bconfig.c 125 KB
Newer Older
Howard Chu's avatar
Howard Chu committed
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
/* bconfig.c - the config backend */
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
 *
 * Copyright 2005 The OpenLDAP Foundation.
 * All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted only as authorized by the OpenLDAP
 * Public License.
 *
 * A copy of this license is available in the file LICENSE in the
 * top-level directory of the distribution or, alternatively, at
 * <http://www.OpenLDAP.org/license.html>.
 */
/* ACKNOWLEDGEMENTS:
 * This work was originally developed by Howard Chu for inclusion
 * in OpenLDAP Software.
 */

#include "portable.h"

#include <stdio.h>
#include <ac/string.h>
25
26
#include <ac/ctype.h>
#include <ac/errno.h>
27
#include <sys/stat.h>
Howard Chu's avatar
Howard Chu committed
28
29

#include "slap.h"
30
31
32
33
34

#ifdef LDAP_SLAPI
#include "slapi/slapi.h"
#endif

35
#include <ldif.h>
36
37
#include <lutil.h>

Howard Chu's avatar
Howard Chu committed
38
39
#include "config.h"

Howard Chu's avatar
Howard Chu committed
40
static struct berval config_rdn = BER_BVC("cn=config");
Howard Chu's avatar
Howard Chu committed
41
static struct berval schema_rdn = BER_BVC("cn=schema");
Howard Chu's avatar
Howard Chu committed
42

43
#define	SLAP_X_ORDERED_FMT	"{%d}"
Howard Chu's avatar
Howard Chu committed
44

45
46
47
48
49
50
#ifdef SLAPD_MODULES
typedef struct modpath_s {
	struct modpath_s *mp_next;
	struct berval mp_path;
	BerVarray mp_loads;
} ModPaths;
Howard Chu's avatar
Howard Chu committed
51
52

static ModPaths modpaths, *modlast = &modpaths, *modcur = &modpaths;
53
54
55
56
57
58
#endif

typedef struct ConfigFile {
	struct ConfigFile *c_sibs;
	struct ConfigFile *c_kids;
	struct berval c_file;
Howard Chu's avatar
Howard Chu committed
59
60
61
62
	AttributeType *c_at_head, *c_at_tail;
	ContentRule *c_cr_head, *c_cr_tail;
	ObjectClass *c_oc_head, *c_oc_tail;
	OidMacro *c_om_head, *c_om_tail;
63
64
65
	BerVarray c_dseFiles;
} ConfigFile;

Howard Chu's avatar
Howard Chu committed
66
67
68
typedef struct {
	ConfigFile *cb_config;
	CfEntryInfo *cb_root;
69
70
	BackendDB	cb_db;	/* underlying database */
	int		cb_got_ldif;
71
	int		cb_use_ldif;
Howard Chu's avatar
Howard Chu committed
72
73
} CfBackInfo;

74
/* These do nothing in slapd, they're kept only to make them
Howard Chu's avatar
Howard Chu committed
75
 * editable here.
76
77
78
79
80
81
 */
static char *replica_pidFile, *replica_argsFile;
static int replicationInterval;

static char	*passwd_salt;
static char	*logfileName;
82
#ifdef SLAP_AUTH_REWRITE
83
static BerVarray authz_rewrites;
84
#endif
85

86
87
static struct berval cfdir;

88
/* Private state */
Howard Chu's avatar
Howard Chu committed
89
90
91
static AttributeDescription *cfAd_backend, *cfAd_database, *cfAd_overlay,
	*cfAd_include;

92
static ConfigFile *cfn;
93

94
95
static Avlnode *CfOcTree;

96
97
static int config_add_internal( CfBackInfo *cfb, Entry *e, ConfigArgs *ca,
	SlapReply *rs, int *renumber );
98

Howard Chu's avatar
Howard Chu committed
99
static ConfigDriver config_fname;
100
static ConfigDriver config_cfdir;
Howard Chu's avatar
Howard Chu committed
101
102
103
104
105
106
107
static ConfigDriver config_generic;
static ConfigDriver config_search_base;
static ConfigDriver config_passwd_hash;
static ConfigDriver config_schema_dn;
static ConfigDriver config_sizelimit;
static ConfigDriver config_timelimit;
static ConfigDriver config_overlay;
108
static ConfigDriver config_subordinate; 
Howard Chu's avatar
Howard Chu committed
109
110
111
112
113
114
115
116
117
118
119
120
121
122
static ConfigDriver config_suffix; 
static ConfigDriver config_rootdn;
static ConfigDriver config_rootpw;
static ConfigDriver config_restrict;
static ConfigDriver config_allows;
static ConfigDriver config_disallows;
static ConfigDriver config_requires;
static ConfigDriver config_security;
static ConfigDriver config_referral;
static ConfigDriver config_loglevel;
static ConfigDriver config_replica;
static ConfigDriver config_updatedn;
static ConfigDriver config_updateref;
static ConfigDriver config_include;
123
#ifdef HAVE_TLS
Howard Chu's avatar
Howard Chu committed
124
125
static ConfigDriver config_tls_option;
static ConfigDriver config_tls_config;
126
#endif
127
extern ConfigDriver syncrepl_config;
128
129
130
131
132
133
134
135
136
137
138

enum {
	CFG_ACL = 1,
	CFG_BACKEND,
	CFG_DATABASE,
	CFG_TLS_RAND,
	CFG_TLS_CIPHER,
	CFG_TLS_CERT_FILE,
	CFG_TLS_CERT_KEY,
	CFG_TLS_CA_PATH,
	CFG_TLS_CA_FILE,
139
	CFG_TLS_DH_FILE,
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
	CFG_TLS_VERIFY,
	CFG_TLS_CRLCHECK,
	CFG_CONCUR,
	CFG_THREADS,
	CFG_SALT,
	CFG_LIMITS,
	CFG_RO,
	CFG_REWRITE,
	CFG_DEPTH,
	CFG_OID,
	CFG_OC,
	CFG_DIT,
	CFG_ATTR,
	CFG_ATOPT,
	CFG_REPLOG,
	CFG_ROOTDSE,
	CFG_LOGFILE,
	CFG_PLUGIN,
	CFG_MODLOAD,
	CFG_MODPATH,
	CFG_LASTMOD,
	CFG_AZPOLICY,
	CFG_AZREGEXP,
	CFG_SASLSECP,
	CFG_SSTR_IF_MAX,
	CFG_SSTR_IF_MIN,
166
	CFG_TTHREADS,
Pierangelo Masarati's avatar
Pierangelo Masarati committed
167
168

