#include <ac/string.h>
#include <ac/ctype.h>
#include <ac/socket.h>
+#include <ac/errno.h>
#include "lutil.h"
#include "ldap_pvt.h"
#include "slap.h"
-#define MAXARGS 200
+#define MAXARGS 500
/*
* defaults for various global variables
*/
-int defsize = SLAPD_DEFAULT_SIZELIMIT;
-int deftime = SLAPD_DEFAULT_TIMELIMIT;
+struct slap_limits_set deflimit = {
+ SLAPD_DEFAULT_TIMELIMIT, /* backward compatible limits */
+ 0,
+
+ SLAPD_DEFAULT_SIZELIMIT, /* backward compatible limits */
+ 0,
+ -1 /* no limit on unchecked size */
+};
+
AccessControl *global_acl = NULL;
slap_access_t global_default_access = ACL_READ;
slap_mask_t global_restrictops = 0;
char *default_search_base = NULL;
char *default_search_nbase = NULL;
+ber_len_t sockbuf_max_incoming = SLAP_SB_MAX_INCOMING_DEFAULT;
+ber_len_t sockbuf_max_incoming_auth= SLAP_SB_MAX_INCOMING_AUTH;
+
char *slapd_pid_file = NULL;
char *slapd_args_file = NULL;
int cargc, savelineno;
char *cargv[MAXARGS+1];
int lineno, i;
-#ifdef HAVE_TLS
int rc;
-#endif
struct berval *vals[2];
struct berval val;
if ( (fp = fopen( fname, "r" )) == NULL ) {
ldap_syslog = 1;
+#ifdef NEW_LOGGING
+ LDAP_LOG(( "config", LDAP_LEVEL_ENTRY, "read_config: "
+ "could not open config file \"%s\": %s (%d)\n",
+ fname, strerror(errno), errno ));
+#else
Debug( LDAP_DEBUG_ANY,
- "could not open config file \"%s\" - absolute path?\n",
- fname, 0, 0 );
- perror( fname );
+ "could not open config file \"%s\": %s (%d)\n",
+ fname, strerror(errno), errno );
+#endif
return 1;
}
#ifdef NEW_LOGGING
LDAP_LOG(( "config", LDAP_LEVEL_ENTRY,
- "read_config: reading config file %s\n", fname ));
+ "read_config: reading config file %s\n", fname ));
#else
Debug( LDAP_DEBUG_CONFIG, "reading config file %s\n", fname, 0, 0 );
#endif
ldap_pvt_thread_set_concurrency( c );
+ /* set sockbuf max */
+ } else if ( strcasecmp( cargv[0], "sockbuf_max_incoming" ) == 0 ) {
+ long max;
+ if ( cargc < 2 ) {
+#ifdef NEW_LOGGING
+ LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
+ "%s: line %d: missing max in \"sockbuf_max_incoming <bytes\" line\n",
+ fname, lineno ));
+#else
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: missing max in \"sockbuf_max_incoming <bytes\" line\n",
+ fname, lineno, 0 );
+#endif
+
+ return( 1 );
+ }
+
+ max = atol( cargv[1] );
+
+ if( max < 0 ) {
+#ifdef NEW_LOGGING
+ LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
+ "%s: line %d: invalid max value (%ld) in "
+ "\"sockbuf_max_incoming <bytes>\" line.\n",
+ fname, lineno, max ));
+#else
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: invalid max value (%ld) in "
+ "\"sockbuf_max_incoming <bytes>\" line.\n",
+ fname, lineno, max );
+#endif
+
+ return( 1 );
+ }
+
+ sockbuf_max_incoming = max;
+
+ /* set sockbuf max authenticated */
+ } else if ( strcasecmp( cargv[0], "sockbuf_max_incoming_auth" ) == 0 ) {
+ long max;
+ if ( cargc < 2 ) {
