X-Git-Url: https://tinc-vpn.org/git/browse?p=tinc;a=blobdiff_plain;f=src%2Fnet_setup.c;h=4c258abb3087f77d6c58697bf40c658d9939a8ab;hp=eee056052a814ead13540bcc9e3836b5abefa788;hb=5db596c6844169f1eb5f804b72abe99d067aaa5a;hpb=f75dcef72a81a337e847adf0bae54198894f65b9 diff --git a/src/net_setup.c b/src/net_setup.c index eee05605..4c258abb 100644 --- a/src/net_setup.c +++ b/src/net_setup.c @@ -1,7 +1,7 @@ /* net_setup.c -- Setup. - Copyright (C) 1998-2002 Ivo Timmermans , - 2000-2002 Guus Sliepen + Copyright (C) 1998-2003 Ivo Timmermans , + 2000-2003 Guus Sliepen This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net_setup.c,v 1.1.2.25 2002/09/09 21:24:41 guus Exp $ + $Id: net_setup.c,v 1.1.2.34 2003/07/12 17:41:46 guus Exp $ */ #include "config.h" @@ -26,22 +26,12 @@ #include #include #include -#ifdef HAVE_NETINET_IN_SYSTM_H -#include -#endif -#ifdef HAVE_NETINET_IP_H -#include -#endif -#ifdef HAVE_NETINET_TCP_H -#include -#endif #include #include #include #include #include #include -#include #include #include /* SunOS really wants sys/socket.h BEFORE net/if.h, @@ -49,6 +39,15 @@ #include #include #include +#ifdef HAVE_NETINET_IN_SYSTM_H +#include +#endif +#ifdef HAVE_NETINET_IP_H +#include +#endif +#ifdef HAVE_NETINET_TCP_H +#include +#endif #include #include @@ -72,12 +71,13 @@ #include "route.h" #include "device.h" #include "event.h" +#include "logger.h" #include "system.h" char *myport; -int read_rsa_public_key(connection_t * c) +int read_rsa_public_key(connection_t *c) { FILE *fp; char *fname; @@ -85,8 +85,10 @@ int read_rsa_public_key(connection_t * c) cp(); - if(!c->rsa_key) + if(!c->rsa_key) { c->rsa_key = RSA_new(); +// RSA_blinding_on(c->rsa_key, NULL); + } /* First, check for simple PublicKey statement */ @@ -105,7 +107,7 @@ int read_rsa_public_key(connection_t * c) fp = fopen(fname, "r"); if(!fp) { - syslog(LOG_ERR, _("Error reading RSA public key file `%s': %s"), + logger(LOG_ERR, _("Error reading RSA public key file `%s': %s"), fname, strerror(errno)); free(fname); return -1; @@ -122,7 +124,7 @@ int read_rsa_public_key(connection_t * c) fp = fopen(fname, "r"); if(!fp) { - syslog(LOG_ERR, _("Error reading RSA public key file `%s': %s"), + logger(LOG_ERR, _("Error reading RSA public key file `%s': %s"), fname, strerror(errno)); free(fname); return -1; @@ -132,10 +134,12 @@ int read_rsa_public_key(connection_t * c) c->rsa_key = PEM_read_RSA_PUBKEY(fp, &c->rsa_key, NULL, NULL); fclose(fp); - if(c->rsa_key) + if(c->rsa_key) { +// RSA_blinding_on(c->rsa_key, NULL); return 0; + } - syslog(LOG_ERR, _("Reading RSA public key file `%s' failed: %s"), + logger(LOG_ERR, _("Reading RSA public key file `%s' failed: %s"), fname, strerror(errno)); return -1; } else { @@ -166,6 +170,7 @@ int read_rsa_public_key(connection_t * c) if(fp) { c->rsa_key = PEM_read_RSA_PUBKEY(fp, &c->rsa_key, NULL, NULL); +// RSA_blinding_on(c->rsa_key, NULL); fclose(fp); } @@ -174,7 +179,7 @@ int read_rsa_public_key(connection_t * c) if(c->rsa_key) return 0; - syslog(LOG_ERR, _("No public key for %s specified!"), c->name); + logger(LOG_ERR, _("No public key for %s specified!"), c->name); return -1; } @@ -188,6 +193,7 @@ int