/*
conf.c -- configuration code
Copyright (C) 1998 Robert van der Meulen
- Copyright (C) 1998,1999,2000 Ivo Timmermans <itimmermans@bigfoot.com>
- 2000 Guus Sliepen <guus@sliepen.warande.net>
- 2000 Cris van Pelt <tribbel@arise.dhs.org>
+ 1998-2001 Ivo Timmermans <itimmermans@bigfoot.com>
+ 2000,2001 Guus Sliepen <guus@sliepen.warande.net>
+ 2000 Cris van Pelt <tribbel@arise.dhs.org>
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
along with this program; if not, write to the Free Software
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
- $Id: conf.c,v 1.9.4.33 2000/12/05 08:56:44 zarq Exp $
+ $Id: conf.c,v 1.9.4.42 2001/07/24 20:03:40 guus Exp $
*/
#include "config.h"
-#include <assert.h>
#include <ctype.h>
#include <errno.h>
#include <netdb.h>
#include <sys/stat.h>
#include <sys/types.h>
#include <unistd.h>
+#include <syslog.h>
+#include <string.h>
#include <xalloc.h>
#include <utils.h> /* for cp */
{ "Interface", config_interface, TYPE_NAME },
{ "InterfaceIP", config_interfaceip, TYPE_IP },
{ "KeyExpire", config_keyexpire, TYPE_INT },
+ { "MyVirtualIP", config_dummy, TYPE_IP },
+ { "MyOwnVPNIP", config_dummy, TYPE_IP },
{ "Name", config_name, TYPE_NAME },
{ "PingTimeout", config_pingtimeout, TYPE_INT },
{ "PrivateKey", config_privatekey, TYPE_NAME },
+ { "PrivateKeyFile", config_privatekeyfile, TYPE_NAME },
{ "TapDevice", config_tapdevice, TYPE_NAME },
+ { "VpnMask", config_dummy, TYPE_IP },
/* Host configuration file keywords */
{ "Address", config_address, TYPE_NAME },
{ "IndirectData", config_indirectdata, TYPE_BOOL },
{ "Port", config_port, TYPE_INT },
{ "PublicKey", config_publickey, TYPE_NAME },
+ { "PublicKeyFile", config_publickeyfile, TYPE_NAME },
{ "RestrictAddress", config_restrictaddress, TYPE_BOOL },
{ "RestrictHosts", config_restricthosts, TYPE_BOOL },
{ "RestrictPort", config_restrictport, TYPE_BOOL },
{ "RestrictSubnets", config_restrictsubnets, TYPE_BOOL },
{ "Subnet", config_subnet, TYPE_IP }, /* Use IPv4 subnets only for now */
{ "TCPonly", config_tcponly, TYPE_BOOL },
+ { "Mode", config_mode, TYPE_NAME },
{ NULL, 0, 0 }
};
FILE *fp;
char *buffer, *line;
char *p, *q;
- int i, lineno = 0;
+ int i, lineno = 0, ignore = 0;
config_t *cfg;
size_t bufsize;
cp
if((fp = fopen (fname, "r")) == NULL)
- return -1;
+ {
+ syslog(LOG_ERR, _("Cannot open config file %s: %m"), fname);
+ return -3;
+ }
bufsize = 100;
buffer = xmalloc(bufsize);
if(p[0] == '#')
continue; /* comment: ignore */
- for(i = 0; hazahaza[i].name != NULL; i++)
- if(!strcasecmp(hazahaza[i].name, p))
- break;
-
- if(!hazahaza[i].name)
- {
- syslog(LOG_ERR, _("Invalid variable name `%s' on line %d while reading config file %s"),
- p, lineno, fname);
- break;
- }
-
- if(((q = strtok(NULL, "\t\n\r =")) == NULL) || q[0] == '#')
- {
- fprintf(stderr, _("No value for variable `%s' on line %d while reading config file %s"),
