X-Git-Url: https://www.tinc-vpn.org/git/browse?p=tinc;a=blobdiff_plain;f=src%2Fnet.c;h=cb32caba83de56bcca5f1ff5dbe15b9bd64f823d;hp=3dd997428e50d7f0f8751eb5e97bcdff6770088f;hb=e1707f7739f450c729e26b921e459d5da07602f9;hpb=09260b43d1ff037c22f86c82a6af830e9a6d6ae5

diff --git a/src/net.c b/src/net.c
index 3dd99742..cb32caba 100644
--- a/src/net.c
+++ b/src/net.c
@@ -17,7 +17,7 @@
     along with this program; if not, write to the Free Software
     Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
 
-    $Id: net.c,v 1.35.4.83 2000/11/30 20:08:41 zarq Exp $
+    $Id: net.c,v 1.35.4.88 2000/12/22 21:34:20 guus Exp $
 */
 
 #include "config.h"
@@ -59,6 +59,12 @@
 # include <err.h>
 #endif
 
+#ifdef HAVE_OPENSSL_PEM_H
+# include <openssl/pem.h>
+#else
+# include <pem.h>
+#endif
+
 #ifdef HAVE_TUNTAP
 #include LINUX_IF_TUN_H
 #endif
@@ -380,9 +386,9 @@ int setup_tap_fd(void)
   const char *tapfname;
   config_t const *cfg;
 #ifdef HAVE_LINUX
- #ifdef HAVE_TUNTAP
+# ifdef HAVE_TUNTAP
   struct ifreq ifr;
- #endif
+# endif
 #endif
 
 cp  
@@ -391,11 +397,11 @@ cp
   else
    {
 #ifdef HAVE_LINUX
- #ifdef HAVE_TUNTAP
+# ifdef HAVE_TUNTAP
       tapfname = "/dev/misc/net/tun";
- #else
+# else
       tapfname = "/dev/tap0";
- #endif
+# endif
 #endif
 #ifdef HAVE_FREEBSD
       tapfname = "/dev/tap0";
@@ -692,31 +698,89 @@ cp
   return 0;
 }
 
-int read_rsa_private_key(RSA **key, const char *file)
+int read_rsa_public_key(connection_t *cl)
 {
+  config_t const *cfg;
   FILE *fp;
+  void *result;
+cp
+  if(!cl->rsa_key)
+    cl->rsa_key = RSA_new();
 
-  if((fp = fopen(file, "r")) == NULL)
+  if((cfg = get_config_val(cl->config, config_publickey)))
     {
-      syslog(LOG_ERR, _("Error reading file `%s': %m"),
-	     file);
+      BN_hex2bn(&cl->rsa_key->n, cfg->data.ptr);
+      BN_hex2bn(&cl->rsa_key->e, "FFFF");
+    }
+  else if((cfg = get_config_val(cl->config, config_publickeyfile)))
+    {
+      if(is_safe_path(cfg->data.ptr))
+        {
+          if((fp = fopen(cfg->data.ptr, "r")) == NULL)
+            {
+              syslog(LOG_ERR, _("Error reading RSA public key file `%s': %m"),
+	             cfg->data.ptr);
+              return -1;
+            }
+          result = PEM_read_RSAPublicKey(fp, &cl->rsa_key, NULL, NULL);
+          fclose(fp);
+          if(!result)
+            {
+              syslog(LOG_ERR, _("Reading RSA public key file `%s' failed: %m"),
+	             cfg->data.ptr);
+              return -1;
+            }
+        }
+      else
+        return -1;
+    }    
+  else
+    {
+      syslog(LOG_ERR, _("No public key for %s specified!"), cl->name);
       return -1;
     }
-  PEM_read_RSAPrivateKey(fp, key, NULL, NULL);
+cp
+  return 0;
 }
 
-int read_rsa_keys(void)
+int read_rsa_private_key(void)
 {
   config_t const *cfg;
+  FILE *fp;
+  void *result;
+cp
+  if(!myself->rsa_key)
+    myself->rsa_key = RSA_new();
 
-  if(!(cfg = get_config_val(config, config_privatekey)))
+  if((cfg = get_config_val(config, config_privatekey)))
+    {
+      BN_hex2bn(&myself->rsa_key->d, cfg->data.ptr);
+      BN_hex2bn(&myself->rsa_key->e, "FFFF");
+    }
+  else if((cfg = get_config_val(config, config_privatekeyfile)))
+    {
+      if((fp = fopen(cfg->data.ptr, "r")) == NULL)
+        {
+          syslog(LOG_ERR, _("Error reading RSA private key file `%s': %m"),
+	         cfg->data.ptr);
+          return -1;
+        }
+      result = PEM_read_RSAPrivateKey(fp, &myself->rsa_key, NULL, NULL);
+      fclose(fp);
+      if(!result)
+        {
+          syslog(LOG_ERR, _("Reading RSA private key file `%s' failed: %m"),
+	         cfg->data.ptr);
+          return -1;
+        }
+    }    
+  else
     {
-      syslog(LOG_ERR, _("Private key for tinc daemon required!"));
+      syslog(LOG_ERR, _("No private key for tinc daemon specified!"));
       return -1;
     }
-
-  myself->rsa_key = RSA_new();
-  return read_rsa_private_key(&(myself->rsa_key), cfg->data.ptr);
+cp
+  return 0;
 }
 
 /*
@@ -748,7 +812,7 @@ cp
       return -1;
     }
 cp
-  if(read_rsa_keys())
+  if(read_rsa_private_key())
     return -1;
 
   if(read_host_config(myself))
@@ -756,16 +820,11 @@ cp
       syslog(LOG_ERR, _("Cannot open host configuration file for myself!"));
       return -1;
     }
+
+  if(read_rsa_public_key(myself))
+    return -1;
 cp  
-  if(!(cfg = get_config_val(myself->config, config_publickey)))
-    {
-      syslog(LOG_ERR, _("Public key for tinc daemon required!"));
-      return -1;
-    }
-  else
-    {
-      BN_hex2bn(&myself->rsa_key->n, cfg->data.ptr);
-    }
+
 /*
   if(RSA_check_key(myself->rsa_key) != 1)
     {
@@ -1133,7 +1192,7 @@ cp
   
   if(!cl)
     {
-      syslog(LOG_WARNING, _("Received UDP packets on port %d from unknown source %lx:%d"), ntohl(from.sin_addr.s_addr), ntohs(from.sin_port));
+      syslog(LOG_WARNING, _("Received UDP packets on port %d from unknown source %lx:%d"), myself->port, ntohl(from.sin_addr.s_addr), ntohs(from.sin_port));
       return 0;
     }