]> git.sur5r.net Git - openldap/blob - servers/slapd/config.c
2b9a05f920482cd57ca4d7b95a9666d7066ef50b
[openldap] / servers / slapd / config.c
1 /* config.c - configuration file handling routines */
2
3 #include "portable.h"
4
5 #include <stdio.h>
6 #ifdef HAVE_LOCALE_H
7 #include <locale.h>
8 #endif
9
10 #include <ac/string.h>
11 #include <ac/ctype.h>
12 #include <ac/socket.h>
13
14 #include "ldap_defaults.h"
15 #include "slap.h"
16
17 #define MAXARGS 100
18
19 /*
20  * defaults for various global variables
21  */
22 int             defsize = SLAPD_DEFAULT_SIZELIMIT;
23 int             deftime = SLAPD_DEFAULT_TIMELIMIT;
24 struct acl      *global_acl = NULL;
25 int             global_default_access = ACL_READ;
26 char            *replogfile;
27 int             global_lastmod;
28 int             global_idletimeout = 0;
29 char    *global_realm = NULL;
30 char            *ldap_srvtab = "";
31
32 char   *slapd_pid_file  = NULL;
33 char   *slapd_args_file = NULL;
34
35 static char     *fp_getline(FILE *fp, int *lineno);
36 static void     fp_getline_init(int *lineno);
37 static int      fp_parse_line(char *line, int *argcp, char **argv);
38
39 static char     *strtok_quote(char *line, char *sep);
40
41 int
42 read_config( char *fname )
43 {
44         FILE    *fp;
45         char    *line, *savefname, *saveline;
46         int     cargc, savelineno;
47         char    *cargv[MAXARGS];
48         int     lineno, i, rc;
49
50         static BackendInfo *bi = NULL;
51         static BackendDB        *be = NULL;
52
53         if ( (fp = fopen( fname, "r" )) == NULL ) {
54                 ldap_syslog = 1;
55                 Debug( LDAP_DEBUG_ANY,
56                     "could not open config file \"%s\" - absolute path?\n",
57                     fname, 0, 0 );
58                 perror( fname );
59                 return 1;
60         }
61
62         Debug( LDAP_DEBUG_CONFIG, "reading config file %s\n", fname, 0, 0 );
63
64         if ( schema_init( ) != 0 ) {
65                 Debug( LDAP_DEBUG_ANY,
66                     "error initializing the schema\n",
67                     0, 0, 0 );
68                 return( 1 );
69         }
70
71         fp_getline_init( &lineno );
72
73         while ( (line = fp_getline( fp, &lineno )) != NULL ) {
74                 /* skip comments and blank lines */
75                 if ( line[0] == '#' || line[0] == '\0' ) {
76                         continue;
77                 }
78
79                 Debug( LDAP_DEBUG_CONFIG, "line %d (%s)\n", lineno, line, 0 );
80
81                 /* fp_parse_line is destructive, we save a copy */
82                 saveline = ch_strdup( line );
83
84                 if ( fp_parse_line( line, &cargc, cargv ) != 0 ) {
85                         return( 1 );
86                 }
87
88                 if ( cargc < 1 ) {
89                         Debug( LDAP_DEBUG_ANY,
90                             "%s: line %d: bad config line (ignored)\n",
91                             fname, lineno, 0 );
92                         continue;
93                 }
94
95                 if ( strcasecmp( cargv[0], "backend" ) == 0 ) {
96                         if ( cargc < 2 ) {
97                                 Debug( LDAP_DEBUG_ANY,
98                 "%s: line %d: missing type in \"backend <type>\" line\n",
99                                     fname, lineno, 0 );
100                                 return( 1 );
101                         }
102
103                         if( be != NULL ) {
104                                 Debug( LDAP_DEBUG_ANY,
105 "%s: line %d: backend line must appear before any database definition\n",
106                                     fname, lineno, 0 );
107                                 return( 1 );
108                         }
109
110                         bi = backend_info( cargv[1] );
111
112                 /* start of a new database definition */
113                 } else if ( strcasecmp( cargv[0], "database" ) == 0 ) {
114                         if ( cargc < 2 ) {
115                                 Debug( LDAP_DEBUG_ANY,
116                 "%s: line %d: missing type in \"database <type>\" line\n",
117                                     fname, lineno, 0 );
118                                 return( 1 );
119                         }
120                         bi = NULL;
121                         be = backend_db_init( cargv[1] );
122
123                 /* assign a default depth limit for alias deref */
124                 be->be_maxDerefDepth = SLAPD_DEFAULT_MAXDEREFDEPTH; 
125
126                 /* get pid file name */
127                 } else if ( strcasecmp( cargv[0], "pidfile" ) == 0 ) {
128                         if ( cargc < 2 ) {
129                                 Debug( LDAP_DEBUG_ANY,
