j3d1/tinc
1
0
Fork 0
Code Issues 1 Pull requests Releases Wiki Activity

Bring head revision up to date with cabal (try #3)

Browse source
This commit is contained in:
Ivo Timmermans 2000-10-18 20:12:10 +00:00
parent d3ea434b36
commit 30df5e95db
35 changed files with 3091 additions and 2267 deletions
Download patch file Download diff file Expand all files Collapse all files

11
src/Makefile.am
View file

@ -1,17 +1,18 @@
## Produce this file with automake to get Makefile.in
# $Id: Makefile.am,v 1.5 2000/10/18 20:12:08 zarq Exp $
sbin_PROGRAMS = tincd genauth
genauth_SOURCES = genauth.c
tincd_SOURCES = conf.c encr.c net.c netutl.c protocol.c tincd.c
tincd_SOURCES = conf.c connlist.c meta.c net.c netutl.c protocol.c subnet.c tincd.c
INCLUDES = -I$(top_builddir) -I$(top_srcdir)/cipher -I$(top_srcdir)/lib
INCLUDES = -I$(top_builddir) -I$(top_srcdir)/cipher -I$(top_srcdir)/lib -I$(top_srcdir)/intl
noinst_HEADERS = conf.h encr.h net.h netutl.h protocol.h
noinst_HEADERS = conf.h connlist.h meta.h net.h netutl.h protocol.h subnet.h
LIBS = @LIBS@
LIBS = @LIBS@ @INTLLIBS@
tincd_LDADD = $(top_builddir)/cipher/libcipher.la \
tincd_LDADD = \
$(top_builddir)/lib/libvpn.a
genauth_LDADD = $(top_builddir)/lib/libvpn.a

204
src/conf.c
View file

@ -19,52 +19,63 @@
along with this program; if not, write to the Free Software
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
$Id: conf.c,v 1.9 2000/05/30 11:18:12 zarq Exp $
$Id: conf.c,v 1.10 2000/10/18 20:12:08 zarq Exp $
*/
#include "config.h"
#include <ctype.h>
#include <errno.h>
#include <netdb.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <syslog.h>
#include <xalloc.h>
#include "conf.h"
#include "netutl.h" /* for strtoip */
#include <utils.h> /* for cp */
#include "config.h"
#include "connlist.h"
#include "system.h"
config_t *config;
config_t *config = NULL;
int debug_lvl = 0;
int timeout = 0; /* seconds before timeout */
char *confbase = NULL; /* directory in which all config files are */
char *netname = NULL; /* name of the vpn network */
typedef struct internal_config_t {
char *name;
enum which_t which;
int argtype;
} internal_config_t;
/* Will be set if HUP signal is received. It will be processed when it is safe. */
int sighup = 0;
/*
These are all the possible configurable values
*/
static internal_config_t hazahaza[] = {
{ "AllowConnect", allowconnect, TYPE_BOOL }, /* Is not used anywhere. Remove? */
{ "ConnectTo", upstreamip, TYPE_IP },
{ "ConnectPort", upstreamport, TYPE_INT },
{ "ListenPort", listenport, TYPE_INT },
{ "MyOwnVPNIP", myvpnip, TYPE_IP },
{ "MyVirtualIP", myvpnip, TYPE_IP }, /* an alias */
{ "Passphrases", passphrasesdir, TYPE_NAME },
/* Main configuration file keywords */
{ "Name", tincname, TYPE_NAME },
{ "ConnectTo", connectto, TYPE_NAME },
{ "PingTimeout", pingtimeout, TYPE_INT },
{ "TapDevice", tapdevice, TYPE_NAME },
{ "TapSubnet", tapsubnet, TYPE_IP },
{ "PrivateKey", privatekey, TYPE_NAME },
{ "KeyExpire", keyexpire, TYPE_INT },
{ "VpnMask", vpnmask, TYPE_IP },
{ "Hostnames", resolve_dns, TYPE_BOOL },
{ "Interface", interface, TYPE_NAME },
{ "InterfaceIP", interfaceip, TYPE_IP },
/* Host configuration file keywords */
{ "Address", address, TYPE_NAME },
{ "Port", port, TYPE_INT },
{ "PublicKey", publickey, TYPE_NAME },
{ "Subnet", subnet, TYPE_NAME },
{ "RestrictHosts", restricthosts, TYPE_BOOL },
{ "RestrictSubnets", restrictsubnets, TYPE_BOOL },
{ "RestrictAddress", restrictaddress, TYPE_BOOL },
{ "RestrictPort", restrictport, TYPE_BOOL },
{ "IndirectData", indirectdata, TYPE_BOOL },
{ "TCPonly", tcponly, TYPE_BOOL },
{ NULL, 0, 0 }
};
@ -74,12 +85,12 @@ static internal_config_t hazahaza[] = {
config_t *
add_config_val(config_t **cfg, int argtype, char *val)
{
config_t *p;
config_t *p, *r;
char *q;
cp
p = (config_t*)xmalloc(sizeof(*p));
p->data.val = 0;
switch(argtype)
{
case TYPE_INT:
@ -103,46 +114,57 @@ add_config_val(config_t **cfg, int argtype, char *val)
p->data.val = 0;
}
p->argtype = argtype;
if(p->data.val)
{
p->next = *cfg;
*cfg = p;
cp
return p;
}
free(p);
return NULL;
else
{
free(p);
cp
return NULL;
}
}
/*
Get variable from a section in a configfile. returns -1 on failure.
Parse a configuration file and put the results in the configuration tree
starting at *base.
*/
int
readconfig(const char *fname, FILE *fp)
int read_config_file(config_t **base, const char *fname)
{
char *line, *temp_buf;
int err = -1;
FILE *fp;
char line[MAXBUFSIZE]; /* There really should not be any line longer than this... */
char *p, *q;
int i, lineno = 0;
config_t *cfg;
cp
if((fp = fopen (fname, "r")) == NULL)
{
return -1;
}
line = (char *)xmalloc(80 * sizeof(char));
temp_buf = (char *)xmalloc(80 * sizeof(char));
for(;;)
{
if(fgets(line, 80, fp) == NULL)
return 0;
while(!index(line, '\n'))
if(fgets(line, MAXBUFSIZE, fp) == NULL)
{
fgets(temp_buf, (strlen(line)+1) * 80, fp);
if(!temp_buf)
break;
strcat(line, temp_buf);
line = (char *)xrealloc(line, (strlen(line)+1) * sizeof(char));
}
err = 0;
break;
}
lineno++;
if(!index(line, '\n'))
{
syslog(LOG_ERR, _("Line %d too long while reading config file %s"), lineno, fname);
break;
}
if((p = strtok(line, "\t\n\r =")) == NULL)
continue; /* no tokens on this line */
@ -155,66 +177,92 @@ readconfig(const char *fname, FILE *fp)
if(!hazahaza[i].name)
{
fprintf(stderr, _("%s: %d: Invalid variable name `%s'.\n"),
fname, lineno, p);
return -1;
syslog(LOG_ERR, _("Invalid variable name on line %d while reading config file %s"),
lineno, fname);
break;
}
if(((q = strtok(NULL, "\t\n\r =")) == NULL) || q[0] == '#')
{
fprintf(stderr, _("%s: %d: No value given for `%s'.\n"),
fname, lineno, hazahaza[i].name);
return -1;
fprintf(stderr, _("No value for variable on line %d while reading config file %s"),
lineno, fname);
break;
}
cfg = add_config_val(&config, hazahaza[i].argtype, q);
cfg = add_config_val(base, hazahaza[i].argtype, q);
if(cfg == NULL)
{
fprintf(stderr, _("%s: %d: Invalid value `%s' for variable `%s'.\n"),
fname, lineno, q, hazahaza[i].name);
return -1;
fprintf(stderr, _("Invalid value for variable on line %d while reading config file %s"),
lineno, fname);
break;
}
cfg->which = hazahaza[i].which;
if(!config)
config = cfg;
}
}
/*
wrapper function for readconfig
*/
int
read_config_file(const char *fname)
{
FILE *fp;
if((fp = fopen (fname, "r")) == NULL)
{
fprintf(stderr, _("Could not open %s: %s\n"), fname, sys_errlist[errno]);
return 1;
}
if(readconfig(fname, fp))
return -1;
fclose (fp);
cp
return err;
}
return 0;
int read_server_config()
{
char *fname;
int x;
cp
asprintf(&fname, "%s/tinc.conf", confbase);
x = read_config_file(&config, fname);
free(fname);
cp
return x;
}
/*
Look up the value of the config option type
*/
const config_t *
get_config_val(which_t type)
const config_t *get_config_val(config_t *p, which_t type)
{
config_t *p;
for(p = config; p != NULL; p = p->next)
cp
for(; p != NULL; p = p->next)
if(p->which == type)
return p;
/* Not found */
return NULL;
break;
cp
return p;
}
/*
Support for multiple config lines.
Index is used to get a specific value, 0 being the first, 1 the second etc.
*/
const config_t *get_next_config_val(config_t *p, which_t type, int index)
{
cp
for(; p != NULL; p = p->next)
if(p->which == type)
if(--index < 0)
break;
cp
return p;
}
/*
Remove the complete configuration tree.
*/
void clear_config(config_t **base)
{
config_t *p, *next;
cp
for(p = *base; p != NULL; p = next)
{
next = p->next;
if(p->data.ptr && (p->argtype == TYPE_NAME))
{
free(p->data.ptr);
}
free(p);
}
*base = NULL;
cp
}

