1 |
/* |
2 |
conf.C -- configuration code |
3 |
Copyright (C) 2003-2008,2011 Marc Lehmann <gvpe@schmorp.de> |
4 |
|
5 |
This file is part of GVPE. |
6 |
|
7 |
GVPE is free software; you can redistribute it and/or modify it |
8 |
under the terms of the GNU General Public License as published by the |
9 |
Free Software Foundation; either version 3 of the License, or (at your |
10 |
option) any later version. |
11 |
|
12 |
This program is distributed in the hope that it will be useful, but |
13 |
WITHOUT ANY WARRANTY; without even the implied warranty of |
14 |
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General |
15 |
Public License for more details. |
16 |
|
17 |
You should have received a copy of the GNU General Public License along |
18 |
with this program; if not, see <http://www.gnu.org/licenses/>. |
19 |
|
20 |
Additional permission under GNU GPL version 3 section 7 |
21 |
|
22 |
If you modify this Program, or any covered work, by linking or |
23 |
combining it with the OpenSSL project's OpenSSL library (or a modified |
24 |
version of that library), containing parts covered by the terms of the |
25 |
OpenSSL or SSLeay licenses, the licensors of this Program grant you |
26 |
additional permission to convey the resulting work. Corresponding |
27 |
Source for a non-source form of such a combination shall include the |
28 |
source code for the parts of OpenSSL used as well as that of the |
29 |
covered work. |
30 |
*/ |
31 |
|
32 |
#include "config.h" |
33 |
|
34 |
#include <cstdio> |
35 |
#include <cstdlib> |
36 |
#include <cstring> |
37 |
|
38 |
#include <errno.h> |
39 |
#include <netdb.h> |
40 |
#include <sys/stat.h> |
41 |
#include <sys/types.h> |
42 |
#include <unistd.h> |
43 |
|
44 |
#include "netcompat.h" |
45 |
|
46 |
#include <openssl/err.h> |
47 |
#include <openssl/pem.h> |
48 |
#include <openssl/rsa.h> |
49 |
#include <openssl/rand.h> |
50 |
#include <openssl/bn.h> |
51 |
|
52 |
#include "conf.h" |
53 |
#include "slog.h" |
54 |
#include "util.h" |
55 |
|
56 |
char *confbase; |
57 |
char *thisnode; |
58 |
char *identname; |
59 |
|
60 |
struct configuration conf; |
61 |
|
62 |
u8 |
63 |
best_protocol (u8 protset) |
64 |
{ |
65 |
#if 1//D2 |
66 |
if (protset & PROT_IPv42 ) return PROT_IPv42; |
67 |
#endif |
68 |
if (protset & PROT_IPv4 ) return PROT_IPv4; |
69 |
if (protset & PROT_ICMPv4) return PROT_ICMPv4; |
70 |
if (protset & PROT_UDPv4 ) return PROT_UDPv4; |
71 |
if (protset & PROT_TCPv4 ) return PROT_TCPv4; |
72 |
if (protset & PROT_DNSv4 ) return PROT_DNSv4; |
73 |
|
74 |
return 0; |
75 |
} |
76 |
|
77 |
const char * |
78 |
strprotocol (u8 protocol) |
79 |
{ |
80 |
#if 1//D2 |
81 |
if (protocol & PROT_IPv42 ) return "rawip2"; |
82 |
#endif |
83 |
if (protocol & PROT_IPv4 ) return "rawip"; |
84 |
if (protocol & PROT_ICMPv4) return "icmp"; |
85 |
