SecBSD
/
src
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
src/sbin/isakmpd/conf.c

1042 lines
28 KiB
C
Raw Permalink Blame History

/* $OpenBSD: conf.c,v 1.107 2017/10/27 08:29:32 mpi Exp $ */
/* $EOM: conf.c,v 1.48 2000/12/04 02:04:29 angelos Exp $ */
/*
* Copyright (c) 1998, 1999, 2000, 2001 Niklas Hallqvist. All rights reserved.
* Copyright (c) 2000, 2001, 2002 Håkan Olsson. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
/*
* This code was written under funding by Ericsson Radio Systems.
*/
#include <sys/types.h>
#include <sys/mman.h>
#include <sys/queue.h>
#include <sys/socket.h>
#include <sys/stat.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <ctype.h>
#include <fcntl.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include <errno.h>
#include "app.h"
#include "conf.h"
#include "log.h"
#include "monitor.h"
#include "util.h"
static char *conf_get_trans_str(int, char *, char *);
static void conf_load_defaults(int);
#if 0
static int conf_find_trans_xf(int, char *);
#endif
struct conf_trans {
TAILQ_ENTRY(conf_trans) link;
int trans;
enum conf_op {
CONF_SET, CONF_REMOVE, CONF_REMOVE_SECTION
} op;
char *section;
char *tag;
char *value;
int override;
int is_default;
};
#define CONF_SECT_MAX 256
TAILQ_HEAD(conf_trans_head, conf_trans) conf_trans_queue;
struct conf_binding {
LIST_ENTRY(conf_binding) link;
char *section;
char *tag;
char *value;
int is_default;
};
char *conf_path = CONFIG_FILE;
LIST_HEAD(conf_bindings, conf_binding) conf_bindings[256];
static char *conf_addr;
static __inline__ u_int8_t
conf_hash(char *s)
{
u_int8_t hash = 0;
while (*s) {
hash = ((hash << 1) | (hash >> 7)) ^ tolower((unsigned char)*s);
s++;
}
return hash;
}
/*
* Insert a tag-value combination from LINE (the equal sign is at POS)
*/
static int
conf_remove_now(char *section, char *tag)
{
struct conf_binding *cb, *next;
for (cb = LIST_FIRST(&conf_bindings[conf_hash(section)]); cb;
cb = next) {
next = LIST_NEXT(cb, link);
if (strcasecmp(cb->section, section) == 0 &&
strcasecmp(cb->tag, tag) == 0) {
LIST_REMOVE(cb, link);
LOG_DBG((LOG_MISC, 95, "[%s]:%s->%s removed", section,
tag, cb->value));
free(cb->section);
free(cb->tag);
free(cb->value);
free(cb);
return 0;
}
}
return 1;
}
static int
conf_remove_section_now(char *section)
{
struct conf_binding *cb, *next;
int unseen = 1;
for (cb = LIST_FIRST(&conf_bindings[conf_hash(section)]); cb;
cb = next) {
next = LIST_NEXT(cb, link);
if (strcasecmp(cb->section, section) == 0) {
unseen = 0;
LIST_REMOVE(cb, link);
LOG_DBG((LOG_MISC, 95, "[%s]:%s->%s removed", section,
cb->tag, cb->value));
free(cb->section);
free(cb->tag);
free(cb->value);
free(cb);
}
}
return unseen;
}
/*
* Insert a tag-value combination from LINE (the equal sign is at POS)
* into SECTION of our configuration database.
*/
static int
conf_set_now(char *section, char *tag, char *value, int override,
int is_default)
{
struct conf_binding *node = 0;
if (override)
conf_remove_now(section, tag);
else if (conf_get_str(section, tag)) {
if (!is_default)
log_print("conf_set_now: duplicate tag [%s]:%s, "
"ignoring...\n", section, tag);
return 1;
}
node = calloc(1, sizeof *node);
if (!node) {
log_error("conf_set_now: calloc (1, %lu) failed",
(unsigned long)sizeof *node);
return 1;
}
node->section = node->tag = node->value = NULL;
if ((node->section = strdup(section)) == NULL)
goto fail;
if ((node->tag = strdup(tag)) == NULL)
goto fail;
if ((node->value = strdup(value)) == NULL)
goto fail;
node->is_default = is_default;
LIST_INSERT_HEAD(&conf_bindings[conf_hash(section)], node, link);
LOG_DBG((LOG_MISC, 95, "conf_set_now: [%s]:%s->%s", node->section,
node->tag, node->value));
return 0;
fail:
free(node->value);
free(node->tag);
free(node->section);
free(node);
return 1;
}
/*
* Parse the line LINE of SZ bytes. Skip Comments, recognize section
* headers and feed tag-value pairs into our configuration database.
