/*
conf.c -- configuration code
- Copyright (C) 1998 Emphyrio,
+ Copyright (C) 1998 Robert van der Meulen
Copyright (C) 1998,1999,2000 Ivo Timmermans <itimmermans@bigfoot.com>
2000 Guus Sliepen <guus@sliepen.warande.net>
2000 Cris van Pelt <tribbel@arise.dhs.org>
along with this program; if not, write to the Free Software
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
- $Id: conf.c,v 1.9.4.18 2000/10/29 00:02:17 guus Exp $
+ $Id: conf.c,v 1.9.4.23 2000/11/28 23:12:56 zarq Exp $
*/
+#include "config.h"
#include <ctype.h>
#include <errno.h>
#include <stdlib.h>
#include <string.h>
#include <syslog.h>
-#include <stdio.h>
#include <xalloc.h>
+#include <utils.h> /* for cp */
#include "conf.h"
#include "netutl.h" /* for strtoip */
-#include <utils.h> /* for cp */
#include "config.h"
-#include "connlist.h"
#include "system.h"
config_t *config = NULL;
*/
static internal_config_t hazahaza[] = {
/* Main configuration file keywords */
- { "Name", tincname, TYPE_NAME },
- { "ConnectTo", connectto, TYPE_NAME },
- { "PingTimeout", pingtimeout, TYPE_INT },
- { "TapDevice", tapdevice, TYPE_NAME },
- { "TapSubnet", tapsubnet, TYPE_IP },
- { "PrivateKey", privatekey, TYPE_NAME },
- { "KeyExpire", keyexpire, TYPE_INT },
- { "Hostnames", resolve_dns, TYPE_BOOL },
- { "Interface", interface, TYPE_NAME },
- { "InterfaceIP", interfaceip, TYPE_IP },
+ { "Name", config_name, TYPE_NAME },
+ { "ConnectTo", config_connectto, TYPE_NAME },
+ { "PingTimeout", config_pingtimeout, TYPE_INT },
+ { "TapDevice", config_tapdevice, TYPE_NAME },
+ { "PrivateKey", config_privatekey, TYPE_NAME },
+ { "KeyExpire", config_keyexpire, TYPE_INT },
+ { "Hostnames", config_hostnames, TYPE_BOOL },
+ { "Interface", config_interface, TYPE_NAME },
+ { "InterfaceIP", config_interfaceip, TYPE_IP },
/* Host configuration file keywords */
- { "Address", address, TYPE_NAME },
- { "Port", port, TYPE_INT },
- { "PublicKey", publickey, TYPE_NAME },
- { "Subnet", subnet, TYPE_IP }, /* Use IPv4 subnets only for now */
- { "RestrictHosts", restricthosts, TYPE_BOOL },
- { "RestrictSubnets", restrictsubnets, TYPE_BOOL },
- { "RestrictAddress", restrictaddress, TYPE_BOOL },
- { "RestrictPort", restrictport, TYPE_BOOL },
- { "IndirectData", indirectdata, TYPE_BOOL },
- { "TCPonly", tcponly, TYPE_BOOL },
+ { "Address", config_address, TYPE_NAME },
+ { "Port", config_port, TYPE_INT },
+ { "PublicKey", config_publickey, TYPE_NAME },
+ { "Subnet", config_subnet, TYPE_IP }, /* Use IPv4 subnets only for now */
+ { "RestrictHosts", config_restricthosts, TYPE_BOOL },
+ { "RestrictSubnets", config_restrictsubnets, TYPE_BOOL },
+ { "RestrictAddress", config_restrictaddress, TYPE_BOOL },
+ { "RestrictPort", config_restrictport, TYPE_BOOL },
+ { "IndirectData", config_indirectdata, TYPE_BOOL },
+ { "TCPonly", config_tcponly, TYPE_BOOL },
{ NULL, 0, 0 }
};
*base = NULL;
cp
}
+
+#define is_safe_file(p) 1
+
+FILE *ask_and_safe_open(const char* filename)
+{
+ FILE *r;
+ char *directory;
+ char *fn;
+ int len;
+
+ if(!isatty(0))
+ {
+ /* Argh, they are running us from a script or something. Write
+ the files to the current directory and let them burn in hell
+ for ever. */
+ directory = "."; /* get_current_directory */
+ }
+ else
+ {
+ directory = ".";
+ }
+
+ len = strlen(filename) + strlen(directory) + 2; /* 1 for the / */
+ fn = xmalloc(len);
+ snprintf(fn, len, "%s/%s", directory, filename);
+
+ if(!is_safe_file(fn))
+ {
+ fprintf(stderr, _("The file `%s' (or any of the leading directories) has unsafe permissions.\n"
+ "I will not create or overwrite this file.\n"),
+ fn);
+ return NULL;
+ }
+
+ if((r = fopen(fn, "w")) == NULL)
+ {
+ fprintf(stderr, _("Error opening file `%s': %m"),
+ fn);
+ }
+
+ free(fn);
+
+ return r;
+}