1 |
|
|
/* $OpenBSD: conf.c,v 1.107 2017/10/27 08:29:32 mpi Exp $ */ |
2 |
|
|
/* $EOM: conf.c,v 1.48 2000/12/04 02:04:29 angelos Exp $ */ |
3 |
|
|
|
4 |
|
|
/* |
5 |
|
|
* Copyright (c) 1998, 1999, 2000, 2001 Niklas Hallqvist. All rights reserved. |
6 |
|
|
* Copyright (c) 2000, 2001, 2002 Håkan Olsson. All rights reserved. |
7 |
|
|
* |
8 |
|
|
* Redistribution and use in source and binary forms, with or without |
9 |
|
|
* modification, are permitted provided that the following conditions |
10 |
|
|
* are met: |
11 |
|
|
* 1. Redistributions of source code must retain the above copyright |
12 |
|
|
* notice, this list of conditions and the following disclaimer. |
13 |
|
|
* 2. Redistributions in binary form must reproduce the above copyright |
14 |
|
|
* notice, this list of conditions and the following disclaimer in the |
15 |
|
|
* documentation and/or other materials provided with the distribution. |
16 |
|
|
* |
17 |
|
|
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR |
18 |
|
|
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES |
19 |
|
|
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. |
20 |
|
|
* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, |
21 |
|
|
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT |
22 |
|
|
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, |
23 |
|
|
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY |
24 |
|
|
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT |
25 |
|
|
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
26 |
|
|
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
27 |
|
|
*/ |
28 |
|
|
|
29 |
|
|
/* |
30 |
|
|
* This code was written under funding by Ericsson Radio Systems. |
31 |
|
|
*/ |
32 |
|
|
|
33 |
|
|
#include <sys/types.h> |
34 |
|
|
#include <sys/mman.h> |
35 |
|
|
#include <sys/queue.h> |
36 |
|
|
#include <sys/socket.h> |
37 |
|
|
#include <sys/stat.h> |
38 |
|
|
#include <netinet/in.h> |
39 |
|
|
#include <arpa/inet.h> |
40 |
|
|
#include <ctype.h> |
41 |
|
|
#include <fcntl.h> |
42 |
|
|
#include <stdio.h> |
43 |
|
|
#include <stdlib.h> |
44 |
|
|
#include <string.h> |
45 |
|
|
#include <unistd.h> |
46 |
|
|
#include <errno.h> |
47 |
|
|
|
48 |
|
|
#include "app.h" |
49 |
|
|
#include "conf.h" |
50 |
|
|
#include "log.h" |
51 |
|
|
#include "monitor.h" |
52 |
|
|
#include "util.h" |
53 |
|
|
|
54 |
|
|
static char *conf_get_trans_str(int, char *, char *); |
55 |
|
|
static void conf_load_defaults(int); |
56 |
|
|
#if 0 |
57 |
|
|
static int conf_find_trans_xf(int, char *); |
58 |
|
|
#endif |
59 |
|
|
|
60 |
|
|
struct conf_trans { |
61 |
|
|
TAILQ_ENTRY(conf_trans) link; |
62 |
|
|
int trans; |
63 |
|
|
enum conf_op { |
64 |
|
|
CONF_SET, CONF_REMOVE, CONF_REMOVE_SECTION |
65 |
|
|
} op; |
66 |
|
|
char *section; |
67 |
|
|
char *tag; |
68 |
|
|
char *value; |
69 |
|
|
int override; |
70 |
|
|
int is_default; |
71 |
|
|
}; |
72 |
|
|
|
73 |
|
|
#define CONF_SECT_MAX 256 |
74 |
|
|
|
75 |
|
|
TAILQ_HEAD(conf_trans_head, conf_trans) conf_trans_queue; |
76 |
|
|
|
77 |
|
|
struct conf_binding { |
78 |
|
|
LIST_ENTRY(conf_binding) link; |
79 |
|
|
char *section; |
80 |
|
|
char *tag; |
81 |
|
|
char *value; |
82 |
|
|
int is_default; |
83 |
|
|
}; |
84 |
|
|
|
85 |
|
|
char *conf_path = CONFIG_FILE; |
86 |
|
|
LIST_HEAD(conf_bindings, conf_binding) conf_bindings[256]; |
87 |
|
|
|
88 |
|
|
static char *conf_addr; |
89 |
|
|
static __inline__ u_int8_t |
90 |
|
|
conf_hash(char *s) |
91 |
|
|
{ |
92 |
|
|
u_int8_t hash = 0; |
93 |
|
|
|
94 |
|
|
while (*s) { |
95 |
|
|
hash = ((hash << 1) | (hash >> 7)) ^ tolower((unsigned char)*s); |
96 |
|
|
s++; |
97 |
|
|
} |
98 |
|
|
return hash; |
99 |
|
|
} |
100 |
|
|
|
101 |
|
|
/* |
102 |
|
|
* Insert a tag-value combination from LINE (the equal sign is at POS) |
103 |
|
|
*/ |
104 |
|
|
static int |
105 |
|
|
conf_remove_now(char *section, char *tag) |
106 |
|
|
{ |
107 |
|
|
struct conf_binding *cb, *next; |
108 |
|
|
|
109 |
|
|
for (cb = LIST_FIRST(&conf_bindings[conf_hash(section)]); cb; |
110 |
|
|
cb = next) { |
111 |
|
|
next = LIST_NEXT(cb, link); |
112 |
|
|
if (strcasecmp(cb->section, section) == 0 && |
113 |
|
|
strcasecmp(cb->tag, tag) == 0) { |
114 |
|
|
LIST_REMOVE(cb, link); |
115 |
|
|
LOG_DBG((LOG_MISC, 95, "[%s]:%s->%s removed", section, |
116 |
|
|
tag, cb->value)); |
117 |
|
|
free(cb->section); |
118 |
|
|
free(cb->tag); |
119 |
|
|
free(cb->value); |
120 |
|
|
free(cb); |
121 |
|
|
return 0; |
122 |
|
|
} |
123 |
|
|
} |
124 |
|
|
return 1; |
125 |
|
|
} |
126 |
|
|
|
127 |
|
|
static int |
128 |
|
|
conf_remove_section_now(char *section) |
129 |
|
|
{ |
130 |
|
|
struct conf_binding *cb, *next; |
131 |
|
|
int unseen = 1; |
132 |
|
|
|
133 |
|
|
for (cb = LIST_FIRST(&conf_bindings[conf_hash(section)]); cb; |
134 |
|
|
cb = next) { |
