gvpe/src/conf.C

/*
    conf.c -- configuration code
    Copyright (C) 2003-2008 Marc Lehmann <gvpe@schmorp.de>
 
    This file is part of GVPE.

    GVPE is free software; you can redistribute it and/or modify it
    under the terms of the GNU General Public License as published by the
    Free Software Foundation; either version 3 of the License, or (at your
    option) any later version.
   
    This program is distributed in the hope that it will be useful, but
    WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General
    Public License for more details.
   
    You should have received a copy of the GNU General Public License along
    with this program; if not, see <http://www.gnu.org/licenses/>.
   
    Additional permission under GNU GPL version 3 section 7
   
    If you modify this Program, or any covered work, by linking or
    combining it with the OpenSSL project's OpenSSL library (or a modified
    version of that library), containing parts covered by the terms of the
    OpenSSL or SSLeay licenses, the licensors of this Program grant you
    additional permission to convey the resulting work.  Corresponding
    Source for a non-source form of such a combination shall include the
    source code for the parts of OpenSSL used as well as that of the
    covered work.
*/

#include "config.h"

#include <cstdio>
#include <cstdlib>
#include <cstring>

#include <errno.h>
#include <netdb.h>
#include <sys/stat.h>
#include <sys/types.h>
#include <unistd.h>

#include "netcompat.h"

#include <openssl/err.h>
#include <openssl/pem.h>
#include <openssl/rsa.h>
#include <openssl/rand.h>
#include <openssl/bn.h>

#include "conf.h"
#include "slog.h"
#include "util.h"

char *confbase;
char *thisnode;
char *identname;

struct configuration conf;

u8 best_protocol (u8 protset)
{
  if (protset & PROT_IPv4  ) return PROT_IPv4;
  if (protset & PROT_ICMPv4) return PROT_ICMPv4;
  if (protset & PROT_UDPv4 ) return PROT_UDPv4;
  if (protset & PROT_TCPv4 ) return PROT_TCPv4;
  if (protset & PROT_DNSv4 ) return PROT_DNSv4;

  return 0;
}

const char *strprotocol (u8 protocol)
{
  if (protocol & PROT_IPv4  ) return "rawip";
  if (protocol & PROT_ICMPv4) return "icmp";
  if (protocol & PROT_UDPv4 ) return "udp";
  if (protocol & PROT_TCPv4 ) return "tcp";
  if (protocol & PROT_DNSv4 ) return "dns";

  return "<unknown>";
}

static bool
match_list (const vector<const char *> &list, const char *str)
{
   for (vector<const char *>::const_iterator i = list.end (); i-- > list.begin (); )
     if ((*i)[0] == '*' && !(*i)[1])
       return true;
     else if (!strcmp (*i, str))
       return true;

   return false;
}

bool
conf_node::may_direct (struct conf_node *other)
{
  if (match_list (allow_direct, other->nodename))
    return true;

  if (match_list (deny_direct, other->nodename))
    return false;

  return true;
}

void
conf_node::print ()
{
  printf ("%4d  fe:fd:80:00:0%1x:%02x  %c  %-8.8s  %-10.10s  %s%s%d\n",
          id,
          id >> 8, id & 0xff,
          compress ? 'Y' : 'N',
          connectmode   == C_ONDEMAND ? "ondemand"
          : connectmode == C_NEVER    ? "never"
          : connectmode == C_ALWAYS   ? "always"
          : connectmode == C_DISABLED ? "disabled"
          :                             "",
          nodename,
          hostname ? hostname : "",
          hostname ? ":" : "",
          hostname ? udp_port : 0
          );
}

conf_node::~conf_node ()
{
#if 0
  // does not work, because string pointers etc. are shared
  // is not called, however
  if (rsa_key)
    RSA_free (rsa_key);

  free (nodename);
  free (hostname);
  free (if_up_data);
#if ENABLE_DNS
  free (domain);
  free (dns_hostname);
#endif
#endif
}

void configuration::init ()
{
  memset (this, 0, sizeof (*this));

  mtu       = DEFAULT_MTU;
  nfmark    = 0;
  rekey     = DEFAULT_REKEY;
  keepalive = DEFAULT_KEEPALIVE;
  llevel    = L_INFO;
  ip_proto  = IPPROTO_GRE;
#if ENABLE_ICMP
  icmp_type = ICMP_ECHOREPLY;
#endif

  default_node.udp_port    = DEFAULT_UDPPORT;
  default_node.tcp_port    = DEFAULT_UDPPORT; // ehrm
  default_node.connectmode = conf_node::C_ALWAYS;
  default_node.compress    = true;
  default_node.protocols   = 0;
  default_node.max_retry   = DEFAULT_MAX_RETRY;
  default_node.max_ttl     = DEFAULT_MAX_TTL;
  default_node.max_queue   = DEFAULT_MAX_QUEUE;
  default_node.if_up_data  = strdup ("");

#if ENABLE_DNS
  default_node.dns_port    = 0; // default is 0 == client

  dns_forw_host       = strdup ("127.0.0.1");
  dns_forw_port       = 53;
  dns_timeout_factor  = DEFAULT_DNS_TIMEOUT_FACTOR;
  dns_send_interval   = DEFAULT_DNS_SEND_INTERVAL;
  dns_overlap_factor  = DEFAULT_DNS_OVERLAP_FACTOR;
  dns_max_outstanding = DEFAULT_DNS_MAX_OUTSTANDING;
#endif

  conf.pidfilename = strdup (LOCALSTATEDIR "/run/gvpe.pid");
}

void configuration::cleanup()
{
  if (rsa_key)
    RSA_free (rsa_key);

  rsa_key = 0;

  free (pidfilename);        pidfilename        = 0;
  free (ifname);             ifname             = 0;
#if ENABLE_HTTP_PROXY                           
  free (proxy_host);         proxy_host         = 0;
  free (proxy_auth);         proxy_auth         = 0;
#endif                                          
#if ENABLE_DNS                                  
  free (dns_forw_host);      dns_forw_host      = 0;
#endif
  free (script_if_up);       script_if_up       = 0;
  free (script_node_up);     script_node_up     = 0;
  free (script_node_change); script_node_change = 0;
  free (script_node_down);   script_node_down   = 0;
}

void
configuration::clear ()
{
  for (configuration::node_vector::iterator i = nodes.begin(); i != nodes.end(); ++i)
    delete *i;

  nodes.clear ();

  cleanup ();
  init ();
}

#define parse_bool(target,name,trueval,falseval) do {           \
  if      (!strcmp (val, "yes"))        target = trueval;       \
  else if (!strcmp (val, "no"))         target = falseval;      \
  else if (!strcmp (val, "true"))       target = trueval;       \
  else if (!strcmp (val, "false"))      target = falseval;      \
  else if (!strcmp (val, "on"))         target = trueval;       \
  else if (!strcmp (val, "off"))        target = falseval;      \
  else                                                          \
    return _("illegal boolean value, only 'yes|true|on' or 'no|false|off' allowed. (ignored)"); \
} while (0)

const char *
configuration_parser::parse_line (char *line)
{
  {
    char *end = line + strlen (line);

    while (*end < ' ' && end >= line)
      end--;