	CFG_LAST
169
170
171
172
173
174
175
176
177
178
};

typedef struct {
	char *name, *oid;
} OidRec;

static OidRec OidMacros[] = {
	/* OpenLDAProot:666.11.1 */
	{ "OLcfg", "1.3.6.1.4.1.4203.666.11.1" },
	{ "OLcfgAt", "OLcfg:3" },
179
180
181
182
	{ "OLcfgGlAt", "OLcfgAt:0" },
	{ "OLcfgBkAt", "OLcfgAt:1" },
	{ "OLcfgDbAt", "OLcfgAt:2" },
	{ "OLcfgOvAt", "OLcfgAt:3" },
183
	{ "OLcfgOc", "OLcfg:4" },
184
185
186
187
	{ "OLcfgGlOc", "OLcfgOc:0" },
	{ "OLcfgBkOc", "OLcfgOc:1" },
	{ "OLcfgDbOc", "OLcfgOc:2" },
	{ "OLcfgOvOc", "OLcfgOc:3" },
188
	{ "OMsyn", "1.3.6.1.4.1.1466.115.121.1" },
Howard Chu's avatar
Howard Chu committed
189
	{ "OMsInteger", "OMsyn:27" },
190
191
192
193
194
195
196
	{ "OMsBoolean", "OMsyn:7" },
	{ "OMsDN", "OMsyn:12" },
	{ "OMsDirectoryString", "OMsyn:15" },
	{ "OMsOctetString", "OMsyn:40" },
	{ NULL, NULL }
};

197
/*
198
199
 * Backend/Database registry
 *
200
 * OLcfg{Bk|Db}{Oc|At}:0		-> common
Pierangelo Masarati's avatar
Pierangelo Masarati committed
201
202
203
 * OLcfg{Bk|Db}{Oc|At}:1		-> back-bdb(/back-hdb)
 * OLcfg{Bk|Db}{Oc|At}:2		-> back-ldif
 * OLcfg{Bk|Db}{Oc|At}:3		-> back-ldap
204
205
 */

206
207
208
209
210
211
212
213
/*
 * Overlay registry
 *
 * OLcfgOv{Oc|At}:1			-> syncprov
 * OLcfgOv{Oc|At}:2			-> pcache
 * OLcfgOv{Oc|At}:3			-> chain
 * OLcfgOv{Oc|At}:4			-> accesslog
 * OLcfgOv{Oc|At}:5			-> valsort
Pierangelo Masarati's avatar
Pierangelo Masarati committed
214
215
 * (FIXME: separate arc for contribware?)
 * OLcfgOv{Oc|At}:6			-> smbk5pwd
216
217
 */

