]> git.sur5r.net Git - openldap/blobdiff - servers/slapd/config.c
projects / openldap / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Remove lint
[openldap] / servers / slapd / config.c
diff --git a/servers/slapd/config.c b/servers/slapd/config.c
index a5b3aa63c81c8177309106f0d62b52742cdabbb9..f20979649e9ef35a147ac6257fa660a805167063 100644 (file)
--- a/servers/slapd/config.c
+++ b/servers/slapd/config.c
@@ -22,8 +22,15 @@
 /*
  * defaults for various global variables
  */
-int            defsize = SLAPD_DEFAULT_SIZELIMIT;
-int            deftime = SLAPD_DEFAULT_TIMELIMIT;
+struct slap_limits_set deflimit = {
+       SLAPD_DEFAULT_TIMELIMIT,        /* backward compatible limits */
+       0,
+
+       SLAPD_DEFAULT_SIZELIMIT,        /* backward compatible limits */
+       0,
+       -1                              /* no limit on unchecked size */
+};
+
 AccessControl  *global_acl = NULL;
 slap_access_t          global_default_access = ACL_READ;
 slap_mask_t            global_restrictops = 0;
@@ -42,6 +49,7 @@ char          *default_search_base = NULL;
 char           *default_search_nbase = NULL;
 
 ber_len_t sockbuf_max_incoming = SLAP_SB_MAX_INCOMING_DEFAULT;
+ber_len_t sockbuf_max_incoming_auth= SLAP_SB_MAX_INCOMING_AUTH;
 
 char   *slapd_pid_file  = NULL;
 char   *slapd_args_file = NULL;
@@ -65,9 +73,7 @@ read_config( const char *fname )
        int     cargc, savelineno;
        char    *cargv[MAXARGS+1];
        int     lineno, i;
-#ifdef HAVE_TLS
        int rc;
-#endif
        struct berval *vals[2];
        struct berval val;
 
@@ -280,6 +286,43 @@ read_config( const char *fname )
 
                        sockbuf_max_incoming = max;
 
+               /* set sockbuf max authenticated */
+               } else if ( strcasecmp( cargv[0], "sockbuf_max_incoming_auth" ) == 0 ) {
+                       long max;
+                       if ( cargc < 2 ) {
+#ifdef NEW_LOGGING
+                               LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
+                                          "%s: line %d: missing max in \"sockbuf_max_incoming_auth <bytes>\" line\n",
+                                          fname, lineno ));
+#else
+                               Debug( LDAP_DEBUG_ANY,
+                                          "%s: line %d: missing max in \"sockbuf_max_incoming_auth <bytes>\" line\n",
+                                   fname, lineno, 0 );
+#endif
+
+                               return( 1 );
+                       }
+
+                       max = atol( cargv[1] );
+
+                       if( max < 0 ) {
+#ifdef NEW_LOGGING
+                               LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
+                                          "%s: line %d: invalid max value (%ld) in "
+                                          "\"sockbuf_max_incoming_auth <bytes>\" line.\n",
+                                          fname, lineno, max ));
+#else
+                               Debug( LDAP_DEBUG_ANY,
+                                       "%s: line %d: invalid max value (%ld) in "
+                                       "\"sockbuf_max_incoming_auth <bytes>\" line.\n",
+                                   fname, lineno, max );
+#endif
+
+                               return( 1 );
+                       }
+
+                       sockbuf_max_incoming_auth = max;
+
                /* default search base */
                } else if ( strcasecmp( cargv[0], "defaultSearchBase" ) == 0 ) {
                        if ( cargc < 2 ) {
@@ -467,6 +510,25 @@ read_config( const char *fname )
                                default_passwd_hash = ch_strdup( cargv[1] );
                        }
 
