X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=servers%2Fslapd%2Fconfig.c;h=7442953c7d19dc774b3a320dc9ee712a1f286664;hb=f8fb4aca7668c722f41941be719203aa8c298e12;hp=88b5db95a3713a4076b183652dadf00305ea34a4;hpb=a9097044ea91333c5b01939882cd452400fd7231;p=openldap diff --git a/servers/slapd/config.c b/servers/slapd/config.c index 88b5db95a3..7442953c7d 100644 --- a/servers/slapd/config.c +++ b/servers/slapd/config.c @@ -1,7 +1,7 @@ /* config.c - configuration file handling routines */ /* $OpenLDAP$ */ /* - * Copyright 1998-2000 The OpenLDAP Foundation, All Rights Reserved. + * Copyright 1998-2002 The OpenLDAP Foundation, All Rights Reserved. * COPYING RESTRICTIONS APPLY, see COPYRIGHT file */ @@ -12,18 +12,26 @@ #include #include #include +#include #include "lutil.h" #include "ldap_pvt.h" #include "slap.h" -#define MAXARGS 200 +#define MAXARGS 500 /* * defaults for various global variables */ -int defsize = SLAPD_DEFAULT_SIZELIMIT; -int deftime = SLAPD_DEFAULT_TIMELIMIT; +struct slap_limits_set deflimit = { + SLAPD_DEFAULT_TIMELIMIT, /* backward compatible limits */ + 0, + + SLAPD_DEFAULT_SIZELIMIT, /* backward compatible limits */ + 0, + -1 /* no limit on unchecked size */ +}; + AccessControl *global_acl = NULL; slap_access_t global_default_access = ACL_READ; slap_mask_t global_restrictops = 0; @@ -32,14 +40,14 @@ slap_mask_t global_disallows = 0; slap_mask_t global_requires = 0; slap_ssf_set_t global_ssf_set; char *replogfile; -int global_lastmod = ON; int global_idletimeout = 0; char *global_host = NULL; char *global_realm = NULL; char *ldap_srvtab = ""; char *default_passwd_hash; -char *default_search_base = NULL; -char *default_search_nbase = NULL; +struct berval default_search_base = { 0, NULL }; +struct berval default_search_nbase = { 0, NULL }; +unsigned num_subordinates = 0; ber_len_t sockbuf_max_incoming = SLAP_SB_MAX_INCOMING_DEFAULT; ber_len_t sockbuf_max_incoming_auth= SLAP_SB_MAX_INCOMING_AUTH; @@ -67,27 +75,31 @@ read_config( const char *fname ) char *cargv[MAXARGS+1]; int lineno, i; int rc; - struct berval *vals[2]; - struct berval val; + struct berval vals[2]; + static int lastmod = ON; static BackendInfo *bi = NULL; static BackendDB *be = NULL; - vals[0] = &val; - vals[1] = NULL; + vals[1].bv_val = NULL; if ( (fp = fopen( fname, "r" )) == NULL ) { ldap_syslog = 1; +#ifdef NEW_LOGGING + LDAP_LOG(( "config", LDAP_LEVEL_ENTRY, "read_config: " + "could not open config file \"%s\": %s (%d)\n", + fname, strerror(errno), errno )); +#else Debug( LDAP_DEBUG_ANY, - "could not open config file \"%s\" - absolute path?\n", - fname, 0, 0 ); - perror( fname ); + "could not open config file \"%s\": %s (%d)\n", + fname, strerror(errno), errno ); +#endif return 1; } #ifdef NEW_LOGGING LDAP_LOG(( "config", LDAP_LEVEL_ENTRY, - "read_config: reading config file %s\n", fname )); + "read_config: reading config file %s\n", fname )); #else Debug( LDAP_DEBUG_CONFIG, "reading config file %s\n", fname, 0, 0 ); #endif @@ -248,11 +260,11 @@ read_config( const char *fname ) if ( cargc < 2 ) { #ifdef NEW_LOGGING LDAP_LOG(( "config", LDAP_LEVEL_CRIT, - "%s: line %d: missing max in \"sockbuf_max_incoming \" line\n", fname, lineno )); #else Debug( LDAP_DEBUG_ANY, - "%s: line %d: missing max in \"sockbuf_max_incoming \" line\n", fname, lineno, 0 ); #endif @@ -321,8 +333,8 @@ read_config( const char *fname ) if ( cargc < 2 ) { #ifdef NEW_LOGGING LDAP_LOG(( "config", LDAP_LEVEL_CRIT, - "%s: line %d: missing dn in \"defaultSearchBase \" line\n", @@ -334,24 +346,23 @@ read_config( const char *fname ) } else if ( cargc > 2 ) { #ifdef NEW_LOGGING LDAP_LOG(( "config", LDAP_LEVEL_INFO, - "%s: line %d: extra cruft after in " - "\"defaultSearchBase %s\" line (ignored)\n", - fname, lineno, cargv[1] )); + "%s: line %d: extra cruft after in " + "\"defaultSearchBase %s\" line (ignored)\n", + fname, lineno, cargv[1] )); #else Debug( LDAP_DEBUG_ANY, "%s: line %d: " "extra cruft after in \"defaultSearchBase %s\", " "line (ignored)\n", fname, lineno, cargv[1] ); #endif - } if ( bi != NULL || be != NULL ) { #ifdef NEW_LOGGING LDAP_LOG(( "config", LDAP_LEVEL_CRIT, - "%s: line %d: defaultSearchBase line must appear " - "prior to any backend or database definitions\n", - fname, lineno )); + "%s: line %d: defaultSearchBase line must appear " + "prior to any backend or database definitions\n", + fname, lineno )); #else Debug( LDAP_DEBUG_ANY, "%s: line %d: " "defaultSearchBaase line must appear prior to " @@ -362,42 +373,49 @@ read_config( const char *fname ) return 1; } - if ( default_search_nbase != NULL ) { + if ( default_search_nbase.bv_len ) { #ifdef NEW_LOGGING - LDAP_LOG(( "config", LDAP_LEVEL_INFO, - "%s: line %d: default search base \"%s\" already defined " - "(discarding old)\n", fname, lineno, default_search_base )); + LDAP_LOG(( "config", LDAP_LEVEL_INFO, "%s: line %d: " + "default search base \"%s\" already defined " + "(discarding old)\n", fname, lineno, + default_search_base->bv_val )); #else Debug( LDAP_DEBUG_ANY, "%s: line %d: " "default search base \"%s\" already defined " "(discarding old)\n", - fname, lineno, default_search_base ); + fname, lineno, default_search_base.bv_val ); #endif - free( default_search_base ); - free( default_search_nbase ); + free( default_search_base.bv_val ); + free( default_search_nbase.bv_val ); } - default_search_base = ch_strdup( cargv[1] ); - default_search_nbase = ch_strdup( cargv[1] ); + if ( load_ucdata( NULL ) < 0 ) return 1; - if ( load_ucdata( NULL ) < 0 ) { - return( 1 ); - } - if( dn_normalize( default_search_nbase ) == NULL ) { + { + struct berval dn; + + dn.bv_val = cargv[1]; + dn.bv_len = strlen( dn.bv_val ); + + rc = dnPrettyNormal( NULL, &dn, + &default_search_base, + &default_search_nbase ); + + if( rc != LDAP_SUCCESS ) { #ifdef NEW_LOGGING - LDAP_LOG(( "config", LDAP_LEVEL_CRIT, - "%s: %d: invalid default search base \"%s\"\n", - fname, lineno, default_search_base )); + LDAP_LOG(( "config", LDAP_LEVEL_CRIT, + "%s: line %d: defaultSearchBase DN is invalid.\n", + fname, lineno )); #else - Debug( LDAP_DEBUG_ANY, "%s: line %d: " - "invalid default search base \"%s\"\n", - fname, lineno, default_search_base ); + Debug( LDAP_DEBUG_ANY, + "%s: line %d: defaultSearchBase DN is invalid\n", + fname, lineno, 0 ); #endif - - return 1; + return( 1 ); + } } - + /* set maximum threads in thread pool */ } else if ( strcasecmp( cargv[0], "threads" ) == 0 ) { int c; @@ -433,6 +451,9 @@ read_config( const char *fname ) ldap_pvt_thread_pool_maxthreads( &connection_pool, c ); + /* save for later use */ + connection_pool_max = c; + /* get pid file name */ } else if ( strcasecmp( cargv[0], "pidfile" ) == 0 ) { if ( cargc < 2 ) { @@ -685,8 +706,11 @@ read_config( const char *fname ) return( 1 ); } - /* set time limit */ + /* set size limit */ } else if ( strcasecmp( cargv[0], "sizelimit" ) == 0 ) { + int rc = 0, i; + struct slap_limits_set *lim; + if ( cargc < 2 ) { #ifdef NEW_LOGGING LDAP_LOG(( "config", LDAP_LEVEL_CRIT, @@ -700,14 +724,45 @@ read_config( const char *fname ) return( 1 ); } + if ( be == NULL ) { - defsize = atoi( cargv[1] ); + lim = &deflimit; } else { - be->be_sizelimit = atoi( cargv[1] ); + lim = &be->be_def_limit; + } + + for ( i = 1; i < cargc; i++ ) { + if ( strncasecmp( cargv[i], "size", 4 ) == 0 ) { + rc = parse_limit( cargv[i], lim ); + } else { + lim->lms_s_soft = atoi( cargv[i] ); + lim->lms_s_hard = 0; + } + + if ( rc ) { +#ifdef NEW_LOGGING + LDAP_LOG(( "config", LDAP_LEVEL_CRIT, + "%s: line %d: unable " + "to parse value \"%s\" " + "in \"sizelimit " + "\" line.\n", + fname, lineno, cargv[i] )); +#else + Debug( LDAP_DEBUG_ANY, + "%s: line %d: unable " + "to parse value \"%s\" " + "in \"sizelimit " + "\" line\n", + fname, lineno, cargv[i] ); +#endif + } } /* set time limit */ } else if ( strcasecmp( cargv[0], "timelimit" ) == 0 ) { + int rc = 0, i; + struct slap_limits_set *lim; + if ( cargc < 2 ) { #ifdef NEW_LOGGING LDAP_LOG(( "config", LDAP_LEVEL_CRIT, @@ -721,123 +776,219 @@ read_config( const char *fname ) return( 1 ); } + if ( be == NULL ) { - deftime = atoi( cargv[1] ); + lim = &deflimit; } else { - be->be_timelimit = atoi( cargv[1] ); + lim = &be->be_def_limit; + } + + for ( i = 1; i < cargc; i++ ) { + if ( strncasecmp( cargv[i], "time", 4 ) == 0 ) { + rc = parse_limit( cargv[i], lim ); + } else { + lim->lms_t_soft = atoi( cargv[i] ); + lim->lms_t_hard = 0; + } + + if ( rc ) { +#ifdef NEW_LOGGING + LDAP_LOG(( "config", LDAP_LEVEL_CRIT, + "%s: line %d: unable " + "to parse value \"%s\" " + "in \"timelimit " + "\" line.