X-Git-Url: https://tinc-vpn.org/git/browse?p=tinc;a=blobdiff_plain;f=src%2Fconf.c;h=b7c0179e180d26ae26e846410c088d2e2e6374e8;hp=2643785ce2d10035a4668d045d7eaad6c3242237;hb=5b0f5ad958d6db4e73aebc5ee6c608cdae81b7b5;hpb=d3f889c8076dff9c00ebfe1459cb36425f8da41d diff --git a/src/conf.c b/src/conf.c index 2643785c..b7c0179e 100644 --- a/src/conf.c +++ b/src/conf.c @@ -1,9 +1,10 @@ /* conf.c -- configuration code Copyright (C) 1998 Robert van der Meulen - 1998-2001 Ivo Timmermans - 2000,2001 Guus Sliepen - 2000 Cris van Pelt + 1998-2005 Ivo Timmermans + 2000-2010 Guus Sliepen + 2010-2011 Julien Muchembled + 2000 Cris van Pelt This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -15,521 +16,514 @@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - - $Id: conf.c,v 1.9.4.38 2001/01/07 17:08:55 guus Exp $ + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. */ -#include "config.h" +#include "system.h" -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include +#include "avl_tree.h" +#include "connection.h" +#include "conf.h" +#include "list.h" +#include "logger.h" +#include "netutl.h" /* for str2address */ +#include "protocol.h" +#include "utils.h" /* for cp */ +#include "xalloc.h" -#include -#include /* for cp */ +avl_tree_t *config_tree; -#include "conf.h" -#include "netutl.h" /* for strtoip */ +int pinginterval = 0; /* seconds between pings */ +int pingtimeout = 0; /* seconds to wait for response */ +char *confbase = NULL; /* directory in which all config files are */ +char *netname = NULL; /* name of the vpn network */ +list_t *cmdline_conf = NULL; /* global/host configuration values given at the command line */ -#include "system.h" -config_t *config = NULL; -int debug_lvl = 0; -int timeout = 0; /* seconds before timeout */ -char *confbase = NULL; /* directory in which all config files are */ -char *netname = NULL; /* name of the vpn network */ +static int config_compare(const config_t *a, const config_t *b) { + int result; -/* Will be set if HUP signal is received. It will be processed when it is safe. */ -int sighup = 0; + result = strcasecmp(a->variable, b->variable); -/* - These are all the possible configurable values -*/ -static internal_config_t hazahaza[] = { -/* Main configuration file keywords */ - { "ConnectTo", config_connectto, TYPE_NAME }, - { "Hostnames", config_hostnames, TYPE_BOOL }, - { "Interface", config_interface, TYPE_NAME }, - { "InterfaceIP", config_interfaceip, TYPE_IP }, - { "KeyExpire", config_keyexpire, TYPE_INT }, - { "MyVirtualIP", config_dummy, TYPE_IP }, - { "MyOwnVPNIP", config_dummy, TYPE_IP }, - { "Name", config_name, TYPE_NAME }, - { "PingTimeout", config_pingtimeout, TYPE_INT }, - { "PrivateKey", config_privatekey, TYPE_NAME }, - { "PrivateKeyFile", config_privatekeyfile, TYPE_NAME }, - { "TapDevice", config_tapdevice, TYPE_NAME }, - { "VpnMask", config_dummy, TYPE_IP }, -/* Host configuration file keywords */ - { "Address", config_address, TYPE_NAME }, - { "IndirectData", config_indirectdata, TYPE_BOOL }, - { "Port", config_port, TYPE_INT }, - { "PublicKey", config_publickey, TYPE_NAME }, - { "PublicKeyFile", config_publickeyfile, TYPE_NAME }, - { "RestrictAddress", config_restrictaddress, TYPE_BOOL }, - { "RestrictHosts", config_restricthosts, TYPE_BOOL }, - { "RestrictPort", config_restrictport, TYPE_BOOL }, - { "RestrictSubnets", config_restrictsubnets, TYPE_BOOL }, - { "Subnet", config_subnet, TYPE_IP }, /* Use IPv4 subnets only for now */ - { "TCPonly", config_tcponly, TYPE_BOOL }, - { NULL, 0, 0 } -}; + if(result) + return result; -/* - Add given value to the list