#include <ac/string.h>
#include <ac/ctype.h>
#include <ac/socket.h>
+#include <ac/errno.h>
#include "lutil.h"
#include "ldap_pvt.h"
#include "slap.h"
-#define MAXARGS 200
+#define MAXARGS 500
/*
* defaults for various global variables
*/
-int defsize = SLAPD_DEFAULT_SIZELIMIT;
-int deftime = SLAPD_DEFAULT_TIMELIMIT;
+struct slap_limits_set deflimit = {
+ SLAPD_DEFAULT_TIMELIMIT, /* backward compatible limits */
+ 0,
+
+ SLAPD_DEFAULT_SIZELIMIT, /* backward compatible limits */
+ 0,
+ -1 /* no limit on unchecked size */
+};
+
AccessControl *global_acl = NULL;
slap_access_t global_default_access = ACL_READ;
slap_mask_t global_restrictops = 0;
if ( (fp = fopen( fname, "r" )) == NULL ) {
ldap_syslog = 1;
+#ifdef NEW_LOGGING
+ LDAP_LOG(( "config", LDAP_LEVEL_ENTRY, "read_config: "
+ "could not open config file \"%s\": %s (%d)\n",
+ fname, strerror(errno), errno ));
+#else
Debug( LDAP_DEBUG_ANY,
- "could not open config file \"%s\" - absolute path?\n",
- fname, 0, 0 );
- perror( fname );
+ "could not open config file \"%s\": %s (%d)\n",
+ fname, strerror(errno), errno );
+#endif
return 1;
}
#ifdef NEW_LOGGING
LDAP_LOG(( "config", LDAP_LEVEL_ENTRY,
- "read_config: reading config file %s\n", fname ));
+ "read_config: reading config file %s\n", fname ));
#else
Debug( LDAP_DEBUG_CONFIG, "reading config file %s\n", fname, 0, 0 );
#endif
return( 1 );
}
- /* set time limit */
+ /* set size limit */
} else if ( strcasecmp( cargv[0], "sizelimit" ) == 0 ) {
+ int rc = 0, i;
+ struct slap_limits_set *lim;
+
if ( cargc < 2 ) {
#ifdef NEW_LOGGING
LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
return( 1 );
}
+
if ( be == NULL ) {
- defsize = atoi( cargv[1] );
+ lim = &deflimit;
} else {
- be->be_sizelimit = atoi( cargv[1] );
+ lim = &be->be_def_limit;
+ }
+
+ for ( i = 1; i < cargc; i++ ) {
+ if ( strncasecmp( cargv[i], "size", 4 ) == 0 ) {
+ rc = parse_limit( cargv[i], lim );
+ } else {
+ lim->lms_s_soft = atoi( cargv[i] );
+ lim->lms_s_hard = 0;
+ }
+
+ if ( rc ) {
+#ifdef NEW_LOGGING
+ LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
+ "%s: line %d: unable "
+ "to parse value \"%s\" "
+ "in \"sizelimit "
+ "<limit>\" line.\n",
+ fname, lineno, cargv[i] ));
+#else
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: unable "
+ "to parse value \"%s\" "
+ "in \"sizelimit "
+ "<limit>\" line\n",
+ fname, lineno, cargv[i] );
+#endif
+ }
}
/* set time limit */
} else if ( strcasecmp( cargv[0], "timelimit" ) == 0 ) {
+ int rc = 0, i;
+ struct slap_limits_set *lim;
+
if ( cargc < 2 ) {
#ifdef NEW_LOGGING
LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
return( 1 );
}
+
if ( be == NULL ) {
- deftime = atoi( cargv[1] );
+ lim = &deflimit;
} else {
- be->be_timelimit = atoi( cargv[1] );
+ lim = &be->be_def_limit;
+ }
+
+ for ( i = 1; i < cargc; i++ ) {
+ if ( strncasecmp( cargv[i], "time", 4 ) == 0 ) {
+ rc = parse_limit( cargv[i], lim );
+ } else {
+ lim->lms_t_soft = atoi( cargv[i] );
+ lim->lms_t_hard = 0;
+ }
+
+ if ( rc ) {
+#ifdef NEW_LOGGING
+ LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
+ "%s: line %d: unable "
+ "to parse value \"%s\" "
+ "in \"timelimit "
+ "<limit>\" line.\n",
+ fname, lineno, cargv[i] ));
+#else
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: unable "
+ "to parse value \"%s\" "
+ "in \"timelimit "
+ "<limit>\" line\n",
+ fname, lineno, cargv[i] );
+#endif
+ }
+ }
+
+ /* set regex-based limits */
+ } else if ( strcasecmp( cargv[0], "limits" ) == 0 ) {
