]> git.sur5r.net Git - openldap/blob - servers/slapd/config.c
6017101f636415dd5a6a4a6fefb0270ee524fc0a
[openldap] / servers / slapd / config.c
1 /* config.c - configuration file handling routines */
2
3 #include "portable.h"
4
5 #include <stdio.h>
6 #ifdef HAVE_LOCALE_H
7 #include <locale.h>
8 #endif
9
10 #include <ac/string.h>
11 #include <ac/ctype.h>
12 #include <ac/socket.h>
13
14 #include "ldap_defaults.h"
15 #include "slap.h"
16
17 #define MAXARGS 100
18
19 /*
20  * defaults for various global variables
21  */
22 int             defsize = SLAPD_DEFAULT_SIZELIMIT;
23 int             deftime = SLAPD_DEFAULT_TIMELIMIT;
24 AccessControl   *global_acl = NULL;
25 int             global_default_access = ACL_READ;
26 char            *replogfile;
27 int             global_lastmod = ON;
28 int             global_idletimeout = 0;
29 char    *global_realm = NULL;
30 char            *ldap_srvtab = "";
31
32 char   *slapd_pid_file  = NULL;
33 char   *slapd_args_file = NULL;
34
35 static char     *fp_getline(FILE *fp, int *lineno);
36 static void     fp_getline_init(int *lineno);
37 static int      fp_parse_line(char *line, int *argcp, char **argv);
38
39 static char     *strtok_quote(char *line, char *sep);
40
41 int
42 read_config( char *fname )
43 {
44         FILE    *fp;
45         char    *line, *savefname, *saveline;
46         int     cargc, savelineno;
47         char    *cargv[MAXARGS];
48         int     lineno, i;
49 #ifdef HAVE_TLS
50         int rc;
51 #endif
52         struct berval *vals[2];
53         struct berval val;
54
55         static BackendInfo *bi = NULL;
56         static BackendDB        *be = NULL;
57
58         vals[0] = &val;
59         vals[1] = NULL;
60
61         if ( (fp = fopen( fname, "r" )) == NULL ) {
62                 ldap_syslog = 1;
63                 Debug( LDAP_DEBUG_ANY,
64                     "could not open config file \"%s\" - absolute path?\n",
65                     fname, 0, 0 );
66                 perror( fname );
67                 return 1;
68         }
69
70         Debug( LDAP_DEBUG_CONFIG, "reading config file %s\n", fname, 0, 0 );
71
72         if ( schema_init( ) != 0 ) {
73                 Debug( LDAP_DEBUG_ANY,
74                     "error initializing the schema\n",
75                     0, 0, 0 );
76                 return( 1 );
77         }
78
79         fp_getline_init( &lineno );
80
81         while ( (line = fp_getline( fp, &lineno )) != NULL ) {
82                 /* skip comments and blank lines */
83                 if ( line[0] == '#' || line[0] == '\0' ) {
84                         continue;
85                 }
86
87                 Debug( LDAP_DEBUG_CONFIG, "line %d (%s)\n", lineno, line, 0 );
88
89                 /* fp_parse_line is destructive, we save a copy */
90                 saveline = ch_strdup( line );
91
92                 if ( fp_parse_line( line, &cargc, cargv ) != 0 ) {
93                         return( 1 );
94                 }
95
96                 if ( cargc < 1 ) {
97                         Debug( LDAP_DEBUG_ANY,
98                             "%s: line %d: bad config line (ignored)\n",
99                             fname, lineno, 0 );
100                         continue;
101                 }
102
103                 if ( strcasecmp( cargv[0], "backend" ) == 0 ) {
104                         if ( cargc < 2 ) {
105                                 Debug( LDAP_DEBUG_ANY,
106                 "%s: line %d: missing type in \"backend <type>\" line\n",
107                                     fname, lineno, 0 );
108                                 return( 1 );
109                         }
110
111                         if( be != NULL ) {
112                                 Debug( LDAP_DEBUG_ANY,
113 "%s: line %d: backend line must appear before any database definition\n",
114                                     fname, lineno, 0 );
115                                 return( 1 );
116                         }
117
118                         bi = backend_info( cargv[1] );
119
120                 /* start of a new database definition */
121                 } else if ( strcasecmp( cargv[0], "database" ) == 0 ) {
122                         if ( cargc < 2 ) {
123                                 Debug( LDAP_DEBUG_ANY,
124                 "%s: line %d: missing type in \"database <type>\" line\n",
125                                     fname, lineno, 0 );
126                                 return( 1 );
127                         }
128                         bi = NULL;
129                         be = backend_db_init( cargv[1] );
130
131                 /* assign a default depth limit for alias deref */
132                 be->be_max_deref_depth = SLAPD_DEFAULT_MAXDEREFDEPTH; 
133
134                 /* get pid file name */
135                 } else if ( strcasecmp( cargv[0], "pidfile" ) == 0 ) {
136                         if ( cargc < 2 ) {
137                                 Debug( LDAP_DEBUG_ANY,
138             "%s: line %d: missing file name in \"pidfile <file>\" line\n",
139                                     fname, lineno, 0 );
140                                 return( 1 );
141                         }
142
143                         slapd_pid_file = ch_strdup( cargv[1] );
