#include <ac/string.h>
#include <ac/ctype.h>
#include <ac/socket.h>
+#include <ac/errno.h>
#include "lutil.h"
#include "ldap_pvt.h"
#include "slap.h"
-#define MAXARGS 200
+#define MAXARGS 500
/*
* defaults for various global variables
*/
-int defsize = SLAPD_DEFAULT_SIZELIMIT;
-int deftime = SLAPD_DEFAULT_TIMELIMIT;
+struct slap_limits_set deflimit = {
+ SLAPD_DEFAULT_TIMELIMIT, /* backward compatible limits */
+ 0,
+
+ SLAPD_DEFAULT_SIZELIMIT, /* backward compatible limits */
+ 0,
+ -1 /* no limit on unchecked size */
+};
+
AccessControl *global_acl = NULL;
slap_access_t global_default_access = ACL_READ;
slap_mask_t global_restrictops = 0;
char *replogfile;
int global_lastmod = ON;
int global_idletimeout = 0;
-int global_backendsyncfreq = 0;
char *global_host = NULL;
char *global_realm = NULL;
char *ldap_srvtab = "";
if ( (fp = fopen( fname, "r" )) == NULL ) {
ldap_syslog = 1;
+#ifdef NEW_LOGGING
+ LDAP_LOG(( "config", LDAP_LEVEL_ENTRY, "read_config: "
+ "could not open config file \"%s\": %s (%d)\n",
+ fname, strerror(errno), errno ));
+#else
Debug( LDAP_DEBUG_ANY,
- "could not open config file \"%s\" - absolute path?\n",
- fname, 0, 0 );
- perror( fname );
+ "could not open config file \"%s\": %s (%d)\n",
+ fname, strerror(errno), errno );
+#endif
return 1;
}
#ifdef NEW_LOGGING
LDAP_LOG(( "config", LDAP_LEVEL_ENTRY,
- "read_config: reading config file %s\n", fname ));
+ "read_config: reading config file %s\n", fname ));
#else
Debug( LDAP_DEBUG_CONFIG, "reading config file %s\n", fname, 0, 0 );
#endif
return( 1 );
}
- /* set time limit */
+ /* set size limit */
} else if ( strcasecmp( cargv[0], "sizelimit" ) == 0 ) {
+ int rc = 0, i;
+ struct slap_limits_set *lim;
+
if ( cargc < 2 ) {
#ifdef NEW_LOGGING
LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
return( 1 );
}
+
if ( be == NULL ) {
- defsize = atoi( cargv[1] );
+ lim = &deflimit;
} else {
- be->be_sizelimit = atoi( cargv[1] );
+ lim = &be->be_def_limit;
+ }
+
+ for ( i = 1; i < cargc; i++ ) {
+ if ( strncasecmp( cargv[i], "size", 4 ) == 0 ) {
+ rc = parse_limit( cargv[i], lim );
+ } else {
+ lim->lms_s_soft = atoi( cargv[i] );
+ lim->lms_s_hard = 0;
+ }
+
+ if ( rc ) {
+#ifdef NEW_LOGGING
+ LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
+ "%s: line %d: unable "
+ "to parse value \"%s\" "
+ "in \"sizelimit "
+ "<limit>\" line.\n",
+ fname, lineno, cargv[i] ));
+#else
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: unable "
+ "to parse value \"%s\" "
+ "in \"sizelimit "
+ "<limit>\" line\n",
+ fname, lineno, cargv[i] );
+#endif
+ }
}
/* set time limit */
} else if ( strcasecmp( cargv[0], "timelimit" ) == 0 ) {
+ int rc = 0, i;
+ struct slap_limits_set *lim;
+
if ( cargc < 2 ) {
#ifdef NEW_LOGGING
LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
return( 1 );
}
+
if ( be == NULL ) {
- deftime = atoi( cargv[1] );
+ lim = &deflimit;
} else {
- be->be_timelimit = atoi( cargv[1] );
+ lim = &be->be_def_limit;
+ }
+
+ for ( i = 1; i < cargc; i++ ) {
+ if ( strncasecmp( cargv[i], "time", 4 ) == 0 ) {
+ rc = parse_limit( cargv[i], lim );
+ } else {
+ lim->lms_t_soft = atoi( cargv[i] );
+ lim->lms_t_hard = 0;
+ }
+
+ if ( rc ) {
+#ifdef NEW_LOGGING
+ LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
+ "%s: line %d: unable "
+ "to parse value \"%s\" "
+ "in \"timelimit "
+ "<limit>\" line.\n",
+ fname, lineno, cargv[i] ));
+#else
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: unable "
+ "to parse value \"%s\" "
+ "in \"timelimit "
+ "<limit>\" line\n",
+ fname, lineno, cargv[i] );
+#endif
+ }
+ }
+
+ /* set regex-based limits */
+ } else if ( strcasecmp( cargv[0], "limits" ) == 0 ) {
+ if ( be == NULL ) {
+#ifdef NEW_LOGGING
+ LDAP_LOG(( "config", LDAP_LEVEL_WARNING,
+ "%s: line %d \"limits\" allowed only in database environment.\n",
+ fname, lineno ));
+#else
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d \"limits\" allowed only in database environment.\n%s",
+ fname, lineno, "" );
+#endif
+ return( 1 );
+ }
+
+ if ( parse_limits( be, fname, lineno, cargc, cargv ) ) {
+ return( 1 );
}