130             "%s: line %d: missing file name in \"pidfile <file>\" line\n",
131                                     fname, lineno, 0 );
132                                 return( 1 );
133                         }
134
135                         slapd_pid_file = ch_strdup( cargv[1] );
136
137                 /* get args file name */
138                 } else if ( strcasecmp( cargv[0], "argsfile" ) == 0 ) {
139                         if ( cargc < 2 ) {
140                                 Debug( LDAP_DEBUG_ANY,
141             "%s: line %d: missing file name in \"argsfile <file>\" line\n",
142                                     fname, lineno, 0 );
143                                 return( 1 );
144                         }
145
146                         slapd_args_file = ch_strdup( cargv[1] );
147
148                 /* set DIGEST realm */
149                 } else if ( strcasecmp( cargv[0], "digest-realm" ) == 0 ) {
150                         if ( cargc < 2 ) {
151                                 Debug( LDAP_DEBUG_ANY,
152             "%s: line %d: missing realm in \"digest-realm <realm>\" line\n",
153                                     fname, lineno, 0 );
154                                 return( 1 );
155                         }
156                         if ( be != NULL ) {
157                                 be->be_realm = ch_strdup( cargv[1] );
158
159                         } else if ( global_realm != NULL ) {
160                                 Debug( LDAP_DEBUG_ANY,
161                                         "%s: line %d: already set global realm!\n",
162                                         fname, lineno, 0 );
163                                 return 1;
164
165                         } else {
166                                 global_realm = ch_strdup( cargv[1] );
167                         }
168
169                 /* set time limit */
170                 } else if ( strcasecmp( cargv[0], "sizelimit" ) == 0 ) {
171                         if ( cargc < 2 ) {
172                                 Debug( LDAP_DEBUG_ANY,
173             "%s: line %d: missing limit in \"sizelimit <limit>\" line\n",
174                                     fname, lineno, 0 );
175                                 return( 1 );
176                         }
177                         if ( be == NULL ) {
178                                 defsize = atoi( cargv[1] );
179                         } else {
180                                 be->be_sizelimit = atoi( cargv[1] );
181                         }
182
183                 /* set time limit */
184                 } else if ( strcasecmp( cargv[0], "timelimit" ) == 0 ) {
185                         if ( cargc < 2 ) {
186                                 Debug( LDAP_DEBUG_ANY,
187             "%s: line %d: missing limit in \"timelimit <limit>\" line\n",
188                                     fname, lineno, 0 );
189                                 return( 1 );
190                         }
191                         if ( be == NULL ) {
192                                 deftime = atoi( cargv[1] );
193                         } else {
194                                 be->be_timelimit = atoi( cargv[1] );
195                         }
196
197                 /* set database suffix */
198                 } else if ( strcasecmp( cargv[0], "suffix" ) == 0 ) {
199                         if ( cargc < 2 ) {
200                                 Debug( LDAP_DEBUG_ANY,
201                     "%s: line %d: missing dn in \"suffix <dn>\" line\n",
202                                     fname, lineno, 0 );
203                                 return( 1 );
204                         } else if ( cargc > 2 ) {
205                                 Debug( LDAP_DEBUG_ANY,
206     "%s: line %d: extra cruft after <dn> in \"suffix %s\" line (ignored)\n",
207                                     fname, lineno, cargv[1] );
208                         }
209                         if ( be == NULL ) {
210                                 Debug( LDAP_DEBUG_ANY,
211 "%s: line %d: suffix line must appear inside a database definition (ignored)\n",
212                                     fname, lineno, 0 );
213                         } else {
214                                 char *dn = ch_strdup( cargv[1] );
215                                 (void) dn_normalize( dn );
216                                 charray_add( &be->be_suffix, dn );
217                                 (void) dn_upcase( dn );
218                                 charray_add( &be->be_nsuffix, dn );
219                                 free( dn );
220                         }
221
222                 /* set database suffixAlias */
223                 } else if ( strcasecmp( cargv[0], "suffixAlias" ) == 0 ) {