of configs cfg -*/ -config_t * -add_config_val(config_t **cfg, int argtype, char *val) -{ - config_t *p; - char *q; -cp - p = (config_t*)xmalloc(sizeof(*p)); - p->data.val = 0; - - switch(argtype) - { - case TYPE_INT: - p->data.val = strtol(val, &q, 0); - if(q && *q) - p->data.val = 0; - break; - case TYPE_NAME: - p->data.ptr = xmalloc(strlen(val) + 1); - strcpy(p->data.ptr, val); - break; - case TYPE_IP: - p->data.ip = strtoip(val); - break; - case TYPE_BOOL: - if(!strcasecmp("yes", val)) - p->data.val = stupid_true; - else if(!strcasecmp("no", val)) - p->data.val = stupid_false; - else - p->data.val = 0; - } - - p->argtype = argtype; - - if(p->data.val) - { - p->next = *cfg; - *cfg = p; -cp - return p; - } - else - { - free(p); -cp - return NULL; - } + /* give priority to command line options */ + result = !b->file - !a->file; + if (result) + return result; + + result = a->line - b->line; + + if(result) + return result; + else + return a->file ? strcmp(a->file, b->file) : 0; +} + +void init_configuration(avl_tree_t ** config_tree) { + *config_tree = avl_alloc_tree((avl_compare_t) config_compare, (avl_action_t) free_config); +} + +void exit_configuration(avl_tree_t ** config_tree) { + avl_delete_tree(*config_tree); + *config_tree = NULL; +} + +config_t *new_config(void) { + return xmalloc_and_zero(sizeof(config_t)); +} + +void free_config(config_t *cfg) { + if(cfg->variable) + free(cfg->variable); + + if(cfg->value) + free(cfg->value); + + if(cfg->file) + free(cfg->file); + + free(cfg); +} + +void config_add(avl_tree_t *config_tree, config_t *cfg) { + avl_insert(config_tree, cfg); +} + +config_t *lookup_config(const avl_tree_t *config_tree, char *variable) { + config_t cfg, *found; + + cfg.variable = variable; + cfg.file = NULL; + cfg.line = 0; + + found = avl_search_closest_greater(config_tree, &cfg); + + if(!found) + return NULL; + + if(strcasecmp(found->variable, variable)) + return NULL; + + return found; +} + +config_t *lookup_config_next(const avl_tree_t *config_tree, const config_t *cfg) { + avl_node_t *node; + config_t *found; + + node = avl_search_node(config_tree, cfg); + + if(node) { + if(node->next) { + found = node->next->data; + + if(!strcasecmp(found->variable, cfg->variable)) + return found; + } + } + + return NULL; +} + +bool get_config_bool(const config_t *cfg, bool *result) { + if(!cfg) + return false; + + if(!strcasecmp(cfg->value, "yes")) { + *result = true; + return true; + } else if(!strcasecmp(cfg->value, "no")) { + *result = false; + return true; + } + + logger(LOG_ERR, "\"yes\" or \"no\" expected for configuration variable %s in %s line %d", + cfg->variable, cfg->file, cfg->line); + + return false; +} + +bool get_config_int(const config_t *cfg, int *result) { + if(!cfg) + return false; + + if(sscanf(cfg->value, "%d", result) == 1) + return true; + + logger(LOG_ERR, "Integer expected for configuration variable %s in %s line %d", + cfg->variable, cfg->file, cfg->line); + + return false; +} + +bool get_config_string(const config_t *cfg, char **result) { + if(!cfg) + return false; + + *result = xstrdup(cfg->value); + + return true; +} + +bool get_config_address(const config_t *cfg, struct addrinfo **result) { + struct addrinfo *ai; + + if(!cfg) + return false; + + ai = str2addrinfo(cfg->value, NULL, 0); + + if(ai) { + *result = ai; + return true; + } + + logger(LOG_ERR, "Hostname or IP address expected for configuration variable %s in %s line %d", + cfg->variable, cfg->file, cfg->line); + + return false; +} + +bool get_config_subnet(const config_t *cfg, subnet_t ** result) { + subnet_t subnet = {NULL}; + + if(!cfg) + return false; + + if(!str2net(&subnet, cfg->value)) { + logger(LOG_ERR, "Subnet expected for configuration variable %s in %s line %d", + cfg->variable, cfg->file, cfg->line); + return false; + } + + /* Teach newbies what subnets are... */ + + if(((subnet.type == SUBNET_IPV4) + && !maskcheck(&subnet.net.ipv4.address, subnet.net.ipv4.prefixlength, sizeof(ipv4_t))) + || ((subnet.type == SUBNET_IPV6) + && !maskcheck(&subnet.net.ipv6.address, subnet.net.ipv6.prefixlength, sizeof(ipv6_t)))) { + logger(LOG_ERR, "Network address and prefix length do not match for configuration variable %s in %s line %d", + cfg->variable, cfg->file, cfg->line); + return false; + } + + *(*result = new_subnet()) = subnet; + + return true; } /* - Read exactly one line and strip the trailing newline if any. If the - file was on EOF, return NULL. Otherwise, return all the data in a - dynamically allocated buffer. - - If line is non-NULL, it will be used as an initial buffer, to avoid - unnecessary mallocing each time this function is called. If buf is - given, and buf needs to be expanded, the var pointed to by buflen - will be increased. + Read exactly one line and strip the trailing newline if any. */ -char *readline(FILE *fp, char **buf, size_t *buflen) -{ - char *newline = NULL; - char *p; - char *line; /* The array that contains everything that has been read - so far */ - char *idx; /* Read into this pointer, which points to an offset - within line */ - size_t size, newsize; /* The size of the current array pointed to by - line */ - size_t maxlen; /* Maximum number of characters that may be read with - fgets. This is newsize - oldsize. */ - - if(feof(fp)) - return NULL; - - if((buf != NULL) && (buflen != NULL)) - { - size = *buflen; - line = *buf; - } - else - { - size = 100; - line = xmalloc(size); - } - - maxlen = size; - idx = line; - *idx = 0; - for(;;) - { - errno = 0; - p = fgets(idx, maxlen, fp); - if(p == NULL) /* EOF or error */ - { - if(feof(fp)) - break; - - /* otherwise: error; let the calling function print an error - message if applicable */ - free(line); - return NULL; - } +static char *readline(FILE * fp, char *buf, size_t buflen) { + char *newline = NULL; + char *p; + + if(feof(fp)) + return NULL; + + p = fgets(buf, buflen, fp); + + if(!p) + return NULL; + + newline = strchr(p, '\n'); - newline = strchr(p, '\n'); - if(newline == NULL) - /* We haven't yet read everything to the end of the line */ - { - newsize = size << 1; - line = xrealloc(line, newsize); - idx = &line[size - 1]; - maxlen = newsize - size + 1; - size = newsize; + if(!newline) + return buf; + + *newline = '\0'; /* kill newline */ + if(newline > p && newline[-1] == '\r') /* and carriage return if necessary */ + newline[-1] = '\0'; + + return buf; +} + +config_t *parse_config_line(char *line, const char *fname, int lineno) { + config_t *cfg; + int len; + char *variable, *value, *eol; + variable = value = line; + + eol = line + strlen(line); + while(strchr("\t ", *--eol)) + *eol = '\0'; + + len = strcspn(value, "\t ="); + value += len; + value += strspn(value, "\t "); + if(*value == '=') { + value++; + value += strspn(value, "\t "); } - else - { - *newline = '\0'; /* kill newline */ - break; /* yay */ + variable[len] = '\0'; + + if(!