#include "system.h"
#include "cipher.h"
+#include "conf_net.h"
#include "conf.h"
#include "connection.h"
+#include "compression.h"
#include "control.h"
#include "device.h"
#include "digest.h"
#include "process.h"
#include "protocol.h"
#include "route.h"
-#include "rsa.h"
#include "script.h"
#include "subnet.h"
#include "utils.h"
#include "xalloc.h"
+#include "keys.h"
#ifdef HAVE_MINIUPNPC
#include "upnp.h"
return n->ecdsa;
}
-bool read_ecdsa_public_key(connection_t *c) {
- if(ecdsa_active(c->ecdsa)) {
- return true;
- }
-
- FILE *fp;
- char *fname;
- char *p;
-
- if(!c->config_tree) {
- init_configuration(&c->config_tree);
-
- if(!read_host_config(c->config_tree, c->name, true)) {
- return false;
- }
- }
-
- /* First, check for simple Ed25519PublicKey statement */
-
- if(get_config_string(lookup_config(c->config_tree, "Ed25519PublicKey"), &p)) {
- c->ecdsa = ecdsa_set_base64_public_key(p);
- free(p);
- return c->ecdsa;
- }
-
- /* Else, check for Ed25519PublicKeyFile statement and read it */
-
- if(!get_config_string(lookup_config(c->config_tree, "Ed25519PublicKeyFile"), &fname)) {
- xasprintf(&fname, "%s" SLASH "hosts" SLASH "%s", confbase, c->name);
- }
-
- fp = fopen(fname, "r");
-
- if(!fp) {
- logger(DEBUG_ALWAYS, LOG_ERR, "Error reading Ed25519 public key file `%s': %s",
- fname, strerror(errno));
- free(fname);
- return false;
- }
-
- c->ecdsa = ecdsa_read_pem_public_key(fp);
-
- if(!c->ecdsa && errno != ENOENT) {
- logger(DEBUG_ALWAYS, LOG_ERR, "Parsing Ed25519 public key file `%s' failed.", fname);
- }
-
- fclose(fp);
- free(fname);
- return c->ecdsa;
-}
-
-#ifndef DISABLE_LEGACY
-bool read_rsa_public_key(connection_t *c) {
- FILE *fp;
- char *fname;
- char *n;
-
- /* First, check for simple PublicKey statement */
-
- if(get_config_string(lookup_config(c->config_tree, "PublicKey"), &n)) {
- c->rsa = rsa_set_hex_public_key(n, "FFFF");
- free(n);
- return c->rsa;
- }
-
- /* Else, check for PublicKeyFile statement and read it */
-
- if(!get_config_string(lookup_config(c->config_tree, "PublicKeyFile"), &fname)) {
- xasprintf(&fname, "%s" SLASH "hosts" SLASH "%s", confbase, c->name);
- }
-
- fp = fopen(fname, "r");
-
- if(!fp) {
- logger(DEBUG_ALWAYS, LOG_ERR, "Error reading RSA public key file `%s': %s", fname, strerror(errno));
- free(fname);
- return false;
- }
-
- c->rsa = rsa_read_pem_public_key(fp);
- fclose(fp);
-
- if(!c->rsa) {
- logger(DEBUG_ALWAYS, LOG_ERR, "Reading RSA public key file `%s' failed: %s", fname, strerror(errno));
- }
-
- free(fname);
- return c->rsa;
-}
-#endif
-
-static bool read_ecdsa_private_key(void) {
- FILE *fp;
- char *fname;
-
- /* Check for PrivateKeyFile statement and read it */
-
- if(!get_config_string(lookup_config(config_tree, "Ed25519PrivateKeyFile"), &fname)) {
- xasprintf(&fname, "%s" SLASH "ed25519_key.priv", confbase);
- }
-
- fp = fopen(fname, "r");
-
- if(!fp) {
