/* config.c - configuration file handling routines */
/* $OpenLDAP$ */
/*
- * Copyright 1998-2002 The OpenLDAP Foundation, All Rights Reserved.
+ * Copyright 1998-2003 The OpenLDAP Foundation, All Rights Reserved.
* COPYING RESTRICTIONS APPLY, see COPYRIGHT file
*/
#include <ac/socket.h>
#include <ac/errno.h>
-#include "lutil.h"
#include "ldap_pvt.h"
#include "slap.h"
+#ifdef LDAP_SLAPI
+#include "slapi.h"
+#endif
+#include "lutil.h"
#define ARGS_STEP 512
SLAPD_DEFAULT_SIZELIMIT, /* backward compatible limits */
0,
- -1 /* no limit on unchecked size */
+ -1, /* no limit on unchecked size */
+ 0, /* page limit */
+ 0 /* hide number of entries left */
};
AccessControl *global_acl = NULL;
struct berval default_search_base = { 0, NULL };
struct berval default_search_nbase = { 0, NULL };
unsigned num_subordinates = 0;
+struct berval global_schemadn = { 0, NULL };
+struct berval global_schemandn = { 0, NULL };
ber_len_t sockbuf_max_incoming = SLAP_SB_MAX_INCOMING_DEFAULT;
ber_len_t sockbuf_max_incoming_auth= SLAP_SB_MAX_INCOMING_AUTH;
+int slap_conn_max_pending = SLAP_CONN_MAX_PENDING_DEFAULT;
+int slap_conn_max_pending_auth = SLAP_CONN_MAX_PENDING_AUTH;
+
char *slapd_pid_file = NULL;
char *slapd_args_file = NULL;
char *strtok_quote_ptr;
-#ifdef SLAPD_RLOOKUPS
-int use_reverse_lookup = 1;
-#else /* !SLAPD_RLOOKUPS */
int use_reverse_lookup = 0;
-#endif /* !SLAPD_RLOOKUPS */
static char *fp_getline(FILE *fp, int *lineno);
static void fp_getline_init(int *lineno);
static char *strtok_quote(char *line, char *sep);
static int load_ucdata(char *path);
+#ifdef LDAP_SYNCREPL
+static void add_syncrepl LDAP_P(( Backend *, char **, int ));
+static int parse_syncrepl_line LDAP_P(( char **, int, syncinfo_t *));
+#endif
+
int
-read_config( const char *fname )
+read_config( const char *fname, int depth )
{
FILE *fp;
char *line, *savefname, *saveline;
vals[1].bv_val = NULL;
- cargv = ch_calloc( ARGS_STEP + 1, sizeof(*cargv) );
- cargv_size = ARGS_STEP + 1;
+ if ( depth == 0 ) {
+ cargv = ch_calloc( ARGS_STEP + 1, sizeof(*cargv) );
+ cargv_size = ARGS_STEP + 1;
+ }
if ( (fp = fopen( fname, "r" )) == NULL ) {
ldap_syslog = 1;
sockbuf_max_incoming_auth = max;
+ /* set conn pending max */
+ } else if ( strcasecmp( cargv[0], "conn_max_pending" ) == 0 ) {
+ long max;
+ if ( cargc < 2 ) {
+#ifdef NEW_LOGGING
+ LDAP_LOG( CONFIG, CRIT,
+ "%s: line %d: missing max in \"conn_max_pending "
+ "<requests>\" line\n", fname, lineno, 0 );
+#else
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: missing max in \"conn_max_pending <requests>\" line\n",
+ fname, lineno, 0 );
+#endif
+
+ return( 1 );
+ }
+
+ max = atol( cargv[1] );
+
+ if( max < 0 ) {
+#ifdef NEW_LOGGING
+ LDAP_LOG( CONFIG, CRIT,
+ "%s: line %d: invalid max value (%ld) in "
+ "\"conn_max_pending <requests>\" line.\n",
+ fname, lineno, max );
+#else
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: invalid max value (%ld) in "
+ "\"conn_max_pending <requests>\" line.\n",
+ fname, lineno, max );
+#endif
+
+ return( 1 );
+ }
+
+ slap_conn_max_pending = max;
+
+ /* set conn pending max authenticated */
+ } else if ( strcasecmp( cargv[0], "conn_max_pending_auth" ) == 0 ) {
+ long max;
+ if ( cargc < 2 ) {
+#ifdef NEW_LOGGING
+ LDAP_LOG( CONFIG, CRIT,
+ "%s: line %d: missing max in \"conn_max_pending_auth "
+ "<requests>\" line\n", fname, lineno, 0 );
+#else
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: missing max in \"conn_max_pending_auth <requests>\" line\n",
+ fname, lineno, 0 );
+#endif
+
+ return( 1 );
+ }
+
+ max = atol( cargv[1] );
+
+ if( max < 0 ) {
+#ifdef NEW_LOGGING
+ LDAP_LOG( CONFIG, CRIT,
+ "%s: line %d: invalid max value (%ld) in "
+ "\"conn_max_pending_auth <requests>\" line.\n",
+ fname, lineno, max );
+#else
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: invalid max value (%ld) in "
+ "\"conn_max_pending_auth <requests>\" line.\n",
+ fname, lineno, max );
+#endif
+
+ return( 1 );
+ }
+
+ slap_conn_max_pending_auth = max;
+
/* default search base */
