/* config.c - configuration file handling routines */
/* $OpenLDAP$ */
/*
- * Copyright 1998-2000 The OpenLDAP Foundation, All Rights Reserved.
+ * Copyright 1998-2002 The OpenLDAP Foundation, All Rights Reserved.
* COPYING RESTRICTIONS APPLY, see COPYRIGHT file
*/
slap_mask_t global_requires = 0;
slap_ssf_set_t global_ssf_set;
char *replogfile;
-int global_lastmod = ON;
int global_idletimeout = 0;
char *global_host = NULL;
char *global_realm = NULL;
char *ldap_srvtab = "";
char *default_passwd_hash;
-char *default_search_base = NULL;
-char *default_search_nbase = NULL;
+struct berval default_search_base = { 0, NULL };
+struct berval default_search_nbase = { 0, NULL };
+unsigned num_subordinates = 0;
ber_len_t sockbuf_max_incoming = SLAP_SB_MAX_INCOMING_DEFAULT;
ber_len_t sockbuf_max_incoming_auth= SLAP_SB_MAX_INCOMING_AUTH;
char *cargv[MAXARGS+1];
int lineno, i;
int rc;
- struct berval *vals[2];
- struct berval val;
+ struct berval vals[2];
+ static int lastmod = 1;
static BackendInfo *bi = NULL;
static BackendDB *be = NULL;
- vals[0] = &val;
- vals[1] = NULL;
+ vals[1].bv_val = NULL;
if ( (fp = fopen( fname, "r" )) == NULL ) {
ldap_syslog = 1;
if ( cargc < 2 ) {
#ifdef NEW_LOGGING
LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
- "%s: line %d: missing max in \"sockbuf_max_incoming <bytes\" line\n",
+ "%s: line %d: missing max in \"sockbuf_max_incoming <bytes>\" line\n",
fname, lineno ));
#else
Debug( LDAP_DEBUG_ANY,
- "%s: line %d: missing max in \"sockbuf_max_incoming <bytes\" line\n",
+ "%s: line %d: missing max in \"sockbuf_max_incoming <bytes>\" line\n",
fname, lineno, 0 );
#endif
if ( cargc < 2 ) {
#ifdef NEW_LOGGING
LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
- "%s: line %d: missing dn in \"defaultSearchBase <dn\" "
- "line\n", fname, lineno ));
+ "%s: line %d: missing dn in \"defaultSearchBase <dn\" "
+ "line\n", fname, lineno ));
#else
Debug( LDAP_DEBUG_ANY, "%s: line %d: "
"missing dn in \"defaultSearchBase <dn>\" line\n",
} else if ( cargc > 2 ) {
#ifdef NEW_LOGGING
LDAP_LOG(( "config", LDAP_LEVEL_INFO,
- "%s: line %d: extra cruft after <dn> in "
- "\"defaultSearchBase %s\" line (ignored)\n",
- fname, lineno, cargv[1] ));
+ "%s: line %d: extra cruft after <dn> in "
+ "\"defaultSearchBase %s\" line (ignored)\n",
+ fname, lineno, cargv[1] ));
#else
Debug( LDAP_DEBUG_ANY, "%s: line %d: "
"extra cruft after <dn> in \"defaultSearchBase %s\", "
"line (ignored)\n",
fname, lineno, cargv[1] );
#endif
-
}
if ( bi != NULL || be != NULL ) {
#ifdef NEW_LOGGING
LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
- "%s: line %d: defaultSearchBase line must appear "
- "prior to any backend or database definitions\n",
- fname, lineno ));
+ "%s: line %d: defaultSearchBase line must appear "
+ "prior to any backend or database definitions\n",
+ fname, lineno ));
#else
Debug( LDAP_DEBUG_ANY, "%s: line %d: "
"defaultSearchBaase line must appear prior to "
return 1;
}
- if ( default_search_nbase != NULL ) {
+ if ( default_search_nbase.bv_len ) {
#ifdef NEW_LOGGING
- LDAP_LOG(( "config", LDAP_LEVEL_INFO,
- "%s: line %d: default search base \"%s\" already defined "
- "(discarding old)\n", fname, lineno, default_search_base ));
+ LDAP_LOG(( "config", LDAP_LEVEL_INFO, "%s: line %d: "