144
145                 /* get args file name */
146                 } else if ( strcasecmp( cargv[0], "argsfile" ) == 0 ) {
147                         if ( cargc < 2 ) {
148                                 Debug( LDAP_DEBUG_ANY,
149             "%s: line %d: missing file name in \"argsfile <file>\" line\n",
150                                     fname, lineno, 0 );
151                                 return( 1 );
152                         }
153
154                         slapd_args_file = ch_strdup( cargv[1] );
155
156                 /* set DIGEST realm */
157                 } else if ( strcasecmp( cargv[0], "digest-realm" ) == 0 ) {
158                         if ( cargc < 2 ) {
159                                 Debug( LDAP_DEBUG_ANY,
160             "%s: line %d: missing realm in \"digest-realm <realm>\" line\n",
161                                     fname, lineno, 0 );
162                                 return( 1 );
163                         }
164                         if ( be != NULL ) {
165                                 be->be_realm = ch_strdup( cargv[1] );
166
167                         } else if ( global_realm != NULL ) {
168                                 Debug( LDAP_DEBUG_ANY,
169                                         "%s: line %d: already set global realm!\n",
170                                         fname, lineno, 0 );
171                                 return 1;
172
173                         } else {
174                                 global_realm = ch_strdup( cargv[1] );
175                         }
176
177                 /* set time limit */
178                 } else if ( strcasecmp( cargv[0], "sizelimit" ) == 0 ) {
179                         if ( cargc < 2 ) {
180                                 Debug( LDAP_DEBUG_ANY,
181             "%s: line %d: missing limit in \"sizelimit <limit>\" line\n",
182                                     fname, lineno, 0 );
183                                 return( 1 );
184                         }
185                         if ( be == NULL ) {
186                                 defsize = atoi( cargv[1] );
187                         } else {
188                                 be->be_sizelimit = atoi( cargv[1] );
189                         }
190
191                 /* set time limit */
192                 } else if ( strcasecmp( cargv[0], "timelimit" ) == 0 ) {
193                         if ( cargc < 2 ) {
194                                 Debug( LDAP_DEBUG_ANY,
195             "%s: line %d: missing limit in \"timelimit <limit>\" line\n",
196                                     fname, lineno, 0 );
197                                 return( 1 );
198                         }
199                         if ( be == NULL ) {
200                                 deftime = atoi( cargv[1] );
201                         } else {
202                                 be->be_timelimit = atoi( cargv[1] );
203                         }
204
205                 /* set database suffix */
206                 } else if ( strcasecmp( cargv[0], "suffix" ) == 0 ) {
207                         Backend *tmp_be;
208                         if ( cargc < 2 ) {
209                                 Debug( LDAP_DEBUG_ANY,
210                     "%s: line %d: missing dn in \"suffix <dn>\" line\n",
211                                     fname, lineno, 0 );
212                                 return( 1 );
213                         } else if ( cargc > 2 ) {
214                                 Debug( LDAP_DEBUG_ANY,
215     "%s: line %d: extra cruft after <dn> in \"suffix %s\" line (ignored)\n",
216                                     fname, lineno, cargv[1] );
217                         }
218                         if ( be == NULL ) {
219                                 Debug( LDAP_DEBUG_ANY,
220 "%s: line %d: suffix line must appear inside a database definition (ignored)\n",
221                                     fname, lineno, 0 );
222                         } else if ( ( tmp_be = select_backend( cargv[1] ) ) == be ) {
223                                 Debug( LDAP_DEBUG_ANY,
224 "%s: line %d: suffix already served by this backend (ignored)\n",
225                                     fname, lineno, 0 );
226                         } else if ( tmp_be  != NULL ) {
227                                 Debug( LDAP_DEBUG_ANY,
228 "%s: line %d: suffix already served by a preceeding backend \"%s\" (ignored)\n",
229                                     fname, lineno, tmp_be->be_suffix[0] );
230                         } else {
231                                 char *dn = ch_strdup( cargv[1] );
232                                 (void) dn_normalize( dn );
233                                 charray_add( &be->be_suffix, dn );
234                                 (void) str2upper( dn );
235                                 charray_add( &be->be_nsuffix, dn );
236                                 free( dn );
237                         }
238
239                 /* set database suffixAlias */
240                 } else if ( strcasecmp( cargv[0], "suffixAlias" ) == 0 ) {
241                         Backend *tmp_be;
242                         if ( cargc < 2 ) {