\n", + fname, lineno, cargv[i] )); +#else + Debug( LDAP_DEBUG_ANY, + "%s: line %d: unable " + "to parse value \"%s\" " + "in \"timelimit " + "\" line\n", + fname, lineno, cargv[i] ); +#endif + } + } + + /* set regex-based limits */ + } else if ( strcasecmp( cargv[0], "limits" ) == 0 ) { + if ( be == NULL ) { +#ifdef NEW_LOGGING + LDAP_LOG(( "config", LDAP_LEVEL_WARNING, + "%s: line %d \"limits\" allowed only in database environment.\n", + fname, lineno )); +#else + Debug( LDAP_DEBUG_ANY, + "%s: line %d \"limits\" allowed only in database environment.\n%s", + fname, lineno, "" ); +#endif + return( 1 ); + } + + if ( parse_limits( be, fname, lineno, cargc, cargv ) ) { + return( 1 ); + } + + /* mark this as a subordinate database */ + } else if ( strcasecmp( cargv[0], "subordinate" ) == 0 ) { + if ( be == NULL ) { +#ifdef NEW_LOGGING + LDAP_LOG(( "config", LDAP_LEVEL_INFO, "%s: line %d: " + "subordinate keyword must appear inside a database " + "definition (ignored).\n", fname, lineno )); +#else + Debug( LDAP_DEBUG_ANY, "%s: line %d: suffix line " + "must appear inside a database definition (ignored)\n", + fname, lineno, 0 ); +#endif + } else { + be->be_flags |= SLAP_BFLAG_GLUE_SUBORDINATE; + num_subordinates++; } /* set database suffix */ } else if ( strcasecmp( cargv[0], "suffix" ) == 0 ) { Backend *tmp_be; + struct berval dn; + struct berval *pdn = NULL; + struct berval *ndn = NULL; + if ( cargc < 2 ) { #ifdef NEW_LOGGING LDAP_LOG(( "config", LDAP_LEVEL_CRIT, - "%s: line %d: missing dn in \"suffix \" line.\n", - fname, lineno )); + "%s: line %d: missing dn in \"suffix \" line.\n", + fname, lineno )); #else - Debug( LDAP_DEBUG_ANY, - "%s: line %d: missing dn in \"suffix \" line\n", + Debug( LDAP_DEBUG_ANY, "%s: line %d: " + "missing dn in \"suffix \" line\n", fname, lineno, 0 ); #endif return( 1 ); + } else if ( cargc > 2 ) { #ifdef NEW_LOGGING LDAP_LOG(( "config", LDAP_LEVEL_INFO, - "%s: line %d: extra cruft after in \"suffix %s\"" - " line (ignored).\n", fname, lineno, cargv[1] )); + "%s: line %d: extra cruft after in \"suffix %s\"" + " line (ignored).\n", fname, lineno, cargv[1] )); #else - Debug( LDAP_DEBUG_ANY, - "%s: line %d: extra cruft after in \"suffix %s\" line (ignored)\n", + Debug( LDAP_DEBUG_ANY, "%s: line %d: extra cruft " + "after in \"suffix %s\" line (ignored)\n", fname, lineno, cargv[1] ); #endif - } + if ( be == NULL ) { #ifdef NEW_LOGGING LDAP_LOG(( "config", LDAP_LEVEL_INFO, - "%s: line %d: suffix line must appear inside a database " - "definition (ignored).\n", fname, lineno )); + "%s: line %d: suffix line must appear inside a database " + "definition.\n", fname, lineno )); #else - Debug( LDAP_DEBUG_ANY, -"%s: line %d: suffix line must appear inside a database definition (ignored)\n", + Debug( LDAP_DEBUG_ANY, "%s: line %d: suffix line " + "must appear inside a database definition\n", fname, lineno, 0 ); #endif + return( 1 ); - } else if ( ( tmp_be = select_backend( cargv[1], 0 ) ) == be ) { +#if defined(SLAPD_MONITOR_DN) + /* "cn=Monitor" is reserved for monitoring slap */ + } else if ( strcasecmp( cargv[1], SLAPD_MONITOR_DN ) == 0 ) { #ifdef NEW_LOGGING - LDAP_LOG(( "config", LDAP_LEVEL_INFO, - "%s: line %d: suffix already served by this backend " - "(ignored)\n", fname, lineno )); + LDAP_LOG(( "config", LDAP_LEVEL_CRIT, "%s: line %d: \"" + SLAPD_MONITOR_DN "\" is reserved for monitoring slapd\n", + fname, lineno )); #else - Debug( LDAP_DEBUG_ANY, -"%s: line %d: suffix already served by this backend (ignored)\n", - fname, lineno, 0 ); + Debug( LDAP_DEBUG_ANY, "%s: line %d: \"" + SLAPD_MONITOR_DN "\" is reserved for monitoring slapd\n", + fname, lineno, 0 ); #endif + return( 1 ); +#endif /* SLAPD_MONITOR_DN */ + } - } else if ( tmp_be != NULL ) { + if ( load_ucdata( NULL ) < 0 ) return 1; + + dn.bv_val = cargv[1]; + dn.bv_len = strlen( cargv[1] ); + pdn = ch_malloc( sizeof( struct berval )); + ndn = ch_malloc( sizeof( struct berval )); + + rc = dnPrettyNormal( NULL, &dn, pdn, ndn ); + if( rc != LDAP_SUCCESS ) { #ifdef NEW_LOGGING - LDAP_LOG(( "config", LDAP_LEVEL_INFO, - "%s: line %d: suffix already served by a preceding " - "backend \"%s\" (ignored)\n", fname, lineno, - tmp_be->be_suffix[0] )); + LDAP_LOG(( "config", LDAP_LEVEL_CRIT, + "%s: line %d: suffix DN is invalid.\n", + fname, lineno )); #else Debug( LDAP_DEBUG_ANY, -"%s: line %d: suffix already served by a preceeding backend \"%s\" (ignored)\n", - fname, lineno, tmp_be->be_suffix[0] ); + "%s: line %d: suffix DN is invalid\n", + fname, lineno, 0 ); #endif + return( 1 ); + } - } else { - char *dn = ch_strdup( cargv[1] ); - if ( load_ucdata( NULL ) < 0 ) { - return( 1 ); - } - if( dn_validate( dn ) == NULL ) { + tmp_be = select_backend( ndn, 0, 0 ); + if ( tmp_be == be ) { #ifdef NEW_LOGGING - LDAP_LOG(( "config", LDAP_LEVEL_CRIT, - "%s: line %d: suffix DN invalid\"%s\"\n", - fname, lineno, cargv[1] )); + LDAP_LOG(( "config", LDAP_LEVEL_INFO, + "%s: line %d: suffix already served by this backend " + "(ignored)\n", fname, lineno )); #else - Debug( LDAP_DEBUG_ANY, "%s: line %d: " - "suffix DN invalid \"%s\"\n", - fname, lineno, cargv[1] ); + Debug( LDAP_DEBUG_ANY, "%s: line %d: suffix " + "already served by this backend (ignored)\n", + fname, lineno, 0 ); #endif + ber_bvfree( pdn ); + ber_bvfree( ndn ); - return 1; + } else if ( tmp_be != NULL ) { +#ifdef NEW_LOGGING + LDAP_LOG(( "config", LDAP_LEVEL_INFO, + "%s: line %d: suffix already served by a preceding " + "backend \"%s\"\n", fname, lineno, + tmp_be->be_suffix[0]->bv_val )); +#else + Debug( LDAP_DEBUG_ANY, "%s: line %d: suffix " + "already served by a preceeding backend \"%s\"\n", + fname, lineno, tmp_be->be_suffix[0]->bv_val ); +#endif + ber_bvfree( pdn ); + ber_bvfree( ndn ); + return( 1 ); - } else if( *dn == '\0' && default_search_nbase != NULL ) { + } else if( pdn->bv_len == 0 && default_search_nbase.bv_len ) { #ifdef NEW_LOGGING LDAP_LOG(( "config", LDAP_LEVEL_INFO, - "%s: line %d: suffix DN empty and default search " - "base provided \"%s\" (assuming okay).\n", - fname, lineno, default_search_base )); + "%s: line %d: suffix DN empty and default search " + "base provided \"%s\" (assuming okay).\n", + fname, lineno, default_search_base.bv_val )); #else Debug( LDAP_DEBUG_ANY, "%s: line %d: " "suffix DN empty and default " "search base provided \"%s\" (assuming okay)\n", - fname, lineno, default_search_base ); + fname, lineno, default_search_base.bv_val ); #endif - - } - charray_add( &be->be_suffix, dn ); - (void) ldap_pvt_str2upper( dn ); - charray_add( &be->be_nsuffix, dn ); - free( dn ); } + ber_bvecadd( &be->be_suffix, pdn ); + ber_bvecadd( &be->be_nsuffix, ndn ); + /* set database suffixAlias */ } else if ( strcasecmp( cargv[0], "suffixAlias" ) == 0 ) { Backend *tmp_be; + struct berval alias, *palias, nalias; + struct berval aliased, *paliased, naliased; + if ( cargc < 2 ) { #ifdef NEW_LOGGING LDAP_LOG(( "config", LDAP_LEVEL_CRIT, - "%s: line %d: missing alias and aliased_dn in " - "\"suffixAlias \" line.\n", - fname, lineno )); + "%s: line %d: missing alias and aliased_dn in " + "\"suffixAlias \" line.\n", + fname, lineno )); #else Debug( LDAP_DEBUG_ANY, -"%s: line %d: missing alias and aliased_dn in \"suffixAlias \" line\n", + "%s: line %d: missing alias and aliased_dn in " + "\"suffixAlias \" line.