j3d1/tinc
1
0
Fork 0
Code Issues 1 Pull requests Releases Wiki Activity

- Don't even think about using sscanf with %as anymore

Browse source 
- Allow keys to be inside the config files or in a seperate file
- Small fixes
This commit is contained in:
Guus Sliepen 2000-12-22 21:34:24 +00:00
parent ecae72de94
commit e1707f7739
8 changed files with 101 additions and 99 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
acconfig.h
View file

@ -64,6 +64,3 @@
/* Define to 1 if checkpoint tracing is enabled */ /* Define to 1 if checkpoint tracing is enabled */
#undef ENABLE_TRACING #undef ENABLE_TRACING
/* Define to 1 if scanf and friends understand %as */
#undef HAVE_SCANF_AS

4
configure.in
View file

@ -1,6 +1,6 @@
dnl Process this file with autoconf to produce a configure script. dnl Process this file with autoconf to produce a configure script.
dnl $Id: configure.in,v 1.13.2.28 2000/11/29 01:37:50 zarq Exp $ dnl $Id: configure.in,v 1.13.2.29 2000/12/22 21:34:19 guus Exp $
AC_INIT(src/tincd.c) AC_INIT(src/tincd.c)
AM_INIT_AUTOMAKE(tinc, 1.0pre4-cvs) AM_INIT_AUTOMAKE(tinc, 1.0pre4-cvs)
@ -84,8 +84,6 @@ AC_CHECK_FUNC(gethostbyname, [], [
dnl These are defined in files in m4/ dnl These are defined in files in m4/
tinc_TUNTAP tinc_TUNTAP
tinc_OPENSSL tinc_OPENSSL
tinc_SCANF_AS
dnl Check if checkpoint tracing has to be enabled dnl Check if checkpoint tracing has to be enabled
AC_ARG_ENABLE(tracing, AC_ARG_ENABLE(tracing,

25
m4/gnuscanf.m4
View file

@ -1,25 +0,0 @@
dnl Check for a scanf that understands about %as as format specifier
AC_DEFUN(tinc_SCANF_AS,
[
AC_CACHE_CHECK([for a scanf that groks %as], tinc_cv_scanf_as,
[
AC_TRY_RUN([
/* Very naive program which will probably give a segmentation
fault if the sscanf doesn't work as expected. */
#include <stdio.h>
int main() {
char*s = NULL;
sscanf("string\n", "%as\n", &s);
if(s == NULL)
return 1;
return strcmp("string", s);
}
], [tinc_cv_scanf_as="yes"], [tinc_cv_scanf_as="no"])
])
if test "$tinc_cv_scanf_as" = "yes" ; then
AC_DEFINE(HAVE_SCANF_AS)
AC_SUBST(HAVE_SCANF_AS)
fi
])

13
src/conf.c
View file

@ -19,7 +19,7 @@
along with this program; if not, write to the Free Software along with this program; if not, write to the Free Software
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
$Id: conf.c,v 1.9.4.34 2000/12/06 13:33:48 zarq Exp $ $Id: conf.c,v 1.9.4.35 2000/12/22 21:34:20 guus Exp $
*/ */
#include "config.h" #include "config.h"
@ -68,6 +68,7 @@ static internal_config_t hazahaza[] = {
{ "Name", config_name, TYPE_NAME }, { "Name", config_name, TYPE_NAME },
{ "PingTimeout", config_pingtimeout, TYPE_INT }, { "PingTimeout", config_pingtimeout, TYPE_INT },
{ "PrivateKey", config_privatekey, TYPE_NAME }, { "PrivateKey", config_privatekey, TYPE_NAME },
{ "PrivateKeyFile", config_privatekeyfile, TYPE_NAME },
{ "TapDevice", config_tapdevice, TYPE_NAME }, { "TapDevice", config_tapdevice, TYPE_NAME },
{ "VpnMask", config_dummy, TYPE_IP }, { "VpnMask", config_dummy, TYPE_IP },
/* Host configuration file keywords */ /* Host configuration file keywords */
@ -75,6 +76,7 @@ static internal_config_t hazahaza[] = {
{ "IndirectData", config_indirectdata, TYPE_BOOL }, { "IndirectData", config_indirectdata, TYPE_BOOL },
{ "Port", config_port, TYPE_INT }, { "Port", config_port, TYPE_INT },
{ "PublicKey", config_publickey, TYPE_NAME }, { "PublicKey", config_publickey, TYPE_NAME },
{ "PublicKeyFile", config_publickeyfile, TYPE_NAME },
{ "RestrictAddress", config_restrictaddress, TYPE_BOOL }, { "RestrictAddress", config_restrictaddress, TYPE_BOOL },
{ "RestrictHosts", config_restricthosts, TYPE_BOOL }, { "RestrictHosts", config_restricthosts, TYPE_BOOL },
{ "RestrictPort", config_restrictport, TYPE_BOOL }, { "RestrictPort", config_restrictport, TYPE_BOOL },
@ -232,7 +234,10 @@ int read_config_file(config_t **base, const char *fname)
cp cp
if((fp = fopen (fname, "r")) == NULL) if((fp = fopen (fname, "r")) == NULL)
return -1; {
syslog(LOG_ERR, _("Cannot open config file %s: %m"), fname);
return -1;
}
bufsize = 100; bufsize = 100;
buffer = xmalloc(bufsize); buffer = xmalloc(bufsize);
@ -273,7 +278,7 @@ cp
if(((q = strtok(NULL, "\t\n\r =")) == NULL) || q[0] == '#') if(((q = strtok(NULL, "\t\n\r =")) == NULL) || q[0] == '#')
{ {
fprintf(stderr, _("No value for variable `%s' on line %d while reading config file %s"), syslog(LOG_ERR, _("No value for variable `%s' on line %d while reading config file %s"),
hazahaza[i].name, lineno, fname); hazahaza[i].name, lineno, fname);
break; break;
} }
@ -281,7 +286,7 @@ cp
cfg = add_config_val(base, hazahaza[i].argtype, q); cfg = add_config_val(base, hazahaza[i].argtype, q);
if(cfg == NULL) if(cfg == NULL)
{ {
fprintf(stderr, _("Invalid value for variable `%s' on line %d while reading config file %s"), syslog(LOG_ERR, _("Invalid value for variable `%s' on line %d while reading config file %s"),
hazahaza[i].name, lineno, fname); hazahaza[i].name, lineno, fname);
break; break;
} }

