[ViewVC] Diff of: cvs/gvpe/src/conf.C

Comparing gvpe/src/conf.C (file contents):
Revision 1.57 by root, Sat Dec 17 22:05:34 2011 UTC vs.
Revision 1.66 by root, Thu Jul 30 19:03:44 2015 UTC

 #include <errno.h>
 #include <netdb.h>
 #include <sys/stat.h>
 #include <sys/types.h>
 #include <unistd.h>
+#include <pwd.h>
 #include "netcompat.h"
 #include <openssl/err.h>
 #include <openssl/pem.h>
 struct configuration conf;
 u8
 best_protocol (u8 protset)
 {
-#if 1//D2
-  if (protset & PROT_IPv42 ) return PROT_IPv42;
-#endif
   if (protset & PROT_IPv4  ) return PROT_IPv4;
   if (protset & PROT_ICMPv4) return PROT_ICMPv4;
   if (protset & PROT_UDPv4 ) return PROT_UDPv4;
   if (protset & PROT_TCPv4 ) return PROT_TCPv4;
   if (protset & PROT_DNSv4 ) return PROT_DNSv4;
 }
 const char *
 strprotocol (u8 protocol)
 {
-#if 1//D2
-  if (protocol & PROT_IPv42 ) return "rawip2";
-#endif
   if (protocol & PROT_IPv4  ) return "rawip";
   if (protocol & PROT_ICMPv4) return "icmp";
   if (protocol & PROT_UDPv4 ) return "udp";
   if (protocol & PROT_TCPv4 ) return "tcp";
   if (protocol & PROT_DNSv4 ) return "dns";
   nfmark    = 0;
   rekey     = DEFAULT_REKEY;
   keepalive = DEFAULT_KEEPALIVE;
   llevel    = L_INFO;
   ip_proto  = IPPROTO_GRE;
-#if 1 //D2
-  ip2_proto = 7;
-#endif
 #if ENABLE_ICMP
   icmp_type = ICMP_ECHOREPLY;
 #endif
   default_node.udp_port    = DEFAULT_UDPPORT;
   dns_send_interval   = DEFAULT_DNS_SEND_INTERVAL;
   dns_overlap_factor  = DEFAULT_DNS_OVERLAP_FACTOR;
   dns_max_outstanding = DEFAULT_DNS_MAX_OUTSTANDING;
 #endif
-  conf.pidfilename = strdup (LOCALSTATEDIR "/run/gvpe.pid");
+  pidfilename   = strdup (LOCALSTATEDIR "/run/gvpe.pid");
+  seed_dev      = strdup ("/dev/urandom");
+  reseed        = DEFAULT_RESEED;
 }
 void
 configuration::cleanup ()
 {
   if (rsa_key)
     RSA_free (rsa_key);
   rsa_key = 0;
+  free (seed_dev);           seed_dev           = 0;
   free (pidfilename);        pidfilename        = 0;
   free (ifname);             ifname             = 0;
 #if ENABLE_HTTP_PROXY
   free (proxy_host);         proxy_host         = 0;
   free (proxy_auth);         proxy_auth         = 0;
 #endif
 #if ENABLE_DNS
   free (dns_forw_host);      dns_forw_host      = 0;
 #endif
+  free (change_root);        change_root        = 0;
   free (script_if_up);       script_if_up       = 0;
   free (script_node_up);     script_node_up     = 0;
   free (script_node_change); script_node_change = 0;
   free (script_node_down);   script_node_down   = 0;
 }
   nodes.clear ();
   cleanup ();
   init ();
+}
+conf_node *
+configuration::find_node (const char *name)
+{
+  for (configuration::node_vector::iterator i = conf.nodes.begin(); i != conf.nodes.end(); ++i)
+    if (!strcmp ((*i)->nodename, name))
+      return *i;
+  return 0;
 }
 //static bool
 //is_true (const char *name)
 //{
 configuration_parser::parse_line (char *line)
 {
   {
     char *end = line + strlen (line);
-    while (*end < ' ' && end >= line)
+    while (end >= line && *end < ' ')
       end--;
     *++end = 0;
   }
   if (!var || !var[0])
     return 0;		/* no tokens on this line */
   if (var[0] == '#')
     return 0;		/* comment: ignore */
+  if (!strcmp (var, "global"))
+    {
+      node = &conf.default_node;
+      return 0;
+    }
   char *val = strtok (NULL, "\t\n\r =");
   if (!val || val[0] == '#')
     return _("no value given for variable, ignored");
       loglevel l = string_to_loglevel (val);
       if (l == L_NONE)
