X-Git-Url: https://tinc-vpn.org/git/browse?p=tinc;a=blobdiff_plain;f=src%2Fnet_setup.c;h=23dd2521c74b465cdc64405ea79b3f821e3040aa;hp=a7ed3a8995750b45ece4fe82f437fbd2bbe5bcf9;hb=0c7e0210d900185d4c1a9ffd969dc2a26d9523a9;hpb=3df86ef17bce9f24c3dad79ccc2b17aa6e93ea34

diff --git a/src/net_setup.c b/src/net_setup.c
index a7ed3a89..23dd2521 100644
--- a/src/net_setup.c
+++ b/src/net_setup.c
@@ -1,7 +1,7 @@
 /*
     net_setup.c -- Setup.
     Copyright (C) 1998-2005 Ivo Timmermans,
-                  2000-2014 Guus Sliepen <guus@tinc-vpn.org>
+                  2000-2015 Guus Sliepen <guus@tinc-vpn.org>
                   2006      Scott Lamb <slamb@slamb.org>
                   2010      Brandon Black <blblack@gmail.com>
 
@@ -137,18 +137,17 @@ bool read_ecdsa_public_key(connection_t *c) {
 	}
 
 	c->ecdsa = ecdsa_read_pem_public_key(fp);
-	fclose(fp);
 
-	if(!c->ecdsa)
+	if(!c->ecdsa && errno != ENOENT)
 		logger(DEBUG_ALWAYS, LOG_ERR, "Parsing Ed25519 public key file `%s' failed.", fname);
+
+	fclose(fp);
 	free(fname);
 	return c->ecdsa;
 }
 
+#ifndef DISABLE_LEGACY
 bool read_rsa_public_key(connection_t *c) {
-	if(ecdsa_active(c->ecdsa))
-		return true;
-
 	FILE *fp;
 	char *fname;
 	char *n;
@@ -182,6 +181,7 @@ bool read_rsa_public_key(connection_t *c) {
 	free(fname);
 	return c->rsa;
 }
+#endif
 
 static bool read_ecdsa_private_key(void) {
 	FILE *fp;
@@ -226,14 +226,14 @@ static bool read_ecdsa_private_key(void) {
 
 static bool read_invitation_key(void) {
 	FILE *fp;
-	char *fname;
+	char fname[PATH_MAX];
 
 	if(invitation_key) {
 		ecdsa_free(invitation_key);
 		invitation_key = NULL;
 	}
 
-	xasprintf(&fname, "%s" SLASH "invitations" SLASH "ed25519_key.priv", confbase);
+	snprintf(fname, sizeof fname, "%s" SLASH "invitations" SLASH "ed25519_key.priv", confbase);
 
 	fp = fopen(fname, "r");
 
@@ -244,10 +244,10 @@ static bool read_invitation_key(void) {
 			logger(DEBUG_ALWAYS, LOG_ERR, "Reading Ed25519 private key file `%s' failed", fname);
 	}
 
-	free(fname);
 	return invitation_key;
 }
 
+#ifndef DISABLE_LEGACY
 static bool read_rsa_private_key(void) {
 	FILE *fp;
 	char *fname;
@@ -277,6 +277,8 @@ static bool read_rsa_private_key(void) {
 	if(!fp) {
 		logger(DEBUG_ALWAYS, LOG_ERR, "Error reading RSA private key file `%s': %s",
 			   fname, strerror(errno));
+		if(errno == ENOENT)
+			logger(DEBUG_ALWAYS, LOG_INFO, "Create an RSA keypair with `tinc -n %s generate-rsa-keys'.", netname ?: ".");
 		free(fname);
 		return false;
 	}
@@ -302,6 +304,7 @@ static bool read_rsa_private_key(void) {
 	free(fname);
 	return myself->connection->rsa;
 }
+#endif
 
 static timeout_t keyexpire_timeout;
 
@@ -313,6 +316,8 @@ static void keyexpire_handler(void *data) {
 void regenerate_key(void) {
 	logger(DEBUG_STATUS, LOG_INFO, "Expiring symmetric keys");
 	send_key_changed();
+	for splay_each(node_t, n, node_tree)
+		n->status.validkey_in = false;
 }
 
 /*
@@ -321,13 +326,12 @@ void regenerate_key(void) {
 void load_all_subnets(void) {
 	DIR *dir;
 	struct dirent *ent;
-	char *dname;
+	char dname[PATH_MAX];
 
-	xasprintf(&dname, "%s" SLASH "hosts", confbase);
+	snprintf(dname, sizeof dname, "%s" SLASH "hosts", confbase);
 	dir = opendir(dname);
 	if(!dir) {
 		logger(DEBUG_ALWAYS, LOG_ERR, "Could not open %s: %s", dname, strerror(errno));
-		free(dname);
 		return;
 	}
 
