gvpe/src/conf.C

/*
    conf.c -- configuration code
    Copyright (C) 2003-2008 Marc Lehmann <gvpe@schmorp.de>
 
    This file is part of GVPE.

    GVPE is free software; you can redistribute it and/or modify it
    under the terms of the GNU General Public License as published by the
    Free Software Foundation; either version 3 of the License, or (at your
    option) any later version.
   
    This program is distributed in the hope that it will be useful, but
    WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General
    Public License for more details.
   
    You should have received a copy of the GNU General Public License along
    with this program; if not, see <http://www.gnu.org/licenses/>.
   
    Additional permission under GNU GPL version 3 section 7
   
    If you modify this Program, or any covered work, by linking or
    combining it with the OpenSSL project's OpenSSL library (or a modified
    version of that library), containing parts covered by the terms of the
    OpenSSL or SSLeay licenses, the licensors of this Program grant you
    additional permission to convey the resulting work.  Corresponding
    Source for a non-source form of such a combination shall include the
    source code for the parts of OpenSSL used as well as that of the
    covered work.
*/

#include "config.h"

#include <cstdio>
#include <cstdlib>
#include <cstring>

#include <errno.h>
#include <netdb.h>
#include <sys/stat.h>
#include <sys/types.h>
#include <unistd.h>

#include "netcompat.h"

#include <openssl/err.h>
#include <openssl/pem.h>
#include <openssl/rsa.h>
#include <openssl/rand.h>
#include <openssl/bn.h>

#include "conf.h"
#include "slog.h"
#include "util.h"

char *confbase;
char *thisnode;
char *identname;

struct configuration conf;

u8 best_protocol (u8 protset)
{
  if (protset & PROT_IPv4  ) return PROT_IPv4;
  if (protset & PROT_ICMPv4) return PROT_ICMPv4;
  if (protset & PROT_UDPv4 ) return PROT_UDPv4;
  if (protset & PROT_TCPv4 ) return PROT_TCPv4;
  if (protset & PROT_DNSv4 ) return PROT_DNSv4;

  return 0;
}

const char *strprotocol (u8 protocol)
{
  if (protocol & PROT_IPv4  ) return "rawip";
  if (protocol & PROT_ICMPv4) return "icmp";
  if (protocol & PROT_UDPv4 ) return "udp";
  if (protocol & PROT_TCPv4 ) return "tcp";
  if (protocol & PROT_DNSv4 ) return "dns";

  return "<unknown>";
}

static bool
match_list (const vector<const char *> &list, const char *str)
{
   for (vector<const char *>::const_iterator i = list.end (); i-- > list.begin (); )
     if ((*i)[0] == '*' && !(*i)[1])
       return true;
     else if (!strcmp (*i, str))
       return true;

   return false;
}

bool
conf_node::may_direct (struct conf_node *other)
{
  if (match_list (allow_direct, other->nodename))
    return true;

  if (match_list (deny_direct, other->nodename))
    return false;

  return true;
}

void
conf_node::print ()
{
  printf ("%4d  fe:fd:80:00:0%1x:%02x  %c  %-8.8s  %-10.10s  %s%s%d\n",
          id,
          id >> 8, id & 0xff,
          compress ? 'Y' : 'N',
          connectmode   == C_ONDEMAND ? "ondemand"
          : connectmode == C_NEVER    ? "never"
          : connectmode == C_ALWAYS   ? "always"
          : connectmode == C_DISABLED ? "disabled"
          :                             "",
          nodename,
          hostname ? hostname : "",
          hostname ? ":" : "",
          hostname ? udp_port : 0
          );
}

conf_node::~conf_node ()
{
#if 0
  // does not work, because string pointers etc. are shared
  // is not called, however
  if (rsa_key)
    RSA_free (rsa_key);

  free (nodename);
  free (hostname);
  free (if_up_data);
#if ENABLE_DNS
  free (domain);
  free (dns_hostname);
#endif
#endif
}

void configuration::init ()
{
  memset (this, 0, sizeof (*this));

  mtu       = DEFAULT_MTU;
  nfmark    = 0;
  rekey     = DEFAULT_REKEY;
  keepalive = DEFAULT_KEEPALIVE;
  llevel    = L_INFO;
  ip_proto  = IPPROTO_GRE;
#if ENABLE_ICMP
  icmp_type = ICMP_ECHOREPLY;
#endif

  default_node.udp_port    = DEFAULT_UDPPORT;
  default_node.tcp_port    = DEFAULT_UDPPORT; // ehrm
  default_node.connectmode = conf_node::C_ALWAYS;
  default_node.compress    = true;
  default_node.protocols   = 0;
  default_node.max_retry   = DEFAULT_MAX_RETRY;
  default_node.max_ttl     = DEFAULT_MAX_TTL;
  default_node.max_queue   = DEFAULT_MAX_QUEUE;
  default_node.if_up_data  = strdup ("");

#if ENABLE_DNS
  default_node.dns_port    = 0; // default is 0 == client

  dns_forw_host       = strdup ("127.0.0.1");
  dns_forw_port       = 53;
  dns_timeout_factor  = DEFAULT_DNS_TIMEOUT_FACTOR;
  dns_send_interval   = DEFAULT_DNS_SEND_INTERVAL;
  dns_overlap_factor  = DEFAULT_DNS_OVERLAP_FACTOR;
  dns_max_outstanding = DEFAULT_DNS_MAX_OUTSTANDING;
#endif

  conf.pidfilename = strdup (LOCALSTATEDIR "/run/gvpe.pid");
}

void configuration::cleanup()
{
  if (rsa_key)
    RSA_free (rsa_key);

  rsa_key = 0;

  free (pidfilename);   pidfilename   = 0;
  free (ifname);        ifname        = 0;
#if ENABLE_HTTP_PROXY
  free (proxy_host);    proxy_host    = 0;
  free (proxy_auth);    proxy_auth    = 0;
#endif
#if ENABLE_DNS
  free (dns_forw_host); dns_forw_host = 0;
#endif
}

void
configuration::clear ()
{
  for (configuration::node_vector::iterator i = nodes.begin(); i != nodes.end(); ++i)
    delete *i;

  nodes.clear ();

  cleanup ();
  init ();
}

#define parse_bool(target,name,trueval,falseval) do {           \
  if      (!strcmp (val, "yes"))        target = trueval;       \
  else if (!strcmp (val, "no"))         target = falseval;      \
  else if (!strcmp (val, "true"))       target = trueval;       \
  else if (!strcmp (val, "false"))      target = falseval;      \
  else if (!strcmp (val, "on"))         target = trueval;       \
  else if (!strcmp (val, "off"))        target = falseval;      \
  else                                                          \
    return _("illegal boolean value, only 'yes|true|on' or 'no|false|off' allowed. (ignored)"); \
} while (0)

const char *
configuration_parser::parse_line (char *line)
{
  {
    char *end = line + strlen (line);

    while (*end < ' ' && end >= line)
      end--;