if (protocol & PROT_UDPv4 ) return "udp"; |
86 |
if (protocol & PROT_TCPv4 ) return "tcp"; |
87 |
if (protocol & PROT_DNSv4 ) return "dns"; |
88 |
|
89 |
return "<unknown>"; |
90 |
} |
91 |
|
92 |
static bool |
93 |
match_list (const vector<const char *> &list, const char *str) |
94 |
{ |
95 |
for (vector<const char *>::const_iterator i = list.end (); i-- > list.begin (); ) |
96 |
if ((*i)[0] == '*' && !(*i)[1]) |
97 |
return true; |
98 |
else if (!strcmp (*i, str)) |
99 |
return true; |
100 |
|
101 |
return false; |
102 |
} |
103 |
|
104 |
bool |
105 |
conf_node::may_direct (struct conf_node *other) |
106 |
{ |
107 |
if (match_list (allow_direct, other->nodename)) |
108 |
return true; |
109 |
|
110 |
if (match_list (deny_direct, other->nodename)) |
111 |
return false; |
112 |
|
113 |
return true; |
114 |
} |
115 |
|
116 |
conf_node::~conf_node () |
117 |
{ |
118 |
#if 0 |
119 |
// does not work, because string pointers etc. are shared |
120 |
// is not called, however |
121 |
if (rsa_key) |
122 |
RSA_free (rsa_key); |
123 |
|
124 |
free (nodename); |
125 |
free (hostname); |
126 |
free (if_up_data); |
127 |
#if ENABLE_DNS |
128 |
free (domain); |
129 |
free (dns_hostname); |
130 |
#endif |
131 |
#endif |
132 |
} |
133 |
|
134 |
void |
135 |
configuration::init () |
136 |
{ |
137 |
memset (this, 0, sizeof (*this)); |
138 |
|
139 |
mtu = DEFAULT_MTU; |
140 |
nfmark = 0; |
141 |
rekey = DEFAULT_REKEY; |
142 |
keepalive = DEFAULT_KEEPALIVE; |
143 |
llevel = L_INFO; |
144 |
ip_proto = IPPROTO_GRE; |
145 |
#if 1 //D2 |
146 |
ip2_proto = 7; |
147 |
#endif |
148 |
#if ENABLE_ICMP |
149 |
icmp_type = ICMP_ECHOREPLY; |
150 |
#endif |
151 |
|
152 |
default_node.udp_port = DEFAULT_UDPPORT; |
153 |
default_node.tcp_port = DEFAULT_UDPPORT; // ehrm |
154 |
default_node.connectmode = conf_node::C_ALWAYS; |
155 |
default_node.compress = true; |
156 |
default_node.protocols = 0; |
157 |
default_node.max_retry = DEFAULT_MAX_RETRY; |
158 |
default_node.max_ttl = DEFAULT_MAX_TTL; |
159 |
default_node.max_queue = DEFAULT_MAX_QUEUE; |
160 |
default_node.if_up_data = strdup (""); |
161 |
|
162 |
#if ENABLE_DNS |
163 |
default_node.dns_port = 0; // default is 0 == client |
164 |
|
165 |
dns_case_preserving = true; |
166 |
dns_forw_host = strdup ("127.0.0.1"); |
167 |
dns_forw_port = 53; |
168 |
dns_timeout_factor = DEFAULT_DNS_TIMEOUT_FACTOR; |
169 |
dns_send_interval = DEFAULT_DNS_SEND_INTERVAL; |
170 |
dns_overlap_factor = DEFAULT_DNS_OVERLAP_FACTOR; |
171 |
dns_max_outstanding = DEFAULT_DNS_MAX_OUTSTANDING; |
172 |
#endif |
173 |
|
174 |
conf.pidfilename = strdup (LOCALSTATEDIR "/run/gvpe.pid"); |
175 |
} |
176 |
|
177 |
void |
178 |
configuration::cleanup () |
179 |
{ |
180 |
if (rsa_key) |
181 |
RSA_free (rsa_key); |
182 |
|
183 |
rsa_key = 0; |
184 |
|
185 |
free (pidfilename); pidfilename = 0; |
