[ViewVC] Diff of: cvs/gvpe/src/conf.C

Comparing gvpe/src/conf.C (file contents):
Revision 1.13 by pcg, Tue Apr 8 02:00:54 2003 UTC vs.
Revision 1.42 by pcg, Mon Dec 5 12:58:08 2005 UTC

…		…
1	/*	1	/*
2	conf.c -- configuration code	2	conf.c -- configuration code
3	Copyright (C) 1998 Robert van der Meulen	3	Copyright (C) 2003-2005 Marc Lehmann <gvpe@schmorp.de>
4	1998-2002 Ivo Timmermans <ivo@o2w.nl>
5	2000-2002 Guus Sliepen <guus@sliepen.eu.org>
6	2000 Cris van Pelt <tribbel@arise.dhs.org>
7	2003 Marc Lehmann <pcg@goof.com>
8		4
		5	This file is part of GVPE.
		6
9	This program is free software; you can redistribute it and/or modify	7	GVPE is free software; you can redistribute it and/or modify
10	it under the terms of the GNU General Public License as published by	8	it under the terms of the GNU General Public License as published by
11	the Free Software Foundation; either version 2 of the License, or	9	the Free Software Foundation; either version 2 of the License, or
12	(at your option) any later version.	10	(at your option) any later version.
13		11
14	This program is distributed in the hope that it will be useful,	12	This program is distributed in the hope that it will be useful,
15	but WITHOUT ANY WARRANTY; without even the implied warranty of	13	but WITHOUT ANY WARRANTY; without even the implied warranty of
16	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the	14	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17	GNU General Public License for more details.	15	GNU General Public License for more details.
18		16
19	You should have received a copy of the GNU General Public License	17	You should have received a copy of the GNU General Public License
20	along with this program; if not, write to the Free Software	18	along with gvpe; if not, write to the Free Software
21	Foundation, Inc. 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA	19	Foundation, Inc. 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
22	*/	20	*/
23		21
24	#include "config.h"	22	#include "config.h"
25		23
26	#include <cstdio>	24	#include <cstdio>
31	#include <netdb.h>	29	#include <netdb.h>
32	#include <sys/stat.h>	30	#include <sys/stat.h>
33	#include <sys/types.h>	31	#include <sys/types.h>
34	#include <unistd.h>	32	#include <unistd.h>
35		33
36	#include <netinet/in.h>	34	#include "netcompat.h"
37	#include <netinet/icmp.h>
38		35
39	#include <openssl/err.h>	36	#include <openssl/err.h>
40	#include <openssl/pem.h>	37	#include <openssl/pem.h>
41	#include <openssl/rsa.h>	38	#include <openssl/rsa.h>
42	#include <openssl/rand.h>	39	#include <openssl/rand.h>
43		40	#include <openssl/bn.h>
44	#include "gettext.h"
45		41
46	#include "conf.h"	42	#include "conf.h"
47	#include "slog.h"	43	#include "slog.h"
48	#include "util.h"	44	#include "util.h"
49		45
50	char *confbase;	46	char *confbase;
51	char *thisnode;	47	char *thisnode;
52	char *identname;	48	char *identname;
53	char *pidfilename;
54		49
55	struct configuration conf;	50	struct configuration conf;
56		51
57	u8 best_protocol (u8 protset)	52	u8 best_protocol (u8 protset)
58	{	53	{
59	if (protset & PROT_IPv4 ) return PROT_IPv4;	54	if (protset & PROT_IPv4 ) return PROT_IPv4;
60	if (protset & PROT_ICMPv4) return PROT_ICMPv4;	55	if (protset & PROT_ICMPv4) return PROT_ICMPv4;
61	if (protset & PROT_UDPv4 ) return PROT_UDPv4;	56	if (protset & PROT_UDPv4 ) return PROT_UDPv4;
62	if (protset & PROT_TCPv4 ) return PROT_TCPv4;	57	if (protset & PROT_TCPv4 ) return PROT_TCPv4;
