[ViewVC] Diff of: cvs/gvpe/src/gvpe.C

Comparing gvpe/src/gvpe.C (file contents):
Revision 1.15 by pcg, Fri Nov 21 05:02:08 2008 UTC vs.
Revision 1.25 by root, Tue Jul 16 16:44:36 2013 UTC

 /*
     gvpe.C -- the main file for gvpe
     Copyright (C) 1998-2002 Ivo Timmermans <ivo@o2w.nl>
                   2000-2002 Guus Sliepen <guus@sliepen.eu.org>
-                  2003-2008 Marc Lehmann <gvpe@schmorp.de>
+                  2003-2013 Marc Lehmann <gvpe@schmorp.de>
     This file is part of GVPE.
     GVPE is free software; you can redistribute it and/or modify it
     under the terms of the GNU General Public License as published by the
 #include <errno.h>
 #include <fcntl.h>
 #include <getopt.h>
 #include <signal.h>
 #include <sys/types.h>
+#include <sys/stat.h>
 #include <unistd.h>
 #include <signal.h>
 #include <termios.h>
 #if HAVE_SYS_MMAN_H
 #include "conf.h"
 #include "slog.h"
 #include "util.h"
 #include "vpn.h"
 #include "ev_cpp.h"
+#include "hkdf.h"
 static loglevel llevel = L_NONE;
 /* If nonzero, display usage information and exit. */
 static int show_help;
 /* If zero, don't detach from the terminal. */
 static int do_detach = 1;
 static struct option const long_options[] =
-    {
+{
-      {"config", required_argument, NULL, 'c'},
+  {"config", required_argument, NULL, 'c'},
-      {"help", no_argument, &show_help, 1},
+  {"help", no_argument, &show_help, 1},
-      {"version", no_argument, &show_version, 1},
+  {"version", no_argument, &show_version, 1},
-      {"no-detach", no_argument, &do_detach, 0},
+  {"no-detach", no_argument, &do_detach, 0},
-      {"log-level", required_argument, NULL, 'l'},
+  {"log-level", required_argument, NULL, 'l'},
-      {"mlock", no_argument, &do_mlock, 1},
+  {"mlock", no_argument, &do_mlock, 1},
-      {NULL, 0, NULL, 0}
+  {NULL, 0, NULL, 0}
-    };
+};
 static void
 usage (int status)
 {
   if (status != 0)
       printf (_("Usage: %s [option]... NODENAME\n\n"), get_identity ());
       printf (_
               ("  -c, --config=DIR           Read configuration options from DIR.\n"
                "  -D, --no-detach            Don't fork and detach.\n"
                "  -l, --log-level=LEVEL      Set logging level (info, notice, warn are common).\n"
-               "  -L, --mlock                Lock tinc into main memory.\n"
+               "  -L, --mlock                Lock gvpe into main memory.\n"
                "      --help                 Display this help and exit.\n"
                "      --version              Output version information and exit.\n\n"));
       printf (_("Report bugs to <gvpe@schmorp.de>.\n"));
     }
   exit (status);
 }
-void
+static void
 parse_options (int argc, char **argv, char **envp)
 {
   int r;
   int option_index = 0;
           break;
         }
     }
 }
-/*
-  Close network connections, and terminate neatly
+// close network connections, and terminate neatly
-*/
+static void
-void cleanup_and_exit(int c)
+cleanup_and_exit (int c)
 {
   network.shutdown_all ();
   if (conf.pidfilename)
     remove_pid (conf.pidfilename);
   slog (L_INFO, _("terminating with exit code %d"), c);
   exit (c);
 }
-/*
-  Signal handlers.
+// signal handlers
-*/
+static RETSIGTYPE
-RETSIGTYPE
 sigterm_handler (int a)
 {
   network.events |= vpn::EVENT_SHUTDOWN;
   network.event.start ();
 }
-RETSIGTYPE
+static RETSIGTYPE
 sighup_handler (int a)
 {
   network.events |= vpn::EVENT_RECONNECT;
   network.event.start ();
 }
-RETSIGTYPE
+static RETSIGTYPE
 sigusr1_handler (int a)
 {
   network.dump_status ();
 }
-RETSIGTYPE
+static RETSIGTYPE
 sigusr2_handler (int a)
 {
 }
-void
+static void
 setup_signals (void)
 {
   struct sigaction act;
   sigfillset (&act.sa_mask);
