void free_connection(connection_t *c) { if(!c) return; cipher_close(c->incipher); digest_close(c->indigest); cipher_close(c->outcipher); digest_close(c->outdigest); sptps_stop(&c->sptps); ecdsa_free(c->ecdsa); rsa_free(c->rsa); free(c->hischallenge); buffer_clear(&c->inbuf); buffer_clear(&c->outbuf); io_del(&c->io); if(c->socket > 0) closesocket(c->socket); free(c->name); free(c->hostname); if(c->config_tree) exit_configuration(&c->config_tree); free(c); }
bool node_write_devclass(meshlink_handle_t *mesh, node_t *n) { if(n->devclass < 0 || n->devclass > _DEV_CLASS_MAX) return false; bool result = false; splay_tree_t *config_tree; init_configuration(&config_tree); // ignore read errors; in case the file does not exist we will create it read_host_config(mesh, config_tree, n->name); config_t* cnf = lookup_config(config_tree, "DeviceClass"); if(!cnf) { cnf = new_config(); cnf->variable = xstrdup("DeviceClass"); config_add(config_tree, cnf); } set_config_int(cnf, n->devclass); if(!write_host_config(mesh, config_tree, n->name)) goto fail; result = true; fail: exit_configuration(&config_tree); return result; }
/* Read Subnets from all host config files */ void load_all_subnets(void) { DIR *dir; struct dirent *ent; char *dname; char *fname; avl_tree_t *config_tree; config_t *cfg; subnet_t *s, *s2; node_t *n; bool result; xasprintf(&dname, "%s/hosts", confbase); dir = opendir(dname); if(!dir) { logger(LOG_ERR, "Could not open %s: %s", dname, strerror(errno)); free(dname); return; } while((ent = readdir(dir))) { if(!check_id(ent->d_name)) continue; n = lookup_node(ent->d_name); #ifdef _DIRENT_HAVE_D_TYPE //if(ent->d_type != DT_REG) // continue; #endif xasprintf(&fname, "%s/hosts/%s", confbase, ent->d_name); init_configuration(&config_tree); result = read_config_file(config_tree, fname); free(fname); if(!result) continue; if(!n) { n = new_node(); n->name = xstrdup(ent->d_name); node_add(n); } for(cfg = lookup_config(config_tree, "Subnet"); cfg; cfg = lookup_config_next(config_tree, cfg)) { if(!get_config_subnet(cfg, &s)) continue; if((s2 = lookup_subnet(n, s))) { s2->expires = -1; } else { subnet_add(n, s); } } exit_configuration(&config_tree); } closedir(dir); }
/* Answering these questions right is tricky... */ static bool getconf_bool_node_offline(const char *nodename, char *optname) { char *fname; avl_tree_t *t; bool x; init_configuration(&t); xasprintf(&fname, "%s/hosts/%s", confbase, nodename); read_config_options(t, nodename); x = read_config_file(t, fname); if (!x) goto _end; if (!get_config_bool(lookup_config(t, optname), &x)) x = false; _end: exit_configuration(&t); free(fname); return x; }
bool node_read_ecdsa_public_key(meshlink_handle_t *mesh, node_t *n) { if(ecdsa_active(n->ecdsa)) return true; splay_tree_t *config_tree; char *p; init_configuration(&config_tree); if(!read_host_config(mesh, config_tree, n->name)) goto exit; /* First, check for simple ECDSAPublicKey statement */ if(get_config_string(lookup_config(config_tree, "ECDSAPublicKey"), &p)) { n->ecdsa = ecdsa_set_base64_public_key(p); free(p); } exit: exit_configuration(&config_tree); return n->ecdsa; }
bool node_read_devclass(meshlink_handle_t *mesh, node_t *n) { splay_tree_t *config_tree; char *p; init_configuration(&config_tree); if(!read_host_config(mesh, config_tree, n->name)) goto exit; if(get_config_string(lookup_config(config_tree, "DeviceClass"), &p)) { n->devclass = atoi(p); free(p); } if(n->devclass < 0 || n->devclass > _DEV_CLASS_MAX) { n->devclass = _DEV_CLASS_MAX; } exit: exit_configuration(&config_tree); return n->devclass != 0; }
void free_connection(connection_t *c) { if(!c) return; sptps_stop(&c->sptps); ecdsa_free(c->ecdsa); buffer_clear(&c->inbuf); buffer_clear(&c->outbuf); if(c->io.cb) abort(); if(c->socket > 0) closesocket(c->socket); free(c->name); free(c->hostname); if(c->config_tree) exit_configuration(&c->config_tree); free(c); }