		58	if (protset & PROT_DNSv4 ) return PROT_DNSv4;
63		59
64	return 0;	60	return 0;
65	}	61	}
66		62
67	const char *strprotocol (u8 protocol)	63	const char *strprotocol (u8 protocol)
68	{	64	{
69	if (protocol & PROT_IPv4 ) return "rawip";	65	if (protocol & PROT_IPv4 ) return "rawip";
70	if (protocol & PROT_ICMPv4) return "icmp";	66	if (protocol & PROT_ICMPv4) return "icmp";
71	if (protocol & PROT_UDPv4 ) return "udp";	67	if (protocol & PROT_UDPv4 ) return "udp";
72	if (protocol & PROT_TCPv4 ) return "tcp";	68	if (protocol & PROT_TCPv4 ) return "tcp";
		69	if (protocol & PROT_DNSv4 ) return "dns";
73		70
74	return "<unknown>";	71	return "<unknown>";
		72	}
		73
		74	static bool
		75	match_list (const vector<const char > &list, const char str)
		76	{
		77	for (vector<const char *>::const_iterator i = list.end (); i-- > list.begin (); )
		78	if ((i)[0] == '' && !(*i)[1])
		79	return true;
		80	else if (!strcmp (*i, str))
		81	return true;
		82
		83	return false;
		84	}
		85
		86	bool
		87	conf_node::can_direct (struct conf_node *other)
		88	{
		89	if (match_list (allow_direct, other->nodename))
		90	return true;
		91
		92	if (match_list (deny_direct, other->nodename))
		93	return false;
		94
		95	return true;
75	}	96	}
76		97
77	void	98	void
78	conf_node::print ()	99	conf_node::print ()
79	{	100	{
…		…
91	);	112	);
92	}	113	}
93		114
94	conf_node::~conf_node ()	115	conf_node::~conf_node ()
95	{	116	{
		117	#if 0
		118	// does not work, because string pointers etc. are shared
		119	// is not called, however
96	if (rsa_key)	120	if (rsa_key)
97	RSA_free (rsa_key);	121	RSA_free (rsa_key);
98		122
99	free (nodename);	123	free (nodename);
100	free (hostname);	124	free (hostname);
		125	free (if_up_data);
		126	#if ENABLE_DNS
		127	free (domain);
		128	free (dns_hostname);
		129	#endif
		130	#endif
101	}	131	}
102		132
103	void configuration::init ()	133	void configuration::init ()
104	{	134	{
105	memset (this, 0, sizeof (*this));	135	memset (this, 0, sizeof (*this));
106		136
		137	mtu = DEFAULT_MTU;
107	rekey = DEFAULT_REKEY;	138	rekey = DEFAULT_REKEY;
108	keepalive = DEFAULT_KEEPALIVE;	139	keepalive = DEFAULT_KEEPALIVE;
109	llevel = L_INFO;	140	llevel = L_INFO;
110	ip_proto = IPPROTO_GRE;	141	ip_proto = IPPROTO_GRE;
		142	#if ENABLE_ICMP
111	icmp_type = ICMP_ECHOREPLY;	143	icmp_type = ICMP_ECHOREPLY;
		144	#endif
112		145
113	default_node.udp_port = DEFAULT_UDPPORT;	146	default_node.udp_port = DEFAULT_UDPPORT;
114	default_node.tcp_port = DEFAULT_UDPPORT;	147	default_node.tcp_port = DEFAULT_UDPPORT; // ehrm
115	default_node.connectmode = conf_node::C_ALWAYS;	148	default_node.connectmode = conf_node::C_ALWAYS;
116	default_node.compress = true;	149	default_node.compress = true;
117	default_node.protocols = PROT_UDPv4;	150	default_node.protocols = 0;
		151	default_node.max_retry = DEFAULT_MAX_RETRY;
		152	default_node.if_up_data = strdup ("");
		153
		154	#if ENABLE_DNS
		155	default_node.dns_port = 0; // default is 0 == client
		156
		157	dns_forw_host = strdup ("127.0.0.1");
		158	dns_forw_port = 53;
		159	dns_timeout_factor = DEFAULT_DNS_TIMEOUT_FACTOR;
		160	dns_send_interval = DEFAULT_DNS_SEND_INTERVAL;
		161	dns_overlap_factor = DEFAULT_DNS_OVERLAP_FACTOR;
		162	dns_max_outstanding = DEFAULT_DNS_MAX_OUTSTANDING;
		163	#endif
		164
		165	conf.pidfilename = strdup (LOCALSTATEDIR "/run/gvpe.pid");
118	}	166	}
119		167
120	void configuration::cleanup()	168	void configuration::cleanup()
121	{	169	{
122	if (rsa_key)	170	if (rsa_key)
