| 1 | /* |
1 | /* |
| 2 | gvpe.C -- the main file for gvpe |
2 | gvpe.C -- the main file for gvpe |
| 3 | Copyright (C) 1998-2002 Ivo Timmermans <ivo@o2w.nl> |
3 | Copyright (C) 1998-2002 Ivo Timmermans <ivo@o2w.nl> |
| 4 | 2000-2002 Guus Sliepen <guus@sliepen.eu.org> |
4 | 2000-2002 Guus Sliepen <guus@sliepen.eu.org> |
| 5 | 2003-2011 Marc Lehmann <gvpe@schmorp.de> |
5 | 2003-2013 Marc Lehmann <gvpe@schmorp.de> |
| 6 | |
6 | |
| 7 | This file is part of GVPE. |
7 | This file is part of GVPE. |
| 8 | |
8 | |
| 9 | GVPE is free software; you can redistribute it and/or modify it |
9 | GVPE is free software; you can redistribute it and/or modify it |
| 10 | under the terms of the GNU General Public License as published by the |
10 | under the terms of the GNU General Public License as published by the |
| … | |
… | |
| 40 | #include <errno.h> |
40 | #include <errno.h> |
| 41 | #include <fcntl.h> |
41 | #include <fcntl.h> |
| 42 | #include <getopt.h> |
42 | #include <getopt.h> |
| 43 | #include <signal.h> |
43 | #include <signal.h> |
| 44 | #include <sys/types.h> |
44 | #include <sys/types.h> |
|
|
45 | #include <sys/stat.h> |
| 45 | #include <unistd.h> |
46 | #include <unistd.h> |
| 46 | #include <signal.h> |
47 | #include <signal.h> |
| 47 | #include <termios.h> |
48 | #include <termios.h> |
| 48 | |
49 | |
| 49 | #if HAVE_SYS_MMAN_H |
50 | #if HAVE_SYS_MMAN_H |
| … | |
… | |
| 59 | #include "conf.h" |
60 | #include "conf.h" |
| 60 | #include "slog.h" |
61 | #include "slog.h" |
| 61 | #include "util.h" |
62 | #include "util.h" |
| 62 | #include "vpn.h" |
63 | #include "vpn.h" |
| 63 | #include "ev_cpp.h" |
64 | #include "ev_cpp.h" |
|
|
65 | #include "hkdf.h" |
| 64 | |
66 | |
| 65 | static loglevel llevel = L_NONE; |
67 | static loglevel llevel = L_NONE; |
| 66 | |
68 | |
| 67 | /* If nonzero, display usage information and exit. */ |
69 | /* If nonzero, display usage information and exit. */ |
| 68 | static int show_help; |
70 | static int show_help; |
| … | |
… | |
| 206 | act.sa_flags = SA_RESETHAND; |
208 | act.sa_flags = SA_RESETHAND; |
| 207 | act.sa_handler = sigterm_handler; sigaction (SIGINT , &act, NULL); |
209 | act.sa_handler = sigterm_handler; sigaction (SIGINT , &act, NULL); |
| 208 | act.sa_handler = sigterm_handler; sigaction (SIGTERM, &act, NULL); |
210 | act.sa_handler = sigterm_handler; sigaction (SIGTERM, &act, NULL); |
| 209 | } |
211 | } |
| 210 | |
212 | |
|
|
213 | static int rand_fd; |
|
|
214 | |
|
|
215 | // antique C++ requires external linkage :/ |
|
|
216 | void |
|
|
217 | reseed_rng (ev::timer &w, int revents) |
|
|
218 | { |
|
|
219 | char buf [SEED_SIZE]; |
|
|
220 | int n = read (rand_fd, buf, sizeof (buf)); |
|
|
221 | |
|
|
222 | if (n > 0) |
|
|
223 | RAND_seed (buf, n); |
|
|
224 | } |
|
|
225 | |
|
|
226 | static void |
|
|
227 | setup_rng (void) |
|
|
228 | { |
|
|
229 | if (!*conf.seed_dev) |
|
|
230 | return; |
|
|
231 | |
|
|
232 | #ifndef O_BINARY |
|
|
233 | # define O_BINARY 0 |
|
|
234 | #endif |
|
|
235 | #ifndef O_NONBLOCK |
|
|
236 | # define O_NONBLOCK 0 |
|
|
237 | #endif |
|
|
238 | |
|
|
239 | rand_fd = open (conf.seed_dev, O_RDONLY | O_NONBLOCK | O_BINARY); |
|
|
240 | |
|
|
241 | if (rand_fd < 0) |
|
|
242 | { |
|
|
243 | slog (L_ERR, _("unable to open seed device '%s': %s, exiting."), conf.seed_dev, strerror (errno)); |
|
|
244 | exit (EXIT_FAILURE); |
|
|
245 | } |
|
|
246 | |
|
|
247 | static ev::timer reseed_timer; |
|
|
248 | |
|
|
249 | if (conf.reseed) |
|
|
250 | { |
|
|
251 | reseed_timer.set<reseed_rng> (); |
|
|
252 | reseed_timer.set (conf.reseed, conf.reseed); |
|
|
253 | reseed_timer.start (EV_DEFAULT); |
|
|
254 | } |
|
|
255 | |
|
|
256 | reseed_rng (reseed_timer, 0); |
|
|
257 | } |
|
|
258 | |
| 211 | int |
259 | int |