224                         if ( cargc < 2 ) {
225                                 Debug( LDAP_DEBUG_ANY,
226                     "%s: line %d: missing alias and aliased_dn in \"suffixAlias <alias> <aliased_dn>\" line\n",
227                                     fname, lineno, 0 );
228                                 return( 1 );
229                         } else if ( cargc < 3 ) {
230                                 Debug( LDAP_DEBUG_ANY,
231                     "%s: line %d: missing aliased_dn in \"suffixAlias <alias> <aliased_dn>\" line\n",
232                                     fname, lineno, 0 );
233                                 return( 1 );
234                         } else if ( cargc > 3 ) {
235                                 Debug( LDAP_DEBUG_ANY,
236     "%s: line %d: extra cruft in suffixAlias line (ignored)\n",
237                                     fname, lineno, 0 );
238                         }
239                         if ( be == NULL ) {
240                                 Debug( LDAP_DEBUG_ANY,
241 "%s: line %d: suffixAlias line must appear inside a database definition (ignored)\n",
242                                     fname, lineno, 0 );
243                         } else {
244                                 char *alias, *aliased_dn;
245
246                                                                 alias = ch_strdup( cargv[1] );
247                                 (void) dn_normalize( alias );
248
249                                 aliased_dn = ch_strdup( cargv[2] );
250                                 (void) dn_normalize( aliased_dn );
251
252
253                                                                 if ( strcasecmp( alias, aliased_dn) == 0 ) {
254                                         Debug( LDAP_DEBUG_ANY,
255 "%s: line %d: suffixAlias %s is not different from aliased dn (ignored)\n",
256                                     fname, lineno, alias );
257                                                                 } else {
258                                         (void) dn_normalize_case( alias );
259                                         (void) dn_normalize_case( aliased_dn );
260                                         charray_add( &be->be_suffixAlias, alias );
261                                         charray_add( &be->be_suffixAlias, aliased_dn );
262                                                                 }
263
264                                                                 free(alias);
265                                                                 free(aliased_dn);
266                         }
267
268                /* set max deref depth */
269                } else if ( strcasecmp( cargv[0], "maxDerefDepth" ) == 0 ) {
270                        if ( cargc < 2 ) {
271                                Debug( LDAP_DEBUG_ANY,
272                    "%s: line %d: missing depth in \"maxDerefDepth <depth>\" line\n",
273                                    fname, lineno, 0 );
274                                return( 1 );
275                        }
276                        if ( be == NULL ) {
277                                Debug( LDAP_DEBUG_ANY,
278 "%s: line %d: depth line must appear inside a database definition (ignored)\n",
279                                    fname, lineno, 0 );
280                        } else {
281                            be->be_maxDerefDepth = atoi (cargv[1]);
282                        }
283
284
285                 /* set magic "root" dn for this database */
286                 } else if ( strcasecmp( cargv[0], "rootdn" ) == 0 ) {
287                         if ( cargc < 2 ) {
288                                 Debug( LDAP_DEBUG_ANY,
289                     "%s: line %d: missing dn in \"rootdn <dn>\" line\n",
290                                     fname, lineno, 0 );
291                                 return( 1 );
292                         }
293                         if ( be == NULL ) {
294                                 Debug( LDAP_DEBUG_ANY,
295 "%s: line %d: rootdn line must appear inside a database definition (ignored)\n",
296                                     fname, lineno, 0 );
297                         } else {
298                                 be->be_root_dn = ch_strdup( cargv[1] );
299                                 be->be_root_ndn = dn_normalize_case( ch_strdup( cargv[1] ) );
300                         }
301
302                 /* set super-secret magic database password */
303                 } else if ( strcasecmp( cargv[0], "rootpw" ) == 0 ) {
304                         if ( cargc < 2 ) {
305                                 Debug( LDAP_DEBUG_ANY,
306             "%s: line %d: missing passwd in \"rootpw <passwd>\" line\n",