186 |
free (ifname); ifname = 0; |
187 |
#if ENABLE_HTTP_PROXY |
188 |
free (proxy_host); proxy_host = 0; |
189 |
free (proxy_auth); proxy_auth = 0; |
190 |
#endif |
191 |
#if ENABLE_DNS |
192 |
free (dns_forw_host); dns_forw_host = 0; |
193 |
#endif |
194 |
free (script_if_up); script_if_up = 0; |
195 |
free (script_node_up); script_node_up = 0; |
196 |
free (script_node_change); script_node_change = 0; |
197 |
free (script_node_down); script_node_down = 0; |
198 |
} |
199 |
|
200 |
void |
201 |
configuration::clear () |
202 |
{ |
203 |
for (configuration::node_vector::iterator i = nodes.begin(); i != nodes.end(); ++i) |
204 |
delete *i; |
205 |
|
206 |
nodes.clear (); |
207 |
|
208 |
cleanup (); |
209 |
init (); |
210 |
} |
211 |
|
212 |
//static bool |
213 |
//is_true (const char *name) |
214 |
//{ |
215 |
//re |
216 |
//} |
217 |
|
218 |
#define parse_bool(target,name,trueval,falseval) do { \ |
219 |
if (!strcmp (val, "yes")) target = trueval; \ |
220 |
else if (!strcmp (val, "no")) target = falseval; \ |
221 |
else if (!strcmp (val, "true")) target = trueval; \ |
222 |
else if (!strcmp (val, "false")) target = falseval; \ |
223 |
else if (!strcmp (val, "on")) target = trueval; \ |
224 |
else if (!strcmp (val, "off")) target = falseval; \ |
225 |
else \ |
226 |
return _("illegal boolean value, only 'yes|true|on' or 'no|false|off' allowed, ignored"); \ |
227 |
} while (0) |
228 |
|
229 |
const char * |
230 |
configuration_parser::parse_line (char *line) |
231 |
{ |
232 |
{ |
233 |
char *end = line + strlen (line); |
234 |
|
235 |
while (*end < ' ' && end >= line) |
236 |
end--; |
237 |
|
238 |
*++end = 0; |
239 |
} |
240 |
|
241 |
char *tok = line; |
242 |
const char *var = strtok (tok, "\t ="); |
243 |
tok = 0; |
244 |
|
245 |
if (!var || !var[0]) |
246 |
return 0; /* no tokens on this line */ |
247 |
|
248 |
if (var[0] == '#') |
249 |
return 0; /* comment: ignore */ |
250 |
|
251 |
char *val = strtok (NULL, "\t\n\r ="); |
252 |
|
253 |
if (!val || val[0] == '#') |
254 |
return _("no value given for variable, ignored"); |
255 |
|
256 |
else if (!strcmp (var, "on")) |
257 |
{ |
258 |
if (::thisnode |
259 |
&& ((val[0] == '!' && strcmp (val + 1, ::thisnode)) |
260 |
|| !strcmp (val, ::thisnode))) |
261 |
return parse_line (strtok (NULL, "\n\r")); |
262 |
} |
263 |
|
264 |
else if (!strcmp (var, "include")) |
265 |
{ |
266 |
char *fname = conf.config_filename (val); |
267 |
parse_file (fname); |
268 |
free (fname); |
269 |
} |
270 |
|
271 |
// truly global |
272 |
else if (!strcmp (var, "loglevel")) |
273 |
{ |
274 |
loglevel l = string_to_loglevel (val); |
275 |
|
276 |
if (l == L_NONE) |
277 |
return _("unknown loglevel, ignored"); |
278 |
} |
279 |
else if (!strcmp (var, "ip-proto")) |
280 |
conf.ip_proto = atoi (val); |
281 |
#if 1 //D2 |
282 |
