X-Git-Url: https://tinc-vpn.org/git/browse?a=blobdiff_plain;f=src%2Ftincctl.c;h=99c04852d61e8049048a107d3b570998224ea3b3;hb=d917c8cb6b69475d568ccbe82389b9f2b3eb5e80;hp=5916d7b5cb1f9167cd01590bbc0f9fa15d0a0990;hpb=1f312137d5ab12a2d996d5f7972f169aeb852040;p=tinc diff --git a/src/tincctl.c b/src/tincctl.c index 5916d7b5..99c04852 100644 --- a/src/tincctl.c +++ b/src/tincctl.c @@ -54,8 +54,8 @@ static bool show_help = false; static bool show_version = false; static char *name = NULL; -static char *identname = NULL; /* program name for syslog */ -static char *pidfilename = NULL; /* pid file location */ +static char *identname = NULL; /* program name for syslog */ +static char *pidfilename = NULL; /* pid file location */ static char *confdir = NULL; static char controlcookie[1024]; char *netname = NULL; @@ -163,34 +163,34 @@ static bool parse_options(int argc, char **argv) { while((r = getopt_long(argc, argv, "c:n:Dd::Lo:RU:", long_options, &option_index)) != EOF) { switch (r) { - case 0: /* long option */ + case 0: /* long option */ break; - case 'c': /* config file */ + case 'c': /* config file */ confbase = xstrdup(optarg); break; - case 'n': /* net name given */ + case 'n': /* net name given */ netname = xstrdup(optarg); break; - case 1: /* show help */ + case 1: /* show help */ show_help = true; break; - case 2: /* show version */ + case 2: /* show version */ show_version = true; break; - case 5: /* open control socket here */ + case 5: /* open control socket here */ pidfilename = xstrdup(optarg); break; - case 6: + case 6: /* force */ force = true; break; - case '?': + case '?': /* wrong options */ usage(true); return false; @@ -199,15 +199,15 @@ static bool parse_options(int argc, char **argv) { } } - if(!netname && (netname = getenv("NETNAME"))) - netname = xstrdup(netname); + if(!netname && (netname = getenv("NETNAME"))) + netname = xstrdup(netname); - /* netname "." is special: a "top-level name" */ + /* netname "." is special: a "top-level name" */ - if(netname && (!*netname || !strcmp(netname, "."))) { - free(netname); - netname = NULL; - } + if(netname && (!*netname || !strcmp(netname, "."))) { + free(netname); + netname = NULL; + } if(netname && (strpbrk(netname, "\\/") || *netname == '.')) { fprintf(stderr, "Invalid character in netname!\n"); @@ -217,6 +217,83 @@ static bool parse_options(int argc, char **argv) { return true; } +static void disable_old_keys(const char *filename, const char *what) { + char tmpfile[PATH_MAX] = ""; + char buf[1024]; + bool disabled = false; + bool block = false; + bool error = false; + FILE *r, *w; + + r = fopen(filename, "r"); + if(!r) + return; + + snprintf(tmpfile, sizeof tmpfile, "%s.tmp", filename); + + w = fopen(tmpfile, "w"); + + while(fgets(buf, sizeof buf, r)) { + if(!block && !strncmp(buf, "-----BEGIN ", 11)) { + if((strstr(buf, " EC ") && strstr(what, "ECDSA")) || (strstr(buf, " RSA ") && strstr(what, "RSA"))) { + disabled = true; + block = true; + } + } + + bool ecdsapubkey = !strncasecmp(buf, "ECDSAPublicKey", 14) && strchr(" \t=", buf[14]) && strstr(what, "ECDSA"); + + if(ecdsapubkey) + disabled = true; + + if(w) { + if(block || ecdsapubkey) + fputc('#', w); + if(fputs(buf, w) < 0) { + error = true; + break; + } + } + + if(block && !strncmp(buf, "-----END ", 9)) + block = false; + } + + if(w) + if(fclose(w) < 0) + error = true; + if(ferror(r) || fclose(r) < 0) + error = true; + + if(disabled) { + if(!w || error) { + fprintf(stderr, "Warning: old key(s) found, remove them by hand!\n"); + if(w) + unlink(tmpfile); + return; + } + +#ifdef HAVE_MINGW + // We cannot atomically replace files on Windows. + char bakfile[PATH_MAX] = ""; + snprintf(bakfile, sizeof bakfile, "%s.bak", filename); + if(rename(filename, bakfile) || rename(tmpfile, filename)) { + rename(bakfile, filename); +#else + if(rename(tmpfile, filename)) { +#endif + fprintf(stderr, "Warning: old key(s) found, remove them by hand!\n"); + } else { +#ifdef HAVE_MINGW + unlink(bakfile); +#endif + fprintf(stderr, "Warning: old key(s) found and disabled.