From a56df1e06be3f47a775919e564c147687e961b5d Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sat, 13 Jan 2001 16:36:23 +0000 Subject: [PATCH] - Allow ASN1 style keys to be in the config files. Note: tinc ignores private key in the main config file, tinc.conf, because it should really be in a separate file. - When generating new keys, check if name is known and by default append the public key to the host configuration file (otherwise rsa_key.pub). --- src/conf.c | 79 +++++++++++++++++++++++++++++------------------------ src/conf.h | 4 +-- src/net.c | 33 ++++++++++++++++++---- src/tincd.c | 28 +++++++++++++++---- 4 files changed, 95 insertions(+), 49 deletions(-) diff --git a/src/conf.c b/src/conf.c index 2643785c..9e8b49b1 100644 --- a/src/conf.c +++ b/src/conf.c @@ -19,7 +19,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: conf.c,v 1.9.4.38 2001/01/07 17:08:55 guus Exp $ + $Id: conf.c,v 1.9.4.39 2001/01/13 16:36:20 guus Exp $ */ #include "config.h" @@ -228,7 +228,7 @@ int read_config_file(config_t **base, const char *fname) FILE *fp; char *buffer, *line; char *p, *q; - int i, lineno = 0; + int i, lineno = 0, ignore = 0; config_t *cfg; size_t bufsize; @@ -265,35 +265,44 @@ cp if(p[0] == '#') continue; /* comment: ignore */ - for(i = 0; hazahaza[i].name != NULL; i++) - if(!strcasecmp(hazahaza[i].name, p)) - break; - - if(!hazahaza[i].name) - { - syslog(LOG_ERR, _("Invalid variable name `%s' on line %d while reading config file %s"), - p, lineno, fname); - break; - } - - if(((q = strtok(NULL, "\t\n\r =")) == NULL) || q[0] == '#') - { - syslog(LOG_ERR, _("No value for variable `%s' on line %d while reading config file %s"), - hazahaza[i].name, lineno, fname); - break; - } - - cfg = add_config_val(base, hazahaza[i].argtype, q); - if(cfg == NULL) - { - syslog(LOG_ERR, _("Invalid value for variable `%s' on line %d while reading config file %s"), - hazahaza[i].name, lineno, fname); - break; - } - - cfg->which = hazahaza[i].which; - if(!config) - config = cfg; + if(!strcmp(p, "-----BEGIN")) + ignore = 1; + + if(ignore == 0) + { + for(i = 0; hazahaza[i].name != NULL; i++) + if(!strcasecmp(hazahaza[i].name, p)) + break; + + if(!hazahaza[i].name) + { + syslog(LOG_ERR, _("Invalid variable name `%s' on line %d while reading config file %s"), + p, lineno, fname); + break; + } + + if(((q = strtok(NULL, "\t\n\r =")) == NULL) || q[0] == '#') + { + syslog(LOG_ERR, _("No value for variable `%s' on line %d while reading config file %s"), + hazahaza[i].name, lineno, fname); + break; + } + + cfg = add_config_val(base, hazahaza[i].argtype, q); + if(cfg == NULL) + { + syslog(LOG_ERR, _("Invalid value for variable `%s' on line %d while reading config file %s"), + hazahaza[i].name, lineno, fname); + break; + } + + cfg->which = hazahaza[i].which; + if(!config) + config = cfg; + } + + if(!strcmp(p, "-----END")) + ignore = 0; } free(buffer); @@ -462,7 +471,7 @@ check2: return 1; } -FILE *ask_and_safe_open(const char* filename, const char* what) +FILE *ask_and_safe_open(const char* filename, const char* what, const char* mode) { FILE *r; char *directory; @@ -509,14 +518,14 @@ FILE *ask_and_safe_open(const char* filename, const char* what) umask(0077); /* Disallow everything for group and other */ /* Open it first to keep the inode busy */ - if((r = fopen(fn, "w")) == NULL) + if((r = fopen(fn, mode)) == NULL) { fprintf(stderr, _("Error opening file `%s': %m\n"), fn); free(fn); return NULL; } - + /* Then check the file for nasty attacks */ if(!is_safe_path(fn)) /* Do not permit any directories that are readable or writeable by other users. */ @@ -530,6 +539,6 @@ FILE *ask_and_safe_open(const char* filename, const char* what) } free(fn); - + return r; } diff --git a/src/conf.h b/src/conf.h index dce3802f..5223864f 100644 --- a/src/conf.h +++ b/src/conf.