+ if (i >= MAX_AF_FILES)
+ {
+ log_error(LOG_LEVEL_FATAL, "Too many 'actionsfile' directives in config file - limit is %d.\n"
+ "(You can increase this limit by changing MAX_AF_FILES in project.h and recompiling).",
+ MAX_AF_FILES);
+ }
+ config->actions_file_short[i] = strdup_or_die(arg);
+ config->actions_file[i] = make_path(config->confdir, arg);
+
+ break;
+/* *************************************************************************
+ * accept-intercepted-requests
+ * *************************************************************************/
+ case hash_accept_intercepted_requests:
+ if (parse_toggle_state(cmd, arg) == 1)
+ {
+ config->feature_flags |= RUNTIME_FEATURE_ACCEPT_INTERCEPTED_REQUESTS;
+ }
+ else
+ {
+ config->feature_flags &= ~RUNTIME_FEATURE_ACCEPT_INTERCEPTED_REQUESTS;
+ }
+ break;
+
+/* *************************************************************************
+ * admin-address email-address
+ * *************************************************************************/
+ case hash_admin_address :
+ freez(config->admin_address);
+ config->admin_address = strdup_or_die(arg);
+ break;
+
+/* *************************************************************************
+ * allow-cgi-request-crunching
+ * *************************************************************************/
+ case hash_allow_cgi_request_crunching:
+ if (parse_toggle_state(cmd, arg) == 1)
+ {
+ config->feature_flags |= RUNTIME_FEATURE_CGI_CRUNCHING;
+ }
+ else
+ {
+ config->feature_flags &= ~RUNTIME_FEATURE_CGI_CRUNCHING;
+ }
+ break;
+
+/* *************************************************************************
+ * buffer-limit n
+ * *************************************************************************/
+ case hash_buffer_limit :
+ config->buffer_limit = (size_t)(1024 * parse_numeric_value(cmd, arg));
+ break;
+
+/* *************************************************************************
+ * client-header-order header-1 header-2 ... header-n
+ * *************************************************************************/
+ case hash_client_header_order:
+ list_remove_all(config->ordered_client_headers);
+ parse_client_header_order(config->ordered_client_headers, arg);
+ break;
+
+/* *************************************************************************
+ * client-specific-tag tag-name description
+ * *************************************************************************/
+#ifdef FEATURE_CLIENT_TAGS
+ case hash_client_specific_tag:
+ {
+ char *name;
+ char *description;
+
+ name = arg;
+ description = strstr(arg, " ");
+ if (description == NULL)
+ {
+ log_error(LOG_LEVEL_FATAL,
+ "client-specific-tag '%s' lacks a description.", name);
+ }
+ *description = '\0';
+ /*
+ * The length is limited because we don't want truncated
+ * HTML caused by the cgi interface using static buffer
+ * sizes.
+ */
+ if (strlen(name) > CLIENT_TAG_LENGTH_MAX)
+ {
+ log_error(LOG_LEVEL_FATAL,
+ "client-specific-tag '%s' is longer than %d characters.",
+ name, CLIENT_TAG_LENGTH_MAX);
+ }
+ description++;
+ register_tag(config->client_tags, name, description);
+ }
+ break;
+#endif /* def FEATURE_CLIENT_TAGS */
+
+/* *************************************************************************
+ * client-tag-lifetime ttl
+ * *************************************************************************/
+#ifdef FEATURE_CLIENT_TAGS
+ case hash_client_tag_lifetime:
+ {
+ int ttl = parse_numeric_value(cmd, arg);
+ if (0 <= ttl)
+ {
+ config->client_tag_lifetime = (unsigned)ttl;
+ }
+ else
+ {
+ log_error(LOG_LEVEL_FATAL,
+ "client-tag-lifetime can't be negative.");
+ }
+ break;
+ }
+#endif /* def FEATURE_CLIENT_TAGS */
+
+/* *************************************************************************
+ * confdir directory-name
+ * *************************************************************************/
+ case hash_confdir :
+ freez(config->confdir);
+ config->confdir = make_path(NULL, arg);
+ break;
+
+/* *************************************************************************
+ * compression-level 0-9
+ * *************************************************************************/
+#ifdef FEATURE_COMPRESSION
+ case hash_compression_level :
+ {
+ int compression_level = parse_numeric_value(cmd, arg);
+ if (-1 <= compression_level && compression_level <= 9)
+ {
+ config->compression_level = compression_level;
+ }
+ else
+ {
+ log_error(LOG_LEVEL_FATAL,
+ "Invalid compression-level value: %s", arg);
+ }
+ break;
+ }
+#endif
+
+/* *************************************************************************
+ * connection-sharing (0|1)
+ * *************************************************************************/
+#ifdef FEATURE_CONNECTION_SHARING
+ case hash_connection_sharing :
+ if (parse_toggle_state(cmd, arg) == 1)
+ {
+ config->feature_flags |= RUNTIME_FEATURE_CONNECTION_SHARING;
+ }
+ else
+ {
+ config->feature_flags &= ~RUNTIME_FEATURE_CONNECTION_SHARING;
+ }
+ break;
+#endif
+
+/* *************************************************************************
+ * cors-allowed-origin http://www.example.org
+ * *************************************************************************/
+ case hash_cors_allowed_origin :
+ /*
+ * We don't validate the specified referrer as
+ * it's only used for string comparison.
+ */
+ freez(config->cors_allowed_origin);
+ config->cors_allowed_origin = strdup_or_die(arg);
+ break;
+
+/* *************************************************************************
+ * debug n
+ * Specifies debug level, multiple values are ORed together.