+#ifdef NEW_LOGGING
+ LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
+ "%s: line %d: missing max in \"sockbuf_max_incoming_auth <bytes>\" line\n",
+ fname, lineno ));
+#else
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: missing max in \"sockbuf_max_incoming_auth <bytes>\" line\n",
+ fname, lineno, 0 );
+#endif
+
+ return( 1 );
+ }
+
+ max = atol( cargv[1] );
+
+ if( max < 0 ) {
+#ifdef NEW_LOGGING
+ LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
+ "%s: line %d: invalid max value (%ld) in "
+ "\"sockbuf_max_incoming_auth <bytes>\" line.\n",
+ fname, lineno, max ));
+#else
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: invalid max value (%ld) in "
+ "\"sockbuf_max_incoming_auth <bytes>\" line.\n",
+ fname, lineno, max );
+#endif
+
+ return( 1 );
+ }
+
+ sockbuf_max_incoming_auth = max;
+
/* default search base */
} else if ( strcasecmp( cargv[0], "defaultSearchBase" ) == 0 ) {
if ( cargc < 2 ) {
default_passwd_hash = ch_strdup( cargv[1] );
}
+ } else if ( strcasecmp( cargv[0], "password-crypt-salt-format" ) == 0 )
+ {
+ if ( cargc < 2 ) {
+#ifdef NEW_LOGGING
+ LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
+ "%s: line %d: missing format in "
+ "\"password-crypt-salt-format <format>\" line\n",
+ fname, lineno ));
+#else
+ Debug( LDAP_DEBUG_ANY, "%s: line %d: missing format in "
+ "\"password-crypt-salt-format <format>\" line\n",
+ fname, lineno, 0 );
+#endif
+
+ return 1;
+ }
+
+ lutil_salt_format( cargv[1] );
+
/* set SASL host */
} else if ( strcasecmp( cargv[0], "sasl-host" ) == 0 ) {
if ( cargc < 2 ) {
return( 1 );
}
- /* set time limit */
+ /* set size limit */
} else if ( strcasecmp( cargv[0], "sizelimit" ) == 0 ) {
+ int rc = 0, i;
+ struct slap_limits_set *lim;
+
if ( cargc < 2 ) {
#ifdef NEW_LOGGING
LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
return( 1 );
}
+
if ( be == NULL ) {
- defsize = atoi( cargv[1] );
+ lim = &deflimit;
} else {
- be->be_sizelimit = atoi( cargv[1] );
+ lim = &be->be_def_limit;
+ }
+
+ for ( i = 1; i < cargc; i++ ) {
+ if ( strncasecmp( cargv[i], "size", 4 ) == 0 ) {
+ rc = parse_limit( cargv[i], lim );
+ } else {
+ lim->lms_s_soft = atoi( cargv[i] );
+ lim->lms_s_hard = 0;
+ }
+
+ if ( rc ) {
+#ifdef NEW_LOGGING
+ LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
+ "%s: line %d: unable "
+ "to parse value \"%s\" "
+ "in \"sizelimit "
+ "<limit>\" line.\n",
+ fname, lineno, cargv[i] ));
+#else
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: unable "
+ "to parse value \"%s\" "
+ "in \"sizelimit "
+ "<limit>\" line\n",
+ fname, lineno, cargv[i] );
+#endif
+ }
}
/* set time limit */
} else if ( strcasecmp( cargv[0], "timelimit" ) == 0 ) {
+ int rc = 0, i;
+ struct slap_limits_set *lim;
+
if ( cargc < 2 ) {
#ifdef NEW_LOGGING
LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
return( 1 );
}
+