+               } else if ( strcasecmp( cargv[0], "password-crypt-salt-format" ) == 0 ) 
+               {
+                       if ( cargc < 2 ) {
+#ifdef NEW_LOGGING
+                               LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
+                                       "%s: line %d: missing format in "
+                                       "\"password-crypt-salt-format <format>\" line\n",
+                                       fname, lineno ));
+#else
+                               Debug( LDAP_DEBUG_ANY, "%s: line %d: missing format in "
+                                       "\"password-crypt-salt-format <format>\" line\n",
+                                   fname, lineno, 0 );
+#endif
+
+                               return 1;
+                       }
+
+                       lutil_salt_format( cargv[1] );
+
                /* set SASL host */
                } else if ( strcasecmp( cargv[0], "sasl-host" ) == 0 ) {
                        if ( cargc < 2 ) {
@@ -630,8 +692,11 @@ read_config( const char *fname )
                                return( 1 );
                        }
 
-               /* set time limit */
+               /* set size limit */
                } else if ( strcasecmp( cargv[0], "sizelimit" ) == 0 ) {
+                       int rc = 0, i;
+                       struct slap_limits_set *lim;
+                       
                        if ( cargc < 2 ) {
 #ifdef NEW_LOGGING
                                LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
@@ -645,14 +710,45 @@ read_config( const char *fname )
 
                                return( 1 );
                        }
+
                        if ( be == NULL ) {
-                               defsize = atoi( cargv[1] );
+                               lim = &deflimit;
                        } else {
-                               be->be_sizelimit = atoi( cargv[1] );
+                               lim = &be->be_def_limit;
+                       }
+
+                       for ( i = 1; i < cargc; i++ ) {
+                               if ( strncasecmp( cargv[i], "size", 4 ) == 0 ) {
+                                       rc = parse_limit( cargv[i], lim );
+                               } else {
+                                       lim->lms_s_soft = atoi( cargv[i] );
+                                       lim->lms_s_hard = 0;
+                               }
+
+                               if ( rc ) {
+#ifdef NEW_LOGGING
+                                       LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
+                                                  "%s: line %d: unable "
+                                                  "to parse value \"%s\" "
+                                                  "in \"sizelimit "
+                                                  "<limit>\" line.\n",
+                                                  fname, lineno, cargv[i] ));
+#else
+                                       Debug( LDAP_DEBUG_ANY,
+                                               "%s: line %d: unable "
+                                               "to parse value \"%s\" "
+                                               "in \"sizelimit "
+                                               "<limit>\" line\n",
+                                               fname, lineno, cargv[i] );
+#endif
+                               }
                        }
 
                /* set time limit */
                } else if ( strcasecmp( cargv[0], "timelimit" ) == 0 ) {
+                       int rc = 0, i;
+                       struct slap_limits_set *lim;
+                       
                        if ( cargc < 2 ) {
 #ifdef NEW_LOGGING
                                LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
@@ -666,10 +762,57 @@ read_config( const char *fname )
 
                                return( 1 );
                        }
+                       
                        if ( be == NULL ) {
-                               deftime = atoi( cargv[1] );
+                               lim = &deflimit;
                        } else {
-                               be->be_timelimit = atoi( cargv[1] );
+                               lim = &be->be_def_limit;
+                       }
+
+                       for ( i = 1; i < cargc; i++ ) {
+                               if ( strncasecmp( cargv[i], "time", 4 ) == 0 ) {
+                                       rc = parse_limit( cargv[i], lim );
+                               } else {
+                                       lim->lms_t_soft = atoi( cargv[i] );
+                                       lim->lms_t_hard = 0;
+                               }
+
+                               if ( rc ) {
+#ifdef NEW_LOGGING
+                                       LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
+                                                  "%s: line %d: unable "
+                                                  "to parse value \"%s\" "
+                                                  "in \"timelimit "
+                                                  "<limit>\" line.\n",
+                                                  fname, lineno, cargv[i] ));
+#else
+                                       Debug( LDAP_DEBUG_ANY,
+                                               "%s: line %d: unable "
+                                               "to parse value \"%s\" "
+                                               "in \"timelimit "
+                                               "<limit>\" line\n",
+                                               fname, lineno, cargv[i] );
+#endif
+                               }
+                       }
+
+               /* set regex-based limits */
+               } else if ( strcasecmp( cargv[0], "limits" ) == 0 ) {
+                       if ( be == NULL ) {
+#ifdef NEW_LOGGING
+                               LDAP_LOG(( "config", LDAP_LEVEL_WARNING,
+                                          "%s: line %d \"limits\" allowed only in database environment.\n",
+                                          fname, lineno ));
+#else
+                               Debug( LDAP_DEBUG_ANY,
+       "%s: line %d \"limits\" allowed only in database environment.\n%s",
+                                       fname, lineno, "" );
+#endif
+                               return( 1 );
+                       }
+
+                       if ( parse_limits( be, fname, lineno, cargc, cargv ) ) {
+                               return( 1 );
                        }
 
