/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2005-2011 The OpenLDAP Foundation.
+ * Copyright 2005-2013 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
#ifdef SLAP_AUTH_REWRITE
static BerVarray authz_rewrites;
#endif
+static AccessControl *defacl_parsed = NULL;
static struct berval cfdir;
CFG_ACL_ADD,
CFG_SYNC_SUBENTRY,
CFG_LTHREADS,
+ CFG_IX_HASH64,
+ CFG_DISABLED,
+ CFG_THREADQS,
+ CFG_TLS_ECNAME,
CFG_LAST
};
* OLcfg{Bk|Db}{Oc|At}:0 -> common
* OLcfg{Bk|Db}{Oc|At}:1 -> back-bdb(/back-hdb)
* OLcfg{Bk|Db}{Oc|At}:2 -> back-ldif
- * OLcfg{Bk|Db}{Oc|At}:3 -> back-ldap
+ * OLcfg{Bk|Db}{Oc|At}:3 -> back-ldap/meta
* OLcfg{Bk|Db}{Oc|At}:4 -> back-monitor
* OLcfg{Bk|Db}{Oc|At}:5 -> back-relay
* OLcfg{Bk|Db}{Oc|At}:6 -> back-sql(/back-ndb)
* OLcfg{Bk|Db}{Oc|At}:9 -> back-passwd
* OLcfg{Bk|Db}{Oc|At}:10 -> back-shell
* OLcfg{Bk|Db}{Oc|At}:11 -> back-perl
+ * OLcfg{Bk|Db}{Oc|At}:12 -> back-mdb
*/
/*
{ "defaultSearchBase", "dn", 2, 2, 0, ARG_PRE_BI|ARG_PRE_DB|ARG_DN|ARG_QUOTE|ARG_MAGIC,
&config_search_base, "( OLcfgGlAt:14 NAME 'olcDefaultSearchBase' "
"SYNTAX OMsDN SINGLE-VALUE )", NULL, NULL },
+ { "disabled", "on|off", 2, 2, 0, ARG_DB|ARG_ON_OFF|ARG_MAGIC|CFG_DISABLED,
+ &config_generic, "( OLcfgDbAt:0.21 NAME 'olcDisabled' "
+ "SYNTAX OMsBoolean SINGLE-VALUE )", NULL, NULL },
{ "disallows", "features", 2, 0, 8, ARG_PRE_DB|ARG_MAGIC,
&config_disallows, "( OLcfgGlAt:15 NAME 'olcDisallows' "
"EQUALITY caseIgnoreMatch "
{ "include", "file", 2, 2, 0, ARG_MAGIC,
&config_include, "( OLcfgGlAt:19 NAME 'olcInclude' "
"SUP labeledURI )", NULL, NULL },
+ { "index_hash64", "on|off", 2, 2, 0, ARG_ON_OFF|ARG_MAGIC|CFG_IX_HASH64,
+ &config_generic, "( OLcfgGlAt:94 NAME 'olcIndexHash64' "
+ "SYNTAX OMsBoolean SINGLE-VALUE )", NULL, NULL },
{ "index_substr_if_minlen", "min", 2, 2, 0, ARG_UINT|ARG_NONZERO|ARG_MAGIC|CFG_SSTR_IF_MIN,
&config_generic, "( OLcfgGlAt:20 NAME 'olcIndexSubstrIfMinLen' "
"SYNTAX OMsInteger SINGLE-VALUE )", NULL, NULL },
{ "index_substr_if_maxlen", "max", 2, 2, 0, ARG_UINT|ARG_NONZERO|ARG_MAGIC|CFG_SSTR_IF_MAX,
&config_generic, "( OLcfgGlAt:21 NAME 'olcIndexSubstrIfMaxLen' "
"SYNTAX OMsInteger SINGLE-VALUE )", NULL, NULL },
- { "index_substr_any_len", "len", 2, 2, 0, ARG_INT|ARG_NONZERO,
+ { "index_substr_any_len", "len", 2, 2, 0, ARG_UINT|ARG_NONZERO,
&index_substr_any_len, "( OLcfgGlAt:22 NAME 'olcIndexSubstrAnyLen' "
"SYNTAX OMsInteger SINGLE-VALUE )", NULL, NULL },
- { "index_substr_any_step", "step", 2, 2, 0, ARG_INT|ARG_NONZERO,
+ { "index_substr_any_step", "step", 2, 2, 0, ARG_UINT|ARG_NONZERO,
&index_substr_any_step, "( OLcfgGlAt:23 NAME 'olcIndexSubstrAnyStep' "
"SYNTAX OMsInteger SINGLE-VALUE )", NULL, NULL },
- { "index_intlen", "len", 2, 2, 0, ARG_INT|ARG_MAGIC|CFG_IX_INTLEN,
+ { "index_intlen", "len", 2, 2, 0, ARG_UINT|ARG_MAGIC|CFG_IX_INTLEN,
&config_generic, "( OLcfgGlAt:84 NAME 'olcIndexIntLen' "
"SYNTAX OMsInteger SINGLE-VALUE )", NULL, NULL },
{ "lastmod", "on|off", 2, 2, 0, ARG_DB|ARG_ON_OFF|ARG_MAGIC|CFG_LASTMOD,
#endif
"( OLcfgGlAt:66 NAME 'olcThreads' "
"SYNTAX OMsInteger SINGLE-VALUE )", NULL, NULL },
+ { "threadqueues", "count", 2, 2, 0,
+#ifdef NO_THREADS
+ ARG_IGNORED, NULL,
+#else