+ "default search base \"%s\" already defined "
+ "(discarding old)\n", fname, lineno,
+ default_search_base->bv_val ));
#else
Debug( LDAP_DEBUG_ANY, "%s: line %d: "
"default search base \"%s\" already defined "
"(discarding old)\n",
- fname, lineno, default_search_base );
+ fname, lineno, default_search_base.bv_val );
#endif
- free( default_search_base );
- free( default_search_nbase );
+ free( default_search_base.bv_val );
+ free( default_search_nbase.bv_val );
}
- default_search_base = ch_strdup( cargv[1] );
- default_search_nbase = ch_strdup( cargv[1] );
+ if ( load_ucdata( NULL ) < 0 ) return 1;
- if ( load_ucdata( NULL ) < 0 ) {
- return( 1 );
- }
- if( dn_normalize( default_search_nbase ) == NULL ) {
+ {
+ struct berval dn;
+
+ dn.bv_val = cargv[1];
+ dn.bv_len = strlen( dn.bv_val );
+
+ rc = dnPrettyNormal( NULL, &dn,
+ &default_search_base,
+ &default_search_nbase );
+
+ if( rc != LDAP_SUCCESS ) {
#ifdef NEW_LOGGING
- LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
- "%s: %d: invalid default search base \"%s\"\n",
- fname, lineno, default_search_base ));
+ LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
+ "%s: line %d: defaultSearchBase DN is invalid.\n",
+ fname, lineno ));
#else
- Debug( LDAP_DEBUG_ANY, "%s: line %d: "
- "invalid default search base \"%s\"\n",
- fname, lineno, default_search_base );
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: defaultSearchBase DN is invalid\n",
+ fname, lineno, 0 );
#endif
-
- return 1;
+ return( 1 );
+ }
}
-
+
/* set maximum threads in thread pool */
} else if ( strcasecmp( cargv[0], "threads" ) == 0 ) {
int c;
ldap_pvt_thread_pool_maxthreads( &connection_pool, c );
+ /* save for later use */
+ connection_pool_max = c;
+
/* get pid file name */
} else if ( strcasecmp( cargv[0], "pidfile" ) == 0 ) {
if ( cargc < 2 ) {
return( 1 );
}
+ /* mark this as a subordinate database */
+ } else if ( strcasecmp( cargv[0], "subordinate" ) == 0 ) {
+ if ( be == NULL ) {
+#ifdef NEW_LOGGING
+ LDAP_LOG(( "config", LDAP_LEVEL_INFO, "%s: line %d: "
+ "subordinate keyword must appear inside a database "
+ "definition (ignored).\n", fname, lineno ));
+#else
+ Debug( LDAP_DEBUG_ANY, "%s: line %d: suffix line "
+ "must appear inside a database definition (ignored)\n",
+ fname, lineno, 0 );
+#endif
+ } else {
+ be->be_flags |= SLAP_BFLAG_GLUE_SUBORDINATE;
+ num_subordinates++;
+ }
+
/* set database suffix */
} else if ( strcasecmp( cargv[0], "suffix" ) == 0 ) {
Backend *tmp_be;
+ struct berval dn;
+ struct berval *pdn = NULL;
+ struct berval *ndn = NULL;
+
if ( cargc < 2 ) {
#ifdef NEW_LOGGING
LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
- "%s: line %d: missing dn in \"suffix <dn>\" line.\n",
- fname, lineno ));
+ "%s: line %d: missing dn in \"suffix <dn>\" line.\n",
+ fname, lineno ));
#else
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d: missing dn in \"suffix <dn>\" line\n",
+ Debug( LDAP_DEBUG_ANY, "%s: line %d: "
+ "missing dn in \"suffix <dn>\" line\n",
fname, lineno, 0 );
#endif
return( 1 );
+
} else if ( cargc > 2 ) {
#ifdef NEW_LOGGING
LDAP_LOG(( "config", LDAP_LEVEL_INFO,
- "%s: line %d: extra cruft after <dn> in \"suffix %s\""
- " line (ignored).\n", fname, lineno, cargv[1] ));
+ "%s: line %d: extra cruft after <dn> in \"suffix %s\""
