/*
tincctl.c -- Controlling a running tincd
- Copyright (C) 2007-2018 Guus Sliepen <guus@tinc-vpn.org>
+ Copyright (C) 2007-2021 Guus Sliepen <guus@tinc-vpn.org>
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
#include "tincctl.h"
#include "top.h"
#include "version.h"
+#include "subnet.h"
#ifndef MSG_NOSIGNAL
#define MSG_NOSIGNAL 0
static void version(void) {
printf("%s version %s (built %s %s, protocol %d.%d)\n", PACKAGE,
BUILD_VERSION, BUILD_DATE, BUILD_TIME, PROT_MAJOR, PROT_MINOR);
+ printf("Features:"
+#ifdef HAVE_READLINE
+ " readline"
+#endif
+#ifdef HAVE_CURSES
+ " curses"
+#endif
+#ifndef DISABLE_LEGACY
+ " legacy_protocol"
+#endif
+ "\n\n");
printf("Copyright (C) 1998-2018 Ivo Timmermans, Guus Sliepen and others.\n"
"See the AUTHORS file for a complete list.\n\n"
"tinc comes with ABSOLUTELY NO WARRANTY. This is free software,\n"
" reload Partially reload configuration of running tincd.\n"
" pid Show PID of currently running tincd.\n"
#ifdef DISABLE_LEGACY
- " generate-keys Generate a new Ed25519 public/private keypair.\n"
+ " generate-keys Generate a new Ed25519 public/private key pair.\n"
#else
- " generate-keys [bits] Generate new RSA and Ed25519 public/private keypairs.\n"
- " generate-rsa-keys [bits] Generate a new RSA public/private keypair.\n"
+ " generate-keys [bits] Generate new RSA and Ed25519 public/private key pairs.\n"
+ " generate-rsa-keys [bits] Generate a new RSA public/private key pair.\n"
#endif
- " generate-ed25519-keys Generate a new Ed25519 public/private keypair.\n"
+ " generate-ed25519-keys Generate a new Ed25519 public/private key pair.\n"
" dump Dump a list of one of the following things:\n"
" [reachable] nodes - all known nodes in the VPN\n"
" edges - all known connections in the VPN\n"
FILE *fopenmask(const char *filename, const char *mode, mode_t perms) {
mode_t mask = umask(0);
perms &= ~mask;
- umask(~perms);
+ umask(~perms & 0777);
FILE *f = fopen(filename, mode);
if(!f) {
bool disabled = false;
bool block = false;
bool error = false;
- FILE *r, *w;
- r = fopen(filename, "r");
+ FILE *r = fopen(filename, "r");
+ FILE *w = NULL;
if(!r) {
return;
}
- snprintf(tmpfile, sizeof(tmpfile), "%s.tmp", filename);
+ int result = snprintf(tmpfile, sizeof(tmpfile), "%s.tmp", filename);
- struct stat st = {.st_mode = 0600};
- fstat(fileno(r), &st);
- w = fopenmask(tmpfile, "w", st.st_mode);
+ if(result < sizeof(tmpfile)) {
+ struct stat st = {.st_mode = 0600};
+ fstat(fileno(r), &st);
+ w = fopenmask(tmpfile, "w", st.st_mode);
+ }
while(fgets(buf, sizeof(buf), r)) {
if(!block && !strncmp(buf, "-----BEGIN ", 11)) {
}
/*
- Generate a public/private Ed25519 keypair, and ask for a file to store
+ Generate a public/private Ed25519 key pair, and ask for a file to store
them in.
*/
static bool ed25519_keygen(bool ask) {
FILE *f;
char fname[PATH_MAX];
- fprintf(stderr, "Generating Ed25519 keypair:\n");
+ fprintf(stderr, "Generating Ed25519 key pair:\n");
if(!(key = ecdsa_generate())) {
fprintf(stderr, "Error during key generation!\n");
#ifndef DISABLE_LEGACY
/*
- Generate a public/private RSA keypair, and ask for a file to store
+ Generate a public/private RSA key pair, and ask for a file to store
them in.
*/
static bool rsa_keygen(int bits, bool ask) {
return false;
}
- struct sockaddr_un sa;
+ struct sockaddr_un sa = {
+ .sun_family = AF_UNIX,
+ };
- sa.sun_family = AF_UNIX;
+ if(strlen(unixsocketname) >= sizeof(sa.sun_path)) {
+ fprintf(stderr, "UNIX socket filename %s is too long!", unixsocketname);
+ return false;
+ }
strncpy(sa.sun_path, unixsocketname, sizeof(sa.sun_path));
- sa.sun_path[sizeof(sa.sun_path) - 1] = 0;
-
fd = socket(AF_UNIX, SOCK_STREAM, 0);
if(fd < 0) {
}
#ifdef HAVE_MINGW
- return remove_service();
+ return remove_service() ? EXIT_SUCCESS : EXIT_FAILURE;
#else
if(!stop_tincd()) {
found = true;
variable = (char *)variables[i].name;
+ if(!strcasecmp(variable, "Subnet")) {
+ subnet_t s = {0};
+
+ if(!str2net(&s, value)) {
+ fprintf(stderr, "Malformed subnet definition %s\n", value);
+ }
+
+ if(!subnetcheck(s)) {
+ fprintf(stderr, "Network address and prefix length do not match: %s\n", value);
+ return 1;
+ }
+ }
+
/* Discourage use of obsolete variables. */
if(variables[i].type & VAR_OBSOLETE && action >= 0) {
#endif
- srand(time(NULL));
+ gettimeofday(&now, NULL);
+ srand(now.tv_sec + now.tv_usec);
crypto_init();
if(optind >= argc) {