/* Define to 1 if checkpoint tracing is enabled */
#undef ENABLE_TRACING
-
-/* Define to 1 if scanf and friends understand %as */
-#undef HAVE_SCANF_AS
dnl Process this file with autoconf to produce a configure script.
-dnl $Id: configure.in,v 1.13.2.28 2000/11/29 01:37:50 zarq Exp $
+dnl $Id: configure.in,v 1.13.2.29 2000/12/22 21:34:19 guus Exp $
AC_INIT(src/tincd.c)
AM_INIT_AUTOMAKE(tinc, 1.0pre4-cvs)
dnl These are defined in files in m4/
tinc_TUNTAP
tinc_OPENSSL
-tinc_SCANF_AS
-
dnl Check if checkpoint tracing has to be enabled
AC_ARG_ENABLE(tracing,
+++ /dev/null
-dnl Check for a scanf that understands about %as as format specifier
-
-AC_DEFUN(tinc_SCANF_AS,
-[
- AC_CACHE_CHECK([for a scanf that groks %as], tinc_cv_scanf_as,
- [
- AC_TRY_RUN([
-/* Very naive program which will probably give a segmentation
- fault if the sscanf doesn't work as expected. */
-#include <stdio.h>
-int main() {
- char*s = NULL;
- sscanf("string\n", "%as\n", &s);
- if(s == NULL)
- return 1;
- return strcmp("string", s);
-}
- ], [tinc_cv_scanf_as="yes"], [tinc_cv_scanf_as="no"])
- ])
-
-if test "$tinc_cv_scanf_as" = "yes" ; then
- AC_DEFINE(HAVE_SCANF_AS)
- AC_SUBST(HAVE_SCANF_AS)
-fi
-])
along with this program; if not, write to the Free Software
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
- $Id: conf.c,v 1.9.4.34 2000/12/06 13:33:48 zarq Exp $
+ $Id: conf.c,v 1.9.4.35 2000/12/22 21:34:20 guus Exp $
*/
#include "config.h"
{ "Name", config_name, TYPE_NAME },
{ "PingTimeout", config_pingtimeout, TYPE_INT },
{ "PrivateKey", config_privatekey, TYPE_NAME },
+ { "PrivateKeyFile", config_privatekeyfile, TYPE_NAME },
{ "TapDevice", config_tapdevice, TYPE_NAME },
{ "VpnMask", config_dummy, TYPE_IP },
/* Host configuration file keywords */
{ "IndirectData", config_indirectdata, TYPE_BOOL },
{ "Port", config_port, TYPE_INT },
{ "PublicKey", config_publickey, TYPE_NAME },
+ { "PublicKeyFile", config_publickeyfile, TYPE_NAME },
{ "RestrictAddress", config_restrictaddress, TYPE_BOOL },
{ "RestrictHosts", config_restricthosts, TYPE_BOOL },
{ "RestrictPort", config_restrictport, TYPE_BOOL },
cp
if((fp = fopen (fname, "r")) == NULL)
- return -1;
+ {
+ syslog(LOG_ERR, _("Cannot open config file %s: %m"), fname);
+ return -1;
+ }
bufsize = 100;
buffer = xmalloc(bufsize);
if(((q = strtok(NULL, "\t\n\r =")) == NULL) || q[0] == '#')
{
- fprintf(stderr, _("No value for variable `%s' on line %d while reading config file %s"),
+ syslog(LOG_ERR, _("No value for variable `%s' on line %d while reading config file %s"),
hazahaza[i].name, lineno, fname);
break;
}
cfg = add_config_val(base, hazahaza[i].argtype, q);
if(cfg == NULL)
{
- fprintf(stderr, _("Invalid value for variable `%s' on line %d while reading config file %s"),
+ syslog(LOG_ERR, _("Invalid value for variable `%s' on line %d while reading config file %s"),
hazahaza[i].name, lineno, fname);
break;
}
along with this program; if not, write to the Free Software
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
- $Id: conf.h,v 1.6.4.18 2000/12/06 13:33:49 zarq Exp $
+ $Id: conf.h,v 1.6.4.19 2000/12/22 21:34:20 guus Exp $
*/
#ifndef __TINC_CONF_H__
config_pingtimeout,
config_tapdevice,
config_privatekey,
+ config_privatekeyfile,
config_keyexpire,
config_hostnames,
config_interface,
config_address,
config_port,
config_publickey,
+ config_publickeyfile,
config_subnet,
config_restricthosts,
config_restrictsubnets,
along with this program; if not, write to the Free Software
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
- $Id: net.c,v 1.35.4.87 2000/12/05 08:59:29 zarq Exp $
+ $Id: net.c,v 1.35.4.88 2000/12/22 21:34:20 guus Exp $
*/
#include "config.h"
return 0;
}
-int read_rsa_public_key(RSA **key, const char *file)
+int read_rsa_public_key(connection_t *cl)
{
+ config_t const *cfg;
FILE *fp;
+ void *result;
+cp
+ if(!cl->rsa_key)
+ cl->rsa_key = RSA_new();
- if((fp = fopen(file, "r")) == NULL)
+ if((cfg = get_config_val(cl->config, config_publickey)))
{
- syslog(LOG_ERR, _("Error reading RSA public key file `%s': %m"),
- file);
- return -1;
+ BN_hex2bn(&cl->rsa_key->n, cfg->data.ptr);
+ BN_hex2bn(&cl->rsa_key->e, "FFFF");
}