    *++end = 0;
  }

  char *tok = line;
  const char *var = strtok (tok, "\t =");
  tok = 0;

  if (!var || !var[0])
    return 0;           /* no tokens on this line */

  if (var[0] == '#')
    return 0;           /* comment: ignore */

  char *val = strtok (NULL, "\t\n\r =");

  if (!val || val[0] == '#')
    return _("no value given for variable. (ignored)");

  if (!strcmp (var, "on"))
    {
      if (!::thisnode
          || (val[0] == '!' && strcmp (val + 1, ::thisnode))
          || !strcmp (val, ::thisnode))
        return parse_line (strtok (NULL, "\n\r"));
      else
        return 0;
    }

  // truly global
  if (!strcmp (var, "loglevel"))
    {
      loglevel l = string_to_loglevel (val);

      if (l == L_NONE)
        return _("unknown loglevel. (skipping)");
    }
  else if (!strcmp (var, "ip-proto"))
    conf.ip_proto = atoi (val);
  else if (!strcmp (var, "icmp-type"))
    {
#if ENABLE_ICMP
      conf.icmp_type = atoi (val);
#endif
    }

  // per config
  else if (!strcmp (var, "node"))
    {
      parse_argv ();

      conf.default_node.id++;
      node = new conf_node (conf.default_node);
      conf.nodes.push_back (node);
      node->nodename = strdup (val);

      {
        char *fname;
        FILE *f;

        asprintf (&fname, "%s/pubkey/%s", confbase, node->nodename);

        f = fopen (fname, "r");
        if (f)
          {
            node->rsa_key = RSA_new ();

            if (!PEM_read_RSAPublicKey(f, &node->rsa_key, NULL, NULL))
              {
                ERR_load_RSA_strings (); ERR_load_PEM_strings ();
                slog (L_ERR, _("unable to open public rsa key file '%s': %s"), fname, ERR_error_string (ERR_get_error (), 0));
                exit (EXIT_FAILURE);
              }

            require (RSA_blinding_on (node->rsa_key, 0));

            fclose (f);
          }
        else
          {
            slog (need_keys ? L_ERR : L_NOTICE, _("unable to read public rsa key file '%s': %s"), fname, strerror (errno));

            if (need_keys)
              exit (EXIT_FAILURE);
          }

        free (fname);
      }

      if (::thisnode && !strcmp (node->nodename, ::thisnode))
        conf.thisnode = node;
    }
  else if (!strcmp (var, "private-key"))
    free (conf.prikeyfile), conf.prikeyfile = strdup (val);
  else if (!strcmp (var, "ifpersist"))
    parse_bool (conf.ifpersist, "ifpersist", true, false);
  else if (!strcmp (var, "ifname"))
    free (conf.ifname), conf.ifname = strdup (val);
  else if (!strcmp (var, "rekey"))
    conf.rekey = atoi (val);
  else if (!strcmp (var, "keepalive"))
    conf.keepalive = atoi (val);
  else if (!strcmp (var, "mtu"))
    conf.mtu = atoi (val);
  else if (!strcmp (var, "nfmark"))
    conf.nfmark = atoi (val);
  else if (!strcmp (var, "if-up"))
    free (conf.script_if_up), conf.script_if_up = strdup (val);
  else if (!strcmp (var, "node-up"))
    free (conf.script_node_up), conf.script_node_up = strdup (val);
  else if (!strcmp (var, "node-down"))
    free (conf.script_node_down), conf.script_node_down = strdup (val);
  else if (!strcmp (var, "pid-file"))
    free (conf.pidfilename), conf.pidfilename = strdup (val);
  else if (!strcmp (var, "dns-forw-host"))
    {
#if ENABLE_DNS
      free (conf.dns_forw_host), conf.dns_forw_host = strdup (val);
#endif
    }
  else if (!strcmp (var, "dns-forw-port"))
    {
#if ENABLE_DNS
      conf.dns_forw_port = atoi (val);
#endif
    }
  else if (!strcmp (var, "dns-timeout-factor"))
    {
#if ENABLE_DNS
      conf.dns_timeout_factor = atof (val);
#endif
    }
  else if (!strcmp (var, "dns-send-interval"))
    {
#if ENABLE_DNS
      conf.dns_send_interval = atoi (val);
#endif
    }
  else if (!strcmp (var, "dns-overlap-factor"))
    {
#if ENABLE_DNS
      conf.dns_overlap_factor = atof (val);
#endif
    }
  else if (!strcmp (var, "dns-max-outstanding"))
    {
#if ENABLE_DNS
      conf.dns_max_outstanding = atoi (val);
#endif
    }
  else if (!strcmp (var, "http-proxy-host"))
    {
#if ENABLE_HTTP_PROXY
      free (conf.proxy_host), conf.proxy_host = strdup (val);
#endif
    }
  else if (!strcmp (var, "http-proxy-port"))
    {
#if ENABLE_HTTP_PROXY
      conf.proxy_port = atoi (val);
#endif
    }
  else if (!strcmp (var, "http-proxy-auth"))
    {
#if ENABLE_HTTP_PROXY
      conf.proxy_auth = (char *)base64_encode ((const u8 *)val, strlen (val));
#endif
    }

  /* node-specific, non-defaultable */
  else if (node != &conf.default_node && !strcmp (var, "hostname"))
    free (node->hostname), node->hostname = strdup (val);

