+ if(fd >= 0) {
+ close(fd);
+ fd = -1;
+ }
+
+ free_names();
+ netname = strcmp(name, ".") ? xstrdup(name) : NULL;
+ make_names(false);
+
+ free(tinc_conf);
+ free(hosts_dir);
+ free(prompt);
+
+ xasprintf(&tinc_conf, "%s" SLASH "tinc.conf", confbase);
+ xasprintf(&hosts_dir, "%s" SLASH "hosts", confbase);
+ xasprintf(&prompt, "%s> ", identname);
+
+ return 0;
+}
+
+static int cmd_network(int argc, char *argv[]) {
+ if(argc > 2) {
+ fprintf(stderr, "Too many arguments!\n");
+ return 1;
+ }
+
+ if(argc == 2) {
+ return switch_network(argv[1]);
+ }
+
+ DIR *dir = opendir(confdir);
+
+ if(!dir) {
+ fprintf(stderr, "Could not read directory %s: %s\n", confdir, strerror(errno));
+ return 1;
+ }
+
+ struct dirent *ent;
+
+ while((ent = readdir(dir))) {
+ if(*ent->d_name == '.') {
+ continue;
+ }
+
+ if(!strcmp(ent->d_name, "tinc.conf")) {
+ printf(".\n");
+ continue;
+ }
+
+ char fname[PATH_MAX];
+ snprintf(fname, sizeof(fname), "%s/%s/tinc.conf", confdir, ent->d_name);
+
+ if(!access(fname, R_OK)) {
+ printf("%s\n", ent->d_name);
+ }
+ }
+
+ closedir(dir);
+
+ return 0;
+}
+
+static int cmd_fsck(int argc, char *argv[]) {
+ if(argc > 1) {
+ fprintf(stderr, "Too many arguments!\n");
+ return 1;
+ }
+
+ return fsck(orig_argv[0]);
+}
+
+static void *readfile(FILE *in, size_t *len) {
+ size_t count = 0;
+ size_t alloced = 4096;
+ char *buf = xmalloc(alloced);
+
+ while(!feof(in)) {
+ size_t read = fread(buf + count, 1, alloced - count, in);
+
+ if(!read) {
+ break;
+ }
+
+ count += read;
+
+ if(count >= alloced) {
+ alloced *= 2;
+ buf = xrealloc(buf, alloced);
+ }
+ }
+
+ if(len) {
+ *len = count;
+ }
+
+ return buf;
+}
+
+static int cmd_sign(int argc, char *argv[]) {
+ if(argc > 2) {
+ fprintf(stderr, "Too many arguments!\n");
+ return 1;
+ }
+
+ if(!name) {
+ name = get_my_name(true);
+
+ if(!name) {
+ return 1;
+ }
+ }
+
+ char fname[PATH_MAX];
+ snprintf(fname, sizeof(fname), "%s" SLASH "ed25519_key.priv", confbase);
+ FILE *fp = fopen(fname, "r");
+
+ if(!fp) {
+ fprintf(stderr, "Could not open %s: %s\n", fname, strerror(errno));
+ return 1;
+ }
+
+ ecdsa_t *key = ecdsa_read_pem_private_key(fp);
+
+ if(!key) {
+ fprintf(stderr, "Could not read private key from %s\n", fname);
+ fclose(fp);
+ return 1;
+ }
+
+ fclose(fp);
+
+ FILE *in;
+
+ if(argc == 2) {
+ in = fopen(argv[1], "rb");
+
+ if(!in) {
+ fprintf(stderr, "Could not open %s: %s\n", argv[1], strerror(errno));
+ ecdsa_free(key);
+ return 1;
+ }
+ } else {
+ in = stdin;
+ }
+
+ size_t len;
+ char *data = readfile(in, &len);
+
+ if(in != stdin) {
+ fclose(in);
+ }
+
+ if(!data) {
+ fprintf(stderr, "Error reading %s: %s\n", argv[1], strerror(errno));
+ ecdsa_free(key);
+ return 1;
+ }
+
+ // Ensure we sign our name and current time as well
+ long t = time(NULL);
+ char *trailer;
+ xasprintf(&trailer, " %s %ld", name, t);
+ int trailer_len = strlen(trailer);
+
+ data = xrealloc(data, len + trailer_len);
+ memcpy(data + len, trailer, trailer_len);
+ free(trailer);
+
+ char sig[87];
+
+ if(!ecdsa_sign(key, data, len + trailer_len, sig)) {
+ fprintf(stderr, "Error generating signature\n");
+ free(data);
