X-Git-Url: https://the.earth.li/gitweb/?a=blobdiff_plain;f=onak-conf.c;h=6d67a74610c81b06f1677badca51a10e1f1a7378;hb=2d53b0b62dd6c230f25c5d66104e6b367390485a;hp=e6b645c48057bf4bf10fb4143ebcd82f87a1dc14;hpb=a0d1c99184eeb07a6a7711e168c3db4b8c0937eb;p=onak.git
diff --git a/onak-conf.c b/onak-conf.c
index e6b645c..6d67a74 100644
--- a/onak-conf.c
+++ b/onak-conf.c
@@ -15,21 +15,22 @@
* You should have received a copy of the GNU General Public License along with
* this program. If not, see .
*/
-
-#include "config.h"
-
#include
#include
#include
#include
#include
+#include "build-config.h"
+
#include "cleankey.h"
#include "ll.h"
#include "log.h"
#include "onak-conf.h"
+#ifdef DBINIT
extern struct onak_dbctx *DBINIT(struct onak_db_config *dbcfg, bool readonly);
+#endif
/*
* config - Runtime configuration for onak.
@@ -51,9 +52,13 @@ struct onak_config config = {
.backends = NULL,
.backends_dir = NULL,
+#ifdef DBINIT
.dbinit = DBINIT,
+#else
+ .dbinit = NULL,
+#endif
- .clean_policies = ONAK_CLEAN_CHECK_SIGHASH,
+ .clean_policies = ONAK_CLEAN_DROP_V3_KEYS | ONAK_CLEAN_CHECK_SIGHASH,
.bin_dir = NULL,
.mail_dir = NULL,
@@ -279,6 +284,17 @@ static bool parseconfigline(char *line)
config.syncsites = lladd(config.syncsites,
strdup(value));
/* [verification] section */
+ } else if (MATCH("verification", "blacklist")) {
+ array_load(&config.blacklist, value);
+ } else if (MATCH("verification", "drop_v3")) {
+ if (parsebool(value, config.clean_policies &
+ ONAK_CLEAN_DROP_V3_KEYS)) {
+ config.clean_policies |=
+ ONAK_CLEAN_DROP_V3_KEYS;
+ } else {
+ config.clean_policies &=
+ ~ONAK_CLEAN_DROP_V3_KEYS;
+ }
} else if (MATCH("verification", "check_sighash")) {
if (parsebool(value, config.clean_policies &
ONAK_CLEAN_CHECK_SIGHASH)) {
@@ -288,6 +304,54 @@ static bool parseconfigline(char *line)
config.clean_policies &=
~ONAK_CLEAN_CHECK_SIGHASH;
}
+ } else if (MATCH("verification", "check_packet_size")) {
+ if (parsebool(value, config.clean_policies &
+ ONAK_CLEAN_LARGE_PACKETS)) {
+ config.clean_policies |=
+ ONAK_CLEAN_LARGE_PACKETS;
+ } else {
+ config.clean_policies &=
+ ~ONAK_CLEAN_LARGE_PACKETS;
+ }
+ } else if (MATCH("verification", "require_other_sig")) {
+#if HAVE_CRYPTO
+ if (parsebool(value, config.clean_policies &
+ ONAK_CLEAN_NEED_OTHER_SIG)) {
+ config.clean_policies |=
+ ONAK_CLEAN_NEED_OTHER_SIG;
+ } else {
+ config.clean_policies &=
+ ~ONAK_CLEAN_NEED_OTHER_SIG;
+ }
+#else
+ logthing(LOGTHING_ERROR,
+ "Compiled without crypto support, "
+ "require_other_sig not available.");
+#endif
+ } else if (MATCH("verification", "update_only")) {
+ if (parsebool(value, config.clean_policies &
+ ONAK_CLEAN_UPDATE_ONLY)) {
+ config.clean_policies |=
+ ONAK_CLEAN_UPDATE_ONLY;
+ } else {
+ config.clean_policies &=
+ ~ONAK_CLEAN_UPDATE_ONLY;
+ }
+ } else if (MATCH("verification", "verify_signatures")) {
+#if HAVE_CRYPTO
+ if (parsebool(value, config.clean_policies &
+ ONAK_CLEAN_VERIFY_SIGNATURES)) {
+ config.clean_policies |=
+ ONAK_CLEAN_VERIFY_SIGNATURES;
+ } else {
+ config.clean_policies &=
+ ~ONAK_CLEAN_VERIFY_SIGNATURES;
+ }
+#else
+ logthing(LOGTHING_ERROR,
+ "Compiled without crypto support, "
+ "verify_signatures not available.");
+#endif
} else {
return false;
}
@@ -368,6 +432,12 @@ void readconfig(const char *configfile) {
conffile = fopen(configfile, "r");
}
+ if (oldstyle) {
+ logthing(LOGTHING_CRITICAL, "Reading deprecated old-style "
+ "configuration file. This will not be "
+ "supported in the next release.");
+ }
+
if (conffile != NULL) {
if (!fgets(curline, 1023, conffile)) {
logthing(LOGTHING_CRITICAL,
@@ -573,4 +643,7 @@ void cleanupconfig(void) {
free(config.mail_dir);
config.mail_dir = NULL;
}
+ if (config.blacklist.count != 0) {
+ array_free(&config.blacklist);
+ }
}