X-Git-Url: https://tinc-vpn.org/git/browse?a=blobdiff_plain;f=src%2Ftincctl.c;h=08f3018944b22587651c695131f31f9bfee8fcce;hb=refs%2Fheads%2F1.1;hp=5ae76d31524baadef5781ff21388caaf3c81769e;hpb=b9a7444b9fa216d16d91f34d2e12f51fc4d60e46;p=tinc diff --git a/src/tincctl.c b/src/tincctl.c index 5ae76d31..3af0f1f8 100644 --- a/src/tincctl.c +++ b/src/tincctl.c @@ -40,6 +40,11 @@ #include "version.h" #include "subnet.h" #include "keys.h" +#include "random.h" +#include "sandbox.h" +#include "pidfile.h" +#include "console.h" +#include "fs.h" #ifndef MSG_NOSIGNAL #define MSG_NOSIGNAL 0 @@ -75,21 +80,37 @@ char *scriptextension = defaultextension; static char *prompt; char *device = NULL; char *iface = NULL; -int debug_level = -1; +debug_t debug_level = -1; + +typedef enum option_t { + OPT_BAD_OPTION = '?', + OPT_LONG_OPTION = 0, + + // Short options + OPT_BATCH = 'b', + OPT_CONFIG_FILE = 'c', + OPT_NETNAME = 'n', + + // Long options + OPT_HELP = 255, + OPT_VERSION, + OPT_PIDFILE, + OPT_FORCE, +} option_t; static struct option const long_options[] = { - {"batch", no_argument, NULL, 'b'}, - {"config", required_argument, NULL, 'c'}, - {"net", required_argument, NULL, 'n'}, - {"help", no_argument, NULL, 1}, - {"version", no_argument, NULL, 2}, - {"pidfile", required_argument, NULL, 3}, - {"force", no_argument, NULL, 4}, - {NULL, 0, NULL, 0} + {"batch", no_argument, NULL, OPT_BATCH}, + {"config", required_argument, NULL, OPT_CONFIG_FILE}, + {"net", required_argument, NULL, OPT_NETNAME}, + {"help", no_argument, NULL, OPT_HELP}, + {"version", no_argument, NULL, OPT_VERSION}, + {"pidfile", required_argument, NULL, OPT_PIDFILE}, + {"force", no_argument, NULL, OPT_FORCE}, + {NULL, 0, NULL, 0}, }; static void version(void) { - static const char *message = + fprintf(stdout, "%s version %s (built %s %s, protocol %d.%d)\n" "Features:" #ifdef HAVE_READLINE @@ -100,6 +121,9 @@ static void version(void) { #endif #ifndef DISABLE_LEGACY " legacy_protocol" +#endif +#ifdef HAVE_SANDBOX + " sandbox" #endif "\n\n" "Copyright (C) 1998-2018 Ivo Timmermans, Guus Sliepen and others.\n" @@ -107,16 +131,15 @@ static void version(void) { "\n" "tinc comes with ABSOLUTELY NO WARRANTY. This is free software,\n" "and you are welcome to redistribute it under certain conditions;\n" - "see the file COPYING for details.\n"; - - printf(message, PACKAGE, BUILD_VERSION, BUILD_DATE, BUILD_TIME, PROT_MAJOR, PROT_MINOR); + "see the file COPYING for details.\n", + PACKAGE, BUILD_VERSION, BUILD_DATE, BUILD_TIME, PROT_MAJOR, PROT_MINOR); } static void usage(bool status) { if(status) { fprintf(stderr, "Try `%s --help\' for more information.\n", program_name); } else { - static const char *message = + fprintf(stdout, "Usage: %s [options] command\n" "\n" "Valid options are:\n" @@ -175,9 +198,8 @@ static void usage(bool status) { " sign [FILE] Generate a signed version of a file.\n" " verify NODE [FILE] Verify that a file was signed by the given NODE.\n" "\n" - "Report bugs to tinc@tinc-vpn.org.\n"; - - printf(message, program_name); + "Report bugs to tinc@tinc-vpn.org.