/* set database suffix */
fname, lineno, 0 );
#endif
+#if defined(SLAPD_MONITOR_DN)
+ /* "cn=Monitor" is reserved for monitoring slap */
+ } else if ( strcasecmp( cargv[1], SLAPD_MONITOR_DN ) == 0 ) {
+#ifdef NEW_LOGGING
+ LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
+"%s: line %d: \"%s\" is reserved for monitoring slapd\n",
+ SLAPD_MONITOR_DN, fname, lineno ));
+#else
+ Debug( LDAP_DEBUG_ANY,
+"%s: line %d: \"%s\" is reserved for monitoring slapd\n",
+ SLAPD_MONITOR_DN, fname, lineno );
+#endif
+ return( 1 );
+#endif /* SLAPD_MONITOR_DN */
+
} else if ( ( tmp_be = select_backend( cargv[1], 0 ) ) == be ) {
#ifdef NEW_LOGGING
LDAP_LOG(( "config", LDAP_LEVEL_INFO,
} else if( strcasecmp( cargv[i], "none" ) != 0 ) {
#ifdef NEW_LOGGING
LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
- "%s: line %d: unknownfeature %s in "
- "\"disallow <features>\" line.\n",
- fname, lineno ));
+ "%s: line %d: unknown feature %s in "
+ "\"disallow <features>\" line.\n",
+ fname, lineno, cargv[i] ));
#else
Debug( LDAP_DEBUG_ANY,
"%s: line %d: unknown feature %s in \"disallow <features>\" line\n",
#endif
} else {
+ int nr = -1;
+
for ( i = 1; i < cargc; i++ ) {
if ( strncasecmp( cargv[i], "host=", 5 )
== 0 ) {
- charray_add( &be->be_replica,
- cargv[i] + 5 );
+ nr = add_replica_info( be,
+ cargv[i] + 5 );
break;
}
}
fname, lineno, 0 );
#endif
+ } else if ( nr == -1 ) {
+#ifdef NEW_LOGGING
+ LDAP_LOG(( "config", LDAP_LEVEL_INFO,
+ "%s: line %d: unable to add"
+ " replica \"%s\""
+ " (ignored)\n",
+ fname, lineno,
+ cargv[i] + 5 ));
+#else
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: unable to add replica \"%s\" (ignored)\n",
+ fname, lineno, cargv[i] + 5 );
+#endif
+ } else {
+ for ( i = 1; i < cargc; i++ ) {
+ if ( strncasecmp( cargv[i], "suffix=", 7 ) == 0 ) {
+ char *nsuffix = ch_strdup( cargv[i] + 7 );
+ if ( dn_normalize( nsuffix ) != NULL ) {
+ if ( select_backend( nsuffix, 0 ) == be ) {
+ charray_add( &be->be_replica[nr]->ri_nsuffix, nsuffix );
+ } else {
+#ifdef NEW_LOGGING
+ LDAP_LOG(( "config", LDAP_LEVEL_INFO,
+ "%s: line %d: suffix \"%s\" in \"replica\" line is not valid for backend (ignored)\n",
+ fname, lineno, cargv[i] + 7 ));
+#else
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: suffix \"%s\" in \"replica\" line is not valid for backend (ignored)\n",
+ fname, lineno, cargv[i] + 7 );
+#endif
+ }
+ } else {
+#ifdef NEW_LOGGING
+ LDAP_LOG(( "config", LDAP_LEVEL_INFO,
+ "%s: line %d: unable to normalize suffix in \"replica\" line (ignored)\n",
+ fname, lineno ));
+#else
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: unable to normalize suffix in \"replica\" line (ignored)\n",
+ fname, lineno, 0 );
+#endif
+ }
+ free( nsuffix );
+ }
+ }
}
}
global_idletimeout = i;
- /* set backend sync frequency */
- } else if ( strcasecmp( cargv[0], "backendsyncfreq" ) == 0 ) {
-#ifndef NO_THREADS
- int i;
- if ( cargc < 2 ) {
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d: missing frquency value in \"backendsyncfreq <seconds>\" line\n",
- fname, lineno, 0 );
- return 1;
- }
-
- i = atoi( cargv[1] );
-
- if( i < 0 ) {
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d: frquency value (%d) invalid \"backendsyncfreq <seconds>\" line\n",
- fname, lineno, i );
- return 1;
- }
-
- global_backendsyncfreq = i;
-#else
- Debug( LDAP_DEBUG_ANY,
- "\"dbsyncfreq\" not supported in non-threaded environment\n");
- return 1;
-#endif
-
/* include another config file */
} else if ( strcasecmp( cargv[0], "include" ) == 0 ) {
if ( cargc < 2 ) {
#endif /*SLAPD_MODULES*/
#ifdef HAVE_TLS
- } else if ( !strcasecmp( cargv[0], "TLSProtocol" ) ) {
- rc = ldap_pvt_tls_set_option( NULL,
- LDAP_OPT_X_TLS_PROTOCOL,
- cargv[1] );
- if ( rc )
- return rc;
-
} else if ( !strcasecmp( cargv[0], "TLSRandFile" ) ) {
rc = ldap_pvt_tls_set_option( NULL,
LDAP_OPT_X_TLS_RANDOM_FILE,
}
while ( fgets( buf, sizeof(buf), fp ) != NULL ) {
+ /* trim off \r\n or \n */
if ( (p = strchr( buf, '\n' )) != NULL ) {
+ if( p > buf && p[-1] == '\r' ) --p;
*p = '\0';
}
if ( ! isspace( (unsigned char) buf[0] ) ) {