- hazahaza[i].name, lineno, fname);
- break;
- }
-
- cfg = add_config_val(base, hazahaza[i].argtype, q);
- if(cfg == NULL)
- {
- fprintf(stderr, _("Invalid value for variable `%s' on line %d while reading config file %s"),
- hazahaza[i].name, lineno, fname);
- break;
- }
-
- cfg->which = hazahaza[i].which;
- if(!config)
- config = cfg;
+ if(!strcmp(p, "-----BEGIN"))
+ ignore = 1;
+
+ if(ignore == 0)
+ {
+ for(i = 0; hazahaza[i].name != NULL; i++)
+ if(!strcasecmp(hazahaza[i].name, p))
+ break;
+
+ if(!hazahaza[i].name)
+ {
+ syslog(LOG_ERR, _("Invalid variable name `%s' on line %d while reading config file %s"),
+ p, lineno, fname);
+ break;
+ }
+
+ if(((q = strtok(NULL, "\t\n\r =")) == NULL) || q[0] == '#')
+ {
+ syslog(LOG_ERR, _("No value for variable `%s' on line %d while reading config file %s"),
+ hazahaza[i].name, lineno, fname);
+ break;
+ }
+
+ cfg = add_config_val(base, hazahaza[i].argtype, q);
+ if(cfg == NULL)
+ {
+ syslog(LOG_ERR, _("Invalid value for variable `%s' on line %d while reading config file %s"),
+ hazahaza[i].name, lineno, fname);
+ break;
+ }
+
+ cfg->which = hazahaza[i].which;
+ if(!config)
+ config = cfg;
+ }
+
+ if(!strcmp(p, "-----END"))
+ ignore = 0;
}
free(buffer);
cp
asprintf(&fname, "%s/tinc.conf", confbase);
x = read_config_file(&config, fname);
- if(x == -1) /* System error */
+ if(x == -1) /* System error: complain */
{
- fprintf(stderr, _("Failed to read `%s': %m\n"),
+ syslog(LOG_ERR, _("Failed to read `%s': %m"),
fname);
}
free(fname);
struct stat s;
if(stat(f, &s) < 0)
- {
- fprintf(stderr, _("Couldn't stat `%s': %m\n"),
- f);
- return -1;
- }
-
- return S_ISDIR(s.st_mode);
+ return 0;
+ else
+ return S_ISDIR(s.st_mode);
}
int is_safe_path(const char *file)
{
char *p;
+ const char *f;
+ char x;
struct stat s;
+ char l[MAXBUFSIZE];
+
+ if(*file != '/')
+ {
+ syslog(LOG_ERR, _("`%s' is not an absolute path"), file);
+ return 0;
+ }
p = strrchr(file, '/');
- assert(p); /* p has to contain a / */
+
+ if(p == file) /* It's in the root */
+ p++;
+
+ x = *p;
*p = '\0';
- if(stat(file, &s) < 0)
+
+ f = file;
+check1:
+ if(lstat(f, &s) < 0)
{
- fprintf(stderr, _("Couldn't stat `%s': %m\n"),
- file);
+ syslog(LOG_ERR, _("Couldn't stat `%s': %m"),
+ f);
return 0;
}
+
if(s.st_uid != geteuid())
{
- fprintf(stderr, _("`%s' is owned by UID %d instead of %d.\n"),
- file, s.st_uid, geteuid());
+ syslog(LOG_ERR, _("`%s' is owned by UID %d instead of %d"),
+ f, s.st_uid, geteuid());
return 0;
}
+
if(S_ISLNK(s.st_mode))
{
- fprintf(stderr, _("Warning: `%s' is a symlink\n"),
- file);
- /* fixme: read the symlink and start again */
+ syslog(LOG_WARNING, _("Warning: `%s' is a symlink"),
+ f);
+
+ if(readlink(f, l, MAXBUFSIZE) < 0)
+ {
+ syslog(LOG_ERR, _("Unable to read symbolic link `%s': %m"), f);
+ return 0;
