X-Git-Url: https://www.tinc-vpn.org/git/browse?p=tinc;a=blobdiff_plain;f=src%2Fconf.c;h=d8a8d83214304e079d78f4324bc6685e153e1186;hp=b6d2b0af835a05dafdf62da11ebf1afcce3d2c39;hb=73d77dd416b87b7c4e9b6aa450f64846235cd2b4;hpb=5db596c6844169f1eb5f804b72abe99d067aaa5a diff --git a/src/conf.c b/src/conf.c index b6d2b0af..d8a8d832 100644 --- a/src/conf.c +++ b/src/conf.c @@ -1,9 +1,9 @@ /* conf.c -- configuration code Copyright (C) 1998 Robert van der Meulen - 1998-2003 Ivo Timmermans - 2000-2003 Guus Sliepen - 2000 Cris van Pelt + 1998-2005 Ivo Timmermans + 2000-2009 Guus Sliepen + 2000 Cris van Pelt This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -19,39 +19,26 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: conf.c,v 1.9.4.65 2003/07/12 17:41:45 guus Exp $ + $Id$ */ -#include "config.h" - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#include -#include /* for cp */ -#include +#include "system.h" +#include "avl_tree.h" #include "conf.h" -#include "netutl.h" /* for str2address */ #include "logger.h" - -#include "system.h" +#include "netutl.h" /* for str2address */ +#include "utils.h" /* for cp */ +#include "xalloc.h" avl_tree_t *config_tree; -int pingtimeout = 0; /* seconds before timeout */ +int pinginterval = 0; /* seconds between pings */ +int pingtimeout = 0; /* seconds to wait for response */ char *confbase = NULL; /* directory in which all config files are */ char *netname = NULL; /* name of the vpn network */ -static int config_compare(config_t *a, config_t *b) +static int config_compare(const config_t *a, const config_t *b) { int result; @@ -87,7 +74,7 @@ config_t *new_config(void) { cp(); - return (config_t *) xmalloc_and_zero(sizeof(config_t)); + return xmalloc_and_zero(sizeof(config_t)); } void free_config(config_t *cfg) @@ -134,7 +121,7 @@ config_t *lookup_config(avl_tree_t *config_tree, char *variable) return found; } -config_t *lookup_config_next(avl_tree_t *config_tree, config_t *cfg) +config_t *lookup_config_next(avl_tree_t *config_tree, const config_t *cfg) { avl_node_t *node; config_t *found; @@ -145,7 +132,7 @@ config_t *lookup_config_next(avl_tree_t *config_tree, config_t *cfg) if(node) { if(node->next) { - found = (config_t *) node->next->data; + found = node->next->data; if(!strcasecmp(found->variable, cfg->variable)) return found; @@ -155,109 +142,106 @@ config_t *lookup_config_next(avl_tree_t *config_tree, config_t *cfg) return NULL; } -int get_config_bool(config_t *cfg, int *result) +bool get_config_bool(const config_t *cfg, bool *result) { cp(); if(!cfg) - return 0; + return false; if(!strcasecmp(cfg->value, "yes")) { - *result = 1; - return 1; + *result = true; + return true; } else if(!strcasecmp(cfg->value, "no")) { - *result = 0; - return 1; + *result = false; + return true; } logger(LOG_ERR, _("\"yes\" or \"no\" expected for configuration variable %s in %s line %d"), cfg->variable, cfg->file, cfg->line); - return 0; + return false; } -int get_config_int(config_t *cfg, int *result) +bool get_config_int(const config_t *cfg, int *result) { cp(); if(!cfg) - return 0; + return false; if(sscanf(cfg->value, "%d", result) == 1) - return 1; + return true; logger(LOG_ERR, _("Integer expected for configuration variable %s in %s line %d"), cfg->variable, cfg->file, cfg->line); - return 0; + return false; } -int get_config_string(config_t *cfg, char **result) +bool get_config_string(const config_t *cfg, char **result) { cp(); if(!cfg) - return 0; + return false; *result = xstrdup(cfg->value); - return 1; + return true; } -int get_config_address(config_t *cfg, struct addrinfo **result) +bool get_config_address(const config_t *cfg, struct addrinfo **result) { struct addrinfo *ai; cp(); if(!cfg) - return 0; + return false; ai = str2addrinfo(cfg->value, NULL, 0); if(ai) { *result = ai; - return 1; + return true; } logger(LOG_ERR, _("Hostname or IP address expected for configuration