+ ecdsa_free(key);
+ return 1;
+ }
+
+ b64encode(sig, sig, 64);
+ ecdsa_free(key);
+
+ fprintf(stdout, "Signature = %s %ld %s\n", name, t, sig);
+ fwrite(data, len, 1, stdout);
+
+ free(data);
+ return 0;
+}
+
+static int cmd_verify(int argc, char *argv[]) {
+ if(argc < 2) {
+ fprintf(stderr, "Not enough arguments!\n");
+ return 1;
+ }
+
+ if(argc > 3) {
+ fprintf(stderr, "Too many arguments!\n");
+ return 1;
+ }
+
+ char *node = argv[1];
+
+ if(!strcmp(node, ".")) {
+ if(!name) {
+ name = get_my_name(true);
+
+ if(!name) {
+ return 1;
+ }
+ }
+
+ node = name;
+ } else if(!strcmp(node, "*")) {
+ node = NULL;
+ } else {
+ if(!check_id(node)) {
+ fprintf(stderr, "Invalid node name\n");
+ return 1;
+ }
+ }
+
+ FILE *in;
+
+ if(argc == 3) {
+ in = fopen(argv[2], "rb");
+
+ if(!in) {
+ fprintf(stderr, "Could not open %s: %s\n", argv[2], strerror(errno));
+ return 1;
+ }
+ } else {
+ in = stdin;
+ }
+
+ size_t len;
+ char *data = readfile(in, &len);
+
+ if(in != stdin) {
+ fclose(in);
+ }
+
+ if(!data) {
+ fprintf(stderr, "Error reading %s: %s\n", argv[1], strerror(errno));
+ return 1;
+ }
+
+ char *newline = memchr(data, '\n', len);
+
+ if(!newline || (newline - data > MAX_STRING_SIZE - 1)) {
+ fprintf(stderr, "Invalid input\n");
+ free(data);
+ return 1;
+ }
+
+ *newline++ = '\0';
+ size_t skip = newline - data;
+
+ char signer[MAX_STRING_SIZE] = "";
+ char sig[MAX_STRING_SIZE] = "";
+ long t = 0;
+
+ if(sscanf(data, "Signature = %s %ld %s", signer, &t, sig) != 3 || strlen(sig) != 86 || !t || !check_id(signer)) {
+ fprintf(stderr, "Invalid input\n");
+ free(data);
+ return 1;
+ }
+
+ if(node && strcmp(node, signer)) {
+ fprintf(stderr, "Signature is not made by %s\n", node);
+ free(data);
+ return 1;
+ }
+
+ if(!node) {
+ node = signer;
+ }
+
+ char *trailer;
+ xasprintf(&trailer, " %s %ld", signer, t);
+ int trailer_len = strlen(trailer);
+
+ data = xrealloc(data, len + trailer_len);
+ memcpy(data + len, trailer, trailer_len);
+ free(trailer);
+
+ newline = data + skip;
+
+ char fname[PATH_MAX];
+ snprintf(fname, sizeof(fname), "%s" SLASH "hosts" SLASH "%s", confbase, node);
+ FILE *fp = fopen(fname, "r");
+
+ if(!fp) {
+ fprintf(stderr, "Could not open %s: %s\n", fname, strerror(errno));
+ free(data);
+ return 1;
+ }
+
+ ecdsa_t *key = get_pubkey(fp);
+
+ if(!key) {
+ rewind(fp);
+ key = ecdsa_read_pem_public_key(fp);
+ }
+
+ if(!key) {
+ fprintf(stderr, "Could not read public key from %s\n", fname);
+ fclose(fp);
+ free(data);
+ return 1;
+ }
+
+ fclose(fp);
+
+ if(b64decode(sig, sig, 86) != 64 || !ecdsa_verify(key, newline, len + trailer_len - (newline - data), sig)) {
+ fprintf(stderr, "Invalid signature\n");
+ free(data);
+ ecdsa_free(key);
+ return 1;
+ }
+
+ ecdsa_free(key);
+
+ fwrite(newline, len - (newline - data), 1, stdout);
+
+ free(data);
+ return 0;
+}
+
+static const struct {
+ const char *command;
+ int (*function)(int argc, char *argv[]);
+ bool hidden;
+} commands[] = {
+ {"start", cmd_start},
+ {"stop", cmd_stop},
+ {"restart", cmd_restart},
+ {"reload", cmd_reload},
+ {"dump", cmd_dump},
+ {"list", cmd_dump},
