diff --git a/lib/utils.c b/lib/utils.c index f42ee3ac..c8de214f 100644 --- a/lib/utils.c +++ b/lib/utils.c @@ -17,6 +17,9 @@ Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ +#include +#include + #include "config.h" #include @@ -24,3 +27,29 @@ volatile int cp_line; volatile char *cp_file; +char *charbin2hex = "0123456789ABCDEF"; + +int charhex2bin(char c) +{ + if(isdigit(c)) + return c - '0'; + else + return tolower(c) - 'a' + 10; +} + +void hex2bin(char *src, char *dst, size_t length) +{ + size_t i; + for(i=0; i=0; i--) + { + dst[i*2+1] = charbin2hex[src[i] & 15]; + dst[i*2] = charbin2hex[src[i]>>4]; + } +} diff --git a/lib/utils.h b/lib/utils.h index 9184a339..a4684f3d 100644 --- a/lib/utils.h +++ b/lib/utils.h @@ -20,6 +20,8 @@ #ifndef __TINC_UTILS_H__ #define __TINC_UTILS_H__ +#include + enum { DEBUG_CONNECTIONS = 0, DEBUG_PROTOCOL, @@ -35,4 +37,7 @@ enum { extern volatile int cp_line; extern volatile char *cp_file; +extern void hex2bin(char *src, char *dst, size_t length); +extern void bin2hex(char *src, char *dst, size_t length); + #endif /* __TINC_UTILS_H__ */ diff --git a/src/conf.c b/src/conf.c index 7e135dec..740f4346 100644 --- a/src/conf.c +++ b/src/conf.c @@ -19,7 +19,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: conf.c,v 1.9.4.12 2000/10/11 22:00:57 guus Exp $ + $Id: conf.c,v 1.9.4.13 2000/10/14 17:04:12 guus Exp $ */ @@ -38,13 +38,13 @@ #include /* for cp */ #include "config.h" - +#include "connlist.h" #include "system.h" config_t *config; int debug_lvl = 0; int timeout = 0; /* seconds before timeout */ -char *configfilename = NULL; +char *confbase = NULL; /* directory in which all config files are */ /* Will be set if HUP signal is received. It will be processed when it is safe. */ int sighup = 0; @@ -210,6 +210,18 @@ cp return err; } +int read_server_config() +{ + char *fname; + int x; +cp + asprintf(fname, "%s/tinc.conf", confbase); + x = read_config_file(&config, fname); + free(fname); +cp + return x; +} + /* Look up the value of the config option type */ diff --git a/src/conf.h b/src/conf.h index f17b6ed8..a1ab1620 100644 --- a/src/conf.h +++ b/src/conf.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: conf.h,v 1.6.4.11 2000/10/11 22:00:58 guus Exp $ + $Id: conf.h,v 1.6.4.12 2000/10/14 17:04:13 guus Exp $ */ #ifndef __TINC_CONF_H__ @@ -87,12 +87,13 @@ extern int debug_lvl; extern int timeout; extern int upstreamindex; extern int sighup; -extern char *configfilename; +extern char *confbase; extern config_t *add_config_val(config_t **, int, char *); extern int read_config_file(config_t **, const char *); extern const config_t *get_config_val(config_t *, which_t type); extern const config_t *get_next_config_val(config_t *, which_t type, int); extern void clear_config(); +extern int read_server_config(void); #endif /* __TINC_CONF_H__ */ diff --git a/src/connlist.c b/src/connlist.c index df10ce37..f1b0eba0 100644 --- a/src/connlist.c +++ b/src/connlist.c @@ -17,15 +17,17 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: connlist.c,v 1.1.2.2 2000/10/11 22:00:58 guus Exp $ + $Id: connlist.c,v 1.1.2.3 2000/10/14 17:04:13 guus Exp $ */ #include +#include "net.h" /* Don't ask. */ #include "config.h" +#include "conf.h" #include -#include "net.h" /* Don't ask. */ +#include "system.h" /* Root of the connection list */ @@ -55,8 +57,10 @@ cp free(p->name); if(p->hostname) free(p->hostname); - free_key(p->public_key); - free_key(p->datakey); + if(p->public_key) + RSA_free(p->public_key); + if(p->cipher_pktkey) + free(p->cipher_pktkey); free(p); cp } @@ -79,7 +83,7 @@ cp else conn_list = next; - free_conn_element(p); + free_conn_list(p); } else prev = p; @@ -99,7 +103,7 @@ cp for(p = conn_list; p != NULL; ) { next = p->next; - free_conn_element(p); + free_conn_list(p); p = next; } @@ -204,3 +208,15 @@ cp syslog(LOG_DEBUG, _("End of connection list.")); cp } + +int read_host_config(conn_list_t *cl) +{ + char *fname; + int x; +cp + asprintf(fname, "%s/hosts/%s", confbase, cl->name); + x = read_config_file(&cl->config, fname); + free(fname); +cp + return x; +} diff --git a/src/connlist.h b/src/connlist.h index 0f8edcbb..96a19474 100644 --- a/src/connlist.h +++ b/src/connlist.h @@ -17,13 +17,14 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: connlist.h,v 1.1.2.2 2000/10/11 22:00:58 guus Exp $ + $Id: connlist.h,v 1.1.2.3 2000/10/14 17:04:13 guus Exp $ */ #ifndef __TINC_CONNLIST_H__ #define __TINC_CONNLIST_H__ #include +#include #include "net.h" #include "conf.h" @@ -43,9 +44,7 @@ typedef struct conn_list_t { packet_queue_t *sq; /* pending outgoing packets */ packet_queue_t *rq; /* pending incoming packets (they have no valid key to be decrypted with) */ - enc_key_t *public_key; /* the other party's public key */ - enc_key_t *datakey; /* encrypt data packets with this key */ - enc_key_t *rsakey; + RSA *public_key; /* the other party's public key */ EVP_CIPHER_CTX *cipher_inctx; /* Context of encrypted meta data that will come from him to us */ EVP_CIPHER_CTX *cipher_outctx; /* Context of encrypted meta data that will be sent from us to him */ @@ -53,7 +52,6 @@ typedef struct conn_list_t { EVP_CIPHER_CTX *cipher_pktctx; /* Context of encrypted vpn packets that will be sent to him */ EVP_CIPHER *cipher_pkttype; /* Cipher type for encrypted vpn packets */ char *cipher_pktkey; /* Cipher key */ - char *cipher_pktiv; /* Cipher input vector */ char *buffer; /* metadata input buffer */ int buflen; /* bytes read into buffer */ @@ -92,5 +90,6 @@ extern conn_list_t *lookup_conn_list_mac(mac_t); extern conn_list_t *lookup_conn_list_ipv4(ipv4_t); extern conn_list_t *lookup_conn_list_ipv6(ipv6_t); extern void dump_conn_list(void); +extern int read_host_config(conn_list_t *); #endif /* __TINC_CONNLIST_H__ */ diff --git a/src/net.c b/src/net.c index 59725cad..c7d3acc9 100644 --- a/src/net.c +++ b/src/net.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.34 2000/10/11 22:00:58 guus Exp $ + $Id: net.c,v 1.35.4.35 2000/10/14 17:04:13 guus Exp $ */ #include "config.h" @@ -59,10 +59,6 @@ int total_socket_out = 0; int upstreamindex = 0; static int seconds_till_retry; -/* The global list of existing connections */ -conn_list_t *conn_list = NULL; -conn_list_t *myself = NULL; - /* strip off the MAC adresses of an ethernet frame */ @@ -95,7 +91,7 @@ int xsend(conn_list_t *cl, vpn_packet_t *inpkt) int outlen, outpad; cp outpkt.len = inpkt->len; - EVP_EncryptInit(cl->cipher_pktctx, cl->cipher_pkttype, cl->cipher_pktkey, cl->cipher_pktiv); + EVP_EncryptInit(cl->cipher_pktctx, cl->cipher_pkttype, cl->cipher_pktkey, NULL); EVP_EncryptUpdate(cl->cipher_pktctx, outpkt.data, &outlen, inpkt->data, inpkt->len); EVP_EncryptFinal(cl->cipher_pktctx, outpkt.data + outlen, &outpad); outlen += outpad; @@ -128,7 +124,7 @@ cp inpkt->len); outpkt.len = inpkt->len; - EVP_DecryptInit(myself->cipher_pktctx, myself->cipher_pkttype, myself->cipher_pktkey, myself->cipher_pktiv); + EVP_DecryptInit(myself->cipher_pktctx, myself->cipher_pkttype, myself->cipher_pktkey, NULL); EVP_DecryptUpdate(myself->cipher_pktctx, outpkt.data, &outlen, inpkt->data, inpkt->len); /* FIXME: grok DecryptFinal EVP_DecryptFinal(myself->cipher_pktctx, outpkt.data + outlen, &outpad); @@ -289,9 +285,6 @@ cp /* FIXME - check for indirection and reprogram it The Right Way(tm) this time. */ - if(my_key_expiry <= time(NULL)) - regenerate_keys(); - if(!cl->status.dataopen) if(setup_vpn_connection(cl) < 0) { @@ -538,7 +531,7 @@ cp { syslog(LOG_ERR, _("Could not set up a meta connection to %s"), ncn->hostname); - free_conn_element(ncn); + free_conn_list(ncn); return -1; } @@ -559,7 +552,7 @@ int setup_myself(void) cp myself = new_conn_list(); - myself->hostname = "MYSELF"; /* FIXME? */ + asprintf(&myself->hostname, "MYSELF"); /* FIXME? Do hostlookup on ourselves? */ myself->flags = 0; if(!(cfg = get_config_val(config, tincname))) /* Not acceptable */ @@ -569,17 +562,29 @@ cp } else myself->name = (char*)cfg->data.val; + + if(check_id(myself->name)) + { + syslog(LOG_ERR, _("Invalid name for myself!")); + return -1; + } + + if(read_host_config(myself)) + { + syslog(LOG_ERR, _("Cannot open host configuration file for myself!")); + return -1; + } - if(!(cfg = get_config_val(myself, port))) + if(!(cfg = get_config_val(myself->config, port))) myself->port = 655; else myself->port = cfg->data.val; - if((cfg = get_config_val(config, indirectdata))) + if((cfg = get_config_val(myself->config, indirectdata))) if(cfg->data.val == stupid_true) myself->flags |= EXPORTINDIRECTDATA; - if((cfg = get_config_val(config, tcponly))) + if((cfg = get_config_val(myself->config, tcponly))) if(cfg->data.val == stupid_true) myself->flags |= TCPONLY; @@ -780,9 +785,9 @@ cp syslog(LOG_NOTICE, _("Connection from %s port %d"), p->hostname, htons(ci.sin_port)); - if(send_basic_info(p) < 0) + if(send_id(p) < 0) { - free_conn_element(p); + free_conn_list(p); return NULL; } cp @@ -860,12 +865,6 @@ cp if(debug_lvl > 0) syslog(LOG_NOTICE, _("Closing connection with %s (%s)"), cl->name, cl->hostname); - - if(cl->status.timeout) - send_timeout(cl); -/* else if(!cl->status.termreq) - send_termreq(cl); - */ if(cl->socket) close(cl->socket); @@ -875,8 +874,11 @@ cp cl->status.remove = 1; /* If this cl isn't active, don't send any DEL_HOSTs. */ + +/* FIXME: reprogram this. if(cl->status.active) notify_others(cl,NULL,send_del_host); +*/ cp /* Find all connections that were lost because they were behind cl @@ -887,7 +889,9 @@ cp if((p->nexthop == cl) && (p != cl)) { if(cl->status.active && p->status.active) +/* FIXME: reprogram this notify_others(p,cl,send_del_host); +*/; if(cl->socket) close(cl->socket); p->status.active = 0; @@ -1106,6 +1110,7 @@ cp if(sighup) { sighup = 0; +/* FIXME: reprogram this. if(debug_lvl > 1) syslog(LOG_INFO, _("Rereading configuration file")); close_network_connections(); @@ -1117,6 +1122,7 @@ cp } sleep(5); setup_network_connections(); +*/ continue; } diff --git a/src/net.h b/src/net.h index e2b6d063..2547b1ea 100644 --- a/src/net.h +++ b/src/net.h @@ -16,7 +16,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.h,v 1.9.4.15 2000/10/11 22:01:00 guus Exp $ + $Id: net.h,v 1.9.4.16 2000/10/14 17:04:15 guus Exp $ */ #ifndef __TINC_NET_H__ @@ -25,7 +25,6 @@ #include #include "config.h" -#include "conf.h" #define MAXSIZE 1700 /* should be a bit more than the MTU for the tapdevice */ #define MTU 1600 diff --git a/src/protocol.c b/src/protocol.c index 25ed4d01..42b41ebc 100644 --- a/src/protocol.c +++ b/src/protocol.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol.c,v 1.28.4.38 2000/10/11 22:01:00 guus Exp $ + $Id: protocol.c,v 1.28.4.39 2000/10/14 17:04:15 guus Exp $ */ #include "config.h" @@ -399,9 +399,10 @@ cp /* Exchange information about other tinc daemons */ +/* FIXME: reprogram this. notify_others(cl, NULL, send_add_host); notify_one(cl); - +*/ upstreamindex = 0; cp @@ -653,9 +654,9 @@ cp conn_list_add(conn_list, new); /* Tell the rest about the new host */ - +/* FIXME: reprogram this. notify_others(new, cl, send_add_host); - +*/ cp return 0; } @@ -942,7 +943,7 @@ cp if(!strcmp(to_id, myself->name)) { - send_ans_key(myself, from, myself->datakey->key); + send_ans_key(myself, from, myself->cipher_pktkey); } else { @@ -961,20 +962,20 @@ cp return 0; } -int send_ans_key(conn_list_t *from, conn_list_t *to, char *datakey) +int send_ans_key(conn_list_t *from, conn_list_t *to, char *pktkey) { cp return send_request(to->nexthop, "%d %s %s %s", ANS_KEY, - from->name, to->name, datakey); + from->name, to->name, pktkey); } int ans_key_h(conn_list_t *cl) { - char *from_id, *to_id, *datakey; + char *from_id, *to_id, *pktkey; int keylength; conn_list_t *from, *to; cp - if(sscanf(cl->buffer, "%*d %as %as %as", &from_id, &to_id, &datakey) != 3) + if(sscanf(cl->buffer, "%*d %as %as %as", &from_id, &to_id, &pktkey) != 3) { syslog(LOG_ERR, _("Got bad ANS_KEY from %s (%s)"), cl->name, cl->hostname); @@ -985,7 +986,7 @@ cp { syslog(LOG_ERR, _("Got ANS_KEY from %s (%s) origin %s which does not exist in our connection list"), cl->name, cl->hostname, from_id); - free(from_id); free(to_id); free(datakey); + free(from_id); free(to_id); free(pktkey); return -1; } @@ -995,18 +996,18 @@ cp { /* It is for us, convert it to binary and set the key with it. */ - keylength = strlen(datakey); + keylength = strlen(pktkey); if((keylength%2) || (keylength <= 0)) { syslog(LOG_ERR, _("Got bad ANS_KEY from %s (%s) origin %s: invalid key"), cl->name, cl->hostname, from->name); - free(from_id); free(to_id); free(datakey); + free(from_id); free(to_id); free(pktkey); return -1; } keylength /= 2; - hex2bin(datakey, datakey, keylength); - BF_set_key(cl->datakey, keylength, datakey); + hex2bin(pktkey, pktkey, keylength); + BF_set_key(cl->cipher_pktkey, keylength, pktkey); } else { @@ -1014,13 +1015,13 @@ cp { syslog(LOG_ERR, _("Got ANS_KEY from %s (%s) destination %s which does not exist in our connection list"), cl->name, cl->hostname, to_id); - free(from_id); free(to_id); free(datakey); + free(from_id); free(to_id); free(pktkey); return -1; } - send_ans_key(from, to, datakey); + send_ans_key(from, to, pktkey); } - free(from_id); free(to_id); free(datakey); + free(from_id); free(to_id); free(pktkey); cp return 0; } @@ -1046,3 +1047,15 @@ char (*request_name[]) = { "ADD_SUBNET", "DEL_SUBNET", "KEY_CHANGED", "REQ_KEY", "ANS_KEY", }; + +/* Status strings */ + +char (*status_text[]) = { + "FIXME: status text", +}; + +/* Error strings */ + +char (*error_text[]) = { + "FIXME: error text", +}; diff --git a/src/tincd.c b/src/tincd.c index 333d00fc..b016e12a 100644 --- a/src/tincd.c +++ b/src/tincd.