+ " line (ignored).\n", fname, lineno, cargv[1] ));
#else
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d: extra cruft after <dn> in \"suffix %s\" line (ignored)\n",
+ Debug( LDAP_DEBUG_ANY, "%s: line %d: extra cruft "
+ "after <dn> in \"suffix %s\" line (ignored)\n",
fname, lineno, cargv[1] );
#endif
-
}
+
if ( be == NULL ) {
#ifdef NEW_LOGGING
LDAP_LOG(( "config", LDAP_LEVEL_INFO,
- "%s: line %d: suffix line must appear inside a database "
- "definition (ignored).\n", fname, lineno ));
+ "%s: line %d: suffix line must appear inside a database "
+ "definition.\n", fname, lineno ));
#else
- Debug( LDAP_DEBUG_ANY,
-"%s: line %d: suffix line must appear inside a database definition (ignored)\n",
+ Debug( LDAP_DEBUG_ANY, "%s: line %d: suffix line "
+ "must appear inside a database definition\n",
fname, lineno, 0 );
#endif
+ return( 1 );
#if defined(SLAPD_MONITOR_DN)
/* "cn=Monitor" is reserved for monitoring slap */
} else if ( strcasecmp( cargv[1], SLAPD_MONITOR_DN ) == 0 ) {
#ifdef NEW_LOGGING
- LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
-"%s: line %d: \"%s\" is reserved for monitoring slapd\n",
- SLAPD_MONITOR_DN, fname, lineno ));
+ LDAP_LOG(( "config", LDAP_LEVEL_CRIT, "%s: line %d: \""
+ SLAPD_MONITOR_DN "\" is reserved for monitoring slapd\n",
+ fname, lineno ));
#else
- Debug( LDAP_DEBUG_ANY,
-"%s: line %d: \"%s\" is reserved for monitoring slapd\n",
- SLAPD_MONITOR_DN, fname, lineno );
+ Debug( LDAP_DEBUG_ANY, "%s: line %d: \""
+ SLAPD_MONITOR_DN "\" is reserved for monitoring slapd\n",
+ fname, lineno, 0 );
#endif
return( 1 );
#endif /* SLAPD_MONITOR_DN */
+ }
+
+ if ( load_ucdata( NULL ) < 0 ) return 1;
- } else if ( ( tmp_be = select_backend( cargv[1], 0 ) ) == be ) {
+ dn.bv_val = cargv[1];
+ dn.bv_len = strlen( cargv[1] );
+ pdn = ch_malloc( sizeof( struct berval ));
+ ndn = ch_malloc( sizeof( struct berval ));
+
+ rc = dnPrettyNormal( NULL, &dn, pdn, ndn );
+ if( rc != LDAP_SUCCESS ) {
#ifdef NEW_LOGGING
- LDAP_LOG(( "config", LDAP_LEVEL_INFO,
- "%s: line %d: suffix already served by this backend "
- "(ignored)\n", fname, lineno ));
+ LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
+ "%s: line %d: suffix DN is invalid.\n",
+ fname, lineno ));
#else
Debug( LDAP_DEBUG_ANY,
-"%s: line %d: suffix already served by this backend (ignored)\n",
- fname, lineno, 0 );
+ "%s: line %d: suffix DN is invalid\n",
+ fname, lineno, 0 );
#endif
+ return( 1 );
+ }
- } else if ( tmp_be != NULL ) {
+ tmp_be = select_backend( ndn, 0, 0 );
+ if ( tmp_be == be ) {
#ifdef NEW_LOGGING
LDAP_LOG(( "config", LDAP_LEVEL_INFO,
- "%s: line %d: suffix already served by a preceding "
- "backend \"%s\" (ignored)\n", fname, lineno,
- tmp_be->be_suffix[0] ));
+ "%s: line %d: suffix already served by this backend "
+ "(ignored)\n", fname, lineno ));
#else
- Debug( LDAP_DEBUG_ANY,
-"%s: line %d: suffix already served by a preceeding backend \"%s\" (ignored)\n",
- fname, lineno, tmp_be->be_suffix[0] );
+ Debug( LDAP_DEBUG_ANY, "%s: line %d: suffix "
+ "already served by this backend (ignored)\n",
+ fname, lineno, 0 );
#endif
+ ber_bvfree( pdn );
+ ber_bvfree( ndn );
- } else {
- char *dn = ch_strdup( cargv[1] );
- if ( load_ucdata( NULL ) < 0 ) {
- return( 1 );
- }
- if( dn_validate( dn ) == NULL ) {