307                                     fname, lineno, 0 );
308                                 return( 1 );
309                         }
310                         if ( be == NULL ) {
311                                 Debug( LDAP_DEBUG_ANY,
312 "%s: line %d: rootpw line must appear inside a database definition (ignored)\n",
313                                     fname, lineno, 0 );
314                         } else {
315                                 be->be_root_pw = ch_strdup( cargv[1] );
316                         }
317
318                 /* make this database read-only */
319                 } else if ( strcasecmp( cargv[0], "readonly" ) == 0 ) {
320                         if ( cargc < 2 ) {
321                                 Debug( LDAP_DEBUG_ANY,
322             "%s: line %d: missing on|off in \"readonly <on|off>\" line\n",
323                                     fname, lineno, 0 );
324                                 return( 1 );
325                         }
326                         if ( be == NULL ) {
327                                 Debug( LDAP_DEBUG_ANY,
328 "%s: line %d: readonly line must appear inside a database definition (ignored)\n",
329                                     fname, lineno, 0 );
330                         } else {
331                                 if ( strcasecmp( cargv[1], "on" ) == 0 ) {
332                                         be->be_readonly = 1;
333                                 } else {
334                                         be->be_readonly = 0;
335                                 }
336                         }
337
338                 /* where to send clients when we don't hold it */
339                 } else if ( strcasecmp( cargv[0], "referral" ) == 0 ) {
340                         if ( cargc < 2 ) {
341                                 Debug( LDAP_DEBUG_ANY,
342                     "%s: line %d: missing URL in \"referral <URL>\" line\n",
343                                     fname, lineno, 0 );
344                                 return( 1 );
345                         }
346                         default_referral = (char *) ch_malloc( strlen( cargv[1] )
347                             + sizeof("Referral:\n") + 1 );
348                         strcpy( default_referral, "Referral:\n" );
349                         strcat( default_referral, cargv[1] );
350
351                 /* specify locale */
352                 } else if ( strcasecmp( cargv[0], "locale" ) == 0 ) {
353 #ifdef HAVE_LOCALE_H
354                         char *locale;
355                         if ( cargc < 2 ) {
356                                 Debug( LDAP_DEBUG_ANY,
357         "%s: line %d: missing locale in \"locale <name | on | off>\" line\n",
358                                        fname, lineno, 0 );
359                                 return( 1 );
360                         }
361
362                         locale = (strcasecmp(   cargv[1], "on"  ) == 0 ? ""
363                                   : strcasecmp( cargv[1], "off" ) == 0 ? "C"
364                                   : ch_strdup( cargv[1] )                    );
365
366                         if ( setlocale( LC_CTYPE, locale ) == 0 ) {
367                                 Debug( LDAP_DEBUG_ANY,
368                                        (*locale
369                                         ? "%s: line %d: bad locale \"%s\"\n"
370                                         : "%s: line %d: bad locale\n"),
371                                        fname, lineno, locale );
372                                 return( 1 );
373                         }
374 #else
375                         Debug( LDAP_DEBUG_ANY,
376                                "%s: line %d: \"locale\" unsupported\n",
377                                fname, lineno, 0 );
378                         return( 1 );
379 #endif
380                 /* specify an objectclass */
381                 } else if ( strcasecmp( cargv[0], "objectclass" ) == 0 ) {
382                         if ( *cargv[1] == '(' ) {
383                                 char * p;
384                                 p = strchr(saveline,'(');
385                                 parse_oc( fname, lineno, p );
386                         } else {
387                                 parse_oc_old( be, fname, lineno, cargc, cargv );
388                         }
389
390                 /* specify an attribute */
391                 } else if ( strcasecmp( cargv[0], "attribute" ) == 0 ) {
392                         if ( *cargv[1] == '(' ) {
393                                 char * p;
394                                 p = strchr(saveline,'(');
395                                 parse_at( fname, lineno, p );
396                         } else {
