1 |
pcg |
1.1 |
/* |
2 |
root |
1.55 |
conf.C -- configuration code |
3 |
|
|
Copyright (C) 2003-2008,2011 Marc Lehmann <gvpe@schmorp.de> |
4 |
pcg |
1.1 |
|
5 |
pcg |
1.31 |
This file is part of GVPE. |
6 |
|
|
|
7 |
pcg |
1.44 |
GVPE is free software; you can redistribute it and/or modify it |
8 |
|
|
under the terms of the GNU General Public License as published by the |
9 |
|
|
Free Software Foundation; either version 3 of the License, or (at your |
10 |
|
|
option) any later version. |
11 |
|
|
|
12 |
|
|
This program is distributed in the hope that it will be useful, but |
13 |
|
|
WITHOUT ANY WARRANTY; without even the implied warranty of |
14 |
|
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General |
15 |
|
|
Public License for more details. |
16 |
|
|
|
17 |
|
|
You should have received a copy of the GNU General Public License along |
18 |
|
|
with this program; if not, see <http://www.gnu.org/licenses/>. |
19 |
|
|
|
20 |
|
|
Additional permission under GNU GPL version 3 section 7 |
21 |
|
|
|
22 |
|
|
If you modify this Program, or any covered work, by linking or |
23 |
|
|
combining it with the OpenSSL project's OpenSSL library (or a modified |
24 |
|
|
version of that library), containing parts covered by the terms of the |
25 |
|
|
OpenSSL or SSLeay licenses, the licensors of this Program grant you |
26 |
|
|
additional permission to convey the resulting work. Corresponding |
27 |
|
|
Source for a non-source form of such a combination shall include the |
28 |
|
|
source code for the parts of OpenSSL used as well as that of the |
29 |
|
|
covered work. |
30 |
pcg |
1.1 |
*/ |
31 |
|
|
|
32 |
|
|
#include "config.h" |
33 |
|
|
|
34 |
|
|
#include <cstdio> |
35 |
|
|
#include <cstdlib> |
36 |
|
|
#include <cstring> |
37 |
|
|
|
38 |
|
|
#include <errno.h> |
39 |
|
|
#include <netdb.h> |
40 |
|
|
#include <sys/stat.h> |
41 |
|
|
#include <sys/types.h> |
42 |
|
|
#include <unistd.h> |
43 |
root |
1.59 |
#include <pwd.h> |
44 |
pcg |
1.1 |
|
45 |
pcg |
1.17 |
#include "netcompat.h" |
46 |
pcg |
1.5 |
|
47 |
pcg |
1.1 |
#include <openssl/err.h> |
48 |
|
|
#include <openssl/pem.h> |
49 |
|
|
#include <openssl/rsa.h> |
50 |
|
|
#include <openssl/rand.h> |
51 |
pcg |
1.22 |
#include <openssl/bn.h> |
52 |
pcg |
1.1 |
|
53 |
|
|
#include "conf.h" |
54 |
|
|
#include "slog.h" |
55 |
|
|
#include "util.h" |
56 |
|
|
|
57 |
|
|
char *confbase; |
58 |
|
|
char *thisnode; |
59 |
|
|
char *identname; |
60 |
|
|
|
61 |
|
|
struct configuration conf; |
62 |
|
|
|
63 |
root |
1.52 |
u8 |
64 |
|
|
best_protocol (u8 protset) |
65 |
pcg |
1.7 |
{ |
66 |
pcg |
1.13 |
if (protset & PROT_IPv4 ) return PROT_IPv4; |
67 |
|
|
if (protset & PROT_ICMPv4) return PROT_ICMPv4; |
68 |
|
|
if (protset & PROT_UDPv4 ) return PROT_UDPv4; |
69 |
|
|
if (protset & PROT_TCPv4 ) return PROT_TCPv4; |
70 |
pcg |
1.24 |
if (protset & PROT_DNSv4 ) return PROT_DNSv4; |
71 |
pcg |
1.7 |
|
72 |
pcg |
1.9 |
return 0; |
73 |
pcg |
1.7 |
} |
74 |
|
|
|
75 |
root |
1.52 |
const char * |
76 |
|
|
strprotocol (u8 protocol) |
77 |
pcg |
1.7 |
{ |
78 |
pcg |
1.13 |
if (protocol & PROT_IPv4 ) return "rawip"; |
79 |
|
|
if (protocol & PROT_ICMPv4) return "icmp"; |
80 |
|
|
if (protocol & PROT_UDPv4 ) return "udp"; |
81 |
|
|
if (protocol & PROT_TCPv4 ) return "tcp"; |
82 |
pcg |
1.24 |
if (protocol & PROT_DNSv4 ) return "dns"; |
83 |
pcg |
1.7 |
|
84 |
|
|
return "<unknown>"; |
85 |
|
|
} |
86 |
|
|
|
87 |
pcg |
1.42 |
static bool |
88 |
|
|