4
src/conf.h
View file

@ -17,7 +17,7 @@
along with this program; if not, write to the Free Software along with this program; if not, write to the Free Software
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
$Id: conf.h,v 1.6.4.18 2000/12/06 13:33:49 zarq Exp $ $Id: conf.h,v 1.6.4.19 2000/12/22 21:34:20 guus Exp $
*/ */
#ifndef __TINC_CONF_H__ #ifndef __TINC_CONF_H__
@ -39,6 +39,7 @@ typedef enum which_t {
config_pingtimeout, config_pingtimeout,
config_tapdevice, config_tapdevice,
config_privatekey, config_privatekey,
config_privatekeyfile,
config_keyexpire, config_keyexpire,
config_hostnames, config_hostnames,
config_interface, config_interface,
@ -46,6 +47,7 @@ typedef enum which_t {
config_address, config_address,
config_port, config_port,
config_publickey, config_publickey,
config_publickeyfile,
config_subnet, config_subnet,
config_restricthosts, config_restricthosts,
config_restrictsubnets, config_restrictsubnets,

129
src/net.c
View file

@ -17,7 +17,7 @@
along with this program; if not, write to the Free Software along with this program; if not, write to the Free Software
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
$Id: net.c,v 1.35.4.87 2000/12/05 08:59:29 zarq Exp $ $Id: net.c,v 1.35.4.88 2000/12/22 21:34:20 guus Exp $
*/ */
#include "config.h" #include "config.h"
@ -698,59 +698,89 @@ cp
return 0; return 0;
} }
int read_rsa_public_key(RSA **key, const char *file) int read_rsa_public_key(connection_t *cl)
{
FILE *fp;
if((fp = fopen(file, "r")) == NULL)
{
syslog(LOG_ERR, _("Error reading RSA public key file `%s': %m"),
file);
return -1;
}
if(PEM_read_RSAPublicKey(fp, key, NULL, NULL) == NULL)
{
syslog(LOG_ERR, _("Reading RSA private key file `%s' failed: %m"),
file);
return -1;
}
return 0;
}
int read_rsa_private_key(RSA **key, const char *file)
{
FILE *fp;
if((fp = fopen(file, "r")) == NULL)
{
syslog(LOG_ERR, _("Error reading RSA private key file `%s': %m"),
file);
return -1;
}
if(PEM_read_RSAPrivateKey(fp, key, NULL, NULL) == NULL)
{
syslog(LOG_ERR, _("Reading RSA private key file `%s' failed: %m"),
file);
return -1;
}
return 0;
}
int read_rsa_keys(void)
{ {
config_t const *cfg; config_t const *cfg;
FILE *fp;
void *result;
cp
if(!cl->rsa_key)
cl->rsa_key = RSA_new();
if(!(cfg = get_config_val(config, config_privatekey))) if((cfg = get_config_val(cl->config, config_publickey)))
{ {
syslog(LOG_ERR, _("Private key for tinc daemon required!")); BN_hex2bn(&cl->rsa_key->n, cfg->data.ptr);
BN_hex2bn(&cl->rsa_key->e, "FFFF");
}
else if((cfg = get_config_val(cl->config, config_publickeyfile)))
{
if(is_safe_path(cfg->data.ptr))
{
if((fp = fopen(cfg->data.ptr, "r")) == NULL)
{
syslog(LOG_ERR, _("Error reading RSA public key file `%s': %m"),
cfg->data.ptr);
return -1;
}
result = PEM_read_RSAPublicKey(fp, &cl->rsa_key, NULL, NULL);
fclose(fp);
if(!result)
{
syslog(LOG_ERR, _("Reading RSA public key file `%s' failed: %m"),
cfg->data.ptr);
return -1;
}
}
else
return -1;
}
else
{
syslog(LOG_ERR, _("No public key for %s specified!"), cl->name);
return -1; return -1;
} }
cp
return 0;
}
myself->rsa_key = RSA_new(); int read_rsa_private_key(void)
{
config_t const *cfg;
FILE *fp;
void *result;
cp
if(!myself->rsa_key)
myself->rsa_key = RSA_new();
return read_rsa_private_key(&(myself->rsa_key), cfg->data.ptr); if((cfg = get_config_val(config, config_privatekey)))
{
BN_hex2bn(&myself->rsa_key->d, cfg->data.ptr);
BN_hex2bn(&myself->rsa_key->e, "FFFF");
}
else if((cfg = get_config_val(config, config_privatekeyfile)))
{
if((fp = fopen(cfg->data.ptr, "r")) == NULL)
{
syslog(LOG_ERR, _("Error reading RSA private key file `%s': %m"),
cfg->data.ptr);
return -1;
}
result = PEM_read_RSAPrivateKey(fp, &myself->rsa_key, NULL, NULL);
fclose(fp);
if(!result)
{
syslog(LOG_ERR, _("Reading RSA private key file `%s' failed: %m"),
cfg->data.ptr);
return -1;
}
}
else
{
syslog(LOG_ERR, _("No private key for tinc daemon specified!"));
return -1;
}
cp
return 0;
} }
/* /*
@ -782,7 +812,7 @@ cp
return -1; return -1;
} }
cp cp
if(read_rsa_keys()) if(read_rsa_private_key())
return -1; return -1;
if(read_host_config(myself)) if(read_host_config(myself))
@ -790,6 +820,9 @@ cp
syslog(LOG_ERR, _("Cannot open host configuration file for myself!")); syslog(LOG_ERR, _("Cannot open host configuration file for myself!"));
return -1; return -1;
} }
if(read_rsa_public_key(myself))
return -1;
cp cp
/* /*
@ -1159,7 +1192,7 @@ cp
if(!cl) if(!cl)
{ {
syslog(LOG_WARNING, _("Received UDP packets on port %d from unknown source %lx:%d"), ntohl(from.sin_addr.s_addr), ntohs(from.sin_port)); syslog(LOG_WARNING, _("Received UDP packets on port %d from unknown source %lx:%d"), myself->port, ntohl(from.sin_addr.s_addr), ntohs(from.sin_port));
return 0; return 0;
} }