135 |
|
|
next = LIST_NEXT(cb, link); |
136 |
|
|
if (strcasecmp(cb->section, section) == 0) { |
137 |
|
|
unseen = 0; |
138 |
|
|
LIST_REMOVE(cb, link); |
139 |
|
|
LOG_DBG((LOG_MISC, 95, "[%s]:%s->%s removed", section, |
140 |
|
|
cb->tag, cb->value)); |
141 |
|
|
free(cb->section); |
142 |
|
|
free(cb->tag); |
143 |
|
|
free(cb->value); |
144 |
|
|
free(cb); |
145 |
|
|
} |
146 |
|
|
} |
147 |
|
|
return unseen; |
148 |
|
|
} |
149 |
|
|
|
150 |
|
|
/* |
151 |
|
|
* Insert a tag-value combination from LINE (the equal sign is at POS) |
152 |
|
|
* into SECTION of our configuration database. |
153 |
|
|
*/ |
154 |
|
|
static int |
155 |
|
|
conf_set_now(char *section, char *tag, char *value, int override, |
156 |
|
|
int is_default) |
157 |
|
|
{ |
158 |
|
|
struct conf_binding *node = 0; |
159 |
|
|
|
160 |
|
|
if (override) |
161 |
|
|
conf_remove_now(section, tag); |
162 |
|
|
else if (conf_get_str(section, tag)) { |
163 |
|
|
if (!is_default) |
164 |
|
|
log_print("conf_set_now: duplicate tag [%s]:%s, " |
165 |
|
|
"ignoring...\n", section, tag); |
166 |
|
|
return 1; |
167 |
|
|
} |
168 |
|
|
node = calloc(1, sizeof *node); |
169 |
|
|
if (!node) { |
170 |
|
|
log_error("conf_set_now: calloc (1, %lu) failed", |
171 |
|
|
(unsigned long)sizeof *node); |
172 |
|
|
return 1; |
173 |
|
|
} |
174 |
|
|
node->section = node->tag = node->value = NULL; |
175 |
|
|
if ((node->section = strdup(section)) == NULL) |
176 |
|
|
goto fail; |
177 |
|
|
if ((node->tag = strdup(tag)) == NULL) |
178 |
|
|
goto fail; |
179 |
|
|
if ((node->value = strdup(value)) == NULL) |
180 |
|
|
goto fail; |
181 |
|
|
node->is_default = is_default; |
182 |
|
|
|
183 |
|
|
LIST_INSERT_HEAD(&conf_bindings[conf_hash(section)], node, link); |
184 |
|
|
LOG_DBG((LOG_MISC, 95, "conf_set_now: [%s]:%s->%s", node->section, |
185 |
|
|
node->tag, node->value)); |
186 |
|
|
return 0; |
187 |
|
|
fail: |
188 |
|
|
free(node->value); |
189 |
|
|
free(node->tag); |
190 |
|
|
free(node->section); |
191 |
|
|
free(node); |
192 |
|
|
return 1; |
193 |
|
|
} |
194 |
|
|
|
195 |
|
|
/* |
196 |
|
|
* Parse the line LINE of SZ bytes. Skip Comments, recognize section |
197 |
|
|
* headers and feed tag-value pairs into our configuration database. |
198 |
|
|
*/ |
199 |
|
|
static void |
200 |
|
|
conf_parse_line(int trans, char *line, int ln, size_t sz) |
201 |
|
|
{ |
202 |
|
|
char *val; |
203 |
|
|
size_t i; |
204 |
|
|
int j; |
205 |
|
|
static char *section = 0; |
206 |
|
|
|
207 |
|
|
/* Lines starting with '#' or ';' are comments. */ |
208 |
|
|
if (*line == '#' || *line == ';') |
209 |
|
|
return; |
210 |
|
|
|
211 |
|
|
/* '[section]' parsing... */ |
212 |
|
|
if (*line == '[') { |
213 |
|
|
for (i = 1; i < sz; i++) |
214 |
|
|
if (line[i] == ']') |
215 |
|
|
break; |
216 |
|
|
free(section); |
217 |
|
|
if (i == sz) { |
218 |
|
|
log_print("conf_parse_line: %d:" |
219 |
|
|
"unmatched ']', ignoring until next section", ln); |
220 |
|
|
section = 0; |
221 |
|
|
return; |
222 |
|
|
} |
223 |
|
|
section = malloc(i); |
224 |
|
|
if (!section) { |
225 |
|
|
log_print("conf_parse_line: %d: malloc (%lu) failed", |
226 |
|
|
ln, (unsigned long)i); |
227 |
|
|
return; |
228 |
|
|
} |
229 |
|
|
strlcpy(section, line + 1, i); |
230 |
|
|
return; |
231 |
|
|
} |
232 |
|
|
/* Deal with assignments. */ |
233 |
|
|
for (i = 0; i < sz; i++) |
234 |
|
|
if (line[i] == '=') { |
235 |
|
|
/* If no section, we are ignoring the lines. */ |
236 |
|
|
if (!section) { |
237 |
|
|
log_print("conf_parse_line: %d: ignoring line " |
238 |
|
|
"due to no section", ln); |
239 |
|
|
return; |
240 |
|
|
} |
241 |
|
|
line[strcspn(line, " \t=")] = '\0'; |
242 |
|
|
val = line + i + 1 + strspn(line + i + 1, " \t"); |
243 |
|
|
/* Skip trailing whitespace, if any */ |
244 |
|
|
for (j = sz - (val - line) - 1; j > 0 && |
245 |
|
|
isspace((unsigned char)val[j]); j--) |
246 |
|
|
val[j] = '\0'; |
247 |
|
|
/* XXX Perhaps should we not ignore errors? */ |
248 |
|
|
conf_set(trans, section, line, val, 0, 0); |
249 |
|
|
return; |
250 |
|
|
} |
251 |
|
|
/* Other non-empty lines are weird. */ |
252 |
|
|
i = strspn(line, " \t"); |
253 |
|
|
if (line[i]) |
254 |
|
|
log_print("conf_parse_line: %d: syntax error", ln); |
255 |
|
|
} |
256 |
|
|
|
257 |
|
|
/* Parse the mapped configuration file. */ |
258 |
|
|
static void |
259 |
|
|
conf_parse(int trans, char *buf, size_t sz) |
260 |
|
|
{ |
261 |
|
|
char *cp = buf; |
262 |
|
|
char *bufend = buf + sz; |
263 |
|
|
char *line; |
264 |
|
|
int ln = 1; |
265 |
|
|
|
266 |
|
|
line = cp; |
267 |
|
|
while (cp < bufend) { |
268 |
|
|
if (*cp == '\n') { |
269 |
|
|
/* Check for escaped newlines. */ |
270 |
|
|
if (cp > buf && *(cp - 1) == '\\') |
271 |
|
|
*(cp - 1) = *cp = ' '; |
272 |
|
|
else { |
273 |
|
|
*cp = '\0'; |
274 |
|
|
