* more details.
*
* You should have received a copy of the GNU General Public License along with
- * this program; if not, write to the Free Software Foundation, Inc., 51
- * Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+ * this program. If not, see <https://www.gnu.org/licenses/>.
*/
-
-#include "config.h"
-
#include <ctype.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
+#include <strings.h>
+
+#include "build-config.h"
+#include "cleankey.h"
#include "ll.h"
#include "log.h"
#include "onak-conf.h"
+#ifdef DBINIT
extern struct onak_dbctx *DBINIT(struct onak_db_config *dbcfg, bool readonly);
+#endif
/*
* config - Runtime configuration for onak.
.backends = NULL,
.backends_dir = NULL,
+#ifdef DBINIT
.dbinit = DBINIT,
+#else
+ .dbinit = NULL,
+#endif
- .check_sighash = true,
+ .clean_policies = ONAK_CLEAN_DROP_V3_KEYS | ONAK_CLEAN_CHECK_SIGHASH,
.bin_dir = NULL,
.mail_dir = NULL,
} else if (!strncmp("sock_dir ", line, 9)) {
config.sock_dir = strdup(&line[9]);
} else if (!strncmp("check_sighash ", line, 9)) {
- config.check_sighash = parsebool(&line[9],
- config.check_sighash);
+ if (parsebool(&line[9], config.clean_policies &
+ ONAK_CLEAN_CHECK_SIGHASH)) {
+ config.clean_policies |=
+ ONAK_CLEAN_CHECK_SIGHASH;
+ } else {
+ config.clean_policies &=
+ ~ONAK_CLEAN_CHECK_SIGHASH;
+ }
} else {
return false;
}
config.syncsites = lladd(config.syncsites,
strdup(value));
/* [verification] section */
+ } else if (MATCH("verification", "blacklist")) {
+ array_load(&config.blacklist, value);
+ } else if (MATCH("verification", "drop_v3")) {
+ if (parsebool(value, config.clean_policies &
+ ONAK_CLEAN_DROP_V3_KEYS)) {
+ config.clean_policies |=
+ ONAK_CLEAN_DROP_V3_KEYS;
+ } else {
+ config.clean_policies &=
+ ~ONAK_CLEAN_DROP_V3_KEYS;
+ }
} else if (MATCH("verification", "check_sighash")) {
- config.check_sighash = parsebool(value,
- config.check_sighash);
+ if (parsebool(value, config.clean_policies &
+ ONAK_CLEAN_CHECK_SIGHASH)) {
+ config.clean_policies |=
+ ONAK_CLEAN_CHECK_SIGHASH;
+ } else {
+ config.clean_policies &=
+ ~ONAK_CLEAN_CHECK_SIGHASH;
+ }
+ } else if (MATCH("verification", "check_packet_size")) {
+ if (parsebool(value, config.clean_policies &
+ ONAK_CLEAN_LARGE_PACKETS)) {
+ config.clean_policies |=
+ ONAK_CLEAN_LARGE_PACKETS;
+ } else {
+ config.clean_policies &=
+ ~ONAK_CLEAN_LARGE_PACKETS;
+ }
+ } else if (MATCH("verification", "require_other_sig")) {
+#if HAVE_CRYPTO
+ if (parsebool(value, config.clean_policies &
+ ONAK_CLEAN_NEED_OTHER_SIG)) {
+ config.clean_policies |=
+ ONAK_CLEAN_NEED_OTHER_SIG;
+ } else {
+ config.clean_policies &=
+ ~ONAK_CLEAN_NEED_OTHER_SIG;
+ }
+#else
+ logthing(LOGTHING_ERROR,
+ "Compiled without crypto support, "
+ "require_other_sig not available.");
+#endif
+ } else if (MATCH("verification", "update_only")) {
+ if (parsebool(value, config.clean_policies &
+ ONAK_CLEAN_UPDATE_ONLY)) {
+ config.clean_policies |=