+ * *************************************************************************/
+ case hash_debug :
+ config->debug |= parse_numeric_value(cmd, arg);
+ break;
+
+/* *************************************************************************
+ * default-server-timeout timeout
+ * *************************************************************************/
+#ifdef FEATURE_CONNECTION_KEEP_ALIVE
+ case hash_default_server_timeout :
+ {
+ int timeout = parse_numeric_value(cmd, arg);
+ if (0 <= timeout)
+ {
+ config->default_server_timeout = (unsigned int)timeout;
+ }
+ else
+ {
+ log_error(LOG_LEVEL_FATAL,
+ "Invalid default-server-timeout value: %s", arg);
+ }
+ break;
+ }
+#endif
+
+/* *************************************************************************
+ * deny-access source-ip[/significant-bits] [dest-ip[/significant-bits]]
+ * *************************************************************************/
+#ifdef FEATURE_ACL
+ case hash_deny_access:
+ strlcpy(tmp, arg, sizeof(tmp));
+ vec_count = ssplit(tmp, " \t", vec, SZ(vec));
+
+ if ((vec_count != 1) && (vec_count != 2))
+ {
+ log_error(LOG_LEVEL_ERROR, "Wrong number of parameters for "
+ "deny-access directive in configuration file.");
+ string_append(&config->proxy_args,
+ "<br>\nWARNING: Wrong number of parameters for "
+ "deny-access directive in configuration file.<br><br>\n");
+ break;
+ }
+
+ /* allocate a new node */
+ cur_acl = zalloc_or_die(sizeof(*cur_acl));
+ cur_acl->action = ACL_DENY;
+
+ if (acl_addr(vec[0], cur_acl->src) < 0)
+ {
+ log_error(LOG_LEVEL_ERROR, "Invalid source address, port or netmask "
+ "for deny-access directive in configuration file: \"%s\"", vec[0]);
+ string_append(&config->proxy_args,
+ "<br>\nWARNING: Invalid source address, port or netmask "
+ "for deny-access directive in configuration file: \"");
+ string_append(&config->proxy_args,
+ vec[0]);
+ string_append(&config->proxy_args,
+ "\"<br><br>\n");
+ freez(cur_acl);
+ break;
+ }
+ if (vec_count == 2)
+ {
+ if (acl_addr(vec[1], cur_acl->dst) < 0)
+ {
+ log_error(LOG_LEVEL_ERROR, "Invalid destination address, port or netmask "
+ "for deny-access directive in configuration file: \"%s\"", vec[1]);
+ string_append(&config->proxy_args,
+ "<br>\nWARNING: Invalid destination address, port or netmask "
+ "for deny-access directive in configuration file: \"");
+ string_append(&config->proxy_args,
+ vec[1]);
+ string_append(&config->proxy_args,
+ "\"<br><br>\n");
+ freez(cur_acl);
+ break;
+ }
+ }
+#ifdef HAVE_RFC2553
+ else
+ {
+ cur_acl->wildcard_dst = 1;
+ }
+#endif /* def HAVE_RFC2553 */
+
+ /*
+ * Add it to the list. Note we reverse the list to get the
+ * behaviour the user expects. With both the ACL and
+ * actions file, the last match wins. However, the internal
+ * implementations are different: The actions file is stored
+ * in the same order as the file, and scanned completely.
+ * With the ACL, we reverse the order as we load it, then
+ * when we scan it we stop as soon as we get a match.
+ */
+ cur_acl->next = config->acl;
+ config->acl = cur_acl;
+
+ break;
+#endif /* def FEATURE_ACL */
+
+#if defined(FEATURE_ACCEPT_FILTER) && defined(SO_ACCEPTFILTER)
+/* *************************************************************************
+ * enable-accept-filter 0|1
+ * *************************************************************************/
+ case hash_enable_accept_filter :
+ config->enable_accept_filter = parse_toggle_state(cmd, arg);
+ break;
+#endif /* defined(FEATURE_ACCEPT_FILTER) && defined(SO_ACCEPTFILTER) */
+
+/* *************************************************************************
+ * enable-edit-actions 0|1
+ * *************************************************************************/
+#ifdef FEATURE_CGI_EDIT_ACTIONS
+ case hash_enable_edit_actions:
+ if (parse_toggle_state(cmd, arg) == 1)
+ {
+ config->feature_flags |= RUNTIME_FEATURE_CGI_EDIT_ACTIONS;
+ }
+ else
+ {
+ config->feature_flags &= ~RUNTIME_FEATURE_CGI_EDIT_ACTIONS;
+ }
+ break;
+#endif /* def FEATURE_CGI_EDIT_ACTIONS */
+
+/* *************************************************************************
+ * enable-compression 0|1
+ * *************************************************************************/
+#ifdef FEATURE_COMPRESSION
+ case hash_enable_compression:
+ if (parse_toggle_state(cmd, arg) == 1)
+ {
+ config->feature_flags |= RUNTIME_FEATURE_COMPRESSION;
+ }
+ else
+ {
+ config->feature_flags &= ~RUNTIME_FEATURE_COMPRESSION;
+ }
+ break;
+#endif /* def FEATURE_COMPRESSION */
+
+/* *************************************************************************
+ * enable-proxy-authentication-forwarding 0|1
+ * *************************************************************************/
+ case hash_enable_proxy_authentication_forwarding:
+ if (parse_toggle_state(cmd, arg) == 1)
+ {
+ config->feature_flags |= RUNTIME_FEATURE_FORWARD_PROXY_AUTHENTICATION_HEADERS;
+ }
+ else
+ {
+ config->feature_flags &= ~RUNTIME_FEATURE_FORWARD_PROXY_AUTHENTICATION_HEADERS;
+ }
+ break;
+
+/* *************************************************************************
+ * enable-remote-toggle 0|1
+ * *************************************************************************/
+#ifdef FEATURE_TOGGLE
+ case hash_enable_remote_toggle:
+ if (parse_toggle_state(cmd, arg) == 1)
+ {
+ config->feature_flags |= RUNTIME_FEATURE_CGI_TOGGLE;
+ }
+ else
+ {
+ config->feature_flags &= ~RUNTIME_FEATURE_CGI_TOGGLE;
+ }
+ break;
+#endif /* def FEATURE_TOGGLE */
+
+/* *************************************************************************
+ * enable-remote-http-toggle 0|1
+ * *************************************************************************/
+ case hash_enable_remote_http_toggle:
+ if (parse_toggle_state(cmd, arg) == 1)
+ {
+ config->feature_flags |= RUNTIME_FEATURE_HTTP_TOGGLE;
+ }
+ else
+ {
+ config->feature_flags &= ~RUNTIME_FEATURE_HTTP_TOGGLE;
+ }
+ break;
+
+/* *************************************************************************
+ * enforce-blocks 0|1
+ * *************************************************************************/
+ case hash_enforce_blocks:
+#ifdef FEATURE_FORCE_LOAD
+ if (parse_toggle_state(cmd, arg) == 1)
+ {
+ config->feature_flags |= RUNTIME_FEATURE_ENFORCE_BLOCKS;
+ }
+ else
+ {
+ config->feature_flags &= ~RUNTIME_FEATURE_ENFORCE_BLOCKS;
+ }
+#else
+ log_error(LOG_LEVEL_ERROR, "Ignoring directive 'enforce-blocks'. "
+ "FEATURE_FORCE_LOAD is disabled, blocks will always be enforced.");
+#endif /* def FEATURE_FORCE_LOAD */
+ break;
+
+/* *************************************************************************
+ * filterfile file-name
+ * In confdir by default.
