123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602 |
- /*
- conf.c -- configuration code
- Copyright (C) 1998 Robert van der Meulen
- 1998-2005 Ivo Timmermans
- 2000-2014 Guus Sliepen <guus@tinc-vpn.org>
- 2010-2011 Julien Muchembled <jm@jmuchemb.eu>
- 2000 Cris van Pelt
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
- (at your option) any later version.
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
- You should have received a copy of the GNU General Public License along
- with this program; if not, write to the Free Software Foundation, Inc.,
- 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
- */
- #include "system.h"
- #include "avl_tree.h"
- #include "connection.h"
- #include "conf.h"
- #include "list.h"
- #include "logger.h"
- #include "netutl.h" /* for str2address */
- #include "protocol.h"
- #include "utils.h" /* for cp */
- #include "xalloc.h"
- avl_tree_t *config_tree;
- int pinginterval = 0; /* seconds between pings */
- int pingtimeout = 0; /* seconds to wait for response */
- char *confbase = NULL; /* directory in which all config files are */
- char *netname = NULL; /* name of the vpn network */
- list_t *cmdline_conf = NULL; /* global/host configuration values given at the command line */
- static int config_compare(const config_t *a, const config_t *b) {
- int result;
- result = strcasecmp(a->variable, b->variable);
- if(result) {
- return result;
- }
- /* give priority to command line options */
- result = !b->file - !a->file;
- if(result) {
- return result;
- }
- result = a->line - b->line;
- if(result) {
- return result;
- } else {
- return a->file ? strcmp(a->file, b->file) : 0;
- }
- }
- void init_configuration(avl_tree_t **config_tree) {
- *config_tree = avl_alloc_tree((avl_compare_t) config_compare, (avl_action_t) free_config);
- }
- void exit_configuration(avl_tree_t **config_tree) {
- avl_delete_tree(*config_tree);
- *config_tree = NULL;
- }
- config_t *new_config(void) {
- return xmalloc_and_zero(sizeof(config_t));
- }
- void free_config(config_t *cfg) {
- free(cfg->variable);
- free(cfg->value);
- free(cfg->file);
- free(cfg);
- }
- void config_add(avl_tree_t *config_tree, config_t *cfg) {
- avl_insert(config_tree, cfg);
- }
- config_t *lookup_config(const avl_tree_t *config_tree, char *variable) {
- config_t cfg, *found;
- cfg.variable = variable;
- cfg.file = NULL;
- cfg.line = 0;
- found = avl_search_closest_greater(config_tree, &cfg);
- if(!found) {
- return NULL;
- }
- if(strcasecmp(found->variable, variable)) {
- return NULL;
- }
- return found;
- }
- config_t *lookup_config_next(const avl_tree_t *config_tree, const config_t *cfg) {
- avl_node_t *node;
- config_t *found;
- node = avl_search_node(config_tree, cfg);
- if(node) {
- if(node->next) {
- found = node->next->data;
- if(!strcasecmp(found->variable, cfg->variable)) {
- return found;
- }
- }
- }
- return NULL;
- }
- bool get_config_bool(const config_t *cfg, bool *result) {
- if(!cfg) {
- return false;
- }
- if(!strcasecmp(cfg->value, "yes")) {
- *result = true;
- return true;
- } else if(!strcasecmp(cfg->value, "no")) {
- *result = false;
- return true;
- }
- logger(LOG_ERR, "\"yes\" or \"no\" expected for configuration variable %s in %s line %d",
- cfg->variable, cfg->file, cfg->line);
- return false;
- }
- bool get_config_int(const config_t *cfg, int *result) {
- if(!cfg) {
- return false;
- }
- if(sscanf(cfg->value, "%d", result) == 1) {
- return true;
- }
- logger(LOG_ERR, "Integer expected for configuration variable %s in %s line %d",
- cfg->variable, cfg->file, cfg->line);
- return false;
- }
- bool get_config_string(const config_t *cfg, char **result) {
- if(!cfg) {
- return false;
- }
- *result = xstrdup(cfg->value);
- return true;
- }
- bool get_config_address(const config_t *cfg, struct addrinfo **result) {
- struct addrinfo *ai;
- if(!cfg) {
- return false;
- }
- ai = str2addrinfo(cfg->value, NULL, 0);
- if(ai) {
- *result = ai;
- return true;
- }
- logger(LOG_ERR, "Hostname or IP address expected for configuration variable %s in %s line %d",
- cfg->variable, cfg->file, cfg->line);
- return false;
- }
- bool get_config_subnet(const config_t *cfg, subnet_t **result) {
- subnet_t subnet = {0};
- if(!cfg) {
- return false;
- }
- if(!str2net(&subnet, cfg->value)) {
- logger(LOG_ERR, "Subnet expected for configuration variable %s in %s line %d",
- cfg->variable, cfg->file, cfg->line);
- return false;
- }
- /* Teach newbies what subnets are... */
- if(((subnet.type == SUBNET_IPV4)
- && !maskcheck(&subnet.net.ipv4.address, subnet.net.ipv4.prefixlength, sizeof(ipv4_t)))
- || ((subnet.type == SUBNET_IPV6)
- && !maskcheck(&subnet.net.ipv6.address, subnet.net.ipv6.prefixlength, sizeof(ipv6_t)))) {
- logger(LOG_ERR, "Network address and prefix length do not match for configuration variable %s in %s line %d",
- cfg->variable, cfg->file, cfg->line);
- return false;
- }
- *(*result = new_subnet()) = subnet;
- return true;
- }
- /*
- Read exactly one line and strip the trailing newline if any.
