]> git.sur5r.net Git - openldap/blob - servers/slapd/config.c
Permit access defined by uniqueMember and not only DN-valued
[openldap] / servers / slapd / config.c
1 /* config.c - configuration file handling routines */
2 /* $OpenLDAP$ */
3 /*
4  * Copyright 1998-2000 The OpenLDAP Foundation, All Rights Reserved.
5  * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
6  */
7
8 #include "portable.h"
9
10 #include <stdio.h>
11
12 #include <ac/string.h>
13 #include <ac/ctype.h>
14 #include <ac/socket.h>
15
16 #include "ldap_pvt.h"
17 #include "slap.h"
18
19 #define MAXARGS 200
20
21 /*
22  * defaults for various global variables
23  */
24 int             defsize = SLAPD_DEFAULT_SIZELIMIT;
25 int             deftime = SLAPD_DEFAULT_TIMELIMIT;
26 AccessControl   *global_acl = NULL;
27 slap_access_t           global_default_access = ACL_READ;
28 slap_mask_t             global_restrictops = 0;
29 slap_mask_t             global_allows = 0;
30 slap_mask_t             global_disallows = 0;
31 slap_mask_t             global_requires = 0;
32 slap_ssf_set_t  global_ssf_set;
33 char            *replogfile;
34 int             global_lastmod = ON;
35 int             global_idletimeout = 0;
36 char    *global_host = NULL;
37 char    *global_realm = NULL;
38 char    *global_ucdata_path = NULL;
39 char            *ldap_srvtab = "";
40 char            *default_passwd_hash;
41 char            *default_search_base = NULL;
42 char            *default_search_nbase = NULL;
43
44 char   *slapd_pid_file  = NULL;
45 char   *slapd_args_file = NULL;
46
47 int nSaslRegexp = 0;
48 SaslRegexp_t *SaslRegexp = NULL;
49
50 static char     *fp_getline(FILE *fp, int *lineno);
51 static void     fp_getline_init(int *lineno);
52 static int      fp_parse_line(char *line, int *argcp, char **argv);
53
54 static char     *strtok_quote(char *line, char *sep);
55
56 int
57 read_config( const char *fname )
58 {
59         FILE    *fp;
60         char    *line, *savefname, *saveline;
61         int     cargc, savelineno;
62         char    *cargv[MAXARGS+1];
63         int     lineno, i;
64 #ifdef HAVE_TLS
65         int rc;
66 #endif
67         struct berval *vals[2];
68         struct berval val;
69
70         static BackendInfo *bi = NULL;
71         static BackendDB        *be = NULL;
72
73         vals[0] = &val;
74         vals[1] = NULL;
75
76         if ( (fp = fopen( fname, "r" )) == NULL ) {
77                 ldap_syslog = 1;
78                 Debug( LDAP_DEBUG_ANY,
79                     "could not open config file \"%s\" - absolute path?\n",
80                     fname, 0, 0 );
81                 perror( fname );
82                 return 1;
83         }
84
85         Debug( LDAP_DEBUG_CONFIG, "reading config file %s\n", fname, 0, 0 );
86
87         fp_getline_init( &lineno );
88
89         while ( (line = fp_getline( fp, &lineno )) != NULL ) {
90                 /* skip comments and blank lines */
91                 if ( line[0] == '#' || line[0] == '\0' ) {
92                         continue;
93                 }
94
95                 Debug( LDAP_DEBUG_CONFIG, "line %d (%s)\n", lineno, line, 0 );
96
97                 /* fp_parse_line is destructive, we save a copy */
98                 saveline = ch_strdup( line );
99
100                 if ( fp_parse_line( line, &cargc, cargv ) != 0 ) {
101                         return( 1 );
102                 }
103
104                 if ( cargc < 1 ) {
105                         Debug( LDAP_DEBUG_ANY,
106                             "%s: line %d: bad config line (ignored)\n",
107                             fname, lineno, 0 );
108                         continue;
109                 }
110
111                 if ( strcasecmp( cargv[0], "backend" ) == 0 ) {
112                         if ( cargc < 2 ) {
113                                 Debug( LDAP_DEBUG_ANY,
114                 "%s: line %d: missing type in \"backend <type>\" line\n",
115                                     fname, lineno, 0 );
116                                 return( 1 );
117                         }
118
119                         if( be != NULL ) {
120                                 Debug( LDAP_DEBUG_ANY,
121 "%s: line %d: backend line must appear before any database definition\n",
122                                     fname, lineno, 0 );
123                                 return( 1 );
124                         }
125
126                         bi = backend_info( cargv[1] );
127
128                         if( bi == NULL ) {
129                                 Debug( LDAP_DEBUG_ANY,
130                                         "backend %s initialization failed.\n",
131                                     cargv[1], 0, 0 );
132                                 return( 1 );
133                         }
134
135                 /* start of a new database definition */
136                 } else if ( strcasecmp( cargv[0], "database" ) == 0 ) {
137                         if ( cargc < 2 ) {
138                                 Debug( LDAP_DEBUG_ANY,
139                 "%s: line %d: missing type in \"database <type>\" line\n",
140                                     fname, lineno, 0 );
141                                 return( 1 );
142                         }
143
144                         bi = NULL;
145                         be = backend_db_init( cargv[1] );
146
147                         if( be == NULL ) {
148                                 Debug( LDAP_DEBUG_ANY,
149                                         "database %s initialization failed.\n",
150                                     cargv[1], 0, 0 );
151                                 return( 1 );
152                         }
153
154                 /* set thread concurrency */
155                 } else if ( strcasecmp( cargv[0], "concurrency" ) == 0 ) {
156                         int c;
157                         if ( cargc < 2 ) {
158                                 Debug( LDAP_DEBUG_ANY,
159             "%s: line %d: missing level in \"concurrency <level>\" line\n",
160                                     fname, lineno, 0 );
161                                 return( 1 );
162                         }
163
164                         c = atoi( cargv[1] );
165
166                         if( c < 1 ) {
167                                 Debug( LDAP_DEBUG_ANY,
168             "%s: line %d: invalid level (%d) in \"concurrency <level>\" line\n",
169                                     fname, lineno, c );
170                                 return( 1 );
171                         }
172
173                         ldap_pvt_thread_set_concurrency( c );
174
175                 /* default search base */
176                 } else if ( strcasecmp( cargv[0], "defaultSearchBase" ) == 0 ) {
177                         if ( cargc < 2 ) {
178                                 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
179                                         "missing dn in \"defaultSearchBase <dn>\" line\n",
180                                         fname, lineno, 0 );
181                                 return 1;
182
183                         } else if ( cargc > 2 ) {
184                                 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
185                                         "extra cruft after <dn> in \"defaultSearchBase %s\", "
186                                         "line (ignored)\n",
187                                         fname, lineno, cargv[1] );
188                         }
189
190                         if ( bi != NULL || be != NULL ) {
191                                 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
192                                         "defaultSearchBaase line must appear prior to "
193                                         "any backend or database definition\n",