*value) { + const char err[] = "No value for variable"; + if (fname) + logger(LOG_ERR, "%s `%s' on line %d while reading config file %s", + err, variable, lineno, fname); + else + logger(LOG_ERR, "%s `%s' in command line option %d", + err, variable, lineno); + return NULL; } - } - - if((buf != NULL) && (buflen != NULL)) - { - *buflen = size; - *buf = line; - } - return line; + + cfg = new_config(); + cfg->variable = xstrdup(variable); + cfg->value = xstrdup(value); + cfg->file = fname ? xstrdup(fname) : NULL; + cfg->line = lineno; + + return cfg; } /* Parse a configuration file and put the results in the configuration tree starting at *base. */ -int read_config_file(config_t **base, const char *fname) -{ - int err = -2; /* Parse error */ - FILE *fp; - char *buffer, *line; - char *p, *q; - int i, lineno = 0; - config_t *cfg; - size_t bufsize; - -cp - if((fp = fopen (fname, "r")) == NULL) - { - syslog(LOG_ERR, _("Cannot open config file %s: %m"), fname); - return -1; - } - - bufsize = 100; - buffer = xmalloc(bufsize); - - for(;;) - { - - if((line = readline(fp, &buffer, &bufsize)) == NULL) - { - err = -1; - break; +bool read_config_file(avl_tree_t *config_tree, const char *fname) { + FILE *fp; + char buffer[MAX_STRING_SIZE]; + char *line; + int lineno = 0; + bool ignore = false; + config_t *cfg; + bool result = false; + + fp = fopen(fname, "r"); + + if(!fp) { + logger(LOG_ERR, "Cannot open config file %s: %s", fname, strerror(errno)); + return false; } - if(feof(fp)) - { - err = 0; - break; + for(;;) { + line = readline(fp, buffer, sizeof buffer); + + if(!line) { + if(feof(fp)) + result = true; + break; + } + + lineno++; + + if(!*line || *line == '#') + continue; + + if(ignore) { + if(!strncmp(line, "-----END", 8)) + ignore = false; + continue; + } + + if(!strncmp(line, "-----BEGIN", 10)) { + ignore = true; + continue; + } + + cfg = parse_config_line(line, fname, lineno); + if (!cfg) + break; + config_add(config_tree, cfg); } - lineno++; + fclose(fp); - if((p = strtok(line, "\t =")) == NULL) - continue; /* no tokens on this line */ + return result; +} - if(p[0] == '#') - continue; /* comment: ignore */ +void read_config_options(avl_tree_t *config_tree, const char *prefix) { + list_node_t *node, *next; + size_t prefix_len = prefix ? strlen(prefix) : 0; + + for(node = cmdline_conf->tail; node; node = next) { + config_t *orig_cfg, *cfg = (config_t *)node->data; + next = node->prev; + + if(!prefix) { + if(strchr(cfg->variable, '.')) + continue; + node->data = NULL; + list_unlink_node(cmdline_conf, node); + } else { + if(strncmp(prefix, cfg->variable, prefix_len) || + cfg->variable[prefix_len] != '.') + continue; + /* Because host configuration is parsed again when + reconnecting, nodes must not be freed when a prefix + is given. */ + orig_cfg = cfg; + cfg = new_config(); + cfg->variable = xstrdup(orig_cfg->variable + prefix_len + 1); + cfg->value = xstrdup(orig_cfg->value); + cfg->file = NULL; + cfg->line = orig_cfg->line; + } + config_add(config_tree, cfg); + } +} - for(i = 0; hazahaza[i].name != NULL; i++) - if(!strcasecmp(hazahaza[i].name, p)) - break; +bool read_server_config(void) { + char *fname; + bool x; - if(!hazahaza[i].name) - { - syslog(LOG_ERR, _("Invalid variable name `%s' on line %d while reading config file %s"), - p, lineno, fname); - break; - } + read_config_options(config_tree, NULL); - if(((q = strtok(NULL, "\t\n\r =")) == NULL) || q[0] == '#') - { - syslog(LOG_ERR, _("No value for variable `%s' on line %d while reading config file %s"), - hazahaza[i].name, lineno, fname); - break; - } + xasprintf(&fname, "%s/tinc.conf", confbase); + x = read_config_file(config_tree, fname); - cfg = add_config_val(base, hazahaza[i].argtype, q); - if(cfg == NULL) - { - syslog(LOG_ERR, _("Invalid value for variable `%s' on line %d while reading config file %s"), - hazahaza[i].name, lineno, fname); - break; + if(!x) { /* System