- Allow ASN1 style keys to be in the config files.

Note: tinc ignores private key in the main config file, tinc.conf, because it should really be in a separate file. - When generating new keys, check if name is known and by default append the public key to the host configuration file (otherwise rsa_key.pub).
2001-01-13 16:36:23 +00:00 · 2001-01-13 16:36:23 +00:00 · a56df1e06b
commit a56df1e06b
parent 44c85ab07e
4 changed files with 91 additions and 45 deletions
--- a/src/conf.c
+++ b/src/conf.c
@ -19,7 +19,7 @@
    along with this program; if not, write to the Free Software
    Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-    $Id: conf.c,v 1.9.4.38 2001/01/07 17:08:55 guus Exp $
+    $Id: conf.c,v 1.9.4.39 2001/01/13 16:36:20 guus Exp $
 */
 #include "config.h"
@ -228,7 +228,7 @@ int read_config_file(config_t **base, const char *fname)
  FILE *fp;
  char *buffer, *line;
  char *p, *q;
-  int i, lineno = 0;
+  int i, lineno = 0, ignore = 0;
  config_t *cfg;
  size_t bufsize;
@ -265,35 +265,44 @@ cp
      if(p[0] == '#')
 	continue; /* comment: ignore */
-      for(i = 0; hazahaza[i].name != NULL; i++)
+      if(!strcmp(p, "-----BEGIN"))
-	if(!strcasecmp(hazahaza[i].name, p))
+        ignore = 1;
-	  break;
+        
      if(ignore == 0)
        {
          for(i = 0; hazahaza[i].name != NULL; i++)
 	    if(!strcasecmp(hazahaza[i].name, p))
 	      break;
-      if(!hazahaza[i].name)
+          if(!hazahaza[i].name)
-	{
+	    {
-	  syslog(LOG_ERR, _("Invalid variable name `%s' on line %d while reading config file %s"),
+	      syslog(LOG_ERR, _("Invalid variable name `%s' on line %d while reading config file %s"),
-		  p, lineno, fname);
+		      p, lineno, fname);
-          break;
+              break;
-	}
+	    }
-      if(((q = strtok(NULL, "\t\n\r =")) == NULL) || q[0] == '#')
+          if(((q = strtok(NULL, "\t\n\r =")) == NULL) || q[0] == '#')
-	{
+	    {
-	  syslog(LOG_ERR, _("No value for variable `%s' on line %d while reading config file %s"),
+	      syslog(LOG_ERR, _("No value for variable `%s' on line %d while reading config file %s"),
-		  hazahaza[i].name, lineno, fname);
+		      hazahaza[i].name, lineno, fname);
-	  break;
+	      break;
-	}
+	    }
-      cfg = add_config_val(base, hazahaza[i].argtype, q);
+          cfg = add_config_val(base, hazahaza[i].argtype, q);
-      if(cfg == NULL)
+          if(cfg == NULL)
-	{
+	    {
-	  syslog(LOG_ERR, _("Invalid value for variable `%s' on line %d while reading config file %s"),
+	      syslog(LOG_ERR, _("Invalid value for variable `%s' on line %d while reading config file %s"),
-		  hazahaza[i].name, lineno, fname);
+		      hazahaza[i].name, lineno, fname);
-	  break;
+	      break;
-	}
+	    }
-      cfg->which = hazahaza[i].which;
+          cfg->which = hazahaza[i].which;
-      if(!config)
+          if(!config)
-	config = cfg;
+	    config = cfg;
       }
      if(!strcmp(p, "-----END"))
        ignore = 0;
    }
  free(buffer);
@ -462,7 +471,7 @@ check2:
  return 1;
 }
-FILE *ask_and_safe_open(const char* filename, const char* what)
+FILE *ask_and_safe_open(const char* filename, const char* what, const char* mode)
 {
  FILE *r;
  char *directory;
@ -509,14 +518,14 @@ FILE *ask_and_safe_open(const char* filename, const char* what)
  umask(0077); /* Disallow everything for group and other */
  /* Open it first to keep the inode busy */
-  if((r = fopen(fn, "w")) == NULL)
+  if((r = fopen(fn, mode)) == NULL)
    {
      fprintf(stderr, _("Error opening file `%s': %m\n"),
 	      fn);
      free(fn);
      return NULL;
    }
-
+    
  /* Then check the file for nasty attacks */
  if(!is_safe_path(fn))  /* Do not permit any directories that are
                            readable or writeable by other users. */
@ -530,6 +539,6 @@ FILE *ask_and_safe_open(const char* filename, const char* what)
    }
  free(fn);
-  
+
  return r;
 }
--- a/src/conf.h
+++ b/src/conf.h
@ -17,7 +17,7 @@
    along with this program; if not, write to the Free Software
    Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-    $Id: conf.h,v 1.6.4.21 2001/01/07 17:08:56 guus Exp $
