]> git.sur5r.net Git - openldap/blob - servers/slapd/config.c
7bf4e4f69bef41e437a0eea1c2be9ce1438f35b8
[openldap] / servers / slapd / config.c
1 /* config.c - configuration file handling routines */
2 /* $OpenLDAP$ */
3 /*
4  * Copyright 1998-2000 The OpenLDAP Foundation, All Rights Reserved.
5  * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
6  */
7
8 #include "portable.h"
9
10 #include <stdio.h>
11
12 #include <ac/string.h>
13 #include <ac/ctype.h>
14 #include <ac/socket.h>
15
16 #include "lutil.h"
17 #include "ldap_pvt.h"
18 #include "slap.h"
19
20 #define MAXARGS 200
21
22 /*
23  * defaults for various global variables
24  */
25 int             defsize = SLAPD_DEFAULT_SIZELIMIT;
26 int             deftime = SLAPD_DEFAULT_TIMELIMIT;
27 AccessControl   *global_acl = NULL;
28 slap_access_t           global_default_access = ACL_READ;
29 slap_mask_t             global_restrictops = 0;
30 slap_mask_t             global_allows = 0;
31 slap_mask_t             global_disallows = 0;
32 slap_mask_t             global_requires = 0;
33 slap_ssf_set_t  global_ssf_set;
34 char            *replogfile;
35 int             global_lastmod = ON;
36 int             global_idletimeout = 0;
37 char    *global_host = NULL;
38 char    *global_realm = NULL;
39 char    *global_ucdata_path = NULL;
40 char            *ldap_srvtab = "";
41 char            *default_passwd_hash;
42 char            *default_search_base = NULL;
43 char            *default_search_nbase = NULL;
44
45 char   *slapd_pid_file  = NULL;
46 char   *slapd_args_file = NULL;
47
48 int nSaslRegexp = 0;
49 SaslRegexp_t *SaslRegexp = NULL;
50
51 static char     *fp_getline(FILE *fp, int *lineno);
52 static void     fp_getline_init(int *lineno);
53 static int      fp_parse_line(char *line, int *argcp, char **argv);
54
55 static char     *strtok_quote(char *line, char *sep);
56
57 int
58 read_config( const char *fname )
59 {
60         FILE    *fp;
61         char    *line, *savefname, *saveline;
62         int     cargc, savelineno;
63         char    *cargv[MAXARGS+1];
64         int     lineno, i;
65 #ifdef HAVE_TLS
66         int rc;
67 #endif
68         struct berval *vals[2];
69         struct berval val;
70
71         static BackendInfo *bi = NULL;
72         static BackendDB        *be = NULL;
73
74         vals[0] = &val;
75         vals[1] = NULL;
76
77         if ( (fp = fopen( fname, "r" )) == NULL ) {
78                 ldap_syslog = 1;
79                 Debug( LDAP_DEBUG_ANY,
80                     "could not open config file \"%s\" - absolute path?\n",
81                     fname, 0, 0 );
82                 perror( fname );
83                 return 1;
84         }
85
86         Debug( LDAP_DEBUG_CONFIG, "reading config file %s\n", fname, 0, 0 );
87
88         fp_getline_init( &lineno );
89
90         while ( (line = fp_getline( fp, &lineno )) != NULL ) {
91                 /* skip comments and blank lines */
92                 if ( line[0] == '#' || line[0] == '\0' ) {
93                         continue;
94                 }
95
96                 Debug( LDAP_DEBUG_CONFIG, "line %d (%s)\n", lineno, line, 0 );
97
98                 /* fp_parse_line is destructive, we save a copy */
99                 saveline = ch_strdup( line );
100
101                 if ( fp_parse_line( line, &cargc, cargv ) != 0 ) {
102                         return( 1 );
103                 }
104
105                 if ( cargc < 1 ) {
106                         Debug( LDAP_DEBUG_ANY,
107                             "%s: line %d: bad config line (ignored)\n",
108                             fname, lineno, 0 );
109                         continue;
110                 }
111
112                 if ( strcasecmp( cargv[0], "backend" ) == 0 ) {
113                         if ( cargc < 2 ) {
114                                 Debug( LDAP_DEBUG_ANY,
115                 "%s: line %d: missing type in \"backend <type>\" line\n",
116                                     fname, lineno, 0 );
117                                 return( 1 );
118                         }
119
120                         if( be != NULL ) {
121                                 Debug( LDAP_DEBUG_ANY,
122 "%s: line %d: backend line must appear before any database definition\n",
123                                     fname, lineno, 0 );
124                                 return( 1 );
125                         }
126
127                         bi = backend_info( cargv[1] );
128
129                         if( bi == NULL ) {
130                                 Debug( LDAP_DEBUG_ANY,
131                                         "backend %s initialization failed.\n",
132                                     cargv[1], 0, 0 );
133                                 return( 1 );
134                         }
135
136                 /* start of a new database definition */
137                 } else if ( strcasecmp( cargv[0], "database" ) == 0 ) {
138                         if ( cargc < 2 ) {
139                                 Debug( LDAP_DEBUG_ANY,
140                 "%s: line %d: missing type in \"database <type>\" line\n",
141                                     fname, lineno, 0 );
142                                 return( 1 );
143                         }
144
145                         bi = NULL;
146                         be = backend_db_init( cargv[1] );
147
148                         if( be == NULL ) {
149                                 Debug( LDAP_DEBUG_ANY,
150                                         "database %s initialization failed.\n",
151                                     cargv[1], 0, 0 );
152                                 return( 1 );
153                         }
154
155                 /* set thread concurrency */
156                 } else if ( strcasecmp( cargv[0], "concurrency" ) == 0 ) {
157                         int c;
158                         if ( cargc < 2 ) {
159                                 Debug( LDAP_DEBUG_ANY,
160             "%s: line %d: missing level in \"concurrency <level>\" line\n",
161                                     fname, lineno, 0 );
162                                 return( 1 );
163                         }
164
165                         c = atoi( cargv[1] );
166
167                         if( c < 1 ) {
168                                 Debug( LDAP_DEBUG_ANY,
169             "%s: line %d: invalid level (%d) in \"concurrency <level>\" line\n",
170                                     fname, lineno, c );
171                                 return( 1 );
172                         }
173
174                         ldap_pvt_thread_set_concurrency( c );
175
176                 /* default search base */
177                 } else if ( strcasecmp( cargv[0], "defaultSearchBase" ) == 0 ) {
178                         if ( cargc < 2 ) {
179                                 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
180                                         "missing dn in \"defaultSearchBase <dn>\" line\n",
181                                         fname, lineno, 0 );
182                                 return 1;
183
184                         } else if ( cargc > 2 ) {
185                                 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
186                                         "extra cruft after <dn> in \"defaultSearchBase %s\", "
187                                         "line (ignored)\n",
188                                         fname, lineno, cargv[1] );
189                         }
190
191                         if ( bi != NULL || be != NULL ) {
192                                 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
193                                         "defaultSearchBaase line must appear prior to "
194                                         "any backend or database definition\n",
