+#else
+ if(!remove_service())
+ return 1;
+#endif
+ close(fd);
+ pid = 0;
+ fd = -1;
+
+ return 0;
+}
+
+static int cmd_restart(int argc, char *argv[]) {
+ cmd_stop(1, argv);
+ return cmd_start(argc, argv);
+}
+
+static int cmd_reload(int argc, char *argv[]) {
+ if(argc > 1) {
+ fprintf(stderr, "Too many arguments!\n");
+ return 1;
+ }
+
+ if(!connect_tincd(true))
+ return 1;
+
+ sendline(fd, "%d %d", CONTROL, REQ_RELOAD);
+ if(!recvline(fd, line, sizeof line) || sscanf(line, "%d %d %d", &code, &req, &result) != 3 || code != CONTROL || req != REQ_RELOAD || result) {
+ fprintf(stderr, "Could not reload configuration.\n");
+ return 1;
+ }
+
+ return 0;
+
+}
+
+static int dump_invitations(void) {
+ char dname[PATH_MAX];
+ snprintf(dname, sizeof dname, "%s" SLASH "invitations", confbase);
+ DIR *dir = opendir(dname);
+ if(!dir) {
+ if(errno == ENOENT) {
+ fprintf(stderr, "No outstanding invitations.\n");
+ return 0;
+ }
+
+ fprintf(stderr, "Cannot not read directory %s: %s\n", dname, strerror(errno));
+ return 1;
+ }
+
+ struct dirent *ent;
+ bool found = false;
+
+ while((ent = readdir(dir))) {
+ char buf[MAX_STRING_SIZE];
+ if(b64decode(ent->d_name, buf, 24) != 18)
+ continue;
+
+ char fname[PATH_MAX];
+ snprintf(fname, sizeof fname, "%s" SLASH "%s", dname, ent->d_name);
+ FILE *f = fopen(fname, "r");
+ if(!f) {
+ fprintf(stderr, "Cannot open %s: %s\n", fname, strerror(errno));
+ fclose(f);
+ continue;
+ }
+
+ buf[0] = 0;
+ if(!fgets(buf, sizeof buf, f)) {
+ fprintf(stderr, "Invalid invitation file %s", fname);
+ fclose(f);
+ continue;
+ }
+ fclose(f);
+
+ char *eol = buf + strlen(buf);
+ while(strchr("\t \r\n", *--eol))
+ *eol = 0;
+ if(strncmp(buf, "Name = ", 7) || !check_id(buf + 7)) {
+ fprintf(stderr, "Invalid invitation file %s", fname);
+ continue;
+ }
+
+ found = true;
+ printf("%s %s\n", ent->d_name, buf + 7);
+ }
+
+ closedir(dir);
+
+ if(!found)
+ fprintf(stderr, "No outstanding invitations.\n");
+
+ return 0;
+}
+
+static int cmd_dump(int argc, char *argv[]) {
+ bool only_reachable = false;
+
+ if(argc > 2 && !strcasecmp(argv[1], "reachable")) {
+ if(strcasecmp(argv[2], "nodes")) {
+ fprintf(stderr, "`reachable' only supported for nodes.\n");
+ usage(true);
+ return 1;
+ }
+ only_reachable = true;
+ argv++;
+ argc--;
+ }
+
+ if(argc != 2) {
+ fprintf(stderr, "Invalid number of arguments.\n");
+ usage(true);
+ return 1;
+ }
+
+ if(!strcasecmp(argv[1], "invitations"))
+ return dump_invitations();
+
+ if(!connect_tincd(true))
+ return 1;
+
+ int do_graph = 0;
+
+ if(!strcasecmp(argv[1], "nodes"))
+ sendline(fd, "%d %d", CONTROL, REQ_DUMP_NODES);
+ else if(!strcasecmp(argv[1], "edges"))
+ sendline(fd, "%d %d", CONTROL, REQ_DUMP_EDGES);
+ else if(!strcasecmp(argv[1], "subnets"))
+ sendline(fd, "%d %d", CONTROL, REQ_DUMP_SUBNETS);
+ else if(!strcasecmp(argv[1], "connections"))
+ sendline(fd, "%d %d", CONTROL, REQ_DUMP_CONNECTIONS);
+ else if(!strcasecmp(argv[1], "graph")) {
+ sendline(fd, "%d %d", CONTROL, REQ_DUMP_NODES);
+ sendline(fd, "%d %d", CONTROL, REQ_DUMP_EDGES);
+ do_graph = 1;
+ } else if(!strcasecmp(argv[1], "digraph")) {
+ sendline(fd, "%d %d", CONTROL, REQ_DUMP_NODES);
+ sendline(fd, "%d %d", CONTROL, REQ_DUMP_EDGES);
+ do_graph = 2;
+ } else {
+ fprintf(stderr, "Unknown dump type '%s'.\n", argv[1]);
+ usage(true);
+ return 1;
+ }
+
+ if(do_graph == 1)
+ printf("graph {\n");
+ else if(do_graph == 2)
+ printf("digraph {\n");
+
+ while(recvline(fd, line, sizeof line)) {
+ char node1[4096], node2[4096];
+ int n = sscanf(line, "%d %d %s %s", &code, &req, node1, node2);
+ if(n == 2) {
+ if(do_graph && req == REQ_DUMP_NODES)
+ continue;
+ else {
+ if(do_graph)
+ printf("}\n");
+ return 0;
+ }
+ }
+ if(n < 2)
+ break;
+
+ char node[4096];
+ char id[4096];
+ char from[4096];
+ char to[4096];
+ char subnet[4096];
+ char host[4096];
+ char port[4096];
+ char local_host[4096];
+ char local_port[4096];
+ char via[4096];
+ char nexthop[4096];
+ int cipher, digest, maclength, compression, distance, socket, weight;
+ short int pmtu, minmtu, maxmtu;
+ unsigned int options, status_int;
+ node_status_t status;
+ long int last_state_change;
+
+ switch(req) {
+ case REQ_DUMP_NODES: {
+ int n = sscanf(line, "%*d %*d %s %s %s port %s %d %d %d %d %x %x %s %s %d %hd %hd %hd %ld", node, id, host, port, &cipher, &digest, &maclength, &compression, &options, &status_int, nexthop, via, &distance, &pmtu, &minmtu, &maxmtu, &last_state_change);