    *++end = 0;
  }

  char *tok = line;
  const char *var = strtok (tok, "\t =");
  tok = 0;

  if (!var || !var[0])
    return 0;           /* no tokens on this line */

  if (var[0] == '#')
    return 0;           /* comment: ignore */

  char *val = strtok (NULL, "\t\n\r =");

  if (!val || val[0] == '#')
    return _("no value given for variable. (ignored)");

  if (!strcmp (var, "on"))
    {
      if (!::thisnode
          || (val[0] == '!' && strcmp (val + 1, ::thisnode))
          || !strcmp (val, ::thisnode))
        return parse_line (strtok (NULL, "\n\r"));
      else
        return 0;
    }

  // truly global
  if (!strcmp (var, "loglevel"))
    {
      loglevel l = string_to_loglevel (val);

      if (l == L_NONE)
        return _("unknown loglevel. (skipping)");
    }
  else if (!strcmp (var, "ip-proto"))
    conf.ip_proto = atoi (val);
  else if (!strcmp (var, "icmp-type"))
    {
#if ENABLE_ICMP
      conf.icmp_type = atoi (val);
#endif
    }

  // per config
  else if (!strcmp (var, "node"))
    {
      parse_argv ();

      conf.default_node.id++;
      node = new conf_node (conf.default_node);
      conf.nodes.push_back (node);
      node->nodename = strdup (val);

      {
        char *fname;
        FILE *f;

        asprintf (&fname, "%s/pubkey/%s", confbase, node->nodename);

        f = fopen (fname, "r");
        if (f)
          {
            node->rsa_key = RSA_new ();

            if (!PEM_read_RSAPublicKey(f, &node->rsa_key, NULL, NULL))
              {
                ERR_load_RSA_strings (); ERR_load_PEM_strings ();
                slog (L_ERR, _("unable to open public rsa key file '%s': %s"), fname, ERR_error_string (ERR_get_error (), 0));
                exit (EXIT_FAILURE);
              }

            require (RSA_blinding_on (node->rsa_key, 0));

            fclose (f);
          }
        else
          {
            slog (need_keys ? L_ERR : L_NOTICE, _("unable to read public rsa key file '%s': %s"), fname, strerror (errno));

            if (need_keys)
              exit (EXIT_FAILURE);
          }

        free (fname);
      }

      if (::thisnode && !strcmp (node->nodename, ::thisnode))
        conf.thisnode = node;
    }
  else if (!strcmp (var, "private-key"))
    free (conf.prikeyfile), conf.prikeyfile = strdup (val);
  else if (!strcmp (var, "ifpersist"))
    parse_bool (conf.ifpersist, "ifpersist", true, false);
  else if (!strcmp (var, "ifname"))
    free (conf.ifname), conf.ifname = strdup (val);
  else if (!strcmp (var, "rekey"))
    conf.rekey = atoi (val);
  else if (!strcmp (var, "keepalive"))
    conf.keepalive = atoi (val);
  else if (!strcmp (var, "mtu"))
    conf.mtu = atoi (val);
  else if (!strcmp (var, "nfmark"))
    conf.nfmark = atoi (val);
  else if (!strcmp (var, "if-up"))
    free (conf.script_if_up), conf.script_if_up = strdup (val);
  else if (!strcmp (var, "node-up"))
    free (conf.script_node_up), conf.script_node_up = strdup (val);
  else if (!strcmp (var, "node-change"))
    free (conf.script_node_change), conf.script_node_change = strdup (val);
  else if (!strcmp (var, "node-down"))
    free (conf.script_node_down), conf.script_node_down = strdup (val);
  else if (!strcmp (var, "pid-file"))
    free (conf.pidfilename), conf.pidfilename = strdup (val);
  else if (!strcmp (var, "dns-forw-host"))
    {
#if ENABLE_DNS
      free (conf.dns_forw_host), conf.dns_forw_host = strdup (val);
#endif
    }
  else if (!strcmp (var, "dns-forw-port"))
    {
#if ENABLE_DNS
      conf.dns_forw_port = atoi (val);
#endif
    }
  else if (!strcmp (var, "dns-timeout-factor"))
    {
#if ENABLE_DNS
      conf.dns_timeout_factor = atof (val);
#endif
    }
  else if (!strcmp (var, "dns-send-interval"))
    {
#if ENABLE_DNS
      conf.dns_send_interval = atoi (val);
#endif
    }
  else if (!strcmp (var, "dns-overlap-factor"))
    {
#if ENABLE_DNS
      conf.dns_overlap_factor = atof (val);
#endif
    }
  else if (!strcmp (var, "dns-max-outstanding"))
    {
#if ENABLE_DNS
      conf.dns_max_outstanding = atoi (val);
#endif
    }
  else if (!strcmp (var, "http-proxy-host"))
    {
#if ENABLE_HTTP_PROXY
      free (conf.proxy_host), conf.proxy_host = strdup (val);
#endif
    }
  else if (!strcmp (var, "http-proxy-port"))
    {
#if ENABLE_HTTP_PROXY
      conf.proxy_port = atoi (val);
#endif
    }
  else if (!strcmp (var, "http-proxy-auth"))
    {
#if ENABLE_HTTP_PROXY
      conf.proxy_auth = (char *)base64_encode ((const u8 *)val, strlen (val));
#endif
    }