195                                     fname, lineno, 0 );
196                                 return 1;
197                         }
198
199                         if ( default_search_nbase != NULL ) {
200                                 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
201                                         "default search base \"%s\" already defined "
202                                         "(discarding old)\n",
203                                         fname, lineno, default_search_base );
204                                 free( default_search_base );
205                                 free( default_search_nbase );
206                         }
207
208                         default_search_base = ch_strdup( cargv[1] );
209                         default_search_nbase = ch_strdup( cargv[1] );
210
211                         if( dn_normalize( default_search_nbase ) == NULL ) {
212                                 Debug( LDAP_DEBUG_ANY, "%s: line %d: "
213                                         "invalid default search base \"%s\"\n",
214                                         fname, lineno, default_search_base );
215                                 return 1;
216                         }
217                
218                 /* set maximum threads in thread pool */
219                 } else if ( strcasecmp( cargv[0], "threads" ) == 0 ) {
220                         int c;
221                         if ( cargc < 2 ) {
222                                 Debug( LDAP_DEBUG_ANY,
223             "%s: line %d: missing count in \"threads <count>\" line\n",
224                                     fname, lineno, 0 );
225                                 return( 1 );
226                         }
227
228                         c = atoi( cargv[1] );
229
230                         if( c < 0 ) {
231                                 Debug( LDAP_DEBUG_ANY,
232             "%s: line %d: invalid level (%d) in \"threads <count>\" line\n",
233                                     fname, lineno, c );
234                                 return( 1 );
235                         }
236
237                         ldap_pvt_thread_pool_maxthreads( &connection_pool, c );
238
239                 /* get pid file name */
240                 } else if ( strcasecmp( cargv[0], "pidfile" ) == 0 ) {
241                         if ( cargc < 2 ) {
242                                 Debug( LDAP_DEBUG_ANY,
243             "%s: line %d: missing file name in \"pidfile <file>\" line\n",
244                                     fname, lineno, 0 );
245                                 return( 1 );
246                         }
247
248                         slapd_pid_file = ch_strdup( cargv[1] );
249
250                 /* get args file name */
251                 } else if ( strcasecmp( cargv[0], "argsfile" ) == 0 ) {
252                         if ( cargc < 2 ) {
253                                 Debug( LDAP_DEBUG_ANY,
254             "%s: line %d: missing file name in \"argsfile <file>\" line\n",
255                                     fname, lineno, 0 );
256                                 return( 1 );
257                         }
258
259                         slapd_args_file = ch_strdup( cargv[1] );
260
261                 /* default password hash */
262                 } else if ( strcasecmp( cargv[0], "password-hash" ) == 0 ) {
263                         if ( cargc < 2 ) {
264                                 Debug( LDAP_DEBUG_ANY,
265             "%s: line %d: missing hash in \"password-hash <hash>\" line\n",
266                                     fname, lineno, 0 );
267                                 return( 1 );
268                         }
269                         if ( default_passwd_hash != NULL ) {
270                                 Debug( LDAP_DEBUG_ANY,
271                                         "%s: line %d: already set default password_hash!\n",
272                                         fname, lineno, 0 );
273                                 return 1;
274
275                         } else {
276                                 default_passwd_hash = ch_strdup( cargv[1] );
277                         }
278
279                 /* set SASL host */
280                 } else if ( strcasecmp( cargv[0], "sasl-host" ) == 0 ) {
281                         if ( cargc < 2 ) {
282                                 Debug( LDAP_DEBUG_ANY,
283             "%s: line %d: missing host in \"sasl-host <host>\" line\n",
284                                     fname, lineno, 0 );
285                                 return( 1 );
286                         }
287
288                         if ( global_host != NULL ) {
289                                 Debug( LDAP_DEBUG_ANY,
290                                         "%s: line %d: already set sasl-host!\n",
291                                         fname, lineno, 0 );
292                                 return 1;
293
294                         } else {
295                                 global_host = ch_strdup( cargv[1] );
296                         }
297
298                 /* set SASL realm */
299                 } else if ( strcasecmp( cargv[0], "sasl-realm" ) == 0 ) {
300                         if ( cargc < 2 ) {
301                                 Debug( LDAP_DEBUG_ANY,
302             "%s: line %d: missing realm in \"sasl-realm <realm>\" line\n",
303                                     fname, lineno, 0 );
304                                 return( 1 );
305                         }
306
307                         if ( global_realm != NULL ) {
308                                 Debug( LDAP_DEBUG_ANY,
309                                         "%s: line %d: already set sasl-realm!\n",
310                                         fname, lineno, 0 );
311                                 return 1;
312
313                         } else {
314                                 global_realm = ch_strdup( cargv[1] );
315                         }
316
317                 } else if ( !strcasecmp( cargv[0], "sasl-regexp" ) 
318                         || !strcasecmp( cargv[0], "saslregexp" ) )
319                 {
320                         int rc;
321                         if ( cargc != 3 ) {
322                                 Debug( LDAP_DEBUG_ANY, 
323                                 "%s: line %d: need 2 args in \"saslregexp <match> <replace>\"\n",
324                                     fname, lineno, 0 );
325                                 return( 1 );
326                         }
327                         rc = slap_sasl_regexp_config( cargv[1], cargv[2] );
328                         if ( rc ) {
329                                 return rc;
330                         }
331
332                 /* SASL security properties */
333                 } else if ( strcasecmp( cargv[0], "sasl-secprops" ) == 0 ) {
334                         char *txt;
335
336                         if ( cargc < 2 ) {
337                                 Debug( LDAP_DEBUG_ANY,
338             "%s: line %d: missing flags in \"sasl-secprops <properties>\" line\n",
339                                     fname, lineno, 0 );
340                                 return 1;
341                         }
342
343                         txt = slap_sasl_secprops( cargv[1] );
344                         if ( txt != NULL ) {
345                                 Debug( LDAP_DEBUG_ANY,
346             "%s: line %d: sasl-secprops: %s\n",
347                                     fname, lineno, txt );
348                                 return 1;
349                         }
350
351                 /* set UCDATA path */
352                 } else if ( strcasecmp( cargv[0], "ucdata-path" ) == 0 ) {
353                         if ( cargc < 2 ) {
354                                 Debug( LDAP_DEBUG_ANY,