+ if(n != 17) {
+ fprintf(stderr, "Unable to parse node dump from tincd: %s\n", line);
+ return 1;
+ }
+
+ memcpy(&status, &status_int, sizeof status);
+
+ if(do_graph) {
+ const char *color = "black";
+ if(!strcmp(host, "MYSELF"))
+ color = "green";
+ else if(!status.reachable)
+ color = "red";
+ else if(strcmp(via, node))
+ color = "orange";
+ else if(!status.validkey)
+ color = "black";
+ else if(minmtu > 0)
+ color = "green";
+ printf(" %s [label = \"%s\", color = \"%s\"%s];\n", node, node, color, strcmp(host, "MYSELF") ? "" : ", style = \"filled\"");
+ } else {
+ if(only_reachable && !status.reachable)
+ continue;
+ printf("%s id %s at %s port %s cipher %d digest %d maclength %d compression %d options %x status %04x nexthop %s via %s distance %d pmtu %hd (min %hd max %hd)\n",
+ node, id, host, port, cipher, digest, maclength, compression, options, status_int, nexthop, via, distance, pmtu, minmtu, maxmtu);
+ }
+ } break;
+
+ case REQ_DUMP_EDGES: {
+ int n = sscanf(line, "%*d %*d %s %s %s port %s %s port %s %x %d", from, to, host, port, local_host, local_port, &options, &weight);
+ if(n != 8) {
+ fprintf(stderr, "Unable to parse edge dump from tincd.\n");
+ return 1;
+ }
+
+ if(do_graph) {
+ float w = 1 + 65536.0 / weight;
+ if(do_graph == 1 && strcmp(node1, node2) > 0)
+ printf(" %s -- %s [w = %f, weight = %f];\n", node1, node2, w, w);
+ else if(do_graph == 2)
+ printf(" %s -> %s [w = %f, weight = %f];\n", node1, node2, w, w);
+ } else {
+ printf("%s to %s at %s port %s local %s port %s options %x weight %d\n", from, to, host, port, local_host, local_port, options, weight);
+ }
+ } break;
+
+ case REQ_DUMP_SUBNETS: {
+ int n = sscanf(line, "%*d %*d %s %s", subnet, node);
+ if(n != 2) {
+ fprintf(stderr, "Unable to parse subnet dump from tincd.\n");
+ return 1;
+ }
+ printf("%s owner %s\n", strip_weight(subnet), node);
+ } break;
+
+ case REQ_DUMP_CONNECTIONS: {
+ int n = sscanf(line, "%*d %*d %s %s port %s %x %d %x", node, host, port, &options, &socket, &status_int);
+ if(n != 6) {
+ fprintf(stderr, "Unable to parse connection dump from tincd.\n");
+ return 1;
+ }
+ printf("%s at %s port %s options %x socket %d status %x\n", node, host, port, options, socket, status_int);
+ } break;
+
+ default:
+ fprintf(stderr, "Unable to parse dump from tincd.\n");
+ return 1;
+ }
+ }
+
+ fprintf(stderr, "Error receiving dump.\n");
+ return 1;
+}
+
+static int cmd_purge(int argc, char *argv[]) {
+ if(argc > 1) {
+ fprintf(stderr, "Too many arguments!\n");
+ return 1;
+ }
+
+ if(!connect_tincd(true))
+ return 1;
+
+ sendline(fd, "%d %d", CONTROL, REQ_PURGE);
+ if(!recvline(fd, line, sizeof line) || sscanf(line, "%d %d %d", &code, &req, &result) != 3 || code != CONTROL || req != REQ_PURGE || result) {
+ fprintf(stderr, "Could not purge old information.\n");
+ return 1;
+ }
+
+ return 0;
+}
+
+static int cmd_debug(int argc, char *argv[]) {
+ if(argc != 2) {
+ fprintf(stderr, "Invalid number of arguments.\n");
+ return 1;
+ }
+
+ if(!connect_tincd(true))
+ return 1;
+
+ int debuglevel = atoi(argv[1]);
+ int origlevel;
+
+ sendline(fd, "%d %d %d", CONTROL, REQ_SET_DEBUG, debuglevel);
+ if(!recvline(fd, line, sizeof line) || sscanf(line, "%d %d %d", &code, &req, &origlevel) != 3 || code != CONTROL || req != REQ_SET_DEBUG) {
+ fprintf(stderr, "Could not set debug level.\n");
+ return 1;
+ }
+
+ fprintf(stderr, "Old level %d, new level %d.\n", origlevel, debuglevel);
+ return 0;
+}
+
+static int cmd_retry(int argc, char *argv[]) {
+ if(argc > 1) {
+ fprintf(stderr, "Too many arguments!\n");
+ return 1;
+ }
+
+ if(!connect_tincd(true))
+ return 1;
+
+ sendline(fd, "%d %d", CONTROL, REQ_RETRY);
+ if(!recvline(fd, line, sizeof line) || sscanf(line, "%d %d %d", &code, &req, &result) != 3 || code != CONTROL || req != REQ_RETRY || result) {
+ fprintf(stderr, "Could not retry outgoing connections.\n");
+ return 1;
+ }
+
+ return 0;
+}
+
+static int cmd_connect(int argc, char *argv[]) {
+ if(argc != 2) {
+ fprintf(stderr, "Invalid number of arguments.\n");
+ return 1;
+ }
+
+ if(!check_id(argv[1])) {
+ fprintf(stderr, "Invalid name for node.\n");
+ return 1;
+ }
+
+ if(!connect_tincd(true))
+ return 1;
+
+ sendline(fd, "%d %d %s", CONTROL, REQ_CONNECT, argv[1]);
