1 #include "burp.h"
2 #include "alloc.h"
3 #include "conf.h"
4 #include "fsops.h"
5 #include "handy.h"
6 #include "lock.h"
7 #include "log.h"
8 #include "msg.h"
9 #include "pathcmp.h"
10 #include "prepend.h"
11 #include "strlist.h"
12 #include "times.h"
13 #include "client/glob_windows.h"
14 #include "conffile.h"
15
16 static struct strlist *cli_overrides=NULL;
17
conf_set_cli_overrides(struct strlist * overrides)18 void conf_set_cli_overrides(struct strlist *overrides)
19 {
20 cli_overrides=overrides;
21 }
22
23 // This will strip off everything after the last quote. So, configs like this
24 // should work:
25 // exclude_regex = "[A-Z]:/pagefile.sys" # swap file (Windows XP, 7, 8)
26 // Return 1 for quotes removed, -1 for error, 0 for OK.
remove_quotes(const char * f,char ** v,char quote)27 static int remove_quotes(const char *f, char **v, char quote)
28 {
29 char *dp=NULL;
30 char *sp=NULL;
31 char *copy=NULL;
32 int ret=1;
33
34 // If it does not start with a quote, leave it alone.
35 if(**v!=quote) return 0;
36
37 if(!(copy=strdup_w(*v, __func__)))
38 {
39 ret=-1;
40 goto end;
41 }
42
43 for(dp=*v, sp=copy+1; *sp; sp++)
44 {
45 if(*sp==quote)
46 {
47 // Found a matching quote. Stop here.
48 *dp='\0';
49 for(sp++; *sp && isspace(*sp); sp++) { }
50 // Do not complain about trailing comments.
51 if(*sp && *sp!='#')
52 logp("ignoring trailing characters after quote in config '%s = %s'\n", f, copy);
53 goto end;
54 }
55 else if(*sp=='\\')
56 {
57 sp++;
58 *dp=*sp;
59 dp++;
60 if(*sp!=quote
61 && *sp!='\\')
62 logp("unknown escape sequence '\\%c' in config '%s = %s' - treating it as '%c'\n", *sp, f, copy, *sp);
63 }
64 else
65 {
66 *dp=*sp;
67 dp++;
68 }
69 }
70 logp("Did not find closing quote in config '%s = %s'\n", f, copy);
71 *dp='\0';
72 end:
73 free_w(©);
74 return ret;
75 }
76
77 // Get field and value pair.
conf_get_pair(char buf[],char ** f,char ** v,int * r)78 int conf_get_pair(char buf[], char **f, char **v, int *r)
79 {
80 char *cp=NULL;
81 char *eq=NULL;
82
83 // strip leading space
84 for(cp=buf; *cp && isspace(*cp); cp++) { }
85 if(!*cp || *cp=='#')
86 {
87 *f=NULL;
88 *v=NULL;
89 return 0;
90 }
91 *f=cp;
92 if(!(eq=strchr(*f, '='))) return -1;
93 *eq='\0';
94
95 // Strip white space from before the equals sign.
96 for(cp=eq-1; *cp && (isspace(*cp) || *cp == ':'); cp--)
97 {
98 if(*cp == ':') *r=1;
99 *cp='\0';
100 }
101 // Skip white space after the equals sign.
102 for(cp=eq+1; *cp && isspace(*cp); cp++) { }
103 *v=cp;
104 // Strip white space at the end of the line.
105 for(cp+=strlen(cp)-1; *cp && isspace(*cp); cp--) { *cp='\0'; }
106
107 // FIX THIS: Make this more sophisticated - it should understand
108 // escapes, for example.
109
110 switch(remove_quotes(*f, v, '\''))
111 {
112 case -1: return -1;
113 case 1: break;
114 default:
115 // If single quotes were not removed, try to remove
116 // double quotes.
117 if(remove_quotes(*f, v, '\"')<0) return -1;
118 break;
119 }
120
121 if(!*f || !**f || !*v || !**v) return -1;
122
123 return 0;
124 }
125
conf_error(const char * conf_path,int line)126 static int conf_error(const char *conf_path, int line)
127 {
128 logp("%s: parse error on line %d\n", conf_path, line);
129 return -1;
130 }
131
get_file_size(const char * v,uint64_t * dest,const char * conf_path,int line)132 int get_file_size(const char *v, uint64_t *dest, const char *conf_path, int line)
133 {
134 // Store in bytes, allow k/m/g.
135 const char *cp=NULL;
136 *dest=strtoul(v, NULL, 10);
137 for(cp=v; *cp && (isspace(*cp) || isdigit(*cp)); cp++) { }
138 if(tolower(*cp)=='k') *dest*=1024;
139 else if(tolower(*cp)=='m') *dest*=1024*1024;
140 else if(tolower(*cp)=='g') *dest*=1024*1024*1024;
141 else if(!*cp || *cp=='b')
142 { }
143 else
144 {
145 logp("Unknown file size type '%s' - please use b/kb/mb/gb\n",
146 cp);
147 return conf_error(conf_path, line);
148 }
149 return 0;
150 }
151
pre_post_override(struct conf * c,struct conf * pre,struct conf * post)152 static int pre_post_override(struct conf *c,
153 struct conf *pre, struct conf *post)
154 {
155 const char *override=get_string(c);
156 if(!override) return 0;
157 if(set_string(pre, override)
158 || set_string(post, override))
159 return -1;
160 return 0;
161 }
162
163 #ifdef HAVE_LINUX_OS
164 struct fstype
165 {
166 const char *str;
167 uint64_t flag;
168 };
169
170 // Sorted in magic number order.
171 static struct fstype fstypes[]={
172 { "devfs", 0x00001373 },
173 { "devpts", 0x00001CD1 },
174 { "smbfs", 0x0000517B },
175 { "nfs", 0x00006969 },
176 { "romfs", 0x00007275 },
177 { "iso9660", 0x00009660 },
178 { "devtmpfs", 0x00009FA0 },
179 { "proc", 0x00009FA0 },
180 { "usbdevfs", 0x00009FA2 },
181 { "ext2", 0x0000EF53 },
182 { "ext3", 0x0000EF53 },
183 { "ext4", 0x0000EF53 },
184 { "ecryptfs", 0x0000F15F },
185 { "cgroup", 0x0027E0EB },
186 { "ceph", 0x00C36400 },
187 { "tmpfs", 0x01021994 },
188 { "zfs", 0x2FC12FC1 },
189 { "jfs", 0x3153464A },
190 { "autofs", 0x42494E4D },
191 { "reiserfs", 0x52654973 },
192 { "ntfs", 0x5346544E },
193 { "xfs", 0x58465342 },
194 { "sysfs", 0x62656572 },
195 { "debugfs", 0x64626720 },
196 { "fusectl", 0x65735543 },
197 { "fuse.lxcfs", 0x65735546 },
198 { "securityfs", 0x73636673 },
199 { "ramfs", 0x858458F6 },
200 { "btrfs", 0x9123683E },
201 { "hugetlbfs", 0x958458F6 },
202 { "smb2", 0xFE534D42 },
203 { "cifs", 0xFF534D42 },
204 { NULL, 0 },
205 };
206 /* Use this C code to figure out what f_type gets set to.
207 #include <stdio.h>
208 #include <sys/vfs.h>
209
210 int main(int argc, char *argv[])
211 {
212 int i=0;
213 struct statfs buf;
214 if(argc<1)
215 {
216 printf("not enough args\n");
217 return -1;
218 }
219 if(statfs(argv[1], &buf))
220 {
221 printf("error\n");
222 return -1;
223 }
224 printf("0x%08X\n", buf.f_type);
225 return 0;
226 }
227 */
228
229 #endif
230
fstype_to_flag(const char * fstype,long * flag)231 static int fstype_to_flag(const char *fstype, long *flag)
232 {
233 #ifdef HAVE_LINUX_OS
234 int i=0;
235 for(i=0; fstypes[i].str; i++)
236 {
237 if(!strcmp(fstypes[i].str, fstype))
238 {
239 *flag=fstypes[i].flag;
240 return 0;
241 }
242 }
243 #else
244 return 0;
245 #endif
246 return -1;
247 }
248
get_compression(const char * v)249 static int get_compression(const char *v)
250 {
251 const char *cp=v;
252 if(!strncmp(v, "gzip", strlen("gzip"))
253 || !(strncmp(v, "zlib", strlen("zlib"))))
254 cp=v+strlen("gzip"); // Or "zlib".