355             "%s: line %d: missing path in \"ucdata-path <path>\" line\n",
356                                     fname, lineno, 0 );
357                                 return( 1 );
358                         }
359
360                         if ( global_ucdata_path != NULL ) {
361                                 Debug( LDAP_DEBUG_ANY,
362                                         "%s: line %d: already set ucdata-path!\n",
363                                         fname, lineno, 0 );
364                                 return 1;
365
366                         } else {
367                                 global_ucdata_path = ch_strdup( cargv[1] );
368                         }
369
370                 /* set time limit */
371                 } else if ( strcasecmp( cargv[0], "sizelimit" ) == 0 ) {
372                         if ( cargc < 2 ) {
373                                 Debug( LDAP_DEBUG_ANY,
374             "%s: line %d: missing limit in \"sizelimit <limit>\" line\n",
375                                     fname, lineno, 0 );
376                                 return( 1 );
377                         }
378                         if ( be == NULL ) {
379                                 defsize = atoi( cargv[1] );
380                         } else {
381                                 be->be_sizelimit = atoi( cargv[1] );
382                         }
383
384                 /* set time limit */
385                 } else if ( strcasecmp( cargv[0], "timelimit" ) == 0 ) {
386                         if ( cargc < 2 ) {
387                                 Debug( LDAP_DEBUG_ANY,
388             "%s: line %d: missing limit in \"timelimit <limit>\" line\n",
389                                     fname, lineno, 0 );
390                                 return( 1 );
391                         }
392                         if ( be == NULL ) {
393                                 deftime = atoi( cargv[1] );
394                         } else {
395                                 be->be_timelimit = atoi( cargv[1] );
396                         }
397
398                 /* set database suffix */
399                 } else if ( strcasecmp( cargv[0], "suffix" ) == 0 ) {
400                         Backend *tmp_be;
401                         if ( cargc < 2 ) {
402                                 Debug( LDAP_DEBUG_ANY,
403                     "%s: line %d: missing dn in \"suffix <dn>\" line\n",
404                                     fname, lineno, 0 );
405                                 return( 1 );
406                         } else if ( cargc > 2 ) {
407                                 Debug( LDAP_DEBUG_ANY,
408     "%s: line %d: extra cruft after <dn> in \"suffix %s\" line (ignored)\n",
409                                     fname, lineno, cargv[1] );
410                         }
411                         if ( be == NULL ) {
412                                 Debug( LDAP_DEBUG_ANY,
413 "%s: line %d: suffix line must appear inside a database definition (ignored)\n",
414                                     fname, lineno, 0 );
415                         } else if ( ( tmp_be = select_backend( cargv[1], 0 ) ) == be ) {
416                                 Debug( LDAP_DEBUG_ANY,
417 "%s: line %d: suffix already served by this backend (ignored)\n",
418                                     fname, lineno, 0 );
419                         } else if ( tmp_be  != NULL ) {
420                                 Debug( LDAP_DEBUG_ANY,
421 "%s: line %d: suffix already served by a preceeding backend \"%s\" (ignored)\n",
422                                     fname, lineno, tmp_be->be_suffix[0] );
423                         } else {
424                                 char *dn = ch_strdup( cargv[1] );
425                                 if( dn_validate( dn ) == NULL ) {
426                                         Debug( LDAP_DEBUG_ANY, "%s: line %d: "
427                                                 "suffix DN invalid \"%s\"\n",
428                                         fname, lineno, cargv[1] );
429                                         return 1;
430
431                                 } else if( *dn == '\0' && default_search_nbase != NULL ) {
432                                         Debug( LDAP_DEBUG_ANY, "%s: line %d: "
433                                                 "suffix DN empty and default "
434                                                 "search base provided \"%s\" (assuming okay)\n",
435                                         fname, lineno, default_search_base );
436                                 }
437                                 charray_add( &be->be_suffix, dn );
438                                 (void) ldap_pvt_str2upper( dn );
439                                 charray_add( &be->be_nsuffix, dn );
440                                 free( dn );
441                         }
442
443                 /* set database suffixAlias */
444                 } else if ( strcasecmp( cargv[0], "suffixAlias" ) == 0 ) {
445                         Backend *tmp_be;
446                         if ( cargc < 2 ) {
447                                 Debug( LDAP_DEBUG_ANY,
448 "%s: line %d: missing alias and aliased_dn in \"suffixAlias <alias> <aliased_dn>\" line\n",
449                                         fname, lineno, 0 );
450                                 return( 1 );
451                         } else if ( cargc < 3 ) {
452                                 Debug( LDAP_DEBUG_ANY,
453 "%s: line %d: missing aliased_dn in \"suffixAlias <alias> <aliased_dn>\" line\n",
454                                 fname, lineno, 0 );
455                                 return( 1 );
456                         } else if ( cargc > 3 ) {
457                                 Debug( LDAP_DEBUG_ANY,
458                                         "%s: line %d: extra cruft in suffixAlias line (ignored)\n",
459                                 fname, lineno, 0 );
460                         }
461
462                         if ( be == NULL ) {
463                                 Debug( LDAP_DEBUG_ANY,
464                                         "%s: line %d: suffixAlias line"
465                                         " must appear inside a database definition (ignored)\n",
466                                         fname, lineno, 0 );
467                         } else if ( (tmp_be = select_backend( cargv[1], 0 )) != NULL ) {
468                                 Debug( LDAP_DEBUG_ANY,
469                                         "%s: line %d: suffixAlias served by"
470                                         "  a preceeding backend \"%s\" (ignored)\n",
471                                         fname, lineno, tmp_be->be_suffix[0] );
472
473                         } else if ( (tmp_be = select_backend( cargv[2], 0 )) != NULL ) {
474                                 Debug( LDAP_DEBUG_ANY,
475                                         "%s: line %d: suffixAlias derefs to differnet backend"
476                                         "  a preceeding backend \"%s\" (ignored)\n",
477                                         fname, lineno, tmp_be->be_suffix[0] );
478
479                         } else {
480                                 char *alias, *aliased_dn;
481
482                                 alias = ch_strdup( cargv[1] );
483                                 (void) dn_normalize( alias );
484
485                                 aliased_dn = ch_strdup( cargv[2] );
486                                 (void) dn_normalize( aliased_dn );
487
488                                 charray_add( &be->be_suffixAlias, alias );
489                                 charray_add( &be->be_suffixAlias, aliased_dn );
490
491                                 free(alias);
492                                 free(aliased_dn);
493                         }
494
