#include "utils.h"
#include "xalloc.h"
#include "keys.h"
+#include "sandbox.h"
#ifdef HAVE_MINIUPNPC
#include "upnp.h"
return returned_name;
}
-bool setup_myself_reloadable(void) {
- free(scriptinterpreter);
- scriptinterpreter = NULL;
+static void read_interpreter(void) {
+ char *interpreter = NULL;
+ get_config_string(lookup_config(&config_tree, "ScriptsInterpreter"), &interpreter);
+
+ if(!interpreter || (sandbox_can(START_PROCESSES, AFTER_SANDBOX) && sandbox_can(USE_NEW_PATHS, AFTER_SANDBOX))) {
+ free(scriptinterpreter);
+ scriptinterpreter = interpreter;
+ return;
+ }
+
+ if(!string_eq(interpreter, scriptinterpreter)) {
+ logger(DEBUG_ALWAYS, LOG_NOTICE, "Not changing ScriptsInterpreter because of sandbox.");
+ }
+
+ free(interpreter);
+}
- get_config_string(lookup_config(&config_tree, "ScriptsInterpreter"), &scriptinterpreter);
+bool setup_myself_reloadable(void) {
+ read_interpreter();
free(scriptextension);
} else if(!strcasecmp(proxy, "http")) {
proxytype = PROXY_HTTP;
} else if(!strcasecmp(proxy, "exec")) {
- proxytype = PROXY_EXEC;
+ if(sandbox_can(START_PROCESSES, AFTER_SANDBOX)) {
+ proxytype = PROXY_EXEC;
+ } else {
+ logger(DEBUG_ALWAYS, LOG_ERR, "Cannot use exec proxies with current sandbox level.");
+ return false;
+ }
} else {
logger(DEBUG_ALWAYS, LOG_ERR, "Unknown proxy type %s!", proxy);
- free(proxy);
+ free_string(proxy);
return false;
}
free(proxyport);
proxyport = NULL;
- free(proxyuser);
+ free_string(proxyuser);
proxyuser = NULL;
- free(proxypass);
+ free_string(proxypass);
proxypass = NULL;
switch(proxytype) {
case PROXY_EXEC:
if(!space || !*space) {
logger(DEBUG_ALWAYS, LOG_ERR, "Argument expected for proxy type exec!");
- free(proxy);
+ free_string(proxy);
return false;
}
+ if(!sandbox_can(USE_NEW_PATHS, AFTER_SANDBOX)) {
+ logger(DEBUG_ALWAYS, LOG_NOTICE, "Changed exec proxy may fail to work because of sandbox.");
+ }
+
proxyhost = xstrdup(space);
break;
logger(DEBUG_ALWAYS, LOG_ERR, "Host and port argument expected for proxy!");
proxyport = NULL;
proxyhost = NULL;
- free(proxy);
+ free_string(proxy);
return false;
}
break;
}
- free(proxy);
+ free_string(proxy);
}
bool choice;
}
}
- myself->connection->rsa = read_rsa_private_key(&config_tree, NULL);
+ rsa_t *rsa = read_rsa_private_key(&config_tree, NULL);
- if(!myself->connection->rsa) {
+ if(rsa) {
+ myself->connection->legacy = new_legacy_ctx(rsa);
+ } else {
if(experimental) {
logger(DEBUG_ALWAYS, LOG_WARNING, "Support for legacy protocol disabled.");
} else {
if(!cipher_open_by_name(myself->incipher, cipher)) {
logger(DEBUG_ALWAYS, LOG_ERR, "Unrecognized cipher type!");
- cipher_free(&myself->incipher);
+ cipher_free(myself->incipher);
+ myself->incipher = NULL;
free(cipher);
return false;
}
if(!digest_open_by_name(myself->indigest, digest, maclength)) {
logger(DEBUG_ALWAYS, LOG_ERR, "Unrecognized digest type!");
- digest_free(&myself->indigest);
+ digest_free(myself->indigest);
+ myself->indigest = NULL;
free(digest);
return false;
}
#endif
/* Compression */
- if(get_config_int(lookup_config(&config_tree, "Compression"), &myself->incompression)) {
+ int incompression = 0;
+
+ if(get_config_int(lookup_config(&config_tree, "Compression"), &incompression)) {
+ myself->incompression = incompression;
+
switch(myself->incompression) {
case COMPRESS_LZ4:
#ifdef HAVE_LZ4
myself->incompression = COMPRESS_NONE;
}
- myself->connection->outcompression = COMPRESS_NONE;
-
/* Done */
myself->nexthop = myself;
devops = os_devops;
if(get_config_string(lookup_config(&config_tree, "DeviceType"), &type)) {
- if(!strcasecmp(type, "dummy")) {
+ if(!strcasecmp(type, DEVICE_DUMMY)) {
devops = dummy_devops;
} else if(!strcasecmp(type, "raw_socket")) {
devops = raw_socket_devops;