  /* node-specific, defaultable */
  else if (!strcmp (var, "udp-port"))
    node->udp_port = atoi (val);
  else if (!strcmp (var, "tcp-port"))
    node->tcp_port = atoi (val);
  else if (!strcmp (var, "dns-hostname"))
    {
#if ENABLE_DNS
      free (node->dns_hostname), node->dns_hostname = strdup (val);
#endif
    }
  else if (!strcmp (var, "dns-port"))
    {
#if ENABLE_DNS
      node->dns_port = atoi (val);
#endif
    }
  else if (!strcmp (var, "dns-domain"))
    {
#if ENABLE_DNS
      free (node->domain), node->domain = strdup (val);
#endif
    }
  else if (!strcmp (var, "if-up-data"))
    free (node->if_up_data), node->if_up_data = strdup (val);
  else if (!strcmp (var, "router-priority"))
    node->routerprio = atoi (val);
  else if (!strcmp (var, "max-retry"))
    node->max_retry = atoi (val);
  else if (!strcmp (var, "connect"))
    {
      if (!strcmp (val, "ondemand"))
        node->connectmode = conf_node::C_ONDEMAND;
      else if (!strcmp (val, "never"))
        node->connectmode = conf_node::C_NEVER;
      else if (!strcmp (val, "always"))
        node->connectmode = conf_node::C_ALWAYS;
      else if (!strcmp (val, "disabled"))
        node->connectmode = conf_node::C_DISABLED;
      else
        return _("illegal value for 'connectmode', use one of 'ondemand', 'never', 'always' or 'disabled'. (ignored)");
    }
  else if (!strcmp (var, "inherit-tos"))
    parse_bool (node->inherit_tos, "inherit-tos", true, false);
  else if (!strcmp (var, "compress"))
    parse_bool (node->compress, "compress", true, false);
  // all these bool options really really cost a lot of executable size!
  else if (!strcmp (var, "enable-tcp"))
    {
#if ENABLE_TCP
      u8 v; parse_bool (v, "enable-tcp" , PROT_TCPv4, 0); node->protocols = (node->protocols & ~PROT_TCPv4) | v;
#endif
    }
  else if (!strcmp (var, "enable-icmp"))
    {
#if ENABLE_ICMP
      u8 v; parse_bool (v, "enable-icmp" , PROT_ICMPv4, 0); node->protocols = (node->protocols & ~PROT_ICMPv4) | v;
#endif
    }
  else if (!strcmp (var, "enable-dns"))
    {
#if ENABLE_DNS
      u8 v; parse_bool (v, "enable-dns" , PROT_DNSv4, 0); node->protocols = (node->protocols & ~PROT_DNSv4) | v;
#endif
    }
  else if (!strcmp (var, "enable-udp"))
    {
      u8 v; parse_bool (v, "enable-udp" , PROT_UDPv4, 0); node->protocols = (node->protocols & ~PROT_UDPv4) | v;
    }
  else if (!strcmp (var, "enable-rawip"))
    {
      u8 v; parse_bool (v, "enable-rawip", PROT_IPv4, 0); node->protocols = (node->protocols & ~PROT_IPv4 ) | v;
    }
  else if (!strcmp (var, "allow-direct"))
    node->allow_direct.push_back (strdup (val));
  else if (!strcmp (var, "deny-direct"))
    node->deny_direct.push_back (strdup (val));
  else if (!strcmp (var, "max-ttl"))
    node->max_ttl = atof (val);
  else if (!strcmp (var, "max-queue"))
    node->max_queue = atoi (val);

  // unknown or misplaced
  else
    return _("unknown configuration directive. (ignored)");

  return 0;
}

void conf_node::finalise ()
{
  if (max_queue < 1)
    {
      slog (L_WARN, _("%s: max-queue value invalid, setting it to 1."), nodename);
      max_queue = 1;
    }

  if (routerprio > 1 && (connectmode != C_ALWAYS && connectmode != C_DISABLED))
    {
      //slog (L_WARN, _("%s: has non-zero router-priority but either 'never' or 'ondemand' as connectmode, setting it to 'always'."), nodename);
      connectmode = C_ALWAYS;
    }
}

void configuration_parser::parse_argv ()
{
  for (int i = 0; i < argc; ++i)
    {
      char *v = argv [i];

      if (!*v)
        continue;

      char *enode = v;

      while (*enode != '.' && *enode > ' ' && *enode != '=' && *enode)
        enode++;

      if (*enode != '.')
        enode = 0;

      char *wnode = node == &conf.default_node
                    ? 0
                    : node->nodename;

      if ((!wnode && !enode)
          || (wnode && enode && !strncmp (wnode, v, enode - v)))
        {
          const char *warn = parse_line (enode ? enode + 1 : v);

          if (warn)
            slog (L_WARN, _("%s, while parsing command line option '%s'."), warn, v);

          *v = 0;
        }
    }
}

configuration_parser::configuration_parser (configuration &conf,
                                            bool need_keys,
                                            int argc,
                                            char **argv)
: conf (conf),need_keys (need_keys), argc (argc), argv (argv)
{
  char *fname;
  FILE *f;

  conf.clear ();

  asprintf (&fname, "%s/gvpe.conf", confbase);
  f = fopen (fname, "r");

  if (f)
    {
      char line[16384];
      int lineno = 0;
      node = &conf.default_node;

      while (fgets (line, sizeof (line), f))
        {
          lineno++;

          const char *warn = parse_line (line);

          if (warn)
            slog (L_WARN, _("%s, at '%s', line %d."), warn, fname, lineno);
        }

      fclose (f);

      parse_argv ();
    }
  else
    {
      slog (L_ERR, _("unable to read config file '%s': %s"), fname, strerror (errno));
      exit (EXIT_FAILURE);
    }

  free (fname);

  fname = conf.config_filename (conf.prikeyfile, "hostkey");

  f = fopen (fname, "r");
  if (f)
    {
      conf.rsa_key = RSA_new ();

      if (!PEM_read_RSAPrivateKey (f, &conf.rsa_key, NULL, NULL))
        {
          ERR_load_RSA_strings (); ERR_load_PEM_strings ();
          slog (L_ERR, _("unable to read private rsa key file '%s': %s"), fname, ERR_error_string (ERR_get_error (), 0));
          exit (EXIT_FAILURE);
        }

