Commit d23243a5 authored by Pierangelo Masarati's avatar Pierangelo Masarati
Browse files

more on strict config parsing (ITS#3705)

parent dd41b05e
......@@ -696,8 +696,12 @@ parse_acl(
case ACL_STYLE_REGEX:
fprintf( stderr, "%s: line %d: "
"\"regex\" style implies "
"\"expand\" modifier (ignored)\n",
"\"expand\" modifier"
SLAPD_CONF_UNKNOWN_IGNORED ".\n",
fname, lineno );
#ifdef SLAPD_CONF_UNKNOWN_BAILOUT
acl_usage();
#endif /* SLAPD_CONF_UNKNOWN_BAILOUT */
break;
case ACL_STYLE_EXPAND:
......@@ -706,8 +710,12 @@ parse_acl(
fprintf( stderr, "%s: line %d: "
"\"expand\" style used "
"in conjunction with "
"\"expand\" modifier (ignored)\n",
"\"expand\" modifier"
SLAPD_CONF_UNKNOWN_IGNORED ".\n",
fname, lineno );
#ifdef SLAPD_CONF_UNKNOWN_BAILOUT
acl_usage();
#endif /* SLAPD_CONF_UNKNOWN_BAILOUT */
#endif
break;
......@@ -853,7 +861,34 @@ parse_acl(
bdn->a_pat = bv;
}
bdn->a_style = sty;
bdn->a_expand = expand;
if ( expand ) {
char *exp;
int gotit = 0;
for ( exp = strchr( bdn->a_pat.bv_val, '$' );
exp && exp - bdn->a_pat.bv_val < bdn->a_pat.bv_len;
exp = strchr( exp, '$' ) )
{
if ( isdigit( exp[ 1 ] ) ) {
gotit = 1;
break;
}
}
if ( gotit == 1 ) {
bdn->a_expand = expand;
} else {
fprintf( stderr,
"%s: line %d: \"expand\" used "
"with no expansions in \"pattern\""
SLAPD_CONF_UNKNOWN_IGNORED ".\n",
fname, lineno );
#ifdef SLAPD_CONF_UNKNOWN_BAILOUT
acl_usage();
#endif /* SLAPD_CONF_UNKNOWN_BAILOUT */
}
}
if ( sty == ACL_STYLE_SELF ) {
bdn->a_self_level = level;
......
......@@ -258,7 +258,7 @@ bdb_attr_index_config(
continue;
}
fprintf( stderr, "%s: line %d: duplicate index definition "
"for attr \"%s\" (ignored)\n",
"for attr \"%s\"" SLAPD_CONF_UNKNOWN_IGNORED ".\n",
fname, lineno, attrs[i] );
return LDAP_PARAM_ERROR;
......
......@@ -201,7 +201,7 @@ attr_index_config(
if( rc ) {
fprintf( stderr, "%s: line %d: duplicate index definition "
"for attr \"%s\" (ignored)\n",
"for attr \"%s\"" SLAPD_CONF_UNKNOWN_IGNORED ".\n",
fname, lineno, attrs[i] );
return LDAP_PARAM_ERROR;
......
......@@ -73,8 +73,11 @@ ldbm_back_db_config(
return( 1 );
} else if ( argc > 3 ) {
fprintf( stderr,
"%s: line %d: extra junk after \"index <attr> [pres,eq,approx,sub]\" line (ignored)\n",
"%s: line %d: extra junk after \"index <attr> [pres,eq,approx,sub]\" line" SLAPD_CONF_UNKNOWN_IGNORED ".\n",
fname, lineno );
#ifdef SLAPD_CONF_UNKNOWN_BAILOUT
return( 1 );
#endif /* SLAPD_CONF_UNKNOWN_BAILOUT */
}
rc = attr_index_config( li, fname, lineno, argc - 1, &argv[1] );
......
......@@ -791,7 +791,7 @@ ldap_back_map_config(
|| avl_find( map->remap, (caddr_t)&mapping[ 1 ], mapping_cmp ) != NULL)
{
fprintf( stderr,
"%s: line %d: duplicate mapping found (ignored)\n",
"%s: line %d: duplicate mapping found" SLAPD_CONF_UNKNOWN_IGNORED ".\n",
fname, lineno );
goto error_return;
}
......