62
src/conf.h
View file

@ -17,43 +17,60 @@
along with this program; if not, write to the Free Software
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
$Id: conf.h,v 1.6 2000/05/30 11:18:12 zarq Exp $
$Id: conf.h,v 1.7 2000/10/18 20:12:08 zarq Exp $
*/
#ifndef __TINC_CONF_H__
#define __TINC_CONF_H__
#define MAXTIMEOUT 900 /* Maximum timeout value for retries. Should this be a configuration option? */
typedef struct ip_mask_t {
unsigned long ip;
unsigned long mask;
} ip_mask_t;
typedef union data_t {
unsigned long val;
void *ptr;
ip_mask_t *ip;
} data_t;
typedef enum which_t {
passphrasesdir = 1,
upstreamip,
upstreamport,
listenport,
myvpnip,
tapdevice,
allowconnect,
tincname = 1,
connectto,
pingtimeout,
tapdevice,
tapsubnet,
privatekey,
keyexpire,
vpnmask,
resolve_dns
resolve_dns,
interface,
interfaceip,
address,
port,
publickey,
subnet,
restricthosts,
restrictsubnets,
restrictaddress,
restrictport,
indirectdata,
tcponly,
} which_t;
typedef struct config_t {
struct config_t *next;
which_t which;
data_t data;
int argtype;
union data {
unsigned long val;
void *ptr;
ip_mask_t *ip;
struct config_t *next; /* For nested configs! */
} data;
} config_t;
typedef struct internal_config_t {
char *name;
enum which_t which;
int argtype;
} internal_config_t;
enum {
stupid_false = 1,
stupid_true
@ -69,9 +86,16 @@ enum {
extern config_t *config;
extern int debug_lvl;
extern int timeout;
extern int upstreamindex;
extern int sighup;
extern char *confbase;
extern char *netname;
extern config_t *add_config_val(config_t **, int, char *);
extern int read_config_file(const char *);
extern const config_t *get_config_val(which_t type);
extern int read_config_file(config_t **, const char *);
extern const config_t *get_config_val(config_t *, which_t type);
extern const config_t *get_next_config_val(config_t *, which_t type, int);
extern void clear_config();
extern int read_server_config(void);
#endif /* __TINC_CONF_H__ */