+ {"purge", cmd_purge},
+ {"debug", cmd_debug},
+ {"retry", cmd_retry},
+ {"connect", cmd_connect},
+ {"disconnect", cmd_disconnect},
+ {"top", cmd_top},
+ {"pcap", cmd_pcap},
+ {"log", cmd_log},
+ {"pid", cmd_pid},
+ {"config", cmd_config, true},
+ {"add", cmd_config},
+ {"del", cmd_config},
+ {"get", cmd_config},
+ {"set", cmd_config},
+ {"init", cmd_init},
+ {"generate-keys", cmd_generate_keys},
+#ifndef DISABLE_LEGACY
+ {"generate-rsa-keys", cmd_generate_rsa_keys},
+#endif
+ {"generate-ed25519-keys", cmd_generate_ed25519_keys},
+ {"help", cmd_help},
+ {"version", cmd_version},
+ {"info", cmd_info},
+ {"edit", cmd_edit},
+ {"export", cmd_export},
+ {"export-all", cmd_export_all},
+ {"import", cmd_import},
+ {"exchange", cmd_exchange},
+ {"exchange-all", cmd_exchange_all},
+ {"invite", cmd_invite},
+ {"join", cmd_join},
+ {"network", cmd_network},
+ {"fsck", cmd_fsck},
+ {"sign", cmd_sign},
+ {"verify", cmd_verify},
+ {NULL, NULL},
+};
+
+#ifdef HAVE_READLINE
+static char *complete_command(const char *text, int state) {
+ static int i;
+
+ if(!state) {
+ i = 0;
+ } else {
+ i++;
+ }
+
+ while(commands[i].command) {
+ if(!commands[i].hidden && !strncasecmp(commands[i].command, text, strlen(text))) {
+ return xstrdup(commands[i].command);
+ }
+
+ i++;
+ }
+
+ return NULL;
+}
+
+static char *complete_dump(const char *text, int state) {
+ const char *matches[] = {"reachable", "nodes", "edges", "subnets", "connections", "graph", NULL};
+ static int i;
+
+ if(!state) {
+ i = 0;
+ } else {
+ i++;
+ }
+
+ while(matches[i]) {
+ if(!strncasecmp(matches[i], text, strlen(text))) {
+ return xstrdup(matches[i]);
+ }
+
+ i++;
+ }
+
+ return NULL;
+}
+
+static char *complete_config(const char *text, int state) {
+ static int i;
+
+ if(!state) {
+ i = 0;
+ } else {
+ i++;
+ }
+
+ while(variables[i].name) {
+ char *dot = strchr(text, '.');
+
+ if(dot) {
+ if((variables[i].type & VAR_HOST) && !strncasecmp(variables[i].name, dot + 1, strlen(dot + 1))) {
+ char *match;
+ xasprintf(&match, "%.*s.%s", (int)(dot - text), text, variables[i].name);
+ return match;
+ }
+ } else {
+ if(!strncasecmp(variables[i].name, text, strlen(text))) {
+ return xstrdup(variables[i].name);
+ }
+ }
+
+ i++;
+ }
+
+ return NULL;
+}
+
+static char *complete_info(const char *text, int state) {
+ static int i;
+
+ if(!state) {
+ i = 0;
+
+ if(!connect_tincd(false)) {
+ return NULL;
+ }
+
+ // Check the list of nodes
+ sendline(fd, "%d %d", CONTROL, REQ_DUMP_NODES);
+ sendline(fd, "%d %d", CONTROL, REQ_DUMP_SUBNETS);
+ }
+
+ while(recvline(fd, line, sizeof(line))) {
+ char item[4096];
+ int n = sscanf(line, "%d %d %4095s", &code, &req, item);
+
+ if(n == 2) {
+ i++;
+
+ if(i >= 2) {
+ break;
+ } else {
+ continue;
+ }
+ }
+
+ if(n != 3) {
+ fprintf(stderr, "Unable to parse dump from tincd, n = %d, i = %d.\n", n, i);
+ break;
+ }
+
+ if(!strncmp(item, text, strlen(text))) {
+ return xstrdup(strip_weight(item));
+ }
+ }
+
+ return NULL;
+}
+
+static char *complete_nothing(const char *text, int state) {
+ return NULL;
+}
+
+static char **completion(const char *text, int start, int end) {
+ char **matches = NULL;
