j3d1/tinc
1
0
Fork 0
Code Issues 1 Pull requests Releases Wiki Activity

- Allow ASN1 style keys to be in the config files.

Browse source 
Note: tinc ignores private key in the main config file, tinc.conf,
  because it should really be in a separate file.
- When generating new keys, check if name is known and by default append
  the public key to the host configuration file (otherwise rsa_key.pub).
This commit is contained in:
Guus Sliepen 2001-01-13 16:36:23 +00:00
parent 44c85ab07e
commit a56df1e06b
4 changed files with 91 additions and 45 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

71
src/conf.c
View file

@ -19,7 +19,7 @@
along with this program; if not, write to the Free Software
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
$Id: conf.c,v 1.9.4.38 2001/01/07 17:08:55 guus Exp $
$Id: conf.c,v 1.9.4.39 2001/01/13 16:36:20 guus Exp $
*/
#include "config.h"
@ -228,7 +228,7 @@ int read_config_file(config_t **base, const char *fname)
FILE *fp;
char *buffer, *line;
char *p, *q;
int i, lineno = 0;
int i, lineno = 0, ignore = 0;
config_t *cfg;
size_t bufsize;
@ -265,35 +265,44 @@ cp
if(p[0] == '#')
continue; /* comment: ignore */
for(i = 0; hazahaza[i].name != NULL; i++)
if(!strcasecmp(hazahaza[i].name, p))
break;
if(!strcmp(p, "-----BEGIN"))
ignore = 1;
if(ignore == 0)
{
for(i = 0; hazahaza[i].name != NULL; i++)
if(!strcasecmp(hazahaza[i].name, p))
break;
if(!hazahaza[i].name)
{
syslog(LOG_ERR, _("Invalid variable name `%s' on line %d while reading config file %s"),
p, lineno, fname);
break;
}
if(!hazahaza[i].name)
{
syslog(LOG_ERR, _("Invalid variable name `%s' on line %d while reading config file %s"),
p, lineno, fname);
break;
}
if(((q = strtok(NULL, "\t\n\r =")) == NULL) || q[0] == '#')
{
syslog(LOG_ERR, _("No value for variable `%s' on line %d while reading config file %s"),
hazahaza[i].name, lineno, fname);
break;
}
if(((q = strtok(NULL, "\t\n\r =")) == NULL) || q[0] == '#')
{
syslog(LOG_ERR, _("No value for variable `%s' on line %d while reading config file %s"),
hazahaza[i].name, lineno, fname);
break;
}
cfg = add_config_val(base, hazahaza[i].argtype, q);
if(cfg == NULL)
{
syslog(LOG_ERR, _("Invalid value for variable `%s' on line %d while reading config file %s"),
hazahaza[i].name, lineno, fname);
break;
}
cfg = add_config_val(base, hazahaza[i].argtype, q);
if(cfg == NULL)
{
syslog(LOG_ERR, _("Invalid value for variable `%s' on line %d while reading config file %s"),
hazahaza[i].name, lineno, fname);
break;
}
cfg->which = hazahaza[i].which;
if(!config)
config = cfg;
cfg->which = hazahaza[i].which;
if(!config)
config = cfg;
}
if(!strcmp(p, "-----END"))
ignore = 0;
}
free(buffer);
@ -462,7 +471,7 @@ check2:
return 1;
}
FILE *ask_and_safe_open(const char* filename, const char* what)
FILE *ask_and_safe_open(const char* filename, const char* what, const char* mode)
{
FILE *r;
char *directory;
@ -509,14 +518,14 @@ FILE *ask_and_safe_open(const char* filename, const char* what)
umask(0077); /* Disallow everything for group and other */
/* Open it first to keep the inode busy */
if((r = fopen(fn, "w")) == NULL)
if((r = fopen(fn, mode)) == NULL)
{
fprintf(stderr, _("Error opening file `%s': %m\n"),
fn);
free(fn);
return NULL;
}
/* Then check the file for nasty attacks */
if(!is_safe_path(fn)) /* Do not permit any directories that are
readable or writeable by other users. */
@ -530,6 +539,6 @@ FILE *ask_and_safe_open(const char* filename, const char* what)
}
free(fn);
return r;
}