255 if(strlen(cp)==1 && isdigit(*cp))
256 return atoi(cp);
257 return -1;
258 }
259
load_conf_field_and_value(struct conf ** c,const char * f,const char * v,int reset,const char * conf_path,int line)260 static int load_conf_field_and_value(struct conf **c,
261 const char *f, // field
262 const char *v, // value
263 int reset, // reset flag
264 const char *conf_path,
265 int line)
266 {
267 if(!strcmp(f, "compression"))
268 {
269 int compression=get_compression(v);
270 if(compression<0) return -1;
271 set_int(c[OPT_COMPRESSION], compression);
272 }
273 else if(!strcmp(f, "ssl_compression"))
274 {
275 int compression=get_compression(v);
276 if(compression<0) return -1;
277 set_int(c[OPT_SSL_COMPRESSION], compression);
278 }
279 else if(!strcmp(f, "ratelimit"))
280 {
281 float f=0;
282 f=atof(v);
283 // User is specifying Mega bits per second.
284 // Need to convert to bytes per second.
285 f=(f*1024*1024)/8;
286 if(!f)
287 {
288 logp("ratelimit should be greater than zero\n");
289 return -1;
290 }
291 set_float(c[OPT_RATELIMIT], f);
292 }
293 else
294 {
295 int i=0;
296 for(i=0; i<OPT_MAX; i++)
297 {
298 if(strcmp(c[i]->field, f)) continue;
299 switch(c[i]->conf_type)
300 {
301 case CT_STRING:
302 return set_string(c[i], v);
303 case CT_UINT:
304 return set_int(c[i], atoi(v));
305 case CT_FLOAT:
306 return set_float(c[i], atof(v));
307 break;
308 case CT_MODE_T:
309 return set_mode_t(c[i],
310 strtol(v, NULL, 8));
311 case CT_SSIZE_T:
312 {
313 uint64_t s=0;
314 return
315 get_file_size(v, &s, conf_path, line)
316 || set_uint64_t(c[i], s);
317 }
318 case CT_E_BURP_MODE:
319 return set_e_burp_mode(c[i],
320 str_to_burp_mode(v));
321 case CT_E_PROTOCOL:
322 return set_e_protocol(c[i],
323 str_to_protocol(v));
324 case CT_E_RECOVERY_METHOD:
325 return set_e_recovery_method(c[i],
326 str_to_recovery_method(v));
327 case CT_STRLIST:
328 if (reset) set_strlist(c[i], 0);
329 return add_to_strlist(c[i], v,
330 !strcmp(c[i]->field, "include"));
331 case CT_E_RSHASH:
332 break;
333 case CT_CNTR:
334 break;
335 // No default so we get a warning if something
336 // was missed;
337 }
338 }
339 }
340 return 0;
341 }
342
343 // Recursing, so need to define this ahead of conf_parse_line.
344 static int conf_load_lines_from_file(const char *conf_path,
345 struct conf **confs);
346
deal_with_dot_inclusion(const char * conf_path,char ** extrafile,struct conf ** confs)347 static int deal_with_dot_inclusion(const char *conf_path,
348 char **extrafile, struct conf **confs)
349 {
350 int ret=-1;
351 char *copy=NULL;
352 #ifndef HAVE_WIN32
353 int i=0;
354 glob_t globbuf;
355 if(**extrafile!='/')
356 #else
357 if(strlen(*extrafile)>2
358 && (*extrafile)[1]!=':')
359 #endif
360 {
361 // It is relative to the directory that the
362 // current conf file is in.
363 char *cp=NULL;
364 char *tmp=NULL;
365 if(!(copy=strdup_w(conf_path, __func__)))
366 goto end;
367 if((cp=strrchr(copy, '/'))) *cp='\0';
368 if(!(tmp=prepend_s(copy, *extrafile)))
369 {
370 log_out_of_memory(__func__);
371 goto end;
372 }
373 free_w(extrafile);
374 *extrafile=tmp;
375 }
376 #ifndef HAVE_WIN32
377 // Treat it is a glob expression.
378 memset(&globbuf, 0, sizeof(globbuf));
379 glob(*extrafile, 0, NULL, &globbuf);
380 for(i=0; (unsigned int)i<globbuf.gl_pathc; i++)
381 if((ret=conf_load_lines_from_file(globbuf.gl_pathv[i], confs)))
382 goto end;
383
384 globfree(&globbuf);
385 #else
386 ret=conf_load_lines_from_file(*extrafile, confs);
387 #endif
388
389 end:
390 free_w(©);
391 return ret;
392 }
393
conf_parse_line(struct conf ** confs,const char * conf_path,char buf[],int line)394 static int conf_parse_line(struct conf **confs, const char *conf_path,
395 char buf[], int line)
396 {
397 int ret=-1;
398 int r=0;
399 char *f=NULL; // field
400 char *v=NULL; // value
401 char *extrafile=NULL;
402
403 if(!strncmp(buf, ". ", 2))
404 {
405 // The conf file specifies another file to include.
406 char *np=NULL;
407
408 if(!(extrafile=strdup_w(buf+2, __func__))) goto end;
409
410 if((np=strrchr(extrafile, '\n'))) *np='\0';
411 if(!*extrafile) goto end;
412
413 ret=deal_with_dot_inclusion(conf_path, &extrafile, confs);
414 goto end;
415 }
416
417 if(conf_get_pair(buf, &f, &v, &r)) goto end;
418 if(f && v
419 && load_conf_field_and_value(confs, f, v, r, conf_path, line))
420 goto end;
421 ret=0;
422 end:
423 free_w(&extrafile);
424 return ret;
425 }
426
conf_problem(const char * conf_path,const char * msg,int * r)427 static void conf_problem(const char *conf_path, const char *msg, int *r)
428 {
429 logp("%s: %s\n", conf_path, msg);
430 (*r)--;
431 }
432
burp_ca_conf_problem(const char * conf_path,const char * field,int * r)433 static void burp_ca_conf_problem(const char *conf_path,
434 const char *field, int *r)
435 {
436 char msg[128]="";
437 snprintf(msg, sizeof(msg), "ca_%s_ca set, but %s not set\n",
438 PACKAGE_TARNAME, field);
439 conf_problem(conf_path, msg, r);
440 }
441
server_conf_checks(struct conf ** c,const char * path,int * r)442 static int server_conf_checks(struct conf **c, const char *path, int *r)
443 {
444 // FIX THIS: Most of this could be done by flags.
