#include "utils.h"
#include "xalloc.h"
#include "keys.h"
+#include "sandbox.h"
#ifdef HAVE_MINIUPNPC
#include "upnp.h"
read_host_config(&config, ent->d_name, true);
if(!n) {
- n = new_node();
- n->name = xstrdup(ent->d_name);
+ n = new_node(ent->d_name);
node_add(n);
}
return returned_name;
}
-bool setup_myself_reloadable(void) {
- free(scriptinterpreter);
- scriptinterpreter = NULL;
+static void read_interpreter(void) {
+ char *interpreter = NULL;
+ get_config_string(lookup_config(&config_tree, "ScriptsInterpreter"), &interpreter);
+
+ if(!interpreter || (sandbox_can(START_PROCESSES, AFTER_SANDBOX) && sandbox_can(USE_NEW_PATHS, AFTER_SANDBOX))) {
+ free(scriptinterpreter);
+ scriptinterpreter = interpreter;
+ return;
+ }
+
+ if(!string_eq(interpreter, scriptinterpreter)) {
+ logger(DEBUG_ALWAYS, LOG_NOTICE, "Not changing ScriptsInterpreter because of sandbox.");
+ }
+
+ free(interpreter);
+}
- get_config_string(lookup_config(&config_tree, "ScriptsInterpreter"), &scriptinterpreter);
+bool setup_myself_reloadable(void) {
+ read_interpreter();
free(scriptextension);
} else if(!strcasecmp(proxy, "http")) {
proxytype = PROXY_HTTP;
} else if(!strcasecmp(proxy, "exec")) {
- proxytype = PROXY_EXEC;
+ if(sandbox_can(START_PROCESSES, AFTER_SANDBOX)) {
+ proxytype = PROXY_EXEC;
+ } else {
+ logger(DEBUG_ALWAYS, LOG_ERR, "Cannot use exec proxies with current sandbox level.");
+ return false;
+ }
} else {
logger(DEBUG_ALWAYS, LOG_ERR, "Unknown proxy type %s!", proxy);
- free(proxy);
+ free_string(proxy);
return false;
}
free(proxyport);
proxyport = NULL;
- free(proxyuser);
+ free_string(proxyuser);
proxyuser = NULL;
- free(proxypass);
+ free_string(proxypass);
proxypass = NULL;
switch(proxytype) {
case PROXY_EXEC:
if(!space || !*space) {
logger(DEBUG_ALWAYS, LOG_ERR, "Argument expected for proxy type exec!");
- free(proxy);
+ free_string(proxy);
return false;
}
+ if(!sandbox_can(USE_NEW_PATHS, AFTER_SANDBOX)) {
+ logger(DEBUG_ALWAYS, LOG_NOTICE, "Changed exec proxy may fail to work because of sandbox.");
+ }
+
proxyhost = xstrdup(space);
break;
logger(DEBUG_ALWAYS, LOG_ERR, "Host and port argument expected for proxy!");
proxyport = NULL;
proxyhost = NULL;
- free(proxy);
+ free_string(proxy);
return false;
}
break;
}
- free(proxy);
+ free_string(proxy);
}
bool choice;
}
if(listen_sockets >= MAXSOCKETS) {
+ listen_sockets = MAXSOCKETS;
logger(DEBUG_ALWAYS, LOG_ERR, "Too many listening sockets");
freeaddrinfo(ai);
return false;
}
myname = xstrdup(name);
- myself = new_node();
+ myself = new_node(name);
myself->connection = new_connection();
- myself->name = name;
- myself->connection->name = xstrdup(name);
+ myself->connection->name = name;
read_host_config(&config_tree, name, true);
if(!get_config_string(lookup_config(&config_tree, "Port"), &myport.tcp)) {
if(!cipher_open_by_name(myself->incipher, cipher)) {
logger(DEBUG_ALWAYS, LOG_ERR, "Unrecognized cipher type!");
- cipher_free(&myself->incipher);
+ cipher_free(myself->incipher);
+ myself->incipher = NULL;
free(cipher);
return false;
}
if(!digest_open_by_name(myself->indigest, digest, maclength)) {
logger(DEBUG_ALWAYS, LOG_ERR, "Unrecognized digest type!");
- digest_free(&myself->indigest);
+ digest_free(myself->indigest);
+ myself->indigest = NULL;
free(digest);
return false;
}
#endif
/* Compression */
- if(get_config_int(lookup_config(&config_tree, "Compression"), &myself->incompression)) {
+ int incompression = 0;
+
+ if(get_config_int(lookup_config(&config_tree, "Compression"), &incompression)) {
+ myself->incompression = incompression;
+
switch(myself->incompression) {
case COMPRESS_LZ4:
#ifdef HAVE_LZ4
myself->incompression = COMPRESS_NONE;
}
- myself->connection->outcompression = COMPRESS_NONE;
-
/* Done */
myself->nexthop = myself;
devops = os_devops;
if(get_config_string(lookup_config(&config_tree, "DeviceType"), &type)) {
- if(!strcasecmp(type, "dummy")) {
+ if(!strcasecmp(type, DEVICE_DUMMY)) {
devops = dummy_devops;
} else if(!strcasecmp(type, "raw_socket")) {
devops = raw_socket_devops;
/* Open sockets */
- if(!do_detach && getenv("LISTEN_FDS")) {
+ const char *listen_fds = getenv("LISTEN_FDS");
+
+ if(!do_detach && listen_fds) {
sockaddr_t sa;
socklen_t salen;
- listen_sockets = atoi(getenv("LISTEN_FDS"));
+ listen_sockets = atoi(listen_fds);
#ifdef HAVE_UNSETENV
unsetenv("LISTEN_FDS");
#endif
if(listen_sockets > MAXSOCKETS) {
+ listen_sockets = MAXSOCKETS;
logger(DEBUG_ALWAYS, LOG_ERR, "Too many listening sockets");
return false;
}
projects / tinc / blobdiff