   act.sa_flags = SA_RESETHAND;
   act.sa_handler = sigterm_handler; sigaction (SIGINT , &act, NULL);
   act.sa_handler = sigterm_handler; sigaction (SIGTERM, &act, NULL);
 }
+static int rand_fd;
+// antique C++ requires external linkage :/
+void
+reseed_rng (ev::timer &w, int revents)
+{
+  char buf [SEED_SIZE];
+  int n = read (rand_fd, buf, sizeof (buf));
+  if (n > 0)
+    RAND_seed (buf, n);
+}
+static void
+setup_rng (void)
+{
+  if (!*conf.seed_dev)
+    return;
+#ifndef O_BINARY
+#  define O_BINARY 0
+#endif
+#ifndef O_NONBLOCK
+#  define O_NONBLOCK 0
+#endif
+  rand_fd = open (conf.seed_dev, O_RDONLY | O_NONBLOCK | O_BINARY);
+  if (rand_fd < 0)
+    {
+      slog (L_ERR, _("unable to open seed device '%s': %s, exiting."), conf.seed_dev, strerror (errno));
+      exit (EXIT_FAILURE);
+    }
+  static ev::timer reseed_timer;
+  if (conf.reseed)
+    {
+      reseed_timer.set<reseed_rng> ();
+      reseed_timer.set (conf.reseed, conf.reseed);
+      reseed_timer.start (EV_DEFAULT);
+    }
+  reseed_rng (reseed_timer, 0);
+}
 int
 main (int argc, char **argv, char **envp)
 {
   ERR_load_crypto_strings (); // we have the RAM
+  require (EVP_MD_size           (MAC_DIGEST  ()) == HASH_SIZE  (MAC_DIGEST ));
+  require (EVP_MD_size           (AUTH_DIGEST ()) == HASH_SIZE  (AUTH_DIGEST));
+  require (EVP_CIPHER_key_length (CIPHER      ()) == KEY_SIZE   (CIPHER     ));
+  require (EVP_CIPHER_block_size (CIPHER      ()) == BLOCK_SIZE (CIPHER     ));
+  curve25519_verify ();
+  hkdf::verify ();
   set_loglevel (L_INFO);
   set_identity (argv[0]);
   log_to (LOGTO_SYSLOG | LOGTO_STDERR);
     {
       printf (_("%s version %s (built %s %s, protocol version %d.%d)\n"), get_identity (),
               VERSION, __DATE__, __TIME__, PROTOCOL_MAJOR, PROTOCOL_MINOR);
       printf (_("Built with kernel interface %s/%s.\n"), IFTYPE, IFSUBTYPE);
       printf (_
-              ("Copyright (C) 2003-2008 Marc Lehmann <gvpe@schmorp.de> and others.\n"
+              ("Copyright (C) 2003-2011 Marc Lehmann <gvpe@schmorp.de> and others.\n"
                "See the AUTHORS file for a complete list.\n\n"
-               "tinc comes with ABSOLUTELY NO WARRANTY.  This is free software,\n"
+               "GVPE comes with ABSOLUTELY NO WARRANTY.  This is free software,\n"
                "and you are welcome to redistribute it under certain conditions;\n"
                "see the file COPYING for details.\n"));
       return 0;
     }
     configuration_parser (conf, true, argc, argv);
   }
   set_loglevel (llevel != L_NONE ? llevel : conf.llevel);
-  RAND_load_file ("/dev/urandom", 1024);
+  setup_rng ();
   if (!THISNODE)
     {
       slog (L_ERR, _("current node not set, or node '%s' not found in configfile, specify the nodename when starting gvpe."),
             thisnode ? thisnode : "<unset>");
     exit (EXIT_SUCCESS);
   setup_signals ();
   if (!network.setup ())
+    if (network.drop_privileges ())
-    {
+      {
-      ev_loop (EV_DEFAULT_ 0);
+        ev_run (EV_DEFAULT_ 0);
-      cleanup_and_exit (EXIT_FAILURE);
+        cleanup_and_exit (EXIT_FAILURE);
-    }
+      }
-  slog (L_ERR, _("unable to setup network, unrecoverable error, exiting."));
+  slog (L_CRIT, _("unrecoverable error while setting up network, exiting."));
   cleanup_and_exit (EXIT_FAILURE);
 }

Diff Legend

-–
+Removed lines
-+
+Added lines
-<
+Changed lines
->
+Changed lines

Comparing gvpe/src/gvpe.C (file contents): Revision 1.15 by pcg, Fri Nov 21 05:02:08 2008 UTC vs. Revision 1.25 by root, Tue Jul 16 16:44:36 2013 UTC

Diff Legend

Comparing gvpe/src/gvpe.C (file contents):
Revision 1.15 by pcg, Fri Nov 21 05:02:08 2008 UTC vs.
Revision 1.25 by root, Tue Jul 16 16:44:36 2013 UTC