match_list (const vector<const char *> &list, const char *str) |
89 |
|
|
{ |
90 |
|
|
for (vector<const char *>::const_iterator i = list.end (); i-- > list.begin (); ) |
91 |
|
|
if ((*i)[0] == '*' && !(*i)[1]) |
92 |
|
|
return true; |
93 |
|
|
else if (!strcmp (*i, str)) |
94 |
|
|
return true; |
95 |
|
|
|
96 |
|
|
return false; |
97 |
|
|
} |
98 |
|
|
|
99 |
|
|
bool |
100 |
pcg |
1.46 |
conf_node::may_direct (struct conf_node *other) |
101 |
pcg |
1.42 |
{ |
102 |
|
|
if (match_list (allow_direct, other->nodename)) |
103 |
|
|
return true; |
104 |
|
|
|
105 |
|
|
if (match_list (deny_direct, other->nodename)) |
106 |
|
|
return false; |
107 |
|
|
|
108 |
|
|
return true; |
109 |
|
|
} |
110 |
|
|
|
111 |
pcg |
1.12 |
conf_node::~conf_node () |
112 |
pcg |
1.1 |
{ |
113 |
pcg |
1.39 |
#if 0 |
114 |
|
|
// does not work, because string pointers etc. are shared |
115 |
|
|
// is not called, however |
116 |
pcg |
1.12 |
if (rsa_key) |
117 |
|
|
RSA_free (rsa_key); |
118 |
|
|
|
119 |
|
|
free (nodename); |
120 |
|
|
free (hostname); |
121 |
pcg |
1.39 |
free (if_up_data); |
122 |
pcg |
1.30 |
#if ENABLE_DNS |
123 |
pcg |
1.28 |
free (domain); |
124 |
pcg |
1.30 |
free (dns_hostname); |
125 |
|
|
#endif |
126 |
pcg |
1.39 |
#endif |
127 |
pcg |
1.1 |
} |
128 |
|
|
|
129 |
root |
1.52 |
void |
130 |
|
|
configuration::init () |
131 |
pcg |
1.1 |
{ |
132 |
|
|
memset (this, 0, sizeof (*this)); |
133 |
|
|
|
134 |
pcg |
1.19 |
mtu = DEFAULT_MTU; |
135 |
pcg |
1.50 |
nfmark = 0; |
136 |
pcg |
1.1 |
rekey = DEFAULT_REKEY; |
137 |
|
|
keepalive = DEFAULT_KEEPALIVE; |
138 |
pcg |
1.2 |
llevel = L_INFO; |
139 |
pcg |
1.5 |
ip_proto = IPPROTO_GRE; |
140 |
pcg |
1.16 |
#if ENABLE_ICMP |
141 |
pcg |
1.13 |
icmp_type = ICMP_ECHOREPLY; |
142 |
pcg |
1.16 |
#endif |
143 |
pcg |
1.1 |
|
144 |
pcg |
1.5 |
default_node.udp_port = DEFAULT_UDPPORT; |
145 |
pcg |
1.24 |
default_node.tcp_port = DEFAULT_UDPPORT; // ehrm |
146 |
pcg |
1.1 |
default_node.connectmode = conf_node::C_ALWAYS; |
147 |
|
|
default_node.compress = true; |
148 |
pcg |
1.29 |
default_node.protocols = 0; |
149 |
pcg |
1.27 |
default_node.max_retry = DEFAULT_MAX_RETRY; |
150 |
pcg |
1.43 |
default_node.max_ttl = DEFAULT_MAX_TTL; |
151 |
|
|
default_node.max_queue = DEFAULT_MAX_QUEUE; |
152 |
pcg |
1.39 |
default_node.if_up_data = strdup (""); |
153 |
pcg |
1.25 |
|
154 |
pcg |
1.30 |
#if ENABLE_DNS |
155 |
pcg |
1.32 |
default_node.dns_port = 0; // default is 0 == client |
156 |
pcg |
1.38 |
|
157 |
root |
1.55 |
dns_case_preserving = true; |
158 |
pcg |
1.38 |
dns_forw_host = strdup ("127.0.0.1"); |
159 |
|
|
dns_forw_port = 53; |
160 |
|
|
dns_timeout_factor = DEFAULT_DNS_TIMEOUT_FACTOR; |
161 |
|
|
dns_send_interval = DEFAULT_DNS_SEND_INTERVAL; |
162 |
|
|
dns_overlap_factor = DEFAULT_DNS_OVERLAP_FACTOR; |
163 |
|
|
dns_max_outstanding = DEFAULT_DNS_MAX_OUTSTANDING; |
164 |
pcg |
1.30 |
#endif |
165 |
|
|
|
166 |
pcg |
1.27 |
conf.pidfilename = strdup (LOCALSTATEDIR "/run/gvpe.pid"); |
167 |
pcg |
1.1 |
} |
168 |
|
|
|
169 |
root |
1.52 |
void |
170 |
|
|
configuration::cleanup () |
171 |
pcg |
1.1 |
{ |
172 |
|
|
if (rsa_key) |
173 |
|
|
RSA_free (rsa_key); |
174 |
|
|
|
175 |
pcg |
1.12 |
rsa_key = 0; |
176 |
pcg |
1.1 |
|
177 |
pcg |
1.51 |
free (pidfilename); pidfilename = 0; |
178 |
|
|
free (ifname); ifname = 0; |
179 |
root |
1.53 |
#if ENABLE_HTTP_PROXY |
180 |
pcg |
1.51 |
free (proxy_host); proxy_host = 0; |
181 |
|
|
free (proxy_auth); proxy_auth = 0; |
182 |
root |
1.53 |
#endif |
183 |
|
|
#if ENABLE_DNS |
