X-Git-Url: https://tinc-vpn.org/git/browse?p=tinc;a=blobdiff_plain;f=src%2Fconf.c;h=d34a087c764f3fb7e0c5bcfe5fa37ec10964c381;hp=ef1ee50f4e53705bf92fb28d1952c9a33ad9f4d3;hb=eefa28059ab989c915a7d95fb4ae728abd7ce713;hpb=0b9175e998c2180e5d73ef3d644a49d620c68cad

diff --git a/src/conf.c b/src/conf.c
index ef1ee50f..d34a087c 100644
--- a/src/conf.c
+++ b/src/conf.c
@@ -1,8 +1,8 @@
 /*
     conf.c -- configuration code
     Copyright (C) 1998 Robert van der Meulen
-                  1998-2002 Ivo Timmermans <ivo@o2w.nl>
-                  2000-2002 Guus Sliepen <guus@sliepen.eu.org>
+                  1998-2003 Ivo Timmermans <ivo@o2w.nl>
+                  2000-2003 Guus Sliepen <guus@sliepen.eu.org>
 		  2000 Cris van Pelt <tribbel@arise.dhs.org>
 
     This program is free software; you can redistribute it and/or modify
@@ -19,31 +19,17 @@
     along with this program; if not, write to the Free Software
     Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
 
-    $Id: conf.c,v 1.9.4.62 2003/07/06 22:11:31 guus Exp $
+    $Id: conf.c,v 1.9.4.68 2003/07/22 20:55:19 guus Exp $
 */
 
-#include "config.h"
-
-#include <ctype.h>
-#include <errno.h>
-#include <netdb.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <sys/stat.h>
-#include <sys/types.h>
-#include <unistd.h>
-#include <string.h>
-
-#include <xalloc.h>
-#include <utils.h>				/* for cp */
-#include <avl_tree.h>
+#include "system.h"
 
+#include "avl_tree.h"
 #include "conf.h"
-#include "netutl.h"				/* for str2address */
 #include "logger.h"
-
-#include "system.h"
+#include "netutl.h"				/* for str2address */
+#include "utils.h"				/* for cp */
+#include "xalloc.h"
 
 avl_tree_t *config_tree;
 
@@ -51,7 +37,7 @@ int pingtimeout = 0;			/* seconds before timeout */
 char *confbase = NULL;			/* directory in which all config files are */
 char *netname = NULL;			/* name of the vpn network */
 
-int config_compare(config_t *a, config_t *b)
+static int config_compare(config_t *a, config_t *b)
 {
 	int result;
 
@@ -155,109 +141,109 @@ config_t *lookup_config_next(avl_tree_t *config_tree, config_t *cfg)
 	return NULL;
 }
 
-int get_config_bool(config_t *cfg, int *result)
+bool get_config_bool(config_t *cfg, bool *result)
 {
 	cp();
 
 	if(!cfg)
-		return 0;
+		return false;
 
 	if(!strcasecmp(cfg->value, "yes")) {
-		*result = 1;
-		return 1;
+		*result = true;
+		return true;
 	} else if(!strcasecmp(cfg->value, "no")) {
-		*result = 0;
-		return 1;
+		*result = false;
+		return true;
 	}
 
-	logger(DEBUG_ALWAYS, LOG_ERR, _("\"yes\" or \"no\" expected for configuration variable %s in %s line %d"),
+	logger(LOG_ERR, _("\"yes\" or \"no\" expected for configuration variable %s in %s line %d"),
 		   cfg->variable, cfg->file, cfg->line);
 
-	return 0;
+	return false;
 }
 
-int get_config_int(config_t *cfg, int *result)
+bool get_config_int(config_t *cfg, int *result)
 {
 	cp();
 
 	if(!cfg)
-		return 0;
+		return false;
 
 	if(sscanf(cfg->value, "%d", result) == 1)
-		return 1;
+		return true;
 
-	logger(DEBUG_ALWAYS, LOG_ERR, _("Integer expected for configuration variable %s in %s line %d"),
+	logger(LOG_ERR, _("Integer expected for configuration variable %s in %s line %d"),
 		   cfg->variable, cfg->file, cfg->line);
 
-	return 0;
+	return false;
 }
 
-int get_config_string(config_t *cfg, char **result)
+bool get_config_string(config_t *cfg, char **result)
 {
 	cp();
 
 	if(!cfg)
-		return 0;
+		return false;
 
 	*result = xstrdup(cfg->value);
 
-	return 1;
+	return true;
 }
 
-int get_config_address(config_t *cfg, struct addrinfo **result)
+bool get_config_address(config_t *cfg, struct addrinfo **result)
 {
 	struct addrinfo *ai;
 
 	cp();
 
 	if(!cfg)
-		return 0;
+		return false;
 
 	ai = str2addrinfo(cfg->value, NULL, 0);
 
 	if(ai) {
 		*result = ai;
-		return 1;
+		return true;
 	}
 
-	logger(DEBUG_ALWAYS, LOG_ERR, _("Hostname or IP address expected for configuration variable %s in %s line %d"),
+	logger(LOG_ERR, _("Hostname or IP address expected for configuration variable %s in %s line %d"),
 		   cfg->variable, cfg->file, cfg->line);
 