+    $Id: conf.h,v 1.6.4.22 2001/01/13 16:36:21 guus Exp $
 */
 #ifndef __TINC_CONF_H__
@ -99,6 +99,6 @@ extern int read_config_file(config_t **, const char *);
 extern const config_t *get_config_val(config_t *, which_t type);
 extern void clear_config();
 extern int read_server_config(void);
-extern FILE *ask_and_safe_open(const char*, const char*);
+extern FILE *ask_and_safe_open(const char*, const char*, const char *);
 #endif /* __TINC_CONF_H__ */
--- a/src/net.c
+++ b/src/net.c
@ -17,7 +17,7 @@
    along with this program; if not, write to the Free Software
    Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-    $Id: net.c,v 1.35.4.93 2001/01/11 11:19:08 guus Exp $
+    $Id: net.c,v 1.35.4.94 2001/01/13 16:36:21 guus Exp $
 */
 #include "config.h"
@ -610,17 +610,24 @@ int read_rsa_public_key(connection_t *cl)
 {
  config_t const *cfg;
  FILE *fp;
  char *fname;
  void *result;
 cp
  if(!cl->rsa_key)
    cl->rsa_key = RSA_new();
  /* First, check for simple PublicKey statement */
  if((cfg = get_config_val(cl->config, config_publickey)))
    {
      BN_hex2bn(&cl->rsa_key->n, cfg->data.ptr);
      BN_hex2bn(&cl->rsa_key->e, "FFFF");
      return 0;
    }
-  else if((cfg = get_config_val(cl->config, config_publickeyfile)))
+
  /* Else, check for PublicKeyFile statement and read it */
  if((cfg = get_config_val(cl->config, config_publickeyfile)))
    {
      if(is_safe_path(cfg->data.ptr))
        {
@ -638,17 +645,31 @@ cp
 	             cfg->data.ptr);
              return -1;
            }
          return 0;
        }
      else
        return -1;
    }    
-  else
+
  /* Else, check if a harnessed public key is in the config file */
  asprintf(&fname, "%s/hosts/%s", confbase, cl->name);
  if((fp = fopen(fname, "r")))
    {
-      syslog(LOG_ERR, _("No public key for %s specified!"), cl->name);
+      result = PEM_read_RSAPublicKey(fp, &cl->rsa_key, NULL, NULL);
-      return -1;
+      fclose(fp);
      free(fname);
      if(result)
        return 0;
    }
  free(fname);
  /* Nothing worked. */
  syslog(LOG_ERR, _("No public key for %s specified!"), cl->name);
 cp
-  return 0;
+  return -1;
 }
 int read_rsa_private_key(void)
--- a/src/tincd.c
+++ b/src/tincd.c
@ -17,7 +17,7 @@
    along with this program; if not, write to the Free Software
    Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-    $Id: tincd.c,v 1.10.4.41 2001/01/07 17:09:07 guus Exp $
+    $Id: tincd.c,v 1.10.4.42 2001/01/13 16:36:23 guus Exp $
 */
 #include "config.h"
@ -229,6 +229,7 @@ int keygen(int bits)
 {
  RSA *rsa_key;
  FILE *f;
  config_t const *cfg;
  char *filename;
  fprintf(stderr, _("Generating %d bits keys:\n"), bits);
@ -242,16 +243,28 @@ int keygen(int bits)
  else
    fprintf(stderr, _("Done.\n"));
-  asprintf(&filename, "%s/rsa_key.pub", confbase);
+  if(config && (cfg = get_config_val(config, config_name)))
-  if((f = ask_and_safe_open(filename, _("public RSA key"))) == NULL)
+    asprintf(&filename, "%s/hosts/%s", confbase, cfg->data.ptr);
  else
    asprintf(&filename, "%s/rsa_key.priv");
  if((f = ask_and_safe_open(filename, _("public RSA key"), "a")) == NULL)
    return -1;
  if(ftell(f))
    fprintf(stderr, _("Appending key to existing contents.\nMake sure only one key is stored in the file."));
  PEM_write_RSAPublicKey(f, rsa_key);
  fclose(f);
  free(filename);
  asprintf(&filename, "%s/rsa_key.priv", confbase);
-  if((f = ask_and_safe_open(filename, _("private RSA key"))) == NULL)
+  if((f = ask_and_safe_open(filename, _("private RSA key"), "a")) == NULL)
    return -1;
  if(ftell(f))
    fprintf(stderr, _("Appending key to existing contents.\nMake sure only one key is stored in the file."));
  PEM_write_RSAPrivateKey(f, rsa_key, NULL, NULL, 0, NULL, NULL);
  fclose(f);
  free(filename);
@ -334,8 +347,11 @@ cp
  RAND_load_file("/dev/urandom", 1024);
 cp
  if(generate_keys)
-    exit(keygen(generate_keys));
+    {
-
+      read_server_config();
      exit(keygen(generate_keys));
    }
  if(kill_tincd)
    exit(kill_other());