X-Git-Url: https://tinc-vpn.org/git/browse?a=blobdiff_plain;f=src%2Fnet_setup.c;h=c2e0825ed87bc0779fe957d3b0103609b8ce7cd6;hb=2c6b2d70e6640f39563ad7bb0aa0ba87f883848c;hp=d4bc59e58014f4dff020d1396ddc029073fe3cc4;hpb=7ab400aebdc38e7ee5dafc0a2291bbbea25e3f7c;p=tinc diff --git a/src/net_setup.c b/src/net_setup.c index d4bc59e5..c2e0825e 100644 --- a/src/net_setup.c +++ b/src/net_setup.c @@ -23,8 +23,10 @@ #include "system.h" #include "cipher.h" +#include "conf_net.h" #include "conf.h" #include "connection.h" +#include "compression.h" #include "control.h" #include "device.h" #include "digest.h" @@ -37,11 +39,11 @@ #include "process.h" #include "protocol.h" #include "route.h" -#include "rsa.h" #include "script.h" #include "subnet.h" #include "utils.h" #include "xalloc.h" +#include "keys.h" #ifdef HAVE_MINIUPNPC #include "upnp.h" @@ -109,146 +111,6 @@ exit: return n->ecdsa; } -bool read_ecdsa_public_key(connection_t *c) { - if(ecdsa_active(c->ecdsa)) { - return true; - } - - FILE *fp; - char *fname; - char *p; - - if(!c->config_tree) { - init_configuration(&c->config_tree); - - if(!read_host_config(c->config_tree, c->name, true)) { - return false; - } - } - - /* First, check for simple Ed25519PublicKey statement */ - - if(get_config_string(lookup_config(c->config_tree, "Ed25519PublicKey"), &p)) { - c->ecdsa = ecdsa_set_base64_public_key(p); - free(p); - return c->ecdsa; - } - - /* Else, check for Ed25519PublicKeyFile statement and read it */ - - if(!get_config_string(lookup_config(c->config_tree, "Ed25519PublicKeyFile"), &fname)) { - xasprintf(&fname, "%s" SLASH "hosts" SLASH "%s", confbase, c->name); - } - - fp = fopen(fname, "r"); - - if(!fp) { - logger(DEBUG_ALWAYS, LOG_ERR, "Error reading Ed25519 public key file `%s': %s", - fname, strerror(errno)); - free(fname); - return false; - } - - c->ecdsa = ecdsa_read_pem_public_key(fp); - - if(!c->ecdsa && errno != ENOENT) { - logger(DEBUG_ALWAYS, LOG_ERR, "Parsing Ed25519 public key file `%s' failed.", fname); - } - - fclose(fp); - free(fname); - return c->ecdsa; -} - -#ifndef DISABLE_LEGACY -bool read_rsa_public_key(connection_t *c) { - FILE *fp; - char *fname; - char *n; - - /* First, check for simple PublicKey statement */ - - if(get_config_string(lookup_config(c->config_tree, "PublicKey"), &n)) { - c->rsa = rsa_set_hex_public_key(n, "FFFF"); - free(n); - return c->rsa; - } - - /* Else, check for PublicKeyFile statement and read it */ - - if(!get_config_string(lookup_config(c->config_tree, "PublicKeyFile"), &fname)) { - xasprintf(&fname, "%s" SLASH "hosts" SLASH "%s", confbase, c->name); - } - - fp = fopen(fname, "r"); - - if(!fp) { - logger(DEBUG_ALWAYS, LOG_ERR, "Error reading RSA public key file `%s': %s", fname, strerror(errno)); - free(fname); - return false; - } - - c->rsa = rsa_read_pem_public_key(fp); - fclose(fp); - - if(!c->rsa) { - logger(DEBUG_ALWAYS, LOG_ERR, "Reading RSA public key file `%s' failed: %s", fname, strerror(errno)); - } - - free(fname); - return c->rsa; -} -#endif - -static bool read_ecdsa_private_key(void) { - FILE *fp; - char *fname; - - /* Check for PrivateKeyFile statement and read it */ - - if(!get_config_string(lookup_config(config_tree, "Ed25519PrivateKeyFile"), &fname)) { - xasprintf(&fname, "%s" SLASH "ed25519_key.priv", confbase); - } - - fp = fopen(fname, "r"); - - if(!fp) { - logger(DEBUG_ALWAYS, LOG_ERR, "Error reading Ed25519 private key file `%s': %s", fname, strerror(errno)); - - if(errno == ENOENT) { - logger(DEBUG_ALWAYS, LOG_INFO, "Create an Ed25519 key pair with `tinc -n %s generate-ed25519-keys'.", netname ? netname : "."); - } - - free(fname); - return false; - } - -#ifndef HAVE_MINGW - struct stat s; - - if(fstat(fileno(fp), &s)) { - logger(DEBUG_ALWAYS, LOG_ERR, "Could not stat Ed25519 private key file `%s': %s'", fname, strerror(errno)); - free(fname); - return false; - } - - if(s.st_mode & ~0100700u) { - logger(DEBUG_ALWAYS, LOG_WARNING, "Warning: insecure file permissions for Ed25519 private key file `%s'!", fname); - } - -#endif - - myself->connection->ecdsa = ecdsa_read_pem_private_key(fp); - fclose(fp); - - if(!myself->connection->ecdsa) { - logger(DEBUG_ALWAYS, LOG_ERR, "Reading Ed25519 private key file `%s' failed", fname); - } - - free(fname); - return myself->connection->ecdsa; -} - static bool read_invitation_key(void) { FILE *fp; char fname[PATH_MAX]; @@ -274,74 +136,6 @@ static bool read_invitation_key(void) { return invitation_key; } -#ifndef DISABLE_LEGACY -static bool read_rsa_private_key(void) { - FILE *fp; - char *fname; - char *n, *d; - - /* First, check for simple PrivateKey statement */ - - if(get_config_string(lookup_config(config_tree, "PrivateKey"), &d)) { - if(!get_config_string(lookup_config(config_tree, "PublicKey"), &n)) { - logger(DEBUG_ALWAYS, LOG_ERR, "PrivateKey used but no PublicKey found!"); - free(d); - return false; - } - - myself->connection->rsa = rsa_set_hex_private_key(n, "FFFF", d); - free(n); - free(d); - return myself->connection->rsa; - } - - /* Else, check for PrivateKeyFile statement and read it */ - - if(!get_config_string(lookup_config(config_tree, "PrivateKeyFile"), &fname)) { - xasprintf(&fname, "%s" SLASH "rsa_key.priv", confbase); - } - - fp = fopen(fname, "r"); - - if(!fp) { - logger(DEBUG_ALWAYS, LOG_ERR, "Error reading RSA private key file `%s': %s", - fname, strerror(errno)); - - if(errno == ENOENT) { - logger(DEBUG_ALWAYS, LOG_INFO, "Create an RSA key pair with `tinc -n %s generate-rsa-keys'.", netname ? netname : "."); - } - - free(fname); - return false; - } - -#ifndef HAVE_MINGW - struct stat s; - - if(fstat(fileno(fp), &s)) { - logger(DEBUG_ALWAYS, LOG_ERR, "Could not stat RSA private key file `%s': %s'", fname, strerror(errno)); - free(fname); - return false; - } - - if(s.st_mode & ~0100700u) { - logger(DEBUG_ALWAYS, LOG_WARNING, "Warning: insecure file permissions for RSA private key file `%s'!", fname); - } - -#endif - - myself->connection->rsa = rsa_read_pem_private_key(fp); - fclose(fp); - - if(!myself->connection->rsa) { - logger(DEBUG_ALWAYS, LOG_ERR, "Reading RSA private key file `%s' failed: %s", fname, strerror(errno)); - } - - free(fname); - return myself->connection->rsa; -} -#endif - #ifndef DISABLE_LEGACY static timeout_t keyexpire_timeout; @@ -642,6 +436,14 @@ bool setup_myself_reloadable(void) { free(bmode); } + /* Delete all broadcast subnets before re-adding them */ + + for splay_each(subnet_t, s, subnet_tree) { + if(!s->owner) { + splay_delete_node(subnet_tree, node); + } + } + const