} else if ( strcasecmp( cargv[0], "defaultSearchBase" ) == 0 ) {
if ( cargc < 2 ) {
rc = dnPrettyNormal( NULL, &dn,
&default_search_base,
- &default_search_nbase );
+ &default_search_nbase, NULL );
if( rc != LDAP_SUCCESS ) {
#ifdef NEW_LOGGING
slapd_args_file = ch_strdup( cargv[1] );
+ } else if ( strcasecmp( cargv[0], "replica-pidfile" ) == 0 ) {
+ /* ignore */ ;
+
+ } else if ( strcasecmp( cargv[0], "replica-argsfile" ) == 0 ) {
+ /* ignore */ ;
+
/* default password hash */
} else if ( strcasecmp( cargv[0], "password-hash" ) == 0 ) {
if ( cargc < 2 ) {
lutil_salt_format( cargv[1] );
-#ifdef HAVE_CYRUS_SASL
/* SASL config options */
} else if ( strncasecmp( cargv[0], "sasl", 4 ) == 0 ) {
if ( slap_sasl_config( cargc, cargv, line, fname, lineno ) )
return 1;
-#endif /* HAVE_CYRUS_SASL */
+
+ } else if ( strcasecmp( cargv[0], "schemadn" ) == 0 ) {
+ struct berval dn;
+ if ( cargc < 2 ) {
+#ifdef NEW_LOGGING
+ LDAP_LOG( CONFIG, CRIT,
+ "%s: line %d: missing dn in "
+ "\"schemadn <dn>\" line.\n", fname, lineno, 0 );
+#else
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: missing dn in \"schemadn <dn>\" line\n",
+ fname, lineno, 0 );
+#endif
+ return 1 ;
+ }
+ ber_str2bv( cargv[1], 0, 0, &dn );
+ if ( be ) {
+ rc = dnPrettyNormal( NULL, &dn, &be->be_schemadn,
+ &be->be_schemandn, NULL );
+ } else {
+ rc = dnPrettyNormal( NULL, &dn, &global_schemadn,
+ &global_schemandn, NULL );
+ }
+ if ( rc != LDAP_SUCCESS ) {
+#ifdef NEW_LOGGING
+ LDAP_LOG( CONFIG, CRIT,
+ "%s: line %d: schemadn DN is invalid.\n",
+ fname, lineno , 0 );
+#else
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: schemadn DN is invalid\n",
+ fname, lineno, 0 );
+#endif
+ return 1;
+ }
/* set UCDATA path */
} else if ( strcasecmp( cargv[0], "ucdata-path" ) == 0 ) {
for ( i = 1; i < cargc; i++ ) {
if ( strncasecmp( cargv[i], "size", 4 ) == 0 ) {
rc = parse_limit( cargv[i], lim );
+ if ( rc ) {
+#ifdef NEW_LOGGING
+ LDAP_LOG( CONFIG, CRIT,
+ "%s: line %d: unable "
+ "to parse value \"%s\" in \"sizelimit "
+ "<limit>\" line.\n", fname, lineno, cargv[i] );
+#else
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: unable "
+ "to parse value \"%s\" "
+ "in \"sizelimit "
+ "<limit>\" line\n",
+ fname, lineno, cargv[i] );
+#endif
+ return( 1 );
+ }
+
} else {
- lim->lms_s_soft = atoi( cargv[i] );
- lim->lms_s_hard = 0;
- }
+ if ( strcasecmp( cargv[i], "unlimited" ) == 0 ) {
+ lim->lms_s_soft = -1;
+ } else {
+ char *next;
- if ( rc ) {
+ lim->lms_s_soft = strtol( cargv[i] , &next, 0 );
+ if ( next == cargv[i] ) {
#ifdef NEW_LOGGING
- LDAP_LOG( CONFIG, CRIT,
- "%s: line %d: unable "
- "to parse value \"%s\" in \"sizelimit "
- "<limit>\" line.\n", fname, lineno, cargv[i] );
+ LDAP_LOG( CONFIG, CRIT,
+ "%s: line %d: unable to parse limit \"%s\" in \"sizelimit <limit>\" "
+ "line.\n", fname, lineno, cargv[i] );
#else
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d: unable "
- "to parse value \"%s\" "
- "in \"sizelimit "
- "<limit>\" line\n",
- fname, lineno, cargv[i] );
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: unable to parse limit \"%s\" in \"sizelimit <limit>\" line\n",
+ fname, lineno, cargv[i] );
#endif
+ return( 1 );
+
+ } else if ( next[0] != '\0' ) {
+#ifdef NEW_LOGGING
+ LDAP_LOG( CONFIG, CRIT,
+ "%s: line %d: trailing chars \"%s\" in \"sizelimit <limit>\" "
+ "line ignored.\n", fname, lineno, next );
+#else
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: trailing chars \"%s\" in \"sizelimit <limit>\" line ignored\n",
+ fname, lineno, next );
+#endif
+ }
+ }
+ lim->lms_s_hard = 0;
}
}
for ( i = 1; i < cargc; i++ ) {
if ( strncasecmp( cargv[i], "time", 4 ) == 0 ) {
rc = parse_limit( cargv[i], lim );
+ if ( rc ) {
+#ifdef NEW_LOGGING
+ LDAP_LOG( CONFIG, CRIT,
+ "%s: line %d: unable to parse value \"%s\" "
+ "in \"timelimit <limit>\" line.\n",
+ fname, lineno, cargv[i] );
+#else
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: unable "
+ "to parse value \"%s\" "
+ "in \"timelimit "
+ "<limit>\" line\n",
+ fname, lineno, cargv[i] );