read_rsa_private_key(void) if(get_config_string(lookup_config(config_tree, "PrivateKey"), &key)) { myself->connection->rsa_key = RSA_new(); +// RSA_blinding_on(myself->connection->rsa_key, NULL); BN_hex2bn(&myself->connection->rsa_key->d, key); BN_hex2bn(&myself->connection->rsa_key->e, "FFFF"); free(key); @@ -201,7 +207,7 @@ int read_rsa_private_key(void) fp = fopen(fname, "r"); if(!fp) { - syslog(LOG_ERR, _("Error reading RSA private key file `%s': %s"), + logger(LOG_ERR, _("Error reading RSA private key file `%s': %s"), fname, strerror(errno)); free(fname); return -1; @@ -213,7 +219,7 @@ int read_rsa_private_key(void) fclose(fp); if(!myself->connection->rsa_key) { - syslog(LOG_ERR, _("Reading RSA private key file `%s' failed: %s"), + logger(LOG_ERR, _("Reading RSA private key file `%s' failed: %s"), fname, strerror(errno)); return -1; } @@ -250,12 +256,12 @@ int setup_myself(void) myself->connection->protocol_version = PROT_CURRENT; if(!get_config_string(lookup_config(config_tree, "Name"), &name)) { /* Not acceptable */ - syslog(LOG_ERR, _("Name for tinc daemon required!")); + logger(LOG_ERR, _("Name for tinc daemon required!")); return -1; } if(check_id(name)) { - syslog(LOG_ERR, _("Invalid name for myself!")); + logger(LOG_ERR, _("Invalid name for myself!")); free(name); return -1; } @@ -267,7 +273,7 @@ int setup_myself(void) return -1; if(read_connection_config(myself->connection)) { - syslog(LOG_ERR, _("Cannot open host configuration file for myself!")); + logger(LOG_ERR, _("Cannot open host configuration file for myself!")); return -1; } @@ -323,7 +329,7 @@ int setup_myself(void) else if(!strcasecmp(mode, "hub")) routing_mode = RMODE_HUB; else { - syslog(LOG_ERR, _("Invalid routing mode!")); + logger(LOG_ERR, _("Invalid routing mode!")); return -1; } free(mode); @@ -334,7 +340,7 @@ int setup_myself(void) &priorityinheritance); #if !defined(SOL_IP) || !defined(IP_TOS) if(priorityinheritance) - syslog(LOG_WARNING, _("PriorityInheritance not supported on this platform")); + logger(LOG_WARNING, _("PriorityInheritance not supported on this platform")); #endif if(!get_config_int(lookup_config(config_tree, "MACExpire"), &macexpire)) @@ -344,7 +350,7 @@ int setup_myself(void) (lookup_config(myself->connection->config_tree, "MaxTimeout"), &maxtimeout)) { if(maxtimeout <= 0) { - syslog(LOG_ERR, _("Bogus maximum timeout!")); + logger(LOG_ERR, _("Bogus maximum timeout!")); return -1; } } else @@ -358,12 +364,11 @@ int setup_myself(void) else if(!strcasecmp(afname, "any")) addressfamily = AF_UNSPEC; else { - syslog(LOG_ERR, _("Invalid address family!")); + logger(LOG_ERR, _("Invalid address family!")); return -1; } free(afname); - } else - addressfamily = AF_INET; + } get_config_bool(lookup_config(config_tree, "Hostnames"), &hostnames); @@ -377,7 +382,7 @@ int setup_myself(void) myself->cipher = EVP_get_cipherbyname(cipher); if(!myself->cipher) { - syslog(LOG_ERR, _("Unrecognized cipher type!")); + logger(LOG_ERR, _("Unrecognized cipher type!")); return -1; } } @@ -398,6 +403,9 @@ int setup_myself(void) keylifetime = 3600; keyexpires = now + keylifetime; + + EVP_CIPHER_CTX_init(&packet_ctx); + EVP_DecryptInit_ex(&packet_ctx, myself->cipher, NULL, myself->key, myself->key + myself->cipher->key_len); /* Check