X-Git-Url: https://tinc-vpn.org/git/browse?p=tinc;a=blobdiff_plain;f=src%2Fconf.c;h=09e72a5be5a3ccb44cd671e7e0dc3d42ec8a662b;hp=f70abdfee7dc1b9d5b00f0976e1cd8c158cc5d83;hb=1401faf608e1c8af0d0754e545b0ec79d2bd5d93;hpb=5fc1ed17f41f0c535cf57a4b7e00cd6d45759503 diff --git a/src/conf.c b/src/conf.c index f70abdfe..09e72a5b 100644 --- a/src/conf.c +++ b/src/conf.c @@ -19,7 +19,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: conf.c,v 1.9.4.58 2002/09/09 19:39:55 guus Exp $ + $Id: conf.c,v 1.9.4.63 2003/07/06 23:16:28 guus Exp $ */ #include "config.h" @@ -30,243 +30,234 @@ #include #include #include -#include #include #include #include -#include #include #include -#include /* for cp */ +#include /* for cp */ #include #include "conf.h" -#include "netutl.h" /* for str2address */ +#include "netutl.h" /* for str2address */ +#include "logger.h" #include "system.h" avl_tree_t *config_tree; -int debug_lvl = 0; -int pingtimeout = 0; /* seconds before timeout */ -char *confbase = NULL; /* directory in which all config files are */ -char *netname = NULL; /* name of the vpn network */ +int pingtimeout = 0; /* seconds before timeout */ +char *confbase = NULL; /* directory in which all config files are */ +char *netname = NULL; /* name of the vpn network */ -int config_compare(config_t *a, config_t *b) +static int config_compare(config_t *a, config_t *b) { - int result; + int result; - result = strcasecmp(a->variable, b->variable); + result = strcasecmp(a->variable, b->variable); - if(result) - return result; + if(result) + return result; - result = a->line - b->line; + result = a->line - b->line; - if(result) - return result; - else - return strcmp(a->file, b->file); + if(result) + return result; + else + return strcmp(a->file, b->file); } -void init_configuration(avl_tree_t **config_tree) +void init_configuration(avl_tree_t ** config_tree) { - cp(); - *config_tree = avl_alloc_tree((avl_compare_t)config_compare, (avl_action_t)free_config); - cp(); + cp(); + + *config_tree = avl_alloc_tree((avl_compare_t) config_compare, (avl_action_t) free_config); } -void exit_configuration(avl_tree_t **config_tree) +void exit_configuration(avl_tree_t ** config_tree) { - cp(); - avl_delete_tree(*config_tree); - *config_tree = NULL; - cp(); + cp(); + + avl_delete_tree(*config_tree); + *config_tree = NULL; } config_t *new_config(void) { - config_t *cfg; - cp(); - cfg = (config_t *)xmalloc_and_zero(sizeof(*cfg)); + cp(); - return cfg; + return (config_t *) xmalloc_and_zero(sizeof(config_t)); } void free_config(config_t *cfg) { - cp(); - if(cfg->variable) - free(cfg->variable); - if(cfg->value) - free(cfg->value); - if(cfg->file) - free(cfg->file); - free(cfg); - cp(); + cp(); + + if(cfg->variable) + free(cfg->variable); + + if(cfg->value) + free(cfg->value); + + if(cfg->file) + free(cfg->file); + + free(cfg); } void config_add(avl_tree_t *config_tree, config_t *cfg) { - cp(); - avl_insert(config_tree, cfg); - cp(); + cp(); + + avl_insert(config_tree, cfg); } config_t *lookup_config(avl_tree_t *config_tree, char *variable) { - config_t cfg, *found; - cp(); - cfg.variable = variable; - cfg.file = ""; - cfg.line = 0; + config_t cfg, *found; + + cp(); + + cfg.variable = variable; + cfg.file = ""; + cfg.line = 0; - found = avl_search_closest_greater(config_tree, &cfg); + found = avl_search_closest_greater(config_tree, &cfg); - if(!found) - return NULL; + if(!found) + return NULL; - if(strcasecmp(found->variable, variable)) - return NULL; + if(strcasecmp(found->variable, variable)) + return