+ * *************************************************************************/
+ case hash_filterfile :
+ i = 0;
+ while ((i < MAX_AF_FILES) && (NULL != config->re_filterfile[i]))
+ {
+ i++;
+ }
+
+ if (i >= MAX_AF_FILES)
+ {
+ log_error(LOG_LEVEL_FATAL, "Too many 'filterfile' directives in config file - limit is %d.\n"
+ "(You can increase this limit by changing MAX_AF_FILES in project.h and recompiling).",
+ MAX_AF_FILES);
+ }
+ config->re_filterfile_short[i] = strdup_or_die(arg);
+ config->re_filterfile[i] = make_path(config->confdir, arg);
+
+ break;
+
+/* *************************************************************************
+ * forward url-pattern (.|http-proxy-host[:port])
+ * *************************************************************************/
+ case hash_forward:
+ strlcpy(tmp, arg, sizeof(tmp));
+ vec_count = ssplit(tmp, " \t", vec, SZ(vec));
+
+ if (vec_count != 2)
+ {
+ log_error(LOG_LEVEL_ERROR, "Wrong number of parameters for forward "
+ "directive in configuration file.");
+ string_append(&config->proxy_args,
+ "<br>\nWARNING: Wrong number of parameters for "
+ "forward directive in configuration file.");
+ break;
+ }
+
+ /* allocate a new node */
+ cur_fwd = zalloc_or_die(sizeof(*cur_fwd));
+ cur_fwd->type = SOCKS_NONE;
+
+ /* Save the URL pattern */
+ if (create_pattern_spec(cur_fwd->url, vec[0]))
+ {
+ log_error(LOG_LEVEL_ERROR, "Bad URL specifier for forward "
+ "directive in configuration file.");
+ string_append(&config->proxy_args,
+ "<br>\nWARNING: Bad URL specifier for "
+ "forward directive in configuration file.");
+ freez(cur_fwd);
+ break;
+ }
+
+ /* Parse the parent HTTP proxy host:port */
+ p = vec[1];
+
+ if (strcmp(p, ".") != 0)
+ {
+ cur_fwd->forward_port = 8000;
+ parse_forwarder_address(p,
+ &cur_fwd->forward_host, &cur_fwd->forward_port,
+ NULL, NULL);
+ }
+
+ /* Add to list. */
+ cur_fwd->next = config->forward;
+ config->forward = cur_fwd;
+
+ break;
+
+/* *************************************************************************
+ * forward-socks4 url-pattern socks-proxy[:port] (.|http-proxy[:port])
+ * *************************************************************************/
+ case hash_forward_socks4:
+ strlcpy(tmp, arg, sizeof(tmp));
+ vec_count = ssplit(tmp, " \t", vec, SZ(vec));
+
+ if (vec_count != 3)
+ {
+ log_error(LOG_LEVEL_ERROR, "Wrong number of parameters for "
+ "forward-socks4 directive in configuration file.");
+ string_append(&config->proxy_args,
+ "<br>\nWARNING: Wrong number of parameters for "
+ "forward-socks4 directive in configuration file.");
+ break;
+ }
+
+ /* allocate a new node */
+ cur_fwd = zalloc_or_die(sizeof(*cur_fwd));
+ cur_fwd->type = SOCKS_4;
+
+ /* Save the URL pattern */
+ if (create_pattern_spec(cur_fwd->url, vec[0]))
+ {
+ log_error(LOG_LEVEL_ERROR, "Bad URL specifier for forward-socks4 "
+ "directive in configuration file.");
+ string_append(&config->proxy_args,
+ "<br>\nWARNING: Bad URL specifier for "
+ "forward-socks4 directive in configuration file.");
+ freez(cur_fwd);
+ break;
+ }
+
+ /* Parse the SOCKS proxy host[:port] */
+ p = vec[1];
+
+ /* XXX: This check looks like a bug. */
+ if (strcmp(p, ".") != 0)
+ {
+ cur_fwd->gateway_port = 1080;
+ parse_forwarder_address(p,
+ &cur_fwd->gateway_host, &cur_fwd->gateway_port,
+ NULL, NULL);
+ }
+
+ /* Parse the parent HTTP proxy host[:port] */
+ p = vec[2];
+
+ if (strcmp(p, ".") != 0)
+ {
+ cur_fwd->forward_port = 8000;
+ parse_forwarder_address(p,
+ &cur_fwd->forward_host, &cur_fwd->forward_port,
+ NULL, NULL);
+ }
+
+ /* Add to list. */
+ cur_fwd->next = config->forward;
+ config->forward = cur_fwd;
+
+ break;
+
+/* *************************************************************************
+ * forward-socks4a url-pattern socks-proxy[:port] (.|http-proxy[:port])
+ * *************************************************************************/
+ case hash_forward_socks4a:
+ case hash_forward_socks5:
+ case hash_forward_socks5t:
+ strlcpy(tmp, arg, sizeof(tmp));
+ vec_count = ssplit(tmp, " \t", vec, SZ(vec));
+
+ if (vec_count != 3)
+ {
+ log_error(LOG_LEVEL_ERROR,
+ "Wrong number of parameters for %s in configuration file.",
+ cmd);
+ string_append(&config->proxy_args,
+ "<br>\nWARNING: Wrong number of parameters for ");
+ string_append(&config->proxy_args, cmd);
+ string_append(&config->proxy_args,
+ "directive in configuration file.");
+ break;
+ }
+
+ /* allocate a new node */
+ cur_fwd = zalloc_or_die(sizeof(*cur_fwd));
+
+ if (directive_hash == hash_forward_socks4a)
+ {
+ cur_fwd->type = SOCKS_4A;
+ }
+ else if (directive_hash == hash_forward_socks5)
+ {
+ cur_fwd->type = SOCKS_5;
+ }
+ else
+ {
+ assert(directive_hash == hash_forward_socks5t);
+ cur_fwd->type = SOCKS_5T;
+ }
+
+ /* Save the URL pattern */
+ if (create_pattern_spec(cur_fwd->url, vec[0]))
+ {
+ log_error(LOG_LEVEL_ERROR,
+ "Bad URL specifier for %s in configuration file.",
+ cmd);
+ string_append(&config->proxy_args,
+ "<br>\nWARNING: Bad URL specifier for ");
+ string_append(&config->proxy_args, cmd);
+ string_append(&config->proxy_args,
+ "directive in configuration file.");
+ freez(cur_fwd);
+ break;
+ }
+
+ /* Parse the SOCKS proxy [user:pass@]host[:port] */
+ p = vec[1];
+
+ cur_fwd->gateway_port = 1080;
+ parse_forwarder_address(p,
+ &cur_fwd->gateway_host, &cur_fwd->gateway_port,
+ &cur_fwd->auth_username, &cur_fwd->auth_password);
+
+ /* Parse the parent HTTP proxy host[:port] */
+ p = vec[2];
+
+ if (strcmp(p, ".") != 0)
+ {
+ cur_fwd->forward_port = 8000;
+ parse_forwarder_address(p,
+ &cur_fwd->forward_host, &cur_fwd->forward_port,
+ NULL, NULL);
+ }
+
+ /* Add to list. */
+ cur_fwd->next = config->forward;
+ config->forward = cur_fwd;
+
+ break;
+
+/* *************************************************************************
+ * forwarded-connect-retries n
+ * *************************************************************************/
+ case hash_forwarded_connect_retries :
+ config->forwarded_connect_retries = parse_numeric_value(cmd, arg);
+ break;
+
+/* *************************************************************************
+ * handle-as-empty-doc-returns-ok 0|1
+ *
+ * Workaround for firefox hanging on blocked javascript pages.