                /* set database suffix */
@@ -710,6 +853,21 @@ read_config( const char *fname )
                                    fname, lineno, 0 );
 #endif
 
+#if defined(SLAPD_MONITOR_DN)
+                       /* "cn=Monitor" is reserved for monitoring slap */
+                       } else if ( strcasecmp( cargv[1], SLAPD_MONITOR_DN ) == 0 ) {
+#ifdef NEW_LOGGING
+                               LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
+"%s: line %d: \"%s\" is reserved for monitoring slapd\n", 
+                                       SLAPD_MONITOR_DN, fname, lineno ));
+#else
+                               Debug( LDAP_DEBUG_ANY,
+"%s: line %d: \"%s\" is reserved for monitoring slapd\n",
+                                       SLAPD_MONITOR_DN, fname, lineno );
+#endif
+                               return( 1 );
+#endif /* SLAPD_MONITOR_DN */
+
                        } else if ( ( tmp_be = select_backend( cargv[1], 0 ) ) == be ) {
 #ifdef NEW_LOGGING
                                LDAP_LOG(( "config", LDAP_LEVEL_INFO,
@@ -1144,9 +1302,9 @@ read_config( const char *fname )
                                } else if( strcasecmp( cargv[i], "none" ) != 0 ) {
 #ifdef NEW_LOGGING
                                        LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
-                                                  "%s: line %d: unknownfeature %s in "
-                                                  "\"disallow <features>\" line.\n",
-                                                  fname, lineno ));
+                                               "%s: line %d: unknown feature %s in "
+                                               "\"disallow <features>\" line.\n",
+                                               fname, lineno, cargv[i] ));
 #else
                                        Debug( LDAP_DEBUG_ANY,
                    "%s: line %d: unknown feature %s in \"disallow <features>\" line\n",
@@ -1368,14 +1526,17 @@ read_config( const char *fname )
                         lutil_set_debug_level( cargv[1], level );
                /* specify an Object Identifier macro */
                } else if ( strcasecmp( cargv[0], "objectidentifier" ) == 0 ) {
-                       parse_oidm( fname, lineno, cargc, cargv );
+                       rc = parse_oidm( fname, lineno, cargc, cargv );
+                       if( rc ) return rc;
 
                /* specify an objectclass */
                } else if ( strcasecmp( cargv[0], "objectclass" ) == 0 ) {
                        if ( *cargv[1] == '(' ) {
                                char * p;
                                p = strchr(saveline,'(');
-                               parse_oc( fname, lineno, p, cargv );
+                               rc = parse_oc( fname, lineno, p, cargv );
+                               if( rc ) return rc;
+
                        } else {
 #ifdef NEW_LOGGING
                                LDAP_LOG(( "config", LDAP_LEVEL_INFO,
@@ -1396,7 +1557,9 @@ read_config( const char *fname )
                        if ( *cargv[1] == '(' ) {
                                char * p;
                                p = strchr(saveline,'(');
-                               parse_at( fname, lineno, p, cargv );
+                               rc = parse_at( fname, lineno, p, cargv );
+                               if( rc ) return rc;
+
                        } else {
 #ifdef NEW_LOGGING
                                LDAP_LOG(( "config", LDAP_LEVEL_INFO,
@@ -1485,11 +1648,13 @@ read_config( const char *fname )
 #endif
 
