1 | /* |
1 | /* |
2 | gvpectrl.C -- the main file for gvpectrl |
2 | gvpectrl.C -- the main file for gvpectrl |
3 | Copyright (C) 1998-2002 Ivo Timmermans <ivo@o2w.nl> |
3 | Copyright (C) 1998-2002 Ivo Timmermans <ivo@o2w.nl> |
4 | 2000-2002 Guus Sliepen <guus@sliepen.eu.org> |
4 | 2000-2002 Guus Sliepen <guus@sliepen.eu.org> |
5 | 2003-2008 Marc Lehmann <gvpe@schmorp.de> |
5 | 2003-2013 Marc Lehmann <gvpe@schmorp.de> |
6 | |
6 | |
7 | This file is part of GVPE. |
7 | This file is part of GVPE. |
8 | |
8 | |
9 | GVPE is free software; you can redistribute it and/or modify it |
9 | GVPE is free software; you can redistribute it and/or modify it |
10 | under the terms of the GNU General Public License as published by the |
10 | under the terms of the GNU General Public License as published by the |
… | |
… | |
44 | #include <sys/stat.h> |
44 | #include <sys/stat.h> |
45 | #include <sys/types.h> |
45 | #include <sys/types.h> |
46 | #include <unistd.h> |
46 | #include <unistd.h> |
47 | #include <signal.h> |
47 | #include <signal.h> |
48 | |
48 | |
|
|
49 | #include <openssl/bn.h> |
49 | #include <openssl/rand.h> |
50 | #include <openssl/rand.h> |
50 | #include <openssl/rsa.h> |
51 | #include <openssl/rsa.h> |
51 | #include <openssl/pem.h> |
52 | #include <openssl/pem.h> |
52 | #include <openssl/evp.h> |
53 | #include <openssl/evp.h> |
53 | |
54 | |
… | |
… | |
75 | |
76 | |
76 | /* If nonzero, generate public/private keypair for this net. */ |
77 | /* If nonzero, generate public/private keypair for this net. */ |
77 | static int generate_keys; |
78 | static int generate_keys; |
78 | |
79 | |
79 | static struct option const long_options[] = |
80 | static struct option const long_options[] = |
80 | { |
81 | { |
81 | {"config", required_argument, NULL, 'c'}, |
82 | {"config", required_argument, NULL, 'c'}, |
82 | {"kill", optional_argument, NULL, 'k'}, |
83 | {"kill", optional_argument, NULL, 'k'}, |
83 | {"help", no_argument, &show_help, 1}, |
84 | {"help", no_argument, &show_help, 1}, |
84 | {"version", no_argument, &show_version, 1}, |
85 | {"version", no_argument, &show_version, 1}, |
85 | {"generate-keys", no_argument, NULL, 'g'}, |
86 | {"generate-keys", no_argument, NULL, 'g'}, |
86 | {"quiet", no_argument, &quiet, 1}, |
87 | {"quiet", no_argument, &quiet, 1}, |
87 | {"show-config", no_argument, &show_config, 's'}, |
88 | {"show-config", no_argument, &show_config, 's'}, |
88 | {NULL, 0, NULL, 0} |
89 | {NULL, 0, NULL, 0} |
89 | }; |
90 | }; |
90 | |
91 | |
91 | static void |
92 | static void |
92 | usage (int status) |
93 | usage (int status) |
93 | { |
94 | { |
94 | if (status != 0) |
95 | if (status != 0) |
… | |
… | |
108 | } |
109 | } |
109 | |
110 | |
110 | exit (status); |
111 | exit (status); |
111 | } |
112 | } |
112 | |
113 | |
113 | void |
114 | static void |
114 | parse_options (int argc, char **argv, char **envp) |
115 | parse_options (int argc, char **argv, char **envp) |
115 | { |
116 | { |
116 | int r; |
117 | int r; |
117 | int option_index = 0; |
118 | int option_index = 0; |
118 | |
119 | |
119 | while ((r = getopt_long (argc, argv, "c:k::qgs", long_options, &option_index)) != EOF) |