397                                 attr_syntax_config( fname, lineno, cargc - 1,
398                                     &cargv[1] );
399                         }
400
401                 /* turn on/off schema checking */
402                 } else if ( strcasecmp( cargv[0], "schemacheck" ) == 0 ) {
403                         if ( cargc < 2 ) {
404                                 Debug( LDAP_DEBUG_ANY,
405     "%s: line %d: missing on|off in \"schemacheck <on|off>\" line\n",
406                                     fname, lineno, 0 );
407                                 return( 1 );
408                         }
409                         if ( strcasecmp( cargv[1], "off" ) == 0 ) {
410                                 global_schemacheck = 0;
411                         } else {
412                                 global_schemacheck = 1;
413                         }
414
415                 /* specify access control info */
416                 } else if ( strcasecmp( cargv[0], "access" ) == 0 ) {
417                         parse_acl( be, fname, lineno, cargc, cargv );
418
419                 /* specify default access control info */
420                 } else if ( strcasecmp( cargv[0], "defaultaccess" ) == 0 ) {
421                         if ( cargc < 2 ) {
422                                 Debug( LDAP_DEBUG_ANY,
423             "%s: line %d: missing limit in \"defaultaccess <access>\" line\n",
424                                     fname, lineno, 0 );
425                                 return( 1 );
426                         }
427                         if ( be == NULL ) {
428                                 if ( ACL_IS_INVALID(ACL_SET(global_default_access,
429                                                 str2access(cargv[1]))) )
430                                 {
431                                         Debug( LDAP_DEBUG_ANY,
432 "%s: line %d: bad access \"%s\" expecting [self]{none|compare|read|write}\n",
433                                             fname, lineno, cargv[1] );
434                                         return( 1 );
435                                 }
436                         } else {
437                                 if ( ACL_IS_INVALID(ACL_SET(be->be_dfltaccess,
438                                                 str2access(cargv[1]))) )
439                                 {
440                                         Debug( LDAP_DEBUG_ANY,
441                                                 "%s: line %d: bad access \"%s\", "
442                                                 "expecting [self]{none|compare|search|read|write}\n",
443                                             fname, lineno, cargv[1] );
444                                         return( 1 );
445                                 }
446                         }
447
448                 /* debug level to log things to syslog */
449                 } else if ( strcasecmp( cargv[0], "loglevel" ) == 0 ) {
450                         if ( cargc < 2 ) {
451                                 Debug( LDAP_DEBUG_ANY,
452                     "%s: line %d: missing level in \"loglevel <level>\" line\n",
453                                     fname, lineno, 0 );
454                                 return( 1 );
455                         }
456                         ldap_syslog = atoi( cargv[1] );
457
458                 /* list of replicas of the data in this backend (master only) */
459                 } else if ( strcasecmp( cargv[0], "replica" ) == 0 ) {
460                         if ( cargc < 2 ) {
461                                 Debug( LDAP_DEBUG_ANY,
462             "%s: line %d: missing host in \"replica <host[:port]>\" line\n",
463                                     fname, lineno, 0 );
464                                 return( 1 );
465                         }
466                         if ( be == NULL ) {
467                                 Debug( LDAP_DEBUG_ANY,
468 "%s: line %d: replica line must appear inside a database definition (ignored)\n",
469                                     fname, lineno, 0 );
470                         } else {
471                                 for ( i = 1; i < cargc; i++ ) {
472                                         if ( strncasecmp( cargv[i], "host=", 5 )
473                                             == 0 ) {
474                                                 charray_add( &be->be_replica,
475                                                              cargv[i] + 5 );
476                                                 break;
477                                         }
478                                 }
479                                 if ( i == cargc ) {
480                                         Debug( LDAP_DEBUG_ANY,