+ ONAK_CLEAN_UPDATE_ONLY;
+ } else {
+ config.clean_policies &=
+ ~ONAK_CLEAN_UPDATE_ONLY;
+ }
+ } else if (MATCH("verification", "verify_signatures")) {
+#if HAVE_CRYPTO
+ if (parsebool(value, config.clean_policies &
+ ONAK_CLEAN_VERIFY_SIGNATURES)) {
+ config.clean_policies |=
+ ONAK_CLEAN_VERIFY_SIGNATURES;
+ } else {
+ config.clean_policies &=
+ ~ONAK_CLEAN_VERIFY_SIGNATURES;
+ }
+#else
+ logthing(LOGTHING_ERROR,
+ "Compiled without crypto support, "
+ "verify_signatures not available.");
+#endif
} else {
return false;
}
conffile = fopen(configfile, "r");
}
+ if (oldstyle) {
+ logthing(LOGTHING_CRITICAL, "Reading deprecated old-style "
+ "configuration file. This will not be "
+ "supported in the next release.");
+ }
+
if (conffile != NULL) {
if (!fgets(curline, 1023, conffile)) {
logthing(LOGTHING_CRITICAL,
}
}
+void writeconfig(const char *configfile)
+{
+ FILE *conffile;
+ struct ll *cur;
+
+ if (configfile) {
+ conffile = fopen(configfile, "w");
+ } else {
+ conffile = stdout;
+ }
+
+#define WRITE_IF_NOT_NULL(c, s) if (c != NULL) { \
+ fprintf(conffile, s "=%s\n", c); \
+}
+#define WRITE_BOOL(c, s) fprintf(conffile, s "=%s\n", s ? "true" : "false");
+
+ fprintf(conffile, "[main]\n");
+ WRITE_IF_NOT_NULL(config.backend->name, "backend");
+ WRITE_IF_NOT_NULL(config.backends_dir, "backends_dir");
+ WRITE_IF_NOT_NULL(config.logfile, "logfile");
+ fprintf(conffile, "loglevel=%d\n", getlogthreshold());
+ WRITE_BOOL(config.use_keyd, "use_keyd");
+ WRITE_IF_NOT_NULL(config.sock_dir, "sock_dir");
+ fprintf(conffile, "max_reply_keys=%d\n", config.maxkeys);
+ fprintf(conffile, "\n");
+
+ fprintf(conffile, "[verification]\n");
+ WRITE_BOOL(config.clean_policies & ONAK_CLEAN_CHECK_SIGHASH,
+ "check_sighash");
+ fprintf(conffile, "\n");
+
+ fprintf(conffile, "[mail]\n");
+ WRITE_IF_NOT_NULL(config.adminemail, "maintainer_email");
+ WRITE_IF_NOT_NULL(config.mail_dir, "mail_dir");
+ WRITE_IF_NOT_NULL(config.mta, "mta");
+ WRITE_IF_NOT_NULL(config.bin_dir, "bin_dir");
+ WRITE_IF_NOT_NULL(config.thissite, "this_site");
+
+ cur = config.syncsites;
+ while (cur != NULL) {
+ fprintf(conffile, "syncsite=%s\n", (char *) cur->object);
+ cur = cur->next;
+ }
+
+ cur = config.backends;
+ while (cur != NULL) {
+ struct onak_db_config *backend =
+ (struct onak_db_config *) cur->object;
+ fprintf(conffile, "\n[backend:%s]\n", backend->name);
+ WRITE_IF_NOT_NULL(backend->type, "type");
+ WRITE_IF_NOT_NULL(backend->location, "location");
+ WRITE_IF_NOT_NULL(backend->hostname, "hostname");
+ WRITE_IF_NOT_NULL(backend->username, "username");
+ WRITE_IF_NOT_NULL(backend->password, "password");
+ cur = cur->next;
+ }
+
+ if (configfile) {
+ fclose(conffile);
+ }
+}
+
void cleanupdbconfig(void *object)
{
struct onak_db_config *dbconfig = (struct onak_db_config *) object;
free(config.mail_dir);
config.mail_dir = NULL;
}
+ if (config.blacklist.count != 0) {
+ array_free(&config.blacklist);
+ }
}