[ViewVC] Diff of: cvs/gvpe/src/conf.C

Comparing gvpe/src/conf.C (file contents):
Revision 1.30 by pcg, Thu Mar 3 07:24:57 2005 UTC vs.
Revision 1.49 by pcg, Sun Aug 10 22:18:58 2008 UTC

…		…
1	/*	1	/*
2	conf.c -- configuration code	2	conf.c -- configuration code
3	Copyright (C) 2003-2004 Marc Lehmann <pcg@goof.com>	3	Copyright (C) 2003-2008 Marc Lehmann <gvpe@schmorp.de>
4		4
		5	This file is part of GVPE.
		6
5	This program is free software; you can redistribute it and/or modify	7	GVPE is free software; you can redistribute it and/or modify it
6	it under the terms of the GNU General Public License as published by	8	under the terms of the GNU General Public License as published by the
7	the Free Software Foundation; either version 2 of the License, or	9	Free Software Foundation; either version 3 of the License, or (at your
8	(at your option) any later version.	10	option) any later version.
9		11
10	This program is distributed in the hope that it will be useful,	12	This program is distributed in the hope that it will be useful, but
11	but WITHOUT ANY WARRANTY; without even the implied warranty of	13	WITHOUT ANY WARRANTY; without even the implied warranty of
12	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the	14	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General
13	GNU General Public License for more details.	15	Public License for more details.
14		16
15	You should have received a copy of the GNU General Public License	17	You should have received a copy of the GNU General Public License along
16	along with this program; if not, write to the Free Software	18	with this program; if not, see <http://www.gnu.org/licenses/>.
17	Foundation, Inc. 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA	19
		20	Additional permission under GNU GPL version 3 section 7
		21
		22	If you modify this Program, or any covered work, by linking or
		23	combining it with the OpenSSL project's OpenSSL library (or a modified
		24	version of that library), containing parts covered by the terms of the
		25	OpenSSL or SSLeay licenses, the licensors of this Program grant you
		26	additional permission to convey the resulting work. Corresponding
		27	Source for a non-source form of such a combination shall include the
		28	source code for the parts of OpenSSL used as well as that of the
		29	covered work.
18	*/	30	*/
19		31
20	#include "config.h"	32	#include "config.h"
21		33
22	#include <cstdio>	34	#include <cstdio>
35	#include <openssl/pem.h>	47	#include <openssl/pem.h>
36	#include <openssl/rsa.h>	48	#include <openssl/rsa.h>
37	#include <openssl/rand.h>	49	#include <openssl/rand.h>
38	#include <openssl/bn.h>	50	#include <openssl/bn.h>
39		51
40	#include "gettext.h"
41
42	#include "conf.h"	52	#include "conf.h"
43	#include "slog.h"	53	#include "slog.h"
44	#include "util.h"	54	#include "util.h"
45		55
46	char *confbase;	56	char *confbase;
…		…
69	if (protocol & PROT_DNSv4 ) return "dns";	79	if (protocol & PROT_DNSv4 ) return "dns";
70		80
71	return "<unknown>";	81	return "<unknown>";
72	}	82	}
73		83
		84	static bool
		85	match_list (const vector<const char > &list, const char str)
		86	{
		87	for (vector<const char *>::const_iterator i = list.end (); i-- > list.begin (); )
		88	if ((i)[0] == '' && !(*i)[1])
		89	return true;
		90	else if (!strcmp (*i, str))
		91	return true;
		92
		93	return false;
		94	}
		95
		96	bool
		97	conf_node::may_direct (struct conf_node *other)
		98	{
		99	if (match_list (allow_direct, other->nodename))
		100	return true;
		101
		102	if (match_list (deny_direct, other->nodename))
		103	return false;
		104
		105	return true;
		106	}
		107
74	void	108	void
75	conf_node::print ()	109	conf_node::print ()