243                                 Debug( LDAP_DEBUG_ANY,
244 "%s: line %d: missing alias and aliased_dn in \"suffixAlias <alias> <aliased_dn>\" line\n",
245                                         fname, lineno, 0 );
246                                 return( 1 );
247                         } else if ( cargc < 3 ) {
248                                 Debug( LDAP_DEBUG_ANY,
249 "%s: line %d: missing aliased_dn in \"suffixAlias <alias> <aliased_dn>\" line\n",
250                                 fname, lineno, 0 );
251                                 return( 1 );
252                         } else if ( cargc > 3 ) {
253                                 Debug( LDAP_DEBUG_ANY,
254                                         "%s: line %d: extra cruft in suffixAlias line (ignored)\n",
255                                 fname, lineno, 0 );
256                         }
257
258                         if ( be == NULL ) {
259                                 Debug( LDAP_DEBUG_ANY,
260                                         "%s: line %d: suffixAlias line"
261                                         " must appear inside a database definition (ignored)\n",
262                                         fname, lineno, 0 );
263                         } else if ( (tmp_be = select_backend( cargv[1] )) != NULL ) {
264                                 Debug( LDAP_DEBUG_ANY,
265                                         "%s: line %d: suffixAlias served by"
266                                         "  a preceeding backend \"%s\" (ignored)\n",
267                                         fname, lineno, tmp_be->be_suffix[0] );
268
269                         } else if ( (tmp_be = select_backend( cargv[2] )) != NULL ) {
270                                 Debug( LDAP_DEBUG_ANY,
271                                         "%s: line %d: suffixAlias derefs to differnet backend"
272                                         "  a preceeding backend \"%s\" (ignored)\n",
273                                         fname, lineno, tmp_be->be_suffix[0] );
274
275                         } else {
276                                 char *alias, *aliased_dn;
277
278                                 alias = ch_strdup( cargv[1] );
279                                 (void) dn_normalize( alias );
280
281                                 aliased_dn = ch_strdup( cargv[2] );
282                                 (void) dn_normalize( aliased_dn );
283
284                                 (void) dn_normalize_case( alias );
285                                 (void) dn_normalize_case( aliased_dn );
286                                 charray_add( &be->be_suffixAlias, alias );
287                                 charray_add( &be->be_suffixAlias, aliased_dn );
288
289                                 free(alias);
290                                 free(aliased_dn);
291                         }
292
293                /* set max deref depth */
294                } else if ( strcasecmp( cargv[0], "maxDerefDepth" ) == 0 ) {
295                                         int i;
296                        if ( cargc < 2 ) {
297                                Debug( LDAP_DEBUG_ANY,
298                    "%s: line %d: missing depth in \"maxDerefDepth <depth>\" line\n",
299                                    fname, lineno, 0 );
300                                return( 1 );
301                        }
302                        if ( be == NULL ) {
303                                Debug( LDAP_DEBUG_ANY,
304 "%s: line %d: depth line must appear inside a database definition (ignored)\n",
305                                    fname, lineno, 0 );
306                        } else if ((i = atoi(cargv[1])) < 0) {
307                                Debug( LDAP_DEBUG_ANY,
308 "%s: line %d: depth must be positive (ignored)\n",
309                                    fname, lineno, 0 );
310
311                        } else {
312                            be->be_max_deref_depth = i;
313                                            }
314
315
316                 /* set magic "root" dn for this database */
317                 } else if ( strcasecmp( cargv[0], "rootdn" ) == 0 ) {
318                         if ( cargc < 2 ) {
319                                 Debug( LDAP_DEBUG_ANY,
320                     "%s: line %d: missing dn in \"rootdn <dn>\" line\n",
321                                     fname, lineno, 0 );
322                                 return( 1 );
323                         }
324                         if ( be == NULL ) {
325                                 Debug( LDAP_DEBUG_ANY,
326 "%s: line %d: rootdn line must appear inside a database definition (ignored)\n",
327                                     fname, lineno, 0 );
328                         } else {
329                                 be->be_root_dn = ch_strdup( cargv[1] );
330                                 be->be_root_ndn = ch_strdup( cargv[1] );
331
332                                 if( dn_normalize_case( be->be_root_ndn ) == NULL ) {
333                                         free( be->be_root_dn );
334                                         free( be->be_root_ndn );
335                                         Debug( LDAP_DEBUG_ANY,
336 "%s: line %d: rootdn DN is invalid\n",
