/*
net_setup.c -- Setup.
Copyright (C) 1998-2005 Ivo Timmermans,
- 2000-2013 Guus Sliepen <guus@tinc-vpn.org>
+ 2000-2015 Guus Sliepen <guus@tinc-vpn.org>
2006 Scott Lamb <slamb@slamb.org>
2010 Brandon Black <blblack@gmail.com>
#include "netutl.h"
#include "process.h"
#include "protocol.h"
+#include "proxy.h"
#include "route.h"
#include "subnet.h"
#include "utils.h"
char *myport;
devops_t devops;
-char *proxyhost;
-char *proxyport;
-char *proxyuser;
-char *proxypass;
-proxytype_t proxytype;
-
bool read_rsa_public_key(connection_t *c) {
FILE *fp;
char *pubname;
char *fname, *key, *pubkey;
if(get_config_string(lookup_config(config_tree, "PrivateKey"), &key)) {
- if(!get_config_string(lookup_config(config_tree, "PublicKey"), &pubkey)) {
- logger(LOG_ERR, "PrivateKey used but no PublicKey found!");
- return false;
- }
myself->connection->rsa_key = RSA_new();
// RSA_blinding_on(myself->connection->rsa_key, NULL);
if(BN_hex2bn(&myself->connection->rsa_key->d, key) != strlen(key)) {
logger(LOG_ERR, "Invalid PrivateKey for myself!");
+ free(key);
+ return false;
+ }
+ free(key);
+ if(!get_config_string(lookup_config(config_tree, "PublicKey"), &pubkey)) {
+ logger(LOG_ERR, "PrivateKey used but no PublicKey found!");
return false;
}
if(BN_hex2bn(&myself->connection->rsa_key->n, pubkey) != strlen(pubkey)) {
logger(LOG_ERR, "Invalid PublicKey for myself!");
+ free(pubkey);
return false;
}
- BN_hex2bn(&myself->connection->rsa_key->e, "FFFF");
- free(key);
free(pubkey);
+ BN_hex2bn(&myself->connection->rsa_key->e, "FFFF");
return true;
}
#if !defined(HAVE_MINGW) && !defined(HAVE_CYGWIN)
struct stat s;
- if(fstat(fileno(fp), &s)) {
- logger(LOG_ERR, "Could not stat RSA private key file `%s': %s'",
- fname, strerror(errno));
- free(fname);
- return false;
+ if(!fstat(fileno(fp), &s)) {
+ if(s.st_mode & ~0100700)
+ logger(LOG_WARNING, "Warning: insecure file permissions for RSA private key file `%s'!", fname);
+ } else {
+ logger(LOG_WARNING, "Could not stat RSA private key file `%s': %s'", fname, strerror(errno));
}
-
- if(s.st_mode & ~0100700)
- logger(LOG_WARNING, "Warning: insecure file permissions for RSA private key file `%s'!", fname);
#endif
myself->connection->rsa_key = PEM_read_RSAPrivateKey(fp, NULL, NULL, NULL);
if(!envname) {
if(strcmp(name + 1, "HOST")) {
fprintf(stderr, "Invalid Name: environment variable %s does not exist\n", name + 1);
+ free(name);
return false;
}
if(gethostname(hostname, sizeof hostname) || !*hostname) {
fprintf(stderr, "Could not get hostname: %s\n", strerror(errno));
+ free(name);
return false;
}
hostname[31] = 0;
sockaddr2str(&sa, NULL, &myport);
}
- get_config_string(lookup_config(config_tree, "Proxy"), &proxy);
- if(proxy) {
+ if(get_config_string(lookup_config(config_tree, "Proxy"), &proxy)) {
if((space = strchr(proxy, ' ')))
*space++ = 0;
proxytype = PROXY_EXEC;
} else {
logger(LOG_ERR, "Unknown proxy type %s!", proxy);
+ free(proxy);
return false;
}
case PROXY_EXEC:
if(!space || !*space) {
logger(LOG_ERR, "Argument expected for proxy type exec!");
