X-Git-Url: https://www.tinc-vpn.org/git/browse?p=tinc;a=blobdiff_plain;f=src%2Fnet.c;h=cb32caba83de56bcca5f1ff5dbe15b9bd64f823d;hp=893892c033bedbb453453829ddd384a853ac45ed;hb=e1707f7739f450c729e26b921e459d5da07602f9;hpb=1eedf54681d4556c6874f7baee8e810cab867756 diff --git a/src/net.c b/src/net.c index 893892c0..cb32caba 100644 --- a/src/net.c +++ b/src/net.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.82 2000/11/25 13:33:30 guus Exp $ + $Id: net.c,v 1.35.4.88 2000/12/22 21:34:20 guus Exp $ */ #include "config.h" @@ -59,6 +59,12 @@ # include #endif +#ifdef HAVE_OPENSSL_PEM_H +# include +#else +# include +#endif + #ifdef HAVE_TUNTAP #include LINUX_IF_TUN_H #endif @@ -380,9 +386,9 @@ int setup_tap_fd(void) const char *tapfname; config_t const *cfg; #ifdef HAVE_LINUX - #ifdef HAVE_TUNTAP +# ifdef HAVE_TUNTAP struct ifreq ifr; - #endif +# endif #endif cp @@ -391,11 +397,11 @@ cp else { #ifdef HAVE_LINUX - #ifdef HAVE_TUNTAP +# ifdef HAVE_TUNTAP tapfname = "/dev/misc/net/tun"; - #else +# else tapfname = "/dev/tap0"; - #endif +# endif #endif #ifdef HAVE_FREEBSD tapfname = "/dev/tap0"; @@ -692,6 +698,91 @@ cp return 0; } +int read_rsa_public_key(connection_t *cl) +{ + config_t const *cfg; + FILE *fp; + void *result; +cp + if(!cl->rsa_key) + cl->rsa_key = RSA_new(); + + if((cfg = get_config_val(cl->config, config_publickey))) + { + BN_hex2bn(&cl->rsa_key->n, cfg->data.ptr); + BN_hex2bn(&cl->rsa_key->e, "FFFF"); + } + else if((cfg = get_config_val(cl->config, config_publickeyfile))) + { + if(is_safe_path(cfg->data.ptr)) + { + if((fp = fopen(cfg->data.ptr, "r")) == NULL) + { + syslog(LOG_ERR, _("Error reading RSA public key file `%s': %m"), + cfg->data.ptr); + return -1; + } + result = PEM_read_RSAPublicKey(fp, &cl->rsa_key, NULL, NULL); + fclose(fp); + if(!result) + { + syslog(LOG_ERR, _("Reading RSA public key file `%s' failed: %m"), + cfg->data.ptr); + return -1; + } + } + else + return -1; + } + else + { + syslog(LOG_ERR, _("No public key for %s specified!"), cl->name); + return -1; + } +cp + return 0; +} + +int read_rsa_private_key(void) +{ + config_t const *cfg; + FILE *fp; + void *result; +cp + if(!myself->rsa_key) + myself->rsa_key = RSA_new(); + + if((cfg = get_config_val(config, config_privatekey))) + { + BN_hex2bn(&myself->rsa_key->d, cfg->data.ptr); + BN_hex2bn(&myself->rsa_key->e, "FFFF"); + } + else if((cfg = get_config_val(config, config_privatekeyfile))) + { + if((fp = fopen(cfg->data.ptr, "r")) == NULL) + { + syslog(LOG_ERR, _("Error reading RSA private key file `%s': %m"), + cfg->data.ptr); + return -1; + } + result = PEM_read_RSAPrivateKey(fp, &myself->rsa_key, NULL, NULL); + fclose(fp); + if(!result) + { + syslog(LOG_ERR, _("Reading RSA private key file `%s' failed: %m"), + cfg->data.ptr); + return -1; + } + } + else + { + syslog(LOG_ERR, _("No private key for tinc daemon specified!")); + return -1; + } +cp + return 0; +} + /* Configure connection_t myself and set up the local sockets (listen only) */ @@ -721,33 +812,19 @@ cp return -1; } cp - if(!(cfg = get_config_val(config, config_privatekey))) - { - syslog(LOG_ERR, _("Private key for tinc daemon required!")); - return -1; - } - else - { - myself->rsa_key = RSA_new(); - BN_hex2bn(&myself->rsa_key->d, cfg->data.ptr); - BN_hex2bn(&myself->rsa_key->e, "FFFF"); - } + if(read_rsa_private_key()) + return -1; if(read_host_config(myself)) { syslog(LOG_ERR, _("Cannot open host configuration file for myself!")); return -1; } + + if(read_rsa_public_key(myself)) + return -1; cp - if(!(cfg = get_config_val(myself->config, config_publickey))) - { - syslog(LOG_ERR, _("Public key for tinc daemon required!")); - return -1; - } - else - { - BN_hex2bn(&myself->rsa_key->n, cfg->data.ptr); - } + /* if(RSA_check_key(myself->rsa_key) != 1) { @@ -1115,7 +1192,7 @@ cp if(!cl) { - syslog(LOG_WARNING, _("Received UDP packets on port %d from unknown source %lx:%d"), ntohl(from.sin_addr.s_addr), ntohs(from.sin_port)); + syslog(LOG_WARNING, _("Received UDP packets on port %d from unknown source %lx:%d"), myself->port, ntohl(from.sin_addr.s_addr), ntohs(from.sin_port)); return 0; }