*/
static void
conf_parse_line(int trans, char *line, int ln, size_t sz)
{
char *val;
size_t i;
int j;
static char *section = 0;
/* Lines starting with '#' or ';' are comments. */
if (*line == '#' || *line == ';')
return;
/* '[section]' parsing... */
if (*line == '[') {
for (i = 1; i < sz; i++)
if (line[i] == ']')
break;
free(section);
if (i == sz) {
log_print("conf_parse_line: %d:"
"unmatched ']', ignoring until next section", ln);
section = 0;
return;
}
section = malloc(i);
if (!section) {
log_print("conf_parse_line: %d: malloc (%lu) failed",
ln, (unsigned long)i);
return;
}
strlcpy(section, line + 1, i);
return;
}
/* Deal with assignments. */
for (i = 0; i < sz; i++)
if (line[i] == '=') {
/* If no section, we are ignoring the lines. */
if (!section) {
log_print("conf_parse_line: %d: ignoring line "
"due to no section", ln);
return;
}
line[strcspn(line, " \t=")] = '\0';
val = line + i + 1 + strspn(line + i + 1, " \t");
/* Skip trailing whitespace, if any */
for (j = sz - (val - line) - 1; j > 0 &&
isspace((unsigned char)val[j]); j--)
val[j] = '\0';
/* XXX Perhaps should we not ignore errors? */
conf_set(trans, section, line, val, 0, 0);
return;
}
/* Other non-empty lines are weird. */
i = strspn(line, " \t");
if (line[i])
log_print("conf_parse_line: %d: syntax error", ln);
}
/* Parse the mapped configuration file. */
static void
conf_parse(int trans, char *buf, size_t sz)
{
char *cp = buf;
char *bufend = buf + sz;
char *line;
int ln = 1;
line = cp;
while (cp < bufend) {
if (*cp == '\n') {
/* Check for escaped newlines. */
if (cp > buf && *(cp - 1) == '\\')
*(cp - 1) = *cp = ' ';
else {
*cp = '\0';
conf_parse_line(trans, line, ln, cp - line);
line = cp + 1;
}
ln++;
}
cp++;
}
if (cp != line)
log_print("conf_parse: last line unterminated, ignored.");
}
/*
* Auto-generate default configuration values for the transforms and
* suites the user wants.
*
* Resulting section names can be:
* For main mode:
* {BLF,3DES,CAST,AES,AES-{128,192,256}-{MD5,SHA,SHA2-{256,384,512}} \
* [-GRP{1,2,5,14-21,25-30}][-{DSS,RSA_SIG}]
* For quick mode:
* QM-{proto}[-TRP]-{cipher}[-{hash}][-PFS[-{group}]]-SUITE
* where
* {proto} = ESP, AH
* {cipher} = 3DES, CAST, BLF, AES, AES-{128,192,256}, AESCTR
* {hash} = MD5, SHA, RIPEMD, SHA2-{256,384,512}
* {group} = GRP{1,2,5,14-21,25-30}
*
* DH group defaults to MODP_1024.
*
* XXX We may want to support USE_TRIPLEDES, etc...
* XXX No EC2N DH support here yet.
