1 | /* |
1 | /* |
2 | gvpectrl.C -- the main file for gvpectrl |
2 | gvpectrl.C -- the main file for gvpectrl |
3 | Copyright (C) 1998-2002 Ivo Timmermans <ivo@o2w.nl> |
3 | Copyright (C) 1998-2002 Ivo Timmermans <ivo@o2w.nl> |
4 | 2000-2002 Guus Sliepen <guus@sliepen.eu.org> |
4 | 2000-2002 Guus Sliepen <guus@sliepen.eu.org> |
5 | 2003-2008 Marc Lehmann <gvpe@schmorp.de> |
5 | 2003-2013 Marc Lehmann <gvpe@schmorp.de> |
6 | |
6 | |
7 | This file is part of GVPE. |
7 | This file is part of GVPE. |
8 | |
8 | |
9 | GVPE is free software; you can redistribute it and/or modify it |
9 | GVPE is free software; you can redistribute it and/or modify it |
10 | under the terms of the GNU General Public License as published by the |
10 | under the terms of the GNU General Public License as published by the |
… | |
… | |
44 | #include <sys/stat.h> |
44 | #include <sys/stat.h> |
45 | #include <sys/types.h> |
45 | #include <sys/types.h> |
46 | #include <unistd.h> |
46 | #include <unistd.h> |
47 | #include <signal.h> |
47 | #include <signal.h> |
48 | |
48 | |
|
|
49 | #include <openssl/bn.h> |
49 | #include <openssl/rand.h> |
50 | #include <openssl/rand.h> |
50 | #include <openssl/rsa.h> |
51 | #include <openssl/rsa.h> |
51 | #include <openssl/pem.h> |
52 | #include <openssl/pem.h> |
52 | #include <openssl/evp.h> |
53 | #include <openssl/evp.h> |
53 | |
54 | |
… | |
… | |
68 | static int kill_gvpe; |
69 | static int kill_gvpe; |
69 | |
70 | |
70 | /* If nonzero, it will attempt to kill a running gvpe and exit. */ |
71 | /* If nonzero, it will attempt to kill a running gvpe and exit. */ |
71 | static int show_config; |
72 | static int show_config; |
72 | |
73 | |
|
|
74 | /* If nonzero, do not output anything but warnings/errors/very unusual conditions */ |
|
|
75 | static int quiet; |
|
|
76 | |
73 | /* If nonzero, generate public/private keypair for this net. */ |
77 | /* If nonzero, generate public/private keypair for this net. */ |
74 | static int generate_keys; |
78 | static int generate_keys; |
75 | |
79 | |
|
|
80 | // output some debugging info, interna constants &c |
|
|
81 | static int debug_info; |
|
|
82 | |
76 | static struct option const long_options[] = |
83 | static struct option const long_options[] = |
77 | { |
84 | { |
78 | {"config", required_argument, NULL, 'c'}, |
85 | {"config", required_argument, NULL, 'c'}, |
79 | {"kill", optional_argument, NULL, 'k'}, |
86 | {"kill", optional_argument, NULL, 'k'}, |
80 | {"help", no_argument, &show_help, 1}, |
87 | {"help", no_argument, &show_help, 1}, |
81 | {"version", no_argument, &show_version, 1}, |
88 | {"version", no_argument, &show_version, 1}, |
82 | {"generate-keys", no_argument, NULL, 'g'}, |
89 | {"generate-keys", no_argument, NULL, 'g'}, |
|
|
90 | {"quiet", no_argument, &quiet, 1}, |
83 | {"show-config", no_argument, &show_config, 's'}, |
91 | {"show-config", no_argument, &show_config, 's'}, |
|
|
92 | {"debug-info", no_argument, &debug_info, 1}, |
84 | {NULL, 0, NULL, 0} |
93 | {NULL, 0, NULL, 0} |
85 | }; |
94 | }; |
86 | |
95 | |
87 | static void |
96 | static void |
88 | usage (int status) |
97 | usage (int status) |
89 | { |
98 | { |
90 | if (status != 0) |
99 | if (status != 0) |
… | |
… | |
95 | printf (_ |