123	RSA_free (rsa_key);	171	RSA_free (rsa_key);
124		172
125	rsa_key = 0;	173	rsa_key = 0;
126		174
		175	free (pidfilename); pidfilename = 0;
127	free (ifname); ifname = 0;	176	free (ifname); ifname = 0;
128	#if ENABLE_HTTP_PROXY	177	#if ENABLE_HTTP_PROXY
129	free (proxy_host); proxy_host = 0;	178	free (proxy_host); proxy_host = 0;
130	free (proxy_auth); proxy_auth = 0;	179	free (proxy_auth); proxy_auth = 0;
		180	#endif
		181	#if ENABLE_DNS
		182	free (dns_forw_host); dns_forw_host = 0;
131	#endif	183	#endif
132	}	184	}
133		185
134	void	186	void
135	configuration::clear_config ()	187	configuration::clear ()
136	{	188	{
137	for (configuration::node_vector::iterator i = nodes.begin(); i != nodes.end(); ++i)	189	for (configuration::node_vector::iterator i = nodes.begin(); i != nodes.end(); ++i)
138	delete *i;	190	delete *i;
139		191
140	nodes.clear ();	192	nodes.clear ();
141		193
142	cleanup ();	194	cleanup ();
143	init ();	195	init ();
144	}	196	}
145		197
146	#define parse_bool(target,name,trueval,falseval) \	198	#define parse_bool(target,name,trueval,falseval) do { \
147	if (!strcmp (val, "yes")) target = trueval; \	199	if (!strcmp (val, "yes")) target = trueval; \
148	else if (!strcmp (val, "no")) target = falseval; \	200	else if (!strcmp (val, "no")) target = falseval; \
149	else if (!strcmp (val, "true")) target = trueval; \	201	else if (!strcmp (val, "true")) target = trueval; \
150	else if (!strcmp (val, "false")) target = falseval; \	202	else if (!strcmp (val, "false")) target = falseval; \
151	else if (!strcmp (val, "on")) target = trueval; \	203	else if (!strcmp (val, "on")) target = trueval; \
152	else if (!strcmp (val, "off")) target = falseval; \	204	else if (!strcmp (val, "off")) target = falseval; \
153	else \	205	else \
154	slog (L_WARN, \	206	return _("illegal boolean value, only 'yes\|true\|on' or 'no\|false\|off' allowed. (ignored)"); \
155	_("illegal value for '%s', only 'yes\|true\|on' or 'no\|false\|off' allowed, at '%s' line %d"), \	207	} while (0)
156	name, var, fname, lineno);
157		208
158	void configuration::read_config (bool need_keys)	209	const char *
		210	configuration_parser::parse_line (char *line)
		211	{
		212	{
		213	char *end = line + strlen (line);
		214
		215	while (*end < ' ' && end >= line)
		216	end--;
		217
		218	*++end = 0;
		219	}
		220
		221	char *tok = line;
		222	const char *var = strtok (tok, "\t =");
		223	tok = 0;
		224
		225	if (!var \|\| !var[0])
		226	return 0; /* no tokens on this line */
		227
		228	if (var[0] == '#')
		229	return 0; /* comment: ignore */
		230
		231	char *val = strtok (NULL, "\t\n\r =");
		232
		233	if (!val \|\| val[0] == '#')
		234	return _("no value given for variable. (ignored)");
		235
		236	if (!strcmp (var, "on"))
		237	{
		238	if (!::thisnode
		239	\|\| (val[0] == '!' && strcmp (val + 1, ::thisnode))
		240	\|\| !strcmp (val, ::thisnode))
		241	return parse_line (strtok (NULL, "\n\r"));
		242	else
		243	return 0;
		244	}
		245
		246	// truly global
		247	if (!strcmp (var, "loglevel"))
		248	{
		249	loglevel l = string_to_loglevel (val);
		250
		251	if (l == L_NONE)
		252	return _("unknown loglevel. (skipping)");
		253	}
		254	else if (!strcmp (var, "ip-proto"))
		255	conf.ip_proto = atoi (val);
		256	else if (!strcmp (var, "icmp-type"))
		257	{
		258	#if ENABLE_ICMP
		259	conf.icmp_type = atoi (val);
		260	#endif
		261	}
		262
		263	// per config
		264	else if (!strcmp (var, "node"))
		265	{
		266	parse_argv ();
		267