char *const DEFAULT_BROADCAST_SUBNETS[] = { "ff:ff:ff:ff:ff:ff", "255.255.255.255", "224.0.0.0/4", "ff00::/8" }; for(size_t i = 0; i < sizeof(DEFAULT_BROADCAST_SUBNETS) / sizeof(*DEFAULT_BROADCAST_SUBNETS); i++) { @@ -651,11 +453,7 @@ bool setup_myself_reloadable(void) { abort(); } - if(splay_search(subnet_tree, s)) { - free(s); - } else { - subnet_add(NULL, s); - } + subnet_add(NULL, s); } for(config_t *cfg = lookup_config(config_tree, "BroadcastSubnet"); cfg; cfg = lookup_config_next(config_tree, cfg)) { @@ -665,11 +463,7 @@ bool setup_myself_reloadable(void) { continue; } - if(splay_search(subnet_tree, s)) { - free(s); - } else { - subnet_add(NULL, s); - } + subnet_add(NULL, s); } #if !defined(IP_TOS) @@ -890,7 +684,8 @@ static bool setup_myself(void) { myself->options |= PROT_MINOR << 24; #ifdef DISABLE_LEGACY - experimental = read_ecdsa_private_key(); + myself->connection->ecdsa = read_ecdsa_private_key(config_tree, NULL); + experimental = myself->connection->ecdsa != NULL; if(!experimental) { logger(DEBUG_ALWAYS, LOG_ERR, "No private key available, cannot start tinc!"); @@ -900,18 +695,25 @@ static bool setup_myself(void) { #else if(!get_config_bool(lookup_config(config_tree, "ExperimentalProtocol"), &experimental)) { - experimental = read_ecdsa_private_key(); + myself->connection->ecdsa = read_ecdsa_private_key(config_tree, NULL); + experimental = myself->connection->ecdsa != NULL; if(!experimental) { logger(DEBUG_ALWAYS, LOG_WARNING, "Support for SPTPS disabled."); } } else { - if(experimental && !read_ecdsa_private_key()) { - return false; + if(experimental) { + myself->connection->ecdsa = read_ecdsa_private_key(config_tree, NULL); + + if(!myself->connection->ecdsa) { + return false; + } } } - if(!read_rsa_private_key()) { + myself->connection->rsa = read_rsa_private_key(config_tree, NULL); + + if(!myself->connection->rsa) { if(experimental) { logger(DEBUG_ALWAYS, LOG_WARNING, "Support for legacy protocol disabled."); } else { @@ -1058,10 +860,9 @@ static bool setup_myself(void) { #endif /* Compression */ - if(get_config_int(lookup_config(config_tree, "Compression"), &myself->incompression)) { switch(myself->incompression) { - case 12: + case COMPRESS_LZ4: #ifdef HAVE_LZ4 break; #else @@ -1070,8 +871,8 @@ static bool setup_myself(void) { return false; #endif - case 11: - case 10: + case COMPRESS_LZO_HI: + case COMPRESS_LZO_LO: #ifdef HAVE_LZO break; #else @@ -1080,15 +881,15 @@ static bool setup_myself(void) { return false; #endif - case 9: - case 8: - case 7: - case 6: - case 5: - case 4: - case 3: - case 2: - case 1: + case COMPRESS_ZLIB_9: + case COMPRESS_ZLIB_8: + case COMPRESS_ZLIB_7: + case COMPRESS_ZLIB_6: + case COMPRESS_ZLIB_5: + case COMPRESS_ZLIB_4: + case COMPRESS_ZLIB_3: + case COMPRESS_ZLIB_2: + case COMPRESS_ZLIB_1: #ifdef HAVE_ZLIB break; #else @@ -1097,7 +898,7 @@ static bool setup_myself(void) { return false; #endif - case 0: + case COMPRESS_NONE: break; default: @@ -1106,10 +907,10 @@ static bool setup_myself(void) { return false; } } else { - myself->incompression = 0; + myself->incompression = COMPRESS_NONE; } - myself->connection->outcompression = 0; + myself->connection->outcompression = COMPRESS_NONE; /* Done */