X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=servers%2Fslapd%2Fconfig.c;h=d3619af88924439ffdd6bbd6374e08adb490b455;hb=ef3d895cb80a5b0830817ffaa5dc0a92edd93723;hp=d89f9cb21b395cc0b5b23678346ec0156a04ab83;hpb=19eca33ca311d002bf94f21a084b985b4f5efc45;p=openldap diff --git a/servers/slapd/config.c b/servers/slapd/config.c index d89f9cb21b..d3619af889 100644 --- a/servers/slapd/config.c +++ b/servers/slapd/config.c @@ -61,9 +61,6 @@ char *slapd_args_file = NULL; char *strtok_quote_ptr; -int nSaslRegexp = 0; -SaslRegexp_t *SaslRegexp = NULL; - #ifdef SLAPD_RLOOKUPS int use_reverse_lookup = 1; #else /* !SLAPD_RLOOKUPS */ @@ -561,128 +558,12 @@ read_config( const char *fname ) lutil_salt_format( cargv[1] ); - /* set SASL host */ - } else if ( strcasecmp( cargv[0], "sasl-host" ) == 0 ) { - if ( cargc < 2 ) { -#ifdef NEW_LOGGING - LDAP_LOG(( "config", LDAP_LEVEL_CRIT, - "%s: line %d: missing host in \"sasl-host \" line\n", - fname, lineno )); -#else - Debug( LDAP_DEBUG_ANY, - "%s: line %d: missing host in \"sasl-host \" line\n", - fname, lineno, 0 ); -#endif - - return( 1 ); - } - - if ( global_host != NULL ) { -#ifdef NEW_LOGGING - LDAP_LOG(( "config", LDAP_LEVEL_CRIT, - "%s: line %d: already set sasl-host!\n", - fname, lineno )); -#else - Debug( LDAP_DEBUG_ANY, - "%s: line %d: already set sasl-host!\n", - fname, lineno, 0 ); -#endif - - return 1; - - } else { - global_host = ch_strdup( cargv[1] ); - } - - /* set SASL realm */ - } else if ( strcasecmp( cargv[0], "sasl-realm" ) == 0 ) { - if ( cargc < 2 ) { -#ifdef NEW_LOGGING - LDAP_LOG(( "config", LDAP_LEVEL_CRIT, - "%s: line %d: missing realm in \"sasl-realm \" line.\n", - fname, lineno )); -#else - Debug( LDAP_DEBUG_ANY, - "%s: line %d: missing realm in \"sasl-realm \" line\n", - fname, lineno, 0 ); -#endif - - return( 1 ); - } - - if ( global_realm != NULL ) { -#ifdef NEW_LOGGING - LDAP_LOG(( "config", LDAP_LEVEL_CRIT, - "%s: line %d: already set sasl-realm!\n", - fname, lineno )); -#else - Debug( LDAP_DEBUG_ANY, - "%s: line %d: already set sasl-realm!\n", - fname, lineno, 0 ); -#endif - - return 1; - - } else { - global_realm = ch_strdup( cargv[1] ); - } - - } else if ( !strcasecmp( cargv[0], "sasl-regexp" ) - || !strcasecmp( cargv[0], "saslregexp" ) ) - { - int rc; - if ( cargc != 3 ) { -#ifdef NEW_LOGGING - LDAP_LOG(( "config", LDAP_LEVEL_CRIT, - "%s: line %d: need 2 args in " - "\"saslregexp \"\n", - fname, lineno )); -#else - Debug( LDAP_DEBUG_ANY, - "%s: line %d: need 2 args in \"saslregexp \"\n", - fname, lineno, 0 ); -#endif - - return( 1 ); - } - rc = slap_sasl_regexp_config( cargv[1], cargv[2] ); - if ( rc ) { - return rc; - } - - /* SASL security properties */ - } else if ( strcasecmp( cargv[0], "sasl-secprops" ) == 0 ) { - char *txt; - - if ( cargc < 2 ) { -#ifdef NEW_LOGGING - LDAP_LOG(( "config", LDAP_LEVEL_CRIT, - "%s: line %d: missing flags in " - "\"sasl-secprops \" line\n", - fname, lineno )); -#else - Debug( LDAP_DEBUG_ANY, - "%s: line %d: missing flags in \"sasl-secprops \" line\n", - fname, lineno, 0 ); -#endif - +#ifdef HAVE_CYRUS_SASL + /* SASL config options */ + } else if ( strncasecmp( cargv[0], "sasl", 4 ) == 0 ) { + if ( slap_sasl_config( cargc, cargv, line, fname, lineno ) ) return 1; - } - - txt = slap_sasl_secprops( cargv[1] ); - if ( txt != NULL ) { -#ifdef NEW_LOGGING - LDAP_LOG(( "config", LDAP_LEVEL_CRIT, - "%s: line %d sas-secprops: %s\n", - fname, lineno, txt )); -#else - Debug( LDAP_DEBUG_ANY, - "%s: line %d: sasl-secprops: %s\n", - fname, lineno, txt ); -#endif - - return 1; - } +#endif /* HAVE_CYRUS_SASL */ /* set UCDATA path */ } else if ( strcasecmp( cargv[0], "ucdata-path" ) == 0 ) { @@ -850,12 +731,14 @@ read_config( const char *fname ) #ifdef NEW_LOGGING LDAP_LOG(( "config", LDAP_LEVEL_INFO, "%s: line %d: " "subordinate keyword must appear inside a database " - "definition (ignored).