/*
tincd.c -- the main file for tincd
Copyright (C) 1998-2005 Ivo Timmermans
- 2000-2010 Guus Sliepen <guus@tinc-vpn.org>
+ 2000-2017 Guus Sliepen <guus@tinc-vpn.org>
2008 Max Rijevski <maksuf@gmail.com>
2009 Michael Tokarev <mjt@tls.msk.ru>
2010 Julien Muchembled <jm@jmuchemb.eu>
#include <time.h>
#endif
+#ifdef HAVE_GETOPT_LONG
#include <getopt.h>
+#else
+#include "getopt.h"
+#endif
+
#include "pidfile.h"
#include "conf.h"
char *logfilename = NULL; /* log file location */
char **g_argv; /* a copy of the cmdline arguments */
-static int status;
+static int status = 1;
static struct option const long_options[] = {
{"config", required_argument, NULL, 'c'},
{"user", required_argument, NULL, 'U'},
{"logfile", optional_argument, NULL, 4},
{"pidfile", required_argument, NULL, 5},
+ {"option", required_argument, NULL, 'o'},
{NULL, 0, NULL, 0}
};
program_name);
else {
printf("Usage: %s [option]...\n\n", program_name);
- printf(" -c, --config=DIR Read configuration options from DIR.\n"
- " -D, --no-detach Don't fork and detach.\n"
- " -d, --debug[=LEVEL] Increase debug level or set it to LEVEL.\n"
- " -k, --kill[=SIGNAL] Attempt to kill a running tincd and exit.\n"
- " -n, --net=NETNAME Connect to net NETNAME.\n"
- " -K, --generate-keys[=BITS] Generate public/private RSA keypair.\n"
- " -L, --mlock Lock tinc into main memory.\n"
- " --logfile[=FILENAME] Write log entries to a logfile.\n"
- " --pidfile=FILENAME Write PID to FILENAME.\n"
- " -o [HOST.]KEY=VALUE Set global/host configuration value.\n"
- " -R, --chroot chroot to NET dir at startup.\n"
- " -U, --user=USER setuid to given USER at startup.\n"
- " --help Display this help and exit.\n"
- " --version Output version information and exit.\n\n");
+ printf(" -c, --config=DIR Read configuration options from DIR.\n"
+ " -D, --no-detach Don't fork and detach.\n"
+ " -d, --debug[=LEVEL] Increase debug level or set it to LEVEL.\n"
+ " -k, --kill[=SIGNAL] Attempt to kill a running tincd and exit.\n"
+ " -n, --net=NETNAME Connect to net NETNAME.\n"
+ " -K, --generate-keys[=BITS] Generate public/private RSA keypair.\n"
+ " -L, --mlock Lock tinc into main memory.\n"
+ " --logfile[=FILENAME] Write log entries to a logfile.\n"
+ " --pidfile=FILENAME Write PID to FILENAME.\n"
+ " -o, --option=[HOST.]KEY=VALUE Set global/host configuration value.\n"
+ " -R, --chroot chroot to NET dir at startup.\n"
+ " -U, --user=USER setuid to given USER at startup.\n"
+ " --help Display this help and exit.\n"
+ " --version Output version information and exit.\n\n");
printf("Report bugs to tinc@tinc-vpn.org.\n");
}
}
break;
case 'c': /* config file */
+ if(confbase) {
+ fprintf(stderr, "Only one configuration directory can be given.\n");
+ usage(true);
+ return false;
+ }
confbase = xstrdup(optarg);
break;
break;
#endif
- case 'd': /* inc debug level */
+ case 'd': /* increase debug level */
+ if(!optarg && optind < argc && *argv[optind] != '-')
+ optarg = argv[optind++];
if(optarg)
debug_level = atoi(optarg);
else
case 'k': /* kill old tincds */
#ifndef HAVE_MINGW
+ if(!optarg && optind < argc && *argv[optind] != '-')
+ optarg = argv[optind++];
if(optarg) {
if(!strcasecmp(optarg, "HUP"))
kill_tincd = SIGHUP;
kill_tincd = SIGINT;
else if(!strcasecmp(optarg, "ALRM"))
kill_tincd = SIGALRM;
+ else if(!strcasecmp(optarg, "ABRT"))
+ kill_tincd = SIGABRT;
else {
kill_tincd = atoi(optarg);
break;
case 'n': /* net name given */
- netname = xstrdup(optarg);
+ /* netname "." is special: a "top-level name" */
+ if(netname) {
+ fprintf(stderr, "Only one netname can be given.\n");
+ usage(true);
+ return false;
+ }
+ if(optarg && strcmp(optarg, "."))