\n", fname, lineno, 0 ); #endif @@ -845,25 +996,26 @@ read_config( const char *fname ) } else if ( cargc < 3 ) { #ifdef NEW_LOGGING LDAP_LOG(( "config", LDAP_LEVEL_CRIT, - "%s: line %d: missing aliased_dn in " - "\"suffixAlias \" line\n", - fname, lineno )); + "%s: line %d: missing aliased_dn in " + "\"suffixAlias \" line\n", + fname, lineno )); #else Debug( LDAP_DEBUG_ANY, -"%s: line %d: missing aliased_dn in \"suffixAlias \" line\n", - fname, lineno, 0 ); + "%s: line %d: missing aliased_dn in " + "\"suffixAlias \" line\n", + fname, lineno, 0 ); #endif return( 1 ); } else if ( cargc > 3 ) { #ifdef NEW_LOGGING LDAP_LOG(( "config", LDAP_LEVEL_CRIT, - "%s: line %d: extra cruft in suffixAlias line (ignored)\n", - fname, lineno )); + "%s: line %d: extra cruft in suffixAlias line (ignored)\n", + fname, lineno )); #else Debug( LDAP_DEBUG_ANY, "%s: line %d: extra cruft in suffixAlias line (ignored)\n", - fname, lineno, 0 ); + fname, lineno, 0 ); #endif } @@ -871,62 +1023,95 @@ read_config( const char *fname ) if ( be == NULL ) { #ifdef NEW_LOGGING LDAP_LOG(( "config", LDAP_LEVEL_INFO, - "%s: line %d: suffixAlias line must appear inside a " - "database definition (ignored).\n", fname, lineno )); + "%s: line %d: suffixAlias line must appear inside a " + "database definition (ignored).\n", fname, lineno )); #else Debug( LDAP_DEBUG_ANY, "%s: line %d: suffixAlias line" " must appear inside a database definition (ignored)\n", fname, lineno, 0 ); #endif + } + + if ( load_ucdata( NULL ) < 0 ) return 1; + + alias.bv_val = cargv[1]; + alias.bv_len = strlen( cargv[1] ); + palias = ch_malloc(sizeof(struct berval)); + + rc = dnPrettyNormal( NULL, &alias, palias, &nalias ); + if( rc != LDAP_SUCCESS ) { +#ifdef NEW_LOGGING + LDAP_LOG(( "config", LDAP_LEVEL_CRIT, + "%s: line %d: alias DN is invalid.\n", + fname, lineno )); +#else + Debug( LDAP_DEBUG_ANY, + "%s: line %d: alias DN is invalid\n", + fname, lineno, 0 ); +#endif + return( 1 ); + } - } else if ( (tmp_be = select_backend( cargv[1], 0 )) != NULL ) { + tmp_be = select_backend( &nalias, 0, 0 ); + free( nalias.bv_val ); + if ( tmp_be && tmp_be != be ) { #ifdef NEW_LOGGING LDAP_LOG(( "config", LDAP_LEVEL_INFO, - "%s: line %d: suffixAlias served by a preceeding " - "backend \"%s\" (ignored).\n", fname, lineno, - tmp_be->be_suffix[0] )); + "%s: line %d: suffixAlias served by a preceeding " + "backend \"%s\"\n", + fname, lineno, tmp_be->be_suffix[0]->bv_val )); #else Debug( LDAP_DEBUG_ANY, "%s: line %d: suffixAlias served by" - " a preceeding backend \"%s\" (ignored)\n", - fname, lineno, tmp_be->be_suffix[0] ); + " a preceeding backend \"%s\"\n", + fname, lineno, tmp_be->be_suffix[0]->bv_val ); #endif + ber_bvfree( palias ); + return -1; + } + aliased.bv_val = cargv[2]; + aliased.bv_len = strlen( cargv[2] ); + paliased = ch_malloc(sizeof(struct berval)); - } else if ( (tmp_be = select_backend( cargv[2], 0 )) != NULL ) { + rc = dnPrettyNormal( NULL, &aliased, paliased, &naliased ); + if( rc != LDAP_SUCCESS ) { +#ifdef NEW_LOGGING + LDAP_LOG(( "config", LDAP_LEVEL_CRIT, + "%s: line %d: aliased DN is invalid.\n", + fname, lineno )); +#else + Debug( LDAP_DEBUG_ANY, + "%s: line %d: aliased DN is invalid\n", + fname, lineno, 0 ); +#endif + ber_bvfree( palias ); + return( 1 ); + } + + tmp_be = select_backend( &naliased, 0, 0 ); + free( naliased.bv_val ); + if ( tmp_be && tmp_be != be ) { #ifdef NEW_LOGGING LDAP_LOG(( "config", LDAP_LEVEL_INFO, - "%s: line %d: suffixAlias derefs to a different backend " - "a preceeding backend \"%s\" (ignored)\n", - fname, lineno, tmp_be->be_suffix[0] )); + "%s: line %d: suffixAlias derefs to a different backend " + "a preceeding backend \"%s\"\n", + fname, lineno, tmp_be->be_suffix[0]->bv_val )); #else Debug( LDAP_DEBUG_ANY, "%s: line %d: suffixAlias derefs to differnet backend" - " a preceeding backend \"%s\" (ignored)\n", - fname, lineno, tmp_be->be_suffix[0] ); + " a preceeding backend \"%s\"\n", + fname, lineno, tmp_be->be_suffix[0]->bv_val ); #endif - - - } else { - char *alias, *aliased_dn; - - alias = ch_strdup( cargv[1] ); - if ( load_ucdata( NULL ) < 0 ) { - return( 1 ); - } - (void) dn_normalize( alias ); - - aliased_dn = ch_strdup( cargv[2] ); - (void) dn_normalize( aliased_dn ); - - charray_add( &be->be_suffixAlias, alias ); - charray_add( &be->be_suffixAlias, aliased_dn ); - - free(alias); - free(aliased_dn); + ber_bvfree( palias ); + ber_bvfree( paliased ); + return -1; } + ber_bvecadd( &be->be_suffixAlias, palias ); + ber_bvecadd( &be->be_suffixAlias, paliased ); + /* set max deref depth */ } else if ( strcasecmp( cargv[0], "maxDerefDepth" ) == 0 ) { int i; @@ -998,25 +1183,27 @@ read_config( const char *fname ) #endif } else { - be->be_root_dn = ch_strdup( cargv[1] ); - be->be_root_ndn = ch_strdup( cargv[1] ); + struct berval dn; + + if ( load_ucdata( NULL ) < 0 ) return 1; - if ( load_ucdata( NULL ) < 0 ) { - return( 1 ); - } - if( dn_normalize( be->be_root_ndn ) == NULL ) { - free( be->be_root_dn ); - free( be->be_root_ndn ); + dn.bv_val = cargv[1]; + dn.bv_len = strlen( cargv[1] ); + + rc = dnPrettyNormal( NULL, &dn, + &be->be_rootdn, + &be->be_rootndn ); + + if( rc != LDAP_SUCCESS ) { #ifdef NEW_LOGGING LDAP_LOG(( "config", LDAP_LEVEL_CRIT, - "%s: line %d: rootdn DN is invalid.\n", - fname, lineno )); + "%s: line %d: rootdn DN is invalid.\n", + fname, lineno )); #else Debug( LDAP_DEBUG_ANY, -"%s: line %d: rootdn DN is invalid\n", + "%s: line %d: rootdn DN is invalid\n", fname, lineno, 0 ); #endif - return( 1 ); } } @@ -1048,8 +1235,8 @@ read_config( const char *fname ) #endif } else { - be->be_root_pw.bv_val = ch_strdup( cargv[1] ); - be->be_root_pw.bv_len = strlen( be->be_root_pw.bv_val ); + be->be_rootpw.bv_val = ch_strdup( cargv[1] ); + be->be_rootpw.bv_len = strlen( be->be_rootpw.bv_val ); } /* make this database read-only */ @@ -1118,8 +1305,14 @@ read_config( const char *fname ) allows = 0; for( i=1; i < cargc; i++ ) { - if( strcasecmp( cargv[i], "tls_2_anon" ) == 0 ) { - allows |= SLAP_ALLOW_TLS_2_ANON; + if( strcasecmp( cargv[i], "bind_v2" ) == 0 ) { + allows |= SLAP_ALLOW_BIND_V2; + + } else if( strcasecmp( cargv[i], "bind_anon_cred" ) == 0 ) { + allows |= SLAP_ALLOW_BIND_ANON_CRED; + + } else if( strcasecmp( cargv[i], "bind_anon_dn" ) == 0 ) { + allows |= SLAP_ALLOW_BIND_ANON_DN; } else if( strcasecmp( cargv[i], "none" ) != 0 ) { #ifdef NEW_LOGGING @@ -1175,33 +1368,27 @@ read_config( const char *fname ) disallows = 0; for( i=1; i < cargc; i++ ) { - if( strcasecmp( cargv[i], "bind_v2" ) == 0 ) { - disallows |= SLAP_DISALLOW_BIND_V2; - - } else if( strcasecmp( cargv[i], "bind_anon" ) == 0 ) { + if( strcasecmp( cargv[i], "bind_anon" ) == 0 ) { disallows |= SLAP_DISALLOW_BIND_ANON; - } else if( strcasecmp( cargv[i], "bind_anon_cred" ) == 0 ) { - disallows |= SLAP_DISALLOW_BIND_ANON_CRED; - - } else if( strcasecmp( cargv[i], "bind_anon_dn" ) == 0 ) { - disallows |= SLAP_DISALLOW_BIND_ANON_DN; - } else if( strcasecmp( cargv[i], "bind_simple" ) == 0 ) { disallows |= SLAP_DISALLOW_BIND_SIMPLE; } else if( strcasecmp( cargv[i], "bind_krbv4" ) == 0 ) { disallows |= SLAP_DISALLOW_BIND_KRBV4; + } else if( strcasecmp( cargv[i], "tls_2_anon" ) == 0 ) { + disallows |= SLAP_DISALLOW_TLS_2_ANON; + } else if( strcasecmp( cargv[i], "tls_authc" ) == 0 ) { disallows |= SLAP_DISALLOW_TLS_AUTHC; } else if( strcasecmp( cargv[i], "none" ) != 0 ) { #ifdef NEW_LOGGING LDAP_LOG(( "config", LDAP_LEVEL_CRIT, - "%s: line %d: unknownfeature %s in " - "\"disallow \" line.\n", - fname, lineno )); + "%s: line %d: unknown feature %s in " + "\"disallow \" line.\n", + fname, lineno, cargv[i] )); #else Debug( LDAP_DEBUG_ANY, "%s: line %d: unknown feature %s in \"disallow \" line\n", @@ -1378,8 +1565,21 @@ read_config( const char *fname ) return( 1 ); } - vals[0]->bv_val = cargv[1]; - vals[0]->bv_len = strlen( vals[0]->bv_val ); + if( validate_global_referral( cargv[1] ) ) { +#ifdef NEW_LOGGING + LDAP_LOG(( "config", LDAP_LEVEL_CRIT, "%s: line %d: " + "invalid URL (%s) in \"referral\" line.\n", + fname, lineno, cargv[1] )); +#else + Debug( LDAP_DEBUG_ANY, "%s: line %d: " + "invalid URL (%s) in \"referral\" line.\n", + fname, lineno, cargv[1] ); +#endif + return 1; + } + + vals[0].bv_val = cargv[1]; + vals[0].bv_len = strlen( vals[0].bv_val ); value_add( &default_referral, vals ); #ifdef NEW_LOGGING @@ -1487,6 +1687,15 @@ read_config( const char *fname ) return( 1 ); } if ( strcasecmp( cargv[1], "off" ) == 0 ) { +#ifdef NEW_LOGGING + LDAP_LOG(( "config", LDAP_LEVEL_CRIT, + "%s: line %d: schema checking disabled! your mileage may vary!