      require (RSA_blinding_on (conf.rsa_key, 0));

      fclose (f);
    }
  else
    {
      slog (need_keys ? L_ERR : L_NOTICE, _("unable to open private rsa key file '%s': %s"), fname, strerror (errno));

      if (need_keys)
        exit (EXIT_FAILURE);
    }

  if (need_keys && ::thisnode
      && conf.rsa_key && conf.thisnode && conf.thisnode->rsa_key)
    if (BN_cmp (conf.rsa_key->n, conf.thisnode->rsa_key->n) != 0
        || BN_cmp (conf.rsa_key->e, conf.thisnode->rsa_key->e) != 0)
      {
        slog (L_NOTICE, _("private hostkey and public node key mismatch: is '%s' the correct node?"), ::thisnode);
        exit (EXIT_FAILURE);
      }

  free (fname);

  for (configuration::node_vector::iterator i = conf.nodes.begin(); i != conf.nodes.end(); ++i)
    (*i)->finalise ();
}

char *configuration::config_filename (const char *name, const char *dflt)
{
  char *fname;

  asprintf (&fname, name ? name : dflt, ::thisnode);

  if (!ABSOLUTE_PATH (fname))
    {
      char *rname = fname;
      asprintf (&fname, "%s/%s", confbase, rname);
      free (rname);
    }

  return fname;
}

void
configuration::print ()
{
  printf (_("\nConfiguration\n\n"));
  printf (_("# of nodes:         %d\n"), nodes.size ());
  printf (_("this node:          %s\n"), thisnode ? thisnode->nodename : "<unset>");
  printf (_("MTU:                %d\n"), mtu);
  printf (_("rekeying interval:  %d\n"), rekey);
  printf (_("keepalive interval: %d\n"), keepalive);
  printf (_("interface:          %s\n"), ifname);
  printf (_("primary rsa key:    %s\n"), prikeyfile ? prikeyfile : "<default>");
  printf (_("rsa key size:       %d\n"), rsa_key ? RSA_size (rsa_key) * 8 : -1);
  printf ("\n");

  printf ("%4s  %-17s %s %-8.8s  %-10.10s  %s\n",
          _("ID#"), _("MAC"), _("Com"), _("Conmode"), _("Node"), _("Host:Port"));

  for (node_vector::iterator i = nodes.begin (); i != nodes.end (); ++i)
    (*i)->print ();

  printf ("\n");
}

configuration::configuration ()
{
  asprintf (&confbase, "%s/gvpe", CONFDIR);