-	return 0;
+	return false;
 }
 
-int get_config_subnet(config_t *cfg, subnet_t ** result)
+bool get_config_subnet(config_t *cfg, subnet_t ** result)
 {
 	subnet_t *subnet;
 
 	cp();
 
 	if(!cfg)
-		return 0;
+		return false;
 
 	subnet = str2net(cfg->value);
 
 	if(!subnet) {
-		logger(DEBUG_ALWAYS, LOG_ERR, _("Subnet expected for configuration variable %s in %s line %d"),
+		logger(LOG_ERR, _("Subnet expected for configuration variable %s in %s line %d"),
 			   cfg->variable, cfg->file, cfg->line);
-		return 0;
+		return false;
 	}
 
 	/* Teach newbies what subnets are... */
 
 	if(((subnet->type == SUBNET_IPV4)
-		&& maskcheck(&subnet->net.ipv4.address, subnet->net.ipv4.prefixlength, sizeof(ipv4_t)))
+		&& !maskcheck(&subnet->net.ipv4.address, subnet->net.ipv4.prefixlength, sizeof(ipv4_t)))
 		|| ((subnet->type == SUBNET_IPV6)
-		&& maskcheck(&subnet->net.ipv6.address, subnet->net.ipv6.prefixlength, sizeof(ipv6_t)))) {
-		logger(DEBUG_ALWAYS, LOG_ERR, _ ("Network address and prefix length do not match for configuration variable %s in %s line %d"),
+		&& !maskcheck(&subnet->net.ipv6.address, subnet->net.ipv6.prefixlength, sizeof(ipv6_t)))) {
+		logger(LOG_ERR, _ ("Network address and prefix length do not match for configuration variable %s in %s line %d"),
 			   cfg->variable, cfg->file, cfg->line);
 		free(subnet);
-		return 0;
+		return false;
 	}
 
 	*result = subnet;
 
-	return 1;
+	return true;
 }
 
 /*
@@ -270,7 +256,7 @@ int get_config_subnet(config_t *cfg, subnet_t ** result)
   given, and buf needs to be expanded, the var pointed to by buflen
   will be increased.
 */
-char *readline(FILE * fp, char **buf, size_t *buflen)
+static char *readline(FILE * fp, char **buf, size_t *buflen)
 {
 	char *newline = NULL;
 	char *p;
@@ -339,7 +325,8 @@ int read_config_file(avl_tree_t *config_tree, const char *fname)
 	FILE *fp;
 	char *buffer, *line;
 	char *variable, *value;
-	int lineno = 0, ignore = 0;
+	int lineno = 0;
+	bool ignore = false;
 	config_t *cfg;
 	size_t bufsize;
 
@@ -348,7 +335,7 @@ int read_config_file(avl_tree_t *config_tree, const char *fname)
 	fp = fopen(fname, "r");
 
 	if(!fp) {
-		logger(DEBUG_ALWAYS, LOG_ERR, _("Cannot open config file %s: %s"), fname,
+		logger(LOG_ERR, _("Cannot open config file %s: %s"), fname,
 			   strerror(errno));
 		return -3;
 	}
@@ -380,13 +367,13 @@ int read_config_file(avl_tree_t *config_tree, const char *fname)
 			continue;			/* comment: ignore */
 
 		if(!strcmp(variable, "-----BEGIN"))
-			ignore = 1;
+			ignore = true;
 
 		if(!ignore) {
 			value = strtok(NULL, "\t\n\r =");
 
 			if(!value || value[0] == '#') {
-				logger(DEBUG_ALWAYS, LOG_ERR, _("No value for variable `%s' on line %d while reading config file %s"),
+				logger(LOG_ERR, _("No value for variable `%s' on line %d while reading config file %s"),
 					   variable, lineno, fname);
 				break;
 			}
@@ -401,7 +388,7 @@ int read_config_file(avl_tree_t *config_tree, const char *fname)
 		}
 
 		if(!strcmp(variable, "-----END"))
-			ignore = 0;
+			ignore = false;
 	}
 
 	free(buffer);
@@ -410,7 +397,7 @@ int read_config_file(avl_tree_t *config_tree, const char *fname)
 	return err;
 }
 
-int read_server_config()
+bool read_server_config()
 {
 	char *fname;
 	int x;
@@ -421,26 +408,17 @@ int read_server_config()
 	x = read_config_file(config_tree, fname);
 
 	if(x == -1) {				/* System error: complain */
-		logger(DEBUG_ALWAYS, LOG_ERR, _("Failed to read `%s': %s"), fname, strerror(errno));
+		logger(LOG_ERR, _("Failed to read `%s': %s"), fname, strerror(errno));
 	}
 
 	free(fname);
 