445 if(!get_string(c[OPT_DIRECTORY]))
446 conf_problem(path, "directory unset", r);
447 if(!get_string(c[OPT_DEDUP_GROUP]))
448 conf_problem(path, "dedup_group unset", r);
449 if(!get_string(c[OPT_CLIENTCONFDIR]))
450 conf_problem(path, "clientconfdir unset", r);
451 if(get_e_recovery_method(c[OPT_WORKING_DIR_RECOVERY_METHOD])==RECOVERY_METHOD_UNSET)
452 conf_problem(path, "working_dir_recovery_method unset", r);
453 if(!get_string(c[OPT_SSL_DHFILE]))
454 conf_problem(path, "ssl_dhfile unset", r);
455 if(get_string(c[OPT_ENCRYPTION_PASSWORD]))
456 conf_problem(path,
457 "encryption_password should not be set on the server!", r);
458 if(!get_strlist(c[OPT_KEEP]))
459 conf_problem(path, "keep unset", r);
460 if(get_int(c[OPT_MAX_HARDLINKS])<2)
461 conf_problem(path, "max_hardlinks too low", r);
462
463 if(get_int(c[OPT_MAX_STORAGE_SUBDIRS])<=1000)
464 conf_problem(path, "max_storage_subdirs too low", r);
465 if(!get_string(c[OPT_TIMESTAMP_FORMAT])
466 && set_string(c[OPT_TIMESTAMP_FORMAT], DEFAULT_TIMESTAMP_FORMAT))
467 return -1;
468 if(get_string(c[OPT_CA_CONF]))
469 {
470 int ca_err=0;
471 const char *ca_name=get_string(c[OPT_CA_NAME]);
472 const char *ca_server_name=get_string(c[OPT_CA_SERVER_NAME]);
473 if(!ca_name)
474 {
475 logp("ca_conf set, but ca_name not set\n");
476 ca_err++;
477 }
478 if(!ca_server_name)
479 {
480 logp("ca_conf set, but ca_server_name not set\n");
481 ca_err++;
482 }
483 if(ca_name
484 && ca_server_name
485 && !strcmp(ca_name, ca_server_name))
486 {
487 logp("ca_name and ca_server_name cannot be the same\n");
488 ca_err++;
489 }
490 if(!get_string(c[OPT_CA_BURP_CA]))
491 {
492 logp("ca_conf set, but ca_%s_ca not set\n",
493 PACKAGE_TARNAME);
494 ca_err++;
495 }
496 if(!get_string(c[OPT_SSL_DHFILE]))
497 {
498 logp("ca_conf set, but ssl_dhfile not set\n");
499 ca_err++;
500 }
501 if(!get_string(c[OPT_SSL_CERT_CA]))
502 {
503 logp("ca_conf set, but ssl_cert_ca not set\n");
504 ca_err++;
505 }
506 if(!get_string(c[OPT_SSL_CERT]))
507 {
508 logp("ca_conf set, but ssl_cert not set\n");
509 ca_err++;
510 }
511 if(!get_string(c[OPT_SSL_KEY]))
512 {
513 logp("ca_conf set, but ssl_key not set\n");
514 ca_err++;
515 }
516 if(ca_err) return -1;
517 }
518 if(get_string(c[OPT_MANUAL_DELETE]))
519 {
520 if(!is_absolute(get_string(c[OPT_MANUAL_DELETE])))
521 {
522 logp("ERROR: Please use an absolute manual_delete path.\n");
523 return -1;
524 }
525 }
526
527 return 0;
528 }
529
530 #ifdef HAVE_WIN32
531 #undef X509_NAME
532 #include <openssl/x509.h>
533 #endif
534
extract_cn(X509_NAME * subj)535 static char *extract_cn(X509_NAME *subj)
536 {
537 int nid;
538 int index;
539 ASN1_STRING *d;
540 X509_NAME_ENTRY *e;
541
542 nid=OBJ_txt2nid("CN");
543 if((index=X509_NAME_get_index_by_NID(subj, nid, -1))<0
544 || !(e=X509_NAME_get_entry(subj, index))
545 || !(d=X509_NAME_ENTRY_get_data(e)))
546 return NULL;
547 #if OPENSSL_VERSION_NUMBER < 0x1010000fL || defined(LIBRESSL_VERSION_NUMBER)
548 return (char *)ASN1_STRING_data(d);
549 #else
550 return (char *)ASN1_STRING_get0_data(d);
551 #endif
552 }
553
mangle_cname(char ** cname,struct conf ** c)554 static void mangle_cname(char **cname, struct conf **c)
555 {
556 if(!get_int(c[OPT_CNAME_FQDN]))
557 strip_fqdn(cname);
558 if(get_int(c[OPT_CNAME_LOWERCASE]))
559 strlwr(*cname);
560 }
561
get_cname_from_ssl_cert(struct conf ** c)562 static int get_cname_from_ssl_cert(struct conf **c)
563 {
564 int ret=-1;
565 struct fzp *fzp=NULL;
566 X509 *cert=NULL;
567 X509_NAME *subj=NULL;
568 char *path=get_string(c[OPT_SSL_CERT]);
569 const char *cn=NULL;
570 char *copy=NULL;
571
572 if(!path || !(fzp=fzp_open(path, "rb"))) return 0;
573
574 if(!(cert=fzp_PEM_read_X509(fzp)))
575 {
576 logp("unable to parse %s in: %s\n", path, __func__);
577 goto end;
578 }
579 if(!(subj=X509_get_subject_name(cert)))
580 {
581 logp("unable to get subject from %s in: %s\n", path, __func__);
582 goto end;
583 }
584
585 if(!(cn=extract_cn(subj)))
586 {
587 logp("could not get CN from %s\n", path);
588 goto end;
589 }
590 if(!(copy=strdup_w(cn, __func__)))
591 goto end;
592 mangle_cname(©, c);
593 if(set_string(c[OPT_CNAME], copy))
594 goto end;
595 logp("cname from cert: %s\n", cn);
596 if(strcmp(copy, cn))
597 logp("cname mangled to: %s\n", copy);
598
599 ret=0;
600 end:
601 if(cert) X509_free(cert);
602 fzp_close(&fzp);
603 free_w(©);
604 return ret;
605 }
606
607 #ifdef HAVE_WIN32
608 #include <winsock2.h>
609 #include <ws2tcpip.h>
610 #endif
611
get_fqdn(struct conf ** c)612 static int get_fqdn(struct conf **c)
613 {
614 int ret=-1;
615 int gai_result;
616 struct addrinfo hints;
617 struct addrinfo *info=NULL;
618 char hostname[1024]="";
619 char *fqdn=NULL;
620 hostname[1023] = '\0';
621 if(gethostname(hostname, 1023))
622 {
623 logp("gethostname() failed: %s\n", strerror(errno));
624 goto end;
625 }
626
627 memset(&hints, 0, sizeof hints);
628 hints.ai_family=AF_UNSPEC;
629 hints.ai_socktype=SOCK_STREAM;
630 hints.ai_flags=AI_CANONNAME;
631
632 if((gai_result=getaddrinfo(hostname, NULL, &hints, &info)))
633 {
634 logp("getaddrinfo in %s: %s\n", __func__,
635 gai_strerror(gai_result));
636 logp("Using %s\n", hostname);
637 if(!(fqdn=strdup_w(hostname, __func__)))
638 goto end;
639 }
640 else
641 {
642 //for(p=info; p; p=p->ai_next)
643 // Just use the first one.
644 if(!info)
645 {
646 logp("Got no hostname in %s\n", __func__);
647 goto end;
648 }
649 if(!(fqdn=strdup_w(info->ai_canonname, __func__)))
650 goto end;
651 }
652
653 mangle_cname(&fqdn, c);
654
655 if(set_string(c[OPT_CNAME], fqdn))
656 goto end;
657 logp("cname from hostname: %s\n", get_string(c[OPT_CNAME]));
658
659 ret=0;
660 end:
661 if(info) freeaddrinfo(info);
662 free_w(&fqdn);
663 return ret;
664 }
665
confs_get_lockfile(struct conf ** confs)666 const char *confs_get_lockfile(struct conf **confs)
667 {
668 const char *lockfile=get_string(confs[OPT_LOCKFILE]);
669 if(!lockfile) lockfile=get_string(confs[OPT_PIDFILE]);
670 return lockfile;
671 }
672
general_conf_checks(struct conf ** c,const char * path,int * r)673 static int general_conf_checks(struct conf **c, const char *path, int *r)
674 {
675 if(!confs_get_lockfile(c))
676 conf_problem(path, "lockfile unset", r);
677 if(!get_string(c[OPT_SSL_CERT]))
678 conf_problem(path, "ssl_cert unset", r);
679 if(!get_string(c[OPT_SSL_CERT_CA]))
680 conf_problem(path, "ssl_cert_ca unset", r);
681 return 0;
682 }
683
client_conf_checks(struct conf ** c,const char * path,int * r)684 static int client_conf_checks(struct conf **c, const char *path, int *r)
685 {
686 int ret=-1;
687 char *copy=NULL;
688 const char *autoupgrade_os=get_string(c[OPT_AUTOUPGRADE_OS]);
689
690 if(!get_string(c[OPT_CNAME]))
691 {
692 if(get_cname_from_ssl_cert(c))
693 goto end;
694 // There was no error. This is probably a new install.
695 // Try getting the fqdn and using that.