if ( be == NULL ) {
- deftime = atoi( cargv[1] );
+ lim = &deflimit;
} else {
- be->be_timelimit = atoi( cargv[1] );
+ lim = &be->be_def_limit;
+ }
+
+ for ( i = 1; i < cargc; i++ ) {
+ if ( strncasecmp( cargv[i], "time", 4 ) == 0 ) {
+ rc = parse_limit( cargv[i], lim );
+ } else {
+ lim->lms_t_soft = atoi( cargv[i] );
+ lim->lms_t_hard = 0;
+ }
+
+ if ( rc ) {
+#ifdef NEW_LOGGING
+ LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
+ "%s: line %d: unable "
+ "to parse value \"%s\" "
+ "in \"timelimit "
+ "<limit>\" line.\n",
+ fname, lineno, cargv[i] ));
+#else
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: unable "
+ "to parse value \"%s\" "
+ "in \"timelimit "
+ "<limit>\" line\n",
+ fname, lineno, cargv[i] );
+#endif
+ }
+ }
+
+ /* set regex-based limits */
+ } else if ( strcasecmp( cargv[0], "limits" ) == 0 ) {
+ if ( be == NULL ) {
+#ifdef NEW_LOGGING
+ LDAP_LOG(( "config", LDAP_LEVEL_WARNING,
+ "%s: line %d \"limits\" allowed only in database environment.\n",
+ fname, lineno ));
+#else
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d \"limits\" allowed only in database environment.\n%s",
+ fname, lineno, "" );
+#endif
+ return( 1 );
+ }
+
+ if ( parse_limits( be, fname, lineno, cargc, cargv ) ) {
+ return( 1 );
}
/* set database suffix */
fname, lineno, 0 );
#endif
+#if defined(SLAPD_MONITOR_DN)
+ /* "cn=Monitor" is reserved for monitoring slap */
+ } else if ( strcasecmp( cargv[1], SLAPD_MONITOR_DN ) == 0 ) {
+#ifdef NEW_LOGGING
+ LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
+"%s: line %d: \"%s\" is reserved for monitoring slapd\n",
+ SLAPD_MONITOR_DN, fname, lineno ));
+#else
+ Debug( LDAP_DEBUG_ANY,
+"%s: line %d: \"%s\" is reserved for monitoring slapd\n",
+ SLAPD_MONITOR_DN, fname, lineno );
+#endif
+ return( 1 );
+#endif /* SLAPD_MONITOR_DN */
+
} else if ( ( tmp_be = select_backend( cargv[1], 0 ) ) == be ) {
#ifdef NEW_LOGGING
LDAP_LOG(( "config", LDAP_LEVEL_INFO,
} else if( strcasecmp( cargv[i], "none" ) != 0 ) {
#ifdef NEW_LOGGING
LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
- "%s: line %d: unknownfeature %s in "
- "\"disallow <features>\" line.\n",
- fname, lineno ));
+ "%s: line %d: unknown feature %s in "
+ "\"disallow <features>\" line.\n",
+ fname, lineno, cargv[i] ));
#else
Debug( LDAP_DEBUG_ANY,
"%s: line %d: unknown feature %s in \"disallow <features>\" line\n",
lutil_set_debug_level( cargv[1], level );
/* specify an Object Identifier macro */
} else if ( strcasecmp( cargv[0], "objectidentifier" ) == 0 ) {
- parse_oidm( fname, lineno, cargc, cargv );
+ rc = parse_oidm( fname, lineno, cargc, cargv );
+ if( rc ) return rc;
/* specify an objectclass */
} else if ( strcasecmp( cargv[0], "objectclass" ) == 0 ) {
if ( *cargv[1] == '(' ) {
char * p;
p = strchr(saveline,'(');
- parse_oc( fname, lineno, p, cargv );
+ rc = parse_oc( fname, lineno, p, cargv );