194                                     fname, lineno, 0 );
195                                 return 1;
196                         }
197
198                         if ( default_search_nbase != NULL ) {
199                                 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
200                                         "default search base \"%s\" already defined "
201                                         "(discarding old)\n",
202                                         fname, lineno, default_search_base );
203                                 free( default_search_base );
204                                 free( default_search_nbase );
205                         }
206
207                         default_search_base = ch_strdup( cargv[1] );
208                         default_search_nbase = ch_strdup( cargv[1] );
209
210                         if( dn_normalize( default_search_nbase ) == NULL ) {
211                                 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
212                                         "invalid default search base \"%s\"\n",
213                                         fname, lineno, default_search_base );
214                                 return 1;
215                         }
216                
217                 /* set maximum threads in thread pool */
218                 } else if ( strcasecmp( cargv[0], "threads" ) == 0 ) {
219                         int c;
220                         if ( cargc < 2 ) {
221                                 Debug( LDAP_DEBUG_ANY,
222             "%s: line %d: missing count in \"threads <count>\" line\n",
223                                     fname, lineno, 0 );
224                                 return( 1 );
225                         }
226
227                         c = atoi( cargv[1] );
228
229                         if( c < 0 ) {
230                                 Debug( LDAP_DEBUG_ANY,
231             "%s: line %d: invalid level (%d) in \"threads <count>\" line\n",
232                                     fname, lineno, c );
233                                 return( 1 );
234                         }
235
236                         ldap_pvt_thread_pool_maxthreads( &connection_pool, c );
237
238                 /* get pid file name */
239                 } else if ( strcasecmp( cargv[0], "pidfile" ) == 0 ) {
240                         if ( cargc < 2 ) {
241                                 Debug( LDAP_DEBUG_ANY,
242             "%s: line %d: missing file name in \"pidfile <file>\" line\n",
243                                     fname, lineno, 0 );
244                                 return( 1 );
245                         }
246
247                         slapd_pid_file = ch_strdup( cargv[1] );
248
249                 /* get args file name */
250                 } else if ( strcasecmp( cargv[0], "argsfile" ) == 0 ) {
251                         if ( cargc < 2 ) {
252                                 Debug( LDAP_DEBUG_ANY,
253             "%s: line %d: missing file name in \"argsfile <file>\" line\n",
254                                     fname, lineno, 0 );
255                                 return( 1 );
256                         }
257
258                         slapd_args_file = ch_strdup( cargv[1] );
259
260                 /* default password hash */
261                 } else if ( strcasecmp( cargv[0], "password-hash" ) == 0 ) {
262                         if ( cargc < 2 ) {
263                                 Debug( LDAP_DEBUG_ANY,
264             "%s: line %d: missing hash in \"password-hash <hash>\" line\n",
265                                     fname, lineno, 0 );
266                                 return( 1 );
267                         }
268                         if ( default_passwd_hash != NULL ) {
269                                 Debug( LDAP_DEBUG_ANY,
270                                         "%s: line %d: already set default password_hash!\n",
271                                         fname, lineno, 0 );
272                                 return 1;
273
274                         } else {
275                                 default_passwd_hash = ch_strdup( cargv[1] );
276                         }
277
278                 /* set SASL host */
279                 } else if ( strcasecmp( cargv[0], "sasl-host" ) == 0 ) {
280                         if ( cargc < 2 ) {
281                                 Debug( LDAP_DEBUG_ANY,
282             "%s: line %d: missing host in \"sasl-host <host>\" line\n",
283                                     fname, lineno, 0 );
284                                 return( 1 );
285                         }
286
287                         if ( global_host != NULL ) {
288                                 Debug( LDAP_DEBUG_ANY,
289                                         "%s: line %d: already set sasl-host!\n",
290                                         fname, lineno, 0 );
291                                 return 1;
292
293                         } else {
294                                 global_host = ch_strdup( cargv[1] );
295                         }
296
297                 /* set SASL realm */
298                 } else if ( strcasecmp( cargv[0], "sasl-realm" ) == 0 ) {
299                         if ( cargc < 2 ) {
300                                 Debug( LDAP_DEBUG_ANY,
301             "%s: line %d: missing realm in \"sasl-realm <realm>\" line\n",
302                                     fname, lineno, 0 );
303                                 return( 1 );
304                         }
305
306                         if ( global_realm != NULL ) {
307                                 Debug( LDAP_DEBUG_ANY,
308                                         "%s: line %d: already set sasl-realm!\n",
309                                         fname, lineno, 0 );
310                                 return 1;
311
312                         } else {
313                                 global_realm = ch_strdup( cargv[1] );
314                         }
315
316                 } else if ( !strcasecmp( cargv[0], "sasl-regexp" ) 
317                         || !strcasecmp( cargv[0], "saslregexp" ) )
318                 {
319                         int rc;
320                         if ( cargc != 3 ) {
321                                 Debug( LDAP_DEBUG_ANY, 
322                                 "%s: line %d: need 2 args in \"saslregexp <match> <replace>\"\n",
323                                     fname, lineno, 0 );
324                                 return( 1 );
325                         }
326                         rc = slap_sasl_regexp_config( cargv[1], cargv[2] );
327                         if ( rc ) {
328                                 return rc;
329                         }
330
331                 /* SASL security properties */
332                 } else if ( strcasecmp( cargv[0], "sasl-secprops" ) == 0 ) {
333                         char *txt;
334
335                         if ( cargc < 2 ) {
336                                 Debug( LDAP_DEBUG_ANY,
337             "%s: line %d: missing flags in \"sasl-secprops <properties>\" line\n",
338                                     fname, lineno, 0 );
339                                 return 1;
340                         }
341
342                         txt = slap_sasl_secprops( cargv[1] );
343                         if ( txt != NULL ) {
344                                 Debug( LDAP_DEBUG_ANY,
345             "%s: line %d: sasl-secprops: %s\n",
346                                     fname, lineno, txt );
347                                 return 1;
348                         }
349
350                 /* set UCDATA path */
351                 } else if ( strcasecmp( cargv[0], "ucdata-path" ) == 0 ) {
352                         if ( cargc < 2 ) {
353                                 Debug( LDAP_DEBUG_ANY,
