return true;
}
+static void disable_old_keys(const char *filename, const char *what) {
+ char tmpfile[PATH_MAX] = "";
+ char buf[1024];
+ bool disabled = false;
+ bool block = false;
+ bool error = false;
+ FILE *r, *w;
+
+ r = fopen(filename, "r");
+ if(!r)
+ return;
+
+ snprintf(tmpfile, sizeof tmpfile, "%s.tmp", filename);
+
+ w = fopen(tmpfile, "w");
+
+ while(fgets(buf, sizeof buf, r)) {
+ if(!block && !strncmp(buf, "-----BEGIN ", 11)) {
+ if((strstr(buf, " EC ") && strstr(what, "ECDSA")) || (strstr(buf, " RSA ") && strstr(what, "RSA"))) {
+ disabled = true;
+ block = true;
+ }
+ }
+
+ bool ecdsapubkey = !strncasecmp(buf, "ECDSAPublicKey", 14) && strchr(" \t=", buf[14]) && strstr(what, "ECDSA");
+
+ if(ecdsapubkey)
+ disabled = true;
+
+ if(w) {
+ if(block || ecdsapubkey)
+ fputc('#', w);
+ if(fputs(buf, w) < 0) {
+ error = true;
+ break;
+ }
+ }
+
+ if(block && !strncmp(buf, "-----END ", 9))
+ block = false;
+ }
+
+ if(w)
+ if(fclose(w) < 0)
+ error = true;
+ if(ferror(r) || fclose(r) < 0)
+ error = true;
+
+ if(disabled) {
+ if(!w || error) {
+ fprintf(stderr, "Warning: old key(s) found, remove them by hand!\n");
+ if(w)
+ unlink(tmpfile);
+ return;
+ }
+
+#ifdef HAVE_MINGW
+ // We cannot atomically replace files on Windows.
+ char bakfile[PATH_MAX] = "";
+ snprintf(bakfile, sizeof bakfile, "%s.bak", filename);
+ if(rename(filename, bakfile) || rename(tmpfile, filename)) {
+ rename(bakfile, filename);
+#else
+ if(rename(tmpfile, filename)) {
+#endif
+ fprintf(stderr, "Warning: old key(s) found, remove them by hand!\n");
+ } else {
+#ifdef HAVE_MINGW
+ unlink(bakfile);
+#endif
+ fprintf(stderr, "Warning: old key(s) found and disabled.\n");
+ }
+ }
+
+ unlink(tmpfile);
+}
+
static FILE *ask_and_open(const char *filename, const char *what, const char *mode, bool ask) {
FILE *r;
char *directory;
umask(0077); /* Disallow everything for group and other */
+ disable_old_keys(filename, what);
+
/* Open it first to keep the inode busy */
r = fopen(filename, mode);
fchmod(fileno(f), 0600);
#endif
- if(ftell(f))
- fprintf(stderr, "Appending key to existing contents.\nMake sure only one key is stored in the file.\n");
-
ecdsa_write_pem_private_key(&key, f);
fclose(f);
if(!f)
return false;
- if(ftell(f))
- fprintf(stderr, "Appending key to existing contents.\nMake sure only one key is stored in the file.\n");
-
char *pubkey = ecdsa_get_base64_public_key(&key);
fprintf(f, "ECDSAPublicKey = %s\n", pubkey);
free(pubkey);
fchmod(fileno(f), 0600);
#endif
- if(ftell(f))
- fprintf(stderr, "Appending key to existing contents.\nMake sure only one key is stored in the file.\n");
-
rsa_write_pem_private_key(&key, f);
fclose(f);
if(!f)
return false;
- if(ftell(f))
- fprintf(stderr, "Appending key to existing contents.\nMake sure only one key is stored in the file.\n");
-
rsa_write_pem_public_key(&key, f);
fclose(f);
#endif
static bool connect_tincd(bool verbose) {
- if(fd >= 0)
- return true;
+ if(fd >= 0) {
+ fd_set r;
+ FD_ZERO(&r);
+ FD_SET(fd, &r);
+ struct timeval tv = {0, 0};
+ if(select(fd + 1, &r, NULL, NULL, &tv)) {
+ fprintf(stderr, "Previous connection to tincd lost, reconnecting.\n");
+ close(fd);
+ fd = -1;
+ } else {
+ return true;
+ }
+ }
FILE *f = fopen(pidfilename, "r");
if(!f) {
if(connect(fd, res->ai_addr, res->ai_addrlen) < 0) {
if(verbose)
fprintf(stderr, "Cannot connect to %s port %s: %s\n", host, port, sockstrerror(sockerrno));
+ close(fd);
+ fd = -1;
return false;
}
if(!recvline(fd, line, sizeof line) || sscanf(line, "%d %s %d", &code, data, &version) != 3 || code != 0) {
if(verbose)
fprintf(stderr, "Cannot read greeting from control socket: %s\n", sockstrerror(sockerrno));
+ close(fd);
+ fd = -1;
return false;
}
if(!recvline(fd, line, sizeof line) || sscanf(line, "%d %d %d", &code, &version, &pid) != 3 || code != 4 || version != TINC_CTL_VERSION_CURRENT) {
if(verbose)
fprintf(stderr, "Could not fully establish control socket connection\n");
+ close(fd);
+ fd = -1;
return false;
}
c = "tincd";
int nargc = 0;
- char **nargv = xmalloc_and_zero((orig_argc + argc) * sizeof *nargv);
+ char **nargv = xmalloc_and_zero((optind + argc) * sizeof *nargv);
- for(int i = 0; i < orig_argc; i++)
+ nargv[nargc++] = c;
+ for(int i = 1; i < optind; i++)
nargv[nargc++] = orig_argv[i];
for(int i = 1; i < argc; i++)
nargv[nargc++] = argv[i];
#ifndef HAVE_MINGW
if(!connect_tincd(true)) {
if(pid) {
- if(kill(pid, SIGTERM))
+ if(kill(pid, SIGTERM)) {
+ fprintf(stderr, "Could not send TERM signal to process with PID %u: %s\n", pid, strerror(errno));
return 1;
+ }
+
fprintf(stderr, "Sent TERM signal to process with PID %u.\n", pid);
+ waitpid(pid, NULL, 0);
return 0;
}
fprintf(stderr, "Could not stop tinc daemon.\n");
return 1;
}
+
+ // Wait for tincd to close the connection...
+ fd_set r;
+ FD_ZERO(&r);
+ FD_SET(fd, &r);
+ select(fd + 1, &r, NULL, NULL, NULL);
#else
if(!remove_service())
return 1;
char *line = NULL;
int maxargs = argc + 16;
char **nargv = xmalloc(maxargs * sizeof *nargv);
- optind = argc;
for(int i = 0; i < argc; i++)
nargv[i] = argv[i];
projects / tinc / blobdiff