error: complain */ + logger(LOG_ERR, "Failed to read `%s': %s", fname, strerror(errno)); } - cfg->which = hazahaza[i].which; - if(!config) - config = cfg; - } + free(fname); - free(buffer); - fclose (fp); -cp - return err; + return x; } -int read_server_config() -{ - char *fname; - int x; -cp - asprintf(&fname, "%s/tinc.conf", confbase); - x = read_config_file(&config, fname); - if(x == -1) /* System error */ - { - syslog(LOG_ERR, _("Failed to read `%s': %m"), - fname); - } - free(fname); -cp - return x; -} +bool read_connection_config(connection_t *c) { + char *fname; + bool x; -/* - Look up the value of the config option type -*/ -const config_t *get_config_val(config_t *p, which_t type) -{ -cp - for(; p != NULL; p = p->next) - if(p->which == type) - break; -cp - return p; -} + read_config_options(c->config_tree, c->name); -/* - Remove the complete configuration tree. -*/ -void clear_config(config_t **base) -{ - config_t *p, *next; -cp - for(p = *base; p != NULL; p = next) - { - next = p->next; - if(p->data.ptr && (p->argtype == TYPE_NAME)) - { - free(p->data.ptr); - } - free(p); - } - *base = NULL; -cp + xasprintf(&fname, "%s/hosts/%s", confbase, c->name); + x = read_config_file(c->config_tree, fname); + free(fname); + + return x; } -int isadir(const char* f) -{ - struct stat s; +static void disable_old_keys(const char *filename) { + char tmpfile[PATH_MAX] = ""; + char buf[1024]; + bool disabled = false; + FILE *r, *w; + + r = fopen(filename, "r"); + if(!r) + return; + + snprintf(tmpfile, sizeof tmpfile, "%s.tmp", filename); + + w = fopen(tmpfile, "w"); + + while(fgets(buf, sizeof buf, r)) { + if(!strncmp(buf, "-----BEGIN RSA", 14)) { + buf[11] = 'O'; + buf[12] = 'L'; + buf[13] = 'D'; + disabled = true; + } + else if(!strncmp(buf, "-----END RSA", 12)) { + buf[ 9] = 'O'; + buf[10] = 'L'; + buf[11] = 'D'; + disabled = true; + } + if(w && fputs(buf, w) < 0) { + disabled = false; + break; + } + } - if(stat(f, &s) < 0) - return 0; - else - return S_ISDIR(s.st_mode); -} + if(w) + fclose(w); + fclose(r); -int is_safe_path(const char *file) -{ - char *p; - const char *f; - char x; - struct stat s; - char l[MAXBUFSIZE]; - - if(*file != '/') - { - syslog(LOG_ERR, _("`%s' is not an absolute path"), file); - return 0; - } - - p = strrchr(file, '/'); - - if(p == file) /* It's in the root */ - p++; - - x = *p; - *p = '\0'; - - f = file; -check1: - if(lstat(f, &s) < 0) - { - syslog(LOG_ERR, _("Couldn't stat `%s': %m"), - f); - return 0; - } - - if(s.st_uid != geteuid()) - { - syslog(LOG_ERR, _("`%s' is owned by UID %d instead of %d"), - f, s.st_uid, geteuid()); - return 0; - } - - if(S_ISLNK(s.st_mode)) - { - syslog(LOG_WARNING, _("Warning: `%s' is a symlink"), - f); - - if(readlink(f, l, MAXBUFSIZE) < 0) - { - syslog(LOG_ERR, _("Unable to read symbolic link `%s': %m"), f); - return 0; - } - - f = l; - goto check1; - } - - *p = x; - f = file; - -check2: - if(lstat(f, &s) < 0 && errno != ENOENT) - { - syslog(LOG_ERR, _("Couldn't stat `%s': %m"), - f); - return 0; - } - - if(errno == ENOENT) - return 1; - - if(s.st_uid != geteuid()) - { - syslog(LOG_ERR, _("`%s' is owned by UID %d instead of %d"), - f, s.st_uid, geteuid()); - return 0; - } - - if(S_ISLNK(s.st_mode)) - { - syslog(LOG_WARNING, _("Warning: `%s' is a symlink"), - f); - - if(readlink(f, l, MAXBUFSIZE) < 0) - { - syslog(LOG_ERR, _("Unable to read symbolic link `%s': %m"), f); - return 0; - } - - f = l; - goto check2; - } - - if(s.st_mode & 0007) - { - /* Accessible by others */ - syslog(LOG_ERR, _("`%s' has unsecure permissions"), - f); - return 0; - } - - return 1; + if(!w && disabled) { + fprintf(stderr, "Warning: old key(s) found, remove them by hand!