diff --git a/src/connection.c b/src/connection.c index 9a26ec9d..6229e79d 100644 --- a/src/connection.c +++ b/src/connection.c @@ -130,11 +130,11 @@ void dump_connections(void) { bool read_connection_config(connection_t *c) { char *fname; - int x; + bool x; xasprintf(&fname, "%s/hosts/%s", confbase, c->name); x = read_config_file(c->config_tree, fname); free(fname); - return x == 0; + return x; } diff --git a/src/net_setup.c b/src/net_setup.c index 6360c597..cad84ccb 100644 --- a/src/net_setup.c +++ b/src/net_setup.c @@ -201,6 +201,65 @@ bool read_rsa_private_key(void) { return true; } +/* + Read Subnets from all host config files +*/ +static void load_all_subnets(void) { + DIR *dir; + struct dirent *ent; + char *dname; + char *fname; + avl_tree_t *config_tree; + config_t *cfg; + subnet_t *s; + node_t *n; + bool result; + + xasprintf(&dname, "%s/hosts", confbase); + dir = opendir(dname); + if(!dir) { + logger(LOG_ERR, "Could not open %s: %s", dname, strerror(errno)); + free(dname); + return; + } + + while((ent = readdir(dir))) { + if(!check_id(ent->d_name)) + continue; + + n = lookup_node(ent->d_name); + if(n) + continue; + + #ifdef _DIRENT_HAVE_D_TYPE + //if(ent->d_type != DT_REG) + // continue; + #endif + + xasprintf(&fname, "%s/hosts/%s", confbase, ent->d_name); + init_configuration(&config_tree); + result = read_config_file(config_tree, fname); + free(fname); + if(!result) + continue; + + n = new_node(); + n->name = xstrdup(ent->d_name); + node_add(n); + + for(cfg = lookup_config(config_tree, "Subnet"); cfg; cfg = lookup_config_next(config_tree, cfg)) { + if(!get_config_subnet(cfg, &s)) + continue; + + subnet_add(n, s); + } + + exit_configuration(&config_tree); + } + + closedir(dir); +} + /* Configure node_t myself and set up the local sockets (listen only) */ @@ -426,6 +485,9 @@ bool setup_myself(void) { graph(); + if(tunnelserver) + load_all_subnets(); + /* Open device */ if(!setup_device()) diff --git a/src/protocol_subnet.c b/src/protocol_subnet.c index ba75c899..7098e2a0 100644 --- a/src/protocol_subnet.c +++ b/src/protocol_subnet.c @@ -104,29 +104,12 @@ bool add_subnet_h(connection_t *c) { return true; } - /* In tunnel server mode, check if the subnet matches one in the config file of this node */ + /* In tunnel server mode, we should already know all allowed subnets */ if(tunnelserver) { - config_t *cfg; - subnet_t *allowed; - - for(cfg = lookup_config(c->config_tree, "Subnet"); cfg; cfg = lookup_config_next(c->config_tree, cfg)) { - if(!get_config_subnet(cfg, &allowed)) - continue; - - if(!subnet_compare(&s, allowed)) - break; - - free_subnet(allowed); - } - - if(!cfg) { - logger(LOG_WARNING, "Ignoring unauthorized %s from %s (%s): %s", - "ADD_SUBNET", c->name, c->hostname, subnetstr); - return true; - } - - free_subnet(allowed); + logger(LOG_WARNING, "Ignoring unauthorized %s from %s (%s): %s", + "ADD_SUBNET", c->name, c->hostname, subnetstr); + return true; } /* If everything is correct, add the subnet to the list of the owner */ @@ -139,8 +122,7 @@ bool add_subnet_h(connection_t *c) { /* Tell the rest */ - if(!tunnelserver) - forward_request(c); + forward_request(c); /* Fast handoff of roaming MAC addresses */ @@ -228,10 +210,12 @@ bool del_subnet_h(connection_t *c) { return true; } + if(tunnelserver) + return true; + /* Tell the rest */ - if(!tunnelserver) - forward_request(c); + forward_request(c); /* Finally, delete it. */