+#endif
+ return( 1 );
+ }
+
} else {
- lim->lms_t_soft = atoi( cargv[i] );
- lim->lms_t_hard = 0;
- }
+ if ( strcasecmp( cargv[i], "unlimited" ) == 0 ) {
+ lim->lms_t_soft = -1;
+ } else {
+ char *next;
- if ( rc ) {
+ lim->lms_t_soft = strtol( cargv[i] , &next, 0 );
+ if ( next == cargv[i] ) {
#ifdef NEW_LOGGING
- LDAP_LOG( CONFIG, CRIT,
- "%s: line %d: unable to parse value \"%s\" "
- "in \"timelimit <limit>\" line.\n",
- fname, lineno, cargv[i] );
+ LDAP_LOG( CONFIG, CRIT,
+ "%s: line %d: unable to parse limit \"%s\" in \"timelimit <limit>\" "
+ "line.\n", fname, lineno, cargv[i] );
#else
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d: unable "
- "to parse value \"%s\" "
- "in \"timelimit "
- "<limit>\" line\n",
- fname, lineno, cargv[i] );
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: unable to parse limit \"%s\" in \"timelimit <limit>\" line\n",
+ fname, lineno, cargv[i] );
+#endif
+ return( 1 );
+
+ } else if ( next[0] != '\0' ) {
+#ifdef NEW_LOGGING
+ LDAP_LOG( CONFIG, CRIT,
+ "%s: line %d: trailing chars \"%s\" in \"timelimit <limit>\" "
+ "line ignored.\n", fname, lineno, next );
+#else
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: trailing chars \"%s\" in \"timelimit <limit>\" line ignored\n",
+ fname, lineno, next );
#endif
+ }
+ }
+ lim->lms_t_hard = 0;
}
}
dn.bv_val = cargv[1];
dn.bv_len = strlen( cargv[1] );
- rc = dnPrettyNormal( NULL, &dn, &pdn, &ndn );
+ rc = dnPrettyNormal( NULL, &dn, &pdn, &ndn, NULL );
if( rc != LDAP_SUCCESS ) {
#ifdef NEW_LOGGING
LDAP_LOG( CONFIG, CRIT,
ber_bvarray_add( &be->be_suffix, &pdn );
ber_bvarray_add( &be->be_nsuffix, &ndn );
- /* set database suffixAlias */
- } else if ( strcasecmp( cargv[0], "suffixAlias" ) == 0 ) {
- Backend *tmp_be;
- struct berval alias, palias, nalias;
- struct berval aliased, paliased, naliased;
-
- if ( cargc < 2 ) {
-#ifdef NEW_LOGGING
- LDAP_LOG( CONFIG, CRIT,
- "%s: line %d: missing alias and aliased_dn in "
- "\"suffixAlias <alias> <aliased_dn>\" line.\n",
- fname, lineno, 0 );
-#else
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d: missing alias and aliased_dn in "
- "\"suffixAlias <alias> <aliased_dn>\" line.\n",
- fname, lineno, 0 );
-#endif
-
- return( 1 );
- } else if ( cargc < 3 ) {
-#ifdef NEW_LOGGING
- LDAP_LOG( CONFIG, CRIT,
- "%s: line %d: missing aliased_dn in "
- "\"suffixAlias <alias> <aliased_dn>\" line\n",
- fname, lineno, 0 );
-#else
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d: missing aliased_dn in "
- "\"suffixAlias <alias> <aliased_dn>\" line\n",
- fname, lineno, 0 );
-#endif
- return( 1 );
-
- } else if ( cargc > 3 ) {
-#ifdef NEW_LOGGING
- LDAP_LOG( CONFIG, CRIT,
- "%s: line %d: extra cruft in suffixAlias line (ignored)\n",
- fname, lineno, 0 );
-#else
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d: extra cruft in suffixAlias line (ignored)\n",
- fname, lineno, 0 );
-#endif
- }
-
- if ( be == NULL ) {
-#ifdef NEW_LOGGING
- LDAP_LOG( CONFIG, INFO,
- "%s: line %d: suffix line must appear inside a database "
- "definition.\n", fname, lineno, 0 );
-#else
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d: suffixAlias line"
- " must appear inside a database definition.\n",
- fname, lineno, 0 );
-#endif
- return 1;
- }
-
- if ( load_ucdata( NULL ) < 0 ) return 1;
-
- alias.bv_val = cargv[1];
- alias.bv_len = strlen( cargv[1] );
-
- rc = dnPrettyNormal( NULL, &alias, &palias, &nalias );
- if( rc != LDAP_SUCCESS ) {
-#ifdef NEW_LOGGING
- LDAP_LOG( CONFIG, CRIT,
- "%s: line %d: alias DN is invalid.\n", fname, lineno, 0 );
-#else
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d: alias DN is invalid\n",
- fname, lineno, 0 );
-#endif
- return( 1 );
- }
-
- tmp_be = select_backend( &nalias, 0, 0 );
- free( nalias.bv_val );
- if ( tmp_be && tmp_be != be ) {
-#ifdef NEW_LOGGING
- LDAP_LOG( CONFIG, INFO,
- "%s: line %d: suffixAlias served by a preceeding "
- "backend \"%s\"\n", fname, lineno,
- tmp_be->be_suffix[0].bv_val );
-#else