104 | printf (_ |
96 | (" -c, --config=DIR Read configuration options from DIR.\n" |
105 | (" -c, --config=DIR Read configuration options from DIR.\n" |
97 | " -k, --kill[=SIGNAL] Attempt to kill a running gvpe and exit.\n" |
106 | " -k, --kill[=SIGNAL] Attempt to kill a running gvpe and exit.\n" |
98 | " -g, --generate-keys Generate public/private RSA keypair.\n" |
107 | " -g, --generate-keys Generate public/private RSA keypair.\n" |
99 | " -s, --show-config Display the configuration information.\n" |
108 | " -s, --show-config Display the configuration information.\n" |
|
|
109 | " -q, --quiet Be quite quiet.\n" |
100 | " --help Display this help and exit.\n" |
110 | " --help Display this help and exit.\n" |
101 | " --version Output version information and exit.\n\n")); |
111 | " --version Output version information and exit.\n\n")); |
102 | printf (_("Report bugs to <gvpe@schmorp.de>.\n")); |
112 | printf (_("Report bugs to <gvpe@schmorp.de>.\n")); |
103 | } |
113 | } |
104 | |
114 | |
105 | exit (status); |
115 | exit (status); |
106 | } |
116 | } |
107 | |
117 | |
108 | void |
118 | static void |
109 | parse_options (int argc, char **argv, char **envp) |
119 | parse_options (int argc, char **argv, char **envp) |
110 | { |
120 | { |
111 | int r; |
121 | int r; |
112 | int option_index = 0; |
122 | int option_index = 0; |
113 | |
123 | |
114 | while ((r = |
124 | while ((r = getopt_long (argc, argv, "c:k::qgs", long_options, &option_index)) != EOF) |
115 | getopt_long (argc, argv, "c:k::gs", long_options, |
|
|
116 | &option_index)) != EOF) |
|
|
117 | { |
125 | { |
118 | switch (r) |
126 | switch (r) |
119 | { |
127 | { |
120 | case 0: /* long option */ |
128 | case 0: /* long option */ |
121 | break; |
129 | break; |
122 | |
130 | |
123 | case 'c': /* config file */ |
131 | case 'c': /* config file */ |
124 | confbase = strdup (optarg); |
132 | confbase = strdup (optarg); |
125 | break; |
133 | break; |
126 | |
134 | |
127 | case 'k': /* kill old gvpes */ |
135 | case 'k': /* kill old gvpes */ |
128 | if (optarg) |
136 | if (optarg) |
129 | { |
137 | { |
130 | if (!strcasecmp (optarg, "HUP")) |
138 | if (!strcasecmp (optarg, "HUP")) |
131 | kill_gvpe = SIGHUP; |
139 | kill_gvpe = SIGHUP; |
132 | else if (!strcasecmp (optarg, "TERM")) |
140 | else if (!strcasecmp (optarg, "TERM")) |
133 | kill_gvpe = SIGTERM; |
141 | kill_gvpe = SIGTERM; |
134 | else if (!strcasecmp (optarg, "KILL")) |
142 | else if (!strcasecmp (optarg, "KILL")) |
135 | kill_gvpe = SIGKILL; |
143 | kill_gvpe = SIGKILL; |
136 | else if (!strcasecmp (optarg, "USR1")) |
144 | else if (!strcasecmp (optarg, "USR1")) |
137 | kill_gvpe = SIGUSR1; |
145 | kill_gvpe = SIGUSR1; |
138 | else if (!strcasecmp (optarg, "USR2")) |
146 | else if (!strcasecmp (optarg, "USR2")) |
139 | kill_gvpe = SIGUSR2; |
147 | kill_gvpe = SIGUSR2; |
140 | else if (!strcasecmp (optarg, "INT")) |
148 | else if (!strcasecmp (optarg, "INT")) |
141 | kill_gvpe = SIGINT; |
149 | kill_gvpe = SIGINT; |
142 | else if (!strcasecmp (optarg, "ALRM")) |
150 | else if (!strcasecmp (optarg, "ALRM")) |
143 | kill_gvpe = SIGALRM; |
151 | kill_gvpe = SIGALRM; |
144 | else |
152 | else |
145 | { |
153 | { |
146 | kill_gvpe = atoi (optarg); |