354             "%s: line %d: missing path in \"ucdata-path <path>\" line\n",
355                                     fname, lineno, 0 );
356                                 return( 1 );
357                         }
358
359                         if ( global_ucdata_path != NULL ) {
360                                 Debug( LDAP_DEBUG_ANY,
361                                         "%s: line %d: already set ucdata-path!\n",
362                                         fname, lineno, 0 );
363                                 return 1;
364
365                         } else {
366                                 global_ucdata_path = ch_strdup( cargv[1] );
367                         }
368
369                 /* set time limit */
370                 } else if ( strcasecmp( cargv[0], "sizelimit" ) == 0 ) {
371                         if ( cargc < 2 ) {
372                                 Debug( LDAP_DEBUG_ANY,
373             "%s: line %d: missing limit in \"sizelimit <limit>\" line\n",
374                                     fname, lineno, 0 );
375                                 return( 1 );
376                         }
377                         if ( be == NULL ) {
378                                 defsize = atoi( cargv[1] );
379                         } else {
380                                 be->be_sizelimit = atoi( cargv[1] );
381                         }
382
383                 /* set time limit */
384                 } else if ( strcasecmp( cargv[0], "timelimit" ) == 0 ) {
385                         if ( cargc < 2 ) {
386                                 Debug( LDAP_DEBUG_ANY,
387             "%s: line %d: missing limit in \"timelimit <limit>\" line\n",
388                                     fname, lineno, 0 );
389                                 return( 1 );
390                         }
391                         if ( be == NULL ) {
392                                 deftime = atoi( cargv[1] );
393                         } else {
394                                 be->be_timelimit = atoi( cargv[1] );
395                         }
396
397                 /* set database suffix */
398                 } else if ( strcasecmp( cargv[0], "suffix" ) == 0 ) {
399                         Backend *tmp_be;
400                         if ( cargc < 2 ) {
401                                 Debug( LDAP_DEBUG_ANY,
402                     "%s: line %d: missing dn in \"suffix <dn>\" line\n",
403                                     fname, lineno, 0 );
404                                 return( 1 );
405                         } else if ( cargc > 2 ) {
406                                 Debug( LDAP_DEBUG_ANY,
407     "%s: line %d: extra cruft after <dn> in \"suffix %s\" line (ignored)\n",
408                                     fname, lineno, cargv[1] );
409                         }
410                         if ( be == NULL ) {
411                                 Debug( LDAP_DEBUG_ANY,
412 "%s: line %d: suffix line must appear inside a database definition (ignored)\n",
413                                     fname, lineno, 0 );
414                         } else if ( ( tmp_be = select_backend( cargv[1] ) ) == be ) {
415                                 Debug( LDAP_DEBUG_ANY,
416 "%s: line %d: suffix already served by this backend (ignored)\n",
417                                     fname, lineno, 0 );
418                         } else if ( tmp_be  != NULL ) {
419                                 Debug( LDAP_DEBUG_ANY,
420 "%s: line %d: suffix already served by a preceeding backend \"%s\" (ignored)\n",
421                                     fname, lineno, tmp_be->be_suffix[0] );
422                         } else {
423                                 char *dn = ch_strdup( cargv[1] );
424                                 if( dn_validate( dn ) == NULL ) {
425                                         Debug( LDAP_DEBUG_ANY, "%s: line %d: "
426                                                 "suffix DN invalid \"%s\"\n",
427                                         fname, lineno, cargv[1] );
428                                         return 1;
429
430                                 } else if( *dn == '\0' && default_search_nbase != NULL ) {
431                                         Debug( LDAP_DEBUG_ANY, "%s: line %d: "
432                                                 "suffix DN empty and default "
433                                                 "search base provided \"%s\" (assuming okay)\n",
434                                         fname, lineno, default_search_base );
435                                 }
436                                 charray_add( &be->be_suffix, dn );
437                                 (void) ldap_pvt_str2upper( dn );
438                                 charray_add( &be->be_nsuffix, dn );
439                                 free( dn );
440                         }
441
442                 /* set database suffixAlias */
443                 } else if ( strcasecmp( cargv[0], "suffixAlias" ) == 0 ) {
444                         Backend *tmp_be;
445                         if ( cargc < 2 ) {
446                                 Debug( LDAP_DEBUG_ANY,
447 "%s: line %d: missing alias and aliased_dn in \"suffixAlias <alias> <aliased_dn>\" line\n",
448                                         fname, lineno, 0 );
449                                 return( 1 );
450                         } else if ( cargc < 3 ) {
451                                 Debug( LDAP_DEBUG_ANY,
452 "%s: line %d: missing aliased_dn in \"suffixAlias <alias> <aliased_dn>\" line\n",
453                                 fname, lineno, 0 );
454                                 return( 1 );
455                         } else if ( cargc > 3 ) {
456                                 Debug( LDAP_DEBUG_ANY,
457                                         "%s: line %d: extra cruft in suffixAlias line (ignored)\n",
458                                 fname, lineno, 0 );
459                         }
460
461                         if ( be == NULL ) {
462                                 Debug( LDAP_DEBUG_ANY,
463                                         "%s: line %d: suffixAlias line"
464                                         " must appear inside a database definition (ignored)\n",
465                                         fname, lineno, 0 );
466                         } else if ( (tmp_be = select_backend( cargv[1] )) != NULL ) {
467                                 Debug( LDAP_DEBUG_ANY,
468                                         "%s: line %d: suffixAlias served by"
469                                         "  a preceeding backend \"%s\" (ignored)\n",
470                                         fname, lineno, tmp_be->be_suffix[0] );
471
472                         } else if ( (tmp_be = select_backend( cargv[2] )) != NULL ) {
473                                 Debug( LDAP_DEBUG_ANY,
474                                         "%s: line %d: suffixAlias derefs to differnet backend"
475                                         "  a preceeding backend \"%s\" (ignored)\n",
476                                         fname, lineno, tmp_be->be_suffix[0] );
477
478                         } else {
479                                 char *alias, *aliased_dn;
480
481                                 alias = ch_strdup( cargv[1] );
482                                 (void) dn_normalize( alias );
483
484                                 aliased_dn = ch_strdup( cargv[2] );
485                                 (void) dn_normalize( aliased_dn );
486
487                                 charray_add( &be->be_suffixAlias, alias );
488                                 charray_add( &be->be_suffixAlias, aliased_dn );
489
490                                 free(alias);
491                                 free(aliased_dn);
492                         }