120 | while ((r = getopt_long (argc, argv, "c:k::qgs", long_options, &option_index)) != EOF) |
120 | { |
121 | { |
121 | switch (r) |
122 | switch (r) |
122 | { |
123 | { |
123 | case 0: /* long option */ |
124 | case 0: /* long option */ |
124 | break; |
125 | break; |
125 | |
126 | |
126 | case 'c': /* config file */ |
127 | case 'c': /* config file */ |
127 | confbase = strdup (optarg); |
128 | confbase = strdup (optarg); |
128 | break; |
129 | break; |
129 | |
130 | |
130 | case 'k': /* kill old gvpes */ |
131 | case 'k': /* kill old gvpes */ |
131 | if (optarg) |
132 | if (optarg) |
132 | { |
133 | { |
133 | if (!strcasecmp (optarg, "HUP")) |
134 | if (!strcasecmp (optarg, "HUP")) |
134 | kill_gvpe = SIGHUP; |
135 | kill_gvpe = SIGHUP; |
135 | else if (!strcasecmp (optarg, "TERM")) |
136 | else if (!strcasecmp (optarg, "TERM")) |
136 | kill_gvpe = SIGTERM; |
137 | kill_gvpe = SIGTERM; |
137 | else if (!strcasecmp (optarg, "KILL")) |
138 | else if (!strcasecmp (optarg, "KILL")) |
138 | kill_gvpe = SIGKILL; |
139 | kill_gvpe = SIGKILL; |
139 | else if (!strcasecmp (optarg, "USR1")) |
140 | else if (!strcasecmp (optarg, "USR1")) |
140 | kill_gvpe = SIGUSR1; |
141 | kill_gvpe = SIGUSR1; |
141 | else if (!strcasecmp (optarg, "USR2")) |
142 | else if (!strcasecmp (optarg, "USR2")) |
142 | kill_gvpe = SIGUSR2; |
143 | kill_gvpe = SIGUSR2; |
143 | else if (!strcasecmp (optarg, "INT")) |
144 | else if (!strcasecmp (optarg, "INT")) |
144 | kill_gvpe = SIGINT; |
145 | kill_gvpe = SIGINT; |
145 | else if (!strcasecmp (optarg, "ALRM")) |
146 | else if (!strcasecmp (optarg, "ALRM")) |
146 | kill_gvpe = SIGALRM; |
147 | kill_gvpe = SIGALRM; |
147 | else |
148 | else |
148 | { |
149 | { |
149 | kill_gvpe = atoi (optarg); |
150 | kill_gvpe = atoi (optarg); |
150 | |
151 | |
151 | if (!kill_gvpe) |
152 | if (!kill_gvpe) |
152 | { |
153 | { |
153 | fprintf (stderr, |
154 | fprintf (stderr, |
154 | _ |
155 | _ |
155 | ("Invalid argument `%s'; SIGNAL must be a number or one of HUP, TERM, KILL, USR1, USR2, WINCH, INT or ALRM.\n"), |
156 | ("Invalid argument `%s'; SIGNAL must be a number or one of HUP, TERM, KILL, USR1, USR2, WINCH, INT or ALRM.\n"), |
156 | optarg); |
157 | optarg); |
157 | usage (1); |
158 | usage (1); |
158 | } |
159 | } |
159 | } |
160 | } |
160 | } |
161 | } |
161 | else |
162 | else |
162 | kill_gvpe = SIGTERM; |
163 | kill_gvpe = SIGTERM; |
163 | |
164 | |
164 | break; |
165 | break; |
165 | |
166 | |
166 | case 'g': /* generate public/private keypair */ |
167 | case 'g': /* generate public/private keypair */ |
167 | generate_keys = RSA_KEYBITS; |
168 | generate_keys = RSA_KEYBITS; |
168 | break; |
169 | break; |
169 | |
170 | |
170 | case 's': |
171 | case 's': |
171 | show_config = 1; |
172 | show_config = 1; |
172 | break; |
173 | break; |
173 | |
174 | |
174 | case 'q': |
175 | case 'q': |
175 | quiet = 1; |
176 | quiet = 1; |
176 | break; |
177 | break; |
177 | |
178 | |
178 | case '?': |
179 | case '?': |
179 | usage (1); |
180 | usage (1); |
180 | |
181 | |
181 | default: |
182 | default: |
182 | break; |
183 | break; |
183 | } |
184 | } |
184 | } |
185 | } |
185 | } |
186 | } |
186 | |
187 | |