  /* node-specific, non-defaultable */
  else if (node != &conf.default_node && !strcmp (var, "hostname"))
    free (node->hostname), node->hostname = strdup (val);

  /* node-specific, defaultable */
  else if (!strcmp (var, "udp-port"))
    node->udp_port = atoi (val);
  else if (!strcmp (var, "tcp-port"))
    node->tcp_port = atoi (val);
  else if (!strcmp (var, "dns-hostname"))
    {
#if ENABLE_DNS
      free (node->dns_hostname), node->dns_hostname = strdup (val);
#endif
    }
  else if (!strcmp (var, "dns-port"))
    {
#if ENABLE_DNS
      node->dns_port = atoi (val);
#endif
    }
  else if (!strcmp (var, "dns-domain"))
    {
#if ENABLE_DNS
      free (node->domain), node->domain = strdup (val);
#endif
    }
  else if (!strcmp (var, "if-up-data"))
    free (node->if_up_data), node->if_up_data = strdup (val);
  else if (!strcmp (var, "router-priority"))
    node->routerprio = atoi (val);
  else if (!strcmp (var, "max-retry"))
    node->max_retry = atoi (val);
  else if (!strcmp (var, "connect"))
    {
      if (!strcmp (val, "ondemand"))
        node->connectmode = conf_node::C_ONDEMAND;
      else if (!strcmp (val, "never"))
        node->connectmode = conf_node::C_NEVER;
      else if (!strcmp (val, "always"))
        node->connectmode = conf_node::C_ALWAYS;
      else if (!strcmp (val, "disabled"))
        node->connectmode = conf_node::C_DISABLED;
      else
        return _("illegal value for 'connectmode', use one of 'ondemand', 'never', 'always' or 'disabled'. (ignored)");
    }
  else if (!strcmp (var, "inherit-tos"))
    parse_bool (node->inherit_tos, "inherit-tos", true, false);
  else if (!strcmp (var, "compress"))
    parse_bool (node->compress, "compress", true, false);
  // all these bool options really really cost a lot of executable size!
  else if (!strcmp (var, "enable-tcp"))
    {
#if ENABLE_TCP
      u8 v; parse_bool (v, "enable-tcp" , PROT_TCPv4, 0); node->protocols = (node->protocols & ~PROT_TCPv4) | v;
#endif
    }
  else if (!strcmp (var, "enable-icmp"))
    {
#if ENABLE_ICMP
      u8 v; parse_bool (v, "enable-icmp" , PROT_ICMPv4, 0); node->protocols = (node->protocols & ~PROT_ICMPv4) | v;
#endif
    }
  else if (!strcmp (var, "enable-dns"))
    {
#if ENABLE_DNS
      u8 v; parse_bool (v, "enable-dns" , PROT_DNSv4, 0); node->protocols = (node->protocols & ~PROT_DNSv4) | v;
#endif
    }
  else if (!strcmp (var, "enable-udp"))
    {
      u8 v; parse_bool (v, "enable-udp" , PROT_UDPv4, 0); node->protocols = (node->protocols & ~PROT_UDPv4) | v;
    }
  else if (!strcmp (var, "enable-rawip"))
    {
      u8 v; parse_bool (v, "enable-rawip", PROT_IPv4, 0); node->protocols = (node->protocols & ~PROT_IPv4 ) | v;
    }
  else if (!strcmp (var, "allow-direct"))
    node->allow_direct.push_back (strdup (val));
  else if (!strcmp (var, "deny-direct"))
    node->deny_direct.push_back (strdup (val));
  else if (!strcmp (var, "max-ttl"))
    node->max_ttl = atof (val);
  else if (!strcmp (var, "max-queue"))
    node->max_queue = atoi (val);

  // unknown or misplaced
  else
    return _("unknown configuration directive. (ignored)");

  return 0;
}

void conf_node::finalise ()
{
  if (max_queue < 1)
    {
      slog (L_WARN, _("%s: max-queue value invalid, setting it to 1."), nodename);
      max_queue = 1;
    }

  if (routerprio > 1 && (connectmode != C_ALWAYS && connectmode != C_DISABLED))
    {
      //slog (L_WARN, _("%s: has non-zero router-priority but either 'never' or 'ondemand' as connectmode, setting it to 'always'."), nodename);
      connectmode = C_ALWAYS;
    }
}

void configuration_parser::parse_argv ()
{
  for (int i = 0; i < argc; ++i)
    {
      char *v = argv [i];

      if (!*v)
        continue;

      char *enode = v;

      while (*enode != '.' && *enode > ' ' && *enode != '=' && *enode)
        enode++;

      if (*enode != '.')
        enode = 0;

      char *wnode = node == &conf.default_node
                    ? 0
                    : node->nodename;

      if ((!wnode && !enode)
          || (wnode && enode && !strncmp (wnode, v, enode - v)))
        {
          const char *warn = parse_line (enode ? enode + 1 : v);

          if (warn)
            slog (L_WARN, _("%s, while parsing command line option '%s'."), warn, v);

          *v = 0;
        }
    }
}

configuration_parser::configuration_parser (configuration &conf,
                                            bool need_keys,
                                            int argc,
                                            char **argv)
: conf (conf),need_keys (need_keys), argc (argc), argv (argv)
{
  char *fname;
  FILE *f;

  conf.clear ();

  asprintf (&fname, "%s/gvpe.conf", confbase);
  f = fopen (fname, "r");

  if (f)
    {
      char line[16384];
      int lineno = 0;
      node = &conf.default_node;

      while (fgets (line, sizeof (line), f))
        {
          lineno++;

          const char *warn = parse_line (line);

          if (warn)
            slog (L_WARN, _("%s, at '%s', line %d."), warn, fname, lineno);
        }

      fclose (f);

      parse_argv ();
    }
  else
    {
      slog (L_ERR, _("unable to read config file '%s': %s"), fname, strerror (errno));
      exit (EXIT_FAILURE);
    }

  free (fname);

  fname = conf.config_filename (conf.prikeyfile, "hostkey");

  f = fopen (fname, "r");
  if (f)
    {
      conf.rsa_key = RSA_new ();

