1 | /* |
1 | /* |
2 | conf.c -- configuration code |
2 | conf.c -- configuration code |
3 | Copyright (C) 2003 Marc Lehmann <pcg@goof.com> |
3 | Copyright (C) 2003-2004 Marc Lehmann <pcg@goof.com> |
4 | |
4 | |
5 | This program is free software; you can redistribute it and/or modify |
5 | This program is free software; you can redistribute it and/or modify |
6 | it under the terms of the GNU General Public License as published by |
6 | it under the terms of the GNU General Public License as published by |
7 | the Free Software Foundation; either version 2 of the License, or |
7 | the Free Software Foundation; either version 2 of the License, or |
8 | (at your option) any later version. |
8 | (at your option) any later version. |
… | |
… | |
33 | |
33 | |
34 | #include <openssl/err.h> |
34 | #include <openssl/err.h> |
35 | #include <openssl/pem.h> |
35 | #include <openssl/pem.h> |
36 | #include <openssl/rsa.h> |
36 | #include <openssl/rsa.h> |
37 | #include <openssl/rand.h> |
37 | #include <openssl/rand.h> |
|
|
38 | #include <openssl/bn.h> |
38 | |
39 | |
39 | #include "gettext.h" |
40 | #include "gettext.h" |
40 | |
41 | |
41 | #include "conf.h" |
42 | #include "conf.h" |
42 | #include "slog.h" |
43 | #include "slog.h" |
… | |
… | |
225 | else |
226 | else |
226 | slog (L_WARN, "'%s': %s, at '%s' line %d", val, UNKNOWN_LOGLEVEL, fname, line); |
227 | slog (L_WARN, "'%s': %s, at '%s' line %d", val, UNKNOWN_LOGLEVEL, fname, line); |
227 | } |
228 | } |
228 | else if (!strcmp (var, "ip-proto")) |
229 | else if (!strcmp (var, "ip-proto")) |
229 | ip_proto = atoi (val); |
230 | ip_proto = atoi (val); |
|
|
231 | else if (!strcmp (var, "icmp-type")) |
|
|
232 | { |
230 | #if ENABLE_ICMP |
233 | #if ENABLE_ICMP |
231 | //TODO: error message |
|
|
232 | else if (!strcmp (var, "icmp-type")) |
|
|
233 | icmp_type = atoi (val); |
234 | icmp_type = atoi (val); |
234 | #endif |
235 | #endif |
|
|
236 | } |
235 | |
237 | |
236 | // per config |
238 | // per config |
237 | else if (!strcmp (var, "node")) |
239 | else if (!strcmp (var, "node")) |
238 | { |
240 | { |
239 | default_node.id++; |
241 | default_node.id++; |
… | |
… | |
257 | |
259 | |
258 | if (!PEM_read_RSAPublicKey(f, &node->rsa_key, NULL, NULL)) |
260 | if (!PEM_read_RSAPublicKey(f, &node->rsa_key, NULL, NULL)) |
259 | { |
261 | { |
260 | ERR_load_RSA_strings (); ERR_load_PEM_strings (); |
262 | ERR_load_RSA_strings (); ERR_load_PEM_strings (); |
261 | slog (L_ERR, _("unable to open public rsa key file '%s': %s"), fname, ERR_error_string (ERR_get_error (), 0)); |
263 | slog (L_ERR, _("unable to open public rsa key file '%s': %s"), fname, ERR_error_string (ERR_get_error (), 0)); |
262 | exit (1); |
264 | exit (EXIT_FAILURE); |
263 | } |
265 | } |
264 | |
266 | |
265 | RSA_blinding_on (node->rsa_key, 0); |
267 | require (RSA_blinding_on (node->rsa_key, 0)); |
266 | |
268 | |
267 | fclose (f); |
269 | fclose (f); |
268 | } |
270 | } |
269 | else |
271 | else |
270 | { |
272 | { |
271 | slog (need_keys ? L_ERR : L_NOTICE, _("unable to read public rsa key file '%s': %s"), fname, strerror (errno)); |
273 | slog (need_keys ? L_ERR : L_NOTICE, _("unable to read public rsa key file '%s': %s"), fname, strerror (errno)); |
272 | |
274 | |
273 | if (need_keys) |
275 | if (need_keys) |
274 | exit (1); |
276 | exit (EXIT_FAILURE); |
275 | } |
277 | } |
276 | |
278 | |
277 | free (fname); |
279 | free (fname); |
278 | } |
280 | } |
279 | |
281 | |
… | |
… | |
298 | script_if_up = strdup (val); |
300 | script_if_up = strdup (val); |
299 | else if (!strcmp (var, "node-up")) |
301 | else if (!strcmp (var, "node-up")) |
300 | script_node_up = strdup (val); |
302 | script_node_up = strdup (val); |
301 | else if (!strcmp (var, "node-down")) |
