X-Git-Url: https://www.tinc-vpn.org/git/browse?p=tinc;a=blobdiff_plain;f=src%2Fconf.c;h=d8a8d83214304e079d78f4324bc6685e153e1186;hp=0fb18ab1db1edd80ac44ce0becfbc5703b820128;hb=73d77dd416b87b7c4e9b6aa450f64846235cd2b4;hpb=f605ec47bed26362e24ffacf71c7ae5aeed3c230

diff --git a/src/conf.c b/src/conf.c
index 0fb18ab1..d8a8d832 100644
--- a/src/conf.c
+++ b/src/conf.c
@@ -1,9 +1,9 @@
 /*
     conf.c -- configuration code
     Copyright (C) 1998 Robert van der Meulen
-                  1998-2003 Ivo Timmermans <ivo@o2w.nl>
-                  2000-2003 Guus Sliepen <guus@sliepen.eu.org>
-		  2000 Cris van Pelt <tribbel@arise.dhs.org>
+                  1998-2005 Ivo Timmermans
+                  2000-2009 Guus Sliepen <guus@tinc-vpn.org>
+		  2000 Cris van Pelt
 
     This program is free software; you can redistribute it and/or modify
     it under the terms of the GNU General Public License as published by
@@ -19,7 +19,7 @@
     along with this program; if not, write to the Free Software
     Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
 
-    $Id: conf.c,v 1.9.4.72 2003/08/02 21:34:10 guus Exp $
+    $Id$
 */
 
 #include "system.h"
@@ -33,7 +33,8 @@
 
 avl_tree_t *config_tree;
 
-int pingtimeout = 0;			/* seconds before timeout */
+int pinginterval = 0;			/* seconds between pings */
+int pingtimeout = 0;			/* seconds to wait for response */
 char *confbase = NULL;			/* directory in which all config files are */
 char *netname = NULL;			/* name of the vpn network */
 
@@ -73,7 +74,7 @@ config_t *new_config(void)
 {
 	cp();
 
-	return (config_t *) xmalloc_and_zero(sizeof(config_t));
+	return xmalloc_and_zero(sizeof(config_t));
 }
 
 void free_config(config_t *cfg)
@@ -99,7 +100,7 @@ void config_add(avl_tree_t *config_tree, config_t *cfg)
 	avl_insert(config_tree, cfg);
 }
 
-config_t *lookup_config(const avl_tree_t *config_tree, char *variable)
+config_t *lookup_config(avl_tree_t *config_tree, char *variable)
 {
 	config_t cfg, *found;
 
@@ -120,7 +121,7 @@ config_t *lookup_config(const avl_tree_t *config_tree, char *variable)
 	return found;
 }
 
-config_t *lookup_config_next(const avl_tree_t *config_tree, const config_t *cfg)
+config_t *lookup_config_next(avl_tree_t *config_tree, const config_t *cfg)
 {
 	avl_node_t *node;
 	config_t *found;
@@ -131,7 +132,7 @@ config_t *lookup_config_next(const avl_tree_t *config_tree, const config_t *cfg)
 
 	if(node) {
 		if(node->next) {
-			found = (config_t *) node->next->data;
+			found = node->next->data;
 
 			if(!strcasecmp(found->variable, cfg->variable))
 				return found;
@@ -214,16 +215,14 @@ bool get_config_address(const config_t *cfg, struct addrinfo **result)
 
 bool get_config_subnet(const config_t *cfg, subnet_t ** result)
 {
-	subnet_t *subnet;
+	subnet_t subnet = {0};
 
 	cp();
 
 	if(!cfg)
 		return false;
 
-	subnet = str2net(cfg->value);
-
-	if(!subnet) {
+	if(!str2net(&subnet, cfg->value)) {
 		logger(LOG_ERR, _("Subnet expected for configuration variable %s in %s line %d"),
 			   cfg->variable, cfg->file, cfg->line);
 		return false;
@@ -231,17 +230,16 @@ bool get_config_subnet(const config_t *cfg, subnet_t ** result)
 
