diff options
author | Florian Dold <florian@dold.me> | 2021-07-29 17:15:32 +0200 |
---|---|---|
committer | Florian Dold <florian@dold.me> | 2021-07-29 17:15:41 +0200 |
commit | 6212bce41b6de631ff1d897ca57a892a9ba4abcc (patch) | |
tree | 12efbdee002f8e8c5a4773fb05259166a450bb8f /src | |
parent | 3f0de2c2d3f51bb84748451167b16cba51049896 (diff) | |
download | gnunet-6212bce41b6de631ff1d897ca57a892a9ba4abcc.tar.gz gnunet-6212bce41b6de631ff1d897ca57a892a9ba4abcc.zip |
config: restrict directives in files loaded via @inline-secret@
Diffstat (limited to 'src')
-rw-r--r-- | src/util/configuration.c | 61 |
1 files changed, 60 insertions, 1 deletions
diff --git a/src/util/configuration.c b/src/util/configuration.c index 47a410642..147f57a3c 100644 --- a/src/util/configuration.c +++ b/src/util/configuration.c | |||
@@ -132,6 +132,17 @@ struct ConfigFile | |||
132 | struct ConfigFile *prev; | 132 | struct ConfigFile *prev; |
133 | 133 | ||
134 | struct ConfigFile *next; | 134 | struct ConfigFile *next; |
135 | |||
136 | /** | ||
137 | * Was this configuration file parsed via | ||
138 | * @inline-secret@? | ||
139 | */ | ||
140 | char *hint_restrict_section; | ||
141 | |||
142 | /** | ||
143 | * Was this configuration file inaccessible? | ||
144 | */ | ||
145 | bool hint_inaccessible; | ||
135 | }; | 146 | }; |
136 | 147 | ||
137 | 148 | ||
@@ -181,6 +192,13 @@ struct GNUNET_CONFIGURATION_Handle | |||
181 | * Name of the entry point configuration file. | 192 | * Name of the entry point configuration file. |
182 | */ | 193 | */ |
183 | char *main_filename; | 194 | char *main_filename; |
195 | |||
196 | /** | ||
197 | * When parsing into this configuration, and this vaue | ||
198 | * is non-NULL, only parse sections of the same name, | ||
199 | * and ban import statements. | ||
200 | */ | ||
201 | const char *restrict_section; | ||
184 | }; | 202 | }; |
185 | 203 | ||
186 | 204 | ||
@@ -298,9 +316,13 @@ GNUNET_CONFIGURATION_destroy (struct GNUNET_CONFIGURATION_Handle *cfg) | |||
298 | while (NULL != (sec = cfg->sections)) | 316 | while (NULL != (sec = cfg->sections)) |
299 | GNUNET_CONFIGURATION_remove_section (cfg, sec->name); | 317 | GNUNET_CONFIGURATION_remove_section (cfg, sec->name); |
300 | while (NULL != (cf = cfg->loaded_files_head)) | 318 | while (NULL != (cf = cfg->loaded_files_head)) |
319 | { | ||
320 | GNUNET_free (cf->hint_restrict_section); | ||
321 | GNUNET_free (cf->source_filename); | ||
301 | GNUNET_CONTAINER_DLL_remove (cfg->loaded_files_head, | 322 | GNUNET_CONTAINER_DLL_remove (cfg->loaded_files_head, |
302 | cfg->loaded_files_tail, | 323 | cfg->loaded_files_tail, |
303 | cf); | 324 | cf); |
325 | } | ||
304 | GNUNET_free (cfg); | 326 | GNUNET_free (cfg); |
305 | } | 327 | } |
306 | 328 | ||
@@ -488,6 +510,7 @@ handle_inline (struct GNUNET_CONFIGURATION_Handle *cfg, | |||
488 | { | 510 | { |
489 | enum GNUNET_GenericReturnValue inner_ret; | 511 | enum GNUNET_GenericReturnValue inner_ret; |
490 | struct ConfigSection *cs; | 512 | struct ConfigSection *cs; |
513 | struct ConfigFile *cf = GNUNET_new (struct ConfigFile); | ||
491 | 514 | ||