481                     "%s: line %d: missing host in \"replica\" line (ignored)\n",
482                                             fname, lineno, 0 );
483                                 }
484                         }
485
486                 /* dn of master entity allowed to write to replica */
487                 } else if ( strcasecmp( cargv[0], "updatedn" ) == 0 ) {
488                         if ( cargc < 2 ) {
489                                 Debug( LDAP_DEBUG_ANY,
490                     "%s: line %d: missing dn in \"updatedn <dn>\" line\n",
491                                     fname, lineno, 0 );
492                                 return( 1 );
493                         }
494                         if ( be == NULL ) {
495                                 Debug( LDAP_DEBUG_ANY,
496 "%s: line %d: updatedn line must appear inside a database definition (ignored)\n",
497                                     fname, lineno, 0 );
498                         } else {
499                                 be->be_update_ndn = ch_strdup( cargv[1] );
500                                 (void) dn_normalize_case( be->be_update_ndn );
501                         }
502
503                 /* replication log file to which changes are appended */
504                 } else if ( strcasecmp( cargv[0], "replogfile" ) == 0 ) {
505                         if ( cargc < 2 ) {
506                                 Debug( LDAP_DEBUG_ANY,
507             "%s: line %d: missing dn in \"replogfile <filename>\" line\n",
508                                     fname, lineno, 0 );
509                                 return( 1 );
510                         }
511                         if ( be ) {
512                                 be->be_replogfile = ch_strdup( cargv[1] );
513                         } else {
514                                 replogfile = ch_strdup( cargv[1] );
515                         }
516
517                 /* maintain lastmodified{by,time} attributes */
518                 } else if ( strcasecmp( cargv[0], "lastmod" ) == 0 ) {
519                         if ( cargc < 2 ) {
520                                 Debug( LDAP_DEBUG_ANY,
521             "%s: line %d: missing on|off in \"lastmod <on|off>\" line\n",
522                                     fname, lineno, 0 );
523                                 return( 1 );
524                         }
525                         if ( strcasecmp( cargv[1], "on" ) == 0 ) {
526                                 if ( be )
527                                         be->be_lastmod = ON;
528                                 else
529                                         global_lastmod = ON;
530                         } else {
531                                 if ( be )
532                                         be->be_lastmod = OFF;
533                                 else
534                                         global_lastmod = OFF;
535                         }
536
537                 /* set idle timeout value */
538                 } else if ( strcasecmp( cargv[0], "idletimeout" ) == 0 ) {
539                         int i;
540                         if ( cargc < 2 ) {
541                                 Debug( LDAP_DEBUG_ANY,
542             "%s: line %d: missing timeout value in \"idletimeout <seconds>\" line\n",
543                                     fname, lineno, 0 );
544                                 return( 1 );
545                         }
546
547                         i = atoi( cargv[1] );
548
549                         if( i < 0 ) {
550                                 Debug( LDAP_DEBUG_ANY,
551             "%s: line %d: timeout value (%d) invalid \"idletimeout <seconds>\" line\n",
552                                     fname, lineno, i );
553                                 return( 1 );
554                         }
555
556                         global_idletimeout = i;
557
558                 /* include another config file */
559                 } else if ( strcasecmp( cargv[0], "include" ) == 0 ) {
560                         if ( cargc < 2 ) {
561                                 Debug( LDAP_DEBUG_ANY,
562     "%s: line %d: missing filename in \"include <filename>\" line\n",
563                                     fname, lineno, 0 );
564                                 return( 1 );
565                         }
566                         savefname = ch_strdup( cargv[1] );
567                         savelineno = lineno;
568
569                         if ( read_config( savefname ) != 0 ) {
570                                 return( 1 );
571                         }
572
573                         free( savefname );
574                         lineno = savelineno - 1;
575
576                 /* location of kerberos srvtab file */