- logger(DEBUG_ALWAYS, LOG_ERR, "Error reading Ed25519 private key file `%s': %s", fname, strerror(errno));
-
- if(errno == ENOENT) {
- logger(DEBUG_ALWAYS, LOG_INFO, "Create an Ed25519 key pair with `tinc -n %s generate-ed25519-keys'.", netname ? netname : ".");
- }
-
- free(fname);
- return false;
- }
-
-#ifndef HAVE_MINGW
- struct stat s;
-
- if(fstat(fileno(fp), &s)) {
- logger(DEBUG_ALWAYS, LOG_ERR, "Could not stat Ed25519 private key file `%s': %s'", fname, strerror(errno));
- free(fname);
- return false;
- }
-
- if(s.st_mode & ~0100700u) {
- logger(DEBUG_ALWAYS, LOG_WARNING, "Warning: insecure file permissions for Ed25519 private key file `%s'!", fname);
- }
-
-#endif
-
- myself->connection->ecdsa = ecdsa_read_pem_private_key(fp);
- fclose(fp);
-
- if(!myself->connection->ecdsa) {
- logger(DEBUG_ALWAYS, LOG_ERR, "Reading Ed25519 private key file `%s' failed", fname);
- }
-
- free(fname);
- return myself->connection->ecdsa;
-}
-
static bool read_invitation_key(void) {
FILE *fp;
char fname[PATH_MAX];
return invitation_key;
}
-#ifndef DISABLE_LEGACY
-static bool read_rsa_private_key(void) {
- FILE *fp;
- char *fname;
- char *n, *d;
-
- /* First, check for simple PrivateKey statement */
-
- if(get_config_string(lookup_config(config_tree, "PrivateKey"), &d)) {
- if(!get_config_string(lookup_config(config_tree, "PublicKey"), &n)) {
- logger(DEBUG_ALWAYS, LOG_ERR, "PrivateKey used but no PublicKey found!");
- free(d);
- return false;
- }
-
- myself->connection->rsa = rsa_set_hex_private_key(n, "FFFF", d);
- free(n);
- free(d);
- return myself->connection->rsa;
- }
-
- /* Else, check for PrivateKeyFile statement and read it */
-
- if(!get_config_string(lookup_config(config_tree, "PrivateKeyFile"), &fname)) {
- xasprintf(&fname, "%s" SLASH "rsa_key.priv", confbase);
- }
-
- fp = fopen(fname, "r");
-
- if(!fp) {
- logger(DEBUG_ALWAYS, LOG_ERR, "Error reading RSA private key file `%s': %s",
- fname, strerror(errno));
-
- if(errno == ENOENT) {
- logger(DEBUG_ALWAYS, LOG_INFO, "Create an RSA key pair with `tinc -n %s generate-rsa-keys'.", netname ? netname : ".");
- }
-
- free(fname);
- return false;
- }
-
-#ifndef HAVE_MINGW
- struct stat s;
-
- if(fstat(fileno(fp), &s)) {
- logger(DEBUG_ALWAYS, LOG_ERR, "Could not stat RSA private key file `%s': %s'", fname, strerror(errno));
- free(fname);
- return false;
- }
-
- if(s.st_mode & ~0100700u) {
- logger(DEBUG_ALWAYS, LOG_WARNING, "Warning: insecure file permissions for RSA private key file `%s'!", fname);
- }
-
-#endif
-
- myself->connection->rsa = rsa_read_pem_private_key(fp);
- fclose(fp);
-
- if(!myself->connection->rsa) {
- logger(DEBUG_ALWAYS, LOG_ERR, "Reading RSA private key file `%s' failed: %s", fname, strerror(errno));
- }
-
- free(fname);
- return myself->connection->rsa;
-}
-#endif
-
#ifndef DISABLE_LEGACY
static timeout_t keyexpire_timeout;
free(bmode);
}
