Support RSA_PUBKEYs (as opposed to RSAPublicKeys) so tinc accepts

[tinc] / src / net_setup.c

diff --git a/src/net_setup.c b/src/net_setup.c
index f8a8b99..ec0700c 100644 (file)
--- a/src/net_setup.c
+++ b/src/net_setup.c
@@ -17,7 +17,7 @@
     along with this program; if not, write to the Free Software
     Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
 
-    $Id: net_setup.c,v 1.1.2.8 2002/03/01 14:09:31 guus Exp $
+    $Id: net_setup.c,v 1.1.2.16 2002/06/02 16:06:33 guus Exp $
 */
 
 #include "config.h"
@@ -107,13 +107,26 @@ cp
           free(fname);
           c->rsa_key = PEM_read_RSAPublicKey(fp, &c->rsa_key, NULL, NULL);
           fclose(fp);
-          if(!c->rsa_key)
+         if(c->rsa_key)
+           return 0; /* Woohoo. */
+         
+         /* If it fails, try PEM_read_RSA_PUBKEY. */
+          if((fp = fopen(fname, "r")) == NULL)
             {
-              syslog(LOG_ERR, _("Reading RSA public key file `%s' failed: %s"),
+              syslog(LOG_ERR, _("Error reading RSA public key file `%s': %s"),
                      fname, strerror(errno));
+              free(fname);
               return -1;
             }
-          return 0;
+          free(fname);
+          c->rsa_key = PEM_read_RSA_PUBKEY(fp, &c->rsa_key, NULL, NULL);
+          fclose(fp);
+         if(c->rsa_key)
+           return 0;
+
+          syslog(LOG_ERR, _("Reading RSA public key file `%s' failed: %s"),
+                 fname, strerror(errno));
+          return -1;
         }
       else
         {
@@ -135,11 +148,23 @@ cp
 
   if(c->rsa_key)
     return 0;
-  else
+
+  /* Try again with PEM_read_RSA_PUBKEY. */
+
+  asprintf(&fname, "%s/hosts/%s", confbase, c->name);
+  if((fp = fopen(fname, "r")))
     {
-      syslog(LOG_ERR, _("No public key for %s specified!"), c->name);
-      return -1;
+      c->rsa_key = PEM_read_RSA_PUBKEY(fp, &c->rsa_key, NULL, NULL);
+      fclose(fp);
     }
+
+  free(fname);
+
+  if(c->rsa_key)
+    return 0;
+
+  syslog(LOG_ERR, _("No public key for %s specified!"), c->name);
+  return -1;
 }
 
 int read_rsa_private_key(void)
@@ -184,34 +209,6 @@ cp
   return -1;
 }
 
-int check_rsa_key(RSA *rsa_key)
-{
-  char *test1, *test2, *test3;
-cp
-  if(rsa_key->p && rsa_key->q)
-    {
-      if(RSA_check_key(rsa_key) != 1)
-          return -1;
-    }
-  else
-    {
-      test1 = xmalloc(RSA_size(rsa_key));
-      test2 = xmalloc(RSA_size(rsa_key));
-      test3 = xmalloc(RSA_size(rsa_key));
-
-      if(RSA_public_encrypt(RSA_size(rsa_key), test1, test2, rsa_key, RSA_NO_PADDING) != RSA_size(rsa_key))
-          return -1;
-
-      if(RSA_private_decrypt(RSA_size(rsa_key), test2, test3, rsa_key, RSA_NO_PADDING) != RSA_size(rsa_key))
-          return -1;
-
-      if(memcmp(test1, test3, RSA_size(rsa_key)))
-          return -1;
-    }
-cp
-  return 0;
-}
-
 /*
   Configure node_t myself and set up the local sockets (listen only)
 */
@@ -220,6 +217,7 @@ int setup_myself(void)
   config_t *cfg;
   subnet_t *subnet;
   char *name, *hostname, *mode, *afname, *cipher, *digest;
+  char *address = NULL;
   struct addrinfo hint, *ai, *aip;
   int choice, err;
 cp
@@ -263,12 +261,6 @@ cp
     return -1;
 cp
 
