2 conf.c -- configuration code
3 Copyright (C) 1998 Robert van der Meulen
4 Copyright (C) 1998,1999,2000 Ivo Timmermans <itimmermans@bigfoot.com>
5 2000 Guus Sliepen <guus@sliepen.warande.net>
6 2000 Cris van Pelt <tribbel@arise.dhs.org>
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 2 of the License, or
11 (at your option) any later version.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License
19 along with this program; if not, write to the Free Software
20 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
22 $Id: conf.c,v 1.9.4.29 2000/11/30 22:32:14 zarq Exp $
36 #include <sys/types.h>
40 #include <utils.h> /* for cp */
43 #include "netutl.h" /* for strtoip */
47 config_t *config = NULL;
49 int timeout = 0; /* seconds before timeout */
50 char *confbase = NULL; /* directory in which all config files are */
51 char *netname = NULL; /* name of the vpn network */
53 /* Will be set if HUP signal is received. It will be processed when it is safe. */
57 These are all the possible configurable values
59 static internal_config_t hazahaza[] = {
60 /* Main configuration file keywords */
61 { "Name", config_name, TYPE_NAME },
62 { "ConnectTo", config_connectto, TYPE_NAME },
63 { "PingTimeout", config_pingtimeout, TYPE_INT },
64 { "TapDevice", config_tapdevice, TYPE_NAME },
65 { "PrivateKey", config_privatekey, TYPE_NAME },
66 { "KeyExpire", config_keyexpire, TYPE_INT },
67 { "Hostnames", config_hostnames, TYPE_BOOL },
68 { "Interface", config_interface, TYPE_NAME },
69 { "InterfaceIP", config_interfaceip, TYPE_IP },
70 /* Host configuration file keywords */
71 { "Address", config_address, TYPE_NAME },
72 { "Port", config_port, TYPE_INT },
73 { "PublicKey", config_publickey, TYPE_NAME },
74 { "Subnet", config_subnet, TYPE_IP }, /* Use IPv4 subnets only for now */
75 { "RestrictHosts", config_restricthosts, TYPE_BOOL },
76 { "RestrictSubnets", config_restrictsubnets, TYPE_BOOL },
77 { "RestrictAddress", config_restrictaddress, TYPE_BOOL },
78 { "RestrictPort", config_restrictport, TYPE_BOOL },
79 { "IndirectData", config_indirectdata, TYPE_BOOL },
80 { "TCPonly", config_tcponly, TYPE_BOOL },
85 Add given value to the list of configs cfg
88 add_config_val(config_t **cfg, int argtype, char *val)
93 p = (config_t*)xmalloc(sizeof(*p));
99 p->data.val = strtol(val, &q, 0);
104 p->data.ptr = xmalloc(strlen(val) + 1);
105 strcpy(p->data.ptr, val);
108 p->data.ip = strtoip(val);
111 if(!strcasecmp("yes", val))
112 p->data.val = stupid_true;
113 else if(!strcasecmp("no", val))
114 p->data.val = stupid_false;
119 p->argtype = argtype;
137 Read exactly one line and strip the trailing newline if any. If the
138 file was on EOF, return NULL. Otherwise, return all the data in a
139 dynamically allocated buffer.
141 char *readline(FILE *fp)
143 char *newline = NULL;
145 char *line; /* The array that contains everything that has been read
147 char *idx; /* Read into this pointer, which points to an offset
149 size_t size, newsize; /* The size of the current array pointed to by
151 size_t maxlen; /* Maximum number of characters that may be read with
152 fgets. This is newsize - oldsize. */
159 line = xmalloc(size);
165 p = fgets(idx, maxlen, fp);
166 if(p == NULL) /* EOF or error */
171 /* otherwise: error; let the calling function print an error
172 message if applicable */
177 newline = strchr(p, '\n');
179 /* We haven't yet read everything to the end of the line */
182 line = xrealloc(line, newsize);
183 idx = &line[size - 1];
184 maxlen = newsize - size + 1;
189 *newline = '\0'; /* kill newline */
198 Parse a configuration file and put the results in the configuration tree
201 int read_config_file(config_t **base, const char *fname)
210 if((fp = fopen (fname, "r")) == NULL)
215 if((line = readline(fp)) == NULL)
229 if((p = strtok(line, "\t =")) == NULL)
230 continue; /* no tokens on this line */
233 continue; /* comment: ignore */
235 for(i = 0; hazahaza[i].name != NULL; i++)
236 if(!strcasecmp(hazahaza[i].name, p))
239 if(!hazahaza[i].name)
241 syslog(LOG_ERR, _("Invalid variable name `%s' on line %d while reading config file %s"),
246 if(((q = strtok(NULL, "\t\n\r =")) == NULL) || q[0] == '#')
248 fprintf(stderr, _("No value for variable `%s' on line %d while reading config file %s"),
249 hazahaza[i].name, lineno, fname);
253 cfg = add_config_val(base, hazahaza[i].argtype, q);
256 fprintf(stderr, _("Invalid value for variable `%s' on line %d while reading config file %s"),
257 hazahaza[i].name, lineno, fname);
261 cfg->which = hazahaza[i].which;
273 int read_server_config()
278 asprintf(&fname, "%s/tinc.conf", confbase);
279 x = read_config_file(&config, fname);
282 fprintf(stderr, _("Failed to read `%s': %m\n"),
291 Look up the value of the config option type
293 const config_t *get_config_val(config_t *p, which_t type)
296 for(; p != NULL; p = p->next)