......@@ -1242,7 +1242,11 @@ config_generic(ConfigArgs *c) {
default:
Debug(LDAP_DEBUG_ANY, "%s: unknown CFG_TYPE %d"
"(ignored)\n", c->log, c->type, 0);
SLAPD_CONF_UNKNOWN_IGNORED ".\n",
c->log, c->type, 0);
#ifdef SLAPD_CONF_UNKNOWN_BAILOUT
return 1;
#endif /* SLAPD_CONF_UNKNOWN_BAILOUT */
}
return(0);
......@@ -1428,8 +1432,12 @@ config_sizelimit(ConfigArgs *c) {
return(1);
} else if(next[0] != '\0') {
Debug(LDAP_DEBUG_ANY, "%s: "
"trailing chars \"%s\" in \"sizelimit <limit>\" line (ignored)\n",
"trailing chars \"%s\" in \"sizelimit <limit>\" line"
SLAPD_CONF_UNKNOWN_IGNORED ".\n",
c->log, next, 0);
#ifdef SLAPD_CONF_UNKNOWN_BAILOUT
return 1;
#endif /* SLAPD_CONF_UNKNOWN_BAILOUT */
}
}
lim->lms_s_hard = 0;
......@@ -1481,8 +1489,12 @@ config_timelimit(ConfigArgs *c) {
return(1);
} else if(next[0] != '\0') {
Debug(LDAP_DEBUG_ANY, "%s: "
"trailing chars \"%s\" in \"timelimit <limit>\" line (ignored)\n",
"trailing chars \"%s\" in \"timelimit <limit>\" line"
SLAPD_CONF_UNKNOWN_IGNORED ".\n",
c->log, next, 0);
#ifdef SLAPD_CONF_UNKNOWN_BAILOUT
return 1;
#endif /* SLAPD_CONF_UNKNOWN_BAILOUT */
}
}
lim->lms_t_hard = 0;
......@@ -1500,8 +1512,12 @@ config_overlay(ConfigArgs *c) {
}
if(c->argv[1][0] == '-' && overlay_config(c->be, &c->argv[1][1])) {
/* log error */
Debug(LDAP_DEBUG_ANY, "%s: (optional) %s overlay \"%s\" configuration failed (ignored)\n",
Debug(LDAP_DEBUG_ANY, "%s: (optional) %s overlay \"%s\" configuration failed"
SLAPD_CONF_UNKNOWN_IGNORED ".\n",
c->log, c->be == frontendDB ? "global " : "", c->argv[1][1]);
#ifdef SLAPD_CONF_UNKNOWN_BAILOUT
return 1;
#endif /* SLAPD_CONF_UNKNOWN_BAILOUT */
} else if(overlay_config(c->be, c->argv[1])) {
return(1);
}
......@@ -1558,8 +1574,12 @@ config_suffix(ConfigArgs *c) {
ndn = c->value_ndn;
tbe = select_backend(&ndn, 0, 0);
if(tbe == c->be) {
Debug(LDAP_DEBUG_ANY, "%s: suffix already served by this backend! (ignored)\n",
Debug(LDAP_DEBUG_ANY, "%s: suffix already served by this backend!"
