along with this program; if not, write to the Free Software
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
- $Id: conf.c,v 1.9.4.38 2001/01/07 17:08:55 guus Exp $
+ $Id: conf.c,v 1.9.4.39 2001/01/13 16:36:20 guus Exp $
*/
#include "config.h"
FILE *fp;
char *buffer, *line;
char *p, *q;
- int i, lineno = 0;
+ int i, lineno = 0, ignore = 0;
config_t *cfg;
size_t bufsize;
if(p[0] == '#')
continue; /* comment: ignore */
- for(i = 0; hazahaza[i].name != NULL; i++)
- if(!strcasecmp(hazahaza[i].name, p))
- break;
-
- if(!hazahaza[i].name)
- {
- syslog(LOG_ERR, _("Invalid variable name `%s' on line %d while reading config file %s"),
- p, lineno, fname);
- break;
- }
-
- if(((q = strtok(NULL, "\t\n\r =")) == NULL) || q[0] == '#')
- {
- syslog(LOG_ERR, _("No value for variable `%s' on line %d while reading config file %s"),
- hazahaza[i].name, lineno, fname);
- break;
- }
-
- cfg = add_config_val(base, hazahaza[i].argtype, q);
- if(cfg == NULL)
- {
- syslog(LOG_ERR, _("Invalid value for variable `%s' on line %d while reading config file %s"),
- hazahaza[i].name, lineno, fname);
- break;
- }
-
- cfg->which = hazahaza[i].which;
- if(!config)
- config = cfg;
+ if(!strcmp(p, "-----BEGIN"))
+ ignore = 1;
+
+ if(ignore == 0)
+ {
+ for(i = 0; hazahaza[i].name != NULL; i++)
+ if(!strcasecmp(hazahaza[i].name, p))
+ break;
+
+ if(!hazahaza[i].name)
+ {
+ syslog(LOG_ERR, _("Invalid variable name `%s' on line %d while reading config file %s"),
+ p, lineno, fname);
+ break;
+ }
+
+ if(((q = strtok(NULL, "\t\n\r =")) == NULL) || q[0] == '#')
+ {
+ syslog(LOG_ERR, _("No value for variable `%s' on line %d while reading config file %s"),
+ hazahaza[i].name, lineno, fname);
+ break;
+ }
+
+ cfg = add_config_val(base, hazahaza[i].argtype, q);
+ if(cfg == NULL)
+ {
+ syslog(LOG_ERR, _("Invalid value for variable `%s' on line %d while reading config file %s"),
+ hazahaza[i].name, lineno, fname);
+ break;
+ }
+
+ cfg->which = hazahaza[i].which;
+ if(!config)
+ config = cfg;
+ }
+
+ if(!strcmp(p, "-----END"))
+ ignore = 0;
}
free(buffer);
return 1;
}
-FILE *ask_and_safe_open(const char* filename, const char* what)
+FILE *ask_and_safe_open(const char* filename, const char* what, const char* mode)
{
FILE *r;
char *directory;
umask(0077); /* Disallow everything for group and other */
/* Open it first to keep the inode busy */
- if((r = fopen(fn, "w")) == NULL)
+ if((r = fopen(fn, mode)) == NULL)
{
fprintf(stderr, _("Error opening file `%s': %m\n"),
fn);
free(fn);
return NULL;
}
-
+
/* Then check the file for nasty attacks */
if(!is_safe_path(fn)) /* Do not permit any directories that are
readable or writeable by other users. */
}
free(fn);
-
+
return r;
}
along with this program; if not, write to the Free Software
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
- $Id: conf.h,v 1.6.4.21 2001/01/07 17:08:56 guus Exp $
+ $Id: conf.h,v 1.6.4.22 2001/01/13 16:36:21 guus Exp $
*/
#ifndef __TINC_CONF_H__
extern const config_t *get_config_val(config_t *, which_t type);
extern void clear_config();
extern int read_server_config(void);
-extern FILE *ask_and_safe_open(const char*, const char*);
