X-Git-Url: https://git.librecmc.org/?p=oweals%2Ftinc.git;a=blobdiff_plain;f=src%2Fnet_setup.c;h=aa2fbfbe9264b921b56553aca7fc150846c751e4;hp=c7c1250508fe8e1105bd8baadbaf8eaf74fab71c;hb=a92c471a2bc0773a7473ef0361d1a51fafee50d4;hpb=9bde92ce97d5503ff2d31dcc6f0648902580ec14 diff --git a/src/net_setup.c b/src/net_setup.c index c7c1250..aa2fbfb 100644 --- a/src/net_setup.c +++ b/src/net_setup.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net_setup.c,v 1.1.2.42 2003/08/08 22:11:54 guus Exp $ + $Id: net_setup.c,v 1.1.2.50 2003/12/20 21:25:17 guus Exp $ */ #include "system.h" @@ -25,6 +25,8 @@ #include #include #include +#include +#include #include "avl_tree.h" #include "conf.h" @@ -148,17 +150,23 @@ bool read_rsa_public_key(connection_t *c) bool read_rsa_private_key(void) { FILE *fp; - char *fname, *key; + char *fname, *key, *pubkey; struct stat s; cp(); if(get_config_string(lookup_config(config_tree, "PrivateKey"), &key)) { + if(!get_config_string(lookup_config(myself->connection->config_tree, "PublicKey"), &pubkey)) { + logger(LOG_ERR, _("PrivateKey used but no PublicKey found!")); + return false; + } myself->connection->rsa_key = RSA_new(); // RSA_blinding_on(myself->connection->rsa_key, NULL); BN_hex2bn(&myself->connection->rsa_key->d, key); + BN_hex2bn(&myself->connection->rsa_key->n, pubkey); BN_hex2bn(&myself->connection->rsa_key->e, "FFFF"); free(key); + free(pubkey); return true; } @@ -182,7 +190,7 @@ bool read_rsa_private_key(void) return false; } - if(s.st_mode & ~0700) + if(s.st_mode & ~0100700) logger(LOG_WARNING, _("Warning: insecure file permissions for RSA private key file `%s'!"), fname); #endif @@ -240,19 +248,15 @@ bool setup_myself(void) myself->name = name; myself->connection->name = xstrdup(name); - if(!read_rsa_private_key()) - return false; - if(!read_connection_config(myself->connection)) { logger(LOG_ERR, _("Cannot open host configuration file for myself!")); return false; } - if(!read_rsa_public_key(myself->connection)) + if(!read_rsa_private_key()) return false; - if(!get_config_string - (lookup_config(myself->connection->config_tree, "Port"), &myport)) + if(!get_config_string(lookup_config(myself->connection->config_tree, "Port"), &myport)) asprintf(&myport, "655"); /* Read in all the subnets specified in the host configuration file */ @@ -270,25 +274,26 @@ bool setup_myself(void) /* Check some options */ - if(get_config_bool(lookup_config(config_tree, "IndirectData"), &choice)) - if(choice) - myself->options |= OPTION_INDIRECT; + if(get_config_bool(lookup_config(config_tree, "IndirectData"), &choice) && choice) + myself->options |= OPTION_INDIRECT; - if(get_config_bool(lookup_config(config_tree, "TCPOnly"), &choice)) - if(choice) - myself->options |= OPTION_TCPONLY; + if(get_config_bool(lookup_config(config_tree, "TCPOnly"), &choice) && choice) + myself->options |= OPTION_TCPONLY; - if(get_config_bool(lookup_config(myself->connection->config_tree, "IndirectData"), &choice)) - if(choice) - myself->options |= OPTION_INDIRECT; + if(get_config_bool(lookup_config(myself->connection->config_tree, "IndirectData"), &choice) && choice) + myself->options |= OPTION_INDIRECT; + + if(get_config_bool(lookup_config(myself->connection->config_tree, "TCPOnly"), &choice) && choice) + myself->options |= OPTION_TCPONLY; - if(get_config_bool(lookup_config(myself->connection->config_tree, "TCPOnly"), &choice)) - if(choice) - myself->options |= OPTION_TCPONLY; + if(get_config_bool(lookup_config(myself->connection->config_tree, "PMTUDiscovery"), &choice) && choice) + myself->options |= OPTION_PMTU_DISCOVERY; if(myself->options & OPTION_TCPONLY) myself->options |= OPTION_INDIRECT; + get_config_bool(lookup_config(config_tree, "TunnelServer"), &tunnelserver); + if(get_config_string(lookup_config(config_tree, "Mode"), &mode)) { if(!strcasecmp(mode, "router")) routing_mode = RMODE_ROUTER; @@ -314,7 +319,7 @@ bool setup_myself(void) if(!get_config_int(lookup_config(config_tree, "MACExpire"), &macexpire)) macexpire = 600; - if(get_config_int(lookup_config(myself->connection->config_tree, "MaxTimeout"), &maxtimeout)) { + if(get_config_int(lookup_config(config_tree, "MaxTimeout"), &maxtimeout)) { if(maxtimeout <= 0) { logger(LOG_ERR, _("Bogus maximum timeout!")); return false; @@ -362,7 +367,7 @@ bool setup_myself(void) myself->connection->outcipher = EVP_bf_ofb(); - myself->key = (char *) xmalloc(myself->keylength); + myself->key = xmalloc(myself->keylength); RAND_pseudo_bytes(myself->key, myself->keylength); if(!get_config_int(lookup_config(config_tree, "KeyExpire"), &keylifetime)) @@ -372,7 +377,12 @@ bool setup_myself(void) if(myself->cipher) { EVP_CIPHER_CTX_init(&packet_ctx); - EVP_DecryptInit_ex(&packet_ctx, myself->cipher, NULL, myself->key, myself->key + myself->cipher->key_len); + if(!EVP_DecryptInit_ex(&packet_ctx, myself->cipher, NULL, myself->key, myself->key + myself->cipher->key_len)) { + logger(LOG_ERR, _("Error during initialisation of cipher for %s (%s): %s"), + myself->name, myself->hostname, ERR_error_string(ERR_get_error(), NULL)); + return false; + } + } /* Check if we want to use message authentication codes... */ @@ -549,7 +559,7 @@ void close_network_connections(void) for(node = connection_tree->head; node; node = next) { next = node->next; - c = (connection_t *) node->data; + c = node->data; if(c->outgoing) free(c->outgoing->name), free(c->outgoing), c->outgoing = NULL;