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d: suffixAlias served by"
- " a preceeding backend \"%s\"\n",
- fname, lineno, tmp_be->be_suffix[0].bv_val );
-#endif
- free( palias.bv_val );
- return -1;
- }
-
- aliased.bv_val = cargv[2];
- aliased.bv_len = strlen( cargv[2] );
-
- rc = dnPrettyNormal( NULL, &aliased, &paliased, &naliased );
- if( rc != LDAP_SUCCESS ) {
-#ifdef NEW_LOGGING
- LDAP_LOG( CONFIG, CRIT,
- "%s: line %d: aliased DN is invalid.\n", fname, lineno,0 );
-#else
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d: aliased DN is invalid\n",
- fname, lineno, 0 );
-#endif
- free( palias.bv_val );
- return( 1 );
- }
-
- tmp_be = select_backend( &naliased, 0, 0 );
- free( naliased.bv_val );
- if ( tmp_be && tmp_be != be ) {
-#ifdef NEW_LOGGING
- LDAP_LOG( CONFIG, INFO,
- "%s: line %d: suffixAlias derefs to a different backend "
- "a preceeding backend \"%s\"\n",
- fname, lineno, tmp_be->be_suffix[0].bv_val );
-#else
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d: suffixAlias derefs to differnet backend"
- " a preceeding backend \"%s\"\n",
- fname, lineno, tmp_be->be_suffix[0].bv_val );
-#endif
- free( palias.bv_val );
- free( paliased.bv_val );
- return -1;
- }
-
- ber_bvarray_add( &be->be_suffixAlias, &palias );
- ber_bvarray_add( &be->be_suffixAlias, &paliased );
-
/* set max deref depth */
} else if ( strcasecmp( cargv[0], "maxDerefDepth" ) == 0 ) {
int i;
rc = dnPrettyNormal( NULL, &dn,
&be->be_rootdn,
- &be->be_rootndn );
+ &be->be_rootndn, NULL );
if( rc != LDAP_SUCCESS ) {
#ifdef NEW_LOGGING
} else if( strcasecmp( cargv[i], "bind_anon_dn" ) == 0 ) {
allows |= SLAP_ALLOW_BIND_ANON_DN;
+ } else if( strcasecmp( cargv[i], "update_anon" ) == 0 ) {
+ allows |= SLAP_ALLOW_UPDATE_ANON;
+
} else if( strcasecmp( cargv[i], "none" ) != 0 ) {
#ifdef NEW_LOGGING
- LDAP_LOG( CONFIG, CRIT,
- "%s: line %d: unknown feature %s in "
- "\"allow <features>\" line.\n",
- fname, lineno, cargv[1] );
+ LDAP_LOG( CONFIG, CRIT, "%s: line %d: "
+ "unknown feature %s in \"allow <features>\" line.\n",
+ fname, lineno, cargv[1] );
#else
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d: unknown feature %s in \"allow <features>\" line\n",
- fname, lineno, cargv[i] );
+ Debug( LDAP_DEBUG_ANY, "%s: line %d: "
+ "unknown feature %s in \"allow <features>\" line\n",
+ fname, lineno, cargv[i] );
#endif
return( 1 );
} else if( strcasecmp( cargv[i], "bind_simple" ) == 0 ) {
disallows |= SLAP_DISALLOW_BIND_SIMPLE;
- } else if( strcasecmp( cargv[i], "bind_simple_unprotected" ) == 0 ) {
- disallows |= SLAP_DISALLOW_BIND_SIMPLE_UNPROTECTED;
-
} else if( strcasecmp( cargv[i], "bind_krbv4" ) == 0 ) {
disallows |= SLAP_DISALLOW_BIND_KRBV4;
set->sss_update_sasl =
atoi( &cargv[i][sizeof("update_sasl")] );
+ } else if( strncasecmp( cargv[i], "simple_bind=",
+ sizeof("simple_bind") ) == 0 )
+ {
+ set->sss_simple_bind =
+ atoi( &cargv[i][sizeof("simple_bind")] );
+
} else {
#ifdef NEW_LOGGING
LDAP_LOG( CONFIG, CRIT,
vals[0].bv_val = cargv[1];
vals[0].bv_len = strlen( vals[0].bv_val );
- value_add( &default_referral, vals );
+ if( value_add( &default_referral, vals ) )
+ return LDAP_OTHER;
#ifdef NEW_LOGGING
} else if ( strcasecmp( cargv[0], "logfile" ) == 0 ) {
/* specify an objectclass */
} else if ( strcasecmp( cargv[0], "objectclass" ) == 0 ) {
- if ( *cargv[1] == '(' ) {
+ if ( cargc < 2 ) {
+#ifdef NEW_LOGGING
+ LDAP_LOG( CONFIG, INFO,
+ "%s: line %d: illegal objectclass format.\n",
+ fname, lineno , 0 );
+#else
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: illegal objectclass format.\n",
+ fname, lineno, 0 );
+#endif
+ return( 1 );
+
+ } else if ( *cargv[1] == '(' /*')'*/) {
char * p;
- p = strchr(saveline,'(');
+ p = strchr(saveline,'(' /*')'*/);
rc = parse_oc( fname, lineno, p, cargv );
if( rc ) return rc;
#endif
}
+#ifdef SLAP_EXTENDED_SCHEMA
+ } else if ( strcasecmp( cargv[0], "ditcontentrule" ) == 0 ) {
+ char * p;
+ p = strchr(saveline,'(' /*')'*/);
+ rc = parse_cr( fname, lineno, p, cargv );
+ if( rc ) return rc;
+#endif
+
