X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=servers%2Fslapd%2Fconfig.c;h=c1f05a635e8857b8cf89e520481f6c0a498ece98;hb=20965abe9c5bb80d79e5ad791cd2b59ec60259b5;hp=e1b65a14049b6b18d8acfa8e33334055ecddfd6d;hpb=2fcaa15b90ec2be4d16f5519b7af6e5e1a60db86;p=openldap diff --git a/servers/slapd/config.c b/servers/slapd/config.c index e1b65a1404..c1f05a635e 100644 --- a/servers/slapd/config.c +++ b/servers/slapd/config.c @@ -34,7 +34,6 @@ #include #include -#include "ldap_pvt.h" #include "slap.h" #ifdef LDAP_SLAPI #include "slapi/slapi.h" @@ -46,24 +45,8 @@ /* * defaults for various global variables */ -struct slap_limits_set deflimit = { - SLAPD_DEFAULT_TIMELIMIT, /* backward compatible limits */ - 0, - - SLAPD_DEFAULT_SIZELIMIT, /* backward compatible limits */ - 0, - -1, /* no limit on unchecked size */ - 0, /* page limit */ - 0 /* hide number of entries left */ -}; - -AccessControl *global_acl = NULL; -slap_access_t global_default_access = ACL_READ; -slap_mask_t global_restrictops = 0; slap_mask_t global_allows = 0; slap_mask_t global_disallows = 0; -slap_mask_t global_requires = 0; -slap_ssf_set_t global_ssf_set; char *replogfile; int global_gentlehup = 0; int global_idletimeout = 0; @@ -73,11 +56,9 @@ char *ldap_srvtab = ""; char **default_passwd_hash = NULL; int cargc = 0, cargv_size = 0; char **cargv; -struct berval default_search_base = { 0, NULL }; -struct berval default_search_nbase = { 0, NULL }; +struct berval default_search_base = BER_BVNULL; +struct berval default_search_nbase = BER_BVNULL; unsigned num_subordinates = 0; -struct berval global_schemadn = { 0, NULL }; -struct berval global_schemandn = { 0, NULL }; ber_len_t sockbuf_max_incoming = SLAP_SB_MAX_INCOMING_DEFAULT; ber_len_t sockbuf_max_incoming_auth= SLAP_SB_MAX_INCOMING_AUTH; @@ -117,9 +98,9 @@ read_config( const char *fname, int depth ) struct berval vals[2]; char *replicahost; LDAPURLDesc *ludp; - static int lastmod = 1; static BackendInfo *bi = NULL; static BackendDB *be = NULL; + char *next; vals[1].bv_val = NULL; @@ -130,24 +111,13 @@ read_config( const char *fname, int depth ) if ( (fp = fopen( fname, "r" )) == NULL ) { ldap_syslog = 1; -#ifdef NEW_LOGGING - LDAP_LOG( CONFIG, ENTRY, - "read_config: " "could not open config file \"%s\": %s (%d)\n", - fname, strerror(errno), errno ); -#else Debug( LDAP_DEBUG_ANY, "could not open config file \"%s\": %s (%d)\n", fname, strerror(errno), errno ); -#endif return 1; } -#ifdef NEW_LOGGING - LDAP_LOG( CONFIG, ENTRY, - "read_config: reading config file %s\n", fname, 0, 0 ); -#else Debug( LDAP_DEBUG_CONFIG, "reading config file %s\n", fname, 0, 0 ); -#endif fp_getline_init( &lineno ); @@ -166,43 +136,26 @@ read_config( const char *fname, int depth ) } if ( cargc < 1 ) { -#ifdef NEW_LOGGING - LDAP_LOG( CONFIG, INFO, - "%s: line %d: bad config line (ignored)\n", fname, lineno, 0 ); -#else Debug( LDAP_DEBUG_ANY, "%s: line %d: bad config line (ignored)\n", fname, lineno, 0 ); -#endif continue; } if ( strcasecmp( cargv[0], "backend" ) == 0 ) { if ( cargc < 2 ) { -#ifdef NEW_LOGGING - LDAP_LOG( CONFIG, CRIT, - "%s : line %d: missing type in \"backend\" line.\n", - fname, lineno, 0 ); -#else Debug( LDAP_DEBUG_ANY, "%s: line %d: missing type in \"backend \" line\n", fname, lineno, 0 ); -#endif return( 1 ); } if( be != NULL ) { -#ifdef NEW_LOGGING - LDAP_LOG( CONFIG, CRIT, - "%s: line %d: backend line must appear before any " - "database definition.\n", fname, lineno , 0 ); -#else Debug( LDAP_DEBUG_ANY, "%s: line %d: backend line must appear before any database definition\n", fname, lineno, 0 ); -#endif return( 1 ); } @@ -210,29 +163,17 @@ read_config( const char *fname, int depth ) bi = backend_info( cargv[1] ); if( bi == NULL ) { -#ifdef NEW_LOGGING - LDAP_LOG( CONFIG, CRIT, - "read_config: backend %s initialization failed.\n", - cargv[1], 0, 0 ); -#else Debug( LDAP_DEBUG_ANY, "backend %s initialization failed.\n", cargv[1], 0, 0 ); -#endif return( 1 ); } } else if ( strcasecmp( cargv[0], "database" ) == 0 ) { if ( cargc < 2 ) { -#ifdef NEW_LOGGING - LDAP_LOG( CONFIG, CRIT, - "%s: line %d: missing type in \"database \" line\n", - fname, lineno, 0 ); -#else Debug( LDAP_DEBUG_ANY, "%s: line %d: missing type in \"database \" line\n", fname, lineno, 0 ); -#endif return( 1 ); } @@ -241,66 +182,147 @@ read_config( const char *fname, int depth ) be = backend_db_init( cargv[1] ); if( be == NULL ) { -#ifdef NEW_LOGGING - LDAP_LOG( CONFIG, CRIT, - "database %s initialization failed.\n", cargv[1], 0, 0 ); -#else Debug( LDAP_DEBUG_ANY, "database %s initialization failed.\n", cargv[1], 0, 0 ); -#endif return( 1 ); } + /* set local security factor */ + } else if ( strcasecmp( cargv[0], "localSSF" ) == 0 ) { + long ssf; + if ( cargc < 2 ) { + Debug( LDAP_DEBUG_ANY, + "%s: line %d: missing ssf in \"localSSF \" line\n", + fname, lineno, 0 ); + return( 1 ); + } + + ssf = atol( cargv[1] ); + + if( ssf < 0 ) { + Debug( LDAP_DEBUG_ANY, + "%s: line %d: invalid ssf value (%ld) in " + "\"localSSF \" line.\n", + fname, lineno, ssf ); + return( 1 ); + } + + local_ssf = ssf; + /* set thread concurrency */ } else if ( strcasecmp( cargv[0], "concurrency" ) == 0 ) { int c; if ( cargc < 2 ) { -#ifdef NEW_LOGGING - LDAP_LOG( CONFIG, CRIT, - "%s: line %d: missing level in \"concurrency \" line\n", fname, lineno, 0 ); -#endif return( 1 ); } - c = atoi( cargv[1] ); + c = strtol( cargv[1], &next, 10 ); + if ( next == NULL || next[0] != '\0' ) { + Debug( LDAP_DEBUG_ANY, + "%s: line %d: unable to parse level \"%s\" in \"concurrency \" line\n", + fname, lineno, cargv[1] ); + return( 1 ); + } if( c < 1 ) { -#ifdef NEW_LOGGING - LDAP_LOG( CONFIG, CRIT, - "%s: line %d: invalid level (%d) in " - "\"concurrency \" line.\n", fname, lineno, c ); -#else Debug( LDAP_DEBUG_ANY, "%s: line %d: invalid level (%d) in \"concurrency \" line\n", fname, lineno, c ); -#endif return( 1 ); } ldap_pvt_thread_set_concurrency( c ); + /* set substring initial/final index minimum length */ + } else if ( strcasecmp( cargv[0], "index_substr_if_minlen" ) == 0 ) { + long min; + if ( cargc < 2 ) { + Debug( LDAP_DEBUG_ANY, + "%s: line %d: missing min in \"index_substr_if_minlen \" line\n", + fname, lineno, 0 ); + return( 1 ); + } + min = atoi( cargv[1] ); + if( min < 1 || min > index_substr_if_maxlen ) { + Debug( LDAP_DEBUG_ANY, + "%s: line %d: invalid min value (%ld) in " + "\"index_substr_if_minlen \" line.\n", + fname, lineno, min ); + return( 1 ); + } + index_substr_if_minlen = min; + + /* set substring initial/final index maximum length */ + } else if ( strcasecmp( cargv[0], "index_substr_if_maxlen" ) == 0 ) { + long max; + if ( cargc < 2 ) { + Debug( LDAP_DEBUG_ANY, + "%s: line %d: missing max in \"index_substr_if_maxlen \" line\n", + fname, lineno, 0 ); + return( 1 ); + } + max = atol( cargv[1] ); + if( max < 1 || max < index_substr_if_minlen ) { + Debug( LDAP_DEBUG_ANY, + "%s: line %d: invalid max value (%ld) in " + "\"index_substr_maxlen \" line.\n", + fname, lineno, max ); + return( 1 ); + } + index_substr_if_maxlen = max; + + /* set substring any index len */ + } else if ( strcasecmp( cargv[0], "index_substr_any_len" ) == 0 ) { + long len; + if ( cargc < 2 ) { + Debug( LDAP_DEBUG_ANY, + "%s: line %d: missing len in \"index_substr_any_len \" line\n", + fname, lineno, 0 ); + return( 1 ); + } + len = atol( cargv[1] ); + if( len < 1 ) { + Debug( LDAP_DEBUG_ANY, + "%s: line %d: invalid len value (%ld) in " + "\"index_substr_any_len \" line.\n", + fname, lineno, len ); + return( 1 ); + } + index_substr_any_len = len; + + /* set substring any index step */ + } else if ( strcasecmp( cargv[0], "index_substr_any_step" ) == 0 ) { + long step; + if ( cargc < 2 ) { + Debug( LDAP_DEBUG_ANY, + "%s: line %d: missing step in \"index_substr_any_step \" line\n", + fname, lineno, 0 ); + return( 1 ); + } + step = atol( cargv[1] ); + if( step < 1 ) { + Debug( LDAP_DEBUG_ANY, + "%s: line %d: invalid step value (%ld) in " + "\"index_substr_any_step \" line.\n", + fname, lineno, step ); + return( 1 ); + } + index_substr_any_step = step; + /* set sockbuf max */ } else if ( strcasecmp( cargv[0], "sockbuf_max_incoming" ) == 0 ) { long max; if ( cargc < 2 ) { -#ifdef NEW_LOGGING - LDAP_LOG( CONFIG, CRIT, - "%s: line %d: missing max in \"sockbuf_max_incoming " - "\" line\n", fname, lineno, 0 ); -#else Debug( LDAP_DEBUG_ANY, "%s: line %d: missing max in \"sockbuf_max_incoming \" line\n", fname, lineno, 0 ); -#endif return( 1 ); } @@ -308,17 +330,10 @@ read_config( const char *fname, int depth ) max = atol( cargv[1] ); if( max < 0 ) { -#ifdef NEW_LOGGING - LDAP_LOG( CONFIG, CRIT, - "%s: line %d: invalid max value (%ld) in " - "\"sockbuf_max_incoming \" line.\n", - fname, lineno, max ); -#else Debug( LDAP_DEBUG_ANY, "%s: line %d: invalid max value (%ld) in " "\"sockbuf_max_incoming \" line.\n", fname, lineno, max ); -#endif return( 1 ); } @@ -329,15 +344,9 @@ read_config( const char *fname, int depth ) } else if ( strcasecmp( cargv[0], "sockbuf_max_incoming_auth" ) == 0 ) { long max; if ( cargc < 2 ) { -#ifdef NEW_LOGGING - LDAP_LOG( CONFIG, CRIT, - "%s: line %d: missing max in \"sockbuf_max_incoming_auth " - "\" line\n", fname, lineno, 0 ); -#else Debug( LDAP_DEBUG_ANY, "%s: line %d: missing max in \"sockbuf_max_incoming_auth \" line\n", fname, lineno, 0 ); -#endif return( 1 ); } @@ -345,17 +354,10 @@ read_config( const char *fname, int depth ) max = atol( cargv[1] ); if( max < 0 ) { -#ifdef NEW_LOGGING - LDAP_LOG( CONFIG, CRIT, - "%s: line %d: invalid max value (%ld) in " - "\"sockbuf_max_incoming_auth \" line.\n", - fname, lineno, max ); -#else Debug( LDAP_DEBUG_ANY, "%s: line %d: invalid max value (%ld) in " "\"sockbuf_max_incoming_auth \" line.\n", fname, lineno, max ); -#endif return( 1 ); } @@ -366,15 +368,9 @@ read_config( const char *fname, int depth ) } else if ( strcasecmp( cargv[0], "conn_max_pending" ) == 0 ) { long max; if ( cargc < 2 ) { -#ifdef NEW_LOGGING - LDAP_LOG( CONFIG, CRIT, - "%s: line %d: missing max in \"conn_max_pending " - "\" line\n", fname, lineno, 0 ); -#else Debug( LDAP_DEBUG_ANY, "%s: line %d: missing max in \"conn_max_pending \" line\n", fname, lineno, 0 ); -#endif return( 1 ); } @@ -382,17 +378,10 @@ read_config( const char *fname, int depth ) max = atol( cargv[1] ); if( max < 0 ) { -#ifdef NEW_LOGGING - LDAP_LOG( CONFIG, CRIT, - "%s: line %d: invalid max value (%ld) in " - "\"conn_max_pending \" line.\n", - fname, lineno, max ); -#else Debug( LDAP_DEBUG_ANY, "%s: line %d: invalid max value (%ld) in " "\"conn_max_pending \" line.\n", fname, lineno, max ); -#endif return( 1 ); } @@ -403,15 +392,9 @@ read_config( const char *fname, int depth ) } else if ( strcasecmp( cargv[0], "conn_max_pending_auth" ) == 0 ) { long max; if ( cargc < 2 ) { -#ifdef NEW_LOGGING - LDAP_LOG( CONFIG, CRIT, - "%s: line %d: missing max in \"conn_max_pending_auth " - "\" line\n", fname, lineno, 0 ); -#else Debug( LDAP_DEBUG_ANY, "%s: line %d: missing max in \"conn_max_pending_auth \" line\n", fname, lineno, 0 ); -#endif return( 1 ); } @@ -419,17 +402,10 @@ read_config( const char *fname, int depth ) max = atol( cargv[1] ); if( max < 0 ) { -#ifdef NEW_LOGGING - LDAP_LOG( CONFIG, CRIT, - "%s: line %d: invalid max value (%ld) in " - "\"conn_max_pending_auth \" line.