X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=servers%2Fslapd%2Fmain.c;h=fa008ee2cff64d22bd77aa1d9b08ab38746e3e14;hb=7fe91339dfd08d6c4168c8493f5c1f0faca6ba54;hp=8b1ee9c9c6300cd01aef7a657f6ef554e21be8e5;hpb=c3f9d6802712140407ec44723d976e6baad75c1e;p=openldap

diff --git a/servers/slapd/main.c b/servers/slapd/main.c
index 8b1ee9c9c6..fa008ee2cf 100644
--- a/servers/slapd/main.c
+++ b/servers/slapd/main.c
@@ -1,7 +1,7 @@
 /* $OpenLDAP$ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -98,8 +98,9 @@ const char Versionstr[] =
 	OPENLDAP_PACKAGE " " OPENLDAP_VERSION " Standalone LDAP Server (slapd)";
 #endif
 
-#define CHECK_NONE	0x00
-#define CHECK_CONFIG	0x01
+#define	CHECK_NONE	0x00
+#define	CHECK_CONFIG	0x01
+#define	CHECK_LOGLEVEL	0x02
 static int check = CHECK_NONE;
 static int version = 0;
 
@@ -304,7 +305,7 @@ usage( char *name )
 		"\t-g group\tGroup (id or name) to run as\n"
 #endif
 		"\t-h URLs\t\tList of URLs to serve\n"
-#ifdef LOG_LOCAL4
+#ifdef SLAP_DEFAULT_SYSLOG_USER
 		"\t-l facility\tSyslog facility (default: LOCAL4)\n"
 #endif
 		"\t-n serverName\tService name\n"
@@ -347,7 +348,7 @@ int main( int argc, char **argv )
 #if defined(HAVE_CHROOT)
 	char *sandbox = NULL;
 #endif
-#ifdef LOG_LOCAL4
+#ifdef SLAP_DEFAULT_SYSLOG_USER
 	int syslogUser = SLAP_DEFAULT_SYSLOG_USER;
 #endif
 	
@@ -369,6 +370,7 @@ int main( int argc, char **argv )
 	size_t	l;
 
 	int slapd_pid_file_unlink = 0, slapd_args_file_unlink = 0;
+	int firstopt = 1;
 
 #ifdef CSRIMALLOC
 	FILE *leakfile;
@@ -394,7 +396,7 @@ int main( int argc, char **argv )
 
 #ifdef HAVE_NT_SERVICE_MANAGER
 	{
-		int *i;
+		int *ip;
 		char *newConfigFile;
 		char *newConfigDir;
 		char *newUrls;
@@ -406,9 +408,9 @@ int main( int argc, char **argv )
 			    regService = serverName;
 		}
 
-		i = (int*)lutil_getRegParam( regService, "DebugLevel" );
-		if ( i != NULL ) {
-			slap_debug = *i;
+		ip = (int*)lutil_getRegParam( regService, "DebugLevel" );
+		if ( ip != NULL ) {
+			slap_debug = *ip;
 			Debug( LDAP_DEBUG_ANY,
 				"new debug level from registry is: %d\n", slap_debug, 0, 0 );
 		}
@@ -439,7 +441,7 @@ int main( int argc, char **argv )
 
 	while ( (i = getopt( argc, argv,
 			     "c:d:f:F:h:n:o:s:tT:V"
-#if LDAP_PF_INET6
+#ifdef LDAP_PF_INET6
 				"46"
 #endif
 #ifdef HAVE_CHROOT
@@ -502,8 +504,8 @@ int main( int argc, char **argv )
 			int	level = 0;
 
 			if ( strcmp( optarg, "?" ) == 0 ) {
-				rc = loglevel_print( stdout );
-				goto destroy;
+				check |= CHECK_LOGLEVEL;
+				break;
 			}
 
 			no_detach = 1;
@@ -530,7 +532,6 @@ int main( int argc, char **argv )
 		case 'o': {
 			char		*val = strchr( optarg, '=' );
 			struct berval	opt;
-			int		i;
 
 			opt.bv_val = optarg;
 			
@@ -563,8 +564,8 @@ int main( int argc, char **argv )
 
 		case 's':	/* set syslog level */
 			if ( strcmp( optarg, "?" ) == 0 ) {
-				rc = loglevel_print( stdout );
-				goto destroy;
+				check |= CHECK_LOGLEVEL;
+				break;
 			}
 
 			if ( parse_debug_level( optarg, &ldap_syslog, &syslog_unknowns ) ) {
@@ -623,6 +624,12 @@ int main( int argc, char **argv )
 			break;
 
 		case 'T':
+			if ( firstopt == 0 ) {
+				fprintf( stderr, "warning: \"-T %s\" "
+					"should be the first option.\n",
+					optarg );
+			}
+
 			/* try full option string first */
 			for ( i = 0; tools[i].name; i++ ) {
 				if ( strcmp( optarg, &tools[i].name[4] ) == 0 ) {
@@ -653,6 +660,10 @@ unhandled_option:;
 			SERVICE_EXIT( ERROR_SERVICE_SPECIFIC_ERROR, 15 );
 			goto stop;
 		}
+
+		if ( firstopt ) {
+			firstopt = 0;
+		}
 	}
 
 	ber_set_option(NULL, LBER_OPT_DEBUG_LEVEL, &slap_debug);
@@ -664,6 +675,7 @@ unhandled_option:;
 		if ( version > 1 ) goto stop;
 	}
 
