[ViewVC] Diff of: cvs/gvpe/src/conf.C

Comparing gvpe/src/conf.C (file contents):
Revision 1.12 by pcg, Mon Apr 7 01:12:56 2003 UTC vs.
Revision 1.31 by pcg, Thu Mar 3 16:54:34 2005 UTC

 /*
     conf.c -- configuration code
-    Copyright (C) 1998 Robert van der Meulen
+    Copyright (C) 2003-2005 Marc Lehmann <gvpe@schmorp.de>
-                  1998-2002 Ivo Timmermans <ivo@o2w.nl>
-                  2000-2002 Guus Sliepen <guus@sliepen.eu.org>
-		  2000 Cris van Pelt <tribbel@arise.dhs.org>
-                  2003 Marc Lehmann <pcg@goof.com>
+    This file is part of GVPE.
-    This program is free software; you can redistribute it and/or modify
+    GVPE is free software; you can redistribute it and/or modify
     it under the terms of the GNU General Public License as published by
     the Free Software Foundation; either version 2 of the License, or
     (at your option) any later version.
     This program is distributed in the hope that it will be useful,
     but WITHOUT ANY WARRANTY; without even the implied warranty of
     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
     GNU General Public License for more details.
     You should have received a copy of the GNU General Public License
-    along with this program; if not, write to the Free Software
+    along with gvpe; if not, write to the Free Software
     Foundation, Inc. 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
 */
 #include "config.h"
 #include <netdb.h>
 #include <sys/stat.h>
 #include <sys/types.h>
 #include <unistd.h>
-#include <netinet/in.h>
+#include "netcompat.h"
 #include <openssl/err.h>
 #include <openssl/pem.h>
 #include <openssl/rsa.h>
 #include <openssl/rand.h>
+#include <openssl/bn.h>
 #include "gettext.h"
 #include "conf.h"
 #include "slog.h"
 #include "util.h"
 char *confbase;
 char *thisnode;
 char *identname;
-char *pidfilename;
 struct configuration conf;
 u8 best_protocol (u8 protset)
 {
-  if (protset & PROT_IPv4 ) return PROT_IPv4;
+  if (protset & PROT_IPv4  ) return PROT_IPv4;
+  if (protset & PROT_ICMPv4) return PROT_ICMPv4;
-  if (protset & PROT_UDPv4) return PROT_UDPv4;
+  if (protset & PROT_UDPv4 ) return PROT_UDPv4;
-  if (protset & PROT_TCPv4) return PROT_TCPv4;
+  if (protset & PROT_TCPv4 ) return PROT_TCPv4;
+  if (protset & PROT_DNSv4 ) return PROT_DNSv4;
   return 0;
 }
 const char *strprotocol (u8 protocol)
 {
-  if (protocol & PROT_IPv4 ) return "rawip";
+  if (protocol & PROT_IPv4  ) return "rawip";
+  if (protocol & PROT_ICMPv4) return "icmp";
-  if (protocol & PROT_UDPv4) return "udp";
+  if (protocol & PROT_UDPv4 ) return "udp";
-  if (protocol & PROT_TCPv4) return "tcp";
+  if (protocol & PROT_TCPv4 ) return "tcp";
+  if (protocol & PROT_DNSv4 ) return "dns";
   return "<unknown>";
 }
 void
   if (rsa_key)
     RSA_free (rsa_key);
   free (nodename);
   free (hostname);
+#if ENABLE_DNS
+  free (domain);
+  free (dns_hostname);
+#endif
 }
 void configuration::init ()
 {
   memset (this, 0, sizeof (*this));
+  mtu       = DEFAULT_MTU;
   rekey     = DEFAULT_REKEY;
   keepalive = DEFAULT_KEEPALIVE;
   llevel    = L_INFO;
   ip_proto  = IPPROTO_GRE;
+#if ENABLE_ICMP
+  icmp_type = ICMP_ECHOREPLY;
+#endif
   default_node.udp_port    = DEFAULT_UDPPORT;
-  default_node.tcp_port    = DEFAULT_UDPPORT;
+  default_node.tcp_port    = DEFAULT_UDPPORT; // ehrm
   default_node.connectmode = conf_node::C_ALWAYS;
   default_node.compress    = true;
-  default_node.protocols   = PROT_UDPv4;
