X-Git-Url: https://tinc-vpn.org/git/browse?a=blobdiff_plain;f=src%2Fnet_setup.c;h=f3a4bcca10d2b6394257c4749c1a2a8a5d04b3fd;hb=1545909dcb3ac618754486f4ccd4d8f237d64bb7;hp=d4bc59e58014f4dff020d1396ddc029073fe3cc4;hpb=7ab400aebdc38e7ee5dafc0a2291bbbea25e3f7c;p=tinc diff --git a/src/net_setup.c b/src/net_setup.c index d4bc59e5..f3a4bcca 100644 --- a/src/net_setup.c +++ b/src/net_setup.c @@ -23,6 +23,7 @@ #include "system.h" #include "cipher.h" +#include "conf_net.h" #include "conf.h" #include "connection.h" #include "control.h" @@ -37,11 +38,11 @@ #include "process.h" #include "protocol.h" #include "route.h" -#include "rsa.h" #include "script.h" #include "subnet.h" #include "utils.h" #include "xalloc.h" +#include "keys.h" #ifdef HAVE_MINIUPNPC #include "upnp.h" @@ -109,146 +110,6 @@ exit: return n->ecdsa; } -bool read_ecdsa_public_key(connection_t *c) { - if(ecdsa_active(c->ecdsa)) { - return true; - } - - FILE *fp; - char *fname; - char *p; - - if(!c->config_tree) { - init_configuration(&c->config_tree); - - if(!read_host_config(c->config_tree, c->name, true)) { - return false; - } - } - - /* First, check for simple Ed25519PublicKey statement */ - - if(get_config_string(lookup_config(c->config_tree, "Ed25519PublicKey"), &p)) { - c->ecdsa = ecdsa_set_base64_public_key(p); - free(p); - return c->ecdsa; - } - - /* Else, check for Ed25519PublicKeyFile statement and read it */ - - if(!get_config_string(lookup_config(c->config_tree, "Ed25519PublicKeyFile"), &fname)) { - xasprintf(&fname, "%s" SLASH "hosts" SLASH "%s", confbase, c->name); - } - - fp = fopen(fname, "r"); - - if(!fp) { - logger(DEBUG_ALWAYS, LOG_ERR, "Error reading Ed25519 public key file `%s': %s", - fname, strerror(errno)); - free(fname); - return false; - } - - c->ecdsa = ecdsa_read_pem_public_key(fp); - - if(!c->ecdsa && errno != ENOENT) { - logger(DEBUG_ALWAYS, LOG_ERR, "Parsing Ed25519 public key file `%s' failed.", fname); - } - - fclose(fp); - free(fname); - return c->ecdsa; -} - -#ifndef DISABLE_LEGACY -bool read_rsa_public_key(connection_t *c) { - FILE *fp; - char *fname; - char *n; - - /* First, check for simple PublicKey statement */ - - if(get_config_string(lookup_config(c->config_tree, "PublicKey"), &n)) { - c->rsa = rsa_set_hex_public_key(n, "FFFF"); - free(n); - return c->rsa; - } - - /* Else, check for PublicKeyFile statement and read it */ - - if(!get_config_string(lookup_config(c->config_tree, "PublicKeyFile"), &fname)) { - xasprintf(&fname, "%s" SLASH "hosts" SLASH "%s", confbase, c->name); - } - - fp = fopen(fname, "r"); - - if(!fp) { - logger(DEBUG_ALWAYS, LOG_ERR, "Error reading RSA public key file `%s': %s", fname, strerror(errno)); - free(fname); - return false; - } - - c->rsa = rsa_read_pem_public_key(fp); - fclose(fp); - - if(!c->rsa) { - logger(DEBUG_ALWAYS, LOG_ERR, "Reading RSA public key file `%s' failed: %s", fname, strerror(errno)); - } - - free(fname); - return c->rsa; -} -#endif - -static bool read_ecdsa_private_key(void) { - FILE *fp; - char *fname; - - /* Check for PrivateKeyFile statement and read it */ - - if(!get_config_string(lookup_config(config_tree, "Ed25519PrivateKeyFile"), &fname)) { - xasprintf(&fname, "%s" SLASH "ed25519_key.priv", confbase); - } - - fp = fopen(fname, "r"); - - if(!fp) { - logger(DEBUG_ALWAYS, LOG_ERR, "Error reading Ed25519 private key file `%s': %s", fname, strerror(errno)); - - if(errno == ENOENT) { - logger(DEBUG_ALWAYS, LOG_INFO, "Create an Ed25519 key pair with `tinc -n %s generate-ed25519-keys'.", netname ? netname : "."); - } - - free(fname); - return false; - } - -#ifndef HAVE_MINGW - struct stat s; - - if(fstat(fileno(fp), &s)) { - logger(DEBUG_ALWAYS, LOG_ERR, "Could not stat Ed25519 private key file `%s': %s'", fname, strerror(errno)); - free(fname); - return false; - } - - if(s.st_mode & ~0100700u) { - logger(DEBUG_ALWAYS, LOG_WARNING, "Warning: insecure file permissions for Ed25519 private key file `%s'!", fname); - } - -#endif - - myself->connection->ecdsa = ecdsa_read_pem_private_key(fp); - fclose(fp); - - if(!myself->connection->ecdsa) { - logger(DEBUG_ALWAYS, LOG_ERR, "Reading Ed25519 private key file `%s' failed", fname); - } - - free(fname); - return myself->connection->ecdsa; -} - static