X-Git-Url: https://www.tinc-vpn.org/git/browse?a=blobdiff_plain;f=src%2Fnet_setup.c;h=1796c4bbcc7a83a304d794d3426466c19e2ef0ee;hb=210b5ceeeebdf742a74dcf95a0a13d69623ee001;hp=597c3cb754575ab16f5b69d82164eb0377bc210b;hpb=ffa1dc73dcd62a856325641972a13d398aa8121c;p=tinc

diff --git a/src/net_setup.c b/src/net_setup.c
index 597c3cb7..1796c4bb 100644
--- a/src/net_setup.c
+++ b/src/net_setup.c
@@ -3,6 +3,7 @@
     Copyright (C) 1998-2005 Ivo Timmermans,
                   2000-2010 Guus Sliepen <guus@tinc-vpn.org>
                   2006      Scott Lamb <slamb@slamb.org>
+                  2010      Brandon Black <blblack@gmail.com>
 
     This program is free software; you can redistribute it and/or modify
     it under the terms of the GNU General Public License as published by
@@ -28,6 +29,7 @@
 #include "control.h"
 #include "device.h"
 #include "digest.h"
+#include "ecdsa.h"
 #include "graph.h"
 #include "logger.h"
 #include "net.h"
@@ -43,6 +45,43 @@
 char *myport;
 static struct event device_ev;
 
+bool read_ecdsa_public_key(connection_t *c) {
+	FILE *fp;
+	char *fname;
+	char *p;
+	bool result;
+
+	/* First, check for simple ECDSAPublicKey statement */
+
+	if(get_config_string(lookup_config(c->config_tree, "ECDSAPublicKey"), &p)) {
+		result = ecdsa_set_base64_public_key(&c->ecdsa, p);
+		free(p);
+		return result;
+	}
+
+	/* Else, check for ECDSAPublicKeyFile statement and read it */
+
+	if(!get_config_string(lookup_config(c->config_tree, "ECDSAPublicKeyFile"), &fname))
+		xasprintf(&fname, "%s/hosts/%s", confbase, c->name);
+
+	fp = fopen(fname, "r");
+
+	if(!fp) {
+		logger(LOG_ERR, "Error reading ECDSA public key file `%s': %s",
+			   fname, strerror(errno));
+		free(fname);
+		return false;
+	}
+
+	result = ecdsa_read_pem_public_key(&c->ecdsa, fp);
+	fclose(fp);
+
+	if(!result) 
+		logger(LOG_ERR, "Reading ECDSA public key file `%s' failed: %s", fname, strerror(errno));
+	free(fname);
+	return result;
+}
+
 bool read_rsa_public_key(connection_t *c) {
 	FILE *fp;
 	char *fname;
@@ -80,7 +119,48 @@ bool read_rsa_public_key(connection_t *c) {
 	return result;
 }
 
-bool read_rsa_private_key() {
+static bool read_ecdsa_private_key(void) {
+	FILE *fp;
+	char *fname;
+	bool result;
+
+	/* Check for PrivateKeyFile statement and read it */
+
+	if(!get_config_string(lookup_config(config_tree, "ECDSAPrivateKeyFile"), &fname))
+		xasprintf(&fname, "%s/ecdsa_key.priv", confbase);
+
+	fp = fopen(fname, "r");
+
+	if(!fp) {
+		logger(LOG_ERR, "Error reading ECDSA private key file `%s': %s",
+			   fname, strerror(errno));
+		free(fname);
+		return false;
+	}
+
+#if !defined(HAVE_MINGW) && !defined(HAVE_CYGWIN)
+	struct stat s;
+
+	if(fstat(fileno(fp), &s)) {
+		logger(LOG_ERR, "Could not stat ECDSA private key file `%s': %s'", fname, strerror(errno));
+		free(fname);
+		return false;
+	}
+
+	if(s.st_mode & ~0100700)
+		logger(LOG_WARNING, "Warning: insecure file permissions for ECDSA private key file `%s'!", fname);
+#endif
+
+	result = ecdsa_read_pem_private_key(&myself->connection->ecdsa, fp);
+	fclose(fp);
+
+	if(!result) 
+		logger(LOG_ERR, "Reading ECDSA private key file `%s' failed: %s", fname, strerror(errno));
+	free(fname);
+	return result;
+}
+
+static bool read_rsa_private_key(void) {
 	FILE *fp;
 	char *fname;
 	char *n, *d;
@@ -89,7 +169,7 @@ bool read_rsa_private_key() {
 	/* First, check for simple PrivateKey statement */
 