304 Remove the complete configuration tree.
306 void clear_config(config_t **base)
310 for(p = *base; p != NULL; p = next)
313 if(p->data.ptr && (p->argtype == TYPE_NAME))
323 int isadir(const char* f)
329 fprintf(stderr, _("Couldn't stat `%s': %m\n"),
334 return S_ISDIR(s.st_mode);
337 int is_safe_path(const char *file)
340 char *fn = xstrdup(file);
343 p = strrchr(file, '/');
344 assert(p); /* p has to contain a / */
346 if(stat(file, &s) < 0)
348 fprintf(stderr, _("Couldn't stat `%s': %m\n"),
352 if(s.st_uid != geteuid())
354 fprintf(stderr, _("`%s' is owned by UID %d instead of %d.\n"),
355 file, s.st_uid, geteuid());
358 if(S_ISLNK(s.st_mode))
360 fprintf(stderr, _("Warning: `%s' is a symlink\n"),
362 /* fixme: read the symlink and start again */
366 if(stat(file, &s) < 0 && errno != ENOENT)
368 fprintf(stderr, _("Couldn't stat `%s': %m\n"),
374 if(s.st_uid != geteuid())
376 fprintf(stderr, _("`%s' is owned by UID %d instead of %d.\n"),
377 file, s.st_uid, geteuid());
380 if(S_ISLNK(s.st_mode))
382 fprintf(stderr, _("Warning: `%s' is a symlink\n"),
384 /* fixme: read the symlink and start again */
388 /* Accessible by others */
389 fprintf(stderr, _("`%s' has unsecure permissions.\n"),
397 FILE *ask_and_safe_open(const char* filename, const char* what)
404 /* Check stdin and stdout */
405 if(!isatty(0) || !isatty(1))
407 /* Argh, they are running us from a script or something. Write
408 the files to the current directory and let them burn in hell
410 fn = xstrdup(filename);
414 /* Ask for a file and/or directory name. */
415 fprintf(stdout, _("Please enter a file to save %s to [%s]: "),
417 fflush(stdout); /* Don't wait for a newline */
418 if((fn = readline(stdin)) == NULL)
420 fprintf(stderr, _("Error while reading stdin: %m\n"));
424 /* User just pressed enter. */
425 fn = xstrdup(filename);
428 if((strchr(fn, '/') == NULL) || (fn[0] != '/'))
430 /* The directory is a relative path or a filename. */
433 directory = get_current_dir_name();
434 len = strlen(fn) + strlen(directory) + 2; /* 1 for the / */
436 snprintf(p, len, "%s/%s", directory, fn);
442 if(isadir(fn) > 0) /* -1 is error */
446 len = strlen(fn) + strlen(filename) + 2; /* 1 for the / */
448 snprintf(p, len, "%s/%s", fn, filename);
453 umask(0077); /* Disallow everything for group and other */
455 /* Open it first to keep the inode busy */
456 if((r = fopen(fn, "w")) == NULL)
458 fprintf(stderr, _("Error opening file `%s': %m\n"),
464 /* Then check the file for nasty attacks */
465 if(!is_safe_path(fn)) /* Do not permit any directories that are
466 readable or writeable by other users. */
468 fprintf(stderr, _("The file `%s' (or any of the leading directories) has unsafe permissions.\n"
469 "I will not create or overwrite this file.\n"),