184 |
pcg |
1.51 |
free (dns_forw_host); dns_forw_host = 0; |
185 |
|
|
#endif |
186 |
root |
1.59 |
free (change_root); change_root = 0; |
187 |
pcg |
1.51 |
free (script_if_up); script_if_up = 0; |
188 |
|
|
free (script_node_up); script_node_up = 0; |
189 |
|
|
free (script_node_change); script_node_change = 0; |
190 |
|
|
free (script_node_down); script_node_down = 0; |
191 |
pcg |
1.1 |
} |
192 |
|
|
|
193 |
|
|
void |
194 |
pcg |
1.40 |
configuration::clear () |
195 |
pcg |
1.1 |
{ |
196 |
|
|
for (configuration::node_vector::iterator i = nodes.begin(); i != nodes.end(); ++i) |
197 |
|
|
delete *i; |
198 |
|
|
|
199 |
|
|
nodes.clear (); |
200 |
|
|
|
201 |
|
|
cleanup (); |
202 |
|
|
init (); |
203 |
|
|
} |
204 |
|
|
|
205 |
root |
1.55 |
//static bool |
206 |
|
|
//is_true (const char *name) |
207 |
|
|
//{ |
208 |
|
|
//re |
209 |
|
|
//} |
210 |
|
|
|
211 |
pcg |
1.37 |
#define parse_bool(target,name,trueval,falseval) do { \ |
212 |
|
|
if (!strcmp (val, "yes")) target = trueval; \ |
213 |
pcg |
1.5 |
else if (!strcmp (val, "no")) target = falseval; \ |
214 |
|
|
else if (!strcmp (val, "true")) target = trueval; \ |
215 |
|
|
else if (!strcmp (val, "false")) target = falseval; \ |
216 |
|
|
else if (!strcmp (val, "on")) target = trueval; \ |
217 |
|
|
else if (!strcmp (val, "off")) target = falseval; \ |
218 |
|
|
else \ |
219 |
root |
1.56 |
return _("illegal boolean value, only 'yes|true|on' or 'no|false|off' allowed, ignored"); \ |
220 |
pcg |
1.37 |
} while (0) |
221 |
pcg |
1.5 |
|
222 |
pcg |
1.40 |
const char * |
223 |
|
|
configuration_parser::parse_line (char *line) |
224 |
pcg |
1.1 |
{ |
225 |
pcg |
1.40 |
{ |
226 |
|
|
char *end = line + strlen (line); |
227 |
|
|
|
228 |
|
|
while (*end < ' ' && end >= line) |
229 |
|
|
end--; |
230 |
pcg |
1.1 |
|
231 |
pcg |
1.40 |
*++end = 0; |
232 |
|
|
} |
233 |
pcg |
1.1 |
|
234 |
pcg |
1.40 |
char *tok = line; |
235 |
|
|
const char *var = strtok (tok, "\t ="); |
236 |
|
|
tok = 0; |
237 |
pcg |
1.1 |
|
238 |
pcg |
1.40 |
if (!var || !var[0]) |
239 |
|
|
return 0; /* no tokens on this line */ |
240 |
pcg |
1.1 |
|
241 |
pcg |
1.40 |
if (var[0] == '#') |
242 |
|
|
return 0; /* comment: ignore */ |
243 |
pcg |
1.1 |
|
244 |
pcg |
1.40 |
char *val = strtok (NULL, "\t\n\r ="); |
245 |
pcg |
1.1 |
|
246 |
pcg |
1.40 |
if (!val || val[0] == '#') |
247 |
root |
1.56 |
return _("no value given for variable, ignored"); |
248 |
pcg |
1.1 |
|
249 |
root |
1.55 |
else if (!strcmp (var, "on")) |
250 |
pcg |
1.40 |
{ |
251 |
root |
1.56 |
if (::thisnode |
252 |
|
|
&& ((val[0] == '!' && strcmp (val + 1, ::thisnode)) |
253 |
|
|
|| !strcmp (val, ::thisnode))) |
254 |
pcg |
1.40 |
return parse_line (strtok (NULL, "\n\r")); |
255 |
root |
1.55 |
} |
256 |
|
|
|
257 |
|
|
else if (!strcmp (var, "include")) |
258 |
|
|
{ |
259 |
|
|
char *fname = conf.config_filename (val); |
260 |
|
|
parse_file (fname); |
261 |
|
|
free (fname); |
262 |
pcg |
1.40 |
} |
263 |
pcg |
1.1 |
|
264 |
pcg |
1.40 |
// truly global |
265 |
root |
1.55 |
else if (!strcmp (var, "loglevel")) |
266 |
pcg |
1.40 |
{ |
267 |
|
|
loglevel l = string_to_loglevel (val); |
268 |
pcg |
1.1 |
|
269 |
pcg |
1.40 |
if (l == L_NONE) |
270 |
root |
1.56 |
return _("unknown loglevel, ignored"); |
271 |
pcg |
1.40 |
} |
272 |
|
|
else if (!strcmp (var, "ip-proto")) |
273 |
|
|
conf.ip_proto = atoi (val); |
274 |
|
|
else if (!strcmp (var, "icmp-type")) |
275 |
|
|
{ |
276 |
pcg |
1.16 |
#if ENABLE_ICMP |
277 |
pcg |
1.40 |