+ ARG_INT|ARG_MAGIC|CFG_THREADQS, &config_generic,
+#endif
+ "( OLcfgGlAt:95 NAME 'olcThreadQueues' "
+ "SYNTAX OMsInteger SINGLE-VALUE )", NULL, NULL },
{ "timelimit", "limit", 2, 0, 0, ARG_MAY_DB|ARG_MAGIC,
&config_timelimit, "( OLcfgGlAt:67 NAME 'olcTimeLimit' "
"SYNTAX OMsDirectoryString )", NULL, NULL },
- { "TLSCACertificateFile", NULL, 0, 0, 0,
+ { "TLSCACertificateFile", NULL, 2, 2, 0,
#ifdef HAVE_TLS
CFG_TLS_CA_FILE|ARG_STRING|ARG_MAGIC, &config_tls_option,
#else
#endif
"( OLcfgGlAt:68 NAME 'olcTLSCACertificateFile' "
"SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
- { "TLSCACertificatePath", NULL, 0, 0, 0,
+ { "TLSCACertificatePath", NULL, 2, 2, 0,
#ifdef HAVE_TLS
CFG_TLS_CA_PATH|ARG_STRING|ARG_MAGIC, &config_tls_option,
#else
#endif
"( OLcfgGlAt:69 NAME 'olcTLSCACertificatePath' "
"SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
- { "TLSCertificateFile", NULL, 0, 0, 0,
+ { "TLSCertificateFile", NULL, 2, 2, 0,
#ifdef HAVE_TLS
CFG_TLS_CERT_FILE|ARG_STRING|ARG_MAGIC, &config_tls_option,
#else
#endif
"( OLcfgGlAt:70 NAME 'olcTLSCertificateFile' "
"SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
- { "TLSCertificateKeyFile", NULL, 0, 0, 0,
+ { "TLSCertificateKeyFile", NULL, 2, 2, 0,
#ifdef HAVE_TLS
CFG_TLS_CERT_KEY|ARG_STRING|ARG_MAGIC, &config_tls_option,
#else
#endif
"( OLcfgGlAt:71 NAME 'olcTLSCertificateKeyFile' "
"SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
- { "TLSCipherSuite", NULL, 0, 0, 0,
+ { "TLSCipherSuite", NULL, 2, 2, 0,
#ifdef HAVE_TLS
CFG_TLS_CIPHER|ARG_STRING|ARG_MAGIC, &config_tls_option,
#else
#endif
"( OLcfgGlAt:72 NAME 'olcTLSCipherSuite' "
"SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
- { "TLSCRLCheck", NULL, 0, 0, 0,
+ { "TLSCRLCheck", NULL, 2, 2, 0,
#if defined(HAVE_TLS) && defined(HAVE_OPENSSL_CRL)
CFG_TLS_CRLCHECK|ARG_STRING|ARG_MAGIC, &config_tls_config,
#else
#endif
"( OLcfgGlAt:73 NAME 'olcTLSCRLCheck' "
"SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
- { "TLSCRLFile", NULL, 0, 0, 0,
+ { "TLSCRLFile", NULL, 2, 2, 0,
#if defined(HAVE_GNUTLS)
CFG_TLS_CRL_FILE|ARG_STRING|ARG_MAGIC, &config_tls_option,
#else
#endif
"( OLcfgGlAt:82 NAME 'olcTLSCRLFile' "
"SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
- { "TLSRandFile", NULL, 0, 0, 0,
+ { "TLSRandFile", NULL, 2, 2, 0,
#ifdef HAVE_TLS
CFG_TLS_RAND|ARG_STRING|ARG_MAGIC, &config_tls_option,
#else
#endif
"( OLcfgGlAt:74 NAME 'olcTLSRandFile' "
"SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
- { "TLSVerifyClient", NULL, 0, 0, 0,
+ { "TLSVerifyClient", NULL, 2, 2, 0,
#ifdef HAVE_TLS
CFG_TLS_VERIFY|ARG_STRING|ARG_MAGIC, &config_tls_config,
#else
#endif
"( OLcfgGlAt:75 NAME 'olcTLSVerifyClient' "
"SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
- { "TLSDHParamFile", NULL, 0, 0, 0,
+ { "TLSDHParamFile", NULL, 2, 2, 0,
#ifdef HAVE_TLS
CFG_TLS_DH_FILE|ARG_STRING|ARG_MAGIC, &config_tls_option,
#else
#endif
"( OLcfgGlAt:77 NAME 'olcTLSDHParamFile' "
"SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
- { "TLSProtocolMin", NULL, 0, 0, 0,
+ { "TLSECName", NULL, 2, 2, 0,
+#ifdef HAVE_TLS
+ CFG_TLS_ECNAME|ARG_STRING|ARG_MAGIC, &config_tls_option,
+#else
+ ARG_IGNORED, NULL,
+#endif
+ "( OLcfgGlAt:96 NAME 'olcTLSECName' "