 	/* Teach newbies what subnets are... */
 
-	if(((subnet->type == SUBNET_IPV4)
-		&& !maskcheck(&subnet->net.ipv4.address, subnet->net.ipv4.prefixlength, sizeof(ipv4_t)))
-		|| ((subnet->type == SUBNET_IPV6)
-		&& !maskcheck(&subnet->net.ipv6.address, subnet->net.ipv6.prefixlength, sizeof(ipv6_t)))) {
+	if(((subnet.type == SUBNET_IPV4)
+		&& !maskcheck(&subnet.net.ipv4.address, subnet.net.ipv4.prefixlength, sizeof(ipv4_t)))
+		|| ((subnet.type == SUBNET_IPV6)
+		&& !maskcheck(&subnet.net.ipv6.address, subnet.net.ipv6.prefixlength, sizeof(ipv6_t)))) {
 		logger(LOG_ERR, _ ("Network address and prefix length do not match for configuration variable %s in %s line %d"),
 			   cfg->variable, cfg->file, cfg->line);
-		free(subnet);
 		return false;
 	}
 
-	*result = subnet;
+	*(*result = new_subnet()) = subnet;
 
 	return true;
 }
@@ -303,6 +301,8 @@ static char *readline(FILE * fp, char **buf, size_t *buflen)
 			size = newsize;
 		} else {
 			*newline = '\0';	/* kill newline */
+			if(newline > p && newline[-1] == '\r')	/* and carriage return if necessary */
+				newline[-1] = '\0';
 			break;				/* yay */
 		}
 	}
@@ -324,7 +324,7 @@ int read_config_file(avl_tree_t *config_tree, const char *fname)
 	int err = -2;				/* Parse error */
 	FILE *fp;
 	char *buffer, *line;
-	char *variable, *value;
+	char *variable, *value, *eol;
 	int lineno = 0;
 	int len;
 	bool ignore = false;
@@ -345,6 +345,11 @@ int read_config_file(avl_tree_t *config_tree, const char *fname)
 	buffer = xmalloc(bufsize);
 
 	for(;;) {
+		if(feof(fp)) {
+			err = 0;
+			break;
+		}
+
 		line = readline(fp, &buffer, &bufsize);
 
 		if(!line) {
@@ -352,14 +357,9 @@ int read_config_file(avl_tree_t *config_tree, const char *fname)
 			break;
 		}
 
-		if(feof(fp)) {
-			err = 0;
-			break;
-		}
-
 		lineno++;
 
-		if(*line == '#')
+		if(!*line || *line == '#')
 			continue;
 
 		if(ignore) {
@@ -375,6 +375,10 @@ int read_config_file(avl_tree_t *config_tree, const char *fname)
 
 		variable = value = line;
 
+		eol = line + strlen(line);
+		while(strchr("\t ", *--eol))
+			*eol = '\0';
+
 		len = strcspn(value, "\t =");
 		value += len;
 		value += strspn(value, "\t ");
@@ -384,6 +388,7 @@ int read_config_file(avl_tree_t *config_tree, const char *fname)
 		}
 		variable[len] = '\0';
 
+	
 		if(!*value) {
 			logger(LOG_ERR, _("No value for variable `%s' on line %d while reading config file %s"),
 				   variable, lineno, fname);
@@ -412,7 +417,7 @@ bool read_server_config()
 
 	cp();
 
-	asprintf(&fname, "%s/tinc.conf", confbase);
+	xasprintf(&fname, "%s/tinc.conf", confbase);
 	x = read_config_file(config_tree, fname);
 
 	if(x == -1) {				/* System error: complain */
@@ -424,97 +429,7 @@ bool read_server_config()
 	return x == 0;
 }
 