187 | /* This function prettyprints the key generation process */ |
188 | // this function prettyprints the key generation process |
188 | |
189 | static int |
189 | void |
|
|
190 | indicator (int a, int b, void *p) |
190 | indicator (int a, int b, BN_GENCB *cb) |
191 | { |
191 | { |
192 | if (quiet) |
192 | if (quiet) |
193 | return; |
193 | return 1; |
194 | |
194 | |
195 | switch (a) |
195 | switch (a) |
196 | { |
196 | { |
197 | case 0: |
197 | case 0: |
198 | fprintf (stderr, "."); |
198 | fprintf (stderr, "."); |
199 | break; |
199 | break; |
200 | |
200 | |
201 | case 1: |
201 | case 1: |
202 | fprintf (stderr, "+"); |
202 | fprintf (stderr, "+"); |
203 | break; |
203 | break; |
204 | |
204 | |
205 | case 2: |
205 | case 2: |
206 | fprintf (stderr, "-"); |
206 | fprintf (stderr, "-"); |
207 | break; |
207 | break; |
208 | |
208 | |
209 | case 3: |
209 | case 3: |
210 | switch (b) |
210 | switch (b) |
211 | { |
211 | { |
212 | case 0: |
212 | case 0: |
213 | fprintf (stderr, " p\n"); |
213 | fprintf (stderr, " p\n"); |
214 | break; |
214 | break; |
215 | |
215 | |
216 | case 1: |
216 | case 1: |
217 | fprintf (stderr, " q\n"); |
217 | fprintf (stderr, " q\n"); |
218 | break; |
218 | break; |
219 | |
219 | |
220 | default: |
220 | default: |
221 | fprintf (stderr, "?"); |
221 | fprintf (stderr, "?"); |
222 | } |
222 | } |
223 | break; |
223 | break; |
224 | |
224 | |
225 | default: |
225 | default: |
226 | fprintf (stderr, "?"); |
226 | fprintf (stderr, "?"); |
227 | } |
227 | } |
|
|
228 | |
|
|
229 | return 1; |
228 | } |
230 | } |
229 | |
231 | |
230 | /* |
232 | /* |
231 | * generate public/private RSA keypairs for all hosts that don't have one. |
233 | * generate public/private RSA keypairs for all hosts that don't have one. |
232 | */ |
234 | */ |
233 | int |
235 | static int |
234 | keygen (int bits) |
236 | keygen (int bits) |
235 | { |
237 | { |
236 | RSA *rsa_key; |
|
|
237 | FILE *f; |
238 | FILE *f; |
238 | char *name = NULL; |
239 | char *name = NULL; |
239 | char *fname; |
240 | char *fname; |
240 | |
241 | |
241 | asprintf (&fname, "%s/hostkeys", confbase); |
242 | asprintf (&fname, "%s/hostkeys", confbase); |
… | |
… | |
252 | |
253 | |
253 | asprintf (&fname, "%s/pubkey/%s", confbase, node->nodename); |
254 | asprintf (&fname, "%s/pubkey/%s", confbase, node->nodename); |
254 | |
255 | |
255 | f = fopen (fname, "a"); |
256 | f = fopen (fname, "a"); |
256 | |
257 | |
257 | if (!f) |
258 | /* some libcs are buggy and require an extra seek to the end */ |
|
|
259 | if (!f || fseek (f, 0, SEEK_END)) |
258 | { |
260 | { |
259 | perror (fname); |
261 | perror (fname); |
260 | exit (EXIT_FAILURE); |
262 | exit (EXIT_FAILURE); |
261 | } |
263 | } |
262 | |
264 | |
… | |
… | |
271 | } |
273 | } |
272 | |
274 | |
273 | fprintf (stderr, _("generating %d bits key for %s:\n"), bits, |
275 | fprintf (stderr, _("generating %d bits key for %s:\n"), bits, |
274 | node->nodename); |
276 | node->nodename); |
275 | |
277 | |
276 | rsa_key = RSA_generate_key (bits, 0xFFFF, indicator, NULL); |
278 | RSA *rsa = RSA_new (); |
|
|
279 | BIGNUM *e = BN_new (); |
|
|
280 | BN_set_bit (e, 0); BN_set_bit (e, 16); // 0x10001, 65537 |