+
+ if(!start) {
+ matches = rl_completion_matches(text, complete_command);
+ } else if(!strncasecmp(rl_line_buffer, "dump ", 5)) {
+ matches = rl_completion_matches(text, complete_dump);
+ } else if(!strncasecmp(rl_line_buffer, "add ", 4)) {
+ matches = rl_completion_matches(text, complete_config);
+ } else if(!strncasecmp(rl_line_buffer, "del ", 4)) {
+ matches = rl_completion_matches(text, complete_config);
+ } else if(!strncasecmp(rl_line_buffer, "get ", 4)) {
+ matches = rl_completion_matches(text, complete_config);
+ } else if(!strncasecmp(rl_line_buffer, "set ", 4)) {
+ matches = rl_completion_matches(text, complete_config);
+ } else if(!strncasecmp(rl_line_buffer, "info ", 5)) {
+ matches = rl_completion_matches(text, complete_info);
+ }
+
+ return matches;
+}
+#endif
+
+static int cmd_shell(int argc, char *argv[]) {
+ xasprintf(&prompt, "%s> ", identname);
+ int result = 0;
+ char buf[4096];
+ char *line = NULL;
+ int maxargs = argc + 16;
+ char **nargv = xmalloc(maxargs * sizeof(*nargv));
+
+ for(int i = 0; i < argc; i++) {
+ nargv[i] = argv[i];
+ }
+
+#ifdef HAVE_READLINE
+ rl_readline_name = "tinc";
+ rl_completion_entry_function = complete_nothing;
+ rl_attempted_completion_function = completion;
+ rl_filename_completion_desired = 0;
+ char *copy = NULL;
+#endif
+
+ while(true) {
+#ifdef HAVE_READLINE
+
+ if(tty) {
+ free(copy);
+ free(line);
+ rl_basic_word_break_characters = "\t\n ";
+ line = readline(prompt);
+
+ if(line) {
+ copy = xstrdup(line);
+ }
+ } else {
+ line = fgets(buf, sizeof(buf), stdin);
+ }
+
+#else
+
+ if(tty) {
+ fputs(prompt, stdout);
+ }
+
+ line = fgets(buf, sizeof(buf), stdin);
+#endif
+
+ if(!line) {
+ break;
+ }
+
+ /* Ignore comments */
+
+ if(*line == '#') {
+ continue;
+ }
+
+ /* Split */
+
+ int nargc = argc;
+ char *p = line + strspn(line, " \t\n");
+ char *next = strtok(p, " \t\n");
+
+ while(p && *p) {
+ if(nargc >= maxargs) {
+ maxargs *= 2;
+ nargv = xrealloc(nargv, maxargs * sizeof(*nargv));
+ }
+
+ nargv[nargc++] = p;
+ p = next;
+ next = strtok(NULL, " \t\n");
+ }
+
+ if(nargc == argc) {
+ continue;
+ }
+
+ if(!strcasecmp(nargv[argc], "exit") || !strcasecmp(nargv[argc], "quit")) {
+ free(nargv);
+ return result;
+ }
+
+ bool found = false;
+
+ for(int i = 0; commands[i].command; i++) {
+ if(!strcasecmp(nargv[argc], commands[i].command)) {
+ result |= commands[i].function(nargc - argc - 1, nargv + argc + 1);
+ found = true;
+ break;
+ }
+ }
+
+#ifdef HAVE_READLINE
+
+ if(tty && found) {
+ add_history(copy);
+ }
+
+#endif
+
+ if(!found) {
+ fprintf(stderr, "Unknown command `%s'.\n", nargv[argc]);
+ result |= 1;
+ }
+ }
+
+ free(nargv);
+
+ if(tty) {
+ printf("\n");
+ }
+
+ return result;
+}
+
+
+int main(int argc, char *argv[]) {
+ program_name = argv[0];
+ orig_argv = argv;
+ orig_argc = argc;
+ tty = isatty(0) && isatty(1);
+
+ if(!parse_options(argc, argv)) {
+ return 1;
+ }
+
+ make_names(false);
+ xasprintf(&tinc_conf, "%s" SLASH "tinc.conf", confbase);
+ xasprintf(&hosts_dir, "%s" SLASH "hosts", confbase);
+
+ if(show_version) {
+ version();
+ return 0;
+ }
+
+ if(show_help) {