along with this program; if not, write to the Free Software
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
- $Id: conf.c,v 1.9.4.24 2000/11/29 14:24:40 zarq Exp $
+ $Id: conf.c,v 1.9.4.34 2000/12/06 13:33:48 zarq Exp $
*/
#include "config.h"
+#include <assert.h>
#include <ctype.h>
#include <errno.h>
#include <netdb.h>
#include <stdlib.h>
#include <string.h>
#include <syslog.h>
+#include <sys/stat.h>
+#include <sys/types.h>
+#include <unistd.h>
#include <xalloc.h>
#include <utils.h> /* for cp */
*/
static internal_config_t hazahaza[] = {
/* Main configuration file keywords */
- { "Name", config_name, TYPE_NAME },
{ "ConnectTo", config_connectto, TYPE_NAME },
- { "PingTimeout", config_pingtimeout, TYPE_INT },
- { "TapDevice", config_tapdevice, TYPE_NAME },
- { "PrivateKey", config_privatekey, TYPE_NAME },
- { "KeyExpire", config_keyexpire, TYPE_INT },
{ "Hostnames", config_hostnames, TYPE_BOOL },
{ "Interface", config_interface, TYPE_NAME },
{ "InterfaceIP", config_interfaceip, TYPE_IP },
+ { "KeyExpire", config_keyexpire, TYPE_INT },
+ { "MyVirtualIP", config_dummy, TYPE_IP },
+ { "MyOwnVPNIP", config_dummy, TYPE_IP },
+ { "Name", config_name, TYPE_NAME },
+ { "PingTimeout", config_pingtimeout, TYPE_INT },
+ { "PrivateKey", config_privatekey, TYPE_NAME },
+ { "TapDevice", config_tapdevice, TYPE_NAME },
+ { "VpnMask", config_dummy, TYPE_IP },
/* Host configuration file keywords */
{ "Address", config_address, TYPE_NAME },
+ { "IndirectData", config_indirectdata, TYPE_BOOL },
{ "Port", config_port, TYPE_INT },
{ "PublicKey", config_publickey, TYPE_NAME },
- { "Subnet", config_subnet, TYPE_IP }, /* Use IPv4 subnets only for now */
- { "RestrictHosts", config_restricthosts, TYPE_BOOL },
- { "RestrictSubnets", config_restrictsubnets, TYPE_BOOL },
{ "RestrictAddress", config_restrictaddress, TYPE_BOOL },
+ { "RestrictHosts", config_restricthosts, TYPE_BOOL },
{ "RestrictPort", config_restrictport, TYPE_BOOL },
- { "IndirectData", config_indirectdata, TYPE_BOOL },
+ { "RestrictSubnets", config_restrictsubnets, TYPE_BOOL },
+ { "Subnet", config_subnet, TYPE_IP }, /* Use IPv4 subnets only for now */
{ "TCPonly", config_tcponly, TYPE_BOOL },
{ NULL, 0, 0 }
};
Read exactly one line and strip the trailing newline if any. If the
file was on EOF, return NULL. Otherwise, return all the data in a
dynamically allocated buffer.
+
+ If line is non-NULL, it will be used as an initial buffer, to avoid
+ unnecessary mallocing each time this function is called. If buf is
+ given, and buf needs to be expanded, the var pointed to by buflen
+ will be increased.
*/
-char *readline(FILE *fp)
+char *readline(FILE *fp, char **buf, size_t *buflen)
{
char *newline = NULL;
char *p;
if(feof(fp))
return NULL;
-
- size = 100;
+
+ if((buf != NULL) && (buflen != NULL))
+ {
+ size = *buflen;
+ line = *buf;
+ }
+ else
+ {
+ size = 100;
+ line = xmalloc(size);
+ }
+
maxlen = size;
- line = xmalloc(size);
idx = line;
+ *idx = 0;
for(;;)
{
errno = 0;
}
}
+ if((buf != NULL) && (buflen != NULL))
+ {
+ *buflen = size;
+ *buf = line;
+ }
return line;
}
*/
int read_config_file(config_t **base, const char *fname)
{
- int err = -1;
+ int err = -2; /* Parse error */
FILE *fp;
- char line[MAXBUFSIZE]; /* There really should not be any line longer than this... */
+ char *buffer, *line;
char *p, *q;
int i, lineno = 0;
config_t *cfg;
+ size_t bufsize;
+
cp
if((fp = fopen (fname, "r")) == NULL)
- {
- return -1;
- }
+ return -1;
+ bufsize = 100;
+ buffer = xmalloc(bufsize);
+
for(;;)
{
- if(fgets(line, MAXBUFSIZE, fp) == NULL)
- {
- err = 0;
- break;
- }
-
- lineno++;
+
+ if((line = readline(fp, &buffer, &bufsize)) == NULL)
+ {
+ err = -1;
+ break;
+ }
- if(!index(line, '\n'))
- {
- syslog(LOG_ERR, _("Line %d too long while reading config file %s"), lineno, fname);
- break;
- }
+ if(feof(fp))
+ {
+ err = 0;
+ break;
+ }
+
+ lineno++;
- if((p = strtok(line, "\t\n\r =")) == NULL)
+ if((p = strtok(line, "\t =")) == NULL)
continue; /* no tokens on this line */
if(p[0] == '#')
