X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=servers%2Fslapd%2Fbconfig.c;h=d050122be294e76f174044fb3474f2d60a8f41bb;hb=5631f25839a4a83521993639a96909267ea7bce6;hp=17ca8812de5351a4e40db88519e35df2bbca08dc;hpb=a91ebfac79e4617237143d0b841cd09a6c616c33;p=openldap

diff --git a/servers/slapd/bconfig.c b/servers/slapd/bconfig.c
index 17ca8812de..d050122be2 100644
--- a/servers/slapd/bconfig.c
+++ b/servers/slapd/bconfig.c
@@ -79,7 +79,9 @@ static int replicationInterval;
 
 static char	*passwd_salt;
 static char	*logfileName;
+#ifdef SLAP_AUTH_REWRITE
 static BerVarray authz_rewrites;
+#endif
 
 static struct berval cfdir;
 
@@ -571,20 +573,25 @@ static ConfigTable config_back_cf_table[] = {
 static ConfigLDAPadd cfAddSchema, cfAddInclude, cfAddDatabase,
 	cfAddBackend, cfAddModule, cfAddOverlay;
 
+/* NOTE: be careful when defining array members
+ * that can be conditionally compiled */
 #define CFOC_GLOBAL	cf_ocs[1]
 #define CFOC_SCHEMA	cf_ocs[2]
 #define CFOC_BACKEND	cf_ocs[3]
 #define CFOC_DATABASE	cf_ocs[4]
 #define CFOC_OVERLAY	cf_ocs[5]
 #define CFOC_INCLUDE	cf_ocs[6]
-#define CFOC_MODULE	cf_ocs[7]
+#define CFOC_FRONTEND	cf_ocs[7]
+#ifdef SLAPD_MODULES
+#define CFOC_MODULE	cf_ocs[8]
+#endif /* SLAPD_MODULES */
 
 static ConfigOCs cf_ocs[] = {
-	{ "( OLcfgGlOc:1 "
+	{ "( OLcfgGlOc:0 "
 		"NAME 'olcConfig' "
 		"DESC 'OpenLDAP configuration object' "
 		"ABSTRACT SUP top )", Cft_Abstract, NULL },
-	{ "( OLcfgGlOc:2 "
+	{ "( OLcfgGlOc:1 "
 		"NAME 'olcGlobal' "
 		"DESC 'OpenLDAP Global configuration options' "
 		"SUP olcConfig STRUCTURAL "
@@ -600,7 +607,7 @@ static ConfigOCs cf_ocs[] = {
 		 "olcPluginLogFile $ olcReadOnly $ olcReferral $ "
 		 "olcReplicaPidFile $ olcReplicaArgsFile $ olcReplicationInterval $ "
 		 "olcReplogFile $ olcRequires $ olcRestrict $ olcReverseLookup $ "
-		 "olcRootDSE $ olcRootPW $ "
+		 "olcRootDSE $ "
 		 "olcSaslHost $ olcSaslRealm $ olcSaslSecProps $ "
 		 "olcSecurity $ olcSizeLimit $ "
 		 "olcSockbufMaxIncoming $ olcSockbufMaxIncomingAuth $ olcSrvtab $ "
@@ -610,19 +617,19 @@ static ConfigOCs cf_ocs[] = {
 		 "olcTLSRandFile $ olcTLSVerifyClient $ "
 		 "olcObjectIdentifier $ olcAttributeTypes $ olcObjectClasses $ "
 		 "olcDitContentRules ) )", Cft_Global },
-	{ "( OLcfgGlOc:3 "
+	{ "( OLcfgGlOc:2 "
 		"NAME 'olcSchemaConfig' "
 		"DESC 'OpenLDAP schema object' "
 		"SUP olcConfig STRUCTURAL "
 		"MAY ( cn $ olcObjectIdentifier $ olcAttributeTypes $ "
 		 "olcObjectClasses $ olcDitContentRules ) )",
 		 	Cft_Schema, NULL, cfAddSchema },
-	{ "( OLcfgGlOc:4 "
+	{ "( OLcfgGlOc:3 "
 		"NAME 'olcBackendConfig' "
 		"DESC 'OpenLDAP Backend-specific options' "
 		"SUP olcConfig STRUCTURAL "
 		"MUST olcBackend )", Cft_Backend, NULL, cfAddBackend },
-	{ "( OLcfgGlOc:5 "
+	{ "( OLcfgGlOc:4 "
 		"NAME 'olcDatabaseConfig' "
 		"DESC 'OpenLDAP Database-specific options' "
 		"SUP olcConfig STRUCTURAL "
@@ -633,18 +640,28 @@ static ConfigOCs cf_ocs[] = {
 		 "olcSchemaDN $ olcSecurity $ olcSizeLimit $ olcSyncrepl $ "
 		 "olcTimeLimit $ olcUpdateDN $ olcUpdateRef ) )",
 		 	Cft_Database, NULL, cfAddDatabase },
-	{ "( OLcfgGlOc:6 "
+	{ "( OLcfgGlOc:5 "
 		"NAME 'olcOverlayConfig' "
 		"DESC 'OpenLDAP Overlay-specific options' "
 		"SUP olcConfig STRUCTURAL "
 		"MUST olcOverlay )", Cft_Overlay, NULL, cfAddOverlay },
-	{ "( OLcfgGlOc:7 "
+	{ "( OLcfgGlOc:6 "
 		"NAME 'olcIncludeFile' "
 		"DESC 'OpenLDAP configuration include file' "
 		"SUP olcConfig STRUCTURAL "
 		"MUST olcInclude "
 		"MAY ( cn $ olcRootDSE ) )",
 		Cft_Include, NULL, cfAddInclude },
+	/* This should be STRUCTURAL like all the other database classes, but
+	 * that would mean inheriting all of the olcDatabaseConfig attributes,
+	 * which causes them to be merged twice in config_build_entry.
+	 */
+	{ "( OLcfgGlOc:7 "
+		"NAME 'olcFrontendConfig' "
+		"DESC 'OpenLDAP frontend configuration' "
+		"AUXILIARY "
+		"MAY olcDefaultSearchBase )",
+		Cft_Database, NULL, NULL },
 #ifdef SLAPD_MODULES
 	{ "( OLcfgGlOc:8 "
 		"NAME 'olcModuleList' "
@@ -1563,13 +1580,34 @@ config_suffix(ConfigArgs *c)
 	if ( notallowed != NULL ) {
 		char	buf[ SLAP_TEXT_BUFLEN ] = { '\0' };
 