44
src/encr.c
View file

@ -17,7 +17,7 @@
along with this program; if not, write to the Free Software
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
$Id: encr.c,v 1.12 2000/05/31 18:23:06 zarq Exp $
$Id: encr.c,v 1.13 2000/10/18 20:12:08 zarq Exp $
*/
#include "config.h"
@ -61,8 +61,8 @@ int key_inited = 0, encryption_keylen;
mpz_t my_private_key, my_public_key, generator, shared_prime;
int my_key_expiry = (time_t)(-1);
static char* mypassphrase;
static int mypassphraselen;
char* mypassphrase;
int mypassphraselen;
int char_hex_to_bin(int c)
{
@ -98,18 +98,17 @@ int read_passphrase(char *which, char **out)
cp
if((cfg = get_config_val(passphrasesdir)) == NULL)
{
filename = xmalloc(strlen(confbase)+13+strlen(which));
sprintf(filename, "%spassphrases/%s", confbase, which);
asprintf(&filename, "%spassphrases/%s", confbase, which);
}
else
{
filename = xmalloc(strlen(cfg->data.ptr)+2+strlen(which));
sprintf(filename, "%s/%s", (char*)cfg->data.ptr, which);
asprintf(&filename, "%s/%s", (char*)cfg->data.ptr, which);
}
if((f = fopen(filename, "rb")) == NULL)
{
syslog(LOG_ERR, _("Could not open %s: %m"), filename);
if(debug_lvl > 1)
syslog(LOG_ERR, _("Could not open %s: %m"), filename);
return -1;
}
@ -119,12 +118,14 @@ cp
syslog(LOG_ERR, _("Illegal passphrase in %s; size would be %d"), filename, size);
return -1;
}
size >>= 2; /* bits->nibbles */
pp = xmalloc(size+2);
fgets(pp, size+1, f);
/* Hmz... hackish... strange +1 and +2 stuff... I really like more comments on those alignment thingies! */
pp = xmalloc(size/4 + 1); /* Allocate enough for fgets */
fgets(pp, size/4 + 1, f); /* Read passhrase and reserve one byte for end-of-string */
fclose(f);
*out = xmalloc(size);
*out = xmalloc(size/8 + 2); /* Allocate enough bytes, +1 for rounding if bits%8 != 0, +1 for 2-byte alignment */
cp
return str_hex_to_bin(*out, pp);
}
@ -150,7 +151,8 @@ cp
else
my_key_expiry = (time_t)(time(NULL) + cfg->data.val);
syslog(LOG_NOTICE, _("Generating %d bits keys."), PRIVATE_KEY_BITS);
if(debug_lvl > 1)
syslog(LOG_NOTICE, _("Generating %d bits keys"), PRIVATE_KEY_BITS);
if((f = fopen("/dev/urandom", "r")) == NULL)
{
@ -266,7 +268,7 @@ int verify_passphrase(conn_list_t *cl, unsigned char *his_pubkey)
mpz_t pk;
unsigned char *out;
BF_KEY bf_key;
char which[sizeof("123.123.123.123")+1];
char *which;
char *meuk;
cp
mpz_init_set_str(pk, his_pubkey, 36);
@ -280,7 +282,7 @@ cp
if(key_inited)
cipher_set_key(&encryption_key, encryption_keylen, text_key);
sprintf(which, IP_ADDR_S, IP_ADDR_V(cl->vpn_ip));
asprintf(&which, IP_ADDR_S, IP_ADDR_V(cl->vpn_ip));
if((pplen = read_passphrase(which, &meuk)) < 0)
return -1;
@ -335,12 +337,12 @@ cp
/* We haven't received a key from this host (yet). */
continue;
ek = make_shared_key(p->public_key->key);
free_key(p->key);
p->key = xmalloc(sizeof(*p->key));
p->key->length = strlen(ek);
p->key->expiry = p->public_key->expiry;
p->key->key = xmalloc(strlen(ek) + 1);
strcpy(p->key->key, ek);
free_key(p->datakey);
p->datakey = xmalloc(sizeof(*p->datakey));
p->datakey->length = strlen(ek);
p->datakey->expiry = p->public_key->expiry;
p->datakey->key = xmalloc(strlen(ek) + 1);
strcpy(p->datakey->key, ek);
}
cp
}

5
src/encr.h
View file

@ -15,6 +15,8 @@
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
$Id: encr.h,v 1.3 2000/10/18 20:12:08 zarq Exp $
*/
#ifndef __TINC_ENCR_H__
@ -30,9 +32,6 @@ extern int my_key_expiry;
extern int security_init(void);
extern void do_bf_encrypt(vpn_packet_t *, real_packet_t *);
extern void do_bf_decrypt(real_packet_t *, vpn_packet_t *);
extern int send_portnumbers(int);
extern void set_shared_key(char *);
extern int send_passphrase(conn_list_t *);