+ }
+
+ f = l;
+ goto check1;
}
- *p = '/';
- if(stat(file, &s) < 0 && errno != ENOENT)
+ *p = x;
+ f = file;
+
+check2:
+ if(lstat(f, &s) < 0 && errno != ENOENT)
{
- fprintf(stderr, _("Couldn't stat `%s': %m\n"),
- file);
+ syslog(LOG_ERR, _("Couldn't stat `%s': %m"),
+ f);
return 0;
}
+
if(errno == ENOENT)
return 1;
+
if(s.st_uid != geteuid())
{
- fprintf(stderr, _("`%s' is owned by UID %d instead of %d.\n"),
- file, s.st_uid, geteuid());
+ syslog(LOG_ERR, _("`%s' is owned by UID %d instead of %d"),
+ f, s.st_uid, geteuid());
return 0;
}
+
if(S_ISLNK(s.st_mode))
{
- fprintf(stderr, _("Warning: `%s' is a symlink\n"),
- file);
- /* fixme: read the symlink and start again */
+ syslog(LOG_WARNING, _("Warning: `%s' is a symlink"),
+ f);
+
+ if(readlink(f, l, MAXBUFSIZE) < 0)
+ {
+ syslog(LOG_ERR, _("Unable to read symbolic link `%s': %m"), f);
+ return 0;
+ }
+
+ f = l;
+ goto check2;
}
+
if(s.st_mode & 0007)
{
/* Accessible by others */
- fprintf(stderr, _("`%s' has unsecure permissions.\n"),
- file);
+ syslog(LOG_ERR, _("`%s' has unsecure permissions"),
+ f);
return 0;
}
return 1;
}
-FILE *ask_and_safe_open(const char* filename, const char* what)
+FILE *ask_and_safe_open(const char* filename, const char* what, const char* mode)
{
FILE *r;
char *directory;
char *fn;
- int len;
/* Check stdin and stdout */
if(!isatty(0) || !isatty(1))
/* Ask for a file and/or directory name. */
fprintf(stdout, _("Please enter a file to save %s to [%s]: "),
what, filename);
- fflush(stdout); /* Don't wait for a newline */
+ fflush(stdout);
+
if((fn = readline(stdin, NULL, NULL)) == NULL)
{
- fprintf(stderr, _("Error while reading stdin: %m\n"));
+ fprintf(stderr, _("Error while reading stdin: %s\n"), strerror(errno));
return NULL;
}
+
if(strlen(fn) == 0)
/* User just pressed enter. */
fn = xstrdup(filename);
char *p;
directory = get_current_dir_name();
- len = strlen(fn) + strlen(directory) + 2; /* 1 for the / */
- p = xmalloc(len);
- snprintf(p, len, "%s/%s", directory, fn);
+ asprintf(&p, "%s/%s", directory, fn);
free(fn);
free(directory);
fn = p;
}
- if(isadir(fn) > 0) /* -1 is error */
- {
- char *p;
-
- len = strlen(fn) + strlen(filename) + 2; /* 1 for the / */
- p = xmalloc(len);
- snprintf(p, len, "%s/%s", fn, filename);
- free(fn);
- fn = p;
- }
-
umask(0077); /* Disallow everything for group and other */
/* Open it first to keep the inode busy */
- if((r = fopen(fn, "w")) == NULL)
+ if((r = fopen(fn, mode)) == NULL)
{
- fprintf(stderr, _("Error opening file `%s': %m\n"),
- fn);
+ fprintf(stderr, _("Error opening file `%s': %s\n"),
+ fn, strerror(errno));
free(fn);
return NULL;
}
-
+
/* Then check the file for nasty attacks */
if(!is_safe_path(fn)) /* Do not permit any directories that are
readable or writeable by other users. */
}
free(fn);
-
+
return r;
}
projects / tinc / blobdiff