+#if defined(LDAP_DEBUG) && defined(LDAP_SYSLOG)
 	{
 		char *logName;
 #ifdef HAVE_EBCDIC
@@ -675,16 +687,19 @@ unhandled_option:;
 
 #ifdef LOG_LOCAL4
 		openlog( logName, OPENLOG_OPTIONS, syslogUser );
-#elif LOG_DEBUG
+#elif defined LOG_DEBUG
 		openlog( logName, OPENLOG_OPTIONS );
 #endif
 #ifdef HAVE_EBCDIC
 		free( logName );
 #endif
 	}
+#endif /* LDAP_DEBUG && LDAP_SYSLOG */
 
 	Debug( LDAP_DEBUG_ANY, "%s", Versionstr, 0, 0 );
 
+	global_host = ldap_pvt_get_fqdn( NULL );
+
 	if( check == CHECK_NONE && slapd_daemon_init( urls ) != 0 ) {
 		rc = 1;
 		SERVICE_EXIT( ERROR_SERVICE_SPECIFIC_ERROR, 16 );
@@ -714,7 +729,6 @@ unhandled_option:;
 
 	extops_init();
 	lutil_passwd_init();
-	slap_op_init();
 
 #ifdef HAVE_TLS
 	rc = ldap_create( &slap_tls_ld );
@@ -722,6 +736,13 @@ unhandled_option:;
 		SERVICE_EXIT( ERROR_SERVICE_SPECIFIC_ERROR, 20 );
 		goto destroy;
 	}
+	/* Library defaults to full certificate checking. This is correct when
+	 * a client is verifying a server because all servers should have a
+	 * valid cert. But few clients have valid certs, so we want our default
+	 * to be no checking. The config file can override this as usual.
+	 */
+	rc = LDAP_OPT_X_TLS_NEVER;
+	(void) ldap_pvt_tls_set_option( slap_tls_ld, LDAP_OPT_X_TLS_REQUIRE_CERT, &rc );
 #endif
 
 	rc = slap_init( serverMode, serverName );
@@ -754,6 +775,11 @@ unhandled_option:;
 		syslog_unknowns = NULL;
 		if ( rc )
 			goto destroy;
+	}	
+
+	if ( check & CHECK_LOGLEVEL ) {
+		rc = 0;
+		goto destroy;
 	}
 
 	if ( check & CHECK_CONFIG ) {
@@ -766,7 +792,7 @@ unhandled_option:;
 		}
 	}
 
-	if ( glue_sub_attach( ) != 0 ) {
+	if ( glue_sub_attach( 0 ) != 0 ) {
 		Debug( LDAP_DEBUG_ANY,
 		    "subordinate config error\n",
 		    0, 0, 0 );
@@ -813,6 +839,12 @@ unhandled_option:;
 	}
 #endif
 
+#ifdef HAVE_CYRUS_SASL
+	if( sasl_host == NULL ) {
+		sasl_host = ch_strdup( global_host );
+	}
+#endif
+
 	(void) SIGNAL( LDAP_SIGUSR1, slap_sig_wake );
 	(void) SIGNAL( LDAP_SIGUSR2, slap_sig_shutdown );
 
@@ -897,6 +929,8 @@ unhandled_option:;
 	 */
 	time( &starttime );
 
+	connections_init();
+
 	if ( slap_startup( NULL ) != 0 ) {
 		rc = 1;
 		SERVICE_EXIT( ERROR_SERVICE_SPECIFIC_ERROR, 21 );
@@ -924,6 +958,9 @@ shutdown:
 	rc |= slap_shutdown( NULL );
 
 destroy:
+	if ( check & CHECK_LOGLEVEL ) {
+		(void)loglevel_print( stdout );
+	}
 	/* remember an error during destroy */
 	rc |= slap_destroy();
 
@@ -937,8 +974,6 @@ destroy:
 	module_kill();
 #endif
 
-	slap_op_destroy();
-
 	extops_kill();
 
 	supported_feature_destroy();
@@ -964,13 +999,15 @@ stop:
 
 	controls_destroy();
 
+	filter_destroy();
+
 	schema_destroy();
 
 	lutil_passwd_destroy();
 
 #ifdef HAVE_TLS
 	if ( slap_tls_ld ) {
-		SSL_CTX_free( slap_tls_ctx );
+		ldap_pvt_tls_ctx_free( slap_tls_ctx );
 		ldap_unbind_ext( slap_tls_ld, NULL, NULL );
 	}
 	ldap_pvt_tls_destroy();
@@ -993,6 +1030,8 @@ stop:
 		ch_free( configdir );
 	if ( urls )
 		ch_free( urls );
+	if ( global_host )
+		ch_free( global_host );
 
 	/* kludge, get symbols referenced */
 	tavl_free( NULL, NULL );