218
219
/* alphabetical ordering */

220
static ConfigTable config_back_cf_table[] = {
221
222
	/* This attr is read-only */
	{ "", "", 0, 0, 0, ARG_MAGIC,
223
		&config_fname, "( OLcfgGlAt:78 NAME 'olcConfigFile' "
224
225
			"DESC 'File for slapd configuration directives' "
			"EQUALITY caseIgnoreMatch "
226
			"SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
227
	{ "", "", 0, 0, 0, ARG_MAGIC,
228
		&config_cfdir, "( OLcfgGlAt:79 NAME 'olcConfigDir' "
229
230
231
			"DESC 'Directory for slapd configuration backend' "
			"EQUALITY caseIgnoreMatch "
			"SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
232
	{ "access",	NULL, 0, 0, 0, ARG_MAY_DB|ARG_MAGIC|CFG_ACL,
233
		&config_generic, "( OLcfgGlAt:1 NAME 'olcAccess' "
234
235
236
237
			"DESC 'Access Control List' "
			"EQUALITY caseIgnoreMatch "
			"SYNTAX OMsDirectoryString X-ORDERED 'VALUES' )", NULL, NULL },
	{ "allows",	"features", 2, 0, 5, ARG_PRE_DB|ARG_MAGIC,
238
		&config_allows, "( OLcfgGlAt:2 NAME 'olcAllows' "
239
240
241
242
			"DESC 'Allowed set of deprecated features' "
			"EQUALITY caseIgnoreMatch "
			"SYNTAX OMsDirectoryString )", NULL, NULL },
	{ "argsfile", "file", 2, 2, 0, ARG_STRING,
243
		&slapd_args_file, "( OLcfgGlAt:3 NAME 'olcArgsFile' "
244
245
			"DESC 'File for slapd command line options' "
			"EQUALITY caseIgnoreMatch "
246
			"SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
247
248
249
250
	{ "attributeoptions", NULL, 0, 0, 0, ARG_MAGIC|CFG_ATOPT,
		&config_generic, "( OLcfgGlAt:5 NAME 'olcAttributeOptions' "
			"EQUALITY caseIgnoreMatch "
			"SYNTAX OMsDirectoryString )", NULL, NULL },
251
252
	{ "attribute",	"attribute", 2, 0, 9,
		ARG_PAREN|ARG_MAGIC|CFG_ATTR|ARG_NO_DELETE|ARG_NO_INSERT,
253
		&config_generic, "( OLcfgGlAt:4 NAME 'olcAttributeTypes' "
Howard Chu's avatar
Howard Chu committed
254
			"DESC 'OpenLDAP attributeTypes' "
255
256
			"EQUALITY caseIgnoreMatch "
			"SYNTAX OMsDirectoryString X-ORDERED 'VALUES' )",
Howard Chu's avatar
Howard Chu committed
257
				NULL, NULL },
258
	{ "authid-rewrite", NULL, 2, 0, STRLENOF( "authid-rewrite" ),
259
#ifdef SLAP_AUTH_REWRITE
260
		ARG_MAGIC|CFG_REWRITE|ARG_NO_INSERT, &config_generic,
261
262
263
#else
		ARG_IGNORED, NULL,
#endif
264
		 "( OLcfgGlAt:6 NAME 'olcAuthIDRewrite' "
265
			"EQUALITY caseIgnoreMatch "
266
			"SYNTAX OMsDirectoryString X-ORDERED 'VALUES' )", NULL, NULL },
267
	{ "authz-policy", "policy", 2, 2, 0, ARG_STRING|ARG_MAGIC|CFG_AZPOLICY,
268
		&config_generic, "( OLcfgGlAt:7 NAME 'olcAuthzPolicy' "
269
			"EQUALITY caseIgnoreMatch "
270
			"SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
271
	{ "authz-regexp", NULL, 3, 3, 0, ARG_MAGIC|CFG_AZREGEXP|ARG_NO_INSERT,
272
		&config_generic, "( OLcfgGlAt:8 NAME 'olcAuthzRegexp' "
273
274
275
			"EQUALITY caseIgnoreMatch "
			"SYNTAX OMsDirectoryString X-ORDERED 'VALUES' )", NULL, NULL },
	{ "backend", "type", 2, 2, 0, ARG_PRE_DB|ARG_MAGIC|CFG_BACKEND,
276
		&config_generic, "( OLcfgGlAt:9 NAME 'olcBackend' "
277
278
			"DESC 'A type of backend' "
			"EQUALITY caseIgnoreMatch "
279
280
			"SYNTAX OMsDirectoryString SINGLE-VALUE X-ORDERED 'SIBLINGS' )",
				NULL, NULL },
Howard Chu's avatar
Howard Chu committed
281
	{ "concurrency", "level", 2, 2, 0, ARG_INT|ARG_MAGIC|CFG_CONCUR,
282
		&config_generic, "( OLcfgGlAt:10 NAME 'olcConcurrency' "
283
			"SYNTAX OMsInteger SINGLE-VALUE )", NULL, NULL },
284
	{ "conn_max_pending", "max", 2, 2, 0, ARG_INT,
285
		&slap_conn_max_pending, "( OLcfgGlAt:11 NAME 'olcConnMaxPending' "
286
			"SYNTAX OMsInteger SINGLE-VALUE )", NULL, NULL },
287
	{ "conn_max_pending_auth", "max", 2, 2, 0, ARG_INT,
288
		&slap_conn_max_pending_auth, "( OLcfgGlAt:12 NAME 'olcConnMaxPendingAuth' "
289
			"SYNTAX OMsInteger SINGLE-VALUE )", NULL, NULL },
290
	{ "database", "type", 2, 2, 0, ARG_MAGIC|CFG_DATABASE,
291
		&config_generic, "( OLcfgGlAt:13 NAME 'olcDatabase' "
292
			"DESC 'The backend type for a database instance' "
293
			"SUP olcBackend SINGLE-VALUE X-ORDERED 'SIBLINGS' )", NULL, NULL },
Pierangelo Masarati's avatar
Pierangelo Masarati committed
294
	{ "defaultSearchBase", "dn", 2, 2, 0, ARG_PRE_BI|ARG_PRE_DB|ARG_DN|ARG_QUOTE|ARG_MAGIC,
295
		&config_search_base, "( OLcfgGlAt:14 NAME 'olcDefaultSearchBase' "
296
			"SYNTAX OMsDN SINGLE-VALUE )", NULL, NULL },
297
	{ "disallows", "features", 2, 0, 8, ARG_PRE_DB|ARG_MAGIC,
298
		&config_disallows, "( OLcfgGlAt:15 NAME 'olcDisallows' "
299
300
			"EQUALITY caseIgnoreMatch "
			"SYNTAX OMsDirectoryString )", NULL, NULL },
301
	{ "ditcontentrule",	NULL, 0, 0, 0, ARG_MAGIC|CFG_DIT|ARG_NO_DELETE|ARG_NO_INSERT,
302
		&config_generic, "( OLcfgGlAt:16 NAME 'olcDitContentRules' "
Howard Chu's avatar
Howard Chu committed
303
			"DESC 'OpenLDAP DIT content rules' "
304
305
			"EQUALITY caseIgnoreMatch "
			"SYNTAX OMsDirectoryString X-ORDERED 'VALUES' )",
Howard Chu's avatar
Howard Chu committed
306
			NULL, NULL },
307
308
309
310
311
312
	{ "gentlehup", "on|off", 2, 2, 0,
#ifdef SIGHUP
		ARG_ON_OFF, &global_gentlehup,
#else
		ARG_IGNORED, NULL,
#endif
313
		"( OLcfgGlAt:17 NAME 'olcGentleHUP' "
314
			"SYNTAX OMsBoolean SINGLE-VALUE )", NULL, NULL },
315
	{ "idletimeout", "timeout", 2, 2, 0, ARG_INT,
316
		&global_idletimeout, "( OLcfgGlAt:18 NAME 'olcIdleTimeout' "
317
			"SYNTAX OMsInteger SINGLE-VALUE )", NULL, NULL },
318
	{ "include", "file", 2, 2, 0, ARG_MAGIC,
319
		&config_include, "( OLcfgGlAt:19 NAME 'olcInclude' "
320
321
			"SUP labeledURI )", NULL, NULL },
	{ "index_substr_if_minlen", "min", 2, 2, 0, ARG_INT|ARG_NONZERO|ARG_MAGIC|CFG_SSTR_IF_MIN,
322
		&config_generic, "( OLcfgGlAt:20 NAME 'olcIndexSubstrIfMinLen' "
323
			"SYNTAX OMsInteger SINGLE-VALUE )", NULL, NULL },
324
	{ "index_substr_if_maxlen", "max", 2, 2, 0, ARG_INT|ARG_NONZERO|ARG_MAGIC|CFG_SSTR_IF_MAX,
325
		&config_generic, "( OLcfgGlAt:21 NAME 'olcIndexSubstrIfMaxLen' "
326
			"SYNTAX OMsInteger SINGLE-VALUE )", NULL, NULL },
327
	{ "index_substr_any_len", "len", 2, 2, 0, ARG_INT|ARG_NONZERO,
328
		&index_substr_any_len, "( OLcfgGlAt:22 NAME 'olcIndexSubstrAnyLen' "
329
			"SYNTAX OMsInteger SINGLE-VALUE )", NULL, NULL },
330
	{ "index_substr_any_step", "step", 2, 2, 0, ARG_INT|ARG_NONZERO,
331
		&index_substr_any_step, "( OLcfgGlAt:23 NAME 'olcIndexSubstrAnyStep' "
332
			"SYNTAX OMsInteger SINGLE-VALUE )", NULL, NULL },
333
	{ "lastmod", "on|off", 2, 2, 0, ARG_DB|ARG_ON_OFF|ARG_MAGIC|CFG_LASTMOD,
334
