X-Git-Url: https://tinc-vpn.org/git/browse?p=tinc;a=blobdiff_plain;f=src%2Fnet_setup.c;h=0c074719cad4fd7566ddbe8620302bbd5ccd79b4;hp=c4f2127ec0dee48bfe9a4f79c8ee48cfb35aef60;hb=d4410d0cce40929db9a0ce7042ef962f1867234d;hpb=fcf5b53e785fd191dd951b77ad831fe6ac78dce4 diff --git a/src/net_setup.c b/src/net_setup.c index c4f2127e..0c074719 100644 --- a/src/net_setup.c +++ b/src/net_setup.c @@ -1,7 +1,7 @@ /* net_setup.c -- Setup. Copyright (C) 1998-2005 Ivo Timmermans, - 2000-2014 Guus Sliepen + 2000-2016 Guus Sliepen 2006 Scott Lamb 2010 Brandon Black @@ -43,7 +43,12 @@ #include "utils.h" #include "xalloc.h" +#ifdef HAVE_MINIUPNPC +#include "upnp.h" +#endif + char *myport; +static char *myname; static io_t device_io; devops_t devops; bool device_standby = false; @@ -136,18 +141,17 @@ bool read_ecdsa_public_key(connection_t *c) { } c->ecdsa = ecdsa_read_pem_public_key(fp); - fclose(fp); - if(!c->ecdsa) + if(!c->ecdsa && errno != ENOENT) logger(DEBUG_ALWAYS, LOG_ERR, "Parsing Ed25519 public key file `%s' failed.", fname); + + fclose(fp); free(fname); return c->ecdsa; } +#ifndef DISABLE_LEGACY bool read_rsa_public_key(connection_t *c) { - if(ecdsa_active(c->ecdsa)) - return true; - FILE *fp; char *fname; char *n; @@ -181,6 +185,7 @@ bool read_rsa_public_key(connection_t *c) { free(fname); return c->rsa; } +#endif static bool read_ecdsa_private_key(void) { FILE *fp; @@ -225,14 +230,14 @@ static bool read_ecdsa_private_key(void) { static bool read_invitation_key(void) { FILE *fp; - char *fname; + char fname[PATH_MAX]; if(invitation_key) { ecdsa_free(invitation_key); invitation_key = NULL; } - xasprintf(&fname, "%s" SLASH "invitations" SLASH "ed25519_key.priv", confbase); + snprintf(fname, sizeof fname, "%s" SLASH "invitations" SLASH "ed25519_key.priv", confbase); fp = fopen(fname, "r"); @@ -243,10 +248,10 @@ static bool read_invitation_key(void) { logger(DEBUG_ALWAYS, LOG_ERR, "Reading Ed25519 private key file `%s' failed", fname); } - free(fname); return invitation_key; } +#ifndef DISABLE_LEGACY static bool read_rsa_private_key(void) { FILE *fp; char *fname; @@ -276,6 +281,8 @@ static bool read_rsa_private_key(void) { if(!fp) { logger(DEBUG_ALWAYS, LOG_ERR, "Error reading RSA private key file `%s': %s", fname, strerror(errno)); + if(errno == ENOENT) + logger(DEBUG_ALWAYS, LOG_INFO, "Create an RSA keypair with `tinc -n %s generate-rsa-keys'.", netname ?: "."); free(fname); return false; } @@ -301,6 +308,7 @@ static bool read_rsa_private_key(void) { free(fname); return myself->connection->rsa; } +#endif static timeout_t keyexpire_timeout; @@ -312,6 +320,8 @@ static void keyexpire_handler(void *data) { void regenerate_key(void) { logger(DEBUG_STATUS, LOG_INFO, "Expiring symmetric keys"); send_key_changed(); + for splay_each(node_t, n, node_tree) + n->status.validkey_in = false; } /* @@ -320,13 +330,12 @@ void regenerate_key(void) { void load_all_subnets(void) { DIR *dir; struct dirent *ent; - char *dname; + char dname[PATH_MAX]; - xasprintf(&dname, "%s" SLASH "hosts", confbase); + snprintf(dname, sizeof dname, "%s" SLASH "hosts", confbase); dir = opendir(dname); if(!dir) { logger(DEBUG_ALWAYS, LOG_ERR, "Could not open %s: %s", dname, strerror(errno)); - free(dname); return; } @@ -359,6 +368,7 @@ void load_all_subnets(void) { if((s2 = lookup_subnet(n, s))) { s2->expires = -1; + free(s); } else { subnet_add(n, s); } @@ -373,13 +383,12 @@ void load_all_subnets(void) { void load_all_nodes(void) { DIR *dir; struct dirent *ent; - char *dname; + char dname[PATH_MAX]; - xasprintf(&dname, "%s" SLASH "hosts", confbase); + snprintf(dname, sizeof dname, "%s" SLASH "hosts", confbase); dir = opendir(dname); if(!dir) { logger(DEBUG_ALWAYS, LOG_ERR, "Could not open %s: %s", dname, strerror(errno)); - free(dname); return; } @@ -402,41 +411,16 @@ void load_all_nodes(void) { char *get_name(void) { char *name = NULL; + char *returned_name; get_config_string(lookup_config(config_tree, "Name"), &name); if(!name) return NULL; - if(*name == '$') { - char *envname = getenv(name + 1); - char hostname[32] = ""; - if(!envname) { - if(strcmp(name + 1, "HOST")) { - logger(DEBUG_ALWAYS, LOG_ERR, "Invalid Name: environment variable %s does not exist\n", name + 1); - return false; - } - if(gethostname(hostname, sizeof hostname) || !*hostname) { - logger(DEBUG_ALWAYS, LOG_ERR, "Could not get hostname: %s\n", sockstrerror(sockerrno)); - return false; - } - hostname[31] = 0; - envname = hostname; - } - free(name); - name = xstrdup(envname); - for(char *c = name; *c; c++) - if(!isalnum(*c)) - *c = '_'; - } - - if(!check_id(name)) { - logger(DEBUG_ALWAYS, LOG_ERR, "Invalid name for myself!"); - free(name); - return false; - } - - return name; + returned_name = replace_name(name); + free(name); + return returned_name; } bool setup_myself_reloadable(void) { @@ -445,7 +429,6 @@ bool setup_myself_reloadable(void) { char *fmode = NULL; char *bmode = NULL; char *afname = NULL; - char *address = NULL; char *space; bool choice; @@ -529,6 +512,14 @@ bool setup_myself_reloadable(void) { if(myself->options & OPTION_TCPONLY) myself->options |= OPTION_INDIRECT; + get_config_bool(lookup_config(config_tree, "UDPDiscovery"), &udp_discovery); + get_config_int(lookup_config(config_tree, "UDPDiscoveryKeepaliveInterval"), &udp_discovery_keepalive_interval); + get_config_int(lookup_config(config_tree, "UDPDiscoveryInterval"), &udp_discovery_interval); + get_config_int(lookup_config(config_tree, "UDPDiscoveryTimeout"), &udp_discovery_timeout); + + get_config_int(lookup_config(config_tree, "MTUInfoInterval"), &mtu_info_interval); + get_config_int(lookup_config(config_tree, "UDPInfoInterval"), &udp_info_interval); + get_config_bool(lookup_config(config_tree, "DirectOnly"), &directonly); get_config_bool(lookup_config(config_tree, "LocalDiscovery"), &localdiscovery); @@ -602,7 +593,12 @@ bool setup_myself_reloadable(void) { #if !defined(SOL_IP) || !defined(IP_TOS) if(priorityinheritance) - logger(DEBUG_ALWAYS, LOG_WARNING, "%s not supported on this platform", "PriorityInheritance"); + logger(DEBUG_ALWAYS, LOG_WARNING, "%s not supported on this platform for IPv4 connections", "PriorityInheritance"); +#endif + +#if !defined(IPPROTO_IPV6) || !defined(IPV6_TCLASS) + if(priorityinheritance) + logger(DEBUG_ALWAYS, LOG_WARNING, "%s not supported on this platform for IPv6 connections", "PriorityInheritance"); #endif if(!get_config_int(lookup_config(config_tree, "MACExpire"), &macexpire)) @@ -675,6 +671,9 @@ static bool add_listen_address(char *address, bool bindto) { hint.ai_protocol = IPPROTO_TCP; hint.ai_flags = AI_PASSIVE; +#if HAVE_DECL_RES_INIT + res_init(); +#endif int err = getaddrinfo(address && *address ? address : NULL, port, &hint, &ai); free(address); @@ -741,7 +740,7 @@ void device_enable(void) { xasprintf(&envp[0], "NETNAME=%s", netname ? : ""); xasprintf(&envp[1], "DEVICE=%s", device ? : ""); xasprintf(&envp[2], "INTERFACE=%s", iface ? : ""); - xasprintf(&envp[3], "NAME=%s", myself->name); + xasprintf(&envp[3], "NAME=%s", myname); execute_script("tinc-up", envp); @@ -754,7 +753,7 @@ void device_disable(void) { xasprintf(&envp[0], "NETNAME=%s", netname ? : ""); xasprintf(&envp[1], "DEVICE=%s", device ? : ""); xasprintf(&envp[2], "INTERFACE=%s", iface ? : ""); - xasprintf(&envp[3], "NAME=%s", myself->name); + xasprintf(&envp[3], "NAME=%s", myname); execute_script("tinc-down", envp); @@ -778,6 +777,7 @@ static bool setup_myself(void) { return false; } + myname = xstrdup(name); myself = new_node(); myself->connection = new_connection(); myself->name = name; @@ -795,6 +795,13 @@ static bool setup_myself(void) { myself->options |= PROT_MINOR << 24; +#ifdef DISABLE_LEGACY + experimental = read_ecdsa_private_key(); + if(!experimental) { + logger(DEBUG_ALWAYS, LOG_ERR, "No private key available, cannot start tinc!"); + return false; + } +#else if(!get_config_bool(lookup_config(config_tree, "ExperimentalProtocol"), &experimental)) { experimental = read_ecdsa_private_key(); if(!experimental) @@ -804,8 +811,15 @@ static bool setup_myself(void) { return false; } - if(!read_rsa_private_key()) - return false; + if(!read_rsa_private_key()) { + if(experimental) { + logger(DEBUG_ALWAYS, LOG_WARNING, "Support for legacy protocol disabled."); + } else { + logger(DEBUG_ALWAYS, LOG_ERR, "No private keys available, cannot start tinc!"); + return false; + } + } +#endif /* Ensure myport is numeric */ @@ -847,14 +861,14 @@ static bool setup_myself(void) { } if(get_config_int(lookup_config(config_tree, "UDPRcvBuf"), &udp_rcvbuf)) { - if(udp_rcvbuf <= 0) { + if(udp_rcvbuf < 0) { logger(DEBUG_ALWAYS, LOG_ERR, "UDPRcvBuf cannot be negative!"); return false; } } if(get_config_int(lookup_config(config_tree, "UDPSndBuf"), &udp_sndbuf)) { - if(udp_sndbuf <= 0) { + if(udp_sndbuf < 0) { logger(DEBUG_ALWAYS, LOG_ERR, "UDPSndBuf cannot be negative!"); return false; } @@ -870,6 +884,7 @@ static bool setup_myself(void) { sptps_replaywin = replaywin; } +#ifndef DISABLE_LEGACY /* Generate packet encryption key */ if(!get_config_string(lookup_config(config_tree, "Cipher"), &cipher)) @@ -907,6 +922,7 @@ static bool setup_myself(void) { } free(digest); +#endif /* Compression */ @@ -955,6 +971,7 @@ static bool setup_myself(void) { else if(!strcasecmp(type, "vde")) devops = vde_devops; #endif + free(type); } get_config_bool(lookup_config(config_tree, "DeviceStandby"), &device_standby); @@ -1051,6 +1068,25 @@ static bool setup_myself(void) { xasprintf(&myself->hostname, "MYSELF port %s", myport); myself->connection->hostname = xstrdup(myself->hostname); + char *upnp = NULL; + get_config_string(lookup_config(config_tree, "UPnP"), &upnp); + bool upnp_tcp = false; + bool upnp_udp = false; + if (upnp) { + if (!strcasecmp(upnp, "yes")) + upnp_tcp = upnp_udp = true; + else if (!strcasecmp(upnp, "udponly")) + upnp_udp = true; + free(upnp); + } + if (upnp_tcp || upnp_udp) { +#ifdef HAVE_MINIUPNPC + upnp_init(upnp_tcp, upnp_udp); +#else + logger(DEBUG_ALWAYS, LOG_WARNING, "UPnP was requested, but tinc isn't built with miniupnpc support!"); +#endif + } + /* Done. */ last_config_check = now.tv_sec; @@ -1138,13 +1174,18 @@ void close_network_connections(void) { if (!device_standby) device_disable(); - if(myport) free(myport); + free(myport); if (device_fd >= 0) io_del(&device_io); - devops.close(); + if (devops.close) + devops.close(); exit_control(); + free(myname); + free(scriptextension); + free(scriptinterpreter); + return; }