*/
/* Find the value for a section+tag in the transaction list. */
static char *
conf_get_trans_str(int trans, char *section, char *tag)
{
struct conf_trans *node, *nf = 0;
for (node = TAILQ_FIRST(&conf_trans_queue); node;
node = TAILQ_NEXT(node, link))
if (node->trans == trans && strcasecmp(section, node->section)
== 0 && strcasecmp(tag, node->tag) == 0) {
if (!nf)
nf = node;
else if (node->override)
nf = node;
}
return nf ? nf->value : 0;
}
#if 0
/* XXX Currently unused. */
static int
conf_find_trans_xf(int phase, char *xf)
{
struct conf_trans *node;
char *p;
/* Find the relevant transforms and suites, if any. */
for (node = TAILQ_FIRST(&conf_trans_queue); node;
node = TAILQ_NEXT(node, link))
if ((phase == 1 && strcmp("Transforms", node->tag) == 0) ||
(phase == 2 && strcmp("Suites", node->tag) == 0)) {
p = node->value;
while ((p = strstr(p, xf)) != NULL)
if (*(p + strlen(p)) &&
*(p + strlen(p)) != ',')
p += strlen(p);
else
return 1;
}
return 0;
}
#endif
static void
conf_load_defaults_mm(int tr, char *mme, char *mmh, char *mma, char *dhg,
char *mme_p, char *mma_p, char *dhg_p, char *mmh_p)
{
char sect[CONF_SECT_MAX];
snprintf(sect, sizeof sect, "%s%s%s%s", mme_p, mmh_p, dhg_p, mma_p);
LOG_DBG((LOG_MISC, 95, "conf_load_defaults_mm: main mode %s", sect));
conf_set(tr, sect, "ENCRYPTION_ALGORITHM", mme, 0, 1);
if (strcmp(mme, "BLOWFISH_CBC") == 0)
conf_set(tr, sect, "KEY_LENGTH", CONF_DFLT_VAL_BLF_KEYLEN, 0,
1);
else if (strcmp(mme_p, "AES-128") == 0)
conf_set(tr, sect, "KEY_LENGTH", "128,128:128", 0, 1);
else if (strcmp(mme_p, "AES-192") == 0)
conf_set(tr, sect, "KEY_LENGTH", "192,192:192", 0, 1);
else if (strcmp(mme_p, "AES-256") == 0)
conf_set(tr, sect, "KEY_LENGTH", "256,256:256", 0, 1);
else if (strcmp(mme, "AES_CBC") == 0)
conf_set(tr, sect, "KEY_LENGTH", CONF_DFLT_VAL_AES_KEYLEN, 0,
1);
conf_set(tr, sect, "HASH_ALGORITHM", mmh, 0, 1);
conf_set(tr, sect, "AUTHENTICATION_METHOD", mma, 0, 1);
conf_set(tr, sect, "GROUP_DESCRIPTION", dhg, 0, 1);
conf_set(tr, sect, "Life", CONF_DFLT_TAG_LIFE_MAIN_MODE, 0, 1);
}
static void
conf_load_defaults_qm(int tr, char *qme, char *qmh, char *dhg, char *qme_p,
char *qmh_p, char *qm_ah_id, char *dhg_p, int proto, int mode, int pfs)
{
char sect[CONF_SECT_MAX], tmp[CONF_SECT_MAX];
/* Helper #defines, incl abbreviations. */
#define PROTO(x) ((x) ? "AH" : "ESP")
#define PFS(x) ((x) ? "-PFS" : "")
#define MODE(x) ((x) ? "TRANSPORT" : "TUNNEL")
#define MODE_p(x) ((x) ? "-TRP" : "")
/* For AH a hash must be present and no encryption is allowed */
if (proto == 1 && (strcmp(qmh, "NONE") == 0 ||
strcmp(qme, "NONE") != 0))
return;
/* For ESP encryption must be provided, an empty hash is ok. */
if (proto == 0 && strcmp(qme, "NONE") == 0)
return;
/* When PFS is disabled no DH group must be specified. */
if (pfs == 0 && strcmp(dhg_p, ""))
return;
/* For GCM no additional authentication must be specified */
if (proto == 0 && strcmp(qmh, "NONE") != 0 &&
(strcmp(qme, "AES_GCM_16") == 0 || strcmp(qme, "AES_GMAC") == 0))
return;
snprintf(tmp, sizeof tmp, "QM-%s%s%s%s%s%s", PROTO(proto),
MODE_p(mode), qme_p, qmh_p, PFS(pfs), dhg_p);
strlcpy(sect, tmp, CONF_SECT_MAX);
strlcat(sect, "-SUITE", CONF_SECT_MAX);
LOG_DBG((LOG_MISC, 95, "conf_load_defaults_qm: quick mode %s", sect));
conf_set(tr, sect, "Protocols", tmp, 0, 1);
snprintf(sect, sizeof sect, "IPSEC_%s", PROTO(proto));
conf_set(tr, tmp, "PROTOCOL_ID", sect, 0, 1);
strlcpy(sect, tmp, CONF_SECT_MAX);
strlcat(sect, "-XF", CONF_SECT_MAX);
conf_set(tr, tmp, "Transforms", sect, 0, 1);
/*
* XXX For now, defaults
* contain one xf per protocol.