+ if(!recvline(fd, line, sizeof line) || sscanf(line, "%d %d %d", &code, &req, &result) != 3 || code != CONTROL || req != REQ_CONNECT || result) {
+ fprintf(stderr, "Could not connect to %s.\n", argv[1]);
+ return 1;
+ }
+
+ return 0;
+}
+
+static int cmd_disconnect(int argc, char *argv[]) {
+ if(argc != 2) {
+ fprintf(stderr, "Invalid number of arguments.\n");
+ return 1;
+ }
+
+ if(!check_id(argv[1])) {
+ fprintf(stderr, "Invalid name for node.\n");
+ return 1;
+ }
+
+ if(!connect_tincd(true))
+ return 1;
+
+ sendline(fd, "%d %d %s", CONTROL, REQ_DISCONNECT, argv[1]);
+ if(!recvline(fd, line, sizeof line) || sscanf(line, "%d %d %d", &code, &req, &result) != 3 || code != CONTROL || req != REQ_DISCONNECT || result) {
+ fprintf(stderr, "Could not disconnect %s.\n", argv[1]);
+ return 1;
+ }
+
+ return 0;
+}
+
+static int cmd_top(int argc, char *argv[]) {
+ if(argc > 1) {
+ fprintf(stderr, "Too many arguments!\n");
+ return 1;
+ }
+
+#ifdef HAVE_CURSES
+ if(!connect_tincd(true))
+ return 1;
+
+ top(fd);
+ return 0;
+#else
+ fprintf(stderr, "This version of tinc was compiled without support for the curses library.\n");
+ return 1;
+#endif
+}
+
+static int cmd_pcap(int argc, char *argv[]) {
+ if(argc > 2) {
+ fprintf(stderr, "Too many arguments!\n");
+ return 1;
+ }
+
+ if(!connect_tincd(true))
+ return 1;
+
+ pcap(fd, stdout, argc > 1 ? atoi(argv[1]) : 0);
+ return 0;
+}
+
+#ifdef SIGINT
+static void sigint_handler(int sig) {
+ fprintf(stderr, "\n");
+ shutdown(fd, SHUT_RDWR);
+}
+#endif
+
+static int cmd_log(int argc, char *argv[]) {
+ if(argc > 2) {
+ fprintf(stderr, "Too many arguments!\n");
+ return 1;
+ }
+
+ if(!connect_tincd(true))
+ return 1;
+
+#ifdef SIGINT
+ signal(SIGINT, sigint_handler);
+#endif
+
+ logcontrol(fd, stdout, argc > 1 ? atoi(argv[1]) : -1);
+
+#ifdef SIGINT
+ signal(SIGINT, SIG_DFL);
+#endif
+
+ close(fd);
+ fd = -1;
+ return 0;
+}
+
+static int cmd_pid(int argc, char *argv[]) {
+ if(argc > 1) {
+ fprintf(stderr, "Too many arguments!\n");
+ return 1;
+ }
+
+ if(!connect_tincd(true) || !pid)
+ return 1;
+
+ printf("%d\n", pid);
+ return 0;
+}
+
+int rstrip(char *value) {
+ int len = strlen(value);
+ while(len && strchr("\t\r\n ", value[len - 1]))
+ value[--len] = 0;
+ return len;
+}
+
+char *get_my_name(bool verbose) {
+ FILE *f = fopen(tinc_conf, "r");
+ if(!f) {
+ if(verbose)
+ fprintf(stderr, "Could not open %s: %s\n", tinc_conf, strerror(errno));
+ return NULL;
+ }
+
+ char buf[4096];
+ char *value;
+ while(fgets(buf, sizeof buf, f)) {
+ int len = strcspn(buf, "\t =");
+ value = buf + len;
+ value += strspn(value, "\t ");
+ if(*value == '=') {
+ value++;
+ value += strspn(value, "\t ");
+ }
+ if(!rstrip(value))
+ continue;
+ buf[len] = 0;
+ if(strcasecmp(buf, "Name"))
+ continue;
+ if(*value) {
+ fclose(f);
+ return replace_name(value);
+ }
+ }
+
+ fclose(f);
+ if(verbose)
+ fprintf(stderr, "Could not find Name in %s.\n", tinc_conf);
+ return NULL;
+}
+
+ecdsa_t *get_pubkey(FILE *f) {
+ char buf[4096];
+ char *value;
+ while(fgets(buf, sizeof buf, f)) {
+ int len = strcspn(buf, "\t =");
+ value = buf + len;
+ value += strspn(value, "\t ");
+ if(*value == '=') {
+ value++;
+ value += strspn(value, "\t ");
+ }
+ if(!rstrip(value))
+ continue;
+ buf[len] = 0;
+ if(strcasecmp(buf, "Ed25519PublicKey"))
+ continue;
+ if(*value)
+ return ecdsa_set_base64_public_key(value);
+ }
+
+ return NULL;
+}
+
+const var_t variables[] = {
+ /* Server configuration */
+ {"AddressFamily", VAR_SERVER},
+ {"AutoConnect", VAR_SERVER | VAR_SAFE},
+ {"BindToAddress", VAR_SERVER | VAR_MULTIPLE},
+ {"BindToInterface", VAR_SERVER},
+ {"Broadcast", VAR_SERVER | VAR_SAFE},
+ {"BroadcastSubnet", VAR_SERVER | VAR_MULTIPLE | VAR_SAFE},
+ {"ConnectTo", VAR_SERVER | VAR_MULTIPLE | VAR_SAFE},
+ {"DecrementTTL", VAR_SERVER},
+ {"Device", VAR_SERVER},
+ {"DeviceStandby", VAR_SERVER},
+ {"DeviceType", VAR_SERVER},
+ {"DirectOnly", VAR_SERVER},
+ {"Ed25519PrivateKeyFile", VAR_SERVER},
+ {"ExperimentalProtocol", VAR_SERVER},
+ {"Forwarding", VAR_SERVER},
+ {"GraphDumpFile", VAR_SERVER | VAR_OBSOLETE},
+ {"Hostnames", VAR_SERVER},
+ {"IffOneQueue", VAR_SERVER},
+ {"Interface", VAR_SERVER},
+ {"KeyExpire", VAR_SERVER},
+ {"ListenAddress", VAR_SERVER | VAR_MULTIPLE},
+ {"LocalDiscovery", VAR_SERVER},
+ {"MACExpire", VAR_SERVER},
+ {"MaxConnectionBurst", VAR_SERVER},
+ {"MaxOutputBufferSize", VAR_SERVER},
+ {"MaxTimeout", VAR_SERVER},