\n", + fname, lineno )); +#else + Debug( LDAP_DEBUG_ANY, + "%s: line %d: schema checking disabled! your mileage may vary!\n", + fname, lineno, 0 ); +#endif global_schemacheck = 0; } else { global_schemacheck = 1; @@ -1545,11 +1754,13 @@ read_config( const char *fname ) #endif } else { + int nr = -1; + for ( i = 1; i < cargc; i++ ) { if ( strncasecmp( cargv[i], "host=", 5 ) == 0 ) { - charray_add( &be->be_replica, - cargv[i] + 5 ); + nr = add_replica_info( be, + cargv[i] + 5 ); break; } } @@ -1564,6 +1775,50 @@ read_config( const char *fname ) fname, lineno, 0 ); #endif + } else if ( nr == -1 ) { +#ifdef NEW_LOGGING + LDAP_LOG(( "config", LDAP_LEVEL_INFO, + "%s: line %d: unable to add" + " replica \"%s\"" + " (ignored)\n", + fname, lineno, + cargv[i] + 5 )); +#else + Debug( LDAP_DEBUG_ANY, + "%s: line %d: unable to add replica \"%s\" (ignored)\n", + fname, lineno, cargv[i] + 5 ); +#endif + } else { + for ( i = 1; i < cargc; i++ ) { + if ( strncasecmp( cargv[i], "suffix=", 7 ) == 0 ) { + + switch ( add_replica_suffix( be, nr, cargv[i] + 7 ) ) { + case 1: +#ifdef NEW_LOGGING + LDAP_LOG(( "config", LDAP_LEVEL_INFO, + "%s: line %d: suffix \"%s\" in \"replica\" line is not valid for backend (ignored)\n", + fname, lineno, cargv[i] + 7 )); +#else + Debug( LDAP_DEBUG_ANY, + "%s: line %d: suffix \"%s\" in \"replica\" line is not valid for backend (ignored)\n", + fname, lineno, cargv[i] + 7 ); +#endif + break; + + case 2: +#ifdef NEW_LOGGING + LDAP_LOG(( "config", LDAP_LEVEL_INFO, + "%s: line %d: unable to normalize suffix in \"replica\" line (ignored)\n", + fname, lineno )); +#else + Debug( LDAP_DEBUG_ANY, + "%s: line %d: unable to normalize suffix in \"replica\" line (ignored)\n", + fname, lineno, 0 ); +#endif + break; + } + } + } } } @@ -1595,21 +1850,24 @@ read_config( const char *fname ) #endif } else { - be->be_update_ndn = ch_strdup( cargv[1] ); - if ( load_ucdata( NULL ) < 0 ) { - return( 1 ); - } - if( dn_normalize( be->be_update_ndn ) == NULL ) { + struct berval dn; + + if ( load_ucdata( NULL ) < 0 ) return 1; + + dn.bv_val = cargv[1]; + dn.bv_len = strlen( cargv[1] ); + + rc = dnNormalize2( NULL, &dn, &be->be_update_ndn ); + if( rc != LDAP_SUCCESS ) { #ifdef NEW_LOGGING LDAP_LOG(( "config", LDAP_LEVEL_CRIT, - "%s: line %d: updatedn DN is invalid.\n", - fname, lineno )); + "%s: line %d: updatedn DN is invalid.\n", + fname, lineno )); #else Debug( LDAP_DEBUG_ANY, -"%s: line %d: updatedn DN is invalid\n", + "%s: line %d: updatedn DN is invalid\n", fname, lineno, 0 ); #endif - return 1; } } @@ -1617,12 +1875,12 @@ read_config( const char *fname ) } else if ( strcasecmp( cargv[0], "updateref" ) == 0 ) { if ( cargc < 2 ) { #ifdef NEW_LOGGING - LDAP_LOG(( "config", LDAP_LEVEL_CRIT, - "%s: line %d: missing dn in \"updateref \" " - "line.\n", fname, lineno )); + LDAP_LOG(( "config", LDAP_LEVEL_CRIT, "%s: line %d: " + "missing url in \"updateref \" line.\n", + fname, lineno )); #else - Debug( LDAP_DEBUG_ANY, - "%s: line %d: missing dn in \"updateref \" line\n", + Debug( LDAP_DEBUG_ANY, "%s: line %d: " + "missing url in \"updateref \" line\n", fname, lineno, 0 ); #endif @@ -1630,32 +1888,46 @@ read_config( const char *fname ) } if ( be == NULL ) { #ifdef NEW_LOGGING - LDAP_LOG(( "config", LDAP_LEVEL_INFO, - "%s: line %d: updateref line must appear inside " - "a database definition (ignored)\n", fname, lineno )); + LDAP_LOG(( "config", LDAP_LEVEL_INFO, "%s: line %d: updateref" + " line must appear inside a database definition\n", + fname, lineno )); #else - Debug( LDAP_DEBUG_ANY, -"%s: line %d: updateref line must appear inside a database definition (ignored)\n", - fname, lineno, 0 ); + Debug( LDAP_DEBUG_ANY, "%s: line %d: updateref" + " line must appear inside a database definition\n", + fname, lineno, 0 ); #endif + return 1; - } else if ( be->be_update_ndn == NULL ) { + } else if ( !be->be_update_ndn.bv_len ) { #ifdef NEW_LOGGING - LDAP_LOG(( "config", LDAP_LEVEL_INFO, - "%s: line %d: updateref line must come after updatedn " - "(ignored).