		&config_generic, "( OLcfgDbAt:0.4 NAME 'olcLastMod' "
335
			"SYNTAX OMsBoolean SINGLE-VALUE )", NULL, NULL },
336
	{ "limits", "limits", 2, 0, 0, ARG_DB|ARG_MAGIC|CFG_LIMITS,
337
		&config_generic, "( OLcfgDbAt:0.5 NAME 'olcLimits' "
338
			"SYNTAX OMsDirectoryString X-ORDERED 'VALUES' )", NULL, NULL },
339
	{ "localSSF", "ssf", 2, 2, 0, ARG_INT,
340
		&local_ssf, "( OLcfgGlAt:26 NAME 'olcLocalSSF' "
341
			"SYNTAX OMsInteger SINGLE-VALUE )", NULL, NULL },
342
	{ "logfile", "file", 2, 2, 0, ARG_STRING|ARG_MAGIC|CFG_LOGFILE,
343
		&config_generic, "( OLcfgGlAt:27 NAME 'olcLogFile' "
344
			"SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
345
	{ "loglevel", "level", 2, 0, 0, ARG_MAGIC,
346
		&config_loglevel, "( OLcfgGlAt:28 NAME 'olcLogLevel' "
347
348
			"SYNTAX OMsDirectoryString )", NULL, NULL },
	{ "maxDerefDepth", "depth", 2, 2, 0, ARG_DB|ARG_INT|ARG_MAGIC|CFG_DEPTH,
349
		&config_generic, "( OLcfgDbAt:0.6 NAME 'olcMaxDerefDepth' "
350
			"SYNTAX OMsInteger SINGLE-VALUE )", NULL, NULL },
351
352
353
354
355
356
	{ "moduleload",	"file", 2, 0, 0,
#ifdef SLAPD_MODULES
		ARG_MAGIC|CFG_MODLOAD, &config_generic,
#else
		ARG_IGNORED, NULL,
#endif
357
		"( OLcfgGlAt:30 NAME 'olcModuleLoad' "
358
			"SYNTAX OMsDirectoryString X-ORDERED 'VALUES' )", NULL, NULL },
359
360
	{ "modulepath", "path", 2, 2, 0,
#ifdef SLAPD_MODULES
361
		ARG_MAGIC|CFG_MODPATH|ARG_NO_DELETE|ARG_NO_INSERT, &config_generic,
362
363
364
#else
		ARG_IGNORED, NULL,
#endif
365
		"( OLcfgGlAt:31 NAME 'olcModulePath' "
Howard Chu's avatar
Howard Chu committed
366
			"SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
367
	{ "objectclass", "objectclass", 2, 0, 0, ARG_PAREN|ARG_MAGIC|CFG_OC|ARG_NO_DELETE|ARG_NO_INSERT,
368
		&config_generic, "( OLcfgGlAt:32 NAME 'olcObjectClasses' "
Howard Chu's avatar
Howard Chu committed
369
		"DESC 'OpenLDAP object classes' "
370
371
		"EQUALITY caseIgnoreMatch "
		"SYNTAX OMsDirectoryString X-ORDERED 'VALUES' )",
Howard Chu's avatar
Howard Chu committed
372
			NULL, NULL },
373
	{ "objectidentifier", NULL,	0, 0, 0, ARG_MAGIC|CFG_OID,
374
		&config_generic, "( OLcfgGlAt:33 NAME 'olcObjectIdentifier' "
375
			"SYNTAX OMsDirectoryString X-ORDERED 'VALUES' )", NULL, NULL },
376
	{ "overlay", "overlay", 2, 2, 0, ARG_MAGIC,
377
		&config_overlay, "( OLcfgGlAt:34 NAME 'olcOverlay' "
378
			"SUP olcDatabase SINGLE-VALUE X-ORDERED 'SIBLINGS' )", NULL, NULL },
379
	{ "password-crypt-salt-format", "salt", 2, 2, 0, ARG_STRING|ARG_MAGIC|CFG_SALT,
380
		&config_generic, "( OLcfgGlAt:35 NAME 'olcPasswordCryptSaltFormat' "
381
			"SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
382
	{ "password-hash", "hash", 2, 2, 0, ARG_MAGIC,
383
		&config_passwd_hash, "( OLcfgGlAt:36 NAME 'olcPasswordHash' "
384
385
			"SYNTAX OMsDirectoryString )", NULL, NULL },
	{ "pidfile", "file", 2, 2, 0, ARG_STRING,
386
		&slapd_pid_file, "( OLcfgGlAt:37 NAME 'olcPidFile' "
387
			"SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
388
389
390
391
392
393
	{ "plugin", NULL, 0, 0, 0,
#ifdef LDAP_SLAPI
		ARG_MAGIC|CFG_PLUGIN, &config_generic,
#else
		ARG_IGNORED, NULL,
#endif
394
		"( OLcfgGlAt:38 NAME 'olcPlugin' "
395
396
397
398
399
400
401
			"SYNTAX OMsDirectoryString )", NULL, NULL },
	{ "pluginlog", "filename", 2, 2, 0,
#ifdef LDAP_SLAPI
		ARG_STRING, &slapi_log_file,
#else
		ARG_IGNORED, NULL,
#endif
402
		"( OLcfgGlAt:39 NAME 'olcPluginLogFile' "
403
			"SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
404
	{ "readonly", "on|off", 2, 2, 0, ARG_MAY_DB|ARG_ON_OFF|ARG_MAGIC|CFG_RO,
405
		&config_generic, "( OLcfgGlAt:40 NAME 'olcReadOnly' "
406
			"SYNTAX OMsBoolean SINGLE-VALUE )", NULL, NULL },
407
	{ "referral", "url", 2, 2, 0, ARG_MAGIC,
408
		&config_referral, "( OLcfgGlAt:41 NAME 'olcReferral' "
409
			"SUP labeledURI SINGLE-VALUE )", NULL, NULL },
410
	{ "replica", "host or uri", 2, 0, 0, ARG_DB|ARG_MAGIC,
411
		&config_replica, "( OLcfgDbAt:0.7 NAME 'olcReplica' "
412
			"SUP labeledURI X-ORDERED 'VALUES' )", NULL, NULL },
413
	{ "replica-argsfile", NULL, 0, 0, 0, ARG_STRING,
414
		&replica_argsFile, "( OLcfgGlAt:43 NAME 'olcReplicaArgsFile' "
415
			"SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
416
	{ "replica-pidfile", NULL, 0, 0, 0, ARG_STRING,
417
		&replica_pidFile, "( OLcfgGlAt:44 NAME 'olcReplicaPidFile' "
418
			"SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
419
	{ "replicationInterval", NULL, 0, 0, 0, ARG_INT,
420
		&replicationInterval, "( OLcfgGlAt:45 NAME 'olcReplicationInterval' "
421
			"SYNTAX OMsInteger SINGLE-VALUE )", NULL, NULL },
422
	{ "replogfile", "filename", 2, 2, 0, ARG_MAY_DB|ARG_MAGIC|ARG_STRING|CFG_REPLOG,
423
		&config_generic, "( OLcfgGlAt:46 NAME 'olcReplogFile' "
424
			"SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
425
	{ "require", "features", 2, 0, 7, ARG_MAY_DB|ARG_MAGIC,
426
		&config_requires, "( OLcfgGlAt:47 NAME 'olcRequires' "
427
428
			"SYNTAX OMsDirectoryString )", NULL, NULL },
	{ "restrict", "op_list", 2, 0, 0, ARG_MAY_DB|ARG_MAGIC,
429
		&config_restrict, "( OLcfgGlAt:48 NAME 'olcRestrict' "
430
431
432
433
434
435
436
			"SYNTAX OMsDirectoryString )", NULL, NULL },
	{ "reverse-lookup", "on|off", 2, 2, 0,
#ifdef SLAPD_RLOOKUPS
		ARG_ON_OFF, &use_reverse_lookup,
#else
		ARG_IGNORED, NULL,
#endif
437
		"( OLcfgGlAt:49 NAME 'olcReverseLookup' "
438
			"SYNTAX OMsBoolean SINGLE-VALUE )", NULL, NULL },
Pierangelo Masarati's avatar
Pierangelo Masarati committed
439
	{ "rootdn", "dn", 2, 2, 0, ARG_DB|ARG_DN|ARG_QUOTE|ARG_MAGIC,
440
		&config_rootdn, "( OLcfgDbAt:0.8 NAME 'olcRootDN' "
441
			"SYNTAX OMsDN SINGLE-VALUE )", NULL, NULL },
442
	{ "rootDSE", "file", 2, 2, 0, ARG_MAGIC|CFG_ROOTDSE,
443
		&config_generic, "( OLcfgGlAt:51 NAME 'olcRootDSE' "
444
			"SYNTAX OMsDirectoryString )", NULL, NULL },
Howard Chu's avatar
Howard Chu committed
445
	{ "rootpw", "password", 2, 2, 0, ARG_BERVAL|ARG_DB|ARG_MAGIC,
446
		&config_rootpw, "( OLcfgDbAt:0.9 NAME 'olcRootPW' "
447
			"SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
448
449
450
451
452
453
454
455
	{ "sasl-authz-policy", NULL, 2, 2, 0, ARG_MAGIC|CFG_AZPOLICY,
		&config_generic, NULL, NULL, NULL },
	{ "sasl-host", "host", 2, 2, 0,
#ifdef HAVE_CYRUS_SASL
		ARG_STRING|ARG_UNIQUE, &global_host,
#else
		ARG_IGNORED, NULL,
#endif
456
		"( OLcfgGlAt:53 NAME 'olcSaslHost' "
457
			"SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
458
459
460
461
462
463