4
src/net.h
View file

@ -16,7 +16,7 @@
along with this program; if not, write to the Free Software along with this program; if not, write to the Free Software
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
$Id: net.h,v 1.9.4.23 2000/11/30 23:18:21 zarq Exp $ $Id: net.h,v 1.9.4.24 2000/12/22 21:34:23 guus Exp $
*/ */
#ifndef __TINC_NET_H__ #ifndef __TINC_NET_H__
@ -128,6 +128,6 @@ extern void add_queue(packet_queue_t **, void *, size_t);
# include <rsa.h> # include <rsa.h>
#endif #endif
extern int read_rsa_public_key(RSA **, const char *); extern int read_rsa_public_key(connection_t *);
#endif /* __TINC_NET_H__ */ #endif /* __TINC_NET_H__ */

18
src/protocol.c
View file

@ -17,7 +17,7 @@
along with this program; if not, write to the Free Software along with this program; if not, write to the Free Software
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
$Id: protocol.c,v 1.28.4.69 2000/12/05 08:59:30 zarq Exp $ $Id: protocol.c,v 1.28.4.70 2000/12/22 21:34:24 guus Exp $
*/ */
#include "config.h" #include "config.h"
@ -255,17 +255,9 @@ cp
/* Read in the public key, so that we can send a challenge */ /* Read in the public key, so that we can send a challenge */
if((cfg = get_config_val(cl->config, config_publickey))) if(read_rsa_public_key(cl))
{ return -1;
cl->rsa_key = RSA_new();
if(read_rsa_public_key(&(cl->rsa_key), cfg->data.ptr) < 0)
return -1;
}
else
{
syslog(LOG_ERR, _("No public key known for %s (%s)"), cl->name, cl->hostname);
return -1;
}
cp cp
return send_challenge(cl); return send_challenge(cl);
} }
@ -300,7 +292,7 @@ cp
} }
/* Encrypt the random data */ /* Encrypt the random data */
if(RSA_public_encrypt(len, cl->hischallenge, buffer, cl->rsa_key, RSA_NO_PADDING) != len) /* NO_PADDING because the message size equals the RSA key size and it is totally random */ if(RSA_public_encrypt(len, cl->hischallenge, buffer, cl->rsa_key, RSA_NO_PADDING) != len) /* NO_PADDING because the message size equals the RSA key size and it is totally random */
{ {
syslog(LOG_ERR, _("Error during encryption of challenge for %s (%s)"), cl->name, cl->hostname); syslog(LOG_ERR, _("Error during encryption of challenge for %s (%s)"), cl->name, cl->hostname);