+ {"Mode", VAR_SERVER | VAR_SAFE},
+ {"Name", VAR_SERVER},
+ {"PingInterval", VAR_SERVER},
+ {"PingTimeout", VAR_SERVER},
+ {"PriorityInheritance", VAR_SERVER},
+ {"PrivateKey", VAR_SERVER | VAR_OBSOLETE},
+ {"PrivateKeyFile", VAR_SERVER},
+ {"ProcessPriority", VAR_SERVER},
+ {"Proxy", VAR_SERVER},
+ {"ReplayWindow", VAR_SERVER},
+ {"ScriptsExtension", VAR_SERVER},
+ {"ScriptsInterpreter", VAR_SERVER},
+ {"StrictSubnets", VAR_SERVER},
+ {"TunnelServer", VAR_SERVER},
+ {"UDPDiscovery", VAR_SERVER},
+ {"UDPDiscoveryKeepaliveInterval", VAR_SERVER},
+ {"UDPDiscoveryInterval", VAR_SERVER},
+ {"UDPDiscoveryTimeout", VAR_SERVER},
+ {"MTUInfoInterval", VAR_SERVER},
+ {"UDPInfoInterval", VAR_SERVER},
+ {"UDPRcvBuf", VAR_SERVER},
+ {"UDPSndBuf", VAR_SERVER},
+ {"UPnP", VAR_SERVER},
+ {"UPnPDiscoverWait", VAR_SERVER},
+ {"UPnPRefreshPeriod", VAR_SERVER},
+ {"VDEGroup", VAR_SERVER},
+ {"VDEPort", VAR_SERVER},
+ /* Host configuration */
+ {"Address", VAR_HOST | VAR_MULTIPLE},
+ {"Cipher", VAR_SERVER | VAR_HOST},
+ {"ClampMSS", VAR_SERVER | VAR_HOST},
+ {"Compression", VAR_SERVER | VAR_HOST},
+ {"Digest", VAR_SERVER | VAR_HOST},
+ {"Ed25519PublicKey", VAR_HOST},
+ {"Ed25519PublicKeyFile", VAR_SERVER | VAR_HOST},
+ {"IndirectData", VAR_SERVER | VAR_HOST},
+ {"MACLength", VAR_SERVER | VAR_HOST},
+ {"PMTU", VAR_SERVER | VAR_HOST},
+ {"PMTUDiscovery", VAR_SERVER | VAR_HOST},
+ {"Port", VAR_HOST},
+ {"PublicKey", VAR_HOST | VAR_OBSOLETE},
+ {"PublicKeyFile", VAR_SERVER | VAR_HOST | VAR_OBSOLETE},
+ {"Subnet", VAR_HOST | VAR_MULTIPLE | VAR_SAFE},
+ {"TCPOnly", VAR_SERVER | VAR_HOST},
+ {"Weight", VAR_HOST | VAR_SAFE},
+ {NULL, 0}
+};
+
+static int cmd_config(int argc, char *argv[]) {
+ if(argc < 2) {
+ fprintf(stderr, "Invalid number of arguments.\n");
+ return 1;
+ }
+
+ if(strcasecmp(argv[0], "config"))
+ argv--, argc++;
+
+ int action = -2;
+ if(!strcasecmp(argv[1], "get")) {
+ argv++, argc--;
+ } else if(!strcasecmp(argv[1], "add")) {
+ argv++, argc--, action = 1;
+ } else if(!strcasecmp(argv[1], "del")) {
+ argv++, argc--, action = -1;
+ } else if(!strcasecmp(argv[1], "replace") || !strcasecmp(argv[1], "set") || !strcasecmp(argv[1], "change")) {
+ argv++, argc--, action = 0;
+ }
+
+ if(argc < 2) {
+ fprintf(stderr, "Invalid number of arguments.\n");
+ return 1;
+ }
+
+ // Concatenate the rest of the command line
+ strncpy(line, argv[1], sizeof line - 1);
+ for(int i = 2; i < argc; i++) {
+ strncat(line, " ", sizeof line - 1 - strlen(line));
+ strncat(line, argv[i], sizeof line - 1 - strlen(line));
+ }
+
+ // Liberal parsing into node name, variable name and value.
+ char *node = NULL;
+ char *variable;
+ char *value;
+ int len;
+
+ len = strcspn(line, "\t =");
+ value = line + len;
+ value += strspn(value, "\t ");
+ if(*value == '=') {
+ value++;
+ value += strspn(value, "\t ");
+ }
+ line[len] = '\0';
+ variable = strchr(line, '.');
+ if(variable) {
+ node = line;
+ *variable++ = 0;
+ } else {
+ variable = line;
+ }
+
+ if(!*variable) {
+ fprintf(stderr, "No variable given.\n");
+ return 1;
+ }
+
+ if(action >= 0 && !*value) {
+ fprintf(stderr, "No value for variable given.\n");
+ return 1;
+ }
+
+ if(action < -1 && *value)
+ action = 0;
+
+ /* Some simple checks. */
+ bool found = false;
+ bool warnonremove = false;
+
+ for(int i = 0; variables[i].name; i++) {
+ if(strcasecmp(variables[i].name, variable))
+ continue;
+
+ found = true;
+ variable = (char *)variables[i].name;
+
+ /* Discourage use of obsolete variables. */
+
+ if(variables[i].type & VAR_OBSOLETE && action >= 0) {
+ if(force) {
+ fprintf(stderr, "Warning: %s is an obsolete variable!\n", variable);
+ } else {
+ fprintf(stderr, "%s is an obsolete variable! Use --force to use it anyway.\n", variable);
+ return 1;
+ }
+ }
+
+ /* Don't put server variables in host config files */
+
+ if(node && !(variables[i].type & VAR_HOST) && action >= 0) {
+ if(force) {
+ fprintf(stderr, "Warning: %s is not a host configuration variable!\n", variable);
+ } else {
+ fprintf(stderr, "%s is not a host configuration variable! Use --force to use it anyway.\n", variable);
+ return 1;
+ }
+ }
+
+ /* Should this go into our own host config file? */
+
+ if(!node && !(variables[i].type & VAR_SERVER)) {
+ node = get_my_name(true);
+ if(!node)
+ return 1;
+ }
+
+ /* Change "add" into "set" for variables that do not allow multiple occurences.