		268	conf.default_node.id++;
		269	node = new conf_node (conf.default_node);
		270	conf.nodes.push_back (node);
		271	node->nodename = strdup (val);
		272
		273	{
		274	char *fname;
		275	FILE *f;
		276
		277	asprintf (&fname, "%s/pubkey/%s", confbase, node->nodename);
		278
		279	f = fopen (fname, "r");
		280	if (f)
		281	{
		282	node->rsa_key = RSA_new ();
		283
		284	if (!PEM_read_RSAPublicKey(f, &node->rsa_key, NULL, NULL))
		285	{
		286	ERR_load_RSA_strings (); ERR_load_PEM_strings ();
		287	slog (L_ERR, _("unable to open public rsa key file '%s': %s"), fname, ERR_error_string (ERR_get_error (), 0));
		288	exit (EXIT_FAILURE);
		289	}
		290
		291	require (RSA_blinding_on (node->rsa_key, 0));
		292
		293	fclose (f);
		294	}
		295	else
		296	{
		297	slog (need_keys ? L_ERR : L_NOTICE, _("unable to read public rsa key file '%s': %s"), fname, strerror (errno));
		298
		299	if (need_keys)
		300	exit (EXIT_FAILURE);
		301	}
		302
		303	free (fname);
		304	}
		305
		306	if (::thisnode && !strcmp (node->nodename, ::thisnode))
		307	conf.thisnode = node;
		308	}
		309	else if (!strcmp (var, "private-key"))
		310	free (conf.prikeyfile), conf.prikeyfile = strdup (val);
		311	else if (!strcmp (var, "ifpersist"))
		312	parse_bool (conf.ifpersist, "ifpersist", true, false);
		313	else if (!strcmp (var, "ifname"))
		314	free (conf.ifname), conf.ifname = strdup (val);
		315	else if (!strcmp (var, "rekey"))
		316	conf.rekey = atoi (val);
		317	else if (!strcmp (var, "keepalive"))
		318	conf.keepalive = atoi (val);
		319	else if (!strcmp (var, "mtu"))
		320	conf.mtu = atoi (val);
		321	else if (!strcmp (var, "if-up"))
		322	free (conf.script_if_up), conf.script_if_up = strdup (val);
		323	else if (!strcmp (var, "node-up"))
		324	free (conf.script_node_up), conf.script_node_up = strdup (val);
		325	else if (!strcmp (var, "node-down"))
		326	free (conf.script_node_down), conf.script_node_down = strdup (val);
		327	else if (!strcmp (var, "pid-file"))
		328	free (conf.pidfilename), conf.pidfilename = strdup (val);
		329	else if (!strcmp (var, "dns-forw-host"))
		330	{
		331	#if ENABLE_DNS
		332	free (conf.dns_forw_host), conf.dns_forw_host = strdup (val);
		333	#endif
		334	}
		335	else if (!strcmp (var, "dns-forw-port"))
		336	{
		337	#if ENABLE_DNS
		338	conf.dns_forw_port = atoi (val);
		339	#endif
		340	}
		341	else if (!strcmp (var, "dns-timeout-factor"))
		342	{
		343	#if ENABLE_DNS
		344	conf.dns_timeout_factor = atof (val);
		345	#endif
		346	}
		347	else if (!strcmp (var, "dns-send-interval"))
		348	{
		349	#if ENABLE_DNS
		350	conf.dns_send_interval = atoi (val);
		351	#endif
		352	}
		353	else if (!strcmp (var, "dns-overlap-factor"))
		354	{
		355	#if ENABLE_DNS
		356	conf.dns_overlap_factor = atof (val);
		357	#endif
		358	}
		359	else if (!strcmp (var, "dns-max-outstanding"))
		360	{
		361	#if ENABLE_DNS
		362	conf.dns_max_outstanding = atoi (val);
		363	#endif
		364	}
		365	else if (!strcmp (var, "http-proxy-host"))
		366	{
		367	#if ENABLE_HTTP_PROXY
		368	free (conf.proxy_host), conf.proxy_host = strdup (val);
		369	#endif
		370	}
		371	else if (!strcmp (var, "http-proxy-port"))
		372	{
		373	#if ENABLE_HTTP_PROXY
		374	conf.proxy_port = atoi (val);
		375	#endif
		376	}
		377	else if (!strcmp (var, "http-proxy-auth"))
		378	{
		379	#if ENABLE_HTTP_PROXY
		380	conf.proxy_auth = (char )base64_encode ((const u8 )val, strlen (val));
		381	#endif
		382	}
		383
		384	/* node-specific, non-defaultable */