+ } else if ( tmp_be != NULL ) {
#ifdef NEW_LOGGING
- LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
- "%s: line %d: suffix DN invalid\"%s\"\n",
- fname, lineno, cargv[1] ));
+ LDAP_LOG(( "config", LDAP_LEVEL_INFO,
+ "%s: line %d: suffix already served by a preceding "
+ "backend \"%s\"\n", fname, lineno,
+ tmp_be->be_suffix[0]->bv_val ));
#else
- Debug( LDAP_DEBUG_ANY, "%s: line %d: "
- "suffix DN invalid \"%s\"\n",
- fname, lineno, cargv[1] );
+ Debug( LDAP_DEBUG_ANY, "%s: line %d: suffix "
+ "already served by a preceeding backend \"%s\"\n",
+ fname, lineno, tmp_be->be_suffix[0]->bv_val );
#endif
+ ber_bvfree( pdn );
+ ber_bvfree( ndn );
+ return( 1 );
- return 1;
-
- } else if( *dn == '\0' && default_search_nbase != NULL ) {
+ } else if( pdn->bv_len == 0 && default_search_nbase.bv_len ) {
#ifdef NEW_LOGGING
LDAP_LOG(( "config", LDAP_LEVEL_INFO,
- "%s: line %d: suffix DN empty and default search "
- "base provided \"%s\" (assuming okay).\n",
- fname, lineno, default_search_base ));
+ "%s: line %d: suffix DN empty and default search "
+ "base provided \"%s\" (assuming okay).\n",
+ fname, lineno, default_search_base.bv_val ));
#else
Debug( LDAP_DEBUG_ANY, "%s: line %d: "
"suffix DN empty and default "
"search base provided \"%s\" (assuming okay)\n",
- fname, lineno, default_search_base );
+ fname, lineno, default_search_base.bv_val );
#endif
-
- }
- charray_add( &be->be_suffix, dn );
- (void) ldap_pvt_str2upper( dn );
- charray_add( &be->be_nsuffix, dn );
- free( dn );
}
+ ber_bvecadd( &be->be_suffix, pdn );
+ ber_bvecadd( &be->be_nsuffix, ndn );
+
/* set database suffixAlias */
} else if ( strcasecmp( cargv[0], "suffixAlias" ) == 0 ) {
Backend *tmp_be;
+ struct berval alias, *palias, nalias;
+ struct berval aliased, *paliased, naliased;
+
if ( cargc < 2 ) {
#ifdef NEW_LOGGING
LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
- "%s: line %d: missing alias and aliased_dn in "
- "\"suffixAlias <alias> <aliased_dn>\" line.\n",
- fname, lineno ));
+ "%s: line %d: missing alias and aliased_dn in "
+ "\"suffixAlias <alias> <aliased_dn>\" line.\n",
+ fname, lineno ));
#else
Debug( LDAP_DEBUG_ANY,
-"%s: line %d: missing alias and aliased_dn in \"suffixAlias <alias> <aliased_dn>\" line\n",
+ "%s: line %d: missing alias and aliased_dn in "
+ "\"suffixAlias <alias> <aliased_dn>\" line.\n",
fname, lineno, 0 );
#endif
} else if ( cargc < 3 ) {
#ifdef NEW_LOGGING
LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
- "%s: line %d: missing aliased_dn in "
- "\"suffixAlias <alias> <aliased_dn>\" line\n",
- fname, lineno ));
+ "%s: line %d: missing aliased_dn in "
+ "\"suffixAlias <alias> <aliased_dn>\" line\n",
+ fname, lineno ));
#else
Debug( LDAP_DEBUG_ANY,
-"%s: line %d: missing aliased_dn in \"suffixAlias <alias> <aliased_dn>\" line\n",
- fname, lineno, 0 );
+ "%s: line %d: missing aliased_dn in "
+ "\"suffixAlias <alias> <aliased_dn>\" line\n",
+ fname, lineno, 0 );
#endif
return( 1 );
} else if ( cargc > 3 ) {
#ifdef NEW_LOGGING
LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
- "%s: line %d: extra cruft in suffixAlias line (ignored)\n",
- fname, lineno ));
+ "%s: line %d: extra cruft in suffixAlias line (ignored)\n",
+ fname, lineno ));
#else
Debug( LDAP_DEBUG_ANY,
