X-Git-Url: https://tinc-vpn.org/git/browse?a=blobdiff_plain;f=src%2Ftincctl.c;h=3b7efd4e39d7d77f8c5de025b4bc3892a0faaf32;hb=4c6a9a9611442f958c3049a566ac4369653978e9;hp=9be7d873e194c88ff601b3f93639006764936d05;hpb=421aa3815645b2835c89799e4db91cf35466542b;p=tinc diff --git a/src/tincctl.c b/src/tincctl.c index 9be7d873..3b7efd4e 100644 --- a/src/tincctl.c +++ b/src/tincctl.c @@ -41,6 +41,10 @@ #include "subnet.h" #include "keys.h" #include "random.h" +#include "sandbox.h" +#include "pidfile.h" +#include "console.h" +#include "fs.h" #ifndef MSG_NOSIGNAL #define MSG_NOSIGNAL 0 @@ -78,19 +82,35 @@ char *device = NULL; char *iface = NULL; int debug_level = -1; +typedef enum option_t { + OPT_BAD_OPTION = '?', + OPT_LONG_OPTION = 0, + + // Short options + OPT_BATCH = 'b', + OPT_CONFIG_FILE = 'c', + OPT_NETNAME = 'n', + + // Long options + OPT_HELP = 255, + OPT_VERSION, + OPT_PIDFILE, + OPT_FORCE, +} option_t; + static struct option const long_options[] = { - {"batch", no_argument, NULL, 'b'}, - {"config", required_argument, NULL, 'c'}, - {"net", required_argument, NULL, 'n'}, - {"help", no_argument, NULL, 1}, - {"version", no_argument, NULL, 2}, - {"pidfile", required_argument, NULL, 3}, - {"force", no_argument, NULL, 4}, - {NULL, 0, NULL, 0} + {"batch", no_argument, NULL, OPT_BATCH}, + {"config", required_argument, NULL, OPT_CONFIG_FILE}, + {"net", required_argument, NULL, OPT_NETNAME}, + {"help", no_argument, NULL, OPT_HELP}, + {"version", no_argument, NULL, OPT_VERSION}, + {"pidfile", required_argument, NULL, OPT_PIDFILE}, + {"force", no_argument, NULL, OPT_FORCE}, + {NULL, 0, NULL, 0}, }; static void version(void) { - static const char *message = + fprintf(stdout, "%s version %s (built %s %s, protocol %d.%d)\n" "Features:" #ifdef HAVE_READLINE @@ -101,6 +121,9 @@ static void version(void) { #endif #ifndef DISABLE_LEGACY " legacy_protocol" +#endif +#ifdef HAVE_SANDBOX + " sandbox" #endif "\n\n" "Copyright (C) 1998-2018 Ivo Timmermans, Guus Sliepen and others.\n" @@ -108,16 +131,15 @@ static void version(void) { "\n" "tinc comes with ABSOLUTELY NO WARRANTY. This is free software,\n" "and you are welcome to redistribute it under certain conditions;\n" - "see the file COPYING for details.\n"; - - printf(message, PACKAGE, BUILD_VERSION, BUILD_DATE, BUILD_TIME, PROT_MAJOR, PROT_MINOR); + "see the file COPYING for details.\n", + PACKAGE, BUILD_VERSION, BUILD_DATE, BUILD_TIME, PROT_MAJOR, PROT_MINOR); } static void usage(bool status) { if(status) { fprintf(stderr, "Try `%s --help\' for more information.\n", program_name); } else { - static const char *message = + fprintf(stdout, "Usage: %s [options] command\n" "\n" "Valid options are:\n" @@ -176,9 +198,8 @@ static void usage(bool status) { " sign [FILE] Generate a signed version of a file.\n" " verify NODE [FILE] Verify that a file was signed by the given NODE.\n" "\n" - "Report bugs to tinc@tinc-vpn.org.\n"; - - printf(message, program_name); + "Report bugs to tinc@tinc-vpn.org.\n", + program_name); } } @@ -187,47 +208,47 @@ static bool parse_options(int argc, char **argv) { int option_index = 0; while((r = getopt_long(argc, argv, "+bc:n:", long_options, &option_index)) != EOF) { - switch(r) { - case 0: /* long option */ + switch((option_t) r) { + case OPT_LONG_OPTION: break; - case 'b': + case OPT_BAD_OPTION: + usage(true); + free_names(); + return false; + + case OPT_BATCH: tty = false; break; - case 'c': /* config file */ + case OPT_CONFIG_FILE: free(confbase); confbase = xstrdup(optarg); confbasegiven = true; break; - case 'n': /* net