+extern FILE *ask_and_safe_open(const char*, const char*, const char *);
#endif /* __TINC_CONF_H__ */
along with this program; if not, write to the Free Software
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
- $Id: net.c,v 1.35.4.93 2001/01/11 11:19:08 guus Exp $
+ $Id: net.c,v 1.35.4.94 2001/01/13 16:36:21 guus Exp $
*/
#include "config.h"
{
config_t const *cfg;
FILE *fp;
+ char *fname;
void *result;
cp
if(!cl->rsa_key)
cl->rsa_key = RSA_new();
+ /* First, check for simple PublicKey statement */
+
if((cfg = get_config_val(cl->config, config_publickey)))
{
BN_hex2bn(&cl->rsa_key->n, cfg->data.ptr);
BN_hex2bn(&cl->rsa_key->e, "FFFF");
+ return 0;
}
- else if((cfg = get_config_val(cl->config, config_publickeyfile)))
+
+ /* Else, check for PublicKeyFile statement and read it */
+
+ if((cfg = get_config_val(cl->config, config_publickeyfile)))
{
if(is_safe_path(cfg->data.ptr))
{
cfg->data.ptr);
return -1;
}
+ return 0;
}
else
return -1;
}
- else
+
+ /* Else, check if a harnessed public key is in the config file */
+
+ asprintf(&fname, "%s/hosts/%s", confbase, cl->name);
+ if((fp = fopen(fname, "r")))
{
- syslog(LOG_ERR, _("No public key for %s specified!"), cl->name);
- return -1;
+ result = PEM_read_RSAPublicKey(fp, &cl->rsa_key, NULL, NULL);
+ fclose(fp);
+ free(fname);
+ if(result)
+ return 0;
}
+
+ free(fname);
+
+ /* Nothing worked. */
+
+ syslog(LOG_ERR, _("No public key for %s specified!"), cl->name);
cp
- return 0;
+ return -1;
}
int read_rsa_private_key(void)
along with this program; if not, write to the Free Software
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
- $Id: tincd.c,v 1.10.4.41 2001/01/07 17:09:07 guus Exp $
+ $Id: tincd.c,v 1.10.4.42 2001/01/13 16:36:23 guus Exp $
*/
#include "config.h"
{
RSA *rsa_key;
FILE *f;
+ config_t const *cfg;
char *filename;
fprintf(stderr, _("Generating %d bits keys:\n"), bits);
else
fprintf(stderr, _("Done.\n"));
- asprintf(&filename, "%s/rsa_key.pub", confbase);
- if((f = ask_and_safe_open(filename, _("public RSA key"))) == NULL)
+ if(config && (cfg = get_config_val(config, config_name)))
+ asprintf(&filename, "%s/hosts/%s", confbase, cfg->data.ptr);
+ else
+ asprintf(&filename, "%s/rsa_key.priv");
+
+ if((f = ask_and_safe_open(filename, _("public RSA key"), "a")) == NULL)
return -1;
+
+ if(ftell(f))
+ fprintf(stderr, _("Appending key to existing contents.\nMake sure only one key is stored in the file."));
+
PEM_write_RSAPublicKey(f, rsa_key);
fclose(f);
free(filename);
asprintf(&filename, "%s/rsa_key.priv", confbase);
- if((f = ask_and_safe_open(filename, _("private RSA key"))) == NULL)
+ if((f = ask_and_safe_open(filename, _("private RSA key"), "a")) == NULL)
return -1;
+
+ if(ftell(f))
+ fprintf(stderr, _("Appending key to existing contents.\nMake sure only one key is stored in the file."));
+
PEM_write_RSAPrivateKey(f, rsa_key, NULL, NULL, 0, NULL, NULL);
fclose(f);
free(filename);
RAND_load_file("/dev/urandom", 1024);
cp
if(generate_keys)
- exit(keygen(generate_keys));
-
+ {
+ read_server_config();
+ exit(keygen(generate_keys));
+ }
+
if(kill_tincd)
exit(kill_other());
projects / tinc / commitdiff