X-Git-Url: https://www.tinc-vpn.org/git/browse?p=tinc;a=blobdiff_plain;f=src%2Fconf.c;h=01c3fcd90873081b16030f2dcd4d979087bdda7c;hp=aaa4489911a09ad30cfbe75875a47c9216c084e3;hb=44e9d6a2872fac55f7eb701ba576ed9f39a22e08;hpb=9e55426d72fd77fda891edd0023dab2f9909639e

diff --git a/src/conf.c b/src/conf.c
index aaa44899..01c3fcd9 100644
--- a/src/conf.c
+++ b/src/conf.c
@@ -1,9 +1,9 @@
 /*
     conf.c -- configuration code
     Copyright (C) 1998 Robert van der Meulen
-    Copyright (C) 1998,1999,2000 Ivo Timmermans <itimmermans@bigfoot.com>
-                            2000 Guus Sliepen <guus@sliepen.warande.net>
-			    2000 Cris van Pelt <tribbel@arise.dhs.org>
+                  1998-2001 Ivo Timmermans <itimmermans@bigfoot.com>
+                  2000,2001 Guus Sliepen <guus@sliepen.warande.net>
+		  2000 Cris van Pelt <tribbel@arise.dhs.org>
 
     This program is free software; you can redistribute it and/or modify
     it under the terms of the GNU General Public License as published by
@@ -19,7 +19,7 @@
     along with this program; if not, write to the Free Software
     Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
 
-    $Id: conf.c,v 1.9.4.25 2000/11/29 14:27:24 zarq Exp $
+    $Id: conf.c,v 1.9.4.42 2001/07/24 20:03:40 guus Exp $
 */
 
 #include "config.h"
@@ -31,6 +31,11 @@
 #include <stdlib.h>
 #include <string.h>
 #include <syslog.h>
+#include <sys/stat.h>
+#include <sys/types.h>
+#include <unistd.h>
+#include <syslog.h>
+#include <string.h>
 
 #include <xalloc.h>
 #include <utils.h> /* for cp */
@@ -54,26 +59,32 @@ int sighup = 0;
 */
 static internal_config_t hazahaza[] = {
 /* Main configuration file keywords */
-  { "Name",         config_name,       TYPE_NAME },
   { "ConnectTo",    config_connectto,      TYPE_NAME },
-  { "PingTimeout",  config_pingtimeout,    TYPE_INT },
-  { "TapDevice",    config_tapdevice,      TYPE_NAME },
-  { "PrivateKey",   config_privatekey,     TYPE_NAME },
-  { "KeyExpire",    config_keyexpire,      TYPE_INT },
   { "Hostnames",    config_hostnames,    TYPE_BOOL },
   { "Interface",    config_interface,      TYPE_NAME },
   { "InterfaceIP",  config_interfaceip,    TYPE_IP },
+  { "KeyExpire",    config_keyexpire,      TYPE_INT },
+  { "MyVirtualIP",  config_dummy,          TYPE_IP },
+  { "MyOwnVPNIP",   config_dummy,          TYPE_IP },
+  { "Name",         config_name,       TYPE_NAME },
+  { "PingTimeout",  config_pingtimeout,    TYPE_INT },
+  { "PrivateKey",   config_privatekey,     TYPE_NAME },
+  { "PrivateKeyFile", config_privatekeyfile, TYPE_NAME },
+  { "TapDevice",    config_tapdevice,      TYPE_NAME },
+  { "VpnMask",      config_dummy,          TYPE_IP },
 /* Host configuration file keywords */
   { "Address",      config_address,        TYPE_NAME },
+  { "IndirectData", config_indirectdata,   TYPE_BOOL },
   { "Port",         config_port,           TYPE_INT },
   { "PublicKey",    config_publickey,      TYPE_NAME },
-  { "Subnet",       config_subnet,         TYPE_IP },		/* Use IPv4 subnets only for now */
-  { "RestrictHosts", config_restricthosts, TYPE_BOOL },
-  { "RestrictSubnets", config_restrictsubnets, TYPE_BOOL },
+  { "PublicKeyFile", config_publickeyfile, TYPE_NAME },
   { "RestrictAddress", config_restrictaddress, TYPE_BOOL },
+  { "RestrictHosts", config_restricthosts, TYPE_BOOL },
   { "RestrictPort", config_restrictport,   TYPE_BOOL },
-  { "IndirectData", config_indirectdata,   TYPE_BOOL },
+  { "RestrictSubnets", config_restrictsubnets, TYPE_BOOL },
+  { "Subnet",       config_subnet,         TYPE_IP },		/* Use IPv4 subnets only for now */
   { "TCPonly",      config_tcponly,        TYPE_BOOL },
+  { "Mode",         config_mode,           TYPE_NAME },
   { NULL, 0, 0 }
 };
 