+ free(proxy);
return false;
}
proxyhost = xstrdup(space);
*space++ = 0, proxypass = space;
if(!proxyhost || !*proxyhost || !proxyport || !*proxyport) {
logger(LOG_ERR, "Host and port argument expected for proxy!");
+ free(proxy);
return false;
}
proxyhost = xstrdup(proxyhost);
routing_mode = RMODE_HUB;
else {
logger(LOG_ERR, "Invalid routing mode!");
+ free(mode);
return false;
}
free(mode);
forwarding_mode = FMODE_KERNEL;
else {
logger(LOG_ERR, "Invalid forwarding mode!");
+ free(mode);
return false;
}
free(mode);
broadcast_mode = BMODE_DIRECT;
else {
logger(LOG_ERR, "Invalid broadcast mode!");
+ free(mode);
return false;
}
free(mode);
#if !defined(SOL_IP) || !defined(IP_TOS)
if(priorityinheritance)
- logger(LOG_WARNING, "%s not supported on this platform", "PriorityInheritance");
+ logger(LOG_WARNING, "%s not supported on this platform for IPv4 connection", "PriorityInheritance");
+#endif
+
+#if !defined(IPPROTO_IPV6) || !defined(IPV6_TCLASS)
+ if(priorityinheritance)
+ logger(LOG_WARNING, "%s not supported on this platform for IPv6 connection", "PriorityInheritance");
#endif
if(!get_config_int(lookup_config(config_tree, "MACExpire"), &macexpire))
} else
maxtimeout = 900;
+ if(get_config_int(lookup_config(config_tree, "MinTimeout"), &mintimeout)) {
+ if(mintimeout < 0) {
+ logger(LOG_ERR, "Bogus minimum timeout!");
+ return false;
+ }
+ if(mintimeout > maxtimeout) {
+ logger(LOG_WARNING, "Minimum timeout (%d s) cannot be larger than maximum timeout (%d s). Correcting !", mintimeout, maxtimeout );
+ mintimeout=maxtimeout;
+ }
+ } else
+ mintimeout = 0;
+
if(get_config_int(lookup_config(config_tree, "UDPRcvBuf"), &udp_rcvbuf)) {
if(udp_rcvbuf <= 0) {
logger(LOG_ERR, "UDPRcvBuf cannot be negative!");
addressfamily = AF_UNSPEC;
else {
logger(LOG_ERR, "Invalid address family!");
+ free(afname);
return false;
}
free(afname);
/* Generate packet encryption key */
- if(get_config_string
- (lookup_config(config_tree, "Cipher"), &cipher)) {
+ if(get_config_string(lookup_config(config_tree, "Cipher"), &cipher)) {
if(!strcasecmp(cipher, "none")) {
myself->incipher = NULL;
} else {
if(!myself->incipher) {
logger(LOG_ERR, "Unrecognized cipher type!");
+ free(cipher);
return false;
}
}
+ free(cipher);
} else
myself->incipher = EVP_bf_cbc();
if(!myself->indigest) {
logger(LOG_ERR, "Unrecognized digest type!");
+ free(digest);
return false;
}
}
+
+ free(digest);
} else
myself->indigest = EVP_sha1();
else if(!strcasecmp(type, "vde"))
devops = vde_devops;
#endif
+ free(type);
}
if(!devops.setup())
xasprintf(&envp[2], "INTERFACE=%s", iface ? : "");
xasprintf(&envp[3], "NAME=%s", myself->name);
+#ifdef HAVE_MINGW
+ Sleep(1000);
+#endif
+#ifdef HAVE_CYGWIN
+ sleep(1);
+#endif
execute_script("tinc-up", envp);
for(i = 0; i < 4; i++)
hint.ai_protocol = IPPROTO_TCP;
hint.ai_flags = AI_PASSIVE;
+#if HAVE_DECL_RES_INIT
+ // ensure glibc reloads /etc/resolv.conf.
+ res_init();
+#endif
err = getaddrinfo(address && *address ? address : NULL, port, &hint, &ai);
free(address);