  init ();
}

configuration::~configuration ()
{
  cleanup ();
}


Revision:	1.50
Committed:	Mon Mar 23 15:22:00 2009 UTC (15 years, 2 months ago) by pcg
Content type:	text/plain
Branch:	MAIN
Changes since 1.49:	+3 -0 lines
Log Message:	* empty log message *
#	User	Rev	Content
1	pcg	1.1	/*
2			conf.c -- configuration code
3	pcg	1.44	Copyright (C) 2003-2008 Marc Lehmann <gvpe@schmorp.de>
4	pcg	1.1
5	pcg	1.31	This file is part of GVPE.
6
7	pcg	1.44	GVPE is free software; you can redistribute it and/or modify it
8			under the terms of the GNU General Public License as published by the
9			Free Software Foundation; either version 3 of the License, or (at your
10			option) any later version.
11
12			This program is distributed in the hope that it will be useful, but
13			WITHOUT ANY WARRANTY; without even the implied warranty of
14			MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General
15			Public License for more details.
16
17			You should have received a copy of the GNU General Public License along
18			with this program; if not, see <http://www.gnu.org/licenses/>.
19
20			Additional permission under GNU GPL version 3 section 7
21
22			If you modify this Program, or any covered work, by linking or
23			combining it with the OpenSSL project's OpenSSL library (or a modified
24			version of that library), containing parts covered by the terms of the
25			OpenSSL or SSLeay licenses, the licensors of this Program grant you
26			additional permission to convey the resulting work. Corresponding
27			Source for a non-source form of such a combination shall include the
28			source code for the parts of OpenSSL used as well as that of the
29			covered work.
30	pcg	1.1	*/
31
32			#include "config.h"
33
34			#include <cstdio>
35			#include <cstdlib>
36			#include <cstring>
37
38			#include <errno.h>
39			#include <netdb.h>
40			#include <sys/stat.h>
41			#include <sys/types.h>
42			#include <unistd.h>
43
44	pcg	1.17	#include "netcompat.h"
45	pcg	1.5
46	pcg	1.1	#include <openssl/err.h>
47			#include <openssl/pem.h>
48			#include <openssl/rsa.h>
49			#include <openssl/rand.h>
50	pcg	1.22	#include <openssl/bn.h>
51	pcg	1.1
52			#include "conf.h"
53			#include "slog.h"
54			#include "util.h"
55
56			char *confbase;
57			char *thisnode;
58			char *identname;
59
60			struct configuration conf;
61
62	pcg	1.7	u8 best_protocol (u8 protset)
63			{
64	pcg	1.13	if (protset & PROT_IPv4 ) return PROT_IPv4;
65			if (protset & PROT_ICMPv4) return PROT_ICMPv4;
66			if (protset & PROT_UDPv4 ) return PROT_UDPv4;
67			if (protset & PROT_TCPv4 ) return PROT_TCPv4;
68	pcg	1.24	if (protset & PROT_DNSv4 ) return PROT_DNSv4;
69	pcg	1.7
70	pcg	1.9	return 0;
71	pcg	1.7	}
72
73			const char *strprotocol (u8 protocol)
74			{
75	pcg	1.13	if (protocol & PROT_IPv4 ) return "rawip";
76			if (protocol & PROT_ICMPv4) return "icmp";
77			if (protocol & PROT_UDPv4 ) return "udp";
78			if (protocol & PROT_TCPv4 ) return "tcp";
79	pcg	1.24	if (protocol & PROT_DNSv4 ) return "dns";
80	pcg	1.7
81			return "<unknown>";
82			}
83
84	pcg	1.42	static bool
85			match_list (const vector<const char > &list, const char str)
86			{
87			for (vector<const char *>::const_iterator i = list.end (); i-- > list.begin (); )
88			if ((i)[0] == '' && !(*i)[1])
89			return true;
90			else if (!strcmp (*i, str))
91			return true;
92
93			return false;
94			}
95
96			bool
97	pcg	1.46	conf_node::may_direct (struct conf_node *other)
98	pcg	1.42	{
99			if (match_list (allow_direct, other->nodename))
100			return true;
101
102			if (match_list (deny_direct, other->nodename))
103			return false;
104
105			return true;
106			}
107
108	pcg	1.12	void
109			conf_node::print ()
110	pcg	1.1	{
111	pcg	1.12	printf ("%4d fe:fd:80:00:0%1x:%02x %c %-8.8s %-10.10s %s%s%d\n",
112			id,
113			id >> 8, id & 0xff,
114			compress ? 'Y' : 'N',
115	pcg	1.46	connectmode == C_ONDEMAND ? "ondemand"
116			: connectmode == C_NEVER ? "never"
117			: connectmode == C_ALWAYS ? "always"
118			: connectmode == C_DISABLED ? "disabled"
119			: "",
120	pcg	1.12	nodename,
121			hostname ? hostname : "",
122			hostname ? ":" : "",
123			hostname ? udp_port : 0
124			);
125	pcg	1.1	}
126
127	pcg	1.12	conf_node::~conf_node ()
128	pcg	1.1	{
129	pcg	1.39	#if 0
130			// does not work, because string pointers etc. are shared
131			// is not called, however
132	pcg	1.12	if (rsa_key)
133			RSA_free (rsa_key);
134
135			free (nodename);
136			free (hostname);
137	pcg	1.39	free (if_up_data);
138	pcg	1.30	#if ENABLE_DNS
139	pcg	1.28	free (domain);
140	pcg	1.30	free (dns_hostname);
141			#endif
142	pcg	1.39	#endif
143	pcg	1.1	}
144
145			void configuration::init ()
146			{
147			memset (this, 0, sizeof (*this));
148
149	pcg	1.19	mtu = DEFAULT_MTU;
150	pcg	1.50	nfmark = 0;
151	pcg	1.1	rekey = DEFAULT_REKEY;
152			keepalive = DEFAULT_KEEPALIVE;
153	pcg	1.2	llevel = L_INFO;
154	pcg	1.5	ip_proto = IPPROTO_GRE;
155	pcg	1.16	#if ENABLE_ICMP
156	pcg	1.13	icmp_type = ICMP_ECHOREPLY;
157	pcg	1.16	#endif
158	pcg	1.1
159	pcg	1.5	default_node.udp_port = DEFAULT_UDPPORT;
160	pcg	1.24	default_node.tcp_port = DEFAULT_UDPPORT; // ehrm
161	pcg	1.1	default_node.connectmode = conf_node::C_ALWAYS;
162			default_node.compress = true;
163	pcg	1.29	default_node.protocols = 0;
164	pcg	1.27	default_node.max_retry = DEFAULT_MAX_RETRY;
165	pcg	1.43	default_node.max_ttl = DEFAULT_MAX_TTL;