if(!hazahaza[i].name)
{
- syslog(LOG_ERR, _("Invalid variable name on line %d while reading config file %s"),
- lineno, fname);
+ syslog(LOG_ERR, _("Invalid variable name `%s' on line %d while reading config file %s"),
+ p, lineno, fname);
break;
}
if(((q = strtok(NULL, "\t\n\r =")) == NULL) || q[0] == '#')
{
- fprintf(stderr, _("No value for variable on line %d while reading config file %s"),
- lineno, fname);
+ fprintf(stderr, _("No value for variable `%s' on line %d while reading config file %s"),
+ hazahaza[i].name, lineno, fname);
break;
}
cfg = add_config_val(base, hazahaza[i].argtype, q);
if(cfg == NULL)
{
- fprintf(stderr, _("Invalid value for variable on line %d while reading config file %s"),
- lineno, fname);
+ fprintf(stderr, _("Invalid value for variable `%s' on line %d while reading config file %s"),
+ hazahaza[i].name, lineno, fname);
break;
}
config = cfg;
}
+ free(buffer);
fclose (fp);
cp
return err;
cp
asprintf(&fname, "%s/tinc.conf", confbase);
x = read_config_file(&config, fname);
- if(x != 0)
+ if(x == -1) /* System error */
{
fprintf(stderr, _("Failed to read `%s': %m\n"),
fname);
cp
}
-#define is_safe_file(p) 1
+int isadir(const char* f)
+{
+ struct stat s;
+
+ if(stat(f, &s) < 0)
+ {
+ fprintf(stderr, _("Couldn't stat `%s': %m\n"),
+ f);
+ return -1;
+ }
+
+ return S_ISDIR(s.st_mode);
+}
+
+int is_safe_path(const char *file)
+{
+ char *p;
+ struct stat s;
+
+ p = strrchr(file, '/');
+ assert(p); /* p has to contain a / */
+ *p = '\0';
+ if(stat(file, &s) < 0)
+ {
+ fprintf(stderr, _("Couldn't stat `%s': %m\n"),
+ file);
+ return 0;
+ }
+ if(s.st_uid != geteuid())
+ {
+ fprintf(stderr, _("`%s' is owned by UID %d instead of %d.\n"),
+ file, s.st_uid, geteuid());
+ return 0;
+ }
+ if(S_ISLNK(s.st_mode))
+ {
+ fprintf(stderr, _("Warning: `%s' is a symlink\n"),
+ file);
+ /* fixme: read the symlink and start again */
+ }
+
+ *p = '/';
+ if(stat(file, &s) < 0 && errno != ENOENT)
+ {
+ fprintf(stderr, _("Couldn't stat `%s': %m\n"),
+ file);
+ return 0;
+ }
+ if(errno == ENOENT)
+ return 1;
+ if(s.st_uid != geteuid())
+ {
+ fprintf(stderr, _("`%s' is owned by UID %d instead of %d.\n"),
+ file, s.st_uid, geteuid());
+ return 0;
+ }
+ if(S_ISLNK(s.st_mode))
+ {
+ fprintf(stderr, _("Warning: `%s' is a symlink\n"),
+ file);
+ /* fixme: read the symlink and start again */
+ }
+ if(s.st_mode & 0007)
+ {
+ /* Accessible by others */
+ fprintf(stderr, _("`%s' has unsecure permissions.\n"),
+ file);
+ return 0;
+ }
+
+ return 1;
+}
FILE *ask_and_safe_open(const char* filename, const char* what)
{
fprintf(stdout, _("Please enter a file to save %s to [%s]: "),
what, filename);
fflush(stdout); /* Don't wait for a newline */
- if((fn = readline(stdin)) == NULL)
+ if((fn = readline(stdin, NULL, NULL)) == NULL)
{
fprintf(stderr, _("Error while reading stdin: %m\n"));
return NULL;
p = xmalloc(len);
snprintf(p, len, "%s/%s", directory, fn);
free(fn);
+ free(directory);
fn = p;
}
- if(!is_safe_file(fn))
+ if(isadir(fn) > 0) /* -1 is error */
{
- fprintf(stderr, _("The file `%s' (or any of the leading directories) has unsafe permissions.\n"
- "I will not create or overwrite this file.\n"),
- fn);
- return NULL;
+ char *p;
+
+ len = strlen(fn) + strlen(filename) + 2; /* 1 for the / */
+ p = xmalloc(len);
+ snprintf(p, len, "%s/%s", fn, filename);
+ free(fn);
+ fn = p;
}
+ umask(0077); /* Disallow everything for group and other */
+
+ /* Open it first to keep the inode busy */
if((r = fopen(fn, "w")) == NULL)
{
fprintf(stderr, _("Error opening file `%s': %m\n"),
fn);
+ free(fn);
+ return NULL;
+ }
+
+ /* Then check the file for nasty attacks */
+ if(!is_safe_path(fn)) /* Do not permit any directories that are
+ readable or writeable by other users. */
+ {
+ fprintf(stderr, _("The file `%s' (or any of the leading directories) has unsafe permissions.\n"
+ "I will not create or overwrite this file.\n"),
+ fn);
+ fclose(r);
+ free(fn);
+ return NULL;
}
free(fn);
- free(directory);
return r;
}
projects / tinc / blobdiff