conf_parse_line(trans, line, ln, cp - line); |
275 |
|
|
line = cp + 1; |
276 |
|
|
} |
277 |
|
|
ln++; |
278 |
|
|
} |
279 |
|
|
cp++; |
280 |
|
|
} |
281 |
|
|
if (cp != line) |
282 |
|
|
log_print("conf_parse: last line unterminated, ignored."); |
283 |
|
|
} |
284 |
|
|
|
285 |
|
|
/* |
286 |
|
|
* Auto-generate default configuration values for the transforms and |
287 |
|
|
* suites the user wants. |
288 |
|
|
* |
289 |
|
|
* Resulting section names can be: |
290 |
|
|
* For main mode: |
291 |
|
|
* {BLF,3DES,CAST,AES,AES-{128,192,256}-{MD5,SHA,SHA2-{256,384,512}} \ |
292 |
|
|
* [-GRP{1,2,5,14-21,25-30}][-{DSS,RSA_SIG}] |
293 |
|
|
* For quick mode: |
294 |
|
|
* QM-{proto}[-TRP]-{cipher}[-{hash}][-PFS[-{group}]]-SUITE |
295 |
|
|
* where |
296 |
|
|
* {proto} = ESP, AH |
297 |
|
|
* {cipher} = 3DES, CAST, BLF, AES, AES-{128,192,256}, AESCTR |
298 |
|
|
* {hash} = MD5, SHA, RIPEMD, SHA2-{256,384,512} |
299 |
|
|
* {group} = GRP{1,2,5,14-21,25-30} |
300 |
|
|
* |
301 |
|
|
* DH group defaults to MODP_1024. |
302 |
|
|
* |
303 |
|
|
* XXX We may want to support USE_TRIPLEDES, etc... |
304 |
|
|
* XXX No EC2N DH support here yet. |
305 |
|
|
*/ |
306 |
|
|
|
307 |
|
|
/* Find the value for a section+tag in the transaction list. */ |
308 |
|
|
static char * |
309 |
|
|
conf_get_trans_str(int trans, char *section, char *tag) |
310 |
|
|
{ |
311 |
|
|
struct conf_trans *node, *nf = 0; |
312 |
|
|
|
313 |
|
|
for (node = TAILQ_FIRST(&conf_trans_queue); node; |
314 |
|
|
node = TAILQ_NEXT(node, link)) |
315 |
|
|
if (node->trans == trans && strcasecmp(section, node->section) |
316 |
|
|
== 0 && strcasecmp(tag, node->tag) == 0) { |
317 |
|
|
if (!nf) |
318 |
|
|
nf = node; |
319 |
|
|
else if (node->override) |
320 |
|
|
nf = node; |
321 |
|
|
} |
322 |
|
|
return nf ? nf->value : 0; |
323 |
|
|
} |
324 |
|
|
|
325 |
|
|
#if 0 |
326 |
|
|
/* XXX Currently unused. */ |
327 |
|
|
static int |
328 |
|
|
conf_find_trans_xf(int phase, char *xf) |
329 |
|
|
{ |
330 |
|
|
struct conf_trans *node; |
331 |
|
|
char *p; |
332 |
|
|
|
333 |
|
|
/* Find the relevant transforms and suites, if any. */ |
334 |
|
|
for (node = TAILQ_FIRST(&conf_trans_queue); node; |
335 |
|
|
node = TAILQ_NEXT(node, link)) |
336 |
|
|
if ((phase == 1 && strcmp("Transforms", node->tag) == 0) || |
337 |
|
|
(phase == 2 && strcmp("Suites", node->tag) == 0)) { |
338 |
|
|
p = node->value; |
339 |
|
|
while ((p = strstr(p, xf)) != NULL) |
340 |
|
|
if (*(p + strlen(p)) && |
341 |
|
|
*(p + strlen(p)) != ',') |
342 |
|
|
p += strlen(p); |
343 |
|
|
else |
344 |
|
|
return 1; |
345 |
|
|
} |
346 |
|
|
return 0; |
347 |
|
|
} |
348 |
|
|
#endif |
349 |
|
|
|
350 |
|
|
static void |
351 |
|
|
conf_load_defaults_mm(int tr, char *mme, char *mmh, char *mma, char *dhg, |
352 |
|
|
char *mme_p, char *mma_p, char *dhg_p, char *mmh_p) |
353 |
|
|
{ |
354 |
|
|
char sect[CONF_SECT_MAX]; |
355 |
|
|
|
356 |
|
|
snprintf(sect, sizeof sect, "%s%s%s%s", mme_p, mmh_p, dhg_p, mma_p); |
357 |
|
|
|
358 |
|
|
LOG_DBG((LOG_MISC, 95, "conf_load_defaults_mm: main mode %s", sect)); |
359 |
|
|
|
360 |
|
|
conf_set(tr, sect, "ENCRYPTION_ALGORITHM", mme, 0, 1); |
361 |
|
|
if (strcmp(mme, "BLOWFISH_CBC") == 0) |
362 |
|
|
conf_set(tr, sect, "KEY_LENGTH", CONF_DFLT_VAL_BLF_KEYLEN, 0, |
363 |
|
|
1); |
364 |
|
|
else if (strcmp(mme_p, "AES-128") == 0) |
365 |
|
|
conf_set(tr, sect, "KEY_LENGTH", "128,128:128", 0, 1); |
366 |
|
|
else if (strcmp(mme_p, "AES-192") == 0) |
367 |
|
|
conf_set(tr, sect, "KEY_LENGTH", "192,192:192", 0, 1); |
368 |
|
|
else if (strcmp(mme_p, "AES-256") == 0) |
369 |
|
|
conf_set(tr, sect, "KEY_LENGTH", "256,256:256", 0, 1); |
370 |
|
|
else if (strcmp(mme, "AES_CBC") == 0) |
371 |
|
|
conf_set(tr, sect, "KEY_LENGTH", CONF_DFLT_VAL_AES_KEYLEN, 0, |
372 |
|
|
1); |
373 |
|
|
|
374 |
|
|
conf_set(tr, sect, "HASH_ALGORITHM", mmh, 0, 1); |
375 |
|
|
conf_set(tr, sect, "AUTHENTICATION_METHOD", mma, 0, 1); |
376 |
|
|
conf_set(tr, sect, "GROUP_DESCRIPTION", dhg, 0, 1); |
377 |
|
|
conf_set(tr, sect, "Life", CONF_DFLT_TAG_LIFE_MAIN_MODE, 0, 1); |
378 |
|
|
} |
379 |
|
|
|
380 |
|
|
static void |
381 |
|
|
conf_load_defaults_qm(int tr, char *qme, char *qmh, char *dhg, char *qme_p, |
382 |
|
|
char *qmh_p, char *qm_ah_id, char *dhg_p, int proto, int mode, int pfs) |
383 |
|
|
{ |
384 |
|
|
char sect[CONF_SECT_MAX], tmp[CONF_SECT_MAX]; |
385 |
|
|
|
386 |
|
|
/* Helper #defines, incl abbreviations. */ |
387 |
|
|
#define PROTO(x) ((x) ? "AH" : "ESP") |
388 |
|
|
#define PFS(x) ((x) ? "-PFS" : "") |
389 |
|
|
#define MODE(x) ((x) ? "TRANSPORT" : "TUNNEL") |
390 |
|
|
#define MODE_p(x) ((x) ? "-TRP" : "") |
391 |
|
|
|
392 |
|
|
/* For AH a hash must be present and no encryption is allowed */ |
393 |
|
|
if (proto == 1 && (strcmp(qmh, "NONE") == 0 || |
394 |
|
|
