X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=servers%2Fslapd%2Fmain.c;h=fa008ee2cff64d22bd77aa1d9b08ab38746e3e14;hb=7fe91339dfd08d6c4168c8493f5c1f0faca6ba54;hp=b18b8e0e07fd1c11cfff66556160bab076c48ea5;hpb=0787d0c4346c7fa94803759c0fba2fe63bbbdd48;p=openldap

diff --git a/servers/slapd/main.c b/servers/slapd/main.c
index b18b8e0e07..fa008ee2cf 100644
--- a/servers/slapd/main.c
+++ b/servers/slapd/main.c
@@ -1,7 +1,7 @@
 /* $OpenLDAP$ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2007 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -305,7 +305,7 @@ usage( char *name )
 		"\t-g group\tGroup (id or name) to run as\n"
 #endif
 		"\t-h URLs\t\tList of URLs to serve\n"
-#ifdef LOG_LOCAL4
+#ifdef SLAP_DEFAULT_SYSLOG_USER
 		"\t-l facility\tSyslog facility (default: LOCAL4)\n"
 #endif
 		"\t-n serverName\tService name\n"
@@ -348,7 +348,7 @@ int main( int argc, char **argv )
 #if defined(HAVE_CHROOT)
 	char *sandbox = NULL;
 #endif
-#ifdef LOG_LOCAL4
+#ifdef SLAP_DEFAULT_SYSLOG_USER
 	int syslogUser = SLAP_DEFAULT_SYSLOG_USER;
 #endif
 	
@@ -396,7 +396,7 @@ int main( int argc, char **argv )
 
 #ifdef HAVE_NT_SERVICE_MANAGER
 	{
-		int *i;
+		int *ip;
 		char *newConfigFile;
 		char *newConfigDir;
 		char *newUrls;
@@ -408,9 +408,9 @@ int main( int argc, char **argv )
 			    regService = serverName;
 		}
 
-		i = (int*)lutil_getRegParam( regService, "DebugLevel" );
-		if ( i != NULL ) {
-			slap_debug = *i;
+		ip = (int*)lutil_getRegParam( regService, "DebugLevel" );
+		if ( ip != NULL ) {
+			slap_debug = *ip;
 			Debug( LDAP_DEBUG_ANY,
 				"new debug level from registry is: %d\n", slap_debug, 0, 0 );
 		}
@@ -441,7 +441,7 @@ int main( int argc, char **argv )
 
 	while ( (i = getopt( argc, argv,
 			     "c:d:f:F:h:n:o:s:tT:V"
-#if LDAP_PF_INET6
+#ifdef LDAP_PF_INET6
 				"46"
 #endif
 #ifdef HAVE_CHROOT
@@ -532,7 +532,6 @@ int main( int argc, char **argv )
 		case 'o': {
 			char		*val = strchr( optarg, '=' );
 			struct berval	opt;
-			int		i;
 
 			opt.bv_val = optarg;
 			
@@ -676,6 +675,7 @@ unhandled_option:;
 		if ( version > 1 ) goto stop;
 	}
 
+#if defined(LDAP_DEBUG) && defined(LDAP_SYSLOG)
 	{
 		char *logName;
 #ifdef HAVE_EBCDIC
@@ -687,13 +687,14 @@ unhandled_option:;
 
 #ifdef LOG_LOCAL4
 		openlog( logName, OPENLOG_OPTIONS, syslogUser );
-#elif LOG_DEBUG
+#elif defined LOG_DEBUG
 		openlog( logName, OPENLOG_OPTIONS );
 #endif
 #ifdef HAVE_EBCDIC
 		free( logName );
 #endif
 	}
+#endif /* LDAP_DEBUG && LDAP_SYSLOG */
 
 	Debug( LDAP_DEBUG_ANY, "%s", Versionstr, 0, 0 );
 
@@ -728,7 +729,6 @@ unhandled_option:;
 
 	extops_init();
 	lutil_passwd_init();
-	slap_op_init();
 
 #ifdef HAVE_TLS
 	rc = ldap_create( &slap_tls_ld );
@@ -736,6 +736,13 @@ unhandled_option:;
 		SERVICE_EXIT( ERROR_SERVICE_SPECIFIC_ERROR, 20 );
 		goto destroy;
 	}
+	/* Library defaults to full certificate checking. This is correct when
+	 * a client is verifying a server because all servers should have a
+	 * valid cert. But few clients have valid certs, so we want our default
+	 * to be no checking. The config file can override this as usual.
+	 */
+	rc = LDAP_OPT_X_TLS_NEVER;
+	(void) ldap_pvt_tls_set_option( slap_tls_ld, LDAP_OPT_X_TLS_REQUIRE_CERT, &rc );
 #endif
 
 	rc = slap_init( serverMode, serverName );
@@ -785,7 +792,7 @@ unhandled_option:;
 		}
 	}
 
-	if ( glue_sub_attach( ) != 0 ) {
+	if ( glue_sub_attach( 0 ) != 0 ) {
 		Debug( LDAP_DEBUG_ANY,
 		    "subordinate config error\n",
 		    0, 0, 0 );
@@ -832,6 +839,12 @@ unhandled_option:;
 	}
 #endif
 
+#ifdef HAVE_CYRUS_SASL
+	if( sasl_host == NULL ) {
+		sasl_host = ch_strdup( global_host );
+	}
+#endif
+
 	(void) SIGNAL( LDAP_SIGUSR1, slap_sig_wake );
 	(void) SIGNAL( LDAP_SIGUSR2, slap_sig_shutdown );
 
@@ -916,6 +929,8 @@ unhandled_option:;
 	 */
 	time( &starttime );
 
+	connections_init();
+
 	if ( slap_startup( NULL ) != 0 ) {
 		rc = 1;
 		SERVICE_EXIT( ERROR_SERVICE_SPECIFIC_ERROR, 21 );
@@ -959,8 +974,6 @@ destroy:
 	module_kill();
 #endif
 
-	slap_op_destroy();
-
 	extops_kill();
 
 	supported_feature_destroy();
@@ -986,13 +999,15 @@ stop:
 
 	controls_destroy();
 
+	filter_destroy();
+
 	schema_destroy();
 
 	lutil_passwd_destroy();
 
 #ifdef HAVE_TLS
 	if ( slap_tls_ld ) {
-		SSL_CTX_free( slap_tls_ctx );
+		ldap_pvt_tls_ctx_free( slap_tls_ctx );
 		ldap_unbind_ext( slap_tls_ld, NULL, NULL );
 	}
 	ldap_pvt_tls_destroy();
@@ -1015,6 +1030,8 @@ stop:
 		ch_free( configdir );
 	if ( urls )
 		ch_free( urls );
+	if ( global_host )
+		ch_free( global_host );
 
 	/* kludge, get symbols referenced */
 	tavl_free( NULL, NULL );