492 | inner_ret = GNUNET_DISK_file_test_read (inline_path); | 515 | inner_ret = GNUNET_DISK_file_test_read (inline_path); |
493 | 516 | ||
@@ -533,18 +556,32 @@ handle_inline (struct GNUNET_CONFIGURATION_Handle *cfg, | |||
533 | } | 556 | } |
534 | } | 557 | } |
535 | 558 | ||
559 | /* Put file in the load list for diagnostics, even if we can't access it. */ | ||
560 | { | ||
561 | cf->level = cfg->current_nest_level; | ||
562 | cf->source_filename = GNUNET_strdup (inline_path); | ||
563 | cf->hint_restrict_section = GNUNET_strdup (restrict_section); | ||
564 | GNUNET_CONTAINER_DLL_insert_tail (cfg->loaded_files_head, | ||
565 | cfg->loaded_files_tail, | ||
566 | cf); | ||
567 | } | ||
568 | |||
536 | if (GNUNET_OK != inner_ret) | 569 | if (GNUNET_OK != inner_ret) |
537 | { | 570 | { |
538 | cs->inaccessible = true; | 571 | cs->inaccessible = true; |
572 | cf->hint_inaccessible = true; | ||
573 | /* File can't be accessed, but that's okay. */ | ||
539 | fun_ret = GNUNET_OK; | 574 | fun_ret = GNUNET_OK; |
540 | goto cleanup; | 575 | goto cleanup; |
541 | } | 576 | } |
542 | 577 | ||
543 | other_cfg = GNUNET_CONFIGURATION_create (); | 578 | other_cfg = GNUNET_CONFIGURATION_create (); |
579 | other_cfg->restrict_section = restrict_section; | ||
544 | inner_ret = GNUNET_CONFIGURATION_parse (other_cfg, | 580 | inner_ret = GNUNET_CONFIGURATION_parse (other_cfg, |
545 | inline_path); | 581 | inline_path); |
546 | if (GNUNET_OK != inner_ret) | 582 | if (GNUNET_OK != inner_ret) |
547 | { | 583 | { |
584 | cf->hint_inaccessible = true; | ||
548 | fun_ret = inner_ret; | 585 | fun_ret = inner_ret; |
549 | goto cleanup; | 586 | goto cleanup; |
550 | } | 587 | } |
@@ -738,6 +775,17 @@ GNUNET_CONFIGURATION_deserialize (struct GNUNET_CONFIGURATION_Handle *cfg, | |||
738 | char *directive; | 775 | char *directive; |
739 | enum GNUNET_GenericReturnValue directive_ret; | 776 | enum GNUNET_GenericReturnValue directive_ret; |
740 | 777 | ||
778 | if (NULL != cfg->restrict_section) | ||
779 | { | ||
780 | LOG (GNUNET_ERROR_TYPE_WARNING, | ||
781 | _ ( | ||
782 | "Illegal directive in line %u (parsing resticted section %s)\n"), | ||
783 | nr, | ||
784 | cfg->restrict_section); | ||
785 | ret = GNUNET_SYSERR; | ||
786 | break; | ||
787 | } | ||
788 | |||
741 | if (NULL == end) | 789 | if (NULL == end) |
742 | { | 790 | { |
743 | LOG (GNUNET_ERROR_TYPE_WARNING, | 791 | LOG (GNUNET_ERROR_TYPE_WARNING, |
@@ -1173,8 +1221,19 @@ GNUNET_CONFIGURATION_serialize_diagnostics (const struct | |||
1173 | " "); | 1221 | " "); |
1174 | 1222 | ||
1175 | GNUNET_buffer_write_fstr (&buf, | 1223 | GNUNET_buffer_write_fstr (&buf, |
1176 | "%s\n", | 1224 | "%s", |
1177 | cfil->source_filename); | 1225 | cfil->source_filename); |
1226 | |||
1227 | if (NULL != cfil->hint_restrict_section) | ||
1228 | GNUNET_buffer_write_fstr (&buf, | ||
1229 | " (%s secret section %s)", | ||
1230 | cfil->hint_inaccessible | ||
1231 | ? "inaccessible" | ||
1232 | : "loaded", | ||
1233 | cfil->hint_restrict_section); | ||
1234 | |||
1235 | GNUNET_buffer_write_str (&buf, | ||
1236 | "\n"); | ||
1178 | } | 1237 | } |
1179 | 1238 | ||
1180 | GNUNET_buffer_write_fstr (&buf, | 1239 | GNUNET_buffer_write_fstr (&buf, |