696 if(!get_string(c[OPT_CNAME]))
697 {
698 if(get_fqdn(c))
699 goto end;
700 if(!get_string(c[OPT_CNAME]))
701 conf_problem(path, "client name unset", r);
702 }
703 }
704 if(!get_string(c[OPT_PASSWORD]))
705 {
706 logp("password not set, falling back to \"password\"\n");
707 if(set_string(c[OPT_PASSWORD], "password"))
708 goto end;
709 }
710 if(!get_string(c[OPT_SERVER]))
711 conf_problem(path, "server unset", r);
712 if(!get_string(c[OPT_SSL_PEER_CN]))
713 {
714 const char *server=get_string(c[OPT_SERVER]);
715 logp("ssl_peer_cn unset\n");
716 if(server)
717 {
718 char *cp=NULL;
719 if(!(copy=strdup_w(server, __func__)))
720 goto end;
721
722 if((cp=strchr(copy, ':')))
723 *cp='\0';
724 logp("falling back to '%s'\n", copy);
725 if(set_string(c[OPT_SSL_PEER_CN], copy))
726 goto end;
727 }
728 }
729 if(autoupgrade_os
730 && strstr(autoupgrade_os, ".."))
731 conf_problem(path,
732 "autoupgrade_os must not contain a '..' component", r);
733 if(get_string(c[OPT_CA_BURP_CA]))
734 {
735 if(!get_string(c[OPT_CA_CSR_DIR]))
736 burp_ca_conf_problem(path, "ca_csr_dir", r);
737 if(!get_string(c[OPT_SSL_CERT_CA]))
738 burp_ca_conf_problem(path, "ssl_cert_ca", r);
739 if(!get_string(c[OPT_SSL_CERT]))
740 burp_ca_conf_problem(path, "ssl_cert", r);
741 if(!get_string(c[OPT_SSL_KEY]))
742 burp_ca_conf_problem(path, "ssl_key", r);
743 }
744
745 if(!r)
746 {
747 struct strlist *l;
748 logp("Listing configured paths:\n");
749 for(l=get_strlist(c[OPT_INCEXCDIR]); l; l=l->next)
750 logp("%s: %s\n", l->flag?"include":"exclude", l->path);
751 logp("Listing starting paths:\n");
752 for(l=get_strlist(c[OPT_STARTDIR]); l; l=l->next)
753 if(l->flag) logp("%s\n", l->path);
754 }
755
756 ret=0;
757 end:
758 free_w(©);
759 return ret;
760 }
761
finalise_keep_args(struct conf ** c)762 static int finalise_keep_args(struct conf **c)
763 {
764 struct strlist *k;
765 struct strlist *last=NULL;
766 uint64_t mult=1;
767 for(k=get_strlist(c[OPT_KEEP]); k; k=k->next)
768 {
769 if(!(k->flag=atoi(k->path)))
770 {
771 logp("'keep' value cannot be set to '%s'\n", k->path);
772 return -1;
773 }
774 mult*=k->flag;
775
776 // An error if you try to keep backups every second
777 // for 100 years.
778 if(mult>52560000)
779 {
780 logp("Your 'keep' values are far too high. High enough to keep a backup every second for 10 years. Please lower them to something sensible.\n");
781 return -1;
782 }
783 last=k;
784 }
785 // If more than one keep value is set, add one to the last one.
786 // This is so that, for example, having set 7, 4, 6, then
787 // a backup of age 7*4*6=168 or more is guaranteed to be kept.
788 // Otherwise, only 7*4*5=140 would be guaranteed to be kept.
789 k=get_strlist(c[OPT_KEEP]);
790 if(k && k->next) last->flag++;
791 return 0;
792 }
793
incexc_munge(struct conf ** c,struct strlist * s)794 static int incexc_munge(struct conf **c, struct strlist *s)
795 {
796 #ifdef HAVE_WIN32
797 convert_backslashes(&s->path);
798 #endif
799 if(!is_absolute(s->path))
800 {
801 logp("ERROR: Please use absolute include/exclude paths: %s\n",
802 s->path);
803 return -1;
804 }
805 if(add_to_strlist_sorted_uniq(c[OPT_INCEXCDIR], s->path, s->flag))
806 return -1;
807 return 0;
808 }
809
sanity_check_no_dupes(struct strlist * sl)810 static const char *sanity_check_no_dupes(struct strlist *sl)
811 {
812 struct strlist *s=NULL;
813 struct strlist *prev=NULL;
814
815 for(s=sl; s; s=s->next)
816 {
817 if(!prev)
818 {
819 prev=s;
820 continue;
821 }
822 if(!strcmp(s->path, prev->path))
823 {
824 return s->path;
825 }
826 prev=s;
827 }
828 return NULL;
829 }
830
finalise_incexc_dirs(struct conf ** c)831 static int finalise_incexc_dirs(struct conf **c)
832 {
833 const char *dupe=NULL;
834 struct strlist *s=NULL;
835
836 for(s=get_strlist(c[OPT_INCLUDE]); s; s=s->next)
837 if(incexc_munge(c, s)) return -1;
838 for(s=get_strlist(c[OPT_EXCLUDE]); s; s=s->next)
839 if(incexc_munge(c, s)) return -1;
840 if(get_strlist(c[OPT_INCREG]) &&
841 !(get_strlist(c[OPT_INCLUDE]) || get_strlist(c[OPT_INCGLOB])))
842 {
843 logp("Need at least one 'include' or 'include_glob' for the 'include_regex' to work.\n");
844 return -1;
845 }
846
847 if((dupe=sanity_check_no_dupes(get_strlist(c[OPT_INCEXCDIR])))) {
848 printf("xxx\n");
849 logp("ERROR: Duplicate include/exclude path: %s\n", dupe);
850 return -1;
851 }
852
853 return 0;
854 }
855
add_to_cross_filesystem(struct conf ** c,const char * path)856 static int add_to_cross_filesystem(struct conf **c, const char *path)
857 {
858 if(strlist_find(get_strlist(c[OPT_FSCHGDIR]), path, 0))
859 return 0;
860 return add_to_strlist(c[OPT_FSCHGDIR], path, 0);
861 }
862
check_start_dirs_and_seed(struct conf ** c)863 static int check_start_dirs_and_seed(struct conf **c)
864 {
865 int errors=0;
866 struct strlist *s=NULL;
867 const char *src=get_string(c[OPT_SEED_SRC]);
868 if(!src)
869 return 0;
870
871 for(s=get_strlist(c[OPT_STARTDIR]); s; s=s->next)
872 {
873 if(!is_subdir(src, s->path))
874 {
875 logp("ERROR: Starting directories need to be within %s:%s: %s\n",
876 c[OPT_SEED_SRC]->field, src, s->path);
877 errors++;
878 }
879 }
880
881 return errors;
882 }
883
884 // This decides which directories to start backing up, and which
885 // are subdirectories which don't need to be started separately.
finalise_start_dirs(struct conf ** c)886 static int finalise_start_dirs(struct conf **c)
887 {
888 struct strlist *s=NULL;
889 struct strlist *last_sd=NULL;
890 const char *dupe=NULL;
891
892 // Make sure that the startdir list starts empty, or chaos will ensue.
893 conf_free_content(c[OPT_STARTDIR]);
894
895 for(s=get_strlist(c[OPT_INCLUDE]); s; s=s->next)
896 {
897 #ifdef HAVE_WIN32
898 convert_backslashes(&s->path);
899 #endif
900 if(!is_absolute(s->path))
901 {
902 logp("ERROR: Please use absolute include/exclude paths.\n");
903 return -1;
904 }
905
906 // If it is not a subdirectory of the most recent start point,
907 // we have found another start point.
908 if(!get_strlist(c[OPT_STARTDIR])
909 || !last_sd || !is_subdir(last_sd->path, s->path))
910 {
911 // Do not use strlist_add_sorted, because last_sd is
912 // relying on incexcdir already being sorted.
913 if(add_to_strlist(c[OPT_STARTDIR], s->path, s->flag))
914 return -1;
915 last_sd=s;
916 }
917 else
918 {
919 // If it is not a starting directory, it should at
920 // least be included as a cross_filesystem entry.
