ViewVC Help
View File | Revision Log | Show Annotations | Download File
/cvs/gvpe/src/conf.C
Revision: 1.48
Committed: Sun Aug 10 02:49:27 2008 UTC (15 years, 9 months ago) by pcg
Content type: text/plain
Branch: MAIN
Changes since 1.47: +1 -1 lines
Log Message: 
lots bugfixing

File Contents

# Content
1 /*
2 conf.c -- configuration code
3 Copyright (C) 2003-2008 Marc Lehmann <gvpe@schmorp.de>
4
5 This file is part of GVPE.
6
7 GVPE is free software; you can redistribute it and/or modify it
8 under the terms of the GNU General Public License as published by the
9 Free Software Foundation; either version 3 of the License, or (at your
10 option) any later version.
11
12 This program is distributed in the hope that it will be useful, but
13 WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General
15 Public License for more details.
16
17 You should have received a copy of the GNU General Public License along
18 with this program; if not, see <http://www.gnu.org/licenses/>.
19
20 Additional permission under GNU GPL version 3 section 7
21
22 If you modify this Program, or any covered work, by linking or
23 combining it with the OpenSSL project's OpenSSL library (or a modified
24 version of that library), containing parts covered by the terms of the
25 OpenSSL or SSLeay licenses, the licensors of this Program grant you
26 additional permission to convey the resulting work. Corresponding
27 Source for a non-source form of such a combination shall include the
28 source code for the parts of OpenSSL used as well as that of the
29 covered work.
30 */
31
32 #include "config.h"
33
34 #include <cstdio>
35 #include <cstdlib>
36 #include <cstring>
37
38 #include <errno.h>
39 #include <netdb.h>
40 #include <sys/stat.h>
41 #include <sys/types.h>
42 #include <unistd.h>
43
44 #include "netcompat.h"
45
46 #include <openssl/err.h>
47 #include <openssl/pem.h>
48 #include <openssl/rsa.h>
49 #include <openssl/rand.h>
50 #include <openssl/bn.h>
51
52 #include "conf.h"
53 #include "slog.h"
54 #include "util.h"
55
56 char *confbase;
57 char *thisnode;
58 char *identname;
59
60 struct configuration conf;
61
62 u8 best_protocol (u8 protset)
63 {
64 if (protset & PROT_IPv4 ) return PROT_IPv4;
65 if (protset & PROT_ICMPv4) return PROT_ICMPv4;
66 if (protset & PROT_UDPv4 ) return PROT_UDPv4;
67 if (protset & PROT_TCPv4 ) return PROT_TCPv4;
68 if (protset & PROT_DNSv4 ) return PROT_DNSv4;
69
70 return 0;
71 }
72
73 const char *strprotocol (u8 protocol)
74 {
75 if (protocol & PROT_IPv4 ) return "rawip";
76 if (protocol & PROT_ICMPv4) return "icmp";
77 if (protocol & PROT_UDPv4 ) return "udp";
78 if (protocol & PROT_TCPv4 ) return "tcp";
79 if (protocol & PROT_DNSv4 ) return "dns";
80
81 return "<unknown>";
82 }
83
84 static bool
85 match_list (const vector<const char *> &list, const char *str)
86 {
87 for (vector<const char *>::const_iterator i = list.end (); i-- > list.begin (); )
88 if ((*i)[0] == '*' && !(*i)[1])
89 return true;
90 else if (!strcmp (*i, str))
91 return true;
92
93 return false;
94 }
95
96 bool
97 conf_node::may_direct (struct conf_node *other)
98 {
99 if (match_list (allow_direct, other->nodename))