NULL; - return found; + return found; } config_t *lookup_config_next(avl_tree_t *config_tree, config_t *cfg) { - avl_node_t *node; - config_t *found; - cp(); - node = avl_search_node(config_tree, cfg); - - if(node) - { - if(node->next) - { - found = (config_t *)node->next->data; - if(!strcasecmp(found->variable, cfg->variable)) - return found; - } - } - - return NULL; + avl_node_t *node; + config_t *found; + + cp(); + + node = avl_search_node(config_tree, cfg); + + if(node) { + if(node->next) { + found = (config_t *) node->next->data; + + if(!strcasecmp(found->variable, cfg->variable)) + return found; + } + } + + return NULL; } int get_config_bool(config_t *cfg, int *result) { - cp(); - if(!cfg) - return 0; - - if(!strcasecmp(cfg->value, "yes")) - { - *result = 1; - return 1; - } - else if(!strcasecmp(cfg->value, "no")) - { - *result = 0; - return 1; - } - - syslog(LOG_ERR, _("\"yes\" or \"no\" expected for configuration variable %s in %s line %d"), - cfg->variable, cfg->file, cfg->line); - - return 0; + cp(); + + if(!cfg) + return 0; + + if(!strcasecmp(cfg->value, "yes")) { + *result = 1; + return 1; + } else if(!strcasecmp(cfg->value, "no")) { + *result = 0; + return 1; + } + + logger(DEBUG_ALWAYS, LOG_ERR, _("\"yes\" or \"no\" expected for configuration variable %s in %s line %d"), + cfg->variable, cfg->file, cfg->line); + + return 0; } int get_config_int(config_t *cfg, int *result) { - cp(); - if(!cfg) - return 0; + cp(); + + if(!cfg) + return 0; + + if(sscanf(cfg->value, "%d", result) == 1) + return 1; - if(sscanf(cfg->value, "%d", result) == 1) - return 1; + logger(DEBUG_ALWAYS, LOG_ERR, _("Integer expected for configuration variable %s in %s line %d"), + cfg->variable, cfg->file, cfg->line); - syslog(LOG_ERR, _("Integer expected for configuration variable %s in %s line %d"), - cfg->variable, cfg->file, cfg->line); - return 0; + return 0; } int get_config_string(config_t *cfg, char **result) { - cp(); - if(!cfg) - return 0; + cp(); - *result = xstrdup(cfg->value); - return 1; + if(!cfg) + return 0; + + *result = xstrdup(cfg->value); + + return 1; } int get_config_address(config_t *cfg, struct addrinfo **result) { - struct addrinfo *ai; - cp(); - if(!cfg) - return 0; - - ai = str2addrinfo(cfg->value, NULL, 0); - - if(ai) - { - *result = ai; - return 1; - } - - syslog(LOG_ERR, _("Hostname or IP address expected for configuration variable %s in %s line %d"), - cfg->variable, cfg->file, cfg->line); - return 0; -} + struct addrinfo *ai; -int get_config_port(config_t *cfg, port_t *result) -{ - cp(); - if(!cfg) - return 0; - - if(sscanf(cfg->value, "%hu", result) == 1) - { - *result = htons(*result); - return 1; - } - - syslog(LOG_ERR, _("Port number expected for configuration variable %s in %s line %d"), - cfg->variable, cfg->file, cfg->line); - return 0; + cp(); + + if(!cfg) + return 0; + + ai = str2addrinfo(cfg->value, NULL, 0); + + if(ai) { + *result = ai; + return 1; + } + + logger(DEBUG_ALWAYS, LOG_ERR, _("Hostname or IP address expected for configuration variable %s in %s line %d"), + cfg->variable, cfg->file, cfg->line); + + return 0; } -int get_config_subnet(config_t *cfg, subnet_t **result) +int get_config_subnet(config_t *cfg, subnet_t ** result) { - subnet_t *subnet; - cp(); - if(!cfg) - return 0; - - subnet = str2net(cfg->value); - - if(!subnet) - { - syslog(LOG_ERR, _("Subnet expected for configuration variable %s in %s line %d"), - cfg->variable, cfg->file, cfg->line); - return 0; - } - - /* Teach