else if (!strcmp (var, "ip2-proto")) |
283 |
conf.ip2_proto = atoi (val); |
284 |
#endif |
285 |
else if (!strcmp (var, "icmp-type")) |
286 |
{ |
287 |
#if ENABLE_ICMP |
288 |
conf.icmp_type = atoi (val); |
289 |
#endif |
290 |
} |
291 |
|
292 |
// per config |
293 |
else if (!strcmp (var, "node")) |
294 |
{ |
295 |
parse_argv (); |
296 |
|
297 |
conf.default_node.id++; |
298 |
node = new conf_node (conf.default_node); |
299 |
conf.nodes.push_back (node); |
300 |
node->nodename = strdup (val); |
301 |
|
302 |
{ |
303 |
char *fname; |
304 |
FILE *f; |
305 |
|
306 |
asprintf (&fname, "%s/pubkey/%s", confbase, node->nodename); |
307 |
|
308 |
f = fopen (fname, "r"); |
309 |
if (f) |
310 |
{ |
311 |
node->rsa_key = RSA_new (); |
312 |
|
313 |
if (!PEM_read_RSAPublicKey(f, &node->rsa_key, NULL, NULL)) |
314 |
{ |
315 |
ERR_load_RSA_strings (); ERR_load_PEM_strings (); |
316 |
slog (L_ERR, _("unable to open public rsa key file '%s': %s"), fname, ERR_error_string (ERR_get_error (), 0)); |
317 |
exit (EXIT_FAILURE); |
318 |
} |
319 |
|
320 |
require (RSA_blinding_on (node->rsa_key, 0)); |
321 |
|
322 |
fclose (f); |
323 |
} |
324 |
else |
325 |
{ |
326 |
slog (need_keys ? L_ERR : L_NOTICE, _("unable to read public rsa key file '%s': %s"), fname, strerror (errno)); |
327 |
|
328 |
if (need_keys) |
329 |
exit (EXIT_FAILURE); |
330 |
} |
331 |
|
332 |
free (fname); |
333 |
} |
334 |
|
335 |
if (::thisnode && !strcmp (node->nodename, ::thisnode)) |
336 |
conf.thisnode = node; |
337 |
} |
338 |
else if (!strcmp (var, "private-key")) |
339 |
free (conf.prikeyfile), conf.prikeyfile = strdup (val); |
340 |
else if (!strcmp (var, "ifpersist")) |
341 |
parse_bool (conf.ifpersist, "ifpersist", true, false); |
342 |
else if (!strcmp (var, "ifname")) |
343 |
free (conf.ifname), conf.ifname = strdup (val); |
344 |
else if (!strcmp (var, "rekey")) |
345 |
conf.rekey = atoi (val); |
346 |
else if (!strcmp (var, "keepalive")) |
347 |
conf.keepalive = atoi (val); |
348 |
else if (!strcmp (var, "mtu")) |
349 |
conf.mtu = atoi (val); |
350 |
else if (!strcmp (var, "nfmark")) |
351 |
conf.nfmark = atoi (val); |
352 |
else if (!strcmp (var, "if-up")) |
353 |
free (conf.script_if_up), conf.script_if_up = strdup (val); |
354 |
else if (!strcmp (var, "node-up")) |
355 |
free (conf.script_node_up), conf.script_node_up = strdup (val); |
356 |
else if (!strcmp (var, "node-change")) |
357 |
free (conf.script_node_change), conf.script_node_change = strdup (val); |
358 |
else if (!strcmp (var, "node-down")) |
359 |
free (conf.script_node_down), conf.script_node_down = strdup (val); |
360 |
else if (!strcmp (var, "pid-file")) |
361 |
free (conf.pidfilename), conf.pidfilename = strdup (val); |
362 |
else if (!strcmp (var, "dns-forw-host")) |
363 |
{ |
364 |
#if ENABLE_DNS |
365 |
free (conf.dns_forw_host), conf.dns_forw_host = strdup (val); |