493
494                /* set max deref depth */
495                } else if ( strcasecmp( cargv[0], "maxDerefDepth" ) == 0 ) {
496                                         int i;
497                        if ( cargc < 2 ) {
498                                Debug( LDAP_DEBUG_ANY,
499                    "%s: line %d: missing depth in \"maxDerefDepth <depth>\" line\n",
500                                    fname, lineno, 0 );
501                                return( 1 );
502                        }
503                        if ( be == NULL ) {
504                                Debug( LDAP_DEBUG_ANY,
505 "%s: line %d: depth line must appear inside a database definition (ignored)\n",
506                                    fname, lineno, 0 );
507                        } else if ((i = atoi(cargv[1])) < 0) {
508                                Debug( LDAP_DEBUG_ANY,
509 "%s: line %d: depth must be positive (ignored)\n",
510                                    fname, lineno, 0 );
511
512                        } else {
513                            be->be_max_deref_depth = i;
514                                            }
515
516
517                 /* set magic "root" dn for this database */
518                 } else if ( strcasecmp( cargv[0], "rootdn" ) == 0 ) {
519                         if ( cargc < 2 ) {
520                                 Debug( LDAP_DEBUG_ANY,
521                     "%s: line %d: missing dn in \"rootdn <dn>\" line\n",
522                                     fname, lineno, 0 );
523                                 return( 1 );
524                         }
525                         if ( be == NULL ) {
526                                 Debug( LDAP_DEBUG_ANY,
527 "%s: line %d: rootdn line must appear inside a database definition (ignored)\n",
528                                     fname, lineno, 0 );
529                         } else {
530                                 be->be_root_dn = ch_strdup( cargv[1] );
531                                 be->be_root_ndn = ch_strdup( cargv[1] );
532
533                                 if( dn_normalize( be->be_root_ndn ) == NULL ) {
534                                         free( be->be_root_dn );
535                                         free( be->be_root_ndn );
536                                         Debug( LDAP_DEBUG_ANY,
537 "%s: line %d: rootdn DN is invalid\n",
538                                            fname, lineno, 0 );
539                                         return( 1 );
540                                 }
541                         }
542
543                 /* set super-secret magic database password */
544                 } else if ( strcasecmp( cargv[0], "rootpw" ) == 0 ) {
545                         if ( cargc < 2 ) {
546                                 Debug( LDAP_DEBUG_ANY,
547             "%s: line %d: missing passwd in \"rootpw <passwd>\" line\n",
548                                     fname, lineno, 0 );
549                                 return( 1 );
550                         }
551                         if ( be == NULL ) {
552                                 Debug( LDAP_DEBUG_ANY,
553 "%s: line %d: rootpw line must appear inside a database definition (ignored)\n",
554                                     fname, lineno, 0 );
555                         } else {
556                                 be->be_root_pw.bv_val = ch_strdup( cargv[1] );
557                                 be->be_root_pw.bv_len = strlen( be->be_root_pw.bv_val );
558                         }
559
560                 /* make this database read-only */
561                 } else if ( strcasecmp( cargv[0], "readonly" ) == 0 ) {
562                         if ( cargc < 2 ) {
563                                 Debug( LDAP_DEBUG_ANY,
564             "%s: line %d: missing on|off in \"readonly <on|off>\" line\n",
565                                     fname, lineno, 0 );
566                                 return( 1 );
567                         }
568                         if ( be == NULL ) {
569                                 if ( strcasecmp( cargv[1], "on" ) == 0 ) {
570                                         global_restrictops |= SLAP_RESTRICT_OP_WRITES;
571                                 } else {
572                                         global_restrictops &= ~SLAP_RESTRICT_OP_WRITES;
573                                 }
574                         } else {
575                                 if ( strcasecmp( cargv[1], "on" ) == 0 ) {
576                                         be->be_restrictops |= SLAP_RESTRICT_OP_WRITES;
577                                 } else {
578                                         be->be_restrictops &= ~SLAP_RESTRICT_OP_WRITES;
579                                 }
580                         }
581
582
583                 /* allow these features */
584                 } else if ( strcasecmp( cargv[0], "allows" ) == 0 ||
585                         strcasecmp( cargv[0], "allow" ) == 0 )
586                 {
587                         slap_mask_t     allows;
588
589                         if ( be != NULL ) {
590                                 Debug( LDAP_DEBUG_ANY,
591 "%s: line %d: allow line must appear prior to database definitions\n",
592                                     fname, lineno, 0 );
593                         }
594
595                         if ( cargc < 2 ) {
596                                 Debug( LDAP_DEBUG_ANY,
597             "%s: line %d: missing feature(s) in \"allow <features>\" line\n",
598                                     fname, lineno, 0 );
599                                 return( 1 );
600                         }
601
602                         allows = 0;
603
604                         for( i=1; i < cargc; i++ ) {
605                                 if( strcasecmp( cargv[i], "tls_2_anon" ) == 0 ) {
606                                         allows |= SLAP_ALLOW_TLS_2_ANON;
607
608                                 } else if( strcasecmp( cargv[i], "none" ) != 0 ) {
609                                         Debug( LDAP_DEBUG_ANY,
610                     "%s: line %d: unknown feature %s in \"allow <features>\" line\n",
611                                             fname, lineno, cargv[i] );
612                                         return( 1 );
613                                 }
614                         }
615
616                         global_allows = allows;
617
618                 /* disallow these features */
619                 } else if ( strcasecmp( cargv[0], "disallows" ) == 0 ||
620                         strcasecmp( cargv[0], "disallow" ) == 0 )
621                 {
622                         slap_mask_t     disallows;
623
624                         if ( be != NULL ) {
625                                 Debug( LDAP_DEBUG_ANY,
626 "%s: line %d: disallow line must appear prior to database definitions\n",
627                                     fname, lineno, 0 );
628                         }
629
630                         if ( cargc < 2 ) {
631                                 Debug( LDAP_DEBUG_ANY,
632             "%s: line %d: missing feature(s) in \"disallow <features>\" line\n",
633                                     fname, lineno, 0 );
634                                 return( 1 );
635                         }
636
637                         disallows = 0;
638
639                         for( i=1; i < cargc; i++ ) {
640                                 if( strcasecmp( cargv[i], "bind_v2" ) == 0 ) {
641                                         disallows |= SLAP_DISALLOW_BIND_V2;
642
643                                 } else if( strcasecmp( cargv[i], "bind_anon" ) == 0 ) {
644                                         disallows |= SLAP_DISALLOW_BIND_ANON;
645
646                                 } else if( strcasecmp( cargv[i], "bind_anon_cred" ) == 0 ) {