	{ "sasl-realm", "realm", 2, 2, 0,
#ifdef HAVE_CYRUS_SASL
		ARG_STRING|ARG_UNIQUE, &global_realm,
#else
		ARG_IGNORED, NULL,
#endif
464
		"( OLcfgGlAt:54 NAME 'olcSaslRealm' "
465
			"SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
466
467
468
469
470
471
472
473
	{ "sasl-regexp", NULL, 3, 3, 0, ARG_MAGIC|CFG_AZREGEXP,
		&config_generic, NULL, NULL, NULL },
	{ "sasl-secprops", "properties", 2, 2, 0,
#ifdef HAVE_CYRUS_SASL
		ARG_MAGIC|CFG_SASLSECP, &config_generic,
#else
		ARG_IGNORED, NULL,
#endif
474
		"( OLcfgGlAt:56 NAME 'olcSaslSecProps' "
475
			"SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
476
477
	{ "saslRegexp",	NULL, 3, 3, 0, ARG_MAGIC|CFG_AZREGEXP,
		&config_generic, NULL, NULL, NULL },
Pierangelo Masarati's avatar
Pierangelo Masarati committed
478
	{ "schemadn", "dn", 2, 2, 0, ARG_MAY_DB|ARG_DN|ARG_QUOTE|ARG_MAGIC,
479
		&config_schema_dn, "( OLcfgGlAt:58 NAME 'olcSchemaDN' "
480
			"SYNTAX OMsDN SINGLE-VALUE )", NULL, NULL },
481
	{ "security", "factors", 2, 0, 0, ARG_MAY_DB|ARG_MAGIC,
482
		&config_security, "( OLcfgGlAt:59 NAME 'olcSecurity' "
483
			"SYNTAX OMsDirectoryString )", NULL, NULL },
484
	{ "sizelimit", "limit",	2, 0, 0, ARG_MAY_DB|ARG_MAGIC,
485
		&config_sizelimit, "( OLcfgGlAt:60 NAME 'olcSizeLimit' "
486
			"SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
487
	{ "sockbuf_max_incoming", "max", 2, 2, 0, ARG_BER_LEN_T,
488
		&sockbuf_max_incoming, "( OLcfgGlAt:61 NAME 'olcSockbufMaxIncoming' "
489
			"SYNTAX OMsInteger SINGLE-VALUE )", NULL, NULL },
490
	{ "sockbuf_max_incoming_auth", "max", 2, 2, 0, ARG_BER_LEN_T,
491
		&sockbuf_max_incoming_auth, "( OLcfgGlAt:62 NAME 'olcSockbufMaxIncomingAuth' "
492
			"SYNTAX OMsInteger SINGLE-VALUE )", NULL, NULL },
493
494
495
496
497
498
	{ "srvtab", "file", 2, 2, 0,
#ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
		ARG_STRING, &ldap_srvtab,
#else
		ARG_IGNORED, NULL,
#endif
499
		"( OLcfgGlAt:63 NAME 'olcSrvtab' "
500
			"SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
501
	{ "subordinate", "[advertise]", 1, 2, 0, ARG_DB|ARG_MAGIC,
Howard Chu's avatar
Howard Chu committed
502
		&config_subordinate, "( OLcfgDbAt:0.15 NAME 'olcSubordinate' "
503
			"SYNTAX OMsDirectoryString )", NULL, NULL },
Pierangelo Masarati's avatar
Pierangelo Masarati committed
504
	{ "suffix",	"suffix", 2, 2, 0, ARG_DB|ARG_DN|ARG_QUOTE|ARG_MAGIC,
505
		&config_suffix, "( OLcfgDbAt:0.10 NAME 'olcSuffix' "
506
507
			"SYNTAX OMsDN )", NULL, NULL },
	{ "syncrepl", NULL, 0, 0, 0, ARG_DB|ARG_MAGIC,
508
		&syncrepl_config, "( OLcfgDbAt:0.11 NAME 'olcSyncrepl' "
509
			"SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
510
	{ "threads", "count", 2, 2, 0, ARG_INT|ARG_MAGIC|CFG_THREADS,
511
		&config_generic, "( OLcfgGlAt:66 NAME 'olcThreads' "
512
			"SYNTAX OMsInteger SINGLE-VALUE )", NULL, NULL },
513
	{ "timelimit", "limit", 2, 0, 0, ARG_MAY_DB|ARG_MAGIC,
514
		&config_timelimit, "( OLcfgGlAt:67 NAME 'olcTimeLimit' "
515
			"SYNTAX OMsDirectoryString )", NULL, NULL },
516
517
518
519
520
521
	{ "TLSCACertificateFile", NULL, 0, 0, 0,
#ifdef HAVE_TLS
		CFG_TLS_CA_FILE|ARG_STRING|ARG_MAGIC, &config_tls_option,
#else
		ARG_IGNORED, NULL,
#endif
522
		"( OLcfgGlAt:68 NAME 'olcTLSCACertificateFile' "
523
			"SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
524
525
526
527
528
529
	{ "TLSCACertificatePath", NULL,	0, 0, 0,
#ifdef HAVE_TLS
		CFG_TLS_CA_PATH|ARG_STRING|ARG_MAGIC, &config_tls_option,
#else
		ARG_IGNORED, NULL,
#endif
530
		"( OLcfgGlAt:69 NAME 'olcTLSCACertificatePath' "
531
			"SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
532
533
534
535
536
537
	{ "TLSCertificateFile", NULL, 0, 0, 0,
#ifdef HAVE_TLS
		CFG_TLS_CERT_FILE|ARG_STRING|ARG_MAGIC, &config_tls_option,
#else
		ARG_IGNORED, NULL,
#endif
538
		"( OLcfgGlAt:70 NAME 'olcTLSCertificateFile' "
539
			"SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
540
541
542
543
544
545
	{ "TLSCertificateKeyFile", NULL, 0, 0, 0,
#ifdef HAVE_TLS
		CFG_TLS_CERT_KEY|ARG_STRING|ARG_MAGIC, &config_tls_option,
#else
		ARG_IGNORED, NULL,
#endif
546
		"( OLcfgGlAt:71 NAME 'olcTLSCertificateKeyFile' "
547
			"SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
548
549
550
551
552
553
	{ "TLSCipherSuite",	NULL, 0, 0, 0,
#ifdef HAVE_TLS
		CFG_TLS_CIPHER|ARG_STRING|ARG_MAGIC, &config_tls_option,
#else
		ARG_IGNORED, NULL,
#endif
554
		"( OLcfgGlAt:72 NAME 'olcTLSCipherSuite' "
555
			"SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
556
	{ "TLSCRLCheck", NULL, 0, 0, 0,
557
#if defined(HAVE_TLS) && defined(HAVE_OPENSSL_CRL)
558
559
560
561
		CFG_TLS_CRLCHECK|ARG_STRING|ARG_MAGIC, &config_tls_config,
#else
		ARG_IGNORED, NULL,
#endif
562
		"( OLcfgGlAt:73 NAME 'olcTLSCRLCheck' "
563
			"SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
564
565
566
567
568
569
	{ "TLSRandFile", NULL, 0, 0, 0,
#ifdef HAVE_TLS
		CFG_TLS_RAND|ARG_STRING|ARG_MAGIC, &config_tls_option,
#else
		ARG_IGNORED, NULL,
#endif
570
		"( OLcfgGlAt:74 NAME 'olcTLSRandFile' "
571
			"SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
572
573
574
575
576
577
	{ "TLSVerifyClient", NULL, 0, 0, 0,
#ifdef HAVE_TLS
		CFG_TLS_VERIFY|ARG_STRING|ARG_MAGIC, &config_tls_config,
#else
		ARG_IGNORED, NULL,
#endif
578
		"( OLcfgGlAt:75 NAME 'olcTLSVerifyClient' "
579
			"SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
580
	{ "TLSDHParamFile", NULL, 0, 0, 0,
581
#ifdef HAVE_TLS
582
		CFG_TLS_DH_FILE|ARG_STRING|ARG_MAGIC, &config_tls_option,
583
584
585
#else
		ARG_IGNORED, NULL,
#endif
586
		"( OLcfgGlAt:77 NAME 'olcTLSDHParamFile' "
587
			"SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
588
589
590
	{ "tool-threads", "count", 2, 2, 0, ARG_INT|ARG_MAGIC|CFG_TTHREADS,
		&config_generic, "( OLcfgGlAt:80 NAME 'olcToolThreads' "
			"SYNTAX OMsInteger SINGLE-VALUE )", NULL, NULL },
591
592
	{ "ucdata-path", "path", 2, 2, 0, ARG_IGNORED,
		NULL, NULL, NULL, NULL },
Pierangelo Masarati's avatar
Pierangelo Masarati committed
593
	{ "updatedn", "dn", 2, 2, 0, ARG_DB|ARG_DN|ARG_QUOTE|ARG_MAGIC,
594
		&config_updatedn, "( OLcfgDbAt:0.12 NAME 'olcUpdateDN' "
595
			"SYNTAX OMsDN SINGLE-VALUE )", NULL, NULL },
596
	{ "updateref", "url", 2, 2, 0, ARG_DB|ARG_MAGIC,
597
		&config_updateref, "( OLcfgDbAt:0.13 NAME 'olcUpdateRef' "
598
599
600
601
			"SUP labeledURI )", NULL, NULL },
	{ NULL,	NULL, 0, 0, 0, ARG_IGNORED,
		NULL, NULL, NULL, NULL }
};
Howard Chu's avatar
Howard Chu committed
602