strcmp(qme, "NONE") != 0)) |
395 |
|
|
return; |
396 |
|
|
|
397 |
|
|
/* For ESP encryption must be provided, an empty hash is ok. */ |
398 |
|
|
if (proto == 0 && strcmp(qme, "NONE") == 0) |
399 |
|
|
return; |
400 |
|
|
|
401 |
|
|
/* When PFS is disabled no DH group must be specified. */ |
402 |
|
|
if (pfs == 0 && strcmp(dhg_p, "")) |
403 |
|
|
return; |
404 |
|
|
|
405 |
|
|
/* For GCM no additional authentication must be specified */ |
406 |
|
|
if (proto == 0 && strcmp(qmh, "NONE") != 0 && |
407 |
|
|
(strcmp(qme, "AES_GCM_16") == 0 || strcmp(qme, "AES_GMAC") == 0)) |
408 |
|
|
return; |
409 |
|
|
|
410 |
|
|
snprintf(tmp, sizeof tmp, "QM-%s%s%s%s%s%s", PROTO(proto), |
411 |
|
|
MODE_p(mode), qme_p, qmh_p, PFS(pfs), dhg_p); |
412 |
|
|
|
413 |
|
|
strlcpy(sect, tmp, CONF_SECT_MAX); |
414 |
|
|
strlcat(sect, "-SUITE", CONF_SECT_MAX); |
415 |
|
|
|
416 |
|
|
LOG_DBG((LOG_MISC, 95, "conf_load_defaults_qm: quick mode %s", sect)); |
417 |
|
|
|
418 |
|
|
conf_set(tr, sect, "Protocols", tmp, 0, 1); |
419 |
|
|
snprintf(sect, sizeof sect, "IPSEC_%s", PROTO(proto)); |
420 |
|
|
conf_set(tr, tmp, "PROTOCOL_ID", sect, 0, 1); |
421 |
|
|
strlcpy(sect, tmp, CONF_SECT_MAX); |
422 |
|
|
strlcat(sect, "-XF", CONF_SECT_MAX); |
423 |
|
|
conf_set(tr, tmp, "Transforms", sect, 0, 1); |
424 |
|
|
|
425 |
|
|
/* |
426 |
|
|
* XXX For now, defaults |
427 |
|
|
* contain one xf per protocol. |
428 |
|
|
*/ |
429 |
|
|
if (proto == 0) |
430 |
|
|
conf_set(tr, sect, "TRANSFORM_ID", qme, 0, 1); |
431 |
|
|
else |
432 |
|
|
conf_set(tr, sect, "TRANSFORM_ID", qm_ah_id, 0, 1); |
433 |
|
|
if (strcmp(qme ,"BLOWFISH") == 0) |
434 |
|
|
conf_set(tr, sect, "KEY_LENGTH", CONF_DFLT_VAL_BLF_KEYLEN, 0, |
435 |
|
|
1); |
436 |
|
|
else if (strcmp(qme_p, "-AES-128") == 0 || |
437 |
|
|
strcmp(qme_p, "-AESCTR-128") == 0 || |
438 |
|
|
strcmp(qme_p, "-AESGCM-128") == 0 || |
439 |
|
|
strcmp(qme_p, "-AESGMAC-128") == 0) |
440 |
|
|
conf_set(tr, sect, "KEY_LENGTH", "128,128:128", 0, 1); |
441 |
|
|
else if (strcmp(qme_p, "-AES-192") == 0 || |
442 |
|
|
strcmp(qme_p, "-AESCTR-192") == 0 || |
443 |
|
|
strcmp(qme_p, "-AESGCM-192") == 0 || |
444 |
|
|
strcmp(qme_p, "-AESGMAC-192") == 0) |
445 |
|
|
conf_set(tr, sect, "KEY_LENGTH", "192,192:192", 0, 1); |
446 |
|
|
else if (strcmp(qme_p, "-AES-256") == 0 || |
447 |
|
|
strcmp(qme_p, "-AESCTR-256") == 0 || |
448 |
|
|
strcmp(qme_p, "-AESGCM-256") == 0 || |
449 |
|
|
strcmp(qme_p, "-AESGMAC-256") == 0) |
450 |
|
|
conf_set(tr, sect, "KEY_LENGTH", "256,256:256", 0, 1); |
451 |
|
|
else if (strcmp(qme, "AES") == 0) |
452 |
|
|
conf_set(tr, sect, "KEY_LENGTH", CONF_DFLT_VAL_AES_KEYLEN, 0, |
453 |
|
|
1); |
454 |
|
|
|
455 |
|
|
conf_set(tr, sect, "ENCAPSULATION_MODE", MODE(mode), 0, 1); |
456 |
|
|
if (strcmp(qmh, "NONE")) { |
457 |
|
|
conf_set(tr, sect, "AUTHENTICATION_ALGORITHM", qmh, 0, 1); |
458 |
|
|
|
459 |
|
|
/* XXX Another shortcut to keep length down */ |
460 |
|
|
if (pfs) |
461 |
|
|
conf_set(tr, sect, "GROUP_DESCRIPTION", dhg, 0, 1); |
462 |
|
|
} |
463 |
|
|
|
464 |
|
|
/* XXX Lifetimes depending on enc/auth strength? */ |
465 |
|
|
conf_set(tr, sect, "Life", CONF_DFLT_TAG_LIFE_QUICK_MODE, 0, 1); |
466 |
|
|
} |
467 |
|
|
|
468 |
|
|
static void |
469 |
|
|
conf_load_defaults(int tr) |
470 |
|
|
{ |
471 |
|
|
int enc, auth, hash, group, proto, mode, pfs; |
472 |
|
|
char *dflt; |
473 |
|
|
|
474 |
|
|
char *mm_auth[] = {"PRE_SHARED", "DSS", "RSA_SIG", 0}; |
475 |
|
|
char *mm_auth_p[] = {"", "-DSS", "-RSA_SIG", 0}; |
476 |
|
|
char *mm_hash[] = {"MD5", "SHA", "SHA2_256", "SHA2_384", "SHA2_512", |
477 |
|
|
0}; |
478 |
|
|
char *mm_hash_p[] = {"-MD5", "-SHA", "-SHA2-256", "-SHA2-384", |
479 |
|
|
"-SHA2-512", "", 0 }; |
480 |
|
|
char *mm_enc[] = {"BLOWFISH_CBC", "3DES_CBC", "CAST_CBC", |
481 |
|
|
"AES_CBC", "AES_CBC", "AES_CBC", "AES_CBC", 0}; |
482 |
|
|
char *mm_enc_p[] = {"BLF", "3DES", "CAST", "AES", "AES-128", |
483 |
|
|
"AES-192", "AES-256", 0}; |
484 |
|
|
char *dhgroup[] = {"MODP_1024", "MODP_768", "MODP_1024", |
485 |
|
|
"MODP_1536", "MODP_2048", "MODP_3072", "MODP_4096", |
486 |
|
|
"MODP_6144", "MODP_8192", |
487 |
|
|
"ECP_256", "ECP_384", "ECP_521", "ECP_192", "ECP_224", |
488 |
|
|
"BP_224", "BP_256", "BP_384", "BP_512", 0}; |
489 |
|
|
char *dhgroup_p[] = {"", "-GRP1", "-GRP2", "-GRP5", "-GRP14", |
490 |
|
|
"-GRP15", "-GRP16", "-GRP17", "-GRP18", "-GRP19", "-GRP20", |
491 |
|
|
"-GRP21", "-GRP25", "-GRP26", "-GRP27", "-GRP28", "-GRP29", |
492 |
|
|
"-GRP30", 0}; |
493 |
|
|
char *qm_enc[] = {"3DES", "CAST", "BLOWFISH", "AES", |
494 |
|
|
"AES", "AES", "AES", "AES_CTR", "AES_CTR", "AES_CTR", |
495 |
|
|
"AES_CTR", "AES_GCM_16", |
496 |
|
|
"AES_GCM_16", "AES_GCM_16", "AES_GMAC", "AES_GMAC", |
497 |
|
|
"AES_GMAC", "NULL", "NONE", 0}; |
498 |
|
|
char *qm_enc_p[] = {"-3DES", "-CAST", "-BLF", "-AES", |
499 |
|
|
"-AES-128", "-AES-192", "-AES-256", "-AESCTR", |
500 |
|
|
"-AESCTR-128", "-AESCTR-192", "-AESCTR-256", |
501 |
|
|
"-AESGCM-128", "-AESGCM-192", "-AESGCM-256", |
502 |
|
|
"-AESGMAC-128", "-AESGMAC-192", "-AESGMAC-256", "-NULL", |
503 |
|
|
"", 0}; |
504 |
|
|
char *qm_hash[] = {"HMAC_MD5", "HMAC_SHA", "HMAC_RIPEMD", |
505 |
|
|
"HMAC_SHA2_256", "HMAC_SHA2_384", "HMAC_SHA2_512", "NONE", |
506 |
|
|
0}; |
507 |
|
|
char *qm_hash_p[] = {"-MD5", "-SHA", "-RIPEMD", "-SHA2-256", |
508 |
|
|
"-SHA2-384", "-SHA2-512", "", 0}; |
509 |
|
|
char *qm_ah_id[] = {"MD5", "SHA", "RIPEMD", "SHA2_256", "SHA2_384", |
510 |
|
|
"SHA2_512", "", 0}; |
511 |
|
|
|
512 |
|
|
/* General and X509 defaults */ |
513 |
|
|
conf_set(tr, "General", "Retransmits", CONF_DFLT_RETRANSMITS, 0, 1); |
514 |
|
|
conf_set(tr, "General", "Exchange-max-time", CONF_DFLT_EXCH_MAX_TIME, |
515 |
|
|
0, 1); |
516 |
|
|
conf_set(tr, "General", "Use-Keynote", CONF_DFLT_USE_KEYNOTE, 0, 1); |
517 |
|
|
conf_set(tr, "General", "Policy-file", CONF_DFLT_POLICY_FILE, 0, 1); |
518 |
|
|
conf_set(tr, "General", "Pubkey-directory", CONF_DFLT_PUBKEY_DIR, 0, |
519 |
|
|
1); |
520 |
|
|
|
521 |
|
|
conf_set(tr, "X509-certificates", "CA-directory", |
522 |
|
|
CONF_DFLT_X509_CA_DIR, 0, 1); |
523 |
|
|
conf_set(tr, "X509-certificates", "Cert-directory", |
524 |
|
|
CONF_DFLT_X509_CERT_DIR, 0, 1); |
525 |
|
|
conf_set(tr, "X509-certificates", "Private-key", |
526 |
|
|
CONF_DFLT_X509_PRIVATE_KEY, 0, 1); |
527 |
|
|
conf_set(tr, "X509-certificates", "Private-key-directory", |
528 |
|
|
CONF_DFLT_X509_PRIVATE_KEY_DIR, 0, 1); |
529 |
|
|
conf_set(tr, "X509-certificates", "CRL-directory", |
530 |
|
|
CONF_DFLT_X509_CRL_DIR, 0, 1); |
531 |
|
|
|
532 |
|
|
conf_set(tr, "KeyNote", "Credential-directory", |
533 |
|
|
CONF_DFLT_KEYNOTE_CRED_DIR, 0, 1); |
534 |
|
|
|
535 |
|
|
conf_set(tr, "General", "Delete-SAs", CONF_DFLT_DELETE_SAS, 0, 1); |
536 |
|
|
|
537 |
|
|
/* Lifetimes. XXX p1/p2 vs main/quick mode may be unclear. */ |
538 |
|
|
dflt = conf_get_trans_str(tr, "General", "Default-phase-1-lifetime"); |
539 |
|
|
conf_set(tr, CONF_DFLT_TAG_LIFE_MAIN_MODE, "LIFE_TYPE", |
540 |
|
|
CONF_DFLT_TYPE_LIFE_MAIN_MODE, 0, 1); |
541 |
|
|
conf_set(tr, CONF_DFLT_TAG_LIFE_MAIN_MODE, "LIFE_DURATION", |
542 |
|
|
(dflt ? dflt : CONF_DFLT_VAL_LIFE_MAIN_MODE), 0, 1); |
543 |
|
|
|
544 |
|
|
dflt = conf_get_trans_str(tr, "General", "Default-phase-2-lifetime"); |
545 |
|
|
conf_set(tr, CONF_DFLT_TAG_LIFE_QUICK_MODE, "LIFE_TYPE", |
546 |
|
|
CONF_DFLT_TYPE_LIFE_QUICK_MODE, 0, 1); |
547 |
|
|
conf_set(tr, CONF_DFLT_TAG_LIFE_QUICK_MODE, "LIFE_DURATION", |
548 |
|
|
(dflt ? dflt : CONF_DFLT_VAL_LIFE_QUICK_MODE), 0, 1); |
549 |
|
|
|
550 |
|
|
/* Default Phase-1 Configuration section */ |
551 |
|
|
conf_set(tr, CONF_DFLT_TAG_PHASE1_CONFIG, "EXCHANGE_TYPE", |
552 |
|
|
CONF_DFLT_PHASE1_EXCH_TYPE, 0, 1); |
553 |
|
|
conf_set(tr, CONF_DFLT_TAG_PHASE1_CONFIG, "Transforms", |
554 |
|
|
CONF_DFLT_PHASE1_TRANSFORMS, 0, 1); |
555 |
|
|
|
556 |
|
|
/* Main modes */ |
557 |
|
|
for (enc = 0; mm_enc[enc]; enc++) |
558 |
|
|
for (hash = 0; mm_hash[hash]; hash++) |
559 |
|
|
for (auth = 0; mm_auth[auth]; auth++) |
560 |
|
|
for (group = 0; dhgroup_p[group]; group++) |
561 |
|
|
conf_load_defaults_mm (tr, mm_enc[enc], |
562 |
|
|
mm_hash[hash], mm_auth[auth], |
563 |
|
|
dhgroup[group], mm_enc_p[enc], |
564 |
|
|
mm_auth_p[auth], dhgroup_p[group], |
565 |
|
|
mm_hash_p[hash]); |
566 |
|
|
|
567 |
|
|
/* Setup a default Phase 1 entry */ |
568 |
|
|
conf_set(tr, "Phase 1", "Default", "Default-phase-1", 0, 1); |
569 |
|
|
conf_set(tr, "Default-phase-1", "Phase", "1", 0, 1); |
570 |
|
|
conf_set(tr, "Default-phase-1", "Configuration", |
571 |
|
|
"Default-phase-1-configuration", 0, 1); |
572 |
|
|
dflt = conf_get_trans_str(tr, "General", "Default-phase-1-ID"); |
573 |
|
|
if (dflt) |
574 |
|
|
conf_set(tr, "Default-phase-1", "ID", dflt, 0, 1); |
575 |
|
|
|
576 |
|
|
/* Quick modes */ |
577 |
|
|
for (enc = 0; qm_enc[enc]; enc++) |
578 |
|
|
for (proto = 0; proto < 2; proto++) |
579 |
|
|
for (mode = 0; mode < 2; mode++) |
580 |
|
|
for (pfs = 0; pfs < 2; pfs++) |
581 |
|
|
for (hash = 0; qm_hash[hash]; hash++) |
582 |
|
|
for (group = 0; |
583 |
|
|
dhgroup_p[group]; group++) |
584 |
|
|
conf_load_defaults_qm( |
585 |
|
|
tr, qm_enc[enc], |
586 |
|
|
qm_hash[hash], |
587 |
|
|
dhgroup[group], |
588 |
|
|
qm_enc_p[enc], |
589 |
|
|
qm_hash_p[hash], |
590 |
|
|
qm_ah_id[hash], |
591 |
|
|
dhgroup_p[group], |
592 |
|
|
proto, mode, pfs); |
593 |
|
|
} |
594 |
|
|
|
595 |
|
|
void |
596 |
|
|
conf_init(void) |
597 |
|
|
{ |
598 |
|
|
unsigned int i; |
599 |
|
|
|
600 |
|
|
for (i = 0; i < sizeof conf_bindings / sizeof conf_bindings[0]; i++) |
601 |
|
|
LIST_INIT(&conf_bindings[i]); |
602 |
|
|
TAILQ_INIT(&conf_trans_queue); |
603 |
|
|
conf_reinit(); |
604 |
|
|
} |
605 |
|
|
|
606 |
|
|
/* Open the config file and map it into our address space, then parse it. */ |
607 |
|
|
void |
608 |
|
|
conf_reinit(void) |
609 |
|
|
{ |
610 |
|
|
struct conf_binding *cb = 0; |
611 |
|
|
int fd, trans; |
612 |
|
|
unsigned int i; |
613 |
|
|
size_t sz; |
614 |
|
|
char *new_conf_addr = 0; |
615 |
|
|
|
616 |
|
|
fd = monitor_open(conf_path, O_RDONLY, 0); |
617 |
|
|
if (fd == -1 || check_file_secrecy_fd(fd, conf_path, &sz) == -1) { |
618 |
|
|
if (fd == -1 && errno != ENOENT) |
619 |
|
|
log_error("conf_reinit: open(\"%s\", O_RDONLY, 0) " |
620 |
|
|
"failed", conf_path); |
621 |
|
|
if (fd != -1) |
622 |
|
|
close(fd); |
623 |
|
|
|
624 |
|
|
trans = conf_begin(); |
625 |
|
|
} else { |
626 |
|
|
new_conf_addr = malloc(sz); |
627 |
|
|
if (!new_conf_addr) { |
628 |
|
|
log_error("conf_reinit: malloc (%lu) failed", |
629 |
|
|
(unsigned long)sz); |
630 |
|
|
goto fail; |
631 |
|
|
} |
632 |
|
|
/* XXX I assume short reads won't happen here. */ |
633 |
|
|
if (read(fd, new_conf_addr, sz) != (int)sz) { |
634 |
|
|
log_error("conf_reinit: read (%d, %p, %lu) failed", |
635 |
|
|
fd, new_conf_addr, (unsigned long)sz); |
636 |
|
|
goto fail; |
637 |
|
|
} |
638 |
|
|
close(fd); |
639 |
|
|
|
640 |
|
|
trans = conf_begin(); |
641 |
|
|
|
642 |
|
|
/* XXX Should we not care about errors and rollback? */ |
643 |
|
|
conf_parse(trans, new_conf_addr, sz); |
644 |
|
|
} |
645 |
|
|
|
646 |
|
|
/* Load default configuration values. */ |
647 |
|
|
conf_load_defaults(trans); |
648 |
|
|
|
649 |
|
|
/* Free potential existing configuration. */ |
650 |
|
|
if (conf_addr) { |
651 |
|
|
for (i = 0; i < sizeof conf_bindings / sizeof conf_bindings[0]; |
652 |
|
|
i++) |
653 |
|
|
for (cb = LIST_FIRST(&conf_bindings[i]); cb; |
654 |
|
|
cb = LIST_FIRST(&conf_bindings[i])) |
655 |
|
|
conf_remove_now(cb->section, cb->tag); |
656 |
|
|
free(conf_addr); |
657 |
|
|
} |
658 |
|
|
conf_end(trans, 1); |
659 |
|
|
conf_addr = new_conf_addr; |
660 |
|
|
return; |
661 |
|
|
|
662 |
|
|
fail: |
663 |
|
|
free(new_conf_addr); |
664 |
|
|
close(fd); |
665 |
|
|
} |
666 |
|
|
|
667 |
|
|
/* |
668 |
|
|
* Return the numeric value denoted by TAG in section SECTION or DEF |
669 |
|
|
* if that tag does not exist. |
670 |
|
|
*/ |
671 |
|
|
int |
672 |
|
|
conf_get_num(char *section, char *tag, int def) |
673 |
|
|
{ |
674 |
|
|
char *value = conf_get_str(section, tag); |
675 |
|
|
|
676 |
|
|
if (value) |
677 |
|
|
return atoi(value); |
678 |
|
|
return def; |
679 |
|
|
} |
680 |
|
|
|
681 |
|
|
/* |
682 |
|
|
* Return the socket endpoint address denoted by TAG in SECTION as a |
683 |
|
|
* struct sockaddr. It is the callers responsibility to deallocate |
684 |
|
|
* this structure when it is finished with it. |
685 |
|
|
*/ |
686 |
|
|
struct sockaddr * |
687 |
|
|
conf_get_address(char *section, char *tag) |
688 |
|
|
{ |
689 |
|
|
char *value = conf_get_str(section, tag); |
690 |
|
|
struct sockaddr *sa; |
691 |
|
|
|
692 |
|
|
if (!value) |
693 |
|
|
return 0; |
694 |
|
|
if (text2sockaddr(value, 0, &sa, 0, 0) == -1) |
695 |
|
|
return 0; |
696 |
|
|
return sa; |
697 |
|
|
} |
698 |
|
|
|
699 |
|
|
/* Validate X according to the range denoted by TAG in section SECTION. */ |
700 |
|
|
int |
701 |
|
|
conf_match_num(char *section, char *tag, int x) |
702 |
|
|
{ |
703 |
|
|
char *value = conf_get_str(section, tag); |
704 |
|
|
int val, min, max, n; |
705 |
|
|
|
706 |
|
|
if (!value) |
707 |
|
|
return 0; |
708 |
|
|
n = sscanf(value, "%d,%d:%d", &val, &min, &max); |
709 |
|
|
switch (n) { |
710 |
|
|
case 1: |
711 |
|
|
LOG_DBG((LOG_MISC, 95, "conf_match_num: %s:%s %d==%d?", |
712 |
|
|
section, tag, val, x)); |
713 |
|
|
return x == val; |
714 |
|
|
case 3: |
715 |
|
|
LOG_DBG((LOG_MISC, 95, "conf_match_num: %s:%s %d<=%d<=%d?", |
716 |
|
|
section, tag, min, x, max)); |
717 |
|
|
return min <= x && max >= x; |
718 |
|
|
default: |
719 |
|
|
log_error("conf_match_num: section %s tag %s: invalid number " |
720 |
|
|
"spec %s", section, tag, value); |
721 |
|
|
} |
722 |
|
|
return 0; |
723 |
|
|
} |
724 |
|
|
|
725 |
|
|
/* Return the string value denoted by TAG in section SECTION. */ |
726 |
|
|
char * |
727 |
|
|
conf_get_str(char *section, char *tag) |
728 |
|
|
{ |
729 |
|
|
struct conf_binding *cb; |
730 |
|
|
|
731 |
|
|
for (cb = LIST_FIRST(&conf_bindings[conf_hash(section)]); cb; |
732 |
|
|
cb = LIST_NEXT(cb, link)) |
733 |
|
|
if (strcasecmp(section, cb->section) == 0 && |
734 |
|
|
strcasecmp(tag, cb->tag) == 0) { |
735 |
|
|
LOG_DBG((LOG_MISC, 95, "conf_get_str: [%s]:%s->%s", |
736 |
|
|
section, tag, cb->value)); |
737 |
|
|
return cb->value; |
738 |
|
|
} |
739 |
|
|
LOG_DBG((LOG_MISC, 95, |
740 |
|
|