"%s: line %d: extra cruft in suffixAlias line (ignored)\n",
- fname, lineno, 0 );
+ fname, lineno, 0 );
#endif
}
if ( be == NULL ) {
#ifdef NEW_LOGGING
LDAP_LOG(( "config", LDAP_LEVEL_INFO,
- "%s: line %d: suffixAlias line must appear inside a "
- "database definition (ignored).\n", fname, lineno ));
+ "%s: line %d: suffixAlias line must appear inside a "
+ "database definition (ignored).\n", fname, lineno ));
#else
Debug( LDAP_DEBUG_ANY,
"%s: line %d: suffixAlias line"
" must appear inside a database definition (ignored)\n",
fname, lineno, 0 );
#endif
+ }
- } else if ( (tmp_be = select_backend( cargv[1], 0 )) != NULL ) {
+ if ( load_ucdata( NULL ) < 0 ) return 1;
+
+ alias.bv_val = cargv[1];
+ alias.bv_len = strlen( cargv[1] );
+ palias = ch_malloc(sizeof(struct berval));
+
+ rc = dnPrettyNormal( NULL, &alias, palias, &nalias );
+ if( rc != LDAP_SUCCESS ) {
+#ifdef NEW_LOGGING
+ LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
+ "%s: line %d: alias DN is invalid.\n",
+ fname, lineno ));
+#else
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: alias DN is invalid\n",
+ fname, lineno, 0 );
+#endif
+ return( 1 );
+ }
+
+ tmp_be = select_backend( &nalias, 0, 0 );
+ free( nalias.bv_val );
+ if ( tmp_be && tmp_be != be ) {
#ifdef NEW_LOGGING
LDAP_LOG(( "config", LDAP_LEVEL_INFO,
- "%s: line %d: suffixAlias served by a preceeding "
- "backend \"%s\" (ignored).\n", fname, lineno,
- tmp_be->be_suffix[0] ));
+ "%s: line %d: suffixAlias served by a preceeding "
+ "backend \"%s\"\n",
+ fname, lineno, tmp_be->be_suffix[0]->bv_val ));
#else
Debug( LDAP_DEBUG_ANY,
"%s: line %d: suffixAlias served by"
- " a preceeding backend \"%s\" (ignored)\n",
- fname, lineno, tmp_be->be_suffix[0] );
+ " a preceeding backend \"%s\"\n",
+ fname, lineno, tmp_be->be_suffix[0]->bv_val );
#endif
+ ber_bvfree( palias );
+ return -1;
+ }
+ aliased.bv_val = cargv[2];
+ aliased.bv_len = strlen( cargv[2] );
+ paliased = ch_malloc(sizeof(struct berval));
+
+ rc = dnPrettyNormal( NULL, &aliased, paliased, &naliased );
+ if( rc != LDAP_SUCCESS ) {
+#ifdef NEW_LOGGING
+ LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
+ "%s: line %d: aliased DN is invalid.\n",
+ fname, lineno ));
+#else
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: aliased DN is invalid\n",
+ fname, lineno, 0 );
+#endif
+ ber_bvfree( palias );
+ return( 1 );
+ }
- } else if ( (tmp_be = select_backend( cargv[2], 0 )) != NULL ) {
+ tmp_be = select_backend( &naliased, 0, 0 );
+ free( naliased.bv_val );
+ if ( tmp_be && tmp_be != be ) {
#ifdef NEW_LOGGING
LDAP_LOG(( "config", LDAP_LEVEL_INFO,
- "%s: line %d: suffixAlias derefs to a different backend "
- "a preceeding backend \"%s\" (ignored)\n",
- fname, lineno, tmp_be->be_suffix[0] ));
+ "%s: line %d: suffixAlias derefs to a different backend "
+ "a preceeding backend \"%s\"\n",
+ fname, lineno, tmp_be->be_suffix[0]->bv_val ));
#else
Debug( LDAP_DEBUG_ANY,
"%s: line %d: suffixAlias derefs to differnet backend"
- " a preceeding backend \"%s\" (ignored)\n",
- fname, lineno, tmp_be->be_suffix[0] );
+ " a preceeding backend \"%s\"\n",
+ fname, lineno, tmp_be->be_suffix[0]->bv_val );
#endif
-
-
- } else {
- char *alias, *aliased_dn;
-
- alias = ch_strdup( cargv[1] );
- if ( load_ucdata( NULL ) < 0 ) {
- return( 1 );
- }