577                 } else if ( strcasecmp( cargv[0], "srvtab" ) == 0 ) {
578                         if ( cargc < 2 ) {
579                                 Debug( LDAP_DEBUG_ANY,
580             "%s: line %d: missing filename in \"srvtab <filename>\" line\n",
581                                     fname, lineno, 0 );
582                                 return( 1 );
583                         }
584                         ldap_srvtab = ch_strdup( cargv[1] );
585
586 #ifdef SLAPD_MODULES
587                 } else if (strcasecmp( cargv[0], "loadmodule") == 0 ) {
588                    if ( cargc < 2 ) {
589                       Debug( LDAP_DEBUG_ANY,
590                              "%s: line %d: missing filename in \"loadmodule <filename>\" line\n",
591                              fname, lineno, 0 );
592                       exit( 1 );
593                    }
594                    if (!load_module(cargv[1], cargc - 2, (cargc > 2) ? cargv + 2 : NULL)) {
595                       Debug( LDAP_DEBUG_ANY,
596                              "%s: line %d: failed to load or initialize module %s\n",
597                              fname, lineno, cargv[1]);
598                       exit( 1 );
599                    }
600                    
601 #endif /*SLAPD_MODULES*/
602
603 #ifdef HAVE_TLS
604                 } else if ( !strcasecmp( cargv[0], "SSLProtocol" ) ) {
605                         rc = ldap_pvt_tls_set_option( NULL,
606                                                       LDAP_OPT_X_TLS_PROTOCOL,
607                                                       cargv[1] );
608                         if ( rc )
609                                 return rc;
610
611                 } else if ( !strcasecmp( cargv[0], "SSLCipherSuite" ) ) {
612                         rc = ldap_pvt_tls_set_option( NULL,
613                                                       LDAP_OPT_X_TLS_CIPHER_SUITE,
614                                                       cargv[1] );
615                         if ( rc )
616                                 return rc;
617
618                 } else if ( !strcasecmp( cargv[0], "SSLCertificateFile" ) ) {
619                         rc = ldap_pvt_tls_set_option( NULL,
620                                                       LDAP_OPT_X_TLS_CERTFILE,
621                                                       cargv[1] );
622                         if ( rc )
623                                 return rc;
624
625                 } else if ( !strcasecmp( cargv[0], "SSLCertificateKeyFile" ) ) {
626                         rc = ldap_pvt_tls_set_option( NULL,
627                                                       LDAP_OPT_X_TLS_KEYFILE,
628                                                       cargv[1] );
629                         if ( rc )
630                                 return rc;
631
632                 } else if ( !strcasecmp( cargv[0], "SSLCACertificatePath" ) ) {
633                         rc = ldap_pvt_tls_set_option( NULL,
634                                                       LDAP_OPT_X_TLS_CACERTDIR,
635                                                       cargv[1] );
636                         if ( rc )
637                                 return rc;
638
639                 } else if ( !strcasecmp( cargv[0], "SSLCACertificateFile" ) ) {
640                         rc = ldap_pvt_tls_set_option( NULL,
641                                                       LDAP_OPT_X_TLS_CACERTFILE,
642                                                       cargv[1] );
643                         if ( rc )
644                                 return rc;
645
646 #endif
647
648                 /* pass anything else to the current backend info/db config routine */
649                 } else {
650                         if ( bi != NULL ) {
651                                 if ( bi->bi_config == 0 ) {
652                                         Debug( LDAP_DEBUG_ANY,
653 "%s: line %d: unknown directive \"%s\" inside backend info definition (ignored)\n",
654                                                 fname, lineno, cargv[0] );
655                                 } else {
656                                         if ( (*bi->bi_config)( bi, fname, lineno, cargc, cargv )
657                                                 != 0 )
658                                         {
659                                                 return( 1 );
660                                         }
661                                 }
662                         } else if ( be != NULL ) {
663                                 if ( be->be_config == 0 ) {
664                                         Debug( LDAP_DEBUG_ANY,
665 "%s: line %d: unknown directive \"%s\" inside backend database definition (ignored)\n",