495                /* set max deref depth */
496                } else if ( strcasecmp( cargv[0], "maxDerefDepth" ) == 0 ) {
497                                         int i;
498                        if ( cargc < 2 ) {
499                                Debug( LDAP_DEBUG_ANY,
500                    "%s: line %d: missing depth in \"maxDerefDepth <depth>\" line\n",
501                                    fname, lineno, 0 );
502                                return( 1 );
503                        }
504                        if ( be == NULL ) {
505                                Debug( LDAP_DEBUG_ANY,
506 "%s: line %d: depth line must appear inside a database definition (ignored)\n",
507                                    fname, lineno, 0 );
508                        } else if ((i = atoi(cargv[1])) < 0) {
509                                Debug( LDAP_DEBUG_ANY,
510 "%s: line %d: depth must be positive (ignored)\n",
511                                    fname, lineno, 0 );
512
513                        } else {
514                            be->be_max_deref_depth = i;
515                                            }
516
517
518                 /* set magic "root" dn for this database */
519                 } else if ( strcasecmp( cargv[0], "rootdn" ) == 0 ) {
520                         if ( cargc < 2 ) {
521                                 Debug( LDAP_DEBUG_ANY,
522                     "%s: line %d: missing dn in \"rootdn <dn>\" line\n",
523                                     fname, lineno, 0 );
524                                 return( 1 );
525                         }
526                         if ( be == NULL ) {
527                                 Debug( LDAP_DEBUG_ANY,
528 "%s: line %d: rootdn line must appear inside a database definition (ignored)\n",
529                                     fname, lineno, 0 );
530                         } else {
531                                 be->be_root_dn = ch_strdup( cargv[1] );
532                                 be->be_root_ndn = ch_strdup( cargv[1] );
533
534                                 if( dn_normalize( be->be_root_ndn ) == NULL ) {
535                                         free( be->be_root_dn );
536                                         free( be->be_root_ndn );
537                                         Debug( LDAP_DEBUG_ANY,
538 "%s: line %d: rootdn DN is invalid\n",
539                                            fname, lineno, 0 );
540                                         return( 1 );
541                                 }
542                         }
543
544                 /* set super-secret magic database password */
545                 } else if ( strcasecmp( cargv[0], "rootpw" ) == 0 ) {
546                         if ( cargc < 2 ) {
547                                 Debug( LDAP_DEBUG_ANY,
548             "%s: line %d: missing passwd in \"rootpw <passwd>\" line\n",
549                                     fname, lineno, 0 );
550                                 return( 1 );
551                         }
552                         if ( be == NULL ) {
553                                 Debug( LDAP_DEBUG_ANY,
554 "%s: line %d: rootpw line must appear inside a database definition (ignored)\n",
555                                     fname, lineno, 0 );
556                         } else {
557                                 be->be_root_pw.bv_val = ch_strdup( cargv[1] );
558                                 be->be_root_pw.bv_len = strlen( be->be_root_pw.bv_val );
559                         }
560
561                 /* make this database read-only */
562                 } else if ( strcasecmp( cargv[0], "readonly" ) == 0 ) {
563                         if ( cargc < 2 ) {
564                                 Debug( LDAP_DEBUG_ANY,
565             "%s: line %d: missing on|off in \"readonly <on|off>\" line\n",
566                                     fname, lineno, 0 );
567                                 return( 1 );
568                         }
569                         if ( be == NULL ) {
570                                 if ( strcasecmp( cargv[1], "on" ) == 0 ) {
571                                         global_restrictops |= SLAP_RESTRICT_OP_WRITES;
572                                 } else {
573                                         global_restrictops &= ~SLAP_RESTRICT_OP_WRITES;
574                                 }
575                         } else {
576                                 if ( strcasecmp( cargv[1], "on" ) == 0 ) {
577                                         be->be_restrictops |= SLAP_RESTRICT_OP_WRITES;
578                                 } else {
579                                         be->be_restrictops &= ~SLAP_RESTRICT_OP_WRITES;
580                                 }
581                         }
582
583
584                 /* allow these features */
585                 } else if ( strcasecmp( cargv[0], "allows" ) == 0 ||
586                         strcasecmp( cargv[0], "allow" ) == 0 )
587                 {
588                         slap_mask_t     allows;
589
590                         if ( be != NULL ) {
591                                 Debug( LDAP_DEBUG_ANY,
592 "%s: line %d: allow line must appear prior to database definitions\n",
593                                     fname, lineno, 0 );
594                         }
595
596                         if ( cargc < 2 ) {
597                                 Debug( LDAP_DEBUG_ANY,
598             "%s: line %d: missing feature(s) in \"allow <features>\" line\n",
599                                     fname, lineno, 0 );
600                                 return( 1 );
601                         }
602
603                         allows = 0;
604
605                         for( i=1; i < cargc; i++ ) {
606                                 if( strcasecmp( cargv[i], "tls_2_anon" ) == 0 ) {
607                                         allows |= SLAP_ALLOW_TLS_2_ANON;
608
609                                 } else if( strcasecmp( cargv[i], "none" ) != 0 ) {
610                                         Debug( LDAP_DEBUG_ANY,
611                     "%s: line %d: unknown feature %s in \"allow <features>\" line\n",
612                                             fname, lineno, cargv[i] );
613                                         return( 1 );
614                                 }
615                         }
616
617                         global_allows = allows;
618
619                 /* disallow these features */
620                 } else if ( strcasecmp( cargv[0], "disallows" ) == 0 ||
621                         strcasecmp( cargv[0], "disallow" ) == 0 )
622                 {
623                         slap_mask_t     disallows;
624
625                         if ( be != NULL ) {
626                                 Debug( LDAP_DEBUG_ANY,
627 "%s: line %d: disallow line must appear prior to database definitions\n",
628                                     fname, lineno, 0 );
629                         }
630
631                         if ( cargc < 2 ) {
632                                 Debug( LDAP_DEBUG_ANY,
633             "%s: line %d: missing feature(s) in \"disallow <features>\" line\n",
634                                     fname, lineno, 0 );
635                                 return( 1 );
636                         }
637
638                         disallows = 0;
639
640                         for( i=1; i < cargc; i++ ) {
641                                 if( strcasecmp( cargv[i], "bind_v2" ) == 0 ) {
642                                         disallows |= SLAP_DISALLOW_BIND_V2;
643
644                                 } else if( strcasecmp( cargv[i], "bind_anon" ) == 0 ) {
645                                         disallows |= SLAP_DISALLOW_BIND_ANON;
646
647                                 } else if( strcasecmp( cargv[i], "bind_anon_cred" ) == 0 ) {
