X-Git-Url: http://git.meshlink.io/?a=blobdiff_plain;f=src%2Fnet_setup.c;h=91c71c3fec08abab373171537857d2879013ab4a;hb=6a6d41f91a838fa3fa2584ba936677771d86a5d0;hp=39e63625231e003e6694a679448f0bcc579bd457;hpb=084ba04f51441098c55d3bd21b11bbe368e7b52e;p=meshlink

diff --git a/src/net_setup.c b/src/net_setup.c
index 39e63625..91c71c3f 100644
--- a/src/net_setup.c
+++ b/src/net_setup.c
@@ -1,9 +1,6 @@
 /*
     net_setup.c -- Setup.
-    Copyright (C) 1998-2005 Ivo Timmermans,
-                  2000-2014 Guus Sliepen <guus@tinc-vpn.org>
-                  2006      Scott Lamb <slamb@slamb.org>
-                  2010      Brandon Black <blblack@gmail.com>
+    Copyright (C) 2014 Guus Sliepen <guus@meshlink.io>
 
     This program is free software; you can redistribute it and/or modify
     it under the terms of the GNU General Public License as published by
@@ -29,13 +26,10 @@
 #include "ecdsa.h"
 #include "graph.h"
 #include "logger.h"
-#include "names.h"
 #include "net.h"
 #include "netutl.h"
-#include "process.h"
 #include "protocol.h"
 #include "route.h"
-#include "rsa.h"
 #include "utils.h"
 #include "xalloc.h"
 
@@ -134,44 +128,6 @@ bool read_ecdsa_public_key(connection_t *c) {
 	return c->ecdsa;
 }
 
-bool read_rsa_public_key(connection_t *c) {
-	if(ecdsa_active(c->ecdsa))
-		return true;
-
-	FILE *fp;
-	char *fname;
-	char *n;
-
-	/* First, check for simple PublicKey statement */
-
-	if(get_config_string(lookup_config(c->config_tree, "PublicKey"), &n)) {
-		c->rsa = rsa_set_hex_public_key(n, "FFFF");
-		free(n);
-		return c->rsa;
-	}
-
-	/* Else, check for PublicKeyFile statement and read it */
-
-	if(!get_config_string(lookup_config(c->config_tree, "PublicKeyFile"), &fname))
-		xasprintf(&fname, "%s" SLASH "hosts" SLASH "%s", confbase, c->name);
-
-	fp = fopen(fname, "r");
-
-	if(!fp) {
-		logger(DEBUG_ALWAYS, LOG_ERR, "Error reading RSA public key file `%s': %s", fname, strerror(errno));
-		free(fname);
-		return false;
-	}
-
-	c->rsa = rsa_read_pem_public_key(fp);
-	fclose(fp);
-
-	if(!c->rsa)
-		logger(DEBUG_ALWAYS, LOG_ERR, "Reading RSA public key file `%s' failed: %s", fname, strerror(errno));
-	free(fname);
-	return c->rsa;
-}
-
 static bool read_ecdsa_private_key(void) {
 	FILE *fp;
 	char *fname;
@@ -186,7 +142,7 @@ static bool read_ecdsa_private_key(void) {
 	if(!fp) {
 		logger(DEBUG_ALWAYS, LOG_ERR, "Error reading ECDSA private key file `%s': %s", fname, strerror(errno));
 		if(errno == ENOENT)
-			logger(DEBUG_ALWAYS, LOG_INFO, "Create an ECDSA keypair with `tinc -n %s generate-ecdsa-keys'.", netname ?: ".");
+			logger(DEBUG_ALWAYS, LOG_INFO, "Create an ECDSA keypair with `tinc generate-ecdsa-keys'.");
 		free(fname);
 		return false;
 	}
@@ -237,61 +193,6 @@ static bool read_invitation_key(void) {
 	return invitation_key;
 }
 