      if (!PEM_read_RSAPrivateKey (f, &conf.rsa_key, NULL, NULL))
        {
          ERR_load_RSA_strings (); ERR_load_PEM_strings ();
          slog (L_ERR, _("unable to read private rsa key file '%s': %s"), fname, ERR_error_string (ERR_get_error (), 0));
          exit (EXIT_FAILURE);
        }

      require (RSA_blinding_on (conf.rsa_key, 0));

      fclose (f);
    }
  else
    {
      slog (need_keys ? L_ERR : L_NOTICE, _("unable to open private rsa key file '%s': %s"), fname, strerror (errno));

      if (need_keys)
        exit (EXIT_FAILURE);
    }

  if (need_keys && ::thisnode
      && conf.rsa_key && conf.thisnode && conf.thisnode->rsa_key)
    if (BN_cmp (conf.rsa_key->n, conf.thisnode->rsa_key->n) != 0
        || BN_cmp (conf.rsa_key->e, conf.thisnode->rsa_key->e) != 0)
      {
        slog (L_NOTICE, _("private hostkey and public node key mismatch: is '%s' the correct node?"), ::thisnode);
        exit (EXIT_FAILURE);
      }

  free (fname);

  for (configuration::node_vector::iterator i = conf.nodes.begin(); i != conf.nodes.end(); ++i)
    (*i)->finalise ();
}

char *configuration::config_filename (const char *name, const char *dflt)
{
  char *fname;

  asprintf (&fname, name ? name : dflt, ::thisnode);

  if (!ABSOLUTE_PATH (fname))
    {
      char *rname = fname;
      asprintf (&fname, "%s/%s", confbase, rname);
      free (rname);
    }

  return fname;
}

void
configuration::print ()
{
  printf (_("\nConfiguration\n\n"));
  printf (_("# of nodes:         %d\n"), nodes.size ());
  printf (_("this node:          %s\n"), thisnode ? thisnode->nodename : "<unset>");
  printf (_("MTU:                %d\n"), mtu);
  printf (_("rekeying interval:  %d\n"), rekey);
  printf (_("keepalive interval: %d\n"), keepalive);
  printf (_("interface:          %s\n"), ifname);
  printf (_("primary rsa key:    %s\n"), prikeyfile ? prikeyfile : "<default>");
  printf (_("rsa key size:       %d\n"), rsa_key ? RSA_size (rsa_key) * 8 : -1);
  printf ("\n");

  printf ("%4s  %-17s %s %-8.8s  %-10.10s  %s\n",
          _("ID#"), _("MAC"), _("Com"), _("Conmode"), _("Node"), _("Host:Port"));

  for (node_vector::iterator i = nodes.begin (); i != nodes.end (); ++i)
    (*i)->print ();

  printf ("\n");
}

configuration::configuration ()
{
  asprintf (&confbase, "%s/gvpe", CONFDIR);