conf.icmp_type = atoi (val); |
278 |
pcg |
1.16 |
#endif |
279 |
pcg |
1.40 |
} |
280 |
root |
1.59 |
else if (!strcmp (var, "chuser")) |
281 |
|
|
{ |
282 |
|
|
struct passwd *pw = getpwnam (val); |
283 |
|
|
if (!pw) |
284 |
|
|
return _("user specified for chuser not found"); |
285 |
|
|
|
286 |
|
|
conf.change_uid = pw->pw_uid; |
287 |
|
|
conf.change_gid = pw->pw_gid; |
288 |
|
|
} |
289 |
|
|
else if (!strcmp (var, "chuid")) |
290 |
|
|
conf.change_uid = atoi (val); |
291 |
|
|
else if (!strcmp (var, "chgid")) |
292 |
|
|
conf.change_gid = atoi (val); |
293 |
|
|
else if (!strcmp (var, "chroot")) |
294 |
|
|
free (conf.change_root), conf.change_root = strdup (val); |
295 |
pcg |
1.1 |
|
296 |
root |
1.59 |
// per node |
297 |
pcg |
1.40 |
else if (!strcmp (var, "node")) |
298 |
|
|
{ |
299 |
|
|
parse_argv (); |
300 |
pcg |
1.1 |
|
301 |
pcg |
1.40 |
conf.default_node.id++; |
302 |
|
|
node = new conf_node (conf.default_node); |
303 |
|
|
conf.nodes.push_back (node); |
304 |
|
|
node->nodename = strdup (val); |
305 |
pcg |
1.1 |
|
306 |
pcg |
1.40 |
{ |
307 |
|
|
char *fname; |
308 |
|
|
FILE *f; |
309 |
|
|
|
310 |
|
|
asprintf (&fname, "%s/pubkey/%s", confbase, node->nodename); |
311 |
pcg |
1.1 |
|
312 |
pcg |
1.40 |
f = fopen (fname, "r"); |
313 |
|
|
if (f) |
314 |
|
|
{ |
315 |
|
|
node->rsa_key = RSA_new (); |
316 |
pcg |
1.1 |
|
317 |
pcg |
1.40 |
if (!PEM_read_RSAPublicKey(f, &node->rsa_key, NULL, NULL)) |
318 |
pcg |
1.1 |
{ |
319 |
pcg |
1.40 |
ERR_load_RSA_strings (); ERR_load_PEM_strings (); |
320 |
|
|
slog (L_ERR, _("unable to open public rsa key file '%s': %s"), fname, ERR_error_string (ERR_get_error (), 0)); |
321 |
|
|
exit (EXIT_FAILURE); |
322 |
|
|
} |
323 |
|
|
|
324 |
|
|
require (RSA_blinding_on (node->rsa_key, 0)); |
325 |
pcg |
1.1 |
|
326 |
pcg |
1.40 |
fclose (f); |
327 |
|
|
} |
328 |
|
|
else |
329 |
|
|
{ |
330 |
|
|
slog (need_keys ? L_ERR : L_NOTICE, _("unable to read public rsa key file '%s': %s"), fname, strerror (errno)); |
331 |
pcg |
1.1 |
|
332 |
pcg |
1.40 |
if (need_keys) |
333 |
|
|
exit (EXIT_FAILURE); |
334 |
|
|
} |
335 |
pcg |
1.1 |
|
336 |
pcg |
1.40 |
free (fname); |
337 |
|
|
} |
338 |
pcg |
1.1 |
|
339 |
pcg |
1.40 |
if (::thisnode && !strcmp (node->nodename, ::thisnode)) |
340 |
|
|
conf.thisnode = node; |
341 |
|
|
} |
342 |
|
|
else if (!strcmp (var, "private-key")) |
343 |
|
|
free (conf.prikeyfile), conf.prikeyfile = strdup (val); |
344 |
|
|
else if (!strcmp (var, "ifpersist")) |
345 |
|
|
parse_bool (conf.ifpersist, "ifpersist", true, false); |
346 |
|
|
else if (!strcmp (var, "ifname")) |
347 |
|
|
free (conf.ifname), conf.ifname = strdup (val); |
348 |
|
|
else if (!strcmp (var, "rekey")) |
349 |
|
|
conf.rekey = atoi (val); |
350 |
|
|
else if (!strcmp (var, "keepalive")) |
351 |
|
|
conf.keepalive = atoi (val); |
352 |
|
|
else if (!strcmp (var, "mtu")) |
353 |
|
|
conf.mtu = atoi (val); |
354 |
pcg |
1.50 |
else if (!strcmp (var, "nfmark")) |
355 |
|
|
conf.nfmark = atoi (val); |
356 |
pcg |
1.40 |
else if (!strcmp (var, "if-up")) |
357 |
|
|
free (conf.script_if_up), conf.script_if_up = strdup (val); |
358 |
|
|
else if (!strcmp (var, "node-up")) |
359 |
|
|
free (conf.script_node_up), conf.script_node_up = strdup (val); |
360 |
pcg |
1.51 |
else if (!strcmp (var, "node-change")) |
361 |
|
|
free (conf.script_node_change), conf.script_node_change = strdup (val); |
362 |
pcg |
1.40 |
else if (!strcmp (var, "node-down")) |
363 |
|
|