         return _("unknown loglevel, ignored");
     }
+  else if (!strcmp (var, "serial"))
+    strncpy (conf.serial, val, sizeof (conf.serial));
   else if (!strcmp (var, "ip-proto"))
     conf.ip_proto = atoi (val);
-#if 1 //D2
-  else if (!strcmp (var, "ip2-proto"))
-    conf.ip2_proto = atoi (val);
-#endif
   else if (!strcmp (var, "icmp-type"))
     {
 #if ENABLE_ICMP
       conf.icmp_type = atoi (val);
 #endif
     }
+  else if (!strcmp (var, "chuser"))
+    {
+      struct passwd *pw = getpwnam (val);
+      if (!pw)
+        return _("user specified for chuser not found");
-  // per config
+      conf.change_uid = pw->pw_uid;
+      conf.change_gid = pw->pw_gid;
+    }
+  else if (!strcmp (var, "chuid"))
+    conf.change_uid = atoi (val);
+  else if (!strcmp (var, "chgid"))
+    conf.change_gid = atoi (val);
+  else if (!strcmp (var, "chroot"))
+    free (conf.change_root), conf.change_root = strdup (val);
+  // per node
   else if (!strcmp (var, "node"))
     {
-      parse_argv ();
+      node = conf.find_node (val);
+      if (!node)
+        {
-      conf.default_node.id++;
+          conf.default_node.id++;
-      node = new conf_node (conf.default_node);
+          node = new conf_node (conf.default_node);
-      conf.nodes.push_back (node);
+          conf.nodes.push_back (node);
-      node->nodename = strdup (val);
+          node->nodename = strdup (val);
-      {
-        char *fname;
-        FILE *f;
-        asprintf (&fname, "%s/pubkey/%s", confbase, node->nodename);
-        f = fopen (fname, "r");
-        if (f)
-          {
-            node->rsa_key = RSA_new ();
-            if (!PEM_read_RSAPublicKey(f, &node->rsa_key, NULL, NULL))
-              {
-                ERR_load_RSA_strings (); ERR_load_PEM_strings ();
-                slog (L_ERR, _("unable to open public rsa key file '%s': %s"), fname, ERR_error_string (ERR_get_error (), 0));
-                exit (EXIT_FAILURE);
-              }
-            require (RSA_blinding_on (node->rsa_key, 0));
-            fclose (f);
-          }
+        }
-        else
-          {
-            slog (need_keys ? L_ERR : L_NOTICE, _("unable to read public rsa key file '%s': %s"), fname, strerror (errno));
-            if (need_keys)
-              exit (EXIT_FAILURE);
-          }
-        free (fname);
-      }
-      if (::thisnode && !strcmp (node->nodename, ::thisnode))
-        conf.thisnode = node;
     }
   else if (!strcmp (var, "private-key"))
     free (conf.prikeyfile), conf.prikeyfile = strdup (val);
   else if (!strcmp (var, "ifpersist"))
     parse_bool (conf.ifpersist, "ifpersist", true, false);
     conf.keepalive = atoi (val);
   else if (!strcmp (var, "mtu"))
     conf.mtu = atoi (val);
   else if (!strcmp (var, "nfmark"))
     conf.nfmark = atoi (val);
+  else if (!strcmp (var, "seed-device"))
+    free (conf.seed_dev), conf.seed_dev = strdup (val);
+  else if (!strcmp (var, "seed-interval"))
+    conf.reseed = atoi (val);
   else if (!strcmp (var, "if-up"))
     free (conf.script_if_up), conf.script_if_up = strdup (val);
   else if (!strcmp (var, "node-up"))
     free (conf.script_node_up), conf.script_node_up = strdup (val);
   else if (!strcmp (var, "node-change"))
     }
   else if (!strcmp (var, "inherit-tos"))
     parse_bool (node->inherit_tos, "inherit-tos", true, false);
   else if (!strcmp (var, "compress"))
     parse_bool (node->compress, "compress", true, false);
