X-Git-Url: https://tinc-vpn.org/git/browse?a=blobdiff_plain;f=src%2Ftincctl.c;h=7cfc62e5f382bac67cdcfba5d93090dbf61e471c;hb=636200d1a2024982fe5b3062153daa72a8253015;hp=7e08629e76fed5da76ec6ac93950588793149be4;hpb=b1f8c65a2cfa307d9b8ed8cc3c8d4819f605e4f6;p=tinc diff --git a/src/tincctl.c b/src/tincctl.c index 7e08629e..7cfc62e5 100644 --- a/src/tincctl.c +++ b/src/tincctl.c @@ -292,7 +292,7 @@ static void make_names(void) { #ifdef HAVE_MINGW HKEY key; char installdir[1024] = ""; - long len = sizeof(installdir); + long len = sizeof installdir; #endif if(netname) @@ -319,7 +319,7 @@ static void make_names(void) { #endif if(!controlsocketname) - asprintf(&controlsocketname, LOCALSTATEDIR "/run/%s.control", identname); + asprintf(&controlsocketname, "%s/run/%s.control/socket", LOCALSTATEDIR, identname); if(netname) { if(!confbase) @@ -360,7 +360,7 @@ static int send_ctl_request(int fd, enum request_type type, tinc_ctl_request_t req; int rv; struct iovec vector[2] = { - {&req, sizeof(req)}, + {&req, sizeof req}, {(void*) outdata, outdatalen} }; void *indata; @@ -439,10 +439,9 @@ static int send_ctl_request_cooked(int fd, enum request_type type, int main(int argc, char *argv[], char *envp[]) { struct sockaddr_un addr; - int fd; - int len; tinc_ctl_greeting_t greeting; - tinc_ctl_request_t req; + int fd; + int result; program_name = argv[0]; @@ -486,12 +485,37 @@ int main(int argc, char *argv[], char *envp[]) { if(!strcasecmp(argv[optind], "start")) { argv[optind] = NULL; - execve("tincd", argv, envp); + execve(SBINDIR "/tincd", argv, envp); fprintf(stderr, _("Could not start tincd: %s"), strerror(errno)); return 1; } - // Now handle commands that do involve connecting to a running tinc daemon. + /* + * Now handle commands that do involve connecting to a running tinc daemon. + * Authenticate the server by ensuring the parent directory can be + * traversed only by root. Note this is not totally race-free unless all + * ancestors are writable only by trusted users, which we don't verify. + */ + + struct stat statbuf; + char *lastslash = strrchr(controlsocketname, '/'); + if(lastslash != NULL) { + /* control socket is not in cwd; stat its parent */ + *lastslash = 0; + result = stat(controlsocketname, &statbuf); + *lastslash = '/'; + } else + result = stat(".", &statbuf); + + if(result < 0) { + fprintf(stderr, _("Unable to check control socket directory permissions: %s\n"), strerror(errno)); + return 1; + } + + if(statbuf.st_uid != 0 || (statbuf.st_mode & S_IXOTH) != 0 || (statbuf.st_gid != 0 && (statbuf.st_mode & S_IXGRP)) != 0) { + fprintf(stderr, _("Insecure permissions on control socket directory\n")); + return 1; + } if(strlen(controlsocketname) >= sizeof addr.sun_path) { fprintf(stderr, _("Control socket filename too long!\n")); @@ -525,16 +549,8 @@ int main(int argc, char *argv[], char *envp[]) { return 1; } - struct ucred cred; - socklen_t credlen = sizeof cred; - - if(getsockopt(fd, SOL_SOCKET, SO_PEERCRED, &cred, &credlen) < 0) { - fprintf(stderr, _("Could not obtain PID: %s\n"), strerror(errno)); - return 1; - } - if(!strcasecmp(argv[optind], "pid")) { - printf("%d\n", cred.pid); + printf("%d\n", greeting.pid); return 0; } @@ -595,7 +611,7 @@ int main(int argc, char *argv[], char *envp[]) { } debuglevel = atoi(argv[optind+1]); return send_ctl_request_cooked(fd, REQ_SET_DEBUG, &debuglevel, - sizeof(debuglevel)) != -1; + sizeof debuglevel) != -1; } if(!strcasecmp(argv[optind], "retry")) {