666                                         fname, lineno, cargv[0] );
667                                 } else {
668                                         if ( (*be->be_config)( be, fname, lineno, cargc, cargv )
669                                                 != 0 )
670                                         {
671                                                 return( 1 );
672                                         }
673                                 }
674                         } else {
675                                 Debug( LDAP_DEBUG_ANY,
676 "%s: line %d: unknown directive \"%s\" outside backend info and database definitions (ignored)\n",
677                                     fname, lineno, cargv[0] );
678                         }
679                 }
680                 free( saveline );
681         }
682         fclose( fp );
683         return( 0 );
684 }
685
686 static int
687 fp_parse_line(
688     char        *line,
689     int         *argcp,
690     char        **argv
691 )
692 {
693         char *  token;
694
695         *argcp = 0;
696         for ( token = strtok_quote( line, " \t" ); token != NULL;
697             token = strtok_quote( NULL, " \t" ) ) {
698                 if ( *argcp == MAXARGS ) {
699                         Debug( LDAP_DEBUG_ANY, "Too many tokens (max %d)\n",
700                             MAXARGS, 0, 0 );
701                         return( 1 );
702                 }
703                 argv[(*argcp)++] = token;
704         }
705         argv[*argcp] = NULL;
706         return 0;
707 }
708
709 static char *
710 strtok_quote( char *line, char *sep )
711 {
712         int             inquote;
713         char            *tmp;
714         static char     *next;
715
716         if ( line != NULL ) {
717                 next = line;
718         }
719         while ( *next && strchr( sep, *next ) ) {
720                 next++;
721         }
722
723         if ( *next == '\0' ) {
724                 next = NULL;
725                 return( NULL );
726         }
727         tmp = next;
728
729         for ( inquote = 0; *next; ) {
730                 switch ( *next ) {
731                 case '"':
732                         if ( inquote ) {
733                                 inquote = 0;
734                         } else {
735                                 inquote = 1;
736                         }
737                         SAFEMEMCPY( next, next + 1, strlen( next + 1 ) + 1 );
738                         break;
739
740                 case '\\':
741                         if ( next[1] )
742                                 SAFEMEMCPY( next,
743                                             next + 1, strlen( next + 1 ) + 1 );
744                         next++;         /* dont parse the escaped character */
745                         break;
746
747                 default:
748                         if ( ! inquote ) {
749                                 if ( strchr( sep, *next ) != NULL ) {
750                                         *next++ = '\0';
751                                         return( tmp );
752                                 }
753                         }
754                         next++;
755                         break;
756                 }
757         }
758
759         return( tmp );
760 }
761
762 static char     buf[BUFSIZ];
763 static char     *line;
764 static int      lmax, lcur;
765
766 #define CATLINE( buf )  { \
767         int     len; \
768         len = strlen( buf ); \
769         while ( lcur + len + 1 > lmax ) { \
770                 lmax += BUFSIZ; \
771                 line = (char *) ch_realloc( line, lmax ); \
772         } \
773         strcpy( line + lcur, buf ); \
774         lcur += len; \
775 }
776
777 static char *
778 fp_getline( FILE *fp, int *lineno )
779 {
780         char            *p;
781
782         lcur = 0;
783         CATLINE( buf );
784         (*lineno)++;
785
786         /* hack attack - keeps us from having to keep a stack of bufs... */
787         if ( strncasecmp( line, "include", 7 ) == 0 ) {
788                 buf[0] = '\0';
789                 return( line );
790         }
791
792         while ( fgets( buf, sizeof(buf), fp ) != NULL ) {
793                 if ( (p = strchr( buf, '\n' )) != NULL ) {
794                         *p = '\0';
795                 }
796                 if ( ! isspace( (unsigned char) buf[0] ) ) {
797                         return( line );
798                 }
799
800                 CATLINE( buf );
801                 (*lineno)++;
802         }
803         buf[0] = '\0';
804
805         return( line[0] ? line : NULL );
806 }
807
808 static void
809 fp_getline_init( int *lineno )
810 {
811         *lineno = -1;
812         buf[0] = '\0';
813 }