- if(PEM_read_RSAPublicKey(fp, key, NULL, NULL) == NULL)
+ else if((cfg = get_config_val(cl->config, config_publickeyfile)))
+ {
+ if(is_safe_path(cfg->data.ptr))
+ {
+ if((fp = fopen(cfg->data.ptr, "r")) == NULL)
+ {
+ syslog(LOG_ERR, _("Error reading RSA public key file `%s': %m"),
+ cfg->data.ptr);
+ return -1;
+ }
+ result = PEM_read_RSAPublicKey(fp, &cl->rsa_key, NULL, NULL);
+ fclose(fp);
+ if(!result)
+ {
+ syslog(LOG_ERR, _("Reading RSA public key file `%s' failed: %m"),
+ cfg->data.ptr);
+ return -1;
+ }
+ }
+ else
+ return -1;
+ }
+ else
{
- syslog(LOG_ERR, _("Reading RSA private key file `%s' failed: %m"),
- file);
+ syslog(LOG_ERR, _("No public key for %s specified!"), cl->name);
return -1;
}
-
+cp
return 0;
}
-int read_rsa_private_key(RSA **key, const char *file)
+int read_rsa_private_key(void)
{
+ config_t const *cfg;
FILE *fp;
+ void *result;
+cp
+ if(!myself->rsa_key)
+ myself->rsa_key = RSA_new();
- if((fp = fopen(file, "r")) == NULL)
+ if((cfg = get_config_val(config, config_privatekey)))
{
- syslog(LOG_ERR, _("Error reading RSA private key file `%s': %m"),
- file);
- return -1;
+ BN_hex2bn(&myself->rsa_key->d, cfg->data.ptr);
+ BN_hex2bn(&myself->rsa_key->e, "FFFF");
}
- if(PEM_read_RSAPrivateKey(fp, key, NULL, NULL) == NULL)
+ else if((cfg = get_config_val(config, config_privatekeyfile)))
{
- syslog(LOG_ERR, _("Reading RSA private key file `%s' failed: %m"),
- file);
- return -1;
- }
-
- return 0;
-}
-
-int read_rsa_keys(void)
-{
- config_t const *cfg;
-
- if(!(cfg = get_config_val(config, config_privatekey)))
+ if((fp = fopen(cfg->data.ptr, "r")) == NULL)
+ {
+ syslog(LOG_ERR, _("Error reading RSA private key file `%s': %m"),
+ cfg->data.ptr);
+ return -1;
+ }
+ result = PEM_read_RSAPrivateKey(fp, &myself->rsa_key, NULL, NULL);
+ fclose(fp);
+ if(!result)
+ {
+ syslog(LOG_ERR, _("Reading RSA private key file `%s' failed: %m"),
+ cfg->data.ptr);
+ return -1;
+ }
+ }
+ else
{
- syslog(LOG_ERR, _("Private key for tinc daemon required!"));
+ syslog(LOG_ERR, _("No private key for tinc daemon specified!"));
return -1;
}
-
- myself->rsa_key = RSA_new();
-
- return read_rsa_private_key(&(myself->rsa_key), cfg->data.ptr);
+cp
+ return 0;
}
/*
return -1;
}
cp
- if(read_rsa_keys())
+ if(read_rsa_private_key())
return -1;
if(read_host_config(myself))
syslog(LOG_ERR, _("Cannot open host configuration file for myself!"));
return -1;
}
+
+ if(read_rsa_public_key(myself))
+ return -1;
cp
/*
if(!cl)
{
- syslog(LOG_WARNING, _("Received UDP packets on port %d from unknown source %lx:%d"), ntohl(from.sin_addr.s_addr), ntohs(from.sin_port));
+ syslog(LOG_WARNING, _("Received UDP packets on port %d from unknown source %lx:%d"), myself->port, ntohl(from.sin_addr.s_addr), ntohs(from.sin_port));
return 0;
}
along with this program; if not, write to the Free Software
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
- $Id: net.h,v 1.9.4.23 2000/11/30 23:18:21 zarq Exp $
+ $Id: net.h,v 1.9.4.24 2000/12/22 21:34:23 guus Exp $
*/
#ifndef __TINC_NET_H__
# include <rsa.h>
#endif
-extern int read_rsa_public_key(RSA **, const char *);
+extern int read_rsa_public_key(connection_t *);
#endif /* __TINC_NET_H__ */
along with this program; if not, write to the Free Software
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
- $Id: protocol.c,v 1.28.4.69 2000/12/05 08:59:30 zarq Exp $
+ $Id: protocol.c,v 1.28.4.70 2000/12/22 21:34:24 guus Exp $
*/
#include "config.h"
/* Read in the public key, so that we can send a challenge */
- if((cfg = get_config_val(cl->config, config_publickey)))
- {
- cl->rsa_key = RSA_new();
- if(read_rsa_public_key(&(cl->rsa_key), cfg->data.ptr) < 0)
- return -1;
- }
- else
- {
- syslog(LOG_ERR, _("No public key known for %s (%s)"), cl->name, cl->hostname);
- return -1;
- }
+ if(read_rsa_public_key(cl))
+ return -1;
+
cp
return send_challenge(cl);
}
}
/* Encrypt the random data */
-
+
if(RSA_public_encrypt(len, cl->hischallenge, buffer, cl->rsa_key, RSA_NO_PADDING) != len) /* NO_PADDING because the message size equals the RSA key size and it is totally random */
{
syslog(LOG_ERR, _("Error during encryption of challenge for %s (%s)"), cl->name, cl->hostname);
projects / meshlink / commitdiff