- */
- static char *readline(FILE *fp, char *buf, size_t buflen) {
- char *newline = NULL;
- char *p;
- if(feof(fp)) {
- return NULL;
- }
- p = fgets(buf, buflen, fp);
- if(!p) {
- return NULL;
- }
- newline = strchr(p, '\n');
- if(!newline) {
- return buf;
- }
- *newline = '\0'; /* kill newline */
- if(newline > p && newline[-1] == '\r') { /* and carriage return if necessary */
- newline[-1] = '\0';
- }
- return buf;
- }
- config_t *parse_config_line(char *line, const char *fname, int lineno) {
- config_t *cfg;
- int len;
- char *variable, *value, *eol;
- variable = value = line;
- eol = line + strlen(line);
- while(strchr("\t ", *--eol)) {
- *eol = '\0';
- }
- len = strcspn(value, "\t =");
- value += len;
- value += strspn(value, "\t ");
- if(*value == '=') {
- value++;
- value += strspn(value, "\t ");
- }
- variable[len] = '\0';
- if(!*value) {
- const char err[] = "No value for variable";
- if(fname)
- logger(LOG_ERR, "%s `%s' on line %d while reading config file %s",
- err, variable, lineno, fname);
- else
- logger(LOG_ERR, "%s `%s' in command line option %d",
- err, variable, lineno);
- return NULL;
- }
- cfg = new_config();
- cfg->variable = xstrdup(variable);
- cfg->value = xstrdup(value);
- cfg->file = fname ? xstrdup(fname) : NULL;
- cfg->line = lineno;
- return cfg;
- }
- /*
- Parse a configuration file and put the results in the configuration tree
- starting at *base.
- */
- bool read_config_file(avl_tree_t *config_tree, const char *fname) {
- FILE *fp;
- char buffer[MAX_STRING_SIZE];
- char *line;
- int lineno = 0;
- bool ignore = false;
- config_t *cfg;
- bool result = false;
- fp = fopen(fname, "r");
- if(!fp) {
- logger(LOG_ERR, "Cannot open config file %s: %s", fname, strerror(errno));
- return false;
- }
- for(;;) {
- line = readline(fp, buffer, sizeof(buffer));
- if(!line) {
- if(feof(fp)) {
- result = true;
- }
- break;
- }
- lineno++;
- if(!*line || *line == '#') {
- continue;
- }
- if(ignore) {
- if(!strncmp(line, "-----END", 8)) {
- ignore = false;
- }
- continue;
- }
- if(!strncmp(line, "-----BEGIN", 10)) {
- ignore = true;
- continue;
- }
- cfg = parse_config_line(line, fname, lineno);
- if(!cfg) {
- break;
- }
- config_add(config_tree, cfg);
- }
- fclose(fp);
- return result;
- }
- void read_config_options(avl_tree_t *config_tree, const char *prefix) {
- size_t prefix_len = prefix ? strlen(prefix) : 0;
- for(const list_node_t *node = cmdline_conf->tail; node; node = node->prev) {
- const config_t *cfg = node->data;
- if(!prefix) {
- if(strchr(cfg->variable, '.')) {
- continue;
- }
- } else {
- if(strncmp(prefix, cfg->variable, prefix_len) ||
- cfg->variable[prefix_len] != '.') {
- continue;
- }
- }
- config_t *new = new_config();
- if(prefix) {
- new->variable = xstrdup(cfg->variable + prefix_len + 1);
- } else {
- new->variable = xstrdup(cfg->variable);
- }
- new->value = xstrdup(cfg->value);
- new->file = NULL;
- new->line = cfg->line;
- config_add(config_tree, new);
- }
- }
- bool read_server_config(void) {
- char fname[PATH_MAX];
- bool x;
- read_config_options(config_tree, NULL);
- snprintf(fname, sizeof(fname), "%s/tinc.conf", confbase);
- errno = 0;
- x = read_config_file(config_tree, fname);
- // We will try to read the conf files in the "conf.d" dir
- if(x) {
- char dname[PATH_MAX];
- snprintf(dname, sizeof(dname), "%s/conf.d", confbase);
- DIR *dir = opendir(dname);
- // If we can find this dir
- if(dir) {
- struct dirent *ep;
- // We list all the files in it
- while(x && (ep = readdir(dir))) {
- size_t l = strlen(ep->d_name);
- // And we try to read the ones that end with ".conf"