\n", + program_name); } } @@ -186,47 +208,47 @@ static bool parse_options(int argc, char **argv) { int option_index = 0; while((r = getopt_long(argc, argv, "+bc:n:", long_options, &option_index)) != EOF) { - switch(r) { - case 0: /* long option */ + switch((option_t) r) { + case OPT_LONG_OPTION: break; - case 'b': + case OPT_BAD_OPTION: + usage(true); + free_names(); + return false; + + case OPT_BATCH: tty = false; break; - case 'c': /* config file */ + case OPT_CONFIG_FILE: free(confbase); confbase = xstrdup(optarg); confbasegiven = true; break; - case 'n': /* net name given */ + case OPT_NETNAME: free(netname); netname = xstrdup(optarg); break; - case 1: /* show help */ + case OPT_HELP: show_help = true; break; - case 2: /* show version */ + case OPT_VERSION: show_version = true; break; - case 3: /* open control socket here */ + case OPT_PIDFILE: free(pidfilename); pidfilename = xstrdup(optarg); break; - case 4: /* force */ + case OPT_FORCE: force = true; break; - case '?': /* wrong options */ - usage(true); - free_names(); - return false; - default: break; } @@ -473,6 +495,10 @@ bool recvline(int fd, char *line, size_t len) { } while(!(newline = memchr(buffer, '\n', blen))) { + if(!wait_socket_recv(fd)) { + return false; + } + ssize_t nrecv = recv(fd, buffer + blen, sizeof(buffer) - blen, 0); if(nrecv == -1 && sockerrno == EINTR) { @@ -610,8 +636,9 @@ static void pcap(int fd, FILE *out, uint32_t snaplen) { } } -static void logcontrol(int fd, FILE *out, int level) { - sendline(fd, "%d %d %d", CONTROL, REQ_LOG, level); +static void log_control(int fd, FILE *out, int level, bool use_color) { + sendline(fd, "%d %d %d %d", CONTROL, REQ_LOG, level, use_color); + char data[1024]; char line[32]; @@ -724,9 +751,9 @@ bool connect_tincd(bool verbose) { } } - FILE *f = fopen(pidfilename, "r"); + pidfile_t *pidfile = read_pidfile(); - if(!f) { + if(!pidfile) { if(verbose) { fprintf(stderr, "Could not open pid file %s: %s\n", pidfilename, strerror(errno)); } @@ -734,21 +761,11 @@ bool connect_tincd(bool verbose) { return false; } - char host[129]; - char port[129]; - - if(fscanf(f, "%20d %1024s %128s port %128s", &pid, controlcookie, host, port) != 4) { - if(verbose) { - fprintf(stderr, "Could not parse pid file %s\n", pidfilename); - } - - fclose(f); - return false; - } - - fclose(f); + pid = pidfile->pid; + strcpy(controlcookie, pidfile->cookie); #ifndef HAVE_WINDOWS + free(pidfile); if((pid == 0) || (kill(pid, 0) && (errno == ESRCH))) { fprintf(stderr, "Could not find tincd running at pid %d\n", pid); @@ -799,11 +816,12 @@ bool connect_tincd(bool verbose) { struct addrinfo *res = NULL; - if(getaddrinfo(host, port, &hints, &res) || !res) { + if(getaddrinfo(pidfile->host, pidfile->port, &hints, &res) || !res) { if(verbose) { - fprintf(stderr, "Cannot resolve %s port %s: %s\n", host, port, sockstrerror(sockerrno)); + fprintf(stderr, "Cannot resolve %s port %s: %s\n", pidfile->host, pidfile->port, sockstrerror(sockerrno)); } + free(pidfile); return false; } @@ -814,6 +832,7 @@ bool connect_tincd(bool verbose) { fprintf(stderr, "Cannot create TCP socket: %s\n", sockstrerror(sockerrno)); } + free(pidfile); return false; } @@ -827,14 +846,16 @@ bool connect_tincd(bool verbose) { if(connect(fd, res->ai_addr, res->ai_addrlen) < 0) { if(verbose) { - fprintf(stderr, "Cannot connect to %s port %s: %s\n", host, port, sockstrerror(sockerrno)); + fprintf(stderr, "Cannot connect to %s port %s: %s\n", pidfile->host, pidfile->port, sockstrerror(sockerrno)); } + free(pidfile); closesocket(fd); fd = -1; return false; } + free(pidfile); freeaddrinfo(res); #endif @@ -959,7 +980,7 @@ static int cmd_start(int argc, char *argv[]) { if(!pid) { close(pfd[0]); char buf[100]; - snprintf(buf, sizeof(buf), "%d", pfd[1]); + snprintf(buf, sizeof(buf), "%d %d", pfd[1], use_ansi_escapes(stderr)); setenv("TINC_UMBILICAL", buf, true); exit(execvp(c, nargv)); } else { @@ -1503,7 +1524,10 @@ static int cmd_pcap(int argc, char *argv[]) { static void sigint_handler(int sig) { (void)sig; - fprintf(stderr, "\n"); + if(write(2, "\n", 1) < 0) { + // nothing we can do + } + shutdown(fd, SHUT_RDWR); } #endif @@ -1522,7 +1546,8 @@ static int cmd_log(int argc, char *argv[]) { signal(SIGINT, sigint_handler); #endif - logcontrol(fd, stdout, argc > 1 ? atoi(argv[1]) : -1); + bool use_color = use_ansi_escapes(stdout); + log_control(fd, stdout, argc > 1 ? atoi(argv[1]) : DEBUG_UNSET, use_color); #ifdef SIGINT signal(SIGINT, SIG_DFL); @@ -1608,7 +1633,8 @@ char *get_my_name(bool verbose) { return NULL; } -ecdsa_t *get_pubkey(FILE *f) { +static ecdsa_t *get_pubkey(FILE *f) ATTR_MALLOC ATTR_DEALLOCATOR(ecdsa_free); +static ecdsa_t *get_pubkey(FILE *f) { char buf[4096]; char *value; @@ -1681,6 +1707,7 @@ const var_t variables[] = { {"ProcessPriority", VAR_SERVER}, {"Proxy", VAR_SERVER}, {"ReplayWindow", VAR_SERVER | VAR_SAFE}, + {"Sandbox", VAR_SERVER}, {"ScriptsExtension", VAR_SERVER}, {"ScriptsInterpreter", VAR_SERVER}, {"StrictSubnets", VAR_SERVER | VAR_SAFE}, @@ -1719,6 +1746,20 @@ const var_t variables[] = { {NULL, 0} }; +// Request actual port from tincd +static bool read_actual_port(void) { + pidfile_t *pidfile = read_pidfile(); + + if(pidfile) { + printf("%s\n", pidfile->port); + free(pidfile); + return true; + } else { + fprintf(stderr, "Could not get port from the pidfile.\n"); + return false; + } +} + static int cmd_config(int argc, char *argv[]) { if(argc < 2) { fprintf(stderr, "Invalid number of arguments.\n"); @@ -1729,16 +1770,17 @@ static int cmd_config(int argc, char *argv[]) { argv--, argc++; } - int action = -2; + typedef enum { GET, DEL, SET, ADD } action_t; + action_t action = GET; if(!strcasecmp(argv[1], "get")) { argv++, argc--; } else if(!strcasecmp(argv[1], "add")) { - argv++, argc--, action = 1; + argv++, argc--, action = ADD; } else if(!strcasecmp(argv[1], "del")) { - argv++, argc--, action = -1; + argv++, argc--, action = DEL; } else if(!strcasecmp(argv[1], "replace") || !strcasecmp(argv[1], "set") || !strcasecmp(argv[1], "change")) { - argv++, argc--, action = 0; + argv++, argc--, action = SET; } if(argc < 2) { @@ -1784,13 +1826,18 @@ static int cmd_config(int argc, char *argv[]) { return 1; } - if(action >= 0 && !*value) { + if((action == SET || action == ADD) && !*value) { fprintf(stderr, "No value for variable given.\n"); return 1; } - if(action < -1 && *value) { - action = 0; + if(action == GET && *value) { + action = SET; + } + + // If port is requested, try reading it from the pidfile and fall back to configs if that fails + if(action == GET && !strcasecmp(variable, "Port") && read_actual_port()) { + return 0; } /* Some simple checks. */ @@ -1821,7 +1868,7 @@ static int cmd_config(int argc, char *argv[]) { /* Discourage use of obsolete variables. */ - if(variables[i].type & VAR_OBSOLETE && action >= 0) { + if(variables[i].type & VAR_OBSOLETE && (action == SET || action == ADD)) { if(force) { fprintf(stderr, "Warning: %s is an obsolete variable!