\n", - fname, lineno, max ); -#else Debug( LDAP_DEBUG_ANY, "%s: line %d: invalid max value (%ld) in " "\"conn_max_pending_auth \" line.\n", fname, lineno, max ); -#endif return( 1 ); } @@ -439,60 +415,33 @@ read_config( const char *fname, int depth ) /* default search base */ } else if ( strcasecmp( cargv[0], "defaultSearchBase" ) == 0 ) { if ( cargc < 2 ) { -#ifdef NEW_LOGGING - LDAP_LOG( CONFIG, CRIT, - "%s: line %d: missing dn in \"defaultSearchBase \" line\n", fname, lineno, 0 ); -#endif return 1; } else if ( cargc > 2 ) { -#ifdef NEW_LOGGING - LDAP_LOG( CONFIG, INFO, - "%s: line %d: extra cruft after in " - "\"defaultSearchBase %s\" line (ignored)\n", - fname, lineno, cargv[1] ); -#else Debug( LDAP_DEBUG_ANY, "%s: line %d: " "extra cruft after in \"defaultSearchBase %s\", " "line (ignored)\n", fname, lineno, cargv[1] ); -#endif } if ( bi != NULL || be != NULL ) { -#ifdef NEW_LOGGING - LDAP_LOG( CONFIG, CRIT, - "%s: line %d: defaultSearchBase line must appear " - "prior to any backend or database definitions\n", - fname, lineno, 0 ); -#else Debug( LDAP_DEBUG_ANY, "%s: line %d: " "defaultSearchBaase line must appear prior to " "any backend or database definition\n", fname, lineno, 0 ); -#endif return 1; } if ( default_search_nbase.bv_len ) { -#ifdef NEW_LOGGING - LDAP_LOG( CONFIG, INFO, "%s: line %d: " - "default search base \"%s\" already defined " - "(discarding old)\n", fname, lineno, - default_search_base.bv_val ); -#else Debug( LDAP_DEBUG_ANY, "%s: line %d: " "default search base \"%s\" already defined " "(discarding old)\n", fname, lineno, default_search_base.bv_val ); -#endif free( default_search_base.bv_val ); free( default_search_nbase.bv_val ); @@ -511,15 +460,9 @@ read_config( const char *fname, int depth ) &default_search_nbase, NULL ); if( rc != LDAP_SUCCESS ) { -#ifdef NEW_LOGGING - LDAP_LOG( CONFIG, CRIT, - "%s: line %d: defaultSearchBase DN is invalid.\n", - fname, lineno, 0 ); -#else Debug( LDAP_DEBUG_ANY, "%s: line %d: defaultSearchBase DN is invalid\n", fname, lineno, 0 ); -#endif return( 1 ); } } @@ -528,31 +471,25 @@ read_config( const char *fname, int depth ) } else if ( strcasecmp( cargv[0], "threads" ) == 0 ) { int c; if ( cargc < 2 ) { -#ifdef NEW_LOGGING - LDAP_LOG( CONFIG, CRIT, - "%s: line %d: missing count in \"threads \" line\n", - fname, lineno, 0 ); -#else Debug( LDAP_DEBUG_ANY, "%s: line %d: missing count in \"threads \" line\n", fname, lineno, 0 ); -#endif return( 1 ); } - c = atoi( cargv[1] ); + c = strtol( cargv[1], &next, 10 ); + if (next == NULL || next[0] != '\0' ) { + Debug( LDAP_DEBUG_ANY, + "%s: line %d: unable to parse count \"%s\" in \"threads \" line\n", + fname, lineno, cargv[1] ); + return( 1 ); + } if( c < 0 ) { -#ifdef NEW_LOGGING - LDAP_LOG( CONFIG, CRIT, - "%s: line %d: invalid level (%d) in \"threads \"" - "line\n", fname, lineno, c ); -#else Debug( LDAP_DEBUG_ANY, "%s: line %d: invalid level (%d) in \"threads \" line\n", fname, lineno, c ); -#endif return( 1 ); } @@ -565,15 +502,9 @@ read_config( const char *fname, int depth ) /* get pid file name */ } else if ( strcasecmp( cargv[0], "pidfile" ) == 0 ) { if ( cargc < 2 ) { -#ifdef NEW_LOGGING - LDAP_LOG( CONFIG, CRIT, - "%s: line %d missing file name in \"pidfile \" " - "line.\n", fname, lineno, 0 ); -#else Debug( LDAP_DEBUG_ANY, "%s: line %d: missing file name in \"pidfile \" line\n", fname, lineno, 0 ); -#endif return( 1 ); } @@ -583,16 +514,9 @@ read_config( const char *fname, int depth ) /* get args file name */ } else if ( strcasecmp( cargv[0], "argsfile" ) == 0 ) { if ( cargc < 2 ) { -#ifdef NEW_LOGGING - LDAP_LOG( CONFIG, CRIT, - "%s: %d: missing file name in " - "\"argsfile \" line.\n", - fname, lineno, 0 ); -#else Debug( LDAP_DEBUG_ANY, "%s: line %d: missing file name in \"argsfile \" line\n", fname, lineno, 0 ); -#endif return( 1 ); } @@ -608,106 +532,74 @@ read_config( const char *fname, int depth ) /* default password hash */ } else if ( strcasecmp( cargv[0], "password-hash" ) == 0 ) { if ( cargc < 2 ) { -#ifdef NEW_LOGGING - LDAP_LOG( CONFIG, CRIT, - "%s: line %d: missing hash in " - "\"password-hash \" line.\n", - fname, lineno, 0 ); -#else Debug( LDAP_DEBUG_ANY, "%s: line %d: missing hash in \"password-hash \" line\n", fname, lineno, 0 ); -#endif return( 1 ); } if ( default_passwd_hash != NULL ) { -#ifdef NEW_LOGGING - LDAP_LOG( CONFIG, CRIT, - "%s: line %d: already set default password_hash!\n", - fname, lineno, 0 ); -#else Debug( LDAP_DEBUG_ANY, "%s: line %d: already set default password_hash!\n", fname, lineno, 0 ); -#endif return 1; } for(i = 1; i < cargc; i++) { if ( lutil_passwd_scheme( cargv[i] ) == 0 ) { -#ifdef NEW_LOGGING - LDAP_LOG( CONFIG, CRIT, - "%s: line %d: password scheme \"%s\" not available\n", - fname, lineno, cargv[i] ); -#else Debug( LDAP_DEBUG_ANY, "%s: line %d: password scheme \"%s\" not available\n", fname, lineno, cargv[i] ); -#endif } else { ldap_charray_add( &default_passwd_hash, cargv[i] ); } } if( !default_passwd_hash ) { -#ifdef NEW_LOGGING - LDAP_LOG( CONFIG, CRIT, - "%s: line %d: no valid hashes found\n", - fname, lineno, 0 ); -#else Debug( LDAP_DEBUG_ANY, "%s: line %d: no valid hashes found\n", fname, lineno, 0 ); return 1; -#endif } } else if ( strcasecmp( cargv[0], "password-crypt-salt-format" ) == 0 ) { if ( cargc < 2 ) { -#ifdef NEW_LOGGING - LDAP_LOG( CONFIG, CRIT, - "%s: line %d: missing format in " - "\"password-crypt-salt-format \" line\n", - fname, lineno, 0 ); -#else Debug( LDAP_DEBUG_ANY, "%s: line %d: missing format in " "\"password-crypt-salt-format \" line\n", fname, lineno, 0 ); -#endif return 1; } lutil_salt_format( cargv[1] ); - /* SASL config options */ - } else if ( strncasecmp( cargv[0], "sasl", 4 ) == 0 ) { - if ( slap_sasl_config( cargc, cargv, line, fname, lineno ) ) - return 1; -#ifdef SLAP_X_SASL_REWRITE +#ifdef SLAP_AUTH_REWRITE /* use authid rewrite instead of sasl regexp */ - } else if ( strncasecmp( cargv[0], "authid-rewrite", sizeof("authid-rewrite") - 1 ) == 0 ) { + } else if ( strncasecmp( cargv[0], "auth-rewrite", + STRLENOF("auth-rewrite") ) == 0 ) + { int rc = slap_sasl_rewrite_config( fname, lineno, cargc, cargv ); if ( rc ) { return rc; } -#endif /* SLAP_X_SASL_REWRITE */ +#endif /* SLAP_AUTH_REWRITE */ + + /* Auth + SASL config options */ + } else if ( !strncasecmp( cargv[0], "auth", STRLENOF("auth") ) || + !strncasecmp( cargv[0], "sasl", STRLENOF("sasl") )) + { + if ( slap_sasl_config( cargc, cargv, line, fname, lineno ) ) + return 1; + } else if ( strcasecmp( cargv[0], "schemadn" ) == 0 ) { struct berval dn; if ( cargc < 2 ) { -#ifdef NEW_LOGGING - LDAP_LOG( CONFIG, CRIT, - "%s: line %d: missing dn in " - "\"schemadn \" line.\n", fname, lineno, 0 ); -#else Debug( LDAP_DEBUG_ANY, "%s: line %d: missing dn in \"schemadn \" line\n", fname, lineno, 0 ); -#endif return 1 ; } ber_str2bv( cargv[1], 0, 0, &dn ); @@ -715,19 +607,13 @@ read_config( const char *fname, int depth ) rc = dnPrettyNormal( NULL, &dn, &be->be_schemadn, &be->be_schemandn, NULL ); } else { - rc = dnPrettyNormal( NULL, &dn, &global_schemadn, - &global_schemandn, NULL ); + rc = dnPrettyNormal( NULL, &dn, &frontendDB->be_schemadn, + &frontendDB->be_schemandn, NULL ); } if ( rc != LDAP_SUCCESS ) { -#ifdef NEW_LOGGING - LDAP_LOG( CONFIG, CRIT, - "%s: line %d: schemadn DN is invalid.\n", - fname, lineno , 0 ); -#else Debug( LDAP_DEBUG_ANY, "%s: line %d: schemadn DN is invalid\n", fname, lineno, 0 ); -#endif return 1; } @@ -735,15 +621,9 @@ read_config( const char *fname, int depth ) } else if ( strcasecmp( cargv[0], "ucdata-path" ) == 0 ) { int err; if ( cargc < 2 ) { -#ifdef NEW_LOGGING - LDAP_LOG( CONFIG, CRIT, - "%s: line %d: missing path in " - "\"ucdata-path \" line.\n", fname, lineno, 0 ); -#else Debug( LDAP_DEBUG_ANY, "%s: line %d: missing path in \"ucdata-path \" line\n", fname, lineno, 0 ); -#endif return( 1 ); } @@ -751,16 +631,9 @@ read_config( const char *fname, int depth ) err = load_ucdata( cargv[1] ); if ( err <= 0 ) { if ( err == 0 ) { -#ifdef NEW_LOGGING - LDAP_LOG( CONFIG, CRIT, - "%s: line %d: ucdata already loaded, ucdata-path " - "must be set earlier in the file and/or be " - "specified only once!\n", fname, lineno, 0 ); -#else Debug( LDAP_DEBUG_ANY, "%s: line %d: ucdata already loaded, ucdata-path must be set earlier in the file and/or be specified only once!\n", fname, lineno, 0 ); -#endif } return( 1 ); @@ -772,21 +645,15 @@ read_config( const char *fname, int depth ) struct slap_limits_set *lim; if ( cargc < 2 ) { -#ifdef NEW_LOGGING - LDAP_LOG( CONFIG, CRIT, - "%s: line %d: missing limit in \"sizelimit \" " - "line.\n", fname, lineno, 0 ); -#else Debug( LDAP_DEBUG_ANY, "%s: line %d: missing limit in \"sizelimit \" line\n", fname, lineno, 0 ); -#endif return( 1 ); } if ( be == NULL ) { - lim = &deflimit; + lim = &frontendDB->be_def_limit; } else { lim = &be->be_def_limit; } @@ -795,19 +662,12 @@ read_config( const char *fname, int depth ) if ( strncasecmp( cargv[i], "size", 4 ) == 0 ) { rc = limits_parse_one( cargv[i], lim ); if ( rc ) { -#ifdef NEW_LOGGING - LDAP_LOG( CONFIG, CRIT, - "%s: line %d: unable " - "to parse value \"%s\" in \"sizelimit " - "\" line.\n", fname, lineno, cargv[i] ); -#else Debug( LDAP_DEBUG_ANY, "%s: line %d: unable " "to parse value \"%s\" " "in \"sizelimit " "\" line\n", fname, lineno, cargv[i] ); -#endif return( 1 ); } @@ -815,31 +675,17 @@ read_config( const char *fname, int depth ) if ( strcasecmp( cargv[i], "unlimited" ) == 0 ) { lim->lms_s_soft = -1; } else { - char *next; - lim->lms_s_soft = strtol( cargv[i] , &next, 0 ); if ( next == cargv[i] ) { -#ifdef NEW_LOGGING - LDAP_LOG( CONFIG, CRIT, - "%s: line %d: unable to parse limit \"%s\" in \"sizelimit \" " - "line.\n", fname, lineno, cargv[i] ); -#else Debug( LDAP_DEBUG_ANY, "%s: line %d: unable to parse limit \"%s\" in \"sizelimit \" line\n", fname, lineno, cargv[i] ); -#endif return( 1 ); } else if ( next[0] != '\0' ) { -#ifdef NEW_LOGGING - LDAP_LOG( CONFIG, CRIT, - "%s: line %d: trailing chars \"%s\" in \"sizelimit \" " - "line ignored.\n", fname, lineno, next ); -#else Debug( LDAP_DEBUG_ANY, "%s: line %d: trailing chars \"%s\" in \"sizelimit \" line ignored\n", fname, lineno, next ); -#endif } } lim->lms_s_hard = 0; @@ -852,21 +698,15 @@ read_config( const char *fname, int depth ) struct slap_limits_set *lim; if ( cargc < 2 ) { -#ifdef NEW_LOGGING - LDAP_LOG( CONFIG, CRIT, - "%s: line %d missing limit in \"timelimit \" " - "line.\n", fname, lineno, 0 ); -#else Debug( LDAP_DEBUG_ANY, "%s: line %d: missing limit in \"timelimit \" line\n", fname, lineno, 0 ); -#endif return( 1 ); } if ( be == NULL ) { - lim = &deflimit; + lim = &frontendDB->be_def_limit; } else { lim = &be->be_def_limit; } @@ -875,19 +715,12 @@ read_config( const char *fname, int depth ) if ( strncasecmp( cargv[i], "time", 4 ) == 0 ) { rc = limits_parse_one( cargv[i], lim ); if ( rc ) { -#ifdef NEW_LOGGING - LDAP_LOG( CONFIG, CRIT, - "%s: line %d: unable to parse value \"%s\" " - "in \"timelimit \" line.