*/
if (proto == 0)
conf_set(tr, sect, "TRANSFORM_ID", qme, 0, 1);
else
conf_set(tr, sect, "TRANSFORM_ID", qm_ah_id, 0, 1);
if (strcmp(qme ,"BLOWFISH") == 0)
conf_set(tr, sect, "KEY_LENGTH", CONF_DFLT_VAL_BLF_KEYLEN, 0,
1);
else if (strcmp(qme_p, "-AES-128") == 0 ||
strcmp(qme_p, "-AESCTR-128") == 0 ||
strcmp(qme_p, "-AESGCM-128") == 0 ||
strcmp(qme_p, "-AESGMAC-128") == 0)
conf_set(tr, sect, "KEY_LENGTH", "128,128:128", 0, 1);
else if (strcmp(qme_p, "-AES-192") == 0 ||
strcmp(qme_p, "-AESCTR-192") == 0 ||
strcmp(qme_p, "-AESGCM-192") == 0 ||
strcmp(qme_p, "-AESGMAC-192") == 0)
conf_set(tr, sect, "KEY_LENGTH", "192,192:192", 0, 1);
else if (strcmp(qme_p, "-AES-256") == 0 ||
strcmp(qme_p, "-AESCTR-256") == 0 ||
strcmp(qme_p, "-AESGCM-256") == 0 ||
strcmp(qme_p, "-AESGMAC-256") == 0)
conf_set(tr, sect, "KEY_LENGTH", "256,256:256", 0, 1);
else if (strcmp(qme, "AES") == 0)
conf_set(tr, sect, "KEY_LENGTH", CONF_DFLT_VAL_AES_KEYLEN, 0,
1);
conf_set(tr, sect, "ENCAPSULATION_MODE", MODE(mode), 0, 1);
if (strcmp(qmh, "NONE")) {
conf_set(tr, sect, "AUTHENTICATION_ALGORITHM", qmh, 0, 1);
/* XXX Another shortcut to keep length down */
if (pfs)
conf_set(tr, sect, "GROUP_DESCRIPTION", dhg, 0, 1);
}
/* XXX Lifetimes depending on enc/auth strength? */
conf_set(tr, sect, "Life", CONF_DFLT_TAG_LIFE_QUICK_MODE, 0, 1);
}
static void
conf_load_defaults(int tr)
{
int enc, auth, hash, group, proto, mode, pfs;
char *dflt;
char *mm_auth[] = {"PRE_SHARED", "DSS", "RSA_SIG", 0};
char *mm_auth_p[] = {"", "-DSS", "-RSA_SIG", 0};
char *mm_hash[] = {"MD5", "SHA", "SHA2_256", "SHA2_384", "SHA2_512",
0};
char *mm_hash_p[] = {"-MD5", "-SHA", "-SHA2-256", "-SHA2-384",
"-SHA2-512", "", 0 };
char *mm_enc[] = {"BLOWFISH_CBC", "3DES_CBC", "CAST_CBC",
"AES_CBC", "AES_CBC", "AES_CBC", "AES_CBC", 0};
char *mm_enc_p[] = {"BLF", "3DES", "CAST", "AES", "AES-128",
"AES-192", "AES-256", 0};
char *dhgroup[] = {"MODP_1024", "MODP_768", "MODP_1024",
"MODP_1536", "MODP_2048", "MODP_3072", "MODP_4096",
"MODP_6144", "MODP_8192",
"ECP_256", "ECP_384", "ECP_521", "ECP_192", "ECP_224",
"BP_224", "BP_256", "BP_384", "BP_512", 0};
char *dhgroup_p[] = {"", "-GRP1", "-GRP2", "-GRP5", "-GRP14",
"-GRP15", "-GRP16", "-GRP17", "-GRP18", "-GRP19", "-GRP20",
"-GRP21", "-GRP25", "-GRP26", "-GRP27", "-GRP28", "-GRP29",
"-GRP30", 0};
char *qm_enc[] = {"3DES", "CAST", "BLOWFISH", "AES",
"AES", "AES", "AES", "AES_CTR", "AES_CTR", "AES_CTR",
"AES_CTR", "AES_GCM_16",
"AES_GCM_16", "AES_GCM_16", "AES_GMAC", "AES_GMAC",
"AES_GMAC", "NULL", "NONE", 0};
char *qm_enc_p[] = {"-3DES", "-CAST", "-BLF", "-AES",
"-AES-128", "-AES-192", "-AES-256", "-AESCTR",
"-AESCTR-128", "-AESCTR-192", "-AESCTR-256",
