X-Git-Url: https://tinc-vpn.org/git/browse?p=tinc;a=blobdiff_plain;f=src%2Fconf.c;h=09f2d1384ea94a8f0c181b872e5cf2dd688ae1ef;hp=1560541a101c315b63c2950eb48758cb56b2d515;hb=a0c544df5d882bea812fb0ef648cdee98939e89c;hpb=64771f73ebbff04262defcde59263e98f89f0fa1 diff --git a/src/conf.c b/src/conf.c index 1560541a..09f2d138 100644 --- a/src/conf.c +++ b/src/conf.c @@ -2,7 +2,7 @@ conf.c -- configuration code Copyright (C) 1998 Robert van der Meulen 1998-2005 Ivo Timmermans - 2000-2010 Guus Sliepen + 2000-2012 Guus Sliepen 2010-2011 Julien Muchembled 2000 Cris van Pelt @@ -378,6 +378,29 @@ bool read_server_config(void) { xasprintf(&fname, "%s/tinc.conf", confbase); x = read_config_file(config_tree, fname); + // We will try to read the conf files in the "conf.d" dir + if (x) { + char * dname; + xasprintf(&dname, "%s/conf.d", confbase); + DIR *dir = opendir (dname); + // If we can find this dir + if (dir) { + struct dirent *ep; + // We list all the files in it + while (x && (ep = readdir (dir))) { + size_t l = strlen(ep->d_name); + // And we try to read the ones that end with ".conf" + if (l > 5 && !strcmp(".conf", & ep->d_name[ l - 5 ])) { + free(fname); + xasprintf(&fname, "%s/%s", dname, ep->d_name); + x = read_config_file(config_tree, fname); + } + } + closedir (dir); + } + free(dname); + } + if(!x) { /* System error: complain */ logger(LOG_ERR, "Failed to read `%s': %s", fname, strerror(errno)); } @@ -400,6 +423,70 @@ bool read_connection_config(connection_t *c) { return x; } +static void disable_old_keys(const char *filename) { + char tmpfile[PATH_MAX] = ""; + char buf[1024]; + bool disabled = false; + FILE *r, *w; + + r = fopen(filename, "r"); + if(!r) + return; + + snprintf(tmpfile, sizeof tmpfile, "%s.tmp", filename); + + w = fopen(tmpfile, "w"); + + while(fgets(buf, sizeof buf, r)) { + if(!strncmp(buf, "-----BEGIN RSA", 14)) { + buf[11] = 'O'; + buf[12] = 'L'; + buf[13] = 'D'; + disabled = true; + } + else if(!strncmp(buf, "-----END RSA", 12)) { + buf[ 9] = 'O'; + buf[10] = 'L'; + buf[11] = 'D'; + disabled = true; + } + if(w && fputs(buf, w) < 0) { + disabled = false; + break; + } + } + + if(w) + fclose(w); + fclose(r); + + if(!w && disabled) { + fprintf(stderr, "Warning: old key(s) found, remove them by hand!\n"); + return; + } + + if(disabled) { +#ifdef HAVE_MINGW + // We cannot atomically replace files on Windows. + char bakfile[PATH_MAX] = ""; + snprintf(bakfile, sizeof bakfile, "%s.bak", filename); + if(rename(filename, bakfile) || rename(tmpfile, filename)) { + rename(bakfile, filename); +#else + if(rename(tmpfile, filename)) { +#endif + fprintf(stderr, "Warning: old key(s) found, remove them by hand!\n"); + } else { +#ifdef HAVE_MINGW + unlink(bakfile); +#endif + fprintf(stderr, "Warning: old key(s) found and disabled.\n"); + } + } + + unlink(tmpfile); +} + FILE *ask_and_open(const char *filename, const char *what) { FILE *r; char *directory; @@ -447,9 +534,11 @@ FILE *ask_and_open(const char *filename, const char *what) { umask(0077); /* Disallow everything for group and other */ + disable_old_keys(fn); + /* Open it first to keep the inode busy */ - r = fopen(fn, "r+") ?: fopen(fn, "w+"); + r = fopen(fn, "a"); if(!r) { fprintf(stderr, "Error opening file `%s': %s\n", @@ -460,42 +549,4 @@ FILE *ask_and_open(const char *filename, const char *what) { return r; } -bool disable_old_keys(FILE *f) { - char buf[100]; - long pos; - bool disabled = false; - - rewind(f); - pos = ftell(f); - if(pos < 0) - return false; - - while(fgets(buf, sizeof buf, f)) { - if(!strncmp(buf, "-----BEGIN RSA", 14)) { - buf[11] = 'O'; - buf[12] = 'L'; - buf[13] = 'D'; - if(fseek(f, pos, SEEK_SET)) - break; - if(fputs(buf, f) <= 0) - break; - disabled = true; - } - else if(!strncmp(buf, "-----END RSA", 12)) { - buf[ 9] = 'O'; - buf[10] = 'L'; - buf[11] = 'D'; - if(fseek(f, pos, SEEK_SET)) - break; - if(fputs(buf, f) <= 0) - break; - disabled = true; - } - pos = ftell(f); - if(pos < 0) - break; - } - - return disabled; -}