97
src/genauth.c
View file

@ -1,6 +1,7 @@
/*
genauth.c -- generate a random passphrase
genauth.c -- generate public/private keypairs
Copyright (C) 1998,1999,2000 Ivo Timmermans <zarq@iname.com>
2000 Guus Sliepen <guus@sliepen.warande.net>
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@ -16,7 +17,7 @@
along with this program; if not, write to the Free Software
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
$Id: genauth.c,v 1.7 2000/05/31 18:21:27 zarq Exp $
$Id: genauth.c,v 1.8 2000/10/18 20:12:08 zarq Exp $
*/
#include "config.h"
@ -24,20 +25,49 @@
#include <stdio.h>
#include <stdlib.h>
#include <time.h>
#include <openssl/rsa.h>
#include <xalloc.h>
#include "encr.h"
#include "system.h"
unsigned char initvec[] = { 0x22, 0x7b, 0xad, 0x55, 0x41, 0xf4, 0x3e, 0xf3 };
#define RSA_PUBLIC_EXPONENT 65535
void indicator(int a, int b, void *p)
{
switch(a)
{
case 0:
fprintf(stderr, ".");
break;
case 1:
fprintf(stderr, "+");
break;
case 2:
fprintf(stderr, "-");
break;
case 3:
switch(b)
{
case 0:
fprintf(stderr, " p\n");
break;
case 1:
fprintf(stderr, " q\n");
break;
default:
fprintf(stderr, "?");
}
break;
default:
fprintf(stderr, "?");
}
}
int main(int argc, char **argv)
{
FILE *fp;
int bits, c, i, bytes;
unsigned char *p;
int bits;
RSA *key;
setlocale (LC_ALL, "");
bindtextdomain (PACKAGE, LOCALEDIR);
@ -51,54 +81,25 @@ int main(int argc, char **argv)
if(!argv[1])
argv[1] = "1024";
if(!(bits = atol(argv[1])))
bits = atol(argv[1]);
if(bits<32)
{
fprintf(stderr, _("Illegal number: %s\n"), argv[1]);
return 1;
}
bits = ((bits - 1) | 7) + 1; /* Align to bytes for easy mallocing and reading */
bits = ((bits - 1) | 63) + 1;
fprintf(stderr, _("Generating %d bits number"), bits);
bytes = bits >> 3;
fprintf(stderr, _("Generating %d bits keys:\n"), bits);
if((fp = fopen("/dev/urandom", "r")) == NULL)
{
perror(_("Opening /dev/urandom"));
return 1;
}
key = RSA_generate_key(bits, RSA_PUBLIC_EXPONENT, indicator, NULL);
p = xmalloc(bytes);
fprintf(stderr, _("Done.\n"));
setbuf(stdout, NULL);
for(i = 0; i < bytes; i++)
{
c = fgetc(fp);
if(feof(fp))
{
puts("");
fprintf(stderr, _("File was empty!\n"));
}
p[i] = c;
}
fclose(fp);
if(isatty(1))
{
fprintf(stderr, _(": done.\nThe following line should be ENTIRELY copied into a passphrase file:\n"));
printf("%d ", bits);
for(i = 0; i < bytes; i++)
printf("%02x", p[i]);
puts("");
}
else
{
printf("%d ", bits);
for(i = 0; i < bytes; i++)
printf("%02x", p[i]);
puts("");
fprintf(stderr, _(": done.\n"));
}
printf(_("Public key: %s\n"), BN_bn2hex(key->n));
printf(_("Private key: %s\n"), BN_bn2hex(key->d));
return 0;
}

735
src/net.c
View file

File diff suppressed because it is too large Load diff

80
src/net.h
View file

@ -15,6 +15,8 @@
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
$Id: net.h,v 1.10 2000/10/18 20:12:09 zarq Exp $
*/
#ifndef __TINC_NET_H__
@ -23,7 +25,6 @@
#include <sys/time.h>
#include "config.h"
#include "conf.h"
#define MAXSIZE 1700 /* should be a bit more than the MTU for the tapdevice */
#define MTU 1600
@ -43,9 +44,29 @@
((unsigned char*)&(x))[1],((unsigned char*)&(x))[0]
#endif
#define MAXBUFSIZE 2048 /* Probably way too much, but it must fit every possible request. */
#define MAXBUFSIZE 4096 /* Probably way too much, but it must fit every possible request. */
/* flags */
#define INDIRECTDATA 0x0001 /* Used to indicate that this host has to be reached indirect */
#define EXPORTINDIRECTDATA 0x0002 /* Used to indicate uplink that it has to tell others to do INDIRECTDATA */
#define TCPONLY 0x0004 /* Tells sender to send packets over TCP instead of UDP (for firewalls) */
typedef struct mac_t
{
unsigned char x[6];
} mac_t;
typedef unsigned long ipv4_t;
typedef ipv4_t ip_t; /* alias for ipv4_t */
typedef struct ipv6_t
{
unsigned short x[8];
} ipv6_t;
typedef unsigned short port_t;
typedef unsigned long ip_t;
typedef short length_t;
typedef struct vpn_packet_t {
@ -53,12 +74,6 @@ typedef struct vpn_packet_t {
unsigned char data[MAXSIZE];
} vpn_packet_t;
typedef struct real_packet_t {
length_t len; /* the length of the entire packet */
ip_t from; /* where the packet came from */
vpn_packet_t data; /* encrypted vpn_packet_t */
} real_packet_t;
typedef struct passphrase_t {
unsigned short len;
unsigned char *phrase;
@ -76,9 +91,15 @@ typedef struct status_bits_t {
int validkey:1; /* 1 if we currently have a valid key for him */
int waitingforkey:1; /* 1 if we already sent out a request */
int dataopen:1; /* 1 if we have a valid UDP connection open */
int unused:22;
int encryptout:1; /* 1 if we can encrypt outgoing traffic */
int decryptin:1; /* 1 if we have to decrypt incoming traffic */
int unused:18;
} status_bits_t;
typedef struct option_bits_t {
int unused:32;
} option_bits_t;
typedef struct queue_element_t {
void *packet;
struct queue_element_t *prev;
@ -96,31 +117,6 @@ typedef struct enc_key_t {
time_t expiry;
} enc_key_t;
typedef struct conn_list_t {
ip_t vpn_ip; /* his vpn ip */
ip_t vpn_mask; /* his vpn network address */
ip_t real_ip; /* his real (internet) ip */
char *hostname; /* the hostname of its real ip */
short unsigned int port; /* his portnumber */
int socket; /* our udp vpn socket */
int meta_socket; /* our tcp meta socket */
int protocol_version; /* used protocol */
status_bits_t status; /* status info */
passphrase_t *pp; /* encoded passphrase */
packet_queue_t *sq; /* pending outgoing packets */
packet_queue_t *rq; /* pending incoming packets (they have no
valid key to be decrypted with) */
enc_key_t *public_key; /* the other party's public key */
enc_key_t *key; /* encrypt with this key */
char buffer[MAXBUFSIZE+1]; /* metadata input buffer */
int buflen; /* bytes read into buffer */
int reqlen; /* length of first request in buffer */
time_t last_ping_time; /* last time we saw some activity from the other end */
int want_ping; /* 0 if there's no need to check for activity */
struct conn_list_t *nexthop; /* nearest meta-hop in this direction */
struct conn_list_t *next; /* after all, it's a list of connections */
} conn_list_t;
extern int tap_fd;
extern int total_tap_in;
@ -128,15 +124,23 @@ extern int total_tap_out;
extern int total_socket_in;
extern int total_socket_out;
extern conn_list_t *conn_list;
extern conn_list_t *myself;
extern char *unknown;
extern char *request_name[256];
extern char *status_text[10];
#include "connlist.h" /* Yes, very strange placement indeed, but otherwise the typedefs get all tangled up */
extern int str2opt(const char *);
extern char *opt2str(int);
extern int send_packet(ip_t, vpn_packet_t *);
extern int setup_network_connections(void);
extern void close_network_connections(void);
extern void main_loop(void);
extern int setup_vpn_connection(conn_list_t *);
extern void terminate_connection(conn_list_t *);
extern void flush_queues(conn_list_t*);
extern void flush_queues(conn_list_t *);
extern int xrecv(vpn_packet_t *);
extern void add_queue(packet_queue_t **, void *, size_t);
#endif /* __TINC_NET_H__ */