 	if(get_config_string(lookup_config(config_tree, "PrivateKey"), &d)) {
-		if(!get_config_string(lookup_config(myself->connection->config_tree, "PublicKey"), &n)) {
+		if(!get_config_string(lookup_config(config_tree, "PublicKey"), &n)) {
 			logger(LOG_ERR, "PrivateKey used but no PublicKey found!");
 			free(d);
 			return false;
@@ -142,11 +222,11 @@ static void keyexpire_handler(int fd, short events, void *data) {
 	regenerate_key();
 }
 
-void regenerate_key() {
+void regenerate_key(void) {
 	if(timeout_initialized(&keyexpire_event)) {
 		ifdebug(STATUS) logger(LOG_INFO, "Expiring symmetric keys");
 		event_del(&keyexpire_event);
-		send_key_changed(broadcast, myself);
+		send_key_changed();
 	} else {
 		timeout_set(&keyexpire_event, keyexpire_handler, NULL);
 	}
@@ -157,14 +237,14 @@ void regenerate_key() {
 /*
   Read Subnets from all host config files
 */
-static void load_all_subnets(void) {
+void load_all_subnets(void) {
 	DIR *dir;
 	struct dirent *ent;
 	char *dname;
 	char *fname;
 	splay_tree_t *config_tree;
 	config_t *cfg;
-	subnet_t *s;
+	subnet_t *s, *s2;
 	node_t *n;
 	bool result;
 
@@ -181,9 +261,6 @@ static void load_all_subnets(void) {
 			continue;
 
 		n = lookup_node(ent->d_name);
-		if(n)
-			continue;
-
 		#ifdef _DIRENT_HAVE_D_TYPE
 		//if(ent->d_type != DT_REG)
 		//	continue;
@@ -196,15 +273,21 @@ static void load_all_subnets(void) {
 		if(!result)
 			continue;
 
-		n = new_node();
-		n->name = xstrdup(ent->d_name);
-		node_add(n);
+		if(!n) {
+			n = new_node();
+			n->name = xstrdup(ent->d_name);
+			node_add(n);
+		}
 
 		for(cfg = lookup_config(config_tree, "Subnet"); cfg; cfg = lookup_config_next(config_tree, cfg)) {
 			if(!get_config_subnet(cfg, &s))
 				continue;
 
-			subnet_add(n, s);
+			if((s2 = lookup_subnet(n, s))) {
+				s2->expires = -1;
+			} else {
+				subnet_add(n, s);
+			}
 		}
 
 		exit_configuration(&config_tree);
@@ -216,25 +299,27 @@ static void load_all_subnets(void) {
 /*
   Configure node_t myself and set up the local sockets (listen only)
 */
-bool setup_myself(void) {
+static bool setup_myself(void) {
 	config_t *cfg;
 	subnet_t *subnet;
 	char *name, *hostname, *mode, *afname, *cipher, *digest;
+	char *fname = NULL;
 	char *address = NULL;
 	char *envp[5];
 	struct addrinfo *ai, *aip, hint = {0};
 	bool choice;
 	int i, err;
+	int replaywin_int;
 
 	myself = new_node();
 	myself->connection = new_connection();
-	init_configuration(&myself->connection->config_tree);
 
 	myself->hostname = xstrdup("MYSELF");
 	myself->connection->hostname = xstrdup("MYSELF");
 