/* specify an attribute type */
} else if (( strcasecmp( cargv[0], "attributetype" ) == 0 )
|| ( strcasecmp( cargv[0], "attribute" ) == 0 ))
{
- if ( *cargv[1] == '(' ) {
+ if ( cargc < 2 ) {
+#ifdef NEW_LOGGING
+ LDAP_LOG( CONFIG, INFO, "%s: line %d: "
+ "illegal attribute type format.\n",
+ fname, lineno , 0 );
+#else
+ Debug( LDAP_DEBUG_ANY, "%s: line %d: "
+ "illegal attribute type format.\n",
+ fname, lineno, 0 );
+#endif
+ return( 1 );
+
+ } else if ( *cargv[1] == '(' /*')'*/) {
char * p;
- p = strchr(saveline,'(');
+ p = strchr(saveline,'(' /*')'*/);
rc = parse_at( fname, lineno, p, cargv );
if( rc ) return rc;
}
+ /* define attribute option(s) */
+ } else if ( strcasecmp( cargv[0], "attributeoptions" ) == 0 ) {
+ ad_define_option( NULL, NULL, 0 );
+ for ( i = 1; i < cargc; i++ )
+ if ( ad_define_option( cargv[i], fname, lineno ) != 0 )
+ return 1;
+
/* turn on/off schema checking */
} else if ( strcasecmp( cargv[0], "schemacheck" ) == 0 ) {
if ( cargc < 2 ) {
ldap_syslog += atoi( cargv[1] );
}
+#ifdef LDAP_SYNCREPL
+ /* list of sync replication information in this backend (slave only) */
+ } else if ( strcasecmp( cargv[0], "syncrepl" ) == 0 ) {
+
+ add_syncrepl( be, cargv, cargc );
+#endif
+
/* list of replicas of the data in this backend (master only) */
} else if ( strcasecmp( cargv[0], "replica" ) == 0 ) {
if ( cargc < 2 ) {
dn.bv_val = cargv[1];
dn.bv_len = strlen( cargv[1] );
- rc = dnNormalize2( NULL, &dn, &be->be_update_ndn );
+ rc = dnNormalize( 0, NULL, NULL, &dn, &be->be_update_ndn, NULL );
if( rc != LDAP_SUCCESS ) {
#ifdef NEW_LOGGING
LDAP_LOG( CONFIG, CRIT,
vals[0].bv_val = cargv[1];
vals[0].bv_len = strlen( vals[0].bv_val );
- value_add( &be->be_update_refs, vals );
+ if( value_add( &be->be_update_refs, vals ) )
+ return LDAP_OTHER;
/* replication log file to which changes are appended */
} else if ( strcasecmp( cargv[0], "replogfile" ) == 0 ) {
savefname = ch_strdup( cargv[1] );
savelineno = lineno;
- if ( read_config( savefname ) != 0 ) {
+ if ( read_config( savefname, depth+1 ) != 0 ) {
return( 1 );
}
#endif
#endif /* !SLAPD_RLOOKUPS */
+ /* Netscape plugins */
+ } else if ( strcasecmp( cargv[0], "plugin" ) == 0 ) {
+#if defined( LDAP_SLAPI )
+
+#ifdef notdef /* allow global plugins, too */
+ /*
+ * a "plugin" line must be inside a database
+ * definition, since we implement pre-,post-
+ * and extended operation plugins
+ */
+ if ( be == NULL ) {
+#ifdef NEW_LOGGING
+ LDAP_LOG( CONFIG, INFO,
+ "%s: line %d: plugin line must appear "
+ "inside a database definition.\n",
+ fname, lineno, 0 );
+#else
+ Debug( LDAP_DEBUG_ANY, "%s: line %d: plugin "
+ "line must appear inside a database "
+ "definition\n", fname, lineno, 0 );
+#endif
+ return( 1 );
+ }
+#endif /* notdef */
+
+ if ( netscape_plugin( be, fname, lineno, cargc, cargv )
+ != LDAP_SUCCESS ) {
+ return( 1 );
+ }
+
+#else /* !defined( LDAP_SLAPI ) */
+#ifdef NEW_LOGGING
+ LDAP_LOG( CONFIG, INFO,
+ "%s: line %d: SLAPI not supported.\n",
+ fname, lineno, 0 );
+#else
+ Debug( LDAP_DEBUG_ANY, "%s: line %d: SLAPI "
+ "not supported.\n", fname, lineno, 0 );
+#endif
+ return( 1 );
+
+#endif /* !defined( LDAP_SLAPI ) */
+
+ /* Netscape plugins */
+ } else if ( strcasecmp( cargv[0], "pluginlog" ) == 0 ) {
+#if defined( LDAP_SLAPI )
+ if ( cargc < 2 ) {
+#ifdef NEW_LOGGING
+ LDAP_LOG( CONFIG, INFO,
+ "%s: line %d: missing file name "
+ "in pluginlog <filename> line.\n",
+ fname, lineno, 0 );
+#else
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: missing file name "
+ "in pluginlog <filename> line.\n",
+ fname, lineno, 0 );
+#endif
+ return( 1 );
+ }
+
+ if ( slapi_log_file != NULL ) {
+ ch_free( slapi_log_file );
+ }
+
+ slapi_log_file = ch_strdup( cargv[1] );
+#endif /* !defined( LDAP_SLAPI ) */
+
/* pass anything else to the current backend info/db config routine */
} else {
if ( bi != NULL ) {
}
fclose( fp );
+ if ( depth == 0 ) ch_free( cargv );
+
+ if ( !global_schemadn.bv_val ) {
+ ber_str2bv( SLAPD_SCHEMA_DN, sizeof(SLAPD_SCHEMA_DN)-1, 1,
