X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=servers%2Fslapd%2Fconfig.c;h=90923bd989a7321e91c8b90890cad735daf60ca7;hb=d531a20f5216c803a7839488e3e33f32b88c5d87;hp=b364a3066eca8ba6e2dd84bda481a3de0f470a25;hpb=3342ea3b4923df2c2560124a741d66d3012cb20a;p=openldap diff --git a/servers/slapd/config.c b/servers/slapd/config.c index b364a3066e..90923bd989 100644 --- a/servers/slapd/config.c +++ b/servers/slapd/config.c @@ -13,6 +13,7 @@ #include #include +#include "lutil.h" #include "ldap_pvt.h" #include "slap.h" @@ -35,18 +36,23 @@ int global_lastmod = ON; int global_idletimeout = 0; char *global_host = NULL; char *global_realm = NULL; -char *global_ucdata_path = NULL; char *ldap_srvtab = ""; char *default_passwd_hash; +char *default_search_base = NULL; +char *default_search_nbase = NULL; char *slapd_pid_file = NULL; char *slapd_args_file = NULL; +int nSaslRegexp = 0; +SaslRegexp_t *SaslRegexp = NULL; + static char *fp_getline(FILE *fp, int *lineno); static void fp_getline_init(int *lineno); static int fp_parse_line(char *line, int *argcp, char **argv); static char *strtok_quote(char *line, char *sep); +static int load_ucdata(char *path); int read_config( const char *fname ) @@ -126,8 +132,6 @@ read_config( const char *fname ) cargv[1], 0, 0 ); return( 1 ); } - - /* start of a new database definition */ } else if ( strcasecmp( cargv[0], "database" ) == 0 ) { if ( cargc < 2 ) { Debug( LDAP_DEBUG_ANY, @@ -167,6 +171,51 @@ read_config( const char *fname ) ldap_pvt_thread_set_concurrency( c ); + /* default search base */ + } else if ( strcasecmp( cargv[0], "defaultSearchBase" ) == 0 ) { + if ( cargc < 2 ) { + Debug( LDAP_DEBUG_ANY, "%s: line %d: " + "missing dn in \"defaultSearchBase \" line\n", + fname, lineno, 0 ); + return 1; + + } else if ( cargc > 2 ) { + Debug( LDAP_DEBUG_ANY, "%s: line %d: " + "extra cruft after in \"defaultSearchBase %s\", " + "line (ignored)\n", + fname, lineno, cargv[1] ); + } + + if ( bi != NULL || be != NULL ) { + Debug( LDAP_DEBUG_ANY, "%s: line %d: " + "defaultSearchBaase line must appear prior to " + "any backend or database definition\n", + fname, lineno, 0 ); + return 1; + } + + if ( default_search_nbase != NULL ) { + Debug( LDAP_DEBUG_ANY, "%s: line %d: " + "default search base \"%s\" already defined " + "(discarding old)\n", + fname, lineno, default_search_base ); + free( default_search_base ); + free( default_search_nbase ); + } + + default_search_base = ch_strdup( cargv[1] ); + default_search_nbase = ch_strdup( cargv[1] ); + + if ( load_ucdata( NULL ) < 0 ) { + return( 1 ); + } + if( dn_normalize( default_search_nbase ) == NULL ) { + Debug( LDAP_DEBUG_ANY, "%s: line %d: " + "invalid default search base \"%s\"\n", + fname, lineno, default_search_base ); + return 1; + } + /* set maximum threads in thread pool */ } else if ( strcasecmp( cargv[0], "threads" ) == 0 ) { int c; @@ -266,6 +315,21 @@ read_config( const char *fname ) global_realm = ch_strdup( cargv[1] ); } + } else if ( !strcasecmp( cargv[0], "sasl-regexp" ) + || !strcasecmp( cargv[0], "saslregexp" ) ) + { + int rc; + if ( cargc != 3 ) { + Debug( LDAP_DEBUG_ANY, + "%s: line %d: need 2 args in \"saslregexp \"\n", + fname, lineno, 0 ); + return( 1 ); + } + rc = slap_sasl_regexp_config( cargv[1], cargv[2] ); + if ( rc ) { + return rc; + } + /* SASL