From 3ff76eb10acc55b6f269c1075de6bbaa5bc83516 Mon Sep 17 00:00:00 2001 From: Ivo Timmermans Date: Tue, 28 Nov 2000 23:12:57 +0000 Subject: [PATCH] Save RSA public and private keys to a separate file, instead of wanting to copy them into a configuration file. --- m4/openssl.m4 | 4 ++-- src/conf.c | 50 +++++++++++++++++++++++++++++++++++++++++++++++--- src/tincd.c | 28 +++++++++++++++++++++------- 3 files changed, 70 insertions(+), 12 deletions(-) diff --git a/m4/openssl.m4 b/m4/openssl.m4 index 782e7e1..2d24258 100644 --- a/m4/openssl.m4 +++ b/m4/openssl.m4 @@ -41,12 +41,12 @@ if test "$tinc_cv_openssl_include" != "none given" ; then fi osi=found -AC_CHECK_HEADERS(evp.h rsa.h rand.h err.h sha.h, +AC_CHECK_HEADERS(evp.h rsa.h rand.h err.h sha.h pem.h, [], [osi=none; break]) if test "$osi" = "none" ; then osi=found - AC_CHECK_HEADERS(openssl/evp.h openssl/rsa.h openssl/rand.h openssl/err.h openssl/sha.h, + AC_CHECK_HEADERS(openssl/evp.h openssl/rsa.h openssl/rand.h openssl/err.h openssl/sha.h openssl/pem.h, [], [osi=none; break]) fi diff --git a/src/conf.c b/src/conf.c index 56d1a8a..37bfe94 100644 --- a/src/conf.c +++ b/src/conf.c @@ -1,6 +1,6 @@ /* conf.c -- configuration code - Copyright (C) 1998 Emphyrio, + Copyright (C) 1998 Robert van der Meulen Copyright (C) 1998,1999,2000 Ivo Timmermans 2000 Guus Sliepen 2000 Cris van Pelt @@ -19,7 +19,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: conf.c,v 1.9.4.22 2000/11/20 19:12:11 guus Exp $ + $Id: conf.c,v 1.9.4.23 2000/11/28 23:12:56 zarq Exp $ */ #include "config.h" @@ -33,10 +33,10 @@ #include #include +#include /* for cp */ #include "conf.h" #include "netutl.h" /* for strtoip */ -#include /* for cp */ #include "config.h" #include "system.h" @@ -255,3 +255,47 @@ cp *base = NULL; cp } + +#define is_safe_file(p) 1 + +FILE *ask_and_safe_open(const char* filename) +{ + FILE *r; + char *directory; + char *fn; + int len; + + if(!isatty(0)) + { + /* Argh, they are running us from a script or something. Write + the files to the current directory and let them burn in hell + for ever. */ + directory = "."; /* get_current_directory */ + } + else + { + directory = "."; + } + + len = strlen(filename) + strlen(directory) + 2; /* 1 for the / */ + fn = xmalloc(len); + snprintf(fn, len, "%s/%s", directory, filename); + + if(!is_safe_file(fn)) + { + fprintf(stderr, _("The file `%s' (or any of the leading directories) has unsafe permissions.\n" + "I will not create or overwrite this file.\n"), + fn); + return NULL; + } + + if((r = fopen(fn, "w")) == NULL) + { + fprintf(stderr, _("Error opening file `%s': %m"), + fn); + } + + free(fn); + + return r; +} diff --git a/src/tincd.c b/src/tincd.c index f98afe4..7a65aad 100644 --- a/src/tincd.c +++ b/src/tincd.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: tincd.c,v 1.10.4.35 2000/11/24 23:13:07 guus Exp $ + $Id: tincd.c,v 1.10.4.36 2000/11/28 23:12:57 zarq Exp $ */ #include "config.h" @@ -56,6 +56,12 @@ # include #endif +#ifdef HAVE_OPENSSL_PEM_H +# include +#else +# include +#endif + #include @@ -211,11 +217,14 @@ void indicator(int a, int b, void *p) } } -/* Generate a public/private RSA keypair, and possibly store it into the configuration file. */ - +/* + Generate a public/private RSA keypair, and ask for a file to store + them in. +*/ int keygen(int bits) { RSA *rsa_key; + FILE *f; fprintf(stderr, _("Generating %d bits keys:\n"), bits); rsa_key = RSA_generate_key(bits, 0xFFFF, indicator, NULL); @@ -227,11 +236,16 @@ int keygen(int bits) else fprintf(stderr, _("Done.\n")); - fprintf(stderr, _("Please copy the private key to tinc.conf and the\npublic key to your host configuration file:\n\n")); - printf("PublicKey = %s\n", BN_bn2hex(rsa_key->n)); - printf("PrivateKey = %s\n", BN_bn2hex(rsa_key->d)); + if((f = ask_and_safe_open("rsa_key.pub")) == NULL) + return -1; + PEM_write_RSAPublicKey(f, rsa_key); + fclose(f); - fflush(stdin); + if((f = ask_and_safe_open("rsa_key.priv")) == NULL) + return -1; + PEM_write_RSAPrivateKey(f, rsa_key, NULL, NULL, 0, NULL, NULL); + fclose(f); + return 0; } -- 2.25.1