bool read_invitation_key(void) { FILE *fp; char fname[PATH_MAX]; @@ -274,74 +135,6 @@ static bool read_invitation_key(void) { return invitation_key; } -#ifndef DISABLE_LEGACY -static bool read_rsa_private_key(void) { - FILE *fp; - char *fname; - char *n, *d; - - /* First, check for simple PrivateKey statement */ - - if(get_config_string(lookup_config(config_tree, "PrivateKey"), &d)) { - if(!get_config_string(lookup_config(config_tree, "PublicKey"), &n)) { - logger(DEBUG_ALWAYS, LOG_ERR, "PrivateKey used but no PublicKey found!"); - free(d); - return false; - } - - myself->connection->rsa = rsa_set_hex_private_key(n, "FFFF", d); - free(n); - free(d); - return myself->connection->rsa; - } - - /* Else, check for PrivateKeyFile statement and read it */ - - if(!get_config_string(lookup_config(config_tree, "PrivateKeyFile"), &fname)) { - xasprintf(&fname, "%s" SLASH "rsa_key.priv", confbase); - } - - fp = fopen(fname, "r"); - - if(!fp) { - logger(DEBUG_ALWAYS, LOG_ERR, "Error reading RSA private key file `%s': %s", - fname, strerror(errno)); - - if(errno == ENOENT) { - logger(DEBUG_ALWAYS, LOG_INFO, "Create an RSA key pair with `tinc -n %s generate-rsa-keys'.", netname ? netname : "."); - } - - free(fname); - return false; - } - -#ifndef HAVE_MINGW - struct stat s; - - if(fstat(fileno(fp), &s)) { - logger(DEBUG_ALWAYS, LOG_ERR, "Could not stat RSA private key file `%s': %s'", fname, strerror(errno)); - free(fname); - return false; - } - - if(s.st_mode & ~0100700u) { - logger(DEBUG_ALWAYS, LOG_WARNING, "Warning: insecure file permissions for RSA private key file `%s'!", fname); - } - -#endif - - myself->connection->rsa = rsa_read_pem_private_key(fp); - fclose(fp); - - if(!myself->connection->rsa) { - logger(DEBUG_ALWAYS, LOG_ERR, "Reading RSA private key file `%s' failed: %s", fname, strerror(errno)); - } - - free(fname); - return myself->connection->rsa; -} -#endif - #ifndef DISABLE_LEGACY static timeout_t keyexpire_timeout; @@ -642,6 +435,14 @@ bool setup_myself_reloadable(void) { free(bmode); } + /* Delete all broadcast subnets before re-adding them */ + + for splay_each(subnet_t, s, subnet_tree) { + if(!s->owner) { + splay_delete_node(subnet_tree, node); + } + } + const char *const DEFAULT_BROADCAST_SUBNETS[] = { "ff:ff:ff:ff:ff:ff", "255.255.255.255", "224.0.0.0/4", "ff00::/8" }; for(size_t i = 0; i < sizeof(DEFAULT_BROADCAST_SUBNETS) / sizeof(*DEFAULT_BROADCAST_SUBNETS); i++) { @@ -651,11 +452,7 @@ bool setup_myself_reloadable(void) { abort(); } - if(splay_search(subnet_tree, s)) { - free(s); - } else { - subnet_add(NULL, s); - } + subnet_add(NULL, s); } for(config_t *cfg = lookup_config(config_tree, "BroadcastSubnet"); cfg; cfg = lookup_config_next(config_tree, cfg)) { @@ -665,11 +462,7 @@ bool setup_myself_reloadable(void) { continue; } - if(splay_search(subnet_tree, s)) { - free(s); - } else { - subnet_add(NULL, s); - } + subnet_add(NULL, s); } #if !defined(IP_TOS) @@ -890,7 +683,8 @@ static bool setup_myself(void) { myself->options |= PROT_MINOR << 24; #ifdef DISABLE_LEGACY - experimental = read_ecdsa_private_key(); + myself->connection->ecdsa = read_ecdsa_private_key(config_tree, NULL); + experimental = myself->connection->ecdsa != NULL; if(!experimental) { logger(DEBUG_ALWAYS, LOG_ERR, "No private key available, cannot start tinc!"); @@ -900,18 +694,25 @@ static bool setup_myself(void) { #else if(!get_config_bool(lookup_config(config_tree, "ExperimentalProtocol"), &experimental)) { - experimental = read_ecdsa_private_key(); + myself->connection->ecdsa = read_ecdsa_private_key(config_tree, NULL); + experimental = myself->connection->ecdsa != NULL; if(!experimental) { logger(DEBUG_ALWAYS, LOG_WARNING, "Support for SPTPS disabled."); } } else { - if(experimental && !read_ecdsa_private_key()) { - return false; + if(experimental) { + myself->connection->ecdsa = read_ecdsa_private_key(config_tree, NULL); + + if(!myself->connection->ecdsa) { + return false; + } } } - if(!read_rsa_private_key()) { + myself->connection->rsa = read_rsa_private_key(config_tree, NULL); + + if(!myself->connection->rsa) { if(experimental) { logger(DEBUG_ALWAYS, LOG_WARNING, "Support for legacy protocol disabled."); } else {