76	{	110	{
77	printf ("%4d fe:fd:80:00:0%1x:%02x %c %-8.8s %-10.10s %s%s%d\n",	111	printf ("%4d fe:fd:80:00:0%1x:%02x %c %-8.8s %-10.10s %s%s%d\n",
78	id,	112	id,
79	id >> 8, id & 0xff,	113	id >> 8, id & 0xff,
80	compress ? 'Y' : 'N',	114	compress ? 'Y' : 'N',
81	connectmode == C_ONDEMAND ? "ondemand" :	115	connectmode == C_ONDEMAND ? "ondemand"
82	connectmode == C_NEVER ? "never" :	116	: connectmode == C_NEVER ? "never"
83	connectmode == C_ALWAYS ? "always" : "",	117	: connectmode == C_ALWAYS ? "always"
		118	: connectmode == C_DISABLED ? "disabled"
		119	: "",
84	nodename,	120	nodename,
85	hostname ? hostname : "",	121	hostname ? hostname : "",
86	hostname ? ":" : "",	122	hostname ? ":" : "",
87	hostname ? udp_port : 0	123	hostname ? udp_port : 0
88	);	124	);
89	}	125	}
90		126
91	conf_node::~conf_node ()	127	conf_node::~conf_node ()
92	{	128	{
		129	#if 0
		130	// does not work, because string pointers etc. are shared
		131	// is not called, however
93	if (rsa_key)	132	if (rsa_key)
94	RSA_free (rsa_key);	133	RSA_free (rsa_key);
95		134
96	free (nodename);	135	free (nodename);
97	free (hostname);	136	free (hostname);
		137	free (if_up_data);
98	#if ENABLE_DNS	138	#if ENABLE_DNS
99	free (domain);	139	free (domain);
100	free (dns_hostname);	140	free (dns_hostname);
		141	#endif
101	#endif	142	#endif
102	}	143	}
103		144
104	void configuration::init ()	145	void configuration::init ()
105	{	146	{
…		…
118	default_node.tcp_port = DEFAULT_UDPPORT; // ehrm	159	default_node.tcp_port = DEFAULT_UDPPORT; // ehrm
119	default_node.connectmode = conf_node::C_ALWAYS;	160	default_node.connectmode = conf_node::C_ALWAYS;
120	default_node.compress = true;	161	default_node.compress = true;
121	default_node.protocols = 0;	162	default_node.protocols = 0;
122	default_node.max_retry = DEFAULT_MAX_RETRY;	163	default_node.max_retry = DEFAULT_MAX_RETRY;
		164	default_node.max_ttl = DEFAULT_MAX_TTL;
		165	default_node.max_queue = DEFAULT_MAX_QUEUE;
		166	default_node.if_up_data = strdup ("");
123		167
124	#if ENABLE_DNS	168	#if ENABLE_DNS
125	default_node.dns_port = 53;	169	default_node.dns_port = 0; // default is 0 == client
		170
		171	dns_forw_host = strdup ("127.0.0.1");
126	dns_forw_port = 53;	172	dns_forw_port = 53;
		173	dns_timeout_factor = DEFAULT_DNS_TIMEOUT_FACTOR;
		174	dns_send_interval = DEFAULT_DNS_SEND_INTERVAL;
		175	dns_overlap_factor = DEFAULT_DNS_OVERLAP_FACTOR;
		176	dns_max_outstanding = DEFAULT_DNS_MAX_OUTSTANDING;
127	#endif	177	#endif
128		178
129	conf.pidfilename = strdup (LOCALSTATEDIR "/run/gvpe.pid");	179	conf.pidfilename = strdup (LOCALSTATEDIR "/run/gvpe.pid");
130	}	180	}
131		181
…		…
146	free (dns_forw_host); dns_forw_host = 0;	196	free (dns_forw_host); dns_forw_host = 0;
147	#endif	197	#endif
148	}	198	}
149		199
150	void	200	void
151	configuration::clear_config ()	201	configuration::clear ()
152	{	202	{
153	for (configuration::node_vector::iterator i = nodes.begin(); i != nodes.end(); ++i)	203	for (configuration::node_vector::iterator i = nodes.begin(); i != nodes.end(); ++i)
154	delete *i;	204	delete *i;
155		205
156	nodes.clear ();	206	nodes.clear ();
157		207
158	cleanup ();	208	cleanup ();
159	init ();	209	init ();
160	}	210	}
161		211
162	#define parse_bool(target,name,trueval,falseval) \	212	#define parse_bool(target,name,trueval,falseval) do { \
163	if (!strcmp (val, "yes")) target = trueval; \	213	if (!strcmp (val, "yes")) target = trueval; \
164	else if (!strcmp (val, "no")) target = falseval; \	214	else if (!strcmp (val, "no")) target = falseval; \
165	else if (!strcmp (val, "true")) target = trueval; \	215	else if (!strcmp (val, "true")) target = trueval; \