+ * Block with the "+handle-as-empty-document" flag and set the
+ * "handle-as-empty-doc-returns-ok" run-time config flag so that
+ * Privoxy returns a 200/OK status instead of a 403/Forbidden status
+ * to the browser for blocked pages.
+ ***************************************************************************/
+ case hash_handle_as_empty_returns_ok:
+ if (parse_toggle_state(cmd, arg) == 1)
+ {
+ config->feature_flags |= RUNTIME_FEATURE_EMPTY_DOC_RETURNS_OK;
+ }
+ else
+ {
+ config->feature_flags &= ~RUNTIME_FEATURE_EMPTY_DOC_RETURNS_OK;
+ }
+ break;
+
+/* *************************************************************************
+ * hostname hostname-to-show-on-cgi-pages
+ * *************************************************************************/
+ case hash_hostname :
+ freez(config->hostname);
+ config->hostname = strdup_or_die(arg);
+ break;
+
+/* *************************************************************************
+ * keep-alive-timeout timeout
+ * *************************************************************************/
+#ifdef FEATURE_CONNECTION_KEEP_ALIVE
+ case hash_keep_alive_timeout :
+ {
+ int timeout = parse_numeric_value(cmd, arg);
+ if (0 < timeout)
+ {
+ config->feature_flags |= RUNTIME_FEATURE_CONNECTION_KEEP_ALIVE;
+ config->keep_alive_timeout = (unsigned int)timeout;
+ }
+ else
+ {
+ config->feature_flags &= ~RUNTIME_FEATURE_CONNECTION_KEEP_ALIVE;
+ }
+ break;
+ }
+#endif
+
+/* *************************************************************************
+ * listen-address [ip][:port]
+ * *************************************************************************/
+ case hash_listen_address :
+ i = 0;
+ while ((i < MAX_LISTENING_SOCKETS) && (NULL != config->haddr[i]))
+ {
+ i++;
+ }
+
+ if (i >= MAX_LISTENING_SOCKETS)
+ {
+ log_error(LOG_LEVEL_FATAL, "Too many 'listen-address' directives in config file - limit is %d.\n"
+ "(You can increase this limit by changing MAX_LISTENING_SOCKETS in project.h and recompiling).",
+ MAX_LISTENING_SOCKETS);
+ }
+ config->haddr[i] = strdup_or_die(arg);
+ break;
+
+/* *************************************************************************
+ * listen-backlog n
+ * *************************************************************************/
+ case hash_listen_backlog :
+ /*
+ * We don't enfore an upper or lower limit because on
+ * many platforms all values are valid and negative
+ * number mean "use the highest value allowed".
+ */
+ config->listen_backlog = parse_numeric_value(cmd, arg);
+ break;
+
+/* *************************************************************************
+ * logdir directory-name
+ * *************************************************************************/
+ case hash_logdir :
+ freez(config->logdir);
+ config->logdir = make_path(NULL, arg);
+ break;
+
+/* *************************************************************************
+ * logfile log-file-name
+ * In logdir by default
+ * *************************************************************************/
+ case hash_logfile :
+ if (daemon_mode)
+ {
+ logfile = make_path(config->logdir, arg);
+ if (NULL == logfile)
+ {
+ log_error(LOG_LEVEL_FATAL, "Out of memory while creating logfile path");
+ }
+ }
+ break;
+
+/* *************************************************************************
+ * max-client-connections number
+ * *************************************************************************/
+ case hash_max_client_connections :
+ {
+ int max_client_connections = parse_numeric_value(cmd, arg);
+
+#if !defined(_WIN32) && !defined(HAVE_POLL)
+ /*
+ * Reject values below 1 for obvious reasons and values above
+ * FD_SETSIZE/2 because Privoxy needs two sockets to serve
+ * client connections that need forwarding.
+ *
+ * We ignore the fact that the first three file descriptors
+ * are usually set to /dev/null, one is used for logging
+ * and yet another file descriptor is required to load
+ * config files.
+ */
+ if ((max_client_connections < 1) || (FD_SETSIZE/2 < max_client_connections))
+ {
+ log_error(LOG_LEVEL_FATAL, "max-client-connections value %d"
+ " is invalid. Value needs to be above 1 and below %d"
+ " (FD_SETSIZE/2).", max_client_connections, FD_SETSIZE/2);
+ }
+#else
+ /*
+ * The Windows libc uses FD_SETSIZE for an array used
+ * by select(), but has no problems with file descriptors
+ * above the limit as long as no more than FD_SETSIZE are
+ * passed to select().
+ * https://msdn.microsoft.com/en-us/library/windows/desktop/ms739169%28v=vs.85%29.aspx
+ *
+ * On platforms were we use poll() we don't have to enforce
+ * an upper connection limit either.