-  if(check_rsa_key(myself->connection->rsa_key))
-    {
-      syslog(LOG_ERR, _("Invalid public/private keypair!"));
-      return -1;
-    }
-
   if(!get_config_string(lookup_config(myself->connection->config_tree, "Port"), &myport))
     asprintf(&myport, "655");
 
@@ -327,6 +319,10 @@ cp
     routing_mode = RMODE_ROUTER;
 
   get_config_bool(lookup_config(config_tree, "PriorityInheritance"), &priorityinheritance);
+#if !defined(SOL_IP) || !defined(IP_TOS)
+  if(priorityinheritance)
+    syslog(LOG_WARNING, _("PriorityInheritance not supported on this platform"));
+#endif
 
   if(!get_config_int(lookup_config(config_tree, "MACExpire"), &macexpire))
     macexpire= 600;
@@ -460,6 +456,7 @@ cp
   myself->nexthop = myself;
   myself->via = myself;
   myself->status.active = 1;
+  myself->status.reachable = 1;
   node_add(myself);
 
   graph();
@@ -469,12 +466,14 @@ cp
   
   memset(&hint, 0, sizeof(hint));
   
+  get_config_string(lookup_config(config_tree, "BindToAddress"), &address);
+
   hint.ai_family = addressfamily;
   hint.ai_socktype = SOCK_STREAM;
   hint.ai_protocol = IPPROTO_TCP;
   hint.ai_flags = AI_PASSIVE;
 
-  if((err = getaddrinfo(NULL, myport, &hint, &ai)) || !ai)
+  if((err = getaddrinfo(address, myport, &hint, &ai)) || !ai)
     {
       syslog(LOG_ERR, _("System call `%s' failed: %s"), "getaddrinfo", gai_strerror(err));
       return -1;
@@ -482,10 +481,10 @@ cp
 
   for(aip = ai; aip; aip = aip->ai_next)
     {
-      if((tcp_socket[listen_sockets] = setup_listen_socket((sockaddr_t *)aip->ai_addr)) < 0)
+      if((listen_socket[listen_sockets].tcp = setup_listen_socket((sockaddr_t *)aip->ai_addr)) < 0)
         continue;
 
-      if((udp_socket[listen_sockets] = setup_vpn_in_socket((sockaddr_t *)aip->ai_addr)) < 0)
+      if((listen_socket[listen_sockets].udp = setup_vpn_in_socket((sockaddr_t *)aip->ai_addr)) < 0)
         continue;
 
       if(debug_lvl >= DEBUG_CONNECTIONS)
@@ -495,6 +494,7 @@ cp
          free(hostname);
        }
 
+      listen_socket[listen_sockets].sa.sa = *aip->ai_addr;
       listen_sockets++;
     }
 
@@ -524,6 +524,7 @@ cp
   init_nodes();
   init_edges();
   init_events();
+  init_requests();
 
   if(get_config_int(lookup_config(config_tree, "PingTimeout"), &pingtimeout))
     {
@@ -563,7 +564,7 @@ cp
       next = node->next;
       c = (connection_t *)node->data;
       if(c->outgoing)
-        free(c->outgoing->name), free(c->outgoing);
+        free(c->outgoing->name), free(c->outgoing), c->outgoing = NULL;
       terminate_connection(c, 0);
     }
 
@@ -572,10 +573,11 @@ cp
 
   for(i = 0; i < listen_sockets; i++)
     {
-      close(udp_socket[i]);
-      close(tcp_socket[i]);
+      close(listen_socket[i].tcp);
+      close(listen_socket[i].udp);
     }
 
+  exit_requests();
   exit_events();
   exit_edges();
   exit_subnets();