130
src/netutl.c
View file

@ -16,7 +16,7 @@
along with this program; if not, write to the Free Software
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
$Id: netutl.c,v 1.12 2000/05/31 18:23:06 zarq Exp $
$Id: netutl.c,v 1.13 2000/10/18 20:12:09 zarq Exp $
*/
#include "config.h"
@ -33,6 +33,7 @@
#include <utils.h>
#include <xalloc.h>
#include "errno.h"
#include "conf.h"
#include "encr.h"
#include "net.h"
@ -40,25 +41,6 @@
#include "system.h"
/*
look for a connection associated with the given vpn ip,
return its connection structure.
Skips connections that are not activated!
*/
conn_list_t *lookup_conn(ip_t ip)
{
conn_list_t *p = conn_list;
cp
/* Exact match suggested by James B. MacLean */
for(p = conn_list; p != NULL; p = p->next)
if((ip == p->vpn_ip) && p->status.active)
return p;
for(p = conn_list; p != NULL; p = p->next)
if(((ip & p->vpn_mask) == (p->vpn_ip & p->vpn_mask)) && p->status.active)
return p;
cp
return NULL;
}
/*
free a queue and all of its elements
@ -79,91 +61,7 @@ cp
cp
}
/*
free a conn_list_t element and all its pointers
*/
void free_conn_element(conn_list_t *p)
{
cp
if(p->hostname)
free(p->hostname);
if(p->sq)
destroy_queue(p->sq);
if(p->rq)
destroy_queue(p->rq);
free_key(p->public_key);
free_key(p->key);
free(p);
cp
}
/*
remove all marked connections
*/
void prune_conn_list(void)
{
conn_list_t *p, *prev = NULL, *next = NULL;
cp
for(p = conn_list; p != NULL; )
{
next = p->next;
if(p->status.remove)
{
if(prev)
prev->next = next;
else
conn_list = next;
free_conn_element(p);
}
else
prev = p;
p = next;
}
cp
}
/*
creates new conn_list element, and initializes it
*/
conn_list_t *new_conn_list(void)
{
conn_list_t *p = xmalloc(sizeof(*p));
cp
/* initialise all those stupid pointers at once */
memset(p, '\0', sizeof(*p));
p->vpn_mask = (ip_t)(~0L); /* If this isn't done, it would be a
wastebucket for all packets with
unknown destination. */
p->nexthop = p;
cp
return p;
}
/*
free all elements of conn_list
*/
void destroy_conn_list(void)
{
conn_list_t *p, *next;
cp
for(p = conn_list; p != NULL; )
{
next = p->next;
free_conn_element(p);
p = next;
}
conn_list = NULL;
cp
}
/*
look up the name associated with the ip
address `addr'
*/
char *hostlookup(unsigned long addr)
{
char *name;
@ -175,7 +73,7 @@ cp
in.s_addr = addr;
lookup_hostname = 0;
if((cfg = get_config_val(resolve_dns)) != NULL)
if((cfg = get_config_val(config, resolve_dns)) != NULL)
if(cfg->data.val == stupid_true)
lookup_hostname = 1;
@ -184,13 +82,11 @@ cp
if(!lookup_hostname || !host)
{
name = xmalloc(20);
sprintf(name, "%s", inet_ntoa(in));
asprintf(&name, "%s", inet_ntoa(in));
}
else
{
name = xmalloc(strlen(host->h_name)+20);
sprintf(name, "%s (%s)", host->h_name, inet_ntoa(in));
asprintf(&name, "%s", host->h_name);
}
cp
return name;
@ -216,7 +112,7 @@ cp
if(!(h = gethostbyname(p)))
{
fprintf(stderr, _("Error looking up `%s': %s\n"), p, sys_errlist[h_errno]);
fprintf(stderr, _("Error looking up `%s': %s\n"), p, strerror(errno));
return NULL;
}
@ -236,17 +132,3 @@ cp
return ip;
}
void dump_conn_list(void)
{
conn_list_t *p;
cp
syslog(LOG_DEBUG, _("Connection list:"));
for(p = conn_list; p != NULL; p = p->next)
{
syslog(LOG_DEBUG, " " IP_ADDR_S "/" IP_ADDR_S ": %04x (%d|%d)",
IP_ADDR_V(p->vpn_ip), IP_ADDR_V(p->vpn_mask), p->status,
p->socket, p->meta_socket);
}
cp
}