+ */
+ if (max_client_connections < 1)
+ {
+ log_error(LOG_LEVEL_FATAL, "max-client-connections value"
+ " has to be a number above 1. %d is invalid.",
+ max_client_connections);
+ }
+#endif
+ config->max_client_connections = max_client_connections;
+ break;
+ }
+
+/* *************************************************************************
+ * permit-access source-ip[/significant-bits] [dest-ip[/significant-bits]]
+ * *************************************************************************/
+#ifdef FEATURE_ACL
+ case hash_permit_access:
+ strlcpy(tmp, arg, sizeof(tmp));
+ vec_count = ssplit(tmp, " \t", vec, SZ(vec));
+
+ if ((vec_count != 1) && (vec_count != 2))
+ {
+ log_error(LOG_LEVEL_ERROR, "Wrong number of parameters for "
+ "permit-access directive in configuration file.");
+ string_append(&config->proxy_args,
+ "<br>\nWARNING: Wrong number of parameters for "
+ "permit-access directive in configuration file.<br><br>\n");
+
+ break;
+ }
+
+ /* allocate a new node */
+ cur_acl = zalloc_or_die(sizeof(*cur_acl));
+ cur_acl->action = ACL_PERMIT;
+
+ if (acl_addr(vec[0], cur_acl->src) < 0)
+ {
+ log_error(LOG_LEVEL_ERROR, "Invalid source address, port or netmask "
+ "for permit-access directive in configuration file: \"%s\"", vec[0]);
+ string_append(&config->proxy_args,
+ "<br>\nWARNING: Invalid source address, port or netmask for "
+ "permit-access directive in configuration file: \"");
+ string_append(&config->proxy_args,
+ vec[0]);
+ string_append(&config->proxy_args,
+ "\"<br><br>\n");
+ freez(cur_acl);
+ break;
+ }
+ if (vec_count == 2)
+ {
+ if (acl_addr(vec[1], cur_acl->dst) < 0)
+ {
+ log_error(LOG_LEVEL_ERROR, "Invalid destination address, port or netmask "
+ "for permit-access directive in configuration file: \"%s\"", vec[1]);
+ string_append(&config->proxy_args,
+ "<br>\nWARNING: Invalid destination address, port or netmask for "
+ "permit-access directive in configuration file: \"");
+ string_append(&config->proxy_args,
+ vec[1]);
+ string_append(&config->proxy_args,
+ "\"<br><br>\n");
+ freez(cur_acl);
+ break;
+ }
+ }
+#ifdef HAVE_RFC2553
+ else
+ {
+ cur_acl->wildcard_dst = 1;
+ }
+#endif /* def HAVE_RFC2553 */
+
+ /*
+ * Add it to the list. Note we reverse the list to get the
+ * behaviour the user expects. With both the ACL and
+ * actions file, the last match wins. However, the internal
+ * implementations are different: The actions file is stored
+ * in the same order as the file, and scanned completely.
+ * With the ACL, we reverse the order as we load it, then
+ * when we scan it we stop as soon as we get a match.
+ */
+ cur_acl->next = config->acl;
+ config->acl = cur_acl;
+
+ break;
+#endif /* def FEATURE_ACL */
+
+/* *************************************************************************
+ * proxy-info-url url
+ * *************************************************************************/
+ case hash_proxy_info_url :
+ freez(config->proxy_info_url);
+ config->proxy_info_url = strdup_or_die(arg);
+ break;
+
+
+/* *************************************************************************
+ * receive-buffer-size n
+ * *************************************************************************/
+ case hash_receive_buffer_size :
+ config->receive_buffer_size = (size_t)parse_numeric_value(cmd, arg);
+ if (config->receive_buffer_size < BUFFER_SIZE)
+ {
+ log_error(LOG_LEVEL_INFO,
+ "receive-buffer-size %lu seems low and may cause problems."
+ "Consider setting it to at least %d.",
+ config->receive_buffer_size, BUFFER_SIZE);
+ }
+ break;
+
+/* *************************************************************************
+ * single-threaded 0|1
+ * *************************************************************************/
+ case hash_single_threaded :
+ config->multi_threaded = 0 == parse_toggle_state(cmd, arg);
+ break;
+
+/* *************************************************************************
+ * socket-timeout numer_of_seconds
+ * *************************************************************************/
+ case hash_socket_timeout :
+ {
+ int socket_timeout = parse_numeric_value(cmd, arg);
+ if (0 <= socket_timeout)
+ {
+ config->socket_timeout = socket_timeout;
+ }
+ else
+ {
+ log_error(LOG_LEVEL_FATAL, "Invalid socket-timeout: '%s'", arg);
+ }
+ break;
+ }
+
+/* *************************************************************************
+ * split-large-cgi-forms
+ * *************************************************************************/
+ case hash_split_large_cgi_forms :
+ if (parse_toggle_state(cmd, arg) == 1)
+ {
+ config->feature_flags |= RUNTIME_FEATURE_SPLIT_LARGE_FORMS;
+ }
+ else
+ {
+ config->feature_flags &= ~RUNTIME_FEATURE_SPLIT_LARGE_FORMS;
+ }
+ break;
+
+/* *************************************************************************
+ * templdir directory-name
+ * *************************************************************************/
+ case hash_templdir :
+ freez(config->templdir);
+ config->templdir = make_path(NULL, arg);
+ break;
+
+#ifdef FEATURE_EXTERNAL_FILTERS
+/* *************************************************************************
+ * temporary-directory directory-name
+ * *************************************************************************/
+ case hash_temporary_directory :
+ freez(config->temporary_directory);
+ config->temporary_directory = make_path(NULL, arg);
+ break;
+#endif
+
+/* *************************************************************************
+ * tolerate-pipelining (0|1)
+ * *************************************************************************/
+ case hash_tolerate_pipelining :
+ if (parse_toggle_state(cmd, arg) == 1)
+ {
+ config->feature_flags |= RUNTIME_FEATURE_TOLERATE_PIPELINING;
+ }
+ else
+ {
+ config->feature_flags &= ~RUNTIME_FEATURE_TOLERATE_PIPELINING;
+ }
+ break;
+
+/* *************************************************************************
+ * toggle (0|1)
+ * *************************************************************************/
+#ifdef FEATURE_TOGGLE
+ case hash_toggle :
+ global_toggle_state = parse_toggle_state(cmd, arg);
+ break;
+#endif /* def FEATURE_TOGGLE */
+
+/* *************************************************************************
+ * trust-info-url url
+ * *************************************************************************/
+#ifdef FEATURE_TRUST
+ case hash_trust_info_url :
+ enlist(config->trust_info, arg);
+ break;
+#endif /* def FEATURE_TRUST */
+
+/* *************************************************************************
+ * trust-x-forwarded-for (0|1)
+ * *************************************************************************/
+ case hash_trust_x_forwarded_for :
+ config->trust_x_forwarded_for = parse_toggle_state(cmd, arg);
+ break;
+
+/* *************************************************************************
+ * trusted-cgi-referrer http://www.example.org/some/path.html
+ * *************************************************************************/
+ case hash_trusted_cgi_referrer :
+ /*
+ * We don't validate the specified referrer as
+ * it's only used for string comparison.