+ Turn on warnings when it seems variables might be removed unintentionally. */
+
+ if(action == 1 && !(variables[i].type & VAR_MULTIPLE)) {
+ warnonremove = true;
+ action = 0;
+ } else if(action == 0 && (variables[i].type & VAR_MULTIPLE)) {
+ warnonremove = true;
+ }
+
+ break;
+ }
+
+ if(node && !check_id(node)) {
+ fprintf(stderr, "Invalid name for node.\n");
+ return 1;
+ }
+
+ if(!found) {
+ if(force || action < 0) {
+ fprintf(stderr, "Warning: %s is not a known configuration variable!\n", variable);
+ } else {
+ fprintf(stderr, "%s: is not a known configuration variable! Use --force to use it anyway.\n", variable);
+ return 1;
+ }
+ }
+
+ // Open the right configuration file.
+ char filename[PATH_MAX];
+ if(node)
+ snprintf(filename, sizeof filename, "%s" SLASH "%s", hosts_dir, node);
+ else
+ snprintf(filename, sizeof filename, "%s", tinc_conf);
+
+ FILE *f = fopen(filename, "r");
+ if(!f) {
+ fprintf(stderr, "Could not open configuration file %s: %s\n", filename, strerror(errno));
+ return 1;
+ }
+
+ char tmpfile[PATH_MAX];
+ FILE *tf = NULL;
+
+ if(action >= -1) {
+ snprintf(tmpfile, sizeof tmpfile, "%s.config.tmp", filename);
+ tf = fopen(tmpfile, "w");
+ if(!tf) {
+ fprintf(stderr, "Could not open temporary file %s: %s\n", tmpfile, strerror(errno));
+ fclose(f);
+ return 1;
+ }
+ }
+
+ // Copy the file, making modifications on the fly, unless we are just getting a value.
+ char buf1[4096];
+ char buf2[4096];
+ bool set = false;
+ bool removed = false;
+ found = false;
+
+ while(fgets(buf1, sizeof buf1, f)) {
+ buf1[sizeof buf1 - 1] = 0;
+ strncpy(buf2, buf1, sizeof buf2);
+
+ // Parse line in a simple way
+ char *bvalue;
+ int len;
+
+ len = strcspn(buf2, "\t =");
+ bvalue = buf2 + len;
+ bvalue += strspn(bvalue, "\t ");
+ if(*bvalue == '=') {
+ bvalue++;
+ bvalue += strspn(bvalue, "\t ");
+ }
+ rstrip(bvalue);
+ buf2[len] = '\0';
+
+ // Did it match?
+ if(!strcasecmp(buf2, variable)) {
+ // Get
+ if(action < -1) {
+ found = true;
+ printf("%s\n", bvalue);
+ // Del
+ } else if(action == -1) {
+ if(!*value || !strcasecmp(bvalue, value)) {
+ removed = true;
+ continue;
+ }
+ // Set
+ } else if(action == 0) {
+ // Warn if "set" was used for variables that can occur multiple times
+ if(warnonremove && strcasecmp(bvalue, value))
+ fprintf(stderr, "Warning: removing %s = %s\n", variable, bvalue);
+
+ // Already set? Delete the rest...
+ if(set)
+ continue;
+
+ // Otherwise, replace.
+ if(fprintf(tf, "%s = %s\n", variable, value) < 0) {
+ fprintf(stderr, "Error writing to temporary file %s: %s\n", tmpfile, strerror(errno));
+ return 1;
+ }
+ set = true;
+ continue;
+ // Add
+ } else if(action > 0) {
+ // Check if we've already seen this variable with the same value
+ if(!strcasecmp(bvalue, value))
+ found = true;
+ }
+ }
+
+ if(action >= -1) {
+ // Copy original line...
+ if(fputs(buf1, tf) < 0) {
+ fprintf(stderr, "Error writing to temporary file %s: %s\n", tmpfile, strerror(errno));
+ return 1;
+ }
+
+ // Add newline if it is missing...
+ if(*buf1 && buf1[strlen(buf1) - 1] != '\n') {
+ if(fputc('\n', tf) < 0) {
+ fprintf(stderr, "Error writing to temporary file %s: %s\n", tmpfile, strerror(errno));
+ return 1;
+ }
+ }
+ }
+ }
+
+ // Make sure we read everything...
+ if(ferror(f) || !feof(f)) {
+ fprintf(stderr, "Error while reading from configuration file %s: %s\n", filename, strerror(errno));
+ return 1;
+ }
+
+ if(fclose(f)) {
+ fprintf(stderr, "Error closing configuration file %s: %s\n", filename, strerror(errno));
+ return 1;
+ }
+
+ // Add new variable if necessary.
+ if((action > 0 && !found)|| (action == 0 && !set)) {
+ if(fprintf(tf, "%s = %s\n", variable, value) < 0) {
+ fprintf(stderr, "Error writing to temporary file %s: %s\n", tmpfile, strerror(errno));
+ return 1;
+ }
+ }
+
+ if(action < -1) {
+ if(found) {
+ return 0;
+ } else {
+ fprintf(stderr, "No matching configuration variables found.\n");
+ return 1;
+ }
+ }
+
+ // Make sure we wrote everything...
+ if(fclose(tf)) {
+ fprintf(stderr, "Error closing temporary file %s: %s\n", tmpfile, strerror(errno));
+ return 1;
+ }
+
+ // Could we find what we had to remove?
+ if(action < 0 && !removed) {
+ remove(tmpfile);
+ fprintf(stderr, "No configuration variables deleted.\n");
+ return 1;
+ }
+
+ // Replace the configuration file with the new one
+#ifdef HAVE_MINGW
+ if(remove(filename)) {
+ fprintf(stderr, "Error replacing file %s: %s\n", filename, strerror(errno));
+ return 1;
+ }
+#endif
+ if(rename(tmpfile, filename)) {
+ fprintf(stderr, "Error renaming temporary file %s to configuration file %s: %s\n", tmpfile, filename, strerror(errno));
+ return 1;
+ }
+
+ // Silently try notifying a running tincd of changes.