| 212 | main (int argc, char **argv, char **envp) |
260 | main (int argc, char **argv, char **envp) |
| 213 | { |
261 | { |
| 214 | ERR_load_crypto_strings (); // we have the RAM |
262 | ERR_load_crypto_strings (); // we have the RAM |
|
|
263 | |
|
|
264 | require (EVP_MD_size (MAC_DIGEST ()) == HASH_SIZE (MAC_DIGEST )); |
|
|
265 | require (EVP_MD_size (AUTH_DIGEST ()) == HASH_SIZE (AUTH_DIGEST)); |
|
|
266 | require (EVP_CIPHER_key_length (CIPHER ()) == KEY_SIZE (CIPHER )); |
|
|
267 | require (EVP_CIPHER_block_size (CIPHER ()) == BLOCK_SIZE (CIPHER )); |
|
|
268 | |
|
|
269 | curve25519_verify (); |
|
|
270 | hkdf::verify (); |
| 215 | |
271 | |
| 216 | set_loglevel (L_INFO); |
272 | set_loglevel (L_INFO); |
| 217 | set_identity (argv[0]); |
273 | set_identity (argv[0]); |
| 218 | log_to (LOGTO_SYSLOG | LOGTO_STDERR); |
274 | log_to (LOGTO_SYSLOG | LOGTO_STDERR); |
| 219 | |
275 | |
| … | |
… | |
| 230 | { |
286 | { |
| 231 | printf (_("%s version %s (built %s %s, protocol version %d.%d)\n"), get_identity (), |
287 | printf (_("%s version %s (built %s %s, protocol version %d.%d)\n"), get_identity (), |
| 232 | VERSION, __DATE__, __TIME__, PROTOCOL_MAJOR, PROTOCOL_MINOR); |
288 | VERSION, __DATE__, __TIME__, PROTOCOL_MAJOR, PROTOCOL_MINOR); |
| 233 | printf (_("Built with kernel interface %s/%s.\n"), IFTYPE, IFSUBTYPE); |
289 | printf (_("Built with kernel interface %s/%s.\n"), IFTYPE, IFSUBTYPE); |
| 234 | printf (_ |
290 | printf (_ |
| 235 | ("Copyright (C) 2003-2008 Marc Lehmann <gvpe@schmorp.de> and others.\n" |
291 | ("Copyright (C) 2003-2011 Marc Lehmann <gvpe@schmorp.de> and others.\n" |
| 236 | "See the AUTHORS file for a complete list.\n\n" |
292 | "See the AUTHORS file for a complete list.\n\n" |
| 237 | "GVPE comes with ABSOLUTELY NO WARRANTY. This is free software,\n" |
293 | "GVPE comes with ABSOLUTELY NO WARRANTY. This is free software,\n" |
| 238 | "and you are welcome to redistribute it under certain conditions;\n" |
294 | "and you are welcome to redistribute it under certain conditions;\n" |
| 239 | "see the file COPYING for details.\n")); |
295 | "see the file COPYING for details.\n")); |
| 240 | |
296 | |
| … | |
… | |
| 270 | configuration_parser (conf, true, argc, argv); |
326 | configuration_parser (conf, true, argc, argv); |
| 271 | } |
327 | } |
| 272 | |
328 | |
| 273 | set_loglevel (llevel != L_NONE ? llevel : conf.llevel); |
329 | set_loglevel (llevel != L_NONE ? llevel : conf.llevel); |
| 274 | |
330 | |
| 275 | RAND_load_file ("/dev/urandom", 1024); |
331 | setup_rng (); |
| 276 | |
332 | |
| 277 | if (!THISNODE) |
333 | if (!THISNODE) |
| 278 | { |
334 | { |
| 279 | slog (L_ERR, _("current node not set, or node '%s' not found in configfile, specify the nodename when starting gvpe."), |
335 | slog (L_ERR, _("current node not set, or node '%s' not found in configfile, specify the nodename when starting gvpe."), |
| 280 | thisnode ? thisnode : "<unset>"); |
336 | thisnode ? thisnode : "<unset>"); |
| … | |
… | |
| 285 | exit (EXIT_SUCCESS); |
341 | exit (EXIT_SUCCESS); |
| 286 | |
342 | |
| 287 | setup_signals (); |
343 | setup_signals (); |
| 288 | |
344 | |
| 289 | if (!network.setup ()) |
345 | if (!network.setup ()) |
|
|
346 | if (network.drop_privileges ()) |
| 290 | { |
347 | { |
| 291 | ev_loop (EV_DEFAULT_ 0); |
348 | ev_run (EV_DEFAULT_ 0); |
| 292 | cleanup_and_exit (EXIT_FAILURE); |
349 | cleanup_and_exit (EXIT_FAILURE); |
| 293 | } |
350 | } |
| 294 | |
351 | |
| 295 | slog (L_ERR, _("unrecoverable error while setting up network, exiting.")); |
352 | slog (L_CRIT, _("unrecoverable error while setting up network, exiting.")); |
| 296 | cleanup_and_exit (EXIT_FAILURE); |
353 | cleanup_and_exit (EXIT_FAILURE); |
| 297 | } |
354 | } |
| 298 | |
355 | |