648                                         disallows |= SLAP_DISALLOW_BIND_ANON_CRED;
649
650                                 } else if( strcasecmp( cargv[i], "bind_anon_dn" ) == 0 ) {
651                                         disallows |= SLAP_DISALLOW_BIND_ANON_DN;
652
653                                 } else if( strcasecmp( cargv[i], "bind_simple" ) == 0 ) {
654                                         disallows |= SLAP_DISALLOW_BIND_SIMPLE;
655
656                                 } else if( strcasecmp( cargv[i], "bind_krbv4" ) == 0 ) {
657                                         disallows |= SLAP_DISALLOW_BIND_KRBV4;
658
659                                 } else if( strcasecmp( cargv[i], "tls_authc" ) == 0 ) {
660                                         disallows |= SLAP_DISALLOW_TLS_AUTHC;
661
662                                 } else if( strcasecmp( cargv[i], "none" ) != 0 ) {
663                                         Debug( LDAP_DEBUG_ANY,
664                     "%s: line %d: unknown feature %s in \"disallow <features>\" line\n",
665                                             fname, lineno, cargv[i] );
666                                         return( 1 );
667                                 }
668                         }
669
670                         global_disallows = disallows;
671
672                 /* require these features */
673                 } else if ( strcasecmp( cargv[0], "requires" ) == 0 ||
674                         strcasecmp( cargv[0], "require" ) == 0 )
675                 {
676                         slap_mask_t     requires;
677
678                         if ( cargc < 2 ) {
679                                 Debug( LDAP_DEBUG_ANY,
680             "%s: line %d: missing feature(s) in \"require <features>\" line\n",
681                                     fname, lineno, 0 );
682                                 return( 1 );
683                         }
684
685                         requires = 0;
686
687                         for( i=1; i < cargc; i++ ) {
688                                 if( strcasecmp( cargv[i], "bind" ) == 0 ) {
689                                         requires |= SLAP_REQUIRE_BIND;
690
691                                 } else if( strcasecmp( cargv[i], "LDAPv3" ) == 0 ) {
692                                         requires |= SLAP_REQUIRE_LDAP_V3;
693
694                                 } else if( strcasecmp( cargv[i], "authc" ) == 0 ) {
695                                         requires |= SLAP_REQUIRE_AUTHC;
696
697                                 } else if( strcasecmp( cargv[i], "SASL" ) == 0 ) {
698                                         requires |= SLAP_REQUIRE_SASL;
699
700                                 } else if( strcasecmp( cargv[i], "strong" ) == 0 ) {
701                                         requires |= SLAP_REQUIRE_STRONG;
702
703                                 } else if( strcasecmp( cargv[i], "none" ) != 0 ) {
704                                         Debug( LDAP_DEBUG_ANY,
705                     "%s: line %d: unknown feature %s in \"require <features>\" line\n",
706                                             fname, lineno, cargv[i] );
707                                         return( 1 );
708                                 }
709                         }
710
711                         if ( be == NULL ) {
712                                 global_requires = requires;
713                         } else {
714                                 be->be_requires = requires;
715                         }
716
717                 /* required security factors */
718                 } else if ( strcasecmp( cargv[0], "security" ) == 0 ) {
719                         slap_ssf_set_t *set;
720
721                         if ( cargc < 2 ) {
722                                 Debug( LDAP_DEBUG_ANY,
723             "%s: line %d: missing factor(s) in \"security <factors>\" line\n",
724                                     fname, lineno, 0 );
725                                 return( 1 );
726                         }
727
728                         if ( be == NULL ) {
729                                 set = &global_ssf_set;
730                         } else {
731                                 set = &be->be_ssf_set;
732                         }
733
734                         for( i=1; i < cargc; i++ ) {
735                                 if( strncasecmp( cargv[i], "ssf=",
736                                         sizeof("ssf") ) == 0 )
737                                 {
738                                         set->sss_ssf =
739                                                 atoi( &cargv[i][sizeof("ssf")] );
740
741                                 } else if( strncasecmp( cargv[i], "transport=",
742                                         sizeof("transport") ) == 0 )
743                                 {
744                                         set->sss_transport =
745                                                 atoi( &cargv[i][sizeof("transport")] );
746
747                                 } else if( strncasecmp( cargv[i], "tls=",
748                                         sizeof("tls") ) == 0 )
749                                 {
750                                         set->sss_tls =
751                                                 atoi( &cargv[i][sizeof("tls")] );
752
753                                 } else if( strncasecmp( cargv[i], "sasl=",
754                                         sizeof("sasl") ) == 0 )
755                                 {
756                                         set->sss_sasl =
757                                                 atoi( &cargv[i][sizeof("sasl")] );
758
759                                 } else if( strncasecmp( cargv[i], "update_ssf=",
760                                         sizeof("update_ssf") ) == 0 )
761                                 {
762                                         set->sss_update_ssf =
763                                                 atoi( &cargv[i][sizeof("update_ssf")] );
764
765                                 } else if( strncasecmp( cargv[i], "update_transport=",
766                                         sizeof("update_transport") ) == 0 )
767                                 {
768                                         set->sss_update_transport =
769                                                 atoi( &cargv[i][sizeof("update_transport")] );
770
771                                 } else if( strncasecmp( cargv[i], "update_tls=",
772                                         sizeof("update_tls") ) == 0 )
773                                 {
774                                         set->sss_update_tls =
775                                                 atoi( &cargv[i][sizeof("update_tls")] );
776
777                                 } else if( strncasecmp( cargv[i], "update_sasl=",
778                                         sizeof("update_sasl") ) == 0 )
779                                 {
780                                         set->sss_update_sasl =
781                                                 atoi( &cargv[i][sizeof("update_sasl")] );
782
783                                 } else {
784                                         Debug( LDAP_DEBUG_ANY,
785                     "%s: line %d: unknown factor %s in \"security <factors>\" line\n",
786                                             fname, lineno, cargv[i] );
787                                         return( 1 );
788                                 }
789                         }
790
791                 
792                 /* where to send clients when we don't hold it */
793                 } else if ( strcasecmp( cargv[0], "referral" ) == 0 ) {
794                         if ( cargc < 2 ) {
795                                 Debug( LDAP_DEBUG_ANY,