\n", variable); } else { @@ -1832,7 +1879,7 @@ static int cmd_config(int argc, char *argv[]) { /* Don't put server variables in host config files */ - if(node && !(variables[i].type & VAR_HOST) && action >= 0) { + if(node && !(variables[i].type & VAR_HOST) && (action == SET || action == ADD)) { if(force) { fprintf(stderr, "Warning: %s is not a host configuration variable!\n", variable); } else { @@ -1854,10 +1901,10 @@ static int cmd_config(int argc, char *argv[]) { /* Change "add" into "set" for variables that do not allow multiple occurrences. Turn on warnings when it seems variables might be removed unintentionally. */ - if(action == 1 && !(variables[i].type & VAR_MULTIPLE)) { + if(action == ADD && !(variables[i].type & VAR_MULTIPLE)) { warnonremove = true; - action = 0; - } else if(action == 0 && (variables[i].type & VAR_MULTIPLE)) { + action = SET; + } else if(action == SET && (variables[i].type & VAR_MULTIPLE)) { warnonremove = true; } @@ -1875,7 +1922,7 @@ static int cmd_config(int argc, char *argv[]) { } if(!found) { - if(force || action < 0) { + if(force || action == GET || action == DEL) { fprintf(stderr, "Warning: %s is not a known configuration variable!\n", variable); } else { fprintf(stderr, "%s: is not a known configuration variable! Use --force to use it anyway.\n", variable); @@ -1892,16 +1939,18 @@ static int cmd_config(int argc, char *argv[]) { char filename[PATH_MAX]; if(node) { - if((size_t)snprintf(filename, sizeof(filename), "%s" SLASH "%s", hosts_dir, node) >= sizeof(filename)) { - fprintf(stderr, "Filename too long: %s" SLASH "%s\n", hosts_dir, node); - free(node); - return 1; - } + size_t wrote = (size_t)snprintf(filename, sizeof(filename), "%s" SLASH "%s", hosts_dir, node); if(node != line) { free(node); node = NULL; } + + if(wrote >= sizeof(filename)) { + fprintf(stderr, "Filename too long: %s" SLASH "%s\n", hosts_dir, node); + return 1; + } + } else { snprintf(filename, sizeof(filename), "%s", tinc_conf); } @@ -1916,7 +1965,7 @@ static int cmd_config(int argc, char *argv[]) { char tmpfile[PATH_MAX]; FILE *tf = NULL; - if(action >= -1) { + if(action != GET) { if((size_t)snprintf(tmpfile, sizeof(tmpfile), "%s.config.tmp", filename) >= sizeof(tmpfile)) { fprintf(stderr, "Filename too long: %s.config.tmp\n", filename); return 1; @@ -1959,19 +2008,15 @@ static int cmd_config(int argc, char *argv[]) { // Did it match? if(!strcasecmp(buf2, variable)) { - // Get - if(action < -1) { + if(action == GET) { found = true; printf("%s\n", bvalue); - // Del - } else if(action == -1) { + } else if(action == DEL) { if(!