647                                         disallows |= SLAP_DISALLOW_BIND_ANON_CRED;
648
649                                 } else if( strcasecmp( cargv[i], "bind_anon_dn" ) == 0 ) {
650                                         disallows |= SLAP_DISALLOW_BIND_ANON_DN;
651
652                                 } else if( strcasecmp( cargv[i], "bind_simple" ) == 0 ) {
653                                         disallows |= SLAP_DISALLOW_BIND_SIMPLE;
654
655                                 } else if( strcasecmp( cargv[i], "bind_krbv4" ) == 0 ) {
656                                         disallows |= SLAP_DISALLOW_BIND_KRBV4;
657
658                                 } else if( strcasecmp( cargv[i], "tls_authc" ) == 0 ) {
659                                         disallows |= SLAP_DISALLOW_TLS_AUTHC;
660
661                                 } else if( strcasecmp( cargv[i], "none" ) != 0 ) {
662                                         Debug( LDAP_DEBUG_ANY,
663                     "%s: line %d: unknown feature %s in \"disallow <features>\" line\n",
664                                             fname, lineno, cargv[i] );
665                                         return( 1 );
666                                 }
667                         }
668
669                         global_disallows = disallows;
670
671                 /* require these features */
672                 } else if ( strcasecmp( cargv[0], "requires" ) == 0 ||
673                         strcasecmp( cargv[0], "require" ) == 0 )
674                 {
675                         slap_mask_t     requires;
676
677                         if ( cargc < 2 ) {
678                                 Debug( LDAP_DEBUG_ANY,
679             "%s: line %d: missing feature(s) in \"require <features>\" line\n",
680                                     fname, lineno, 0 );
681                                 return( 1 );
682                         }
683
684                         requires = 0;
685
686                         for( i=1; i < cargc; i++ ) {
687                                 if( strcasecmp( cargv[i], "bind" ) == 0 ) {
688                                         requires |= SLAP_REQUIRE_BIND;
689
690                                 } else if( strcasecmp( cargv[i], "LDAPv3" ) == 0 ) {
691                                         requires |= SLAP_REQUIRE_LDAP_V3;
692
693                                 } else if( strcasecmp( cargv[i], "authc" ) == 0 ) {
694                                         requires |= SLAP_REQUIRE_AUTHC;
695
696                                 } else if( strcasecmp( cargv[i], "SASL" ) == 0 ) {
697                                         requires |= SLAP_REQUIRE_SASL;
698
699                                 } else if( strcasecmp( cargv[i], "strong" ) == 0 ) {
700                                         requires |= SLAP_REQUIRE_STRONG;
701
702                                 } else if( strcasecmp( cargv[i], "none" ) != 0 ) {
703                                         Debug( LDAP_DEBUG_ANY,
704                     "%s: line %d: unknown feature %s in \"require <features>\" line\n",
705                                             fname, lineno, cargv[i] );
706                                         return( 1 );
707                                 }
708                         }
709
710                         if ( be == NULL ) {
711                                 global_requires = requires;
712                         } else {
713                                 be->be_requires = requires;
714                         }
715
716                 /* required security factors */
717                 } else if ( strcasecmp( cargv[0], "security" ) == 0 ) {
718                         slap_ssf_set_t *set;
719
720                         if ( cargc < 2 ) {
721                                 Debug( LDAP_DEBUG_ANY,
722             "%s: line %d: missing factor(s) in \"security <factors>\" line\n",
723                                     fname, lineno, 0 );
724                                 return( 1 );
725                         }
726
727                         if ( be == NULL ) {
728                                 set = &global_ssf_set;
729                         } else {
730                                 set = &be->be_ssf_set;
731                         }
732
733                         for( i=1; i < cargc; i++ ) {
734                                 if( strncasecmp( cargv[i], "ssf=",
735                                         sizeof("ssf") ) == 0 )
736                                 {
737                                         set->sss_ssf =
738                                                 atoi( &cargv[i][sizeof("ssf")] );
739
740                                 } else if( strncasecmp( cargv[i], "transport=",
741                                         sizeof("transport") ) == 0 )
742                                 {
743                                         set->sss_transport =
744                                                 atoi( &cargv[i][sizeof("transport")] );
745
746                                 } else if( strncasecmp( cargv[i], "tls=",
747                                         sizeof("tls") ) == 0 )
748                                 {
749                                         set->sss_tls =
750                                                 atoi( &cargv[i][sizeof("tls")] );
751
752                                 } else if( strncasecmp( cargv[i], "sasl=",
753                                         sizeof("sasl") ) == 0 )
754                                 {
755                                         set->sss_sasl =
756                                                 atoi( &cargv[i][sizeof("sasl")] );
757
758                                 } else if( strncasecmp( cargv[i], "update_ssf=",
759                                         sizeof("update_ssf") ) == 0 )
760                                 {
761                                         set->sss_update_ssf =
762                                                 atoi( &cargv[i][sizeof("update_ssf")] );
763
764                                 } else if( strncasecmp( cargv[i], "update_transport=",
765                                         sizeof("update_transport") ) == 0 )
766                                 {
767                                         set->sss_update_transport =
768                                                 atoi( &cargv[i][sizeof("update_transport")] );
769
770                                 } else if( strncasecmp( cargv[i], "update_tls=",
771                                         sizeof("update_tls") ) == 0 )
772                                 {
773                                         set->sss_update_tls =
774                                                 atoi( &cargv[i][sizeof("update_tls")] );
775
776                                 } else if( strncasecmp( cargv[i], "update_sasl=",
777                                         sizeof("update_sasl") ) == 0 )
778                                 {
779                                         set->sss_update_sasl =
780                                                 atoi( &cargv[i][sizeof("update_sasl")] );
781
782                                 } else {
783                                         Debug( LDAP_DEBUG_ANY,
784                     "%s: line %d: unknown factor %s in \"security <factors>\" line\n",
785                                             fname, lineno, cargv[i] );
786                                         return( 1 );
787                                 }
788                         }
789
790                 
791                 /* where to send clients when we don't hold it */
792                 } else if ( strcasecmp( cargv[0], "referral" ) == 0 ) {
793                         if ( cargc < 2 ) {
794                                 Debug( LDAP_DEBUG_ANY,