+ /* Delete all broadcast subnets before re-adding them */
+
+ for splay_each(subnet_t, s, subnet_tree) {
+ if(!s->owner) {
+ splay_delete_node(subnet_tree, node);
+ }
+ }
+
const char *const DEFAULT_BROADCAST_SUBNETS[] = { "ff:ff:ff:ff:ff:ff", "255.255.255.255", "224.0.0.0/4", "ff00::/8" };
for(size_t i = 0; i < sizeof(DEFAULT_BROADCAST_SUBNETS) / sizeof(*DEFAULT_BROADCAST_SUBNETS); i++) {
abort();
}
- if(splay_search(subnet_tree, s)) {
- free(s);
- } else {
- subnet_add(NULL, s);
- }
+ subnet_add(NULL, s);
}
for(config_t *cfg = lookup_config(config_tree, "BroadcastSubnet"); cfg; cfg = lookup_config_next(config_tree, cfg)) {
continue;
}
- if(splay_search(subnet_tree, s)) {
- free(s);
- } else {
- subnet_add(NULL, s);
- }
+ subnet_add(NULL, s);
}
#if !defined(IP_TOS)
myself->options |= PROT_MINOR << 24;
#ifdef DISABLE_LEGACY
- experimental = read_ecdsa_private_key();
+ myself->connection->ecdsa = read_ecdsa_private_key(config_tree, NULL);
+ experimental = myself->connection->ecdsa != NULL;
if(!experimental) {
logger(DEBUG_ALWAYS, LOG_ERR, "No private key available, cannot start tinc!");
#else
if(!get_config_bool(lookup_config(config_tree, "ExperimentalProtocol"), &experimental)) {
- experimental = read_ecdsa_private_key();
+ myself->connection->ecdsa = read_ecdsa_private_key(config_tree, NULL);
+ experimental = myself->connection->ecdsa != NULL;
if(!experimental) {
logger(DEBUG_ALWAYS, LOG_WARNING, "Support for SPTPS disabled.");
}
} else {
- if(experimental && !read_ecdsa_private_key()) {
- return false;
+ if(experimental) {
+ myself->connection->ecdsa = read_ecdsa_private_key(config_tree, NULL);
+
+ if(!myself->connection->ecdsa) {
+ return false;
+ }
}
}
- if(!read_rsa_private_key()) {
+ myself->connection->rsa = read_rsa_private_key(config_tree, NULL);
+
+ if(!myself->connection->rsa) {
if(experimental) {
logger(DEBUG_ALWAYS, LOG_WARNING, "Support for legacy protocol disabled.");
} else {
#endif
/* Compression */
-
if(get_config_int(lookup_config(config_tree, "Compression"), &myself->incompression)) {
switch(myself->incompression) {
- case 12:
+ case COMPRESS_LZ4:
#ifdef HAVE_LZ4
break;
#else
return false;
#endif
- case 11:
- case 10:
+ case COMPRESS_LZO_HI:
+ case COMPRESS_LZO_LO:
#ifdef HAVE_LZO
break;
#else
return false;
#endif
- case 9:
- case 8:
- case 7:
- case 6:
- case 5:
- case 4:
- case 3:
- case 2:
- case 1:
+ case COMPRESS_ZLIB_9:
+ case COMPRESS_ZLIB_8:
+ case COMPRESS_ZLIB_7:
+ case COMPRESS_ZLIB_6:
+ case COMPRESS_ZLIB_5:
+ case COMPRESS_ZLIB_4:
+ case COMPRESS_ZLIB_3:
+ case COMPRESS_ZLIB_2:
+ case COMPRESS_ZLIB_1:
#ifdef HAVE_ZLIB
break;
#else
return false;
#endif
- case 0:
+ case COMPRESS_NONE:
break;
default:
return false;
}
} else {
- myself->incompression = 0;
+ myself->incompression = COMPRESS_NONE;
}
- myself->connection->outcompression = 0;
+ myself->connection->outcompression = COMPRESS_NONE;
/* Done */