  init ();
}

configuration::~configuration ()
{
  cleanup ();
}


Revision:	1.51
Committed:	Sat Jul 18 05:59:16 2009 UTC (14 years, 10 months ago) by pcg
Content type:	text/plain
Branch:	MAIN
Changes since 1.50:	+15 -9 lines
Log Message:	riddify us of meta.yml garbage in manifest
#	User	Rev	Content
1	pcg	1.1	/*
2			conf.c -- configuration code
3	pcg	1.44	Copyright (C) 2003-2008 Marc Lehmann <gvpe@schmorp.de>
4	pcg	1.1
5	pcg	1.31	This file is part of GVPE.
6
7	pcg	1.44	GVPE is free software; you can redistribute it and/or modify it
8			under the terms of the GNU General Public License as published by the
9			Free Software Foundation; either version 3 of the License, or (at your
10			option) any later version.
11
12			This program is distributed in the hope that it will be useful, but
13			WITHOUT ANY WARRANTY; without even the implied warranty of
14			MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General
15			Public License for more details.
16
17			You should have received a copy of the GNU General Public License along
18			with this program; if not, see <http://www.gnu.org/licenses/>.
19
20			Additional permission under GNU GPL version 3 section 7
21
22			If you modify this Program, or any covered work, by linking or
23			combining it with the OpenSSL project's OpenSSL library (or a modified
24			version of that library), containing parts covered by the terms of the
25			OpenSSL or SSLeay licenses, the licensors of this Program grant you
26			additional permission to convey the resulting work. Corresponding
27			Source for a non-source form of such a combination shall include the
28			source code for the parts of OpenSSL used as well as that of the
29			covered work.
30	pcg	1.1	*/
31
32			#include "config.h"
33
34			#include <cstdio>
35			#include <cstdlib>
36			#include <cstring>
37
38			#include <errno.h>
39			#include <netdb.h>
40			#include <sys/stat.h>
41			#include <sys/types.h>
42			#include <unistd.h>
43
44	pcg	1.17	#include "netcompat.h"
45	pcg	1.5
46	pcg	1.1	#include <openssl/err.h>
47			#include <openssl/pem.h>
48			#include <openssl/rsa.h>
49			#include <openssl/rand.h>
50	pcg	1.22	#include <openssl/bn.h>
51	pcg	1.1
52			#include "conf.h"
53			#include "slog.h"
54			#include "util.h"
55
56			char *confbase;
57			char *thisnode;
58			char *identname;
59
60			struct configuration conf;
61
62	pcg	1.7	u8 best_protocol (u8 protset)
63			{
64	pcg	1.13	if (protset & PROT_IPv4 ) return PROT_IPv4;
65			if (protset & PROT_ICMPv4) return PROT_ICMPv4;
66			if (protset & PROT_UDPv4 ) return PROT_UDPv4;
67			if (protset & PROT_TCPv4 ) return PROT_TCPv4;
68	pcg	1.24	if (protset & PROT_DNSv4 ) return PROT_DNSv4;
69	pcg	1.7
70	pcg	1.9	return 0;
71	pcg	1.7	}
72
73			const char *strprotocol (u8 protocol)
74			{
75	pcg	1.13	if (protocol & PROT_IPv4 ) return "rawip";
76			if (protocol & PROT_ICMPv4) return "icmp";
77			if (protocol & PROT_UDPv4 ) return "udp";
78			if (protocol & PROT_TCPv4 ) return "tcp";
79	pcg	1.24	if (protocol & PROT_DNSv4 ) return "dns";
80	pcg	1.7
81			return "<unknown>";
82			}
83
84	pcg	1.42	static bool
85			match_list (const vector<const char > &list, const char str)
86			{
87			for (vector<const char *>::const_iterator i = list.end (); i-- > list.begin (); )
88			if ((i)[0] == '' && !(*i)[1])
89			return true;
90			else if (!strcmp (*i, str))
91			return true;
92
93			return false;
94			}
95
96			bool
97	pcg	1.46	conf_node::may_direct (struct conf_node *other)
98	pcg	1.42	{
99			if (match_list (allow_direct, other->nodename))
100			return true;
101
102			if (match_list (deny_direct, other->nodename))
103			return false;
104
105			return true;
106			}
107
108	pcg	1.12	void
109			conf_node::print ()
110	pcg	1.1	{
111	pcg	1.12	printf ("%4d fe:fd:80:00:0%1x:%02x %c %-8.8s %-10.10s %s%s%d\n",
112			id,
113			id >> 8, id & 0xff,
114			compress ? 'Y' : 'N',
115	pcg	1.46	connectmode == C_ONDEMAND ? "ondemand"
116			: connectmode == C_NEVER ? "never"
117			: connectmode == C_ALWAYS ? "always"
118			: connectmode == C_DISABLED ? "disabled"
119			: "",
120	pcg	1.12	nodename,
121			hostname ? hostname : "",
122			hostname ? ":" : "",
123			hostname ? udp_port : 0
124			);
125	pcg	1.1	}
126
127	pcg	1.12	conf_node::~conf_node ()
128	pcg	1.1	{
129	pcg	1.39	#if 0
130			// does not work, because string pointers etc. are shared
131			// is not called, however
132	pcg	1.12	if (rsa_key)
133			RSA_free (rsa_key);
134
135			free (nodename);
136			free (hostname);
137	pcg	1.39	free (if_up_data);
138	pcg	1.30	#if ENABLE_DNS
139	pcg	1.28	free (domain);
140	pcg	1.30	free (dns_hostname);
141			#endif
142	pcg	1.39	#endif
143	pcg	1.1	}
144
145			void configuration::init ()
146			{
147			memset (this, 0, sizeof (*this));
148
149	pcg	1.19	mtu = DEFAULT_MTU;
150	pcg	1.50	nfmark = 0;
151	pcg	1.1	rekey = DEFAULT_REKEY;
152			keepalive = DEFAULT_KEEPALIVE;
153	pcg	1.2	llevel = L_INFO;
154	pcg	1.5	ip_proto = IPPROTO_GRE;
155	pcg	1.16	#if ENABLE_ICMP
156	pcg	1.13	icmp_type = ICMP_ECHOREPLY;
157	pcg	1.16	#endif
158	pcg	1.1
159	pcg	1.5	default_node.udp_port = DEFAULT_UDPPORT;
160	pcg	1.24	default_node.tcp_port = DEFAULT_UDPPORT; // ehrm
161	pcg	1.1	default_node.connectmode = conf_node::C_ALWAYS;
162			default_node.compress = true;
163	pcg	1.29	default_node.protocols = 0;
164	pcg	1.27	default_node.max_retry = DEFAULT_MAX_RETRY;
165	pcg	1.43	default_node.max_ttl = DEFAULT_MAX_TTL;
166			default_node.max_queue = DEFAULT_MAX_QUEUE;