-bool is_safe_path(const char *file)
-{
-#if !(defined(HAVE_CYGWIN) || defined(HAVE_MINGW))
-	char *p;
-	const char *f;
-	char x;
-	struct stat s;
-	char l[MAXBUFSIZE];
-
-	if(*file != '/') {
-		logger(LOG_ERR, _("`%s' is not an absolute path"), file);
-		return false;
-	}
-
-	p = strrchr(file, '/');
-
-	if(p == file)				/* It's in the root */
-		p++;
-
-	x = *p;
-	*p = '\0';
-
-	f = file;
-
-check1:
-	if(lstat(f, &s) < 0) {
-		logger(LOG_ERR, _("Couldn't stat `%s': %s"), f, strerror(errno));
-		return false;
-	}
-
-	if(s.st_uid != geteuid()) {
-		logger(LOG_ERR, _("`%s' is owned by UID %d instead of %d"),
-			   f, s.st_uid, geteuid());
-		return false;
-	}
-
-	if(S_ISLNK(s.st_mode)) {
-		logger(LOG_WARNING, _("Warning: `%s' is a symlink"), f);
-
-		if(readlink(f, l, MAXBUFSIZE) < 0) {
-			logger(LOG_ERR, _("Unable to read symbolic link `%s': %s"), f,
-				   strerror(errno));
-			return false;
-		}
-
-		f = l;
-		goto check1;
-	}
-
-	*p = x;
-	f = file;
-
-check2:
-	if(lstat(f, &s) < 0 && errno != ENOENT) {
-		logger(LOG_ERR, _("Couldn't stat `%s': %s"), f, strerror(errno));
-		return false;
-	}
-
-	if(errno == ENOENT)
-		return true;
-
-	if(s.st_uid != geteuid()) {
-		logger(LOG_ERR, _("`%s' is owned by UID %d instead of %d"),
-			   f, s.st_uid, geteuid());
-		return false;
-	}
-
-	if(S_ISLNK(s.st_mode)) {
-		logger(LOG_WARNING, _("Warning: `%s' is a symlink"), f);
-
-		if(readlink(f, l, MAXBUFSIZE) < 0) {
-			logger(LOG_ERR, _("Unable to read symbolic link `%s': %s"), f,
-				   strerror(errno));
-			return false;
-		}
-
-		f = l;
-		goto check2;
-	}
-
-	if(s.st_mode & 0007) {
-		/* Accessible by others */
-		logger(LOG_ERR, _("`%s' has unsecure permissions"), f);
-		return false;
-	}
-#endif
-
-	return true;
-}
-
-FILE *ask_and_safe_open(const char *filename, const char *what, bool safe, const char *mode)
+FILE *ask_and_open(const char *filename, const char *what)
 {
 	FILE *r;
 	char *directory;
@@ -545,12 +460,16 @@ FILE *ask_and_safe_open(const char *filename, const char *what, bool safe, const
 			fn = xstrdup(filename);
 	}
 
-	if(!strchr(fn, '/') || fn[0] != '/') {
+#ifdef HAVE_MINGW
+	if(fn[0] != '\\' && fn[0] != '/' && !strchr(fn, ':')) {
+#else
+	if(fn[0] != '/') {
+#endif
 		/* The directory is a relative path or a filename. */
 		char *p;
 
 		directory = get_current_dir_name();
-		asprintf(&p, "%s/%s", directory, fn);
+		xasprintf(&p, "%s/%s", directory, fn);
 		free(fn);
 		free(directory);
 		fn = p;
@@ -560,7 +479,7 @@ FILE *ask_and_safe_open(const char *filename, const char *what, bool safe, const
 
 	/* Open it first to keep the inode busy */
 
-	r = fopen(fn, mode);
+	r = fopen(fn, "r+") ?: fopen(fn, "w+");
 
 	if(!r) {
 		fprintf(stderr, _("Error opening file `%s': %s\n"),
@@ -569,18 +488,38 @@ FILE *ask_and_safe_open(const char *filename, const char *what, bool safe, const
 		return NULL;
 	}
 
-	/* Then check the file for nasty attacks */
-	if(safe) {
-		if(!is_safe_path(fn)) {		/* Do not permit any directories that are readable or writeable by other users. */
-			fprintf(stderr, _("The file `%s' (or any of the leading directories) has unsafe permissions.\n"
-					 "I will not create or overwrite this file.\n"), fn);
-			fclose(r);
-			free(fn);
-			return NULL;
-		}
-	}
-
 	free(fn);
 
 	return r;
 }
+
+bool disable_old_keys(FILE *f) {
+	char buf[100];
+	long pos;
+	bool disabled = false;
+
+	rewind(f);
+	pos = ftell(f);
+
+	while(fgets(buf, sizeof buf, f)) {
+		if(!strncmp(buf, "-----BEGIN RSA", 14)) {	
+			buf[11] = 'O';
+			buf[12] = 'L';
+			buf[13] = 'D';
+			fseek(f, pos, SEEK_SET);
+			fputs(buf, f);
+			disabled = true;
+		}
+		else if(!strncmp(buf, "-----END RSA", 12)) {	
+			buf[ 9] = 'O';
+			buf[10] = 'L';
+			buf[11] = 'D';
+			fseek(f, pos, SEEK_SET);
+			fputs(buf, f);
+			disabled = true;
+		}
+		pos = ftell(f);
+	}
+
+	return disabled;
+}