SLAPD_CONF_UNKNOWN_IGNORED ".\n",
c->log, 0, 0);
#ifdef SLAPD_CONF_UNKNOWN_BAILOUT
return 1;
#endif /* SLAPD_CONF_UNKNOWN_BAILOUT */
free(pdn.bv_val);
free(ndn.bv_val);
} else if(tbe) {
......@@ -2095,13 +2115,21 @@ config_replica(ConfigArgs *c) {
switch(add_replica_suffix(c->be, nr, c->argv[i] + STRLENOF("suffix="))) {
case 1:
Debug(LDAP_DEBUG_ANY, "%s: "
"suffix \"%s\" in \"replica\" line is not valid for backend (ignored)\n",
"suffix \"%s\" in \"replica\" line is not valid for backend"
SLAPD_CONF_UNKNOWN_IGNORED ".\n",
c->log, c->argv[i] + STRLENOF("suffix="), 0);
#ifdef SLAPD_CONF_UNKNOWN_BAILOUT
return 1;
#endif /* SLAPD_CONF_UNKNOWN_BAILOUT */
break;
case 2:
Debug(LDAP_DEBUG_ANY, "%s: "
"unable to normalize suffix in \"replica\" line (ignored)\n",
"unable to normalize suffix in \"replica\" line"
SLAPD_CONF_UNKNOWN_IGNORED ".\n",
c->log, 0, 0);
#ifdef SLAPD_CONF_UNKNOWN_BAILOUT
return 1;
#endif /* SLAPD_CONF_UNKNOWN_BAILOUT */
break;
}
......
......@@ -43,13 +43,6 @@
#define ARGS_STEP 512
/*
* ITS#3705: bail out if unknown config directives appear in slapd.conf
*/
#ifdef LDAP_DEVEL
#define SLAPD_CONF_UNKNOWN_BAILOUT
#endif /* LDAP_DEVEL */
/*
* defaults for various global variables
*/
......@@ -576,8 +569,15 @@ read_config_file(const char *fname, int depth, ConfigArgs *cf)
}
if ( c->argc < 1 ) {
Debug(LDAP_DEBUG_CONFIG, "%s: bad config line (ignored)\n", c->log, 0, 0);
Debug(LDAP_DEBUG_CONFIG, "%s: bad config line"
SLAPD_CONF_UNKNOWN_IGNORED ".\n",
c->log, 0, 0);
#ifdef SLAPD_CONF_UNKNOWN_BAILOUT
rc = 1;
goto leave;
#else /* ! SLAPD_CONF_UNKNOWN_BAILOUT */
continue;
#endif /* ! SLAPD_CONF_UNKNOWN_BAILOUT */
}
c->op = SLAP_CONFIG_ADD;
......@@ -614,16 +614,13 @@ read_config_file(const char *fname, int depth, ConfigArgs *cf)
if ( rc ) {
switch(rc) {
case SLAP_CONF_UNKNOWN:
#ifdef SLAPD_CONF_UNKNOWN_BAILOUT
Debug(LDAP_DEBUG_CONFIG, "%s: "
"unknown directive <%s> inside backend info definition\n",
c->log, *c->argv, 0);
#else /* !SLAPD_CONF_UNKNOWN_BAILOUT */
Debug(LDAP_DEBUG_CONFIG, "%s: "
"unknown directive <%s> inside backend info definition (ignored)\n",
"unknown directive <%s> inside backend info definition"
SLAPD_CONF_UNKNOWN_IGNORED ".\n",
c->log, *c->argv, 0);
#ifndef SLAPD_CONF_UNKNOWN_BAILOUT
continue;
#endif /* !SLAPD_CONF_UNKNOWN_BAILOUT */
#endif /* ! SLAPD_CONF_UNKNOWN_BAILOUT */
default:
rc = 1;
goto leave;
......@@ -645,18 +642,13 @@ read_config_file(const char *fname, int depth, ConfigArgs *cf)
if ( rc ) {
switch(rc) {
case SLAP_CONF_UNKNOWN:
#ifdef SLAPD_CONF_UNKNOWN_BAILOUT
Debug( LDAP_DEBUG_CONFIG, "%s: "
"unknown directive <%s> inside backend database "
"definition\n",
c->log, *c->argv, 0);
#else /* !SLAPD_CONF_UNKNOWN_BAILOUT */
Debug( LDAP_DEBUG_CONFIG, "%s: "
"unknown directive <%s> inside backend database "
"definition (ignored)\n",
"definition" SLAPD_CONF_UNKNOWN_IGNORED ".\n",