921 if(add_to_cross_filesystem(c, s->path))
922 return -1;
923 }
924 }
925
926 if((dupe=sanity_check_no_dupes(get_strlist(c[OPT_STARTDIR])))) {
927 logp("ERROR: Directory appears twice in conf: %s\n", dupe);
928 return -1;
929 }
930
931 if(check_start_dirs_and_seed(c))
932 return -1;
933
934 return 0;
935 }
936
finalise_fschg_dirs(struct conf ** c)937 static int finalise_fschg_dirs(struct conf **c)
938 {
939 struct strlist *s;
940 for(s=get_strlist(c[OPT_FSCHGDIR]); s; s=s->next)
941 strip_trailing_slashes(&s->path);
942 return 0;
943 }
944
945 // The glob stuff should only run on the client side.
finalise_glob(struct conf ** c)946 static int finalise_glob(struct conf **c)
947 {
948 int ret=-1;
949 #ifdef HAVE_WIN32
950 if(glob_windows(c)) goto end;
951 #else
952 int i;
953 glob_t globbuf;
954 struct strlist *l;
955 struct strlist *last=NULL;
956 memset(&globbuf, 0, sizeof(globbuf));
957 for(l=get_strlist(c[OPT_INCGLOB]); l; l=l->next)
958 {
959 glob(l->path, last?GLOB_APPEND:0, NULL, &globbuf);
960 last=l;
961 }
962
963 for(i=0; (unsigned int)i<globbuf.gl_pathc; i++)
964 if(add_to_strlist_sorted_uniq(c[OPT_INCLUDE], globbuf.gl_pathv[i], 1/*flag*/))
965 goto end;
966
967 globfree(&globbuf);
968 #endif
969 ret=0;
970 end:
971 return ret;
972 }
973
974 // Reeval the glob after script pre
reeval_glob(struct conf ** c)975 int reeval_glob(struct conf **c)
976 {
977 if(finalise_glob(c))
978 return -1;
979
980 if(finalise_incexc_dirs(c)
981 || finalise_start_dirs(c)
982 || finalise_fschg_dirs(c))
983 return -1;
984
985 return 0;
986 }
987
988 // Set the flag of the first item in a list that looks at extensions to the
989 // maximum number of characters that need to be checked, plus one. This is for
990 // a bit of added efficiency.
set_max_ext(struct strlist * list)991 static void set_max_ext(struct strlist *list)
992 {
993 int max=0;
994 struct strlist *l=NULL;
995 for(l=list; l; l=l->next)
996 {
997 int s=strlen(l->path);
998 if(s>max) max=s;
999 }
1000 if(list) list->flag=max+1;
1001 }
1002
finalise_fstypes(struct conf ** c,int opt)1003 static int finalise_fstypes(struct conf **c, int opt)
1004 {
1005 struct strlist *l;
1006 // Set the strlist flag for the excluded fstypes
1007 for(l=get_strlist(c[opt]); l; l=l->next)
1008 {
1009 l->flag=0;
1010 if(!strncasecmp(l->path, "0x", 2))
1011 {
1012 l->flag=strtol((l->path)+2, NULL, 16);
1013 logp("Excluding file system type 0x%08lX\n", l->flag);
1014 }
1015 else
1016 {
1017 if(fstype_to_flag(l->path, &(l->flag)))
1018 {
1019 logp("Unknown exclude fs type: %s\n", l->path);
1020 l->flag=0;
1021 }
1022 }
1023 }
1024 return 0;
1025 }
1026
setup_script_arg_override(struct conf * c,struct conf * args)1027 static int setup_script_arg_override(struct conf *c, struct conf *args)
1028 {
1029 struct strlist *s;
1030 set_strlist(args, NULL);
1031 for(s=get_strlist(c); s; s=s->next)
1032 if(add_to_strlist(args, s->path, s->flag))
1033 return -1;
1034 return 0;
1035 }
1036
setup_script_arg_overrides(struct conf * c,struct conf * pre_args,struct conf * post_args)1037 static int setup_script_arg_overrides(struct conf *c,
1038 struct conf *pre_args, struct conf *post_args)
1039 {
1040 if(!get_strlist(c)) return 0;
1041 return setup_script_arg_override(c, pre_args)
1042 || setup_script_arg_override(c, post_args);
1043 }
1044
listen_config_ok(const char * l)1045 static int listen_config_ok(const char *l)
1046 {
1047 int port;
1048 const char *c=NULL;
1049 const char *cp=NULL;
1050
1051 for(c=l; *c; c++)
1052 if(!isalnum(*c) && *c!=':' && *c!='.')
1053 return 0;
1054
1055 if(!(cp=strrchr(l, ':')))
1056 return 0;
1057 if(l==cp)
1058 return 0;
1059 cp++;
1060 if(!strlen(cp) || strlen(cp)>5)
1061 return 0;
1062 port=atoi(cp);
1063 if(port<=0 || port>65535)
1064 return 0;
1065
1066 return 1;
1067 }
1068
finalise_server_max_children(struct conf ** c,enum conf_opt listen_opt,enum conf_opt max_children_opt)1069 static int finalise_server_max_children(struct conf **c,
1070 enum conf_opt listen_opt, enum conf_opt max_children_opt)
1071 {
1072 struct strlist *l;
1073 struct strlist *mc;
1074 long max_children=5;
1075
1076 for(l=get_strlist(c[listen_opt]),
1077 mc=get_strlist(c[max_children_opt]); l; l=l->next)
1078 {
1079 if(!listen_config_ok(l->path))
1080 {
1081 logp("Could not parse %s config '%s'\n",
1082 c[listen_opt]->field, l->path);
1083 return -1;
1084 }
1085 if(mc)
1086 {
1087 if((max_children=atol(mc->path))<=0)
1088 {
1089 logp("%s too low for %s %s\n",
1090 c[max_children_opt]->field,
1091 c[listen_opt]->field,
1092 l->path);
1093 return -1;
1094 }
1095 l->flag=max_children;
1096
1097 mc=mc->next;
1098 }
1099 else
1100 {
1101 logp("%s %s defaulting to %s %lu\n",
1102 c[listen_opt]->field,
1103 l->path,
1104 c[max_children_opt]->field,
1105 max_children);
1106 l->flag=max_children;
1107 }
1108 }
1109
1110 if(mc)
1111 {
1112 logp("too many %s options\n", c[max_children_opt]->field);
1113 return -1;
1114 }
1115
1116 return 0;
1117 }
1118
finalise_client_ports(struct conf ** c)1119 static int finalise_client_ports(struct conf **c)
1120 {
1121 int port=0;
1122 struct strlist *p;
1123
1124 for(p=get_strlist(c[OPT_PORT]); p; p=p->next)
1125 port=atoi(p->path);
1126
1127 if(!port)
1128 return 0;
1129
1130 if(!get_int(c[OPT_PORT_BACKUP]))
1131 set_int(c[OPT_PORT_BACKUP], port);
1132 if(!get_int(c[OPT_PORT_RESTORE]))
1133 set_int(c[OPT_PORT_RESTORE], port);
1134 if(!get_int(c[OPT_PORT_VERIFY]))
1135 set_int(c[OPT_PORT_VERIFY], get_int(c[OPT_PORT_RESTORE]));
1136 if(!get_int(c[OPT_PORT_LIST]))
1137 set_int(c[OPT_PORT_LIST], port);
1138 if(!get_int(c[OPT_PORT_DELETE]))
1139 set_int(c[OPT_PORT_DELETE], port);
1140
1141 return 0;
1142 }
1143
apply_cli_overrides(struct conf ** confs)1144 static int apply_cli_overrides(struct conf **confs)
1145 {
1146 int ret=-1;
1147 int line=0;
1148 char *opt=NULL;
1149 struct strlist *oo=NULL;
1150
1151 for(oo=cli_overrides; oo; oo=oo->next)
1152 {
1153 line++;
1154 free_w(&opt);
1155 if(!(opt=strdup_w(oo->path, __func__)))
1156 goto end;
1157 if((ret=conf_parse_line(confs, "", opt, line)))
1158 {
1159 logp("Unable to parse cli option %d '%s'\n",
1160 line, oo->path);
1161 goto end;
1162 }
1163 }
1164 ret=0;
1165 end:
1166 free_w(&opt);
1167 return ret;
1168 }
1169
conf_finalise(struct conf ** c)1170 static int conf_finalise(struct conf **c)
1171 {
1172 enum burp_mode burp_mode;
1173 int s_script_notify=0;
1174
1175 if(apply_cli_overrides(c))
1176 return -1;
1177
1178 burp_mode=get_e_burp_mode(c[OPT_BURP_MODE]);
1179
1180 if(finalise_fstypes(c, OPT_EXCFS)
1181 || finalise_fstypes(c, OPT_INCFS))
1182 return -1;
1183
1184 strlist_compile_regexes(get_strlist(c[OPT_INCREG]));
1185 strlist_compile_regexes(get_strlist(c[OPT_EXCREG]));
1186
1187 set_max_ext(get_strlist(c[OPT_INCEXT]));
1188 set_max_ext(get_strlist(c[OPT_EXCEXT]));
1189 set_max_ext(get_strlist(c[OPT_EXCOM]));
1190
1191 if(burp_mode==BURP_MODE_CLIENT
1192 && finalise_glob(c))
1193 return -1;
1194
1195 if(finalise_incexc_dirs(c)
1196 || finalise_start_dirs(c)
1197 || finalise_fschg_dirs(c))
1198 return -1;
1199
1200 if(finalise_keep_args(c))
1201 return -1;
1202
1203 if(burp_mode==BURP_MODE_SERVER)
1204 {
1205 if(!get_strlist(c[OPT_LISTEN]))
1206 {
1207 logp("Need at least one 'listen' config.\n");
1208 return -1;
1209 }
1210 if(finalise_server_max_children(c,
1211 OPT_LISTEN, OPT_MAX_CHILDREN)
1212 || finalise_server_max_children(c,
1213 OPT_LISTEN_STATUS, OPT_MAX_STATUS_CHILDREN))
1214 return -1;
1215 }
1216 if(burp_mode==BURP_MODE_CLIENT)
1217 {
1218 if(finalise_client_ports(c))
1219 return -1;
1220 }
1221
1222 if((s_script_notify=get_int(c[OPT_S_SCRIPT_NOTIFY])))
1223 {
1224 set_int(c[OPT_S_SCRIPT_PRE_NOTIFY], s_script_notify);
1225 set_int(c[OPT_S_SCRIPT_POST_NOTIFY], s_script_notify);
1226 }
1227
1228 // These override the specific pre/post script paths with the general
1229 // one. For example, if 'server_script' is set, its value is used for
1230 // 'server_script_pre' and 'server_script_post'.