795                     "%s: line %d: missing URL in \"referral <URL>\" line\n",
796                                     fname, lineno, 0 );
797                                 return( 1 );
798                         }
799
800                         vals[0]->bv_val = cargv[1];
801                         vals[0]->bv_len = strlen( vals[0]->bv_val );
802                         value_add( &default_referral, vals );
803
804                 /* specify an Object Identifier macro */
805                 } else if ( strcasecmp( cargv[0], "objectidentifier" ) == 0 ) {
806                         parse_oidm( fname, lineno, cargc, cargv );
807
808                 /* specify an objectclass */
809                 } else if ( strcasecmp( cargv[0], "objectclass" ) == 0 ) {
810                         if ( *cargv[1] == '(' ) {
811                                 char * p;
812                                 p = strchr(saveline,'(');
813                                 parse_oc( fname, lineno, p, cargv );
814                         } else {
815                                 Debug( LDAP_DEBUG_ANY,
816     "%s: line %d: old objectclass format not supported.\n",
817                                     fname, lineno, 0 );
818                         }
819
820                 /* specify an attribute type */
821                 } else if (( strcasecmp( cargv[0], "attributetype" ) == 0 )
822                         || ( strcasecmp( cargv[0], "attribute" ) == 0 ))
823                 {
824                         if ( *cargv[1] == '(' ) {
825                                 char * p;
826                                 p = strchr(saveline,'(');
827                                 parse_at( fname, lineno, p, cargv );
828                         } else {
829                                 Debug( LDAP_DEBUG_ANY,
830     "%s: line %d: old attribute type format not supported.\n",
831                                     fname, lineno, 0 );
832                         }
833
834                 /* turn on/off schema checking */
835                 } else if ( strcasecmp( cargv[0], "schemacheck" ) == 0 ) {
836                         if ( cargc < 2 ) {
837                                 Debug( LDAP_DEBUG_ANY,
838     "%s: line %d: missing on|off in \"schemacheck <on|off>\" line\n",
839                                     fname, lineno, 0 );
840                                 return( 1 );
841                         }
842                         if ( strcasecmp( cargv[1], "off" ) == 0 ) {
843                                 global_schemacheck = 0;
844                         } else {
845                                 global_schemacheck = 1;
846                         }
847
848                 /* specify access control info */
849                 } else if ( strcasecmp( cargv[0], "access" ) == 0 ) {
850                         parse_acl( be, fname, lineno, cargc, cargv );
851
852                 /* specify default access control info */
853                 } else if ( strcasecmp( cargv[0], "defaultaccess" ) == 0 ) {
854                         slap_access_t access;
855
856                         if ( cargc < 2 ) {
857                                 Debug( LDAP_DEBUG_ANY,
858             "%s: line %d: missing limit in \"defaultaccess <access>\" line\n",
859                                     fname, lineno, 0 );
860                                 return( 1 );
861                         }
862
863                         access = str2access( cargv[1] );
864
865                         if ( access == ACL_INVALID_ACCESS ) {
866                                 Debug( LDAP_DEBUG_ANY,
867                                         "%s: line %d: bad access level \"%s\", "
868                                         "expecting none|auth|compare|search|read|write\n",
869                                     fname, lineno, cargv[1] );
870                                 return( 1 );
871                         }
872
873                         if ( be == NULL ) {
874                                 global_default_access = access;
875                         } else {
876                                 be->be_dfltaccess = access;
877                         }
878
879                 /* debug level to log things to syslog */
880                 } else if ( strcasecmp( cargv[0], "loglevel" ) == 0 ) {
881                         if ( cargc < 2 ) {
882                                 Debug( LDAP_DEBUG_ANY,
883                     "%s: line %d: missing level in \"loglevel <level>\" line\n",
884                                     fname, lineno, 0 );
885                                 return( 1 );
886                         }
887
888                         ldap_syslog = 0;
889
890                         for( i=1; i < cargc; i++ ) {
891                                 ldap_syslog += atoi( cargv[1] );
892                         }
893
894                 /* list of replicas of the data in this backend (master only) */
895                 } else if ( strcasecmp( cargv[0], "replica" ) == 0 ) {
896                         if ( cargc < 2 ) {
897                                 Debug( LDAP_DEBUG_ANY,
898             "%s: line %d: missing host in \"replica <host[:port]>\" line\n",
899                                     fname, lineno, 0 );
900                                 return( 1 );
901                         }
902                         if ( be == NULL ) {
903                                 Debug( LDAP_DEBUG_ANY,
904 "%s: line %d: replica line must appear inside a database definition (ignored)\n",
905                                     fname, lineno, 0 );
906                         } else {
907                                 for ( i = 1; i < cargc; i++ ) {
908                                         if ( strncasecmp( cargv[i], "host=", 5 )
909                                             == 0 ) {
910                                                 charray_add( &be->be_replica,
911                                                              cargv[i] + 5 );
912                                                 break;
913                                         }
914                                 }
915                                 if ( i == cargc ) {
916                                         Debug( LDAP_DEBUG_ANY,
917                     "%s: line %d: missing host in \"replica\" line (ignored)\n",
918                                             fname, lineno, 0 );
919                                 }
920                         }
921
922                 /* dn of master entity allowed to write to replica */
923                 } else if ( strcasecmp( cargv[0], "updatedn" ) == 0 ) {
924                         if ( cargc < 2 ) {
925                                 Debug( LDAP_DEBUG_ANY,
926                     "%s: line %d: missing dn in \"updatedn <dn>\" line\n",
927                                     fname, lineno, 0 );
928                                 return( 1 );
929                         }
930                         if ( be == NULL ) {
931                                 Debug( LDAP_DEBUG_ANY,
932 "%s: line %d: updatedn line must appear inside a database definition (ignored)\n",
933                                     fname, lineno, 0 );
934                         } else {
935                                 be->be_update_ndn = ch_strdup( cargv[1] );
936                                 if( dn_normalize( be->be_update_ndn ) == NULL ) {
937                                         Debug( LDAP_DEBUG_ANY,
938 "%s: line %d: updatedn DN is invalid\n",
939                                             fname, lineno, 0 );
940                                         return 1;
941                                 }
942                         }
943
944                 } else if ( strcasecmp( cargv[0], "updateref" ) == 0 ) {