337                                            fname, lineno, 0 );
338                                         return( 1 );
339                                 }
340                         }
341
342                 /* set super-secret magic database password */
343                 } else if ( strcasecmp( cargv[0], "rootpw" ) == 0 ) {
344                         if ( cargc < 2 ) {
345                                 Debug( LDAP_DEBUG_ANY,
346             "%s: line %d: missing passwd in \"rootpw <passwd>\" line\n",
347                                     fname, lineno, 0 );
348                                 return( 1 );
349                         }
350                         if ( be == NULL ) {
351                                 Debug( LDAP_DEBUG_ANY,
352 "%s: line %d: rootpw line must appear inside a database definition (ignored)\n",
353                                     fname, lineno, 0 );
354                         } else {
355                                 be->be_root_pw = ch_strdup( cargv[1] );
356                         }
357
358                 /* make this database read-only */
359                 } else if ( strcasecmp( cargv[0], "readonly" ) == 0 ) {
360                         if ( cargc < 2 ) {
361                                 Debug( LDAP_DEBUG_ANY,
362             "%s: line %d: missing on|off in \"readonly <on|off>\" line\n",
363                                     fname, lineno, 0 );
364                                 return( 1 );
365                         }
366                         if ( be == NULL ) {
367                                 Debug( LDAP_DEBUG_ANY,
368 "%s: line %d: readonly line must appear inside a database definition (ignored)\n",
369                                     fname, lineno, 0 );
370                         } else {
371                                 if ( strcasecmp( cargv[1], "on" ) == 0 ) {
372                                         be->be_readonly = 1;
373                                 } else {
374                                         be->be_readonly = 0;
375                                 }
376                         }
377
378                 /* where to send clients when we don't hold it */
379                 } else if ( strcasecmp( cargv[0], "referral" ) == 0 ) {
380                         if ( cargc < 2 ) {
381                                 Debug( LDAP_DEBUG_ANY,
382                     "%s: line %d: missing URL in \"referral <URL>\" line\n",
383                                     fname, lineno, 0 );
384                                 return( 1 );
385                         }
386
387                         vals[0]->bv_val = cargv[1];
388                         vals[0]->bv_len = strlen( vals[0]->bv_val );
389                         value_add( &default_referral, vals );
390
391                 /* specify locale */
392                 } else if ( strcasecmp( cargv[0], "locale" ) == 0 ) {
393 #ifdef HAVE_LOCALE_H
394                         char *locale;
395                         if ( cargc < 2 ) {
396                                 Debug( LDAP_DEBUG_ANY,
397         "%s: line %d: missing locale in \"locale <name | on | off>\" line\n",
398                                        fname, lineno, 0 );
399                                 return( 1 );
400                         }
401
402                         locale = (strcasecmp(   cargv[1], "on"  ) == 0 ? ""
403                                   : strcasecmp( cargv[1], "off" ) == 0 ? "C"
404                                   : ch_strdup( cargv[1] )                    );
405
406                         if ( setlocale( LC_CTYPE, locale ) == 0 ) {
407                                 Debug( LDAP_DEBUG_ANY,
408                                        (*locale
409                                         ? "%s: line %d: bad locale \"%s\"\n"
410                                         : "%s: line %d: bad locale\n"),
411                                        fname, lineno, locale );
412                                 return( 1 );
413                         }
414 #else
415                         Debug( LDAP_DEBUG_ANY,
416                                "%s: line %d: \"locale\" unsupported\n",
417                                fname, lineno, 0 );
418                         return( 1 );
419 #endif
420                 /* specify an objectclass */
421                 } else if ( strcasecmp( cargv[0], "objectclass" ) == 0 ) {
422                         if ( *cargv[1] == '(' ) {
423                                 char * p;
424                                 p = strchr(saveline,'(');
425                                 parse_oc( fname, lineno, p );
426                         } else {
427                                 parse_oc_old( be, fname, lineno, cargc, cargv );
428                         }
429
430                 /* specify an attribute */
431                 } else if ( strcasecmp( cargv[0], "attribute" ) == 0 ) {
432                         if ( *cargv[1] == '(' ) {
433                                 char * p;
434                                 p = strchr(saveline,'(');
435                                 parse_at( fname, lineno, p );
436                         } else {