*value || !strcasecmp(bvalue, value)) { removed = true; continue; } - - // Set - } else if(action == 0) { + } else if(action == SET) { // Warn if "set" was used for variables that can occur multiple times if(warnonremove && strcasecmp(bvalue, value)) { fprintf(stderr, "Warning: removing %s = %s\n", variable, bvalue); @@ -1990,8 +2035,7 @@ static int cmd_config(int argc, char *argv[]) { set = true; continue; - // Add - } else if(action > 0) { + } else if(action == ADD) { // Check if we've already seen this variable with the same value if(!strcasecmp(bvalue, value)) { found = true; @@ -1999,7 +2043,7 @@ static int cmd_config(int argc, char *argv[]) { } } - if(action >= -1) { + if(action != GET) { // Copy original line... if(fputs(buf1, tf) < 0) { fprintf(stderr, "Error writing to temporary file %s: %s\n", tmpfile, strerror(errno)); @@ -2028,14 +2072,14 @@ static int cmd_config(int argc, char *argv[]) { } // Add new variable if necessary. - if((action > 0 && !found) || (action == 0 && !set)) { + if((action == ADD && !found) || (action == SET && !set)) { if(fprintf(tf, "%s = %s\n", variable, value) < 0) { fprintf(stderr, "Error writing to temporary file %s: %s\n", tmpfile, strerror(errno)); return 1; } } - if(action < -1) { + if(action == GET) { if(found) { return 0; } else { @@ -2051,7 +2095,7 @@ static int cmd_config(int argc, char *argv[]) { } // Could we find what we had to remove? - if(action < 0 && !removed) { + if((action == GET || action == DEL) && !removed) { remove(tmpfile); fprintf(stderr, "No configuration variables deleted.\n"); return 1; @@ -2195,19 +2239,8 @@ static int cmd_init(int argc, char *argv[]) { return 1; } - if(!confbase_given && mkdir(confdir, 0755) && errno != EEXIST) { - fprintf(stderr, "Could not create directory %s: %s\n", confdir, strerror(errno)); - return 1; - } - - if(mkdir(confbase, 0777) && errno != EEXIST) { - fprintf(stderr, "Could not create directory %s: %s\n", confbase, strerror(errno)); - return 1; - } - - if(mkdir(hosts_dir, 0777) && errno != EEXIST) { - fprintf(stderr, "Could not create directory %s: %s\n", hosts_dir, strerror(errno)); - return 1; + if(!makedirs(DIR_HOSTS | DIR_CONFBASE | DIR_CONFDIR | DIR_CACHE)) { + return false; } FILE *f = fopen(tinc_conf, "w"); @@ -2506,7 +2539,7 @@ static int cmd_export_all(int argc, char *argv[]) { if(first) { first = false; } else { - printf("#---------------------------------------------------------------#\n"); + printf("\n#---------------------------------------------------------------#\n"); } result |= export(ent->d_name, stdout); @@ -3266,6 +3299,22 @@ static void cleanup(void) { free_names(); } +static int run_command(int argc, char *argv[]) { + if(optind >= argc) { + return cmd_shell(argc, argv); + } + + for(int i = 0; commands[i].command; i++) { + if(!strcasecmp(argv[optind], commands[i].command)) { + return commands[i].function(argc - optind, argv + optind); + } + } + + fprintf(stderr, "Unknown command `%s'.\n", argv[optind]); + usage(true); + return 1; +} + int main(int argc, char *argv[]) { program_name = argv[0]; orig_argv = argv; @@ -3301,20 +3350,16 @@ int main(int argc, char *argv[]) { #endif gettimeofday(&now, NULL); + random_init(); crypto_init(); prng_init(); - if(optind >= argc) { - return cmd_shell(argc, argv); - } + sandbox_set_level(SANDBOX_NORMAL); + sandbox_enter(); - for(int i = 0; commands[i].command; i++) { - if(!strcasecmp(argv[optind], commands[i].command)) { - return commands[i].function(argc - optind, argv + optind); - } - } + int result = run_command(argc, argv); - fprintf(stderr, "Unknown command `%s'.\n", argv[optind]); - usage(true); - return 1; + random_exit(); + + return result; }