796                     "%s: line %d: missing URL in \"referral <URL>\" line\n",
797                                     fname, lineno, 0 );
798                                 return( 1 );
799                         }
800
801                         vals[0]->bv_val = cargv[1];
802                         vals[0]->bv_len = strlen( vals[0]->bv_val );
803                         value_add( &default_referral, vals );
804
805                 } else if ( strcasecmp( cargv[0], "debug" ) == 0 ) {
806                         int level;
807                         if ( cargc < 3 ) {
808                                 Debug( LDAP_DEBUG_ANY,
809                                         "%s: line %d: Error in debug directive, \"debug subsys level\"\n",
810                                         fname, lineno, 0 );
811                                 return( 1 );
812                         }
813                         level = atoi( cargv[2] );
814                         if ( level <= 0 ) level = lutil_mnem2level( cargv[2] );
815                         lutil_set_debug_level( cargv[1], level );
816                 /* specify an Object Identifier macro */
817 #ifdef NEW_LOGGING
818                 } else if ( strcasecmp( cargv[0], "logfile" ) == 0 ) {
819                         FILE *logfile;
820                         if ( cargc < 2 ) {
821                             Debug( LDAP_DEBUG_ANY,
822                                    "%s: line %d: Error in logfile directive, \"logfile filename\"\n",
823                                    fname, lineno, 0 );
824                             return( 1 );
825                         }
826                         logfile = fopen( cargv[1], "w" );
827                         if ( logfile != NULL ) lutil_debug_file( logfile );
828
829 #endif
830                 } else if ( strcasecmp( cargv[0], "objectidentifier" ) == 0 ) {
831                         parse_oidm( fname, lineno, cargc, cargv );
832
833                 /* specify an objectclass */
834                 } else if ( strcasecmp( cargv[0], "objectclass" ) == 0 ) {
835                         if ( *cargv[1] == '(' ) {
836                                 char * p;
837                                 p = strchr(saveline,'(');
838                                 parse_oc( fname, lineno, p, cargv );
839                         } else {
840                                 Debug( LDAP_DEBUG_ANY,
841     "%s: line %d: old objectclass format not supported.\n",
842                                     fname, lineno, 0 );
843                         }
844
845                 /* specify an attribute type */
846                 } else if (( strcasecmp( cargv[0], "attributetype" ) == 0 )
847                         || ( strcasecmp( cargv[0], "attribute" ) == 0 ))
848                 {
849                         if ( *cargv[1] == '(' ) {
850                                 char * p;
851                                 p = strchr(saveline,'(');
852                                 parse_at( fname, lineno, p, cargv );
853                         } else {
854                                 Debug( LDAP_DEBUG_ANY,
855     "%s: line %d: old attribute type format not supported.\n",
856                                     fname, lineno, 0 );
857                         }
858
859                 /* turn on/off schema checking */
860                 } else if ( strcasecmp( cargv[0], "schemacheck" ) == 0 ) {
861                         if ( cargc < 2 ) {
862                                 Debug( LDAP_DEBUG_ANY,
863     "%s: line %d: missing on|off in \"schemacheck <on|off>\" line\n",
864                                     fname, lineno, 0 );
865                                 return( 1 );
866                         }
867                         if ( strcasecmp( cargv[1], "off" ) == 0 ) {
868                                 global_schemacheck = 0;
869                         } else {
870                                 global_schemacheck = 1;
871                         }
872
873                 /* specify access control info */
874                 } else if ( strcasecmp( cargv[0], "access" ) == 0 ) {
875                         parse_acl( be, fname, lineno, cargc, cargv );
876
877                 /* debug level to log things to syslog */
878                 } else if ( strcasecmp( cargv[0], "loglevel" ) == 0 ) {
879                         if ( cargc < 2 ) {
880                                 Debug( LDAP_DEBUG_ANY,
881                     "%s: line %d: missing level in \"loglevel <level>\" line\n",
882                                     fname, lineno, 0 );
883                                 return( 1 );
884                         }
885
886                         ldap_syslog = 0;
887
888                         for( i=1; i < cargc; i++ ) {
889                                 ldap_syslog += atoi( cargv[1] );
890                         }
891
892                 /* list of replicas of the data in this backend (master only) */
893                 } else if ( strcasecmp( cargv[0], "replica" ) == 0 ) {
894                         if ( cargc < 2 ) {
895                                 Debug( LDAP_DEBUG_ANY,
896             "%s: line %d: missing host in \"replica <host[:port]>\" line\n",
897                                     fname, lineno, 0 );
898                                 return( 1 );
899                         }
900                         if ( be == NULL ) {
901                                 Debug( LDAP_DEBUG_ANY,
902 "%s: line %d: replica line must appear inside a database definition (ignored)\n",
903                                     fname, lineno, 0 );
904                         } else {
905                                 for ( i = 1; i < cargc; i++ ) {
906                                         if ( strncasecmp( cargv[i], "host=", 5 )
907                                             == 0 ) {
908                                                 charray_add( &be->be_replica,
909                                                              cargv[i] + 5 );
910                                                 break;
911                                         }
912                                 }
913                                 if ( i == cargc ) {
914                                         Debug( LDAP_DEBUG_ANY,
915                     "%s: line %d: missing host in \"replica\" line (ignored)\n",
916                                             fname, lineno, 0 );
917                                 }
918                         }
919
920                 /* dn of master entity allowed to write to replica */
921                 } else if ( strcasecmp( cargv[0], "updatedn" ) == 0 ) {
922                         if ( cargc < 2 ) {
923                                 Debug( LDAP_DEBUG_ANY,
924                     "%s: line %d: missing dn in \"updatedn <dn>\" line\n",
925                                     fname, lineno, 0 );
926                                 return( 1 );
927                         }
928                         if ( be == NULL ) {
929                                 Debug( LDAP_DEBUG_ANY,
930 "%s: line %d: updatedn line must appear inside a database definition (ignored)\n",
931                                     fname, lineno, 0 );
932                         } else {
933                                 be->be_update_ndn = ch_strdup( cargv[1] );
934                                 if( dn_normalize( be->be_update_ndn ) == NULL ) {
935                                         Debug( LDAP_DEBUG_ANY,
936 "%s: line %d: updatedn DN is invalid\n",
937                                             fname, lineno, 0 );
938                                         return 1;
939                                 }
940                         }
941
942                 } else if ( strcasecmp( cargv[0], "updateref" ) == 0 ) {
943                         if ( cargc < 2 ) {