437                                 attr_syntax_config( fname, lineno, cargc - 1,
438                                     &cargv[1] );
439                         }
440
441                 /* turn on/off schema checking */
442                 } else if ( strcasecmp( cargv[0], "schemacheck" ) == 0 ) {
443                         if ( cargc < 2 ) {
444                                 Debug( LDAP_DEBUG_ANY,
445     "%s: line %d: missing on|off in \"schemacheck <on|off>\" line\n",
446                                     fname, lineno, 0 );
447                                 return( 1 );
448                         }
449                         if ( strcasecmp( cargv[1], "off" ) == 0 ) {
450                                 global_schemacheck = 0;
451                         } else {
452                                 global_schemacheck = 1;
453                         }
454
455                 /* specify access control info */
456                 } else if ( strcasecmp( cargv[0], "access" ) == 0 ) {
457                         parse_acl( be, fname, lineno, cargc, cargv );
458
459                 /* specify default access control info */
460                 } else if ( strcasecmp( cargv[0], "defaultaccess" ) == 0 ) {
461                         if ( cargc < 2 ) {
462                                 Debug( LDAP_DEBUG_ANY,
463             "%s: line %d: missing limit in \"defaultaccess <access>\" line\n",
464                                     fname, lineno, 0 );
465                                 return( 1 );
466                         }
467                         if ( be == NULL ) {
468                                 if ( ACL_IS_INVALID(ACL_SET(global_default_access,
469                                                 str2access(cargv[1]))) )
470                                 {
471                                         Debug( LDAP_DEBUG_ANY,
472 "%s: line %d: bad access \"%s\" expecting [self]{none|compare|read|write}\n",
473                                             fname, lineno, cargv[1] );
474                                         return( 1 );
475                                 }
476                         } else {
477                                 if ( ACL_IS_INVALID(ACL_SET(be->be_dfltaccess,
478                                                 str2access(cargv[1]))) )
479                                 {
480                                         Debug( LDAP_DEBUG_ANY,
481                                                 "%s: line %d: bad access \"%s\", "
482                                                 "expecting [self]{none|compare|search|read|write}\n",
483                                             fname, lineno, cargv[1] );
484                                         return( 1 );
485                                 }
486                         }
487
488                 /* debug level to log things to syslog */
489                 } else if ( strcasecmp( cargv[0], "loglevel" ) == 0 ) {
490                         if ( cargc < 2 ) {
491                                 Debug( LDAP_DEBUG_ANY,
492                     "%s: line %d: missing level in \"loglevel <level>\" line\n",
493                                     fname, lineno, 0 );
494                                 return( 1 );
495                         }
496                         ldap_syslog = atoi( cargv[1] );
497
498                 /* list of replicas of the data in this backend (master only) */
499                 } else if ( strcasecmp( cargv[0], "replica" ) == 0 ) {
500                         if ( cargc < 2 ) {
501                                 Debug( LDAP_DEBUG_ANY,
502             "%s: line %d: missing host in \"replica <host[:port]>\" line\n",
503                                     fname, lineno, 0 );
504                                 return( 1 );
505                         }
506                         if ( be == NULL ) {
507                                 Debug( LDAP_DEBUG_ANY,
508 "%s: line %d: replica line must appear inside a database definition (ignored)\n",
509                                     fname, lineno, 0 );
510                         } else {
511                                 for ( i = 1; i < cargc; i++ ) {
512                                         if ( strncasecmp( cargv[i], "host=", 5 )
513                                             == 0 ) {
514                                                 charray_add( &be->be_replica,
515                                                              cargv[i] + 5 );
516                                                 break;
517                                         }
518                                 }
519                                 if ( i == cargc ) {
520                                         Debug( LDAP_DEBUG_ANY,
521                     "%s: line %d: missing host in \"replica\" line (ignored)\n",
522                                             fname, lineno, 0 );
523                                 }
524                         }
525
526                 /* dn of master entity allowed to write to replica */
527                 } else if ( strcasecmp( cargv[0], "updatedn" ) == 0 ) {
528                         if ( cargc < 2 ) {
529                                 Debug( LDAP_DEBUG_ANY,