@@ -133,8 +144,13 @@ cp
   Read exactly one line and strip the trailing newline if any.  If the
   file was on EOF, return NULL. Otherwise, return all the data in a
   dynamically allocated buffer.
+  
+  If line is non-NULL, it will be used as an initial buffer, to avoid
+  unnecessary mallocing each time this function is called.  If buf is
+  given, and buf needs to be expanded, the var pointed to by buflen
+  will be increased.
 */
-char *readline(FILE *fp)
+char *readline(FILE *fp, char **buf, size_t *buflen)
 {
   char *newline = NULL;
   char *p;
@@ -149,11 +165,21 @@ char *readline(FILE *fp)
 
   if(feof(fp))
     return NULL;
-  
-  size = 100;
+
+  if((buf != NULL) && (buflen != NULL))
+    {
+      size = *buflen;
+      line = *buf;
+    }
+  else
+    {
+      size = 100;
+      line = xmalloc(size);
+    }
+
   maxlen = size;
-  line = xmalloc(size);
   idx = line;
+  *idx = 0;
   for(;;)
     {
       errno = 0;
@@ -186,6 +212,11 @@ char *readline(FILE *fp)
 	}
     }
 
+  if((buf != NULL) && (buflen != NULL))
+    {
+      *buflen = size;
+      *buf = line;
+    }
   return line;
 }
 
@@ -195,26 +226,39 @@ char *readline(FILE *fp)
 */
 int read_config_file(config_t **base, const char *fname)
 {
-  int err = -1;
+  int err = -2; /* Parse error */
   FILE *fp;
-  char *line;
+  char *buffer, *line;
   char *p, *q;
-  int i, lineno = 0;
+  int i, lineno = 0, ignore = 0;
   config_t *cfg;
+  size_t bufsize;
+  
 cp
   if((fp = fopen (fname, "r")) == NULL)
     {
-      return -1;
+      syslog(LOG_ERR, _("Cannot open config file %s: %m"), fname);
+      return -3;
     }
 
+  bufsize = 100;
+  buffer = xmalloc(bufsize);
+  
   for(;;)
     {
-      if((line = readline(fp)) == NULL)
+      
+      if((line = readline(fp, &buffer, &bufsize)) == NULL)
 	{
 	  err = -1;
 	  break;
 	}
-        
+
+      if(feof(fp))
+	{
+	  err = 0;
+	  break;
+	}
+
       lineno++;
 
       if((p = strtok(line, "\t =")) == NULL)
@@ -223,37 +267,47 @@ cp
       if(p[0] == '#')
 	continue; /* comment: ignore */
 