10
src/netutl.h
View file

@ -15,21 +15,17 @@
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
$Id: netutl.h,v 1.3 2000/10/18 20:12:09 zarq Exp $
*/
#ifndef __TINC_NETUTL_H__
#define __TINC_NETUTL_H__
#include "net.h"
#include "conf.h"
extern conn_list_t *lookup_conn(ip_t);
extern void free_conn_element(conn_list_t *);
extern void free_conn_list(conn_list_t*);
extern void prune_conn_list(void);
extern conn_list_t *new_conn_list(void);
extern void destroy_conn_list(void);
extern char *hostlookup(unsigned long);
extern ip_mask_t *strtoip(char*);
extern void dump_conn_list(void);
#endif /* __TINC_NETUTL_H__ */

1647
src/protocol.c
View file

File diff suppressed because it is too large Load diff

93
src/protocol.h
View file

@ -1,6 +1,7 @@
/*
protocol.h -- header for protocol.c
Copyright (C) 1999,2000 Ivo Timmermans <zarq@iname.com>
Copyright (C) 1999,2000 Ivo Timmermans <itimmermans@bigfoot.com>,
2000 Guus Sliepen <guus@sliepen.warande.net>
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@ -15,60 +16,64 @@
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
$Id: protocol.h,v 1.6 2000/10/18 20:12:09 zarq Exp $
*/
#ifndef __TINC_PROTOCOL_H__
#define __TINC_PROTOCOL_H__
#include "net.h"
#include "subnet.h"
/* Protocol version. Different versions are incompatible,
incompatible version have different protocols.
*/
#define PROT_CURRENT 8
/* Length of the challenge. Since the challenge will also
contain the key for the symmetric cipher, it must be
quite large.
*/
#define CHAL_LENGTH 1024 /* Okay, this is probably waaaaaaaaaaay too large */
/* Request numbers */
enum {
PROT_RESERVED = 0, /* reserved: do not use. */
PROT_NOT_IN_USE,
PROT_TOO_OLD = 2,
PROT_3,
PROT_4,
PROT_ECHELON,
PROT_CURRENT, /* protocol currently in use */
ALL = -1, /* Guardian for allow_request */
ID = 0, CHALLENGE, CHAL_REPLY, ACK,
STATUS, ERROR, TERMREQ,
PING, PONG,
ADD_HOST, DEL_HOST,
ADD_SUBNET, DEL_SUBNET,
KEY_CHANGED, REQ_KEY, ANS_KEY,
LAST /* Guardian for the highest request number */
};
enum {
ACK = 1, /* acknowledged */
AUTH_S_INIT = 10, /* initiate authentication */
AUTH_C_INIT,
AUTH_S_SPP, /* send passphrase */
AUTH_C_SPP,
AUTH_S_SKEY, /* send g^k */
AUTH_C_SKEY,
AUTH_S_SACK, /* send ack */
AUTH_C_RACK, /* waiting for ack */
TERMREQ = 30, /* terminate connection */
PINGTIMEOUT, /* terminate due to ping t.o. */
DEL_HOST, /* forward a termreq to others */
PING = 40, /* ping */
PONG,
ADD_HOST = 60, /* Add new given host to connection list */
BASIC_INFO, /* some basic info follows */
PASSPHRASE, /* encrypted passphrase */
PUBLIC_KEY, /* public key in base-36 */
HOLD = 80, /* don't send any data */
RESUME, /* resume dataflow with new encryption key */
CALCULATE = 100, /* calculate the following numer^privkey and send me the result */
CALC_RES, /* result of the above */
ALMOST_KEY, /* this number^privkey is the shared key */
REQ_KEY = 160, /* request public key */
ANS_KEY, /* answer to such request */
KEY_CHANGED, /* public key has changed */
};
extern int (*request_handlers[256])(conn_list_t*);
extern int (*request_handlers[])(conn_list_t*);
extern int send_id(conn_list_t*);
extern int send_challenge(conn_list_t*);
extern int send_chal_reply(conn_list_t*);
extern int send_ack(conn_list_t*);
extern int send_status(conn_list_t*, int, char*);
extern int send_error(conn_list_t*, int, char*);
extern int send_termreq(conn_list_t*);
extern int send_ping(conn_list_t*);
extern int send_basic_info(conn_list_t *);
extern int send_termreq(conn_list_t *);
extern int send_timeout(conn_list_t *);
extern int send_key_request(ip_t);
extern void send_key_changed_all(void);
extern int send_pong(conn_list_t*);
extern int send_add_host(conn_list_t*, conn_list_t*);
extern int send_del_host(conn_list_t*, conn_list_t*);
extern int send_add_subnet(conn_list_t*, conn_list_t*, subnet_t*);
extern int send_del_subnet(conn_list_t*, conn_list_t*, subnet_t*);
extern int send_key_changed(conn_list_t*, conn_list_t*);
extern int send_req_key(conn_list_t*, conn_list_t*);
extern int send_ans_key(conn_list_t*, conn_list_t*, char*);
/* Old functions */
extern int send_tcppacket(conn_list_t *, void *, int);
extern int notify_others(conn_list_t *, conn_list_t *, int (*function)(conn_list_t*, conn_list_t*));
#endif /* __TINC_PROTOCOL_H__ */