366 |
#endif |
367 |
} |
368 |
else if (!strcmp (var, "dns-forw-port")) |
369 |
{ |
370 |
#if ENABLE_DNS |
371 |
conf.dns_forw_port = atoi (val); |
372 |
#endif |
373 |
} |
374 |
else if (!strcmp (var, "dns-timeout-factor")) |
375 |
{ |
376 |
#if ENABLE_DNS |
377 |
conf.dns_timeout_factor = atof (val); |
378 |
#endif |
379 |
} |
380 |
else if (!strcmp (var, "dns-send-interval")) |
381 |
{ |
382 |
#if ENABLE_DNS |
383 |
conf.dns_send_interval = atoi (val); |
384 |
#endif |
385 |
} |
386 |
else if (!strcmp (var, "dns-overlap-factor")) |
387 |
{ |
388 |
#if ENABLE_DNS |
389 |
conf.dns_overlap_factor = atof (val); |
390 |
#endif |
391 |
} |
392 |
else if (!strcmp (var, "dns-max-outstanding")) |
393 |
{ |
394 |
#if ENABLE_DNS |
395 |
conf.dns_max_outstanding = atoi (val); |
396 |
#endif |
397 |
} |
398 |
else if (!strcmp (var, "dns-case-preserving")) |
399 |
{ |
400 |
#if ENABLE_DNS |
401 |
parse_bool (conf.dns_case_preserving, "dns-case-preserving", true, false); |
402 |
#endif |
403 |
} |
404 |
else if (!strcmp (var, "http-proxy-host")) |
405 |
{ |
406 |
#if ENABLE_HTTP_PROXY |
407 |
free (conf.proxy_host), conf.proxy_host = strdup (val); |
408 |
#endif |
409 |
} |
410 |
else if (!strcmp (var, "http-proxy-port")) |
411 |
{ |
412 |
#if ENABLE_HTTP_PROXY |
413 |
conf.proxy_port = atoi (val); |
414 |
#endif |
415 |
} |
416 |
else if (!strcmp (var, "http-proxy-auth")) |
417 |
{ |
418 |
#if ENABLE_HTTP_PROXY |
419 |
conf.proxy_auth = (char *)base64_encode ((const u8 *)val, strlen (val)); |
420 |
#endif |
421 |
} |
422 |
|
423 |
/* node-specific, non-defaultable */ |
424 |
else if (node != &conf.default_node && !strcmp (var, "hostname")) |
425 |
free (node->hostname), node->hostname = strdup (val); |
426 |
|
427 |
/* node-specific, defaultable */ |
428 |
else if (!strcmp (var, "udp-port")) |
429 |
node->udp_port = atoi (val); |
430 |
else if (!strcmp (var, "tcp-port")) |
431 |
node->tcp_port = atoi (val); |
432 |
else if (!strcmp (var, "dns-hostname")) |
433 |
{ |
434 |
#if ENABLE_DNS |
435 |
free (node->dns_hostname), node->dns_hostname = strdup (val); |
436 |
#endif |
437 |
} |
438 |
else if (!strcmp (var, "dns-port")) |
439 |
{ |
440 |
#if ENABLE_DNS |
441 |
node->dns_port = atoi (val); |
442 |
#endif |
443 |
} |
444 |
else if (!strcmp (var, "dns-domain")) |
445 |
{ |
446 |
#if ENABLE_DNS |
447 |
free (node->domain), node->domain = strdup (val); |
448 |
#endif |
449 |
} |
450 |
else if (!strcmp (var, "if-up-data")) |
451 |
free (node->if_up_data), node->if_up_data = strdup (val); |
452 |
else if (!strcmp (var, "router-priority")) |
453 |
node->routerprio = atoi (val); |
454 |
else if (!strcmp (var, "max-retry")) |
455 |
node->max_retry = atoi (val); |
456 |
else if (!strcmp (var, "connect")) |
457 |
{ |
458 |
if (!strcmp (val, "ondemand")) |
459 |