154 | kill_gvpe = atoi (optarg); |
147 | |
155 | |
148 | if (!kill_gvpe) |
156 | if (!kill_gvpe) |
149 | { |
157 | { |
150 | fprintf (stderr, |
158 | fprintf (stderr, |
151 | _ |
159 | _ |
152 | ("Invalid argument `%s'; SIGNAL must be a number or one of HUP, TERM, KILL, USR1, USR2, WINCH, INT or ALRM.\n"), |
160 | ("Invalid argument `%s'; SIGNAL must be a number or one of HUP, TERM, KILL, USR1, USR2, WINCH, INT or ALRM.\n"), |
153 | optarg); |
161 | optarg); |
154 | usage (1); |
162 | usage (1); |
155 | } |
163 | } |
156 | } |
164 | } |
157 | } |
165 | } |
158 | else |
166 | else |
159 | kill_gvpe = SIGTERM; |
167 | kill_gvpe = SIGTERM; |
160 | |
168 | |
161 | break; |
169 | break; |
162 | |
170 | |
163 | case 'g': /* generate public/private keypair */ |
171 | case 'g': /* generate public/private keypair */ |
164 | generate_keys = RSA_KEYBITS; |
172 | generate_keys = RSABITS; |
165 | break; |
173 | break; |
166 | |
174 | |
167 | case 's': |
175 | case 's': |
168 | show_config = 1; |
176 | show_config = 1; |
169 | break; |
177 | break; |
170 | |
178 | |
|
|
179 | case 'q': |
|
|
180 | quiet = 1; |
|
|
181 | break; |
|
|
182 | |
171 | case '?': |
183 | case '?': |
172 | usage (1); |
184 | usage (1); |
173 | |
185 | |
174 | default: |
186 | default: |
175 | break; |
187 | break; |
176 | } |
188 | } |
177 | } |
189 | } |
178 | } |
190 | } |
179 | |
191 | |
180 | /* This function prettyprints the key generation process */ |
192 | // this function prettyprints the key generation process |
181 | |
193 | static int |
182 | void |
|
|
183 | indicator (int a, int b, void *p) |
194 | indicator (int a, int b, BN_GENCB *cb) |
184 | { |
195 | { |
|
|
196 | if (quiet) |
|
|
197 | return 1; |
|
|
198 | |
185 | switch (a) |
199 | switch (a) |
186 | { |
200 | { |
187 | case 0: |
201 | case 0: |
188 | fprintf (stderr, "."); |
202 | fprintf (stderr, "."); |
189 | break; |
203 | break; |
190 | |
204 | |
191 | case 1: |
205 | case 1: |
192 | fprintf (stderr, "+"); |
206 | fprintf (stderr, "+"); |
193 | break; |
207 | break; |
194 | |
208 | |
195 | case 2: |
209 | case 2: |
196 | fprintf (stderr, "-"); |
210 | fprintf (stderr, "-"); |
197 | break; |
211 | break; |
198 | |
212 | |
199 | case 3: |
213 | case 3: |
200 | switch (b) |
214 | switch (b) |
201 | { |
215 | { |
202 | case 0: |
216 | case 0: |
203 | fprintf (stderr, " p\n"); |
217 | fprintf (stderr, " p\n"); |
204 | break; |
218 | break; |
205 | |
219 | |
206 | case 1: |
220 | case 1: |
207 | fprintf (stderr, " q\n"); |
221 | fprintf (stderr, " q\n"); |
208 | break; |
222 | break; |
209 | |
223 | |
210 | default: |
224 | default: |
211 | fprintf (stderr, "?"); |
225 | fprintf (stderr, "?"); |
212 | } |
226 | } |
213 | break; |
227 | break; |
214 | |
228 | |
215 | default: |
229 | default: |
216 | fprintf (stderr, "?"); |
230 | fprintf (stderr, "?"); |
217 | } |
231 | } |
|
|
232 | |
|
|
233 | return 1; |
218 | } |
234 | } |
219 | |
235 | |
220 | /* |
236 | /* |
221 | * generate public/private RSA keypairs for all hosts that don't have one. |
237 | * generate public/private RSA keypairs for all hosts that don't have one. |
222 | */ |
238 | */ |
223 | int |
239 | static int |
224 | keygen (int bits) |
240 | keygen (int bits) |
225 | { |
241 | { |
