X-Git-Url: https://www.tinc-vpn.org/git/browse?p=tinc;a=blobdiff_plain;f=src%2Fnet_setup.c;h=0d49ae914d8f83e5a29e78a2eb641cda31eb0a66;hp=5a5564e9b15397831de10a42924cdff119cee5aa;hb=e3220cacb5bc79fc56167e61b7a342f88a33a479;hpb=eefa28059ab989c915a7d95fb4ae728abd7ce713 diff --git a/src/net_setup.c b/src/net_setup.c index 5a5564e9..0d49ae91 100644 --- a/src/net_setup.c +++ b/src/net_setup.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net_setup.c,v 1.1.2.37 2003/07/22 20:55:20 guus Exp $ + $Id: net_setup.c,v 1.1.2.46 2003/11/17 15:30:17 guus Exp $ */ #include "system.h" @@ -25,6 +25,8 @@ #include #include #include +#include +#include #include "avl_tree.h" #include "conf.h" @@ -149,6 +151,7 @@ bool read_rsa_private_key(void) { FILE *fp; char *fname, *key; + struct stat s; cp(); @@ -164,32 +167,39 @@ bool read_rsa_private_key(void) if(!get_config_string(lookup_config(config_tree, "PrivateKeyFile"), &fname)) asprintf(&fname, "%s/rsa_key.priv", confbase); - if(is_safe_path(fname)) { - fp = fopen(fname, "r"); + fp = fopen(fname, "r"); - if(!fp) { - logger(LOG_ERR, _("Error reading RSA private key file `%s': %s"), - fname, strerror(errno)); - free(fname); - return false; - } + if(!fp) { + logger(LOG_ERR, _("Error reading RSA private key file `%s': %s"), + fname, strerror(errno)); + free(fname); + return false; + } +#if !defined(HAVE_MINGW) && !defined(HAVE_CYGWIN) + if(fstat(fileno(fp), &s)) { + logger(LOG_ERR, _("Could not stat RSA private key file `%s': %s'"), + fname, strerror(errno)); free(fname); - myself->connection->rsa_key = - PEM_read_RSAPrivateKey(fp, NULL, NULL, NULL); - fclose(fp); + return false; + } - if(!myself->connection->rsa_key) { - logger(LOG_ERR, _("Reading RSA private key file `%s' failed: %s"), - fname, strerror(errno)); - return false; - } + if(s.st_mode & ~0100700) + logger(LOG_WARNING, _("Warning: insecure file permissions for RSA private key file `%s'!"), fname); +#endif - return true; + myself->connection->rsa_key = PEM_read_RSAPrivateKey(fp, NULL, NULL, NULL); + fclose(fp); + + if(!myself->connection->rsa_key) { + logger(LOG_ERR, _("Reading RSA private key file `%s' failed: %s"), + fname, strerror(errno)); + free(fname); + return false; } free(fname); - return false; + return true; } /* @@ -201,9 +211,10 @@ bool setup_myself(void) subnet_t *subnet; char *name, *hostname, *mode, *afname, *cipher, *digest; char *address = NULL; - struct addrinfo hint, *ai, *aip; + char *envp[5]; + struct addrinfo *ai, *aip, hint = {0}; bool choice; - int err; + int i, err; cp(); @@ -280,6 +291,8 @@ bool setup_myself(void) if(myself->options & OPTION_TCPONLY) myself->options |= OPTION_INDIRECT; + get_config_bool(lookup_config(config_tree, "TunnelServer"), &tunnelserver); + if(get_config_string(lookup_config(config_tree, "Mode"), &mode)) { if(!strcasecmp(mode, "router")) routing_mode = RMODE_ROUTER; @@ -353,7 +366,7 @@ bool setup_myself(void) myself->connection->outcipher = EVP_bf_ofb(); - myself->key = (char *) xmalloc(myself->keylength); + myself->key = xmalloc(myself->keylength); RAND_pseudo_bytes(myself->key, myself->keylength); if(!get_config_int(lookup_config(config_tree, "KeyExpire"), &keylifetime)) @@ -361,8 +374,15 @@ bool setup_myself(void) keyexpires = now + keylifetime; - EVP_CIPHER_CTX_init(&packet_ctx); - EVP_DecryptInit_ex(&packet_ctx, myself->cipher, NULL, myself->key, myself->key + myself->cipher->key_len); + if(myself->cipher) { + EVP_CIPHER_CTX_init(&packet_ctx); + if(!EVP_DecryptInit_ex(&packet_ctx, myself->cipher, NULL, myself->key, myself->key + myself->cipher->key_len)) { + logger(LOG_ERR, _("Error during initialisation of cipher for %s (%s): %s"), + myself->name, myself->hostname, ERR_error_string(ERR_get_error(), NULL)); + return false; + } + + } /* Check if we want to use message authentication codes... */ @@ -383,8 +403,7 @@ bool setup_myself(void) myself->connection->outdigest = EVP_sha1(); - if(get_config_int - (lookup_config(myself->connection->config_tree, "MACLength"), + if(get_config_int(lookup_config(myself->connection->config_tree, "MACLength"), &myself->maclength)) { if(myself->digest) { if(myself->maclength > myself->digest->md_size) { @@ -402,8 +421,7 @@ bool setup_myself(void) /* Compression */ - if(get_config_int - (lookup_config(myself->connection->config_tree, "Compression"), + if(get_config_int(lookup_config(myself->connection->config_tree, "Compression"), &myself->compression)) { if(myself->compression < 0 || myself->compression > 11) { logger(LOG_ERR, _("Bogus compression level!")); @@ -424,9 +442,24 @@ bool setup_myself(void) graph(); - /* Open sockets */ + /* Open device */ + + if(!setup_device()) + return false; - memset(&hint, 0, sizeof(hint)); + /* Run tinc-up script to further initialize the tap interface */ + asprintf(&envp[0], "NETNAME=%s", netname ? : ""); + asprintf(&envp[1], "DEVICE=%s", device ? : ""); + asprintf(&envp[2], "INTERFACE=%s", iface ? : ""); + asprintf(&envp[3], "NAME=%s", myself->name); + envp[4] = NULL; + + execute_script("tinc-up", envp); + + for(i = 0; i < 5; i++) + free(envp[i]); + + /* Open sockets */ get_config_string(lookup_config(config_tree, "BindToAddress"), &address); @@ -485,9 +518,6 @@ bool setup_myself(void) */ bool setup_network_connections(void) { - char *envp[5]; - int i; - cp(); now = time(NULL); @@ -506,24 +536,9 @@ bool setup_network_connections(void) } else pingtimeout = 60; - if(!setup_device()) - return false; - if(!setup_myself()) return false; - /* Run tinc-up script to further initialize the tap interface */ - asprintf(&envp[0], "NETNAME=%s", netname ? : ""); - asprintf(&envp[1], "DEVICE=%s", device ? : ""); - asprintf(&envp[2], "INTERFACE=%s", iface ? : ""); - asprintf(&envp[3], "NAME=%s", myself->name); - envp[4] = NULL; - - execute_script("tinc-up", envp); - - for(i = 0; i < 5; i++) - free(envp[i]); - try_outgoing_connections(); return true; @@ -543,7 +558,7 @@ void close_network_connections(void) for(node = connection_tree->head; node; node = next) { next = node->next; - c = (connection_t *) node->data; + c = node->data; if(c->outgoing) free(c->outgoing->name), free(c->outgoing), c->outgoing = NULL;