530                     "%s: line %d: missing dn in \"updatedn <dn>\" line\n",
531                                     fname, lineno, 0 );
532                                 return( 1 );
533                         }
534                         if ( be == NULL ) {
535                                 Debug( LDAP_DEBUG_ANY,
536 "%s: line %d: updatedn line must appear inside a database definition (ignored)\n",
537                                     fname, lineno, 0 );
538                         } else {
539                                 be->be_update_ndn = ch_strdup( cargv[1] );
540                                 if( dn_normalize_case( be->be_update_ndn ) == NULL ) {
541                                         Debug( LDAP_DEBUG_ANY,
542 "%s: line %d: updatedn DN is invalid\n",
543                                             fname, lineno, 0 );
544                                         return 1;
545                                 }
546                         }
547
548                 } else if ( strcasecmp( cargv[0], "updateref" ) == 0 ) {
549                         if ( cargc < 2 ) {
550                                 Debug( LDAP_DEBUG_ANY,
551                     "%s: line %d: missing dn in \"updateref <ldapurl>\" line\n",
552                                     fname, lineno, 0 );
553                                 return( 1 );
554                         }
555                         if ( be == NULL ) {
556                                 Debug( LDAP_DEBUG_ANY,
557 "%s: line %d: updateref line must appear inside a database definition (ignored)\n",
558                                     fname, lineno, 0 );
559                         } else if ( be->be_update_ndn == NULL ) {
560                                 Debug( LDAP_DEBUG_ANY,
561 "%s: line %d: updateref line must after updatedn (ignored)\n",
562                                     fname, lineno, 0 );
563                         } else {
564                                 vals[0]->bv_val = cargv[1];
565                                 vals[0]->bv_len = strlen( vals[0]->bv_val );
566                                 value_add( &be->be_update_refs, vals );
567                         }
568
569                 /* replication log file to which changes are appended */
570                 } else if ( strcasecmp( cargv[0], "replogfile" ) == 0 ) {
571                         if ( cargc < 2 ) {
572                                 Debug( LDAP_DEBUG_ANY,
573             "%s: line %d: missing dn in \"replogfile <filename>\" line\n",
574                                     fname, lineno, 0 );
575                                 return( 1 );
576                         }
577                         if ( be ) {
578                                 be->be_replogfile = ch_strdup( cargv[1] );
579                         } else {
580                                 replogfile = ch_strdup( cargv[1] );
581                         }
582
583                 /* maintain lastmodified{by,time} attributes */
584                 } else if ( strcasecmp( cargv[0], "lastmod" ) == 0 ) {
585                         if ( cargc < 2 ) {
586                                 Debug( LDAP_DEBUG_ANY,
587             "%s: line %d: missing on|off in \"lastmod <on|off>\" line\n",
588                                     fname, lineno, 0 );
589                                 return( 1 );
590                         }
591                         if ( strcasecmp( cargv[1], "on" ) == 0 ) {
592                                 if ( be )
593                                         be->be_lastmod = ON;
594                                 else
595                                         global_lastmod = ON;
596                         } else {
597                                 if ( be )
598                                         be->be_lastmod = OFF;
599                                 else
600                                         global_lastmod = OFF;
601                         }
602
603                 /* set idle timeout value */
604                 } else if ( strcasecmp( cargv[0], "idletimeout" ) == 0 ) {
605                         int i;
606                         if ( cargc < 2 ) {
607                                 Debug( LDAP_DEBUG_ANY,
608             "%s: line %d: missing timeout value in \"idletimeout <seconds>\" line\n",
609                                     fname, lineno, 0 );
610                                 return( 1 );
611                         }
612
613                         i = atoi( cargv[1] );
614
615                         if( i < 0 ) {
616                                 Debug( LDAP_DEBUG_ANY,
617             "%s: line %d: timeout value (%d) invalid \"idletimeout <seconds>\" line\n",
618                                     fname, lineno, i );
619                                 return( 1 );
620                         }
621
622                         global_idletimeout = i;
623
624                 /* include another config file */
625                 } else if ( strcasecmp( cargv[0], "include" ) == 0 ) {
626                         if ( cargc < 2 ) {
627                                 Debug( LDAP_DEBUG_ANY,
628     "%s: line %d: missing filename in \"include <filename>\" line\n",
629                                     fname, lineno, 0 );