167	pcg	1.39	default_node.if_up_data = strdup ("");
168	pcg	1.25
169	pcg	1.30	#if ENABLE_DNS
170	pcg	1.32	default_node.dns_port = 0; // default is 0 == client
171	pcg	1.38
172			dns_forw_host = strdup ("127.0.0.1");
173			dns_forw_port = 53;
174			dns_timeout_factor = DEFAULT_DNS_TIMEOUT_FACTOR;
175			dns_send_interval = DEFAULT_DNS_SEND_INTERVAL;
176			dns_overlap_factor = DEFAULT_DNS_OVERLAP_FACTOR;
177			dns_max_outstanding = DEFAULT_DNS_MAX_OUTSTANDING;
178	pcg	1.30	#endif
179
180	pcg	1.27	conf.pidfilename = strdup (LOCALSTATEDIR "/run/gvpe.pid");
181	pcg	1.1	}
182
183			void configuration::cleanup()
184			{
185			if (rsa_key)
186			RSA_free (rsa_key);
187
188	pcg	1.12	rsa_key = 0;
189	pcg	1.1
190	pcg	1.51	free (pidfilename); pidfilename = 0;
191			free (ifname); ifname = 0;
192			#if ENABLE_HTTP_PROXY
193			free (proxy_host); proxy_host = 0;
194			free (proxy_auth); proxy_auth = 0;
195			#endif
196			#if ENABLE_DNS
197			free (dns_forw_host); dns_forw_host = 0;
198			#endif
199			free (script_if_up); script_if_up = 0;
200			free (script_node_up); script_node_up = 0;
201			free (script_node_change); script_node_change = 0;
202			free (script_node_down); script_node_down = 0;
203	pcg	1.1	}
204
205			void
206	pcg	1.40	configuration::clear ()
207	pcg	1.1	{
208			for (configuration::node_vector::iterator i = nodes.begin(); i != nodes.end(); ++i)
209			delete *i;
210
211			nodes.clear ();
212
213			cleanup ();
214			init ();
215			}
216
217	pcg	1.37	#define parse_bool(target,name,trueval,falseval) do { \
218			if (!strcmp (val, "yes")) target = trueval; \
219	pcg	1.5	else if (!strcmp (val, "no")) target = falseval; \
220			else if (!strcmp (val, "true")) target = trueval; \
221			else if (!strcmp (val, "false")) target = falseval; \
222			else if (!strcmp (val, "on")) target = trueval; \
223			else if (!strcmp (val, "off")) target = falseval; \
224			else \
225	pcg	1.40	return _("illegal boolean value, only 'yes\|true\|on' or 'no\|false\|off' allowed. (ignored)"); \
226	pcg	1.37	} while (0)
227	pcg	1.5
228	pcg	1.40	const char *
229			configuration_parser::parse_line (char *line)
230	pcg	1.1	{
231	pcg	1.40	{
232			char *end = line + strlen (line);
233
234			while (*end < ' ' && end >= line)
235			end--;
236	pcg	1.1
237	pcg	1.40	*++end = 0;
238			}
239	pcg	1.1
240	pcg	1.40	char *tok = line;
241			const char *var = strtok (tok, "\t =");
242			tok = 0;
243	pcg	1.1
244	pcg	1.40	if (!var \|\| !var[0])
245			return 0; /* no tokens on this line */
246	pcg	1.1
247	pcg	1.40	if (var[0] == '#')
248			return 0; /* comment: ignore */
249	pcg	1.1
250	pcg	1.40	char *val = strtok (NULL, "\t\n\r =");
251	pcg	1.1
252	pcg	1.40	if (!val \|\| val[0] == '#')
253			return _("no value given for variable. (ignored)");
254	pcg	1.1
255	pcg	1.40	if (!strcmp (var, "on"))
256			{
257			if (!::thisnode
258			\|\| (val[0] == '!' && strcmp (val + 1, ::thisnode))
259			\|\| !strcmp (val, ::thisnode))
260			return parse_line (strtok (NULL, "\n\r"));
261			else
262			return 0;
263			}
264	pcg	1.1
265	pcg	1.40	// truly global
266			if (!strcmp (var, "loglevel"))
267			{
268			loglevel l = string_to_loglevel (val);
269	pcg	1.1
270	pcg	1.40	if (l == L_NONE)
271			return _("unknown loglevel. (skipping)");
272			}
273			else if (!strcmp (var, "ip-proto"))
274			conf.ip_proto = atoi (val);
275			else if (!strcmp (var, "icmp-type"))
276			{
277	pcg	1.16	#if ENABLE_ICMP
278	pcg	1.40	conf.icmp_type = atoi (val);
279	pcg	1.16	#endif
280	pcg	1.40	}
281	pcg	1.1
282	pcg	1.40	// per config
283			else if (!strcmp (var, "node"))
284			{
285			parse_argv ();
286	pcg	1.1
287	pcg	1.40	conf.default_node.id++;
288			node = new conf_node (conf.default_node);
289			conf.nodes.push_back (node);
290			node->nodename = strdup (val);
291	pcg	1.1
292	pcg	1.40	{
293			char *fname;
294			FILE *f;
295
296			asprintf (&fname, "%s/pubkey/%s", confbase, node->nodename);
297	pcg	1.1
298	pcg	1.40	f = fopen (fname, "r");
299			if (f)
300			{
301			node->rsa_key = RSA_new ();
302	pcg	1.1
303	pcg	1.40	if (!PEM_read_RSAPublicKey(f, &node->rsa_key, NULL, NULL))
304	pcg	1.1	{
305	pcg	1.40	ERR_load_RSA_strings (); ERR_load_PEM_strings ();
306			slog (L_ERR, _("unable to open public rsa key file '%s': %s"), fname, ERR_error_string (ERR_get_error (), 0));
307			exit (EXIT_FAILURE);
308			}
309
310			require (RSA_blinding_on (node->rsa_key, 0));
311	pcg	1.1
312	pcg	1.40	fclose (f);
313			}
314			else
315			{
316			slog (need_keys ? L_ERR : L_NOTICE, _("unable to read public rsa key file '%s': %s"), fname, strerror (errno));
317	pcg	1.1
318	pcg	1.40	if (need_keys)
319			exit (EXIT_FAILURE);
320			}
321	pcg	1.1
322	pcg	1.40	free (fname);
323			}
324	pcg	1.1
325	pcg	1.40	if (::thisnode && !strcmp (node->nodename, ::thisnode))
326			conf.thisnode = node;
327			}
328			else if (!strcmp (var, "private-key"))
329			free (conf.prikeyfile), conf.prikeyfile = strdup (val);
330			else if (!strcmp (var, "ifpersist"))
331			parse_bool (conf.ifpersist, "ifpersist", true, false);
332			else if (!strcmp (var, "ifname"))
333			free (conf.ifname), conf.ifname = strdup (val);
334			else if (!strcmp (var, "rekey"))
335			conf.rekey = atoi (val);
336			else if (!strcmp (var, "keepalive"))
337			conf.keepalive = atoi (val);
338			else if (!strcmp (var, "mtu"))
339			conf.mtu = atoi (val);
340	pcg	1.50	else if (!strcmp (var, "nfmark"))
341			conf.nfmark = atoi (val);
342	pcg	1.40	else if (!strcmp (var, "if-up"))