		385	else if (node != &conf.default_node && !strcmp (var, "hostname"))
		386	free (node->hostname), node->hostname = strdup (val);
		387
		388	/* node-specific, defaultable */
		389	else if (!strcmp (var, "udp-port"))
		390	node->udp_port = atoi (val);
		391	else if (!strcmp (var, "tcp-port"))
		392	node->tcp_port = atoi (val);
		393	else if (!strcmp (var, "dns-hostname"))
		394	{
		395	#if ENABLE_DNS
		396	free (node->dns_hostname), node->dns_hostname = strdup (val);
		397	#endif
		398	}
		399	else if (!strcmp (var, "dns-port"))
		400	{
		401	#if ENABLE_DNS
		402	node->dns_port = atoi (val);
		403	#endif
		404	}
		405	else if (!strcmp (var, "dns-domain"))
		406	{
		407	#if ENABLE_DNS
		408	free (node->domain), node->domain = strdup (val);
		409	#endif
		410	}
		411	else if (!strcmp (var, "if-up-data"))
		412	free (node->if_up_data), node->if_up_data = strdup (val);
		413	else if (!strcmp (var, "router-priority"))
		414	node->routerprio = atoi (val);
		415	else if (!strcmp (var, "max-retry"))
		416	node->max_retry = atoi (val);
		417	else if (!strcmp (var, "connect"))
		418	{
		419	if (!strcmp (val, "ondemand"))
		420	node->connectmode = conf_node::C_ONDEMAND;
		421	else if (!strcmp (val, "never"))
		422	node->connectmode = conf_node::C_NEVER;
		423	else if (!strcmp (val, "always"))
		424	node->connectmode = conf_node::C_ALWAYS;
		425	else if (!strcmp (val, "disabled"))
		426	node->connectmode = conf_node::C_DISABLED;
		427	else
		428	return _("illegal value for 'connectmode', use one of 'ondemand', 'never', 'always' or 'disabled'. (ignored)");
		429	}
		430	else if (!strcmp (var, "inherit-tos"))
		431	parse_bool (node->inherit_tos, "inherit-tos", true, false);
		432	else if (!strcmp (var, "compress"))
		433	parse_bool (node->compress, "compress", true, false);
		434	// all these bool options really really cost a lot of executable size!
		435	else if (!strcmp (var, "enable-tcp"))
		436	{
		437	#if ENABLE_TCP
		438	u8 v; parse_bool (v, "enable-tcp" , PROT_TCPv4, 0); node->protocols = (node->protocols & ~PROT_TCPv4) \| v;
		439	#endif
		440	}
		441	else if (!strcmp (var, "enable-icmp"))
		442	{
		443	#if ENABLE_ICMP
		444	u8 v; parse_bool (v, "enable-icmp" , PROT_ICMPv4, 0); node->protocols = (node->protocols & ~PROT_ICMPv4) \| v;
		445	#endif
		446	}
		447	else if (!strcmp (var, "enable-dns"))
		448	{
		449	#if ENABLE_DNS
		450	u8 v; parse_bool (v, "enable-dns" , PROT_DNSv4, 0); node->protocols = (node->protocols & ~PROT_DNSv4) \| v;
		451	#endif
		452	}
		453	else if (!strcmp (var, "enable-udp"))
		454	{
		455	u8 v; parse_bool (v, "enable-udp" , PROT_UDPv4, 0); node->protocols = (node->protocols & ~PROT_UDPv4) \| v;
		456	}
		457	else if (!strcmp (var, "enable-rawip"))
		458	{
		459	u8 v; parse_bool (v, "enable-rawip", PROT_IPv4, 0); node->protocols = (node->protocols & ~PROT_IPv4 ) \| v;
		460	}
		461	else if (!strcmp (var, "allow-direct"))
		462	node->allow_direct.push_back (strdup (val));
		463	else if (!strcmp (var, "deny-direct"))
		464	node->deny_direct.push_back (strdup (val));
		465
		466	// unknown or misplaced
		467	else
		468	return _("unknown configuration directive. (ignored)");
		469
		470	return 0;
		471	}
		472
		473	void configuration_parser::parse_argv ()
		474	{
		475	for (int i = 0; i < argc; ++i)
		476	{
		477	char *v = argv [i];
		478
		479	if (!*v)
		480	continue;
		481
		482	char *enode = v;
		483
		484	while (enode != '.' && enode > ' ' && enode != '=' && enode)
		485	enode++;
		486
		487	if (*enode != '.')