c->log, *c->argv, 0);
#ifndef SLAPD_CONF_UNKNOWN_BAILOUT
continue;
#endif /* !SLAPD_CONF_UNKNOWN_BAILOUT */
#endif /* ! SLAPD_CONF_UNKNOWN_BAILOUT */
default:
rc = 1;
goto leave;
......@@ -668,16 +660,13 @@ read_config_file(const char *fname, int depth, ConfigArgs *cf)
if ( rc ) {
switch(rc) {
case SLAP_CONF_UNKNOWN:
#ifdef SLAPD_CONF_UNKNOWN_BAILOUT
Debug( LDAP_DEBUG_CONFIG, "%s: "
"unknown directive <%s> inside global database definition\n",
c->log, *c->argv, 0);
#else /* !SLAPD_CONF_UNKNOWN_BAILOUT */
Debug( LDAP_DEBUG_CONFIG, "%s: "
"unknown directive <%s> inside global database definition (ignored)\n",
"unknown directive <%s> inside global database definition"
SLAPD_CONF_UNKNOWN_IGNORED ".\n",
c->log, *c->argv, 0);
#ifndef SLAPD_CONF_UNKNOWN_BAILOUT
continue;
#endif /* SLAPD_CONF_UNKNOWN_BAILOUT */
#endif /* ! SLAPD_CONF_UNKNOWN_BAILOUT */
default:
rc = 1;
goto leave;
......@@ -685,18 +674,16 @@ read_config_file(const char *fname, int depth, ConfigArgs *cf)
}
} else {
#ifdef SLAPD_CONF_UNKNOWN_BAILOUT
Debug(LDAP_DEBUG_CONFIG, "%s: "
"unknown directive <%s> outside backend info and database definitions\n",
"unknown directive <%s> outside backend info and database definitions"
SLAPD_CONF_UNKNOWN_IGNORED ".\n",
c->log, *c->argv, 0);
#ifdef SLAPD_CONF_UNKNOWN_BAILOUT
rc = 1;
goto leave;
#else /* !SLAPD_CONF_UNKNOWN_BAILOUT */
Debug(LDAP_DEBUG_CONFIG, "%s: "
"unknown directive <%s> outside backend info and database definitions (ignored)\n",
c->log, *c->argv, 0);
#else /* ! SLAPD_CONF_UNKNOWN_BAILOUT */
continue;
#endif /* SLAPD_CONF_UNKNOWN_BAILOUT */
#endif /* ! SLAPD_CONF_UNKNOWN_BAILOUT */
}
}
......
......@@ -217,7 +217,7 @@ rwm_map_config(
|| avl_find( map->remap, (caddr_t)&mapping[1], rwm_mapping_cmp ) != NULL)
{
fprintf( stderr,
"%s: line %d: duplicate mapping found (ignored)\n",
"%s: line %d: duplicate mapping found" SLAPD_CONF_UNKNOWN_IGNORED ".\n",
fname, lineno );
/* FIXME: free stuff */
goto error_return;
......
......@@ -135,7 +135,7 @@ replog( Operation *op )
int count = 0;
#endif
int subsets = 0;
long now = slap_get_time();
long now = slap_get_time();
char *replogfile;
replogfile = op->o_bd->be_replogfile ? op->o_bd->be_replogfile :
......
......@@ -69,12 +69,21 @@ LDAP_BEGIN_DECL
#define LDAP_SYNC_TIMESTAMP
#define LDAP_COLLECTIVE_ATTRIBUTES
#define SLAP_CONTROL_X_TREE_DELETE LDAP_CONTROL_X_TREE_DELETE
#define SLAPD_CONF_UNKNOWN_BAILOUT
#ifdef ENABLE_REWRITE
#define SLAP_AUTH_REWRITE 1 /* use librewrite for sasl-regexp */
#endif
#endif
/*
* ITS#3705: bail out if unknown config directives appear in slapd.conf
*/
#ifdef SLAPD_CONF_UNKNOWN_BAILOUT
#define SLAPD_CONF_UNKNOWN_IGNORED ""
#else /* ! SLAPD_CONF_UNKNOWN_BAILOUT */
#define SLAPD_CONF_UNKNOWN_IGNORED " (ignored)"
#endif /* ! SLAPD_CONF_UNKNOWN_BAILOUT */
/*
* SLAPD Memory allocation macros
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment