conf.c revision 1.90
1/* $OpenBSD: conf.c,v 1.90 2006/06/10 21:09:45 msf Exp $ */ 2/* $EOM: conf.c,v 1.48 2000/12/04 02:04:29 angelos Exp $ */ 3 4/* 5 * Copyright (c) 1998, 1999, 2000, 2001 Niklas Hallqvist. All rights reserved. 6 * Copyright (c) 2000, 2001, 2002 H�kan Olsson. All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 1. Redistributions of source code must retain the above copyright 12 * notice, this list of conditions and the following disclaimer. 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 17 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 18 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 19 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 20 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 21 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 22 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 23 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 24 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 25 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 26 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 27 */ 28 29/* 30 * This code was written under funding by Ericsson Radio Systems. 31 */ 32 33#include <sys/param.h> 34#include <sys/mman.h> 35#include <sys/queue.h> 36#include <sys/socket.h> 37#include <sys/stat.h> 38#include <netinet/in.h> 39#include <arpa/inet.h> 40#include <ctype.h> 41#include <fcntl.h> 42#include <stdio.h> 43#include <stdlib.h> 44#include <string.h> 45#include <unistd.h> 46#include <errno.h> 47 48#include "app.h" 49#include "conf.h" 50#include "log.h" 51#include "monitor.h" 52#include "util.h" 53 54static char *conf_get_trans_str(int, char *, char *); 55static void conf_load_defaults(int); 56#if 0 57static int conf_find_trans_xf(int, char *); 58#endif 59 60struct conf_trans { 61 TAILQ_ENTRY(conf_trans) link; 62 int trans; 63 enum conf_op { 64 CONF_SET, CONF_REMOVE, CONF_REMOVE_SECTION 65 } op; 66 char *section; 67 char *tag; 68 char *value; 69 int override; 70 int is_default; 71}; 72 73#define CONF_SECT_MAX 256 74 75TAILQ_HEAD(conf_trans_head, conf_trans) conf_trans_queue; 76 77struct conf_binding { 78 LIST_ENTRY(conf_binding) link; 79 char *section; 80 char *tag; 81 char *value; 82 int is_default; 83}; 84 85char *conf_path = CONFIG_FILE; 86LIST_HEAD(conf_bindings, conf_binding) conf_bindings[256]; 87 88static char *conf_addr; 89static __inline__ u_int8_t 90conf_hash(char *s) 91{ 92 u_int8_t hash = 0; 93 94 while (*s) { 95 hash = ((hash << 1) | (hash >> 7)) ^ tolower(*s); 96 s++; 97 } 98 return hash; 99} 100 101/* 102 * Insert a tag-value combination from LINE (the equal sign is at POS) 103 */ 104static int 105conf_remove_now(char *section, char *tag) 106{ 107 struct conf_binding *cb, *next; 108 109 for (cb = LIST_FIRST(&conf_bindings[conf_hash(section)]); cb; 110 cb = next) { 111 next = LIST_NEXT(cb, link); 112 if (strcasecmp(cb->section, section) == 0 && 113 strcasecmp(cb->tag, tag) == 0) { 114 LIST_REMOVE(cb, link); 115 LOG_DBG((LOG_MISC, 95, "[%s]:%s->%s removed", section, 116 tag, cb->value)); 117 free(cb->section); 118 free(cb->tag); 119 free(cb->value); 120 free(cb); 121 return 0; 122 } 123 } 124 return 1; 125} 126 127static int 128conf_remove_section_now(char *section) 129{ 130 struct conf_binding *cb, *next; 131 int unseen = 1; 132 133 for (cb = LIST_FIRST(&conf_bindings[conf_hash(section)]); cb; 134 cb = next) { 135 next = LIST_NEXT(cb, link); 136 if (strcasecmp(cb->section, section) == 0) { 137 unseen = 0; 138 LIST_REMOVE(cb, link); 139 LOG_DBG((LOG_MISC, 95, "[%s]:%s->%s removed", section, 140 cb->tag, cb->value)); 141 free(cb->section); 142 free(cb->tag); 143 free(cb->value); 144 free(cb); 145 } 146 } 147 return unseen; 148} 149 150/* 151 * Insert a tag-value combination from LINE (the equal sign is at POS) 152 * into SECTION of our configuration database. 153 */ 154static int 155conf_set_now(char *section, char *tag, char *value, int override, 156 int is_default) 157{ 158 struct conf_binding *node = 0; 159 160 if (override) 161 conf_remove_now(section, tag); 162 else if (conf_get_str(section, tag)) { 163 if (!is_default) 164 log_print("conf_set_now: duplicate tag [%s]:%s, " 165 "ignoring...\n", section, tag); 166 return 1; 167 } 168 node = calloc(1, sizeof *node); 169 if (!node) { 170 log_error("conf_set_now: calloc (1, %lu) failed", 171 (unsigned long)sizeof *node); 172 return 1; 173 } 174 node->section = node->tag = node->value = NULL; 175 if ((node->section = strdup(section)) == NULL) 176 goto fail; 177 if ((node->tag = strdup(tag)) == NULL) 178 goto fail; 179 if ((node->value = strdup(value)) == NULL) 180 goto fail; 181 node->is_default = is_default; 182 183 LIST_INSERT_HEAD(&conf_bindings[conf_hash(section)], node, link); 184 LOG_DBG((LOG_MISC, 95, "conf_set_now: [%s]:%s->%s", node->section, 185 node->tag, node->value)); 186 return 0; 187fail: 188 if (node->value) { 189 free(node->value); 190 node->value = NULL; 191 } 192 if (node->tag) { 193 free(node->tag); 194 node->tag = NULL; 195 } 196 if (node->section) { 197 free(node->section); 198 node->section = NULL; 199 } 200 return 1; 201} 202 203/* 204 * Parse the line LINE of SZ bytes. Skip Comments, recognize section 205 * headers and feed tag-value pairs into our configuration database. 206 */ 207static void 208conf_parse_line(int trans, char *line, int ln, size_t sz) 209{ 210 char *val; 211 size_t i; 212 int j; 213 static char *section = 0; 214 215 /* Lines starting with '#' or ';' are comments. */ 216 if (*line == '#' || *line == ';') 217 return; 218 219 /* '[section]' parsing... */ 220 if (*line == '[') { 221 for (i = 1; i < sz; i++) 222 if (line[i] == ']') 223 break; 224 if (section) 225 free(section); 226 if (i == sz) { 227 log_print("conf_parse_line: %d:" 228 "unmatched ']', ignoring until next section", ln); 229 section = 0; 230 return; 231 } 232 section = malloc(i); 233 if (!section) { 234 log_print("conf_parse_line: %d: malloc (%lu) failed", 235 ln, (unsigned long)i); 236 return; 237 } 238 strlcpy(section, line + 1, i); 239 return; 240 } 241 /* Deal with assignments. */ 242 for (i = 0; i < sz; i++) 243 if (line[i] == '=') { 244 /* If no section, we are ignoring the lines. */ 245 if (!section) { 246 log_print("conf_parse_line: %d: ignoring line " 247 "due to no section", ln); 248 return; 249 } 250 line[strcspn(line, " \t=")] = '\0'; 251 val = line + i + 1 + strspn(line + i + 1, " \t"); 252 /* Skip trailing whitespace, if any */ 253 for (j = sz - (val - line) - 1; j > 0 && 254 isspace(val[j]); j--) 255 val[j] = '\0'; 256 /* XXX Perhaps should we not ignore errors? */ 257 conf_set(trans, section, line, val, 0, 0); 258 return; 259 } 260 /* Other non-empty lines are weird. */ 261 i = strspn(line, " \t"); 262 if (line[i]) 263 log_print("conf_parse_line: %d: syntax error", ln); 264} 265 266/* Parse the mapped configuration file. */ 267static void 268conf_parse(int trans, char *buf, size_t sz) 269{ 270 char *cp = buf; 271 char *bufend = buf + sz; 272 char *line; 273 int ln = 1; 274 275 line = cp; 276 while (cp < bufend) { 277 if (*cp == '\n') { 278 /* Check for escaped newlines. */ 279 if (cp > buf && *(cp - 1) == '\\') 280 *(cp - 1) = *cp = ' '; 281 else { 282 *cp = '\0'; 283 conf_parse_line(trans, line, ln, cp - line); 284 line = cp + 1; 285 } 286 ln++; 287 } 288 cp++; 289 } 290 if (cp != line) 291 log_print("conf_parse: last line unterminated, ignored."); 292} 293 294/* 295 * Auto-generate default configuration values for the transforms and 296 * suites the user wants. 297 * 298 * Resulting section names can be: 299 * For main mode: 300 * {DES,BLF,3DES,CAST,AES}-{MD5,SHA,SHA2-{256,384,512}}[-GRP{1,2,5,14,15}] \ 301 * [-{DSS,RSA_SIG}] 302 * For quick mode: 303 * QM-{proto}[-TRP]-{cipher}[-{hash}][-PFS[-{group}]]-SUITE 304 * where 305 * {proto} = ESP, AH 306 * {cipher} = DES, 3DES, CAST, BLF, AES, AESCTR 307 * {hash} = MD5, SHA, RIPEMD, SHA2-{256,384,512} 308 * {group} = GRP1, GRP2, GRP5, GRP14, GRP15 309 * 310 * DH group defaults to MODP_1024. 311 * 312 * XXX We may want to support USE_TRIPLEDES, etc... 313 * XXX No EC2N DH support here yet. 314 */ 315 316/* Find the value for a section+tag in the transaction list. */ 317static char * 318conf_get_trans_str(int trans, char *section, char *tag) 319{ 320 struct conf_trans *node, *nf = 0; 321 322 for (node = TAILQ_FIRST(&conf_trans_queue); node; 323 node = TAILQ_NEXT(node, link)) 324 if (node->trans == trans && strcasecmp(section, node->section) 325 == 0 && strcasecmp(tag, node->tag) == 0) { 326 if (!nf) 327 nf = node; 328 else if (node->override) 329 nf = node; 330 } 331 return nf ? nf->value : 0; 332} 333 334#if 0 335/* XXX Currently unused. */ 336static int 337conf_find_trans_xf(int phase, char *xf) 338{ 339 struct conf_trans *node; 340 char *p; 341 342 /* Find the relevant transforms and suites, if any. */ 343 for (node = TAILQ_FIRST(&conf_trans_queue); node; 344 node = TAILQ_NEXT(node, link)) 345 if ((phase == 1 && strcmp("Transforms", node->tag) == 0) || 346 (phase == 2 && strcmp("Suites", node->tag) == 0)) { 347 p = node->value; 348 while ((p = strstr(p, xf)) != NULL) 349 if (*(p + strlen(p)) && 350 *(p + strlen(p)) != ',') 351 p += strlen(p); 352 else 353 return 1; 354 } 355 return 0; 356} 357#endif 358 359static void 360conf_load_defaults_mm(int tr, char *mme, char *mmh, char *mma, char *dhg, 361 char *mme_p, char *mma_p, char *dhg_p, char *mmh_p) 362{ 363 char sect[CONF_SECT_MAX]; 364 365 snprintf(sect, sizeof sect, "%s%s%s%s", mme_p, mmh_p, dhg_p, mma_p); 366 367 LOG_DBG((LOG_MISC, 95, "conf_load_defaults_mm: main mode %s", sect)); 368 369 conf_set(tr, sect, "ENCRYPTION_ALGORITHM", mme, 0, 1); 370 if (strcmp(mme, "BLOWFISH_CBC") == 0) 371 conf_set(tr, sect, "KEY_LENGTH", CONF_DFLT_VAL_BLF_KEYLEN, 0, 372 1); 373 else if (strcmp(mme, "AES_CBC") == 0) 374 conf_set(tr, sect, "KEY_LENGTH", CONF_DFLT_VAL_AES_KEYLEN, 0, 375 1); 376 377 conf_set(tr, sect, "HASH_ALGORITHM", mmh, 0, 1); 378 conf_set(tr, sect, "AUTHENTICATION_METHOD", mma, 0, 1); 379 conf_set(tr, sect, "GROUP_DESCRIPTION", dhg, 0, 1); 380 conf_set(tr, sect, "Life", CONF_DFLT_TAG_LIFE_MAIN_MODE, 0, 1); 381} 382 383static void 384conf_load_defaults_qm(int tr, char *qme, char *qmh, char *dhg, char *qme_p, 385 char *qmh_p, char *dhg_p, int proto, int mode, int pfs) 386{ 387 char sect[CONF_SECT_MAX], tmp[CONF_SECT_MAX]; 388 389 /* Helper #defines, incl abbreviations. */ 390#define PROTO(x) ((x) ? "AH" : "ESP") 391#define PFS(x) ((x) ? "-PFS" : "") 392#define MODE(x) ((x) ? "TRANSPORT" : "TUNNEL") 393#define MODE_p(x) ((x) ? "-TRP" : "") 394 395 if (proto == 1 && strcmp(qmh, "NONE") == 0) /* AH */ 396 return; 397 398 snprintf(tmp, sizeof tmp, "QM-%s%s%s%s%s%s", PROTO(proto), 399 MODE_p(mode), qme_p, qmh_p, PFS(pfs), dhg_p); 400 401 strlcpy(sect, tmp, CONF_SECT_MAX); 402 strlcat(sect, "-SUITE", CONF_SECT_MAX); 403 404 LOG_DBG((LOG_MISC, 95, "conf_load_defaults_qm: quick mode %s", sect)); 405 406 conf_set(tr, sect, "Protocols", tmp, 0, 1); 407 snprintf(sect, sizeof sect, "IPSEC_%s", PROTO(proto)); 408 conf_set(tr, tmp, "PROTOCOL_ID", sect, 0, 1); 409 strlcpy(sect, tmp, CONF_SECT_MAX); 410 strlcat(sect, "-XF", CONF_SECT_MAX); 411 conf_set(tr, tmp, "Transforms", sect, 0, 1); 412 413 /* 414 * XXX For now, defaults 415 * contain one xf per protocol. 416 */ 417 conf_set(tr, sect, "TRANSFORM_ID", qme, 0, 1); 418 if (strcmp(qme ,"BLOWFISH") == 0) 419 conf_set(tr, sect, "KEY_LENGTH", CONF_DFLT_VAL_BLF_KEYLEN, 0, 420 1); 421 else if (strcmp(qme ,"AES") == 0) 422 conf_set(tr, sect, "KEY_LENGTH", CONF_DFLT_VAL_AES_KEYLEN, 0, 423 1); 424 conf_set(tr, sect, "ENCAPSULATION_MODE", MODE(mode), 0, 1); 425 if (strcmp(qmh, "NONE")) { 426 conf_set(tr, sect, "AUTHENTICATION_ALGORITHM", qmh, 0, 1); 427 428 /* XXX Another shortcut to keep length down */ 429 if (pfs) 430 conf_set(tr, sect, "GROUP_DESCRIPTION", dhg, 0, 1); 431 } 432 433 /* XXX Lifetimes depending on enc/auth strength? */ 434 conf_set(tr, sect, "Life", CONF_DFLT_TAG_LIFE_QUICK_MODE, 0, 1); 435} 436 437static void 438conf_load_defaults(int tr) 439{ 440 int enc, auth, hash, group, proto, mode, pfs; 441 char *dflt; 442 443 char *mm_auth[] = {"PRE_SHARED", "DSS", "RSA_SIG", 0}; 444 char *mm_auth_p[] = {"", "-DSS", "-RSA_SIG", 0}; 445 char *mm_hash[] = {"MD5", "SHA", "SHA2_256", "SHA2_384", "SHA2_512", 446 0}; 447 char *mm_hash_p[] = {"-MD5", "-SHA", "-SHA2-256", "-SHA2-384", 448 "-SHA2-512", "", 0 }; 449 char *mm_enc[] = {"DES_CBC", "BLOWFISH_CBC", "3DES_CBC", "CAST_CBC", 450 "AES_CBC", 0}; 451 char *mm_enc_p[] = {"DES", "BLF", "3DES", "CAST", "AES", 0}; 452 char *dhgroup[] = {"MODP_1024", "MODP_768", "MODP_1024", 453 "MODP_1536", "MODP_2048", "MODP_3072", 0}; 454 char *dhgroup_p[] = {"", "-GRP1", "-GRP2", "-GRP5", "-GRP14", 455 "-GRP15", 0}; 456 char *qm_enc[] = {"DES", "3DES", "CAST", "BLOWFISH", "AES", 457 "AES_128_CTR", 0}; 458 char *qm_enc_p[] = {"-DES", "-3DES", "-CAST", "-BLF", "-AES", 459 "-AESCTR", 0}; 460 char *qm_hash[] = {"HMAC_MD5", "HMAC_SHA", "HMAC_RIPEMD", 461 "HMAC_SHA2_256", "HMAC_SHA2_384", "HMAC_SHA2_512", "NONE", 462 0}; 463 char *qm_hash_p[] = {"-MD5", "-SHA", "-RIPEMD", "-SHA2-256", 464 "-SHA2-384", "-SHA2-512", "", 0}; 465 466 /* General and X509 defaults */ 467 conf_set(tr, "General", "Retransmits", CONF_DFLT_RETRANSMITS, 0, 1); 468 conf_set(tr, "General", "Exchange-max-time", CONF_DFLT_EXCH_MAX_TIME, 469 0, 1); 470 conf_set(tr, "General", "Use-Keynote", CONF_DFLT_USE_KEYNOTE, 0, 1); 471 conf_set(tr, "General", "Policy-file", CONF_DFLT_POLICY_FILE, 0, 1); 472 conf_set(tr, "General", "Pubkey-directory", CONF_DFLT_PUBKEY_DIR, 0, 473 1); 474 475 conf_set(tr, "X509-certificates", "CA-directory", 476 CONF_DFLT_X509_CA_DIR, 0, 1); 477 conf_set(tr, "X509-certificates", "Cert-directory", 478 CONF_DFLT_X509_CERT_DIR, 0, 1); 479 conf_set(tr, "X509-certificates", "Private-key", 480 CONF_DFLT_X509_PRIVATE_KEY, 0, 1); 481 conf_set(tr, "X509-certificates", "Private-key-directory", 482 CONF_DFLT_X509_PRIVATE_KEY_DIR, 0, 1); 483 conf_set(tr, "X509-certificates", "CRL-directory", 484 CONF_DFLT_X509_CRL_DIR, 0, 1); 485 486 conf_set(tr, "KeyNote", "Credential-directory", 487 CONF_DFLT_KEYNOTE_CRED_DIR, 0, 1); 488 489 /* Lifetimes. XXX p1/p2 vs main/quick mode may be unclear. */ 490 dflt = conf_get_trans_str(tr, "General", "Default-phase-1-lifetime"); 491 conf_set(tr, CONF_DFLT_TAG_LIFE_MAIN_MODE, "LIFE_TYPE", 492 CONF_DFLT_TYPE_LIFE_MAIN_MODE, 0, 1); 493 conf_set(tr, CONF_DFLT_TAG_LIFE_MAIN_MODE, "LIFE_DURATION", 494 (dflt ? dflt : CONF_DFLT_VAL_LIFE_MAIN_MODE), 0, 1); 495 496 dflt = conf_get_trans_str(tr, "General", "Default-phase-2-lifetime"); 497 conf_set(tr, CONF_DFLT_TAG_LIFE_QUICK_MODE, "LIFE_TYPE", 498 CONF_DFLT_TYPE_LIFE_QUICK_MODE, 0, 1); 499 conf_set(tr, CONF_DFLT_TAG_LIFE_QUICK_MODE, "LIFE_DURATION", 500 (dflt ? dflt : CONF_DFLT_VAL_LIFE_QUICK_MODE), 0, 1); 501 502 /* Default Phase-1 Configuration section */ 503 conf_set(tr, CONF_DFLT_TAG_PHASE1_CONFIG, "EXCHANGE_TYPE", 504 CONF_DFLT_PHASE1_EXCH_TYPE, 0, 1); 505 conf_set(tr, CONF_DFLT_TAG_PHASE1_CONFIG, "Transforms", 506 CONF_DFLT_PHASE1_TRANSFORMS, 0, 1); 507 508 /* Main modes */ 509 for (enc = 0; mm_enc[enc]; enc++) 510 for (hash = 0; mm_hash[hash]; hash++) 511 for (auth = 0; mm_auth[auth]; auth++) 512 for (group = 0; dhgroup_p[group]; group++) 513 conf_load_defaults_mm (tr, mm_enc[enc], 514 mm_hash[hash], mm_auth[auth], 515 dhgroup[group], mm_enc_p[enc], 516 mm_auth_p[auth], dhgroup_p[group], 517 mm_hash_p[hash]); 518 519 /* Setup a default Phase 1 entry */ 520 conf_set(tr, "Phase 1", "Default", "Default-phase-1", 0, 1); 521 conf_set(tr, "Default-phase-1", "Phase", "1", 0, 1); 522 conf_set(tr, "Default-phase-1", "Configuration", 523 "Default-phase-1-configuration", 0, 1); 524 dflt = conf_get_trans_str(tr, "General", "Default-phase-1-ID"); 525 if (dflt) 526 conf_set(tr, "Default-phase-1", "ID", dflt, 0, 1); 527 528 /* Quick modes */ 529 for (enc = 0; qm_enc[enc]; enc++) 530 for (proto = 0; proto < 2; proto++) 531 for (mode = 0; mode < 2; mode++) 532 for (pfs = 0; pfs < 2; pfs++) 533 for (hash = 0; qm_hash[hash]; hash++) 534 for (group = 0; 535 dhgroup_p[group]; group++) 536 conf_load_defaults_qm( 537 tr, qm_enc[enc], 538 qm_hash[hash], 539 dhgroup[group], 540 qm_enc_p[enc], 541 qm_hash_p[hash], 542 dhgroup_p[group], 543 proto, mode, pfs); 544} 545 546void 547conf_init(void) 548{ 549 unsigned int i; 550 551 for (i = 0; i < sizeof conf_bindings / sizeof conf_bindings[0]; i++) 552 LIST_INIT(&conf_bindings[i]); 553 TAILQ_INIT(&conf_trans_queue); 554 conf_reinit(); 555} 556 557/* Open the config file and map it into our address space, then parse it. */ 558void 559conf_reinit(void) 560{ 561 struct conf_binding *cb = 0; 562 int fd, trans; 563 unsigned int i; 564 size_t sz; 565 char *new_conf_addr = 0; 566 567 fd = monitor_open(conf_path, O_RDONLY, 0); 568 if (fd == -1 || check_file_secrecy_fd(fd, conf_path, &sz) == -1) { 569 if (fd == -1 && errno != ENOENT) 570 log_error("conf_reinit: open(\"%s\", O_RDONLY, 0) " 571 "failed", conf_path); 572 if (fd != -1) 573 close(fd); 574 575 trans = conf_begin(); 576 } else { 577 new_conf_addr = malloc(sz); 578 if (!new_conf_addr) { 579 log_error("conf_reinit: malloc (%lu) failed", 580 (unsigned long)sz); 581 goto fail; 582 } 583 /* XXX I assume short reads won't happen here. */ 584 if (read(fd, new_conf_addr, sz) != (int)sz) { 585 log_error("conf_reinit: read (%d, %p, %lu) failed", 586 fd, new_conf_addr, (unsigned long)sz); 587 goto fail; 588 } 589 close(fd); 590 591 trans = conf_begin(); 592 593 /* XXX Should we not care about errors and rollback? */ 594 conf_parse(trans, new_conf_addr, sz); 595 } 596 597 /* Load default configuration values. */ 598 conf_load_defaults(trans); 599 600 /* Free potential existing configuration. */ 601 if (conf_addr) { 602 for (i = 0; i < sizeof conf_bindings / sizeof conf_bindings[0]; 603 i++) 604 for (cb = LIST_FIRST(&conf_bindings[i]); cb; 605 cb = LIST_FIRST(&conf_bindings[i])) 606 conf_remove_now(cb->section, cb->tag); 607 free(conf_addr); 608 } 609 conf_end(trans, 1); 610 conf_addr = new_conf_addr; 611 return; 612 613fail: 614 if (new_conf_addr) 615 free(new_conf_addr); 616 close(fd); 617} 618 619/* 620 * Return the numeric value denoted by TAG in section SECTION or DEF 621 * if that tag does not exist. 622 */ 623int 624conf_get_num(char *section, char *tag, int def) 625{ 626 char *value = conf_get_str(section, tag); 627 628 if (value) 629 return atoi(value); 630 return def; 631} 632 633/* 634 * Return the socket endpoint address denoted by TAG in SECTION as a 635 * struct sockaddr. It is the callers responsibility to deallocate 636 * this structure when it is finished with it. 637 */ 638struct sockaddr * 639conf_get_address(char *section, char *tag) 640{ 641 char *value = conf_get_str(section, tag); 642 struct sockaddr *sa; 643 644 if (!value) 645 return 0; 646 if (text2sockaddr(value, 0, &sa, 0, 0) == -1) 647 return 0; 648 return sa; 649} 650 651/* Validate X according to the range denoted by TAG in section SECTION. */ 652int 653conf_match_num(char *section, char *tag, int x) 654{ 655 char *value = conf_get_str(section, tag); 656 int val, min, max, n; 657 658 if (!value) 659 return 0; 660 n = sscanf(value, "%d,%d:%d", &val, &min, &max); 661 switch (n) { 662 case 1: 663 LOG_DBG((LOG_MISC, 95, "conf_match_num: %s:%s %d==%d?", 664 section, tag, val, x)); 665 return x == val; 666 case 3: 667 LOG_DBG((LOG_MISC, 95, "conf_match_num: %s:%s %d<=%d<=%d?", 668 section, tag, min, x, max)); 669 return min <= x && max >= x; 670 default: 671 log_error("conf_match_num: section %s tag %s: invalid number " 672 "spec %s", section, tag, value); 673 } 674 return 0; 675} 676 677/* Return the string value denoted by TAG in section SECTION. */ 678char * 679conf_get_str(char *section, char *tag) 680{ 681 struct conf_binding *cb; 682 683 for (cb = LIST_FIRST(&conf_bindings[conf_hash(section)]); cb; 684 cb = LIST_NEXT(cb, link)) 685 if (strcasecmp(section, cb->section) == 0 && 686 strcasecmp(tag, cb->tag) == 0) { 687 LOG_DBG((LOG_MISC, 95, "conf_get_str: [%s]:%s->%s", 688 section, tag, cb->value)); 689 return cb->value; 690 } 691 LOG_DBG((LOG_MISC, 95, 692 "conf_get_str: configuration value not found [%s]:%s", section, 693 tag)); 694 return 0; 695} 696 697/* 698 * Build a list of string values out of the comma separated value denoted by 699 * TAG in SECTION. 700 */ 701struct conf_list * 702conf_get_list(char *section, char *tag) 703{ 704 char *liststr = 0, *p, *field, *t; 705 struct conf_list *list = 0; 706 struct conf_list_node *node = 0; 707 708 list = malloc(sizeof *list); 709 if (!list) 710 goto cleanup; 711 TAILQ_INIT(&list->fields); 712 list->cnt = 0; 713 liststr = conf_get_str(section, tag); 714 if (!liststr) 715 goto cleanup; 716 liststr = strdup(liststr); 717 if (!liststr) 718 goto cleanup; 719 p = liststr; 720 while ((field = strsep(&p, ",")) != NULL) { 721 /* Skip leading whitespace */ 722 while (isspace(*field)) 723 field++; 724 /* Skip trailing whitespace */ 725 if (p) 726 for (t = p - 1; t > field && isspace(*t); t--) 727 *t = '\0'; 728 if (*field == '\0') { 729 log_print("conf_get_list: empty field, ignoring..."); 730 continue; 731 } 732 list->cnt++; 733 node = calloc(1, sizeof *node); 734 if (!node) 735 goto cleanup; 736 node->field = strdup(field); 737 if (!node->field) 738 goto cleanup; 739 TAILQ_INSERT_TAIL(&list->fields, node, link); 740 } 741 free(liststr); 742 return list; 743 744cleanup: 745 if (node) 746 free(node); 747 if (list) 748 conf_free_list(list); 749 if (liststr) 750 free(liststr); 751 return 0; 752} 753 754struct conf_list * 755conf_get_tag_list(char *section) 756{ 757 struct conf_list *list = 0; 758 struct conf_list_node *node = 0; 759 struct conf_binding *cb; 760 761 list = malloc(sizeof *list); 762 if (!list) 763 goto cleanup; 764 TAILQ_INIT(&list->fields); 765 list->cnt = 0; 766 for (cb = LIST_FIRST(&conf_bindings[conf_hash(section)]); cb; 767 cb = LIST_NEXT(cb, link)) 768 if (strcasecmp(section, cb->section) == 0) { 769 list->cnt++; 770 node = calloc(1, sizeof *node); 771 if (!node) 772 goto cleanup; 773 node->field = strdup(cb->tag); 774 if (!node->field) 775 goto cleanup; 776 TAILQ_INSERT_TAIL(&list->fields, node, link); 777 } 778 return list; 779 780cleanup: 781 if (node) 782 free(node); 783 if (list) 784 conf_free_list(list); 785 return 0; 786} 787 788void 789conf_free_list(struct conf_list *list) 790{ 791 struct conf_list_node *node = TAILQ_FIRST(&list->fields); 792 793 while (node) { 794 TAILQ_REMOVE(&list->fields, node, link); 795 if (node->field) 796 free(node->field); 797 free(node); 798 node = TAILQ_FIRST(&list->fields); 799 } 800 free(list); 801} 802 803int 804conf_begin(void) 805{ 806 static int seq = 0; 807 808 return ++seq; 809} 810 811static struct conf_trans * 812conf_trans_node(int transaction, enum conf_op op) 813{ 814 struct conf_trans *node; 815 816 node = calloc(1, sizeof *node); 817 if (!node) { 818 log_error("conf_trans_node: calloc (1, %lu) failed", 819 (unsigned long)sizeof *node); 820 return 0; 821 } 822 node->trans = transaction; 823 node->op = op; 824 TAILQ_INSERT_TAIL(&conf_trans_queue, node, link); 825 return node; 826} 827 828/* Queue a set operation. */ 829int 830conf_set(int transaction, char *section, char *tag, char *value, int override, 831 int is_default) 832{ 833 struct conf_trans *node; 834 835 node = conf_trans_node(transaction, CONF_SET); 836 if (!node) 837 return 1; 838 node->section = strdup(section); 839 if (!node->section) { 840 log_error("conf_set: strdup (\"%s\") failed", section); 841 goto fail; 842 } 843 node->tag = strdup(tag); 844 if (!node->tag) { 845 log_error("conf_set: strdup (\"%s\") failed", tag); 846 goto fail; 847 } 848 node->value = strdup(value); 849 if (!node->value) { 850 log_error("conf_set: strdup (\"%s\") failed", value); 851 goto fail; 852 } 853 node->override = override; 854 node->is_default = is_default; 855 return 0; 856 857fail: 858 if (node->tag) 859 free(node->tag); 860 if (node->section) 861 free(node->section); 862 if (node) 863 free(node); 864 return 1; 865} 866 867/* Queue a remove operation. */ 868int 869conf_remove(int transaction, char *section, char *tag) 870{ 871 struct conf_trans *node; 872 873 node = conf_trans_node(transaction, CONF_REMOVE); 874 if (!node) 875 goto fail; 876 node->section = strdup(section); 877 if (!node->section) { 878 log_error("conf_remove: strdup (\"%s\") failed", section); 879 goto fail; 880 } 881 node->tag = strdup(tag); 882 if (!node->tag) { 883 log_error("conf_remove: strdup (\"%s\") failed", tag); 884 goto fail; 885 } 886 return 0; 887 888fail: 889 if (node->section) 890 free(node->section); 891 if (node) 892 free(node); 893 return 1; 894} 895 896/* Queue a remove section operation. */ 897int 898conf_remove_section(int transaction, char *section) 899{ 900 struct conf_trans *node; 901 902 node = conf_trans_node(transaction, CONF_REMOVE_SECTION); 