1 | /* |
1 | /* |
2 | conf.c -- configuration code |
2 | conf.c -- configuration code |
3 | Copyright (C) 2003 Marc Lehmann <pcg@goof.com> |
3 | Copyright (C) 2003-2004 Marc Lehmann <pcg@goof.com> |
4 | |
4 | |
5 | This program is free software; you can redistribute it and/or modify |
5 | This program is free software; you can redistribute it and/or modify |
6 | it under the terms of the GNU General Public License as published by |
6 | it under the terms of the GNU General Public License as published by |
7 | the Free Software Foundation; either version 2 of the License, or |
7 | the Free Software Foundation; either version 2 of the License, or |
8 | (at your option) any later version. |
8 | (at your option) any later version. |
… | |
… | |
33 | |
33 | |
34 | #include <openssl/err.h> |
34 | #include <openssl/err.h> |
35 | #include <openssl/pem.h> |
35 | #include <openssl/pem.h> |
36 | #include <openssl/rsa.h> |
36 | #include <openssl/rsa.h> |
37 | #include <openssl/rand.h> |
37 | #include <openssl/rand.h> |
|
|
38 | #include <openssl/bn.h> |
38 | |
39 | |
39 | #include "gettext.h" |
40 | #include "gettext.h" |
40 | |
41 | |
41 | #include "conf.h" |
42 | #include "conf.h" |
42 | #include "slog.h" |
43 | #include "slog.h" |
43 | #include "util.h" |
44 | #include "util.h" |
44 | |
45 | |
45 | char *confbase; |
46 | char *confbase; |
46 | char *thisnode; |
47 | char *thisnode; |
47 | char *identname; |
48 | char *identname; |
48 | char *pidfilename; |
|
|
49 | |
49 | |
50 | struct configuration conf; |
50 | struct configuration conf; |
51 | |
51 | |
52 | u8 best_protocol (u8 protset) |
52 | u8 best_protocol (u8 protset) |
53 | { |
53 | { |
54 | if (protset & PROT_IPv4 ) return PROT_IPv4; |
54 | if (protset & PROT_IPv4 ) return PROT_IPv4; |
55 | if (protset & PROT_ICMPv4) return PROT_ICMPv4; |
55 | if (protset & PROT_ICMPv4) return PROT_ICMPv4; |
56 | if (protset & PROT_UDPv4 ) return PROT_UDPv4; |
56 | if (protset & PROT_UDPv4 ) return PROT_UDPv4; |
57 | if (protset & PROT_TCPv4 ) return PROT_TCPv4; |
57 | if (protset & PROT_TCPv4 ) return PROT_TCPv4; |
|
|
58 | if (protset & PROT_DNSv4 ) return PROT_DNSv4; |
58 | |
59 | |
59 | return 0; |
60 | return 0; |
60 | } |
61 | } |
61 | |
62 | |
62 | const char *strprotocol (u8 protocol) |
63 | const char *strprotocol (u8 protocol) |
63 | { |
64 | { |
64 | if (protocol & PROT_IPv4 ) return "rawip"; |
65 | if (protocol & PROT_IPv4 ) return "rawip"; |
65 | if (protocol & PROT_ICMPv4) return "icmp"; |
66 | if (protocol & PROT_ICMPv4) return "icmp"; |
66 | if (protocol & PROT_UDPv4 ) return "udp"; |
67 | if (protocol & PROT_UDPv4 ) return "udp"; |
67 | if (protocol & PROT_TCPv4 ) return "tcp"; |
68 | if (protocol & PROT_TCPv4 ) return "tcp"; |
|
|
69 | if (protocol & PROT_DNSv4 ) return "dns"; |
68 | |
70 | |
69 | return "<unknown>"; |
71 | return "<unknown>"; |
70 | } |
72 | } |
71 | |
73 | |
72 | void |
74 | void |
… | |
… | |
97 | |
99 | |
98 | void configuration::init () |
100 | void configuration::init () |
99 | { |
101 | { |
100 | memset (this, 0, sizeof (*this)); |
102 | memset (this, 0, sizeof (*this)); |