variable %s in %s line %d"), cfg->variable, cfg->file, cfg->line); - return 0; + return false; } -int get_config_subnet(config_t *cfg, subnet_t ** result) +bool get_config_subnet(const config_t *cfg, subnet_t ** result) { - subnet_t *subnet; + subnet_t subnet = {0}; cp(); if(!cfg) - return 0; + return false; - subnet = str2net(cfg->value); - - if(!subnet) { + if(!str2net(&subnet, cfg->value)) { logger(LOG_ERR, _("Subnet expected for configuration variable %s in %s line %d"), cfg->variable, cfg->file, cfg->line); - return 0; + return false; } /* Teach newbies what subnets are... */ - if(((subnet->type == SUBNET_IPV4) - && maskcheck(&subnet->net.ipv4.address, subnet->net.ipv4.prefixlength, sizeof(ipv4_t))) - || ((subnet->type == SUBNET_IPV6) - && maskcheck(&subnet->net.ipv6.address, subnet->net.ipv6.prefixlength, sizeof(ipv6_t)))) { + if(((subnet.type == SUBNET_IPV4) + && !maskcheck(&subnet.net.ipv4.address, subnet.net.ipv4.prefixlength, sizeof(ipv4_t))) + || ((subnet.type == SUBNET_IPV6) + && !maskcheck(&subnet.net.ipv6.address, subnet.net.ipv6.prefixlength, sizeof(ipv6_t)))) { logger(LOG_ERR, _ ("Network address and prefix length do not match for configuration variable %s in %s line %d"), cfg->variable, cfg->file, cfg->line); - free(subnet); - return 0; + return false; } - *result = subnet; + *(*result = new_subnet()) = subnet; - return 1; + return true; } /* @@ -317,6 +301,8 @@ static char *readline(FILE * fp, char **buf, size_t *buflen) size = newsize; } else { *newline = '\0'; /* kill newline */ + if(newline > p && newline[-1] == '\r') /* and carriage return if necessary */ + newline[-1] = '\0'; break; /* yay */ } } @@ -338,8 +324,10 @@ int read_config_file(avl_tree_t *config_tree, const char *fname) int err = -2; /* Parse error */ FILE *fp; char *buffer, *line; - char *variable, *value; - int lineno = 0, ignore = 0; + char *variable, *value, *eol; + int lineno = 0; + int len; + bool ignore = false; config_t *cfg; size_t bufsize; @@ -357,6 +345,11 @@ int read_config_file(avl_tree_t *config_tree, const char *fname) buffer = xmalloc(bufsize); for(;;) { + if(feof(fp)) { + err = 0; + break; + } + line = readline(fp, &buffer, &bufsize); if(!line) { @@ -364,44 +357,51 @@ int read_config_file(avl_tree_t *config_tree, const char *fname) break; } - if(feof(fp)) { - err = 0; - break; - } - lineno++; - variable = strtok(line, "\t ="); - - if(!variable) - continue; /* no tokens on this line */ + if(!*line || *line == '#') + continue; - if(variable[0] == '#') - continue; /* comment: ignore */ + if(ignore) { + if(!strncmp(line, "-----END", 8)) + ignore = false; + continue; + } + + if(!strncmp(line, "-----BEGIN", 10)) { + ignore = true; + continue; + } - if(!strcmp(variable, "-----BEGIN")) - ignore = 1; + variable = value = line; - if(!ignore) { - value = strtok(NULL, "\t\n\r ="); + eol = line + strlen(line); + while(strchr("\t ", *--eol)) + *eol = '\0'; - if(!value || value[0] == '#') { - logger(LOG_ERR, _("No value for variable `%s' on line %d while reading config file %s"), - variable, lineno, fname); - break; - } - - cfg = new_config(); - cfg->variable = xstrdup(variable); - cfg->value = xstrdup(value); - cfg->file = xstrdup(fname); - cfg->line = lineno; + len = strcspn(value, "\t ="); + value += len; + value += strspn(value, "\t "); + if(*value == '=') { + value++; + value += strspn(value, "\t "); + } + variable[len] = '\0'; - config_add(config_tree, cfg); + + if(!