\n"); + } + } + + unlink(tmpfile); +} + static FILE *ask_and_open(const char *filename, const char *what, const char *mode, bool ask) { FILE *r; char *directory; @@ -255,7 +332,9 @@ static FILE *ask_and_open(const char *filename, const char *what, const char *mo filename = buf2; } - umask(0077); /* Disallow everything for group and other */ + umask(0077); /* Disallow everything for group and other */ + + disable_old_keys(filename, what); /* Open it first to keep the inode busy */ @@ -276,7 +355,7 @@ static FILE *ask_and_open(const char *filename, const char *what, const char *mo static bool ecdsa_keygen(bool ask) { ecdsa_t key; FILE *f; - char *filename; + char *pubname, *privname; fprintf(stderr, "Generating ECDSA keypair:\n"); @@ -286,44 +365,38 @@ static bool ecdsa_keygen(bool ask) { } else fprintf(stderr, "Done.\n"); - xasprintf(&filename, "%s" SLASH "ecdsa_key.priv", confbase); - f = ask_and_open(filename, "private ECDSA key", "a", ask); + xasprintf(&privname, "%s" SLASH "ecdsa_key.priv", confbase); + f = ask_and_open(privname, "private ECDSA key", "a", ask); + free(privname); if(!f) return false; - + #ifdef HAVE_FCHMOD /* Make it unreadable for others. */ fchmod(fileno(f), 0600); #endif - - if(ftell(f)) - fprintf(stderr, "Appending key to existing contents.\nMake sure only one key is stored in the file.\n"); ecdsa_write_pem_private_key(&key, f); fclose(f); - free(filename); if(name) - xasprintf(&filename, "%s" SLASH "hosts" SLASH "%s", confbase, name); + xasprintf(&pubname, "%s" SLASH "hosts" SLASH "%s", confbase, name); else - xasprintf(&filename, "%s" SLASH "ecdsa_key.pub", confbase); + xasprintf(&pubname, "%s" SLASH "ecdsa_key.pub", confbase); - f = ask_and_open(filename, "public ECDSA key", "a", ask); + f = ask_and_open(pubname, "public ECDSA key", "a", ask); + free(pubname); if(!f) return false; - if(ftell(f)) - fprintf(stderr, "Appending key to existing contents.\nMake sure only one key is stored in the file.\n"); - char *pubkey = ecdsa_get_base64_public_key(&key); fprintf(f, "ECDSAPublicKey = %s\n", pubkey); free(pubkey); fclose(f); - free(filename); return true; } @@ -335,7 +408,7 @@ static bool ecdsa_keygen(bool ask) { static bool rsa_keygen(int bits, bool ask) { rsa_t key; FILE *f; - char *filename; + char *pubname, *privname; fprintf(stderr, "Generating %d bits keys:\n", bits); @@ -345,42 +418,36 @@ static bool rsa_keygen(int bits, bool ask) { } else fprintf(stderr, "Done.\n"); - xasprintf(&filename, "%s" SLASH "rsa_key.priv", confbase); - f = ask_and_open(filename, "private RSA key", "a", ask); + xasprintf(&privname, "%s" SLASH "rsa_key.priv", confbase); + f = ask_and_open(privname, "private RSA key", "a", ask); + free(privname); if(!f) return false; - + #ifdef HAVE_FCHMOD /* Make it unreadable for others. */ fchmod(fileno(f), 0600); #endif - - if(ftell(f)) - fprintf(stderr, "Appending key to existing contents.\nMake sure only one key is stored in the file.\n"); rsa_write_pem_private_key(&key, f); fclose(f); - free(filename); if(name) - xasprintf(&filename, "%s" SLASH "hosts" SLASH "%s", confbase, name); + xasprintf(&pubname, "%s" SLASH "hosts" SLASH "%s", confbase, name); else - xasprintf(&filename, "%s" SLASH "rsa_key.pub", confbase); + xasprintf(&pubname, "%s" SLASH "rsa_key.pub", confbase); - f = ask_and_open(filename, "public RSA key", "a", ask); + f = ask_and_open(pubname, "public RSA key", "a", ask); + free(pubname); if(!f) return false; - if(ftell(f)) - fprintf(stderr, "Appending key to existing contents.\nMake sure only one key is stored in the file.\n"); - rsa_write_pem_public_key(&key, f); fclose(f); - free(filename); return true; } @@ -512,7 +579,7 @@ bool sendline(int fd, char *format, ...) { blen -= result; } - return true; + return true; } static void pcap(int fd, FILE *out, int snaplen) { @@ -620,8 +687,19 @@ static bool remove_service(void) { #endif static bool connect_tincd(bool verbose) { - if(fd >= 0) - return true; + if(fd >= 0) { + fd_set r; + FD_ZERO(&r); + FD_SET(fd, &r); + struct timeval tv = {0, 0}; + if(select(fd + 1, &r, NULL, NULL, &tv)) { + fprintf(stderr, "Previous connection to tincd lost, reconnecting.