-static bool read_rsa_private_key(void) {
-	FILE *fp;
-	char *fname;
-	char *n, *d;
-
-	/* First, check for simple PrivateKey statement */
-
-	if(get_config_string(lookup_config(config_tree, "PrivateKey"), &d)) {
-		if(!get_config_string(lookup_config(config_tree, "PublicKey"), &n)) {
-			logger(DEBUG_ALWAYS, LOG_ERR, "PrivateKey used but no PublicKey found!");
-			free(d);
-			return false;
-		}
-		myself->connection->rsa = rsa_set_hex_private_key(n, "FFFF", d);
-		free(n);
-		free(d);
-		return myself->connection->rsa;
-	}
-
-	/* Else, check for PrivateKeyFile statement and read it */
-
-	if(!get_config_string(lookup_config(config_tree, "PrivateKeyFile"), &fname))
-		xasprintf(&fname, "%s" SLASH "rsa_key.priv", confbase);
-
-	fp = fopen(fname, "r");
-
-	if(!fp) {
-		logger(DEBUG_ALWAYS, LOG_ERR, "Error reading RSA private key file `%s': %s",
-			   fname, strerror(errno));
-		free(fname);
-		return false;
-	}
-
-#if !defined(HAVE_MINGW) && !defined(HAVE_CYGWIN)
-	struct stat s;
-
-	if(fstat(fileno(fp), &s)) {
-		logger(DEBUG_ALWAYS, LOG_ERR, "Could not stat RSA private key file `%s': %s'", fname, strerror(errno));
-		free(fname);
-		return false;
-	}
-
-	if(s.st_mode & ~0100700)
-		logger(DEBUG_ALWAYS, LOG_WARNING, "Warning: insecure file permissions for RSA private key file `%s'!", fname);
-#endif
-
-	myself->connection->rsa = rsa_read_pem_private_key(fp);
-	fclose(fp);
-
-	if(!myself->connection->rsa)
-		logger(DEBUG_ALWAYS, LOG_ERR, "Reading RSA private key file `%s' failed: %s", fname, strerror(errno));
-	free(fname);
-	return myself->connection->rsa;
-}
-
 static timeout_t keyexpire_timeout;
 
 static void keyexpire_handler(void *data) {
@@ -676,16 +577,7 @@ bool setup_myself(void) {
 
 	myself->options |= PROT_MINOR << 24;
 
-	if(!get_config_bool(lookup_config(config_tree, "ExperimentalProtocol"), &experimental)) {
-		experimental = read_ecdsa_private_key();
-		if(!experimental)
-			logger(DEBUG_ALWAYS, LOG_WARNING, "Support for SPTPS disabled.");
-	} else {
-		if(experimental && !read_ecdsa_private_key())
-			return false;
-	}
-
-	if(!read_rsa_private_key())
+	if(!read_ecdsa_private_key())
 		return false;
 
 	/* Ensure myport is numeric */
@@ -705,8 +597,6 @@ bool setup_myself(void) {
 	if(!setup_myself_reloadable())
 		return false;
 
-	get_config_bool(lookup_config(config_tree, "TunnelServer"), &tunnelserver);
-
 	if(get_config_int(lookup_config(config_tree, "MaxConnectionBurst"), &max_connection_burst)) {
 		if(max_connection_burst <= 0) {
 			logger(DEBUG_ALWAYS, LOG_ERR, "MaxConnectionBurst cannot be negative!");
@@ -714,20 +604,6 @@ bool setup_myself(void) {
 		}
 	}
 
-	if(get_config_int(lookup_config(config_tree, "UDPRcvBuf"), &udp_rcvbuf)) {
-		if(udp_rcvbuf <= 0) {
-			logger(DEBUG_ALWAYS, LOG_ERR, "UDPRcvBuf cannot be negative!");
-			return false;
-		}
-	}
-
-	if(get_config_int(lookup_config(config_tree, "UDPSndBuf"), &udp_sndbuf)) {
-		if(udp_sndbuf <= 0) {
-			logger(DEBUG_ALWAYS, LOG_ERR, "UDPSndBuf cannot be negative!");
-			return false;
-		}
-	}
-
 	int replaywin_int;
 	if(get_config_int(lookup_config(config_tree, "ReplayWindow"), &replaywin_int)) {
 		if(replaywin_int < 0) {
@@ -738,44 +614,8 @@ bool setup_myself(void) {
 		sptps_replaywin = replaywin;
 	}
 
-	/* Generate packet encryption key */
-
-	if(!get_config_string(lookup_config(config_tree, "Cipher"), &cipher))
-		cipher = xstrdup("blowfish");
-
-	if(!strcasecmp(cipher, "none")) {
-		myself->incipher = NULL;
-	} else if(!(myself->incipher = cipher_open_by_name(cipher))) {
-		logger(DEBUG_ALWAYS, LOG_ERR, "Unrecognized cipher type!");
-		return false;
-	}
-
-	free(cipher);
-
 	timeout_add(&keyexpire_timeout, keyexpire_handler, &keyexpire_timeout, &(struct timeval){keylifetime, rand() % 100000});
 