603
604
605
606
/* Routines to check if a child can be added to this type */
static ConfigLDAPadd cfAddSchema, cfAddInclude, cfAddDatabase,
	cfAddBackend, cfAddModule, cfAddOverlay;

607
608
/* NOTE: be careful when defining array members
 * that can be conditionally compiled */
609
610
611
612
613
614
#define CFOC_GLOBAL	cf_ocs[1]
#define CFOC_SCHEMA	cf_ocs[2]
#define CFOC_BACKEND	cf_ocs[3]
#define CFOC_DATABASE	cf_ocs[4]
#define CFOC_OVERLAY	cf_ocs[5]
#define CFOC_INCLUDE	cf_ocs[6]
615
616
617
618
#define CFOC_FRONTEND	cf_ocs[7]
#ifdef SLAPD_MODULES
#define CFOC_MODULE	cf_ocs[8]
#endif /* SLAPD_MODULES */
619

620
static ConfigOCs cf_ocs[] = {
621
	{ "( OLcfgGlOc:0 "
Howard Chu's avatar
Howard Chu committed
622
623
		"NAME 'olcConfig' "
		"DESC 'OpenLDAP configuration object' "
Howard Chu's avatar
Howard Chu committed
624
		"ABSTRACT SUP top )", Cft_Abstract, NULL },
625
	{ "( OLcfgGlOc:1 "
Howard Chu's avatar
Howard Chu committed
626
627
628
		"NAME 'olcGlobal' "
		"DESC 'OpenLDAP Global configuration options' "
		"SUP olcConfig STRUCTURAL "
Howard Chu's avatar
Howard Chu committed
629
		"MAY ( cn $ olcConfigFile $ olcConfigDir $ olcAllows $ olcArgsFile $ "
630
		 "olcAttributeOptions $ olcAuthIDRewrite $ "
631
		 "olcAuthzPolicy $ olcAuthzRegexp $ olcConcurrency $ "
632
		 "olcConnMaxPending $ olcConnMaxPendingAuth $ "
633
		 "olcDisallows $ olcGentleHUP $ olcIdleTimeout $ "
634
		 "olcIndexSubstrIfMaxLen $ olcIndexSubstrIfMinLen $ "
Howard Chu's avatar
Howard Chu committed
635
		 "olcIndexSubstrAnyLen $ olcIndexSubstrAnyStep $ olcLocalSSF $ "
Howard Chu's avatar
Howard Chu committed
636
		 "olcLogLevel $ "
Howard Chu's avatar
Howard Chu committed
637
		 "olcPasswordCryptSaltFormat $ olcPasswordHash $ olcPidFile $ "
638
		 "olcPluginLogFile $ olcReadOnly $ olcReferral $ "
Howard Chu's avatar
Howard Chu committed
639
640
		 "olcReplicaPidFile $ olcReplicaArgsFile $ olcReplicationInterval $ "
		 "olcReplogFile $ olcRequires $ olcRestrict $ olcReverseLookup $ "
641
		 "olcRootDSE $ "
642
		 "olcSaslHost $ olcSaslRealm $ olcSaslSecProps $ "
643
		 "olcSecurity $ olcSizeLimit $ "
Howard Chu's avatar
Howard Chu committed
644
645
646
647
		 "olcSockbufMaxIncoming $ olcSockbufMaxIncomingAuth $ olcSrvtab $ "
		 "olcThreads $ olcTimeLimit $ olcTLSCACertificateFile $ "
		 "olcTLSCACertificatePath $ olcTLSCertificateFile $ "
		 "olcTLSCertificateKeyFile $ olcTLSCipherSuite $ olcTLSCRLCheck $ "
648
		 "olcTLSRandFile $ olcTLSVerifyClient $ olcTLSDHParamFile $ "
649
		 "olcToolThreads $ "
650
		 "olcObjectIdentifier $ olcAttributeTypes $ olcObjectClasses $ "
651
		 "olcDitContentRules ) )", Cft_Global },
652
	{ "( OLcfgGlOc:2 "
Howard Chu's avatar
Howard Chu committed
653
654
655
		"NAME 'olcSchemaConfig' "
		"DESC 'OpenLDAP schema object' "
		"SUP olcConfig STRUCTURAL "
Howard Chu's avatar
Howard Chu committed
656
657
		"MAY ( cn $ olcObjectIdentifier $ olcAttributeTypes $ "
		 "olcObjectClasses $ olcDitContentRules ) )",
658
		 	Cft_Schema, NULL, cfAddSchema },
659
	{ "( OLcfgGlOc:3 "
Howard Chu's avatar
Howard Chu committed
660
661
662
		"NAME 'olcBackendConfig' "
		"DESC 'OpenLDAP Backend-specific options' "
		"SUP olcConfig STRUCTURAL "
663
		"MUST olcBackend )", Cft_Backend, NULL, cfAddBackend },
664
	{ "( OLcfgGlOc:4 "
Howard Chu's avatar
Howard Chu committed
665
666
667
		"NAME 'olcDatabaseConfig' "
		"DESC 'OpenLDAP Database-specific options' "
		"SUP olcConfig STRUCTURAL "
Howard Chu's avatar
Howard Chu committed
668
		"MUST olcDatabase "
669
		"MAY ( olcSuffix $ olcSubordinate $ olcAccess $ olcLastMod $ olcLimits $ "
670
671
		 "olcMaxDerefDepth $ olcPlugin $ olcReadOnly $ olcReplica $ "
		 "olcReplogFile $ olcRequires $ olcRestrict $ olcRootDN $ olcRootPW $ "
Howard Chu's avatar
Howard Chu committed
672
		 "olcSchemaDN $ olcSecurity $ olcSizeLimit $ olcSyncrepl $ "
Howard Chu's avatar
Howard Chu committed
673
		 "olcTimeLimit $ olcUpdateDN $ olcUpdateRef ) )",
674
		 	Cft_Database, NULL, cfAddDatabase },
675
	{ "( OLcfgGlOc:5 "
Howard Chu's avatar
Howard Chu committed
676
677
678
		"NAME 'olcOverlayConfig' "
		"DESC 'OpenLDAP Overlay-specific options' "
		"SUP olcConfig STRUCTURAL "
679
		"MUST olcOverlay )", Cft_Overlay, NULL, cfAddOverlay },
680
	{ "( OLcfgGlOc:6 "
Howard Chu's avatar
Howard Chu committed
681
682
683
		"NAME 'olcIncludeFile' "
		"DESC 'OpenLDAP configuration include file' "
		"SUP olcConfig STRUCTURAL "
Howard Chu's avatar
Howard Chu committed
684
685
		"MUST olcInclude "
		"MAY ( cn $ olcRootDSE ) )",
686
		Cft_Include, NULL, cfAddInclude },
687
688
689
690
	/* This should be STRUCTURAL like all the other database classes, but
	 * that would mean inheriting all of the olcDatabaseConfig attributes,
	 * which causes them to be merged twice in config_build_entry.
	 */
691
	{ "( OLcfgGlOc:7 "
692
693
694
695
696
		"NAME 'olcFrontendConfig' "
		"DESC 'OpenLDAP frontend configuration' "
		"AUXILIARY "
		"MAY olcDefaultSearchBase )",
		Cft_Database, NULL, NULL },
697
698
699
700
701
702
703
704
#ifdef SLAPD_MODULES
	{ "( OLcfgGlOc:8 "
		"NAME 'olcModuleList' "
		"DESC 'OpenLDAP dynamic module info' "
		"SUP olcConfig STRUCTURAL "
		"MAY ( cn $ olcModulePath $ olcModuleLoad ) )",
		Cft_Module, NULL, cfAddModule },
#endif
Howard Chu's avatar
Howard Chu committed
705
	{ NULL, 0, NULL }
Howard Chu's avatar
Howard Chu committed
706
707
};

