X-Git-Url: https://tinc-vpn.org/git/browse?p=tinc;a=blobdiff_plain;f=src%2Fconf.c;h=37bfe9469639d3fd423ff57566ec97e2ccc96e99;hp=7780a0b23200a0f2732c7b9f228293aaf86c8384;hb=3ff76eb10acc55b6f269c1075de6bbaa5bc83516;hpb=7398002ade1397bd857953f009f4aed65ffc9218 diff --git a/src/conf.c b/src/conf.c index 7780a0b2..37bfe946 100644 --- a/src/conf.c +++ b/src/conf.c @@ -1,6 +1,6 @@ /* conf.c -- configuration code - Copyright (C) 1998 Emphyrio, + Copyright (C) 1998 Robert van der Meulen Copyright (C) 1998,1999,2000 Ivo Timmermans 2000 Guus Sliepen 2000 Cris van Pelt @@ -19,9 +19,10 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: conf.c,v 1.9.4.19 2000/10/29 00:24:31 guus Exp $ + $Id: conf.c,v 1.9.4.23 2000/11/28 23:12:56 zarq Exp $ */ +#include "config.h" #include #include @@ -30,16 +31,14 @@ #include #include #include -#include #include +#include /* for cp */ #include "conf.h" #include "netutl.h" /* for strtoip */ -#include /* for cp */ #include "config.h" -#include "connlist.h" #include "system.h" config_t *config = NULL; @@ -56,26 +55,26 @@ int sighup = 0; */ static internal_config_t hazahaza[] = { /* Main configuration file keywords */ - { "Name", tincname, TYPE_NAME }, - { "ConnectTo", connectto, TYPE_NAME }, - { "PingTimeout", pingtimeout, TYPE_INT }, - { "TapDevice", tapdevice, TYPE_NAME }, - { "PrivateKey", privatekey, TYPE_NAME }, - { "KeyExpire", keyexpire, TYPE_INT }, - { "Hostnames", resolve_dns, TYPE_BOOL }, - { "Interface", interface, TYPE_NAME }, - { "InterfaceIP", interfaceip, TYPE_IP }, + { "Name", config_name, TYPE_NAME }, + { "ConnectTo", config_connectto, TYPE_NAME }, + { "PingTimeout", config_pingtimeout, TYPE_INT }, + { "TapDevice", config_tapdevice, TYPE_NAME }, + { "PrivateKey", config_privatekey, TYPE_NAME }, + { "KeyExpire", config_keyexpire, TYPE_INT }, + { "Hostnames", config_hostnames, TYPE_BOOL }, + { "Interface", config_interface, TYPE_NAME }, + { "InterfaceIP", config_interfaceip, TYPE_IP }, /* Host configuration file keywords */ - { "Address", address, TYPE_NAME }, - { "Port", port, TYPE_INT }, - { "PublicKey", publickey, TYPE_NAME }, - { "Subnet", subnet, TYPE_IP }, /* Use IPv4 subnets only for now */ - { "RestrictHosts", restricthosts, TYPE_BOOL }, - { "RestrictSubnets", restrictsubnets, TYPE_BOOL }, - { "RestrictAddress", restrictaddress, TYPE_BOOL }, - { "RestrictPort", restrictport, TYPE_BOOL }, - { "IndirectData", indirectdata, TYPE_BOOL }, - { "TCPonly", tcponly, TYPE_BOOL }, + { "Address", config_address, TYPE_NAME }, + { "Port", config_port, TYPE_INT }, + { "PublicKey", config_publickey, TYPE_NAME }, + { "Subnet", config_subnet, TYPE_IP }, /* Use IPv4 subnets only for now */ + { "RestrictHosts", config_restricthosts, TYPE_BOOL }, + { "RestrictSubnets", config_restrictsubnets, TYPE_BOOL }, + { "RestrictAddress", config_restrictaddress, TYPE_BOOL }, + { "RestrictPort", config_restrictport, TYPE_BOOL }, + { "IndirectData", config_indirectdata, TYPE_BOOL }, + { "TCPonly", config_tcponly, TYPE_BOOL }, { NULL, 0, 0 } }; @@ -256,3 +255,47 @@ cp *base = NULL; cp } + +#define is_safe_file(p) 1 + +FILE *ask_and_safe_open(const char* filename) +{ + FILE *r; + char *directory; + char *fn; + int len; + + if(!isatty(0)) + { + /* Argh, they are running us from a script or something. Write + the files to the current directory and let them burn in hell + for ever. */ + directory = "."; /* get_current_directory */ + } + else + { + directory = "."; + } + + len = strlen(filename) + strlen(directory) + 2; /* 1 for the / */ + fn = xmalloc(len); + snprintf(fn, len, "%s/%s", directory, filename); + + if(!is_safe_file(fn)) + { + fprintf(stderr, _("The file `%s' (or any of the leading directories) has unsafe permissions.\n" + "I will not create or overwrite this file.\n"), + fn); + return NULL; + } + + if((r = fopen(fn, "w")) == NULL) + { + fprintf(stderr, _("Error opening file `%s': %m"), + fn); + } + + free(fn); + + return r; +}