aboutsummaryrefslogtreecommitdiff
path: root/src/util
diff options
context:
space:
mode:
authorFlorian Dold <florian@dold.me>2021-07-29 17:15:32 +0200
committerFlorian Dold <florian@dold.me>2021-07-29 17:15:41 +0200
commit6212bce41b6de631ff1d897ca57a892a9ba4abcc (patch)
tree12efbdee002f8e8c5a4773fb05259166a450bb8f /src/util
parent3f0de2c2d3f51bb84748451167b16cba51049896 (diff)
downloadgnunet-6212bce41b6de631ff1d897ca57a892a9ba4abcc.tar.gz
gnunet-6212bce41b6de631ff1d897ca57a892a9ba4abcc.zip
config: restrict directives in files loaded via @inline-secret@
Diffstat (limited to 'src/util')
-rw-r--r--src/util/configuration.c61
1 files changed, 60 insertions, 1 deletions
diff --git a/src/util/configuration.c b/src/util/configuration.c
index 47a410642..147f57a3c 100644
--- a/src/util/configuration.c
+++ b/src/util/configuration.c
@@ -132,6 +132,17 @@ struct ConfigFile
132 struct ConfigFile *prev; 132 struct ConfigFile *prev;
133 133
134 struct ConfigFile *next; 134 struct ConfigFile *next;
135
136 /**
137 * Was this configuration file parsed via
138 * @inline-secret@?
139 */
140 char *hint_restrict_section;
141
142 /**
143 * Was this configuration file inaccessible?
144 */
145 bool hint_inaccessible;
135}; 146};
136 147
137 148
@@ -181,6 +192,13 @@ struct GNUNET_CONFIGURATION_Handle
181 * Name of the entry point configuration file. 192 * Name of the entry point configuration file.
182 */ 193 */
183 char *main_filename; 194 char *main_filename;
195
196 /**
197 * When parsing into this configuration, and this vaue
198 * is non-NULL, only parse sections of the same name,
199 * and ban import statements.
200 */
201 const char *restrict_section;
184}; 202};
185 203
186 204
@@ -298,9 +316,13 @@ GNUNET_CONFIGURATION_destroy (struct GNUNET_CONFIGURATION_Handle *cfg)
298 while (NULL != (sec = cfg->sections)) 316 while (NULL != (sec = cfg->sections))
299 GNUNET_CONFIGURATION_remove_section (cfg, sec->name); 317 GNUNET_CONFIGURATION_remove_section (cfg, sec->name);
300 while (NULL != (cf = cfg->loaded_files_head)) 318 while (NULL != (cf = cfg->loaded_files_head))
319 {
320 GNUNET_free (cf->hint_restrict_section);
321 GNUNET_free (cf->source_filename);
301 GNUNET_CONTAINER_DLL_remove (cfg->loaded_files_head, 322 GNUNET_CONTAINER_DLL_remove (cfg->loaded_files_head,
302 cfg->loaded_files_tail, 323 cfg->loaded_files_tail,
303 cf); 324 cf);
325 }
304 GNUNET_free (cfg); 326 GNUNET_free (cfg);
305} 327}
306 328
@@ -488,6 +510,7 @@ handle_inline (struct GNUNET_CONFIGURATION_Handle *cfg,
488 { 510 {
489 enum GNUNET_GenericReturnValue inner_ret; 511 enum GNUNET_GenericReturnValue inner_ret;
490 struct ConfigSection *cs; 512 struct ConfigSection *cs;
513 struct ConfigFile *cf = GNUNET_new (struct ConfigFile);
491 514
492 inner_ret = GNUNET_DISK_file_test_read (inline_path); 515 inner_ret = GNUNET_DISK_file_test_read (inline_path);
493 516
@@ -533,18 +556,32 @@ handle_inline (struct GNUNET_CONFIGURATION_Handle *cfg,
533 } 556 }
534 } 557 }
535 558
559 /* Put file in the load list for diagnostics, even if we can't access it. */
560 {
561 cf->level = cfg->current_nest_level;
562 cf->source_filename = GNUNET_strdup (inline_path);
563 cf->hint_restrict_section = GNUNET_strdup (restrict_section);
564 GNUNET_CONTAINER_DLL_insert_tail (cfg->loaded_files_head,
565 cfg->loaded_files_tail,
566 cf);
567 }
568
536 if (GNUNET_OK != inner_ret) 569 if (GNUNET_OK != inner_ret)
537 { 570 {
538 cs->inaccessible = true; 571 cs->inaccessible = true;
572 cf->hint_inaccessible = true;
573 /* File can't be accessed, but that's okay. */
539 fun_ret = GNUNET_OK; 574 fun_ret = GNUNET_OK;
540 goto cleanup; 575 goto cleanup;
541 } 576 }
542 577
543 other_cfg = GNUNET_CONFIGURATION_create (); 578 other_cfg = GNUNET_CONFIGURATION_create ();
579 other_cfg->restrict_section = restrict_section;
544 inner_ret = GNUNET_CONFIGURATION_parse (other_cfg, 580 inner_ret = GNUNET_CONFIGURATION_parse (other_cfg,
545 inline_path); 581 inline_path);
546 if (GNUNET_OK != inner_ret) 582 if (GNUNET_OK != inner_ret)
547 { 583 {
584 cf->hint_inaccessible = true;
548 fun_ret = inner_ret; 585 fun_ret = inner_ret;
549 goto cleanup; 586 goto cleanup;
550 } 587 }
@@ -738,6 +775,17 @@ GNUNET_CONFIGURATION_deserialize (struct GNUNET_CONFIGURATION_Handle *cfg,
738 char *directive; 775 char *directive;
739 enum GNUNET_GenericReturnValue directive_ret; 776 enum GNUNET_GenericReturnValue directive_ret;
740 777
778 if (NULL != cfg->restrict_section)
779 {
780 LOG (GNUNET_ERROR_TYPE_WARNING,
781 _ (
782 "Illegal directive in line %u (parsing resticted section %s)\n"),
783 nr,
784 cfg->restrict_section);
785 ret = GNUNET_SYSERR;
786 break;
787 }
788
741 if (NULL == end) 789 if (NULL == end)
742 { 790 {
743 LOG (GNUNET_ERROR_TYPE_WARNING, 791 LOG (GNUNET_ERROR_TYPE_WARNING,
@@ -1173,8 +1221,19 @@ GNUNET_CONFIGURATION_serialize_diagnostics (const struct
1173 " "); 1221 " ");
1174 1222
1175 GNUNET_buffer_write_fstr (&buf, 1223 GNUNET_buffer_write_fstr (&buf,
1176 "%s\n", 1224 "%s",
1177 cfil->source_filename); 1225 cfil->source_filename);
1226
1227 if (NULL != cfil->hint_restrict_section)
1228 GNUNET_buffer_write_fstr (&buf,
1229 " (%s secret section %s)",
1230 cfil->hint_inaccessible
1231 ? "inaccessible"
1232 : "loaded",
1233 cfil->hint_restrict_section);
1234
1235 GNUNET_buffer_write_str (&buf,
1236 "\n");
1178 } 1237 }
1179 1238
1180 GNUNET_buffer_write_fstr (&buf, 1239 GNUNET_buffer_write_fstr (&buf,
generated by cgit v1.2.3 (git 2.39.1) at 2024-04-20 10:14:13 +0000