166	else if (!strcmp (val, "false")) target = falseval; \	216	else if (!strcmp (val, "false")) target = falseval; \
167	else if (!strcmp (val, "on")) target = trueval; \	217	else if (!strcmp (val, "on")) target = trueval; \
168	else if (!strcmp (val, "off")) target = falseval; \	218	else if (!strcmp (val, "off")) target = falseval; \
169	else \	219	else \
170	slog (L_WARN, \	220	return _("illegal boolean value, only 'yes\|true\|on' or 'no\|false\|off' allowed. (ignored)"); \
171	_("illegal value for '%s', only 'yes\|true\|on' or 'no\|false\|off' allowed, at '%s' line %d"), \	221	} while (0)
172	name, var, fname, lineno);
173		222
174	void configuration::read_config (bool need_keys)	223	const char *
		224	configuration_parser::parse_line (char *line)
		225	{
		226	{
		227	char *end = line + strlen (line);
		228
		229	while (*end < ' ' && end >= line)
		230	end--;
		231
		232	*++end = 0;
		233	}
		234
		235	char *tok = line;
		236	const char *var = strtok (tok, "\t =");
		237	tok = 0;
		238
		239	if (!var \|\| !var[0])
		240	return 0; /* no tokens on this line */
		241
		242	if (var[0] == '#')
		243	return 0; /* comment: ignore */
		244
		245	char *val = strtok (NULL, "\t\n\r =");
		246
		247	if (!val \|\| val[0] == '#')
		248	return _("no value given for variable. (ignored)");
		249
		250	if (!strcmp (var, "on"))
		251	{
		252	if (!::thisnode
		253	\|\| (val[0] == '!' && strcmp (val + 1, ::thisnode))
		254	\|\| !strcmp (val, ::thisnode))
		255	return parse_line (strtok (NULL, "\n\r"));
		256	else
		257	return 0;
		258	}
		259
		260	// truly global
		261	if (!strcmp (var, "loglevel"))
		262	{
		263	loglevel l = string_to_loglevel (val);
		264
		265	if (l == L_NONE)
		266	return _("unknown loglevel. (skipping)");
		267	}
		268	else if (!strcmp (var, "ip-proto"))
		269	conf.ip_proto = atoi (val);
		270	else if (!strcmp (var, "icmp-type"))
		271	{
		272	#if ENABLE_ICMP
		273	conf.icmp_type = atoi (val);
		274	#endif
		275	}
		276
		277	// per config
		278	else if (!strcmp (var, "node"))
		279	{
		280	parse_argv ();
		281
		282	conf.default_node.id++;
		283	node = new conf_node (conf.default_node);
		284	conf.nodes.push_back (node);
		285	node->nodename = strdup (val);
		286
		287	{
		288	char *fname;
		289	FILE *f;
		290
		291	asprintf (&fname, "%s/pubkey/%s", confbase, node->nodename);
		292
		293	f = fopen (fname, "r");
		294	if (f)
		295	{
		296	node->rsa_key = RSA_new ();
		297
		298	if (!PEM_read_RSAPublicKey(f, &node->rsa_key, NULL, NULL))
		299	{
		300	ERR_load_RSA_strings (); ERR_load_PEM_strings ();
		301	slog (L_ERR, _("unable to open public rsa key file '%s': %s"), fname, ERR_error_string (ERR_get_error (), 0));
		302	exit (EXIT_FAILURE);
		303	}
		304
		305	require (RSA_blinding_on (node->rsa_key, 0));
		306
		307	fclose (f);
		308	}
		309	else
		310	{
		311	slog (need_keys ? L_ERR : L_NOTICE, _("unable to read public rsa key file '%s': %s"), fname, strerror (errno));
		312
		313	if (need_keys)
		314	exit (EXIT_FAILURE);
		315	}
		316
		317	free (fname);
		318	}
		319
		320	if (::thisnode && !strcmp (node->nodename, ::thisnode))
		321	conf.thisnode = node;
		322	}
		323	else if (!strcmp (var, "private-key"))
		324	free (conf.prikeyfile), conf.prikeyfile = strdup (val);
		325	else if (!strcmp (var, "ifpersist"))
		326	parse_bool (conf.ifpersist, "ifpersist", true, false);
		327	else if (!strcmp (var, "ifname"))
		328	free (conf.ifname), conf.ifname = strdup (val);
		329	else if (!strcmp (var, "rekey"))
		330	conf.rekey = atoi (val);
		331	else if (!strcmp (var, "keepalive"))
		332	conf.keepalive = atoi (val);
		333	else if (!strcmp (var, "mtu"))
		334	conf.mtu = atoi (val);
		335	else if (!strcmp (var, "if-up"))