4
src/conf.h
View file

@ -17,7 +17,7 @@
along with this program; if not, write to the Free Software
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
$Id: conf.h,v 1.6.4.21 2001/01/07 17:08:56 guus Exp $
$Id: conf.h,v 1.6.4.22 2001/01/13 16:36:21 guus Exp $
*/
#ifndef __TINC_CONF_H__
@ -99,6 +99,6 @@ extern int read_config_file(config_t **, const char *);
extern const config_t *get_config_val(config_t *, which_t type);
extern void clear_config();
extern int read_server_config(void);
extern FILE *ask_and_safe_open(const char*, const char*);
extern FILE *ask_and_safe_open(const char*, const char*, const char *);
#endif /* __TINC_CONF_H__ */

33
src/net.c
View file

@ -17,7 +17,7 @@
along with this program; if not, write to the Free Software
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
$Id: net.c,v 1.35.4.93 2001/01/11 11:19:08 guus Exp $
$Id: net.c,v 1.35.4.94 2001/01/13 16:36:21 guus Exp $
*/
#include "config.h"
@ -610,17 +610,24 @@ int read_rsa_public_key(connection_t *cl)
{
config_t const *cfg;
FILE *fp;
char *fname;
void *result;
cp
if(!cl->rsa_key)
cl->rsa_key = RSA_new();
/* First, check for simple PublicKey statement */
if((cfg = get_config_val(cl->config, config_publickey)))
{
BN_hex2bn(&cl->rsa_key->n, cfg->data.ptr);
BN_hex2bn(&cl->rsa_key->e, "FFFF");
return 0;
}
else if((cfg = get_config_val(cl->config, config_publickeyfile)))
/* Else, check for PublicKeyFile statement and read it */
if((cfg = get_config_val(cl->config, config_publickeyfile)))
{
if(is_safe_path(cfg->data.ptr))
{
@ -638,17 +645,31 @@ cp
cfg->data.ptr);
return -1;
}
return 0;
}
else
return -1;
}
else
/* Else, check if a harnessed public key is in the config file */
asprintf(&fname, "%s/hosts/%s", confbase, cl->name);
if((fp = fopen(fname, "r")))
{
syslog(LOG_ERR, _("No public key for %s specified!"), cl->name);
return -1;
result = PEM_read_RSAPublicKey(fp, &cl->rsa_key, NULL, NULL);
fclose(fp);
free(fname);
if(result)
return 0;
}
free(fname);
/* Nothing worked. */
syslog(LOG_ERR, _("No public key for %s specified!"), cl->name);
cp
return 0;
return -1;
}
int read_rsa_private_key(void)

28
src/tincd.c
View file

@ -17,7 +17,7 @@
along with this program; if not, write to the Free Software
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
$Id: tincd.c,v 1.10.4.41 2001/01/07 17:09:07 guus Exp $
$Id: tincd.c,v 1.10.4.42 2001/01/13 16:36:23 guus Exp $
*/
#include "config.h"
@ -229,6 +229,7 @@ int keygen(int bits)
{
RSA *rsa_key;
FILE *f;
config_t const *cfg;
char *filename;
fprintf(stderr, _("Generating %d bits keys:\n"), bits);
@ -242,16 +243,28 @@ int keygen(int bits)
else
fprintf(stderr, _("Done.\n"));
asprintf(&filename, "%s/rsa_key.pub", confbase);
if((f = ask_and_safe_open(filename, _("public RSA key"))) == NULL)
if(config && (cfg = get_config_val(config, config_name)))
asprintf(&filename, "%s/hosts/%s", confbase, cfg->data.ptr);
else
asprintf(&filename, "%s/rsa_key.priv");
if((f = ask_and_safe_open(filename, _("public RSA key"), "a")) == NULL)
return -1;
if(ftell(f))
fprintf(stderr, _("Appending key to existing contents.\nMake sure only one key is stored in the file."));
PEM_write_RSAPublicKey(f, rsa_key);
fclose(f);
free(filename);
asprintf(&filename, "%s/rsa_key.priv", confbase);
if((f = ask_and_safe_open(filename, _("private RSA key"))) == NULL)
if((f = ask_and_safe_open(filename, _("private RSA key"), "a")) == NULL)
return -1;
if(ftell(f))
fprintf(stderr, _("Appending key to existing contents.\nMake sure only one key is stored in the file."));
PEM_write_RSAPrivateKey(f, rsa_key, NULL, NULL, 0, NULL, NULL);
fclose(f);
free(filename);
@ -334,8 +347,11 @@ cp
RAND_load_file("/dev/urandom", 1024);
cp
if(generate_keys)
exit(keygen(generate_keys));
{
read_server_config();
exit(keygen(generate_keys));
}
if(kill_tincd)
exit(kill_other());