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: conf.h,v 1.6.4.21 2001/01/07 17:08:56 guus Exp $ + $Id: conf.h,v 1.6.4.22 2001/01/13 16:36:21 guus Exp $ */ #ifndef __TINC_CONF_H__ @@ -99,6 +99,6 @@ extern int read_config_file(config_t **, const char *); extern const config_t *get_config_val(config_t *, which_t type); extern void clear_config(); extern int read_server_config(void); -extern FILE *ask_and_safe_open(const char*, const char*); +extern FILE *ask_and_safe_open(const char*, const char*, const char *); #endif /* __TINC_CONF_H__ */ diff --git a/src/net.c b/src/net.c index 074c271d..5a456832 100644 --- a/src/net.c +++ b/src/net.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.93 2001/01/11 11:19:08 guus Exp $ + $Id: net.c,v 1.35.4.94 2001/01/13 16:36:21 guus Exp $ */ #include "config.h" @@ -610,17 +610,24 @@ int read_rsa_public_key(connection_t *cl) { config_t const *cfg; FILE *fp; + char *fname; void *result; cp if(!cl->rsa_key) cl->rsa_key = RSA_new(); + /* First, check for simple PublicKey statement */ + if((cfg = get_config_val(cl->config, config_publickey))) { BN_hex2bn(&cl->rsa_key->n, cfg->data.ptr); BN_hex2bn(&cl->rsa_key->e, "FFFF"); + return 0; } - else if((cfg = get_config_val(cl->config, config_publickeyfile))) + + /* Else, check for PublicKeyFile statement and read it */ + + if((cfg = get_config_val(cl->config, config_publickeyfile))) { if(is_safe_path(cfg->data.ptr)) { @@ -638,17 +645,31 @@ cp cfg->data.ptr); return -1; } + return 0; } else return -1; } - else + + /* Else, check if a harnessed public key is in the config file */ + + asprintf(&fname, "%s/hosts/%s", confbase, cl->name); + if((fp = fopen(fname, "r"))) { - syslog(LOG_ERR, _("No public key for %s specified!"), cl->name); - return -1; + result = PEM_read_RSAPublicKey(fp, &cl->rsa_key, NULL, NULL); + fclose(fp); + free(fname); + if(result) + return 0; } + + free(fname); + + /* Nothing worked. */ + + syslog(LOG_ERR, _("No public key for %s specified!"), cl->name); cp - return 0; + return -1; } int read_rsa_private_key(void) diff --git a/src/tincd.c b/src/tincd.c index 8eb0be5e..b1f0eb59 100644 --- a/src/tincd.c +++ b/src/tincd.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: tincd.c,v 1.10.4.41 2001/01/07 17:09:07 guus Exp $ + $Id: tincd.c,v 1.10.4.42 2001/01/13 16:36:23 guus Exp $ */ #include "config.h" @@ -229,6 +229,7 @@ int keygen(int bits) { RSA *rsa_key; FILE *f; + config_t const *cfg; char *filename; fprintf(stderr, _("Generating %d bits keys:\n"), bits); @@ -242,16 +243,28 @@ int keygen(int bits) else fprintf(stderr, _("Done.\n")); - asprintf(&filename, "%s/rsa_key.pub", confbase); - if((f = ask_and_safe_open(filename, _("public RSA key"))) == NULL) + if(config && (cfg = get_config_val(config, config_name))) + asprintf(&filename, "%s/hosts/%s", confbase, cfg->data.ptr); + else + asprintf(&filename, "%s/rsa_key.priv"); + + if((f = ask_and_safe_open(filename, _("public RSA key"), "a")) == NULL) return -1; + + if(ftell(f)) + fprintf(stderr, _("Appending key to existing contents.\nMake sure only one key is stored in the file.")); + PEM_write_RSAPublicKey(f, rsa_key); fclose(f); free(filename); asprintf(&filename, "%s/rsa_key.priv", confbase); - if((f = ask_and_safe_open(filename, _("private RSA key"))) == NULL) + if((f = ask_and_safe_open(filename, _("private RSA key"), "a")) == NULL) return -1; + + if(ftell(f)) + fprintf(stderr, _("Appending key to existing contents.\nMake sure only one key is stored in the file.")); + PEM_write_RSAPrivateKey(f, rsa_key, NULL, NULL, 0, NULL, NULL); fclose(f); free(filename); @@ -334,8 +347,11 @@ cp RAND_load_file("/dev/urandom", 1024); cp if(generate_keys) - exit(keygen(generate_keys)); - + { + read_server_config(); + exit(keygen(generate_keys)); + } + if(kill_tincd) exit(kill_other()); -- 2.20.1