		336	free (conf.script_if_up), conf.script_if_up = strdup (val);
		337	else if (!strcmp (var, "node-up"))
		338	free (conf.script_node_up), conf.script_node_up = strdup (val);
		339	else if (!strcmp (var, "node-down"))
		340	free (conf.script_node_down), conf.script_node_down = strdup (val);
		341	else if (!strcmp (var, "pid-file"))
		342	free (conf.pidfilename), conf.pidfilename = strdup (val);
		343	else if (!strcmp (var, "dns-forw-host"))
		344	{
		345	#if ENABLE_DNS
		346	free (conf.dns_forw_host), conf.dns_forw_host = strdup (val);
		347	#endif
		348	}
		349	else if (!strcmp (var, "dns-forw-port"))
		350	{
		351	#if ENABLE_DNS
		352	conf.dns_forw_port = atoi (val);
		353	#endif
		354	}
		355	else if (!strcmp (var, "dns-timeout-factor"))
		356	{
		357	#if ENABLE_DNS
		358	conf.dns_timeout_factor = atof (val);
		359	#endif
		360	}
		361	else if (!strcmp (var, "dns-send-interval"))
		362	{
		363	#if ENABLE_DNS
		364	conf.dns_send_interval = atoi (val);
		365	#endif
		366	}
		367	else if (!strcmp (var, "dns-overlap-factor"))
		368	{
		369	#if ENABLE_DNS
		370	conf.dns_overlap_factor = atof (val);
		371	#endif
		372	}
		373	else if (!strcmp (var, "dns-max-outstanding"))
		374	{
		375	#if ENABLE_DNS
		376	conf.dns_max_outstanding = atoi (val);
		377	#endif
		378	}
		379	else if (!strcmp (var, "http-proxy-host"))
		380	{
		381	#if ENABLE_HTTP_PROXY
		382	free (conf.proxy_host), conf.proxy_host = strdup (val);
		383	#endif
		384	}
		385	else if (!strcmp (var, "http-proxy-port"))
		386	{
		387	#if ENABLE_HTTP_PROXY
		388	conf.proxy_port = atoi (val);
		389	#endif
		390	}
		391	else if (!strcmp (var, "http-proxy-auth"))
		392	{
		393	#if ENABLE_HTTP_PROXY
		394	conf.proxy_auth = (char )base64_encode ((const u8 )val, strlen (val));
		395	#endif
		396	}
		397
		398	/* node-specific, non-defaultable */
		399	else if (node != &conf.default_node && !strcmp (var, "hostname"))
		400	free (node->hostname), node->hostname = strdup (val);
		401
		402	/* node-specific, defaultable */
		403	else if (!strcmp (var, "udp-port"))
		404	node->udp_port = atoi (val);
		405	else if (!strcmp (var, "tcp-port"))
		406	node->tcp_port = atoi (val);
		407	else if (!strcmp (var, "dns-hostname"))
		408	{
		409	#if ENABLE_DNS
		410	free (node->dns_hostname), node->dns_hostname = strdup (val);
		411	#endif
		412	}
		413	else if (!strcmp (var, "dns-port"))
		414	{
		415	#if ENABLE_DNS
		416	node->dns_port = atoi (val);
		417	#endif
		418	}
		419	else if (!strcmp (var, "dns-domain"))
		420	{
		421	#if ENABLE_DNS
		422	free (node->domain), node->domain = strdup (val);
		423	#endif
		424	}
		425	else if (!strcmp (var, "if-up-data"))
		426	free (node->if_up_data), node->if_up_data = strdup (val);
		427	else if (!strcmp (var, "router-priority"))
		428	node->routerprio = atoi (val);
		429	else if (!strcmp (var, "max-retry"))
		430	node->max_retry = atoi (val);
		431	else if (!strcmp (var, "connect"))
		432	{
		433	if (!strcmp (val, "ondemand"))
		434	node->connectmode = conf_node::C_ONDEMAND;
		435	else if (!strcmp (val, "never"))
		436	node->connectmode = conf_node::C_NEVER;
		437	else if (!strcmp (val, "always"))
		438	node->connectmode = conf_node::C_ALWAYS;
		439	else if (!strcmp (val, "disabled"))
		440	node->connectmode = conf_node::C_DISABLED;
		441	else
		442	return _("illegal value for 'connectmode', use one of 'ondemand', 'never', 'always' or 'disabled'. (ignored)");
		443	}
		444	else if (!strcmp (var, "inherit-tos"))
		445	parse_bool (node->inherit_tos, "inherit-tos", true, false);
		446	else if (!strcmp (var, "compress"))
		447	parse_bool (node->compress, "compress", true, false);
		448	// all these bool options really really cost a lot of executable size!