+ "SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
+ { "TLSProtocolMin", NULL, 2, 2, 0,
#ifdef HAVE_TLS
CFG_TLS_PROTOCOL_MIN|ARG_STRING|ARG_MAGIC, &config_tls_config,
#else
"olcConnMaxPending $ olcConnMaxPendingAuth $ "
"olcDisallows $ olcGentleHUP $ olcIdleTimeout $ "
"olcIndexSubstrIfMaxLen $ olcIndexSubstrIfMinLen $ "
- "olcIndexSubstrAnyLen $ olcIndexSubstrAnyStep $ olcIndexIntLen $ "
- "olcLocalSSF $ olcLogFile $ olcLogLevel $ "
+ "olcIndexSubstrAnyLen $ olcIndexSubstrAnyStep $ olcIndexHash64 $ "
+ "olcIndexIntLen $ "
+ "olcListenerThreads $ olcLocalSSF $ olcLogFile $ olcLogLevel $ "
"olcPasswordCryptSaltFormat $ olcPasswordHash $ olcPidFile $ "
"olcPluginLogFile $ olcReadOnly $ olcReferral $ "
"olcReplogFile $ olcRequires $ olcRestrict $ olcReverseLookup $ "
"olcSecurity $ olcServerID $ olcSizeLimit $ "
"olcSockbufMaxIncoming $ olcSockbufMaxIncomingAuth $ "
"olcTCPBuffer $ "
- "olcThreads $ olcTimeLimit $ olcTLSCACertificateFile $ "
+ "olcThreads $ olcThreadQueues $ "
+ "olcTimeLimit $ olcTLSCACertificateFile $ "
"olcTLSCACertificatePath $ olcTLSCertificateFile $ "
"olcTLSCertificateKeyFile $ olcTLSCipherSuite $ olcTLSCRLCheck $ "
- "olcTLSRandFile $ olcTLSVerifyClient $ olcTLSDHParamFile $ "
- "olcTLSCRLFile $ olcToolThreads $ olcWriteTimeout $ "
+ "olcTLSRandFile $ olcTLSVerifyClient $ olcTLSDHParamFile $ olcTLSECName $ "
+ "olcTLSCRLFile $ olcTLSProtocolMin $ olcToolThreads $ olcWriteTimeout $ "
"olcObjectIdentifier $ olcAttributeTypes $ olcObjectClasses $ "
"olcDitContentRules $ olcLdapSyntaxes ) )", Cft_Global },
{ "( OLcfgGlOc:2 "
"NAME 'olcSchemaConfig' "
"DESC 'OpenLDAP schema object' "
"SUP olcConfig STRUCTURAL "
- "MAY ( cn $ olcObjectIdentifier $ olcAttributeTypes $ "
- "olcObjectClasses $ olcDitContentRules $ olcLdapSyntaxes ) )",
+ "MAY ( cn $ olcObjectIdentifier $ olcLdapSyntaxes $ "
+ "olcAttributeTypes $ olcObjectClasses $ olcDitContentRules ) )",
Cft_Schema, NULL, cfAddSchema },
{ "( OLcfgGlOc:3 "
"NAME 'olcBackendConfig' "
"DESC 'OpenLDAP Database-specific options' "
"SUP olcConfig STRUCTURAL "
"MUST olcDatabase "
- "MAY ( olcHidden $ olcSuffix $ olcSubordinate $ olcAccess $ "
+ "MAY ( olcDisabled $ olcHidden $ olcSuffix $ olcSubordinate $ olcAccess $ "
"olcAddContentAcl $ olcLastMod $ olcLimits $ "
"olcMaxDerefDepth $ olcPlugin $ olcReadOnly $ olcReplica $ "
"olcReplicaArgsFile $ olcReplicaPidFile $ olcReplicationInterval $ "
"NAME 'olcOverlayConfig' "
"DESC 'OpenLDAP Overlay-specific options' "
"SUP olcConfig STRUCTURAL "
- "MUST olcOverlay )", Cft_Overlay, NULL, cfAddOverlay },
+ "MUST olcOverlay "
+ "MAY olcDisabled )", Cft_Overlay, NULL, cfAddOverlay },
{ "( OLcfgGlOc:6 "
"NAME 'olcIncludeFile' "
"DESC 'OpenLDAP configuration include file' "
} ServerID;
static ServerID *sid_list;
+static ServerID *sid_set;
typedef struct voidList {
struct voidList *vl_next;
case CFG_THREADS:
c->value_int = connection_pool_max;
break;
+ case CFG_THREADQS:
+ c->value_int = connection_pool_queues;
+ break;
case CFG_TTHREADS:
c->value_int = slap_tool_thread_max;
break;
case CFG_DEPTH:
c->value_int = c->be->be_max_deref_depth;
break;
+ case CFG_DISABLED:
+ if ( c->bi ) {
+ /* overlay */
+ if ( c->bi->bi_flags & SLAPO_BFLAG_DISABLED ) {
+ c->value_int = 1;
+ } else {
+ rc = 1;
+ }
+ } else {
+ /* database */
+ if ( SLAP_DBDISABLED( c->be )) {
+ c->value_int = 1;
+ } else {
+ rc = 1;
+ }
+ }
+ break;
case CFG_HIDDEN:
if ( SLAP_DBHIDDEN( c->be )) {
c->value_int = 1;
break;
case CFG_MIRRORMODE:
if ( SLAP_SHADOW(c->be))
- c->value_int = (SLAP_SINGLE_SHADOW(c->be) == 0);
+ c->value_int = (SLAP_MULTIMASTER(c->be) != 0);
else
rc = 1;
break;
case CFG_SSTR_IF_MIN:
c->value_uint = index_substr_if_minlen;
break;
+ case CFG_IX_HASH64:
+ c->value_int = slap_hash64( -1 );
+ break;
case CFG_IX_INTLEN:
c->value_int = index_intlen;
break;
/* single-valued attrs, no-ops */
case CFG_CONCUR:
case CFG_THREADS:
+ case CFG_THREADQS:
case CFG_TTHREADS:
case CFG_LTHREADS:
case CFG_RO:
case CFG_AZPOLICY:
case CFG_DEPTH:
case CFG_LASTMOD:
- case CFG_MIRRORMODE:
case CFG_MONITORING:
case CFG_SASLSECP:
case CFG_SSTR_IF_MAX:
snprintf(c->log, sizeof( c->log ), "change requires slapd restart");
break;
+ case CFG_MIRRORMODE:
+ SLAP_DBFLAGS(c->be) &= ~SLAP_DBFLAG_MULTI_SHADOW;
+ if(SLAP_SHADOW(c->be))
+ SLAP_DBFLAGS(c->be) |= SLAP_DBFLAG_SINGLE_SHADOW;
+ break;
+
#if defined(HAVE_CYRUS_SASL) && defined(SLAP_AUXPROP_DONTUSECOPY)
case CFG_AZDUC:
if ( c->valx < 0 ) {
si; si = *sip, i++ ) {
if ( c->valx == -1 || i == c->valx ) {
*sip = si->si_next;
+ if ( sid_set == si )
+ sid_set = NULL;
ch_free( si );
if ( c->valx >= 0 )
break;
c->be->be_flags &= ~SLAP_DBFLAG_HIDDEN;
break;
+ case CFG_DISABLED:
+ if ( c->bi ) {
+ c->bi->bi_flags &= ~SLAP_DBFLAG_DISABLED;
+ if ( c->bi->bi_db_open ) {
+ BackendInfo *bi_orig = c->be->bd_info;
+ c->be->bd_info = c->bi;
+ rc = c->bi->bi_db_open( c->be, &c->reply );
+ c->be->bd_info = bi_orig;
+ }
+ } else {
+ c->be->be_flags &= ~SLAP_DBFLAG_DISABLED;
+ rc = backend_startup_one( c->be, &c->reply );
+ }
+ break;
+
+ case CFG_IX_HASH64:
+ slap_hash64( 0 );
+ break;
+
case CFG_IX_INTLEN:
index_intlen = SLAP_INDEX_INTLEN_DEFAULT;
index_intlen_strlen = SLAP_INDEX_INTLEN_STRLEN(
*prev = a->acl_next;
acl_free( a );
}
+ if ( SLAP_CONFIG( c->be ) && !c->be->be_acl ) {
+ Debug( LDAP_DEBUG_CONFIG, "config_generic (CFG_ACL): "
+ "Last explicit ACL for back-config removed. "
+ "Using hardcoded default\n", 0, 0, 0 );
+ c->be->be_acl = defacl_parsed;
+ }
break;
case CFG_OC: {
connection_pool_max = c->value_int; /* save for reference */
break;
+ case CFG_THREADQS:
+ if ( c->value_int < 1 ) {
+ snprintf( c->cr_msg, sizeof( c->cr_msg ),
+ "threadqueuess=%d smaller than minimum value 1",
+ c->value_int );
+ Debug(LDAP_DEBUG_ANY, "%s: %s.\n",
+ c->log, c->cr_msg, 0 );
+ return 1;
+ }
+ if ( slapMode & SLAP_SERVER_MODE )
+ ldap_pvt_thread_pool_queues(&connection_pool, c->value_int);
+ connection_pool_queues = c->value_int; /* save for reference */
+ break;
+
case CFG_TTHREADS:
if ( slapMode & SLAP_TOOL_MODE )
ldap_pvt_thread_pool_maxthreads(&connection_pool, c->value_int);
/* else prev is NULL, append to end of global list */
}
if(parse_oc(c, &oc, prev)) return(1);
- if (!cfn->c_oc_head) cfn->c_oc_head = oc;
+ if (!cfn->c_oc_head || !c->valx) cfn->c_oc_head = oc;
if (cfn->c_oc_tail == prev) cfn->c_oc_tail = oc;
}
break;
/* else prev is NULL, append to end of global list */
}
if(parse_at(c, &at, prev)) return(1);