if we want to use message authentication codes... */ @@ -409,7 +417,7 @@ int setup_myself(void) myself->digest = EVP_get_digestbyname(digest); if(!myself->digest) { - syslog(LOG_ERR, _("Unrecognized digest type!")); + logger(LOG_ERR, _("Unrecognized digest type!")); return -1; } } @@ -423,10 +431,10 @@ int setup_myself(void) &myself->maclength)) { if(myself->digest) { if(myself->maclength > myself->digest->md_size) { - syslog(LOG_ERR, _("MAC length exceeds size of digest!")); + logger(LOG_ERR, _("MAC length exceeds size of digest!")); return -1; } else if(myself->maclength < 0) { - syslog(LOG_ERR, _("Bogus MAC length!")); + logger(LOG_ERR, _("Bogus MAC length!")); return -1; } } @@ -440,8 +448,8 @@ int setup_myself(void) if(get_config_int (lookup_config(myself->connection->config_tree, "Compression"), &myself->compression)) { - if(myself->compression < 0 || myself->compression > 9) { - syslog(LOG_ERR, _("Bogus compression level!")); + if(myself->compression < 0 || myself->compression > 11) { + logger(LOG_ERR, _("Bogus compression level!")); return -1; } } else @@ -473,7 +481,7 @@ int setup_myself(void) err = getaddrinfo(address, myport, &hint, &ai); if(err || !ai) { - syslog(LOG_ERR, _("System call `%s' failed: %s"), "getaddrinfo", + logger(LOG_ERR, _("System call `%s' failed: %s"), "getaddrinfo", gai_strerror(err)); return -1; } @@ -493,9 +501,9 @@ int setup_myself(void) if(listen_socket[listen_sockets].udp < 0) continue; - if(debug_lvl >= DEBUG_CONNECTIONS) { + ifdebug(CONNECTIONS) { hostname = sockaddr2hostname((sockaddr_t *) aip->ai_addr); - syslog(LOG_NOTICE, _("Listening on %s"), hostname); + logger(LOG_NOTICE, _("Listening on %s"), hostname); free(hostname); } @@ -506,9 +514,9 @@ int setup_myself(void) freeaddrinfo(ai); if(listen_sockets) - syslog(LOG_NOTICE, _("Ready")); + logger(LOG_NOTICE, _("Ready")); else { - syslog(LOG_ERR, _("Unable to create any listening socket!")); + logger(LOG_ERR, _("Unable to create any listening socket!")); return -1; } @@ -520,7 +528,7 @@ int setup_myself(void) */ int setup_network_connections(void) { - char *envp[4]; + char *envp[5]; int i; cp(); @@ -544,20 +552,21 @@ int setup_network_connections(void) if(setup_device() < 0) return -1; + if(setup_myself() < 0) + return -1; + /* Run tinc-up script to further initialize the tap interface */ asprintf(&envp[0], "NETNAME=%s", netname ? : ""); asprintf(&envp[1], "DEVICE=%s", device ? : ""); asprintf(&envp[2], "INTERFACE=%s", interface ? : ""); - envp[3] = NULL; + asprintf(&envp[3], "NAME=%s", myself->name); + envp[4] = NULL; execute_script("tinc-up", envp); - for(i = 0; i < 4; i++) + for(i = 0; i < 5; i++) free(envp[i]); - if(setup_myself() < 0) - return -1; - try_outgoing_connections(); return 0; @@ -570,7 +579,7 @@ void close_network_connections(void) { avl_node_t *node, *next; connection_t *c; - char *envp[4]; + char *envp[5]; int i; cp(); @@ -602,7 +611,8 @@ void close_network_connections(void) asprintf(&envp[0], "NETNAME=%s", netname ? : ""); asprintf(&envp[1], "DEVICE=%s", device ? : ""); asprintf(&envp[2], "INTERFACE=%s", interface ? : ""); - envp[3] = NULL; + asprintf(&envp[3], "NAME=%s", myself->name); + envp[4] = NULL; execute_script("tinc-down", envp);