166			default_node.max_queue = DEFAULT_MAX_QUEUE;
167	pcg	1.39	default_node.if_up_data = strdup ("");
168	pcg	1.25
169	pcg	1.30	#if ENABLE_DNS
170	pcg	1.32	default_node.dns_port = 0; // default is 0 == client
171	pcg	1.38
172			dns_forw_host = strdup ("127.0.0.1");
173			dns_forw_port = 53;
174			dns_timeout_factor = DEFAULT_DNS_TIMEOUT_FACTOR;
175			dns_send_interval = DEFAULT_DNS_SEND_INTERVAL;
176			dns_overlap_factor = DEFAULT_DNS_OVERLAP_FACTOR;
177			dns_max_outstanding = DEFAULT_DNS_MAX_OUTSTANDING;
178	pcg	1.30	#endif
179
180	pcg	1.27	conf.pidfilename = strdup (LOCALSTATEDIR "/run/gvpe.pid");
181	pcg	1.1	}
182
183			void configuration::cleanup()
184			{
185			if (rsa_key)
186			RSA_free (rsa_key);
187
188	pcg	1.12	rsa_key = 0;
189	pcg	1.1
190	pcg	1.28	free (pidfilename); pidfilename = 0;
191			free (ifname); ifname = 0;
192	pcg	1.12	#if ENABLE_HTTP_PROXY
193	pcg	1.28	free (proxy_host); proxy_host = 0;
194			free (proxy_auth); proxy_auth = 0;
195			#endif
196			#if ENABLE_DNS
197			free (dns_forw_host); dns_forw_host = 0;
198	pcg	1.12	#endif
199	pcg	1.1	}
200
201			void
202	pcg	1.40	configuration::clear ()
203	pcg	1.1	{
204			for (configuration::node_vector::iterator i = nodes.begin(); i != nodes.end(); ++i)
205			delete *i;
206
207			nodes.clear ();
208
209			cleanup ();
210			init ();
211			}
212
213	pcg	1.37	#define parse_bool(target,name,trueval,falseval) do { \
214			if (!strcmp (val, "yes")) target = trueval; \
215	pcg	1.5	else if (!strcmp (val, "no")) target = falseval; \
216			else if (!strcmp (val, "true")) target = trueval; \
217			else if (!strcmp (val, "false")) target = falseval; \
218			else if (!strcmp (val, "on")) target = trueval; \
219			else if (!strcmp (val, "off")) target = falseval; \
220			else \
221	pcg	1.40	return _("illegal boolean value, only 'yes\|true\|on' or 'no\|false\|off' allowed. (ignored)"); \
222	pcg	1.37	} while (0)
223	pcg	1.5
224	pcg	1.40	const char *
225			configuration_parser::parse_line (char *line)
226	pcg	1.1	{
227	pcg	1.40	{
228			char *end = line + strlen (line);
229
230			while (*end < ' ' && end >= line)
231			end--;
232	pcg	1.1
233	pcg	1.40	*++end = 0;
234			}
235	pcg	1.1
236	pcg	1.40	char *tok = line;
237			const char *var = strtok (tok, "\t =");
238			tok = 0;
239	pcg	1.1
240	pcg	1.40	if (!var \|\| !var[0])
241			return 0; /* no tokens on this line */
242	pcg	1.1
243	pcg	1.40	if (var[0] == '#')
244			return 0; /* comment: ignore */
245	pcg	1.1
246	pcg	1.40	char *val = strtok (NULL, "\t\n\r =");
247	pcg	1.1
248	pcg	1.40	if (!val \|\| val[0] == '#')
249			return _("no value given for variable. (ignored)");
250	pcg	1.1
251	pcg	1.40	if (!strcmp (var, "on"))
252			{
253			if (!::thisnode
254			\|\| (val[0] == '!' && strcmp (val + 1, ::thisnode))
255			\|\| !strcmp (val, ::thisnode))
256			return parse_line (strtok (NULL, "\n\r"));
257			else
258			return 0;
259			}
260	pcg	1.1
261	pcg	1.40	// truly global
262			if (!strcmp (var, "loglevel"))
263			{
264			loglevel l = string_to_loglevel (val);
265	pcg	1.1
266	pcg	1.40	if (l == L_NONE)
267			return _("unknown loglevel. (skipping)");
268			}
269			else if (!strcmp (var, "ip-proto"))
270			conf.ip_proto = atoi (val);
271			else if (!strcmp (var, "icmp-type"))
272			{
273	pcg	1.16	#if ENABLE_ICMP
274	pcg	1.40	conf.icmp_type = atoi (val);
275	pcg	1.16	#endif
276	pcg	1.40	}
277	pcg	1.1
278	pcg	1.40	// per config
279			else if (!strcmp (var, "node"))
280			{
281			parse_argv ();
282	pcg	1.1
283	pcg	1.40	conf.default_node.id++;
284			node = new conf_node (conf.default_node);
285			conf.nodes.push_back (node);
286			node->nodename = strdup (val);
287	pcg	1.1
288	pcg	1.40	{
289			char *fname;
290			FILE *f;
291
292			asprintf (&fname, "%s/pubkey/%s", confbase, node->nodename);
293	pcg	1.1
294	pcg	1.40	f = fopen (fname, "r");
295			if (f)
296			{
297			node->rsa_key = RSA_new ();
298	pcg	1.1
299	pcg	1.40	if (!PEM_read_RSAPublicKey(f, &node->rsa_key, NULL, NULL))
300	pcg	1.1	{
301	pcg	1.40	ERR_load_RSA_strings (); ERR_load_PEM_strings ();
302			slog (L_ERR, _("unable to open public rsa key file '%s': %s"), fname, ERR_error_string (ERR_get_error (), 0));
303			exit (EXIT_FAILURE);
304			}
305
306			require (RSA_blinding_on (node->rsa_key, 0));
307	pcg	1.1
308	pcg	1.40	fclose (f);
309			}
310			else
311			{
312			slog (need_keys ? L_ERR : L_NOTICE, _("unable to read public rsa key file '%s': %s"), fname, strerror (errno));
313	pcg	1.1
314	pcg	1.40	if (need_keys)
315			exit (EXIT_FAILURE);
316			}
317	pcg	1.1
318	pcg	1.40	free (fname);
319			}
320	pcg	1.1
321	pcg	1.40	if (::thisnode && !strcmp (node->nodename, ::thisnode))
322			conf.thisnode = node;
323			}
324			else if (!strcmp (var, "private-key"))
325			free (conf.prikeyfile), conf.prikeyfile = strdup (val);
326			else if (!strcmp (var, "ifpersist"))
327			parse_bool (conf.ifpersist, "ifpersist", true, false);
328			else if (!strcmp (var, "ifname"))
329			free (conf.ifname), conf.ifname = strdup (val);
330			else if (!strcmp (var, "rekey"))
331			conf.rekey = atoi (val);
332			else if (!strcmp (var, "keepalive"))
333			conf.keepalive = atoi (val);
334			else if (!strcmp (var, "mtu"))
335			conf.mtu = atoi (val);
336	pcg	1.50	else if (!strcmp (var, "nfmark"))
337			conf.nfmark = atoi (val);
338	pcg	1.40	else if (!strcmp (var, "if-up"))
339			free (conf.script_if_up), conf.script_if_up = strdup (val);