+ &global_schemadn );
+ dnNormalize( 0, NULL, NULL, &global_schemadn, &global_schemandn, NULL );
+ }
+
if ( load_ucdata( NULL ) < 0 ) return 1;
return( 0 );
}
token = strtok_quote( line, " \t" );
logline = line;
- if ( token &&
- (strcasecmp( token, "rootpw" ) == 0 ||
- strcasecmp( token, "replica" ) == 0 || /* contains "credentials" */
- strcasecmp( token, "bindpw" ) == 0 || /* used in back-ldap */
- strcasecmp( token, "pseudorootpw" ) == 0 || /* used in back-meta */
- strcasecmp( token, "dbpasswd" ) == 0 ) ) /* used in back-sql */
- sprintf( logline = logbuf, "%s ***", token );
- if ( strtok_quote_ptr )
+
+ if ( token && ( strcasecmp( token, "rootpw" ) == 0 ||
+ strcasecmp( token, "replica" ) == 0 || /* contains "credentials" */
+ strcasecmp( token, "bindpw" ) == 0 || /* used in back-ldap */
+ strcasecmp( token, "pseudorootpw" ) == 0 || /* used in back-meta */
+ strcasecmp( token, "dbpasswd" ) == 0 ) ) /* used in back-sql */
+ {
+ snprintf( logline = logbuf, sizeof logbuf, "%s ***", token );
+ }
+
+ if ( strtok_quote_ptr ) {
*strtok_quote_ptr = ' ';
+ }
+
#ifdef NEW_LOGGING
LDAP_LOG( CONFIG, DETAIL1, "line %d (%s)\n", lineno, logline , 0 );
#else
Debug( LDAP_DEBUG_CONFIG, "line %d (%s)\n", lineno, logline, 0 );
#endif
- if ( strtok_quote_ptr )
+
+ if ( strtok_quote_ptr ) {
*strtok_quote_ptr = '\0';
+ }
for ( ; token != NULL; token = strtok_quote( NULL, " \t" ) ) {
if ( cargc == cargv_size - 1 ) {
static char buf[BUFSIZ];
static char *line;
-static int lmax, lcur;
-
-#define CATLINE( buf ) { \
- int len; \
- len = strlen( buf ); \
- while ( lcur + len + 1 > lmax ) { \
- lmax += BUFSIZ; \
- line = (char *) ch_realloc( line, lmax ); \
- } \
- strcpy( line + lcur, buf ); \
- lcur += len; \
-}
+static size_t lmax, lcur;
+
+#define CATLINE( buf ) \
+ do { \
+ size_t len = strlen( buf ); \
+ while ( lcur + len + 1 > lmax ) { \
+ lmax += BUFSIZ; \
+ line = (char *) ch_realloc( line, lmax ); \
+ } \
+ strcpy( line + lcur, buf ); \
+ lcur += len; \
+ } while( 0 )
static char *
fp_getline( FILE *fp, int *lineno )
config_destroy( )
{
ucdata_unload( UCDATA_ALL );
+ free( global_schemandn.bv_val );
+ free( global_schemadn.bv_val );
free( line );
if ( slapd_args_file )
free ( slapd_args_file );
if ( slapd_pid_file )
free ( slapd_pid_file );
+ if ( default_passwd_hash )
+ free( default_passwd_hash );
acl_destroy( global_acl, NULL );
}
+
+#ifdef LDAP_SYNCREPL
+static void
+add_syncrepl(
+ Backend *be,
+ char **cargv,
+ int cargc
+)
+{
+ syncinfo_t *si;
+
+ si = be->syncinfo = (syncinfo_t *) ch_calloc( 1, sizeof( syncinfo_t ) );
+
+ if ( si == NULL ) {
+#ifdef NEW_LOGGING
+ LDAP_LOG( CONFIG, ERR, "out of memory in add_syncrepl\n", 0, 0,0 );
+#else
+ Debug( LDAP_DEBUG_ANY, "out of memory in add_syncrepl\n", 0, 0, 0 );
+#endif
+ exit( EXIT_FAILURE );
+ }
+
+ if ( parse_syncrepl_line( cargv, cargc, si ) < 0 ) {
+ /* Something bad happened - back out */
+#ifdef NEW_LOGGING
+ LDAP_LOG( CONFIG, ERR, "failed to add syncinfo\n", 0, 0,0 );
+#else
+ Debug( LDAP_DEBUG_ANY, "failed to add syncinfo\n", 0, 0, 0 );
+#endif
+ free( si );
+ be->syncinfo = NULL;
+ } else {
+#ifdef NEW_LOGGING
+ LDAP_LOG ( CONFIG, RESULTS,
+ "add_syncrepl: Config: ** successfully added syncrepl \"%s%d\"\n",
+ si->mastername == NULL ? "(null)" : si->mastername,
+ si->masterport, 0 );
+#else
+ Debug( LDAP_DEBUG_CONFIG,
+ "Config: ** successfully added syncrepl \"%s:%d\"\n",
+ si->mastername == NULL ? "(null)" : si->mastername,
+ si->masterport, 0 );
+#endif
+ }
+
+ si->be = be;
+}
+
+#define GOT_ID 0x0001
+#define GOT_HOST 0x0002
+#define GOT_DN 0x0004
+#define GOT_METHOD 0x0008
+#define GOT_MECH 0x0010
+#define GOT_FILTER 0x0020
+#define GOT_SEARCHBASE 0x0040
+#define GOT_SCOPE 0x0080
+#define GOT_ATTRS 0x0100
+#define GOT_TYPE 0x0200
+#define GOT_INTERVAL 0x0400
+#define GOT_LASTMOD 0x0800
+#define GOT_UPDATEDN 0x1000
+
+#define GOT_ALL 0x1FFF
+
+static int
+parse_syncrepl_line(
+ char **cargv,
+ int cargc,
+ syncinfo_t *si
+)
+{
+ int gots = 0;
+ int i, j;
+ char *hp, *val;