|
|
281 | BN_GENCB cb; |
|
|
282 | BN_GENCB_set (&cb, indicator, 0); |
277 | |
283 | |
278 | if (!rsa_key) |
284 | require (RSA_generate_key_ex (rsa, bits, e, &cb)); |
279 | { |
285 | |
280 | fprintf (stderr, _("error during key generation!\n")); |
|
|
281 | return -1; |
|
|
282 | } |
|
|
283 | else |
|
|
284 | fprintf (stderr, _("Done.\n")); |
286 | fprintf (stderr, _("Done.\n")); |
285 | |
287 | |
286 | require (PEM_write_RSAPublicKey (f, rsa_key)); |
288 | require (PEM_write_RSAPublicKey (f, rsa)); |
287 | fclose (f); |
289 | fclose (f); |
288 | free (fname); |
290 | free (fname); |
289 | |
291 | |
290 | asprintf (&fname, "%s/hostkeys/%s", confbase, node->nodename); |
292 | asprintf (&fname, "%s/hostkeys/%s", confbase, node->nodename); |
291 | |
293 | |
… | |
… | |
294 | { |
296 | { |
295 | perror (fname); |
297 | perror (fname); |
296 | exit (EXIT_FAILURE); |
298 | exit (EXIT_FAILURE); |
297 | } |
299 | } |
298 | |
300 | |
299 | require (PEM_write_RSAPrivateKey (f, rsa_key, NULL, NULL, 0, NULL, NULL)); |
301 | require (PEM_write_RSAPrivateKey (f, rsa, NULL, NULL, 0, NULL, NULL)); |
300 | fclose (f); |
302 | fclose (f); |
301 | free (fname); |
303 | free (fname); |
|
|
304 | |
|
|
305 | BN_free (e); |
|
|
306 | RSA_free (rsa); |
302 | } |
307 | } |
303 | |
308 | |
304 | return 0; |
309 | return 0; |
305 | } |
310 | } |
306 | |
311 | |
… | |
… | |
320 | { |
325 | { |
321 | printf (_("%s version %s (built %s %s, protocol version %d.%d)\n"), get_identity (), |
326 | printf (_("%s version %s (built %s %s, protocol version %d.%d)\n"), get_identity (), |
322 | VERSION, __DATE__, __TIME__, PROTOCOL_MAJOR, PROTOCOL_MINOR); |
327 | VERSION, __DATE__, __TIME__, PROTOCOL_MAJOR, PROTOCOL_MINOR); |
323 | printf (_("Built with kernel interface %s/%s.\n"), IFTYPE, IFSUBTYPE); |
328 | printf (_("Built with kernel interface %s/%s.\n"), IFTYPE, IFSUBTYPE); |
324 | printf (_ |
329 | printf (_ |
325 | ("Copyright (C) 2003-2008 Marc Lehmann <gvpe@schmorp.de> and others.\n" |
330 | ("Copyright (C) 2003-2013 Marc Lehmann <gvpe@schmorp.de> and others.\n" |
326 | "See the AUTHORS file for a complete list.\n\n" |
331 | "See the AUTHORS file for a complete list.\n\n" |
327 | "vpe comes with ABSOLUTELY NO WARRANTY. This is free software,\n" |
332 | "vpe comes with ABSOLUTELY NO WARRANTY. This is free software,\n" |
328 | "and you are welcome to redistribute it under certain conditions;\n" |
333 | "and you are welcome to redistribute it under certain conditions;\n" |
329 | "see the file COPYING for details.\n")); |
334 | "see the file COPYING for details.\n")); |
330 | |
335 | |
… | |
… | |
338 | configuration_parser (conf, false, 0, 0); |
343 | configuration_parser (conf, false, 0, 0); |
339 | } |
344 | } |
340 | |
345 | |
341 | if (generate_keys) |
346 | if (generate_keys) |
342 | { |
347 | { |
343 | RAND_load_file ("/dev/urandom", 1024); |
348 | RAND_load_file (conf.seed_dev, SEED_SIZE); |
344 | exit (keygen (generate_keys)); |
349 | exit (keygen (generate_keys)); |
345 | } |
350 | } |
346 | |
351 | |
347 | if (kill_gvpe) |
352 | if (kill_gvpe) |
348 | exit (kill_other (kill_gvpe)); |
353 | exit (kill_other (kill_gvpe)); |