along with this program; if not, write to the Free Software
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
- $Id: conf.c,v 1.9.4.66 2003/07/17 15:06:26 guus Exp $
+ $Id: conf.c,v 1.9.4.69 2003/07/24 12:08:15 guus Exp $
*/
#include "system.h"
char *confbase = NULL; /* directory in which all config files are */
char *netname = NULL; /* name of the vpn network */
-static int config_compare(config_t *a, config_t *b)
+static int config_compare(const config_t *a, const config_t *b)
{
int result;
avl_insert(config_tree, cfg);
}
-config_t *lookup_config(avl_tree_t *config_tree, char *variable)
+config_t *lookup_config(const avl_tree_t *config_tree, char *variable)
{
config_t cfg, *found;
return found;
}
-config_t *lookup_config_next(avl_tree_t *config_tree, config_t *cfg)
+config_t *lookup_config_next(const avl_tree_t *config_tree, const config_t *cfg)
{
avl_node_t *node;
config_t *found;
return NULL;
}
-int get_config_bool(config_t *cfg, int *result)
+bool get_config_bool(const config_t *cfg, bool *result)
{
cp();
if(!cfg)
- return 0;
+ return false;
if(!strcasecmp(cfg->value, "yes")) {
- *result = 1;
- return 1;
+ *result = true;
+ return true;
} else if(!strcasecmp(cfg->value, "no")) {
- *result = 0;
- return 1;
+ *result = false;
+ return true;
}
logger(LOG_ERR, _("\"yes\" or \"no\" expected for configuration variable %s in %s line %d"),
cfg->variable, cfg->file, cfg->line);
- return 0;
+ return false;
}
-int get_config_int(config_t *cfg, int *result)
+bool get_config_int(const config_t *cfg, int *result)
{
cp();
if(!cfg)
- return 0;
+ return false;
if(sscanf(cfg->value, "%d", result) == 1)
- return 1;
+ return true;
logger(LOG_ERR, _("Integer expected for configuration variable %s in %s line %d"),
cfg->variable, cfg->file, cfg->line);
- return 0;
+ return false;
}
-int get_config_string(config_t *cfg, char **result)
+bool get_config_string(const config_t *cfg, char **result)
{
cp();
if(!cfg)
- return 0;
+ return false;
*result = xstrdup(cfg->value);
- return 1;
+ return true;
}
-int get_config_address(config_t *cfg, struct addrinfo **result)
+bool get_config_address(const config_t *cfg, struct addrinfo **result)
{
struct addrinfo *ai;
cp();
if(!cfg)
- return 0;
+ return false;
ai = str2addrinfo(cfg->value, NULL, 0);
if(ai) {
*result = ai;
- return 1;
+ return true;
}
logger(LOG_ERR, _("Hostname or IP address expected for configuration variable %s in %s line %d"),
cfg->variable, cfg->file, cfg->line);
- return 0;
+ return false;
}
-int get_config_subnet(config_t *cfg, subnet_t ** result)
+bool get_config_subnet(const config_t *cfg, subnet_t ** result)
{
subnet_t *subnet;
cp();
if(!cfg)
- return 0;
+ return false;
subnet = str2net(cfg->value);
if(!subnet) {
logger(LOG_ERR, _("Subnet expected for configuration variable %s in %s line %d"),
cfg->variable, cfg->file, cfg->line);
- return 0;
+ return false;
}
/* Teach newbies what subnets are... */
if(((subnet->type == SUBNET_IPV4)
- && maskcheck(&subnet->net.ipv4.address, subnet->net.ipv4.prefixlength, sizeof(ipv4_t)))
+ && !maskcheck(&subnet->net.ipv4.address, subnet->net.ipv4.prefixlength, sizeof(ipv4_t)))
|| ((subnet->type == SUBNET_IPV6)
- && maskcheck(&subnet->net.ipv6.address, subnet->net.ipv6.prefixlength, sizeof(ipv6_t)))) {