+ if(connect_tincd(false))
+ sendline(fd, "%d %d", CONTROL, REQ_RELOAD);
+
+ return 0;
+}
+
+static bool try_bind(int port) {
+ struct addrinfo *ai = NULL, *aip;
+ struct addrinfo hint = {
+ .ai_flags = AI_PASSIVE,
+ .ai_family = AF_UNSPEC,
+ .ai_socktype = SOCK_STREAM,
+ .ai_protocol = IPPROTO_TCP,
+ };
+
+ bool success = true;
+ char portstr[16];
+ snprintf(portstr, sizeof portstr, "%d", port);
+
+ if(getaddrinfo(NULL, portstr, &hint, &ai) || !ai)
+ return false;
+
+ for(aip = ai; aip; aip = aip->ai_next) {
+ int fd = socket(ai->ai_family, SOCK_STREAM, IPPROTO_TCP);
+ if(!fd) {
+ success = false;
+ break;
+ }
+
+ int result = bind(fd, ai->ai_addr, ai->ai_addrlen);
+ closesocket(fd);
+ if(result) {
+ success = false;
+ break;
+ }
+ }
+
+ freeaddrinfo(ai);
+ return success;
+}
+
+int check_port(char *name) {
+ if(try_bind(655))
+ return 655;
+
+ fprintf(stderr, "Warning: could not bind to port 655. ");
+
+ for(int i = 0; i < 100; i++) {
+ int port = 0x1000 + (rand() & 0x7fff);
+ if(try_bind(port)) {
+ char filename[PATH_MAX];
+ snprintf(filename, sizeof filename, "%s" SLASH "hosts" SLASH "%s", confbase, name);
+ FILE *f = fopen(filename, "a");
+ if(!f) {
+ fprintf(stderr, "Could not open %s: %s\n", filename, strerror(errno));
+ fprintf(stderr, "Please change tinc's Port manually.\n");
+ return 0;
+ }
+
+ fprintf(f, "Port = %d\n", port);
+ fclose(f);
+ fprintf(stderr, "Tinc will instead listen on port %d.\n", port);
+ return port;
+ }
+ }
+
+ fprintf(stderr, "Please change tinc's Port manually.\n");
+ return 0;
+}
+
+static int cmd_init(int argc, char *argv[]) {
+ if(!access(tinc_conf, F_OK)) {
+ fprintf(stderr, "Configuration file %s already exists!\n", tinc_conf);
+ return 1;
+ }
+
+ if(argc > 2) {
+ fprintf(stderr, "Too many arguments!\n");
+ return 1;
+ } else if(argc < 2) {
+ if(tty) {
+ char buf[1024];
+ fprintf(stderr, "Enter the Name you want your tinc node to have: ");
+ if(!fgets(buf, sizeof buf, stdin)) {
+ fprintf(stderr, "Error while reading stdin: %s\n", strerror(errno));
+ return 1;
+ }
+ int len = rstrip(buf);
+ if(!len) {
+ fprintf(stderr, "No name given!\n");
+ return 1;
+ }
+ name = strdup(buf);
+ } else {
+ fprintf(stderr, "No Name given!\n");
+ return 1;
+ }
+ } else {
+ name = strdup(argv[1]);
+ if(!*name) {
+ fprintf(stderr, "No Name given!\n");
+ return 1;
+ }
+ }
+
+ if(!check_id(name)) {
+ fprintf(stderr, "Invalid Name! Only a-z, A-Z, 0-9 and _ are allowed characters.\n");
+ return 1;
+ }
+
+ if(!confbase_given && mkdir(confdir, 0755) && errno != EEXIST) {
+ fprintf(stderr, "Could not create directory %s: %s\n", confdir, strerror(errno));
+ return 1;
+ }
+
+ if(mkdir(confbase, 0777) && errno != EEXIST) {
+ fprintf(stderr, "Could not create directory %s: %s\n", confbase, strerror(errno));
+ return 1;
+ }
+
+ if(mkdir(hosts_dir, 0777) && errno != EEXIST) {
+ fprintf(stderr, "Could not create directory %s: %s\n", hosts_dir, strerror(errno));
+ return 1;
+ }
+
+ FILE *f = fopen(tinc_conf, "w");
+ if(!f) {
+ fprintf(stderr, "Could not create file %s: %s\n", tinc_conf, strerror(errno));
+ return 1;
+ }
+
+ fprintf(f, "Name = %s\n", name);
+ fclose(f);
+
+#ifndef DISABLE_LEGACY
+ if(!rsa_keygen(2048, false))
+ return 1;
+#endif
+
+ if(!ed25519_keygen(false))
+ return 1;
+
+ check_port(name);
+
+#ifndef HAVE_MINGW
+ char filename[PATH_MAX];
+ snprintf(filename, sizeof filename, "%s" SLASH "tinc-up", confbase);
+ if(access(filename, F_OK)) {
+ FILE *f = fopenmask(filename, "w", 0777);
+ if(!f) {
+ fprintf(stderr, "Could not create file %s: %s\n", filename, strerror(errno));
+ return 1;
+ }
+ fprintf(f, "#!/bin/sh\n\necho 'Unconfigured tinc-up script, please edit '$0'!'\n\n#ifconfig $INTERFACE <your vpn IP address> netmask <netmask of whole VPN>\n");
+ fclose(f);
+ }
+#endif
+
+ return 0;
+
+}
+
+static int cmd_generate_keys(int argc, char *argv[]) {
+#ifdef DISABLE_LEGACY
+ if(argc > 1) {
+#else
+ if(argc > 2) {
+#endif
+ fprintf(stderr, "Too many arguments!\n");
+ return 1;
+ }
+
+ if(!name)
+ name = get_my_name(false);
+
+#ifndef DISABLE_LEGACY
+ if(!rsa_keygen(argc > 1 ? atoi(argv[1]) : 2048, true))
+ return 1;
+#endif
+
+ if(!ed25519_keygen(true))
+ return 1;
+
+ return 0;
+}
+
+#ifndef DISABLE_LEGACY
+static int cmd_generate_rsa_keys(int argc, char *argv[]) {
+ if(argc > 2) {
+ fprintf(stderr, "Too many arguments!\n");
+ return 1;
+ }
+
+ if(!name)
+ name = get_my_name(false);
+
+ return !rsa_keygen(argc > 1 ? atoi(argv[1]) : 2048, true);
+}
+#endif
+
+static int cmd_generate_ed25519_keys(int argc, char *argv[]) {
+ if(argc > 1) {
+ fprintf(stderr, "Too many arguments!\n");