int main2(int argc, char **argv) { InitializeCriticalSection(&mutex); EnterCriticalSection(&mutex); #endif if(!detach()) return 1; #ifdef HAVE_MLOCKALL /* Lock all pages into memory if requested. * This has to be done after daemon()/fork() so it works for child. * No need to do that in parent as it's very short-lived. */ if(do_mlock && mlockall(MCL_CURRENT | MCL_FUTURE) != 0) { logger(LOG_ERR, "System call `%s' failed: %s", "mlockall", strerror(errno)); return 1; } #endif /* Setup sockets and open device. */ if(!setup_network()) goto end; /* Initiate all outgoing connections. */ try_outgoing_connections(); /* Change process priority */ char *priority = 0; if(get_config_string(lookup_config(config_tree, "ProcessPriority"), &priority)) { if(!strcasecmp(priority, "Normal")) { if (setpriority(NORMAL_PRIORITY_CLASS) != 0) { logger(LOG_ERR, "System call `%s' failed: %s", "setpriority", strerror(errno)); goto end; } } else if(!strcasecmp(priority, "Low")) { if (setpriority(BELOW_NORMAL_PRIORITY_CLASS) != 0) { logger(LOG_ERR, "System call `%s' failed: %s", "setpriority", strerror(errno)); goto end; } } else if(!strcasecmp(priority, "High")) { if (setpriority(HIGH_PRIORITY_CLASS) != 0) { logger(LOG_ERR, "System call `%s' failed: %s", "setpriority", strerror(errno)); goto end; } } else { logger(LOG_ERR, "Invalid priority `%s`!", priority); goto end; } } /* drop privileges */ if (!drop_privs()) goto end; /* Start main loop. It only exits when tinc is killed. */ status = main_loop(); /* Shutdown properly. */ ifdebug(CONNECTIONS) dump_device_stats(); close_network_connections(); end: logger(LOG_NOTICE, "Terminating"); #ifndef HAVE_MINGW remove_pid(pidfilename); #endif EVP_cleanup(); ENGINE_cleanup(); CRYPTO_cleanup_all_ex_data(); ERR_remove_state(0); ERR_free_strings(); exit_configuration(&config_tree); free_names(); return status; }
/* this is where it all happens... */ int main_loop(void) { fd_set readset, writeset; #ifdef HAVE_PSELECT struct timespec tv; sigset_t omask, block_mask; time_t next_event; #else struct timeval tv; #endif int r, maxfd; time_t last_ping_check, last_config_check, last_graph_dump; event_t *event; last_ping_check = now; last_config_check = now; last_graph_dump = now; srand(now); #ifdef HAVE_PSELECT if(lookup_config(config_tree, "GraphDumpFile")) graph_dump = true; /* Block SIGHUP & SIGALRM */ sigemptyset(&block_mask); sigaddset(&block_mask, SIGHUP); sigaddset(&block_mask, SIGALRM); sigprocmask(SIG_BLOCK, &block_mask, &omask); #endif running = true; while(running) { #ifdef HAVE_PSELECT next_event = last_ping_check + pingtimeout; if(graph_dump && next_event > last_graph_dump + 60) next_event = last_graph_dump + 60; if((event = peek_next_event()) && next_event > event->time) next_event = event->time; if(next_event <= now) tv.tv_sec = 0; else tv.tv_sec = next_event - now; tv.tv_nsec = 0; #else tv.tv_sec = 1; tv.tv_usec = 0; #endif maxfd = build_fdset(&readset, &writeset); #ifdef HAVE_MINGW LeaveCriticalSection(&mutex); #endif #ifdef HAVE_PSELECT r = pselect(maxfd + 1, &readset, &writeset, NULL, &tv, &omask); #else r = select(maxfd + 1, &readset, &writeset, NULL, &tv); #endif now = time(NULL); #ifdef HAVE_MINGW EnterCriticalSection(&mutex); #endif if(r < 0) { if(!sockwouldblock(sockerrno)) { logger(LOG_ERR, "Error while waiting for input: %s", sockstrerror(sockerrno)); dump_connections(); return 1; } } if(r > 0) check_network_activity(&readset, &writeset); if(do_purge) { purge(); do_purge = false; } /* Let's check if everybody is still alive */ if(last_ping_check + pingtimeout <= now) { check_dead_connections(); last_ping_check = now; if(routing_mode == RMODE_SWITCH) age_subnets(); age_past_requests(); /* Should we regenerate our key? */ if(keyexpires <= now) { avl_node_t *node; node_t *n; ifdebug(STATUS) logger(LOG_INFO, "Expiring symmetric keys"); for(node = node_tree->head; node; node = node->next) { n = node->data; if(n->inkey) { free(n->inkey); n->inkey = NULL; } } send_key_changed(); keyexpires = now + keylifetime; } /* Detect ADD_EDGE/DEL_EDGE storms that are caused when * two tinc daemons with the same name are on the VPN. * If so, sleep a while. If this happens multiple times * in a row, sleep longer. */ if(contradicting_del_edge > 100 && contradicting_add_edge > 100) { logger(LOG_WARNING, "Possible node with same Name as us! Sleeping %d seconds.", sleeptime); usleep(sleeptime * 1000000LL); sleeptime *= 2; if(sleeptime < 0) sleeptime = 3600; } else { sleeptime /= 2; if(sleeptime < 10) sleeptime = 10; } contradicting_add_edge = 0; contradicting_del_edge = 0; } if(sigalrm) { avl_node_t *node; logger(LOG_INFO, "Flushing event queue"); expire_events(); for(node = connection_tree->head; node; node = node->next) { connection_t *c = node->data; if(c->status.active) send_ping(c); } sigalrm = false; } while((event = get_expired_event())) { event->handler(event->data); free_event(event); } if(sighup) { connection_t *c; avl_node_t *node, *next; char *fname; struct stat s; sighup = false; reopenlogger(); /* Reread our own configuration file */ exit_configuration(&config_tree); init_configuration(&config_tree); if(!read_server_config()) { logger(LOG_ERR, "Unable to reread configuration file, exitting."); return 1; } /* Cancel non-active outgoing connections */ for(node = connection_tree->head; node; node = next) { next = node->next; c = node->data; c->outgoing = NULL; if(c->status.connecting) { terminate_connection(c, false); connection_del(c); } } /* Wipe list of outgoing connections */ for(list_node_t *node = outgoing_list->head; node; node = node->next) { outgoing_t *outgoing = node->data; if(outgoing->event) event_del(outgoing->event); } list_delete_list(outgoing_list); /* Close connections to hosts that have a changed or deleted host config file */ for(node = connection_tree->head; node; node = node->next) { c = node->data; xasprintf(&fname, "%s/hosts/%s", confbase, c->name); if(stat(fname, &s) || s.st_mtime > last_config_check) terminate_connection(c, c->status.active); free(fname); } last_config_check = now; /* If StrictSubnet is set, expire deleted Subnets and read new ones in */ if(strictsubnets) { subnet_t *subnet; for(node = subnet_tree->head; node; node = node->next) { subnet = node->data; subnet->expires = 1; } load_all_subnets(); for(node = subnet_tree->head; node; node = next) { next = node->next; subnet = node->data; if(subnet->expires == 1) { send_del_subnet(everyone, subnet); if(subnet->owner->status.reachable) subnet_update(subnet->owner, subnet, false); subnet_del(subnet->owner, subnet); } else if(subnet->expires == -1) { subnet->expires = 0; } else { send_add_subnet(everyone, subnet); if(subnet->owner->status.reachable) subnet_update(subnet->owner, subnet, true); } } } /* Try to make outgoing connections */ try_outgoing_connections(); } /* Dump graph if wanted every 60 seconds*/ if(last_graph_dump + 60 <= now) { dump_graph(); last_graph_dump = now; } } #ifdef HAVE_PSELECT /* Restore SIGHUP & SIGALARM mask */ sigprocmask(SIG_SETMASK, &omask, NULL); #endif return 0; }