-		if ( !BER_BVISNULL( &c->value_dn ) ) {
-			snprintf( buf, sizeof( buf ), "<%s> ", c->value_dn.bv_val );
+		switch ( c->op ) {
+		case LDAP_MOD_ADD:
+		case LDAP_MOD_DELETE:
+		case LDAP_MOD_REPLACE:
+		case LDAP_MOD_INCREMENT:
+		case SLAP_CONFIG_ADD:
+			if ( !BER_BVISNULL( &c->value_dn ) ) {
+				snprintf( buf, sizeof( buf ), "<%s> ",
+						c->value_dn.bv_val );
+			}
+
+			Debug(LDAP_DEBUG_ANY,
+				"%s: suffix %snot allowed in %s database.\n",
+				c->log, buf, notallowed );
+			break;
+
+		case SLAP_CONFIG_EMIT:
+			/* don't complain when emitting... */
+			break;
+
+		default:
+			/* FIXME: don't know what values may be valid;
+			 * please remove assertion, or add legal values
+			 * to either block */
+			assert( 0 );
+			break;
 		}
 
-		Debug(LDAP_DEBUG_ANY,
-			"%s: suffix %snot allowed in %s database.\n",
-			c->log, buf, notallowed );
 		return 1;
 	}
 
@@ -1671,12 +1709,6 @@ config_rootdn(ConfigArgs *c) {
 static int
 config_rootpw(ConfigArgs *c) {
 	Backend *tbe;
-	/* config_add_internal sets c->be = frontendDB. While the cn=config
-	 * rootpw is technically inside a backend, we expose it in the
-	 * global entry, and need to point to it properly here.
-	 */
-	if (c->be == frontendDB)
-		c->be = LDAP_STAILQ_FIRST(&backendDB);
 
 	if (c->op == SLAP_CONFIG_EMIT) {
 		if (!BER_BVISEMPTY(&c->be->be_rootpw)) {
@@ -1906,13 +1938,33 @@ slap_loglevel_register( slap_mask_t m, struct berval *s )
 	rc = slap_verbmasks_append( &loglevel_ops, m, s, loglevel_ignore );
 