node->connectmode = conf_node::C_ONDEMAND; |
460 |
else if (!strcmp (val, "never")) |
461 |
node->connectmode = conf_node::C_NEVER; |
462 |
else if (!strcmp (val, "always")) |
463 |
node->connectmode = conf_node::C_ALWAYS; |
464 |
else if (!strcmp (val, "disabled")) |
465 |
node->connectmode = conf_node::C_DISABLED; |
466 |
else |
467 |
return _("illegal value for 'connectmode', use one of 'ondemand', 'never', 'always' or 'disabled', ignored"); |
468 |
} |
469 |
else if (!strcmp (var, "inherit-tos")) |
470 |
parse_bool (node->inherit_tos, "inherit-tos", true, false); |
471 |
else if (!strcmp (var, "compress")) |
472 |
parse_bool (node->compress, "compress", true, false); |
473 |
// all these bool options really really cost a lot of executable size! |
474 |
else if (!strcmp (var, "enable-tcp")) |
475 |
{ |
476 |
#if ENABLE_TCP |
477 |
u8 v; parse_bool (v, "enable-tcp" , PROT_TCPv4, 0); node->protocols = (node->protocols & ~PROT_TCPv4) | v; |
478 |
#endif |
479 |
} |
480 |
else if (!strcmp (var, "enable-icmp")) |
481 |
{ |
482 |
#if ENABLE_ICMP |
483 |
u8 v; parse_bool (v, "enable-icmp" , PROT_ICMPv4, 0); node->protocols = (node->protocols & ~PROT_ICMPv4) | v; |
484 |
#endif |
485 |
} |
486 |
else if (!strcmp (var, "enable-dns")) |
487 |
{ |
488 |
#if ENABLE_DNS |
489 |
u8 v; parse_bool (v, "enable-dns" , PROT_DNSv4, 0); node->protocols = (node->protocols & ~PROT_DNSv4) | v; |
490 |
#endif |
491 |
} |
492 |
else if (!strcmp (var, "enable-udp")) |
493 |
{ |
494 |
u8 v; parse_bool (v, "enable-udp" , PROT_UDPv4, 0); node->protocols = (node->protocols & ~PROT_UDPv4) | v; |
495 |
} |
496 |
else if (!strcmp (var, "enable-rawip")) |
497 |
{ |
498 |
u8 v; parse_bool (v, "enable-rawip", PROT_IPv4, 0); node->protocols = (node->protocols & ~PROT_IPv4 ) | v; |
499 |
} |
500 |
#if 1//D2 |
501 |
else if (!strcmp (var, "enable-rawip2")) |
502 |
{ |
503 |
u8 v; parse_bool (v, "enable-rawip2", PROT_IPv42, 0); node->protocols = (node->protocols & ~PROT_IPv42 ) | v; |
504 |
} |
505 |
#endif |
506 |
else if (!strcmp (var, "allow-direct")) |
507 |
node->allow_direct.push_back (strdup (val)); |
508 |
else if (!strcmp (var, "deny-direct")) |
509 |
node->deny_direct.push_back (strdup (val)); |
510 |
else if (!strcmp (var, "max-ttl")) |
511 |
node->max_ttl = atof (val); |
512 |
else if (!strcmp (var, "max-queue")) |
513 |
node->max_queue = atoi (val); |
514 |
|
515 |
// unknown or misplaced |
516 |
else |
517 |
return _("unknown configuration directive - ignored"); |
518 |
|
519 |
return 0; |
520 |
} |
521 |
|
522 |
void |
523 |
conf_node::finalise () |
524 |
{ |
525 |
if (max_queue < 1) |
526 |
{ |
527 |
slog (L_WARN, _("%s: max-queue value invalid, setting it to 1."), nodename); |
528 |
max_queue = 1; |
529 |
} |
530 |
|
531 |
if (routerprio > 1 && (connectmode != C_ALWAYS && connectmode != C_DISABLED)) |