 	myself->connection->options = 0;
-	myself->connection->protocol_version = PROT_CURRENT;
+	myself->connection->protocol_major = PROT_MAJOR;
+	myself->connection->protocol_minor = PROT_MINOR;
 
 	if(!get_config_string(lookup_config(config_tree, "Name"), &name)) {	/* Not acceptable */
 		logger(LOG_ERR, "Name for tinc daemon required!");
@@ -249,22 +334,33 @@ bool setup_myself(void) {
 
 	myself->name = name;
 	myself->connection->name = xstrdup(name);
+	xasprintf(&fname, "%s/hosts/%s", confbase, name);
+	read_config_options(config_tree, name);
+	read_config_file(config_tree, fname);
+	free(fname);
 
-	if(!read_connection_config(myself->connection)) {
-		logger(LOG_ERR, "Cannot open host configuration file for myself!");
+	if(!read_ecdsa_private_key())
 		return false;
-	}
 
 	if(!read_rsa_private_key())
 		return false;
 
-	if(!get_config_string(lookup_config(config_tree, "Port"), &myport)
-			&& !get_config_string(lookup_config(myself->connection->config_tree, "Port"), &myport))
+	if(!get_config_string(lookup_config(config_tree, "Port"), &myport))
 		myport = xstrdup("655");
 
+	if(!atoi(myport)) {
+		struct addrinfo *ai = str2addrinfo("localhost", myport, SOCK_DGRAM);
+		sockaddr_t sa;
+		if(!ai || !ai->ai_addr)
+			return false;
+		free(myport);
+		memcpy(&sa, ai->ai_addr, ai->ai_addrlen);
+		sockaddr2str(&sa, NULL, &myport);
+	}
+
 	/* Read in all the subnets specified in the host configuration file */
 
-	cfg = lookup_config(myself->connection->config_tree, "Subnet");
+	cfg = lookup_config(config_tree, "Subnet");
 
 	while(cfg) {
 		if(!get_config_subnet(cfg, &subnet))
@@ -272,7 +368,7 @@ bool setup_myself(void) {
 
 		subnet_add(myself, subnet);
 
-		cfg = lookup_config_next(myself->connection->config_tree, cfg);
+		cfg = lookup_config_next(config_tree, cfg);
 	}
 
 	/* Check some options */
@@ -283,12 +379,6 @@ bool setup_myself(void) {
 	if(get_config_bool(lookup_config(config_tree, "TCPOnly"), &choice) && choice)
 		myself->options |= OPTION_TCPONLY;
 
-	if(get_config_bool(lookup_config(myself->connection->config_tree, "IndirectData"), &choice) && choice)
-		myself->options |= OPTION_INDIRECT;
-
-	if(get_config_bool(lookup_config(myself->connection->config_tree, "TCPOnly"), &choice) && choice)
-		myself->options |= OPTION_TCPONLY;
-
 	if(myself->options & OPTION_TCPONLY)
 		myself->options |= OPTION_INDIRECT;
 
@@ -326,14 +416,12 @@ bool setup_myself(void) {
 	}
 
 	choice = true;
-	get_config_bool(lookup_config(myself->connection->config_tree, "PMTUDiscovery"), &choice);
 	get_config_bool(lookup_config(config_tree, "PMTUDiscovery"), &choice);
 	if(choice)
 		myself->options |= OPTION_PMTU_DISCOVERY;
 
 	choice = true;
 	get_config_bool(lookup_config(config_tree, "ClampMSS"), &choice);
-	get_config_bool(lookup_config(myself->connection->config_tree, "ClampMSS"), &choice);
 	if(choice)
 		myself->options |= OPTION_CLAMP_MSS;
 
@@ -355,6 +443,28 @@ bool setup_myself(void) {
 	} else
 		maxtimeout = 900;
 
