X-Git-Url: https://www.tinc-vpn.org/git/browse?p=tinc;a=blobdiff_plain;f=src%2Fnet_setup.c;h=e0f156969486351f762f627acf8353762afee8b8;hp=c7c1250508fe8e1105bd8baadbaf8eaf74fab71c;hb=a90f1b652c0fb52950f3b0783a7e2b7f2e0cf2db;hpb=9bde92ce97d5503ff2d31dcc6f0648902580ec14 diff --git a/src/net_setup.c b/src/net_setup.c index c7c12505..e0f15696 100644 --- a/src/net_setup.c +++ b/src/net_setup.c @@ -1,7 +1,7 @@ /* net_setup.c -- Setup. - Copyright (C) 1998-2003 Ivo Timmermans , - 2000-2003 Guus Sliepen + Copyright (C) 1998-2005 Ivo Timmermans , + 2000-2005 Guus Sliepen This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net_setup.c,v 1.1.2.42 2003/08/08 22:11:54 guus Exp $ + $Id$ */ #include "system.h" @@ -25,6 +25,8 @@ #include #include #include +#include +#include #include "avl_tree.h" #include "conf.h" @@ -148,17 +150,23 @@ bool read_rsa_public_key(connection_t *c) bool read_rsa_private_key(void) { FILE *fp; - char *fname, *key; + char *fname, *key, *pubkey; struct stat s; cp(); if(get_config_string(lookup_config(config_tree, "PrivateKey"), &key)) { + if(!get_config_string(lookup_config(myself->connection->config_tree, "PublicKey"), &pubkey)) { + logger(LOG_ERR, _("PrivateKey used but no PublicKey found!")); + return false; + } myself->connection->rsa_key = RSA_new(); // RSA_blinding_on(myself->connection->rsa_key, NULL); BN_hex2bn(&myself->connection->rsa_key->d, key); + BN_hex2bn(&myself->connection->rsa_key->n, pubkey); BN_hex2bn(&myself->connection->rsa_key->e, "FFFF"); free(key); + free(pubkey); return true; } @@ -182,7 +190,7 @@ bool read_rsa_private_key(void) return false; } - if(s.st_mode & ~0700) + if(s.st_mode & ~0100700) logger(LOG_WARNING, _("Warning: insecure file permissions for RSA private key file `%s'!"), fname); #endif @@ -240,19 +248,15 @@ bool setup_myself(void) myself->name = name; myself->connection->name = xstrdup(name); - if(!read_rsa_private_key()) - return false; - if(!read_connection_config(myself->connection)) { logger(LOG_ERR, _("Cannot open host configuration file for myself!")); return false; } - if(!read_rsa_public_key(myself->connection)) + if(!read_rsa_private_key()) return false; - if(!get_config_string - (lookup_config(myself->connection->config_tree, "Port"), &myport)) + if(!get_config_string(lookup_config(myself->connection->config_tree, "Port"), &myport)) asprintf(&myport, "655"); /* Read in all the subnets specified in the host configuration file */ @@ -270,25 +274,26 @@ bool setup_myself(void) /* Check some options */ - if(get_config_bool(lookup_config(config_tree, "IndirectData"), &choice)) - if(choice) - myself->options |= OPTION_INDIRECT; + if(get_config_bool(lookup_config(config_tree, "IndirectData"), &choice) && choice) + myself->options |= OPTION_INDIRECT; - if(get_config_bool(lookup_config(config_tree, "TCPOnly"), &choice)) - if(choice) - myself->options |= OPTION_TCPONLY; + if(get_config_bool(lookup_config(config_tree, "TCPOnly"), &choice) && choice) + myself->options |= OPTION_TCPONLY; - if(get_config_bool(lookup_config(myself->connection->config_tree, "IndirectData"), &choice)) - if(choice) - myself->options |= OPTION_INDIRECT; + if(get_config_bool(lookup_config(myself->connection->config_tree, "IndirectData"), &choice) && choice) + myself->options |= OPTION_INDIRECT; - if(get_config_bool(lookup_config(myself->connection->config_tree, "TCPOnly"), &choice)) - if(choice) - myself->options |= OPTION_TCPONLY; + if(get_config_bool(lookup_config(myself->connection->config_tree, "TCPOnly"), &choice) && choice) + myself->options |= OPTION_TCPONLY; + + if(get_config_bool(lookup_config(myself->connection->config_tree, "PMTUDiscovery"), &choice) && choice) + myself->options |= OPTION_PMTU_DISCOVERY; if(myself->options & OPTION_TCPONLY) myself->options |= OPTION_INDIRECT; + get_config_bool(lookup_config(config_tree, "TunnelServer"), &tunnelserver); + if(get_config_string(lookup_config(config_tree, "Mode"), &mode)) { if(!strcasecmp(mode, "router")) routing_mode = RMODE_ROUTER; @@ -314,7 +319,7 @@ bool setup_myself(void) if(!get_config_int(lookup_config(config_tree, "MACExpire"), &macexpire)) macexpire = 600; - if(get_config_int(lookup_config(myself->connection->config_tree, "MaxTimeout"), &maxtimeout)) { + if(get_config_int(lookup_config(config_tree, "MaxTimeout"), &maxtimeout)) { if(maxtimeout <= 0) { logger(LOG_ERR, _("Bogus maximum timeout!")); return false; @@ -362,7 +367,7 @@ bool setup_myself(void) myself->connection->outcipher = EVP_bf_ofb(); - myself->key = (char *) xmalloc(myself->keylength); + myself->key = xmalloc(myself->keylength); RAND_pseudo_bytes(myself->key, myself->keylength); if(!get_config_int(lookup_config(config_tree, "KeyExpire"), &keylifetime)) @@ -372,7 +377,12 @@ bool setup_myself(void) if(myself->cipher) { EVP_CIPHER_CTX_init(&packet_ctx); - EVP_DecryptInit_ex(&packet_ctx, myself->cipher, NULL, myself->key, myself->key + myself->cipher->key_len); + if(!EVP_DecryptInit_ex(&packet_ctx, myself->cipher, NULL, myself->key, myself->key + myself->cipher->key_len)) { + logger(LOG_ERR, _("Error during initialisation of cipher for %s (%s): %s"), + myself->name, myself->hostname, ERR_error_string(ERR_get_error(), NULL)); + return false; + } + } /* Check if we want to use message authentication codes... */ @@ -450,6 +460,10 @@ bool setup_myself(void) for(i = 0; i < 5; i++) free(envp[i]); + /* Run subnet-up scripts for our own subnets */ + + subnet_update(myself, NULL, true); + /* Open sockets */ get_config_string(lookup_config(config_tree, "BindToAddress"), &address); @@ -520,12 +534,20 @@ bool setup_network_connections(void) init_events(); init_requests(); - if(get_config_int(lookup_config(config_tree, "PingTimeout"), &pingtimeout)) { - if(pingtimeout < 1) { - pingtimeout = 86400; + if(get_config_int(lookup_config(config_tree, "PingInterval"), &pinginterval)) { + if(pinginterval < 1) { + pinginterval = 86400; } } else - pingtimeout = 60; + pinginterval = 60; + + if(!get_config_int(lookup_config(config_tree, "PingTimeout"), &pingtimeout)) + pingtimeout = 5; + if(pingtimeout < 1 || pingtimeout > pinginterval) + pingtimeout = pinginterval; + + if(!get_config_int(lookup_config(config_tree, "MaxOutputBufferSize"), &maxoutbufsize)) + maxoutbufsize = 4 * MTU; if(!setup_myself()) return false; @@ -549,21 +571,29 @@ void close_network_connections(void) for(node = connection_tree->head; node; node = next) { next = node->next; - c = (connection_t *) node->data; + c = node->data; if(c->outgoing) free(c->outgoing->name), free(c->outgoing), c->outgoing = NULL; terminate_connection(c, false); } - if(myself && myself->connection) + if(myself && myself->connection) { + subnet_update(myself, NULL, false); terminate_connection(myself->connection, false); + } for(i = 0; i < listen_sockets; i++) { close(listen_socket[i].tcp); close(listen_socket[i].udp); } + asprintf(&envp[0], "NETNAME=%s", netname ? : ""); + asprintf(&envp[1], "DEVICE=%s", device ? : ""); + asprintf(&envp[2], "INTERFACE=%s", iface ? : ""); + asprintf(&envp[3], "NAME=%s", myself->name); + envp[4] = NULL; + exit_requests(); exit_events(); exit_edges(); @@ -571,12 +601,6 @@ void close_network_connections(void) exit_nodes(); exit_connections(); - asprintf(&envp[0], "NETNAME=%s", netname ? : ""); - asprintf(&envp[1], "DEVICE=%s", device ? : ""); - asprintf(&envp[2], "INTERFACE=%s", iface ? : ""); - asprintf(&envp[3], "NAME=%s", myself->name); - envp[4] = NULL; - execute_script("tinc-down", envp); for(i = 0; i < 4; i++)