                        } else {
+                               int nr = -1;
+
                                for ( i = 1; i < cargc; i++ ) {
                                        if ( strncasecmp( cargv[i], "host=", 5 )
                                            == 0 ) {
-                                               charray_add( &be->be_replica,
-                                                            cargv[i] + 5 );
+                                               nr = add_replica_info( be, 
+                                                       cargv[i] + 5 );
                                                break;
                                        }
                                }
@@ -1504,6 +1669,51 @@ read_config( const char *fname )
                                            fname, lineno, 0 );
 #endif
 
+                               } else if ( nr == -1 ) {
+#ifdef NEW_LOGGING
+                                       LDAP_LOG(( "config", LDAP_LEVEL_INFO,
+                                                  "%s: line %d: unable to add"
+                                                  " replica \"%s\""
+                                                  " (ignored)\n",
+                                                  fname, lineno, 
+                                                  cargv[i] + 5 ));
+#else
+                                       Debug( LDAP_DEBUG_ANY,
+               "%s: line %d: unable to add replica \"%s\" (ignored)\n",
+                                               fname, lineno, cargv[i] + 5 );
+#endif
+                               } else {
+                                       for ( i = 1; i < cargc; i++ ) {
+                                               if ( strncasecmp( cargv[i], "suffix=", 7 ) == 0 ) {
+                                                       char *nsuffix = ch_strdup( cargv[i] + 7 );
+                                                       if ( dn_normalize( nsuffix ) != NULL ) {
+                                                               if ( select_backend( nsuffix, 0 ) == be ) {
+                                                                       charray_add( &be->be_replica[nr]->ri_nsuffix, nsuffix );
+                                                               } else {
+#ifdef NEW_LOGGING
+                                                                       LDAP_LOG(( "config", LDAP_LEVEL_INFO,
+                                                                                               "%s: line %d: suffix \"%s\" in \"replica\" line is not valid for backend (ignored)\n",
+                                                                                               fname, lineno, cargv[i] + 7 ));
+#else
+                                                                       Debug( LDAP_DEBUG_ANY,
+                                                                                       "%s: line %d: suffix \"%s\" in \"replica\" line is not valid for backend (ignored)\n",
+                                                                                       fname, lineno, cargv[i] + 7 );
+#endif
+                                                               }
+                                                       } else {
+#ifdef NEW_LOGGING
+                                                               LDAP_LOG(( "config", LDAP_LEVEL_INFO,
+                                                                                       "%s: line %d: unable to normalize suffix in \"replica\" line (ignored)\n",
+                                                                                       fname, lineno ));
+#else
+                                                               Debug( LDAP_DEBUG_ANY,
+                                                                                "%s: line %d: unable to normalize suffix in \"replica\" line (ignored)\n",
+                                                                                fname, lineno, 0 );
+#endif
+                                                       }
+                                                       free( nsuffix );
+                                               }
+                                       }
                                }
                        }
 
@@ -1781,13 +1991,6 @@ read_config( const char *fname )
 #endif /*SLAPD_MODULES*/
 
 #ifdef HAVE_TLS
-               } else if ( !strcasecmp( cargv[0], "TLSProtocol" ) ) {
-                       rc = ldap_pvt_tls_set_option( NULL,
-                                                     LDAP_OPT_X_TLS_PROTOCOL,
-                                                     cargv[1] );
-                       if ( rc )
-                               return rc;
-
                } else if ( !strcasecmp( cargv[0], "TLSRandFile" ) ) {
                        rc = ldap_pvt_tls_set_option( NULL,
                                                      LDAP_OPT_X_TLS_RANDOM_FILE,
Cloned from git://git.openldap.org/openldap.git