+	if(get_config_int(lookup_config(config_tree, "UDPRcvBuf"), &udp_rcvbuf)) {
+		if(udp_rcvbuf <= 0) {
+			logger(LOG_ERR, "UDPRcvBuf cannot be negative!");
+			return false;
+		}
+	}
+
+	if(get_config_int(lookup_config(config_tree, "UDPSndBuf"), &udp_sndbuf)) {
+		if(udp_sndbuf <= 0) {
+			logger(LOG_ERR, "UDPSndBuf cannot be negative!");
+			return false;
+		}
+	}
+
+	if(get_config_int(lookup_config(config_tree, "ReplayWindow"), &replaywin_int)) {
+		if(replaywin_int < 0) {
+			logger(LOG_ERR, "ReplayWindow cannot be negative!");
+			return false;
+		}
+		replaywin = (unsigned)replaywin_int;
+	}
+
 	if(get_config_string(lookup_config(config_tree, "AddressFamily"), &afname)) {
 		if(!strcasecmp(afname, "IPv4"))
 			addressfamily = AF_INET;
@@ -373,7 +483,7 @@ bool setup_myself(void) {
 
 	/* Generate packet encryption key */
 
-	if(!get_config_string(lookup_config(myself->connection->config_tree, "Cipher"), &cipher))
+	if(!get_config_string(lookup_config(config_tree, "Cipher"), &cipher))
 		cipher = xstrdup("blowfish");
 
 	if(!cipher_open_by_name(&myself->incipher, cipher)) {
@@ -388,11 +498,11 @@ bool setup_myself(void) {
 
 	/* Check if we want to use message authentication codes... */
 
-	if(!get_config_string(lookup_config(myself->connection->config_tree, "Digest"), &digest))
+	if(!get_config_string(lookup_config(config_tree, "Digest"), &digest))
 		digest = xstrdup("sha1");
 
 	int maclength = 4;
-	get_config_int(lookup_config(myself->connection->config_tree, "MACLength"), &maclength);
+	get_config_int(lookup_config(config_tree, "MACLength"), &maclength);
 
 	if(maclength < 0) {
 		logger(LOG_ERR, "Bogus MAC length!");
@@ -406,7 +516,7 @@ bool setup_myself(void) {
 
 	/* Compression */
 
-	if(get_config_int(lookup_config(myself->connection->config_tree, "Compression"), &myself->incompression)) {
+	if(get_config_int(lookup_config(config_tree, "Compression"), &myself->incompression)) {
 		if(myself->incompression < 0 || myself->incompression > 11) {
 			logger(LOG_ERR, "Bogus compression level!");
 			return false;
@@ -452,7 +562,7 @@ bool setup_myself(void) {
 
 	execute_script("tinc-up", envp);
 
-	for(i = 0; i < 5; i++)
+	for(i = 0; i < 4; i++)
 		free(envp[i]);
 
 	/* Run subnet-up scripts for our own subnets */
@@ -498,7 +608,7 @@ bool setup_myself(void) {
 				  EV_READ|EV_PERSIST,
 				  handle_new_meta_connection, NULL);
 		if(event_add(&listen_socket[listen_sockets].ev_tcp, NULL) < 0) {
-			logger(LOG_EMERG, "event_add failed: %s", strerror(errno));
+			logger(LOG_ERR, "event_add failed: %s", strerror(errno));
 			abort();
 		}
 
@@ -507,7 +617,7 @@ bool setup_myself(void) {
 				  EV_READ|EV_PERSIST,
 				  handle_incoming_vpn_data, NULL);
 		if(event_add(&listen_socket[listen_sockets].ev_udp, NULL) < 0) {
-			logger(LOG_EMERG, "event_add failed: %s", strerror(errno));
+			logger(LOG_ERR, "event_add failed: %s", strerror(errno));
 			abort();
 		}
 
@@ -581,7 +691,7 @@ void close_network_connections(void) {
 	for(node = connection_tree->head; node; node = next) {
 		next = node->next;
 		c = node->data;
-		c->outgoing = false;
+		c->outgoing = NULL;
 		terminate_connection(c, false);
 	}