\n", - fname, lineno, cargv[i] ); -#else Debug( LDAP_DEBUG_ANY, "%s: line %d: unable " "to parse value \"%s\" " "in \"timelimit " "\" line\n", fname, lineno, cargv[i] ); -#endif return( 1 ); } @@ -895,31 +728,17 @@ read_config( const char *fname, int depth ) if ( strcasecmp( cargv[i], "unlimited" ) == 0 ) { lim->lms_t_soft = -1; } else { - char *next; - lim->lms_t_soft = strtol( cargv[i] , &next, 0 ); if ( next == cargv[i] ) { -#ifdef NEW_LOGGING - LDAP_LOG( CONFIG, CRIT, - "%s: line %d: unable to parse limit \"%s\" in \"timelimit \" " - "line.\n", fname, lineno, cargv[i] ); -#else Debug( LDAP_DEBUG_ANY, "%s: line %d: unable to parse limit \"%s\" in \"timelimit \" line\n", fname, lineno, cargv[i] ); -#endif return( 1 ); } else if ( next[0] != '\0' ) { -#ifdef NEW_LOGGING - LDAP_LOG( CONFIG, CRIT, - "%s: line %d: trailing chars \"%s\" in \"timelimit \" " - "line ignored.\n", fname, lineno, next ); -#else Debug( LDAP_DEBUG_ANY, "%s: line %d: trailing chars \"%s\" in \"timelimit \" line ignored\n", fname, lineno, next ); -#endif } } lim->lms_t_hard = 0; @@ -929,15 +748,9 @@ read_config( const char *fname, int depth ) /* set regex-based limits */ } else if ( strcasecmp( cargv[0], "limits" ) == 0 ) { if ( be == NULL ) { -#ifdef NEW_LOGGING - LDAP_LOG( CONFIG, WARNING, - "%s: line %d \"limits\" allowed only in database " - "environment.\n", fname, lineno, 0 ); -#else Debug( LDAP_DEBUG_ANY, "%s: line %d \"limits\" allowed only in database environment.\n%s", fname, lineno, "" ); -#endif return( 1 ); } @@ -948,38 +761,37 @@ read_config( const char *fname, int depth ) /* mark this as a subordinate database */ } else if ( strcasecmp( cargv[0], "subordinate" ) == 0 ) { if ( be == NULL ) { -#ifdef NEW_LOGGING - LDAP_LOG( CONFIG, INFO, "%s: line %d: " - "subordinate keyword must appear inside a database " - "definition.\n", fname, lineno, 0 ); -#else Debug( LDAP_DEBUG_ANY, "%s: line %d: subordinate keyword " "must appear inside a database definition.\n", fname, lineno, 0 ); -#endif return 1; } else { - be->be_flags |= SLAP_DBFLAG_GLUE_SUBORDINATE; + SLAP_DBFLAGS(be) |= SLAP_DBFLAG_GLUE_SUBORDINATE; num_subordinates++; } /* add an overlay to this backend */ } else if ( strcasecmp( cargv[0], "overlay" ) == 0 ) { if ( be == NULL ) { -#ifdef NEW_LOGGING - LDAP_LOG( CONFIG, INFO, "%s: line %d: " - "overlay keyword must appear inside a database " - "definition.\n", fname, lineno, 0 ); -#else - Debug( LDAP_DEBUG_ANY, "%s: line %d: overlay keyword " - "must appear inside a database definition.\n", - fname, lineno, 0 ); -#endif - return 1; + if ( cargv[1][0] == '-' && overlay_config( frontendDB, &cargv[1][1] ) ) { + /* log error */ + Debug( LDAP_DEBUG_ANY, "%s: line %d: " + "(optional) global overlay \"%s\" configuration " + "failed (ignored)\n", fname, lineno, &cargv[1][1] ); + } else if ( overlay_config( frontendDB, cargv[1] ) ) { + return 1; + } - } else if ( overlay_config( be, cargv[1] )) { - return 1; + } else { + if ( cargv[1][0] == '-' && overlay_config( be, &cargv[1][1] ) ) { + /* log error */ + Debug( LDAP_DEBUG_ANY, "%s: line %d: " + "(optional) overlay \"%s\" configuration " + "failed (ignored)\n", fname, lineno, &cargv[1][1] ); + } else if ( overlay_config( be, cargv[1] ) ) { + return 1; + } } /* set database suffix */ @@ -988,54 +800,30 @@ read_config( const char *fname, int depth ) struct berval dn, pdn, ndn; if ( cargc < 2 ) { -#ifdef NEW_LOGGING - LDAP_LOG( CONFIG, CRIT, - "%s: line %d: missing dn in \"suffix \" line.\n", - fname, lineno, 0 ); -#else Debug( LDAP_DEBUG_ANY, "%s: line %d: " "missing dn in \"suffix \" line\n", fname, lineno, 0 ); -#endif return( 1 ); } else if ( cargc > 2 ) { -#ifdef NEW_LOGGING - LDAP_LOG( CONFIG, INFO, - "%s: line %d: extra cruft after in \"suffix %s\"" - " line (ignored).\n", fname, lineno, cargv[1] ); -#else Debug( LDAP_DEBUG_ANY, "%s: line %d: extra cruft " "after in \"suffix %s\" line (ignored)\n", fname, lineno, cargv[1] ); -#endif } if ( be == NULL ) { -#ifdef NEW_LOGGING - LDAP_LOG( CONFIG, INFO, - "%s: line %d: suffix line must appear inside a database " - "definition.\n", fname, lineno, 0 ); -#else Debug( LDAP_DEBUG_ANY, "%s: line %d: suffix line " "must appear inside a database definition\n", fname, lineno, 0 ); -#endif return( 1 ); #if defined(SLAPD_MONITOR_DN) /* "cn=Monitor" is reserved for monitoring slap */ } else if ( strcasecmp( cargv[1], SLAPD_MONITOR_DN ) == 0 ) { -#ifdef NEW_LOGGING - LDAP_LOG( CONFIG, CRIT, "%s: line %d: \"" - "%s\" is reserved for monitoring slapd\n", - fname, lineno, SLAPD_MONITOR_DN ); -#else Debug( LDAP_DEBUG_ANY, "%s: line %d: \"" "%s\" is reserved for monitoring slapd\n", fname, lineno, SLAPD_MONITOR_DN ); -#endif return( 1 ); #endif /* SLAPD_MONITOR_DN */ } @@ -1047,59 +835,33 @@ read_config( const char *fname, int depth ) rc = dnPrettyNormal( NULL, &dn, &pdn, &ndn, NULL ); if( rc != LDAP_SUCCESS ) { -#ifdef NEW_LOGGING - LDAP_LOG( CONFIG, CRIT, - "%s: line %d: suffix DN is invalid.\n", - fname, lineno, 0 ); -#else Debug( LDAP_DEBUG_ANY, "%s: line %d: suffix DN is invalid\n", fname, lineno, 0 ); -#endif return( 1 ); } tmp_be = select_backend( &ndn, 0, 0 ); if ( tmp_be == be ) { -#ifdef NEW_LOGGING - LDAP_LOG( CONFIG, INFO, - "%s: line %d: suffix already served by this backend " - "(ignored)\n", fname, lineno, 0 ); -#else Debug( LDAP_DEBUG_ANY, "%s: line %d: suffix " "already served by this backend (ignored)\n", fname, lineno, 0 ); -#endif free( pdn.bv_val ); free( ndn.bv_val ); } else if ( tmp_be != NULL ) { -#ifdef NEW_LOGGING - LDAP_LOG( CONFIG, INFO, - "%s: line %d: suffix already served by a preceding " - "backend \"%s\"\n", fname, lineno, - tmp_be->be_suffix[0].bv_val ); -#else Debug( LDAP_DEBUG_ANY, "%s: line %d: suffix " "already served by a preceeding backend \"%s\"\n", fname, lineno, tmp_be->be_suffix[0].bv_val ); -#endif free( pdn.bv_val ); free( ndn.bv_val ); return( 1 ); } else if( pdn.bv_len == 0 && default_search_nbase.bv_len ) { -#ifdef NEW_LOGGING - LDAP_LOG( CONFIG, INFO, - "%s: line %d: suffix DN empty and default search " - "base provided \"%s\" (assuming okay).\n", - fname, lineno, default_search_base.bv_val ); -#else Debug( LDAP_DEBUG_ANY, "%s: line %d: " "suffix DN empty and default " "search base provided \"%s\" (assuming okay)\n", fname, lineno, default_search_base.bv_val ); -#endif } ber_bvarray_add( &be->be_suffix, &pdn ); @@ -1109,74 +871,51 @@ read_config( const char *fname, int depth ) } else if ( strcasecmp( cargv[0], "maxDerefDepth" ) == 0 ) { int i; if ( cargc < 2 ) { -#ifdef NEW_LOGGING - LDAP_LOG( CONFIG, CRIT, - "%s: line %d: missing depth in \"maxDerefDepth \"" - " line\n", fname, lineno, 0 ); -#else Debug( LDAP_DEBUG_ANY, "%s: line %d: missing depth in \"maxDerefDepth \" line\n", fname, lineno, 0 ); -#endif return( 1 ); } if ( be == NULL ) { -#ifdef NEW_LOGGING - LDAP_LOG( CONFIG, INFO, - "%s: line %d: depth line must appear inside a database " - "definition.\n", fname, lineno ,0 ); -#else Debug( LDAP_DEBUG_ANY, "%s: line %d: depth line must appear inside a database definition.\n", fname, lineno, 0 ); -#endif - return 1; + return 1; + } - } else if ((i = atoi(cargv[1])) < 0) { -#ifdef NEW_LOGGING - LDAP_LOG( CONFIG, INFO, - "%s: line %d: depth must be positive.\n", - fname, lineno ,0 ); -#else + i = strtol( cargv[1], &next, 10 ); + if ( next == NULL || next[0] != '\0' ) { + Debug( LDAP_DEBUG_ANY, + "%s: line %d: unable to parse depth \"%s\" in \"maxDerefDepth \" " + "line.\n", fname, lineno, cargv[1] ); + return 1; + } + + if (i < 0) { Debug( LDAP_DEBUG_ANY, "%s: line %d: depth must be positive.\n", fname, lineno, 0 ); -#endif - return 1; - + return 1; - } else { - be->be_max_deref_depth = i; - } + } + be->be_max_deref_depth = i; /* set magic "root" dn for this database */ } else if ( strcasecmp( cargv[0], "rootdn" ) == 0 ) { if ( cargc < 2 ) { -#ifdef NEW_LOGGING - LDAP_LOG( CONFIG, INFO, - "%s: line %d: missing dn in \"rootdn \" line.\n", - fname, lineno ,0 ); -#else Debug( LDAP_DEBUG_ANY, "%s: line %d: missing dn in \"rootdn \" line\n", fname, lineno, 0 ); -#endif return( 1 ); } if ( be == NULL ) { -#ifdef NEW_LOGGING - LDAP_LOG( CONFIG, INFO, - "%s: line %d: rootdn line must appear inside a database " - "definition.\n", fname, lineno ,0 ); -#else Debug( LDAP_DEBUG_ANY, "%s: line %d: rootdn line must appear inside a database definition.\n", fname, lineno, 0 ); -#endif return 1; } else { @@ -1192,15 +931,9 @@ read_config( const char *fname, int depth ) &be->be_rootndn, NULL ); if( rc != LDAP_SUCCESS ) { -#ifdef NEW_LOGGING - LDAP_LOG( CONFIG, CRIT, - "%s: line %d: rootdn DN is invalid.\n", - fname, lineno ,0 ); -#else Debug( LDAP_DEBUG_ANY, "%s: line %d: rootdn DN is invalid\n", fname, lineno, 0 ); -#endif return( 1 ); } } @@ -1208,46 +941,27 @@ read_config( const char *fname, int depth ) /* set super-secret magic database password */ } else if ( strcasecmp( cargv[0], "rootpw" ) == 0 ) { if ( cargc < 2 ) { -#ifdef NEW_LOGGING - LDAP_LOG( CONFIG, CRIT, - "%s: line %d: missing passwd in \"rootpw \"" - " line\n", fname, lineno ,0 ); -#else Debug( LDAP_DEBUG_ANY, "%s: line %d: " "missing passwd in \"rootpw \" line\n", fname, lineno, 0 ); -#endif return( 1 ); } if ( be == NULL ) { -#ifdef NEW_LOGGING - LDAP_LOG( CONFIG, INFO, "%s: line %d: " - "rootpw line must appear inside a database " - "definition.\n", fname, lineno ,0 ); -#else Debug( LDAP_DEBUG_ANY, "%s: line %d: " "rootpw line must appear inside a database " "definition.\n", fname, lineno, 0 ); -#endif return 1; } else { Backend *tmp_be = select_backend( &be->be_rootndn, 0, 0 ); if( tmp_be != be ) { -#ifdef NEW_LOGGING - LDAP_LOG( CONFIG, INFO, - "%s: line %d: " - "rootpw can only be set when rootdn is under suffix\n", - fname, lineno, "" ); -#else Debug( LDAP_DEBUG_ANY, "%s: line %d: " "rootpw can only be set when rootdn is under suffix\n", fname, lineno, 0 ); -#endif return 1; } @@ -1258,24 +972,19 @@ read_config( const char *fname, int depth ) /* make this database read-only */ } else if ( strcasecmp( cargv[0], "readonly" ) == 0 ) { if ( cargc < 2 ) { -#ifdef NEW_LOGGING - LDAP_LOG( CONFIG, CRIT, - "%s: line %d: missing on|off in \"readonly \" " - "line.\n", fname, lineno ,0 ); -#else Debug( LDAP_DEBUG_ANY, "%s: line %d: missing on|off in \"readonly \" line\n", fname, lineno, 0 ); -#endif return( 1 ); } if ( be == NULL ) { if ( strcasecmp( cargv[1], "on" ) == 0 ) { - global_restrictops |= SLAP_RESTRICT_OP_WRITES; + frontendDB->be_restrictops |= SLAP_RESTRICT_OP_WRITES; } else { - global_restrictops &= ~SLAP_RESTRICT_OP_WRITES; + frontendDB->be_restrictops &= ~SLAP_RESTRICT_OP_WRITES; } + } else { if ( strcasecmp( cargv[1], "on" ) == 0 ) { be->be_restrictops |= SLAP_RESTRICT_OP_WRITES; @@ -1284,42 +993,126 @@ read_config( const char *fname, int depth ) } } + /* restricts specific operations */ + } else if ( strcasecmp( cargv[0], "restrict" ) == 0 ) { + slap_mask_t restrictops = 0; + struct restrictable_exops_t { + char *name; + int flag; + } restrictable_exops[] = { + { LDAP_EXOP_START_TLS, SLAP_RESTRICT_EXOP_START_TLS }, + { LDAP_EXOP_MODIFY_PASSWD, SLAP_RESTRICT_EXOP_MODIFY_PASSWD }, + { LDAP_EXOP_X_WHO_AM_I, SLAP_RESTRICT_EXOP_WHOAMI }, + { LDAP_EXOP_X_CANCEL, SLAP_RESTRICT_EXOP_CANCEL }, + { NULL, 0 } + }; + int i; + + if ( cargc < 2 ) { + Debug( LDAP_DEBUG_ANY, + "%s: line %d: missing in \"restrict \" " + "line.