+ if ( be == NULL ) {
+#ifdef NEW_LOGGING
+ LDAP_LOG(( "config", LDAP_LEVEL_WARNING,
+ "%s: line %d \"limits\" allowed only in database environment.\n",
+ fname, lineno ));
+#else
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d \"limits\" allowed only in database environment.\n%s",
+ fname, lineno, "" );
+#endif
+ return( 1 );
+ }
+
+ if ( parse_limits( be, fname, lineno, cargc, cargv ) ) {
+ return( 1 );
}
/* set database suffix */
#ifdef NEW_LOGGING
LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
"%s: line %d: \"%s\" is reserved for monitoring slapd\n",
- SLAPD_MONITOR_DN, fname, lineno ));
+ fname, lineno, SLAPD_MONITOR_DN ));
#else
Debug( LDAP_DEBUG_ANY,
"%s: line %d: \"%s\" is reserved for monitoring slapd\n",
- SLAPD_MONITOR_DN, fname, lineno );
+ fname, lineno, SLAPD_MONITOR_DN );
#endif
return( 1 );
#endif /* SLAPD_MONITOR_DN */
return( 1 );
}
+ if( validate_global_referral( cargv[1] ) ) {
+#ifdef NEW_LOGGING
+ LDAP_LOG(( "config", LDAP_LEVEL_CRIT, "%s: line %d: "
+ "invalid URL (%s) in \"referral\" line.\n",
+ fname, lineno, cargv[1] ));
+#else
+ Debug( LDAP_DEBUG_ANY, "%s: line %d: "
+ "invalid URL (%s) in \"referral\" line.\n",
+ fname, lineno, cargv[1] );
+#endif
+ return 1;
+ }
+
vals[0]->bv_val = cargv[1];
vals[0]->bv_len = strlen( vals[0]->bv_val );
value_add( &default_referral, vals );
} else {
for ( i = 1; i < cargc; i++ ) {
if ( strncasecmp( cargv[i], "suffix=", 7 ) == 0 ) {
- char *nsuffix = ch_strdup( cargv[i] + 7 );
- if ( dn_normalize( nsuffix ) != NULL ) {
- if ( be_issuffix( be, nsuffix ) ) {
- charray_add( &be->be_replica[nr]->ri_nsuffix, nsuffix );
- } else {
+
+ switch ( add_replica_suffix( be, nr, cargv[i] + 7 ) ) {
+ case 1:
#ifdef NEW_LOGGING
- LDAP_LOG(( "config", LDAP_LEVEL_INFO,
- "%s: line %d: suffix \"%s\" in \"replica\" line is not valid for backend (ignored)\n",
- fname, lineno, cargv[i] + 7 ));
+ LDAP_LOG(( "config", LDAP_LEVEL_INFO,
+ "%s: line %d: suffix \"%s\" in \"replica\" line is not valid for backend (ignored)\n",
+ fname, lineno, cargv[i] + 7 ));
#else
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d: suffix \"%s\" in \"replica\" line is not valid for backend (ignored)\n",
- fname, lineno, cargv[i] + 7 );
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: suffix \"%s\" in \"replica\" line is not valid for backend (ignored)\n",
+ fname, lineno, cargv[i] + 7 );
#endif
- }
- } else {
+ break;
+
+ case 2:
#ifdef NEW_LOGGING
LDAP_LOG(( "config", LDAP_LEVEL_INFO,
"%s: line %d: unable to normalize suffix in \"replica\" line (ignored)\n",
"%s: line %d: unable to normalize suffix in \"replica\" line (ignored)\n",
fname, lineno, 0 );
#endif
+ break;
}
- free( nsuffix );
}
}
}
} else if ( strcasecmp( cargv[0], "updateref" ) == 0 ) {
if ( cargc < 2 ) {
#ifdef NEW_LOGGING
- LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
- "%s: line %d: missing dn in \"updateref <ldapurl>\" "
- "line.\n", fname, lineno ));
+ LDAP_LOG(( "config", LDAP_LEVEL_CRIT, "%s: line %d: "
+ "missing url in \"updateref <ldapurl>\" line.\n",
+ fname, lineno ));
#else
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d: missing dn in \"updateref <ldapurl>\" line\n",
+ Debug( LDAP_DEBUG_ANY, "%s: line %d: "
+ "missing url in \"updateref <ldapurl>\" line\n",
fname, lineno, 0 );
#endif
}
if ( be == NULL ) {
#ifdef NEW_LOGGING
- LDAP_LOG(( "config", LDAP_LEVEL_INFO,
- "%s: line %d: updateref line must appear inside "
- "a database definition (ignored)\n", fname, lineno ));