		449	else if (!strcmp (var, "enable-tcp"))
		450	{
		451	#if ENABLE_TCP
		452	u8 v; parse_bool (v, "enable-tcp" , PROT_TCPv4, 0); node->protocols = (node->protocols & ~PROT_TCPv4) \| v;
		453	#endif
		454	}
		455	else if (!strcmp (var, "enable-icmp"))
		456	{
		457	#if ENABLE_ICMP
		458	u8 v; parse_bool (v, "enable-icmp" , PROT_ICMPv4, 0); node->protocols = (node->protocols & ~PROT_ICMPv4) \| v;
		459	#endif
		460	}
		461	else if (!strcmp (var, "enable-dns"))
		462	{
		463	#if ENABLE_DNS
		464	u8 v; parse_bool (v, "enable-dns" , PROT_DNSv4, 0); node->protocols = (node->protocols & ~PROT_DNSv4) \| v;
		465	#endif
		466	}
		467	else if (!strcmp (var, "enable-udp"))
		468	{
		469	u8 v; parse_bool (v, "enable-udp" , PROT_UDPv4, 0); node->protocols = (node->protocols & ~PROT_UDPv4) \| v;
		470	}
		471	else if (!strcmp (var, "enable-rawip"))
		472	{
		473	u8 v; parse_bool (v, "enable-rawip", PROT_IPv4, 0); node->protocols = (node->protocols & ~PROT_IPv4 ) \| v;
		474	}
		475	else if (!strcmp (var, "allow-direct"))
		476	node->allow_direct.push_back (strdup (val));
		477	else if (!strcmp (var, "deny-direct"))
		478	node->deny_direct.push_back (strdup (val));
		479	else if (!strcmp (var, "max-ttl"))
		480	node->max_ttl = atof (val);
		481	else if (!strcmp (var, "max-queue"))
		482	node->max_queue = atoi (val);
		483
		484	// unknown or misplaced
		485	else
		486	return _("unknown configuration directive. (ignored)");
		487
		488	return 0;
		489	}
		490
		491	void conf_node::finalise ()
		492	{
		493	if (max_queue < 1)
		494	{
		495	slog (L_WARN, _("%s: max-queue value invalid, setting it to 1."), nodename);
		496	max_queue = 1;
		497	}
		498
		499	if (routerprio > 1 && (connectmode != C_ALWAYS && connectmode != C_DISABLED))
		500	{
		501	//slog (L_WARN, _("%s: has non-zero router-priority but either 'never' or 'ondemand' as connectmode, setting it to 'always'."), nodename);
		502	connectmode = C_ALWAYS;
		503	}
		504	}
		505
		506	void configuration_parser::parse_argv ()
		507	{
		508	for (int i = 0; i < argc; ++i)
		509	{
		510	char *v = argv [i];
		511
		512	if (!*v)
		513	continue;
		514
		515	char *enode = v;
		516
		517	while (enode != '.' && enode > ' ' && enode != '=' && enode)
		518	enode++;
		519
		520	if (*enode != '.')