903 if (!node) 904 goto fail; 905 node->section = strdup(section); 906 if (!node->section) { 907 log_error("conf_remove_section: strdup (\"%s\") failed", 908 section); 909 goto fail; 910 } 911 return 0; 912 913fail: 914 if (node) 915 free(node); 916 return 1; 917} 918 919/* Execute all queued operations for this transaction. Cleanup. */ 920int 921conf_end(int transaction, int commit) 922{ 923 struct conf_trans *node, *next; 924 925 for (node = TAILQ_FIRST(&conf_trans_queue); node; node = next) { 926 next = TAILQ_NEXT(node, link); 927 if (node->trans == transaction) { 928 if (commit) 929 switch (node->op) { 930 case CONF_SET: 931 conf_set_now(node->section, node->tag, 932 node->value, node->override, 933 node->is_default); 934 break; 935 case CONF_REMOVE: 936 conf_remove_now(node->section, 937 node->tag); 938 break; 939 case CONF_REMOVE_SECTION: 940 conf_remove_section_now(node->section); 941 break; 942 default: 943 log_print("conf_end: unknown " 944 "operation: %d", node->op); 945 } 946 TAILQ_REMOVE(&conf_trans_queue, node, link); 947 if (node->section) 948 free(node->section); 949 if (node->tag) 950 free(node->tag); 951 if (node->value) 952 free(node->value); 953 free(node); 954 } 955 } 956 return 0; 957} 958 959/* 960 * Dump running configuration upon SIGUSR1. 961 * Configuration is "stored in reverse order", so reverse it again. 962 */ 963struct dumper { 964 char *s, *v; 965 struct dumper *next; 966}; 967 968static void 969conf_report_dump(struct dumper *node) 970{ 971 /* Recursive, cleanup when we're done. */ 972 973 if (node->next) 974 conf_report_dump(node->next); 975 976 if (node->v) 977 LOG_DBG((LOG_REPORT, 0, "%s=\t%s", node->s, node->v)); 978 else if (node->s) { 979 LOG_DBG((LOG_REPORT, 0, "%s", node->s)); 980 if (strlen(node->s) > 0) 981 free(node->s); 982 } 983 free(node); 984} 985 986void 987conf_report(void) 988{ 989 struct conf_binding *cb, *last = 0; 990 unsigned int i; 991 char *current_section = (char *)0; 992 struct dumper *dumper, *dnode; 993 994 dumper = dnode = (struct dumper *)calloc(1, sizeof *dumper); 995 if (!dumper) 996 goto mem_fail; 997 998 LOG_DBG((LOG_REPORT, 0, "conf_report: dumping running configuration")); 999 1000 for (i = 0; i < sizeof conf_bindings / sizeof conf_bindings[0]; i++) 1001 for (cb = LIST_FIRST(&conf_bindings[i]); cb; 1002 cb = LIST_NEXT(cb, link)) { 1003 if (!cb->is_default) { 1004 /* Dump this entry. */ 1005 if (!current_section || strcmp(cb->section, 1006 current_section)) { 1007 if (current_section) { 1008 if (asprintf(&dnode->s, "[%s]", 1009 current_section) == -1) 1010 goto mem_fail; 1011 dnode->next = (struct dumper *) 1012 calloc(1, 1013 sizeof(struct dumper)); 1014 dnode = dnode->next; 1015 if (!dnode) 1016 goto mem_fail; 1017 1018 dnode->s = ""; 1019 dnode->next = (struct dumper *) 1020 calloc(1, 1021 sizeof(struct dumper)); 1022 dnode = dnode->next; 1023 if (!dnode) 1024 goto mem_fail; 1025 } 1026 current_section = cb->section; 1027 } 1028 dnode->s = cb->tag; 1029 dnode->v = cb->value; 1030 dnode->next = (struct dumper *) 1031 calloc(1, sizeof(struct dumper)); 1032 dnode = dnode->next; 1033 if (!dnode) 1034 goto mem_fail; 1035 last = cb; 1036 } 1037 } 1038 1039 if (last) 1040 if (asprintf(&dnode->s, "[%s]", last->section) == -1) 1041 goto mem_fail; 1042 conf_report_dump(dumper); 1043 1044 return; 1045 1046mem_fail: 1047 log_error("conf_report: malloc/calloc failed"); 1048 while ((dnode = dumper) != 0) { 1049 dumper = dumper->next; 1050 if (dnode->s) 1051 free(dnode->s); 1052 free(dnode); 1053 } 1054} 1055