101 | |
103 | |
|
|
104 | mtu = DEFAULT_MTU; |
102 | rekey = DEFAULT_REKEY; |
105 | rekey = DEFAULT_REKEY; |
103 | keepalive = DEFAULT_KEEPALIVE; |
106 | keepalive = DEFAULT_KEEPALIVE; |
104 | llevel = L_INFO; |
107 | llevel = L_INFO; |
105 | ip_proto = IPPROTO_GRE; |
108 | ip_proto = IPPROTO_GRE; |
106 | #if ENABLE_ICMP |
109 | #if ENABLE_ICMP |
107 | icmp_type = ICMP_ECHOREPLY; |
110 | icmp_type = ICMP_ECHOREPLY; |
108 | #endif |
111 | #endif |
109 | |
112 | |
110 | default_node.udp_port = DEFAULT_UDPPORT; |
113 | default_node.udp_port = DEFAULT_UDPPORT; |
111 | default_node.tcp_port = DEFAULT_UDPPORT; |
114 | default_node.tcp_port = DEFAULT_UDPPORT; // ehrm |
112 | default_node.connectmode = conf_node::C_ALWAYS; |
115 | default_node.connectmode = conf_node::C_ALWAYS; |
113 | default_node.compress = true; |
116 | default_node.compress = true; |
114 | default_node.protocols = PROT_UDPv4; |
117 | default_node.protocols = PROT_UDPv4; |
|
|
118 | |
|
|
119 | conf.pidfilename = strdup (LOCALSTATEDIR "/run/vped.pid"); |
115 | } |
120 | } |
116 | |
121 | |
117 | void configuration::cleanup() |
122 | void configuration::cleanup() |
118 | { |
123 | { |
119 | if (rsa_key) |
124 | if (rsa_key) |
120 | RSA_free (rsa_key); |
125 | RSA_free (rsa_key); |
121 | |
126 | |
122 | rsa_key = 0; |
127 | rsa_key = 0; |
123 | |
128 | |
|
|
129 | free (pidfilename); pidfilename = 0; |
124 | free (ifname); ifname = 0; |
130 | free (ifname); ifname = 0; |
125 | #if ENABLE_HTTP_PROXY |
131 | #if ENABLE_HTTP_PROXY |
126 | free (proxy_host); proxy_host = 0; |
132 | free (proxy_host); proxy_host = 0; |
127 | free (proxy_auth); proxy_auth = 0; |
133 | free (proxy_auth); proxy_auth = 0; |
128 | #endif |
134 | #endif |
129 | } |
135 | } |
130 | |
136 | |
131 | void |
137 | void |
132 | configuration::clear_config () |
138 | configuration::clear_config () |
… | |
… | |
224 | else |
230 | else |
225 | slog (L_WARN, "'%s': %s, at '%s' line %d", val, UNKNOWN_LOGLEVEL, fname, line); |
231 | slog (L_WARN, "'%s': %s, at '%s' line %d", val, UNKNOWN_LOGLEVEL, fname, line); |
226 | } |
232 | } |
227 | else if (!strcmp (var, "ip-proto")) |
233 | else if (!strcmp (var, "ip-proto")) |
228 | ip_proto = atoi (val); |
234 | ip_proto = atoi (val); |
|
|
235 | else if (!strcmp (var, "icmp-type")) |
|
|
236 | { |
229 | #if ENABLE_ICMP |
237 | #if ENABLE_ICMP |
230 | //TODO: error message |
|
|
231 | else if (!strcmp (var, "icmp-type")) |
|
|
232 | icmp_type = atoi (val); |
238 | icmp_type = atoi (val); |
233 | #endif |
239 | #endif |
|
|
240 | } |
234 | |
241 | |
235 | // per config |
242 | // per config |
236 | else if (!strcmp (var, "node")) |
243 | else if (!strcmp (var, "node")) |
237 | { |
244 | { |
238 | default_node.id++; |
245 | default_node.id++; |
… | |
… | |
256 | |
263 | |
257 | if (!PEM_read_RSAPublicKey(f, &node->rsa_key, NULL, NULL)) |
264 | if (!PEM_read_RSAPublicKey(f, &node->rsa_key, NULL, NULL)) |
258 | { |
265 | { |
259 | ERR_load_RSA_strings (); ERR_load_PEM_strings (); |
266 | ERR_load_RSA_strings (); ERR_load_PEM_strings (); |