\n", fname, lineno, 0 ); + return 1; + } + + for ( i = 1; i < cargc; i++ ) { + if ( strcasecmp( cargv[ i ], "read" ) == 0 ) { + restrictops |= SLAP_RESTRICT_OP_READS; + + } else if ( strcasecmp( cargv[ i ], "write" ) == 0 ) { + restrictops |= SLAP_RESTRICT_OP_WRITES; + + } else if ( strcasecmp( cargv[ i ], "add" ) == 0 ) { + restrictops |= SLAP_RESTRICT_OP_ADD; + + } else if ( strcasecmp( cargv[ i ], "bind" ) == 0 ) { + restrictops |= SLAP_RESTRICT_OP_BIND; + + } else if ( strcasecmp( cargv[ i ], "compare" ) == 0 ) { + restrictops |= SLAP_RESTRICT_OP_COMPARE; + + } else if ( strcasecmp( cargv[ i ], "delete" ) == 0 ) { + restrictops |= SLAP_RESTRICT_OP_DELETE; + + } else if ( strncasecmp( cargv[ i ], "extended", + STRLENOF( "extended" ) ) == 0 ) + { + char *e = cargv[ i ] + STRLENOF( "extended" ); + + if ( e[0] == '=' ) { + int j; + + e++; + for ( j = 0; restrictable_exops[ j ].name; j++ ) { + if ( strcmp( e, restrictable_exops[j].name ) == 0 ) + { + restrictops |= restrictable_exops[ j ].flag; + break; + } + } + + if ( restrictable_exops[ j ].name == NULL ) { + goto restrict_unknown; + } + + restrictops &= ~SLAP_RESTRICT_OP_EXTENDED; + + } else if ( e[0] == '\0' ) { + restrictops &= ~SLAP_RESTRICT_EXOP_MASK; + restrictops |= SLAP_RESTRICT_OP_EXTENDED; + + } else { + goto restrict_unknown; + } + + } else if ( strcasecmp( cargv[ i ], "modify" ) == 0 ) { + restrictops |= SLAP_RESTRICT_OP_MODIFY; + + } else if ( strcasecmp( cargv[ i ], "rename" ) == 0 + || strcasecmp( cargv[ i ], "modrdn" ) == 0 ) + { + restrictops |= SLAP_RESTRICT_OP_RENAME; + + } else if ( strcasecmp( cargv[ i ], "search" ) == 0 ) { + restrictops |= SLAP_RESTRICT_OP_SEARCH; + + } else { +restrict_unknown:; + + Debug( LDAP_DEBUG_ANY, "%s: line %d: " + "unknown operation %s in \"allow \" line\n", + fname, lineno, cargv[i] ); + return 1; + } + } + + if ( be == NULL ) { + frontendDB->be_restrictops |= restrictops; + } else { + be->be_restrictops |= restrictops; + } /* allow these features */ } else if ( strcasecmp( cargv[0], "allows" ) == 0 || strcasecmp( cargv[0], "allow" ) == 0 ) { - slap_mask_t allows; + slap_mask_t allows = 0; if ( be != NULL ) { -#ifdef NEW_LOGGING - LDAP_LOG( CONFIG, INFO, - "%s: line %d: allow line must appear prior to " - "database definitions.\n", fname, lineno ,0 ); -#else Debug( LDAP_DEBUG_ANY, "%s: line %d: allow line must appear prior to database definitions\n", fname, lineno, 0 ); -#endif } if ( cargc < 2 ) { -#ifdef NEW_LOGGING - LDAP_LOG( CONFIG, CRIT, - "%s: line %d: missing feature(s) in \"allow \"" - " line\n", fname, lineno ,0 ); -#else Debug( LDAP_DEBUG_ANY, "%s: line %d: missing feature(s) in \"allow \" line\n", fname, lineno, 0 ); -#endif return( 1 ); } - allows = 0; - for( i=1; i < cargc; i++ ) { if( strcasecmp( cargv[i], "bind_v2" ) == 0 ) { allows |= SLAP_ALLOW_BIND_V2; @@ -1333,58 +1126,38 @@ read_config( const char *fname, int depth ) } else if( strcasecmp( cargv[i], "update_anon" ) == 0 ) { allows |= SLAP_ALLOW_UPDATE_ANON; - } else if( strcasecmp( cargv[i], "none" ) != 0 ) { -#ifdef NEW_LOGGING - LDAP_LOG( CONFIG, CRIT, "%s: line %d: " - "unknown feature %s in \"allow \" line.\n", - fname, lineno, cargv[1] ); -#else + } else { Debug( LDAP_DEBUG_ANY, "%s: line %d: " "unknown feature %s in \"allow \" line\n", fname, lineno, cargv[i] ); -#endif - return( 1 ); + return 1; } } - global_allows = allows; + global_allows |= allows; /* disallow these features */ } else if ( strcasecmp( cargv[0], "disallows" ) == 0 || strcasecmp( cargv[0], "disallow" ) == 0 ) { - slap_mask_t disallows; + slap_mask_t disallows = 0; if ( be != NULL ) { -#ifdef NEW_LOGGING - LDAP_LOG( CONFIG, INFO, - "%s: line %d: disallow line must appear prior to " - "database definitions.\n", fname, lineno ,0 ); -#else Debug( LDAP_DEBUG_ANY, "%s: line %d: disallow line must appear prior to database definitions\n", fname, lineno, 0 ); -#endif } if ( cargc < 2 ) { -#ifdef NEW_LOGGING - LDAP_LOG( CONFIG, CRIT, - "%s: line %d: missing feature(s) in \"disallow \"" - " line.\n", fname, lineno ,0 ); -#else Debug( LDAP_DEBUG_ANY, "%s: line %d: missing feature(s) in \"disallow \" line\n", fname, lineno, 0 ); -#endif return( 1 ); } - disallows = 0; - for( i=1; i < cargc; i++ ) { if( strcasecmp( cargv[i], "bind_anon" ) == 0 ) { disallows |= SLAP_DISALLOW_BIND_ANON; @@ -1401,46 +1174,31 @@ read_config( const char *fname, int depth ) } else if( strcasecmp( cargv[i], "tls_authc" ) == 0 ) { disallows |= SLAP_DISALLOW_TLS_AUTHC; - } else if( strcasecmp( cargv[i], "none" ) != 0 ) { -#ifdef NEW_LOGGING - LDAP_LOG( CONFIG, CRIT, - "%s: line %d: unknown feature %s in " - "\"disallow \" line.\n", - fname, lineno, cargv[i] ); -#else + } else { Debug( LDAP_DEBUG_ANY, "%s: line %d: unknown feature %s in \"disallow \" line\n", fname, lineno, cargv[i] ); -#endif - return( 1 ); + return 1; } } - global_disallows = disallows; + global_disallows |= disallows; /* require these features */ } else if ( strcasecmp( cargv[0], "requires" ) == 0 || strcasecmp( cargv[0], "require" ) == 0 ) { - slap_mask_t requires; + slap_mask_t requires = 0; if ( cargc < 2 ) { -#ifdef NEW_LOGGING - LDAP_LOG( CONFIG, CRIT, - "%s: line %d: missing feature(s) in " - "\"require \" line.\n", fname, lineno ,0 ); -#else Debug( LDAP_DEBUG_ANY, "%s: line %d: missing feature(s) in \"require \" line\n", fname, lineno, 0 ); -#endif return( 1 ); } - requires = 0; - for( i=1; i < cargc; i++ ) { if( strcasecmp( cargv[i], "bind" ) == 0 ) { requires |= SLAP_REQUIRE_BIND; @@ -1458,147 +1216,127 @@ read_config( const char *fname, int depth ) requires |= SLAP_REQUIRE_STRONG; } else if( strcasecmp( cargv[i], "none" ) != 0 ) { -#ifdef NEW_LOGGING - LDAP_LOG( CONFIG, CRIT, - "%s: line %d: unknown feature %s in " - "\"require \" line.\n", - fname, lineno , cargv[i] ); -#else Debug( LDAP_DEBUG_ANY, "%s: line %d: unknown feature %s in \"require \" line\n", fname, lineno, cargv[i] ); -#endif return( 1 ); } } if ( be == NULL ) { - global_requires = requires; + frontendDB->be_requires = requires; } else { be->be_requires = requires; } - /* required security factors */ } else if ( strcasecmp( cargv[0], "security" ) == 0 ) { slap_ssf_set_t *set; if ( cargc < 2 ) { -#ifdef NEW_LOGGING - LDAP_LOG( CONFIG, CRIT, - "%s: line %d: missing factor(s) in \"security \"" - " line.\n", fname, lineno ,0 ); -#else Debug( LDAP_DEBUG_ANY, "%s: line %d: missing factor(s) in \"security \" line\n", fname, lineno, 0 ); -#endif return( 1 ); } if ( be == NULL ) { - set = &global_ssf_set; + set = &frontendDB->be_ssf_set; } else { set = &be->be_ssf_set; } for( i=1; i < cargc; i++ ) { - if( strncasecmp( cargv[i], "ssf=", - sizeof("ssf") ) == 0 ) + slap_ssf_t *tgt; + char *src; + + if ( strncasecmp( cargv[i], "ssf=", + STRLENOF("ssf=") ) == 0 ) { - set->sss_ssf = - atoi( &cargv[i][sizeof("ssf")] ); + tgt = &set->sss_ssf; + src = &cargv[i][STRLENOF("ssf=")]; - } else if( strncasecmp( cargv[i], "transport=", - sizeof("transport") ) == 0 ) + } else if ( strncasecmp( cargv[i], "transport=", + STRLENOF("transport=") ) == 0 ) { - set->sss_transport = - atoi( &cargv[i][sizeof("transport")] ); + tgt = &set->sss_transport; + src = &cargv[i][STRLENOF("transport=")]; - } else if( strncasecmp( cargv[i], "tls=", - sizeof("tls") ) == 0 ) + } else if ( strncasecmp( cargv[i], "tls=", + STRLENOF("tls=") ) == 0 ) { - set->sss_tls = - atoi( &cargv[i][sizeof("tls")] ); + tgt = &set->sss_tls; + src = &cargv[i][STRLENOF("tls=")]; - } else if( strncasecmp( cargv[i], "sasl=", - sizeof("sasl") ) == 0 ) + } else if ( strncasecmp( cargv[i], "sasl=", + STRLENOF("sasl=") ) == 0 ) { - set->sss_sasl = - atoi( &cargv[i][sizeof("sasl")] ); + tgt = &set->sss_sasl; + src = &cargv[i][STRLENOF("sasl=")]; - } else if( strncasecmp( cargv[i], "update_ssf=", - sizeof("update_ssf") ) == 0 ) + } else if ( strncasecmp( cargv[i], "update_ssf=", + STRLENOF("update_ssf=") ) == 0 ) { - set->sss_update_ssf = - atoi( &cargv[i][sizeof("update_ssf")] ); + tgt = &set->sss_update_ssf; + src = &cargv[i][STRLENOF("update_ssf=")]; - } else if( strncasecmp( cargv[i], "update_transport=", - sizeof("update_transport") ) == 0 ) + } else if ( strncasecmp( cargv[i], "update_transport=", + STRLENOF("update_transport=") ) == 0 ) { - set->sss_update_transport = - atoi( &cargv[i][sizeof("update_transport")] ); + tgt = &set->sss_update_transport; + src = &cargv[i][STRLENOF("update_transport=")]; - } else if( strncasecmp( cargv[i], "update_tls=", - sizeof("update_tls") ) == 0 ) + } else if ( strncasecmp( cargv[i], "update_tls=", + STRLENOF("update_tls=") ) == 0 ) { - set->sss_update_tls = - atoi( &cargv[i][sizeof("update_tls")] ); + tgt = &set->sss_update_tls; + src = &cargv[i][STRLENOF("update_tls=")]; - } else if( strncasecmp( cargv[i], "update_sasl=", - sizeof("update_sasl") ) == 0 ) + } else if ( strncasecmp( cargv[i], "update_sasl=", + STRLENOF("update_sasl=") ) == 0 ) { - set->sss_update_sasl = - atoi( &cargv[i][sizeof("update_sasl")] ); + tgt = &set->sss_update_sasl; + src = &cargv[i][STRLENOF("update_sasl=")]; - } else if( strncasecmp( cargv[i], "simple_bind=", - sizeof("simple_bind") ) == 0 ) + } else if ( strncasecmp( cargv[i], "simple_bind=", + STRLENOF("simple_bind=") ) == 0 ) { - set->sss_simple_bind = - atoi( &cargv[i][sizeof("simple_bind")] ); + tgt = &set->sss_simple_bind; + src = &cargv[i][STRLENOF("simple_bind=")]; } else { -#ifdef NEW_LOGGING - LDAP_LOG( CONFIG, CRIT, - "%s: line %d: unknown factor %S in " - "\"security \" line.\n", - fname, lineno, cargv[1] ); -#else Debug( LDAP_DEBUG_ANY, "%s: line %d: unknown factor %s in \"security \" line\n", fname, lineno, cargv[i] ); -#endif + + return( 1 ); + } + + *tgt = strtol( src, &next, 10 ); + if ( next == NULL || next[0] != '\0' ) { + Debug( LDAP_DEBUG_ANY, + "%s: line %d: unable to parse factor \"%s\" in \"security \" line\n", + fname, lineno, cargv[i] ); return( 1 ); } } + /* where to send clients when we don't hold it */ } else if ( strcasecmp( cargv[0], "referral" ) == 0 ) { if ( cargc < 2 ) { -#ifdef NEW_LOGGING - LDAP_LOG( CONFIG, CRIT, - "%s: line %d: missing URL in \"referral \"" - " line.\n", fname, lineno , 0 ); -#else Debug( LDAP_DEBUG_ANY, "%s: line %d: missing URL in \"referral \" line\n", fname, lineno, 0 ); -#endif return( 1 ); } if( validate_global_referral( cargv[1] ) ) { -#ifdef NEW_LOGGING - LDAP_LOG( CONFIG, CRIT, - "%s: line %d: invalid URL (%s) in \"referral\" line.\n", - fname, lineno, cargv[1] ); -#else Debug( LDAP_DEBUG_ANY, "%s: line %d: " "invalid URL (%s) in \"referral\" line.