X-Git-Url: https://www.tinc-vpn.org/git/browse?p=tinc;a=blobdiff_plain;f=src%2Fconf.c;h=3edcb30238a1fd54dcbcd9bffd4b037a429f13d9;hp=7399c823a7dbe537e23b2dfeed4e0840092db23d;hb=e1707f7739f450c729e26b921e459d5da07602f9;hpb=54ef13bf75a7a1e787716ce395ffe847fa74673f diff --git a/src/conf.c b/src/conf.c index 7399c823..3edcb302 100644 --- a/src/conf.c +++ b/src/conf.c @@ -19,11 +19,12 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: conf.c,v 1.9.4.24 2000/11/29 14:24:40 zarq Exp $ + $Id: conf.c,v 1.9.4.35 2000/12/22 21:34:20 guus Exp $ */ #include "config.h" +#include #include #include #include @@ -31,6 +32,9 @@ #include #include #include +#include +#include +#include #include #include /* for cp */ @@ -54,25 +58,30 @@ int sighup = 0; */ static internal_config_t hazahaza[] = { /* Main configuration file keywords */ - { "Name", config_name, TYPE_NAME }, { "ConnectTo", config_connectto, TYPE_NAME }, - { "PingTimeout", config_pingtimeout, TYPE_INT }, - { "TapDevice", config_tapdevice, TYPE_NAME }, - { "PrivateKey", config_privatekey, TYPE_NAME }, - { "KeyExpire", config_keyexpire, TYPE_INT }, { "Hostnames", config_hostnames, TYPE_BOOL }, { "Interface", config_interface, TYPE_NAME }, { "InterfaceIP", config_interfaceip, TYPE_IP }, + { "KeyExpire", config_keyexpire, TYPE_INT }, + { "MyVirtualIP", config_dummy, TYPE_IP }, + { "MyOwnVPNIP", config_dummy, TYPE_IP }, + { "Name", config_name, TYPE_NAME }, + { "PingTimeout", config_pingtimeout, TYPE_INT }, + { "PrivateKey", config_privatekey, TYPE_NAME }, + { "PrivateKeyFile", config_privatekeyfile, TYPE_NAME }, + { "TapDevice", config_tapdevice, TYPE_NAME }, + { "VpnMask", config_dummy, TYPE_IP }, /* Host configuration file keywords */ { "Address", config_address, TYPE_NAME }, + { "IndirectData", config_indirectdata, TYPE_BOOL }, { "Port", config_port, TYPE_INT }, { "PublicKey", config_publickey, TYPE_NAME }, - { "Subnet", config_subnet, TYPE_IP }, /* Use IPv4 subnets only for now */ - { "RestrictHosts", config_restricthosts, TYPE_BOOL }, - { "RestrictSubnets", config_restrictsubnets, TYPE_BOOL }, + { "PublicKeyFile", config_publickeyfile, TYPE_NAME }, { "RestrictAddress", config_restrictaddress, TYPE_BOOL }, + { "RestrictHosts", config_restricthosts, TYPE_BOOL }, { "RestrictPort", config_restrictport, TYPE_BOOL }, - { "IndirectData", config_indirectdata, TYPE_BOOL }, + { "RestrictSubnets", config_restrictsubnets, TYPE_BOOL }, + { "Subnet", config_subnet, TYPE_IP }, /* Use IPv4 subnets only for now */ { "TCPonly", config_tcponly, TYPE_BOOL }, { NULL, 0, 0 } }; @@ -133,8 +142,13 @@ cp Read exactly one line and strip the trailing newline if any. If the file was on EOF, return NULL. Otherwise, return all the data in a dynamically allocated buffer. + + If line is non-NULL, it will be used as an initial buffer, to avoid + unnecessary mallocing each time this function is called. If buf is + given, and buf needs to be expanded, the var pointed to by buflen + will be increased. */ -char *readline(FILE *fp) +char *readline(FILE *fp, char **buf, size_t *buflen) { char *newline = NULL; char *p; @@ -149,11 +163,21 @@ char *readline(FILE *fp) if(feof(fp)) return NULL; - - size = 100; + + if((buf != NULL) && (buflen != NULL)) + { + size = *buflen; + line = *buf; + } + else + { + size = 100; + line = xmalloc(size); + } + maxlen = size; - line = xmalloc(size); idx = line; + *idx = 0; for(;;) { errno = 0; @@ -186,6 +210,11 @@ char *readline(FILE *fp) } } + if((buf != NULL) && (buflen != NULL)) + { + *buflen = size; + *buf = line; + } return line; } @@ -195,35 +224,42 @@ char *readline(FILE *fp) */ int read_config_file(config_t **base, const char *fname) { - int err = -1; + int err = -2; /* Parse error */ FILE *fp; - char line[MAXBUFSIZE]; /* There really should not be any line longer than this... */ + char *buffer, *line; char *p, *q; int i, lineno = 0; config_t *cfg; + size_t bufsize; + cp if((fp = fopen (fname, "r")) == NULL) { + syslog(LOG_ERR, _("Cannot open config file %s: %m"), fname); return -1; } + bufsize = 100; + buffer = xmalloc(bufsize); + for(;;) { - if(fgets(line, MAXBUFSIZE, fp) == NULL) - { - err = 0; - break; - } - - lineno++; + + if((line = readline(fp, &buffer, &bufsize)) == NULL) + { + err = -1; + break; + } - if(!index(line, '\n')) - { - syslog(LOG_ERR, _("Line %d too long while reading config file %s"), lineno, fname); - break; - } + if(feof(fp)) + { + err = 0; + break; + } - if((p = strtok(line, "\t\n\r =")) == NULL) + lineno++; + + if((p = strtok(line, "\t =")) == NULL) continue; /* no tokens on this line */ if(p[0] == '#') @@ -235,23 +271,23 @@ cp if(!hazahaza[i].name) { - syslog(LOG_ERR, _("Invalid variable name on line %d while reading config file %s"), - lineno, fname); + syslog(LOG_ERR, _("Invalid variable name `%s' on line %d while reading config file %s"), + p, lineno, fname); break; } if(((q = strtok(NULL, "\t\n\r =")) == NULL) || q[0] == '#') { - fprintf(stderr, _("No value for variable on line %d while reading config file %s"), - lineno, fname); + syslog(LOG_ERR, _("No value for variable `%s' on line %d while reading config file %s"), + hazahaza[i].name, lineno, fname); break; } cfg = add_config_val(base, hazahaza[i].argtype, q); if(cfg == NULL) { - fprintf(stderr, _("Invalid value for variable on line %d while reading config file %s"), - lineno, fname); + syslog(LOG_ERR, _("Invalid value for variable `%s' on line %d while reading config file %s"), + hazahaza[i].name, lineno, fname); break; } @@ -260,6 +296,7 @@ cp config = cfg; } + free(buffer); fclose (fp); cp return err; @@ -272,7 +309,7 @@ int read_server_config() cp asprintf(&fname, "%s/tinc.conf", confbase); x = read_config_file(&config, fname); - if(x != 0) + if(x == -1) /* System error */ { fprintf(stderr, _("Failed to read `%s': %m\n"), fname); @@ -315,7 +352,78 @@ cp cp } -#define is_safe_file(p) 1 +int isadir(const char* f) +{ + struct stat s; + + if(stat(f, &s) < 0) + { + fprintf(stderr, _("Couldn't stat `%s': %m\n"), + f); + return -1; + } + + return S_ISDIR(s.st_mode); +} + +int is_safe_path(const char *file) +{ + char *p; + struct stat s; + + p = strrchr(file, '/'); + assert(p); /* p has to contain a / */ + *p = '\0'; + if(stat(file, &s) < 0) + { + fprintf(stderr, _("Couldn't stat `%s': %m\n"), + file); + return 0; + } + if(s.st_uid != geteuid()) + { + fprintf(stderr, _("`%s' is owned by UID %d instead of %d.\n"), + file, s.st_uid, geteuid()); + return 0; + } + if(S_ISLNK(s.st_mode)) + { + fprintf(stderr, _("Warning: `%s' is a symlink\n"), + file); + /* fixme: read the symlink and start again */ + } + + *p = '/'; + if(stat(file, &s) < 0 && errno != ENOENT) + { + fprintf(stderr, _("Couldn't stat `%s': %m\n"), + file); + return 0; + } + if(errno == ENOENT) + return 1; + if(s.st_uid != geteuid()) + { + fprintf(stderr, _("`%s' is owned by UID %d instead of %d.\n"), + file, s.st_uid, geteuid()); + return 0; + } + if(S_ISLNK(s.st_mode)) + { + fprintf(stderr, _("Warning: `%s' is a symlink\n"), + file); + /* fixme: read the symlink and start again */ + } + if(s.st_mode & 0007) + { + /* Accessible by others */ + fprintf(stderr, _("`%s' has unsecure permissions.\n"), + file); + return 0; + } + + return 1; +} FILE *ask_and_safe_open(const char* filename, const char* what) { @@ -338,7 +446,7 @@ FILE *ask_and_safe_open(const char* filename, const char* what) fprintf(stdout, _("Please enter a file to save %s to [%s]: "), what, filename); fflush(stdout); /* Don't wait for a newline */ - if((fn = readline(stdin)) == NULL) + if((fn = readline(stdin, NULL, NULL)) == NULL) { fprintf(stderr, _("Error while reading stdin: %m\n")); return NULL; @@ -358,25 +466,45 @@ FILE *ask_and_safe_open(const char* filename, const char* what) p = xmalloc(len); snprintf(p, len, "%s/%s", directory, fn); free(fn); + free(directory); fn = p; } - if(!is_safe_file(fn)) + if(isadir(fn) > 0) /* -1 is error */ { - fprintf(stderr, _("The file `%s' (or any of the leading directories) has unsafe permissions.\n" - "I will not create or overwrite this file.\n"), - fn); - return NULL; + char *p; + + len = strlen(fn) + strlen(filename) + 2; /* 1 for the / */ + p = xmalloc(len); + snprintf(p, len, "%s/%s", fn, filename); + free(fn); + fn = p; } + umask(0077); /* Disallow everything for group and other */ + + /* Open it first to keep the inode busy */ if((r = fopen(fn, "w")) == NULL) { fprintf(stderr, _("Error opening file `%s': %m\n"), fn); + free(fn); + return NULL; + } + + /* Then check the file for nasty attacks */ + if(!is_safe_path(fn)) /* Do not permit any directories that are + readable or writeable by other users. */ + { + fprintf(stderr, _("The file `%s' (or any of the leading directories) has unsafe permissions.\n" + "I will not create or overwrite this file.\n"), + fn); + fclose(r); + free(fn); + return NULL; } free(fn); - free(directory); return r; }