security properties */ } else if ( strcasecmp( cargv[0], "sasl-secprops" ) == 0 ) { char *txt; @@ -287,6 +351,7 @@ read_config( const char *fname ) /* set UCDATA path */ } else if ( strcasecmp( cargv[0], "ucdata-path" ) == 0 ) { + int err; if ( cargc < 2 ) { Debug( LDAP_DEBUG_ANY, "%s: line %d: missing path in \"ucdata-path \" line\n", @@ -294,14 +359,14 @@ read_config( const char *fname ) return( 1 ); } - if ( global_ucdata_path != NULL ) { - Debug( LDAP_DEBUG_ANY, - "%s: line %d: already set ucdata-path!\n", - fname, lineno, 0 ); - return 1; - - } else { - global_ucdata_path = ch_strdup( cargv[1] ); + err = load_ucdata( cargv[1] ); + if ( err <= 0 ) { + if ( err == 0 ) { + Debug( LDAP_DEBUG_ANY, + "%s: line %d: ucdata already loaded, ucdata-path must be set earlier in the file and/or be specified only once!\n", + fname, lineno, 0 ); + } + return( 1 ); } /* set time limit */ @@ -349,7 +414,7 @@ read_config( const char *fname ) Debug( LDAP_DEBUG_ANY, "%s: line %d: suffix line must appear inside a database definition (ignored)\n", fname, lineno, 0 ); - } else if ( ( tmp_be = select_backend( cargv[1] ) ) == be ) { + } else if ( ( tmp_be = select_backend( cargv[1], 0 ) ) == be ) { Debug( LDAP_DEBUG_ANY, "%s: line %d: suffix already served by this backend (ignored)\n", fname, lineno, 0 ); @@ -359,7 +424,21 @@ read_config( const char *fname ) fname, lineno, tmp_be->be_suffix[0] ); } else { char *dn = ch_strdup( cargv[1] ); - (void) dn_validate( dn ); + if ( load_ucdata( NULL ) < 0 ) { + return( 1 ); + } + if( dn_validate( dn ) == NULL ) { + Debug( LDAP_DEBUG_ANY, "%s: line %d: " + "suffix DN invalid \"%s\"\n", + fname, lineno, cargv[1] ); + return 1; + + } else if( *dn == '\0' && default_search_nbase != NULL ) { + Debug( LDAP_DEBUG_ANY, "%s: line %d: " + "suffix DN empty and default " + "search base provided \"%s\" (assuming okay)\n", + fname, lineno, default_search_base ); + } charray_add( &be->be_suffix, dn ); (void) ldap_pvt_str2upper( dn ); charray_add( &be->be_nsuffix, dn ); @@ -390,13 +469,13 @@ read_config( const char *fname ) "%s: line %d: suffixAlias line" " must appear inside a database definition (ignored)\n", fname, lineno, 0 ); - } else if ( (tmp_be = select_backend( cargv[1] )) != NULL ) { + } else if ( (tmp_be = select_backend( cargv[1], 0 )) != NULL ) { Debug( LDAP_DEBUG_ANY, "%s: line %d: suffixAlias served by" " a preceeding backend \"%s\" (ignored)\n", fname, lineno, tmp_be->be_suffix[0] ); - } else if ( (tmp_be = select_backend( cargv[2] )) != NULL ) { + } else if ( (tmp_be = select_backend( cargv[2], 0 )) != NULL ) { Debug( LDAP_DEBUG_ANY, "%s: line %d: suffixAlias derefs to differnet backend" " a preceeding backend \"%s\" (ignored)\n", @@ -406,6 +485,9 @@ read_config( const char *fname ) char *alias, *aliased_dn; alias = ch_strdup( cargv[1] ); + if ( load_ucdata( NULL ) < 0 ) { + return( 1 ); + } (void) dn_normalize( alias ); aliased_dn = ch_strdup( cargv[2] ); @@ -457,6 +539,9 @@ read_config( const char *fname ) be->be_root_dn = ch_strdup( cargv[1] ); be->be_root_ndn = ch_strdup( cargv[1] ); + if ( load_ucdata( NULL ) < 0 ) { + return( 1 ); + } if( dn_normalize( be->be_root_ndn ) == NULL ) { free( be->be_root_dn ); free( be->be_root_ndn ); @@ -713,8 +798,6 @@ read_config( const char *fname ) return( 1 ); } } - - /* where