343			free (conf.script_if_up), conf.script_if_up = strdup (val);
344			else if (!strcmp (var, "node-up"))
345			free (conf.script_node_up), conf.script_node_up = strdup (val);
346	pcg	1.51	else if (!strcmp (var, "node-change"))
347			free (conf.script_node_change), conf.script_node_change = strdup (val);
348	pcg	1.40	else if (!strcmp (var, "node-down"))
349			free (conf.script_node_down), conf.script_node_down = strdup (val);
350			else if (!strcmp (var, "pid-file"))
351			free (conf.pidfilename), conf.pidfilename = strdup (val);
352			else if (!strcmp (var, "dns-forw-host"))
353			{
354	pcg	1.30	#if ENABLE_DNS
355	pcg	1.40	free (conf.dns_forw_host), conf.dns_forw_host = strdup (val);
356	pcg	1.34	#endif
357	pcg	1.40	}
358			else if (!strcmp (var, "dns-forw-port"))
359			{
360	pcg	1.34	#if ENABLE_DNS
361	pcg	1.40	conf.dns_forw_port = atoi (val);
362	pcg	1.28	#endif
363	pcg	1.40	}
364			else if (!strcmp (var, "dns-timeout-factor"))
365			{
366	pcg	1.38	#if ENABLE_DNS
367	pcg	1.40	conf.dns_timeout_factor = atof (val);
368	pcg	1.38	#endif
369	pcg	1.40	}
370			else if (!strcmp (var, "dns-send-interval"))
371			{
372	pcg	1.38	#if ENABLE_DNS
373	pcg	1.40	conf.dns_send_interval = atoi (val);
374	pcg	1.38	#endif
375	pcg	1.40	}
376			else if (!strcmp (var, "dns-overlap-factor"))
377			{
378	pcg	1.38	#if ENABLE_DNS
379	pcg	1.40	conf.dns_overlap_factor = atof (val);
380	pcg	1.38	#endif
381	pcg	1.40	}
382			else if (!strcmp (var, "dns-max-outstanding"))
383			{
384	pcg	1.38	#if ENABLE_DNS
385	pcg	1.40	conf.dns_max_outstanding = atoi (val);
386	pcg	1.38	#endif
387	pcg	1.40	}
388			else if (!strcmp (var, "http-proxy-host"))
389			{
390	pcg	1.12	#if ENABLE_HTTP_PROXY
391	pcg	1.40	free (conf.proxy_host), conf.proxy_host = strdup (val);
392	pcg	1.20	#endif
393	pcg	1.40	}
394			else if (!strcmp (var, "http-proxy-port"))
395			{
396	pcg	1.20	#if ENABLE_HTTP_PROXY
397	pcg	1.40	conf.proxy_port = atoi (val);
398	pcg	1.20	#endif
399	pcg	1.40	}
400			else if (!strcmp (var, "http-proxy-auth"))
401			{
402	pcg	1.20	#if ENABLE_HTTP_PROXY
403	pcg	1.40	conf.proxy_auth = (char )base64_encode ((const u8 )val, strlen (val));
404	pcg	1.12	#endif
405	pcg	1.40	}
406	pcg	1.1
407	pcg	1.40	/* node-specific, non-defaultable */
408			else if (node != &conf.default_node && !strcmp (var, "hostname"))
409			free (node->hostname), node->hostname = strdup (val);
410
411			/* node-specific, defaultable */
412			else if (!strcmp (var, "udp-port"))
413			node->udp_port = atoi (val);
414			else if (!strcmp (var, "tcp-port"))
415			node->tcp_port = atoi (val);
416			else if (!strcmp (var, "dns-hostname"))
417			{
418	pcg	1.30	#if ENABLE_DNS
419	pcg	1.40	free (node->dns_hostname), node->dns_hostname = strdup (val);
420	pcg	1.34	#endif
421	pcg	1.40	}
422			else if (!strcmp (var, "dns-port"))
423			{
424	pcg	1.34	#if ENABLE_DNS
425	pcg	1.40	node->dns_port = atoi (val);
426	pcg	1.34	#endif
427	pcg	1.40	}
428			else if (!strcmp (var, "dns-domain"))
429			{
430	pcg	1.34	#if ENABLE_DNS
431	pcg	1.40	free (node->domain), node->domain = strdup (val);
432	pcg	1.28	#endif
433	pcg	1.40	}
434			else if (!strcmp (var, "if-up-data"))
435			free (node->if_up_data), node->if_up_data = strdup (val);
436			else if (!strcmp (var, "router-priority"))
437			node->routerprio = atoi (val);
438			else if (!strcmp (var, "max-retry"))
439			node->max_retry = atoi (val);
440			else if (!strcmp (var, "connect"))
441			{
442			if (!strcmp (val, "ondemand"))
443			node->connectmode = conf_node::C_ONDEMAND;
444			else if (!strcmp (val, "never"))
445			node->connectmode = conf_node::C_NEVER;
446			else if (!strcmp (val, "always"))
447			node->connectmode = conf_node::C_ALWAYS;
448			else if (!strcmp (val, "disabled"))
449			node->connectmode = conf_node::C_DISABLED;
450			else
451			return _("illegal value for 'connectmode', use one of 'ondemand', 'never', 'always' or 'disabled'. (ignored)");
452			}
453			else if (!strcmp (var, "inherit-tos"))
454			parse_bool (node->inherit_tos, "inherit-tos", true, false);
455			else if (!strcmp (var, "compress"))
456			parse_bool (node->compress, "compress", true, false);
457			// all these bool options really really cost a lot of executable size!
458			else if (!strcmp (var, "enable-tcp"))
459			{
460	pcg	1.11	#if ENABLE_TCP
461	pcg	1.40	u8 v; parse_bool (v, "enable-tcp" , PROT_TCPv4, 0); node->protocols = (node->protocols & ~PROT_TCPv4) \| v;
462	pcg	1.13	#endif
463	pcg	1.40	}
464			else if (!strcmp (var, "enable-icmp"))
465			{
466	pcg	1.13	#if ENABLE_ICMP
467	pcg	1.40	u8 v; parse_bool (v, "enable-icmp" , PROT_ICMPv4, 0); node->protocols = (node->protocols & ~PROT_ICMPv4) \| v;
468	pcg	1.11	#endif
469	pcg	1.40	}
470			else if (!strcmp (var, "enable-dns"))
471			{
472	pcg	1.24	#if ENABLE_DNS
473	pcg	1.40	u8 v; parse_bool (v, "enable-dns" , PROT_DNSv4, 0); node->protocols = (node->protocols & ~PROT_DNSv4) \| v;
474	pcg	1.24	#endif
475	pcg	1.40	}
476			else if (!strcmp (var, "enable-udp"))
477			{
478			u8 v; parse_bool (v, "enable-udp" , PROT_UDPv4, 0); node->protocols = (node->protocols & ~PROT_UDPv4) \| v;
479			}
480			else if (!strcmp (var, "enable-rawip"))
481			{
482			u8 v; parse_bool (v, "enable-rawip", PROT_IPv4, 0); node->protocols = (node->protocols & ~PROT_IPv4 ) \| v;
483			}
484	pcg	1.42	else if (!strcmp (var, "allow-direct"))
485			node->allow_direct.push_back (strdup (val));
486			else if (!strcmp (var, "deny-direct"))
487			node->deny_direct.push_back (strdup (val));
