X-Git-Url: https://the.earth.li/gitweb/?p=onak.git;a=blobdiff_plain;f=onak-conf.c;h=6d67a74610c81b06f1677badca51a10e1f1a7378;hp=60f2097a21859342ab686b25e104b1aa572fb551;hb=58ed9a0076feb9604154b99da6ed1907ca7df089;hpb=d4aa4e6ee07db203ef2a456a2afb9be52da8067c

diff --git a/onak-conf.c b/onak-conf.c
index 60f2097..6d67a74 100644
--- a/onak-conf.c
+++ b/onak-conf.c
@@ -13,22 +13,24 @@
  * more details.
  *
  * You should have received a copy of the GNU General Public License along with
- * this program; if not, write to the Free Software Foundation, Inc., 51
- * Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+ * this program.  If not, see <https://www.gnu.org/licenses/>.
  */
-
-#include "config.h"
-
 #include <ctype.h>
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
+#include <strings.h>
+
+#include "build-config.h"
 
+#include "cleankey.h"
 #include "ll.h"
 #include "log.h"
 #include "onak-conf.h"
 
+#ifdef DBINIT
 extern struct onak_dbctx *DBINIT(struct onak_db_config *dbcfg, bool readonly);
+#endif
 
 /*
  *	config - Runtime configuration for onak.
@@ -50,9 +52,13 @@ struct onak_config config = {
 	.backends = NULL,
 	.backends_dir = NULL,
 
+#ifdef DBINIT
 	.dbinit = DBINIT,
+#else
+	.dbinit = NULL,
+#endif
 
-	.check_sighash = true,
+	.clean_policies = ONAK_CLEAN_DROP_V3_KEYS | ONAK_CLEAN_CHECK_SIGHASH,
 
 	.bin_dir = NULL,
 	.mail_dir = NULL,
@@ -169,8 +175,14 @@ static bool parseoldconfigline(char *line)
 	} else if (!strncmp("sock_dir ", line, 9)) {
 		config.sock_dir = strdup(&line[9]);
 	} else if (!strncmp("check_sighash ", line, 9)) {
-		config.check_sighash = parsebool(&line[9],
-					config.check_sighash);
+		if (parsebool(&line[9], config.clean_policies &
+					ONAK_CLEAN_CHECK_SIGHASH)) {
+			config.clean_policies |=
+				ONAK_CLEAN_CHECK_SIGHASH;
+		} else {
+			config.clean_policies &=
+				~ONAK_CLEAN_CHECK_SIGHASH;
+		}
 	} else {
 		return false;
 	}
@@ -272,9 +284,74 @@ static bool parseconfigline(char *line)
 			config.syncsites = lladd(config.syncsites,
 				strdup(value));
 		/* [verification] section */
+		} else if (MATCH("verification", "blacklist")) {
+			array_load(&config.blacklist, value);
+		} else if (MATCH("verification", "drop_v3")) {
+			if (parsebool(value, config.clean_policies &
+					ONAK_CLEAN_DROP_V3_KEYS)) {
+				config.clean_policies |=
+					ONAK_CLEAN_DROP_V3_KEYS;
+			} else {
+				config.clean_policies &=
+					~ONAK_CLEAN_DROP_V3_KEYS;
+			}
 		} else if (MATCH("verification", "check_sighash")) {
-			config.check_sighash = parsebool(value,
-					config.check_sighash);
+			if (parsebool(value, config.clean_policies &
+					ONAK_CLEAN_CHECK_SIGHASH)) {
+				config.clean_policies |=
+					ONAK_CLEAN_CHECK_SIGHASH;
+			} else {
+				config.clean_policies &=
+					~ONAK_CLEAN_CHECK_SIGHASH;
+			}
+		} else if (MATCH("verification", "check_packet_size")) {
+			if (parsebool(value, config.clean_policies &
+					ONAK_CLEAN_LARGE_PACKETS)) {
+				config.clean_policies |=
+					ONAK_CLEAN_LARGE_PACKETS;
+			} else {
+				config.clean_policies &=
+					~ONAK_CLEAN_LARGE_PACKETS;
+			}
+		} else if (MATCH("verification", "require_other_sig")) {
+#if HAVE_CRYPTO
+			if (parsebool(value, config.clean_policies &
+					ONAK_CLEAN_NEED_OTHER_SIG)) {
+				config.clean_policies |=
+					ONAK_CLEAN_NEED_OTHER_SIG;
+			} else {
+				config.clean_policies &=
+					~ONAK_CLEAN_NEED_OTHER_SIG;
+			}
+#else
+			logthing(LOGTHING_ERROR,
+					"Compiled without crypto support, "
+					"require_other_sig not available.");
+#endif
+		} else if (MATCH("verification", "update_only")) {
+			if (parsebool(value, config.clean_policies &
+					ONAK_CLEAN_UPDATE_ONLY)) {
+				config.clean_policies |=
+					ONAK_CLEAN_UPDATE_ONLY;
+			} else {
+				config.clean_policies &=
+					~ONAK_CLEAN_UPDATE_ONLY;
+			}
+		} else if (MATCH("verification", "verify_signatures")) {
+#if HAVE_CRYPTO
+			if (parsebool(value, config.clean_policies &
+					ONAK_CLEAN_VERIFY_SIGNATURES)) {
+				config.clean_policies |=
+					ONAK_CLEAN_VERIFY_SIGNATURES;
+			} else {
+				config.clean_policies &=
+					~ONAK_CLEAN_VERIFY_SIGNATURES;
+			}
+#else
+			logthing(LOGTHING_ERROR,
+					"Compiled without crypto support, "
+					"verify_signatures not available.");
+#endif
 		} else {
 			return false;
 		}
@@ -355,6 +432,12 @@ void readconfig(const char *configfile) {
 		conffile = fopen(configfile, "r");
 	}
 