 	if ( rc != 0 ) {
-		Debug( LDAP_DEBUG_ANY, "slap_loglevel_register(%d, \"%s\") failed\n",
+		Debug( LDAP_DEBUG_ANY, "slap_loglevel_register(%lu, \"%s\") failed\n",
 			m, s->bv_val, 0 );
 	}
 
 	return rc;
 }
 
+int
+str2loglevel( const char *s, int *l )
+{
+	int	i;
+
+	if ( loglevel_ops == NULL ) {
+		loglevel_init();
+	}
+
+	i = verb_to_mask( s, loglevel_ops );
+
+	if ( BER_BVISNULL( &loglevel_ops[ i ].word) ) {
+		return -1;
+	}
+
+	*l = loglevel_ops[ i ].mask;
+
+	return 0;
+}
+
 static int
 config_loglevel(ConfigArgs *c) {
 	int i;
@@ -1948,14 +2000,12 @@ config_loglevel(ConfigArgs *c) {
 				return( 1 );
 			}
 		} else {
-			int j = verb_to_mask(c->argv[i], loglevel_ops);
-			if(BER_BVISNULL(&loglevel_ops[j].word)) {
+			if ( str2loglevel( c->argv[i], &level ) ) {
 				sprintf( c->msg, "<%s> unknown level", c->argv[0] );
 				Debug( LDAP_DEBUG_ANY, "%s: %s \"%s\"\n",
 					c->log, c->msg, c->argv[i]);
 				return( 1 );
 			}
-			level = loglevel_ops[j].mask;
 		}
 		ldap_syslog |= level;
 	}
@@ -2083,7 +2133,7 @@ replica_unparse( struct slap_replica_info *ri, int i, struct berval *bv )
 {
 	int len;
 	char *ptr;
-	struct berval bc = {0};
+	struct berval bc = BER_BVNULL;
 	char numbuf[32];
 
 	len = sprintf(numbuf, IFMT, i );
@@ -2175,6 +2225,7 @@ config_replica(ConfigArgs *c) {
 				return(1);
 			}
 			if(!ludp->lud_host) {
+				ldap_free_urldesc(ludp);
 				sprintf( c->msg, "<%s> invalid uri - missing hostname",
 					c->argv[0] );
 				Debug(LDAP_DEBUG_ANY, "%s: %s\n", c->log, c->msg, 0 );
@@ -2248,8 +2299,6 @@ config_replica(ConfigArgs *c) {
 
 static int
 config_updatedn(ConfigArgs *c) {
-	struct berval dn;
-	int rc;
 	if (c->op == SLAP_CONFIG_EMIT) {
 		if (!BER_BVISEMPTY(&c->be->be_update_ndn)) {
 			value_add_one(&c->rvalue_vals, &c->be->be_update_ndn);
@@ -2259,7 +2308,7 @@ config_updatedn(ConfigArgs *c) {
 		return 1;
 	} else if ( c->op == LDAP_MOD_DELETE ) {
 		ch_free( c->be->be_update_ndn.bv_val );
-		c->be->be_update_ndn.bv_val = NULL;
+		BER_BVZERO( &c->be->be_update_ndn );
 		SLAP_DBFLAGS(c->be) ^= (SLAP_DBFLAG_SHADOW | SLAP_DBFLAG_SLURP_SHADOW);
 		return 0;
 	}
@@ -2270,17 +2319,13 @@ config_updatedn(ConfigArgs *c) {
 		return(1);
 	}
 
-	ber_str2bv(c->argv[1], 0, 0, &dn);
-
-	rc = dnNormalize(0, NULL, NULL, &dn, &c->be->be_update_ndn, NULL);
-
-	if(rc != LDAP_SUCCESS) {
-		sprintf( c->msg, "<%s> invalid DN %d (%s)", c->argv[0],
-			rc, ldap_err2string(rc));
-		Debug(LDAP_DEBUG_ANY, "%s: %s\n",
-			c->log, c->msg, 0 );
-		return(1);
+	ber_memfree_x( c->value_dn.bv_val, NULL );
+	if ( !BER_BVISNULL( &c->be->be_update_ndn ) ) {
+		ber_memfree_x( c->be->be_update_ndn.bv_val, NULL );
 	}
+	c->be->be_update_ndn = c->value_ndn;
+	BER_BVZERO( &c->value_dn );
+	BER_BVZERO( &c->value_ndn );
 