100 return true;
101
102 if (match_list (deny_direct, other->nodename))
103 return false;
104
105 return true;
106 }
107
108 void
109 conf_node::print ()
110 {
111 printf ("%4d fe:fd:80:00:0%1x:%02x %c %-8.8s %-10.10s %s%s%d\n",
112 id,
113 id >> 8, id & 0xff,
114 compress ? 'Y' : 'N',
115 connectmode == C_ONDEMAND ? "ondemand"
116 : connectmode == C_NEVER ? "never"
117 : connectmode == C_ALWAYS ? "always"
118 : connectmode == C_DISABLED ? "disabled"
119 : "",
120 nodename,
121 hostname ? hostname : "",
122 hostname ? ":" : "",
123 hostname ? udp_port : 0
124 );
125 }
126
127 conf_node::~conf_node ()
128 {
129 #if 0
130 // does not work, because string pointers etc. are shared
131 // is not called, however
132 if (rsa_key)
133 RSA_free (rsa_key);
134
135 free (nodename);
136 free (hostname);
137 free (if_up_data);
138 #if ENABLE_DNS
139 free (domain);
140 free (dns_hostname);
141 #endif
142 #endif
143 }
144
145 void configuration::init ()
146 {
147 memset (this, 0, sizeof (*this));
148
149 mtu = DEFAULT_MTU;
150 rekey = DEFAULT_REKEY;
151 keepalive = DEFAULT_KEEPALIVE;
152 llevel = L_INFO;
153 ip_proto = IPPROTO_GRE;
154 #if ENABLE_ICMP
155 icmp_type = ICMP_ECHOREPLY;
156 #endif
157
158 default_node.udp_port = DEFAULT_UDPPORT;
159 default_node.tcp_port = DEFAULT_UDPPORT; // ehrm
160 default_node.connectmode = conf_node::C_ALWAYS;
161 default_node.compress = true;
162 default_node.protocols = 0;
163 default_node.max_retry = DEFAULT_MAX_RETRY;
164 default_node.max_ttl = DEFAULT_MAX_TTL;
165 default_node.max_queue = DEFAULT_MAX_QUEUE;
166 default_node.if_up_data = strdup ("");
167
168 #if ENABLE_DNS
169 default_node.dns_port = 0; // default is 0 == client
170
171 dns_forw_host = strdup ("127.0.0.1");
172 dns_forw_port = 53;
173 dns_timeout_factor = DEFAULT_DNS_TIMEOUT_FACTOR;
174 dns_send_interval = DEFAULT_DNS_SEND_INTERVAL;
175 dns_overlap_factor = DEFAULT_DNS_OVERLAP_FACTOR;
176 dns_max_outstanding = DEFAULT_DNS_MAX_OUTSTANDING;
177 #endif
178
179 conf.pidfilename = strdup (LOCALSTATEDIR "/run/gvpe.pid");
180 }
181
182 void configuration::cleanup()
183 {
184 if (rsa_key)
185 RSA_free (rsa_key);
186
187 rsa_key = 0;
188
189 free (pidfilename); pidfilename = 0;
190 free (ifname); ifname = 0;
191 #if ENABLE_HTTP_PROXY
192 free (proxy_host); proxy_host = 0;
193 free (proxy_auth); proxy_auth = 0;
194 #endif
195 #if ENABLE_DNS
196 free (dns_forw_host); dns_forw_host = 0;
197 #endif
198 }
199
200 void
201 configuration::clear ()
202 {
203 for (configuration::node_vector::iterator i = nodes.begin(); i != nodes.end(); ++i)
204 delete *i;
205
206 nodes.clear ();
207
208 cleanup ();
209 init ();
210 }
211
212 #define parse_bool(target,name,trueval,falseval) do { \
213 if (!strcmp (val, "yes")) target = trueval; \
214 else if (!strcmp (val, "no")) target = falseval; \
215 else if (!strcmp (val, "true")) target = trueval; \
216 else if (!strcmp (val, "false")) target = falseval; \
217 else if (!strcmp (val, "on")) target = trueval; \
218 else if (!strcmp (val, "off")) target = falseval; \
219 else \
220 return _("illegal boolean value, only 'yes|true|on' or 'no|false|off' allowed. (ignored)"); \