		488	enode = 0;
		489
		490	char *wnode = node == &conf.default_node
		491	? 0
		492	: node->nodename;
		493
		494	if ((!wnode && !enode)
		495	\|\| (wnode && enode && !strncmp (wnode, v, enode - v)))
		496	{
		497	const char *warn = parse_line (enode ? enode + 1 : v);
		498
		499	if (warn)
		500	slog (L_WARN, _("%s, while parsing command line option '%s'."), warn, v);
		501
		502	*v = 0;
		503	}
		504	}
		505	}
		506
		507	configuration_parser::configuration_parser (configuration &conf,
		508	bool need_keys,
		509	int argc,
		510	char **argv)
		511	: conf (conf),need_keys (need_keys), argc (argc), argv (argv)
159	{	512	{
160	char *fname;	513	char *fname;
161	FILE *f;	514	FILE *f;
162		515
163	clear_config ();	516	conf.clear ();
164		517
165	asprintf (&fname, "%s/vped.conf", confbase);	518	asprintf (&fname, "%s/gvpe.conf", confbase);
166	f = fopen (fname, "r");	519	f = fopen (fname, "r");
167		520
168	if (f)	521	if (f)
169	{	522	{
170	char line[16384];	523	char line[16384];
171	int lineno = 0;	524	int lineno = 0;
172	char var, val;	525	node = &conf.default_node;
173	conf_node *node = &default_node;
174		526
175	while (fgets (line, sizeof (line), f))	527	while (fgets (line, sizeof (line), f))
176	{	528	{
177	lineno++;	529	lineno++;
178		530
179	{	531	const char *warn = parse_line (line);
180	char *end = line + strlen (line);
181		532
182	while (*end < ' ' && end >= line)	533	if (warn)
183	end--;	534	slog (L_WARN, _("%s, at '%s', line %d."), warn, fname, lineno);
184
185	*++end = 0;
186	}
187
188	char *tok = line;
189
190	retry:
191	var = strtok (tok, "\t =");
192	tok = 0;
193
194	if (!var \|\| !var[0])
195	continue; /* no tokens on this line */
196
197	if (var[0] == '#')
198	continue; /* comment: ignore */
199
200	val = strtok (NULL, "\t\n\r =");
201
202	if (!val \|\| val[0] == '#')
203	{
204	slog (L_WARN,
205	_("no value for variable `%s', at '%s' line %d"),
206	var, fname, lineno);
207	break;
208	}
209
210	if (!strcmp (var, "on"))
211	{
212	if (!::thisnode
213	\|\| (val[0] == '!' && strcmp (val + 1, ::thisnode))
214	\|\| !strcmp (val, ::thisnode))
215	goto retry;
216
217	continue;
218	}
219
220	// truly global
221	if (!strcmp (var, "loglevel"))
222	{
223	loglevel l = string_to_loglevel (val);
224
225	if (l != L_NONE)
226	llevel = l;
227	else
228	slog (L_WARN, "'%s': %s, at '%s' line %d", val, UNKNOWN_LOGLEVEL, fname, line);
229	}
230	else if (!strcmp (var, "ip-proto"))
231	ip_proto = atoi (val);
232	else if (!strcmp (var, "icmp-type"))
233	icmp_type = atoi (val);
234
235	// per config
236	else if (!strcmp (var, "node"))
237	{
238	default_node.id++;
239
240	node = new conf_node (default_node);
241
242	nodes.push_back (node);
243
244	node->nodename = strdup (val);
245
246	{
247	char *fname;
248	FILE *f;
249
250	asprintf (&fname, "%s/pubkey/%s", confbase, node->nodename);
251
252	f = fopen (fname, "r");
253	if (f)
254	{
255	node->rsa_key = RSA_new ();
256
257	if (!PEM_read_RSAPublicKey(f, &node->rsa_key, NULL, NULL))
258	{
259	ERR_load_RSA_strings (); ERR_load_PEM_strings ();
260	slog (L_ERR, _("unable to open public rsa key file '%s': %s"), fname, ERR_error_string (ERR_get_error (), 0));
261	exit (1);
262	}
263
264	RSA_blinding_on (node->rsa_key, 0);
265
266	fclose (f);
267	}
268	else
269	{
270	slog (need_keys ? L_ERR : L_NOTICE, _("unable to read public rsa key file '%s': %s"), fname, strerror (errno));
271
272	if (need_keys)
273	exit (1);
274	}
275
276	free (fname);
277	}
278
279	if (!::thisnode \|\| !strcmp (node->nodename, ::thisnode))
280	thisnode = node;
281	}
282	else if (!strcmp (var, "private-key"))