name given */ + case OPT_NETNAME: free(netname); netname = xstrdup(optarg); break; - case 1: /* show help */ + case OPT_HELP: show_help = true; break; - case 2: /* show version */ + case OPT_VERSION: show_version = true; break; - case 3: /* open control socket here */ + case OPT_PIDFILE: free(pidfilename); pidfilename = xstrdup(optarg); break; - case 4: /* force */ + case OPT_FORCE: force = true; break; - case '?': /* wrong options */ - usage(true); - free_names(); - return false; - default: break; } @@ -474,6 +495,10 @@ bool recvline(int fd, char *line, size_t len) { } while(!(newline = memchr(buffer, '\n', blen))) { + if(!wait_socket_recv(fd)) { + return false; + } + ssize_t nrecv = recv(fd, buffer + blen, sizeof(buffer) - blen, 0); if(nrecv == -1 && sockerrno == EINTR) { @@ -611,8 +636,9 @@ static void pcap(int fd, FILE *out, uint32_t snaplen) { } } -static void logcontrol(int fd, FILE *out, int level) { - sendline(fd, "%d %d %d", CONTROL, REQ_LOG, level); +static void log_control(int fd, FILE *out, int level, bool use_color) { + sendline(fd, "%d %d %d %d", CONTROL, REQ_LOG, level, use_color); + char data[1024]; char line[32]; @@ -725,9 +751,9 @@ bool connect_tincd(bool verbose) { } } - FILE *f = fopen(pidfilename, "r"); + pidfile_t *pidfile = read_pidfile(); - if(!f) { + if(!pidfile) { if(verbose) { fprintf(stderr, "Could not open pid file %s: %s\n", pidfilename, strerror(errno)); } @@ -735,21 +761,11 @@ bool connect_tincd(bool verbose) { return false; } - char host[129]; - char port[129]; - - if(fscanf(f, "%20d %1024s %128s port %128s", &pid, controlcookie, host, port) != 4) { - if(verbose) { - fprintf(stderr, "Could not parse pid file %s\n", pidfilename); - } - - fclose(f); - return false; - } - - fclose(f); + pid = pidfile->pid; + strcpy(controlcookie, pidfile->cookie); #ifndef HAVE_WINDOWS + free(pidfile); if((pid == 0) || (kill(pid, 0) && (errno == ESRCH))) { fprintf(stderr, "Could not find tincd running at pid %d\n", pid); @@ -800,11 +816,12 @@ bool connect_tincd(bool verbose) { struct addrinfo *res = NULL; - if(getaddrinfo(host, port, &hints, &res) || !res) { + if(getaddrinfo(pidfile->host, pidfile->port, &hints, &res) || !res) { if(verbose) { - fprintf(stderr, "Cannot resolve %s port %s: %s\n", host, port, sockstrerror(sockerrno)); + fprintf(stderr, "Cannot resolve %s port %s: %s\n", pidfile->host, pidfile->port, sockstrerror(sockerrno)); } + free(pidfile); return false; } @@ -815,6 +832,7 @@ bool connect_tincd(bool verbose) { fprintf(stderr, "Cannot create TCP socket: %s\n", sockstrerror(sockerrno)); } + free(pidfile); return false; } @@ -828,14 +846,16 @@ bool connect_tincd(bool verbose) { if(connect(fd, res->ai_addr, res->ai_addrlen) < 0) { if(verbose) { - fprintf(stderr, "Cannot connect to %s port %s: %s\n", host, port, sockstrerror(sockerrno)); + fprintf(stderr, "Cannot connect to %s port %s: %s\n", pidfile->host, pidfile->port, sockstrerror(sockerrno)); } + free(pidfile); closesocket(fd); fd = -1; return false; } + free(pidfile); freeaddrinfo(res); #endif @@ -960,7 +980,7 @@ static int cmd_start(int argc, char *argv[]) { if(!pid) { close(pfd[0]); char buf[100]; - snprintf(buf, sizeof(buf), "%d", pfd[1]); + snprintf(buf, sizeof(buf), "%d %d", pfd[1], use_ansi_escapes(stderr)); setenv("TINC_UMBILICAL", buf, true); exit(execvp(c, nargv)); } else { @@ -1504,7 +1524,10 @@ static int cmd_pcap(int argc, char *argv[]) { static void sigint_handler(int sig) { (void)sig; - fprintf(stderr, "\n"); + if(write(2, "\n", 1) < 0) { + // nothing we can do + } + shutdown(fd, SHUT_RDWR); } #endif @@ -1523,7 +1546,8 @@ static int cmd_log(int argc, char *argv[]) { signal(SIGINT, sigint_handler); #endif - logcontrol(fd, stdout, argc > 1 ? atoi(argv[1]) : -1); + bool use_color = use_ansi_escapes(stdout); + log_control(fd, stdout, argc > 1 ? atoi(argv[1]) : DEBUG_UNSET, use_color); #ifdef SIGINT signal(SIGINT, SIG_DFL); @@ -1609,7 +1633,8 @@ char *get_my_name(bool verbose) { return NULL; } -ecdsa_t *get_pubkey(FILE *f) { +static ecdsa_t *get_pubkey(FILE *f) ATTR_MALLOC ATTR_DEALLOCATOR(ecdsa_free); +static ecdsa_t *get_pubkey(FILE *f) { char buf[4096]; char *value; @@ -1682,6 +1707,7 @@ const var_t variables[] = { {"ProcessPriority", VAR_SERVER}, {"Proxy", VAR_SERVER}, {"ReplayWindow", VAR_SERVER | VAR_SAFE}, + {"Sandbox", VAR_SERVER}, {"ScriptsExtension", VAR_SERVER}, {"ScriptsInterpreter", VAR_SERVER}, {"StrictSubnets", VAR_SERVER | VAR_SAFE}, @@ -1720,6 +1746,20 @@ const var_t variables[] = { {NULL, 0} }; +// Request actual port from tincd +static bool read_actual_port(void) { + pidfile_t *pidfile = read_pidfile(); + + if(pidfile) { + printf("%s\n", pidfile->port); + free(pidfile); + return true; + } else { + fprintf(stderr, "Could not get port from the pidfile.\n"); + return false; + } +} + static int cmd_config(int argc, char *argv[]) { if(argc < 2) { fprintf(stderr, "Invalid number of arguments.\n"); @@ -1795,6 +1835,11 @@ static int cmd_config(int argc, char *argv[]) { action = SET; } + // If port is requested, try reading it from the pidfile and fall back to configs if that fails + if(action == GET && !strcasecmp(variable, "Port") && read_actual_port()) { + return 0; + } + /* Some simple checks. */ bool found = false; bool warnonremove = false; @@ -1894,16 +1939,18 @@ static int cmd_config(int argc, char *argv[]) { char filename[PATH_MAX]; if(node) { - if((size_t)snprintf(filename, sizeof(filename), "%s" SLASH "%s", hosts_dir, node) >= sizeof(filename)) { - fprintf(stderr, "Filename too long: %s" SLASH "%s\n", hosts_dir, node); - free(node); - return 1; - } + size_t wrote = (size_t)snprintf(filename, sizeof(filename), "%s" SLASH "%s", hosts_dir, node); if(node != line) { free(node); node = NULL; } + + if(wrote >= sizeof(filename)) { + fprintf(stderr, "Filename too long: %s" SLASH "%s\n", hosts_dir, node); + return 1; + } + } else { snprintf(filename, sizeof(filename), "%s", tinc_conf); } @@ -2192,19 +2239,8 @@ static int cmd_init(int argc, char *argv[]) { return 1; } - if(!confbase_given && mkdir(confdir, 0755) && errno != EEXIST) { - fprintf(stderr, "Could not create directory %s: %s\n", confdir, strerror(errno)); - return 1; - } - - if(mkdir(confbase, 0777) && errno != EEXIST) { - fprintf(stderr, "Could not create directory %s: %s\n", confbase, strerror(errno)); - return 1; - } - - if(mkdir(hosts_dir, 0777) && errno != EEXIST) { - fprintf(stderr, "Could not create directory %s: %s\n", hosts_dir, strerror(errno)); - return 1; + if(!makedirs(DIR_HOSTS | DIR_CONFBASE | DIR_CONFDIR | DIR_CACHE)) { + return false; } FILE *f = fopen(tinc_conf, "w"); @@ -2503,7 +2539,7 @@ static int cmd_export_all(int argc, char *argv[]) { if(first) { first = false; } else { - printf("#---------------------------------------------------------------#\n"); + printf("\n#---------------------------------------------------------------#\n"); } result |= export(ent->d_name, stdout); @@ -3318,6 +3354,9 @@ int main(int argc, char *argv[]) { crypto_init(); prng_init(); + sandbox_set_level(SANDBOX_NORMAL); + sandbox_enter(); + int result = run_command(argc, argv); random_exit();