		521	enode = 0;
		522
		523	char *wnode = node == &conf.default_node
		524	? 0
		525	: node->nodename;
		526
		527	if ((!wnode && !enode)
		528	\|\| (wnode && enode && !strncmp (wnode, v, enode - v)))
		529	{
		530	const char *warn = parse_line (enode ? enode + 1 : v);
		531
		532	if (warn)
		533	slog (L_WARN, _("%s, while parsing command line option '%s'."), warn, v);
		534
		535	*v = 0;
		536	}
		537	}
		538	}
		539
		540	configuration_parser::configuration_parser (configuration &conf,
		541	bool need_keys,
		542	int argc,
		543	char **argv)
		544	: conf (conf),need_keys (need_keys), argc (argc), argv (argv)
175	{	545	{
176	char *fname;	546	char *fname;
177	FILE *f;	547	FILE *f;
178		548
179	clear_config ();	549	conf.clear ();
180		550
181	asprintf (&fname, "%s/gvpe.conf", confbase);	551	asprintf (&fname, "%s/gvpe.conf", confbase);
182	f = fopen (fname, "r");	552	f = fopen (fname, "r");
183		553
184	if (f)	554	if (f)
185	{	555	{
186	char line[16384];	556	char line[16384];
187	int lineno = 0;	557	int lineno = 0;
188	char var, val;	558	node = &conf.default_node;
189	conf_node *node = &default_node;
190		559
191	while (fgets (line, sizeof (line), f))	560	while (fgets (line, sizeof (line), f))
192	{	561	{
193	lineno++;	562	lineno++;
194		563
195	{	564	const char *warn = parse_line (line);
196	char *end = line + strlen (line);
197		565
198	while (*end < ' ' && end >= line)	566	if (warn)
199	end--;	567	slog (L_WARN, _("%s, at '%s', line %d."), warn, fname, lineno);
200
201	*++end = 0;
202	}
203
204	char *tok = line;
205
206	retry:
207	var = strtok (tok, "\t =");
208	tok = 0;
209
210	if (!var \|\| !var[0])
211	continue; /* no tokens on this line */
212
213	if (var[0] == '#')
214	continue; /* comment: ignore */
215
216	val = strtok (NULL, "\t\n\r =");
217
218	if (!val \|\| val[0] == '#')
219	{
220	slog (L_WARN,
221	_("no value for variable `%s', at '%s' line %d"),
222	var, fname, lineno);
223	break;
224	}
225
226	if (!strcmp (var, "on"))
227	{
228	if (!::thisnode
229	\|\| (val[0] == '!' && strcmp (val + 1, ::thisnode))
230	\|\| !strcmp (val, ::thisnode))
231	goto retry;
232
233	continue;
234	}
235
236	// truly global
237	if (!strcmp (var, "loglevel"))
238	{
239	loglevel l = string_to_loglevel (val);
240
241	if (l != L_NONE)
242	llevel = l;
243	else
244	slog (L_WARN, "'%s': %s, at '%s' line %d", val, UNKNOWN_LOGLEVEL, fname, line);
245	}
246	else if (!strcmp (var, "ip-proto"))
247	ip_proto = atoi (val);
248	else if (!strcmp (var, "icmp-type"))
249	{
250	#if ENABLE_ICMP
251	icmp_type = atoi (val);
252	#endif
253	}
254
255	// per config
256	else if (!strcmp (var, "node"))
257	{
258	default_node.id++;
259
260	node = new conf_node (default_node);
261
262	nodes.push_back (node);
263
264	node->nodename = strdup (val);
265
266	{
267	char *fname;
268	FILE *f;
269
270	asprintf (&fname, "%s/pubkey/%s", confbase, node->nodename);
271
272	f = fopen (fname, "r");
273	if (f)
274	{
275	node->rsa_key = RSA_new ();
276
277	if (!PEM_read_RSAPublicKey(f, &node->rsa_key, NULL, NULL))
278	{
279	ERR_load_RSA_strings (); ERR_load_PEM_strings ();
280	slog (L_ERR, _("unable to open public rsa key file '%s': %s"), fname, ERR_error_string (ERR_get_error (), 0));
281	exit (EXIT_FAILURE);
282	}
283
284	require (RSA_blinding_on (node->rsa_key, 0));
285
286	fclose (f);
287	}
288	else
289	{
290	slog (need_keys ? L_ERR : L_NOTICE, _("unable to read public rsa key file '%s': %s"), fname, strerror (errno));