283	prikeyfile = strdup (val);
284	else if (!strcmp (var, "ifpersist"))
285	{
286	parse_bool (ifpersist, "ifpersist", true, false);
287	}
288	else if (!strcmp (var, "ifname"))
289	ifname = strdup (val);
290	else if (!strcmp (var, "rekey"))
291	rekey = atoi (val);
292	else if (!strcmp (var, "keepalive"))
293	keepalive = atoi (val);
294	else if (!strcmp (var, "mtu"))
295	mtu = atoi (val);
296	else if (!strcmp (var, "if-up"))
297	script_if_up = strdup (val);
298	else if (!strcmp (var, "node-up"))
299	script_node_up = strdup (val);
300	else if (!strcmp (var, "node-down"))
301	script_node_down = strdup (val);
302	#if ENABLE_HTTP_PROXY
303	else if (!strcmp (var, "http-proxy-host"))
304	proxy_host = strdup (val);
305	else if (!strcmp (var, "http-proxy-port"))
306	proxy_port = atoi (val);
307	else if (!strcmp (var, "http-proxy-auth"))
308	proxy_auth = (char )base64_encode ((const u8 )val, strlen (val));
309	#endif
310
311	/* node-specific, non-defaultable */
312	else if (node != &default_node && !strcmp (var, "hostname"))
313	{
314	free (node->hostname);
315	node->hostname = strdup (val);
316	}
317
318	/* node-specific, defaultable */
319	else if (!strcmp (var, "udp-port"))
320	node->udp_port = atoi (val);
321	else if (!strcmp (var, "tcp-port"))
322	node->tcp_port = atoi (val);
323	else if (!strcmp (var, "router-priority"))
324	node->routerprio = atoi (val);
325	else if (!strcmp (var, "connect"))
326	{
327	if (!strcmp (val, "ondemand"))
328	node->connectmode = conf_node::C_ONDEMAND;
329	else if (!strcmp (val, "never"))
330	node->connectmode = conf_node::C_NEVER;
331	else if (!strcmp (val, "always"))
332	node->connectmode = conf_node::C_ALWAYS;
333	else if (!strcmp (val, "disabled"))
334	node->connectmode = conf_node::C_DISABLED;
335	else
336	slog (L_WARN,
337	_("illegal value for 'connectmode', use one of 'ondemand', 'never', 'always' or 'disabled', at '%s' line %d"),
338	var, fname, lineno);
339	}
340	else if (!strcmp (var, "inherit-tos"))
341	{
342	parse_bool (node->inherit_tos, "inherit-tos", true, false);
343	}
344	else if (!strcmp (var, "compress"))
345	{
346	parse_bool (node->compress, "compress", true, false);
347	}
348	// all these bool options really really cost a lot of executable size!
349	else if (!strcmp (var, "enable-tcp"))
350	{
351	#if ENABLE_TCP
352	u8 v; parse_bool (v, "enable-tcp" , PROT_TCPv4, 0); node->protocols = (node->protocols & ~PROT_TCPv4) \| v;
353	#endif
354	}
355	else if (!strcmp (var, "enable-icmp"))
356	{
357	#if ENABLE_ICMP
358	u8 v; parse_bool (v, "enable-icmp" , PROT_ICMPv4, 0); node->protocols = (node->protocols & ~PROT_ICMPv4) \| v;
359	#endif
360	}
361	else if (!strcmp (var, "enable-udp"))
362	{
363	u8 v; parse_bool (v, "enable-udp" , PROT_UDPv4, 0); node->protocols = (node->protocols & ~PROT_UDPv4) \| v;
364	}
365	else if (!strcmp (var, "enable-rawip"))
366	{
367	u8 v; parse_bool (v, "enable-rawip", PROT_IPv4, 0); node->protocols = (node->protocols & ~PROT_IPv4 ) \| v;
368	}
369
370	// unknown or misplaced
371	else
372	slog (L_WARN,
373	_("unknown or misplaced variable `%s', at '%s' line %d"),
374	var, fname, lineno);
375	}	535	}
376		536
377	fclose (f);	537	fclose (f);
		538
		539	parse_argv ();
378	}	540	}
379	else	541	else
380	{	542	{
381	slog (L_ERR, _("unable to read config file '%s': %s"), fname, strerror (errno));	543	slog (L_ERR, _("unable to read config file '%s': %s"), fname, strerror (errno));
382	exit (1);	544	exit (EXIT_FAILURE);
383	}	545	}
384		546
385	free (fname);	547	free (fname);
386		548
387	fname = config_filename (prikeyfile, "hostkey");	549	fname = conf.config_filename (conf.prikeyfile, "hostkey");