1231 if(pre_post_override(c[OPT_B_SCRIPT],
1232 c[OPT_B_SCRIPT_PRE], c[OPT_B_SCRIPT_POST])
1233 || pre_post_override(c[OPT_R_SCRIPT],
1234 c[OPT_R_SCRIPT_PRE], c[OPT_R_SCRIPT_POST])
1235 || pre_post_override(c[OPT_S_SCRIPT],
1236 c[OPT_S_SCRIPT_PRE], c[OPT_S_SCRIPT_POST])
1237 // And these do the same for the script arguments.
1238 || setup_script_arg_overrides(c[OPT_B_SCRIPT_ARG],
1239 c[OPT_B_SCRIPT_PRE_ARG], c[OPT_B_SCRIPT_POST_ARG])
1240 || setup_script_arg_overrides(c[OPT_R_SCRIPT_ARG],
1241 c[OPT_R_SCRIPT_PRE_ARG], c[OPT_R_SCRIPT_POST_ARG])
1242 || setup_script_arg_overrides(c[OPT_S_SCRIPT_ARG],
1243 c[OPT_S_SCRIPT_PRE_ARG], c[OPT_S_SCRIPT_POST_ARG]))
1244 return -1;
1245
1246 // We are now done with these. Clear them, otherwise they interfere.
1247 set_string(c[OPT_S_SCRIPT], NULL);
1248 set_strlist(c[OPT_S_SCRIPT_ARG], NULL);
1249 return 0;
1250 }
1251
conf_finalise_global_only(const char * conf_path,struct conf ** confs)1252 static int conf_finalise_global_only(const char *conf_path, struct conf **confs)
1253 {
1254 int r=0;
1255
1256 // Let the caller check the 'keep' value.
1257
1258 if(!get_string(confs[OPT_SSL_KEY_PASSWORD])
1259 && set_string(confs[OPT_SSL_KEY_PASSWORD], ""))
1260 r--;
1261
1262 if(general_conf_checks(confs, conf_path, &r)) r--;
1263
1264 switch(get_e_burp_mode(confs[OPT_BURP_MODE]))
1265 {
1266 case BURP_MODE_SERVER:
1267 if(server_conf_checks(confs, conf_path, &r)) r--;
1268 break;
1269 case BURP_MODE_CLIENT:
1270 if(client_conf_checks(confs, conf_path, &r)) r--;
1271 break;
1272 case BURP_MODE_UNSET:
1273 default:
1274 logp("%s: mode unset - need 'server' or 'client'\n",
1275 conf_path);
1276 r--;
1277 break;
1278 }
1279
1280 return r;
1281 }
1282
conf_load_lines_from_file(const char * conf_path,struct conf ** confs)1283 static int conf_load_lines_from_file(const char *conf_path, struct conf **confs)
1284 {
1285 int ret=0;
1286 int line=0;
1287 FILE *fp=NULL;
1288 char buf[4096]="";
1289
1290 if(!(fp=fopen(conf_path, "r")))
1291 {
1292 logp("could not open '%s' for reading.\n", conf_path);
1293 return -1;
1294 }
1295 while(fgets(buf, sizeof(buf), fp))
1296 {
1297 line++;
1298 if(conf_parse_line(confs, conf_path, buf, line))
1299 {
1300 conf_error(conf_path, line);
1301 ret=-1;
1302 }
1303 }
1304 if(fp) fclose(fp);
1305 return ret;
1306 }
1307
1308 #ifndef UTEST
1309 static
1310 #endif
conf_load_lines_from_buf(const char * buf,struct conf ** c)1311 int conf_load_lines_from_buf(const char *buf, struct conf **c)
1312 {
1313 int ret=0;
1314 int line=0;
1315 char *tok=NULL;
1316 char *copy=NULL;
1317
1318 if(!buf) return 0;
1319
1320 if(!(copy=strdup_w(buf, __func__))) return -1;
1321 if(!(tok=strtok(copy, "\n")))
1322 {
1323 logp("unable to parse conf buffer\n");
1324 free_w(©);
1325 return -1;
1326 }
1327 do
1328 {
1329 line++;
1330 if(conf_parse_line(c, "", tok, line))
1331 {
1332 ret=-1;
1333 break;
1334 }
1335 } while((tok=strtok(NULL, "\n")));
1336 free_w(©);
1337
1338 return ret;
1339 }
1340
1341 /* The server runs this when parsing a restore file on the server. Called
1342 elsewhere too. */
conf_parse_incexcs_path(struct conf ** c,const char * path)1343 int conf_parse_incexcs_path(struct conf **c, const char *path)
1344 {
1345 free_incexcs(c);
1346 if(conf_load_lines_from_file(path, c)
1347 || conf_finalise(c))
1348 return -1;
1349 return 0;
1350 }
1351
1352 /* The client runs this when the server overrides the incexcs. */
conf_parse_incexcs_buf(struct conf ** c,const char * incexc)1353 int conf_parse_incexcs_buf(struct conf **c, const char *incexc)
1354 {
1355 free_incexcs(c);
1356 if(conf_load_lines_from_buf(incexc, c)
1357 || conf_finalise(c))
1358 return -1;
1359 return 0;
1360 }
1361
1362 /* The client runs this when the server overrides the incexcs for restore. */
conf_parse_incexcs_srestore(struct conf ** c,const char * incexc)1363 int conf_parse_incexcs_srestore(struct conf **c, const char *incexc)
1364 {
1365 int ret=-1;
1366 char *rp=NULL;
1367 char *oldprefix=NULL;
1368 char *srvprefix=NULL;
1369 char *newprefix=NULL;
1370 const char *rpfield=c[OPT_RESTOREPREFIX]->field;
1371
1372 if(!(rp=get_string(c[OPT_RESTOREPREFIX])))
1373 {
1374 logp("The client side must specify a %s!\n", rpfield);
1375 goto end;
1376 }
1377 if(!(oldprefix=strdup_w(rp, __func__)))
1378 goto end;
1379
1380 free_incexcs(c);
1381 set_string(c[OPT_RESTOREPREFIX], NULL);
1382 if(conf_load_lines_from_buf(incexc, c)
1383 || conf_finalise(c))
1384 goto end;
1385
1386 if((srvprefix=get_string(c[OPT_RESTOREPREFIX])))
1387 {
1388 if(has_dot_component(srvprefix))
1389 {
1390 logp("The server gave %s '%s', which is not allowed!",
1391 rpfield, srvprefix);
1392 goto end;
1393 }
1394 if(!strcmp(oldprefix, "/"))
1395 {
1396 // Avoid double slash.