+ LDAP_LOG(( "config", LDAP_LEVEL_INFO, "%s: line %d: "
+ "updateref line must appear inside a database definition "
+ "(ignored)\n", fname, lineno ));
#else
- Debug( LDAP_DEBUG_ANY,
-"%s: line %d: updateref line must appear inside a database definition (ignored)\n",
- fname, lineno, 0 );
+ Debug( LDAP_DEBUG_ANY, "%s: line %d: "
+ "updateref line must appear inside a database definition "
+ "(ignored)\n", fname, lineno, 0 );
#endif
+ return 1;
} else if ( be->be_update_ndn == NULL ) {
#ifdef NEW_LOGGING
- LDAP_LOG(( "config", LDAP_LEVEL_INFO,
- "%s: line %d: updateref line must come after updatedn "
- "(ignored).\n", fname, lineno ));
+ LDAP_LOG(( "config", LDAP_LEVEL_INFO, "%s: line %d: "
+ "updateref line must come after updatedn (ignored).\n",
+ fname, lineno ));
#else
- Debug( LDAP_DEBUG_ANY,
-"%s: line %d: updateref line must after updatedn (ignored)\n",
+ Debug( LDAP_DEBUG_ANY, "%s: line %d: "
+ "updateref line must after updatedn (ignored)\n",
fname, lineno, 0 );
#endif
+ return 1;
+ }
- } else {
- vals[0]->bv_val = cargv[1];
- vals[0]->bv_len = strlen( vals[0]->bv_val );
- value_add( &be->be_update_refs, vals );
+ if( validate_global_referral( cargv[1] ) ) {
+#ifdef NEW_LOGGING
+ LDAP_LOG(( "config", LDAP_LEVEL_CRIT, "%s: line %d: "
+ "invalid URL (%s) in \"updateref\" line.\n",
+ fname, lineno, cargv[1] ));
+#else
+ Debug( LDAP_DEBUG_ANY, "%s: line %d: "
+ "invalid URL (%s) in \"updateref\" line.\n",
+ fname, lineno, cargv[1] );
+#endif
+ return 1;
}
+ vals[0]->bv_val = cargv[1];
+ vals[0]->bv_len = strlen( vals[0]->bv_val );
+ value_add( &be->be_update_refs, vals );
+
/* replication log file to which changes are appended */
} else if ( strcasecmp( cargv[0], "replogfile" ) == 0 ) {
if ( cargc < 2 ) {
" line.\n", fname, lineno ));
#else
Debug( LDAP_DEBUG_ANY,
- "%s: line %d: missing dn in \"replogfile <filename>\" line\n",
+ "%s: line %d: missing filename in \"replogfile <filename>\" line\n",
fname, lineno, 0 );
#endif
replogfile = ch_strdup( cargv[1] );
}
+ /* file from which to read additional rootdse attrs */
+ } else if ( strcasecmp( cargv[0], "rootdse" ) == 0) {
+ if ( cargc < 2 ) {
+#ifdef NEW_LOGGING
+ LDAP_LOG(( "config", LDAP_LEVEL_CRIT, "%s: line %d: "
+ "missing filename in \"rootDSEfile <filename>\" line.\n",
+ fname, lineno ));
+#else
+ Debug( LDAP_DEBUG_ANY, "%s: line %d: "
+ "missing filename in \"rootDSEfile <filename>\" line.\n",
+ fname, lineno, 0 );
+#endif
+ return 1;
+ }
+
+ if( read_root_dse_file( cargv[1] ) ) {
+#ifdef NEW_LOGGING
+ LDAP_LOG(( "config", LDAP_LEVEL_CRIT, "%s: line %d: "
+ "could not read \"rootDSEfile <filename>\" line.\n",
+ fname, lineno ));
+#else
+ Debug( LDAP_DEBUG_ANY, "%s: line %d: "
+ "could not read \"rootDSEfile <filename>\" line\n",
+ fname, lineno, 0 );
+#endif
+ return 1;
+ }
+
/* maintain lastmodified{by,time} attributes */
} else if ( strcasecmp( cargv[0], "lastmod" ) == 0 ) {
if ( cargc < 2 ) {
#endif /*SLAPD_MODULES*/
#ifdef HAVE_TLS
- } else if ( !strcasecmp( cargv[0], "TLSProtocol" ) ) {
- rc = ldap_pvt_tls_set_option( NULL,
- LDAP_OPT_X_TLS_PROTOCOL,
- cargv[1] );
- if ( rc )
- return rc;
-
} else if ( !strcasecmp( cargv[0], "TLSRandFile" ) ) {
rc = ldap_pvt_tls_set_option( NULL,
LDAP_OPT_X_TLS_RANDOM_FILE,
}
while ( fgets( buf, sizeof(buf), fp ) != NULL ) {
+ /* trim off \r\n or \n */
if ( (p = strchr( buf, '\n' )) != NULL ) {
+ if( p > buf && p[-1] == '\r' ) --p;
*p = '\0';
}
if ( ! isspace( (unsigned char) buf[0] ) ) {