630                                 return( 1 );
631                         }
632                         savefname = ch_strdup( cargv[1] );
633                         savelineno = lineno;
634
635                         if ( read_config( savefname ) != 0 ) {
636                                 return( 1 );
637                         }
638
639                         free( savefname );
640                         lineno = savelineno - 1;
641
642                 /* location of kerberos srvtab file */
643                 } else if ( strcasecmp( cargv[0], "srvtab" ) == 0 ) {
644                         if ( cargc < 2 ) {
645                                 Debug( LDAP_DEBUG_ANY,
646             "%s: line %d: missing filename in \"srvtab <filename>\" line\n",
647                                     fname, lineno, 0 );
648                                 return( 1 );
649                         }
650                         ldap_srvtab = ch_strdup( cargv[1] );
651
652 #ifdef SLAPD_MODULES
653                 } else if (strcasecmp( cargv[0], "loadmodule") == 0 ) {
654                    if ( cargc < 2 ) {
655                       Debug( LDAP_DEBUG_ANY,
656                              "%s: line %d: missing filename in \"loadmodule <filename>\" line\n",
657                              fname, lineno, 0 );
658                       exit( 1 );
659                    }
660                    if (!load_module(cargv[1], cargc - 2, (cargc > 2) ? cargv + 2 : NULL)) {
661                       Debug( LDAP_DEBUG_ANY,
662                              "%s: line %d: failed to load or initialize module %s\n",
663                              fname, lineno, cargv[1]);
664                       exit( 1 );
665                    }
666                    
667 #endif /*SLAPD_MODULES*/
668
669 #ifdef HAVE_TLS
670                 } else if ( !strcasecmp( cargv[0], "TLSProtocol" ) ) {
671                         rc = ldap_pvt_tls_set_option( NULL,
672                                                       LDAP_OPT_X_TLS_PROTOCOL,
673                                                       cargv[1] );
674                         if ( rc )
675                                 return rc;
676
677                 } else if ( !strcasecmp( cargv[0], "TLSCipherSuite" ) ) {
678                         rc = ldap_pvt_tls_set_option( NULL,
679                                                       LDAP_OPT_X_TLS_CIPHER_SUITE,
680                                                       cargv[1] );
681                         if ( rc )
682                                 return rc;
683
684                 } else if ( !strcasecmp( cargv[0], "TLSCertificateFile" ) ) {
685                         rc = ldap_pvt_tls_set_option( NULL,
686                                                       LDAP_OPT_X_TLS_CERTFILE,
687                                                       cargv[1] );
688                         if ( rc )
689                                 return rc;
690
691                 } else if ( !strcasecmp( cargv[0], "TLSCertificateKeyFile" ) ) {
692                         rc = ldap_pvt_tls_set_option( NULL,
693                                                       LDAP_OPT_X_TLS_KEYFILE,
694                                                       cargv[1] );
695                         if ( rc )
696                                 return rc;
697
698                 } else if ( !strcasecmp( cargv[0], "TLSCACertificatePath" ) ) {
699                         rc = ldap_pvt_tls_set_option( NULL,
700                                                       LDAP_OPT_X_TLS_CACERTDIR,
701                                                       cargv[1] );
702                         if ( rc )
703                                 return rc;
704
705                 } else if ( !strcasecmp( cargv[0], "TLSCACertificateFile" ) ) {
706                         rc = ldap_pvt_tls_set_option( NULL,
707                                                       LDAP_OPT_X_TLS_CACERTFILE,
708                                                       cargv[1] );
709                         if ( rc )
710                                 return rc;
711                 } else if ( !strcasecmp( cargv[0], "TLSVerifyClient" ) ) {
712                         rc = ldap_pvt_tls_set_option( NULL,
713                                                       LDAP_OPT_X_TLS_REQUIRE_CERT,
714                                                       cargv[1] );
715                         if ( rc )
716                                 return rc;
717
718 #endif
719
720                 /* pass anything else to the current backend info/db config routine */
721                 } else {
722                         if ( bi != NULL ) {
723                                 if ( bi->bi_config == 0 ) {
724                                         Debug( LDAP_DEBUG_ANY,
725 "%s: line %d: unknown directive \"%s\" inside backend info definition (ignored)\n",
726                                                 fname, lineno, cargv[0] );
727                                 } else {
728                                         if ( (*bi->bi_config)( bi, fname, lineno, cargc, cargv )
729                                                 != 0 )