+ && !maskcheck(&subnet->net.ipv6.address, subnet->net.ipv6.prefixlength, sizeof(ipv6_t)))) {
logger(LOG_ERR, _ ("Network address and prefix length do not match for configuration variable %s in %s line %d"),
cfg->variable, cfg->file, cfg->line);
free(subnet);
- return 0;
+ return false;
}
*result = subnet;
- return 1;
+ return true;
}
/*
FILE *fp;
char *buffer, *line;
char *variable, *value;
- int lineno = 0, ignore = 0;
+ int lineno = 0;
+ bool ignore = false;
config_t *cfg;
size_t bufsize;
continue; /* comment: ignore */
if(!strcmp(variable, "-----BEGIN"))
- ignore = 1;
+ ignore = true;
if(!ignore) {
value = strtok(NULL, "\t\n\r =");
}
if(!strcmp(variable, "-----END"))
- ignore = 0;
+ ignore = false;
}
free(buffer);
return err;
}
-int read_server_config()
+bool read_server_config()
{
char *fname;
int x;
free(fname);
- return x;
+ return x == 0;
}
-int is_safe_path(const char *file)
+bool is_safe_path(const char *file)
{
+#if !(defined(HAVE_CYGWIN) || defined(HAVE_MINGW))
char *p;
const char *f;
char x;
if(*file != '/') {
logger(LOG_ERR, _("`%s' is not an absolute path"), file);
- return 0;
+ return false;
}
p = strrchr(file, '/');
check1:
if(lstat(f, &s) < 0) {
logger(LOG_ERR, _("Couldn't stat `%s': %s"), f, strerror(errno));
- return 0;
+ return false;
}
if(s.st_uid != geteuid()) {
logger(LOG_ERR, _("`%s' is owned by UID %d instead of %d"),
f, s.st_uid, geteuid());
- return 0;
+ return false;
}
if(S_ISLNK(s.st_mode)) {
if(readlink(f, l, MAXBUFSIZE) < 0) {
logger(LOG_ERR, _("Unable to read symbolic link `%s': %s"), f,
strerror(errno));
- return 0;
+ return false;
}
f = l;
check2:
if(lstat(f, &s) < 0 && errno != ENOENT) {
logger(LOG_ERR, _("Couldn't stat `%s': %s"), f, strerror(errno));
- return 0;
+ return false;
}
if(errno == ENOENT)
- return 1;
+ return true;
if(s.st_uid != geteuid()) {
logger(LOG_ERR, _("`%s' is owned by UID %d instead of %d"),
f, s.st_uid, geteuid());
- return 0;
+ return false;
}
if(S_ISLNK(s.st_mode)) {
if(readlink(f, l, MAXBUFSIZE) < 0) {
logger(LOG_ERR, _("Unable to read symbolic link `%s': %s"), f,
strerror(errno));
- return 0;
+ return false;
}
f = l;
if(s.st_mode & 0007) {
/* Accessible by others */
logger(LOG_ERR, _("`%s' has unsecure permissions"), f);
- return 0;
+ return false;
}
+#endif
- return 1;
+ return true;
}
-FILE *ask_and_safe_open(const char *filename, const char *what,
- const char *mode)
+FILE *ask_and_safe_open(const char *filename, const char *what, bool safe, const char *mode)
{
FILE *r;
char *directory;
}
/* Then check the file for nasty attacks */
- if(!is_safe_path(fn)) { /* Do not permit any directories that are readable or writeable by other users. */
- fprintf(stderr, _("The file `%s' (or any of the leading directories) has unsafe permissions.\n"
- "I will not create or overwrite this file.\n"), fn);
- fclose(r);
- free(fn);
- return NULL;
+ if(safe) {
+ if(!is_safe_path(fn)) { /* Do not permit any directories that are readable or writeable by other users. */
+ fprintf(stderr, _("The file `%s' (or any of the leading directories) has unsafe permissions.\n"
+ "I will not create or overwrite this file.\n"), fn);
+ fclose(r);
+ free(fn);
+ return NULL;
+ }
}
free(fn);