+  else if (!strcmp (var, "low-power"))
+    parse_bool (node->low_power, "low-power", true, false);
   // all these bool options really really cost a lot of executable size!
   else if (!strcmp (var, "enable-tcp"))
     {
 #if ENABLE_TCP
       u8 v; parse_bool (v, "enable-tcp" , PROT_TCPv4, 0); node->protocols = (node->protocols & ~PROT_TCPv4) | v;
     }
   else if (!strcmp (var, "enable-rawip"))
     {
       u8 v; parse_bool (v, "enable-rawip", PROT_IPv4, 0); node->protocols = (node->protocols & ~PROT_IPv4 ) | v;
     }
-#if 1//D2
-  else if (!strcmp (var, "enable-rawip2"))
-    {
-      u8 v; parse_bool (v, "enable-rawip2", PROT_IPv42, 0); node->protocols = (node->protocols & ~PROT_IPv42 ) | v;
-    }
-#endif
   else if (!strcmp (var, "allow-direct"))
     node->allow_direct.push_back (strdup (val));
   else if (!strcmp (var, "deny-direct"))
     node->deny_direct.push_back (strdup (val));
   else if (!strcmp (var, "max-ttl"))
       connectmode = C_ALWAYS;
     }
 }
 void
-configuration_parser::parse_argv ()
-{
-  for (int i = 0; i < argc; ++i)
-    {
-      char *v = argv [i];
-      if (!*v)
-        continue;
-      char *enode = v;
-      while (*enode != '.' && *enode > ' ' && *enode != '=' && *enode)
-        enode++;
-      if (*enode != '.')
-        enode = 0;
-      char *wnode = node == &conf.default_node
-                    ? 0
-                    : node->nodename;
-      if ((!wnode && !enode)
-          || (wnode && enode && !strncmp (wnode, v, enode - v)))
-        {
-          const char *warn = parse_line (enode ? enode + 1 : v);
-          if (warn)
-            slog (L_WARN, _("%s, while parsing command line option '%s'."), warn, v);
-          *v = 0;
-        }
-    }
-}
-void
 configuration_parser::parse_file (const char *fname)
 {
   if (FILE *f = fopen (fname, "r"))
     {
       char line [2048];
           if (warn)
             slog (L_WARN, _("%s, at '%s', line %d."), warn, fname, lineno);
         }
       fclose (f);
-      parse_argv ();
     }
   else
     {
       slog (L_ERR, _("unable to read config file '%s': %s"), fname, strerror (errno));
       exit (EXIT_FAILURE);
 configuration_parser::configuration_parser (configuration &conf,
                                             bool need_keys,
                                             int argc,
                                             char **argv)
-: conf (conf),need_keys (need_keys), argc (argc), argv (argv)
+: conf (conf), need_keys (need_keys), argc (argc), argv (argv)
 {
   char *fname;
   conf.clear ();
   node = &conf.default_node;
       fclose (f);
     }
   else
     {
-      slog (need_keys ? L_ERR : L_NOTICE, _("unable to open private rsa key file '%s': %s"), fname, strerror (errno));
       if (need_keys)
+        {
+          slog (need_keys ? L_ERR : L_NOTICE, _("unable to open private rsa key file '%s': %s"), fname, strerror (errno));
-        exit (EXIT_FAILURE);
+          exit (EXIT_FAILURE);
+        }
     }
   free (fname);
-  if (need_keys && ::thisnode
+  fname = conf.config_filename (conf.pidfilename);
-      && conf.rsa_key && conf.thisnode && conf.thisnode->rsa_key)
+  free (conf.pidfilename); conf.pidfilename = fname;
-    if (BN_cmp (conf.rsa_key->n, conf.thisnode->rsa_key->n) != 0
-        || BN_cmp (conf.rsa_key->e, conf.thisnode->rsa_key->e) != 0)
-      {
-        slog (L_NOTICE, _("private hostkey and public node key mismatch: is '%s' the correct node?"), ::thisnode);