221 } while (0)
222
223 const char *
224 configuration_parser::parse_line (char *line)
225 {
226 {
227 char *end = line + strlen (line);
228
229 while (*end < ' ' && end >= line)
230 end--;
231
232 *++end = 0;
233 }
234
235 char *tok = line;
236 const char *var = strtok (tok, "\t =");
237 tok = 0;
238
239 if (!var || !var[0])
240 return 0; /* no tokens on this line */
241
242 if (var[0] == '#')
243 return 0; /* comment: ignore */
244
245 char *val = strtok (NULL, "\t\n\r =");
246
247 if (!val || val[0] == '#')
248 return _("no value given for variable. (ignored)");
249
250 if (!strcmp (var, "on"))
251 {
252 if (!::thisnode
253 || (val[0] == '!' && strcmp (val + 1, ::thisnode))
254 || !strcmp (val, ::thisnode))
255 return parse_line (strtok (NULL, "\n\r"));
256 else
257 return 0;
258 }
259
260 // truly global
261 if (!strcmp (var, "loglevel"))
262 {
263 loglevel l = string_to_loglevel (val);
264
265 if (l == L_NONE)
266 return _("unknown loglevel. (skipping)");
267 }
268 else if (!strcmp (var, "ip-proto"))
269 conf.ip_proto = atoi (val);
270 else if (!strcmp (var, "icmp-type"))
271 {
272 #if ENABLE_ICMP
273 conf.icmp_type = atoi (val);
274 #endif
275 }
276
277 // per config
278 else if (!strcmp (var, "node"))
279 {
280 parse_argv ();
281
282 conf.default_node.id++;
283 node = new conf_node (conf.default_node);
284 conf.nodes.push_back (node);
285 node->nodename = strdup (val);
286
287 {
288 char *fname;
289 FILE *f;
290
291 asprintf (&fname, "%s/pubkey/%s", confbase, node->nodename);
292
293 f = fopen (fname, "r");
294 if (f)
295 {
296 node->rsa_key = RSA_new ();
297
298 if (!PEM_read_RSAPublicKey(f, &node->rsa_key, NULL, NULL))
299 {
300 ERR_load_RSA_strings (); ERR_load_PEM_strings ();
301 slog (L_ERR, _("unable to open public rsa key file '%s': %s"), fname, ERR_error_string (ERR_get_error (), 0));
302 exit (EXIT_FAILURE);
303 }
304
305 require (RSA_blinding_on (node->rsa_key, 0));
306
307 fclose (f);
308 }
309 else
310 {
311 slog (need_keys ? L_ERR : L_NOTICE, _("unable to read public rsa key file '%s': %s"), fname, strerror (errno));
312
313 if (need_keys)
314 exit (EXIT_FAILURE);
315 }
316
317 free (fname);
318 }
319
320 if (::thisnode && !strcmp (node->nodename, ::thisnode))
321 conf.thisnode = node;
322 }
323 else if (!strcmp (var, "private-key"))
324 free (conf.prikeyfile), conf.prikeyfile = strdup (val);
325 else if (!strcmp (var, "ifpersist"))
326 parse_bool (conf.ifpersist, "ifpersist", true, false);
327 else if (!strcmp (var, "ifname"))
328 free (conf.ifname), conf.ifname = strdup (val);
329 else if (!strcmp (var, "rekey"))
330 conf.rekey = atoi (val);
331 else if (!strcmp (var, "keepalive"))
332 conf.keepalive = atoi (val);
333 else if (!strcmp (var, "mtu"))
334 conf.mtu = atoi (val);
335 else if (!strcmp (var, "if-up"))
336 free (conf.script_if_up), conf.script_if_up = strdup (val);
337 else if (!strcmp (var, "node-up"))
338 free (conf.script_node_up), conf.script_node_up = strdup (val);
339 else if (!strcmp (var, "node-down"))
340 free (conf.script_node_down), conf.script_node_down = strdup (val);
341 else if (!strcmp (var, "pid-file"))