free (conf.script_node_down), conf.script_node_down = strdup (val); |
364 |
|
|
else if (!strcmp (var, "pid-file")) |
365 |
|
|
free (conf.pidfilename), conf.pidfilename = strdup (val); |
366 |
|
|
else if (!strcmp (var, "dns-forw-host")) |
367 |
|
|
{ |
368 |
pcg |
1.30 |
#if ENABLE_DNS |
369 |
pcg |
1.40 |
free (conf.dns_forw_host), conf.dns_forw_host = strdup (val); |
370 |
pcg |
1.34 |
#endif |
371 |
pcg |
1.40 |
} |
372 |
|
|
else if (!strcmp (var, "dns-forw-port")) |
373 |
|
|
{ |
374 |
pcg |
1.34 |
#if ENABLE_DNS |
375 |
pcg |
1.40 |
conf.dns_forw_port = atoi (val); |
376 |
pcg |
1.28 |
#endif |
377 |
pcg |
1.40 |
} |
378 |
|
|
else if (!strcmp (var, "dns-timeout-factor")) |
379 |
|
|
{ |
380 |
pcg |
1.38 |
#if ENABLE_DNS |
381 |
pcg |
1.40 |
conf.dns_timeout_factor = atof (val); |
382 |
pcg |
1.38 |
#endif |
383 |
pcg |
1.40 |
} |
384 |
|
|
else if (!strcmp (var, "dns-send-interval")) |
385 |
|
|
{ |
386 |
pcg |
1.38 |
#if ENABLE_DNS |
387 |
pcg |
1.40 |
conf.dns_send_interval = atoi (val); |
388 |
pcg |
1.38 |
#endif |
389 |
pcg |
1.40 |
} |
390 |
|
|
else if (!strcmp (var, "dns-overlap-factor")) |
391 |
|
|
{ |
392 |
pcg |
1.38 |
#if ENABLE_DNS |
393 |
pcg |
1.40 |
conf.dns_overlap_factor = atof (val); |
394 |
pcg |
1.38 |
#endif |
395 |
pcg |
1.40 |
} |
396 |
|
|
else if (!strcmp (var, "dns-max-outstanding")) |
397 |
|
|
{ |
398 |
pcg |
1.38 |
#if ENABLE_DNS |
399 |
pcg |
1.40 |
conf.dns_max_outstanding = atoi (val); |
400 |
pcg |
1.38 |
#endif |
401 |
pcg |
1.40 |
} |
402 |
root |
1.55 |
else if (!strcmp (var, "dns-case-preserving")) |
403 |
|
|
{ |
404 |
|
|
#if ENABLE_DNS |
405 |
|
|
parse_bool (conf.dns_case_preserving, "dns-case-preserving", true, false); |
406 |
|
|
#endif |
407 |
|
|
} |
408 |
pcg |
1.40 |
else if (!strcmp (var, "http-proxy-host")) |
409 |
|
|
{ |
410 |
pcg |
1.12 |
#if ENABLE_HTTP_PROXY |
411 |
pcg |
1.40 |
free (conf.proxy_host), conf.proxy_host = strdup (val); |
412 |
pcg |
1.20 |
#endif |
413 |
pcg |
1.40 |
} |
414 |
|
|
else if (!strcmp (var, "http-proxy-port")) |
415 |
|
|
{ |
416 |
pcg |
1.20 |
#if ENABLE_HTTP_PROXY |
417 |
pcg |
1.40 |
conf.proxy_port = atoi (val); |
418 |
pcg |
1.20 |
#endif |
419 |
pcg |
1.40 |
} |
420 |
|
|
else if (!strcmp (var, "http-proxy-auth")) |
421 |
|
|
{ |
422 |
pcg |
1.20 |
#if ENABLE_HTTP_PROXY |
423 |
pcg |
1.40 |
conf.proxy_auth = (char *)base64_encode ((const u8 *)val, strlen (val)); |
424 |
pcg |
1.12 |
#endif |
425 |
pcg |
1.40 |
} |
426 |
pcg |
1.1 |
|
427 |
pcg |
1.40 |
/* node-specific, non-defaultable */ |
428 |
|
|
else if (node != &conf.default_node && !strcmp (var, "hostname")) |
429 |
|
|
free (node->hostname), node->hostname = strdup (val); |
430 |
|
|
|
431 |
|
|
/* node-specific, defaultable */ |
432 |
|
|
else if (!strcmp (var, "udp-port")) |
433 |
|
|
node->udp_port = atoi (val); |
434 |
|
|
else if (!strcmp (var, "tcp-port")) |
435 |
|
|
node->tcp_port = atoi (val); |
436 |
|
|
else if (!strcmp (var, "dns-hostname")) |
437 |
|
|
{ |
438 |
pcg |
1.30 |
#if ENABLE_DNS |
439 |
pcg |
1.40 |
free (node->dns_hostname), node->dns_hostname = strdup (val); |
440 |
pcg |
1.34 |
#endif |
441 |
pcg |
1.40 |
} |
442 |
|
|
else if (!strcmp (var, "dns-port")) |
443 |
|
|
{ |
444 |
pcg |
1.34 |
#if ENABLE_DNS |
445 |
pcg |
1.40 |
node->dns_port = atoi (val); |
446 |
pcg |
1.34 |
#endif |
447 |
pcg |
1.40 |
} |
448 |
|
|
else if (!strcmp (var, "dns-domain")) |
449 |
|
|
{ |
450 |
pcg |
1.34 |
#if ENABLE_DNS |
451 |
pcg |
1.40 |
free (node->domain), node->domain = strdup (val); |
452 |
pcg |