- (void) dn_normalize( alias );
-
- aliased_dn = ch_strdup( cargv[2] );
- (void) dn_normalize( aliased_dn );
-
- charray_add( &be->be_suffixAlias, alias );
- charray_add( &be->be_suffixAlias, aliased_dn );
-
- free(alias);
- free(aliased_dn);
+ ber_bvfree( palias );
+ ber_bvfree( paliased );
+ return -1;
}
+ ber_bvecadd( &be->be_suffixAlias, palias );
+ ber_bvecadd( &be->be_suffixAlias, paliased );
+
/* set max deref depth */
} else if ( strcasecmp( cargv[0], "maxDerefDepth" ) == 0 ) {
int i;
#endif
} else {
- be->be_root_dn = ch_strdup( cargv[1] );
- be->be_root_ndn = ch_strdup( cargv[1] );
+ struct berval dn;
+
+ if ( load_ucdata( NULL ) < 0 ) return 1;
- if ( load_ucdata( NULL ) < 0 ) {
- return( 1 );
- }
- if( dn_normalize( be->be_root_ndn ) == NULL ) {
- free( be->be_root_dn );
- free( be->be_root_ndn );
+ dn.bv_val = cargv[1];
+ dn.bv_len = strlen( cargv[1] );
+
+ rc = dnPrettyNormal( NULL, &dn,
+ &be->be_rootdn,
+ &be->be_rootndn );
+
+ if( rc != LDAP_SUCCESS ) {
#ifdef NEW_LOGGING
LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
- "%s: line %d: rootdn DN is invalid.\n",
- fname, lineno ));
+ "%s: line %d: rootdn DN is invalid.\n",
+ fname, lineno ));
#else
Debug( LDAP_DEBUG_ANY,
-"%s: line %d: rootdn DN is invalid\n",
+ "%s: line %d: rootdn DN is invalid\n",
fname, lineno, 0 );
#endif
-
return( 1 );
}
}
#endif
} else {
- be->be_root_pw.bv_val = ch_strdup( cargv[1] );
- be->be_root_pw.bv_len = strlen( be->be_root_pw.bv_val );
+ be->be_rootpw.bv_val = ch_strdup( cargv[1] );
+ be->be_rootpw.bv_len = strlen( be->be_rootpw.bv_val );
}
/* make this database read-only */
allows = 0;
for( i=1; i < cargc; i++ ) {
- if( strcasecmp( cargv[i], "tls_2_anon" ) == 0 ) {
- allows |= SLAP_ALLOW_TLS_2_ANON;
+ if( strcasecmp( cargv[i], "bind_v2" ) == 0 ) {
+ allows |= SLAP_ALLOW_BIND_V2;
+
+ } else if( strcasecmp( cargv[i], "bind_anon_cred" ) == 0 ) {
+ allows |= SLAP_ALLOW_BIND_ANON_CRED;
+
+ } else if( strcasecmp( cargv[i], "bind_anon_dn" ) == 0 ) {
+ allows |= SLAP_ALLOW_BIND_ANON_DN;
} else if( strcasecmp( cargv[i], "none" ) != 0 ) {
#ifdef NEW_LOGGING
disallows = 0;
for( i=1; i < cargc; i++ ) {
- if( strcasecmp( cargv[i], "bind_v2" ) == 0 ) {
- disallows |= SLAP_DISALLOW_BIND_V2;
-
- } else if( strcasecmp( cargv[i], "bind_anon" ) == 0 ) {
+ if( strcasecmp( cargv[i], "bind_anon" ) == 0 ) {
disallows |= SLAP_DISALLOW_BIND_ANON;
- } else if( strcasecmp( cargv[i], "bind_anon_cred" ) == 0 ) {
- disallows |= SLAP_DISALLOW_BIND_ANON_CRED;
-
- } else if( strcasecmp( cargv[i], "bind_anon_dn" ) == 0 ) {
- disallows |= SLAP_DISALLOW_BIND_ANON_DN;
-
} else if( strcasecmp( cargv[i], "bind_simple" ) == 0 ) {
disallows |= SLAP_DISALLOW_BIND_SIMPLE;
} else if( strcasecmp( cargv[i], "bind_krbv4" ) == 0 ) {
disallows |= SLAP_DISALLOW_BIND_KRBV4;
+ } else if( strcasecmp( cargv[i], "tls_2_anon" ) == 0 ) {
+ disallows |= SLAP_DISALLOW_TLS_2_ANON;
+
} else if( strcasecmp( cargv[i], "tls_authc" ) == 0 ) {
disallows |= SLAP_DISALLOW_TLS_AUTHC;
return( 1 );
}
- vals[0]->bv_val = cargv[1];
- vals[0]->bv_len = strlen( vals[0]->bv_val );
+ if( validate_global_referral( cargv[1] ) ) {
+#ifdef NEW_LOGGING
+ LDAP_LOG(( "config", LDAP_LEVEL_CRIT, "%s: line %d: "
+ "invalid URL (%s) in \"referral\" line.\n",
+ fname, lineno, cargv[1] ));
+#else
