X-Git-Url: https://the.earth.li/gitweb/?p=onak.git;a=blobdiff_plain;f=onak-conf.c;h=6d67a74610c81b06f1677badca51a10e1f1a7378;hp=c30260fd6318cbb2d47d5792fe34a8adbf9f0943;hb=58ed9a0076feb9604154b99da6ed1907ca7df089;hpb=a799cc2909f47d918d1ec7171a9edba28a9f5136

diff --git a/onak-conf.c b/onak-conf.c
index c30260f..6d67a74 100644
--- a/onak-conf.c
+++ b/onak-conf.c
@@ -58,7 +58,7 @@ struct onak_config config = {
 	.dbinit = NULL,
 #endif
 
-	.clean_policies = ONAK_CLEAN_CHECK_SIGHASH,
+	.clean_policies = ONAK_CLEAN_DROP_V3_KEYS | ONAK_CLEAN_CHECK_SIGHASH,
 
 	.bin_dir = NULL,
 	.mail_dir = NULL,
@@ -284,6 +284,17 @@ static bool parseconfigline(char *line)
 			config.syncsites = lladd(config.syncsites,
 				strdup(value));
 		/* [verification] section */
+		} else if (MATCH("verification", "blacklist")) {
+			array_load(&config.blacklist, value);
+		} else if (MATCH("verification", "drop_v3")) {
+			if (parsebool(value, config.clean_policies &
+					ONAK_CLEAN_DROP_V3_KEYS)) {
+				config.clean_policies |=
+					ONAK_CLEAN_DROP_V3_KEYS;
+			} else {
+				config.clean_policies &=
+					~ONAK_CLEAN_DROP_V3_KEYS;
+			}
 		} else if (MATCH("verification", "check_sighash")) {
 			if (parsebool(value, config.clean_policies &
 					ONAK_CLEAN_CHECK_SIGHASH)) {
@@ -302,6 +313,45 @@ static bool parseconfigline(char *line)
 				config.clean_policies &=
 					~ONAK_CLEAN_LARGE_PACKETS;
 			}
+		} else if (MATCH("verification", "require_other_sig")) {
+#if HAVE_CRYPTO
+			if (parsebool(value, config.clean_policies &
+					ONAK_CLEAN_NEED_OTHER_SIG)) {
+				config.clean_policies |=
+					ONAK_CLEAN_NEED_OTHER_SIG;
+			} else {
+				config.clean_policies &=
+					~ONAK_CLEAN_NEED_OTHER_SIG;
+			}
+#else
+			logthing(LOGTHING_ERROR,
+					"Compiled without crypto support, "
+					"require_other_sig not available.");
+#endif
+		} else if (MATCH("verification", "update_only")) {
+			if (parsebool(value, config.clean_policies &
+					ONAK_CLEAN_UPDATE_ONLY)) {
+				config.clean_policies |=
+					ONAK_CLEAN_UPDATE_ONLY;
+			} else {
+				config.clean_policies &=
+					~ONAK_CLEAN_UPDATE_ONLY;
+			}
+		} else if (MATCH("verification", "verify_signatures")) {
+#if HAVE_CRYPTO
+			if (parsebool(value, config.clean_policies &
+					ONAK_CLEAN_VERIFY_SIGNATURES)) {
+				config.clean_policies |=
+					ONAK_CLEAN_VERIFY_SIGNATURES;
+			} else {
+				config.clean_policies &=
+					~ONAK_CLEAN_VERIFY_SIGNATURES;
+			}
+#else
+			logthing(LOGTHING_ERROR,
+					"Compiled without crypto support, "
+					"verify_signatures not available.");
+#endif
 		} else {
 			return false;
 		}
@@ -382,6 +432,12 @@ void readconfig(const char *configfile) {
 		conffile = fopen(configfile, "r");
 	}
 
+	if (oldstyle) {
+		logthing(LOGTHING_CRITICAL, "Reading deprecated old-style "
+				"configuration file. This will not be "
+				"supported in the next release.");
+	}
+
 	if (conffile != NULL) {
 		if (!fgets(curline, 1023, conffile)) {
 			logthing(LOGTHING_CRITICAL,
@@ -587,4 +643,7 @@ void cleanupconfig(void) {
 		free(config.mail_dir);
 		config.mail_dir = NULL;
 	}
+	if (config.blacklist.count != 0) {
+		array_free(&config.blacklist);
+	}
 }