532 |
{ |
533 |
//slog (L_WARN, _("%s: has non-zero router-priority but either 'never' or 'ondemand' as connectmode, setting it to 'always'."), nodename); |
534 |
connectmode = C_ALWAYS; |
535 |
} |
536 |
} |
537 |
|
538 |
void |
539 |
configuration_parser::parse_argv () |
540 |
{ |
541 |
for (int i = 0; i < argc; ++i) |
542 |
{ |
543 |
char *v = argv [i]; |
544 |
|
545 |
if (!*v) |
546 |
continue; |
547 |
|
548 |
char *enode = v; |
549 |
|
550 |
while (*enode != '.' && *enode > ' ' && *enode != '=' && *enode) |
551 |
enode++; |
552 |
|
553 |
if (*enode != '.') |
554 |
enode = 0; |
555 |
|
556 |
char *wnode = node == &conf.default_node |
557 |
? 0 |
558 |
: node->nodename; |
559 |
|
560 |
if ((!wnode && !enode) |
561 |
|| (wnode && enode && !strncmp (wnode, v, enode - v))) |
562 |
{ |
563 |
const char *warn = parse_line (enode ? enode + 1 : v); |
564 |
|
565 |
if (warn) |
566 |
slog (L_WARN, _("%s, while parsing command line option '%s'."), warn, v); |
567 |
|
568 |
*v = 0; |
569 |
} |
570 |
} |
571 |
} |
572 |
|
573 |
void |
574 |
configuration_parser::parse_file (const char *fname) |
575 |
{ |
576 |
if (FILE *f = fopen (fname, "r")) |
577 |
{ |
578 |
char line [2048]; |
579 |
int lineno = 0; |
580 |
|
581 |
while (fgets (line, sizeof (line), f)) |
582 |
{ |
583 |
lineno++; |
584 |
|
585 |
const char *warn = parse_line (line); |
586 |
|
587 |
if (warn) |
588 |
slog (L_WARN, _("%s, at '%s', line %d."), warn, fname, lineno); |
589 |
} |
590 |
|
591 |
fclose (f); |
592 |
|
593 |
parse_argv (); |
594 |
} |
595 |
else |
596 |
{ |
597 |
slog (L_ERR, _("unable to read config file '%s': %s"), fname, strerror (errno)); |
598 |
exit (EXIT_FAILURE); |
599 |
} |
600 |
} |
601 |
|
602 |
configuration_parser::configuration_parser (configuration &conf, |
603 |
bool need_keys, |
604 |
int argc, |
605 |
char **argv) |
606 |
: conf (conf),need_keys (need_keys), argc (argc), argv (argv) |
607 |
{ |
608 |
char *fname; |
609 |
|
610 |
conf.clear (); |
611 |
node = &conf.default_node; |
612 |
|
613 |
asprintf (&fname, "%s/gvpe.conf", confbase); |
614 |
parse_file (fname); |
615 |
free (fname); |
616 |
|
617 |
fname = conf.config_filename (conf.prikeyfile, "hostkey"); |
618 |
|
619 |
if (FILE *f = fopen (fname, "r")) |
620 |
{ |
621 |
conf.rsa_key = RSA_new (); |
622 |
|
623 |
if (!PEM_read_RSAPrivateKey (f, &conf.rsa_key, NULL, NULL)) |
624 |
{ |
625 |
ERR_load_RSA_strings (); ERR_load_PEM_strings (); |
626 |
slog (L_ERR, _("unable to read private rsa key file '%s': %s"), fname, ERR_error_string (ERR_get_error (), 0)); |
627 |
exit (EXIT_FAILURE); |
628 |
} |
629 |
|
630 |
require (RSA_blinding_on (conf.rsa_key, 0)); |
631 |
|
632 |
fclose (f); |
633 |
} |
634 |
else |
635 |
{ |
636 |
slog (need_keys ? L_ERR : L_NOTICE, _("unable to open private rsa key file '%s': %s"), fname, strerror (errno)); |
