X-Git-Url: https://www.tinc-vpn.org/git/browse?p=tinc;a=blobdiff_plain;f=src%2Fnet_setup.c;h=0fe5068525cf1f83eea998411694b2a0802c9506;hp=9393954072c1868a0e81a124640bf900fde88e1b;hb=5fc1ed17f41f0c535cf57a4b7e00cd6d45759503;hpb=dbc5b5bb5eb3096ad930aa6b590deaba2a103dfc diff --git a/src/net_setup.c b/src/net_setup.c index 93939540..0fe50685 100644 --- a/src/net_setup.c +++ b/src/net_setup.c @@ -1,7 +1,7 @@ /* net_setup.c -- Setup. - Copyright (C) 1998-2002 Ivo Timmermans , - 2000-2002 Guus Sliepen + Copyright (C) 1998-2002 Ivo Timmermans , + 2000-2002 Guus Sliepen This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net_setup.c,v 1.1.2.4 2002/02/20 22:15:32 guus Exp $ + $Id: net_setup.c,v 1.1.2.24 2002/09/09 19:39:58 guus Exp $ */ #include "config.h" @@ -26,8 +26,13 @@ #include #include #include -#ifdef HAVE_LINUX +#ifdef HAVE_NETINET_IN_SYSTM_H + #include +#endif +#ifdef HAVE_NETINET_IP_H #include +#endif +#ifdef HAVE_NETINET_TCP_H #include #endif #include @@ -77,7 +82,7 @@ int read_rsa_public_key(connection_t *c) FILE *fp; char *fname; char *key; -cp + cp(); if(!c->rsa_key) c->rsa_key = RSA_new(); @@ -97,7 +102,8 @@ cp { if(is_safe_path(fname)) { - if((fp = fopen(fname, "r")) == NULL) + fp = fopen(fname, "r"); + if(!fp) { syslog(LOG_ERR, _("Error reading RSA public key file `%s': %s"), fname, strerror(errno)); @@ -107,13 +113,27 @@ cp free(fname); c->rsa_key = PEM_read_RSAPublicKey(fp, &c->rsa_key, NULL, NULL); fclose(fp); - if(!c->rsa_key) + if(c->rsa_key) + return 0; /* Woohoo. */ + + /* If it fails, try PEM_read_RSA_PUBKEY. */ + fp = fopen(fname, "r"); + if(!fp) { - syslog(LOG_ERR, _("Reading RSA public key file `%s' failed: %s"), + syslog(LOG_ERR, _("Error reading RSA public key file `%s': %s"), fname, strerror(errno)); + free(fname); return -1; } - return 0; + free(fname); + c->rsa_key = PEM_read_RSA_PUBKEY(fp, &c->rsa_key, NULL, NULL); + fclose(fp); + if(c->rsa_key) + return 0; + + syslog(LOG_ERR, _("Reading RSA public key file `%s' failed: %s"), + fname, strerror(errno)); + return -1; } else { @@ -125,7 +145,9 @@ cp /* Else, check if a harnessed public key is in the config file */ asprintf(&fname, "%s/hosts/%s", confbase, c->name); - if((fp = fopen(fname, "r"))) + fp = fopen(fname, "r"); + + if(fp) { c->rsa_key = PEM_read_RSAPublicKey(fp, &c->rsa_key, NULL, NULL); fclose(fp); @@ -135,18 +157,32 @@ cp if(c->rsa_key) return 0; - else + + /* Try again with PEM_read_RSA_PUBKEY. */ + + asprintf(&fname, "%s/hosts/%s", confbase, c->name); + fp = fopen(fname, "r"); + + if(fp) { - syslog(LOG_ERR, _("No public key for %s specified!"), c->name); - return -1; + c->rsa_key = PEM_read_RSA_PUBKEY(fp, &c->rsa_key, NULL, NULL); + fclose(fp); } + + free(fname); + + if(c->rsa_key) + return 0; + + syslog(LOG_ERR, _("No public key for %s specified!"), c->name); + return -1; } int read_rsa_private_key(void) { FILE *fp; char *fname, *key; -cp + cp(); if(get_config_string(lookup_config(config_tree, "PrivateKey"), &key)) { myself->connection->rsa_key = RSA_new(); @@ -161,7 +197,8 @@ cp if(is_safe_path(fname)) { - if((fp = fopen(fname, "r")) == NULL) + fp = fopen(fname, "r"); + if(!fp) { syslog(LOG_ERR, _("Error reading RSA private key file `%s': %s"), fname, strerror(errno)); @@ -184,34 +221,6 @@ cp return -1; } -int check_rsa_key(RSA *rsa_key) -{ - char *test1, *test2, *test3; -cp - if(rsa_key->p && rsa_key->q) - { - if(RSA_check_key(rsa_key) != 1) - return -1; - } - else - { - test1 = xmalloc(RSA_size(rsa_key)); - test2 = xmalloc(RSA_size(rsa_key)); - test3 = xmalloc(RSA_size(rsa_key)); - - if(RSA_public_encrypt(RSA_size(rsa_key), test1, test2, rsa_key, RSA_NO_PADDING) != RSA_size(rsa_key)) - return -1; - - if(RSA_private_decrypt(RSA_size(rsa_key), test2, test3, rsa_key, RSA_NO_PADDING) != RSA_size(rsa_key)) - return -1; - - if(memcmp(test1, test3, RSA_size(rsa_key))) - return -1; - } -cp - return 0; -} - /* Configure node_t myself and set up the local sockets (listen only) */ @@ -219,10 +228,11 @@ int setup_myself(void) { config_t *cfg; subnet_t *subnet; - char *name, *mode, *afname, *cipher, *digest; - struct addrinfo hint, *ai; + char *name, *hostname, *mode, *afname, *cipher, *digest; + char *address = NULL; + struct addrinfo hint, *ai, *aip; int choice, err; -cp + cp(); myself = new_node(); myself->connection = new_connection(); init_configuration(&myself->connection->config_tree); @@ -249,7 +259,7 @@ cp myself->name = name; myself->connection->name = xstrdup(name); -cp + cp(); if(read_rsa_private_key()) return -1; @@ -261,13 +271,7 @@ cp if(read_rsa_public_key(myself->connection)) return -1; -cp - - if(check_rsa_key(myself->connection->rsa_key)) - { - syslog(LOG_ERR, _("Invalid public/private keypair!")); - return -1; - } + cp(); if(!get_config_string(lookup_config(myself->connection->config_tree, "Port"), &myport)) asprintf(&myport, "655"); @@ -286,7 +290,7 @@ cp cfg = lookup_config_next(myself->connection->config_tree, cfg); } -cp + cp(); /* Check some options */ if(get_config_bool(lookup_config(config_tree, "IndirectData"), &choice)) @@ -326,6 +330,15 @@ cp else routing_mode = RMODE_ROUTER; + get_config_bool(lookup_config(config_tree, "PriorityInheritance"), &priorityinheritance); +#if !defined(SOL_IP) || !defined(IP_TOS) + if(priorityinheritance) + syslog(LOG_WARNING, _("PriorityInheritance not supported on this platform")); +#endif + + if(!get_config_int(lookup_config(config_tree, "MACExpire"), &macexpire)) + macexpire= 600; + if(get_config_int(lookup_config(myself->connection->config_tree, "MaxTimeout"), &maxtimeout)) { if(maxtimeout <= 0) @@ -356,7 +369,7 @@ cp addressfamily = AF_INET; get_config_bool(lookup_config(config_tree, "Hostnames"), &hostnames); -cp + cp(); /* Generate packet encryption key */ if(get_config_string(lookup_config(myself->connection->config_tree, "Cipher"), &cipher)) @@ -367,7 +380,9 @@ cp } else { - if(!(myself->cipher = EVP_get_cipherbyname(cipher))) + myself->cipher = EVP_get_cipherbyname(cipher); + + if(!myself->cipher) { syslog(LOG_ERR, _("Unrecognized cipher type!")); return -1; @@ -390,7 +405,7 @@ cp if(!get_config_int(lookup_config(config_tree, "KeyExpire"), &keylifetime)) keylifetime = 3600; - keyexpires = time(NULL) + keylifetime; + keyexpires = now + keylifetime; /* Check if we want to use message authentication codes... */ @@ -402,7 +417,9 @@ cp } else { - if(!(myself->digest = EVP_get_digestbyname(digest))) + myself->digest = EVP_get_digestbyname(digest); + + if(!myself->digest) { syslog(LOG_ERR, _("Unrecognized digest type!")); return -1; @@ -449,59 +466,72 @@ cp myself->compression = 0; myself->connection->outcompression = 0; -cp + cp(); /* Done */ myself->nexthop = myself; myself->via = myself; myself->status.active = 1; + myself->status.reachable = 1; node_add(myself); graph(); -cp + cp(); /* Open sockets */ memset(&hint, 0, sizeof(hint)); + get_config_string(lookup_config(config_tree, "BindToAddress"), &address); + hint.ai_family = addressfamily; hint.ai_socktype = SOCK_STREAM; hint.ai_protocol = IPPROTO_TCP; hint.ai_flags = AI_PASSIVE; - if((err = getaddrinfo(NULL, myport, &hint, &ai)) || !ai) + err = getaddrinfo(address, myport, &hint, &ai); + + if(err || !ai) { syslog(LOG_ERR, _("System call `%s' failed: %s"), "getaddrinfo", gai_strerror(err)); return -1; } - if((tcp_socket = setup_listen_socket((sockaddr_t *)ai->ai_addr)) < 0) + listen_sockets = 0; + + for(aip = ai; aip; aip = aip->ai_next) { - syslog(LOG_ERR, _("Unable to set up a listening TCP socket!")); - return -1; - } + listen_socket[listen_sockets].tcp = setup_listen_socket((sockaddr_t *)aip->ai_addr); - freeaddrinfo(ai); + if(listen_socket[listen_sockets].tcp < 0) + continue; - hint.ai_socktype = SOCK_DGRAM; - hint.ai_protocol = IPPROTO_UDP; + listen_socket[listen_sockets].udp = setup_vpn_in_socket((sockaddr_t *)aip->ai_addr); + + if(listen_socket[listen_sockets].udp < 0) + continue; - if((err = getaddrinfo(NULL, myport, &hint, &ai)) || !ai) - { - syslog(LOG_ERR, _("System call `%s' failed: %s"), "getaddrinfo", gai_strerror(err)); - return -1; - } + if(debug_lvl >= DEBUG_CONNECTIONS) + { + hostname = sockaddr2hostname((sockaddr_t *)aip->ai_addr); + syslog(LOG_NOTICE, _("Listening on %s"), hostname); + free(hostname); + } - if((udp_socket = setup_vpn_in_socket((sockaddr_t *)ai->ai_addr)) < 0) - { - syslog(LOG_ERR, _("Unable to set up a listening UDP socket!")); - return -1; + listen_socket[listen_sockets].sa.sa = *aip->ai_addr; + listen_sockets++; } freeaddrinfo(ai); - syslog(LOG_NOTICE, _("Ready: listening on port %s"), myport); -cp + if(listen_sockets) + syslog(LOG_NOTICE, _("Ready")); + else + { + syslog(LOG_ERR, _("Unable to create any listening socket!")); + return -1; + } + cp(); return 0; } @@ -510,12 +540,17 @@ cp */ int setup_network_connections(void) { -cp + char *envp[4]; + int i; + cp(); + now = time(NULL); + init_connections(); init_subnets(); init_nodes(); init_edges(); init_events(); + init_requests(); if(get_config_int(lookup_config(config_tree, "PingTimeout"), &pingtimeout)) { @@ -531,13 +566,21 @@ cp return -1; /* Run tinc-up script to further initialize the tap interface */ - execute_script("tinc-up"); + asprintf(&envp[0], "NETNAME=%s", netname?:""); + asprintf(&envp[1], "DEVICE=%s", device?:""); + asprintf(&envp[2], "INTERFACE=%s", interface?:""); + envp[3] = NULL; + + execute_script("tinc-up", envp); + + for(i = 0; i < 4; i++) + free(envp[i]); if(setup_myself() < 0) return -1; try_outgoing_connections(); -cp + cp(); return 0; } @@ -548,31 +591,45 @@ void close_network_connections(void) { avl_node_t *node, *next; connection_t *c; -cp + char *envp[4]; + int i; + cp(); for(node = connection_tree->head; node; node = next) { next = node->next; c = (connection_t *)node->data; if(c->outgoing) - free(c->outgoing->name), free(c->outgoing); + free(c->outgoing->name), free(c->outgoing), c->outgoing = NULL; terminate_connection(c, 0); } if(myself && myself->connection) terminate_connection(myself->connection, 0); - close(udp_socket); - close(tcp_socket); + for(i = 0; i < listen_sockets; i++) + { + close(listen_socket[i].tcp); + close(listen_socket[i].udp); + } + exit_requests(); exit_events(); exit_edges(); exit_subnets(); exit_nodes(); exit_connections(); - execute_script("tinc-down"); + asprintf(&envp[0], "NETNAME=%s", netname?:""); + asprintf(&envp[1], "DEVICE=%s", device?:""); + asprintf(&envp[2], "INTERFACE=%s", interface?:""); + envp[3] = NULL; + + execute_script("tinc-down", envp); + + for(i = 0; i < 4; i++) + free(envp[i]); close_device(); -cp + cp(); return; }