945                         if ( cargc < 2 ) {
946                                 Debug( LDAP_DEBUG_ANY,
947                     "%s: line %d: missing dn in \"updateref <ldapurl>\" line\n",
948                                     fname, lineno, 0 );
949                                 return( 1 );
950                         }
951                         if ( be == NULL ) {
952                                 Debug( LDAP_DEBUG_ANY,
953 "%s: line %d: updateref line must appear inside a database definition (ignored)\n",
954                                     fname, lineno, 0 );
955                         } else if ( be->be_update_ndn == NULL ) {
956                                 Debug( LDAP_DEBUG_ANY,
957 "%s: line %d: updateref line must after updatedn (ignored)\n",
958                                     fname, lineno, 0 );
959                         } else {
960                                 vals[0]->bv_val = cargv[1];
961                                 vals[0]->bv_len = strlen( vals[0]->bv_val );
962                                 value_add( &be->be_update_refs, vals );
963                         }
964
965                 /* replication log file to which changes are appended */
966                 } else if ( strcasecmp( cargv[0], "replogfile" ) == 0 ) {
967                         if ( cargc < 2 ) {
968                                 Debug( LDAP_DEBUG_ANY,
969             "%s: line %d: missing dn in \"replogfile <filename>\" line\n",
970                                     fname, lineno, 0 );
971                                 return( 1 );
972                         }
973                         if ( be ) {
974                                 be->be_replogfile = ch_strdup( cargv[1] );
975                         } else {
976                                 replogfile = ch_strdup( cargv[1] );
977                         }
978
979                 /* maintain lastmodified{by,time} attributes */
980                 } else if ( strcasecmp( cargv[0], "lastmod" ) == 0 ) {
981                         if ( cargc < 2 ) {
982                                 Debug( LDAP_DEBUG_ANY,
983             "%s: line %d: missing on|off in \"lastmod <on|off>\" line\n",
984                                     fname, lineno, 0 );
985                                 return( 1 );
986                         }
987                         if ( strcasecmp( cargv[1], "on" ) == 0 ) {
988                                 if ( be )
989                                         be->be_lastmod = ON;
990                                 else
991                                         global_lastmod = ON;
992                         } else {
993                                 if ( be )
994                                         be->be_lastmod = OFF;
995                                 else
996                                         global_lastmod = OFF;
997                         }
998
999                 /* set idle timeout value */
1000                 } else if ( strcasecmp( cargv[0], "idletimeout" ) == 0 ) {
1001                         int i;
1002                         if ( cargc < 2 ) {
1003                                 Debug( LDAP_DEBUG_ANY,
1004             "%s: line %d: missing timeout value in \"idletimeout <seconds>\" line\n",
1005                                     fname, lineno, 0 );
1006                                 return( 1 );
1007                         }
1008
1009                         i = atoi( cargv[1] );
1010
1011                         if( i < 0 ) {
1012                                 Debug( LDAP_DEBUG_ANY,
1013             "%s: line %d: timeout value (%d) invalid \"idletimeout <seconds>\" line\n",
1014                                     fname, lineno, i );
1015                                 return( 1 );
1016                         }
1017
1018                         global_idletimeout = i;
1019
1020                 /* include another config file */
1021                 } else if ( strcasecmp( cargv[0], "include" ) == 0 ) {
1022                         if ( cargc < 2 ) {
1023                                 Debug( LDAP_DEBUG_ANY,
1024     "%s: line %d: missing filename in \"include <filename>\" line\n",
1025                                     fname, lineno, 0 );
1026                                 return( 1 );
1027                         }
1028                         savefname = ch_strdup( cargv[1] );
1029                         savelineno = lineno;
1030
1031                         if ( read_config( savefname ) != 0 ) {
1032                                 return( 1 );
1033                         }
1034
1035                         free( savefname );
1036                         lineno = savelineno - 1;
1037
1038                 /* location of kerberos srvtab file */
1039                 } else if ( strcasecmp( cargv[0], "srvtab" ) == 0 ) {
1040                         if ( cargc < 2 ) {
1041                                 Debug( LDAP_DEBUG_ANY,
1042             "%s: line %d: missing filename in \"srvtab <filename>\" line\n",
1043                                     fname, lineno, 0 );
1044                                 return( 1 );
1045                         }
1046                         ldap_srvtab = ch_strdup( cargv[1] );
1047
1048 #ifdef SLAPD_MODULES
1049                 } else if (strcasecmp( cargv[0], "moduleload") == 0 ) {
1050                    if ( cargc < 2 ) {
1051                       Debug( LDAP_DEBUG_ANY,
1052                              "%s: line %d: missing filename in \"moduleload <filename>\" line\n",
1053                              fname, lineno, 0 );
1054                       exit( EXIT_FAILURE );
1055                    }
1056                    if (module_load(cargv[1], cargc - 2, (cargc > 2) ? cargv + 2 : NULL)) {
1057                       Debug( LDAP_DEBUG_ANY,
1058                              "%s: line %d: failed to load or initialize module %s\n",
1059                              fname, lineno, cargv[1]);
1060                       exit( EXIT_FAILURE );
1061                    }
1062                 } else if (strcasecmp( cargv[0], "modulepath") == 0 ) {
1063                    if ( cargc != 2 ) {
1064                       Debug( LDAP_DEBUG_ANY,
1065                              "%s: line %d: missing path in \"modulepath <path>\" line\n",
1066                              fname, lineno, 0 );
1067                       exit( EXIT_FAILURE );
1068                    }
1069                    if (module_path( cargv[1] )) {
1070                       Debug( LDAP_DEBUG_ANY,
1071                              "%s: line %d: failed to set module search path to %s\n",
1072                              fname, lineno, cargv[1]);
1073                       exit( EXIT_FAILURE );
1074                    }
1075                    
1076 #endif /*SLAPD_MODULES*/
1077
1078 #ifdef HAVE_TLS
1079                 } else if ( !strcasecmp( cargv[0], "TLSProtocol" ) ) {
1080                         rc = ldap_pvt_tls_set_option( NULL,
1081                                                       LDAP_OPT_X_TLS_PROTOCOL,
1082                                                       cargv[1] );
1083                         if ( rc )
1084                                 return rc;
1085
1086                 } else if ( !strcasecmp( cargv[0], "TLSCipherSuite" ) ) {
1087                         rc = ldap_pvt_tls_set_option( NULL,
1088                                                       LDAP_OPT_X_TLS_CIPHER_SUITE,
1089                                                       cargv[1] );
1090                         if ( rc )
1091                                 return rc;
1092
1093                 } else if ( !strcasecmp( cargv[0], "TLSCertificateFile" ) ) {
1094                         rc = ldap_pvt_tls_set_option( NULL,
1095                                                       LDAP_OPT_X_TLS_CERTFILE,