+ */
+ freez(config->trusted_cgi_referrer);
+ config->trusted_cgi_referrer = strdup_or_die(arg);
+ break;
+
+/* *************************************************************************
+ * trustfile filename
+ * (In confdir by default.)
+ * *************************************************************************/
+#ifdef FEATURE_TRUST
+ case hash_trustfile :
+ freez(config->trustfile);
+ config->trustfile = make_path(config->confdir, arg);
+ break;
+#endif /* def FEATURE_TRUST */
+
+/* *************************************************************************
+ * usermanual url
+ * *************************************************************************/
+ case hash_usermanual :
+ /*
+ * XXX: If this isn't the first config directive, the
+ * show-status page links to the website documentation
+ * for the directives that were already parsed. Lame.
+ */
+ freez(config->usermanual);
+ config->usermanual = strdup_or_die(arg);
+ break;
+
+#ifdef FEATURE_HTTPS_INSPECTION
+/* *************************************************************************
+ * ca private key file password
+ * *************************************************************************/
+ case hash_ca_password:
+ freez(config->ca_password);
+ config->ca_password = strdup(arg);
+ break;
+
+/* *************************************************************************
+ * ca-directory directory
+ * *************************************************************************/
+ case hash_ca_directory:
+ freez(ca_directory);
+ ca_directory = make_path(NULL, arg);
+
+ if (NULL == ca_directory)
+ {
+ log_error(LOG_LEVEL_FATAL, "Out of memory while creating ca dir path");
+ }
+
+ break;
+
+/* *************************************************************************
+ * ca cert file ca-cert-file
+ * In ca dir by default
+ * *************************************************************************/
+ case hash_ca_cert_file:
+ freez(ca_cert_file);
+ ca_cert_file = make_path(config->ca_directory, arg);
+
+ if (NULL == ca_cert_file)
+ {
+ log_error(LOG_LEVEL_FATAL, "Out of memory while creating ca certificate file path");
+ }
+
+ break;
+
+/* *************************************************************************
+ * ca key file ca-key-file
+ * In ca dir by default
+ * *************************************************************************/
+ case hash_ca_key_file:
+ freez(ca_key_file);
+ ca_key_file = make_path(config->ca_directory, arg);
+
+ if (NULL == ca_key_file)
+ {
+ log_error(LOG_LEVEL_FATAL, "Out of memory while creating ca key file path");
+ }
+
+ break;
+
+/* *************************************************************************
+ * certificate-directory directory
+ * *************************************************************************/
+ case hash_certificate_directory:
+ freez(certificate_directory);
+ certificate_directory = make_path(NULL, arg);
+
+ if (NULL == certificate_directory)
+ {
+ log_error(LOG_LEVEL_FATAL,
+ "Out of memory while creating certificate directory path");
+ }
+
+ break;
+
+/* *************************************************************************
+ * cipher-list list-of-ciphers
+ * *************************************************************************/
+ case hash_cipher_list:
+ freez(config->cipher_list);
+ config->cipher_list = strdup_or_die(arg);
+
+ break;
+
+/* *************************************************************************
+ * trusted CAs file name trusted-cas-file
+ * *************************************************************************/
+ case hash_trusted_cas_file:
+ freez(trusted_cas_file);
+ trusted_cas_file = make_path(config->ca_directory, arg);
+
+ if (NULL == trusted_cas_file)
+ {
+ log_error(LOG_LEVEL_FATAL, "Out of memory while creating trusted CAs file path");
+ }
+
+ break;
+#endif
+
+/* *************************************************************************
+ * Win32 Console options:
+ * *************************************************************************/
+
+/* *************************************************************************
+ * hide-console
+ * *************************************************************************/
+#ifdef _WIN_CONSOLE
+ case hash_hide_console :
+ hideConsole = 1;
+ break;
+#endif /*def _WIN_CONSOLE*/
+
+
+/* *************************************************************************
+ * Win32 GUI options:
+ * *************************************************************************/
+
+#if defined(_WIN32) && ! defined(_WIN_CONSOLE)
+/* *************************************************************************
+ * activity-animation (0|1)
+ * *************************************************************************/
+ case hash_activity_animation :
+ g_bShowActivityAnimation = parse_toggle_state(cmd, arg);
+ break;
+
+/* *************************************************************************
+ * close-button-minimizes (0|1)
+ * *************************************************************************/
+ case hash_close_button_minimizes :
+ g_bCloseHidesWindow = parse_toggle_state(cmd, arg);
+ break;
+
+/* *************************************************************************
+ * log-buffer-size (0|1)
+ * *************************************************************************/
+ case hash_log_buffer_size :
+ g_bLimitBufferSize = parse_toggle_state(cmd, arg);
+ break;
+
+/* *************************************************************************
+ * log-font-name fontname
+ * *************************************************************************/
+ case hash_log_font_name :
+ if (strlcpy(g_szFontFaceName, arg,
+ sizeof(g_szFontFaceName)) >= sizeof(g_szFontFaceName))
+ {