- if(l > 5 && !strcmp(".conf", & ep->d_name[ l - 5 ])) {
- if((size_t)snprintf(fname, sizeof(fname), "%s/%s", dname, ep->d_name) >= sizeof(fname)) {
- logger(LOG_ERR, "Pathname too long: %s/%s", dname, ep->d_name);
- return false;
- }
- x = read_config_file(config_tree, fname);
- }
- }
- closedir(dir);
- }
- }
- if(!x && errno) {
- logger(LOG_ERR, "Failed to read `%s': %s", fname, strerror(errno));
- }
- return x;
- }
- bool read_connection_config(connection_t *c) {
- char fname[PATH_MAX];
- bool x;
- read_config_options(c->config_tree, c->name);
- snprintf(fname, sizeof(fname), "%s/hosts/%s", confbase, c->name);
- x = read_config_file(c->config_tree, fname);
- return x;
- }
- static void disable_old_keys(const char *filename) {
- char tmpfile[PATH_MAX] = "";
- char buf[1024];
- bool disabled = false;
- FILE *r, *w;
- r = fopen(filename, "r");
- if(!r) {
- return;
- }
- int len = snprintf(tmpfile, sizeof(tmpfile), "%s.tmp", filename);
- if(len < 0 || len >= PATH_MAX) {
- fprintf(stderr, "Pathname too long: %s.tmp\n", filename);
- w = NULL;
- } else {
- w = fopen(tmpfile, "w");
- }
- while(fgets(buf, sizeof(buf), r)) {
- if(!strncmp(buf, "-----BEGIN RSA", 14)) {
- buf[11] = 'O';
- buf[12] = 'L';
- buf[13] = 'D';
- disabled = true;
- } else if(!strncmp(buf, "-----END RSA", 12)) {
- buf[ 9] = 'O';
- buf[10] = 'L';
- buf[11] = 'D';
- disabled = true;
- }
- if(w && fputs(buf, w) < 0) {
- disabled = false;
- break;
- }
- }
- if(w) {
- fclose(w);
- }
- fclose(r);
- if(!w && disabled) {
- fprintf(stderr, "Warning: old key(s) found, remove them by hand!\n");
- return;
- }
- if(disabled) {
- #ifdef HAVE_MINGW
- // We cannot atomically replace files on Windows.
- char bakfile[PATH_MAX] = "";
- snprintf(bakfile, sizeof(bakfile), "%s.bak", filename);
- if(rename(filename, bakfile) || rename(tmpfile, filename)) {
- rename(bakfile, filename);
- #else
- if(rename(tmpfile, filename)) {
- #endif
- fprintf(stderr, "Warning: old key(s) found, remove them by hand!\n");
- } else {
- #ifdef HAVE_MINGW
- unlink(bakfile);
- #endif
- fprintf(stderr, "Warning: old key(s) found and disabled.\n");
- }
- }
- unlink(tmpfile);
- }
- FILE *ask_and_open(const char *filename, const char *what) {
- FILE *r;
- char directory[PATH_MAX];
- char line[PATH_MAX];
- char abspath[PATH_MAX];
- const char *fn;
- /* Check stdin and stdout */
- if(!isatty(0) || !isatty(1)) {
- /* Argh, they are running us from a script or something. Write
- the files to the current directory and let them burn in hell
- for ever. */
- fn = filename;
- } else {
- /* Ask for a file and/or directory name. */
- fprintf(stdout, "Please enter a file to save %s to [%s]: ",
- what, filename);
- fflush(stdout);
- fn = readline(stdin, line, sizeof(line));
- if(!fn) {
- fprintf(stderr, "Error while reading stdin: %s\n",
- strerror(errno));
- return NULL;
- }
- if(!strlen(fn))
- /* User just pressed enter. */
- {
- fn = filename;
- }
- }
- #ifdef HAVE_MINGW
- if(fn[0] != '\\' && fn[0] != '/' && !strchr(fn, ':')) {
- #else
- if(fn[0] != '/') {
- #endif
- /* The directory is a relative path or a filename. */
- getcwd(directory, sizeof(directory));
- if((size_t)snprintf(abspath, sizeof(abspath), "%s/%s", directory, fn) >= sizeof(abspath)) {
- fprintf(stderr, "Pathname too long: %s/%s\n", directory, fn);
- return NULL;
- }
- fn = abspath;
- }
- umask(0077); /* Disallow everything for group and other */
- disable_old_keys(fn);
- /* Open it first to keep the inode busy */
- r = fopen(fn, "a");
- if(!r) {
- fprintf(stderr, "Error opening file `%s': %s\n",
- fn, strerror(errno));
- return NULL;
- }
- return r;
- }
|