X-Git-Url: https://tinc-vpn.org/git/browse?p=tinc;a=blobdiff_plain;f=src%2Fconf.c;h=61f0cf0e377c89022266f3891db2958fb1a99ed1;hp=0d6d4c2ac3cd97435f32e0cd1cbfa942bdc80694;hb=0d99ae59bd7c640d396ce978045f0911567fb9bf;hpb=e469fca4d78e9d23698fe1e6b29b232198cc499e

diff --git a/src/conf.c b/src/conf.c
index 0d6d4c2a..61f0cf0e 100644
--- a/src/conf.c
+++ b/src/conf.c
@@ -19,12 +19,11 @@
     along with this program; if not, write to the Free Software
     Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
 
-    $Id: conf.c,v 1.9.4.34 2000/12/06 13:33:48 zarq Exp $
+    $Id: conf.c,v 1.9.4.37 2001/01/06 18:03:39 guus Exp $
 */
 
 #include "config.h"
 
-#include <assert.h>
 #include <ctype.h>
 #include <errno.h>
 #include <netdb.h>
@@ -35,6 +34,7 @@
 #include <sys/stat.h>
 #include <sys/types.h>
 #include <unistd.h>
+#include <syslog.h>
 
 #include <xalloc.h>
 #include <utils.h> /* for cp */
@@ -68,6 +68,7 @@ static internal_config_t hazahaza[] = {
   { "Name",         config_name,       TYPE_NAME },
   { "PingTimeout",  config_pingtimeout,    TYPE_INT },
   { "PrivateKey",   config_privatekey,     TYPE_NAME },
+  { "PrivateKeyFile", config_privatekeyfile, TYPE_NAME },
   { "TapDevice",    config_tapdevice,      TYPE_NAME },
   { "VpnMask",      config_dummy,          TYPE_IP },
 /* Host configuration file keywords */
@@ -75,6 +76,7 @@ static internal_config_t hazahaza[] = {
   { "IndirectData", config_indirectdata,   TYPE_BOOL },
   { "Port",         config_port,           TYPE_INT },
   { "PublicKey",    config_publickey,      TYPE_NAME },
+  { "PublicKeyFile", config_publickeyfile, TYPE_NAME },
   { "RestrictAddress", config_restrictaddress, TYPE_BOOL },
   { "RestrictHosts", config_restricthosts, TYPE_BOOL },
   { "RestrictPort", config_restrictport,   TYPE_BOOL },
@@ -232,7 +234,10 @@ int read_config_file(config_t **base, const char *fname)
   
 cp
   if((fp = fopen (fname, "r")) == NULL)
-    return -1;
+    {
+      syslog(LOG_ERR, _("Cannot open config file %s: %m"), fname);
+      return -1;
+    }
 
   bufsize = 100;
   buffer = xmalloc(bufsize);
@@ -273,7 +278,7 @@ cp
 
       if(((q = strtok(NULL, "\t\n\r =")) == NULL) || q[0] == '#')
 	{
-	  fprintf(stderr, _("No value for variable `%s' on line %d while reading config file %s"),
+	  syslog(LOG_ERR, _("No value for variable `%s' on line %d while reading config file %s"),
 		  hazahaza[i].name, lineno, fname);
 	  break;
 	}
@@ -281,7 +286,7 @@ cp
       cfg = add_config_val(base, hazahaza[i].argtype, q);
       if(cfg == NULL)
 	{
-	  fprintf(stderr, _("Invalid value for variable `%s' on line %d while reading config file %s"),
+	  syslog(LOG_ERR, _("Invalid value for variable `%s' on line %d while reading config file %s"),
 		  hazahaza[i].name, lineno, fname);
 	  break;
 	}
@@ -306,7 +311,7 @@ cp
   x = read_config_file(&config, fname);
   if(x == -1) /* System error */
     {
-      fprintf(stderr, _("Failed to read `%s': %m\n"),
+      syslog(LOG_ERR, _("Failed to read `%s': %m"),
 	      fname);
     }
   free(fname);
@@ -352,68 +357,105 @@ int isadir(const char* f)
   struct stat s;
 
   if(stat(f, &s) < 0)
-    {
-      fprintf(stderr, _("Couldn't stat `%s': %m\n"),
-	      f);
-      return -1;
-    }
-
-  return S_ISDIR(s.st_mode);
+    return 0;
+  else
+    return S_ISDIR(s.st_mode);
 }
 
 int is_safe_path(const char *file)
 {
   char *p;
+  const char *f;
+  char x;
   struct stat s;
+  char l[MAXBUFSIZE];
+
+  if(*file != '/')
+    {
+      syslog(LOG_ERR, _("`%s' is not an absolute path"), file);
+      return 0;
+    }
 