"-AESGCM-128", "-AESGCM-192", "-AESGCM-256",
"-AESGMAC-128", "-AESGMAC-192", "-AESGMAC-256", "-NULL",
"", 0};
char *qm_hash[] = {"HMAC_MD5", "HMAC_SHA", "HMAC_RIPEMD",
"HMAC_SHA2_256", "HMAC_SHA2_384", "HMAC_SHA2_512", "NONE",
0};
char *qm_hash_p[] = {"-MD5", "-SHA", "-RIPEMD", "-SHA2-256",
"-SHA2-384", "-SHA2-512", "", 0};
char *qm_ah_id[] = {"MD5", "SHA", "RIPEMD", "SHA2_256", "SHA2_384",
"SHA2_512", "", 0};
/* General and X509 defaults */
conf_set(tr, "General", "Retransmits", CONF_DFLT_RETRANSMITS, 0, 1);
conf_set(tr, "General", "Exchange-max-time", CONF_DFLT_EXCH_MAX_TIME,
0, 1);
conf_set(tr, "General", "Use-Keynote", CONF_DFLT_USE_KEYNOTE, 0, 1);
conf_set(tr, "General", "Policy-file", CONF_DFLT_POLICY_FILE, 0, 1);
conf_set(tr, "General", "Pubkey-directory", CONF_DFLT_PUBKEY_DIR, 0,
1);
conf_set(tr, "X509-certificates", "CA-directory",
CONF_DFLT_X509_CA_DIR, 0, 1);
conf_set(tr, "X509-certificates", "Cert-directory",
CONF_DFLT_X509_CERT_DIR, 0, 1);
conf_set(tr, "X509-certificates", "Private-key",
CONF_DFLT_X509_PRIVATE_KEY, 0, 1);
conf_set(tr, "X509-certificates", "Private-key-directory",
CONF_DFLT_X509_PRIVATE_KEY_DIR, 0, 1);
conf_set(tr, "X509-certificates", "CRL-directory",
CONF_DFLT_X509_CRL_DIR, 0, 1);
conf_set(tr, "KeyNote", "Credential-directory",
CONF_DFLT_KEYNOTE_CRED_DIR, 0, 1);
conf_set(tr, "General", "Delete-SAs", CONF_DFLT_DELETE_SAS, 0, 1);
/* Lifetimes. XXX p1/p2 vs main/quick mode may be unclear. */
dflt = conf_get_trans_str(tr, "General", "Default-phase-1-lifetime");
conf_set(tr, CONF_DFLT_TAG_LIFE_MAIN_MODE, "LIFE_TYPE",
CONF_DFLT_TYPE_LIFE_MAIN_MODE, 0, 1);
conf_set(tr, CONF_DFLT_TAG_LIFE_MAIN_MODE, "LIFE_DURATION",
(dflt ? dflt : CONF_DFLT_VAL_LIFE_MAIN_MODE), 0, 1);
dflt = conf_get_trans_str(tr, "General", "Default-phase-2-lifetime");
conf_set(tr, CONF_DFLT_TAG_LIFE_QUICK_MODE, "LIFE_TYPE",
CONF_DFLT_TYPE_LIFE_QUICK_MODE, 0, 1);
conf_set(tr, CONF_DFLT_TAG_LIFE_QUICK_MODE, "LIFE_DURATION",
(dflt ? dflt : CONF_DFLT_VAL_LIFE_QUICK_MODE), 0, 1);
/* Default Phase-1 Configuration section */
conf_set(tr, CONF_DFLT_TAG_PHASE1_CONFIG, "EXCHANGE_TYPE",
CONF_DFLT_PHASE1_EXCH_TYPE, 0, 1);
conf_set(tr, CONF_DFLT_TAG_PHASE1_CONFIG, "Transforms",
CONF_DFLT_PHASE1_TRANSFORMS, 0, 1);
/* Main modes */
for (enc = 0; mm_enc[enc]; enc++)
for (hash = 0; mm_hash[hash]; hash++)
for (auth = 0; mm_auth[auth]; auth++)
for (group = 0; dhgroup_p[group]; group++)
conf_load_defaults_mm (tr, mm_enc[enc],
mm_hash[hash], mm_auth[auth],
dhgroup[group], mm_enc_p[enc],
mm_auth_p[auth], dhgroup_p[group],
mm_hash_p[hash]);
/* Setup a default Phase 1 entry */
conf_set(tr, "Phase 1", "Default", "Default-phase-1", 0, 1);