\n", fname, lineno, cargv[1] ); -#endif return 1; } @@ -1607,45 +1345,6 @@ read_config( const char *fname, int depth ) if( value_add( &default_referral, vals ) ) return LDAP_OTHER; -#ifdef NEW_LOGGING - } else if ( strcasecmp( cargv[0], "logfile" ) == 0 ) { - FILE *logfile; - if ( cargc < 2 ) { -#ifdef NEW_LOGGING - LDAP_LOG( CONFIG, CRIT, - "%s: line %d: Error in logfile directive, " - "\"logfile \"\n", fname, lineno , 0 ); -#else - Debug( LDAP_DEBUG_ANY, - "%s: line %d: Error in logfile directive, \"logfile filename\"\n", - fname, lineno, 0 ); -#endif - - return( 1 ); - } - logfile = fopen( cargv[1], "w" ); - if ( logfile != NULL ) lutil_debug_file( logfile ); - -#endif - /* start of a new database definition */ - } else if ( strcasecmp( cargv[0], "debug" ) == 0 ) { - int level; - if ( cargc < 3 ) { -#ifdef NEW_LOGGING - LDAP_LOG( CONFIG, CRIT, - "%s: line %d: Error in debug directive, " - "\"debug \"\n", fname, lineno , 0 ); -#else - Debug( LDAP_DEBUG_ANY, - "%s: line %d: Error in debug directive, \"debug subsys level\"\n", - fname, lineno, 0 ); -#endif - - return( 1 ); - } - level = atoi( cargv[2] ); - if ( level <= 0 ) level = lutil_mnem2level( cargv[2] ); - lutil_set_debug_level( cargv[1], level ); /* specify an Object Identifier macro */ } else if ( strcasecmp( cargv[0], "objectidentifier" ) == 0 ) { rc = parse_oidm( fname, lineno, cargc, cargv ); @@ -1654,15 +1353,9 @@ read_config( const char *fname, int depth ) /* specify an objectclass */ } else if ( strcasecmp( cargv[0], "objectclass" ) == 0 ) { if ( cargc < 2 ) { -#ifdef NEW_LOGGING - LDAP_LOG( CONFIG, INFO, - "%s: line %d: illegal objectclass format.\n", - fname, lineno , 0 ); -#else Debug( LDAP_DEBUG_ANY, "%s: line %d: illegal objectclass format.\n", fname, lineno, 0 ); -#endif return( 1 ); } else if ( *cargv[1] == '(' /*')'*/) { @@ -1672,15 +1365,9 @@ read_config( const char *fname, int depth ) if( rc ) return rc; } else { -#ifdef NEW_LOGGING - LDAP_LOG( CONFIG, INFO, - "%s: line %d: old objectclass format not supported\n", - fname, lineno , 0 ); -#else Debug( LDAP_DEBUG_ANY, "%s: line %d: old objectclass format not supported.\n", fname, lineno, 0 ); -#endif } } else if ( strcasecmp( cargv[0], "ditcontentrule" ) == 0 ) { @@ -1694,15 +1381,9 @@ read_config( const char *fname, int depth ) || ( strcasecmp( cargv[0], "attribute" ) == 0 )) { if ( cargc < 2 ) { -#ifdef NEW_LOGGING - LDAP_LOG( CONFIG, INFO, "%s: line %d: " - "illegal attribute type format.\n", - fname, lineno , 0 ); -#else Debug( LDAP_DEBUG_ANY, "%s: line %d: " "illegal attribute type format.\n", fname, lineno, 0 ); -#endif return( 1 ); } else if ( *cargv[1] == '(' /*')'*/) { @@ -1712,15 +1393,9 @@ read_config( const char *fname, int depth ) if( rc ) return rc; } else { -#ifdef NEW_LOGGING - LDAP_LOG( CONFIG, INFO, - "%s: line %d: old attribute type format not supported.\n", - fname, lineno , 0 ); -#else Debug( LDAP_DEBUG_ANY, "%s: line %d: old attribute type format not supported.\n", fname, lineno, 0 ); -#endif } @@ -1734,28 +1409,16 @@ read_config( const char *fname, int depth ) /* turn on/off schema checking */ } else if ( strcasecmp( cargv[0], "schemacheck" ) == 0 ) { if ( cargc < 2 ) { -#ifdef NEW_LOGGING - LDAP_LOG( CONFIG, CRIT, - "%s: line %d: missing on|off in \"schemacheck \"" - " line.\n", fname, lineno , 0 ); -#else Debug( LDAP_DEBUG_ANY, "%s: line %d: missing on|off in \"schemacheck \" line\n", fname, lineno, 0 ); -#endif return( 1 ); } if ( strcasecmp( cargv[1], "off" ) == 0 ) { -#ifdef NEW_LOGGING - LDAP_LOG( CONFIG, CRIT, - "%s: line %d: schema checking disabled! your mileage may " - "vary!\n", fname, lineno , 0 ); -#else Debug( LDAP_DEBUG_ANY, "%s: line %d: schema checking disabled! your mileage may vary!\n", fname, lineno, 0 ); -#endif global_schemacheck = 0; } else { global_schemacheck = 1; @@ -1768,75 +1431,118 @@ read_config( const char *fname, int depth ) /* debug level to log things to syslog */ } else if ( strcasecmp( cargv[0], "loglevel" ) == 0 ) { if ( cargc < 2 ) { -#ifdef NEW_LOGGING - LDAP_LOG( CONFIG, CRIT, - "%s: line %d: missing level in \"loglevel \"" - " line.\n", fname, lineno , 0 ); -#else Debug( LDAP_DEBUG_ANY, - "%s: line %d: missing level in \"loglevel \" line\n", + "%s: line %d: missing level(s) in \"loglevel [...]\" line\n", fname, lineno, 0 ); -#endif return( 1 ); } - ldap_syslog = 0; + ldap_syslog = 0; + + for( i=1; i < cargc; i++ ) { + int level; + + if ( isdigit( cargv[i][0] ) ) { + level = strtol( cargv[i], &next, 10 ); + if ( next == NULL || next[0] != '\0' ) { + Debug( LDAP_DEBUG_ANY, + "%s: line %d: unable to parse level \"%s\" " + "in \"loglevel [...]\" line.\n", + fname, lineno , cargv[i] ); + return( 1 ); + } + + } else { + static struct { + int i; + char *s; + } int_2_level[] = { + { LDAP_DEBUG_TRACE, "Trace" }, + { LDAP_DEBUG_PACKETS, "Packets" }, + { LDAP_DEBUG_ARGS, "Args" }, + { LDAP_DEBUG_CONNS, "Conns" }, + { LDAP_DEBUG_BER, "BER" }, + { LDAP_DEBUG_FILTER, "Filter" }, + { LDAP_DEBUG_CONFIG, "Config" }, + { LDAP_DEBUG_ACL, "ACL" }, + { LDAP_DEBUG_STATS, "Stats" }, + { LDAP_DEBUG_STATS2, "Stats2" }, + { LDAP_DEBUG_SHELL, "Shell" }, + { LDAP_DEBUG_PARSE, "Parse" }, + { LDAP_DEBUG_CACHE, "Cache" }, + { LDAP_DEBUG_INDEX, "Index" }, + { -1, "Any" }, + { 0, NULL } + }; + int j; + + for ( j = 0; int_2_level[j].s; j++ ) { + if ( strcasecmp( cargv[i], int_2_level[j].s ) == 0 ) { + level = int_2_level[j].i; + break; + } + } + + if ( int_2_level[j].s == NULL ) { + Debug( LDAP_DEBUG_ANY, + "%s: line %d: unknown level \"%s\" " + "in \"loglevel [...]\" line.\n", + fname, lineno , cargv[i] ); + return( 1 ); + } + } - for( i=1; i < cargc; i++ ) { - ldap_syslog += atoi( cargv[1] ); + ldap_syslog |= level; } /* list of sync replication information in this backend (slave only) */ } else if ( strcasecmp( cargv[0], "syncrepl" ) == 0 ) { if ( be == NULL ) { -#ifdef NEW_LOGGING - LDAP_LOG( CONFIG, INFO, - "%s: line %d: syncrepl line must appear inside " - "a database definition.\n", fname, lineno, 0); -#else Debug( LDAP_DEBUG_ANY, "%s: line %d: syncrepl line must appear inside " "a database definition.\n", fname, lineno, 0); -#endif return 1; - } else { - if ( add_syncrepl( be, cargv, cargc )) { - return 1; - } + + } else if ( SLAP_SHADOW( be )) { + Debug( LDAP_DEBUG_ANY, + "%s: line %d: syncrepl: database already shadowed.\n", + fname, lineno, 0); + return 1; + + } else if ( add_syncrepl( be, cargv, cargc )) { + return 1; } + SLAP_DBFLAGS(be) |= ( SLAP_DBFLAG_SHADOW | SLAP_DBFLAG_SYNC_SHADOW ); + /* list of replicas of the data in this backend (master only) */ } else if ( strcasecmp( cargv[0], "replica" ) == 0 ) { if ( cargc < 2 ) { -#ifdef NEW_LOGGING - LDAP_LOG( CONFIG, CRIT, - "%s: line %d: missing host or uri in \"replica " - " \" line\n", fname, lineno, 0 ); -#endif return( 1 ); } if ( be == NULL ) { -#ifdef NEW_LOGGING - LDAP_LOG( CONFIG, INFO, - "%s: line %d: replica line must appear inside " - "a database definition.\n", fname, lineno, 0); -#else Debug( LDAP_DEBUG_ANY, "%s: line %d: replica line must appear inside a database definition\n", fname, lineno, 0 ); -#endif return 1; } else { int nr = -1; + if ( SLAP_MONITOR( be ) ) { + Debug( LDAP_DEBUG_ANY, "%s: line %d: " + "\"replica\" should not be used " + "inside monitor database\n", + fname, lineno, 0 ); + /* FIXME: turn into an error? */ + } + for ( i = 1; i < cargc; i++ ) { if ( strncasecmp( cargv[i], "host=", 5 ) == 0 ) { @@ -1847,39 +1553,21 @@ read_config( const char *fname, int depth ) == 0 ) { if ( ldap_url_parse( cargv[ i ] + 4, &ludp ) != LDAP_SUCCESS ) { -#ifdef NEW_LOGGING - LDAP_LOG( CONFIG, INFO, - "%s: line %d: replica line contains invalid " - "uri definition.\n", fname, lineno, 0); -#else Debug( LDAP_DEBUG_ANY, "%s: line %d: replica line contains invalid " "uri definition.\n", fname, lineno, 0); -#endif return 1; } if (ludp->lud_host == NULL ) { -#ifdef NEW_LOGGING - LDAP_LOG( CONFIG, INFO, - "%s: line %d: replica line contains invalid " - "uri definition - missing hostname.\n", - fname, lineno, 0); -#else Debug( LDAP_DEBUG_ANY, "%s: line %d: replica line contains invalid " "uri definition - missing hostname.\n", fname, lineno, 0); -#endif return 1; } replicahost = ch_malloc( strlen( cargv[ i ] ) ); if ( replicahost == NULL ) { -#ifdef NEW_LOGGING - LDAP_LOG( CONFIG, ERR, - "out of memory in read_config\n", 0, 0,0 ); -#else Debug( LDAP_DEBUG_ANY, "out of memory in read_config\n", 0, 0, 0 ); -#endif ldap_free_urldesc( ludp ); exit( EXIT_FAILURE ); } @@ -1892,29 +1580,15 @@ read_config( const char *fname, int depth ) } } if ( i == cargc ) { -#ifdef NEW_LOGGING - LDAP_LOG( CONFIG, INFO, - "%s: line %d: missing host or uri in \"replica\" line\n", - fname, lineno , 0 ); -#else Debug( LDAP_DEBUG_ANY, "%s: line %d: missing host or uri in \"replica\" line\n", fname, lineno, 0 ); -#endif return 1; } else if ( nr == -1 ) { -#ifdef NEW_LOGGING - LDAP_LOG( CONFIG, INFO, - "%s: line %d: unable to add" - " replica \"%s\"\n", - fname, lineno, - cargv[i] + 5 ); -#else Debug( LDAP_DEBUG_ANY, "%s: line %d: unable to add replica \"%s\"\n", fname, lineno, cargv[i] + 5 ); -#endif return 1; } else { for ( i = 1; i < cargc; i++ ) { @@ -1922,29 +1596,15 @@ read_config( const char *fname, int depth ) switch ( add_replica_suffix( be, nr, cargv[i] + 7 ) ) { case 1: -#ifdef NEW_LOGGING - LDAP_LOG( CONFIG, INFO, - "%s: line %d: suffix \"%s\" in \"replica\"" - " line is not valid for backend(ignored)\n", - fname, lineno, cargv[i] + 7 ); -#else Debug( LDAP_DEBUG_ANY, "%s: line %d: suffix \"%s\" in \"replica\" line is not valid for backend (ignored)\n", fname, lineno, cargv[i] + 7 ); -#endif break; case 2: -#ifdef NEW_LOGGING - LDAP_LOG( CONFIG, INFO, - "%s: line %d: unable to normalize suffix" - " in \"replica\" line (ignored)\n", - fname, lineno , 0 ); -#else Debug( LDAP_DEBUG_ANY, "%s: line %d: unable to normalize suffix in \"replica\" line (ignored)\n", fname, lineno, 0 ); -#endif break; } @@ -1962,16 +1622,9 @@ read_config( const char *fname, int depth ) } if ( add_replica_attrs( be, nr, arg + 1, exclude ) ) { -#ifdef NEW_LOGGING - LDAP_LOG( CONFIG, INFO, - "%s: line %d: attribute \"%s\" in " - "\"replica\" line is unknown\n", - fname, lineno, arg + 1 ); -#else Debug( LDAP_DEBUG_ANY, "%s: line %d: attribute \"%s\" in \"replica\" line is unknown\n", fname, lineno, arg + 1 ); -#endif return( 1 ); } } @@ -1985,29 +1638,22 @@ read_config( const char *fname, int depth ) /* dn of slave entity allowed to write to replica */ } else if ( strcasecmp( cargv[0], "updatedn" ) == 0 ) { if ( cargc < 2 ) { -#ifdef NEW_LOGGING - LDAP_LOG( CONFIG, CRIT, - "%s: line %d: missing dn in \"updatedn \"" - " line.\n", fname, lineno , 0 ); -#else Debug( LDAP_DEBUG_ANY, "%s: line %d: missing dn in \"updatedn \" line\n", fname, lineno, 0 ); -#endif return( 1 ); } if ( be == NULL ) { -#ifdef NEW_LOGGING - LDAP_LOG( CONFIG, INFO, - "%s: line %d: updatedn line must appear inside " - "a database definition\n", - fname, lineno , 0 ); -#else Debug( LDAP_DEBUG_ANY, "%s: line %d: updatedn line must appear inside a database definition\n", fname, lineno, 0 ); -#endif + return 1; + + } else if ( SLAP_SHADOW(be) ) { + Debug( LDAP_DEBUG_ANY, + "%s: line %d: updatedn: database already shadowed.\n", + fname, lineno, 0); return 1; } else { @@ -2020,93 +1666,68 @@ read_config( const char *fname, int depth ) rc = dnNormalize( 0, NULL, NULL, &dn, &be->be_update_ndn, NULL ); if( rc != LDAP_SUCCESS ) { -#ifdef NEW_LOGGING - LDAP_LOG( CONFIG, CRIT, - "%s: line %d: updatedn DN is invalid.\n", - fname, lineno , 0 ); -#else Debug( LDAP_DEBUG_ANY, "%s: line %d: updatedn DN is invalid\n", fname, lineno, 0 ); -#endif return 1; } + } + SLAP_DBFLAGS(be) |= ( SLAP_DBFLAG_SHADOW | SLAP_DBFLAG_SLURP_SHADOW ); } else if ( strcasecmp( cargv[0], "updateref" ) == 0 ) { if ( cargc < 2 ) { -#ifdef NEW_LOGGING - LDAP_LOG( CONFIG, CRIT, "%s: line %d: " - "missing url in \"updateref \" line.