   p = strrchr(file, '/');
-  assert(p); /* p has to contain a / */
+  
+  if(p == file)		/* It's in the root */
+    p++;
+    
+  x = *p;
   *p = '\0';
-  if(stat(file, &s) < 0)
+
+  f = file;
+check1:
+  if(lstat(f, &s) < 0)
     {
-      fprintf(stderr, _("Couldn't stat `%s': %m\n"),
-	      file);
+      syslog(LOG_ERR, _("Couldn't stat `%s': %m"),
+	      f);
       return 0;
     }
+
   if(s.st_uid != geteuid())
     {
-      fprintf(stderr, _("`%s' is owned by UID %d instead of %d.\n"),
-	      file, s.st_uid, geteuid());
+      syslog(LOG_ERR, _("`%s' is owned by UID %d instead of %d"),
+	      f, s.st_uid, geteuid());
       return 0;
     }
+
   if(S_ISLNK(s.st_mode))
     {
-      fprintf(stderr, _("Warning: `%s' is a symlink\n"),
-	      file);
-      /* fixme: read the symlink and start again */
+      syslog(LOG_WARNING, _("Warning: `%s' is a symlink"),
+	      f);
+
+      if(readlink(f, l, MAXBUFSIZE) < 0)
+        {
+          syslog(LOG_ERR, _("Unable to read symbolic link `%s': %m"), f);
+          return 0;
+        }
+      
+      f = l;
+      goto check1;
     }
 
-  *p = '/';
-  if(stat(file, &s) < 0 && errno != ENOENT)
+  *p = x;
+  f = file;
+  
+check2:
+  if(lstat(f, &s) < 0 && errno != ENOENT)
     {
-      fprintf(stderr, _("Couldn't stat `%s': %m\n"),
-	      file);
+      syslog(LOG_ERR, _("Couldn't stat `%s': %m"),
+	      f);
       return 0;
     }
+    
   if(errno == ENOENT)
     return 1;
+
   if(s.st_uid != geteuid())
     {
-      fprintf(stderr, _("`%s' is owned by UID %d instead of %d.\n"),
-	      file, s.st_uid, geteuid());
+      syslog(LOG_ERR, _("`%s' is owned by UID %d instead of %d"),
+	      f, s.st_uid, geteuid());
       return 0;
     }
+
   if(S_ISLNK(s.st_mode))
     {
-      fprintf(stderr, _("Warning: `%s' is a symlink\n"),
-	      file);
-      /* fixme: read the symlink and start again */
+      syslog(LOG_WARNING, _("Warning: `%s' is a symlink"),
+	      f);
+
+      if(readlink(f, l, MAXBUFSIZE) < 0)
+        {
+          syslog(LOG_ERR, _("Unable to read symbolic link `%s': %m"), f);
+          return 0;
+        }
+      
+      f = l;
+      goto check2;
     }
+
   if(s.st_mode & 0007)
     {
       /* Accessible by others */
-      fprintf(stderr, _("`%s' has unsecure permissions.\n"),
-	      file);
+      syslog(LOG_ERR, _("`%s' has unsecure permissions"),
+	      f);
       return 0;
     }
   
@@ -425,7 +467,6 @@ FILE *ask_and_safe_open(const char* filename, const char* what)
   FILE *r;
   char *directory;
   char *fn;
-  int len;
 
   /* Check stdin and stdout */
   if(!isatty(0) || !isatty(1))
@@ -440,12 +481,14 @@ FILE *ask_and_safe_open(const char* filename, const char* what)
       /* Ask for a file and/or directory name. */
       fprintf(stdout, _("Please enter a file to save %s to [%s]: "),
 	      what, filename);
-      fflush(stdout);  /* Don't wait for a newline */
+      fflush(stdout);
+
       if((fn = readline(stdin, NULL, NULL)) == NULL)
 	{
 	  fprintf(stderr, _("Error while reading stdin: %m\n"));
 	  return NULL;
 	}
+
       if(strlen(fn) == 0)
 	/* User just pressed enter. */
 	fn = xstrdup(filename);
@@ -457,25 +500,12 @@ FILE *ask_and_safe_open(const char* filename, const char* what)
       char *p;
       
       directory = get_current_dir_name();
-      len = strlen(fn) + strlen(directory) + 2; /* 1 for the / */
-      p = xmalloc(len);
-      snprintf(p, len, "%s/%s", directory, fn);
+      asprintf(&p, "%s/%s", directory, fn);
       free(fn);
       free(directory);
       fn = p;
     }
 
-  if(isadir(fn) > 0) /* -1 is error */
-    {
-      char *p;
-
-      len = strlen(fn) + strlen(filename) + 2; /* 1 for the / */
-      p = xmalloc(len);
-      snprintf(p, len, "%s/%s", fn, filename);
-      free(fn);
-      fn = p;
-    }
-
   umask(0077); /* Disallow everything for group and other */
   
   /* Open it first to keep the inode busy */