303 | else if (!strcmp (var, "node-down")) |
302 | script_node_down = strdup (val); |
304 | script_node_down = strdup (val); |
|
|
305 | else if (!strcmp (var, "http-proxy-host")) |
|
|
306 | { |
303 | #if ENABLE_HTTP_PROXY |
307 | #if ENABLE_HTTP_PROXY |
304 | else if (!strcmp (var, "http-proxy-host")) |
|
|
305 | proxy_host = strdup (val); |
308 | proxy_host = strdup (val); |
|
|
309 | #endif |
|
|
310 | } |
306 | else if (!strcmp (var, "http-proxy-port")) |
311 | else if (!strcmp (var, "http-proxy-port")) |
|
|
312 | { |
|
|
313 | #if ENABLE_HTTP_PROXY |
307 | proxy_port = atoi (val); |
314 | proxy_port = atoi (val); |
|
|
315 | #endif |
|
|
316 | } |
308 | else if (!strcmp (var, "http-proxy-auth")) |
317 | else if (!strcmp (var, "http-proxy-auth")) |
|
|
318 | { |
|
|
319 | #if ENABLE_HTTP_PROXY |
309 | proxy_auth = (char *)base64_encode ((const u8 *)val, strlen (val)); |
320 | proxy_auth = (char *)base64_encode ((const u8 *)val, strlen (val)); |
310 | #endif |
321 | #endif |
|
|
322 | } |
311 | |
323 | |
312 | /* node-specific, non-defaultable */ |
324 | /* node-specific, non-defaultable */ |
313 | else if (node != &default_node && !strcmp (var, "hostname")) |
325 | else if (node != &default_node && !strcmp (var, "hostname")) |
314 | { |
326 | { |
315 | free (node->hostname); |
327 | free (node->hostname); |
… | |
… | |
378 | fclose (f); |
390 | fclose (f); |
379 | } |
391 | } |
380 | else |
392 | else |
381 | { |
393 | { |
382 | slog (L_ERR, _("unable to read config file '%s': %s"), fname, strerror (errno)); |
394 | slog (L_ERR, _("unable to read config file '%s': %s"), fname, strerror (errno)); |
383 | exit (1); |
395 | exit (EXIT_FAILURE); |
384 | } |
396 | } |
385 | |
397 | |
386 | free (fname); |
398 | free (fname); |
387 | |
399 | |
388 | fname = config_filename (prikeyfile, "hostkey"); |
400 | fname = config_filename (prikeyfile, "hostkey"); |
… | |
… | |
394 | |
406 | |
395 | if (!PEM_read_RSAPrivateKey (f, &rsa_key, NULL, NULL)) |
407 | if (!PEM_read_RSAPrivateKey (f, &rsa_key, NULL, NULL)) |
396 | { |
408 | { |
397 | ERR_load_RSA_strings (); ERR_load_PEM_strings (); |
409 | ERR_load_RSA_strings (); ERR_load_PEM_strings (); |
398 | slog (L_ERR, _("unable to read private rsa key file '%s': %s"), fname, ERR_error_string (ERR_get_error (), 0)); |
410 | slog (L_ERR, _("unable to read private rsa key file '%s': %s"), fname, ERR_error_string (ERR_get_error (), 0)); |
399 | exit (1); |
411 | exit (EXIT_FAILURE); |
400 | } |
412 | } |
401 | |
413 | |
402 | RSA_blinding_on (rsa_key, 0); |
414 | require (RSA_blinding_on (rsa_key, 0)); |
403 | |
415 | |
404 | fclose (f); |
416 | fclose (f); |
405 | } |
417 | } |
406 | else |
418 | else |
407 | { |
419 | { |
408 | slog (need_keys ? L_ERR : L_NOTICE, _("unable to open private rsa key file '%s': %s"), fname, strerror (errno)); |
420 | slog (need_keys ? L_ERR : L_NOTICE, _("unable to open private rsa key file '%s': %s"), fname, strerror (errno)); |
409 | |
421 | |
410 | if (need_keys) |
422 | if (need_keys) |
411 | exit (1); |
423 | exit (EXIT_FAILURE); |
412 | } |
424 | } |
|
|
425 | |
|
|
426 | if (need_keys && rsa_key && thisnode && thisnode->rsa_key) |
|
|
427 | if (BN_cmp (rsa_key->n, thisnode->rsa_key->n) != 0 |
|
|
428 | || BN_cmp (rsa_key->e, thisnode->rsa_key->e) != 0) |
|
|
429 | { |
|
|
430 | slog (L_NOTICE, _("private hostkey and public node key mismatch: is '%s' the correct node?"), ::thisnode); |
|
|
431 | exit (EXIT_FAILURE); |
|
|
432 | } |
413 | |
433 | |
414 | free (fname); |
434 | free (fname); |
415 | } |
435 | } |
416 | |
436 | |
417 | char *configuration::config_filename (const char *name, const char *dflt) |
437 | char *configuration::config_filename (const char *name, const char *dflt) |