340			else if (!strcmp (var, "node-up"))
341			free (conf.script_node_up), conf.script_node_up = strdup (val);
342			else if (!strcmp (var, "node-down"))
343			free (conf.script_node_down), conf.script_node_down = strdup (val);
344			else if (!strcmp (var, "pid-file"))
345			free (conf.pidfilename), conf.pidfilename = strdup (val);
346			else if (!strcmp (var, "dns-forw-host"))
347			{
348	pcg	1.30	#if ENABLE_DNS
349	pcg	1.40	free (conf.dns_forw_host), conf.dns_forw_host = strdup (val);
350	pcg	1.34	#endif
351	pcg	1.40	}
352			else if (!strcmp (var, "dns-forw-port"))
353			{
354	pcg	1.34	#if ENABLE_DNS
355	pcg	1.40	conf.dns_forw_port = atoi (val);
356	pcg	1.28	#endif
357	pcg	1.40	}
358			else if (!strcmp (var, "dns-timeout-factor"))
359			{
360	pcg	1.38	#if ENABLE_DNS
361	pcg	1.40	conf.dns_timeout_factor = atof (val);
362	pcg	1.38	#endif
363	pcg	1.40	}
364			else if (!strcmp (var, "dns-send-interval"))
365			{
366	pcg	1.38	#if ENABLE_DNS
367	pcg	1.40	conf.dns_send_interval = atoi (val);
368	pcg	1.38	#endif
369	pcg	1.40	}
370			else if (!strcmp (var, "dns-overlap-factor"))
371			{
372	pcg	1.38	#if ENABLE_DNS
373	pcg	1.40	conf.dns_overlap_factor = atof (val);
374	pcg	1.38	#endif
375	pcg	1.40	}
376			else if (!strcmp (var, "dns-max-outstanding"))
377			{
378	pcg	1.38	#if ENABLE_DNS
379	pcg	1.40	conf.dns_max_outstanding = atoi (val);
380	pcg	1.38	#endif
381	pcg	1.40	}
382			else if (!strcmp (var, "http-proxy-host"))
383			{
384	pcg	1.12	#if ENABLE_HTTP_PROXY
385	pcg	1.40	free (conf.proxy_host), conf.proxy_host = strdup (val);
386	pcg	1.20	#endif
387	pcg	1.40	}
388			else if (!strcmp (var, "http-proxy-port"))
389			{
390	pcg	1.20	#if ENABLE_HTTP_PROXY
391	pcg	1.40	conf.proxy_port = atoi (val);
392	pcg	1.20	#endif
393	pcg	1.40	}
394			else if (!strcmp (var, "http-proxy-auth"))
395			{
396	pcg	1.20	#if ENABLE_HTTP_PROXY
397	pcg	1.40	conf.proxy_auth = (char )base64_encode ((const u8 )val, strlen (val));
398	pcg	1.12	#endif
399	pcg	1.40	}
400	pcg	1.1
401	pcg	1.40	/* node-specific, non-defaultable */
402			else if (node != &conf.default_node && !strcmp (var, "hostname"))
403			free (node->hostname), node->hostname = strdup (val);
404
405			/* node-specific, defaultable */
406			else if (!strcmp (var, "udp-port"))
407			node->udp_port = atoi (val);
408			else if (!strcmp (var, "tcp-port"))
409			node->tcp_port = atoi (val);
410			else if (!strcmp (var, "dns-hostname"))
411			{
412	pcg	1.30	#if ENABLE_DNS
413	pcg	1.40	free (node->dns_hostname), node->dns_hostname = strdup (val);
414	pcg	1.34	#endif
415	pcg	1.40	}
416			else if (!strcmp (var, "dns-port"))
417			{
418	pcg	1.34	#if ENABLE_DNS
419	pcg	1.40	node->dns_port = atoi (val);
420	pcg	1.34	#endif
421	pcg	1.40	}
422			else if (!strcmp (var, "dns-domain"))
423			{
424	pcg	1.34	#if ENABLE_DNS
425	pcg	1.40	free (node->domain), node->domain = strdup (val);
426	pcg	1.28	#endif
427	pcg	1.40	}
428			else if (!strcmp (var, "if-up-data"))
429			free (node->if_up_data), node->if_up_data = strdup (val);
430			else if (!strcmp (var, "router-priority"))
431			node->routerprio = atoi (val);
432			else if (!strcmp (var, "max-retry"))
433			node->max_retry = atoi (val);
434			else if (!strcmp (var, "connect"))
435			{
436			if (!strcmp (val, "ondemand"))
437			node->connectmode = conf_node::C_ONDEMAND;
438			else if (!strcmp (val, "never"))
439			node->connectmode = conf_node::C_NEVER;
440			else if (!strcmp (val, "always"))
441			node->connectmode = conf_node::C_ALWAYS;
442			else if (!strcmp (val, "disabled"))
443			node->connectmode = conf_node::C_DISABLED;
444			else
445			return _("illegal value for 'connectmode', use one of 'ondemand', 'never', 'always' or 'disabled'. (ignored)");
446			}
447			else if (!strcmp (var, "inherit-tos"))
448			parse_bool (node->inherit_tos, "inherit-tos", true, false);
449			else if (!strcmp (var, "compress"))
450			parse_bool (node->compress, "compress", true, false);
451			// all these bool options really really cost a lot of executable size!
452			else if (!strcmp (var, "enable-tcp"))
453			{
454	pcg	1.11	#if ENABLE_TCP
455	pcg	1.40	u8 v; parse_bool (v, "enable-tcp" , PROT_TCPv4, 0); node->protocols = (node->protocols & ~PROT_TCPv4) \| v;
456	pcg	1.13	#endif
457	pcg	1.40	}
458			else if (!strcmp (var, "enable-icmp"))
459			{
460	pcg	1.13	#if ENABLE_ICMP
461	pcg	1.40	u8 v; parse_bool (v, "enable-icmp" , PROT_ICMPv4, 0); node->protocols = (node->protocols & ~PROT_ICMPv4) \| v;
462	pcg	1.11	#endif
463	pcg	1.40	}
464			else if (!strcmp (var, "enable-dns"))
465			{
466	pcg	1.24	#if ENABLE_DNS
467	pcg	1.40	u8 v; parse_bool (v, "enable-dns" , PROT_DNSv4, 0); node->protocols = (node->protocols & ~PROT_DNSv4) \| v;
468	pcg	1.24	#endif
469	pcg	1.40	}
470			else if (!strcmp (var, "enable-udp"))
471			{
472			u8 v; parse_bool (v, "enable-udp" , PROT_UDPv4, 0); node->protocols = (node->protocols & ~PROT_UDPv4) \| v;
473			}
474			else if (!strcmp (var, "enable-rawip"))
475			{
476			u8 v; parse_bool (v, "enable-rawip", PROT_IPv4, 0); node->protocols = (node->protocols & ~PROT_IPv4 ) \| v;
477			}
478	pcg	1.42	else if (!strcmp (var, "allow-direct"))
479			node->allow_direct.push_back (strdup (val));
480			else if (!strcmp (var, "deny-direct"))
481			node->deny_direct.push_back (strdup (val));
482	pcg	1.43	else if (!strcmp (var, "max-ttl"))
483			node->max_ttl = atof (val);