1096                                                       cargv[1] );
1097                         if ( rc )
1098                                 return rc;
1099
1100                 } else if ( !strcasecmp( cargv[0], "TLSCertificateKeyFile" ) ) {
1101                         rc = ldap_pvt_tls_set_option( NULL,
1102                                                       LDAP_OPT_X_TLS_KEYFILE,
1103                                                       cargv[1] );
1104                         if ( rc )
1105                                 return rc;
1106
1107                 } else if ( !strcasecmp( cargv[0], "TLSCACertificatePath" ) ) {
1108                         rc = ldap_pvt_tls_set_option( NULL,
1109                                                       LDAP_OPT_X_TLS_CACERTDIR,
1110                                                       cargv[1] );
1111                         if ( rc )
1112                                 return rc;
1113
1114                 } else if ( !strcasecmp( cargv[0], "TLSCACertificateFile" ) ) {
1115                         rc = ldap_pvt_tls_set_option( NULL,
1116                                                       LDAP_OPT_X_TLS_CACERTFILE,
1117                                                       cargv[1] );
1118                         if ( rc )
1119                                 return rc;
1120                 } else if ( !strcasecmp( cargv[0], "TLSVerifyClient" ) ) {
1121                         rc = ldap_pvt_tls_set_option( NULL,
1122                                                       LDAP_OPT_X_TLS_REQUIRE_CERT,
1123                                                       cargv[1] );
1124                         if ( rc )
1125                                 return rc;
1126
1127 #endif
1128
1129                 /* pass anything else to the current backend info/db config routine */
1130                 } else {
1131                         if ( bi != NULL ) {
1132                                 if ( bi->bi_config == 0 ) {
1133                                         Debug( LDAP_DEBUG_ANY,
1134 "%s: line %d: unknown directive \"%s\" inside backend info definition (ignored)\n",
1135                                                 fname, lineno, cargv[0] );
1136                                 } else {
1137                                         if ( (*bi->bi_config)( bi, fname, lineno, cargc, cargv )
1138                                                 != 0 )
1139                                         {
1140                                                 return( 1 );
1141                                         }
1142                                 }
1143                         } else if ( be != NULL ) {
1144                                 if ( be->be_config == 0 ) {
1145                                         Debug( LDAP_DEBUG_ANY,
1146 "%s: line %d: unknown directive \"%s\" inside backend database definition (ignored)\n",
1147                                         fname, lineno, cargv[0] );
1148                                 } else {
1149                                         if ( (*be->be_config)( be, fname, lineno, cargc, cargv )
1150                                                 != 0 )
1151                                         {
1152                                                 return( 1 );
1153                                         }
1154                                 }
1155                         } else {
1156                                 Debug( LDAP_DEBUG_ANY,
1157 "%s: line %d: unknown directive \"%s\" outside backend info and database definitions (ignored)\n",
1158                                     fname, lineno, cargv[0] );
1159                         }
1160                 }
1161                 free( saveline );
1162         }
1163         fclose( fp );
1164         return( 0 );
1165 }
1166
1167 static int
1168 fp_parse_line(
1169     char        *line,
1170     int         *argcp,
1171     char        **argv
1172 )
1173 {
1174         char *  token;
1175
1176         *argcp = 0;
1177         for ( token = strtok_quote( line, " \t" ); token != NULL;
1178             token = strtok_quote( NULL, " \t" ) ) {
1179                 if ( *argcp == MAXARGS ) {
1180                         Debug( LDAP_DEBUG_ANY, "Too many tokens (max %d)\n",
1181                             MAXARGS, 0, 0 );
1182                         return( 1 );
1183                 }
1184                 argv[(*argcp)++] = token;
1185         }
1186         argv[*argcp] = NULL;
1187         return 0;
1188 }
1189
1190 static char *
1191 strtok_quote( char *line, char *sep )
1192 {
1193         int             inquote;
1194         char            *tmp;
1195         static char     *next;
1196
1197         if ( line != NULL ) {
1198                 next = line;
1199         }
1200         while ( *next && strchr( sep, *next ) ) {
1201                 next++;
1202         }
1203
1204         if ( *next == '\0' ) {
1205                 next = NULL;
1206                 return( NULL );
1207         }
1208         tmp = next;
1209
1210         for ( inquote = 0; *next; ) {
1211                 switch ( *next ) {
1212                 case '"':
1213                         if ( inquote ) {
1214                                 inquote = 0;
1215                         } else {
1216                                 inquote = 1;
1217                         }
1218                         AC_MEMCPY( next, next + 1, strlen( next + 1 ) + 1 );
1219                         break;
1220
1221                 case '\\':
1222                         if ( next[1] )
1223                                 AC_MEMCPY( next,
1224                                             next + 1, strlen( next + 1 ) + 1 );
1225                         next++;         /* dont parse the escaped character */
1226                         break;
1227
1228                 default:
1229                         if ( ! inquote ) {
1230                                 if ( strchr( sep, *next ) != NULL ) {
1231                                         *next++ = '\0';
1232                                         return( tmp );
1233                                 }
1234                         }
1235                         next++;
1236                         break;
1237                 }
1238         }
1239
1240         return( tmp );
1241 }
1242
1243 static char     buf[BUFSIZ];
1244 static char     *line;
1245 static int      lmax, lcur;
1246
1247 #define CATLINE( buf )  { \
1248         int     len; \
1249         len = strlen( buf ); \
1250         while ( lcur + len + 1 > lmax ) { \
1251                 lmax += BUFSIZ; \
1252                 line = (char *) ch_realloc( line, lmax ); \
1253         } \
1254         strcpy( line + lcur, buf ); \
1255         lcur += len; \
1256 }
1257
1258 static char *
1259 fp_getline( FILE *fp, int *lineno )
1260 {
1261         char            *p;
1262
1263         lcur = 0;
1264         CATLINE( buf );
1265         (*lineno)++;
1266
1267         /* hack attack - keeps us from having to keep a stack of bufs... */
1268         if ( strncasecmp( line, "include", 7 ) == 0 ) {
1269                 buf[0] = '\0';
1270                 return( line );
1271         }
1272
1273         while ( fgets( buf, sizeof(buf), fp ) != NULL ) {
1274                 if ( (p = strchr( buf, '\n' )) != NULL ) {
1275                         *p = '\0';
1276                 }
1277                 if ( ! isspace( (unsigned char) buf[0] ) ) {
1278                         return( line );
1279                 }
1280
1281                 CATLINE( buf );
1282                 (*lineno)++;
1283         }
1284         buf[0] = '\0';
1285
1286         return( line[0] ? line : NULL );
1287 }
1288
1289 static void
1290 fp_getline_init( int *lineno )
1291 {
1292         *lineno = -1;
1293         buf[0] = '\0';
1294 }