NULL };
op->o_bd = &cfb->cb_db;
+ if ( ber_bvcmp( &op->o_bd->be_rootndn, &be->be_rootndn )) {
+ op->o_bd->be_rootdn = be->be_rootdn;
+ op->o_bd->be_rootndn= be->be_rootndn;
+ }
sc.sc_next = op->o_callback;
op->o_callback = ≻
op->o_bd->be_modify( op, rs );
BackendInfo *bi;
ConfigArgs c;
Connection conn = {0};
- char opbuf[OPERATION_BUFFER_SIZE];
+ OperationBuffer opbuf;
Operation *op;
slap_callback cb = { NULL, slap_null_cb, NULL, NULL };
SlapReply rs = {REP_RESULT};
+ void *thrctx = NULL;
/* If we read the config from back-ldif, nothing to do here */
if ( cfb->cb_got_ldif )
return 0;
if ( cfb->cb_use_ldif ) {
- op = (Operation *)opbuf;
- connection_fake_init( &conn, op, cfb );
+ thrctx = ldap_pvt_thread_pool_context();
+ op = (Operation *) &opbuf;
+ connection_fake_init( &conn, op, thrctx );
op->o_dn = be->be_rootdn;
op->o_ndn = be->be_rootndn;
}
}
}
- if ( op )
- slap_sl_mem_destroy( NULL, op->o_tmpmemctx );
+ if ( thrctx )
+ ldap_pvt_thread_pool_context_reset( thrctx );
return 0;
}
projects / openldap / blobdiff