Save RSA public and private keys to a separate file, instead of

wanting to copy them into a configuration file.

diff --git a/m4/openssl.m4 b/m4/openssl.m4
index 782e7e1..2d24258 100644 (file)
--- a/m4/openssl.m4
+++ b/m4/openssl.m4
@@ -41,12 +41,12 @@ if test "$tinc_cv_openssl_include" != "none given" ; then
 fi
 
 osi=found
 fi
 
 osi=found

-AC_CHECK_HEADERS(evp.h rsa.h rand.h err.h sha.h,
+AC_CHECK_HEADERS(evp.h rsa.h rand.h err.h sha.h pem.h,

 [], [osi=none; break])
 
 if test "$osi" = "none" ; then
   osi=found
 [], [osi=none; break])
 
 if test "$osi" = "none" ; then
   osi=found

-  AC_CHECK_HEADERS(openssl/evp.h openssl/rsa.h openssl/rand.h openssl/err.h openssl/sha.h,
+  AC_CHECK_HEADERS(openssl/evp.h openssl/rsa.h openssl/rand.h openssl/err.h openssl/sha.h openssl/pem.h,

   [], [osi=none; break])
 fi
 
   [], [osi=none; break])
 fi
 

diff --git a/src/conf.c b/src/conf.c
index 56d1a8a..37bfe94 100644 (file)
--- a/src/conf.c
+++ b/src/conf.c
@@ -1,6 +1,6 @@
 /*
     conf.c -- configuration code
 /*
     conf.c -- configuration code

-    Copyright (C) 1998 Emphyrio,
+    Copyright (C) 1998 Robert van der Meulen

     Copyright (C) 1998,1999,2000 Ivo Timmermans <itimmermans@bigfoot.com>
                             2000 Guus Sliepen <guus@sliepen.warande.net>
                            2000 Cris van Pelt <tribbel@arise.dhs.org>
     Copyright (C) 1998,1999,2000 Ivo Timmermans <itimmermans@bigfoot.com>
                             2000 Guus Sliepen <guus@sliepen.warande.net>
                            2000 Cris van Pelt <tribbel@arise.dhs.org>


@@ -19,7 +19,7 @@
     along with this program; if not, write to the Free Software
     Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
 
     along with this program; if not, write to the Free Software
     Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
 

-    $Id: conf.c,v 1.9.4.22 2000/11/20 19:12:11 guus Exp $
+    $Id: conf.c,v 1.9.4.23 2000/11/28 23:12:56 zarq Exp $

 */
 
 #include "config.h"
 */
 
 #include "config.h"


@@ -33,10 +33,10 @@
 #include <syslog.h>
 
 #include <xalloc.h>
 #include <syslog.h>
 
 #include <xalloc.h>

+#include <utils.h> /* for cp */

 
 #include "conf.h"
 #include "netutl.h" /* for strtoip */
 
 #include "conf.h"
 #include "netutl.h" /* for strtoip */

-#include <utils.h> /* for cp */

 
 #include "config.h"
 #include "system.h"
 
 #include "config.h"
 #include "system.h"


@@ -255,3 +255,47 @@ cp
   *base = NULL;
 cp
 }
   *base = NULL;
 cp
 }

+
+#define is_safe_file(p) 1
+
+FILE *ask_and_safe_open(const char* filename)
+{
+  FILE *r;
+  char *directory;
+  char *fn;
+  int len;
+
+  if(!isatty(0))
+    {
+      /* Argh, they are running us from a script or something.  Write
+         the files to the current directory and let them burn in hell
+         for ever. */
+      directory = "."; /* get_current_directory */
+    }
+  else
+    {
+      directory = ".";
+    }
+
+  len = strlen(filename) + strlen(directory) + 2; /* 1 for the / */
+  fn = xmalloc(len);
+  snprintf(fn, len, "%s/%s", directory, filename);
+
+  if(!is_safe_file(fn))
+    {
+      fprintf(stderr, _("The file `%s' (or any of the leading directories) has unsafe permissions.\n"
+                       "I will not create or overwrite this file.\n"),
+                       fn);
+      return NULL;
+    }
+
+  if((r = fopen(fn, "w")) == NULL)
+    {
+      fprintf(stderr, _("Error opening file `%s': %m"),
+             fn);
+    }
+
+  free(fn);
+  
+  return r;
+}

diff --git a/src/tincd.c b/src/tincd.c
index f98afe4..7a65aad 100644 (file)
--- a/src/tincd.c
+++ b/src/tincd.c
@@ -17,7 +17,7 @@
     along with this program; if not, write to the Free Software
     Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
 
     along with this program; if not, write to the Free Software
     Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
 

-    $Id: tincd.c,v 1.10.4.35 2000/11/24 23:13:07 guus Exp $
+    $Id: tincd.c,v 1.10.4.36 2000/11/28 23:12:57 zarq Exp $

 */
 
 #include "config.h"
 */
 
 #include "config.h"


@@ -56,6 +56,12 @@
 # include <err.h>
 #endif
 
 # include <err.h>
 #endif
 

+#ifdef HAVE_OPENSSL_PEM_H
+# include <openssl/pem.h>
+#else
+# include <pem.h>
+#endif
+

 
 
 #include <utils.h>
 
 
 #include <utils.h>


@@ -211,11 +217,14 @@ void indicator(int a, int b, void *p)
   }
 }
 
   }
 }
 

-/* Generate a public/private RSA keypair, and possibly store it into the configuration file. */
-
+/*
+  Generate a public/private RSA keypair, and ask for a file to store
+  them in.
+*/

 int keygen(int bits)
 {
   RSA *rsa_key;
 int keygen(int bits)
 {
   RSA *rsa_key;

+  FILE *f;

 
   fprintf(stderr, _("Generating %d bits keys:\n"), bits);
   rsa_key = RSA_generate_key(bits, 0xFFFF, indicator, NULL);
 
   fprintf(stderr, _("Generating %d bits keys:\n"), bits);
   rsa_key = RSA_generate_key(bits, 0xFFFF, indicator, NULL);


@@ -227,11 +236,16 @@ int keygen(int bits)
   else
     fprintf(stderr, _("Done.\n"));
 
   else
     fprintf(stderr, _("Done.\n"));
 

-  fprintf(stderr, _("Please copy the private key to tinc.conf and the\npublic key to your host configuration file:\n\n"));
-  printf("PublicKey = %s\n", BN_bn2hex(rsa_key->n));
-  printf("PrivateKey = %s\n", BN_bn2hex(rsa_key->d));
+  if((f = ask_and_safe_open("rsa_key.pub")) == NULL)
+    return -1;
+  PEM_write_RSAPublicKey(f, rsa_key);
+  fclose(f);

   
   

-  fflush(stdin);
+  if((f = ask_and_safe_open("rsa_key.priv")) == NULL)
+    return -1;
+  PEM_write_RSAPrivateKey(f, rsa_key, NULL, NULL, 0, NULL, NULL);
+  fclose(f);
+

   return 0;
 }
 
   return 0;
 }