+	if (oldstyle) {
+		logthing(LOGTHING_CRITICAL, "Reading deprecated old-style "
+				"configuration file. This will not be "
+				"supported in the next release.");
+	}
+
 	if (conffile != NULL) {
 		if (!fgets(curline, 1023, conffile)) {
 			logthing(LOGTHING_CRITICAL,
@@ -421,6 +504,68 @@ void readconfig(const char *configfile) {
 	}
 }
 
+void writeconfig(const char *configfile)
+{
+	FILE *conffile;
+	struct ll *cur;
+
+	if (configfile) {
+		conffile = fopen(configfile, "w");
+	} else {
+		conffile = stdout;
+	}
+
+#define WRITE_IF_NOT_NULL(c, s) if (c != NULL) { \
+	fprintf(conffile, s "=%s\n", c); \
+}
+#define WRITE_BOOL(c, s) fprintf(conffile, s "=%s\n", s ? "true" : "false");
+
+	fprintf(conffile, "[main]\n");
+	WRITE_IF_NOT_NULL(config.backend->name, "backend");
+	WRITE_IF_NOT_NULL(config.backends_dir, "backends_dir");
+	WRITE_IF_NOT_NULL(config.logfile, "logfile");
+	fprintf(conffile, "loglevel=%d\n", getlogthreshold());
+	WRITE_BOOL(config.use_keyd, "use_keyd");
+	WRITE_IF_NOT_NULL(config.sock_dir, "sock_dir");
+	fprintf(conffile, "max_reply_keys=%d\n", config.maxkeys);
+	fprintf(conffile, "\n");
+
+	fprintf(conffile, "[verification]\n");
+	WRITE_BOOL(config.clean_policies & ONAK_CLEAN_CHECK_SIGHASH,
+			"check_sighash");
+	fprintf(conffile, "\n");
+
+	fprintf(conffile, "[mail]\n");
+	WRITE_IF_NOT_NULL(config.adminemail, "maintainer_email");
+	WRITE_IF_NOT_NULL(config.mail_dir, "mail_dir");
+	WRITE_IF_NOT_NULL(config.mta, "mta");
+	WRITE_IF_NOT_NULL(config.bin_dir, "bin_dir");
+	WRITE_IF_NOT_NULL(config.thissite, "this_site");
+
+	cur = config.syncsites;
+	while (cur != NULL) {
+		fprintf(conffile, "syncsite=%s\n", (char *) cur->object);
+		cur = cur->next;
+	}
+
+	cur = config.backends;
+	while (cur != NULL) {
+		struct onak_db_config *backend =
+			(struct onak_db_config *) cur->object;
+		fprintf(conffile, "\n[backend:%s]\n", backend->name);
+		WRITE_IF_NOT_NULL(backend->type, "type");
+		WRITE_IF_NOT_NULL(backend->location, "location");
+		WRITE_IF_NOT_NULL(backend->hostname, "hostname");
+		WRITE_IF_NOT_NULL(backend->username, "username");
+		WRITE_IF_NOT_NULL(backend->password, "password");
+		cur = cur->next;
+	}
+
+	if (configfile) {
+		fclose(conffile);
+	}
+}
+
 void cleanupdbconfig(void *object)
 {
 	struct onak_db_config *dbconfig = (struct onak_db_config *) object;
@@ -498,4 +643,7 @@ void cleanupconfig(void) {
 		free(config.mail_dir);
 		config.mail_dir = NULL;
 	}
+	if (config.blacklist.count != 0) {
+		array_free(&config.blacklist);
+	}
 }