708
709
710
711
712
static int
config_generic(ConfigArgs *c) {
	char *p;
	int i;

713
	if ( c->op == SLAP_CONFIG_EMIT ) {
714
715
716
717
718
719
720
721
		int rc = 0;
		switch(c->type) {
		case CFG_CONCUR:
			c->value_int = ldap_pvt_thread_get_concurrency();
			break;
		case CFG_THREADS:
			c->value_int = connection_pool_max;
			break;
722
723
724
		case CFG_TTHREADS:
			c->value_int = slap_tool_thread_max;
			break;
725
726
727
728
729
730
731
732
733
734
735
736
737
		case CFG_SALT:
			if ( passwd_salt )
				c->value_string = ch_strdup( passwd_salt );
			else
				rc = 1;
			break;
		case CFG_LIMITS:
			if ( c->be->be_limits ) {
				char buf[4096*3];
				struct berval bv;
				int i;

				for ( i=0; c->be->be_limits[i]; i++ ) {
Pierangelo Masarati's avatar
Pierangelo Masarati committed
738
739
740
741
742
743
744
745
					bv.bv_len = snprintf( buf, sizeof( buf ), SLAP_X_ORDERED_FMT, i );
					if ( bv.bv_len >= sizeof( buf ) ) {
						ber_bvarray_free_x( c->rvalue_vals, NULL );
						c->rvalue_vals = NULL;
						rc = 1;
						break;
					}
					bv.bv_val = buf + bv.bv_len;
746
747
748
749
750
751
752
753
754
					limits_unparse( c->be->be_limits[i], &bv );
					bv.bv_len += bv.bv_val - buf;
					bv.bv_val = buf;
					value_add_one( &c->rvalue_vals, &bv );
				}
			}
			if ( !c->rvalue_vals ) rc = 1;
			break;
		case CFG_RO:
Howard Chu's avatar
Howard Chu committed
755
756
			c->value_int = (c->be->be_restrictops & SLAP_RESTRICT_OP_WRITES) ==
				SLAP_RESTRICT_OP_WRITES;
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
			break;
		case CFG_AZPOLICY:
			c->value_string = ch_strdup( slap_sasl_getpolicy());
			break;
		case CFG_AZREGEXP:
			slap_sasl_regexp_unparse( &c->rvalue_vals );
			if ( !c->rvalue_vals ) rc = 1;
			break;
#ifdef HAVE_CYRUS_SASL
		case CFG_SASLSECP: {
			struct berval bv = BER_BVNULL;
			slap_sasl_secprops_unparse( &bv );
			if ( !BER_BVISNULL( &bv )) {
				ber_bvarray_add( &c->rvalue_vals, &bv );
			} else {
				rc = 1;
			}
			}
			break;
#endif
		case CFG_DEPTH:
			c->value_int = c->be->be_max_deref_depth;
			break;
Howard Chu's avatar
Howard Chu committed
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
		case CFG_OID: {
			ConfigFile *cf = c->private;
			if ( !cf )
				oidm_unparse( &c->rvalue_vals, NULL, NULL, 1 );
			else if ( cf->c_om_head )
				oidm_unparse( &c->rvalue_vals, cf->c_om_head,
					cf->c_om_tail, 0 );
			if ( !c->rvalue_vals )
				rc = 1;
			}
			break;
		case CFG_OC: {
			ConfigFile *cf = c->private;
			if ( !cf )
				oc_unparse( &c->rvalue_vals, NULL, NULL, 1 );
			else if ( cf->c_oc_head )
				oc_unparse( &c->rvalue_vals, cf->c_oc_head,
					cf->c_oc_tail, 0 );
798
799
			if ( !c->rvalue_vals )
				rc = 1;
Howard Chu's avatar
Howard Chu committed
800
			}
801
			break;
Howard Chu's avatar
Howard Chu committed
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
		case CFG_ATTR: {
			ConfigFile *cf = c->private;
			if ( !cf )
				at_unparse( &c->rvalue_vals, NULL, NULL, 1 );
			else if ( cf->c_at_head )
				at_unparse( &c->rvalue_vals, cf->c_at_head,
					cf->c_at_tail, 0 );
			if ( !c->rvalue_vals )
				rc = 1;
			}
			break;
		case CFG_DIT: {
			ConfigFile *cf = c->private;
			if ( !cf )
				cr_unparse( &c->rvalue_vals, NULL, NULL, 1 );
			else if ( cf->c_cr_head )
				cr_unparse( &c->rvalue_vals, cf->c_cr_head,
					cf->c_cr_tail, 0 );
			if ( !c->rvalue_vals )
				rc = 1;
			}
			break;
			
