X-Git-Url: https://tinc-vpn.org/git/browse?a=blobdiff_plain;f=src%2Ftincctl.c;h=567e1c3decdd85c924c9351ecfc5d2bd127fa9af;hb=76165488f8201a59e649b4eec02ee31398b3fb92;hp=39f89426e69d42396636bc03a3dd858b0ef6d38c;hpb=d82fcc88f355e3c8144478a860dfae0b299004a9;p=tinc diff --git a/src/tincctl.c b/src/tincctl.c index 39f89426..567e1c3d 100644 --- a/src/tincctl.c +++ b/src/tincctl.c @@ -319,7 +319,7 @@ static void make_names(void) { #endif if(!controlsocketname) - asprintf(&controlsocketname, LOCALSTATEDIR "/run/%s.control", identname); + asprintf(&controlsocketname, "%s/run/%s.control/socket", LOCALSTATEDIR, identname); if(netname) { if(!confbase) @@ -335,13 +335,13 @@ static void make_names(void) { static int fullread(int fd, void *data, size_t datalen) { int rv, len = 0; - while (len < datalen) { + while(len < datalen) { rv = read(fd, data + len, datalen - len); if(rv == -1 && errno == EINTR) continue; - else if (rv == -1) + else if(rv == -1) return rv; - else if (rv == 0) { + else if(rv == 0) { errno = ENODATA; return -1; } @@ -386,7 +386,7 @@ static int send_ctl_request(int fd, enum request_type type, } if(req.length > sizeof req) { - if (indata_p == NULL) { + if(indata_p == NULL) { errno = EINVAL; return -1; } @@ -439,10 +439,11 @@ static int send_ctl_request_cooked(int fd, enum request_type type, int main(int argc, char *argv[], char *envp[]) { struct sockaddr_un addr; - int fd; - int len; tinc_ctl_greeting_t greeting; tinc_ctl_request_t req; + int fd; + int len; + int result; program_name = argv[0]; @@ -486,12 +487,37 @@ int main(int argc, char *argv[], char *envp[]) { if(!strcasecmp(argv[optind], "start")) { argv[optind] = NULL; - execve("tincd", argv, envp); + execve(SBINDIR "/tincd", argv, envp); fprintf(stderr, _("Could not start tincd: %s"), strerror(errno)); return 1; } - // Now handle commands that do involve connecting to a running tinc daemon. + /* + * Now handle commands that do involve connecting to a running tinc daemon. + * Authenticate the server by ensuring the parent directory can be + * traversed only by root. Note this is not totally race-free unless all + * ancestors are writable only by trusted users, which we don't verify. + */ + + struct stat statbuf; + char *lastslash = strrchr(controlsocketname, '/'); + if(lastslash != NULL) { + /* control socket is not in cwd; stat its parent */ + *lastslash = 0; + result = stat(controlsocketname, &statbuf); + *lastslash = '/'; + } else + result = stat(".", &statbuf); + + if(result < 0) { + fprintf(stderr, _("Unable to check control socket directory permissions: %s\n"), strerror(errno)); + return 1; + } + + if(statbuf.st_uid != 0 || (statbuf.st_mode & S_IXOTH) != 0 || (statbuf.st_gid != 0 && (statbuf.st_mode & S_IXGRP)) != 0) { + fprintf(stderr, _("Insecure permissions on control socket directory\n")); + return 1; + } if(strlen(controlsocketname) >= sizeof addr.sun_path) { fprintf(stderr, _("Control socket filename too long!\n")); @@ -525,16 +551,8 @@ int main(int argc, char *argv[], char *envp[]) { return 1; } - struct ucred cred; - socklen_t credlen = sizeof cred; - - if(getsockopt(fd, SOL_SOCKET, SO_PEERCRED, &cred, &credlen) < 0) { - fprintf(stderr, _("Could not obtain PID: %s\n"), strerror(errno)); - return 1; - } - if(!strcasecmp(argv[optind], "pid")) { - printf("%d\n", cred.pid); + printf("%d\n", greeting.pid); return 0; } @@ -551,7 +569,7 @@ int main(int argc, char *argv[], char *envp[]) { } if(!strcasecmp(argv[optind], "dump")) { - if (argc < optind + 2) { + if(argc < optind + 2) { fprintf(stderr, _("Not enough arguments.\n")); usage(true); return 1;