944                                 Debug( LDAP_DEBUG_ANY,
945                     "%s: line %d: missing dn in \"updateref <ldapurl>\" line\n",
946                                     fname, lineno, 0 );
947                                 return( 1 );
948                         }
949                         if ( be == NULL ) {
950                                 Debug( LDAP_DEBUG_ANY,
951 "%s: line %d: updateref line must appear inside a database definition (ignored)\n",
952                                     fname, lineno, 0 );
953                         } else if ( be->be_update_ndn == NULL ) {
954                                 Debug( LDAP_DEBUG_ANY,
955 "%s: line %d: updateref line must after updatedn (ignored)\n",
956                                     fname, lineno, 0 );
957                         } else {
958                                 vals[0]->bv_val = cargv[1];
959                                 vals[0]->bv_len = strlen( vals[0]->bv_val );
960                                 value_add( &be->be_update_refs, vals );
961                         }
962
963                 /* replication log file to which changes are appended */
964                 } else if ( strcasecmp( cargv[0], "replogfile" ) == 0 ) {
965                         if ( cargc < 2 ) {
966                                 Debug( LDAP_DEBUG_ANY,
967             "%s: line %d: missing dn in \"replogfile <filename>\" line\n",
968                                     fname, lineno, 0 );
969                                 return( 1 );
970                         }
971                         if ( be ) {
972                                 be->be_replogfile = ch_strdup( cargv[1] );
973                         } else {
974                                 replogfile = ch_strdup( cargv[1] );
975                         }
976
977                 /* maintain lastmodified{by,time} attributes */
978                 } else if ( strcasecmp( cargv[0], "lastmod" ) == 0 ) {
979                         if ( cargc < 2 ) {
980                                 Debug( LDAP_DEBUG_ANY,
981             "%s: line %d: missing on|off in \"lastmod <on|off>\" line\n",
982                                     fname, lineno, 0 );
983                                 return( 1 );
984                         }
985                         if ( strcasecmp( cargv[1], "on" ) == 0 ) {
986                                 if ( be )
987                                         be->be_lastmod = ON;
988                                 else
989                                         global_lastmod = ON;
990                         } else {
991                                 if ( be )
992                                         be->be_lastmod = OFF;
993                                 else
994                                         global_lastmod = OFF;
995                         }
996
997                 /* set idle timeout value */
998                 } else if ( strcasecmp( cargv[0], "idletimeout" ) == 0 ) {
999                         int i;
1000                         if ( cargc < 2 ) {
1001                                 Debug( LDAP_DEBUG_ANY,
1002             "%s: line %d: missing timeout value in \"idletimeout <seconds>\" line\n",
1003                                     fname, lineno, 0 );
1004                                 return( 1 );
1005                         }
1006
1007                         i = atoi( cargv[1] );
1008
1009                         if( i < 0 ) {
1010                                 Debug( LDAP_DEBUG_ANY,
1011             "%s: line %d: timeout value (%d) invalid \"idletimeout <seconds>\" line\n",
1012                                     fname, lineno, i );
1013                                 return( 1 );
1014                         }
1015
1016                         global_idletimeout = i;
1017
1018                 /* include another config file */
1019                 } else if ( strcasecmp( cargv[0], "include" ) == 0 ) {
1020                         if ( cargc < 2 ) {
1021                                 Debug( LDAP_DEBUG_ANY,
1022     "%s: line %d: missing filename in \"include <filename>\" line\n",
1023                                     fname, lineno, 0 );
1024                                 return( 1 );
1025                         }
1026                         savefname = ch_strdup( cargv[1] );
1027                         savelineno = lineno;
1028
1029                         if ( read_config( savefname ) != 0 ) {
1030                                 return( 1 );
1031                         }
1032
1033                         free( savefname );
1034                         lineno = savelineno - 1;
1035
1036                 /* location of kerberos srvtab file */
1037                 } else if ( strcasecmp( cargv[0], "srvtab" ) == 0 ) {
1038                         if ( cargc < 2 ) {
1039                                 Debug( LDAP_DEBUG_ANY,
1040             "%s: line %d: missing filename in \"srvtab <filename>\" line\n",
1041                                     fname, lineno, 0 );
1042                                 return( 1 );
1043                         }
1044                         ldap_srvtab = ch_strdup( cargv[1] );
1045
1046 #ifdef SLAPD_MODULES
1047                 } else if (strcasecmp( cargv[0], "moduleload") == 0 ) {
1048                    if ( cargc < 2 ) {
1049                       Debug( LDAP_DEBUG_ANY,
1050                              "%s: line %d: missing filename in \"moduleload <filename>\" line\n",
1051                              fname, lineno, 0 );
1052                       exit( EXIT_FAILURE );
1053                    }
1054                    if (module_load(cargv[1], cargc - 2, (cargc > 2) ? cargv + 2 : NULL)) {
1055                       Debug( LDAP_DEBUG_ANY,
1056                              "%s: line %d: failed to load or initialize module %s\n",
1057                              fname, lineno, cargv[1]);
1058                       exit( EXIT_FAILURE );
1059                    }
1060                 } else if (strcasecmp( cargv[0], "modulepath") == 0 ) {
1061                    if ( cargc != 2 ) {
1062                       Debug( LDAP_DEBUG_ANY,
1063                              "%s: line %d: missing path in \"modulepath <path>\" line\n",
1064                              fname, lineno, 0 );
1065                       exit( EXIT_FAILURE );
1066                    }
1067                    if (module_path( cargv[1] )) {
1068                       Debug( LDAP_DEBUG_ANY,
1069                              "%s: line %d: failed to set module search path to %s\n",
1070                              fname, lineno, cargv[1]);
1071                       exit( EXIT_FAILURE );
1072                    }
1073                    
1074 #endif /*SLAPD_MODULES*/
1075
1076 #ifdef HAVE_TLS
1077                 } else if ( !strcasecmp( cargv[0], "TLSProtocol" ) ) {
1078                         rc = ldap_pvt_tls_set_option( NULL,
1079                                                       LDAP_OPT_X_TLS_PROTOCOL,
1080                                                       cargv[1] );
1081                         if ( rc )
1082                                 return rc;
1083
1084                 } else if ( !strcasecmp( cargv[0], "TLSCipherSuite" ) ) {
1085                         rc = ldap_pvt_tls_set_option( NULL,
1086                                                       LDAP_OPT_X_TLS_CIPHER_SUITE,
1087                                                       cargv[1] );
1088                         if ( rc )
1089                                 return rc;
1090
1091                 } else if ( !strcasecmp( cargv[0], "TLSCertificateFile" ) ) {
1092                         rc = ldap_pvt_tls_set_option( NULL,
1093                                                       LDAP_OPT_X_TLS_CERTFILE,
