X-Git-Url: https://tinc-vpn.org/git/browse?a=blobdiff_plain;f=src%2Ftincctl.c;h=16fa4b18bc4896cd00bba02f6db9f670d8bbbdf9;hb=8f2db4afddf109e59c7ec0cdb7ad79db75d698e5;hp=4c5102b2a5cb751e3329c918281ef74a7a47422d;hpb=b03bbaa38561e790873de3adabc3d4405be17fb8;p=tinc

diff --git a/src/tincctl.c b/src/tincctl.c
index 4c5102b2..16fa4b18 100644
--- a/src/tincctl.c
+++ b/src/tincctl.c
@@ -227,6 +227,16 @@ static void disable_old_keys(const char *filename, const char *what) {
 
 	w = fopen(tmpfile, "w");
 
+#ifdef HAVE_FCHMOD
+	/* Let the temporary file have the same permissions as the original. */
+
+	if(w) {
+		struct stat st = {.st_mode = 0600};
+		fstat(fileno(r), &st);
+		fchmod(fileno(w), st.st_mode);
+	}
+#endif
+
 	while(fgets(buf, sizeof buf, r)) {
 		if(!block && !strncmp(buf, "-----BEGIN ", 11)) {
 			if((strstr(buf, " EC ") && strstr(what, "ECDSA")) || (strstr(buf, " RSA ") && strstr(what, "RSA"))) {
@@ -324,8 +334,6 @@ static FILE *ask_and_open(const char *filename, const char *what, const char *mo
 		filename = buf2;
 	}
 
-	umask(0077); /* Disallow everything for group and other */
-
 	disable_old_keys(filename, what);
 
 	/* Open it first to keep the inode busy */
@@ -822,8 +830,16 @@ static int cmd_start(int argc, char *argv[]) {
 
 	free(nargv);
 
-	int status = -1;
-	if(waitpid(pid, &status, 0) != pid || !WIFEXITED(status) || WEXITSTATUS(status)) {
+	int status = -1, result;
+#ifdef SIGINT
+	signal(SIGINT, SIG_IGN);
+#endif
+	result = waitpid(pid, &status, 0);
+#ifdef SIGINT
+	signal(SIGINT, SIG_DFL);
+#endif
+
+	if(result != pid || !WIFEXITED(status) || WEXITSTATUS(status)) {
 		fprintf(stderr, "Error starting %s\n", c);
 		return 1;
 	}
@@ -1406,6 +1422,7 @@ static int cmd_config(int argc, char *argv[]) {
 
 	/* Some simple checks. */
 	bool found = false;
+	bool warnonremove = false;
 
 	for(int i = 0; variables[i].name; i++) {
 		if(strcasecmp(variables[i].name, variable))
@@ -1444,6 +1461,16 @@ static int cmd_config(int argc, char *argv[]) {
 				return 1;
 		}
 
+		/* Change "add" into "set" for variables that do not allow multiple occurences.
+		   Turn on warnings when it seems variables might be removed unintentionally. */
+
+		if(action == 1 && !(variables[i].type & VAR_MULTIPLE)) {
+			warnonremove = true;
+			action = 0;
+		} else if(action == 0 && (variables[i].type & VAR_MULTIPLE)) {
+			warnonremove = true;
+		}
+
 		break;
 	}
 
@@ -1526,9 +1553,14 @@ static int cmd_config(int argc, char *argv[]) {
 				}
 			// Set
 			} else if(action == 0) {
+				// Warn if "set" was used for variables that can occur multiple times
+				if(warnonremove && strcasecmp(bvalue, value))
+					fprintf(stderr, "Warning: removing %s = %s\n", variable, bvalue);
+
 				// Already set? Delete the rest...
 				if(set)
 					continue;
+
 				// Otherwise, replace.
 				if(fprintf(tf, "%s = %s\n", variable, value) < 0) {
 					fprintf(stderr, "Error writing to temporary file %s: %s\n", tmpfile, strerror(errno));
@@ -1625,6 +1657,35 @@ bool check_id(const char *name) {
 	return true;
 }
 
+static bool try_bind(int port) {
+	struct addrinfo *ai = NULL;
+	struct addrinfo hint = {
+		.ai_flags = AI_PASSIVE,
+		.ai_family = AF_UNSPEC,
+		.ai_socktype = SOCK_STREAM,
+		.ai_protocol = IPPROTO_TCP,
+	};
+
+	char portstr[16];
+	snprintf(portstr, sizeof portstr, "%d", port);
+
+	if(getaddrinfo(NULL, portstr, &hint, &ai) || !ai)
+		return false;
+
+	while(ai) {
+		int fd = socket(ai->ai_family, SOCK_STREAM, IPPROTO_TCP);
+		if(!fd)
+			return false;
+		int result = bind(fd, ai->ai_addr, ai->ai_addrlen);
+		closesocket(fd);
+		if(result)
+			return false;
+		ai = ai->ai_next;
+	}
+
+	return true;
+}
+
 static int cmd_init(int argc, char *argv[]) {
 	if(!access(tinc_conf, F_OK)) {
 		fprintf(stderr, "Configuration file %s already exists!\n", tinc_conf);
@@ -1693,6 +1754,35 @@ static int cmd_init(int argc, char *argv[]) {
 	if(!rsa_keygen(2048, false) || !ecdsa_keygen(false))
 		return 1;
 
+
+	if(!try_bind(655)) {
+		srand(time(NULL));
+		int port = 0;
+		for(int i = 0; i < 100; i++) {
+			port = 0x1000 + (rand() & 0x7fff);
+			if(try_bind(port))
+				break;
+			port = 0;
+		}
+		if(port) {
+			char *filename;
+			xasprintf(&filename, "%s" SLASH "hosts" SLASH "%s", confbase, name);
+			FILE *f = fopen(filename, "a");
+			free(filename);
+			if(!f) {
+				port = 0;
+			} else {
+				fprintf(f, "Port = %d\n", port);
+				fclose(f);
+			}
+		}
+
+		if(!port)
+			fprintf(stderr, "Warning: could not bind to port 655. Please change tinc's Port manually.\n");
+		else
+			fprintf(stderr, "Warning: could not bind to port 655. Tinc will instead listen on port %d.\n", port);
+	}
+
 #ifndef HAVE_MINGW
 	char *filename;
 	xasprintf(&filename, "%s" SLASH "tinc-up", confbase);
@@ -1702,7 +1792,9 @@ static int cmd_init(int argc, char *argv[]) {
 			fprintf(stderr, "Could not create file %s: %s\n", filename, strerror(errno));
 			return 1;
 		}
-		fchmod(fileno(f), 0755);
+		mode_t mask = umask(0);
+		umask(mask);
+		fchmod(fileno(f), 0755 & ~mask);
 		fprintf(f, "#!/bin/sh\n\necho 'Unconfigured tinc-up script, please edit!'\n\n#ifconfig $INTERFACE <your vpn IP address> netmask <netmask of whole VPN>\n");
 		fclose(f);
 	}