+ netname = xstrdup(optarg);
break;
case 'o': /* option */
break;
case 'K': /* generate public/private keypair */
+ if(!optarg && optind < argc && *argv[optind] != '-')
+ optarg = argv[optind++];
if(optarg) {
generate_keys = atoi(optarg);
case 4: /* write log entries to a file */
use_logfile = true;
- if(optarg)
+ if(!optarg && optind < argc && *argv[optind] != '-')
+ optarg = argv[optind++];
+ if(optarg) {
+ if(logfilename) {
+ fprintf(stderr, "Only one logfile can be given.\n");
+ usage(true);
+ return false;
+ }
logfilename = xstrdup(optarg);
+ }
break;
case 5: /* write PID to a file */
+ if(pidfilename) {
+ fprintf(stderr, "Only one pidfile can be given.\n");
+ usage(true);
+ return false;
+ }
pidfilename = xstrdup(optarg);
break;
}
}
+ if(optind < argc) {
+ fprintf(stderr, "%s: unrecognized argument '%s'\n", argv[0], argv[optind]);
+ usage(true);
+ return false;
+ }
+
return true;
}
/* This function prettyprints the key generation process */
-static void indicator(int a, int b, void *p) {
+static int indicator(int a, int b, BN_GENCB *cb) {
switch (a) {
case 0:
fprintf(stderr, ".");
default:
fprintf(stderr, "?");
}
+
+ return 1;
+}
+
+#ifndef HAVE_BN_GENCB_NEW
+BN_GENCB *BN_GENCB_new(void) {
+ return xmalloc_and_zero(sizeof(BN_GENCB));
}
+void BN_GENCB_free(BN_GENCB *cb) {
+ free(cb);
+}
+#endif
+
/*
Generate a public/private RSA keypair, and ask for a file to store
them in.
*/
static bool keygen(int bits) {
+ BIGNUM *e = NULL;
RSA *rsa_key;
FILE *f;
- char *name = NULL;
- char *filename;
+ char filename[PATH_MAX];
+ BN_GENCB *cb;
+ int result;
- get_config_string(lookup_config(config_tree, "Name"), &name);
+ fprintf(stderr, "Generating %d bits keys:\n", bits);
- if(name && !check_id(name)) {
- fprintf(stderr, "Invalid name for myself!\n");
- return false;
- }
+ cb = BN_GENCB_new();
+ if(!cb)
+ abort();
+ BN_GENCB_set(cb, indicator, NULL);
- fprintf(stderr, "Generating %d bits keys:\n", bits);
- rsa_key = RSA_generate_key(bits, 0x10001, indicator, NULL);
+ rsa_key = RSA_new();
+ BN_hex2bn(&e, "10001");
+ if(!rsa_key || !e)
+ abort();
+
+ result = RSA_generate_key_ex(rsa_key, bits, e, cb);
- if(!rsa_key) {
+ BN_free(e);
+ BN_GENCB_free(cb);
+
+ if(!result) {
fprintf(stderr, "Error during key generation!\n");
+ RSA_free(rsa_key);
return false;
} else
fprintf(stderr, "Done.\n");
- xasprintf(&filename, "%s/rsa_key.priv", confbase);
+ snprintf(filename, sizeof filename, "%s/rsa_key.priv", confbase);
f = ask_and_open(filename, "private RSA key");
- if(!f)
+ if(!f) {
+ RSA_free(rsa_key);
return false;
+ }
- if(disable_old_keys(f))
- fprintf(stderr, "Warning: old key(s) found and disabled.\n");
-
#ifdef HAVE_FCHMOD
/* Make it unreadable for others. */
fchmod(fileno(f), 0600);
fputc('\n', f);
PEM_write_RSAPrivateKey(f, rsa_key, NULL, NULL, 0, NULL, NULL);
fclose(f);
- free(filename);
- if(name)
- xasprintf(&filename, "%s/hosts/%s", confbase, name);
- else
- xasprintf(&filename, "%s/rsa_key.pub", confbase);
+ char *name = get_name();
+
+ if(name) {
+ snprintf(filename, sizeof filename, "%s/hosts/%s", confbase, name);
+ free(name);
+ } else {
+ snprintf(filename, sizeof filename, "%s/rsa_key.pub", confbase);
+ }
f = ask_and_open(filename, "public RSA key");
- if(!f)
+ if(!f) {
+ RSA_free(rsa_key);