291
292	if (need_keys)
293	exit (EXIT_FAILURE);
294	}
295
296	free (fname);
297	}
298
299	if (::thisnode && !strcmp (node->nodename, ::thisnode))
300	thisnode = node;
301	}
302	else if (!strcmp (var, "private-key"))
303	free (prikeyfile), prikeyfile = strdup (val);
304	else if (!strcmp (var, "ifpersist"))
305	{
306	parse_bool (ifpersist, "ifpersist", true, false);
307	}
308	else if (!strcmp (var, "ifname"))
309	free (ifname), ifname = strdup (val);
310	else if (!strcmp (var, "rekey"))
311	rekey = atoi (val);
312	else if (!strcmp (var, "keepalive"))
313	keepalive = atoi (val);
314	else if (!strcmp (var, "mtu"))
315	mtu = atoi (val);
316	else if (!strcmp (var, "if-up"))
317	free (script_if_up), script_if_up = strdup (val);
318	else if (!strcmp (var, "node-up"))
319	free (script_node_up), script_node_up = strdup (val);
320	else if (!strcmp (var, "node-down"))
321	free (script_node_down), script_node_down = strdup (val);
322	else if (!strcmp (var, "pid-file"))
323	free (pidfilename), pidfilename = strdup (val);
324	#if ENABLE_DNS
325	else if (!strcmp (var, "dns-forw-host"))
326	free (dns_forw_host), dns_forw_host = strdup (val);
327	else if (!strcmp (var, "dns-forw-port"))
328	dns_forw_port = atoi (val);
329	#endif
330	else if (!strcmp (var, "http-proxy-host"))
331	{
332	#if ENABLE_HTTP_PROXY
333	free (proxy_host), proxy_host = strdup (val);
334	#endif
335	}
336	else if (!strcmp (var, "http-proxy-port"))
337	{
338	#if ENABLE_HTTP_PROXY
339	proxy_port = atoi (val);
340	#endif
341	}
342	else if (!strcmp (var, "http-proxy-auth"))
343	{
344	#if ENABLE_HTTP_PROXY
345	proxy_auth = (char )base64_encode ((const u8 )val, strlen (val));
346	#endif
347	}
348
349	/* node-specific, non-defaultable */
350	else if (node != &default_node && !strcmp (var, "hostname"))
351	free (node->hostname), node->hostname = strdup (val);
352
353	/* node-specific, defaultable */
354	else if (!strcmp (var, "udp-port"))
355	node->udp_port = atoi (val);
356	else if (!strcmp (var, "tcp-port"))
357	node->tcp_port = atoi (val);
358	#if ENABLE_DNS
359	else if (!strcmp (var, "dns-hostname"))
360	free (node->dns_hostname), node->dns_hostname = strdup (val);
361	else if (!strcmp (var, "dns-port"))
362	node->dns_port = atoi (val);
363	#endif
364	else if (!strcmp (var, "dns-domain"))
365	{
366	#if ENABLE_DNS
367	free (node->domain), node->domain = strdup (val);
368	#endif
369	}
370	else if (!strcmp (var, "router-priority"))
371	node->routerprio = atoi (val);
372	else if (!strcmp (var, "max-retry"))
373	node->max_retry = atoi (val);
374	else if (!strcmp (var, "connect"))
375	{
376	if (!strcmp (val, "ondemand"))
377	node->connectmode = conf_node::C_ONDEMAND;
378	else if (!strcmp (val, "never"))
379	node->connectmode = conf_node::C_NEVER;
380	else if (!strcmp (val, "always"))
381	node->connectmode = conf_node::C_ALWAYS;
382	else if (!strcmp (val, "disabled"))
383	node->connectmode = conf_node::C_DISABLED;
384	else
385	slog (L_WARN,
386	_("illegal value for 'connectmode', use one of 'ondemand', 'never', 'always' or 'disabled', at '%s' line %d"),
387	var, fname, lineno);
388	}
389	else if (!strcmp (var, "inherit-tos"))
390	{
391	parse_bool (node->inherit_tos, "inherit-tos", true, false);
392	}
393	else if (!strcmp (var, "compress"))
394	{
395	parse_bool (node->compress, "compress", true, false);
396	}
397	// all these bool options really really cost a lot of executable size!