637 |
|
638 |
if (need_keys) |
639 |
exit (EXIT_FAILURE); |
640 |
} |
641 |
|
642 |
free (fname); |
643 |
|
644 |
if (need_keys && ::thisnode |
645 |
&& conf.rsa_key && conf.thisnode && conf.thisnode->rsa_key) |
646 |
if (BN_cmp (conf.rsa_key->n, conf.thisnode->rsa_key->n) != 0 |
647 |
|| BN_cmp (conf.rsa_key->e, conf.thisnode->rsa_key->e) != 0) |
648 |
{ |
649 |
slog (L_NOTICE, _("private hostkey and public node key mismatch: is '%s' the correct node?"), ::thisnode); |
650 |
exit (EXIT_FAILURE); |
651 |
} |
652 |
|
653 |
for (configuration::node_vector::iterator i = conf.nodes.begin(); i != conf.nodes.end(); ++i) |
654 |
(*i)->finalise (); |
655 |
} |
656 |
|
657 |
char * |
658 |
configuration::config_filename (const char *name, const char *dflt) |
659 |
{ |
660 |
char *fname; |
661 |
|
662 |
asprintf (&fname, name ? name : dflt, ::thisnode); |
663 |
|
664 |
if (!ABSOLUTE_PATH (fname)) |
665 |
{ |
666 |
char *rname = fname; |
667 |
asprintf (&fname, "%s/%s", confbase, rname); |
668 |
free (rname); |
669 |
} |
670 |
|
671 |
return fname; |
672 |
} |
673 |
|
674 |
void |
675 |
conf_node::print () |
676 |
{ |
677 |
printf ("%4d fe:fd:80:00:0%1x:%02x %c %-8.8s %-10.10s %02x %s%s%d\n", |
678 |
id, |
679 |
id >> 8, id & 0xff, |
680 |
compress ? 'Y' : 'N', |
681 |
connectmode == C_ONDEMAND ? "ondemand" |
682 |
: connectmode == C_NEVER ? "never" |
683 |
: connectmode == C_ALWAYS ? "always" |
684 |
: connectmode == C_DISABLED ? "disabled" |
685 |
: "", |
686 |
nodename, |
687 |
protocols, |
688 |
hostname ? hostname : "", |
689 |
hostname ? ":" : "", |
690 |
hostname ? udp_port : 0 |
691 |
); |
692 |
} |
693 |
|
694 |
void |
695 |
configuration::print () |
696 |
{ |
697 |
printf (_("\nConfiguration\n\n")); |
698 |
printf (_("# of nodes: %d\n"), nodes.size ()); |
699 |
printf (_("this node: %s\n"), thisnode ? thisnode->nodename : "<unset>"); |
700 |
printf (_("MTU: %d\n"), mtu); |
701 |
printf (_("rekeying interval: %d\n"), rekey); |
702 |
printf (_("keepalive interval: %d\n"), keepalive); |
703 |
printf (_("interface: %s\n"), ifname); |
704 |
printf (_("primary rsa key: %s\n"), prikeyfile ? prikeyfile : "<default>"); |
705 |
printf (_("rsa key size: %d\n"), rsa_key ? RSA_size (rsa_key) * 8 : -1); |
706 |
printf ("\n"); |
707 |
|
708 |
printf ("%4s %-17s %s %-8.8s %-10.10s %04s %s\n", |
709 |
_("ID#"), _("MAC"), _("Com"), _("Conmode"), _("Node"), _("Prot"), _("Host:Port")); |
710 |
|
711 |
for (node_vector::iterator i = nodes.begin (); i != nodes.end (); ++i) |
712 |
(*i)->print (); |
713 |
|
714 |
printf ("\n"); |
715 |
} |
716 |
|
717 |
configuration::configuration () |
718 |
{ |
719 |
asprintf (&confbase, "%s/gvpe", CONFDIR); |
720 |
|
721 |
init (); |
722 |
} |
723 |
|
724 |
configuration::~configuration () |
725 |
{ |
726 |
cleanup (); |
727 |
} |
728 |
|