+ log_error(LOG_LEVEL_FATAL,
+ "log-font-name argument '%s' is longer than %u characters.",
+ arg, sizeof(g_szFontFaceName)-1);
+ }
+ break;
+
+/* *************************************************************************
+ * log-font-size n
+ * *************************************************************************/
+ case hash_log_font_size :
+ g_nFontSize = parse_numeric_value(cmd, arg);
+ break;
+
+/* *************************************************************************
+ * log-highlight-messages (0|1)
+ * *************************************************************************/
+ case hash_log_highlight_messages :
+ g_bHighlightMessages = parse_toggle_state(cmd, arg);
+ break;
+
+/* *************************************************************************
+ * log-max-lines n
+ * *************************************************************************/
+ case hash_log_max_lines :
+ g_nMaxBufferLines = parse_numeric_value(cmd, arg);
+ break;
+
+/* *************************************************************************
+ * log-messages (0|1)
+ * *************************************************************************/
+ case hash_log_messages :
+ g_bLogMessages = parse_toggle_state(cmd, arg);
+ break;
+
+/* *************************************************************************
+ * show-on-task-bar (0|1)
+ * *************************************************************************/
+ case hash_show_on_task_bar :
+ g_bShowOnTaskBar = parse_toggle_state(cmd, arg);
+ break;
+
+#endif /* defined(_WIN32) && ! defined(_WIN_CONSOLE) */
+
+
+/* *************************************************************************
+ * Warnings about unsupported features
+ * *************************************************************************/
+#ifndef FEATURE_ACL
+ case hash_deny_access:
+#endif /* ndef FEATURE_ACL */
+#ifndef FEATURE_CGI_EDIT_ACTIONS
+ case hash_enable_edit_actions:
+#endif /* ndef FEATURE_CGI_EDIT_ACTIONS */
+#ifndef FEATURE_TOGGLE
+ case hash_enable_remote_toggle:
+#endif /* ndef FEATURE_TOGGLE */
+#ifndef FEATURE_ACL
+ case hash_permit_access:
+#endif /* ndef FEATURE_ACL */
+#ifndef FEATURE_TOGGLE
+ case hash_toggle :
+#endif /* ndef FEATURE_TOGGLE */
+#ifndef FEATURE_TRUST
+ case hash_trustfile :
+ case hash_trust_info_url :
+#endif /* ndef FEATURE_TRUST */
+
+#ifndef _WIN_CONSOLE
+ case hash_hide_console :
+#endif /* ndef _WIN_CONSOLE */
+
+#if defined(_WIN_CONSOLE) || ! defined(_WIN32)
+ case hash_activity_animation :
+ case hash_close_button_minimizes :
+ case hash_log_buffer_size :
+ case hash_log_font_name :
+ case hash_log_font_size :
+ case hash_log_highlight_messages :
+ case hash_log_max_lines :
+ case hash_log_messages :
+ case hash_show_on_task_bar :
+#endif /* defined(_WIN_CONSOLE) || ! defined(_WIN32) */
+ /* These warnings are annoying - so hide them. -- Jon */
+ /* log_error(LOG_LEVEL_INFO, "Unsupported directive \"%s\" ignored.", cmd); */
+ break;
+
+/* *************************************************************************/
+ default :
+/* *************************************************************************/
+ /*
+ * I decided that I liked this better as a warning than an
+ * error. To change back to an error, just change log level
+ * to LOG_LEVEL_FATAL.
+ */
+ log_error(LOG_LEVEL_ERROR, "Ignoring unrecognized directive "
+ "'%s' (%uU) in line %lu in configuration file (%s).",
+ buf, directive_hash, linenum, configfile);
+ string_append(&config->proxy_args,
+ " <strong class='warning'>Warning: Ignoring unrecognized directive:</strong>");
+ break;
+
+/* *************************************************************************/
+ } /* end switch(hash_string(cmd)) */
+
+ /* Save the argument for the show-status page. */
+ savearg(cmd, arg, config);
+ freez(buf);
+ } /* end while (read_config_line(...)) */
+
+ fclose(configfp);
+
+ set_debug_level(config->debug);
+
+ freez(config->logfile);
+
+ if (daemon_mode)
+ {
+ if (NULL != logfile)
+ {
+ config->logfile = logfile;
+ init_error_log(Argv[0], config->logfile);
+ }
+ else
+ {
+ disable_logging();
+ }
+ }
+
+#ifdef FEATURE_HTTPS_INSPECTION
+ /*
+ * Setting SSL parameters from loaded values into structures
+ */
+ freez(config->ca_directory);
+ config->ca_directory = make_path(NULL, ca_directory);
+ freez(ca_directory);
+
+ freez(config->ca_cert_file);
+ config->ca_cert_file = make_path(config->ca_directory, ca_cert_file);
+ freez(ca_cert_file);
+
+ freez(config->ca_key_file);
+ config->ca_key_file = make_path(config->ca_directory, ca_key_file);
+ freez(ca_key_file);
+
+ freez(config->trusted_cas_file);
+ config->trusted_cas_file = make_path(config->ca_directory, trusted_cas_file);
+ freez(trusted_cas_file);
+
+ freez(config->certificate_directory);
+ config->certificate_directory = make_path(NULL, certificate_directory);
+ freez(certificate_directory);
+#endif
+#ifdef FEATURE_CONNECTION_KEEP_ALIVE
+ if (config->default_server_timeout > config->keep_alive_timeout)
+ {
+ log_error(LOG_LEVEL_ERROR,
+ "Reducing the default-server-timeout from %d to the keep-alive-timeout %d.",
+ config->default_server_timeout, config->keep_alive_timeout);
+ config->default_server_timeout = config->keep_alive_timeout;
+ }
+#endif /* def FEATURE_CONNECTION_KEEP_ALIVE */
+
+#ifdef FEATURE_CONNECTION_SHARING
+ if (config->feature_flags & RUNTIME_FEATURE_CONNECTION_KEEP_ALIVE)
+ {
+ if (!config->multi_threaded)
+ {
+ /*
+ * While we could use keep-alive without multiple threads
+ * if we didn't bother with enforcing the connection timeout,
+ * that might make Tor users sad, even though they shouldn't
+ * enable the single-threaded option anyway.
+ *
+ * XXX: We could still use Proxy-Connection: keep-alive.