 	SLAP_DBFLAGS(c->be) |= (SLAP_DBFLAG_SHADOW | SLAP_DBFLAG_SLURP_SHADOW);
 	return(0);
@@ -2894,8 +2939,13 @@ check_name_index( CfEntryInfo *parent, ConfigType ce_type, Entry *e,
 			return LDAP_NAMING_VIOLATION;
 		gotindex = 1;
 		index = atoi(ptr1+1);
-		if ( index < 0 )
-			return LDAP_NAMING_VIOLATION;
+		if ( index < 0 ) {
+			/* Special case, we allow -1 for the frontendDB */
+			if ( index != -1 || ce_type != Cft_Database ||
+				strncmp( ptr2+1, "frontend,", STRLENOF("frontend,") ))
+
+				return LDAP_NAMING_VIOLATION;
+		}
 	}
 
 	/* count related kids */
@@ -3264,7 +3314,8 @@ ok:
 leave:
 	if ( rc ) {
 		if ( (colst[0]->co_type == Cft_Database) && ca->be ) {
-			backend_destroy_one( ca->be, 1 );
+			if ( ca->be != frontendDB )
+				backend_destroy_one( ca->be, 1 );
 		} else if ( (colst[0]->co_type == Cft_Overlay) && ca->bi ) {
 			overlay_destroy_one( ca->be, (slap_overinst *)ca->bi );
 		}
@@ -3462,7 +3513,7 @@ config_modify_internal( CfEntryInfo *ce, Operation *op, SlapReply *rs,
 	
 	if(rc == LDAP_SUCCESS) {
 		/* check that the entry still obeys the schema */
-		rc = entry_schema_check(op->o_bd, e, NULL, 0,
+		rc = entry_schema_check(op, e, NULL, 0,
 			&rs->sr_text, ca->msg, sizeof(ca->msg) );
 	}
 	if ( rc == LDAP_SUCCESS ) {
@@ -3923,7 +3974,6 @@ config_back_db_open( BackendDB *be )
 	CfEntryInfo *ce, *ceparent;
 	int i;
 	BackendInfo *bi;
-	BackendDB *bptr;
 	ConfigArgs c;
 	Connection conn = {0};
 	char opbuf[OPERATION_BUFFER_SIZE];
@@ -4007,25 +4057,22 @@ config_back_db_open( BackendDB *be )
 	}
 
 	/* Create database nodes... */
-	i = -1;
-	LDAP_STAILQ_FOREACH( be, &backendDB, be_next ) {
+	frontendDB->be_cf_ocs = &CFOC_FRONTEND;
+	LDAP_STAILQ_NEXT(frontendDB, be_next) = LDAP_STAILQ_FIRST(&backendDB);
+	for ( i = -1, be = frontendDB ; be;
+		i++, be = LDAP_STAILQ_NEXT( be, be_next )) {
 		slap_overinfo *oi = NULL;
-		i++;
-		if ( i == 0 ) {
-			bptr = frontendDB;
-		} else {
-			bptr = be;
-		}
-		if ( overlay_is_over( bptr )) {
-			oi = bptr->bd_info->bi_private;
+
+		if ( overlay_is_over( be )) {
+			oi = be->bd_info->bi_private;
 			bi = oi->oi_orig;
 		} else {
-			bi = bptr->bd_info;
+			bi = be->bd_info;
 		}
 		rdn.bv_val = c.log;
 		rdn.bv_len = sprintf(rdn.bv_val, "%s=" IFMT "%s", cfAd_database->ad_cname.bv_val,
 			i, bi->bi_type);
-		c.be = bptr;
+		c.be = be;
 		c.bi = bi;
 		e = config_build_entry( op, &rs, ceparent, &c, &rdn, &CFOC_DATABASE,
 			be->be_cf_ocs );
@@ -4042,7 +4089,7 @@ config_back_db_open( BackendDB *be )
 				rdn.bv_val = c.log;
 				rdn.bv_len = sprintf(rdn.bv_val, "%s=" IFMT "%s",
 					cfAd_overlay->ad_cname.bv_val, j, on->on_bi.bi_type );
-				c.be = bptr;
+				c.be = be;
 				c.bi = &on->on_bi;
 				oe = config_build_entry( op, &rs, ce, &c, &rdn,
 					&CFOC_OVERLAY, c.bi->bi_cf_ocs );