+  default_node.protocols   = 0;
+  default_node.max_retry   = DEFAULT_MAX_RETRY;
+#if ENABLE_DNS
+  default_node.dns_port    = 53;
+  dns_forw_port            = 53;
+#endif
+  conf.pidfilename = strdup (LOCALSTATEDIR "/run/gvpe.pid");
 }
 void configuration::cleanup()
 {
   if (rsa_key)
     RSA_free (rsa_key);
   rsa_key = 0;
+  free (pidfilename);   pidfilename   = 0;
-  free (ifname);     ifname     = 0;
+  free (ifname);        ifname        = 0;
 #if ENABLE_HTTP_PROXY
-  free (proxy_host); proxy_host = 0;
+  free (proxy_host);    proxy_host    = 0;
-  free (proxy_auth); proxy_auth = 0;
+  free (proxy_auth);    proxy_auth    = 0;
+#endif
+#if ENABLE_DNS
+  free (dns_forw_host); dns_forw_host = 0;
 #endif
 }
 void
 configuration::clear_config ()
   char *fname;
   FILE *f;
   clear_config ();
-  asprintf (&fname, "%s/vped.conf", confbase);
+  asprintf (&fname, "%s/gvpe.conf", confbase);
   f = fopen (fname, "r");
   if (f)
     {
       char line[16384];
               else
                 slog (L_WARN, "'%s': %s, at '%s' line %d", val, UNKNOWN_LOGLEVEL, fname, line);
             }
           else if (!strcmp (var, "ip-proto"))
             ip_proto = atoi (val);
+          else if (!strcmp (var, "icmp-type"))
+            {
+#if ENABLE_ICMP
+              icmp_type = atoi (val);
+#endif
+            }
           // per config
           else if (!strcmp (var, "node"))
             {
               default_node.id++;
                     if (!PEM_read_RSAPublicKey(f, &node->rsa_key, NULL, NULL))
                       {
                         ERR_load_RSA_strings (); ERR_load_PEM_strings ();
                         slog (L_ERR, _("unable to open public rsa key file '%s': %s"), fname, ERR_error_string (ERR_get_error (), 0));
-                        exit (1);
+                        exit (EXIT_FAILURE);
                       }
-                    RSA_blinding_on (node->rsa_key, 0);
+                    require (RSA_blinding_on (node->rsa_key, 0));
                     fclose (f);
                   }
                 else
                   {
                     slog (need_keys ? L_ERR : L_NOTICE, _("unable to read public rsa key file '%s': %s"), fname, strerror (errno));
                     if (need_keys)
-                      exit (1);
+                      exit (EXIT_FAILURE);
                   }
                 free (fname);
               }
-              if (!::thisnode || !strcmp (node->nodename, ::thisnode))
+              if (::thisnode && !strcmp (node->nodename, ::thisnode))
                 thisnode = node;
             }
           else if (!strcmp (var, "private-key"))
-            prikeyfile = strdup (val);
+            free (prikeyfile), prikeyfile = strdup (val);
           else if (!strcmp (var, "ifpersist"))
             {
               parse_bool (ifpersist, "ifpersist", true, false);
             }
           else if (!strcmp (var, "ifname"))
-            ifname = strdup (val);
+            free (ifname), ifname = strdup (val);
           else if (!strcmp (var, "rekey"))
             rekey = atoi (val);
           else if (!strcmp (var, "keepalive"))
             keepalive = atoi (val);
           else if (!strcmp (var, "mtu"))
             mtu = atoi (val);
           else if (!strcmp (var, "if-up"))
-            script_if_up = strdup (val);
+            free (script_if_up), script_if_up = strdup (val);
           else if (!strcmp (var, "node-up"))