-	return x;
+	return x == 0;
 }
 
-int isadir(const char *f)
-{
-	struct stat s;
-
-	if(stat(f, &s) < 0)
-		return 0;
-	else
-		return S_ISDIR(s.st_mode);
-}
-
-int is_safe_path(const char *file)
+bool is_safe_path(const char *file)
 {
+#if !(defined(HAVE_CYGWIN) || defined(HAVE_MINGW))
 	char *p;
 	const char *f;
 	char x;
@@ -448,8 +426,8 @@ int is_safe_path(const char *file)
 	char l[MAXBUFSIZE];
 
 	if(*file != '/') {
-		logger(DEBUG_ALWAYS, LOG_ERR, _("`%s' is not an absolute path"), file);
-		return 0;
+		logger(LOG_ERR, _("`%s' is not an absolute path"), file);
+		return false;
 	}
 
 	p = strrchr(file, '/');
@@ -464,23 +442,23 @@ int is_safe_path(const char *file)
 
 check1:
 	if(lstat(f, &s) < 0) {
-		logger(DEBUG_ALWAYS, LOG_ERR, _("Couldn't stat `%s': %s"), f, strerror(errno));
-		return 0;
+		logger(LOG_ERR, _("Couldn't stat `%s': %s"), f, strerror(errno));
+		return false;
 	}
 
 	if(s.st_uid != geteuid()) {
-		logger(DEBUG_ALWAYS, LOG_ERR, _("`%s' is owned by UID %d instead of %d"),
+		logger(LOG_ERR, _("`%s' is owned by UID %d instead of %d"),
 			   f, s.st_uid, geteuid());
-		return 0;
+		return false;
 	}
 
 	if(S_ISLNK(s.st_mode)) {
-		logger(DEBUG_ALWAYS, LOG_WARNING, _("Warning: `%s' is a symlink"), f);
+		logger(LOG_WARNING, _("Warning: `%s' is a symlink"), f);
 
 		if(readlink(f, l, MAXBUFSIZE) < 0) {
-			logger(DEBUG_ALWAYS, LOG_ERR, _("Unable to read symbolic link `%s': %s"), f,
+			logger(LOG_ERR, _("Unable to read symbolic link `%s': %s"), f,
 				   strerror(errno));
-			return 0;
+			return false;
 		}
 
 		f = l;
@@ -492,26 +470,26 @@ check1:
 
 check2:
 	if(lstat(f, &s) < 0 && errno != ENOENT) {
-		logger(DEBUG_ALWAYS, LOG_ERR, _("Couldn't stat `%s': %s"), f, strerror(errno));
-		return 0;
+		logger(LOG_ERR, _("Couldn't stat `%s': %s"), f, strerror(errno));
+		return false;
 	}
 
 	if(errno == ENOENT)
-		return 1;
+		return true;
 
 	if(s.st_uid != geteuid()) {
-		logger(DEBUG_ALWAYS, LOG_ERR, _("`%s' is owned by UID %d instead of %d"),
+		logger(LOG_ERR, _("`%s' is owned by UID %d instead of %d"),
 			   f, s.st_uid, geteuid());
-		return 0;
+		return false;
 	}
 
 	if(S_ISLNK(s.st_mode)) {
-		logger(DEBUG_ALWAYS, LOG_WARNING, _("Warning: `%s' is a symlink"), f);
+		logger(LOG_WARNING, _("Warning: `%s' is a symlink"), f);
 
 		if(readlink(f, l, MAXBUFSIZE) < 0) {
-			logger(DEBUG_ALWAYS, LOG_ERR, _("Unable to read symbolic link `%s': %s"), f,
+			logger(LOG_ERR, _("Unable to read symbolic link `%s': %s"), f,
 				   strerror(errno));
-			return 0;
+			return false;
 		}
 
 		f = l;
@@ -520,15 +498,15 @@ check2:
 
 	if(s.st_mode & 0007) {
 		/* Accessible by others */
-		logger(DEBUG_ALWAYS, LOG_ERR, _("`%s' has unsecure permissions"), f);
-		return 0;
+		logger(LOG_ERR, _("`%s' has unsecure permissions"), f);
+		return false;
 	}
+#endif
 
-	return 1;
+	return true;
 }
 
-FILE *ask_and_safe_open(const char *filename, const char *what,
-						const char *mode)
+FILE *ask_and_safe_open(const char *filename, const char *what, bool safe, const char *mode)
 {
 	FILE *r;
 	char *directory;
@@ -584,12 +562,14 @@ FILE *ask_and_safe_open(const char *filename, const char *what,
 	}
 
 	/* Then check the file for nasty attacks */
-	if(!is_safe_path(fn)) {		/* Do not permit any directories that are readable or writeable by other users. */
-		fprintf(stderr, _("The file `%s' (or any of the leading directories) has unsafe permissions.\n"
-				 "I will not create or overwrite this file.\n"), fn);
-		fclose(r);
-		free(fn);
-		return NULL;
+	if(safe) {
+		if(!is_safe_path(fn)) {		/* Do not permit any directories that are readable or writeable by other users. */
+			fprintf(stderr, _("The file `%s' (or any of the leading directories) has unsafe permissions.\n"
+					 "I will not create or overwrite this file.\n"), fn);
+			fclose(r);
+			free(fn);
+			return NULL;
+		}
 	}
 
 	free(fn);