825
826
827
828
829
		case CFG_ACL: {
			AccessControl *a;
			char *src, *dst, ibuf[11];
			struct berval bv, abv;
			for (i=0, a=c->be->be_acl; a; i++,a=a->acl_next) {
Pierangelo Masarati's avatar
Pierangelo Masarati committed
830
831
832
833
834
835
836
				abv.bv_len = snprintf( ibuf, sizeof( ibuf ), SLAP_X_ORDERED_FMT, i );
				if ( abv.bv_len >= sizeof( ibuf ) ) {
					ber_bvarray_free_x( c->rvalue_vals, NULL );
					c->rvalue_vals = NULL;
					i = 0;
					break;
				}
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
				acl_unparse( a, &bv );
				abv.bv_val = ch_malloc( abv.bv_len + bv.bv_len + 1 );
				AC_MEMCPY( abv.bv_val, ibuf, abv.bv_len );
				/* Turn TAB / EOL into plain space */
				for (src=bv.bv_val,dst=abv.bv_val+abv.bv_len; *src; src++) {
					if (isspace(*src)) *dst++ = ' ';
					else *dst++ = *src;
				}
				*dst = '\0';
				if (dst[-1] == ' ') {
					dst--;
					*dst = '\0';
				}
				abv.bv_len = dst - abv.bv_val;
				ber_bvarray_add( &c->rvalue_vals, &abv );
			}
			rc = (!i);
			break;
		}
		case CFG_REPLOG:
			if ( c->be->be_replogfile )
				c->value_string = ch_strdup( c->be->be_replogfile );
			break;
		case CFG_ROOTDSE: {
Howard Chu's avatar
Howard Chu committed
861
			ConfigFile *cf = c->private;
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
			if ( cf->c_dseFiles ) {
				value_add( &c->rvalue_vals, cf->c_dseFiles );
			} else {
				rc = 1;
			}
			}
			break;
		case CFG_LOGFILE:
			if ( logfileName )
				c->value_string = ch_strdup( logfileName );
			else
				rc = 1;
			break;
		case CFG_LASTMOD:
			c->value_int = (SLAP_NOLASTMOD(c->be) == 0);
			break;
		case CFG_SSTR_IF_MAX:
			c->value_int = index_substr_if_maxlen;
			break;
		case CFG_SSTR_IF_MIN:
			c->value_int = index_substr_if_minlen;
			break;
#ifdef SLAPD_MODULES
		case CFG_MODLOAD: {
Howard Chu's avatar
Howard Chu committed
886
887
888
889
			ModPaths *mp = c->private;
			if (mp->mp_loads) {
				int i;
				for (i=0; !BER_BVISNULL(&mp->mp_loads[i]); i++) {
890
891
					struct berval bv;
					bv.bv_val = c->log;
Pierangelo Masarati's avatar
Pierangelo Masarati committed
892
893
					bv.bv_len = snprintf( bv.bv_val, sizeof( c->log ),
						SLAP_X_ORDERED_FMT "%s", i,
Howard Chu's avatar
Howard Chu committed
894
						mp->mp_loads[i].bv_val );
Pierangelo Masarati's avatar
Pierangelo Masarati committed
895
896
897
898
899
					if ( bv.bv_len >= sizeof( c->log ) ) {
						ber_bvarray_free_x( c->rvalue_vals, NULL );
						c->rvalue_vals = NULL;
						break;
					}
900
901
902
					value_add_one( &c->rvalue_vals, &bv );
				}
			}
Howard Chu's avatar
Howard Chu committed
903

904
905
906
907
			rc = c->rvalue_vals ? 0 : 1;
			}
			break;
		case CFG_MODPATH: {
Howard Chu's avatar
Howard Chu committed
908
			ModPaths *mp = c->private;
909
910
			if ( !BER_BVISNULL( &mp->mp_path ))
				value_add_one( &c->rvalue_vals, &mp->mp_path );
Howard Chu's avatar
Howard Chu committed
911

912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
			rc = c->rvalue_vals ? 0 : 1;
			}
			break;
#endif
#ifdef LDAP_SLAPI
		case CFG_PLUGIN:
			slapi_int_plugin_unparse( c->be, &c->rvalue_vals );
			if ( !c->rvalue_vals ) rc = 1;
			break;
#endif
#ifdef SLAP_AUTH_REWRITE
		case CFG_REWRITE:
			if ( authz_rewrites ) {
				struct berval bv, idx;
				char ibuf[32];
				int i;

				idx.bv_val = ibuf;
				for ( i=0; !BER_BVISNULL( &authz_rewrites[i] ); i++ ) {
Pierangelo Masarati's avatar
Pierangelo Masarati committed
931
932
933
934
935
936
					idx.bv_len = snprintf( idx.bv_val, sizeof( ibuf ), SLAP_X_ORDERED_FMT, i );
					if ( idx.bv_len >= sizeof( ibuf ) ) {
						ber_bvarray_free_x( c->rvalue_vals, NULL );
						c->rvalue_vals = NULL;
						break;
					}
937
938
					bv.bv_len = idx.bv_len + authz_rewrites[i].bv_len;
					bv.bv_val = ch_malloc( bv.bv_len + 1 );
Pierangelo Masarati's avatar
Pierangelo Masarati committed
939
940
941
942
					AC_MEMCPY( bv.bv_val, idx.bv_val, idx.bv_len );
					AC_MEMCPY( &bv.bv_val[ idx.bv_len ],
						authz_rewrites[i].bv_val,
						authz_rewrites[i].bv_len + 1 );
943
944
945
946
947
948
949
950
951
952
					ber_bvarray_add( &c->rvalue_vals, &bv );
				}
			}
			if ( !c->rvalue_vals ) rc = 1;
			break;
#endif
		default:
			rc = 1;
		}
		return rc;
953
	} else if ( c->op == LDAP_MOD_DELETE ) {
954
955
		int rc = 0;
		switch(c->type) {
956
		/* single-valued attrs, no-ops */
957
		case CFG_CONCUR:
958
		case CFG_THREADS:
959
		case CFG_TTHREADS:
960
961
962
963
		case CFG_RO:
		case CFG_AZPOLICY:
		case CFG_DEPTH:
		case CFG_LASTMOD:
964
		case CFG_SASLSECP:
965
966
967
968
		case CFG_SSTR_IF_MAX:
		case CFG_SSTR_IF_MIN:
			break;

969
970
971
972
973
		/* no-ops, requires slapd restart */
		case CFG_PLUGIN:
		case CFG_MODLOAD:
		case CFG_AZREGEXP:
		case CFG_REWRITE:
Pierangelo Masarati's avatar
Pierangelo Masarati committed
974
			snprintf(c->log, sizeof( c->log ), "change requires slapd restart");
975
976
			break;

977
978
979
980
981
982
983
984
985
986
987
988
989
		case CFG_SALT:
			ch_free( passwd_salt );
			passwd_salt = NULL;
			break;

		case CFG_REPLOG:
			ch_free( c->be->be_replogfile );
			c->be->be_replogfile = NULL;
			break;

		case CFG_LOGFILE:
			ch_free( logfileName );
			logfileName = NULL;