- if (!cfn->c_at_head) cfn->c_at_head = at;
+ if (!cfn->c_at_head || !c->valx) cfn->c_at_head = at;
if (cfn->c_at_tail == prev) cfn->c_at_tail = at;
}
break;
/* else prev is NULL, append to end of global list */
}
if ( parse_syn( c, &syn, prev ) ) return(1);
- if ( !cfn->c_syn_head ) cfn->c_syn_head = syn;
+ if ( !cfn->c_syn_head || !c->valx ) cfn->c_syn_head = syn;
if ( cfn->c_syn_tail == prev ) cfn->c_syn_tail = syn;
}
break;
return(1);
break;
+ case CFG_IX_HASH64:
+ if ( slap_hash64( c->value_int != 0 ))
+ return 1;
+ break;
+
case CFG_IX_INTLEN:
if ( c->value_int < SLAP_INDEX_INTLEN_DEFAULT )
c->value_int = SLAP_INDEX_INTLEN_DEFAULT;
index_intlen_strlen = SLAP_INDEX_INTLEN_STRLEN(
index_intlen );
break;
-
+
case CFG_SORTVALS: {
ADlist *svnew = NULL, *svtail, *sv;
break;
case CFG_ACL:
+ if ( SLAP_CONFIG( c->be ) && c->be->be_acl == defacl_parsed) {
+ c->be->be_acl = NULL;
+ }
/* Don't append to the global ACL if we're on a specific DB */
i = c->valx;
if ( c->valx == -1 ) {
i++;
}
if ( parse_acl(c->be, c->fname, c->lineno, c->argc, c->argv, i ) ) {
+ if ( SLAP_CONFIG( c->be ) && !c->be->be_acl) {
+ c->be->be_acl = defacl_parsed;
+ }
return 1;
}
break;
Debug( LDAP_DEBUG_CONFIG,
"%s: SID=0x%03x\n",
c->log, slap_serverID, 0 );
+ sid_set = si;
}
si->si_next = NULL;
si->si_num = num;
if (( slapMode & SLAP_SERVER_MODE ) && c->argc > 2 ) {
Listener *l = config_check_my_url( c->argv[2], lud );
if ( l ) {
+ if ( sid_set ) {
+ ldap_free_urldesc( lud );
+ snprintf( c->cr_msg, sizeof( c->cr_msg ),
+ "<%s> multiple server ID URLs matched, only one is allowed", c->argv[0] );
+ Debug(LDAP_DEBUG_ANY, "%s: %s %s\n",
+ c->log, c->cr_msg, c->argv[1] );
+ return 1;
+ }
slap_serverID = si->si_num;
Debug( LDAP_DEBUG_CONFIG,
"%s: SID=0x%03x (listener=%s)\n",
c->log, slap_serverID,
l->sl_url.bv_val );
+ sid_set = si;
}
}
if ( c->argc > 2 )
c->log, c->cr_msg, 0 );
return(1);
}
- if(c->value_int)
+ if(c->value_int) {
SLAP_DBFLAGS(c->be) &= ~SLAP_DBFLAG_SINGLE_SHADOW;
- else
+ SLAP_DBFLAGS(c->be) |= SLAP_DBFLAG_MULTI_SHADOW;
+ } else {
SLAP_DBFLAGS(c->be) |= SLAP_DBFLAG_SINGLE_SHADOW;
+ SLAP_DBFLAGS(c->be) &= ~SLAP_DBFLAG_MULTI_SHADOW;
+ }
break;
case CFG_MONITORING:
SLAP_DBFLAGS(c->be) &= ~SLAP_DBFLAG_MONITORING;
break;
+ case CFG_DISABLED:
+ if ( c->bi ) {
+ if (c->value_int) {
+ if ( c->bi->bi_db_close ) {
+ BackendInfo *bi_orig = c->be->bd_info;
+ c->be->bd_info = c->bi;
+ c->bi->bi_db_close( c->be, &c->reply );
+ c->be->bd_info = bi_orig;
+ }
+ c->bi->bi_flags |= SLAPO_BFLAG_DISABLED;
+ } else {
+ c->bi->bi_flags &= ~SLAPO_BFLAG_DISABLED;
+ }
+ } else {
+ if (c->value_int) {
+ backend_shutdown( c->be );
+ SLAP_DBFLAGS(c->be) |= SLAP_DBFLAG_DISABLED;
+ } else {
+ SLAP_DBFLAGS(c->be) &= ~SLAP_DBFLAG_DISABLED;
+ }
+ }
+ break;
+
case CFG_HIDDEN:
if (c->value_int)
SLAP_DBFLAGS(c->be) |= SLAP_DBFLAG_HIDDEN;
}
#endif
- if (SLAP_DB_ONE_SUFFIX( c->be ) && c->be->be_suffix ) {
+ if (SLAP_DB_ONE_SUFFIX( c->be ) && c->be->be_suffix &&
+ !BER_BVISNULL( &c->be->be_suffix[0] )) {
snprintf( c->cr_msg, sizeof( c->cr_msg ), "<%s> Only one suffix is allowed on this %s backend",
c->argv[0], c->be->bd_info->bi_type );
Debug(LDAP_DEBUG_ANY, "%s: %s\n",
if ( !c->line ) {