"conf_get_str: configuration value not found [%s]:%s", section, |
741 |
|
|
tag)); |
742 |
|
|
return 0; |
743 |
|
|
} |
744 |
|
|
|
745 |
|
|
/* |
746 |
|
|
* Build a list of string values out of the comma separated value denoted by |
747 |
|
|
* TAG in SECTION. |
748 |
|
|
*/ |
749 |
|
|
struct conf_list * |
750 |
|
|
conf_get_list(char *section, char *tag) |
751 |
|
|
{ |
752 |
|
|
char *liststr = 0, *p, *field, *t; |
753 |
|
|
struct conf_list *list = 0; |
754 |
|
|
struct conf_list_node *node = 0; |
755 |
|
|
|
756 |
|
|
list = malloc(sizeof *list); |
757 |
|
|
if (!list) |
758 |
|
|
goto cleanup; |
759 |
|
|
TAILQ_INIT(&list->fields); |
760 |
|
|
list->cnt = 0; |
761 |
|
|
liststr = conf_get_str(section, tag); |
762 |
|
|
if (!liststr) |
763 |
|
|
goto cleanup; |
764 |
|
|
liststr = strdup(liststr); |
765 |
|
|
if (!liststr) |
766 |
|
|
goto cleanup; |
767 |
|
|
p = liststr; |
768 |
|
|
while ((field = strsep(&p, ",")) != NULL) { |
769 |
|
|
/* Skip leading whitespace */ |
770 |
|
|
while (isspace((unsigned char)*field)) |
771 |
|
|
field++; |
772 |
|
|
/* Skip trailing whitespace */ |
773 |
|
|
if (p) |
774 |
|
|
for (t = p - 1; t > field && isspace((unsigned char)*t); t--) |
775 |
|
|
*t = '\0'; |
776 |
|
|
if (*field == '\0') { |
777 |
|
|
log_print("conf_get_list: empty field, ignoring..."); |
778 |
|
|
continue; |
779 |
|
|
} |
780 |
|
|
list->cnt++; |
781 |
|
|
node = calloc(1, sizeof *node); |
782 |
|
|
if (!node) |
783 |
|
|
goto cleanup; |
784 |
|
|
node->field = strdup(field); |
785 |
|
|
if (!node->field) |
786 |
|
|
goto cleanup; |
787 |
|
|
TAILQ_INSERT_TAIL(&list->fields, node, link); |
788 |
|
|
} |
789 |
|
|
free(liststr); |
790 |
|
|
return list; |
791 |
|
|
|
792 |
|
|
cleanup: |
793 |
|
|
free(node); |
794 |
|
|
if (list) |
795 |
|
|
conf_free_list(list); |
796 |
|
|
free(liststr); |
797 |
|
|
return 0; |
798 |
|
|
} |
799 |
|
|
|
800 |
|
|
struct conf_list * |
801 |
|
|
conf_get_tag_list(char *section) |
802 |
|
|
{ |
803 |
|
|
struct conf_list *list = 0; |
804 |
|
|
struct conf_list_node *node = 0; |
805 |
|
|
struct conf_binding *cb; |
806 |
|
|
|
807 |
|
|
list = malloc(sizeof *list); |
808 |
|
|
if (!list) |
809 |
|
|
goto cleanup; |
810 |
|
|
TAILQ_INIT(&list->fields); |
811 |
|
|
list->cnt = 0; |
812 |
|
|
for (cb = LIST_FIRST(&conf_bindings[conf_hash(section)]); cb; |
813 |
|
|
cb = LIST_NEXT(cb, link)) |
814 |
|
|
if (strcasecmp(section, cb->section) == 0) { |
815 |
|
|
list->cnt++; |
816 |
|
|
node = calloc(1, sizeof *node); |
817 |
|
|
if (!node) |
818 |
|
|
goto cleanup; |
819 |
|
|
node->field = strdup(cb->tag); |
820 |
|
|
if (!node->field) |
821 |
|
|
goto cleanup; |
822 |
|
|
TAILQ_INSERT_TAIL(&list->fields, node, link); |
823 |
|
|
} |
824 |
|
|
return list; |
825 |
|
|
|
826 |
|
|
cleanup: |
827 |
|
|
free(node); |
828 |
|
|
if (list) |
829 |
|
|
conf_free_list(list); |
830 |
|
|
return 0; |
831 |
|
|
} |
832 |
|
|
|
833 |
|
|
void |
834 |
|
|
conf_free_list(struct conf_list *list) |
835 |
|
|
{ |
836 |
|
|
struct conf_list_node *node = TAILQ_FIRST(&list->fields); |
837 |
|
|
|
838 |
|
|
while (node) { |
839 |
|
|
TAILQ_REMOVE(&list->fields, node, link); |
840 |
|
|
free(node->field); |
841 |
|
|
free(node); |
842 |
|
|
node = TAILQ_FIRST(&list->fields); |
843 |
|
|
} |
844 |
|
|
free(list); |
845 |
|
|
} |
846 |
|
|
|
847 |
|
|
int |
848 |
|
|
conf_begin(void) |
849 |
|
|
{ |
850 |
|
|
static int seq = 0; |
851 |
|
|
|
852 |
|
|
return ++seq; |
853 |
|
|
} |
854 |
|
|
|
855 |
|
|
static int |
856 |
|
|
conf_trans_node(int transaction, enum conf_op op, char *section, char *tag, |
857 |
|
|
char *value, int override, int is_default) |
858 |
|
|
{ |
859 |
|
|
struct conf_trans *node; |
860 |
|
|
|
861 |
|
|
node = calloc(1, sizeof *node); |
862 |
|
|
if (!node) { |
863 |
|
|
log_error("conf_trans_node: calloc (1, %lu) failed", |
864 |
|
|
(unsigned long)sizeof *node); |
865 |
|
|
return 1; |
866 |
|
|
} |
867 |
|
|
node->trans = transaction; |
868 |
|
|
node->op = op; |
869 |
|
|
node->override = override; |
870 |
|
|
node->is_default = is_default; |
871 |
|
|
if (section && (node->section = strdup(section)) == NULL) |
872 |
|
|
goto fail; |
873 |
|
|
if (tag && (node->tag = strdup(tag)) == NULL) |
874 |
|
|
goto fail; |
875 |
|
|
if (value && (node->value = strdup(value)) == NULL) |
876 |
|
|
goto fail; |
877 |
|
|
TAILQ_INSERT_TAIL(&conf_trans_queue, node, link); |
878 |
|
|
return 0; |
879 |
|
|
|
880 |
|
|
fail: |
881 |
|
|
free(node->section); |
882 |
|
|
free(node->tag); |
883 |
|
|
free(node->value); |
884 |
|
|
free(node); |
885 |
|
|
return 1; |
886 |
|
|
} |
887 |
|
|
|
888 |
|
|
/* Queue a set operation. */ |
889 |
|
|
int |
890 |
|
|
conf_set(int transaction, char *section, char *tag, char *value, int override, |
891 |
|
|
int is_default) |
892 |
|
|
{ |
893 |
|
|