@@ -360,6 +364,7 @@ void load_all_subnets(void) {
 
 			if((s2 = lookup_subnet(n, s))) {
 				s2->expires = -1;
+				free(s);
 			} else {
 				subnet_add(n, s);
 			}
@@ -374,13 +379,12 @@ void load_all_subnets(void) {
 void load_all_nodes(void) {
 	DIR *dir;
 	struct dirent *ent;
-	char *dname;
+	char dname[PATH_MAX];
 
-	xasprintf(&dname, "%s" SLASH "hosts", confbase);
+	snprintf(dname, sizeof dname, "%s" SLASH "hosts", confbase);
 	dir = opendir(dname);
 	if(!dir) {
 		logger(DEBUG_ALWAYS, LOG_ERR, "Could not open %s: %s", dname, strerror(errno));
-		free(dname);
 		return;
 	}
 
@@ -504,6 +508,14 @@ bool setup_myself_reloadable(void) {
 	if(myself->options & OPTION_TCPONLY)
 		myself->options |= OPTION_INDIRECT;
 
+	get_config_bool(lookup_config(config_tree, "UDPDiscovery"), &udp_discovery);
+	get_config_int(lookup_config(config_tree, "UDPDiscoveryKeepaliveInterval"), &udp_discovery_keepalive_interval);
+	get_config_int(lookup_config(config_tree, "UDPDiscoveryInterval"), &udp_discovery_interval);
+	get_config_int(lookup_config(config_tree, "UDPDiscoveryTimeout"), &udp_discovery_timeout);
+
+	get_config_int(lookup_config(config_tree, "MTUInfoInterval"), &mtu_info_interval);
+	get_config_int(lookup_config(config_tree, "UDPInfoInterval"), &udp_info_interval);
+
 	get_config_bool(lookup_config(config_tree, "DirectOnly"), &directonly);
 	get_config_bool(lookup_config(config_tree, "LocalDiscovery"), &localdiscovery);
 
@@ -650,6 +662,9 @@ static bool add_listen_address(char *address, bool bindto) {
 	hint.ai_protocol = IPPROTO_TCP;
 	hint.ai_flags = AI_PASSIVE;
 
+#if HAVE_DECL_RES_INIT
+	res_init();
+#endif
 	int err = getaddrinfo(address && *address ? address : NULL, port, &hint, &ai);
 	free(address);
 
@@ -771,6 +786,13 @@ static bool setup_myself(void) {
 
 	myself->options |= PROT_MINOR << 24;
 
+#ifdef DISABLE_LEGACY
+	experimental = read_ecdsa_private_key();
+	if(!experimental) {
+		logger(DEBUG_ALWAYS, LOG_ERR, "No private key available, cannot start tinc!");
+		return false;
+	}
+#else
 	if(!get_config_bool(lookup_config(config_tree, "ExperimentalProtocol"), &experimental)) {
 		experimental = read_ecdsa_private_key();
 		if(!experimental)
@@ -780,8 +802,15 @@ static bool setup_myself(void) {
 			return false;
 	}
 
-	if(!read_rsa_private_key())
-		return false;
+	if(!read_rsa_private_key()) {
+		if(experimental) {
+			logger(DEBUG_ALWAYS, LOG_WARNING, "Support for legacy protocol disabled.");
+		} else {
+			logger(DEBUG_ALWAYS, LOG_ERR, "No private keys available, cannot start tinc!");
+			return false;
+		}
+	}
+#endif
 
 	/* Ensure myport is numeric */
 
@@ -823,14 +852,14 @@ static bool setup_myself(void) {
 	}
 
 	if(get_config_int(lookup_config(config_tree, "UDPRcvBuf"), &udp_rcvbuf)) {
-		if(udp_rcvbuf <= 0) {
+		if(udp_rcvbuf < 0) {
 			logger(DEBUG_ALWAYS, LOG_ERR, "UDPRcvBuf cannot be negative!");
 			return false;
 		}
 	}
 
 	if(get_config_int(lookup_config(config_tree, "UDPSndBuf"), &udp_sndbuf)) {
-		if(udp_sndbuf <= 0) {
+		if(udp_sndbuf < 0) {
 			logger(DEBUG_ALWAYS, LOG_ERR, "UDPSndBuf cannot be negative!");
 			return false;
 		}
@@ -846,6 +875,7 @@ static bool setup_myself(void) {
 		sptps_replaywin = replaywin;
 	}
 
+#ifndef DISABLE_LEGACY
 	/* Generate packet encryption key */
 
 	if(!get_config_string(lookup_config(config_tree, "Cipher"), &cipher))
@@ -883,6 +913,7 @@ static bool setup_myself(void) {
 	}
 
 	free(digest);
+#endif
 
 	/* Compression */
 
@@ -931,6 +962,7 @@ static bool setup_myself(void) {
 		else if(!strcasecmp(type, "vde"))
 			devops = vde_devops;
 #endif
+		free(type);
 	}
 
 	get_config_bool(lookup_config(config_tree, "DeviceStandby"), &device_standby);