+ return 1;
+ }
+
+ if(!name)
+ name = get_my_name(false);
+
+ return !ed25519_keygen(true);
+}
+
+static int cmd_help(int argc, char *argv[]) {
+ usage(false);
+ return 0;
+}
+
+static int cmd_version(int argc, char *argv[]) {
+ if(argc > 1) {
+ fprintf(stderr, "Too many arguments!\n");
+ return 1;
+ }
+
+ version();
+ return 0;
+}
+
+static int cmd_info(int argc, char *argv[]) {
+ if(argc != 2) {
+ fprintf(stderr, "Invalid number of arguments.\n");
+ return 1;
+ }
+
+ if(!connect_tincd(true))
+ return 1;
+
+ return info(fd, argv[1]);
+}
+
+static const char *conffiles[] = {
+ "tinc.conf",
+ "tinc-up",
+ "tinc-down",
+ "subnet-up",
+ "subnet-down",
+ "host-up",
+ "host-down",
+ NULL,
+};
+
+static int cmd_edit(int argc, char *argv[]) {
+ if(argc != 2) {
+ fprintf(stderr, "Invalid number of arguments.\n");
+ return 1;
+ }
+
+ char filename[PATH_MAX] = "";
+
+ if(strncmp(argv[1], "hosts" SLASH, 6)) {
+ for(int i = 0; conffiles[i]; i++) {
+ if(!strcmp(argv[1], conffiles[i])) {
+ snprintf(filename, sizeof filename, "%s" SLASH "%s", confbase, argv[1]);
+ break;
+ }
+ }
+ } else {
+ argv[1] += 6;
+ }
+
+ if(!*filename) {
+ snprintf(filename, sizeof filename, "%s" SLASH "%s", hosts_dir, argv[1]);
+ char *dash = strchr(argv[1], '-');
+ if(dash) {
+ *dash++ = 0;
+ if((strcmp(dash, "up") && strcmp(dash, "down")) || !check_id(argv[1])) {
+ fprintf(stderr, "Invalid configuration filename.\n");
+ return 1;
+ }
+ }
+ }
+
+ char *command;
+#ifndef HAVE_MINGW
+ xasprintf(&command, "\"%s\" \"%s\"", getenv("VISUAL") ?: getenv("EDITOR") ?: "vi", filename);
+#else
+ xasprintf(&command, "edit \"%s\"", filename);
+#endif
+ int result = system(command);
+ free(command);
+ if(result)
+ return result;
+
+ // Silently try notifying a running tincd of changes.
+ if(connect_tincd(false))
+ sendline(fd, "%d %d", CONTROL, REQ_RELOAD);
+
+ return 0;
+}
+
+static int export(const char *name, FILE *out) {
+ char filename[PATH_MAX];
+ snprintf(filename, sizeof filename, "%s" SLASH "%s", hosts_dir, name);
+ FILE *in = fopen(filename, "r");
+ if(!in) {
+ fprintf(stderr, "Could not open configuration file %s: %s\n", filename, strerror(errno));
+ return 1;
+ }
+
+ fprintf(out, "Name = %s\n", name);
+ char buf[4096];
+ while(fgets(buf, sizeof buf, in)) {
+ if(strcspn(buf, "\t =") != 4 || strncasecmp(buf, "Name", 4))
+ fputs(buf, out);
+ }
+
+ if(ferror(in)) {
+ fprintf(stderr, "Error while reading configuration file %s: %s\n", filename, strerror(errno));
+ fclose(in);
+ return 1;
+ }
+
+ fclose(in);
+ return 0;
+}
+
+static int cmd_export(int argc, char *argv[]) {
+ if(argc > 1) {
+ fprintf(stderr, "Too many arguments!\n");
+ return 1;
+ }
+
+ char *name = get_my_name(true);
+ if(!name)
+ return 1;
+
+ int result = export(name, stdout);
+ if(!tty)
+ fclose(stdout);
+
+ free(name);
+ return result;
+}
+
+static int cmd_export_all(int argc, char *argv[]) {
+ if(argc > 1) {
+ fprintf(stderr, "Too many arguments!\n");
+ return 1;
+ }
+
+ DIR *dir = opendir(hosts_dir);
+ if(!dir) {
+ fprintf(stderr, "Could not open host configuration directory %s: %s\n", hosts_dir, strerror(errno));
+ return 1;
+ }
+
+ bool first = true;
+ int result = 0;
+ struct dirent *ent;
+
+ while((ent = readdir(dir))) {
+ if(!check_id(ent->d_name))
+ continue;
+
+ if(first)
+ first = false;
+ else
+ printf("#---------------------------------------------------------------#\n");
+
+ result |= export(ent->d_name, stdout);
+ }
+
+ closedir(dir);
+ if(!tty)
+ fclose(stdout);
+ return result;
+}
+
+static int cmd_import(int argc, char *argv[]) {
+ if(argc > 1) {
+ fprintf(stderr, "Too many arguments!\n");
+ return 1;
+ }
+
+ FILE *in = stdin;
+ FILE *out = NULL;
+
+ char buf[4096];
+ char name[4096];
+ char filename[PATH_MAX] = "";
+ int count = 0;
+ bool firstline = true;
+
+ while(fgets(buf, sizeof buf, in)) {
+ if(sscanf(buf, "Name = %s", name) == 1) {
+ firstline = false;
+
+ if(!check_id(name)) {
+ fprintf(stderr, "Invalid Name in input!\n");
+ return 1;
+ }
+
+ if(out)
+ fclose(out);
+
+ snprintf(filename, sizeof filename, "%s" SLASH "%s", hosts_dir, name);
+
+ if(!force && !access(filename, F_OK)) {
+ fprintf(stderr, "Host configuration file %s already exists, skipping.\n", filename);
+ out = NULL;
+ continue;
+ }
+
+ out = fopen(filename, "w");
+ if(!out) {
+ fprintf(stderr, "Error creating configuration file %s: %s\n", filename, strerror(errno));
+ return 1;
+ }
+
+ count++;
+ continue;
+ } else if(firstline) {
+ fprintf(stderr, "Junk at the beginning of the input, ignoring.\n");
+ firstline = false;
+ }
+
+