conf_set(tr, "Default-phase-1", "Phase", "1", 0, 1);
conf_set(tr, "Default-phase-1", "Configuration",
"Default-phase-1-configuration", 0, 1);
dflt = conf_get_trans_str(tr, "General", "Default-phase-1-ID");
if (dflt)
conf_set(tr, "Default-phase-1", "ID", dflt, 0, 1);
/* Quick modes */
for (enc = 0; qm_enc[enc]; enc++)
for (proto = 0; proto < 2; proto++)
for (mode = 0; mode < 2; mode++)
for (pfs = 0; pfs < 2; pfs++)
for (hash = 0; qm_hash[hash]; hash++)
for (group = 0;
dhgroup_p[group]; group++)
conf_load_defaults_qm(
tr, qm_enc[enc],
qm_hash[hash],
dhgroup[group],
qm_enc_p[enc],
qm_hash_p[hash],
qm_ah_id[hash],
dhgroup_p[group],
proto, mode, pfs);
}
void
conf_init(void)
{
unsigned int i;
for (i = 0; i < sizeof conf_bindings / sizeof conf_bindings[0]; i++)
LIST_INIT(&conf_bindings[i]);
TAILQ_INIT(&conf_trans_queue);
conf_reinit();
}
/* Open the config file and map it into our address space, then parse it. */
void
conf_reinit(void)
{
struct conf_binding *cb = 0;
int fd, trans;
unsigned int i;
size_t sz;
char *new_conf_addr = 0;
fd = monitor_open(conf_path, O_RDONLY, 0);
if (fd == -1 || check_file_secrecy_fd(fd, conf_path, &sz) == -1) {
if (fd == -1 && errno != ENOENT)
log_error("conf_reinit: open(\"%s\", O_RDONLY, 0) "
"failed", conf_path);
if (fd != -1)
close(fd);
trans = conf_begin();
} else {
new_conf_addr = malloc(sz);
if (!new_conf_addr) {
log_error("conf_reinit: malloc (%lu) failed",
(unsigned long)sz);
goto fail;
}
/* XXX I assume short reads won't happen here. */
if (read(fd, new_conf_addr, sz) != (int)sz) {
log_error("conf_reinit: read (%d, %p, %lu) failed",
fd, new_conf_addr, (unsigned long)sz);
goto fail;
}
close(fd);
trans = conf_begin();
/* XXX Should we not care about errors and rollback? */
conf_parse(trans, new_conf_addr, sz);
}
/* Load default configuration values. */
conf_load_defaults(trans);
/* Free potential existing configuration. */
if (conf_addr) {
for (i = 0; i < sizeof conf_bindings / sizeof conf_bindings[0];
i++)
for (cb = LIST_FIRST(&conf_bindings[i]); cb;
cb = LIST_FIRST(&conf_bindings[i]))
conf_remove_now(cb->section, cb->tag);
free(conf_addr);
}
conf_end(trans, 1);
conf_addr = new_conf_addr;
return;
fail:
free(new_conf_addr);
close(fd);
}
/*
* Return the numeric value denoted by TAG in section SECTION or DEF
* if that tag does not exist.
*/
int
conf_get_num(char *section, char *tag, int def)
{
char *value = conf_get_str(section, tag);
if (value)
return atoi(value);
return def;
}
/*
* Return the socket endpoint address denoted by TAG in SECTION as a
* struct sockaddr. It is the callers responsibility to deallocate
* this structure when it is finished with it.