int main2(int argc, char **argv) { #endif char *priority = NULL; if(!detach()) return 1; #ifdef HAVE_MLOCKALL /* Lock all pages into memory if requested. * This has to be done after daemon()/fork() so it works for child. * No need to do that in parent as it's very short-lived. */ if(do_mlock && mlockall(MCL_CURRENT | MCL_FUTURE) != 0) { logger(DEBUG_ALWAYS, LOG_ERR, "System call `%s' failed: %s", "mlockall", strerror(errno)); return 1; } #endif /* Setup sockets and open device. */ if(!setup_network()) goto end; /* Change process priority */ if(get_config_string(lookup_config(config_tree, "ProcessPriority"), &priority)) { if(!strcasecmp(priority, "Normal")) { if (setpriority(NORMAL_PRIORITY_CLASS) != 0) { logger(DEBUG_ALWAYS, LOG_ERR, "System call `%s' failed: %s", "setpriority", strerror(errno)); goto end; } } else if(!strcasecmp(priority, "Low")) { if (setpriority(BELOW_NORMAL_PRIORITY_CLASS) != 0) { logger(DEBUG_ALWAYS, LOG_ERR, "System call `%s' failed: %s", "setpriority", strerror(errno)); goto end; } } else if(!strcasecmp(priority, "High")) { if (setpriority(HIGH_PRIORITY_CLASS) != 0) { logger(DEBUG_ALWAYS, LOG_ERR, "System call `%s' failed: %s", "setpriority", strerror(errno)); goto end; } } else { logger(DEBUG_ALWAYS, LOG_ERR, "Invalid priority `%s`!", priority); goto end; } } /* drop privileges */ if (!drop_privs()) goto end; /* Start main loop. It only exits when tinc is killed. */ logger(DEBUG_ALWAYS, LOG_NOTICE, "Ready"); if(umbilical) { // snip! write(umbilical, "", 1); close(umbilical); umbilical = 0; } try_outgoing_connections(); status = main_loop(); /* Shutdown properly. */ end: close_network_connections(); logger(DEBUG_ALWAYS, LOG_NOTICE, "Terminating"); free(priority); crypto_exit(); exit_configuration(&config_tree); free(cmdline_conf); free_names(); return status; }
/* Well, almost clean copy of read_rsa_public_key */ static bool read_rsa_public_key_offline(const char *nodename, RSA **outkey) { avl_tree_t *t; FILE *fp; char *tname, *fname; char *key; bool x; RSA *rsa_key = NULL; init_configuration(&t); xasprintf(&tname, "%s/hosts/%s", confbase, nodename); x = read_config_file(t, tname); if (!x) goto _fail; if(!rsa_key) { rsa_key = RSA_new(); // RSA_blinding_on(c->rsa_key, NULL); } /* First, check for simple PublicKey statement */ if(get_config_string(lookup_config(t, "PublicKey"), &key)) { BN_hex2bn(&rsa_key->n, key); BN_hex2bn(&rsa_key->e, "FFFF"); free(key); *outkey = rsa_key; goto _done; } /* Else, check for PublicKeyFile statement and read it */ if(get_config_string(lookup_config(t, "PublicKeyFile"), &fname)) { fp = fopen(fname, "r"); if(!fp) { logger(LOG_ERR, "Error reading RSA public key file `%s': %s", fname, strerror(errno)); free(fname); goto _fail; } free(fname); rsa_key = PEM_read_RSAPublicKey(fp, &rsa_key, NULL, NULL); fclose(fp); if(rsa_key) { *outkey = rsa_key; goto _done; /* Woohoo. */ } /* If it fails, try PEM_read_RSA_PUBKEY. */ fp = fopen(fname, "r"); if(!fp) { logger(LOG_ERR, "Error reading RSA public key file `%s': %s", fname, strerror(errno)); free(fname); goto _fail; } free(fname); rsa_key = PEM_read_RSA_PUBKEY(fp, &rsa_key, NULL, NULL); fclose(fp); if(rsa_key) { // RSA_blinding_on(c->rsa_key, NULL); *outkey = rsa_key; goto _done; } logger(LOG_ERR, "Reading RSA public key file `%s' failed: %s", fname, strerror(errno)); goto _fail; } /* Else, check if a harnessed public key is in the config file */ xasprintf(&fname, "%s/hosts/%s", confbase, nodename); fp = fopen(fname, "r"); if(fp) { rsa_key = PEM_read_RSAPublicKey(fp, &rsa_key, NULL, NULL); fclose(fp); } free(fname); if(rsa_key) { *outkey = rsa_key; goto _done; } /* Try again with PEM_read_RSA_PUBKEY. */ xasprintf(&fname, "%s/hosts/%s", confbase, nodename); fp = fopen(fname, "r"); if(fp) { rsa_key = PEM_read_RSA_PUBKEY(fp, &rsa_key, NULL, NULL); // RSA_blinding_on(c->rsa_key, NULL); fclose(fp); } free(fname); if(rsa_key) { *outkey = rsa_key; goto _done; } logger(LOG_ERR, "No public key for %s specified!", nodename); _fail: exit_configuration(&t); free(tname); return false; _done: exit_configuration(&t); free(tname); return true; }