1094                                                       cargv[1] );
1095                         if ( rc )
1096                                 return rc;
1097
1098                 } else if ( !strcasecmp( cargv[0], "TLSCertificateKeyFile" ) ) {
1099                         rc = ldap_pvt_tls_set_option( NULL,
1100                                                       LDAP_OPT_X_TLS_KEYFILE,
1101                                                       cargv[1] );
1102                         if ( rc )
1103                                 return rc;
1104
1105                 } else if ( !strcasecmp( cargv[0], "TLSCACertificatePath" ) ) {
1106                         rc = ldap_pvt_tls_set_option( NULL,
1107                                                       LDAP_OPT_X_TLS_CACERTDIR,
1108                                                       cargv[1] );
1109                         if ( rc )
1110                                 return rc;
1111
1112                 } else if ( !strcasecmp( cargv[0], "TLSCACertificateFile" ) ) {
1113                         rc = ldap_pvt_tls_set_option( NULL,
1114                                                       LDAP_OPT_X_TLS_CACERTFILE,
1115                                                       cargv[1] );
1116                         if ( rc )
1117                                 return rc;
1118                 } else if ( !strcasecmp( cargv[0], "TLSVerifyClient" ) ) {
1119                         i = atoi(cargv[1]);
1120                         rc = ldap_pvt_tls_set_option( NULL,
1121                                                       LDAP_OPT_X_TLS_REQUIRE_CERT,
1122                                                       &i );
1123                         if ( rc )
1124                                 return rc;
1125
1126 #endif
1127
1128                 /* pass anything else to the current backend info/db config routine */
1129                 } else {
1130                         if ( bi != NULL ) {
1131                                 if ( bi->bi_config == 0 ) {
1132                                         Debug( LDAP_DEBUG_ANY,
1133 "%s: line %d: unknown directive \"%s\" inside backend info definition (ignored)\n",
1134                                                 fname, lineno, cargv[0] );
1135                                 } else {
1136                                         if ( (*bi->bi_config)( bi, fname, lineno, cargc, cargv )
1137                                                 != 0 )
1138                                         {
1139                                                 return( 1 );
1140                                         }
1141                                 }
1142                         } else if ( be != NULL ) {
1143                                 if ( be->be_config == 0 ) {
1144                                         Debug( LDAP_DEBUG_ANY,
1145 "%s: line %d: unknown directive \"%s\" inside backend database definition (ignored)\n",
1146                                         fname, lineno, cargv[0] );
1147                                 } else {
1148                                         if ( (*be->be_config)( be, fname, lineno, cargc, cargv )
1149                                                 != 0 )
1150                                         {
1151                                                 return( 1 );
1152                                         }
1153                                 }
1154                         } else {
1155                                 Debug( LDAP_DEBUG_ANY,
1156 "%s: line %d: unknown directive \"%s\" outside backend info and database definitions (ignored)\n",
1157                                     fname, lineno, cargv[0] );
1158                         }
1159                 }
1160                 free( saveline );
1161         }
1162         fclose( fp );
1163         return( 0 );
1164 }
1165
1166 static int
1167 fp_parse_line(
1168     char        *line,
1169     int         *argcp,
1170     char        **argv
1171 )
1172 {
1173         char *  token;
1174
1175         *argcp = 0;
1176         for ( token = strtok_quote( line, " \t" ); token != NULL;
1177             token = strtok_quote( NULL, " \t" ) ) {
1178                 if ( *argcp == MAXARGS ) {
1179                         Debug( LDAP_DEBUG_ANY, "Too many tokens (max %d)\n",
1180                             MAXARGS, 0, 0 );
1181                         return( 1 );
1182                 }
1183                 argv[(*argcp)++] = token;
1184         }
1185         argv[*argcp] = NULL;
1186         return 0;
1187 }
1188
1189 static char *
1190 strtok_quote( char *line, char *sep )
1191 {
1192         int             inquote;
1193         char            *tmp;
1194         static char     *next;
1195
1196         if ( line != NULL ) {
1197                 next = line;
1198         }
1199         while ( *next && strchr( sep, *next ) ) {
1200                 next++;
1201         }
1202
1203         if ( *next == '\0' ) {
1204                 next = NULL;
1205                 return( NULL );
1206         }
1207         tmp = next;
1208
1209         for ( inquote = 0; *next; ) {
1210                 switch ( *next ) {
1211                 case '"':
1212                         if ( inquote ) {
1213                                 inquote = 0;
1214                         } else {
1215                                 inquote = 1;
1216                         }
1217                         AC_MEMCPY( next, next + 1, strlen( next + 1 ) + 1 );
1218                         break;
1219
1220                 case '\\':
1221                         if ( next[1] )
1222                                 AC_MEMCPY( next,
1223                                             next + 1, strlen( next + 1 ) + 1 );
1224                         next++;         /* dont parse the escaped character */
1225                         break;
1226
1227                 default:
1228                         if ( ! inquote ) {
1229                                 if ( strchr( sep, *next ) != NULL ) {
1230                                         *next++ = '\0';
1231                                         return( tmp );
1232                                 }
1233                         }
1234                         next++;
1235                         break;
1236                 }
1237         }
1238
1239         return( tmp );
1240 }
1241
1242 static char     buf[BUFSIZ];
1243 static char     *line;
1244 static int      lmax, lcur;
1245
1246 #define CATLINE( buf )  { \
1247         int     len; \
1248         len = strlen( buf ); \
1249         while ( lcur + len + 1 > lmax ) { \
1250                 lmax += BUFSIZ; \
1251                 line = (char *) ch_realloc( line, lmax ); \
1252         } \
1253         strcpy( line + lcur, buf ); \
1254         lcur += len; \
1255 }
1256
1257 static char *
1258 fp_getline( FILE *fp, int *lineno )
1259 {
1260         char            *p;
1261
1262         lcur = 0;
1263         CATLINE( buf );
1264         (*lineno)++;
1265
1266         /* hack attack - keeps us from having to keep a stack of bufs... */
1267         if ( strncasecmp( line, "include", 7 ) == 0 ) {
1268                 buf[0] = '\0';
1269                 return( line );
1270         }
1271
1272         while ( fgets( buf, sizeof(buf), fp ) != NULL ) {
1273                 if ( (p = strchr( buf, '\n' )) != NULL ) {
1274                         *p = '\0';
1275                 }
1276                 if ( ! isspace( (unsigned char) buf[0] ) ) {
1277                         return( line );
1278                 }
1279
1280                 CATLINE( buf );
1281                 (*lineno)++;
1282         }
1283         buf[0] = '\0';
1284
1285         return( line[0] ? line : NULL );
1286 }
1287
1288 static void
1289 fp_getline_init( int *lineno )
1290 {
1291         *lineno = -1;
1292         buf[0] = '\0';
1293 }