1.28 |
#endif |
453 |
pcg |
1.40 |
} |
454 |
|
|
else if (!strcmp (var, "if-up-data")) |
455 |
|
|
free (node->if_up_data), node->if_up_data = strdup (val); |
456 |
|
|
else if (!strcmp (var, "router-priority")) |
457 |
|
|
node->routerprio = atoi (val); |
458 |
|
|
else if (!strcmp (var, "max-retry")) |
459 |
|
|
node->max_retry = atoi (val); |
460 |
|
|
else if (!strcmp (var, "connect")) |
461 |
|
|
{ |
462 |
|
|
if (!strcmp (val, "ondemand")) |
463 |
|
|
node->connectmode = conf_node::C_ONDEMAND; |
464 |
|
|
else if (!strcmp (val, "never")) |
465 |
|
|
node->connectmode = conf_node::C_NEVER; |
466 |
|
|
else if (!strcmp (val, "always")) |
467 |
|
|
node->connectmode = conf_node::C_ALWAYS; |
468 |
|
|
else if (!strcmp (val, "disabled")) |
469 |
|
|
node->connectmode = conf_node::C_DISABLED; |
470 |
|
|
else |
471 |
root |
1.56 |
return _("illegal value for 'connectmode', use one of 'ondemand', 'never', 'always' or 'disabled', ignored"); |
472 |
pcg |
1.40 |
} |
473 |
|
|
else if (!strcmp (var, "inherit-tos")) |
474 |
|
|
parse_bool (node->inherit_tos, "inherit-tos", true, false); |
475 |
|
|
else if (!strcmp (var, "compress")) |
476 |
|
|
parse_bool (node->compress, "compress", true, false); |
477 |
|
|
// all these bool options really really cost a lot of executable size! |
478 |
|
|
else if (!strcmp (var, "enable-tcp")) |
479 |
|
|
{ |
480 |
pcg |
1.11 |
#if ENABLE_TCP |
481 |
pcg |
1.40 |
u8 v; parse_bool (v, "enable-tcp" , PROT_TCPv4, 0); node->protocols = (node->protocols & ~PROT_TCPv4) | v; |
482 |
pcg |
1.13 |
#endif |
483 |
pcg |
1.40 |
} |
484 |
|
|
else if (!strcmp (var, "enable-icmp")) |
485 |
|
|
{ |
486 |
pcg |
1.13 |
#if ENABLE_ICMP |
487 |
pcg |
1.40 |
u8 v; parse_bool (v, "enable-icmp" , PROT_ICMPv4, 0); node->protocols = (node->protocols & ~PROT_ICMPv4) | v; |
488 |
pcg |
1.11 |
#endif |
489 |
pcg |
1.40 |
} |
490 |
|
|
else if (!strcmp (var, "enable-dns")) |
491 |
|
|
{ |
492 |
pcg |
1.24 |
#if ENABLE_DNS |
493 |
pcg |
1.40 |
u8 v; parse_bool (v, "enable-dns" , PROT_DNSv4, 0); node->protocols = (node->protocols & ~PROT_DNSv4) | v; |
494 |
pcg |
1.24 |
#endif |
495 |
pcg |
1.40 |
} |
496 |
|
|
else if (!strcmp (var, "enable-udp")) |
497 |
|
|
{ |
498 |
|
|
u8 v; parse_bool (v, "enable-udp" , PROT_UDPv4, 0); node->protocols = (node->protocols & ~PROT_UDPv4) | v; |
499 |
|
|
} |
500 |
|
|
else if (!strcmp (var, "enable-rawip")) |
501 |
|
|
{ |
502 |
|
|
u8 v; parse_bool (v, "enable-rawip", PROT_IPv4, 0); node->protocols = (node->protocols & ~PROT_IPv4 ) | v; |
503 |
|
|
} |
504 |
pcg |
1.42 |
else if (!strcmp (var, "allow-direct")) |
505 |
|
|
node->allow_direct.push_back (strdup (val)); |
506 |
|
|
else if (!strcmp (var, "deny-direct")) |
507 |
|
|
node->deny_direct.push_back (strdup (val)); |
508 |
pcg |
1.43 |
else if (!strcmp (var, "max-ttl")) |
509 |
|
|
node->max_ttl = atof (val); |
510 |
|
|
else if (!strcmp (var, "max-queue")) |
511 |
pcg |
1.46 |
node->max_queue = atoi (val); |
512 |
pcg |
1.40 |
|
513 |
|
|
// unknown or misplaced |
514 |
|
|
else |
515 |
root |
1.55 |
return _("unknown configuration directive - ignored"); |
516 |
pcg |
1.40 |
|
517 |
|
|
return 0; |
518 |
|
|
} |
519 |
|
|
|
520 |
root |
1.52 |
void |
521 |
|
|
conf_node::finalise () |
522 |
pcg |
1.46 |
{ |
523 |
|
|
if (max_queue < 1) |
524 |
|
|
{ |
525 |
|
|
slog (L_WARN, _("%s: max-queue value invalid, setting it to 1."), nodename); |
526 |
|
|
max_queue = 1; |
527 |
|
|
} |
528 |
|
|
|
529 |
pcg |
1.49 |