*/
struct sockaddr *
conf_get_address(char *section, char *tag)
{
char *value = conf_get_str(section, tag);
struct sockaddr *sa;
if (!value)
return 0;
if (text2sockaddr(value, 0, &sa, 0, 0) == -1)
return 0;
return sa;
}
/* Validate X according to the range denoted by TAG in section SECTION. */
int
conf_match_num(char *section, char *tag, int x)
{
char *value = conf_get_str(section, tag);
int val, min, max, n;
if (!value)
return 0;
n = sscanf(value, "%d,%d:%d", &val, &min, &max);
switch (n) {
case 1:
LOG_DBG((LOG_MISC, 95, "conf_match_num: %s:%s %d==%d?",
section, tag, val, x));
return x == val;
case 3:
LOG_DBG((LOG_MISC, 95, "conf_match_num: %s:%s %d<=%d<=%d?",
section, tag, min, x, max));
return min <= x && max >= x;
default:
log_error("conf_match_num: section %s tag %s: invalid number "
"spec %s", section, tag, value);
}
return 0;
}
/* Return the string value denoted by TAG in section SECTION. */
char *
conf_get_str(char *section, char *tag)
{
struct conf_binding *cb;
for (cb = LIST_FIRST(&conf_bindings[conf_hash(section)]); cb;
cb = LIST_NEXT(cb, link))
if (strcasecmp(section, cb->section) == 0 &&
strcasecmp(tag, cb->tag) == 0) {
LOG_DBG((LOG_MISC, 95, "conf_get_str: [%s]:%s->%s",
section, tag, cb->value));
return cb->value;
}
LOG_DBG((LOG_MISC, 95,
"conf_get_str: configuration value not found [%s]:%s", section,
tag));
return 0;
}
/*
* Build a list of string values out of the comma separated value denoted by
* TAG in SECTION.
*/
struct conf_list *
conf_get_list(char *section, char *tag)
{
char *liststr = 0, *p, *field, *t;
struct conf_list *list = 0;
struct conf_list_node *node = 0;
list = malloc(sizeof *list);
if (!list)
goto cleanup;
TAILQ_INIT(&list->fields);
list->cnt = 0;
liststr = conf_get_str(section, tag);
if (!liststr)
goto cleanup;
liststr = strdup(liststr);
if (!liststr)
goto cleanup;
p = liststr;
while ((field = strsep(&p, ",")) != NULL) {
/* Skip leading whitespace */
while (isspace((unsigned char)*field))
field++;
/* Skip trailing whitespace */
if (p)
for (t = p - 1; t > field && isspace((unsigned char)*t); t--)
*t = '\0';
if (*field == '\0') {
log_print("conf_get_list: empty field, ignoring...");
continue;
}
list->cnt++;
node = calloc(1, sizeof *node);
if (!node)
goto cleanup;
node->field = strdup(field);
if (!node->field)
goto cleanup;
TAILQ_INSERT_TAIL(&list->fields, node, link);
}
free(liststr);
return list;
cleanup:
free(node);
if (list)
conf_free_list(list);
free(liststr);
return 0;
}
struct conf_list *
conf_get_tag_list(char *section)
{
struct conf_list *list = 0;
struct conf_list_node *node = 0;
struct conf_binding *cb;
list = malloc(sizeof *list);
if (!list)
goto cleanup;
TAILQ_INIT(&list->fields);
list->cnt = 0;
for (cb = LIST_FIRST(&conf_bindings[conf_hash(section)]); cb;
cb = LIST_NEXT(cb, link))
if (strcasecmp(section, cb->section) == 0) {
list->cnt++;
node = calloc(1, sizeof *node);
if (!node)
goto cleanup;
node->field = strdup(cb->tag);
if (!node->field)
goto cleanup;
TAILQ_INSERT_TAIL(&list->fields, node, link);
}
return list;
cleanup:
free(node);
if (list)
conf_free_list(list);
return 0;
}
void
conf_free_list(struct conf_list *list)
{
struct conf_list_node *node = TAILQ_FIRST(&list->fields);
while (node) {
TAILQ_REMOVE(&list->fields, node, link);
free(node->field);
free(node);
node = TAILQ_FIRST(&list->fields);
}
free(list);
}
int
conf_begin(void)
{
static int seq = 0;
return ++seq;
}
static int
conf_trans_node(int transaction, enum conf_op op, char *section, char *tag,
char *value, int override, int is_default)
{
struct conf_trans *node;
node = calloc(1, sizeof *node);
if (!node) {
log_error("conf_trans_node: calloc (1, %lu) failed",