488	pcg	1.43	else if (!strcmp (var, "max-ttl"))
489			node->max_ttl = atof (val);
490			else if (!strcmp (var, "max-queue"))
491	pcg	1.46	node->max_queue = atoi (val);
492	pcg	1.40
493			// unknown or misplaced
494			else
495			return _("unknown configuration directive. (ignored)");
496
497			return 0;
498			}
499
500	pcg	1.46	void conf_node::finalise ()
501			{
502			if (max_queue < 1)
503			{
504			slog (L_WARN, _("%s: max-queue value invalid, setting it to 1."), nodename);
505			max_queue = 1;
506			}
507
508	pcg	1.49	if (routerprio > 1 && (connectmode != C_ALWAYS && connectmode != C_DISABLED))
509	pcg	1.46	{
510	pcg	1.48	//slog (L_WARN, _("%s: has non-zero router-priority but either 'never' or 'ondemand' as connectmode, setting it to 'always'."), nodename);
511	pcg	1.46	connectmode = C_ALWAYS;
512			}
513			}
514
515	pcg	1.40	void configuration_parser::parse_argv ()
516			{
517			for (int i = 0; i < argc; ++i)
518			{
519			char *v = argv [i];
520
521			if (!*v)
522			continue;
523
524			char *enode = v;
525
526			while (enode != '.' && enode > ' ' && enode != '=' && enode)
527			enode++;
528
529			if (*enode != '.')
530			enode = 0;
531
532			char *wnode = node == &conf.default_node
533			? 0
534			: node->nodename;
535
536			if ((!wnode && !enode)
537			\|\| (wnode && enode && !strncmp (wnode, v, enode - v)))
538			{
539			const char *warn = parse_line (enode ? enode + 1 : v);
540
541			if (warn)
542			slog (L_WARN, _("%s, while parsing command line option '%s'."), warn, v);
543
544			*v = 0;
545			}
546			}
547			}
548
549			configuration_parser::configuration_parser (configuration &conf,
550			bool need_keys,
551			int argc,
552			char **argv)
553			: conf (conf),need_keys (need_keys), argc (argc), argv (argv)
554			{
555			char *fname;
556			FILE *f;
557
558			conf.clear ();
559
560			asprintf (&fname, "%s/gvpe.conf", confbase);
561			f = fopen (fname, "r");
562
563			if (f)
564			{
565			char line[16384];
566			int lineno = 0;
567			node = &conf.default_node;
568
569			while (fgets (line, sizeof (line), f))
570			{
571			lineno++;
572
573			const char *warn = parse_line (line);
574
575			if (warn)
576			slog (L_WARN, _("%s, at '%s', line %d."), warn, fname, lineno);
577	pcg	1.1	}
578
579			fclose (f);
580	pcg	1.40
581			parse_argv ();
582	pcg	1.1	}
583			else
584			{
585			slog (L_ERR, _("unable to read config file '%s': %s"), fname, strerror (errno));
586	pcg	1.22	exit (EXIT_FAILURE);
587	pcg	1.1	}
588
589			free (fname);
590
591	pcg	1.40	fname = conf.config_filename (conf.prikeyfile, "hostkey");
592	pcg	1.1
593			f = fopen (fname, "r");
594			if (f)
595			{
596	pcg	1.40	conf.rsa_key = RSA_new ();
597	pcg	1.1
598	pcg	1.40	if (!PEM_read_RSAPrivateKey (f, &conf.rsa_key, NULL, NULL))
599	pcg	1.1	{
600			ERR_load_RSA_strings (); ERR_load_PEM_strings ();
601			slog (L_ERR, _("unable to read private rsa key file '%s': %s"), fname, ERR_error_string (ERR_get_error (), 0));
602	pcg	1.22	exit (EXIT_FAILURE);
603	pcg	1.1	}
604
605	pcg	1.40	require (RSA_blinding_on (conf.rsa_key, 0));
606	pcg	1.1
607			fclose (f);
608			}
609			else
610			{
611			slog (need_keys ? L_ERR : L_NOTICE, _("unable to open private rsa key file '%s': %s"), fname, strerror (errno));
612
613			if (need_keys)
614	pcg	1.22	exit (EXIT_FAILURE);
615	pcg	1.1	}
616	pcg	1.22
617	pcg	1.23	if (need_keys && ::thisnode
618	pcg	1.40	&& conf.rsa_key && conf.thisnode && conf.thisnode->rsa_key)
619			if (BN_cmp (conf.rsa_key->n, conf.thisnode->rsa_key->n) != 0
620			\|\| BN_cmp (conf.rsa_key->e, conf.thisnode->rsa_key->e) != 0)
621	pcg	1.22	{
622			slog (L_NOTICE, _("private hostkey and public node key mismatch: is '%s' the correct node?"), ::thisnode);
623			exit (EXIT_FAILURE);
624			}
625	pcg	1.1
626			free (fname);
627	pcg	1.46
628			for (configuration::node_vector::iterator i = conf.nodes.begin(); i != conf.nodes.end(); ++i)
629			(*i)->finalise ();
630	pcg	1.1	}
631
632			char configuration::config_filename (const char name, const char *dflt)
633			{
634			char *fname;
635
636			asprintf (&fname, name ? name : dflt, ::thisnode);
637
638			if (!ABSOLUTE_PATH (fname))
639			{
640			char *rname = fname;
641			asprintf (&fname, "%s/%s", confbase, rname);
642			free (rname);
643			}
644
645			return fname;
646			}
647
648			void
649			configuration::print ()
650			{
651			printf (_("\nConfiguration\n\n"));
652			printf (_("# of nodes: %d\n"), nodes.size ());
653			printf (_("this node: %s\n"), thisnode ? thisnode->nodename : "<unset>");
654			printf (_("MTU: %d\n"), mtu);
655			printf (_("rekeying interval: %d\n"), rekey);
656			printf (_("keepalive interval: %d\n"), keepalive);
657			printf (_("interface: %s\n"), ifname);
658			printf (_("primary rsa key: %s\n"), prikeyfile ? prikeyfile : "<default>");
659	pcg	1.15	printf (_("rsa key size: %d\n"), rsa_key ? RSA_size (rsa_key) * 8 : -1);
660	pcg	1.1	printf ("\n");
661
662			printf ("%4s %-17s %s %-8.8s %-10.10s %s\n",
663			_("ID#"), _("MAC"), _("Com"), _("Conmode"), _("Node"), _("Host:Port"));
664
665			for (node_vector::iterator i = nodes.begin (); i != nodes.end (); ++i)
666			(*i)->print ();
667
668			printf ("\n");
669			}
670
671	pcg	1.12	configuration::configuration ()
672			{
673	pcg	1.27	asprintf (&confbase, "%s/gvpe", CONFDIR);
674	pcg	1.26
675	pcg	1.12	init ();
676			}
677
678			configuration::~configuration ()
679	pcg	1.1	{
680	pcg	1.12	cleanup ();
681	pcg	1.1	}
682	pcg	1.12
683	pcg	1.1