newbies what subnets are... */ - - if(((subnet->type == SUBNET_IPV4) && maskcheck(&subnet->net.ipv4.address, subnet->net.ipv4.prefixlength, sizeof(ipv4_t))) - || ((subnet->type == SUBNET_IPV6) && maskcheck(&subnet->net.ipv6.address, subnet->net.ipv6.prefixlength, sizeof(ipv6_t)))) - { - syslog(LOG_ERR, _("Network address and prefix length do not match for configuration variable %s in %s line %d"), - cfg->variable, cfg->file, cfg->line); - free(subnet); - return 0; - } - - *result = subnet; - - return 1; + subnet_t *subnet; + + cp(); + + if(!cfg) + return 0; + + subnet = str2net(cfg->value); + + if(!subnet) { + logger(DEBUG_ALWAYS, LOG_ERR, _("Subnet expected for configuration variable %s in %s line %d"), + cfg->variable, cfg->file, cfg->line); + return 0; + } + + /* Teach newbies what subnets are... */ + + if(((subnet->type == SUBNET_IPV4) + && maskcheck(&subnet->net.ipv4.address, subnet->net.ipv4.prefixlength, sizeof(ipv4_t))) + || ((subnet->type == SUBNET_IPV6) + && maskcheck(&subnet->net.ipv6.address, subnet->net.ipv6.prefixlength, sizeof(ipv6_t)))) { + logger(DEBUG_ALWAYS, LOG_ERR, _ ("Network address and prefix length do not match for configuration variable %s in %s line %d"), + cfg->variable, cfg->file, cfg->line); + free(subnet); + return 0; + } + + *result = subnet; + + return 1; } /* @@ -279,74 +270,63 @@ int get_config_subnet(config_t *cfg, subnet_t **result) given, and buf needs to be expanded, the var pointed to by buflen will be increased. */ -char *readline(FILE *fp, char **buf, size_t *buflen) +static char *readline(FILE * fp, char **buf, size_t *buflen) { - char *newline = NULL; - char *p; - char *line; /* The array that contains everything that has been read - so far */ - char *idx; /* Read into this pointer, which points to an offset - within line */ - size_t size, newsize; /* The size of the current array pointed to by - line */ - size_t maxlen; /* Maximum number of characters that may be read with - fgets. This is newsize - oldsize. */ - - if(feof(fp)) - return NULL; - - if(buf && buflen) - { - size = *buflen; - line = *buf; - } - else - { - size = 100; - line = xmalloc(size); - } - - maxlen = size; - idx = line; - *idx = 0; - for(;;) - { - errno = 0; - p = fgets(idx, maxlen, fp); - if(!p) /* EOF or error */ - { - if(feof(fp)) - break; - - /* otherwise: error; let the calling function print an error - message if applicable */ - free(line); - return NULL; + char *newline = NULL; + char *p; + char *line; /* The array that contains everything that has been read so far */ + char *idx; /* Read into this pointer, which points to an offset within line */ + size_t size, newsize; /* The size of the current array pointed to by line */ + size_t maxlen; /* Maximum number of characters that may be read with fgets. This is newsize - oldsize. */ + + if(feof(fp)) + return NULL; + + if(buf && buflen) { + size = *buflen; + line = *buf; + } else { + size = 100; + line = xmalloc(size); } - newline = strchr(p, '\n'); - if(!newline) - /* We haven't yet read everything to the end of the line */ - { - newsize = size << 1; - line = xrealloc(line, newsize); - idx = &line[size - 1]; - maxlen = newsize - size + 1; - size = newsize; + maxlen = size; + idx = line; + *idx = 0; + + for(;;) { + errno = 0; + p = fgets(idx, maxlen, fp); + + if(!p) { /* EOF or error */ + if(feof(fp)) + break; + + /* otherwise: error; let the calling function print an error message if applicable */ + free(line); + return NULL; + } + + newline = strchr(p, '\n'); + + if(!newline) { /* We haven't yet read everything to the end of the line */ + newsize = size << 1; + line = xrealloc(line, newsize); + idx = &line[size - 1]; + maxlen = newsize - size + 1; + size = newsize; + } else { + *newline = '\0'; /* kill newline */ + break; /* yay */ + } } - else - { - *newline = '\0'; /* kill newline */ - break; /* yay */ + + if(buf && buflen) { + *buflen = size; + *buf = line; } - } - - if(buf && buflen) - { - *buflen = size; - *buf = line; - } - return line; + + return line; } /* @@ -355,282 +335,264 @@ char *readline(FILE *fp, char **buf, size_t *buflen) */ int read_config_file(avl_tree_t *config_tree, const char *fname) { - int err = -2; /* Parse error */ - FILE *fp; - char *buffer, *line; - char *variable, *value; - int lineno = 0, ignore = 0; - config_t *cfg; - size_t bufsize; - - cp(); - fp = fopen (fname, "r"); - - if(!fp) - { - syslog(LOG_ERR, _("Cannot open config file %s: %s"), fname, strerror(errno)); - return -3; - } - - bufsize = 100; - buffer = xmalloc(bufsize); - - for(;;) - { - line = readline(fp, &buffer, &bufsize); - - if(!line) - { - err = -1; - break; + int err = -2; /* Parse error */ + FILE *fp; + char *buffer, *line; + char *variable, *value; + int lineno = 0, ignore = 0; + config_t *cfg; + size_t bufsize; + + cp(); + + fp = fopen(fname, "r"); + + if(!fp) { + logger(DEBUG_ALWAYS, LOG_ERR, _("Cannot open config file %s: %s"), fname, + strerror(errno)); + return -3; } - if(feof(fp)) - { - err = 0; - break; - } + bufsize = 100; + buffer = xmalloc(bufsize); + + for(;;) { + line = readline(fp, &buffer, &bufsize); + + if(!line) { + err = -1; + break; + } - lineno++; + if(feof(fp)) { + err = 0; + break; + } - variable = strtok(line, "\t ="); - - if(!variable) - continue; /* no tokens on this line */ + lineno++; - if(variable[0] == '#') - continue; /* comment: ignore */ + variable = strtok(line, "\t ="); - if(!strcmp(variable, "-----BEGIN")) - ignore = 1; + if(!variable) + continue; /* no tokens on this line */ - if(!ignore) - { - value = strtok(NULL, "\t\n\r ="); + if(variable[0] == '#') + continue; /* comment: ignore */ - if(!value || value[0] == '#') - { - syslog(LOG_ERR, _("No value for variable `%s' on line %d while reading config file %s"), - variable, lineno, fname); - break; - } + if(!strcmp(variable, "-----BEGIN")) + ignore = 1; - cfg = new_config(); - cfg->variable = xstrdup(variable); - cfg->value = xstrdup(value); - cfg->file = xstrdup(fname); - cfg->line = lineno; + if(!ignore) { + value = strtok(NULL, "\t\n\r ="); - config_add(config_tree, cfg); - } + if(!value || value[0] == '#') { + logger(DEBUG_ALWAYS, LOG_ERR, _("No value for variable `%s' on line %d while reading config file %s"), + variable, lineno, fname); + break; + } - if(!strcmp(variable, "-----END")) - ignore = 0; - } + cfg = new_config(); + cfg->variable = xstrdup(variable); + cfg->value = xstrdup(value); + cfg->file = xstrdup(fname); + cfg->line = lineno; + + config_add(config_tree, cfg); + } + + if(!strcmp(variable, "-----END")) + ignore = 0; + } - free(buffer); - fclose (fp); - cp(); - return err; + free(buffer); + fclose(fp); + + return err; } int read_server_config() { - char *fname; - int x; - cp(); - asprintf(&fname, "%s/tinc.conf", confbase); - x = read_config_file(config_tree, fname); - if(x == -1) /* System error: complain */ - { - syslog(LOG_ERR, _("Failed to read `%s': %s"), fname, strerror(errno)); - } - free(fname); - cp(); - return x; + char *fname; + int x; + + cp(); + + asprintf(&fname, "%s/tinc.conf", confbase); + x = read_config_file(config_tree, fname); + + if(x == -1) { /* System error: complain */ + logger(DEBUG_ALWAYS, LOG_ERR, _("Failed to read `%s': %s"), fname, strerror(errno)); + } + + free(fname); + + return x; } -int isadir(const char* f) +static int isadir(const char *f) { - struct stat s; + struct stat s; - if(stat(f, &s) < 0) - return 0; - else - return S_ISDIR(s.st_mode); + if(stat(f, &s) < 0) + return 0; + else + return S_ISDIR(s.st_mode); } int is_safe_path(const char *file) { - char *p; - const char *f; - char x; - struct stat s; - char l[MAXBUFSIZE]; + char *p; + const char *f; + char x; + struct stat s; + char l[MAXBUFSIZE]; + + if(*file != '/') { + logger(DEBUG_ALWAYS, LOG_ERR, _("`%s' is not an absolute path"), file); + return 0; + } - if(*file != '/') - { - syslog(LOG_ERR, _("`%s' is not an absolute path"), file); - return 0; - } + p = strrchr(file, '/'); - p = strrchr(file, '/'); + if(p == file) /* It's in the root */ + p++; - if(p == file) /* It's in the root */ - p++; + x = *p; + *p = '\0'; - x = *p; - *p = '\0'; + f = file; - f = file; check1: - if(lstat(f, &s) < 0) - { - syslog(LOG_ERR, _("Couldn't stat `%s': %s"), f, strerror(errno)); - return 0; - } - - if(s.st_uid != geteuid()) - { - syslog(LOG_ERR, _("`%s' is owned by UID %d instead of %d"), - f, s.st_uid, geteuid()); - return 0; - } - - if(S_ISLNK(s.st_mode)) - { - syslog(LOG_WARNING, _("Warning: `%s' is a symlink"), - f); - - if(readlink(f, l, MAXBUFSIZE) < 0) - { - syslog(LOG_ERR, _("Unable to read symbolic link `%s': %s"), f, strerror(errno)); - return 0; - } - - f = l; - goto check1; - } - - *p = x; - f = file; + if(lstat(f, &s) < 0) { + logger(DEBUG_ALWAYS, LOG_ERR, _("Couldn't stat `%s': %s"), f, strerror(errno)); + return 0; + } + + if(s.st_uid != geteuid()) { + logger(DEBUG_ALWAYS, LOG_ERR, _("`%s' is owned by UID %d instead of %d"), + f, s.st_uid, geteuid()); + return 0; + } + + if(S_ISLNK(s.st_mode)) { + logger(DEBUG_ALWAYS, LOG_WARNING, _("Warning: `%s' is a symlink"), f); + + if(readlink(f, l, MAXBUFSIZE) < 0) { + logger(DEBUG_ALWAYS, LOG_ERR, _("Unable to read symbolic link `%s': %s"), f, + strerror(errno)); + return 0; + } + + f = l; + goto check1; + } + + *p = x; + f = file; check2: - if(lstat(f, &s) < 0 && errno != ENOENT) - { - syslog(LOG_ERR, _("Couldn't stat `%s': %s"), f, strerror(errno)); - return 0; - } - - if(errno == ENOENT) - return 1; - - if(s.st_uid != geteuid()) - { - syslog(LOG_ERR, _("`%s' is owned by UID %d instead of %d"), - f, s.st_uid, geteuid()); - return 0; - } - - if(S_ISLNK(s.st_mode)) - { - syslog(LOG_WARNING, _("Warning: `%s' is a symlink"), - f); - - if(readlink(f, l, MAXBUFSIZE) < 0) - { - syslog(LOG_ERR, _("Unable to read symbolic link `%s': %s"), f, strerror(errno)); - return 0; - } - - f = l; - goto check2; - } - - if(s.st_mode & 0007) - { - /* Accessible by others */ - syslog(LOG_ERR, _("`%s' has unsecure permissions"), - f); - return 0; - } - - return 1; + if(lstat(f, &s) < 0 && errno != ENOENT) { + logger(DEBUG_ALWAYS, LOG_ERR, _("Couldn't stat `%s': %s"), f, strerror(errno)); + return 0; + } + + if(errno == ENOENT) + return 1; + + if(s.st_uid != geteuid()) { + logger(DEBUG_ALWAYS, LOG_ERR, _("`%s' is owned by UID %d instead of %d"), + f, s.st_uid, geteuid()); + return 0; + } + + if(S_ISLNK(s.st_mode)) { + logger(DEBUG_ALWAYS, LOG_WARNING, _("Warning: `%s' is a symlink"), f); + + if(readlink(f, l, MAXBUFSIZE) < 0) { + logger(DEBUG_ALWAYS, LOG_ERR, _("Unable to read symbolic link `%s': %s"), f, + strerror(errno)); + return 0; + } + + f = l; + goto check2; + } + + if(s.st_mode & 0007) { + /* Accessible by others */ + logger(DEBUG_ALWAYS, LOG_ERR, _("`%s' has unsecure permissions"), f); + return 0; + } + + return 1; } -FILE *ask_and_safe_open(const char* filename, const char* what, const char* mode) +FILE *ask_and_safe_open(const char *filename, const char *what, + const char *mode) { - FILE *r; - char *directory; - char *fn; - - /* Check stdin and stdout */ - if(!isatty(0) || !isatty(1)) - { - /* Argh, they are running us from a script or something. Write - the files to the current directory and let them burn in hell - for ever. */ - fn = xstrdup(filename); - } - else - { - /* Ask for a file and/or directory name. */ - fprintf(stdout, _("Please enter a file to save %s to [%s]: "), - what, filename); - fflush(stdout); - - fn = readline(stdin, NULL, NULL); - - if(!fn) - { - fprintf(stderr, _("Error while reading stdin: %s\n"), strerror(errno)); - return NULL; + FILE *r; + char *directory; + char *fn; + + /* Check stdin and stdout */ + if(!isatty(0) || !isatty(1)) { + /* Argh, they are running us from a script or something. Write + the files to the current directory and let them burn in hell + for ever. */ + fn = xstrdup(filename); + } else { + /* Ask for a file and/or directory name. */ + fprintf(stdout, _("Please enter a file to save %s to [%s]: "), + what, filename); + fflush(stdout); + + fn = readline(stdin, NULL, NULL); + + if(!fn) { + fprintf(stderr, _("Error while reading stdin: %s\n"), + strerror(errno)); + return NULL; + } + + if(!strlen(fn)) + /* User just pressed enter. */ + fn = xstrdup(filename); } - if(!strlen(fn)) - /* User just pressed enter. */ - fn = xstrdup(filename); - } - - if(!strchr(fn, '/') || fn[0] != '/') - { - /* The directory is a relative path or a filename. */ - char *p; - - directory = get_current_dir_name(); - asprintf(&p, "%s/%s", directory, fn); - free(fn); - free(directory); - fn = p; - } - - umask(0077); /* Disallow everything for group and other */ - - /* Open it first to keep the inode busy */ - - r = fopen(fn, mode); - - if(!r) - { - fprintf(stderr, _("Error opening file `%s': %s\n"), - fn, strerror(errno)); - free(fn); - return NULL; - } - - /* Then check the file for nasty attacks */ - if(!is_safe_path(fn)) /* Do not permit any directories that are - readable or writeable by other users. */ - { - fprintf(stderr, _("The file `%s' (or any of the leading directories) has unsafe permissions.\n" - "I will not create or overwrite this file.\n"), - fn); - fclose(r); - free(fn); - return NULL; - } - - free(fn); - - return r; + if(!strchr(fn, '/') || fn[0] != '/') { + /* The directory is a relative path or a filename. */ + char *p; + + directory = get_current_dir_name(); + asprintf(&p, "%s/%s", directory, fn); + free(fn); + free(directory); + fn = p; + } + + umask(0077); /* Disallow everything for group and other */ + + /* Open it first to keep the inode busy */ + + r = fopen(fn, mode); + + if(!r) { + fprintf(stderr, _("Error opening file `%s': %s\n"), + fn, strerror(errno)); + free(fn); + return NULL; + } + + /* Then check the file for nasty attacks */ + if(!is_safe_path(fn)) { /* Do not permit any directories that are readable or writeable by other users. */ + fprintf(stderr, _("The file `%s' (or any of the leading directories) has unsafe permissions.\n" + "I will not create or overwrite this file.\n"), fn); + fclose(r); + free(fn); + return NULL; + } + + free(fn); + + return r; }