if (routerprio > 1 && (connectmode != C_ALWAYS && connectmode != C_DISABLED)) |
530 |
pcg |
1.46 |
{ |
531 |
pcg |
1.48 |
//slog (L_WARN, _("%s: has non-zero router-priority but either 'never' or 'ondemand' as connectmode, setting it to 'always'."), nodename); |
532 |
pcg |
1.46 |
connectmode = C_ALWAYS; |
533 |
|
|
} |
534 |
|
|
} |
535 |
|
|
|
536 |
root |
1.52 |
void |
537 |
|
|
configuration_parser::parse_argv () |
538 |
pcg |
1.40 |
{ |
539 |
|
|
for (int i = 0; i < argc; ++i) |
540 |
|
|
{ |
541 |
|
|
char *v = argv [i]; |
542 |
|
|
|
543 |
|
|
if (!*v) |
544 |
|
|
continue; |
545 |
|
|
|
546 |
|
|
char *enode = v; |
547 |
|
|
|
548 |
|
|
while (*enode != '.' && *enode > ' ' && *enode != '=' && *enode) |
549 |
|
|
enode++; |
550 |
|
|
|
551 |
|
|
if (*enode != '.') |
552 |
|
|
enode = 0; |
553 |
|
|
|
554 |
|
|
char *wnode = node == &conf.default_node |
555 |
|
|
? 0 |
556 |
|
|
: node->nodename; |
557 |
|
|
|
558 |
|
|
if ((!wnode && !enode) |
559 |
|
|
|| (wnode && enode && !strncmp (wnode, v, enode - v))) |
560 |
|
|
{ |
561 |
|
|
const char *warn = parse_line (enode ? enode + 1 : v); |
562 |
|
|
|
563 |
|
|
if (warn) |
564 |
|
|
slog (L_WARN, _("%s, while parsing command line option '%s'."), warn, v); |
565 |
|
|
|
566 |
|
|
*v = 0; |
567 |
|
|
} |
568 |
|
|
} |
569 |
|
|
} |
570 |
|
|
|
571 |
root |
1.55 |
void |
572 |
|
|
configuration_parser::parse_file (const char *fname) |
573 |
pcg |
1.40 |
{ |
574 |
root |
1.55 |
if (FILE *f = fopen (fname, "r")) |
575 |
pcg |
1.40 |
{ |
576 |
root |
1.55 |
char line [2048]; |
577 |
pcg |
1.40 |
int lineno = 0; |
578 |
|
|
|
579 |
|
|
while (fgets (line, sizeof (line), f)) |
580 |
|
|
{ |
581 |
|
|
lineno++; |
582 |
|
|
|
583 |
|
|
const char *warn = parse_line (line); |
584 |
|
|
|
585 |
|
|
if (warn) |
586 |
|
|
slog (L_WARN, _("%s, at '%s', line %d."), warn, fname, lineno); |
587 |
pcg |
1.1 |
} |
588 |
|
|
|
589 |
|
|
fclose (f); |
590 |
pcg |
1.40 |
|
591 |
|
|
parse_argv (); |
592 |
pcg |
1.1 |
} |
593 |
|
|
else |
594 |
|
|
{ |
595 |
|
|
slog (L_ERR, _("unable to read config file '%s': %s"), fname, strerror (errno)); |
596 |
pcg |
1.22 |
exit (EXIT_FAILURE); |
597 |
pcg |
1.1 |
} |
598 |
root |
1.55 |
} |
599 |
|
|
|
600 |
|
|
configuration_parser::configuration_parser (configuration &conf, |
601 |
|
|
bool need_keys, |
602 |
|
|
int argc, |
603 |
|
|
char **argv) |
604 |
|
|
: conf (conf),need_keys (need_keys), argc (argc), argv (argv) |
605 |
|
|
{ |
606 |
|
|
char *fname; |
607 |
pcg |
1.1 |
|
608 |
root |
1.55 |
conf.clear (); |
609 |
root |
1.56 |
node = &conf.default_node; |
610 |
root |
1.55 |
|
611 |
|
|
asprintf (&fname, "%s/gvpe.conf", confbase); |
612 |
|
|
parse_file (fname); |
613 |
pcg |
1.1 |
free (fname); |
614 |
|
|
|
615 |
pcg |
1.40 |
fname = conf.config_filename (conf.prikeyfile, "hostkey"); |
616 |
pcg |
1.1 |
|
617 |
root |
1.55 |
if (FILE *f = fopen (fname, "r")) |
618 |
pcg |
1.1 |
{ |
619 |
pcg |
1.40 |
conf.rsa_key = RSA_new (); |
620 |
pcg |
1.1 |
|
621 |
pcg |
1.40 |
if (!PEM_read_RSAPrivateKey (f, &conf.rsa_key, NULL, NULL)) |
622 |
pcg |
1.1 |
{ |
623 |
|
|
ERR_load_RSA_strings (); ERR_load_PEM_strings (); |
624 |
|
|
slog (L_ERR, _("unable to read private rsa key file '%s': %s"), fname, ERR_error_string (ERR_get_error (), 0)); |
625 |
pcg |
1.22 |
exit (EXIT_FAILURE); |
626 |
pcg |
1.1 |
} |
627 |
|
|
|
628 |
pcg |
1.40 |
require (RSA_blinding_on (conf.rsa_key, 0)); |
629 |
pcg |
1.1 |
|
630 |
|
|
fclose (f); |
631 |
|
|
} |
632 |
|
|
else |
633 |
|
|
{ |
634 |
|
|