-        exit (EXIT_FAILURE);
-      }
   for (configuration::node_vector::iterator i = conf.nodes.begin(); i != conf.nodes.end(); ++i)
+    {
+      conf_node *node = *i;
+      char *fname;
+      FILE *f;
+      asprintf (&fname, "%s/pubkey/%s", confbase, node->nodename);
+      f = fopen (fname, "r");
+      if (f)
+        {
+          node->rsa_key = RSA_new ();
+          if (!PEM_read_RSAPublicKey (f, &node->rsa_key, NULL, NULL))
+            {
+              ERR_load_RSA_strings (); ERR_load_PEM_strings ();
+              slog (L_ERR, _("unable to open public rsa key file '%s': %s"), fname, ERR_error_string (ERR_get_error (), 0));
+              exit (EXIT_FAILURE);
+            }
+          require (RSA_blinding_on (node->rsa_key, 0));
+          fclose (f);
+        }
+      else
+        {
+          slog (need_keys ? L_ERR : L_NOTICE, _("unable to read public rsa key file '%s': %s"), fname, strerror (errno));
+          if (need_keys)
+            exit (EXIT_FAILURE);
+        }
+      free (fname);
-    (*i)->finalise ();
+      (*i)->finalise ();
+    }
+  if (::thisnode)
+    {
+      conf.thisnode = conf.find_node (::thisnode);
+      if (need_keys)
+        {
+          if (!conf.thisnode)
+            {
+              slog (L_NOTICE, _("local node ('%s') not found in config file, aborting."), ::thisnode);
+              exit (EXIT_FAILURE);
+            }
+          if (conf.rsa_key && conf.thisnode->rsa_key)
+            if (BN_cmp (conf.rsa_key->n, conf.thisnode->rsa_key->n) != 0
+                || BN_cmp (conf.rsa_key->e, conf.thisnode->rsa_key->e) != 0)
+              {
+                slog (L_NOTICE, _("private hostkey and public node key mismatch: is '%s' the correct node?"), ::thisnode);
+                exit (EXIT_FAILURE);
+              }
+        }
+    }
+  parse_argv ();
+}
+void
+configuration_parser::parse_argv ()
+{
+  for (int i = 0; i < argc; ++i)
+    {
+      char *v = argv [i];
+      if (!*v)
+        continue;
+      char *enode = v;
+      while (*enode != '.' && *enode > ' ' && *enode != '=' && *enode)
+        enode++;
+      if (*enode != '.')
+        enode = 0;
+      if (enode)
+        {
+          char *val = strdup (v);
+          val [enode - v] = 0;
+          node = conf.find_node (val);
+          free (val);
+          if (!node)
+            {
+              slog (L_WARN, _("command line option '%s' refers to unknown node, ignoring."), v);
+              continue;
+            }
+        }
+      else
+        node = &conf.default_node;
+      const char *warn = parse_line (enode ? enode + 1 : v);
+      if (warn)
+        slog (L_WARN, _("%s, while parsing command line option '%s'."), warn, v);
+    }
 }
 char *
 configuration::config_filename (const char *name, const char *dflt)
 {
   char *fname;
-  asprintf (&fname, name ? name : dflt, ::thisnode);
+  asprintf (&fname, name ? name : dflt, ::thisnode ? ::thisnode : "<unset>");
   if (!ABSOLUTE_PATH (fname))
     {
       char *rname = fname;
       asprintf (&fname, "%s/%s", confbase, rname);

Diff Legend

-–
+Removed lines
-+
+Added lines
-<
+Changed lines
->
+Changed lines

Comparing gvpe/src/conf.C (file contents): Revision 1.57 by root, Sat Dec 17 22:05:34 2011 UTC vs. Revision 1.66 by root, Thu Jul 30 19:03:44 2015 UTC

Diff Legend

Comparing gvpe/src/conf.C (file contents):
Revision 1.57 by root, Sat Dec 17 22:05:34 2011 UTC vs.
Revision 1.66 by root, Thu Jul 30 19:03:44 2015 UTC