158
src/tincd.c
View file

@ -17,7 +17,7 @@
along with this program; if not, write to the Free Software
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
$Id: tincd.c,v 1.10 2000/05/31 18:23:06 zarq Exp $
$Id: tincd.c,v 1.11 2000/10/18 20:12:10 zarq Exp $
*/
#include "config.h"
@ -30,6 +30,7 @@
#include <sys/types.h>
#include <syslog.h>
#include <unistd.h>
#include <signal.h>
#ifdef HAVE_SYS_IOCTL_H
# include <sys/ioctl.h>
@ -43,6 +44,7 @@
#include "encr.h"
#include "net.h"
#include "netutl.h"
#include "protocol.h"
#include "system.h"
@ -61,10 +63,7 @@ static int kill_tincd = 0;
/* If zero, don't detach from the terminal. */
static int do_detach = 1;
char *confbase = NULL; /* directory in which all config files are */
char *configfilename = NULL; /* configuration file name */
char *identname; /* program name for syslog */
char *netname = NULL; /* name of the vpn network */
char *pidfilename; /* pid file location */
static pid_t ppid; /* pid of non-detached part */
char **g_argv; /* a copy of the cmdline arguments */
@ -96,7 +95,7 @@ usage(int status)
else
{
printf(_("Usage: %s [option]...\n\n"), program_name);
printf(_(" -c, --config=FILE Read configuration options from FILE.\n"
printf(_(" -c, --config=DIR Read configuration options from DIR.\n"
" -D, --no-detach Don't fork and detach.\n"
" -d Increase debug level.\n"
" -k, --kill Attempt to kill a running tincd and exit.\n"
@ -123,8 +122,8 @@ parse_options(int argc, char **argv, char **envp)
case 0: /* long option */
break;
case 'c': /* config file */
configfilename = xmalloc(strlen(optarg)+1);
strcpy(configfilename, optarg);
confbase = xmalloc(strlen(optarg)+1);
strcpy(confbase, optarg);
break;
case 'D': /* no detach */
do_detach = 0;
@ -156,7 +155,7 @@ parse_options(int argc, char **argv, char **envp)
void memory_full(int size)
{
syslog(LOG_ERR, _("Memory exhausted (last is %s:%d) (couldn't allocate %d bytes); exiting."), cp_file, cp_line, size);
syslog(LOG_ERR, _("Memory exhausted (last is %s:%d) (couldn't allocate %d bytes), exiting."), cp_file, cp_line, size);
exit(1);
}
@ -180,7 +179,7 @@ int detach(void)
if(pid) /* parent process */
{
signal(SIGTERM, parent_exit);
sleep(600); /* wait 10 minutes */
// sleep(600); /* wait 10 minutes */
exit(1);
}
}
@ -210,11 +209,11 @@ int detach(void)
openlog(identname, LOG_CONS | LOG_PID, LOG_DAEMON);
if(debug_lvl > 1)
syslog(LOG_NOTICE, _("tincd %s (%s %s) starting, debug level %d."),
if(debug_lvl > 0)
syslog(LOG_NOTICE, _("tincd %s (%s %s) starting, debug level %d"),
VERSION, __DATE__, __TIME__, debug_lvl);
else
syslog(LOG_NOTICE, _("tincd %s starting, debug level %d."), VERSION, debug_lvl);
syslog(LOG_NOTICE, _("tincd %s starting"), VERSION, debug_lvl);
xalloc_fail_func = memory_full;
@ -229,7 +228,7 @@ void cleanup_and_exit(int c)
close_network_connections();
if(debug_lvl > 0)
syslog(LOG_INFO, _("Total bytes written: tap %d, socket %d; bytes read: tap %d, socket %d."),
syslog(LOG_INFO, _("Total bytes written: tap %d, socket %d; bytes read: tap %d, socket %d"),
total_tap_out, total_socket_out, total_tap_in, total_socket_in);
closelog();
@ -291,35 +290,24 @@ int kill_other(void)
*/
void make_names(void)
{
if(!configfilename)
{
if(netname)
{
configfilename = xmalloc(strlen(netname)+18+strlen(CONFDIR));
sprintf(configfilename, "%s/tinc/%s/tinc.conf", CONFDIR, netname);
}
else
{
configfilename = xmalloc(17+strlen(CONFDIR));
sprintf(configfilename, "%s/tinc/tinc.conf", CONFDIR);
}
}
if(netname)
{
pidfilename = xmalloc(strlen(netname)+20);
sprintf(pidfilename, "/var/run/tinc.%s.pid", netname);
confbase = xmalloc(strlen(netname)+8+strlen(CONFDIR));
sprintf(confbase, "%s/tinc/%s/", CONFDIR, netname);
identname = xmalloc(strlen(netname)+7);
sprintf(identname, "tinc.%s", netname);
if(!pidfilename)
asprintf(&pidfilename, "/var/run/tinc.%s.pid", netname);
if(!confbase)
asprintf(&confbase, "%s/tinc/%s", CONFDIR, netname);
if(!identname)
asprintf(&identname, "tinc.%s", netname);
}
else
{
pidfilename = "/var/run/tinc.pid";
confbase = xmalloc(7+strlen(CONFDIR));
sprintf(confbase, "%s/tinc/", CONFDIR);
identname = "tinc";
netname = "bla";
if(!pidfilename)
pidfilename = "/var/run/tinc.pid";