260 | slog (L_ERR, _("unable to open public rsa key file '%s': %s"), fname, ERR_error_string (ERR_get_error (), 0)); |
267 | slog (L_ERR, _("unable to open public rsa key file '%s': %s"), fname, ERR_error_string (ERR_get_error (), 0)); |
261 | exit (1); |
268 | exit (EXIT_FAILURE); |
262 | } |
269 | } |
263 | |
270 | |
264 | RSA_blinding_on (node->rsa_key, 0); |
271 | require (RSA_blinding_on (node->rsa_key, 0)); |
265 | |
272 | |
266 | fclose (f); |
273 | fclose (f); |
267 | } |
274 | } |
268 | else |
275 | else |
269 | { |
276 | { |
270 | slog (need_keys ? L_ERR : L_NOTICE, _("unable to read public rsa key file '%s': %s"), fname, strerror (errno)); |
277 | slog (need_keys ? L_ERR : L_NOTICE, _("unable to read public rsa key file '%s': %s"), fname, strerror (errno)); |
271 | |
278 | |
272 | if (need_keys) |
279 | if (need_keys) |
273 | exit (1); |
280 | exit (EXIT_FAILURE); |
274 | } |
281 | } |
275 | |
282 | |
276 | free (fname); |
283 | free (fname); |
277 | } |
284 | } |
278 | |
285 | |
279 | if (!::thisnode || !strcmp (node->nodename, ::thisnode)) |
286 | if (::thisnode && !strcmp (node->nodename, ::thisnode)) |
280 | thisnode = node; |
287 | thisnode = node; |
281 | } |
288 | } |
282 | else if (!strcmp (var, "private-key")) |
289 | else if (!strcmp (var, "private-key")) |
283 | prikeyfile = strdup (val); |
290 | free (prikeyfile), prikeyfile = strdup (val); |
284 | else if (!strcmp (var, "ifpersist")) |
291 | else if (!strcmp (var, "ifpersist")) |
285 | { |
292 | { |
286 | parse_bool (ifpersist, "ifpersist", true, false); |
293 | parse_bool (ifpersist, "ifpersist", true, false); |
287 | } |
294 | } |
288 | else if (!strcmp (var, "ifname")) |
295 | else if (!strcmp (var, "ifname")) |
289 | ifname = strdup (val); |
296 | free (ifname), ifname = strdup (val); |
290 | else if (!strcmp (var, "rekey")) |
297 | else if (!strcmp (var, "rekey")) |
291 | rekey = atoi (val); |
298 | rekey = atoi (val); |
292 | else if (!strcmp (var, "keepalive")) |
299 | else if (!strcmp (var, "keepalive")) |
293 | keepalive = atoi (val); |
300 | keepalive = atoi (val); |
294 | else if (!strcmp (var, "mtu")) |
301 | else if (!strcmp (var, "mtu")) |
295 | mtu = atoi (val); |
302 | mtu = atoi (val); |
296 | else if (!strcmp (var, "if-up")) |
303 | else if (!strcmp (var, "if-up")) |
297 | script_if_up = strdup (val); |
304 | free (script_if_up), script_if_up = strdup (val); |
298 | else if (!strcmp (var, "node-up")) |
305 | else if (!strcmp (var, "node-up")) |
299 | script_node_up = strdup (val); |
306 | free (script_node_up), script_node_up = strdup (val); |
300 | else if (!strcmp (var, "node-down")) |
307 | else if (!strcmp (var, "node-down")) |
301 | script_node_down = strdup (val); |
308 | free (script_node_down), script_node_down = strdup (val); |
|
|
309 | else if (!strcmp (var, "pid-file")) |
|
|
310 | free (pidfilename), pidfilename = strdup (val); |
|
|
311 | else if (!strcmp (var, "http-proxy-host")) |
|
|
312 | { |
302 | #if ENABLE_HTTP_PROXY |
313 | #if ENABLE_HTTP_PROXY |
303 | else if (!strcmp (var, "http-proxy-host")) |
|
|
304 | proxy_host = strdup (val); |
314 | free (proxy_host), proxy_host = strdup (val); |