(unsigned long)sizeof *node);
return 1;
}
node->trans = transaction;
node->op = op;
node->override = override;
node->is_default = is_default;
if (section && (node->section = strdup(section)) == NULL)
goto fail;
if (tag && (node->tag = strdup(tag)) == NULL)
goto fail;
if (value && (node->value = strdup(value)) == NULL)
goto fail;
TAILQ_INSERT_TAIL(&conf_trans_queue, node, link);
return 0;
fail:
free(node->section);
free(node->tag);
free(node->value);
free(node);
return 1;
}
/* Queue a set operation. */
int
conf_set(int transaction, char *section, char *tag, char *value, int override,
int is_default)
{
return conf_trans_node(transaction, CONF_SET, section, tag, value,
override, is_default);
}
/* Queue a remove operation. */
int
conf_remove(int transaction, char *section, char *tag)
{
return conf_trans_node(transaction, CONF_REMOVE, section, tag, NULL,
0, 0);
}
/* Queue a remove section operation. */
int
conf_remove_section(int transaction, char *section)
{
return conf_trans_node(transaction, CONF_REMOVE_SECTION, section, NULL,
NULL, 0, 0);
}
/* Execute all queued operations for this transaction. Cleanup. */
int
conf_end(int transaction, int commit)
{
struct conf_trans *node, *next;
for (node = TAILQ_FIRST(&conf_trans_queue); node; node = next) {
next = TAILQ_NEXT(node, link);
if (node->trans == transaction) {
if (commit)
switch (node->op) {
case CONF_SET:
conf_set_now(node->section, node->tag,
node->value, node->override,
node->is_default);
break;
case CONF_REMOVE:
conf_remove_now(node->section,
node->tag);
break;
case CONF_REMOVE_SECTION:
conf_remove_section_now(node->section);
break;
default:
log_print("conf_end: unknown "
"operation: %d", node->op);
}
TAILQ_REMOVE(&conf_trans_queue, node, link);
free(node->section);
free(node->tag);
free(node->value);
free(node);
}
}
return 0;
}
/*
* Dump running configuration upon SIGUSR1.
* Configuration is "stored in reverse order", so reverse it again.
*/
struct dumper {
char *s, *v;
struct dumper *next;
};
static void
conf_report_dump(struct dumper *node)
{
/* Recursive, cleanup when we're done. */
if (node->next)
conf_report_dump(node->next);
if (node->v)
LOG_DBG((LOG_REPORT, 0, "%s=\t%s", node->s, node->v));
else if (node->s) {
LOG_DBG((LOG_REPORT, 0, "%s", node->s));
if (strlen(node->s) > 0)
free(node->s);
}
free(node);
}
void
conf_report(void)
{
struct conf_binding *cb, *last = 0;
unsigned int i;
char *current_section = NULL;
struct dumper *dumper, *dnode;
dumper = dnode = calloc(1, sizeof *dumper);
if (!dumper)
goto mem_fail;
LOG_DBG((LOG_REPORT, 0, "conf_report: dumping running configuration"));
for (i = 0; i < sizeof conf_bindings / sizeof conf_bindings[0]; i++)
for (cb = LIST_FIRST(&conf_bindings[i]); cb;
cb = LIST_NEXT(cb, link)) {
if (!cb->is_default) {
/* Dump this entry. */
if (!current_section || strcmp(cb->section,
current_section)) {
if (current_section) {
if (asprintf(&dnode->s, "[%s]",
current_section) == -1)
goto mem_fail;
dnode->next = calloc(1,
sizeof(struct dumper));
dnode = dnode->next;
if (!dnode)
goto mem_fail;
dnode->s = "";
dnode->next = calloc(1,
sizeof(struct dumper));
dnode = dnode->next;
if (!dnode)
goto mem_fail;
}
current_section = cb->section;
}
dnode->s = cb->tag;
dnode->v = cb->value;
dnode->next = calloc(1, sizeof(struct dumper));
dnode = dnode->next;
if (!dnode)
goto mem_fail;
last = cb;
}
}
if (last)
if (asprintf(&dnode->s, "[%s]", last->section) == -1)
goto mem_fail;
conf_report_dump(dumper);
return;
mem_fail:
log_error("conf_report: malloc/calloc failed");
while ((dnode = dumper) != 0) {
dumper = dumper->next;
free(dnode->s);
free(dnode);
}
}
Reference in New Issue View Git Blame Copy Permalink