226 | RSA *rsa_key; |
242 | FILE *f, *pubf; |
227 | FILE *f; |
|
|
228 | char *name = NULL; |
|
|
229 | char *fname; |
243 | char *fname; |
230 | |
|
|
231 | asprintf (&fname, "%s/hostkeys", confbase); |
|
|
232 | mkdir (fname, 0700); |
|
|
233 | free (fname); |
|
|
234 | |
244 | |
235 | asprintf (&fname, "%s/pubkey", confbase); |
245 | asprintf (&fname, "%s/pubkey", confbase); |
236 | mkdir (fname, 0700); |
246 | mkdir (fname, 0700); |
237 | free (fname); |
247 | free (fname); |
238 | |
248 | |
239 | for (configuration::node_vector::iterator i = conf.nodes.begin (); i != conf.nodes.end (); ++i) |
249 | for (configuration::node_vector::iterator i = conf.nodes.begin (); i != conf.nodes.end (); ++i) |
240 | { |
250 | { |
241 | conf_node *node = *i; |
251 | conf_node *node = *i; |
242 | |
252 | |
243 | asprintf (&fname, "%s/pubkey/%s", confbase, node->nodename); |
253 | ::thisnode = node->nodename; |
244 | |
254 | |
|
|
255 | fname = conf.config_filename (conf.prikeyfile, "hostkey"); |
|
|
256 | |
245 | f = fopen (fname, "a"); |
257 | f = fopen (fname, "ab"); |
246 | |
258 | |
247 | if (!f) |
259 | /* some libcs are buggy and require an extra seek to the end */ |
|
|
260 | if (!f || fseek (f, 0, SEEK_END)) |
248 | { |
261 | { |
249 | perror (fname); |
262 | perror (fname); |
250 | exit (EXIT_FAILURE); |
263 | exit (EXIT_FAILURE); |
251 | } |
264 | } |
252 | |
265 | |
253 | if (ftell (f)) |
266 | if (ftell (f)) |
254 | { |
267 | { |
|
|
268 | if (!quiet) |
255 | fprintf (stderr, "'%s' already exists, skipping this node\n", |
269 | fprintf (stderr, "'%s' already exists, skipping node %s\n", fname, node->nodename); |
256 | fname); |
270 | |
|
|
271 | free (fname); |
257 | fclose (f); |
272 | fclose (f); |
258 | continue; |
273 | continue; |
259 | } |
274 | } |
260 | |
275 | |
261 | fprintf (stderr, _("generating %d bits key for %s:\n"), bits, |
|
|
262 | node->nodename); |
|
|
263 | |
|
|
264 | rsa_key = RSA_generate_key (bits, 0xFFFF, indicator, NULL); |
|
|
265 | |
|
|
266 | if (!rsa_key) |
|
|
267 | { |
|
|
268 | fprintf (stderr, _("error during key generation!\n")); |
|
|
269 | return -1; |
|
|
270 | } |
|
|
271 | else |
|
|
272 | fprintf (stderr, _("Done.\n")); |
|
|
273 | |
|
|
274 | require (PEM_write_RSAPublicKey (f, rsa_key)); |
|
|
275 | fclose (f); |
|
|
276 | free (fname); |
276 | free (fname); |
277 | |
277 | |
278 | asprintf (&fname, "%s/hostkeys/%s", confbase, node->nodename); |
278 | fprintf (stderr, _("generating %d bits key for %s:\n"), bits, node->nodename); |
279 | |
279 | |
|
|
280 | RSA *rsa = RSA_new (); |
|
|
281 | BIGNUM *e = BN_new (); |
|
|
282 | BN_set_bit (e, 0); BN_set_bit (e, 16); // 0x10001, 65537 |
|
|
283 | BN_GENCB cb; |
|
|
284 | BN_GENCB_set (&cb, indicator, 0); |
|
|
285 | |
|
|
286 | require (RSA_generate_key_ex (rsa, bits, e, &cb)); |
|
|
287 | |
|
|
288 | fprintf (stderr, _("Done.\n")); |
|
|
289 | |
|
|
290 | fname = conf.config_filename ("pubkey/%s", 0); |
280 | f = fopen (fname, "a"); |
291 | pubf = fopen (fname, "wb"); |
281 | if (!f) |
292 | if (!pubf) |
282 | { |
293 | { |
283 | perror (fname); |
294 | perror (fname); |
284 | exit (EXIT_FAILURE); |
295 | exit (EXIT_FAILURE); |
285 | } |
296 | } |
286 | |
297 | |
|
|
298 | free (fname); |