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: tincd.c,v 1.10.4.10 2000/10/11 22:01:02 guus Exp $ + $Id: tincd.c,v 1.10.4.11 2000/10/14 17:04:16 guus Exp $ */ #include "config.h" @@ -63,8 +63,6 @@ static int kill_tincd = 0; /* If zero, don't detach from the terminal. */ static int do_detach = 1; -char *confbase = NULL; /* directory in which all config files are */ -/* char *configfilename = NULL; /* configuration file name, moved to config.c */ char *identname; /* program name for syslog */ char *netname = NULL; /* name of the vpn network */ char *pidfilename; /* pid file location */ @@ -98,7 +96,7 @@ usage(int status) else { printf(_("Usage: %s [option]...\n\n"), program_name); - printf(_(" -c, --config=FILE Read configuration options from FILE.\n" + printf(_(" -c, --config=DIR Read configuration options from DIR.\n" " -D, --no-detach Don't fork and detach.\n" " -d Increase debug level.\n" " -k, --kill Attempt to kill a running tincd and exit.\n" @@ -125,8 +123,8 @@ parse_options(int argc, char **argv, char **envp) case 0: /* long option */ break; case 'c': /* config file */ - configfilename = xmalloc(strlen(optarg)+1); - strcpy(configfilename, optarg); + confbase = xmalloc(strlen(optarg)+1); + strcpy(confbase, optarg); break; case 'D': /* no detach */ do_detach = 0; @@ -293,29 +291,23 @@ int kill_other(void) */ void make_names(void) { - if(!configfilename) - { - if(netname) - { - asprintf(&configfilename, "%s/tinc/%s/tinc.conf", CONFDIR, netname); - } - else - { - asprintf(&configfilename, "%s/tinc/tinc.conf", CONFDIR); - } - } - if(netname) { - asprintf(&pidfilename, "/var/run/tinc.%s.pid", netname); - asprintf(&confbase, "%s/tinc/%s/", CONFDIR, netname); - asprintf(&identname, "tinc.%s", netname); + if(!pidfilename) + asprintf(&pidfilename, "/var/run/tinc.%s.pid", netname); + if(!confbase) + asprintf(&confbase, "%s/tinc/%s", CONFDIR, netname); + if(!identname) + asprintf(&identname, "tinc.%s", netname); } else { - pidfilename = "/var/run/tinc.pid"; - asprintf(&confbase, "%s/tinc/", CONFDIR); - identname = "tinc"; + if(!pidfilename) + pidfilename = "/var/run/tinc.pid"; + if(!confbase) + asprintf(&confbase, "%s/tinc", CONFDIR); + if(!identname) + identname = "tinc"; } } @@ -359,7 +351,7 @@ main(int argc, char **argv, char **envp) if(kill_tincd) exit(kill_other()); - if(read_config_file(&config, configfilename)) + if(read_server_config()) return 1; setup_signals(); @@ -367,9 +359,10 @@ main(int argc, char **argv, char **envp) if(detach()) exit(0); +/* FIXME: wt* is this suppose to do? if(security_init()) return 1; - +*/ for(;;) { setup_network_connections(); @@ -448,7 +441,9 @@ sigusr2_handler(int a) { if(debug_lvl > 1) syslog(LOG_NOTICE, _("Got USR2 signal, forcing new key generation")); +/* FIXME: reprogram this. regenerate_keys(); +*/ } RETSIGTYPE