\n", fname, lineno )); + "definition.\n", fname, lineno )); #else Debug( LDAP_DEBUG_ANY, "%s: line %d: suffix line " - "must appear inside a database definition (ignored)\n", + "must appear inside a database definition.\n", fname, lineno, 0 ); #endif + return 1; + } else { be->be_flags |= SLAP_BFLAG_GLUE_SUBORDINATE; num_subordinates++; @@ -1016,8 +899,8 @@ read_config( const char *fname ) "\"suffixAlias \" line\n", fname, lineno, 0 ); #endif - return( 1 ); + } else if ( cargc > 3 ) { #ifdef NEW_LOGGING LDAP_LOG(( "config", LDAP_LEVEL_CRIT, @@ -1028,20 +911,20 @@ read_config( const char *fname ) "%s: line %d: extra cruft in suffixAlias line (ignored)\n", fname, lineno, 0 ); #endif - } if ( be == NULL ) { #ifdef NEW_LOGGING LDAP_LOG(( "config", LDAP_LEVEL_INFO, "%s: line %d: suffixAlias line must appear inside a " - "database definition (ignored).\n", fname, lineno )); + "database definition.\n", fname, lineno )); #else Debug( LDAP_DEBUG_ANY, "%s: line %d: suffixAlias line" - " must appear inside a database definition (ignored)\n", + " must appear inside a database definition.\n", fname, lineno, 0 ); #endif + return 1; } if ( load_ucdata( NULL ) < 0 ) return 1; @@ -1141,23 +1024,25 @@ read_config( const char *fname ) #ifdef NEW_LOGGING LDAP_LOG(( "config", LDAP_LEVEL_INFO, "%s: line %d: depth line must appear inside a database " - "definition (ignored)\n", fname, lineno )); + "definition.\n", fname, lineno )); #else Debug( LDAP_DEBUG_ANY, -"%s: line %d: depth line must appear inside a database definition (ignored)\n", +"%s: line %d: depth line must appear inside a database definition.\n", fname, lineno, 0 ); #endif + return 1; } else if ((i = atoi(cargv[1])) < 0) { #ifdef NEW_LOGGING LDAP_LOG(( "config", LDAP_LEVEL_INFO, - "%s: line %d: depth must be positive (ignored).\n", + "%s: line %d: depth must be positive.\n", fname, lineno )); #else Debug( LDAP_DEBUG_ANY, -"%s: line %d: depth must be positive (ignored)\n", +"%s: line %d: depth must be positive.\n", fname, lineno, 0 ); #endif + return 1; } else { @@ -1180,16 +1065,18 @@ read_config( const char *fname ) return( 1 ); } + if ( be == NULL ) { #ifdef NEW_LOGGING LDAP_LOG(( "config", LDAP_LEVEL_INFO, "%s: line %d: rootdn line must appear inside a database " - "definition (ignored).\n", fname, lineno )); + "definition.\n", fname, lineno )); #else Debug( LDAP_DEBUG_ANY, -"%s: line %d: rootdn line must appear inside a database definition (ignored)\n", +"%s: line %d: rootdn line must appear inside a database definition.\n", fname, lineno, 0 ); #endif + return 1; } else { struct berval dn; @@ -1222,28 +1109,47 @@ read_config( const char *fname ) if ( cargc < 2 ) { #ifdef NEW_LOGGING LDAP_LOG(( "config", LDAP_LEVEL_CRIT, - "%s: line %d: missing passwd in \"rootpw \"" - " line\n", fname, lineno )); + "%s: line %d: missing passwd in \"rootpw \"" + " line\n", fname, lineno )); #else - Debug( LDAP_DEBUG_ANY, - "%s: line %d: missing passwd in \"rootpw \" line\n", + Debug( LDAP_DEBUG_ANY, "%s: line %d: " + "missing passwd in \"rootpw \" line\n", fname, lineno, 0 ); #endif return( 1 ); } + if ( be == NULL ) { #ifdef NEW_LOGGING - LDAP_LOG(( "config", LDAP_LEVEL_INFO, - "%s: line %d: rootpw line must appear inside a database " - "definition (ignored)\n", fname, lineno )); + LDAP_LOG(( "config", LDAP_LEVEL_INFO, "%s: line %d: " + "rootpw line must appear inside a database " + "definition.