342 free (conf.pidfilename), conf.pidfilename = strdup (val);
343 else if (!strcmp (var, "dns-forw-host"))
344 {
345 #if ENABLE_DNS
346 free (conf.dns_forw_host), conf.dns_forw_host = strdup (val);
347 #endif
348 }
349 else if (!strcmp (var, "dns-forw-port"))
350 {
351 #if ENABLE_DNS
352 conf.dns_forw_port = atoi (val);
353 #endif
354 }
355 else if (!strcmp (var, "dns-timeout-factor"))
356 {
357 #if ENABLE_DNS
358 conf.dns_timeout_factor = atof (val);
359 #endif
360 }
361 else if (!strcmp (var, "dns-send-interval"))
362 {
363 #if ENABLE_DNS
364 conf.dns_send_interval = atoi (val);
365 #endif
366 }
367 else if (!strcmp (var, "dns-overlap-factor"))
368 {
369 #if ENABLE_DNS
370 conf.dns_overlap_factor = atof (val);
371 #endif
372 }
373 else if (!strcmp (var, "dns-max-outstanding"))
374 {
375 #if ENABLE_DNS
376 conf.dns_max_outstanding = atoi (val);
377 #endif
378 }
379 else if (!strcmp (var, "http-proxy-host"))
380 {
381 #if ENABLE_HTTP_PROXY
382 free (conf.proxy_host), conf.proxy_host = strdup (val);
383 #endif
384 }
385 else if (!strcmp (var, "http-proxy-port"))
386 {
387 #if ENABLE_HTTP_PROXY
388 conf.proxy_port = atoi (val);
389 #endif
390 }
391 else if (!strcmp (var, "http-proxy-auth"))
392 {
393 #if ENABLE_HTTP_PROXY
394 conf.proxy_auth = (char *)base64_encode ((const u8 *)val, strlen (val));
395 #endif
396 }
397
398 /* node-specific, non-defaultable */
399 else if (node != &conf.default_node && !strcmp (var, "hostname"))
400 free (node->hostname), node->hostname = strdup (val);
401
402 /* node-specific, defaultable */
403 else if (!strcmp (var, "udp-port"))
404 node->udp_port = atoi (val);
405 else if (!strcmp (var, "tcp-port"))
406 node->tcp_port = atoi (val);
407 else if (!strcmp (var, "dns-hostname"))
408 {
409 #if ENABLE_DNS
410 free (node->dns_hostname), node->dns_hostname = strdup (val);
411 #endif
412 }
413 else if (!strcmp (var, "dns-port"))
414 {
415 #if ENABLE_DNS
416 node->dns_port = atoi (val);
417 #endif
418 }
419 else if (!strcmp (var, "dns-domain"))
420 {
421 #if ENABLE_DNS
422 free (node->domain), node->domain = strdup (val);
423 #endif
424 }
425 else if (!strcmp (var, "if-up-data"))
426 free (node->if_up_data), node->if_up_data = strdup (val);
427 else if (!strcmp (var, "router-priority"))
428 node->routerprio = atoi (val);
429 else if (!strcmp (var, "max-retry"))
430 node->max_retry = atoi (val);
431 else if (!strcmp (var, "connect"))
432 {
433 if (!strcmp (val, "ondemand"))
434 node->connectmode = conf_node::C_ONDEMAND;
435 else if (!strcmp (val, "never"))
436 node->connectmode = conf_node::C_NEVER;
437 else if (!strcmp (val, "always"))
438 node->connectmode = conf_node::C_ALWAYS;
439 else if (!strcmp (val, "disabled"))
440 node->connectmode = conf_node::C_DISABLED;
441 else
442 return _("illegal value for 'connectmode', use one of 'ondemand', 'never', 'always' or 'disabled'. (ignored)");
443 }
444 else if (!strcmp (var, "inherit-tos"))
445 parse_bool (node->inherit_tos, "inherit-tos", true, false);
446 else if (!strcmp (var, "compress"))
447 parse_bool (node->compress, "compress", true, false);
448 // all these bool options really really cost a lot of executable size!