c->be->be_restrictops = 0;
} else {
- restrictops = verb_to_mask( c->line, restrictable_ops );
- c->be->be_restrictops ^= restrictops;
+ i = verb_to_mask( c->line, restrictable_ops );
+ c->be->be_restrictops &= ~restrictable_ops[i].mask;
}
return 0;
}
if ( !c->line ) {
global_allows = 0;
} else {
- allows = verb_to_mask( c->line, allowable_ops );
- global_allows ^= allows;
+ i = verb_to_mask( c->line, allowable_ops );
+ global_allows &= ~allowable_ops[i].mask;
}
return 0;
}
if ( !c->line ) {
global_disallows = 0;
} else {
- disallows = verb_to_mask( c->line, disallowable_ops );
- global_disallows ^= disallows;
+ i = verb_to_mask( c->line, disallowable_ops );
+ global_disallows &= ~disallowable_ops[i].mask;
}
return 0;
}
if ( !c->line ) {
c->be->be_requires = 0;
} else {
- requires = verb_to_mask( c->line, requires_ops );
- c->be->be_requires ^= requires;
+ i = verb_to_mask( c->line, requires_ops );
+ c->be->be_requires &= ~requires_ops[i].mask;
}
return 0;
}
loglevel_init();
}
+ if ( l == 0 ) {
+ return value_add_one( bva, ber_bvstr( "0" ) );
+ }
+
return mask_to_verbs( loglevel_ops, l, bva );
}
if ( !c->line ) {
config_syslog = 0;
} else {
- int level = verb_to_mask( c->line, loglevel_ops );
- config_syslog ^= level;
+ i = verb_to_mask( c->line, loglevel_ops );
+ config_syslog &= ~loglevel_ops[i].mask;
}
if ( slapMode & SLAP_SERVER_MODE ) {
ldap_syslog = config_syslog;
}
} else {
- SLAP_DBFLAGS(c->be) |= (SLAP_DBFLAG_SHADOW | SLAP_DBFLAG_SINGLE_SHADOW | flag);
+ SLAP_DBFLAGS(c->be) |= (SLAP_DBFLAG_SHADOW | flag);
+ if ( !SLAP_MULTIMASTER( c->be ))
+ SLAP_DBFLAGS(c->be) |= SLAP_DBFLAG_SINGLE_SHADOW;
}
return 0;
int opt = 1;
ldap_pvt_tls_ctx_free( slap_tls_ctx );
+ slap_tls_ctx = NULL;
/* Force new ctx to be created */
rc = ldap_pvt_tls_set_option( slap_tls_ld, LDAP_OPT_X_TLS_NEWCTX, &opt );
ldap_pvt_tls_get_option( slap_tls_ld, LDAP_OPT_X_TLS_CTX, &slap_tls_ctx );
/* This is a no-op if it's already loaded */
load_extop( &slap_EXOP_START_TLS, 0, starttls_extop );
+ } else {
+ if ( rc == LDAP_NOT_SUPPORTED )
+ rc = LDAP_UNWILLING_TO_PERFORM;
+ else
+ rc = LDAP_OTHER;
}
}
return rc;
case CFG_TLS_CA_PATH: flag = LDAP_OPT_X_TLS_CACERTDIR; break;
case CFG_TLS_CA_FILE: flag = LDAP_OPT_X_TLS_CACERTFILE; break;
case CFG_TLS_DH_FILE: flag = LDAP_OPT_X_TLS_DHFILE; break;
+ case CFG_TLS_ECNAME: flag = LDAP_OPT_X_TLS_ECNAME; break;
#ifdef HAVE_GNUTLS
case CFG_TLS_CRL_FILE: flag = LDAP_OPT_X_TLS_CRLFILE; break;
#endif
}
ch_free( c->value_string );
c->cleanup = config_tls_cleanup;
- if ( isdigit( (unsigned char)c->argv[1][0] ) ) {
+ if ( isdigit( (unsigned char)c->argv[1][0] ) && c->type != CFG_TLS_PROTOCOL_MIN ) {
if ( lutil_atoi( &i, c->argv[1] ) != 0 ) {
Debug(LDAP_DEBUG_ANY, "%s: "
"unable to parse %s \"%s\"\n",
assert( 0 );
}
}
+ if ( rc == 0 && ( slapMode & SLAP_SERVER_MODE ) && sid_list ) {
+ if ( !BER_BVISEMPTY( &sid_list->si_url ) && !sid_set ) {
+ Debug(LDAP_DEBUG_ANY, "read_config: no serverID / URL match found. "
+ "Check slapd -h arguments.\n", 0,0,0 );
+ rc = LDAP_OTHER;
+ }
+ }
return rc;
}
}
}
- /* count related kids */
- for (nsibs=0, ce=parent->ce_kids; ce; ce=ce->ce_sibs) {
- if ( ce->ce_type == ce_type ) nsibs++;
+ /* count related kids.