+ if(!strcmp(buf, "#---------------------------------------------------------------#\n"))
+ continue;
+
+ if(out) {
+ if(fputs(buf, out) < 0) {
+ fprintf(stderr, "Error writing to host configuration file %s: %s\n", filename, strerror(errno));
+ return 1;
+ }
+ }
+ }
+
+ if(out)
+ fclose(out);
+
+ if(count) {
+ fprintf(stderr, "Imported %d host configuration files.\n", count);
+ return 0;
+ } else {
+ fprintf(stderr, "No host configuration files imported.\n");
+ return 1;
+ }
+}
+
+static int cmd_exchange(int argc, char *argv[]) {
+ return cmd_export(argc, argv) ?: cmd_import(argc, argv);
+}
+
+static int cmd_exchange_all(int argc, char *argv[]) {
+ return cmd_export_all(argc, argv) ?: cmd_import(argc, argv);
+}
+
+static int switch_network(char *name) {
+ if(strcmp(name, ".")) {
+ if(!check_netname(name, false)) {
+ fprintf(stderr, "Invalid character in netname!\n");
+ return 1;
+ }
+
+ if(!check_netname(name, true))
+ fprintf(stderr, "Warning: unsafe character in netname!\n");
+ }
+
+ if(fd >= 0) {
+ close(fd);
+ fd = -1;
+ }
+
+ free_names();
+ netname = strcmp(name, ".") ? xstrdup(name) : NULL;
+ make_names(false);
+
+ free(tinc_conf);
+ free(hosts_dir);
+ free(prompt);
+
+ xasprintf(&tinc_conf, "%s" SLASH "tinc.conf", confbase);
+ xasprintf(&hosts_dir, "%s" SLASH "hosts", confbase);
+ xasprintf(&prompt, "%s> ", identname);
+
+ return 0;
+}
+
+static int cmd_network(int argc, char *argv[]) {
+ if(argc > 2) {
+ fprintf(stderr, "Too many arguments!\n");
+ return 1;
+ }
+
+ if(argc == 2)
+ return switch_network(argv[1]);
+
+ DIR *dir = opendir(confdir);
+ if(!dir) {
+ fprintf(stderr, "Could not read directory %s: %s\n", confdir, strerror(errno));
+ return 1;
+ }
+
+ struct dirent *ent;
+ while((ent = readdir(dir))) {
+ if(*ent->d_name == '.')
+ continue;
+
+ if(!strcmp(ent->d_name, "tinc.conf")) {
+ printf(".\n");
+ continue;
+ }
+
+ char fname[PATH_MAX];
+ snprintf(fname, sizeof fname, "%s/%s/tinc.conf", confdir, ent->d_name);
+ if(!access(fname, R_OK))
+ printf("%s\n", ent->d_name);
+ }
+
+ closedir(dir);
+
+ return 0;
+}
+
+static int cmd_fsck(int argc, char *argv[]) {
+ if(argc > 1) {
+ fprintf(stderr, "Too many arguments!\n");
+ return 1;
+ }
+
+ return fsck(orig_argv[0]);
+}
+
+static void *readfile(FILE *in, size_t *len) {
+ size_t count = 0;
+ size_t alloced = 4096;
+ char *buf = xmalloc(alloced);
+
+ while(!feof(in)) {
+ size_t read = fread(buf + count, 1, alloced - count, in);
+ if(!read)
+ break;
+ count += read;
+ if(count >= alloced) {
+ alloced *= 2;
+ buf = xrealloc(buf, alloced);
+ }
+ }
+
+ if(len)
+ *len = count;
+
+ return buf;
+}
+
+static int cmd_sign(int argc, char *argv[]) {
+ if(argc > 2) {
+ fprintf(stderr, "Too many arguments!\n");
+ return 1;
+ }
+
+ if(!name) {
+ name = get_my_name(true);
+ if(!name)
+ return 1;
+ }
+
+ char fname[PATH_MAX];
+ snprintf(fname, sizeof fname, "%s" SLASH "ed25519_key.priv", confbase);
+ FILE *fp = fopen(fname, "r");
+ if(!fp) {
+ fprintf(stderr, "Could not open %s: %s\n", fname, strerror(errno));
+ return 1;
+ }
+
+ ecdsa_t *key = ecdsa_read_pem_private_key(fp);
+
+ if(!key) {
+ fprintf(stderr, "Could not read private key from %s\n", fname);
+ fclose(fp);
+ return 1;
+ }
+
+ fclose(fp);
+
+ FILE *in;
+
+ if(argc == 2) {
+ in = fopen(argv[1], "rb");
+ if(!in) {
+ fprintf(stderr, "Could not open %s: %s\n", argv[1], strerror(errno));
+ ecdsa_free(key);
+ return 1;
+ }
+ } else {
+ in = stdin;
+ }
+
+ size_t len;
+ char *data = readfile(in, &len);
+ if(in != stdin)
+ fclose(in);
+ if(!data) {
+ fprintf(stderr, "Error reading %s: %s\n", argv[1], strerror(errno));
+ ecdsa_free(key);
+ return 1;
+ }
+
+ // Ensure we sign our name and current time as well
+ long t = time(NULL);
+ char *trailer;
+ xasprintf(&trailer, " %s %ld", name, t);
+ int trailer_len = strlen(trailer);
+
+ data = xrealloc(data, len + trailer_len);
+ memcpy(data + len, trailer, trailer_len);
+ free(trailer);
+
+ char sig[87];
+ if(!ecdsa_sign(key, data, len + trailer_len, sig)) {
+ fprintf(stderr, "Error generating signature\n");
+ free(data);
+ ecdsa_free(key);
+ return 1;
+ }
+ b64encode(sig, sig, 64);
+ ecdsa_free(key);
+
+ fprintf(stdout, "Signature = %s %ld %s\n", name, t, sig);
+ fwrite(data, len, 1, stdout);
+
+ free(data);
+ return 0;
+}
+
+static int cmd_verify(int argc, char *argv[]) {
+ if(argc < 2) {
+ fprintf(stderr, "Not enough arguments!\n");
+ return 1;
+ }
+
+ if(argc > 3) {
+ fprintf(stderr, "Too many arguments!\n");
+ return 1;
+ }
+
+ char *node = argv[1];
+ if(!strcmp(node, ".")) {
+ if(!name) {
+ name = get_my_name(true);
+ if(!name)
+ return 1;