X-Git-Url: https://www.tinc-vpn.org/git/browse?p=tinc;a=blobdiff_plain;f=src%2Fnet_setup.c;h=fe7a562d4fc02cde4e7c32d5119737d4750a6f11;hp=6887fe3429aa6b6c55e44f65803ddc205020300c;hb=82ebfc923ddb050c88bdf5d65ac943a15ca8748a;hpb=f93b1334e087dd7af1b87f475b2d398fdd4d56ab diff --git a/src/net_setup.c b/src/net_setup.c index 6887fe34..fe7a562d 100644 --- a/src/net_setup.c +++ b/src/net_setup.c @@ -1,7 +1,7 @@ /* net_setup.c -- Setup. - Copyright (C) 1998-2002 Ivo Timmermans , - 2000-2002 Guus Sliepen + Copyright (C) 1998-2002 Ivo Timmermans , + 2000-2002 Guus Sliepen This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net_setup.c,v 1.1.2.7 2002/03/01 13:18:54 guus Exp $ + $Id: net_setup.c,v 1.1.2.23 2002/09/04 13:48:52 guus Exp $ */ #include "config.h" @@ -26,8 +26,13 @@ #include #include #include -#ifdef HAVE_LINUX +#ifdef HAVE_NETINET_IN_SYSTM_H + #include +#endif +#ifdef HAVE_NETINET_IP_H #include +#endif +#ifdef HAVE_NETINET_TCP_H #include #endif #include @@ -107,13 +112,26 @@ cp free(fname); c->rsa_key = PEM_read_RSAPublicKey(fp, &c->rsa_key, NULL, NULL); fclose(fp); - if(!c->rsa_key) + if(c->rsa_key) + return 0; /* Woohoo. */ + + /* If it fails, try PEM_read_RSA_PUBKEY. */ + if((fp = fopen(fname, "r")) == NULL) { - syslog(LOG_ERR, _("Reading RSA public key file `%s' failed: %s"), + syslog(LOG_ERR, _("Error reading RSA public key file `%s': %s"), fname, strerror(errno)); + free(fname); return -1; } - return 0; + free(fname); + c->rsa_key = PEM_read_RSA_PUBKEY(fp, &c->rsa_key, NULL, NULL); + fclose(fp); + if(c->rsa_key) + return 0; + + syslog(LOG_ERR, _("Reading RSA public key file `%s' failed: %s"), + fname, strerror(errno)); + return -1; } else { @@ -135,11 +153,23 @@ cp if(c->rsa_key) return 0; - else + + /* Try again with PEM_read_RSA_PUBKEY. */ + + asprintf(&fname, "%s/hosts/%s", confbase, c->name); + if((fp = fopen(fname, "r"))) { - syslog(LOG_ERR, _("No public key for %s specified!"), c->name); - return -1; + c->rsa_key = PEM_read_RSA_PUBKEY(fp, &c->rsa_key, NULL, NULL); + fclose(fp); } + + free(fname); + + if(c->rsa_key) + return 0; + + syslog(LOG_ERR, _("No public key for %s specified!"), c->name); + return -1; } int read_rsa_private_key(void) @@ -184,34 +214,6 @@ cp return -1; } -int check_rsa_key(RSA *rsa_key) -{ - char *test1, *test2, *test3; -cp - if(rsa_key->p && rsa_key->q) - { - if(RSA_check_key(rsa_key) != 1) - return -1; - } - else - { - test1 = xmalloc(RSA_size(rsa_key)); - test2 = xmalloc(RSA_size(rsa_key)); - test3 = xmalloc(RSA_size(rsa_key)); - - if(RSA_public_encrypt(RSA_size(rsa_key), test1, test2, rsa_key, RSA_NO_PADDING) != RSA_size(rsa_key)) - return -1; - - if(RSA_private_decrypt(RSA_size(rsa_key), test2, test3, rsa_key, RSA_NO_PADDING) != RSA_size(rsa_key)) - return -1; - - if(memcmp(test1, test3, RSA_size(rsa_key))) - return -1; - } -cp - return 0; -} - /* Configure node_t myself and set up the local sockets (listen only) */ @@ -220,6 +222,7 @@ int setup_myself(void) config_t *cfg; subnet_t *subnet; char *name, *hostname, *mode, *afname, *cipher, *digest; + char *address = NULL; struct addrinfo hint, *ai, *aip; int choice, err; cp @@ -263,12 +266,6 @@ cp return -1; cp - if(check_rsa_key(myself->connection->rsa_key)) - { - syslog(LOG_ERR, _("Invalid public/private keypair!")); - return -1; - } - if(!get_config_string(lookup_config(myself->connection->config_tree, "Port"), &myport)) asprintf(&myport, "655"); @@ -327,6 +324,13 @@ cp routing_mode = RMODE_ROUTER; get_config_bool(lookup_config(config_tree, "PriorityInheritance"), &priorityinheritance); +#if !defined(SOL_IP) || !defined(IP_TOS) + if(priorityinheritance) + syslog(LOG_WARNING, _("PriorityInheritance not supported on this platform")); +#endif + + if(!get_config_int(lookup_config(config_tree, "MACExpire"), &macexpire)) + macexpire= 600; if(get_config_int(lookup_config(myself->connection->config_tree, "MaxTimeout"), &maxtimeout)) { @@ -392,7 +396,7 @@ cp if(!get_config_int(lookup_config(config_tree, "KeyExpire"), &keylifetime)) keylifetime = 3600; - keyexpires = time(NULL) + keylifetime; + keyexpires = now + keylifetime; /* Check if we want to use message authentication codes... */ @@ -457,6 +461,7 @@ cp myself->nexthop = myself; myself->via = myself; myself->status.active = 1; + myself->status.reachable = 1; node_add(myself); graph(); @@ -466,23 +471,27 @@ cp memset(&hint, 0, sizeof(hint)); + get_config_string(lookup_config(config_tree, "BindToAddress"), &address); + hint.ai_family = addressfamily; hint.ai_socktype = SOCK_STREAM; hint.ai_protocol = IPPROTO_TCP; hint.ai_flags = AI_PASSIVE; - if((err = getaddrinfo(NULL, myport, &hint, &ai)) || !ai) + if((err = getaddrinfo(address, myport, &hint, &ai)) || !ai) { syslog(LOG_ERR, _("System call `%s' failed: %s"), "getaddrinfo", gai_strerror(err)); return -1; } + listen_sockets = 0; + for(aip = ai; aip; aip = aip->ai_next) { - if((tcp_socket[listen_sockets] = setup_listen_socket((sockaddr_t *)aip->ai_addr)) < 0) + if((listen_socket[listen_sockets].tcp = setup_listen_socket((sockaddr_t *)aip->ai_addr)) < 0) continue; - if((udp_socket[listen_sockets] = setup_vpn_in_socket((sockaddr_t *)aip->ai_addr)) < 0) + if((listen_socket[listen_sockets].udp = setup_vpn_in_socket((sockaddr_t *)aip->ai_addr)) < 0) continue; if(debug_lvl >= DEBUG_CONNECTIONS) @@ -492,6 +501,7 @@ cp free(hostname); } + listen_socket[listen_sockets].sa.sa = *aip->ai_addr; listen_sockets++; } @@ -513,12 +523,17 @@ cp */ int setup_network_connections(void) { + char *envp[4]; + int i; cp + now = time(NULL); + init_connections(); init_subnets(); init_nodes(); init_edges(); init_events(); + init_requests(); if(get_config_int(lookup_config(config_tree, "PingTimeout"), &pingtimeout)) { @@ -534,7 +549,15 @@ cp return -1; /* Run tinc-up script to further initialize the tap interface */ - execute_script("tinc-up"); + asprintf(&envp[0], "NETNAME=%s", netname?netname:""); + asprintf(&envp[1], "DEVICE=%s", device?device:""); + asprintf(&envp[2], "INTERFACE=%s", interface?interface:""); + envp[3] = NULL; + + execute_script("tinc-up", envp); + + for(i = 0; i < 4; i++) + free(envp[i]); if(setup_myself() < 0) return -1; @@ -551,6 +574,7 @@ void close_network_connections(void) { avl_node_t *node, *next; connection_t *c; + char *envp[4]; int i; cp for(node = connection_tree->head; node; node = next) @@ -558,7 +582,7 @@ cp next = node->next; c = (connection_t *)node->data; if(c->outgoing) - free(c->outgoing->name), free(c->outgoing); + free(c->outgoing->name), free(c->outgoing), c->outgoing = NULL; terminate_connection(c, 0); } @@ -567,17 +591,26 @@ cp for(i = 0; i < listen_sockets; i++) { - close(udp_socket[i]); - close(tcp_socket[i]); + close(listen_socket[i].tcp); + close(listen_socket[i].udp); } + exit_requests(); exit_events(); exit_edges(); exit_subnets(); exit_nodes(); exit_connections(); - execute_script("tinc-down"); + asprintf(&envp[0], "NETNAME=%s", netname?netname:""); + asprintf(&envp[1], "DEVICE=%s", device?device:""); + asprintf(&envp[2], "INTERFACE=%s", interface?interface:""); + envp[3] = NULL; + + execute_script("tinc-down", envp); + + for(i = 0; i < 4; i++) + free(envp[i]); close_device(); cp