|
|
315 | #endif |
|
|
316 | } |
305 | else if (!strcmp (var, "http-proxy-port")) |
317 | else if (!strcmp (var, "http-proxy-port")) |
|
|
318 | { |
|
|
319 | #if ENABLE_HTTP_PROXY |
306 | proxy_port = atoi (val); |
320 | proxy_port = atoi (val); |
|
|
321 | #endif |
|
|
322 | } |
307 | else if (!strcmp (var, "http-proxy-auth")) |
323 | else if (!strcmp (var, "http-proxy-auth")) |
|
|
324 | { |
|
|
325 | #if ENABLE_HTTP_PROXY |
308 | proxy_auth = (char *)base64_encode ((const u8 *)val, strlen (val)); |
326 | proxy_auth = (char *)base64_encode ((const u8 *)val, strlen (val)); |
309 | #endif |
327 | #endif |
|
|
328 | } |
310 | |
329 | |
311 | /* node-specific, non-defaultable */ |
330 | /* node-specific, non-defaultable */ |
312 | else if (node != &default_node && !strcmp (var, "hostname")) |
331 | else if (node != &default_node && !strcmp (var, "hostname")) |
313 | { |
|
|
314 | free (node->hostname); |
|
|
315 | node->hostname = strdup (val); |
332 | free (node->hostname), node->hostname = strdup (val); |
316 | } |
|
|
317 | |
333 | |
318 | /* node-specific, defaultable */ |
334 | /* node-specific, defaultable */ |
319 | else if (!strcmp (var, "udp-port")) |
335 | else if (!strcmp (var, "udp-port")) |
320 | node->udp_port = atoi (val); |
336 | node->udp_port = atoi (val); |
321 | else if (!strcmp (var, "tcp-port")) |
337 | else if (!strcmp (var, "tcp-port")) |
322 | node->tcp_port = atoi (val); |
338 | node->tcp_port = atoi (val); |
|
|
339 | else if (!strcmp (var, "dns-port")) |
|
|
340 | node->dns_port = atoi (val); |
323 | else if (!strcmp (var, "router-priority")) |
341 | else if (!strcmp (var, "router-priority")) |
324 | node->routerprio = atoi (val); |
342 | node->routerprio = atoi (val); |
325 | else if (!strcmp (var, "connect")) |
343 | else if (!strcmp (var, "connect")) |
326 | { |
344 | { |
327 | if (!strcmp (val, "ondemand")) |
345 | if (!strcmp (val, "ondemand")) |
… | |
… | |
356 | { |
374 | { |
357 | #if ENABLE_ICMP |
375 | #if ENABLE_ICMP |
358 | u8 v; parse_bool (v, "enable-icmp" , PROT_ICMPv4, 0); node->protocols = (node->protocols & ~PROT_ICMPv4) | v; |
376 | u8 v; parse_bool (v, "enable-icmp" , PROT_ICMPv4, 0); node->protocols = (node->protocols & ~PROT_ICMPv4) | v; |
359 | #endif |
377 | #endif |
360 | } |
378 | } |
|
|
379 | else if (!strcmp (var, "enable-dns")) |
|
|
380 | { |
|
|
381 | #if ENABLE_DNS |
|
|
382 | u8 v; parse_bool (v, "enable-dns" , PROT_DNSv4, 0); node->protocols = (node->protocols & ~PROT_DNSv4) | v; |
|
|
383 | #endif |
|
|
384 | } |
361 | else if (!strcmp (var, "enable-udp")) |
385 | else if (!strcmp (var, "enable-udp")) |
362 | { |
386 | { |
363 | u8 v; parse_bool (v, "enable-udp" , PROT_UDPv4, 0); node->protocols = (node->protocols & ~PROT_UDPv4) | v; |
387 | u8 v; parse_bool (v, "enable-udp" , PROT_UDPv4, 0); node->protocols = (node->protocols & ~PROT_UDPv4) | v; |
364 | } |
388 | } |
365 | else if (!strcmp (var, "enable-rawip")) |
389 | else if (!strcmp (var, "enable-rawip")) |
366 | { |
390 | {; |
367 | u8 v; parse_bool (v, "enable-rawip", PROT_IPv4, 0); node->protocols = (node->protocols & ~PROT_IPv4 ) | v; |
