]> the.earth.li Git - onak.git/blobdiff - onak-conf.c
projects / onak.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Remove --with-systemd option to dh
[onak.git] / onak-conf.c
diff --git a/onak-conf.c b/onak-conf.c
index 5b84e5acdac9e271a1cae7733f75015b9aa9a2c5..6d67a74610c81b06f1677badca51a10e1f1a7378 100644 (file)
--- a/onak-conf.c
+++ b/onak-conf.c
@@ -13,23 +13,24 @@
  * more details.
  *
  * You should have received a copy of the GNU General Public License along with
- * this program; if not, write to the Free Software Foundation, Inc., 51
- * Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+ * this program.  If not, see <https://www.gnu.org/licenses/>.
  */
-
-#include "config.h"
-
 #include <ctype.h>
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
 #include <strings.h>
 
+#include "build-config.h"
+
+#include "cleankey.h"
 #include "ll.h"
 #include "log.h"
 #include "onak-conf.h"
 
+#ifdef DBINIT
 extern struct onak_dbctx *DBINIT(struct onak_db_config *dbcfg, bool readonly);
+#endif
 
 /*
  *     config - Runtime configuration for onak.
@@ -51,9 +52,13 @@ struct onak_config config = {
        .backends = NULL,
        .backends_dir = NULL,
 
+#ifdef DBINIT
        .dbinit = DBINIT,
+#else
+       .dbinit = NULL,
+#endif
 
-       .check_sighash = true,
+       .clean_policies = ONAK_CLEAN_DROP_V3_KEYS | ONAK_CLEAN_CHECK_SIGHASH,
 
        .bin_dir = NULL,
        .mail_dir = NULL,
@@ -170,8 +175,14 @@ static bool parseoldconfigline(char *line)
        } else if (!strncmp("sock_dir ", line, 9)) {
                config.sock_dir = strdup(&line[9]);
        } else if (!strncmp("check_sighash ", line, 9)) {
-               config.check_sighash = parsebool(&line[9],
-                                       config.check_sighash);
+               if (parsebool(&line[9], config.clean_policies &
+                                       ONAK_CLEAN_CHECK_SIGHASH)) {
+                       config.clean_policies |=
+                               ONAK_CLEAN_CHECK_SIGHASH;
+               } else {
+                       config.clean_policies &=
+                               ~ONAK_CLEAN_CHECK_SIGHASH;
+               }
        } else {
                return false;
        }
@@ -273,9 +284,74 @@ static bool parseconfigline(char *line)
                        config.syncsites = lladd(config.syncsites,
                                strdup(value));
                /* [verification] section */
+               } else if (MATCH("verification", "blacklist")) {
+                       array_load(&config.blacklist, value);
+               } else if (MATCH("verification", "drop_v3")) {
+                       if (parsebool(value, config.clean_policies &
+                                       ONAK_CLEAN_DROP_V3_KEYS)) {
+                               config.clean_policies |=
+                                       ONAK_CLEAN_DROP_V3_KEYS;
+                       } else {
+                               config.clean_policies &=
+                                       ~ONAK_CLEAN_DROP_V3_KEYS;
+                       }
                } else if (MATCH("verification", "check_sighash")) {
-                       config.check_sighash = parsebool(value,
-                                       config.check_sighash);
+                       if (parsebool(value, config.clean_policies &
+                                       ONAK_CLEAN_CHECK_SIGHASH)) {
+                               config.clean_policies |=
+                                       ONAK_CLEAN_CHECK_SIGHASH;
+                       } else {
+                               config.clean_policies &=
+                                       ~ONAK_CLEAN_CHECK_SIGHASH;
+                       }
+               } else if (MATCH("verification", "check_packet_size")) {
+                       if (parsebool(value, config.clean_policies &
+                                       ONAK_CLEAN_LARGE_PACKETS)) {
+                               config.clean_policies |=
+                                       ONAK_CLEAN_LARGE_PACKETS;
+                       } else {
+                               config.clean_policies &=
+                                       ~ONAK_CLEAN_LARGE_PACKETS;
+                       }
+               } else if (MATCH("verification", "require_other_sig")) {
+#if HAVE_CRYPTO
+                       if (parsebool(value, config.clean_policies &
+                                       ONAK_CLEAN_NEED_OTHER_SIG)) {
+                               config.clean_policies |=
+                                       ONAK_CLEAN_NEED_OTHER_SIG;
+                       } else {
+                               config.clean_policies &=
+                                       ~ONAK_CLEAN_NEED_OTHER_SIG;
+                       }
+#else
+                       logthing(LOGTHING_ERROR,
+                                       "Compiled without crypto support, "
+                                       "require_other_sig not available.");
+#endif
+               } else if (MATCH("verification", "update_only")) {
+                       if (parsebool(value, config.clean_policies &
+                                       ONAK_CLEAN_UPDATE_ONLY)) {
+                               config.clean_policies |=
+                                       ONAK_CLEAN_UPDATE_ONLY;
+                       } else {
+                               config.clean_policies &=
+                                       ~ONAK_CLEAN_UPDATE_ONLY;
+                       }
+               } else if (MATCH("verification", "verify_signatures")) {
+#if HAVE_CRYPTO
+                       if (parsebool(value, config.clean_policies &
+                                       ONAK_CLEAN_VERIFY_SIGNATURES)) {
+                               config.clean_policies |=
+                                       ONAK_CLEAN_VERIFY_SIGNATURES;
+                       } else {
+                               config.clean_policies &=
+                                       ~ONAK_CLEAN_VERIFY_SIGNATURES;
+                       }
+#else
+                       logthing(LOGTHING_ERROR,
+                                       "Compiled without crypto support, "
+                                       "verify_signatures not available.");
+#endif
                } else {
                        return false;
                }
@@ -356,6 +432,12 @@ void readconfig(const char *configfile) {
                conffile = fopen(configfile, "r");
        }
 
+       if (oldstyle) {
+               logthing(LOGTHING_CRITICAL, "Reading deprecated old-style "
+                               "configuration file. This will not be "
+                               "supported in the next release.");
+       }
+
        if (conffile != NULL) {
                if (!fgets(curline, 1023, conffile)) {
                        logthing(LOGTHING_CRITICAL,
@@ -449,7 +531,8 @@ void writeconfig(const char *configfile)
        fprintf(conffile, "\n");
 
        fprintf(conffile, "[verification]\n");
-       WRITE_BOOL(config.check_sighash, "check_sighash");
+       WRITE_BOOL(config.clean_policies & ONAK_CLEAN_CHECK_SIGHASH,
+                       "check_sighash");
        fprintf(conffile, "\n");
 
        fprintf(conffile, "[mail]\n");
@@ -560,4 +643,7 @@ void cleanupconfig(void) {
                free(config.mail_dir);
                config.mail_dir = NULL;
        }
+       if (config.blacklist.count != 0) {
+               array_free(&config.blacklist);
+       }
 }
OpenPGP key server