to send clients when we don't hold it */ } else if ( strcasecmp( cargv[0], "referral" ) == 0 ) { if ( cargc < 2 ) { @@ -728,6 +811,31 @@ read_config( const char *fname ) vals[0]->bv_len = strlen( vals[0]->bv_val ); value_add( &default_referral, vals ); +#ifdef NEW_LOGGING + } else if ( strcasecmp( cargv[0], "logfile" ) == 0 ) { + FILE *logfile; + if ( cargc < 2 ) { + Debug( LDAP_DEBUG_ANY, + "%s: line %d: Error in logfile directive, \"logfile filename\"\n", + fname, lineno, 0 ); + return( 1 ); + } + logfile = fopen( cargv[1], "w" ); + if ( logfile != NULL ) lutil_debug_file( logfile ); + +#endif + /* start of a new database definition */ + } else if ( strcasecmp( cargv[0], "debug" ) == 0 ) { + int level; + if ( cargc < 3 ) { + Debug( LDAP_DEBUG_ANY, + "%s: line %d: Error in debug directive, \"debug subsys level\"\n", + fname, lineno, 0 ); + return( 1 ); + } + level = atoi( cargv[2] ); + if ( level <= 0 ) level = lutil_mnem2level( cargv[2] ); + lutil_set_debug_level( cargv[1], level ); /* specify an Object Identifier macro */ } else if ( strcasecmp( cargv[0], "objectidentifier" ) == 0 ) { parse_oidm( fname, lineno, cargc, cargv ); @@ -776,33 +884,6 @@ read_config( const char *fname ) } else if ( strcasecmp( cargv[0], "access" ) == 0 ) { parse_acl( be, fname, lineno, cargc, cargv ); - /* specify default access control info */ - } else if ( strcasecmp( cargv[0], "defaultaccess" ) == 0 ) { - slap_access_t access; - - if ( cargc < 2 ) { - Debug( LDAP_DEBUG_ANY, - "%s: line %d: missing limit in \"defaultaccess \" line\n", - fname, lineno, 0 ); - return( 1 ); - } - - access = str2access( cargv[1] ); - - if ( access == ACL_INVALID_ACCESS ) { - Debug( LDAP_DEBUG_ANY, - "%s: line %d: bad access level \"%s\", " - "expecting none|auth|compare|search|read|write\n", - fname, lineno, cargv[1] ); - return( 1 ); - } - - if ( be == NULL ) { - global_default_access = access; - } else { - be->be_dfltaccess = access; - } - /* debug level to log things to syslog */ } else if ( strcasecmp( cargv[0], "loglevel" ) == 0 ) { if ( cargc < 2 ) { @@ -860,6 +941,9 @@ read_config( const char *fname ) fname, lineno, 0 ); } else { be->be_update_ndn = ch_strdup( cargv[1] ); + if ( load_ucdata( NULL ) < 0 ) { + return( 1 ); + } if( dn_normalize( be->be_update_ndn ) == NULL ) { Debug( LDAP_DEBUG_ANY, "%s: line %d: updatedn DN is invalid\n", @@ -1045,9 +1129,10 @@ read_config( const char *fname ) if ( rc ) return rc; } else if ( !strcasecmp( cargv[0], "TLSVerifyClient" ) ) { + i = atoi(cargv[1]); rc = ldap_pvt_tls_set_option( NULL, LDAP_OPT_X_TLS_REQUIRE_CERT, - cargv[1] ); + &i ); if ( rc ) return rc; @@ -1088,6 +1173,9 @@ read_config( const char *fname ) free( saveline ); } fclose( fp ); + if ( load_ucdata( NULL ) < 0 ) { + return( 1 ); + } return( 0 ); } @@ -1219,3 +1307,24 @@ fp_getline_init( int *lineno ) *lineno = -1; buf[0] = '\0'; } + +/* Loads ucdata, returns 1 if loading, 0 if already loaded, -1 on error */ +static int +load_ucdata( char *path ) +{ + static int loaded = 0; + int err; + + if ( loaded ) { + return( 0 ); + } + err = ucdata_load( path ? path : SLAPD_DEFAULT_UCDATA, + UCDATA_CASE|UCDATA_CTYPE|UCDATA_NUM ); + if ( err ) { + Debug( LDAP_DEBUG_ANY, "error loading ucdata (error %d)\n", + err, 0, 0 ); + return( -1 ); + } + loaded = 1; + return( 1 ); +}