if(!confbase)
asprintf(&confbase, "%s/tinc", CONFDIR);
if(!identname)
identname = "tinc";
}
}
@ -332,17 +320,20 @@ main(int argc, char **argv, char **envp)
bindtextdomain (PACKAGE, LOCALEDIR);
textdomain (PACKAGE);
/* Do some intl stuff right now */
unknown = _("unknown");
parse_options(argc, argv, envp);
if(show_version)
{
printf(_("%s version %s\n"), PACKAGE, VERSION);
printf(_("Copyright (C) 1998,1999,2000 Ivo Timmermans and others,\n"
"see the AUTHORS file for a complete list.\n\n"
printf(_("%s version %s (built %s %s, protocol %d)\n"), PACKAGE, VERSION, __DATE__, __TIME__, PROT_CURRENT);
printf(_("Copyright (C) 1998,1999,2000 Ivo Timmermans, Guus Sliepen and others.\n"
"See the AUTHORS file for a complete list.\n\n"
"tinc comes with ABSOLUTELY NO WARRANTY. This is free software,\n"
"and you are welcome to redistribute it under certain conditions;\n"
"see the file COPYING for details.\n\n"));
printf(_("This product includes software developed by Eric Young (eay@mincom.oz.au)\n"));
"see the file COPYING for details.\n"));
return 0;
}
@ -352,7 +343,7 @@ main(int argc, char **argv, char **envp)
if(geteuid())
{
fprintf(stderr, _("You must be root to run this program. sorry.\n"));
fprintf(stderr, _("You must be root to run this program. Sorry.\n"));
return 1;
}
@ -363,7 +354,7 @@ main(int argc, char **argv, char **envp)
if(kill_tincd)
exit(kill_other());
if(read_config_file(configfilename))
if(read_server_config())
return 1;
setup_signals();
@ -371,16 +362,32 @@ main(int argc, char **argv, char **envp)
if(detach())
exit(0);
/* FIXME: wt* is this suppose to do?
if(security_init())
return 1;
*/
for(;;)
{
if(!setup_network_connections())
{
main_loop();
cleanup_and_exit(1);
}
syslog(LOG_ERR, _("Unrecoverable error"));
cp_trace();
if(setup_network_connections())
cleanup_and_exit(1);
main_loop();
cleanup_and_exit(1);
return 1;
if(do_detach)
{
syslog(LOG_NOTICE, _("Restarting in %d seconds!"), MAXTIMEOUT);
sleep(MAXTIMEOUT);
}
else
{
syslog(LOG_ERR, _("Aieee! Not restarting."));
exit(0);
}
}
}
RETSIGTYPE
@ -402,41 +409,45 @@ sigquit_handler(int a)
RETSIGTYPE
sigsegv_square(int a)
{
syslog(LOG_NOTICE, _("Got another SEGV signal: not restarting"));
syslog(LOG_ERR, _("Got another SEGV signal: not restarting"));
exit(0);
}
RETSIGTYPE
sigsegv_handler(int a)
{
if(cp_file)
syslog(LOG_NOTICE, _("Got SEGV signal after %s line %d. Trying to re-execute."),
cp_file, cp_line);
syslog(LOG_ERR, _("Got SEGV signal"));
cp_trace();
if(do_detach)
{
syslog(LOG_NOTICE, _("Trying to re-execute in 5 seconds..."));
signal(SIGSEGV, sigsegv_square);
close_network_connections();
sleep(5);
remove_pid(pidfilename);
execvp(g_argv[0], g_argv);
}
else
syslog(LOG_NOTICE, _("Got SEGV signal; trying to re-execute."));
signal(SIGSEGV, sigsegv_square);
close_network_connections();
remove_pid(pidfilename);
execvp(g_argv[0], g_argv);
{
syslog(LOG_NOTICE, _("Aieee! Not restarting."));
exit(0);
}
}
RETSIGTYPE
sighup_handler(int a)
{
if(debug_lvl > 0)
syslog(LOG_NOTICE, _("Got HUP signal"));
close_network_connections();
setup_network_connections();
/* FIXME: read config-file and re-establish network connections */
syslog(LOG_NOTICE, _("Got HUP signal, rereading configuration and restarting"));
sighup = 1;
}
RETSIGTYPE
sigint_handler(int a)
{
if(debug_lvl > 0)
syslog(LOG_NOTICE, _("Got INT signal"));
syslog(LOG_NOTICE, _("Got INT signal, exiting"));
cleanup_and_exit(0);
}
@ -450,18 +461,17 @@ RETSIGTYPE
sigusr2_handler(int a)
{
if(debug_lvl > 1)
syslog(LOG_NOTICE, _("Forcing new key generation"));
syslog(LOG_NOTICE, _("Got USR2 signal, forcing new key generation"));
/* FIXME: reprogram this.
regenerate_keys();
*/
}
RETSIGTYPE
sighuh(int a)
{
if(cp_file)
syslog(LOG_NOTICE, _("Got unexpected signal (%d) after %s line %d."),
a, cp_file, cp_line);
else
syslog(LOG_NOTICE, _("Got unexpected signal (%d)."), a);
syslog(LOG_WARNING, _("Got unexpected signal %d (%s)"), a, strsignal(a));
cp_trace();
}
void
@ -485,7 +495,7 @@ setup_signals(void)
signal(SIGINT, sigint_handler);
signal(SIGUSR1, sigusr1_handler);
signal(SIGUSR2, sigusr2_handler);
signal(SIGCHLD, parent_exit);
// signal(SIGCHLD, parent_exit);
}
RETSIGTYPE parent_exit(int a)