slog (need_keys ? L_ERR : L_NOTICE, _("unable to open private rsa key file '%s': %s"), fname, strerror (errno)); |
635 |
|
|
|
636 |
|
|
if (need_keys) |
637 |
pcg |
1.22 |
exit (EXIT_FAILURE); |
638 |
pcg |
1.1 |
} |
639 |
pcg |
1.22 |
|
640 |
root |
1.55 |
free (fname); |
641 |
|
|
|
642 |
pcg |
1.23 |
if (need_keys && ::thisnode |
643 |
pcg |
1.40 |
&& conf.rsa_key && conf.thisnode && conf.thisnode->rsa_key) |
644 |
|
|
if (BN_cmp (conf.rsa_key->n, conf.thisnode->rsa_key->n) != 0 |
645 |
|
|
|| BN_cmp (conf.rsa_key->e, conf.thisnode->rsa_key->e) != 0) |
646 |
pcg |
1.22 |
{ |
647 |
|
|
slog (L_NOTICE, _("private hostkey and public node key mismatch: is '%s' the correct node?"), ::thisnode); |
648 |
|
|
exit (EXIT_FAILURE); |
649 |
|
|
} |
650 |
pcg |
1.1 |
|
651 |
pcg |
1.46 |
for (configuration::node_vector::iterator i = conf.nodes.begin(); i != conf.nodes.end(); ++i) |
652 |
|
|
(*i)->finalise (); |
653 |
pcg |
1.1 |
} |
654 |
|
|
|
655 |
root |
1.52 |
char * |
656 |
|
|
configuration::config_filename (const char *name, const char *dflt) |
657 |
pcg |
1.1 |
{ |
658 |
|
|
char *fname; |
659 |
|
|
|
660 |
|
|
asprintf (&fname, name ? name : dflt, ::thisnode); |
661 |
|
|
|
662 |
|
|
if (!ABSOLUTE_PATH (fname)) |
663 |
|
|
{ |
664 |
|
|
char *rname = fname; |
665 |
|
|
asprintf (&fname, "%s/%s", confbase, rname); |
666 |
|
|
free (rname); |
667 |
|
|
} |
668 |
|
|
|
669 |
|
|
return fname; |
670 |
|
|
} |
671 |
|
|
|
672 |
|
|
void |
673 |
root |
1.54 |
conf_node::print () |
674 |
|
|
{ |
675 |
|
|
printf ("%4d fe:fd:80:00:0%1x:%02x %c %-8.8s %-10.10s %02x %s%s%d\n", |
676 |
|
|
id, |
677 |
|
|
id >> 8, id & 0xff, |
678 |
|
|
compress ? 'Y' : 'N', |
679 |
|
|
connectmode == C_ONDEMAND ? "ondemand" |
680 |
|
|
: connectmode == C_NEVER ? "never" |
681 |
|
|
: connectmode == C_ALWAYS ? "always" |
682 |
|
|
: connectmode == C_DISABLED ? "disabled" |
683 |
|
|
: "", |
684 |
|
|
nodename, |
685 |
|
|
protocols, |
686 |
|
|
hostname ? hostname : "", |
687 |
|
|
hostname ? ":" : "", |
688 |
|
|
hostname ? udp_port : 0 |
689 |
|
|
); |
690 |
|
|
} |
691 |
|
|
|
692 |
|
|
void |
693 |
pcg |
1.1 |
configuration::print () |
694 |
|
|
{ |
695 |
|
|
printf (_("\nConfiguration\n\n")); |
696 |
|
|
printf (_("# of nodes: %d\n"), nodes.size ()); |
697 |
|
|
printf (_("this node: %s\n"), thisnode ? thisnode->nodename : "<unset>"); |
698 |
|
|
printf (_("MTU: %d\n"), mtu); |
699 |
|
|
printf (_("rekeying interval: %d\n"), rekey); |
700 |
|
|
printf (_("keepalive interval: %d\n"), keepalive); |
701 |
|
|
printf (_("interface: %s\n"), ifname); |
702 |
|
|
printf (_("primary rsa key: %s\n"), prikeyfile ? prikeyfile : "<default>"); |
703 |
pcg |
1.15 |
printf (_("rsa key size: %d\n"), rsa_key ? RSA_size (rsa_key) * 8 : -1); |
704 |
pcg |
1.1 |
printf ("\n"); |
705 |
|
|
|
706 |
root |
1.54 |
printf ("%4s %-17s %s %-8.8s %-10.10s %04s %s\n", |
707 |
|
|
_("ID#"), _("MAC"), _("Com"), _("Conmode"), _("Node"), _("Prot"), _("Host:Port")); |
708 |
pcg |
1.1 |
|
709 |
|
|
for (node_vector::iterator i = nodes.begin (); i != nodes.end (); ++i) |
710 |
|
|
(*i)->print (); |
711 |
|
|
|
712 |
|
|
printf ("\n"); |
713 |
|
|
} |
714 |
|
|
|
715 |
pcg |
1.12 |
configuration::configuration () |
716 |
|
|
{ |
717 |
pcg |
1.27 |
asprintf (&confbase, "%s/gvpe", CONFDIR); |
718 |
pcg |
1.26 |
|
719 |
pcg |
1.12 |
init (); |
720 |
|
|
} |
721 |
|
|
|
722 |
|
|
configuration::~configuration () |
723 |
pcg |
1.1 |
{ |
724 |
pcg |
1.12 |
cleanup (); |
725 |
pcg |
1.1 |
} |
726 |
pcg |
1.12 |
|