398	else if (!strcmp (var, "enable-tcp"))
399	{
400	#if ENABLE_TCP
401	u8 v; parse_bool (v, "enable-tcp" , PROT_TCPv4, 0); node->protocols = (node->protocols & ~PROT_TCPv4) \| v;
402	#endif
403	}
404	else if (!strcmp (var, "enable-icmp"))
405	{
406	#if ENABLE_ICMP
407	u8 v; parse_bool (v, "enable-icmp" , PROT_ICMPv4, 0); node->protocols = (node->protocols & ~PROT_ICMPv4) \| v;
408	#endif
409	}
410	else if (!strcmp (var, "enable-dns"))
411	{
412	#if ENABLE_DNS
413	u8 v; parse_bool (v, "enable-dns" , PROT_DNSv4, 0); node->protocols = (node->protocols & ~PROT_DNSv4) \| v;
414	#endif
415	}
416	else if (!strcmp (var, "enable-udp"))
417	{
418	u8 v; parse_bool (v, "enable-udp" , PROT_UDPv4, 0); node->protocols = (node->protocols & ~PROT_UDPv4) \| v;
419	}
420	else if (!strcmp (var, "enable-rawip"))
421	{
422	u8 v; parse_bool (v, "enable-rawip", PROT_IPv4, 0); node->protocols = (node->protocols & ~PROT_IPv4 ) \| v;
423	}
424
425	// unknown or misplaced
426	else
427	slog (L_WARN,
428	_("unknown or misplaced variable `%s', at '%s' line %d"),
429	var, fname, lineno);
430	}	568	}
431		569
432	fclose (f);	570	fclose (f);
		571
		572	parse_argv ();
433	}	573	}
434	else	574	else
435	{	575	{
436	slog (L_ERR, _("unable to read config file '%s': %s"), fname, strerror (errno));	576	slog (L_ERR, _("unable to read config file '%s': %s"), fname, strerror (errno));
437	exit (EXIT_FAILURE);	577	exit (EXIT_FAILURE);
438	}	578	}
439		579
440	free (fname);	580	free (fname);
441		581
442	fname = config_filename (prikeyfile, "hostkey");	582	fname = conf.config_filename (conf.prikeyfile, "hostkey");
443		583
444	f = fopen (fname, "r");	584	f = fopen (fname, "r");
445	if (f)	585	if (f)
446	{	586	{
447	rsa_key = RSA_new ();	587	conf.rsa_key = RSA_new ();
448		588
449	if (!PEM_read_RSAPrivateKey (f, &rsa_key, NULL, NULL))	589	if (!PEM_read_RSAPrivateKey (f, &conf.rsa_key, NULL, NULL))
450	{	590	{
451	ERR_load_RSA_strings (); ERR_load_PEM_strings ();	591	ERR_load_RSA_strings (); ERR_load_PEM_strings ();
452	slog (L_ERR, _("unable to read private rsa key file '%s': %s"), fname, ERR_error_string (ERR_get_error (), 0));	592	slog (L_ERR, _("unable to read private rsa key file '%s': %s"), fname, ERR_error_string (ERR_get_error (), 0));
453	exit (EXIT_FAILURE);	593	exit (EXIT_FAILURE);
454	}	594	}
455		595
456	require (RSA_blinding_on (rsa_key, 0));	596	require (RSA_blinding_on (conf.rsa_key, 0));
457		597
458	fclose (f);	598	fclose (f);
459	}	599	}
460	else	600	else
461	{	601	{
…		…
464	if (need_keys)	604	if (need_keys)
465	exit (EXIT_FAILURE);	605	exit (EXIT_FAILURE);
466	}	606	}
467		607
468	if (need_keys && ::thisnode	608	if (need_keys && ::thisnode
469	&& rsa_key && thisnode && thisnode->rsa_key)	609	&& conf.rsa_key && conf.thisnode && conf.thisnode->rsa_key)
470	if (BN_cmp (rsa_key->n, thisnode->rsa_key->n) != 0	610	if (BN_cmp (conf.rsa_key->n, conf.thisnode->rsa_key->n) != 0
471	\|\| BN_cmp (rsa_key->e, thisnode->rsa_key->e) != 0)	611	\|\| BN_cmp (conf.rsa_key->e, conf.thisnode->rsa_key->e) != 0)
472	{	612	{
473	slog (L_NOTICE, _("private hostkey and public node key mismatch: is '%s' the correct node?"), ::thisnode);	613	slog (L_NOTICE, _("private hostkey and public node key mismatch: is '%s' the correct node?"), ::thisnode);
474	exit (EXIT_FAILURE);	614	exit (EXIT_FAILURE);
475	}	615	}
476		616
477	free (fname);	617	free (fname);
		618
		619	for (configuration::node_vector::iterator i = conf.nodes.begin(); i != conf.nodes.end(); ++i)
		620	(*i)->finalise ();
478	}	621	}
479		622
480	char configuration::config_filename (const char name, const char *dflt)	623	char configuration::config_filename (const char name, const char *dflt)
481	{	624	{
482	char *fname;	625	char *fname;

Diff Legend

-–
+Removed lines
-+
+Added lines
-<
+Changed lines
->
+Changed lines

Comparing gvpe/src/conf.C (file contents): Revision 1.30 by pcg, Thu Mar 3 07:24:57 2005 UTC vs. Revision 1.49 by pcg, Sun Aug 10 22:18:58 2008 UTC

Diff Legend

Comparing gvpe/src/conf.C (file contents):
Revision 1.30 by pcg, Thu Mar 3 07:24:57 2005 UTC vs.
Revision 1.49 by pcg, Sun Aug 10 22:18:58 2008 UTC