\n"); + return; + } + + if(disabled) { +#ifdef HAVE_MINGW + // We cannot atomically replace files on Windows. + char bakfile[PATH_MAX] = ""; + snprintf(bakfile, sizeof bakfile, "%s.bak", filename); + if(rename(filename, bakfile) || rename(tmpfile, filename)) { + rename(bakfile, filename); +#else + if(rename(tmpfile, filename)) { +#endif + fprintf(stderr, "Warning: old key(s) found, remove them by hand!\n"); + } else { +#ifdef HAVE_MINGW + unlink(bakfile); +#endif + fprintf(stderr, "Warning: old key(s) found and disabled.\n"); + } + } + + unlink(tmpfile); } -FILE *ask_and_safe_open(const char* filename, const char* what) -{ - FILE *r; - char *directory; - char *fn; - - /* Check stdin and stdout */ - if(!isatty(0) || !isatty(1)) - { - /* Argh, they are running us from a script or something. Write - the files to the current directory and let them burn in hell - for ever. */ - fn = xstrdup(filename); - } - else - { - /* Ask for a file and/or directory name. */ - fprintf(stdout, _("Please enter a file to save %s to [%s]: "), - what, filename); - fflush(stdout); - - if((fn = readline(stdin, NULL, NULL)) == NULL) - { - fprintf(stderr, _("Error while reading stdin: %m\n")); - return NULL; +FILE *ask_and_open(const char *filename, const char *what) { + FILE *r; + char *directory; + char line[PATH_MAX]; + const char *fn; + + /* Check stdin and stdout */ + if(!isatty(0) || !isatty(1)) { + /* Argh, they are running us from a script or something. Write + the files to the current directory and let them burn in hell + for ever. */ + fn = filename; + } else { + /* Ask for a file and/or directory name. */ + fprintf(stdout, "Please enter a file to save %s to [%s]: ", + what, filename); + fflush(stdout); + + fn = readline(stdin, line, sizeof line); + + if(!fn) { + fprintf(stderr, "Error while reading stdin: %s\n", + strerror(errno)); + return NULL; + } + + if(!strlen(fn)) + /* User just pressed enter. */ + fn = filename; } - if(strlen(fn) == 0) - /* User just pressed enter. */ - fn = xstrdup(filename); - } - - if((strchr(fn, '/') == NULL) || (fn[0] != '/')) - { - /* The directory is a relative path or a filename. */ - char *p; - - directory = get_current_dir_name(); - asprintf(&p, "%s/%s", directory, fn); - free(fn); - free(directory); - fn = p; - } - - umask(0077); /* Disallow everything for group and other */ - - /* Open it first to keep the inode busy */ - if((r = fopen(fn, "w")) == NULL) - { - fprintf(stderr, _("Error opening file `%s': %m\n"), - fn); - free(fn); - return NULL; - } - - /* Then check the file for nasty attacks */ - if(!is_safe_path(fn)) /* Do not permit any directories that are - readable or writeable by other users. */ - { - fprintf(stderr, _("The file `%s' (or any of the leading directories) has unsafe permissions.\n" - "I will not create or overwrite this file.\n"), - fn); - fclose(r); - free(fn); - return NULL; - } - - free(fn); - - return r; +#ifdef HAVE_MINGW + if(fn[0] != '\\' && fn[0] != '/' && !strchr(fn, ':')) { +#else + if(fn[0] != '/') { +#endif + /* The directory is a relative path or a filename. */ + char *p; + + directory = get_current_dir_name(); + xasprintf(&p, "%s/%s", directory, fn); + free(directory); + fn = p; + } + + umask(0077); /* Disallow everything for group and other */ + + disable_old_keys(fn); + + /* Open it first to keep the inode busy */ + + r = fopen(fn, "a"); + + if(!r) { + fprintf(stderr, "Error opening file `%s': %s\n", + fn, strerror(errno)); + return NULL; + } + + return r; } + +