\n", fname, lineno )); + LDAP_LOG(( "config", LDAP_LEVEL_INFO, "%s: line %d: " + "updateref line must come after updatedn.\n", + fname, lineno )); #else - Debug( LDAP_DEBUG_ANY, -"%s: line %d: updateref line must after updatedn (ignored)\n", + Debug( LDAP_DEBUG_ANY, "%s: line %d: " + "updateref line must after updatedn.\n", fname, lineno, 0 ); #endif + return 1; + } - } else { - vals[0]->bv_val = cargv[1]; - vals[0]->bv_len = strlen( vals[0]->bv_val ); - value_add( &be->be_update_refs, vals ); + if( validate_global_referral( cargv[1] ) ) { +#ifdef NEW_LOGGING + LDAP_LOG(( "config", LDAP_LEVEL_CRIT, "%s: line %d: " + "invalid URL (%s) in \"updateref\" line.\n", + fname, lineno, cargv[1] )); +#else + Debug( LDAP_DEBUG_ANY, "%s: line %d: " + "invalid URL (%s) in \"updateref\" line.\n", + fname, lineno, cargv[1] ); +#endif + return 1; } + vals[0].bv_val = cargv[1]; + vals[0].bv_len = strlen( vals[0].bv_val ); + value_add( &be->be_update_refs, vals ); + /* replication log file to which changes are appended */ } else if ( strcasecmp( cargv[0], "replogfile" ) == 0 ) { if ( cargc < 2 ) { @@ -1665,7 +1937,7 @@ read_config( const char *fname ) " line.\n", fname, lineno )); #else Debug( LDAP_DEBUG_ANY, - "%s: line %d: missing dn in \"replogfile \" line\n", + "%s: line %d: missing filename in \"replogfile \" line\n", fname, lineno, 0 ); #endif @@ -1677,6 +1949,34 @@ read_config( const char *fname ) replogfile = ch_strdup( cargv[1] ); } + /* file from which to read additional rootdse attrs */ + } else if ( strcasecmp( cargv[0], "rootdse" ) == 0) { + if ( cargc < 2 ) { +#ifdef NEW_LOGGING + LDAP_LOG(( "config", LDAP_LEVEL_CRIT, "%s: line %d: " + "missing filename in \"rootDSE \" line.\n", + fname, lineno )); +#else + Debug( LDAP_DEBUG_ANY, "%s: line %d: " + "missing filename in \"rootDSE \" line.\n", + fname, lineno, 0 ); +#endif + return 1; + } + + if( read_root_dse_file( cargv[1] ) ) { +#ifdef NEW_LOGGING + LDAP_LOG(( "config", LDAP_LEVEL_CRIT, "%s: line %d: " + "could not read \"rootDSE \" line.\n", + fname, lineno )); +#else + Debug( LDAP_DEBUG_ANY, "%s: line %d: " + "could not read \"rootDSE \" line\n", + fname, lineno, 0 ); +#endif + return 1; + } + /* maintain lastmodified{by,time} attributes */ } else if ( strcasecmp( cargv[0], "lastmod" ) == 0 ) { if ( cargc < 2 ) { @@ -1693,15 +1993,17 @@ read_config( const char *fname ) return( 1 ); } if ( strcasecmp( cargv[1], "on" ) == 0 ) { - if ( be ) - be->be_lastmod = ON; - else - global_lastmod = ON; + if ( be ) { + be->be_flags &= ~SLAP_BFLAG_NOLASTMOD; + } else { + lastmod = ON; + } } else { - if ( be ) - be->be_lastmod = OFF; - else - global_lastmod = OFF; + if ( be ) { + be->be_flags |= SLAP_BFLAG_NOLASTMOD; + } else { + lastmod = OFF; + } } /* set idle timeout value */ @@ -1841,13 +2143,6 @@ read_config( const char *fname ) #endif /*SLAPD_MODULES*/ #ifdef HAVE_TLS - } else if ( !strcasecmp( cargv[0], "TLSProtocol" ) ) { - rc = ldap_pvt_tls_set_option( NULL, - LDAP_OPT_X_TLS_PROTOCOL, - cargv[1] ); - if ( rc ) - return rc; - } else if ( !strcasecmp( cargv[0], "TLSRandFile" ) ) { rc = ldap_pvt_tls_set_option( NULL, LDAP_OPT_X_TLS_RANDOM_FILE, @@ -1958,9 +2253,8 @@ read_config( const char *fname ) free( saveline ); } fclose( fp ); - if ( load_ucdata( NULL ) < 0 ) { - return( 1 ); - } + + if ( load_ucdata( NULL ) < 0 ) return 1; return( 0 ); } @@ -2078,7 +2372,9 @@ fp_getline( FILE *fp, int *lineno ) } while ( fgets( buf, sizeof(buf), fp ) != NULL ) { + /* trim off \r\n or \n */ if ( (p = strchr( buf, '\n' )) != NULL ) { + if( p > buf && p[-1] == '\r' ) --p; *p = '\0'; } if ( ! isspace( (unsigned char) buf[0] ) ) { @@ -2128,3 +2424,15 @@ load_ucdata( char *path ) loaded = 1; return( 1 ); } + +void +config_destroy( ) +{ + ucdata_unload( UCDATA_ALL ); + free( line ); + if ( slapd_args_file ) + free ( slapd_args_file ); + if ( slapd_pid_file ) + free ( slapd_pid_file ); + acl_destroy( global_acl, NULL ); +}