+ * For entries of type Cft_Misc, only count siblings with same RDN type
+ */
+ if ( ce_type == Cft_Misc ) {
+ rdn.bv_val = e->e_nname.bv_val;
+ ptr1 = strchr( rdn.bv_val, '=' );
+ assert( ptr1 != NULL );
+
+ rdn.bv_len = ptr1 - rdn.bv_val;
+
+ for (nsibs=0, ce=parent->ce_kids; ce; ce=ce->ce_sibs) {
+ struct berval rdn2;
+ if ( ce->ce_type != ce_type )
+ continue;
+
+ dnRdn( &ce->ce_entry->e_nname, &rdn2 );
+
+ ptr1 = strchr( rdn2.bv_val, '=' );
+ assert( ptr1 != NULL );
+
+ rdn2.bv_len = ptr1 - rdn2.bv_val;
+ if ( bvmatch( &rdn, &rdn2 ))
+ nsibs++;
+ }
+ } else {
+ for (nsibs=0, ce=parent->ce_kids; ce; ce=ce->ce_sibs) {
+ if ( ce->ce_type == ce_type ) nsibs++;
+ }
}
/* account for -1 frontend */
return rc;
}
+/* Insert all superior classes of the given class */
static int
count_oc( ObjectClass *oc, ConfigOCs ***copp, int *nocs )
{
return 0;
}
+/* Find all superior classes of the given objectclasses,
+ * return list in order of most-subordinate first.
+ *
+ * Special / auxiliary / Cft_Misc classes always take precedence.
+ */
static ConfigOCs **
count_ocs( Attribute *oc_at, int *nocs )
{
- int i, j;
+ int i, j, misc = -1;
ConfigOCs **colst = NULL;
*nocs = 0;
ConfigOCs *tmp = colst[i];
colst[i] = colst[j];
colst[j] = tmp;
+ if (tmp->co_type == Cft_Misc)
+ misc = j;
i++; j--;
}
+ /* Move misc class to front of list */
+ if (misc > 0) {
+ ConfigOCs *tmp = colst[misc];
+ for (i=misc; i>0; i--)
+ colst[i] = colst[i-1];
+ colst[0] = tmp;
+ }
return colst;
}
oc_at = attr_find( e->e_attrs, slap_schema.si_ad_objectClass );
if ( !oc_at ) return LDAP_OBJECT_CLASS_VIOLATION;
+ for (ml = op->orm_modlist; ml; ml=ml->sml_next) {
+ if (ml->sml_desc == slap_schema.si_ad_objectClass)
+ return rc;
+ }
+
colst = count_ocs( oc_at, &nocs );
/* make sure add/del flags are clear; should always be true */
/* FALLTHRU: LDAP_MOD_REPLACE && vals */
case LDAP_MOD_ADD:
+ if ( !a )
+ break;
for (i=0; ml->sml_values[i].bv_val; i++) {
ca->line = ml->sml_values[i].bv_val;
ca->valx = -1;
ca->reply = msg;
}
- if ( ca->cleanup )
- ca->cleanup( ca );
+ if ( ca->cleanup ) {
+ i = ca->cleanup( ca );
+ if (rc == LDAP_SUCCESS)
+ rc = i;
+ }
out_noop:
if ( rc == LDAP_SUCCESS ) {
attrs_free( save_attrs );
rs->sr_matched = last->ce_entry->e_name.bv_val;
rs->sr_err = LDAP_NO_SUCH_OBJECT;
} else if ( ce->ce_kids ) {
- rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
+ rs->sr_err = LDAP_NOT_ALLOWED_ON_NONLEAF;
} else if ( op->o_abandon ) {
rs->sr_err = SLAPD_ABANDON;
- } else if ( ce->ce_type == Cft_Overlay || ce->ce_type == Cft_Database ){
+ } else if ( ce->ce_type == Cft_Overlay ||
+ ce->ce_type == Cft_Database ||
+ ce->ce_type == Cft_Misc ){
char *iptr;
int count, ixold;
if ( ce->ce_type == Cft_Overlay ){
overlay_remove( ce->ce_be, (slap_overinst *)ce->ce_bi, op );
- } else { /* Cft_Database*/
+ } else if ( ce->ce_type == Cft_Misc ) {
+ /*
+ * only Cft_Misc objects that have a co_lddel handler set in
+ * the ConfigOCs struct can be deleted. This code also
+ * assumes that the entry can be only have one objectclass
+ * with co_type == Cft_Misc
+ */
+ ConfigOCs co, *coptr;
+ Attribute *oc_at;
+ int i;
+