return false;
-
- if(disable_old_keys(f))
- fprintf(stderr, "Warning: old key(s) found and disabled.\n");
+ }
fputc('\n', f);
PEM_write_RSAPublicKey(f, rsa_key);
fclose(f);
- free(filename);
- if(name)
- free(name);
+
+ RSA_free(rsa_key);
return true;
}
#ifdef HAVE_MINGW
HKEY key;
char installdir[1024] = "";
- long len = sizeof(installdir);
+ DWORD len = sizeof(installdir);
#endif
if(netname)
#ifdef HAVE_MINGW
if(!RegOpenKeyEx(HKEY_LOCAL_MACHINE, "SOFTWARE\\tinc", 0, KEY_READ, &key)) {
- if(!RegQueryValueEx(key, NULL, 0, 0, installdir, &len)) {
- if(!logfilename)
- xasprintf(&logfilename, "%s/log/%s.log", identname);
+ if(!RegQueryValueEx(key, NULL, 0, 0, (LPBYTE)installdir, &len)) {
if(!confbase) {
if(netname)
xasprintf(&confbase, "%s/%s", installdir, netname);
else
xasprintf(&confbase, "%s", installdir);
}
+ if(!logfilename)
+ xasprintf(&logfilename, "%s/tinc.log", confbase);
}
RegCloseKey(key);
if(*installdir)
"initgroups", strerror(errno));
return false;
}
+#ifndef __ANDROID__
+// Not supported in android NDK
endgrent();
endpwent();
+#endif
}
if (do_chroot) {
tzset(); /* for proper timestamps in logs */
}
#ifdef HAVE_MINGW
-# define setpriority(level) SetPriorityClass(GetCurrentProcess(), level)
+# define setpriority(level) !SetPriorityClass(GetCurrentProcess(), (level))
#else
# define NORMAL_PRIORITY_CLASS 0
# define BELOW_NORMAL_PRIORITY_CLASS 10
# define HIGH_PRIORITY_CLASS -10
-# define setpriority(level) nice(level)
+# define setpriority(level) (setpriority(PRIO_PROCESS, 0, (level)))
#endif
int main(int argc, char **argv) {
make_names();
if(show_version) {
- printf("%s version %s (built %s %s, protocol %d)\n", PACKAGE,
- VERSION, __DATE__, __TIME__, PROT_CURRENT);
- printf("Copyright (C) 1998-2010 Ivo Timmermans, Guus Sliepen and others.\n"
+ printf("%s version %s\n", PACKAGE, VERSION);
+ printf("Copyright (C) 1998-2017 Ivo Timmermans, Guus Sliepen and others.\n"
"See the AUTHORS file for a complete list.\n\n"
"tinc comes with ABSOLUTELY NO WARRANTY. This is free software,\n"
"and you are welcome to redistribute it under certain conditions;\n"
g_argv = argv;
+ if(getenv("LISTEN_PID") && atoi(getenv("LISTEN_PID")) == getpid())
+ do_detach = false;
+#ifdef HAVE_UNSETENV
+ unsetenv("LISTEN_PID");
+#endif
+
init_configuration(&config_tree);
/* Slllluuuuuuurrrrp! */
InitializeCriticalSection(&mutex);
EnterCriticalSection(&mutex);
#endif
+ char *priority = NULL;
if(!detach())
return 1;
/* Change process priority */
- char *priority = 0;
-
if(get_config_string(lookup_config(config_tree, "ProcessPriority"), &priority)) {
if(!strcasecmp(priority, "Normal")) {
if (setpriority(NORMAL_PRIORITY_CLASS) != 0) {
/* Shutdown properly. */
ifdebug(CONNECTIONS)
- dump_device_stats();
+ devops.dump_stats();
close_network_connections();
remove_pid(pidfilename);
#endif
+ free(priority);
+
EVP_cleanup();
ENGINE_cleanup();
CRYPTO_cleanup_all_ex_data();
+#ifdef HAVE_ERR_REMOVE_STATE
+ // OpenSSL claims this function was deprecated in 1.0.0,
+ // but valgrind's leak detector shows you still need to call it to make sure OpenSSL cleans up properly.
ERR_remove_state(0);
+#endif
ERR_free_strings();
exit_configuration(&config_tree);
+ list_delete_list(cmdline_conf);
free_names();
return status;