+ Debug( LDAP_DEBUG_ANY, "%s: line %d: "
+ "invalid URL (%s) in \"referral\" line.\n",
+ fname, lineno, cargv[1] );
+#endif
+ return 1;
+ }
+
+ vals[0].bv_val = cargv[1];
+ vals[0].bv_len = strlen( vals[0].bv_val );
value_add( &default_referral, vals );
#ifdef NEW_LOGGING
return( 1 );
}
if ( strcasecmp( cargv[1], "off" ) == 0 ) {
+#ifdef NEW_LOGGING
+ LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
+ "%s: line %d: schema checking disabled! your mileage may vary!\n",
+ fname, lineno ));
+#else
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: schema checking disabled! your mileage may vary!\n",
+ fname, lineno, 0 );
+#endif
global_schemacheck = 0;
} else {
global_schemacheck = 1;
#endif
} else {
- be->be_update_ndn = ch_strdup( cargv[1] );
- if ( load_ucdata( NULL ) < 0 ) {
- return( 1 );
- }
- if( dn_normalize( be->be_update_ndn ) == NULL ) {
+ struct berval dn;
+
+ if ( load_ucdata( NULL ) < 0 ) return 1;
+
+ dn.bv_val = cargv[1];
+ dn.bv_len = strlen( cargv[1] );
+
+ rc = dnNormalize2( NULL, &dn, &be->be_update_ndn );
+ if( rc != LDAP_SUCCESS ) {
#ifdef NEW_LOGGING
LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
- "%s: line %d: updatedn DN is invalid.\n",
- fname, lineno ));
+ "%s: line %d: updatedn DN is invalid.\n",
+ fname, lineno ));
#else
Debug( LDAP_DEBUG_ANY,
-"%s: line %d: updatedn DN is invalid\n",
+ "%s: line %d: updatedn DN is invalid\n",
fname, lineno, 0 );
#endif
-
return 1;
}
}
} else if ( strcasecmp( cargv[0], "updateref" ) == 0 ) {
if ( cargc < 2 ) {
#ifdef NEW_LOGGING
- LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
- "%s: line %d: missing url in \"updateref <ldapurl>\" "
- "line.\n", fname, lineno ));
+ LDAP_LOG(( "config", LDAP_LEVEL_CRIT, "%s: line %d: "
+ "missing url in \"updateref <ldapurl>\" line.\n",
+ fname, lineno ));
#else
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d: missing url in \"updateref <ldapurl>\" line\n",
+ Debug( LDAP_DEBUG_ANY, "%s: line %d: "
+ "missing url in \"updateref <ldapurl>\" line\n",
fname, lineno, 0 );
#endif
}
if ( be == NULL ) {
#ifdef NEW_LOGGING
- LDAP_LOG(( "config", LDAP_LEVEL_INFO,
- "%s: line %d: updateref line must appear inside "
- "a database definition (ignored)\n", fname, lineno ));
+ LDAP_LOG(( "config", LDAP_LEVEL_INFO, "%s: line %d: updateref"
+ " line must appear inside a database definition\n",
+ fname, lineno ));
#else
- Debug( LDAP_DEBUG_ANY,
-"%s: line %d: updateref line must appear inside a database definition (ignored)\n",
- fname, lineno, 0 );
+ Debug( LDAP_DEBUG_ANY, "%s: line %d: updateref"
+ " line must appear inside a database definition\n",
+ fname, lineno, 0 );
#endif
+ return 1;
- } else if ( be->be_update_ndn == NULL ) {
+ } else if ( !be->be_update_ndn.bv_len ) {
#ifdef NEW_LOGGING
- LDAP_LOG(( "config", LDAP_LEVEL_INFO,
- "%s: line %d: updateref line must come after updatedn "
- "(ignored).\n", fname, lineno ));
+ LDAP_LOG(( "config", LDAP_LEVEL_INFO, "%s: line %d: "
+ "updateref line must come after updatedn.\n",
+ fname, lineno ));
#else
- Debug( LDAP_DEBUG_ANY,
-"%s: line %d: updateref line must after updatedn (ignored)\n",
+ Debug( LDAP_DEBUG_ANY, "%s: line %d: "
+ "updateref line must after updatedn.\n",
fname, lineno, 0 );
#endif
+ return 1;
+ }
- } else {
- vals[0]->bv_val = cargv[1];