*value) { + logger(LOG_ERR, _("No value for variable `%s' on line %d while reading config file %s"), + variable, lineno, fname); + break; } - if(!strcmp(variable, "-----END")) - ignore = 0; + cfg = new_config(); + cfg->variable = xstrdup(variable); + cfg->value = xstrdup(value); + cfg->file = xstrdup(fname); + cfg->line = lineno; + + config_add(config_tree, cfg); } free(buffer); @@ -410,14 +410,14 @@ int read_config_file(avl_tree_t *config_tree, const char *fname) return err; } -int read_server_config() +bool read_server_config() { char *fname; int x; cp(); - asprintf(&fname, "%s/tinc.conf", confbase); + xasprintf(&fname, "%s/tinc.conf", confbase); x = read_config_file(config_tree, fname); if(x == -1) { /* System error: complain */ @@ -426,99 +426,10 @@ int read_server_config() free(fname); - return x; -} - -int is_safe_path(const char *file) -{ - char *p; - const char *f; - char x; - struct stat s; - char l[MAXBUFSIZE]; - - if(*file != '/') { - logger(LOG_ERR, _("`%s' is not an absolute path"), file); - return 0; - } - - p = strrchr(file, '/'); - - if(p == file) /* It's in the root */ - p++; - - x = *p; - *p = '\0'; - - f = file; - -check1: - if(lstat(f, &s) < 0) { - logger(LOG_ERR, _("Couldn't stat `%s': %s"), f, strerror(errno)); - return 0; - } - - if(s.st_uid != geteuid()) { - logger(LOG_ERR, _("`%s' is owned by UID %d instead of %d"), - f, s.st_uid, geteuid()); - return 0; - } - - if(S_ISLNK(s.st_mode)) { - logger(LOG_WARNING, _("Warning: `%s' is a symlink"), f); - - if(readlink(f, l, MAXBUFSIZE) < 0) { - logger(LOG_ERR, _("Unable to read symbolic link `%s': %s"), f, - strerror(errno)); - return 0; - } - - f = l; - goto check1; - } - - *p = x; - f = file; - -check2: - if(lstat(f, &s) < 0 && errno != ENOENT) { - logger(LOG_ERR, _("Couldn't stat `%s': %s"), f, strerror(errno)); - return 0; - } - - if(errno == ENOENT) - return 1; - - if(s.st_uid != geteuid()) { - logger(LOG_ERR, _("`%s' is owned by UID %d instead of %d"), - f, s.st_uid, geteuid()); - return 0; - } - - if(S_ISLNK(s.st_mode)) { - logger(LOG_WARNING, _("Warning: `%s' is a symlink"), f); - - if(readlink(f, l, MAXBUFSIZE) < 0) { - logger(LOG_ERR, _("Unable to read symbolic link `%s': %s"), f, - strerror(errno)); - return 0; - } - - f = l; - goto check2; - } - - if(s.st_mode & 0007) { - /* Accessible by others */ - logger(LOG_ERR, _("`%s' has unsecure permissions"), f); - return 0; - } - - return 1; + return x == 0; } -FILE *ask_and_safe_open(const char *filename, const char *what, - const char *mode) +FILE *ask_and_open(const char *filename, const char *what) { FILE *r; char *directory; @@ -549,12 +460,16 @@ FILE *ask_and_safe_open(const char *filename, const char *what, fn = xstrdup(filename); } - if(!strchr(fn, '/') || fn[0] != '/') { +#ifdef HAVE_MINGW + if(fn[0] != '\\' && fn[0] != '/' && !strchr(fn, ':')) { +#else + if(fn[0] != '/') { +#endif /* The directory is a relative path or a filename. */ char *p; directory = get_current_dir_name(); - asprintf(&p, "%s/%s", directory, fn); + xasprintf(&p, "%s/%s", directory, fn); free(fn); free(directory); fn = p; @@ -564,7 +479,7 @@ FILE *ask_and_safe_open(const char *filename, const char *what, /* Open it first to keep the inode busy */ - r = fopen(fn, mode); + r = fopen(fn, "r+") ?: fopen(fn, "w+"); if(!r) { fprintf(stderr, _("Error opening file `%s': %s\n"), @@ -573,16 +488,38 @@ FILE *ask_and_safe_open(const char *filename, const char *what, return NULL; } - /* Then check the file for nasty attacks */ - if(!is_safe_path(fn)) { /* Do not permit any directories that are readable or writeable by other users. */ - fprintf(stderr, _("The file `%s' (or any of the leading directories) has unsafe permissions.\n" - "I will not create or overwrite this file.\n"), fn); - fclose(r); - free(fn); - return NULL; - } - free(fn); return r; } + +bool disable_old_keys(FILE *f) { + char buf[100]; + long pos; + bool disabled = false; + + rewind(f); + pos = ftell(f); + + while(fgets(buf, sizeof buf, f)) { + if(!strncmp(buf, "-----BEGIN RSA", 14)) { + buf[11] = 'O'; + buf[12] = 'L'; + buf[13] = 'D'; + fseek(f, pos, SEEK_SET); + fputs(buf, f); + disabled = true; + } + else if(!strncmp(buf, "-----END RSA", 12)) { + buf[ 9] = 'O'; + buf[10] = 'L'; + buf[11] = 'D'; + fseek(f, pos, SEEK_SET); + fputs(buf, f); + disabled = true; + } + pos = ftell(f); + } + + return disabled; +}