730                                         {
731                                                 return( 1 );
732                                         }
733                                 }
734                         } else if ( be != NULL ) {
735                                 if ( be->be_config == 0 ) {
736                                         Debug( LDAP_DEBUG_ANY,
737 "%s: line %d: unknown directive \"%s\" inside backend database definition (ignored)\n",
738                                         fname, lineno, cargv[0] );
739                                 } else {
740                                         if ( (*be->be_config)( be, fname, lineno, cargc, cargv )
741                                                 != 0 )
742                                         {
743                                                 return( 1 );
744                                         }
745                                 }
746                         } else {
747                                 Debug( LDAP_DEBUG_ANY,
748 "%s: line %d: unknown directive \"%s\" outside backend info and database definitions (ignored)\n",
749                                     fname, lineno, cargv[0] );
750                         }
751                 }
752                 free( saveline );
753         }
754         fclose( fp );
755         return( 0 );
756 }
757
758 static int
759 fp_parse_line(
760     char        *line,
761     int         *argcp,
762     char        **argv
763 )
764 {
765         char *  token;
766
767         *argcp = 0;
768         for ( token = strtok_quote( line, " \t" ); token != NULL;
769             token = strtok_quote( NULL, " \t" ) ) {
770                 if ( *argcp == MAXARGS ) {
771                         Debug( LDAP_DEBUG_ANY, "Too many tokens (max %d)\n",
772                             MAXARGS, 0, 0 );
773                         return( 1 );
774                 }
775                 argv[(*argcp)++] = token;
776         }
777         argv[*argcp] = NULL;
778         return 0;
779 }
780
781 static char *
782 strtok_quote( char *line, char *sep )
783 {
784         int             inquote;
785         char            *tmp;
786         static char     *next;
787
788         if ( line != NULL ) {
789                 next = line;
790         }
791         while ( *next && strchr( sep, *next ) ) {
792                 next++;
793         }
794
795         if ( *next == '\0' ) {
796                 next = NULL;
797                 return( NULL );
798         }
799         tmp = next;
800
801         for ( inquote = 0; *next; ) {
802                 switch ( *next ) {
803                 case '"':
804                         if ( inquote ) {
805                                 inquote = 0;
806                         } else {
807                                 inquote = 1;
808                         }
809                         SAFEMEMCPY( next, next + 1, strlen( next + 1 ) + 1 );
810                         break;
811
812                 case '\\':
813                         if ( next[1] )
814                                 SAFEMEMCPY( next,
815                                             next + 1, strlen( next + 1 ) + 1 );
816                         next++;         /* dont parse the escaped character */
817                         break;
818
819                 default:
820                         if ( ! inquote ) {
821                                 if ( strchr( sep, *next ) != NULL ) {
822                                         *next++ = '\0';
823                                         return( tmp );
824                                 }
825                         }
826                         next++;
827                         break;
828                 }
829         }
830
831         return( tmp );
832 }
833
834 static char     buf[BUFSIZ];
835 static char     *line;
836 static int      lmax, lcur;
837
838 #define CATLINE( buf )  { \
839         int     len; \
840         len = strlen( buf ); \
841         while ( lcur + len + 1 > lmax ) { \
842                 lmax += BUFSIZ; \
843                 line = (char *) ch_realloc( line, lmax ); \
844         } \
845         strcpy( line + lcur, buf ); \
846         lcur += len; \
847 }
848
849 static char *
850 fp_getline( FILE *fp, int *lineno )
851 {
852         char            *p;
853
854         lcur = 0;
855         CATLINE( buf );
856         (*lineno)++;
857
858         /* hack attack - keeps us from having to keep a stack of bufs... */
859         if ( strncasecmp( line, "include", 7 ) == 0 ) {
860                 buf[0] = '\0';
861                 return( line );
862         }
863
864         while ( fgets( buf, sizeof(buf), fp ) != NULL ) {
865                 if ( (p = strchr( buf, '\n' )) != NULL ) {
866                         *p = '\0';
867                 }
868                 if ( ! isspace( (unsigned char) buf[0] ) ) {
869                         return( line );
870                 }
871
872                 CATLINE( buf );
873                 (*lineno)++;
874         }
875         buf[0] = '\0';
876
877         return( line[0] ? line : NULL );
878 }
879
880 static void
881 fp_getline_init( int *lineno )
882 {
883         *lineno = -1;
884         buf[0] = '\0';
885 }