391 | u8 v; parse_bool (v, "enable-rawip", PROT_IPv4, 0); node->protocols = (node->protocols & ~PROT_IPv4 ) | v; |
368 | } |
392 | } |
369 | |
393 | |
370 | // unknown or misplaced |
394 | // unknown or misplaced |
371 | else |
395 | else |
… | |
… | |
377 | fclose (f); |
401 | fclose (f); |
378 | } |
402 | } |
379 | else |
403 | else |
380 | { |
404 | { |
381 | slog (L_ERR, _("unable to read config file '%s': %s"), fname, strerror (errno)); |
405 | slog (L_ERR, _("unable to read config file '%s': %s"), fname, strerror (errno)); |
382 | exit (1); |
406 | exit (EXIT_FAILURE); |
383 | } |
407 | } |
384 | |
408 | |
385 | free (fname); |
409 | free (fname); |
386 | |
410 | |
387 | fname = config_filename (prikeyfile, "hostkey"); |
411 | fname = config_filename (prikeyfile, "hostkey"); |
… | |
… | |
393 | |
417 | |
394 | if (!PEM_read_RSAPrivateKey (f, &rsa_key, NULL, NULL)) |
418 | if (!PEM_read_RSAPrivateKey (f, &rsa_key, NULL, NULL)) |
395 | { |
419 | { |
396 | ERR_load_RSA_strings (); ERR_load_PEM_strings (); |
420 | ERR_load_RSA_strings (); ERR_load_PEM_strings (); |
397 | slog (L_ERR, _("unable to read private rsa key file '%s': %s"), fname, ERR_error_string (ERR_get_error (), 0)); |
421 | slog (L_ERR, _("unable to read private rsa key file '%s': %s"), fname, ERR_error_string (ERR_get_error (), 0)); |
398 | exit (1); |
422 | exit (EXIT_FAILURE); |
399 | } |
423 | } |
400 | |
424 | |
401 | RSA_blinding_on (rsa_key, 0); |
425 | require (RSA_blinding_on (rsa_key, 0)); |
402 | |
426 | |
403 | fclose (f); |
427 | fclose (f); |
404 | } |
428 | } |
405 | else |
429 | else |
406 | { |
430 | { |
407 | slog (need_keys ? L_ERR : L_NOTICE, _("unable to open private rsa key file '%s': %s"), fname, strerror (errno)); |
431 | slog (need_keys ? L_ERR : L_NOTICE, _("unable to open private rsa key file '%s': %s"), fname, strerror (errno)); |
408 | |
432 | |
409 | if (need_keys) |
433 | if (need_keys) |
410 | exit (1); |
434 | exit (EXIT_FAILURE); |
411 | } |
435 | } |
|
|
436 | |
|
|
437 | if (need_keys && ::thisnode |
|
|
438 | && rsa_key && thisnode && thisnode->rsa_key) |
|
|
439 | if (BN_cmp (rsa_key->n, thisnode->rsa_key->n) != 0 |
|
|
440 | || BN_cmp (rsa_key->e, thisnode->rsa_key->e) != 0) |
|
|
441 | { |
|
|
442 | slog (L_NOTICE, _("private hostkey and public node key mismatch: is '%s' the correct node?"), ::thisnode); |
|
|
443 | exit (EXIT_FAILURE); |
|
|
444 | } |
412 | |
445 | |
413 | free (fname); |
446 | free (fname); |
414 | } |
447 | } |
415 | |
448 | |
416 | char *configuration::config_filename (const char *name, const char *dflt) |
449 | char *configuration::config_filename (const char *name, const char *dflt) |
… | |
… | |
452 | printf ("\n"); |
485 | printf ("\n"); |
453 | } |
486 | } |
454 | |
487 | |
455 | configuration::configuration () |
488 | configuration::configuration () |
456 | { |
489 | { |
|
|
490 | asprintf (&confbase, "%s/vpe", CONFDIR); |
|
|
491 | |
457 | init (); |
492 | init (); |
458 | } |
493 | } |
459 | |
494 | |
460 | configuration::~configuration () |
495 | configuration::~configuration () |
461 | { |
496 | { |