+ oc_at = attr_find( ce->ce_entry->e_attrs,
+ slap_schema.si_ad_objectClass );
+ if ( !oc_at ) {
+ rs->sr_err = LDAP_OTHER;
+ rs->sr_text = "objectclass not found";
+ ldap_pvt_thread_pool_resume( &connection_pool );
+ goto out;
+ }
+ for ( i=0; !BER_BVISNULL(&oc_at->a_nvals[i]); i++ ) {
+ co.co_name = &oc_at->a_nvals[i];
+ coptr = avl_find( CfOcTree, &co, CfOc_cmp );
+ if ( coptr == NULL || coptr->co_type != Cft_Misc ) {
+ continue;
+ }
+ if ( ! coptr->co_lddel || coptr->co_lddel( ce, op ) ){
+ rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
+ if ( ! coptr->co_lddel ) {
+ rs->sr_text = "No delete handler found";
+ } else {
+ rs->sr_err = LDAP_OTHER;
+ /* FIXME: We should return a helpful error message
+ * here */
+ }
+ ldap_pvt_thread_pool_resume( &connection_pool );
+ goto out;
+ }
+ break;
+ }
+ } else if (ce->ce_type == Cft_Database ) {
if ( ce->ce_be == frontendDB || ce->ce_be == op->o_bd ){
rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
rs->sr_text = "Cannot delete config or frontend database";
ldap_pvt_thread_pool_resume( &connection_pool );
goto out;
- }
+ }
if ( ce->ce_be->bd_info->bi_db_close ) {
ce->ce_be->bd_info->bi_db_close( ce->ce_be, NULL );
}
bv.bv_len );
c->value_dn.bv_len += bv.bv_len;
c->value_dn.bv_val[c->value_dn.bv_len] ='\0';
- rdn = c->value_dn;
+ rdnNormalize( 0, NULL, NULL, &c->value_dn, &rdn, NULL );
c->ca_private = cf;
e = config_build_entry( op, rs, ceparent, c, &rdn,
&CFOC_SCHEMA, NULL );
+ ch_free( rdn.bv_val );
if ( !e ) {
return -1;
} else if ( e && cf->c_kids ) {
slap_callback cb = { NULL, slap_null_cb, NULL, NULL };
SlapReply rs = {REP_RESULT};
void *thrctx = NULL;
+ AccessControl *save_access;
Debug( LDAP_DEBUG_TRACE, "config_back_db_open\n", 0, 0, 0);
/* If we have no explicitly configured ACLs, don't just use
* the global ACLs. Explicitly deny access to everything.
*/
- if ( !be->bd_self->be_acl ) {
- parse_acl(be->bd_self, "config_back_db_open", 0, 6, (char **)defacl, 0 );
+ save_access = be->bd_self->be_acl;
+ be->bd_self->be_acl = NULL;
+ parse_acl(be->bd_self, "config_back_db_open", 0, 6, (char **)defacl, 0 );
+ defacl_parsed = be->bd_self->be_acl;
+ if ( save_access ) {
+ be->bd_self->be_acl = save_access;
+ } else {
+ Debug( LDAP_DEBUG_CONFIG, "config_back_db_open: "
+ "No explicit ACL for back-config configured. "
+ "Using hardcoded default\n", 0, 0, 0 );
}
thrctx = ldap_pvt_thread_pool_context();
backend_shutdown( &cfb->cb_db );
}
+ if ( defacl_parsed && be->be_acl != defacl_parsed ) {
+ acl_free( defacl_parsed );
+ defacl_parsed = NULL;
+ }
+
return 0;
}
return NOID;
}
} else {
+ if ( !strncmp( e->e_nname.bv_val +
+ STRLENOF( "olcDatabase" ), "=frontend",
+ STRLENOF( "=frontend" ) ) )
+ {
+ struct berval rdn, pdn, ndn;
+ dnParent( &e->e_nname, &pdn );
+ rdn.bv_val = ca.log;
+ rdn.bv_len = snprintf(rdn.bv_val, sizeof( ca.log ),
+ "%s=" SLAP_X_ORDERED_FMT "%s",
+ cfAd_database->ad_cname.bv_val, -1,
+ frontendDB->bd_info->bi_type );
+ build_new_dn( &ndn, &pdn, &rdn, NULL );
+ ber_memfree( e->e_name.bv_val );
+ e->e_name = ndn;
+ ber_bvreplace( &e->e_nname, &e->e_name );
+ }
entry_put_got_frontend++;
isFrontend = 1;
}