+ int nr_attr = 0;
+
+ for ( i = 1; i < cargc; i++ ) {
+ if ( !strncasecmp( cargv[ i ], IDSTR, sizeof( IDSTR ) - 1 )) {
+ /* '\0' string terminator accounts for '=' */
+ val = cargv[ i ] + sizeof( IDSTR );
+ si->id = atoi( val );
+ gots |= GOT_ID;
+ } else if ( !strncasecmp( cargv[ i ], MASTERSTR,
+ sizeof( MASTERSTR ) - 1 )) {
+ val = cargv[ i ] + sizeof( MASTERSTR );
+ si->masteruri = strdup( val );
+ if (( hp = strchr( val, ':' )) != NULL ) {
+ if ( *( hp + 1 ) == '/' ) {
+ if ( *( hp + 2 ) == '/' ) {
+ val = hp + 3;
+ }
+ if (( hp = strchr( hp+1, ':' )) != NULL ) {
+ *hp = '\0';
+ hp++;
+ si->masterport = atoi( hp );
+ }
+ } else {
+ *hp = '\0';
+ hp++;
+ si->masterport = atoi( hp );
+ }
+ }
+ if ( si->masterport <= 0 ) {
+ si->masterport = 0;
+ }
+ si->mastername = strdup( val );
+ si->master_bv = (BerVarray) ch_calloc( 2, sizeof (struct berval ));
+ ber_str2bv( si->masteruri, strlen(si->masteruri), 0,
+ &si->master_bv[0] );
+ si->master_bv[1].bv_len = 0;
+ si->master_bv[1].bv_val = NULL;
+ gots |= GOT_HOST;
+ } else if ( !strncasecmp( cargv[ i ], TLSSTR, sizeof( TLSSTR ) - 1 ) ) {
+ val = cargv[ i ] + sizeof( TLSSTR );
+ if( !strcasecmp( val, TLSCRITICALSTR ) ) {
+ si->tls = TLS_CRITICAL;
+ } else {
+ si->tls = TLS_ON;
+ }
+ } else if ( !strncasecmp( cargv[ i ],
+ UPDATEDNSTR, sizeof( UPDATEDNSTR ) - 1 ) ) {
+ char *str;
+ struct berval updatedn = {0, NULL};
+ val = cargv[ i ] + sizeof( UPDATEDNSTR );
+ str = strdup( val );
+ ber_str2bv( str, strlen(str), 1, &updatedn );
+ dnNormalize( 0, NULL, NULL, &updatedn, &si->updatedn, NULL );
+ ch_free( str );
+ ch_free( updatedn.bv_val );
+ gots |= GOT_UPDATEDN;
+ } else if ( !strncasecmp( cargv[ i ],
+ BINDDNSTR, sizeof( BINDDNSTR ) - 1 ) ) {
+ val = cargv[ i ] + sizeof( BINDDNSTR );
+ si->binddn = strdup( val );
+ gots |= GOT_DN;
+ } else if ( !strncasecmp( cargv[ i ], BINDMETHSTR,
+ sizeof( BINDMETHSTR ) - 1 ) ) {
+ val = cargv[ i ] + sizeof( BINDMETHSTR );
+ if ( !strcasecmp( val, SIMPLESTR )) {
+ si->bindmethod = LDAP_AUTH_SIMPLE;
+ gots |= GOT_METHOD;
+ } else if ( !strcasecmp( val, SASLSTR )) {
+ si->bindmethod = LDAP_AUTH_SASL;
+ gots |= GOT_METHOD;
+ } else {
+ si->bindmethod = -1;
+ }
+ } else if ( !strncasecmp( cargv[ i ], LASTMODSTR,
+ sizeof( LASTMODSTR ) - 1 ) ) {
+ val = cargv[ i ] + sizeof( LASTMODSTR );
+ if ( !strcasecmp( val, LMREQSTR )) {
+ si->lastmod = LASTMOD_REQ;
+ gots |= GOT_LASTMOD;
+ } else if ( !strcasecmp( val, LMGENSTR )) {
+ si->lastmod = LASTMOD_GEN;
+ gots |= GOT_LASTMOD;
+ } else if ( !strcasecmp( val, LMNOSTR )) {
+ si->lastmod = LASTMOD_NO;
+ gots |= GOT_LASTMOD;
+ } else {
+ si->lastmod = -1;
+ }
+ } else if ( !strncasecmp( cargv[ i ],
+ SASLMECHSTR, sizeof( SASLMECHSTR ) - 1 ) ) {
+ val = cargv[ i ] + sizeof( SASLMECHSTR );
+ gots |= GOT_MECH;
+ si->saslmech = strdup( val );
+ } else if ( !strncasecmp( cargv[ i ],
+ CREDSTR, sizeof( CREDSTR ) - 1 ) ) {
+ val = cargv[ i ] + sizeof( CREDSTR );
+ si->passwd = strdup( val );
+ } else if ( !strncasecmp( cargv[ i ],
+ SECPROPSSTR, sizeof( SECPROPSSTR ) - 1 ) ) {
+ val = cargv[ i ] + sizeof( SECPROPSSTR );
+ si->secprops = strdup( val );
+ } else if ( !strncasecmp( cargv[ i ],
+ REALMSTR, sizeof( REALMSTR ) - 1 ) ) {
+ val = cargv[ i ] + sizeof( REALMSTR );
+ si->realm = strdup( val );
+ } else if ( !strncasecmp( cargv[ i ],
+ AUTHCSTR, sizeof( AUTHCSTR ) - 1 ) ) {
+ val = cargv[ i ] + sizeof( AUTHCSTR );
+ si->authcId = strdup( val );
+ } else if ( !strncasecmp( cargv[ i ],
+ OLDAUTHCSTR, sizeof( OLDAUTHCSTR ) - 1 ) ) {
+ /* Old authcID is provided for some backwards compatibility */
+ val = cargv[ i ] + sizeof( OLDAUTHCSTR );
+ si->authcId = strdup( val );
+ } else if ( !strncasecmp( cargv[ i ],
+ AUTHZSTR, sizeof( AUTHZSTR ) - 1 ) ) {
+ val = cargv[ i ] + sizeof( AUTHZSTR );
+ si->authzId = strdup( val );
+ } else if ( !strncasecmp( cargv[ i ],
+ SRVTABSTR, sizeof( SRVTABSTR ) - 1 ) ) {
+ val = cargv[ i ] + sizeof( SRVTABSTR );
+ if ( si->srvtab != NULL ) {
+ free( si->srvtab );
+ }