449 else if (!strcmp (var, "enable-tcp"))
450 {
451 #if ENABLE_TCP
452 u8 v; parse_bool (v, "enable-tcp" , PROT_TCPv4, 0); node->protocols = (node->protocols & ~PROT_TCPv4) | v;
453 #endif
454 }
455 else if (!strcmp (var, "enable-icmp"))
456 {
457 #if ENABLE_ICMP
458 u8 v; parse_bool (v, "enable-icmp" , PROT_ICMPv4, 0); node->protocols = (node->protocols & ~PROT_ICMPv4) | v;
459 #endif
460 }
461 else if (!strcmp (var, "enable-dns"))
462 {
463 #if ENABLE_DNS
464 u8 v; parse_bool (v, "enable-dns" , PROT_DNSv4, 0); node->protocols = (node->protocols & ~PROT_DNSv4) | v;
465 #endif
466 }
467 else if (!strcmp (var, "enable-udp"))
468 {
469 u8 v; parse_bool (v, "enable-udp" , PROT_UDPv4, 0); node->protocols = (node->protocols & ~PROT_UDPv4) | v;
470 }
471 else if (!strcmp (var, "enable-rawip"))
472 {
473 u8 v; parse_bool (v, "enable-rawip", PROT_IPv4, 0); node->protocols = (node->protocols & ~PROT_IPv4 ) | v;
474 }
475 else if (!strcmp (var, "allow-direct"))
476 node->allow_direct.push_back (strdup (val));
477 else if (!strcmp (var, "deny-direct"))
478 node->deny_direct.push_back (strdup (val));
479 else if (!strcmp (var, "max-ttl"))
480 node->max_ttl = atof (val);
481 else if (!strcmp (var, "max-queue"))
482 node->max_queue = atoi (val);
483
484 // unknown or misplaced
485 else
486 return _("unknown configuration directive. (ignored)");
487
488 return 0;
489 }
490
491 void conf_node::finalise ()
492 {
493 if (max_queue < 1)
494 {
495 slog (L_WARN, _("%s: max-queue value invalid, setting it to 1."), nodename);
496 max_queue = 1;
497 }
498
499 if (routerprio && (connectmode != C_ALWAYS && connectmode != C_DISABLED))
500 {
501 //slog (L_WARN, _("%s: has non-zero router-priority but either 'never' or 'ondemand' as connectmode, setting it to 'always'."), nodename);
502 connectmode = C_ALWAYS;
503 }
504 }
505
506 void configuration_parser::parse_argv ()
507 {
508 for (int i = 0; i < argc; ++i)
509 {
510 char *v = argv [i];
511
512 if (!*v)
513 continue;
514
515 char *enode = v;
516
517 while (*enode != '.' && *enode > ' ' && *enode != '=' && *enode)
518 enode++;
519
520 if (*enode != '.')