-            script_node_up = strdup (val);
+            free (script_node_up), script_node_up = strdup (val);
           else if (!strcmp (var, "node-down"))
-            script_node_down = strdup (val);
+            free (script_node_down), script_node_down = strdup (val);
+          else if (!strcmp (var, "pid-file"))
+            free (pidfilename), pidfilename = strdup (val);
+#if ENABLE_DNS
+          else if (!strcmp (var, "dns-forw-host"))
+            free (dns_forw_host), dns_forw_host = strdup (val);
+          else if (!strcmp (var, "dns-forw-port"))
+            dns_forw_port = atoi (val);
+#endif
+          else if (!strcmp (var, "http-proxy-host"))
+            {
 #if ENABLE_HTTP_PROXY
-          else if (!strcmp (var, "http-proxy-host"))
-            proxy_host = strdup (val);
+              free (proxy_host), proxy_host = strdup (val);
+#endif
+            }
           else if (!strcmp (var, "http-proxy-port"))
+            {
+#if ENABLE_HTTP_PROXY
-            proxy_port = atoi (val);
+              proxy_port = atoi (val);
+#endif
+            }
           else if (!strcmp (var, "http-proxy-auth"))
+            {
+#if ENABLE_HTTP_PROXY
-            proxy_auth = (char *)base64_encode ((const u8 *)val, strlen (val));
+              proxy_auth = (char *)base64_encode ((const u8 *)val, strlen (val));
 #endif
+            }
           /* node-specific, non-defaultable */
           else if (node != &default_node && !strcmp (var, "hostname"))
-            {
-              free (node->hostname);
-              node->hostname = strdup (val);
+            free (node->hostname), node->hostname = strdup (val);
-            }
           /* node-specific, defaultable */
           else if (!strcmp (var, "udp-port"))
             node->udp_port = atoi (val);
           else if (!strcmp (var, "tcp-port"))
             node->tcp_port = atoi (val);
+#if ENABLE_DNS
+          else if (!strcmp (var, "dns-hostname"))
+            free (node->dns_hostname), node->dns_hostname = strdup (val);
+          else if (!strcmp (var, "dns-port"))
+            node->dns_port = atoi (val);
+#endif
+          else if (!strcmp (var, "dns-domain"))
+            {
+#if ENABLE_DNS
+              free (node->domain), node->domain = strdup (val);
+#endif
+            }
           else if (!strcmp (var, "router-priority"))
             node->routerprio = atoi (val);
+          else if (!strcmp (var, "max-retry"))
+            node->max_retry = atoi (val);
           else if (!strcmp (var, "connect"))
             {
               if (!strcmp (val, "ondemand"))
                 node->connectmode = conf_node::C_ONDEMAND;
               else if (!strcmp (val, "never"))
                 node->connectmode = conf_node::C_ALWAYS;
               else if (!strcmp (val, "disabled"))
                 node->connectmode = conf_node::C_DISABLED;
               else
                 slog (L_WARN,
-                        _("illegal value for 'connectmode', use one of 'ondemand', 'never', 'always' or 'disabled', at '%s' line %d"),
+                      _("illegal value for 'connectmode', use one of 'ondemand', 'never', 'always' or 'disabled', at '%s' line %d"),
-                        var, fname, lineno);
+                      var, fname, lineno);
             }
           else if (!strcmp (var, "inherit-tos"))
             {
               parse_bool (node->inherit_tos, "inherit-tos", true, false);