\n", - fname, lineno , 0 ); -#else Debug( LDAP_DEBUG_ANY, "%s: line %d: " "missing url in \"updateref \" line\n", fname, lineno, 0 ); -#endif return( 1 ); } if ( be == NULL ) { -#ifdef NEW_LOGGING - LDAP_LOG( CONFIG, INFO, "%s: line %d: updateref" - " line must appear inside a database definition\n", - fname, lineno , 0 ); -#else Debug( LDAP_DEBUG_ANY, "%s: line %d: updateref" " line must appear inside a database definition\n", fname, lineno, 0 ); -#endif return 1; - } else if ( !be->be_update_ndn.bv_len ) { -#ifdef NEW_LOGGING - LDAP_LOG( CONFIG, INFO, "%s: line %d: " - "updateref line must come after updatedn.\n", - fname, lineno , 0 ); -#else + } else if ( !SLAP_SHADOW(be) ) { Debug( LDAP_DEBUG_ANY, "%s: line %d: " - "updateref line must after updatedn.\n", + "updateref line must after syncrepl or updatedn.\n", fname, lineno, 0 ); -#endif return 1; } if( validate_global_referral( cargv[1] ) ) { -#ifdef NEW_LOGGING - LDAP_LOG( CONFIG, CRIT, "%s: line %d: " - "invalid URL (%s) in \"updateref\" line.\n", - fname, lineno, cargv[1] ); -#else Debug( LDAP_DEBUG_ANY, "%s: line %d: " "invalid URL (%s) in \"updateref\" line.\n", fname, lineno, cargv[1] ); -#endif return 1; } vals[0].bv_val = cargv[1]; vals[0].bv_len = strlen( vals[0].bv_val ); - if( value_add( &be->be_update_refs, vals ) ) + if( value_add( &be->be_update_refs, vals ) ) { return LDAP_OTHER; + } /* replication log file to which changes are appended */ } else if ( strcasecmp( cargv[0], "replogfile" ) == 0 ) { if ( cargc < 2 ) { -#ifdef NEW_LOGGING - LDAP_LOG( CONFIG, CRIT, - "%s: line %d: missing filename in \"replogfile \"" - " line.\n", fname, lineno , 0 ); -#else Debug( LDAP_DEBUG_ANY, "%s: line %d: missing filename in \"replogfile \" line\n", fname, lineno, 0 ); -#endif return( 1 ); } if ( be ) { + if ( SLAP_MONITOR( be ) ) { + Debug( LDAP_DEBUG_ANY, "%s: line %d: " + "\"replogfile\" should not be used " + "inside monitor database\n", + fname, lineno, 0 ); + /* FIXME: turn into an error? */ + } be->be_replogfile = ch_strdup( cargv[1] ); + } else { replogfile = ch_strdup( cargv[1] ); } @@ -2114,58 +1735,46 @@ read_config( const char *fname, int depth ) /* file from which to read additional rootdse attrs */ } else if ( strcasecmp( cargv[0], "rootDSE" ) == 0) { if ( cargc < 2 ) { -#ifdef NEW_LOGGING - LDAP_LOG( CONFIG, CRIT, "%s: line %d: " - "missing filename in \"rootDSE \" line.\n", - fname, lineno , 0 ); -#else Debug( LDAP_DEBUG_ANY, "%s: line %d: " "missing filename in \"rootDSE \" line.\n", fname, lineno, 0 ); -#endif return 1; } if( read_root_dse_file( cargv[1] ) ) { -#ifdef NEW_LOGGING - LDAP_LOG( CONFIG, CRIT, "%s: line %d: " - "could not read \"rootDSE \" line.\n", - fname, lineno , 0 ); -#else Debug( LDAP_DEBUG_ANY, "%s: line %d: " "could not read \"rootDSE \" line\n", fname, lineno, 0 ); -#endif return 1; } /* maintain lastmodified{by,time} attributes */ } else if ( strcasecmp( cargv[0], "lastmod" ) == 0 ) { if ( cargc < 2 ) { -#ifdef NEW_LOGGING - LDAP_LOG( CONFIG, CRIT, - "%s: line %d: missing on|off in \"lastmod \"" - " line.\n", fname, lineno , 0 ); -#else Debug( LDAP_DEBUG_ANY, "%s: line %d: missing on|off in \"lastmod \" line\n", fname, lineno, 0 ); -#endif return( 1 ); } + + if ( be == NULL ) { + Debug( LDAP_DEBUG_ANY, "%s: line %d: lastmod" + " line must appear inside a database definition\n", + fname, lineno, 0 ); + return 1; + + } else if ( SLAP_NOLASTMODCMD(be) ) { + Debug( LDAP_DEBUG_ANY, "%s: line %d: lastmod" + " not available for %s databases\n", + fname, lineno, be->bd_info->bi_type ); + return 1; + } + if ( strcasecmp( cargv[1], "on" ) == 0 ) { - if ( be ) { - be->be_flags &= ~SLAP_DBFLAG_NOLASTMOD; - } else { - lastmod = 1; - } + SLAP_DBFLAGS(be) &= ~SLAP_DBFLAG_NOLASTMOD; } else { - if ( be ) { - be->be_flags |= SLAP_DBFLAG_NOLASTMOD; - } else { - lastmod = 0; - } + SLAP_DBFLAGS(be) |= SLAP_DBFLAG_NOLASTMOD; } #ifdef SIGHUP @@ -2188,15 +1797,9 @@ read_config( const char *fname, int depth ) } else if ( strcasecmp( cargv[0], "idletimeout" ) == 0 ) { int i; if ( cargc < 2 ) { -#ifdef NEW_LOGGING - LDAP_LOG( CONFIG, CRIT, - "%s: line %d: missing timeout value in " - "\"idletimeout \" line.\n", fname, lineno , 0 ); -#else Debug( LDAP_DEBUG_ANY, "%s: line %d: missing timeout value in \"idletimeout \" line\n", fname, lineno, 0 ); -#endif return( 1 ); } @@ -2204,15 +1807,9 @@ read_config( const char *fname, int depth ) i = atoi( cargv[1] ); if( i < 0 ) { -#ifdef NEW_LOGGING - LDAP_LOG( CONFIG, CRIT, - "%s: line %d: timeout value (%d) invalid " - "\"idletimeout \" line.\n", fname, lineno, i ); -#else Debug( LDAP_DEBUG_ANY, "%s: line %d: timeout value (%d) invalid \"idletimeout \" line\n", fname, lineno, i ); -#endif return( 1 ); } @@ -2222,15 +1819,9 @@ read_config( const char *fname, int depth ) /* include another config file */ } else if ( strcasecmp( cargv[0], "include" ) == 0 ) { if ( cargc < 2 ) { -#ifdef NEW_LOGGING - LDAP_LOG( CONFIG, CRIT, - "%s: line %d: missing filename in \"include " - "\" line.\n", fname, lineno , 0 ); -#else Debug( LDAP_DEBUG_ANY, "%s: line %d: missing filename in \"include \" line\n", fname, lineno, 0 ); -#endif return( 1 ); } @@ -2247,15 +1838,9 @@ read_config( const char *fname, int depth ) /* location of kerberos srvtab file */ } else if ( strcasecmp( cargv[0], "srvtab" ) == 0 ) { if ( cargc < 2 ) { -#ifdef NEW_LOGGING - LDAP_LOG( CONFIG, CRIT, - "%s: line %d: missing filename in \"srvtab " - "\" line.\n", fname, lineno , 0 ); -#else Debug( LDAP_DEBUG_ANY, "%s: line %d: missing filename in \"srvtab \" line\n", fname, lineno, 0 ); -#endif return( 1 ); } @@ -2264,55 +1849,31 @@ read_config( const char *fname, int depth ) #ifdef SLAPD_MODULES } else if (strcasecmp( cargv[0], "moduleload") == 0 ) { if ( cargc < 2 ) { -#ifdef NEW_LOGGING - LDAP_LOG( CONFIG, INFO, - "%s: line %d: missing filename in \"moduleload " - "\" line.\n", fname, lineno , 0 ); -#else Debug( LDAP_DEBUG_ANY, "%s: line %d: missing filename in \"moduleload \" line\n", fname, lineno, 0 ); -#endif exit( EXIT_FAILURE ); } if (module_load(cargv[1], cargc - 2, (cargc > 2) ? cargv + 2 : NULL)) { -#ifdef NEW_LOGGING - LDAP_LOG( CONFIG, CRIT, - "%s: line %d: failed to load or initialize module %s\n", - fname, lineno, cargv[1] ); -#else Debug( LDAP_DEBUG_ANY, "%s: line %d: failed to load or initialize module %s\n", fname, lineno, cargv[1]); -#endif exit( EXIT_FAILURE ); } } else if (strcasecmp( cargv[0], "modulepath") == 0 ) { if ( cargc != 2 ) { -#ifdef NEW_LOGGING - LDAP_LOG( CONFIG, INFO, - "%s: line %d: missing path in \"modulepath \"" - " line\n", fname, lineno , 0 ); -#else Debug( LDAP_DEBUG_ANY, "%s: line %d: missing path in \"modulepath \" line\n", fname, lineno, 0 ); -#endif exit( EXIT_FAILURE ); } if (module_path( cargv[1] )) { -#ifdef NEW_LOGGING - LDAP_LOG( CONFIG, CRIT, - "%s: line %d: failed to set module search path to %s.\n", - fname, lineno, cargv[1] ); -#else Debug( LDAP_DEBUG_ANY, "%s: line %d: failed to set module search path to %s\n", fname, lineno, cargv[1]); -#endif exit( EXIT_FAILURE ); } @@ -2381,15 +1942,9 @@ read_config( const char *fname, int depth ) } else if ( !strcasecmp( cargv[0], "reverse-lookup" ) ) { #ifdef SLAPD_RLOOKUPS if ( cargc < 2 ) { -#ifdef NEW_LOGGING - LDAP_LOG( CONFIG, INFO, - "%s: line %d: reverse-lookup: missing \"on\" or \"off\"\n", - fname, lineno , 0 ); -#else Debug( LDAP_DEBUG_ANY, "%s: line %d: reverse-lookup: missing \"on\" or \"off\"\n", fname, lineno, 0 ); -#endif return( 1 ); } @@ -2398,28 +1953,16 @@ read_config( const char *fname, int depth ) } else if ( !strcasecmp( cargv[1], "off" ) ) { use_reverse_lookup = 0; } else { -#ifdef NEW_LOGGING - LDAP_LOG( CONFIG, INFO, - "%s: line %d: reverse-lookup: " - "must be \"on\" (default) or \"off\"\n", fname, lineno, 0 ); -#else Debug( LDAP_DEBUG_ANY, "%s: line %d: reverse-lookup: must be \"on\" (default) or \"off\"\n", fname, lineno, 0 ); -#endif return( 1 ); } #else /* !SLAPD_RLOOKUPS */ -#ifdef NEW_LOGGING - LDAP_LOG( CONFIG, INFO, - "%s: line %d: reverse lookups " - "are not configured (ignored).\n", fname, lineno , 0 ); -#else Debug( LDAP_DEBUG_ANY, "%s: line %d: reverse lookups are not configured (ignored).\n", fname, lineno, 0 ); -#endif #endif /* !SLAPD_RLOOKUPS */ /* Netscape plugins */ @@ -2433,35 +1976,25 @@ read_config( const char *fname, int depth ) * and extended operation plugins */ if ( be == NULL ) { -#ifdef NEW_LOGGING - LDAP_LOG( CONFIG, INFO, - "%s: line %d: plugin line must appear " - "insid a database definition.\n", - fname, lineno, 0 ); -#else Debug( LDAP_DEBUG_ANY, "%s: line %d: plugin " "line must appear inside a database " "definition\n", fname, lineno, 0 ); -#endif return( 1 ); } #endif /* notdef */ if ( slapi_int_read_config( be, fname, lineno, cargc, cargv ) - != LDAP_SUCCESS ) { + != LDAP_SUCCESS ) + { + Debug( LDAP_DEBUG_ANY, "%s: line %d: SLAPI " + "config read failed.\n", fname, lineno, 0 ); return( 1 ); } slapi_plugins_used++; #else /* !defined( LDAP_SLAPI ) */ -#ifdef NEW_LOGGING - LDAP_LOG( CONFIG, INFO, - "%s: line %d: SLAPI not supported.\n", - fname, lineno, 0 ); -#else Debug( LDAP_DEBUG_ANY, "%s: line %d: SLAPI " "not supported.\n", fname, lineno, 0 ); -#endif return( 1 ); #endif /* !defined( LDAP_SLAPI ) */ @@ -2470,17 +2003,10 @@ read_config( const char *fname, int depth ) } else if ( strcasecmp( cargv[0], "pluginlog" ) == 0 ) { #if defined( LDAP_SLAPI ) if ( cargc < 2 ) { -#ifdef NEW_LOGGING - LDAP_LOG( CONFIG, INFO, - "%s: line %d: missing file name " - "in pluginlog line.\n", - fname, lineno, 0 ); -#else Debug( LDAP_DEBUG_ANY, "%s: line %d: missing file name " "in pluginlog line.\n", fname, lineno, 0 ); -#endif return( 1 ); } @@ -2502,16 +2028,9 @@ read_config( const char *fname, int depth ) break; case SLAP_CONF_UNKNOWN: -#ifdef NEW_LOGGING - LDAP_LOG( CONFIG, INFO, - "%s: line %d: unknown directive \"%s\" inside " - "backend info definition (ignored).\n", - fname, lineno, cargv[0] ); -#else Debug( LDAP_DEBUG_ANY, "%s: line %d: unknown directive \"%s\" inside backend info definition (ignored)\n", fname, lineno, cargv[0] ); -#endif break; default: @@ -2528,16 +2047,9 @@ read_config( const char *fname, int depth ) break; case SLAP_CONF_UNKNOWN: -#ifdef NEW_LOGGING - LDAP_LOG( CONFIG, INFO, - "%s: line %d: unknown directive \"%s\" inside " - "backend database definition (ignored).\n", - fname, lineno, cargv[0] ); -#else Debug( LDAP_DEBUG_ANY, "%s: line %d: unknown directive \"%s\" inside backend database definition (ignored)\n", fname, lineno, cargv[0] ); -#endif break; default: @@ -2546,17 +2058,23 @@ read_config( const char *fname, int depth ) } } else { -#ifdef NEW_LOGGING - LDAP_LOG( CONFIG, INFO, - "%s: line %d: unknown directive \"%s\" outside backend " - "info and database definitions (ignored).