-      for(i = 0; hazahaza[i].name != NULL; i++)
-	if(!strcasecmp(hazahaza[i].name, p))
-	  break;
-
-      if(!hazahaza[i].name)
-	{
-	  syslog(LOG_ERR, _("Invalid variable name on line %d while reading config file %s"),
-		  lineno, fname);
-          break;
-	}
-
-      if(((q = strtok(NULL, "\t\n\r =")) == NULL) || q[0] == '#')
-	{
-	  fprintf(stderr, _("No value for variable on line %d while reading config file %s"),
-		  lineno, fname);
-	  break;
-	}
-
-      cfg = add_config_val(base, hazahaza[i].argtype, q);
-      if(cfg == NULL)
-	{
-	  fprintf(stderr, _("Invalid value for variable on line %d while reading config file %s"),
-		  lineno, fname);
-	  break;
-	}
-
-      cfg->which = hazahaza[i].which;
-      if(!config)
-	config = cfg;
+      if(!strcmp(p, "-----BEGIN"))
+        ignore = 1;
+        
+      if(ignore == 0)
+        {
+          for(i = 0; hazahaza[i].name != NULL; i++)
+	    if(!strcasecmp(hazahaza[i].name, p))
+	      break;
+
+          if(!hazahaza[i].name)
+	    {
+	      syslog(LOG_ERR, _("Invalid variable name `%s' on line %d while reading config file %s"),
+		      p, lineno, fname);
+              break;
+	    }
+
+          if(((q = strtok(NULL, "\t\n\r =")) == NULL) || q[0] == '#')
+	    {
+	      syslog(LOG_ERR, _("No value for variable `%s' on line %d while reading config file %s"),
+		      hazahaza[i].name, lineno, fname);
+	      break;
+	    }
+
+          cfg = add_config_val(base, hazahaza[i].argtype, q);
+          if(cfg == NULL)
+	    {
+	      syslog(LOG_ERR, _("Invalid value for variable `%s' on line %d while reading config file %s"),
+		      hazahaza[i].name, lineno, fname);
+	      break;
+	    }
+
+          cfg->which = hazahaza[i].which;
+          if(!config)
+	    config = cfg;
+       }
+
+      if(!strcmp(p, "-----END"))
+        ignore = 0;
     }
 
+  free(buffer);
   fclose (fp);
 cp
   return err;
@@ -266,9 +320,9 @@ int read_server_config()
 cp
   asprintf(&fname, "%s/tinc.conf", confbase);
   x = read_config_file(&config, fname);
-  if(x != 0)
+  if(x == -1) /* System error: complain */
     {
-      fprintf(stderr, _("Failed to read `%s': %m\n"),
+      syslog(LOG_ERR, _("Failed to read `%s': %m"),
 	      fname);
     }
   free(fname);
@@ -309,14 +363,121 @@ cp
 cp
 }
 
-#define is_safe_file(p) 1
+int isadir(const char* f)
+{
+  struct stat s;
 