+ si->srvtab = strdup( val );
+ } else if ( !strncasecmp( cargv[ i ],
+ FILTERSTR, sizeof( FILTERSTR ) - 1 ) ) {
+ val = cargv[ i ] + sizeof( FILTERSTR );
+ gots |= GOT_FILTER;
+ si->filterstr = strdup( val );
+ } else if ( !strncasecmp( cargv[ i ],
+ SEARCHBASESTR, sizeof( SEARCHBASESTR ) - 1 ) ) {
+ val = cargv[ i ] + sizeof( SEARCHBASESTR );
+ gots |= GOT_SEARCHBASE;
+ si->base = strdup( val );
+ } else if ( !strncasecmp( cargv[ i ],
+ SCOPESTR, sizeof( SCOPESTR ) - 1 ) ) {
+ val = cargv[ i ] + sizeof( SCOPESTR );
+ gots |= GOT_SCOPE;
+ if ( !strncasecmp( val, "base", sizeof( "base" ) - 1 )) {
+ si->scope = LDAP_SCOPE_BASE;
+ } else if ( !strncasecmp( val, "one", sizeof( "one" ) - 1 )) {
+ si->scope = LDAP_SCOPE_ONELEVEL;
+ } else if ( !strncasecmp( val, "sub", sizeof( "sub" ) - 1 )) {
+ si->scope = LDAP_SCOPE_SUBTREE;
+ } else {
+ fprintf( stderr, "Error: parse_syncrepl_line: "
+ "unknown scope \"%s\"\n", val);
+ return 1;
+ }
+ } else if ( !strncasecmp( cargv[ i ],
+ ATTRSONLYSTR, sizeof( ATTRSONLYSTR ) - 1 ) ) {
+ si->attrsonly = 1;
+ } else if ( !strncasecmp( cargv[ i ],
+ ATTRSSTR, sizeof( ATTRSSTR ) - 1 ) ) {
+ char **tmp;
+ val = cargv[ i ] + sizeof( ATTRSSTR );
+ for ( ; hp = strchr( val, ' ' ); val = ++hp ) {
+ *hp = '\0';
+ if ( *val != '\0' ) {
+ nr_attr++;
+ tmp = (char **) ch_realloc( si->attrs, nr_attr * sizeof( char * ));
+ if ( tmp == NULL ) {
+#ifdef NEW_LOGGING
+ LDAP_LOG( CONFIG, ERR, "out of memory\n", 0,0,0 );
+#else
+ Debug( LDAP_DEBUG_ANY, "out of memory\n", 0,0,0 );
+#endif
+ return -1;
+ }
+ si->attrs = tmp;
+ si->attrs[ nr_attr - 1 ] = strdup( val );
+ }
+ }
+ if ( *val != '\0' ) {
+ nr_attr++;
+ tmp = (char **) ch_realloc( si->attrs, nr_attr * sizeof( char * ));
+ if ( tmp == NULL ) {
+#ifdef NEW_LOGGING
+ LDAP_LOG( CONFIG, ERR, "out of memory\n", 0,0,0 );
+#else
+ Debug( LDAP_DEBUG_ANY, "out of memory\n", 0,0,0 );
+#endif
+ return -1;
+ }
+ si->attrs = tmp;
+ si->attrs[ nr_attr - 1 ] = strdup( val );
+ }
+ nr_attr++;
+ tmp = (char **) ch_realloc( si->attrs, nr_attr * sizeof( char * ));
+ if ( tmp == NULL ) {
+#ifdef NEW_LOGGING
+ LDAP_LOG( CONFIG, ERR, "out of memory\n", 0,0,0 );
+#else
+ Debug( LDAP_DEBUG_ANY, "out of memory\n", 0,0,0 );
+#endif
+ return -1;
+ }
+ si->attrs = tmp;
+ si->attrs[ nr_attr - 1 ] = NULL;
+ gots |= GOT_ATTRS;
+ } else if ( !strncasecmp( cargv[ i ],
+ TYPESTR, sizeof( TYPESTR ) - 1 ) ) {
+ val = cargv[ i ] + sizeof( TYPESTR );
+ gots |= GOT_TYPE;
+ if ( !strncasecmp( val, "refreshOnly", sizeof( "refreshOnly" ) - 1 )) {
+ si->type = LDAP_SYNC_REFRESH_ONLY;
+ } else if ( !strncasecmp( val, "refreshAndPersist", sizeof( "refreshAndPersist" ) - 1 )) {
+ gots |= GOT_INTERVAL;
+ si->type = LDAP_SYNC_REFRESH_AND_PERSIST;
+ si->interval = 0;
+ } else {
+ fprintf( stderr, "Error: parse_syncrepl_line: "
+ "unknown sync type \"%s\"\n", val);
+ return 1;
+ }
+ } else if ( !strncasecmp( cargv[ i ],
+ INTERVALSTR, sizeof( INTERVALSTR ) - 1 ) ) {
+ val = cargv[ i ] + sizeof( INTERVALSTR );
+ gots |= GOT_INTERVAL;
+ if ( gots & GOT_TYPE && si->type == LDAP_SYNC_REFRESH_AND_PERSIST )
+ si->interval = 0;
+ else
+ si->interval = atoi( val );
+ if ( si->interval < 0 ) {
+ fprintf( stderr, "Error: parse_syncrepl_line: "
+ "invalid interval \"%d\"\n", si->interval);
+ return 1;
+ }
+ } else if ( !strncasecmp( cargv[ i ],
+ COOKIESTR, sizeof( COOKIESTR ) - 1 ) ) {
+ val = cargv[ i ] + sizeof( COOKIESTR );
+ si->syncCookie = ber_str2bv( val, strlen( val ), 1, NULL );
+ } else {
+ fprintf( stderr, "Error: parse_syncrepl_line: "
+ "unknown keyword \"%s\"\n", cargv[ i ] );
+ }
+ }
+
+ if ( si->bindmethod == LDAP_AUTH_SASL) {
+ if ((gots & GOT_MECH) == 0) {
+ fprintf( stderr, "Error: \"syncrepl\" line needs SASLmech flag "
+ "in slapd config file\n" );
+ return -1;
+ }
+ }
+
+ gots |= GOT_MECH;
+
+ if ( gots != GOT_ALL ) {
+ fprintf( stderr, "Error: Malformed \"syncrepl\" line in slapd config file"
+ );
+ return -1;
+ }
+
+ return 0;
+}
+#endif /* LDAP_SYNCREPL */
projects / openldap / blobdiff