             }
           // all these bool options really really cost a lot of executable size!
           else if (!strcmp (var, "enable-tcp"))
             {
 #if ENABLE_TCP
               u8 v; parse_bool (v, "enable-tcp" , PROT_TCPv4, 0); node->protocols = (node->protocols & ~PROT_TCPv4) | v;
+#endif
+            }
+          else if (!strcmp (var, "enable-icmp"))
+            {
+#if ENABLE_ICMP
+              u8 v; parse_bool (v, "enable-icmp" , PROT_ICMPv4, 0); node->protocols = (node->protocols & ~PROT_ICMPv4) | v;
+#endif
+            }
+          else if (!strcmp (var, "enable-dns"))
+            {
+#if ENABLE_DNS
+              u8 v; parse_bool (v, "enable-dns" , PROT_DNSv4, 0); node->protocols = (node->protocols & ~PROT_DNSv4) | v;
 #endif
             }
           else if (!strcmp (var, "enable-udp"))
             {
               u8 v; parse_bool (v, "enable-udp" , PROT_UDPv4, 0); node->protocols = (node->protocols & ~PROT_UDPv4) | v;
       fclose (f);
     }
   else
     {
       slog (L_ERR, _("unable to read config file '%s': %s"), fname, strerror (errno));
-      exit (1);
+      exit (EXIT_FAILURE);
     }
   free (fname);
   fname = config_filename (prikeyfile, "hostkey");
       if (!PEM_read_RSAPrivateKey (f, &rsa_key, NULL, NULL))
         {
           ERR_load_RSA_strings (); ERR_load_PEM_strings ();
           slog (L_ERR, _("unable to read private rsa key file '%s': %s"), fname, ERR_error_string (ERR_get_error (), 0));
-          exit (1);
+          exit (EXIT_FAILURE);
         }
-      RSA_blinding_on (rsa_key, 0);
+      require (RSA_blinding_on (rsa_key, 0));
       fclose (f);
     }
   else
     {
       slog (need_keys ? L_ERR : L_NOTICE, _("unable to open private rsa key file '%s': %s"), fname, strerror (errno));
       if (need_keys)
-        exit (1);
+        exit (EXIT_FAILURE);
     }
+  if (need_keys && ::thisnode
+      && rsa_key && thisnode && thisnode->rsa_key)
+    if (BN_cmp (rsa_key->n, thisnode->rsa_key->n) != 0
+        || BN_cmp (rsa_key->e, thisnode->rsa_key->e) != 0)
+      {
+        slog (L_NOTICE, _("private hostkey and public node key mismatch: is '%s' the correct node?"), ::thisnode);
+        exit (EXIT_FAILURE);
+      }
   free (fname);
 }
 char *configuration::config_filename (const char *name, const char *dflt)
   printf (_("MTU:                %d\n"), mtu);
   printf (_("rekeying interval:  %d\n"), rekey);
   printf (_("keepalive interval: %d\n"), keepalive);
   printf (_("interface:          %s\n"), ifname);
   printf (_("primary rsa key:    %s\n"), prikeyfile ? prikeyfile : "<default>");
-  printf (_("rsa key size:       %d\n"), rsa_key ? RSA_size (rsa_key) : -1);
+  printf (_("rsa key size:       %d\n"), rsa_key ? RSA_size (rsa_key) * 8 : -1);
   printf ("\n");
   printf ("%4s  %-17s %s %-8.8s  %-10.10s  %s\n",
           _("ID#"), _("MAC"), _("Com"), _("Conmode"), _("Node"), _("Host:Port"));
   printf ("\n");
 }
 configuration::configuration ()
 {
+  asprintf (&confbase, "%s/gvpe", CONFDIR);
   init ();
 }
 configuration::~configuration ()
 {

Diff Legend

-–
+Removed lines
-+
+Added lines
-<
+Changed lines
->
+Changed lines

Comparing gvpe/src/conf.C (file contents): Revision 1.12 by pcg, Mon Apr 7 01:12:56 2003 UTC vs. Revision 1.31 by pcg, Thu Mar 3 16:54:34 2005 UTC

Diff Legend

Comparing gvpe/src/conf.C (file contents):
Revision 1.12 by pcg, Mon Apr 7 01:12:56 2003 UTC vs.
Revision 1.31 by pcg, Thu Mar 3 16:54:34 2005 UTC