\n", fname, lineno )); #else - Debug( LDAP_DEBUG_ANY, -"%s: line %d: rootpw line must appear inside a database definition (ignored)\n", + Debug( LDAP_DEBUG_ANY, "%s: line %d: " + "rootpw line must appear inside a database " + "definition.\n", fname, lineno, 0 ); #endif + return 1; } else { + Backend *tmp_be = select_backend( &be->be_rootndn, 0, 0 ); + + if( tmp_be != be ) { +#ifdef NEW_LOGGING + LDAP_LOG(( "config", LDAP_LEVEL_INFO, + "%s: line %d: " + "rootpw can only be set when rootdn is under suffix\n" + fname, lineno )); +#else + Debug( LDAP_DEBUG_ANY, "%s: line %d: " + "rootpw can only be set when rootdn is under suffix\n", + fname, lineno, 0 ); +#endif + return 1; + } + be->be_rootpw.bv_val = ch_strdup( cargv[1] ); be->be_rootpw.bv_len = strlen( be->be_rootpw.bv_val ); } @@ -1383,6 +1289,9 @@ read_config( const char *fname ) } else if( strcasecmp( cargv[i], "bind_simple" ) == 0 ) { disallows |= SLAP_DISALLOW_BIND_SIMPLE; + } else if( strcasecmp( cargv[i], "bind_simple_unprotected" ) == 0 ) { + disallows |= SLAP_DISALLOW_BIND_SIMPLE_UNPROTECTED; + } else if( strcasecmp( cargv[i], "bind_krbv4" ) == 0 ) { disallows |= SLAP_DISALLOW_BIND_KRBV4; @@ -1754,12 +1663,13 @@ read_config( const char *fname ) #ifdef NEW_LOGGING LDAP_LOG(( "config", LDAP_LEVEL_INFO, "%s: line %d: replica line must appear inside " - "a database definition (ignored).\n", fname, lineno )); + "a database definition.\n", fname, lineno )); #else Debug( LDAP_DEBUG_ANY, -"%s: line %d: replica line must appear inside a database definition (ignored)\n", +"%s: line %d: replica line must appear inside a database definition\n", fname, lineno, 0 ); #endif + return 1; } else { int nr = -1; @@ -1775,27 +1685,28 @@ read_config( const char *fname ) if ( i == cargc ) { #ifdef NEW_LOGGING LDAP_LOG(( "config", LDAP_LEVEL_INFO, - "%s: line %d: missing host in \"replica\" " - "line (ignored)\n", fname, lineno )); + "%s: line %d: missing host in \"replica\" line\n", + fname, lineno )); #else Debug( LDAP_DEBUG_ANY, - "%s: line %d: missing host in \"replica\" line (ignored)\n", + "%s: line %d: missing host in \"replica\" line\n", fname, lineno, 0 ); #endif + return 1; } else if ( nr == -1 ) { #ifdef NEW_LOGGING LDAP_LOG(( "config", LDAP_LEVEL_INFO, "%s: line %d: unable to add" - " replica \"%s\"" - " (ignored)\n", + " replica \"%s\"\n", fname, lineno, cargv[i] + 5 )); #else Debug( LDAP_DEBUG_ANY, - "%s: line %d: unable to add replica \"%s\" (ignored)\n", + "%s: line %d: unable to add replica \"%s\"\n", fname, lineno, cargv[i] + 5 ); #endif + return 1; } else { for ( i = 1; i < cargc; i++ ) { if ( strncasecmp( cargv[i], "suffix=", 7 ) == 0 ) { @@ -1875,13 +1786,14 @@ read_config( const char *fname ) #ifdef NEW_LOGGING LDAP_LOG(( "config", LDAP_LEVEL_INFO, "%s: line %d: updatedn line must appear inside " - "a database definition (ignored)\n", + "a database definition\n", fname, lineno )); #else Debug( LDAP_DEBUG_ANY, -"%s: line %d: updatedn line must appear inside a database definition (ignored)\n", +"%s: line %d: updatedn line must appear inside a database definition\n", fname, lineno, 0 ); #endif + return 1; } else { struct berval dn;