1397 if(!(newprefix=prepend_s("", srvprefix)))
1398 goto end;
1399 }
1400 else
1401 {
1402 if(!(newprefix=prepend_s(oldprefix, srvprefix)))
1403 goto end;
1404 }
1405 if(set_string(c[OPT_RESTOREPREFIX], newprefix))
1406 goto end;
1407 if(build_path_w(newprefix))
1408 goto end;
1409 }
1410 else
1411 {
1412 if(set_string(c[OPT_RESTOREPREFIX], oldprefix))
1413 goto end;
1414 }
1415 ret=0;
1416 end:
1417 free_w(&oldprefix);
1418 free_w(&newprefix);
1419 return ret;
1420 }
1421
conf_set_from_global(struct conf ** globalc,struct conf ** cc)1422 static int conf_set_from_global(struct conf **globalc, struct conf **cc)
1423 {
1424 int i=0;
1425 for(i=0; i<OPT_MAX; i++)
1426 {
1427 if(!(cc[i]->flags & CONF_FLAG_CC_OVERRIDE))
1428 continue;
1429 switch(cc[i]->conf_type)
1430 {
1431 case CT_STRING:
1432 set_string(cc[i], get_string(globalc[i]));
1433 break;
1434 case CT_UINT:
1435 set_int(cc[i], get_int(globalc[i]));
1436 break;
1437 case CT_FLOAT:
1438 set_float(cc[i], get_float(globalc[i]));
1439 break;
1440 case CT_MODE_T:
1441 set_mode_t(cc[i], get_mode_t(globalc[i]));
1442 break;
1443 case CT_SSIZE_T:
1444 set_uint64_t(cc[i], get_uint64_t(globalc[i]));
1445 break;
1446 case CT_E_BURP_MODE:
1447 set_e_burp_mode(cc[i], get_e_burp_mode(globalc[i]));
1448 break;
1449 case CT_E_PROTOCOL:
1450 set_e_protocol(cc[i], get_e_protocol(globalc[i]));
1451 break;
1452 case CT_E_RECOVERY_METHOD:
1453 set_e_recovery_method(cc[i], get_e_recovery_method(globalc[i]));
1454 break;
1455 case CT_E_RSHASH:
1456 set_e_rshash(cc[i], get_e_rshash(globalc[i]));
1457 break;
1458 case CT_STRLIST:
1459 // Done later.
1460 break;
1461 case CT_CNTR:
1462 break;
1463 // No default so that there are warnings if anything
1464 // was missed.
1465 }
1466 }
1467
1468 // If ssl_peer_cn is not set, default it to the client name.
1469 if(!get_string(globalc[OPT_SSL_PEER_CN])
1470 && set_string(cc[OPT_SSL_PEER_CN], get_string(cc[OPT_CNAME])))
1471 return -1;
1472
1473 return 0;
1474 }
1475
append_strlist(struct conf * dst,struct conf * src)1476 static int append_strlist(struct conf *dst, struct conf *src)
1477 {
1478 struct strlist *s;
1479 for(s=get_strlist(src); s; s=s->next)
1480 if(add_to_strlist(dst, s->path, s->flag))
1481 return -1;
1482 return 0;
1483 }
1484
1485 // Instead of adding onto the end of the list, this replaces the list.
conf_set_from_global_arg_list_overrides(struct conf ** globalc,struct conf ** cc)1486 static int conf_set_from_global_arg_list_overrides(struct conf **globalc,
1487 struct conf **cc)
1488 {
1489 int i=0;
1490 for(i=0; i<OPT_MAX; i++)
1491 {
1492 if(cc[i]->conf_type!=CT_STRLIST) continue;
1493 if(!(cc[i]->flags & CONF_FLAG_CC_OVERRIDE)) continue;
1494 if(cc[i]->flags & CONF_FLAG_STRLIST_REPLACE)
1495 {
1496 // If there was no cc[i] strlist set, use the global.
1497 if(!get_strlist(cc[i])
1498 && append_strlist(cc[i], globalc[i]))
1499 return -1;
1500 }
1501 else
1502 {
1503 struct conf tmpconf;
1504 // A bit painful.
1505 tmpconf.conf_type=cc[i]->conf_type;
1506 tmpconf.flags=cc[i]->flags;
1507 memset(&tmpconf.data, 0, sizeof(tmpconf.data));
1508 if(append_strlist(&tmpconf, globalc[i])
1509 || append_strlist(&tmpconf, cc[i]))
1510 return -1;
1511 set_strlist(cc[i], get_strlist(&tmpconf));
1512 }
1513 }
1514 return 0;
1515 }
1516
conf_init_save_cname_and_version(struct conf ** cconfs)1517 static int conf_init_save_cname_and_version(struct conf **cconfs)
1518 {
1519 int ret=-1;
1520 char *cname=NULL;
1521 char *cversion=NULL;
1522 char *orig_cname=get_string(cconfs[OPT_CNAME]);
1523 char *orig_cversion=get_string(cconfs[OPT_PEER_VERSION]);
1524
1525 if((orig_cname && !(cname=strdup_w(orig_cname, __func__)))
1526 || (orig_cversion
1527 && !(cversion=strdup_w(orig_cversion, __func__))))
1528 goto end;
1529
1530 set_string(cconfs[OPT_CNAME], NULL);
1531 set_string(cconfs[OPT_PEER_VERSION], NULL);
1532 if(confs_init(cconfs)) goto end;
1533 set_string(cconfs[OPT_CNAME], cname);
1534 set_string(cconfs[OPT_PEER_VERSION], cversion);
1535 ret=0;
1536 end:
1537 free_w(&cname);
1538 free_w(&cversion);
1539 return ret;
1540 }
1541
do_conf_load_overrides(struct conf ** globalcs,struct conf ** cconfs,const char * path,const char * buf)1542 static int do_conf_load_overrides(struct conf **globalcs, struct conf **cconfs,
1543 const char *path, const char *buf)
1544 {
1545 // Some client settings can be globally set in the server conf and
1546 // overridden in the client specific conf.
1547 if(conf_set_from_global(globalcs, cconfs)) return -1;
1548 if(buf) { if(conf_load_lines_from_buf(buf, cconfs)) return -1; }
1549 else { if(conf_load_lines_from_file(path, cconfs)) return -1; }
1550 if(conf_set_from_global_arg_list_overrides(globalcs, cconfs)
1551 || conf_finalise(cconfs))
1552 return -1;
1553 return 0;
1554 }
1555
1556 #ifndef UTEST
1557 static
1558 #endif
conf_load_overrides(struct conf ** globalcs,struct conf ** cconfs,const char * path)1559 int conf_load_overrides(struct conf **globalcs, struct conf **cconfs,
1560 const char *path)
1561 {
1562 return do_conf_load_overrides(globalcs, cconfs, path, NULL);
1563 }
1564
cname_valid(const char * cname)1565 int cname_valid(const char *cname)
1566 {
1567 if(!cname) return 0;
1568 if(cname[0]=='.'
1569 || strchr(cname, '/') // Avoid path attacks.
1570 || strchr(cname, '\\') // Be cautious of backslashes too.
1571 // I am told that emacs tmp files end with '~'.