- vals[0]->bv_len = strlen( vals[0]->bv_val );
- value_add( &be->be_update_refs, vals );
+ if( validate_global_referral( cargv[1] ) ) {
+#ifdef NEW_LOGGING
+ LDAP_LOG(( "config", LDAP_LEVEL_CRIT, "%s: line %d: "
+ "invalid URL (%s) in \"updateref\" line.\n",
+ fname, lineno, cargv[1] ));
+#else
+ Debug( LDAP_DEBUG_ANY, "%s: line %d: "
+ "invalid URL (%s) in \"updateref\" line.\n",
+ fname, lineno, cargv[1] );
+#endif
+ return 1;
}
+ vals[0].bv_val = cargv[1];
+ vals[0].bv_len = strlen( vals[0].bv_val );
+ value_add( &be->be_update_refs, vals );
+
/* replication log file to which changes are appended */
} else if ( strcasecmp( cargv[0], "replogfile" ) == 0 ) {
if ( cargc < 2 ) {
if ( cargc < 2 ) {
#ifdef NEW_LOGGING
LDAP_LOG(( "config", LDAP_LEVEL_CRIT, "%s: line %d: "
- "missing filename in \"rootDSEfile <filename>\" line.\n",
+ "missing filename in \"rootDSE <filename>\" line.\n",
fname, lineno ));
#else
Debug( LDAP_DEBUG_ANY, "%s: line %d: "
- "missing filename in \"rootDSEfile <filename>\" line.\n",
+ "missing filename in \"rootDSE <filename>\" line.\n",
fname, lineno, 0 );
#endif
return 1;
if( read_root_dse_file( cargv[1] ) ) {
#ifdef NEW_LOGGING
LDAP_LOG(( "config", LDAP_LEVEL_CRIT, "%s: line %d: "
- "could not read \"rootDSEfile <filename>\" line.\n",
+ "could not read \"rootDSE <filename>\" line.\n",
fname, lineno ));
#else
Debug( LDAP_DEBUG_ANY, "%s: line %d: "
- "could not read \"rootDSEfile <filename>\" line\n",
+ "could not read \"rootDSE <filename>\" line\n",
fname, lineno, 0 );
#endif
return 1;
return( 1 );
}
if ( strcasecmp( cargv[1], "on" ) == 0 ) {
- if ( be )
- be->be_lastmod = ON;
- else
- global_lastmod = ON;
+ if ( be ) {
+ be->be_flags &= ~SLAP_BFLAG_NOLASTMOD;
+ } else {
+ lastmod = 1;
+ }
} else {
- if ( be )
- be->be_lastmod = OFF;
- else
- global_lastmod = OFF;
+ if ( be ) {
+ be->be_flags |= SLAP_BFLAG_NOLASTMOD;
+ } else {
+ lastmod = 0;
+ }
}
/* set idle timeout value */
if ( rc )
return rc;
} else if ( !strcasecmp( cargv[0], "TLSVerifyClient" ) ) {
- i = atoi(cargv[1]);
- rc = ldap_pvt_tls_set_option( NULL,
+ if ( isdigit( cargv[1][0] ) ) {
+ i = atoi(cargv[1]);
+ rc = ldap_pvt_tls_set_option( NULL,
LDAP_OPT_X_TLS_REQUIRE_CERT,
&i );
+ } else {
+ rc = ldap_int_tls_config( NULL,
+ LDAP_OPT_X_TLS_REQUIRE_CERT,
+ cargv[1] );
+ }
+
if ( rc )
return rc;
free( saveline );
}
fclose( fp );
- if ( load_ucdata( NULL ) < 0 ) {
- return( 1 );
- }
+
+ if ( load_ucdata( NULL ) < 0 ) return 1;
return( 0 );
}
if( p > buf && p[-1] == '\r' ) --p;
*p = '\0';
}
- if ( ! isspace( (unsigned char) buf[0] ) ) {
- return( line );
- }
+
+ /* trim off trailing \ and append the next line */
+ if ( line[ 0 ] != '\0'
+ && (p = line + strlen( line ) - 1)[ 0 ] == '\\'
+ && p[ -1 ] != '\\' ) {
+ p[ 0 ] = '\0';
+ lcur--;
+
+ } else {
+ if ( ! isspace( (unsigned char) buf[0] ) ) {
+ return( line );
+ }
- /* change leading whitespace to a space */
- buf[0] = ' ';
+ /* change leading whitespace to a space */
+ buf[0] = ' ';
+ }
CATLINE( buf );
(*lineno)++;
loaded = 1;
return( 1 );
}
+
+void
+config_destroy( )
+{
+ ucdata_unload( UCDATA_ALL );
+ free( line );
+ if ( slapd_args_file )
+ free ( slapd_args_file );
+ if ( slapd_pid_file )
+ free ( slapd_pid_file );
+ acl_destroy( global_acl, NULL );
+}