+ */
+ config->feature_flags &= ~RUNTIME_FEATURE_CONNECTION_KEEP_ALIVE;
+ log_error(LOG_LEVEL_ERROR,
+ "Config option single-threaded disables connection keep-alive.");
+ }
+ }
+ else if ((config->feature_flags & RUNTIME_FEATURE_CONNECTION_SHARING))
+ {
+ log_error(LOG_LEVEL_ERROR, "Config option connection-sharing "
+ "has no effect if keep-alive-timeout isn't set.");
+ config->feature_flags &= ~RUNTIME_FEATURE_CONNECTION_SHARING;
+ }
+#endif /* def FEATURE_CONNECTION_SHARING */
+
+ if (NULL == config->proxy_args)
+ {
+ log_error(LOG_LEVEL_FATAL, "Out of memory loading config - insufficient memory for config->proxy_args");
+ }
+
+ if (config->re_filterfile[0])
+ {
+ add_loader(load_re_filterfiles, config);
+ }
+
+ if (config->actions_file[0])
+ {
+ add_loader(load_action_files, config);
+ }
+
+#ifdef FEATURE_TRUST
+ if (config->trustfile)
+ {
+ add_loader(load_trustfile, config);
+ }
+#endif /* def FEATURE_TRUST */
+
+ if (NULL == config->haddr[0])
+ {
+ config->haddr[0] = strdup_or_die(HADDR_DEFAULT);
+ }
+
+ for (i = 0; i < MAX_LISTENING_SOCKETS && NULL != config->haddr[i]; i++)
+ {
+ if ((*config->haddr[i] == '[')
+ && (NULL != (p = strchr(config->haddr[i], ']')))
+ && (p[1] == ':')
+ && (0 < (config->hport[i] = atoi(p + 2))))
+ {
+ *p = '\0';
+ memmove((void *)config->haddr[i], config->haddr[i] + 1,
+ (size_t)(p - config->haddr[i]));
+ }
+ else if (NULL != (p = strchr(config->haddr[i], ':'))
+ && (0 < (config->hport[i] = atoi(p + 1))))
+ {
+ *p = '\0';
+ }
+ else
+ {
+ log_error(LOG_LEVEL_FATAL, "invalid bind port spec %s", config->haddr[i]);
+ /* Never get here - LOG_LEVEL_FATAL causes program exit */
+ }
+ if (*config->haddr[i] == '\0')
+ {
+ /*
+ * Only the port specified. We stored it in config->hport[i]
+ * and don't need its text representation anymore.
+ * Use config->hport[i] == 0 to iterate listening addresses since
+ * now.
+ */
+ freez(config->haddr[i]);
+ }
+ }
+
+ /*
+ * Want to run all the loaders once now.
+ *
+ * Need to set up a fake csp, so they can get to the config.
+ */
+ fake_csp = zalloc_or_die(sizeof(*fake_csp));
+ fake_csp->config = config;
+
+ if (run_loader(fake_csp))
+ {
+ freez(fake_csp);
+ log_error(LOG_LEVEL_FATAL, "A loader failed while loading config file. Exiting.");
+ /* Never get here - LOG_LEVEL_FATAL causes program exit */
+ }
+ freez(fake_csp);
+
+/* FIXME: this is a kludge for win32 */
+#if defined(_WIN32) && !defined (_WIN_CONSOLE)
+
+ g_default_actions_file = config->actions_file[1]; /* FIXME Hope this is default.action */
+ g_user_actions_file = config->actions_file[2]; /* FIXME Hope this is user.action */
+ g_default_filterfile = config->re_filterfile[0]; /* FIXME Hope this is default.filter */
+ g_user_filterfile = config->re_filterfile[1]; /* FIXME Hope this is user.filter */
+
+#ifdef FEATURE_TRUST
+ g_trustfile = config->trustfile;
+#endif /* def FEATURE_TRUST */
+
+
+#endif /* defined(_WIN32) && !defined (_WIN_CONSOLE) */
+/* FIXME: end kludge */
+
+
+ if (current_configfile == NULL)
+ {
+ config->need_bind = 1;
+ }
+ else
+ {
+ struct configuration_spec * oldcfg = (struct configuration_spec *)
+ current_configfile->f;
+ /*
+ * Check if config->haddr[i],hport[i] == oldcfg->haddr[i],hport[i]
+ */
+ config->need_bind = 0;
+
+ for (i = 0; i < MAX_LISTENING_SOCKETS; i++)
+ {
+ if (config->hport[i] != oldcfg->hport[i])
+ {
+ config->need_bind = 1;
+ }
+ else if (config->haddr[i] == NULL)
+ {
+ if (oldcfg->haddr[i] != NULL)
+ {
+ config->need_bind = 1;
+ }
+ }
+ else if (oldcfg->haddr[i] == NULL)
+ {
+ config->need_bind = 1;
+ }
+ else if (0 != strcmp(config->haddr[i], oldcfg->haddr[i]))
+ {
+ config->need_bind = 1;
+ }
+ }
+
+ current_configfile->unloader = unload_configfile;
+ }
+
+ fs->next = files->next;
+ files->next = fs;
+
+ current_configfile = fs;
+
+ return (config);
+}
+
+
+/*********************************************************************
+ *
+ * Function : savearg
+ *
+ * Description : Called from `load_config'. It saves each non-empty
+ * and non-comment line from config into
+ * config->proxy_args. This is used to create the
+ * show-status page. On error, frees
+ * config->proxy_args and sets it to NULL
+ *
+ * Parameters :
+ * 1 : command = config setting that was found
+ * 2 : argument = the setting's argument (if any)
+ * 3 : config = Configuration to save into.
+ *
+ * Returns : N/A
+ *
+ *********************************************************************/
+static void savearg(char *command, char *argument, struct configuration_spec * config)
+{
+ char * buf;
+ char * s;
+
+ assert(command);
+ assert(argument);
+
+ /*
+ * Add config option name embedded in
+ * link to its section in the user-manual
+ */
+ buf = strdup_or_die("\n<a href=\"");
+ if (!strncmpic(config->usermanual, "file://", 7) ||
+ !strncmpic(config->usermanual, "http", 4))
+ {
+ string_append(&buf, config->usermanual);
+ }
+ else
+ {
+ string_append(&buf, "http://" CGI_SITE_2_HOST "/user-manual/");
+ }
+ string_append(&buf, CONFIG_HELP_PREFIX);
+ string_join (&buf, string_toupper(command));
+ string_append(&buf, "\">");
+ string_append(&buf, command);
+ string_append(&buf, "</a> ");
+
+ if (NULL == buf)
+ {
+ freez(config->proxy_args);
+ return;
+ }
+
+ if ((NULL != argument) && ('\0' != *argument))
+ {
+ s = html_encode(argument);
+ if (NULL == s)
+ {
+ freez(buf);
+ freez(config->proxy_args);
+ return;
+ }
+
+ if (strncmpic(argument, "http://", 7) == 0)
+ {
+ string_append(&buf, "<a href=\"");
+ string_append(&buf, s);
+ string_append(&buf, "\">");
+ string_join (&buf, s);
+ string_append(&buf, "</a>");
+ }
+ else
+ {
+ string_join (&buf, s);
+ }
+ }