521 enode = 0;
522
523 char *wnode = node == &conf.default_node
524 ? 0
525 : node->nodename;
526
527 if ((!wnode && !enode)
528 || (wnode && enode && !strncmp (wnode, v, enode - v)))
529 {
530 const char *warn = parse_line (enode ? enode + 1 : v);
531
532 if (warn)
533 slog (L_WARN, _("%s, while parsing command line option '%s'."), warn, v);
534
535 *v = 0;
536 }
537 }
538 }
539
540 configuration_parser::configuration_parser (configuration &conf,
541 bool need_keys,
542 int argc,
543 char **argv)
544 : conf (conf),need_keys (need_keys), argc (argc), argv (argv)
545 {
546 char *fname;
547 FILE *f;
548
549 conf.clear ();
550
551 asprintf (&fname, "%s/gvpe.conf", confbase);
552 f = fopen (fname, "r");
553
554 if (f)
555 {
556 char line[16384];
557 int lineno = 0;
558 node = &conf.default_node;
559
560 while (fgets (line, sizeof (line), f))
561 {
562 lineno++;
563
564 const char *warn = parse_line (line);
565
566 if (warn)
567 slog (L_WARN, _("%s, at '%s', line %d."), warn, fname, lineno);
568 }
569
570 fclose (f);
571
572 parse_argv ();
573 }
574 else
575 {
576 slog (L_ERR, _("unable to read config file '%s': %s"), fname, strerror (errno));
577 exit (EXIT_FAILURE);
578 }
579
580 free (fname);
581
582 fname = conf.config_filename (conf.prikeyfile, "hostkey");
583
584 f = fopen (fname, "r");
585 if (f)
586 {
587 conf.rsa_key = RSA_new ();
588
589 if (!PEM_read_RSAPrivateKey (f, &conf.rsa_key, NULL, NULL))
590 {
591 ERR_load_RSA_strings (); ERR_load_PEM_strings ();
592 slog (L_ERR, _("unable to read private rsa key file '%s': %s"), fname, ERR_error_string (ERR_get_error (), 0));
593 exit (EXIT_FAILURE);
594 }
595
596 require (RSA_blinding_on (conf.rsa_key, 0));
597
598 fclose (f);
599 }
600 else
601 {
602 slog (need_keys ? L_ERR : L_NOTICE, _("unable to open private rsa key file '%s': %s"), fname, strerror (errno));
603
604 if (need_keys)
605 exit (EXIT_FAILURE);
606 }
607
608 if (need_keys && ::thisnode
609 && conf.rsa_key && conf.thisnode && conf.thisnode->rsa_key)
610 if (BN_cmp (conf.rsa_key->n, conf.thisnode->rsa_key->n) != 0
611 || BN_cmp (conf.rsa_key->e, conf.thisnode->rsa_key->e) != 0)
612 {
613 slog (L_NOTICE, _("private hostkey and public node key mismatch: is '%s' the correct node?"), ::thisnode);
614 exit (EXIT_FAILURE);
615 }
616
617 free (fname);
618
619 for (configuration::node_vector::iterator i = conf.nodes.begin(); i != conf.nodes.end(); ++i)
620 (*i)->finalise ();
621 }
622
623 char *configuration::config_filename (const char *name, const char *dflt)
624 {
625 char *fname;
626
627 asprintf (&fname, name ? name : dflt, ::thisnode);
628
629 if (!ABSOLUTE_PATH (fname))
630 {
631 char *rname = fname;
632 asprintf (&fname, "%s/%s", confbase, rname);
633 free (rname);
634 }
635
636 return fname;
637 }
638
639 void
640 configuration::print ()
641 {
642 printf (_("\nConfiguration\n\n"));
643 printf (_("# of nodes: %d\n"), nodes.size ());
644 printf (_("this node: %s\n"), thisnode ? thisnode->nodename : "<unset>");
645 printf (_("MTU: %d\n"), mtu);
646 printf (_("rekeying interval: %d\n"), rekey);
647 printf (_("keepalive interval: %d\n"), keepalive);
648 printf (_("interface: %s\n"), ifname);
649 printf (_("primary rsa key: %s\n"), prikeyfile ? prikeyfile : "<default>");
650 printf (_("rsa key size: %d\n"), rsa_key ? RSA_size (rsa_key) * 8 : -1);
651 printf ("\n");
652
653 printf ("%4s %-17s %s %-8.8s %-10.10s %s\n",
654 _("ID#"), _("MAC"), _("Com"), _("Conmode"), _("Node"), _("Host:Port"));
655
656 for (node_vector::iterator i = nodes.begin (); i != nodes.end (); ++i)
657 (*i)->print ();
658
659 printf ("\n");
660 }
661
662 configuration::configuration ()
663 {
664 asprintf (&confbase, "%s/gvpe", CONFDIR);
665
666 init ();
667 }
668
669 configuration::~configuration ()
670 {
671 cleanup ();
672 }
673
674