+ if( rc ) return rc;
+
} else {
#ifdef NEW_LOGGING
LDAP_LOG(( "config", LDAP_LEVEL_INFO,
if ( *cargv[1] == '(' ) {
char * p;
p = strchr(saveline,'(');
- parse_at( fname, lineno, p, cargv );
+ rc = parse_at( fname, lineno, p, cargv );
+ if( rc ) return rc;
+
} else {
#ifdef NEW_LOGGING
LDAP_LOG(( "config", LDAP_LEVEL_INFO,
#endif
} else {
+ int nr = -1;
+
for ( i = 1; i < cargc; i++ ) {
if ( strncasecmp( cargv[i], "host=", 5 )
== 0 ) {
- charray_add( &be->be_replica,
- cargv[i] + 5 );
+ nr = add_replica_info( be,
+ cargv[i] + 5 );
break;
}
}
fname, lineno, 0 );
#endif
+ } else if ( nr == -1 ) {
+#ifdef NEW_LOGGING
+ LDAP_LOG(( "config", LDAP_LEVEL_INFO,
+ "%s: line %d: unable to add"
+ " replica \"%s\""
+ " (ignored)\n",
+ fname, lineno,
+ cargv[i] + 5 ));
+#else
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: unable to add replica \"%s\" (ignored)\n",
+ fname, lineno, cargv[i] + 5 );
+#endif
+ } else {
+ for ( i = 1; i < cargc; i++ ) {
+ if ( strncasecmp( cargv[i], "suffix=", 7 ) == 0 ) {
+ char *nsuffix = ch_strdup( cargv[i] + 7 );
+ if ( dn_normalize( nsuffix ) != NULL ) {
+ if ( select_backend( nsuffix, 0 ) == be ) {
+ charray_add( &be->be_replica[nr]->ri_nsuffix, nsuffix );
+ } else {
+#ifdef NEW_LOGGING
+ LDAP_LOG(( "config", LDAP_LEVEL_INFO,
+ "%s: line %d: suffix \"%s\" in \"replica\" line is not valid for backend (ignored)\n",
+ fname, lineno, cargv[i] + 7 ));
+#else
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: suffix \"%s\" in \"replica\" line is not valid for backend (ignored)\n",
+ fname, lineno, cargv[i] + 7 );
+#endif
+ }
+ } else {
+#ifdef NEW_LOGGING
+ LDAP_LOG(( "config", LDAP_LEVEL_INFO,
+ "%s: line %d: unable to normalize suffix in \"replica\" line (ignored)\n",
+ fname, lineno ));
+#else
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: unable to normalize suffix in \"replica\" line (ignored)\n",
+ fname, lineno, 0 );
+#endif
+ }
+ free( nsuffix );
+ }
+ }
}
}
#endif /*SLAPD_MODULES*/
#ifdef HAVE_TLS
- } else if ( !strcasecmp( cargv[0], "TLSProtocol" ) ) {
+ } else if ( !strcasecmp( cargv[0], "TLSRandFile" ) ) {
rc = ldap_pvt_tls_set_option( NULL,
- LDAP_OPT_X_TLS_PROTOCOL,
+ LDAP_OPT_X_TLS_RANDOM_FILE,
cargv[1] );
if ( rc )
return rc;
}
while ( fgets( buf, sizeof(buf), fp ) != NULL ) {
+ /* trim off \r\n or \n */
if ( (p = strchr( buf, '\n' )) != NULL ) {
+ if( p > buf && p[-1] == '\r' ) --p;
*p = '\0';
}
if ( ! isspace( (unsigned char) buf[0] ) ) {
return( line );
}
+ /* change leading whitespace to a space */
+ buf[0] = ' ';
+
CATLINE( buf );
(*lineno)++;
}
if ( loaded ) {
return( 0 );
}
- err = ucdata_load( path ? path : SLAPD_DEFAULT_UCDATA,
- UCDATA_CASE|UCDATA_CTYPE|UCDATA_NUM );
+ err = ucdata_load( path ? path : SLAPD_DEFAULT_UCDATA, UCDATA_ALL );
if ( err ) {
#ifdef NEW_LOGGING
LDAP_LOG(( "config", LDAP_LEVEL_CRIT,
projects / openldap / blobdiff