return conf_trans_node(transaction, CONF_SET, section, tag, value, |
894 |
|
|
override, is_default); |
895 |
|
|
} |
896 |
|
|
|
897 |
|
|
/* Queue a remove operation. */ |
898 |
|
|
int |
899 |
|
|
conf_remove(int transaction, char *section, char *tag) |
900 |
|
|
{ |
901 |
|
|
return conf_trans_node(transaction, CONF_REMOVE, section, tag, NULL, |
902 |
|
|
0, 0); |
903 |
|
|
} |
904 |
|
|
|
905 |
|
|
/* Queue a remove section operation. */ |
906 |
|
|
int |
907 |
|
|
conf_remove_section(int transaction, char *section) |
908 |
|
|
{ |
909 |
|
|
return conf_trans_node(transaction, CONF_REMOVE_SECTION, section, NULL, |
910 |
|
|
NULL, 0, 0); |
911 |
|
|
} |
912 |
|
|
|
913 |
|
|
/* Execute all queued operations for this transaction. Cleanup. */ |
914 |
|
|
int |
915 |
|
|
conf_end(int transaction, int commit) |
916 |
|
|
{ |
917 |
|
|
struct conf_trans *node, *next; |
918 |
|
|
|
919 |
|
|
for (node = TAILQ_FIRST(&conf_trans_queue); node; node = next) { |
920 |
|
|
next = TAILQ_NEXT(node, link); |
921 |
|
|
if (node->trans == transaction) { |
922 |
|
|
if (commit) |
923 |
|
|
switch (node->op) { |
924 |
|
|
case CONF_SET: |
925 |
|
|
conf_set_now(node->section, node->tag, |
926 |
|
|
node->value, node->override, |
927 |
|
|
node->is_default); |
928 |
|
|
break; |
929 |
|
|
case CONF_REMOVE: |
930 |
|
|
conf_remove_now(node->section, |
931 |
|
|
node->tag); |
932 |
|
|
break; |
933 |
|
|
case CONF_REMOVE_SECTION: |
934 |
|
|
conf_remove_section_now(node->section); |
935 |
|
|
break; |
936 |
|
|
default: |
937 |
|
|
log_print("conf_end: unknown " |
938 |
|
|
"operation: %d", node->op); |
939 |
|
|
} |
940 |
|
|
TAILQ_REMOVE(&conf_trans_queue, node, link); |
941 |
|
|
free(node->section); |
942 |
|
|
free(node->tag); |
943 |
|
|
free(node->value); |
944 |
|
|
free(node); |
945 |
|
|
} |
946 |
|
|
} |
947 |
|
|
return 0; |
948 |
|
|
} |
949 |
|
|
|
950 |
|
|
/* |
951 |
|
|
* Dump running configuration upon SIGUSR1. |
952 |
|
|
* Configuration is "stored in reverse order", so reverse it again. |
953 |
|
|
*/ |
954 |
|
|
struct dumper { |
955 |
|
|
char *s, *v; |
956 |
|
|
struct dumper *next; |
957 |
|
|
}; |
958 |
|
|
|
959 |
|
|
static void |
960 |
|
|
conf_report_dump(struct dumper *node) |
961 |
|
|
{ |
962 |
|
|
/* Recursive, cleanup when we're done. */ |
963 |
|
|
|
964 |
|
|
if (node->next) |
965 |
|
|
conf_report_dump(node->next); |
966 |
|
|
|
967 |
|
|
if (node->v) |
968 |
|
|
LOG_DBG((LOG_REPORT, 0, "%s=\t%s", node->s, node->v)); |
969 |
|
|
else if (node->s) { |
970 |
|
|
LOG_DBG((LOG_REPORT, 0, "%s", node->s)); |
971 |
|
|
if (strlen(node->s) > 0) |
972 |
|
|
free(node->s); |
973 |
|
|
} |
974 |
|
|
free(node); |
975 |
|
|
} |
976 |
|
|
|
977 |
|
|
void |
978 |
|
|
conf_report(void) |
979 |
|
|
{ |
980 |
|
|
struct conf_binding *cb, *last = 0; |
981 |
|
|
unsigned int i; |
982 |
|
|
char *current_section = NULL; |
983 |
|
|
struct dumper *dumper, *dnode; |
984 |
|
|
|
985 |
|
|
dumper = dnode = calloc(1, sizeof *dumper); |
986 |
|
|
if (!dumper) |
987 |
|
|
goto mem_fail; |
988 |
|
|
|
989 |
|
|
LOG_DBG((LOG_REPORT, 0, "conf_report: dumping running configuration")); |
990 |
|
|
|
991 |
|
|
for (i = 0; i < sizeof conf_bindings / sizeof conf_bindings[0]; i++) |
992 |
|
|
for (cb = LIST_FIRST(&conf_bindings[i]); cb; |
993 |
|
|
cb = LIST_NEXT(cb, link)) { |
994 |
|
|
if (!cb->is_default) { |
995 |
|
|
/* Dump this entry. */ |
996 |
|
|
if (!current_section || strcmp(cb->section, |
997 |
|
|
current_section)) { |
998 |
|
|
if (current_section) { |
999 |
|
|
if (asprintf(&dnode->s, "[%s]", |
1000 |
|
|
current_section) == -1) |
1001 |
|
|
goto mem_fail; |
1002 |
|
|
dnode->next = calloc(1, |
1003 |
|
|
sizeof(struct dumper)); |
1004 |
|
|
dnode = dnode->next; |
1005 |
|
|
if (!dnode) |
1006 |
|
|
goto mem_fail; |
1007 |
|
|
|
1008 |
|
|
dnode->s = ""; |
1009 |
|
|
dnode->next = calloc(1, |
1010 |
|
|
sizeof(struct dumper)); |
1011 |
|
|
dnode = dnode->next; |
1012 |
|
|
if (!dnode) |
1013 |
|
|
goto mem_fail; |
1014 |
|
|
} |
1015 |
|
|
current_section = cb->section; |
1016 |
|
|
} |
1017 |
|
|
dnode->s = cb->tag; |
1018 |
|
|
dnode->v = cb->value; |
1019 |
|
|
dnode->next = calloc(1, sizeof(struct dumper)); |
1020 |
|
|
dnode = dnode->next; |
1021 |
|
|
if (!dnode) |
1022 |
|
|
goto mem_fail; |
1023 |
|
|
last = cb; |
1024 |
|
|
} |
1025 |
|
|
} |
1026 |
|
|
|
1027 |
|
|
if (last) |
1028 |
|
|
if (asprintf(&dnode->s, "[%s]", last->section) == -1) |
1029 |
|
|
goto mem_fail; |
1030 |
|
|
conf_report_dump(dumper); |
1031 |
|
|
|
1032 |
|
|
return; |
1033 |
|
|
|
1034 |
|
|
mem_fail: |
1035 |
|
|
log_error("conf_report: malloc/calloc failed"); |
1036 |
|
|
while ((dnode = dumper) != 0) { |
1037 |
|
|
dumper = dumper->next; |
1038 |
|
|
free(dnode->s); |
1039 |
|
|
free(dnode); |
1040 |
|
|
} |
1041 |
|
|
} |