388		550
389	f = fopen (fname, "r");	551	f = fopen (fname, "r");
390	if (f)	552	if (f)
391	{	553	{
392	rsa_key = RSA_new ();	554	conf.rsa_key = RSA_new ();
393		555
394	if (!PEM_read_RSAPrivateKey (f, &rsa_key, NULL, NULL))	556	if (!PEM_read_RSAPrivateKey (f, &conf.rsa_key, NULL, NULL))
395	{	557	{
396	ERR_load_RSA_strings (); ERR_load_PEM_strings ();	558	ERR_load_RSA_strings (); ERR_load_PEM_strings ();
397	slog (L_ERR, _("unable to read private rsa key file '%s': %s"), fname, ERR_error_string (ERR_get_error (), 0));	559	slog (L_ERR, _("unable to read private rsa key file '%s': %s"), fname, ERR_error_string (ERR_get_error (), 0));
398	exit (1);	560	exit (EXIT_FAILURE);
399	}	561	}
400		562
401	RSA_blinding_on (rsa_key, 0);	563	require (RSA_blinding_on (conf.rsa_key, 0));
402		564
403	fclose (f);	565	fclose (f);
404	}	566	}
405	else	567	else
406	{	568	{
407	slog (need_keys ? L_ERR : L_NOTICE, _("unable to open private rsa key file '%s': %s"), fname, strerror (errno));	569	slog (need_keys ? L_ERR : L_NOTICE, _("unable to open private rsa key file '%s': %s"), fname, strerror (errno));
408		570
409	if (need_keys)	571	if (need_keys)
410	exit (1);	572	exit (EXIT_FAILURE);
		573	}
		574
		575	if (need_keys && ::thisnode
		576	&& conf.rsa_key && conf.thisnode && conf.thisnode->rsa_key)
		577	if (BN_cmp (conf.rsa_key->n, conf.thisnode->rsa_key->n) != 0
		578	\|\| BN_cmp (conf.rsa_key->e, conf.thisnode->rsa_key->e) != 0)
		579	{
		580	slog (L_NOTICE, _("private hostkey and public node key mismatch: is '%s' the correct node?"), ::thisnode);
		581	exit (EXIT_FAILURE);
411	}	582	}
412		583
413	free (fname);	584	free (fname);
414	}	585	}
415		586
416	char configuration::config_filename (const char name, const char *dflt)	587	char configuration::config_filename (const char name, const char *dflt)
…		…
438	printf (_("MTU: %d\n"), mtu);	609	printf (_("MTU: %d\n"), mtu);
439	printf (_("rekeying interval: %d\n"), rekey);	610	printf (_("rekeying interval: %d\n"), rekey);
440	printf (_("keepalive interval: %d\n"), keepalive);	611	printf (_("keepalive interval: %d\n"), keepalive);
441	printf (_("interface: %s\n"), ifname);	612	printf (_("interface: %s\n"), ifname);
442	printf (_("primary rsa key: %s\n"), prikeyfile ? prikeyfile : "<default>");	613	printf (_("primary rsa key: %s\n"), prikeyfile ? prikeyfile : "<default>");
443	printf (_("rsa key size: %d\n"), rsa_key ? RSA_size (rsa_key) : -1);	614	printf (_("rsa key size: %d\n"), rsa_key ? RSA_size (rsa_key) * 8 : -1);
444	printf ("\n");	615	printf ("\n");
445		616
446	printf ("%4s %-17s %s %-8.8s %-10.10s %s\n",	617	printf ("%4s %-17s %s %-8.8s %-10.10s %s\n",
447	_("ID#"), _("MAC"), _("Com"), _("Conmode"), _("Node"), _("Host:Port"));	618	_("ID#"), _("MAC"), _("Com"), _("Conmode"), _("Node"), _("Host:Port"));
448		619
…		…
452	printf ("\n");	623	printf ("\n");
453	}	624	}
454		625
455	configuration::configuration ()	626	configuration::configuration ()
456	{	627	{
		628	asprintf (&confbase, "%s/gvpe", CONFDIR);
		629
457	init ();	630	init ();
458	}	631	}
459		632
460	configuration::~configuration ()	633	configuration::~configuration ()
461	{	634	{

Diff Legend

-–
+Removed lines
-+
+Added lines
-<
+Changed lines
->
+Changed lines

Comparing gvpe/src/conf.C (file contents): Revision 1.13 by pcg, Tue Apr 8 02:00:54 2003 UTC vs. Revision 1.42 by pcg, Mon Dec 5 12:58:08 2005 UTC

Diff Legend

Comparing gvpe/src/conf.C (file contents):
Revision 1.13 by pcg, Tue Apr 8 02:00:54 2003 UTC vs.
Revision 1.42 by pcg, Mon Dec 5 12:58:08 2005 UTC