1572 || cname[strlen(cname)-1]=='~')
1573 return 0;
1574 return 1;
1575 }
1576
conf_load_clientconfdir(struct conf ** globalcs,struct conf ** cconfs)1577 int conf_load_clientconfdir(struct conf **globalcs, struct conf **cconfs)
1578 {
1579 int ret=-1;
1580 char *path=NULL;
1581 const char *cname=NULL;
1582
1583 if(conf_init_save_cname_and_version(cconfs)) goto end;
1584 cname=get_string(cconfs[OPT_CNAME]);
1585 if(!cname_valid(cname))
1586 {
1587 logp("client name '%s' is not valid\n", cname);
1588 goto end;
1589 }
1590
1591 if(!(path=prepend_s(get_string(globalcs[OPT_CLIENTCONFDIR]), cname)))
1592 goto end;
1593 ret=conf_load_overrides(globalcs, cconfs, path);
1594 end:
1595 free_w(&path);
1596 return ret;
1597 }
1598
do_load_global_only(struct conf ** globalcs,const char * path,const char * buf)1599 static int do_load_global_only(struct conf **globalcs,
1600 const char *path, const char *buf)
1601 {
1602 if(set_string(globalcs[OPT_CONFFILE], path)) return -1;
1603 if(buf) { if(conf_load_lines_from_buf(buf, globalcs)) return -1; }
1604 else { if(conf_load_lines_from_file(path, globalcs)) return -1; }
1605 if(conf_finalise(globalcs)
1606 || conf_finalise_global_only(path, globalcs))
1607 return -1;
1608 return 0;
1609
1610 }
1611
conf_load_global_only(const char * path,struct conf ** globalcs)1612 int conf_load_global_only(const char *path, struct conf **globalcs)
1613 {
1614 return do_load_global_only(globalcs, path, NULL);
1615 }
1616
restore_client_allowed(struct conf ** cconfs,struct conf ** sconfs)1617 static int restore_client_allowed(struct conf **cconfs, struct conf **sconfs)
1618 {
1619 struct strlist *r;
1620 for(r=get_strlist(sconfs[OPT_SUPER_CLIENTS]); r; r=r->next)
1621 if(!strcmp(r->path, get_string(cconfs[OPT_CNAME])))
1622 return 2;
1623 for(r=get_strlist(sconfs[OPT_RESTORE_CLIENTS]); r; r=r->next)
1624 if(!strcmp(r->path, get_string(cconfs[OPT_CNAME])))
1625 return 1;
1626 logp("Access to client is not allowed: %s\n",
1627 get_string(sconfs[OPT_CNAME]));
1628 return 0;
1629 }
1630
conf_switch_to_orig_client(struct conf ** globalcs,struct conf ** cconfs,const char * orig_client)1631 int conf_switch_to_orig_client(struct conf **globalcs,
1632 struct conf **cconfs, const char *orig_client)
1633 {
1634 int ret=-1;
1635 int is_super=0;
1636 struct conf **sconfs=NULL;
1637
1638 // If we are already the wanted client, no need to switch.
1639 if(!strcmp(get_string(cconfs[OPT_CNAME]), orig_client))
1640 return 0;
1641
1642 if(!(sconfs=confs_alloc())
1643 || confs_init(sconfs)) goto end;
1644 if(set_string(sconfs[OPT_CNAME], orig_client))
1645 goto end;
1646 logp("Client wants to switch to client: %s\n",
1647 get_string(sconfs[OPT_CNAME]));
1648
1649 if(conf_load_clientconfdir(globalcs, sconfs))
1650 {
1651 logp("Could not load alternate config: %s",
1652 get_string(sconfs[OPT_CNAME]));
1653 goto end;
1654 }
1655 set_int(sconfs[OPT_SEND_CLIENT_CNTR],
1656 get_int(cconfs[OPT_SEND_CLIENT_CNTR]));
1657
1658 switch(restore_client_allowed(cconfs, sconfs))
1659 {
1660 case 1:
1661 break;
1662 case 2:
1663 is_super=1;
1664 break;
1665 default:
1666 goto end;
1667 }
1668
1669 // Restore client can never force backup.
1670 set_int(sconfs[OPT_CLIENT_CAN_FORCE_BACKUP], 0);
1671
1672 if(is_super)
1673 {
1674 set_int(sconfs[OPT_CLIENT_CAN_DELETE],
1675 get_int(cconfs[OPT_CLIENT_CAN_DELETE]));
1676 set_int(sconfs[OPT_CLIENT_CAN_DIFF],
1677 get_int(cconfs[OPT_CLIENT_CAN_DIFF]));
1678 set_int(sconfs[OPT_CLIENT_CAN_LIST],
1679 get_int(cconfs[OPT_CLIENT_CAN_LIST]));
1680 set_int(sconfs[OPT_CLIENT_CAN_MONITOR],
1681 get_int(cconfs[OPT_CLIENT_CAN_MONITOR]));
1682 set_int(sconfs[OPT_CLIENT_CAN_RESTORE],
1683 get_int(cconfs[OPT_CLIENT_CAN_RESTORE]));
1684 set_int(sconfs[OPT_CLIENT_CAN_VERIFY],
1685 get_int(cconfs[OPT_CLIENT_CAN_VERIFY]));
1686 }
1687 else
1688 {
1689 // For the rest of the client_can things, do not allow them on
1690 // orig_client if we do not have them ourselves.
1691 if(!get_int(cconfs[OPT_CLIENT_CAN_DELETE]))
1692 set_int(sconfs[OPT_CLIENT_CAN_DELETE], 0);
1693 if(!get_int(cconfs[OPT_CLIENT_CAN_DIFF]))
1694 set_int(sconfs[OPT_CLIENT_CAN_DIFF], 0);
1695 if(!get_int(cconfs[OPT_CLIENT_CAN_LIST]))
1696 set_int(sconfs[OPT_CLIENT_CAN_LIST], 0);
1697 if(!get_int(cconfs[OPT_CLIENT_CAN_MONITOR]))
1698 set_int(sconfs[OPT_CLIENT_CAN_MONITOR], 0);
1699 if(!get_int(cconfs[OPT_CLIENT_CAN_RESTORE]))
1700 set_int(sconfs[OPT_CLIENT_CAN_RESTORE], 0);
1701 if(!get_int(cconfs[OPT_CLIENT_CAN_VERIFY]))
1702 set_int(sconfs[OPT_CLIENT_CAN_VERIFY], 0);
1703 }
1704
1705 if(set_string(sconfs[OPT_CONNECT_CLIENT],
1706 get_string(cconfs[OPT_CONNECT_CLIENT])))
1707 goto end;
1708 if(set_string(sconfs[OPT_RESTORE_PATH],
1709 get_string(cconfs[OPT_RESTORE_PATH])))
1710 goto end;
1711 if(set_string(cconfs[OPT_RESTORE_PATH], NULL))
1712 goto end;
1713 set_cntr(sconfs[OPT_CNTR], get_cntr(cconfs));
1714 set_cntr(cconfs[OPT_CNTR], NULL);
1715 confs_free_content(cconfs);
1716 confs_init(cconfs);
1717 confs_memcpy(cconfs, sconfs);
1718 confs_null(sconfs);
1719 if(set_string(cconfs[OPT_SUPER_CLIENT],
1720 get_string(cconfs[OPT_CNAME]))) goto end;
1721 if(set_string(cconfs[OPT_ORIG_CLIENT],
1722 get_string(cconfs[OPT_CNAME]))) goto end;
1723
1724 logp("Switched to client %s\n", get_string(cconfs[OPT_CNAME]));
1725 ret=0;
1726 end:
1727 confs_free(&sconfs);
1728 return ret;
1729 }
1730
config_default_path(void)1731 char *config_default_path(void)
1732 {
1733 static char path[256]="";
1734 #ifdef HAVE_WIN32
1735 char *pfenv=NULL;
1736
1737 // Burp used to always install to 'C:/Program Files/Burp/', but as
1738 // of 1.3.11, it changed to %PROGRAMFILES%. Still want the old way
1739 // to work though. So check %PROGRAMFILES% first, then fall back.
1740 if((pfenv=getenv("PROGRAMFILES")))
1741 {
1742 struct stat statp;
1743 snprintf(path, sizeof(path), "%s/%s/%s.conf",
1744 pfenv, PACKAGE_NAME, PACKAGE_TARNAME);
1745 if(!lstat(path, &statp)
1746 && !S_ISDIR(statp.st_mode))
1747 return path;
1748 }
1749 snprintf(path, sizeof(path), "C:/Program Files/%s/%s.conf",
1750 PACKAGE_NAME, PACKAGE_TARNAME);
1751 #else
1752 snprintf(path, sizeof(path), "%s/%s.conf",
1753 SYSCONFDIR, PACKAGE_TARNAME);
1754 #endif
1755 return path;
1756 }
1757