|
|
299 | |
|
|
300 | require (PEM_write_RSAPublicKey (pubf, rsa)); |
|
|
301 | fclose (pubf); |
|
|
302 | |
287 | require (PEM_write_RSAPrivateKey (f, rsa_key, NULL, NULL, 0, NULL, NULL)); |
303 | require (PEM_write_RSAPrivateKey (f, rsa, NULL, NULL, 0, NULL, NULL)); |
288 | fclose (f); |
304 | fclose (f); |
|
|
305 | |
289 | free (fname); |
306 | BN_free (e); |
|
|
307 | RSA_free (rsa); |
290 | } |
308 | } |
291 | |
309 | |
292 | return 0; |
310 | return 0; |
293 | } |
311 | } |
294 | |
312 | |
… | |
… | |
308 | { |
326 | { |
309 | printf (_("%s version %s (built %s %s, protocol version %d.%d)\n"), get_identity (), |
327 | printf (_("%s version %s (built %s %s, protocol version %d.%d)\n"), get_identity (), |
310 | VERSION, __DATE__, __TIME__, PROTOCOL_MAJOR, PROTOCOL_MINOR); |
328 | VERSION, __DATE__, __TIME__, PROTOCOL_MAJOR, PROTOCOL_MINOR); |
311 | printf (_("Built with kernel interface %s/%s.\n"), IFTYPE, IFSUBTYPE); |
329 | printf (_("Built with kernel interface %s/%s.\n"), IFTYPE, IFSUBTYPE); |
312 | printf (_ |
330 | printf (_ |
313 | ("Copyright (C) 2003 Marc Lehmann <gvpe@schmorp.de> and others.\n" |
331 | ("Copyright (C) 2003-2013 Marc Lehmann <gvpe@schmorp.de> and others.\n" |
314 | "See the AUTHORS file for a complete list.\n\n" |
332 | "See the AUTHORS file for a complete list.\n\n" |
315 | "vpe comes with ABSOLUTELY NO WARRANTY. This is free software,\n" |
333 | "vpe comes with ABSOLUTELY NO WARRANTY. This is free software,\n" |
316 | "and you are welcome to redistribute it under certain conditions;\n" |
334 | "and you are welcome to redistribute it under certain conditions;\n" |
317 | "see the file COPYING for details.\n")); |
335 | "see the file COPYING for details.\n")); |
318 | |
336 | |
… | |
… | |
324 | |
342 | |
325 | { |
343 | { |
326 | configuration_parser (conf, false, 0, 0); |
344 | configuration_parser (conf, false, 0, 0); |
327 | } |
345 | } |
328 | |
346 | |
|
|
347 | if (debug_info) |
|
|
348 | { |
|
|
349 | printf ("cipher_nid=%d\n", EVP_CIPHER_nid (CIPHER ())); |
|
|
350 | printf ("mac_nid=%d\n", EVP_MD_type (MAC_DIGEST ())); |
|
|
351 | printf ("auth_nid=%d\n", EVP_MD_type (AUTH_DIGEST ())); |
|
|
352 | printf ("sizeof_auth_data=%d\n", sizeof (auth_data)); |
|
|
353 | printf ("sizeof_rsa_data=%d\n", sizeof (rsa_data)); |
|
|
354 | printf ("sizeof_rsa_data_extra_auth=%d\n", sizeof (((rsa_data *)0)->extra_auth)); |
|
|
355 | printf ("raw_overhead=%d\n", VPE_OVERHEAD); |
|
|
356 | printf ("vpn_overhead=%d\n", VPE_OVERHEAD + 6 + 6); |
|
|
357 | printf ("udp_overhead=%d\n", UDP_OVERHEAD + VPE_OVERHEAD + 6 + 6); |
|
|
358 | exit (EXIT_SUCCESS); |
|
|
359 | } |
|
|
360 | |
329 | if (generate_keys) |
361 | if (generate_keys) |
330 | { |
362 | { |
331 | RAND_load_file ("/dev/urandom", 1024); |
363 | RAND_load_file (conf.seed_dev, SEED_SIZE); |
332 | exit (keygen (generate_keys)); |
364 | exit (keygen (generate_keys)); |
333 | } |
365 | } |
334 | |
366 | |
335 | if (kill_gvpe) |
367 | if (kill_gvpe) |
336 | exit (kill_other (kill_gvpe)); |
368 | exit (kill_other (kill_gvpe)); |
… | |
… | |
341 | exit (EXIT_SUCCESS); |
373 | exit (EXIT_SUCCESS); |
342 | } |
374 | } |
343 | |
375 | |
344 | usage (1); |
376 | usage (1); |
345 | } |
377 | } |
|
|
378 | |