\n", - fname, lineno, cargv[0] ); -#else - Debug( LDAP_DEBUG_ANY, -"%s: line %d: unknown directive \"%s\" outside backend info and database definitions (ignored)\n", - fname, lineno, cargv[0] ); -#endif + if ( frontendDB->be_config ) { + rc = (*frontendDB->be_config)( frontendDB, fname, lineno, cargc, cargv ); + + switch ( rc ) { + case 0: + break; + + case SLAP_CONF_UNKNOWN: + Debug( LDAP_DEBUG_ANY, +"%s: line %d: unknown directive \"%s\" inside global database definition (ignored)\n", + fname, lineno, cargv[0] ); + break; + default: + return 1; + } + } } } free( saveline ); @@ -2565,10 +2083,10 @@ read_config( const char *fname, int depth ) if ( depth == 0 ) ch_free( cargv ); - if ( !global_schemadn.bv_val ) { + if ( BER_BVISNULL( &frontendDB->be_schemadn ) ) { ber_str2bv( SLAPD_SCHEMA_DN, sizeof(SLAPD_SCHEMA_DN)-1, 1, - &global_schemadn ); - dnNormalize( 0, NULL, NULL, &global_schemadn, &global_schemandn, NULL ); + &frontendDB->be_schemadn ); + dnNormalize( 0, NULL, NULL, &frontendDB->be_schemadn, &frontendDB->be_schemandn, NULL ); } if ( load_ucdata( NULL ) < 0 ) return 1; @@ -2603,11 +2121,7 @@ fp_parse_line( *strtok_quote_ptr = ' '; } -#ifdef NEW_LOGGING - LDAP_LOG( CONFIG, DETAIL1, "line %d (%s)\n", lineno, logline , 0 ); -#else Debug( LDAP_DEBUG_CONFIG, "line %d (%s)\n", lineno, logline, 0 ); -#endif if ( strtok_quote_ptr ) { *strtok_quote_ptr = '\0'; @@ -2619,13 +2133,9 @@ fp_parse_line( tmp = ch_realloc( cargv, (cargv_size + ARGS_STEP) * sizeof(*cargv) ); if ( tmp == NULL ) { -#ifdef NEW_LOGGING - LDAP_LOG( CONFIG, ERR, "line %d: out of memory\n", lineno, 0,0 ); -#else Debug( LDAP_DEBUG_ANY, "line %d: out of memory\n", lineno, 0, 0 ); -#endif return -1; } cargv = tmp; @@ -2764,6 +2274,7 @@ fp_getline_init( int *lineno ) static int load_ucdata( char *path ) { +#if 0 static int loaded = 0; int err; @@ -2772,26 +2283,32 @@ load_ucdata( char *path ) } err = ucdata_load( path ? path : SLAPD_DEFAULT_UCDATA, UCDATA_ALL ); if ( err ) { -#ifdef NEW_LOGGING - LDAP_LOG( CONFIG, CRIT, - "load_ucdata: Error %d loading ucdata.\n", err, 0,0 ); -#else Debug( LDAP_DEBUG_ANY, "error loading ucdata (error %d)\n", err, 0, 0 ); -#endif return( -1 ); } loaded = 1; return( 1 ); +#else + /* ucdata is now hardcoded */ + return( 0 ); +#endif } void config_destroy( ) { ucdata_unload( UCDATA_ALL ); - free( global_schemandn.bv_val ); - free( global_schemadn.bv_val ); + if ( frontendDB ) { + /* NOTE: in case of early exit, frontendDB can be NULL */ + if ( frontendDB->be_schemandn.bv_val ) + free( frontendDB->be_schemandn.bv_val ); + if ( frontendDB->be_schemadn.bv_val ) + free( frontendDB->be_schemadn.bv_val ); + if ( frontendDB->be_acl ) + acl_destroy( frontendDB->be_acl, NULL ); + } free( line ); if ( slapd_args_file ) free ( slapd_args_file ); @@ -2799,7 +2316,6 @@ config_destroy( ) free ( slapd_pid_file ); if ( default_passwd_hash ) ldap_charray_free( default_passwd_hash ); - acl_destroy( global_acl, NULL ); } static int @@ -2817,11 +2333,7 @@ add_syncrepl( si = (syncinfo_t *) ch_calloc( 1, sizeof( syncinfo_t ) ); if ( si == NULL ) { -#ifdef NEW_LOGGING - LDAP_LOG( CONFIG, ERR, "out of memory in add_syncrepl\n", 0, 0,0 ); -#else Debug( LDAP_DEBUG_ANY, "out of memory in add_syncrepl\n", 0, 0, 0 ); -#endif return 1; } @@ -2831,21 +2343,28 @@ add_syncrepl( } si->si_bindmethod = LDAP_AUTH_SIMPLE; si->si_schemachecking = 0; - ber_str2bv( "(objectclass=*)", sizeof("(objectclass=*)")-1, 0, + ber_str2bv( "(objectclass=*)", STRLENOF("(objectclass=*)"), 1, &si->si_filterstr ); si->si_base.bv_val = NULL; si->si_scope = LDAP_SCOPE_SUBTREE; si->si_attrsonly = 0; - si->si_attrs = (char **) ch_calloc( 1, sizeof( char * )); - si->si_attrs[0] = NULL; + si->si_anlist = (AttributeName *) ch_calloc( 1, sizeof( AttributeName )); + si->si_exanlist = (AttributeName *) ch_calloc( 1, sizeof( AttributeName )); + si->si_attrs = NULL; + si->si_allattrs = 0; + si->si_allopattrs = 0; + si->si_exattrs = NULL; si->si_type = LDAP_SYNC_REFRESH_ONLY; si->si_interval = 86400; + si->si_retryinterval = NULL; + si->si_retrynum_init = NULL; + si->si_retrynum = NULL; si->si_syncCookie.ctxcsn = NULL; si->si_syncCookie.octet_str = NULL; si->si_syncCookie.sid = -1; si->si_manageDSAit = 0; - si->si_tlimit = -1; - si->si_slimit = -1; + si->si_tlimit = 0; + si->si_slimit = 0; si->si_syncUUID_ndn.bv_val = NULL; si->si_syncUUID_ndn.bv_len = 0; @@ -2856,64 +2375,23 @@ add_syncrepl( LDAP_STAILQ_FOREACH( si_entry, &be->be_syncinfo, si_next ) { if ( si->si_rid == si_entry->si_rid ) { -#ifdef NEW_LOGGING - LDAP_LOG( CONFIG, ERR, - "add_syncrepl: duplicated replica id\n", 0, 0,0 ); -#else Debug( LDAP_DEBUG_ANY, "add_syncrepl: duplicated replica id\n",0, 0, 0 ); -#endif duplicated_replica_id = 1; break; } } if ( rc < 0 || duplicated_replica_id ) { - syncinfo_t *si_entry; - /* Something bad happened - back out */ -#ifdef NEW_LOGGING - LDAP_LOG( CONFIG, ERR, "failed to add syncinfo\n", 0, 0,0 ); -#else Debug( LDAP_DEBUG_ANY, "failed to add syncinfo\n", 0, 0, 0 ); -#endif - - /* If error, remove all syncinfo */ - LDAP_STAILQ_FOREACH( si_entry, &be->be_syncinfo, si_next ) { - if ( si_entry->si_updatedn.bv_val ) { - ch_free( si->si_updatedn.bv_val ); - } - if ( si_entry->si_filterstr.bv_val ) { - ch_free( si->si_filterstr.bv_val ); - } - if ( si_entry->si_attrs ) { - int i = 0; - while ( si_entry->si_attrs[i] != NULL ) { - ch_free( si_entry->si_attrs[i] ); - i++; - } - ch_free( si_entry->si_attrs ); - } - } - - while ( !LDAP_STAILQ_EMPTY( &be->be_syncinfo )) { - si_entry = LDAP_STAILQ_FIRST( &be->be_syncinfo ); - LDAP_STAILQ_REMOVE_HEAD( &be->be_syncinfo, si_next ); - ch_free( si_entry ); - } - LDAP_STAILQ_INIT( &be->be_syncinfo ); + syncinfo_free( si ); return 1; } else { -#ifdef NEW_LOGGING - LDAP_LOG ( CONFIG, RESULTS, - "add_syncrepl: Config: ** successfully added syncrepl \"%s\"\n", - si->si_provideruri == NULL ? "(null)" : si->si_provideruri, 0, 0 ); -#else Debug( LDAP_DEBUG_CONFIG, "Config: ** successfully added syncrepl \"%s\"\n", si->si_provideruri == NULL ? "(null)" : si->si_provideruri, 0, 0 ); -#endif if ( !si->si_schemachecking ) { - be->be_flags |= SLAP_DBFLAG_NO_SCHEMA_CHECK; + SLAP_DBFLAGS(be) |= SLAP_DBFLAG_NO_SCHEMA_CHECK; } si->si_be = be; LDAP_STAILQ_INSERT_TAIL( &be->be_syncinfo, si, si_next ); @@ -2921,45 +2399,54 @@ add_syncrepl( } } +/* NOTE: used & documented in slapd.conf(5) */ #define IDSTR "rid" #define PROVIDERSTR "provider" -#define SUFFIXSTR "suffix" +#define TYPESTR "type" +#define INTERVALSTR "interval" +#define SEARCHBASESTR "searchbase" +#define FILTERSTR "filter" +#define SCOPESTR "scope" +#define ATTRSSTR "attrs" +#define ATTRSONLYSTR "attrsonly" +#define SLIMITSTR "sizelimit" +#define TLIMITSTR "timelimit" +#define SCHEMASTR "schemachecking" #define UPDATEDNSTR "updatedn" #define BINDMETHSTR "bindmethod" -#define SIMPLESTR "simple" -#define SASLSTR "sasl" +#define SIMPLESTR "simple" +#define SASLSTR "sasl" #define BINDDNSTR "binddn" -#define CREDSTR "credentials" -#define OLDAUTHCSTR "bindprincipal" +#define SASLMECHSTR "saslmech" #define AUTHCSTR "authcID" #define AUTHZSTR "authzID" -#define SRVTABSTR "srvtab" -#define SASLMECHSTR "saslmech" +#define CREDSTR "credentials" #define REALMSTR "realm" #define SECPROPSSTR "secprops" + +/* FIXME: undocumented */ +#define OLDAUTHCSTR "bindprincipal" #define STARTTLSSTR "starttls" -#define CRITICALSTR "critical" +#define CRITICALSTR "critical" +#define EXATTRSSTR "exattrs" +#define MANAGEDSAITSTR "manageDSAit" +#define RETRYSTR "retry" -#define SCHEMASTR "schemachecking" -#define FILTERSTR "filter" -#define SEARCHBASESTR "searchbase" -#define SCOPESTR "scope" -#define ATTRSSTR "attrs" -#define ATTRSONLYSTR "attrsonly" -#define TYPESTR "type" -#define INTERVALSTR "interval" +/* FIXME: unused */ #define LASTMODSTR "lastmod" -#define LMREQSTR "req" #define LMGENSTR "gen" #define LMNOSTR "no" -#define MANAGEDSAITSTR "manageDSAit" -#define SLIMITSTR "sizelimit" -#define TLIMITSTR "timelimit" +#define LMREQSTR "req" +#define SRVTABSTR "srvtab" +#define SUFFIXSTR "suffix" +/* mandatory */ #define GOT_ID 0x0001 -#define GOT_PROVIDER 0x0002 +#define GOT_PROVIDER 0x0002 #define GOT_METHOD 0x0004 -#define GOT_ALL 0x0007 + +/* check */ +#define GOT_ALL (GOT_ID|GOT_PROVIDER|GOT_METHOD) static int parse_syncrepl_line( @@ -2974,10 +2461,12 @@ parse_syncrepl_line( int nr_attr = 0; for ( i = 1; i < cargc; i++ ) { - if ( !strncasecmp( cargv[ i ], IDSTR, sizeof( IDSTR ) - 1 )) { + if ( !strncasecmp( cargv[ i ], IDSTR "=", + STRLENOF( IDSTR "=" ) ) ) + { int tmp; /* '\0' string terminator accounts for '=' */ - val = cargv[ i ] + sizeof( IDSTR ); + val = cargv[ i ] + STRLENOF( IDSTR "=" ); tmp= atoi( val ); if ( tmp >= 1000 || tmp < 0 ) { fprintf( stderr, "Error: parse_syncrepl_line: " @@ -2986,38 +2475,40 @@ parse_syncrepl_line( } si->si_rid = tmp; gots |= GOT_ID; - } else if ( !strncasecmp( cargv[ i ], PROVIDERSTR, - sizeof( PROVIDERSTR ) - 1 )) { - val = cargv[ i ] + sizeof( PROVIDERSTR ); + } else if ( !strncasecmp( cargv[ i ], PROVIDERSTR "=", + STRLENOF( PROVIDERSTR "=" ) ) ) + { + val = cargv[ i ] + STRLENOF( PROVIDERSTR "=" ); si->si_provideruri = ch_strdup( val ); si->si_provideruri_bv = (BerVarray) ch_calloc( 2, sizeof( struct berval )); ber_str2bv( si->si_provideruri, strlen( si->si_provideruri ), - 0, &si->si_provideruri_bv[0] ); + 1, &si->si_provideruri_bv[0] ); si->si_provideruri_bv[1].bv_len = 0; si->si_provideruri_bv[1].bv_val = NULL; gots |= GOT_PROVIDER; - } else if ( !strncasecmp( cargv[ i ], STARTTLSSTR, - sizeof(STARTTLSSTR) - 1 ) ) + } else if ( !strncasecmp( cargv[ i ], STARTTLSSTR "=", + STRLENOF(STARTTLSSTR "=") ) ) { - val = cargv[ i ] + sizeof( STARTTLSSTR ); + val = cargv[ i ] + STRLENOF( STARTTLSSTR "=" ); if( !strcasecmp( val, CRITICALSTR ) ) { si->si_tls = SYNCINFO_TLS_CRITICAL; } else { si->si_tls = SYNCINFO_TLS_ON; } - } else if ( !strncasecmp( cargv[ i ], - UPDATEDNSTR, sizeof( UPDATEDNSTR ) - 1 ) ) + } else if ( !strncasecmp( cargv[ i ], UPDATEDNSTR "=", + STRLENOF( UPDATEDNSTR "=" ) ) ) { - struct berval updatedn = {0, NULL}; - val = cargv[ i ] + sizeof( UPDATEDNSTR ); + struct berval updatedn = BER_BVNULL; + + val = cargv[ i ] + STRLENOF( UPDATEDNSTR "=" ); ber_str2bv( val, 0, 0, &updatedn ); ch_free( si->si_updatedn.bv_val ); dnNormalize( 0, NULL, NULL, &updatedn, &si->si_updatedn, NULL ); - } else if ( !strncasecmp( cargv[ i ], BINDMETHSTR, - sizeof( BINDMETHSTR ) - 1 ) ) + } else if ( !strncasecmp( cargv[ i ], BINDMETHSTR "=", + STRLENOF( BINDMETHSTR "=" ) ) ) { - val = cargv[ i ] + sizeof( BINDMETHSTR ); + val = cargv[ i ] + STRLENOF( BINDMETHSTR "=" ); if ( !strcasecmp( val, SIMPLESTR )) { si->si_bindmethod = LDAP_AUTH_SIMPLE; gots |= GOT_METHOD; @@ -3028,80 +2519,92 @@ parse_syncrepl_line( #else /* HAVE_CYRUS_SASL */ fprintf( stderr, "Error: parse_syncrepl_line: " "not compiled with SASL support\n" ); - return 1; + return -1; #endif /* HAVE_CYRUS_SASL */ } else { si->si_bindmethod = -1; } - } else if ( !strncasecmp( cargv[ i ], - BINDDNSTR, sizeof( BINDDNSTR ) - 1 ) ) { - val = cargv[ i ] + sizeof( BINDDNSTR ); + } else if ( !strncasecmp( cargv[ i ], BINDDNSTR "=", + STRLENOF( BINDDNSTR "=" ) ) ) + { + val = cargv[ i ] + STRLENOF( BINDDNSTR "=" ); si->si_binddn = ch_strdup( val ); - } else if ( !strncasecmp( cargv[ i ], - CREDSTR, sizeof( CREDSTR ) - 1 ) ) { - val = cargv[ i ] + sizeof( CREDSTR ); + } else if ( !strncasecmp( cargv[ i ], CREDSTR "=", + STRLENOF( CREDSTR "=" ) ) ) + { + val = cargv[ i ] + STRLENOF( CREDSTR "=" ); si->si_passwd = ch_strdup( val ); - } else if ( !strncasecmp( cargv[ i ], - SASLMECHSTR, sizeof( SASLMECHSTR ) - 1 ) ) { - val = cargv[ i ] + sizeof( SASLMECHSTR ); + } else if ( !strncasecmp( cargv[ i ], SASLMECHSTR "=", + STRLENOF( SASLMECHSTR "=" ) ) ) + { + val = cargv[ i ] + STRLENOF( SASLMECHSTR "=" ); si->si_saslmech = ch_strdup( val ); - } else if ( !strncasecmp( cargv[ i ], - SECPROPSSTR, sizeof( SECPROPSSTR ) - 1 ) ) { - val = cargv[ i ] + sizeof( SECPROPSSTR ); + } else if ( !strncasecmp( cargv[ i ], SECPROPSSTR "=", + STRLENOF( SECPROPSSTR "=" ) ) ) + { + val = cargv[ i ] + STRLENOF( SECPROPSSTR "=" ); si->si_secprops = ch_strdup( val ); - } else if ( !strncasecmp( cargv[ i ], - REALMSTR, sizeof( REALMSTR ) - 1 ) ) { - val = cargv[ i ] + sizeof( REALMSTR ); + } else if ( !strncasecmp( cargv[ i ], REALMSTR "=", + STRLENOF( REALMSTR "=" ) ) ) + { + val = cargv[ i ] + STRLENOF( REALMSTR "=" ); si->si_realm = ch_strdup( val ); - } else if ( !strncasecmp( cargv[ i ], - AUTHCSTR, sizeof( AUTHCSTR ) - 1 ) ) { - val = cargv[ i ] + sizeof( AUTHCSTR ); + } else if ( !strncasecmp( cargv[ i ], AUTHCSTR "=", + STRLENOF( AUTHCSTR "=" ) ) ) + { + val = cargv[ i ] + STRLENOF( AUTHCSTR "=" ); + if ( si->si_authcId ) + ch_free( si->si_authcId ); si->si_authcId = ch_strdup( val ); - } else if ( !strncasecmp( cargv[ i ], - OLDAUTHCSTR, sizeof( OLDAUTHCSTR ) - 1 ) ) { + } else if ( !strncasecmp( cargv[ i ], OLDAUTHCSTR "=", + STRLENOF( OLDAUTHCSTR "=" ) ) ) + { /* Old authcID is provided for some backwards compatibility */ - val = cargv[ i ] + sizeof( OLDAUTHCSTR ); + val = cargv[ i ] + STRLENOF( OLDAUTHCSTR "=" ); + if ( si->si_authcId ) + ch_free( si->si_authcId ); si->si_authcId = ch_strdup( val ); - } else if ( !strncasecmp( cargv[ i ], - AUTHZSTR, sizeof( AUTHZSTR ) - 1 ) ) { - val = cargv[ i ] + sizeof( AUTHZSTR ); + } else if ( !strncasecmp( cargv[ i ], AUTHZSTR "=", + STRLENOF( AUTHZSTR "=" ) ) ) + { + val = cargv[ i ] + STRLENOF( AUTHZSTR "=" ); si->si_authzId = ch_strdup( val ); - } else if ( !strncasecmp( cargv[ i ], - SCHEMASTR, sizeof( SCHEMASTR ) - 1 ) ) + } else if ( !strncasecmp( cargv[ i ], SCHEMASTR "=", + STRLENOF( SCHEMASTR "=" ) ) ) { - val = cargv[ i ] + sizeof( SCHEMASTR ); - if ( !strncasecmp( val, "on", sizeof( "on" ) - 1 )) { + val = cargv[ i ] + STRLENOF( SCHEMASTR "=" ); + if ( !strncasecmp( val, "on", STRLENOF( "on" ) )) { si->si_schemachecking = 1; - } else if ( !strncasecmp( val, "off", sizeof( "off" ) - 1 ) ) { + } else if ( !strncasecmp( val, "off", STRLENOF( "off" ) ) ) { si->si_schemachecking = 0; } else { si->si_schemachecking = 1; } - } else if ( !strncasecmp( cargv[ i ], - FILTERSTR, sizeof( FILTERSTR ) - 1 ) ) + } else if ( !strncasecmp( cargv[ i ], FILTERSTR "=", + STRLENOF( FILTERSTR "=" ) ) ) { - val = cargv[ i ] + sizeof( FILTERSTR ); + val = cargv[ i ] + STRLENOF( FILTERSTR "=" ); ber_str2bv( val, 0, 1, &si->si_filterstr ); - } else if ( !strncasecmp( cargv[ i ], - SEARCHBASESTR, sizeof( SEARCHBASESTR ) - 1 ) ) + } else if ( !strncasecmp( cargv[ i ], SEARCHBASESTR "=", + STRLENOF( SEARCHBASESTR "=" ) ) ) { struct berval bv; - val = cargv[ i ] + sizeof( SEARCHBASESTR ); + val = cargv[ i ] + STRLENOF( SEARCHBASESTR "=" ); if ( si->si_base.bv_val ) { ch_free( si->si_base.bv_val ); } ber_str2bv( val, 0, 0, &bv ); if ( dnNormalize( 0, NULL, NULL, &bv, &si->si_base, NULL )) { fprintf( stderr, "Invalid base DN \"%s\"\n", val ); - return 1; + return -1; } - } else if ( !strncasecmp( cargv[ i ], - SCOPESTR, sizeof( SCOPESTR ) - 1 ) ) + } else if ( !strncasecmp( cargv[ i ], SCOPESTR "=", + STRLENOF( SCOPESTR "=" ) ) ) { - val = cargv[ i ] + sizeof( SCOPESTR ); - if ( !strncasecmp( val, "base", sizeof( "base" ) - 1 )) { + val = cargv[ i ] + STRLENOF( SCOPESTR "=" ); + if ( !strncasecmp( val, "base", STRLENOF( "base" ) )) { si->si_scope = LDAP_SCOPE_BASE; - } else if ( !strncasecmp( val, "one", sizeof( "one" ) - 1 )) { + } else if ( !strncasecmp( val, "one", STRLENOF( "one" ) )) { si->si_scope = LDAP_SCOPE_ONELEVEL; #ifdef LDAP_SCOPE_SUBORDINATE } else if ( !strcasecmp( val, "subordinate" ) || @@ -3109,42 +2612,96 @@ parse_syncrepl_line( { si->si_scope = LDAP_SCOPE_SUBORDINATE; #endif - } else if ( !strncasecmp( val, "sub", sizeof( "sub" ) - 1 )) { + } else if ( !strncasecmp( val, "sub", STRLENOF( "sub" ) )) { si->si_scope = LDAP_SCOPE_SUBTREE; } else { fprintf( stderr, "Error: parse_syncrepl_line: " "unknown scope \"%s\"\n", val); - return 1; + return -1; } - } else if ( !strncasecmp( cargv[ i ], - ATTRSONLYSTR, sizeof( ATTRSONLYSTR ) - 1 ) ) + } else if ( !strncasecmp( cargv[ i ], ATTRSONLYSTR "=", + STRLENOF( ATTRSONLYSTR "=" ) ) ) { si->si_attrsonly = 1; - } else if ( !strncasecmp( cargv[ i ], - ATTRSSTR, sizeof( ATTRSSTR ) - 1 ) ) + } else if ( !strncasecmp( cargv[ i ], ATTRSSTR "=", + STRLENOF( ATTRSSTR "=" ) ) ) + { + val = cargv[ i ] + STRLENOF( ATTRSSTR "=" ); + if ( !strncasecmp( val, ":include:", STRLENOF(":include:") ) ) { + char *attr_fname; + attr_fname = ch_strdup( val + STRLENOF(":include:") ); + si->si_anlist = file2anlist( si->si_anlist, attr_fname, " ,\t" ); + if ( si->si_anlist == NULL ) { + ch_free( attr_fname ); + return -1; + } + ch_free( attr_fname ); + } else { + char *str, *s, *next; + char delimstr[] = " ,\t"; + str = ch_strdup( val ); + for ( s = ldap_pvt_strtok( str, delimstr, &next ); + s != NULL; + s = ldap_pvt_strtok( NULL, delimstr, &next ) ) + { + if ( strlen(s) == 1 && *s == '*' ) { + si->si_allattrs = 1; + *(val + ( s - str )) = delimstr[0]; + } + if ( strlen(s) == 1 && *s == '+' ) { + si->si_allopattrs = 1; + *(val + ( s - str )) = delimstr[0]; + } + } + ch_free( str ); + si->si_anlist = str2anlist( si->si_anlist, val, " ,\t" ); + if ( si->si_anlist == NULL ) { + return -1; + } + } + } else if ( !strncasecmp( cargv[ i ], EXATTRSSTR "=", + STRLENOF( EXATTRSSTR "=" ) ) ) { - val = cargv[ i ] + sizeof( ATTRSSTR ); - str2clist( &si->si_attrs, val, "," ); - } else if ( !strncasecmp( cargv[ i ], - TYPESTR, sizeof( TYPESTR ) - 1 ) ) + val = cargv[ i ] + STRLENOF( EXATTRSSTR "=" ); + if ( !strncasecmp( val, ":include:", STRLENOF(":include:") )) { + char *attr_fname; + attr_fname = ch_strdup( val + STRLENOF(":include:") ); + si->si_exanlist = file2anlist( + si->si_exanlist, attr_fname, " ,\t" ); + if ( si->si_exanlist == NULL ) { + ch_free( attr_fname ); + return -1; + } + ch_free( attr_fname ); + } else { + int j; + si->si_exanlist = str2anlist( si->si_exanlist, val, " ,\t" ); + if ( si->si_exanlist == NULL ) { + return -1; + } + } + } else if ( !strncasecmp( cargv[ i ], TYPESTR "=", + STRLENOF( TYPESTR "=" ) ) ) { - val = cargv[ i ] + sizeof( TYPESTR ); - if ( !strncasecmp( val, "refreshOnly", sizeof("refreshOnly")-1 )) { + val = cargv[ i ] + STRLENOF( TYPESTR "=" ); + if ( !strncasecmp( val, "refreshOnly", + STRLENOF("refreshOnly") )) + { si->si_type = LDAP_SYNC_REFRESH_ONLY; } else if ( !strncasecmp( val, "refreshAndPersist", - sizeof("refreshAndPersist")-1 )) + STRLENOF("refreshAndPersist") )) { si->si_type = LDAP_SYNC_REFRESH_AND_PERSIST; si->si_interval = 60; } else { fprintf( stderr, "Error: parse_syncrepl_line: " "unknown sync type \"%s\"\n", val); - return 1; + return -1; } - } else if ( !strncasecmp( cargv[ i ], - INTERVALSTR, sizeof( INTERVALSTR ) - 1 ) ) + } else if ( !strncasecmp( cargv[ i ], INTERVALSTR "=", + STRLENOF( INTERVALSTR "=" ) ) ) { - val = cargv[ i ] + sizeof( INTERVALSTR ); + val = cargv[ i ] + STRLENOF( INTERVALSTR "=" ); if ( si->si_type == LDAP_SYNC_REFRESH_AND_PERSIST ) { si->si_interval = 0; } else { @@ -3158,21 +2715,21 @@ parse_syncrepl_line( if ( hstr == NULL ) { fprintf( stderr, "Error: parse_syncrepl_line: " "invalid interval \"%s\"\n", val ); - return 1; + return -1; } *hstr++ = '\0'; mstr = strchr( hstr, ':' ); if ( mstr == NULL ) { fprintf( stderr, "Error: parse_syncrepl_line: " "invalid interval \"%s\"\n", val ); - return 1; + return -1; } *mstr++ = '\0'; sstr = strchr( mstr, ':' ); if ( sstr == NULL ) { fprintf( stderr, "Error: parse_syncrepl_line: " "invalid interval \"%s\"\n", val ); - return 1; + return -1; } *sstr++ = '\0'; @@ -3185,7 +2742,7 @@ parse_syncrepl_line( ( ss > 60 ) || ( ss < 0 ) || ( dd < 0 )) { fprintf( stderr, "Error: parse_syncrepl_line: " "invalid interval \"%s\"\n", val ); - return 1; + return -1; } si->si_interval = (( dd * 24 + hh ) * 60 + mm ) * 60 + ss; } @@ -3193,26 +2750,74 @@ parse_syncrepl_line( fprintf( stderr, "Error: parse_syncrepl_line: " "invalid interval \"%ld\"\n", (long) si->si_interval); - return 1; + return -1; } - } else if ( !strncasecmp( cargv[ i ], - MANAGEDSAITSTR, sizeof( MANAGEDSAITSTR ) - 1 ) ) + } else if ( !strncasecmp( cargv[ i ], RETRYSTR "=", + STRLENOF( RETRYSTR "=" ) ) ) { - val = cargv[ i ] + sizeof( MANAGEDSAITSTR ); + char *str; + char **retry_list; + int j, k, n; + + val = cargv[ i ] + STRLENOF( RETRYSTR "=" ); + retry_list = (char **) ch_calloc( 1, sizeof( char * )); + retry_list[0] = NULL; + + slap_str2clist( &retry_list, val, " ,\t" ); + + for ( k = 0; retry_list && retry_list[k]; k++ ) ; + n = k / 2; + if ( k % 2 ) { + fprintf( stderr, + "Error: incomplete syncrepl retry list\n" ); + for ( k = 0; retry_list && retry_list[k]; k++ ) { + ch_free( retry_list[k] ); + } + ch_free( retry_list ); + exit( EXIT_FAILURE ); + } + si->si_retryinterval = (time_t *) ch_calloc( n + 1, sizeof( time_t )); + si->si_retrynum = (int *) ch_calloc( n + 1, sizeof( int )); + si->si_retrynum_init = (int *) ch_calloc( n + 1, sizeof( int )); + for ( j = 0; j < n; j++ ) { + si->si_retryinterval[j] = atoi( retry_list[j*2] ); + if ( *retry_list[j*2+1] == '+' ) { + si->si_retrynum_init[j] = -1; + si->si_retrynum[j] = -1; + j++; + break; + } else { + si->si_retrynum_init[j] = atoi( retry_list[j*2+1] ); + si->si_retrynum[j] = atoi( retry_list[j*2+1] ); + } + } + si->si_retrynum_init[j] = -2; + si->si_retrynum[j] = -2; + si->si_retryinterval[j] = 0; + + for ( k = 0; retry_list && retry_list[k]; k++ ) { + ch_free( retry_list[k] ); + } + ch_free( retry_list ); + } else if ( !strncasecmp( cargv[ i ], MANAGEDSAITSTR "=", + STRLENOF( MANAGEDSAITSTR "=" ) ) ) + { + val = cargv[ i ] + STRLENOF( MANAGEDSAITSTR "=" ); si->si_manageDSAit = atoi( val ); - } else if ( !strncasecmp( cargv[ i ], - SLIMITSTR, sizeof( SLIMITSTR ) - 1 ) ) + } else if ( !strncasecmp( cargv[ i ], SLIMITSTR "=", + STRLENOF( SLIMITSTR "=") ) ) { - val = cargv[ i ] + sizeof( SLIMITSTR ); + val = cargv[ i ] + STRLENOF( SLIMITSTR "=" ); si->si_slimit = atoi( val ); - } else if ( !strncasecmp( cargv[ i ], - TLIMITSTR, sizeof( TLIMITSTR ) - 1 ) ) + } else if ( !strncasecmp( cargv[ i ], TLIMITSTR "=", + STRLENOF( TLIMITSTR "=" ) ) ) { - val = cargv[ i ] + sizeof( TLIMITSTR ); + val = cargv[ i ] + STRLENOF( TLIMITSTR "=" ); si->si_tlimit = atoi( val ); } else { fprintf( stderr, "Error: parse_syncrepl_line: " "unknown keyword \"%s\"\n", cargv[ i ] ); + return -1; } } @@ -3226,7 +2831,7 @@ parse_syncrepl_line( } char ** -str2clist( char ***out, char *in, const char *brkstr ) +slap_str2clist( char ***out, char *in, const char *brkstr ) { char *str; char *s; @@ -3236,7 +2841,7 @@ str2clist( char ***out, char *in, const char *brkstr ) char **new; /* find last element in list */ - for (i = 0; *out && *out[i]; i++); + for (i = 0; *out && (*out)[i]; i++); /* protect the input string from strtok */ str = ch_strdup( in ); @@ -3268,3 +2873,4 @@ str2clist( char ***out, char *in, const char *brkstr ) free( str ); return( *out ); } +