-	/* Check if we want to use message authentication codes... */
-
-	int maclength = 4;
-	get_config_int(lookup_config(config_tree, "MACLength"), &maclength);
-
-	if(maclength < 0) {
-		logger(DEBUG_ALWAYS, LOG_ERR, "Bogus MAC length!");
-		return false;
-	}
-
-	if(!get_config_string(lookup_config(config_tree, "Digest"), &digest))
-		digest = xstrdup("sha1");
-
-	if(!strcasecmp(digest, "none")) {
-		myself->indigest = NULL;
-	} else if(!(myself->indigest = digest_open_by_name(digest, maclength))) {
-		logger(DEBUG_ALWAYS, LOG_ERR, "Unrecognized digest type!");
-		return false;
-	}
-
-	free(digest);
-
 	/* Compression */
 
 	if(get_config_int(lookup_config(config_tree, "Compression"), &myself->incompression)) {
@@ -794,7 +634,6 @@ bool setup_myself(void) {
 	myself->via = myself;
 	myself->status.reachable = true;
 	myself->last_state_change = now.tv_sec;
-	myself->status.sptps = experimental;
 	node_add(myself);
 
 	graph();
@@ -804,69 +643,27 @@ bool setup_myself(void) {
 
 	/* Open sockets */
 
-	if(!do_detach && getenv("LISTEN_FDS")) {
-		sockaddr_t sa;
-		socklen_t salen;
-
-		listen_sockets = atoi(getenv("LISTEN_FDS"));
-#ifdef HAVE_UNSETENV
-		unsetenv("LISTEN_FDS");
-#endif
+	listen_sockets = 0;
+	int cfgs = 0;
 
-		if(listen_sockets > MAXSOCKETS) {
-			logger(DEBUG_ALWAYS, LOG_ERR, "Too many listening sockets");
+	for(config_t *cfg = lookup_config(config_tree, "BindToAddress"); cfg; cfg = lookup_config_next(config_tree, cfg)) {
+		cfgs++;
+		get_config_string(cfg, &address);
+		if(!add_listen_address(address, true))
 			return false;
-		}
-
-		for(int i = 0; i < listen_sockets; i++) {
-			salen = sizeof sa;
-			if(getsockname(i + 3, &sa.sa, &salen) < 0) {
-				logger(DEBUG_ALWAYS, LOG_ERR, "Could not get address of listen fd %d: %s", i + 3, sockstrerror(errno));
-				return false;
-			}
-
-#ifdef FD_CLOEXEC
-			fcntl(i + 3, F_SETFD, FD_CLOEXEC);
-#endif
-
-			int udp_fd = setup_vpn_in_socket(&sa);
-			if(udp_fd < 0)
-				return false;
-
-			io_add(&listen_socket[i].tcp, (io_cb_t)handle_new_meta_connection, &listen_socket[i], i + 3, IO_READ);
-			io_add(&listen_socket[i].udp, (io_cb_t)handle_incoming_vpn_data, &listen_socket[i], udp_fd, IO_READ);
-
-			if(debug_level >= DEBUG_CONNECTIONS) {
-				hostname = sockaddr2hostname(&sa);
-				logger(DEBUG_CONNECTIONS, LOG_NOTICE, "Listening on %s", hostname);
-				free(hostname);
-			}
-
-			memcpy(&listen_socket[i].sa, &sa, salen);
-		}
-	} else {
-		listen_sockets = 0;
-		int cfgs = 0;
-
-		for(config_t *cfg = lookup_config(config_tree, "BindToAddress"); cfg; cfg = lookup_config_next(config_tree, cfg)) {
-			cfgs++;
-			get_config_string(cfg, &address);
-			if(!add_listen_address(address, true))
-				return false;
-		}
-
-		for(config_t *cfg = lookup_config(config_tree, "ListenAddress"); cfg; cfg = lookup_config_next(config_tree, cfg)) {
-			cfgs++;
-			get_config_string(cfg, &address);
-			if(!add_listen_address(address, false))
-				return false;
-		}
+	}
 
-		if(!cfgs)
-			if(!add_listen_address(address, NULL))
-				return false;
+	for(config_t *cfg = lookup_config(config_tree, "ListenAddress"); cfg; cfg = lookup_config_next(config_tree, cfg)) {
+		cfgs++;
+		get_config_string(cfg, &address);
+		if(!add_listen_address(address, false))
+			return false;
 	}
 
+	if(!cfgs)
+		if(!add_listen_address(address, NULL))
+			return false;
+
 	if(!listen_sockets) {
 		logger(DEBUG_ALWAYS, LOG_ERR, "Unable to create any listening socket!");
 		return false;