484			else if (!strcmp (var, "max-queue"))
485	pcg	1.46	node->max_queue = atoi (val);
486	pcg	1.40
487			// unknown or misplaced
488			else
489			return _("unknown configuration directive. (ignored)");
490
491			return 0;
492			}
493
494	pcg	1.46	void conf_node::finalise ()
495			{
496			if (max_queue < 1)
497			{
498			slog (L_WARN, _("%s: max-queue value invalid, setting it to 1."), nodename);
499			max_queue = 1;
500			}
501
502	pcg	1.49	if (routerprio > 1 && (connectmode != C_ALWAYS && connectmode != C_DISABLED))
503	pcg	1.46	{
504	pcg	1.48	//slog (L_WARN, _("%s: has non-zero router-priority but either 'never' or 'ondemand' as connectmode, setting it to 'always'."), nodename);
505	pcg	1.46	connectmode = C_ALWAYS;
506			}
507			}
508
509	pcg	1.40	void configuration_parser::parse_argv ()
510			{
511			for (int i = 0; i < argc; ++i)
512			{
513			char *v = argv [i];
514
515			if (!*v)
516			continue;
517
518			char *enode = v;
519
520			while (enode != '.' && enode > ' ' && enode != '=' && enode)
521			enode++;
522
523			if (*enode != '.')
524			enode = 0;
525
526			char *wnode = node == &conf.default_node
527			? 0
528			: node->nodename;
529
530			if ((!wnode && !enode)
531			\|\| (wnode && enode && !strncmp (wnode, v, enode - v)))
532			{
533			const char *warn = parse_line (enode ? enode + 1 : v);
534
535			if (warn)
536			slog (L_WARN, _("%s, while parsing command line option '%s'."), warn, v);
537
538			*v = 0;
539			}
540			}
541			}
542
543			configuration_parser::configuration_parser (configuration &conf,
544			bool need_keys,
545			int argc,
546			char **argv)
547			: conf (conf),need_keys (need_keys), argc (argc), argv (argv)
548			{
549			char *fname;
550			FILE *f;
551
552			conf.clear ();
553
554			asprintf (&fname, "%s/gvpe.conf", confbase);
555			f = fopen (fname, "r");
556
557			if (f)
558			{
559			char line[16384];
560			int lineno = 0;
561			node = &conf.default_node;
562
563			while (fgets (line, sizeof (line), f))
564			{
565			lineno++;
566
567			const char *warn = parse_line (line);
568
569			if (warn)
570			slog (L_WARN, _("%s, at '%s', line %d."), warn, fname, lineno);
571	pcg	1.1	}
572
573			fclose (f);
574	pcg	1.40
575			parse_argv ();
576	pcg	1.1	}
577			else
578			{
579			slog (L_ERR, _("unable to read config file '%s': %s"), fname, strerror (errno));
580	pcg	1.22	exit (EXIT_FAILURE);
581	pcg	1.1	}
582
583			free (fname);
584
585	pcg	1.40	fname = conf.config_filename (conf.prikeyfile, "hostkey");
586	pcg	1.1
587			f = fopen (fname, "r");
588			if (f)
589			{
590	pcg	1.40	conf.rsa_key = RSA_new ();
591	pcg	1.1
592	pcg	1.40	if (!PEM_read_RSAPrivateKey (f, &conf.rsa_key, NULL, NULL))
593	pcg	1.1	{
594			ERR_load_RSA_strings (); ERR_load_PEM_strings ();
595			slog (L_ERR, _("unable to read private rsa key file '%s': %s"), fname, ERR_error_string (ERR_get_error (), 0));
596	pcg	1.22	exit (EXIT_FAILURE);
597	pcg	1.1	}
598
599	pcg	1.40	require (RSA_blinding_on (conf.rsa_key, 0));
600	pcg	1.1
601			fclose (f);
602			}
603			else
604			{
605			slog (need_keys ? L_ERR : L_NOTICE, _("unable to open private rsa key file '%s': %s"), fname, strerror (errno));
606
607			if (need_keys)
608	pcg	1.22	exit (EXIT_FAILURE);
609	pcg	1.1	}
610	pcg	1.22
611	pcg	1.23	if (need_keys && ::thisnode
612	pcg	1.40	&& conf.rsa_key && conf.thisnode && conf.thisnode->rsa_key)
613			if (BN_cmp (conf.rsa_key->n, conf.thisnode->rsa_key->n) != 0
614			\|\| BN_cmp (conf.rsa_key->e, conf.thisnode->rsa_key->e) != 0)
615	pcg	1.22	{
616			slog (L_NOTICE, _("private hostkey and public node key mismatch: is '%s' the correct node?"), ::thisnode);
617			exit (EXIT_FAILURE);
618			}
619	pcg	1.1
620			free (fname);
621	pcg	1.46
622			for (configuration::node_vector::iterator i = conf.nodes.begin(); i != conf.nodes.end(); ++i)
623			(*i)->finalise ();
624	pcg	1.1	}
625
626			char configuration::config_filename (const char name, const char *dflt)
627			{
628			char *fname;
629
630			asprintf (&fname, name ? name : dflt, ::thisnode);
631
632			if (!ABSOLUTE_PATH (fname))
633			{
634			char *rname = fname;
635			asprintf (&fname, "%s/%s", confbase, rname);
636			free (rname);
637			}
638
639			return fname;
640			}
641
642			void
643			configuration::print ()
644			{
645			printf (_("\nConfiguration\n\n"));
646			printf (_("# of nodes: %d\n"), nodes.size ());
647			printf (_("this node: %s\n"), thisnode ? thisnode->nodename : "<unset>");
648			printf (_("MTU: %d\n"), mtu);
649			printf (_("rekeying interval: %d\n"), rekey);
650			printf (_("keepalive interval: %d\n"), keepalive);
651			printf (_("interface: %s\n"), ifname);
652			printf (_("primary rsa key: %s\n"), prikeyfile ? prikeyfile : "<default>");
653	pcg	1.15	printf (_("rsa key size: %d\n"), rsa_key ? RSA_size (rsa_key) * 8 : -1);
654	pcg	1.1	printf ("\n");
655
656			printf ("%4s %-17s %s %-8.8s %-10.10s %s\n",
657			_("ID#"), _("MAC"), _("Com"), _("Conmode"), _("Node"), _("Host:Port"));
658
659			for (node_vector::iterator i = nodes.begin (); i != nodes.end (); ++i)
660			(*i)->print ();
661
662			printf ("\n");
663			}
664
665	pcg	1.12	configuration::configuration ()
666			{
667	pcg	1.27	asprintf (&confbase, "%s/gvpe", CONFDIR);
668	pcg	1.26
669	pcg	1.12	init ();
670			}
671
672			configuration::~configuration ()
673	pcg	1.1	{
674	pcg	1.12	cleanup ();
675	pcg	1.1	}
676	pcg	1.12
677	pcg	1.1