-FILE *ask_and_safe_open(const char* filename, const char* what)
+  if(stat(f, &s) < 0)
+    return 0;
+  else
+    return S_ISDIR(s.st_mode);
+}
+
+int is_safe_path(const char *file)
+{
+  char *p;
+  const char *f;
+  char x;
+  struct stat s;
+  char l[MAXBUFSIZE];
+
+  if(*file != '/')
+    {
+      syslog(LOG_ERR, _("`%s' is not an absolute path"), file);
+      return 0;
+    }
+
+  p = strrchr(file, '/');
+  
+  if(p == file)		/* It's in the root */
+    p++;
+    
+  x = *p;
+  *p = '\0';
+
+  f = file;
+check1:
+  if(lstat(f, &s) < 0)
+    {
+      syslog(LOG_ERR, _("Couldn't stat `%s': %m"),
+	      f);
+      return 0;
+    }
+
+  if(s.st_uid != geteuid())
+    {
+      syslog(LOG_ERR, _("`%s' is owned by UID %d instead of %d"),
+	      f, s.st_uid, geteuid());
+      return 0;
+    }
+
+  if(S_ISLNK(s.st_mode))
+    {
+      syslog(LOG_WARNING, _("Warning: `%s' is a symlink"),
+	      f);
+
+      if(readlink(f, l, MAXBUFSIZE) < 0)
+        {
+          syslog(LOG_ERR, _("Unable to read symbolic link `%s': %m"), f);
+          return 0;
+        }
+      
+      f = l;
+      goto check1;
+    }
+
+  *p = x;
+  f = file;
+  
+check2:
+  if(lstat(f, &s) < 0 && errno != ENOENT)
+    {
+      syslog(LOG_ERR, _("Couldn't stat `%s': %m"),
+	      f);
+      return 0;
+    }
+    
+  if(errno == ENOENT)
+    return 1;
+
+  if(s.st_uid != geteuid())
+    {
+      syslog(LOG_ERR, _("`%s' is owned by UID %d instead of %d"),
+	      f, s.st_uid, geteuid());
+      return 0;
+    }
+
+  if(S_ISLNK(s.st_mode))
+    {
+      syslog(LOG_WARNING, _("Warning: `%s' is a symlink"),
+	      f);
+
+      if(readlink(f, l, MAXBUFSIZE) < 0)
+        {
+          syslog(LOG_ERR, _("Unable to read symbolic link `%s': %m"), f);
+          return 0;
+        }
+      
+      f = l;
+      goto check2;
+    }
+
+  if(s.st_mode & 0007)
+    {
+      /* Accessible by others */
+      syslog(LOG_ERR, _("`%s' has unsecure permissions"),
+	      f);
+      return 0;
+    }
+  
+  return 1;
+}
+
+FILE *ask_and_safe_open(const char* filename, const char* what, const char* mode)
 {
   FILE *r;
   char *directory;
   char *fn;
-  int len;
 
   /* Check stdin and stdout */
   if(!isatty(0) || !isatty(1))
@@ -331,12 +492,14 @@ FILE *ask_and_safe_open(const char* filename, const char* what)
       /* Ask for a file and/or directory name. */
       fprintf(stdout, _("Please enter a file to save %s to [%s]: "),
 	      what, filename);
-      fflush(stdout);  /* Don't wait for a newline */
-      if((fn = readline(stdin)) == NULL)
+      fflush(stdout);
+
+      if((fn = readline(stdin, NULL, NULL)) == NULL)
 	{
-	  fprintf(stderr, _("Error while reading stdin: %m\n"));
+	  fprintf(stderr, _("Error while reading stdin: %s\n"), strerror(errno));
 	  return NULL;
 	}
+
       if(strlen(fn) == 0)
 	/* User just pressed enter. */
 	fn = xstrdup(filename);
@@ -348,29 +511,36 @@ FILE *ask_and_safe_open(const char* filename, const char* what)
       char *p;
       
       directory = get_current_dir_name();
-      len = strlen(fn) + strlen(directory) + 2; /* 1 for the / */
-      p = xmalloc(len);
-      snprintf(p, len, "%s/%s", directory, fn);
+      asprintf(&p, "%s/%s", directory, fn);
       free(fn);
+      free(directory);
       fn = p;
     }
 
-  if(!is_safe_file(fn))
+  umask(0077); /* Disallow everything for group and other */
+  
+  /* Open it first to keep the inode busy */
+  if((r = fopen(fn, mode)) == NULL)
+    {
+      fprintf(stderr, _("Error opening file `%s': %s\n"),
+	      fn, strerror(errno));
+      free(fn);
+      return NULL;
+    }
+    
+  /* Then check the file for nasty attacks */
+  if(!is_safe_path(fn))  /* Do not permit any directories that are
+                            readable or writeable by other users. */
     {
       fprintf(stderr, _("The file `%s' (or any of the leading directories) has unsafe permissions.\n"
 			"I will not create or overwrite this file.\n"),
 			fn);
+      fclose(r);
+      free(fn);
       return NULL;
     }
 
-  if((r = fopen(fn, "w")) == NULL)
-    {
-      fprintf(stderr, _("Error opening file `%s': %m\n"),
-	      fn);
-    }
-
   free(fn);
-  free(directory);
-  
+
   return r;
 }