\n"); + close(fd); + fd = -1; + } else { + return true; + } + } FILE *f = fopen(pidfilename, "r"); if(!f) { @@ -684,6 +762,8 @@ static bool connect_tincd(bool verbose) { if(connect(fd, res->ai_addr, res->ai_addrlen) < 0) { if(verbose) fprintf(stderr, "Cannot connect to %s port %s: %s\n", host, port, sockstrerror(sockerrno)); + close(fd); + fd = -1; return false; } @@ -695,14 +775,18 @@ static bool connect_tincd(bool verbose) { if(!recvline(fd, line, sizeof line) || sscanf(line, "%d %s %d", &code, data, &version) != 3 || code != 0) { if(verbose) fprintf(stderr, "Cannot read greeting from control socket: %s\n", sockstrerror(sockerrno)); + close(fd); + fd = -1; return false; } sendline(fd, "%d ^%s %d", ID, controlcookie, TINC_CTL_VERSION_CURRENT); - + if(!recvline(fd, line, sizeof line) || sscanf(line, "%d %d %d", &code, &version, &pid) != 3 || code != 4 || version != TINC_CTL_VERSION_CURRENT) { if(verbose) fprintf(stderr, "Could not fully establish control socket connection\n"); + close(fd); + fd = -1; return false; } @@ -733,9 +817,10 @@ static int cmd_start(int argc, char *argv[]) { c = "tincd"; int nargc = 0; - char **nargv = xmalloc_and_zero((orig_argc + argc) * sizeof *nargv); + char **nargv = xmalloc_and_zero((optind + argc) * sizeof *nargv); - for(int i = 0; i < orig_argc; i++) + nargv[nargc++] = c; + for(int i = 1; i < optind; i++) nargv[nargc++] = orig_argv[i]; for(int i = 1; i < argc; i++) nargv[nargc++] = argv[i]; @@ -748,12 +833,15 @@ static int cmd_start(int argc, char *argv[]) { pid_t pid = fork(); if(pid == -1) { fprintf(stderr, "Could not fork: %s\n", strerror(errno)); + free(nargv); return 1; } if(!pid) exit(execvp(c, nargv)); - + + free(nargv); + int status = -1; if(waitpid(pid, &status, 0) != pid || !WIFEXITED(status) || WEXITSTATUS(status)) { fprintf(stderr, "Error starting %s\n", c); @@ -768,9 +856,13 @@ static int cmd_stop(int argc, char *argv[]) { #ifndef HAVE_MINGW if(!connect_tincd(true)) { if(pid) { - if(kill(pid, SIGTERM)) + if(kill(pid, SIGTERM)) { + fprintf(stderr, "Could not send TERM signal to process with PID %u: %s\n", pid, strerror(errno)); return 1; + } + fprintf(stderr, "Sent TERM signal to process with PID %u.\n", pid); + waitpid(pid, NULL, 0); return 0; } @@ -782,6 +874,12 @@ static int cmd_stop(int argc, char *argv[]) { fprintf(stderr, "Could not stop tinc daemon.\n"); return 1; } + + // Wait for tincd to close the connection... + fd_set r; + FD_ZERO(&r); + FD_SET(fd, &r); + select(fd + 1, &r, NULL, NULL, NULL); #else if(!remove_service()) return 1; @@ -1131,7 +1229,7 @@ static struct { {"ECDSAPrivateKeyFile", VAR_SERVER}, {"ExperimentalProtocol", VAR_SERVER}, {"Forwarding", VAR_SERVER}, - {"GraphDumpFile", VAR_SERVER}, + {"GraphDumpFile", VAR_SERVER | VAR_OBSOLETE}, {"Hostnames", VAR_SERVER}, {"IffOneQueue", VAR_SERVER}, {"Interface", VAR_SERVER}, @@ -1150,6 +1248,8 @@ static struct { {"ProcessPriority", VAR_SERVER}, {"Proxy", VAR_SERVER}, {"ReplayWindow", VAR_SERVER}, + {"ScriptsExtension", VAR_SERVER}, + {"ScriptsInterpreter", VAR_SERVER}, {"StrictSubnets", VAR_SERVER}, {"TunnelServer", VAR_SERVER}, {"UDPRcvBuf", VAR_SERVER}, @@ -1212,14 +1312,14 @@ static int cmd_config(int argc, char *argv[]) { char *value; int len; - len = strcspn(line, "\t ="); - value = line + len; - value += strspn(value, "\t "); - if(*value == '=') { - value++; - value += strspn(value, "\t "); - } - line[len] = '\0'; + len = strcspn(line, "\t ="); + value = line + len; + value += strspn(value, "\t "); + if(*value == '=') { + value++; + value += strspn(value, "\t "); + } + line[len] = '\0'; variable = strchr(line, '.'); if(variable) { node = line; @@ -1953,7 +2053,6 @@ static int cmd_shell(int argc, char *argv[]) { char *line = NULL; int maxargs = argc + 16; char **nargv = xmalloc(maxargs * sizeof *nargv); - optind = argc; for(int i = 0; i < argc; i++) nargv[i] = argv[i]; @@ -2039,6 +2138,8 @@ static int cmd_shell(int argc, char *argv[]) { } } + free(nargv); + if(tty) printf("\n"); return result; @@ -2052,7 +2153,7 @@ int main(int argc, char *argv[]) { if(!parse_options(argc, argv)) return 1; - + make_names(); if(show_version) {