X-Git-Url: https://tinc-vpn.org/git/browse?a=blobdiff_plain;f=src%2Ftincctl.c;h=a144636951f2b3dc4db0a6276b712fc2fc7101a2;hb=b2701c7c54b11cda71461c5dbbc985476bf5b221;hp=93c5b320b6e963b2719c102a4f921e6c3fb00b1d;hpb=1c475ecb575367a6b3f9328b0f643ad636155341;p=tinc diff --git a/src/tincctl.c b/src/tincctl.c index 93c5b320..a1446369 100644 --- a/src/tincctl.c +++ b/src/tincctl.c @@ -1,6 +1,6 @@ /* tincctl.c -- Controlling a running tincd - Copyright (C) 2007-2018 Guus Sliepen + Copyright (C) 2007-2021 Guus Sliepen This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -40,13 +40,14 @@ #include "tincctl.h" #include "top.h" #include "version.h" +#include "subnet.h" +#include "keys.h" #ifndef MSG_NOSIGNAL #define MSG_NOSIGNAL 0 #endif static char **orig_argv; -static int orig_argc; /* If nonzero, display usage information and exit. */ static bool show_help = false; @@ -70,7 +71,6 @@ static int result; bool force = false; bool tty = true; bool confbasegiven = false; -bool netnamegiven = false; char *scriptinterpreter = NULL; char *scriptextension = ""; static char *prompt; @@ -92,6 +92,17 @@ static struct option const long_options[] = { static void version(void) { printf("%s version %s (built %s %s, protocol %d.%d)\n", PACKAGE, BUILD_VERSION, BUILD_DATE, BUILD_TIME, PROT_MAJOR, PROT_MINOR); + printf("Features:" +#ifdef HAVE_READLINE + " readline" +#endif +#ifdef HAVE_CURSES + " curses" +#endif +#ifndef DISABLE_LEGACY + " legacy_protocol" +#endif + "\n\n"); printf("Copyright (C) 1998-2018 Ivo Timmermans, Guus Sliepen and others.\n" "See the AUTHORS file for a complete list.\n\n" "tinc comes with ABSOLUTELY NO WARRANTY. This is free software,\n" @@ -125,12 +136,12 @@ static void usage(bool status) { " reload Partially reload configuration of running tincd.\n" " pid Show PID of currently running tincd.\n" #ifdef DISABLE_LEGACY - " generate-keys Generate a new Ed25519 public/private keypair.\n" + " generate-keys Generate a new Ed25519 public/private key pair.\n" #else - " generate-keys [bits] Generate new RSA and Ed25519 public/private keypairs.\n" - " generate-rsa-keys [bits] Generate a new RSA public/private keypair.\n" + " generate-keys [bits] Generate new RSA and Ed25519 public/private key pairs.\n" + " generate-rsa-keys [bits] Generate a new RSA public/private key pair.\n" #endif - " generate-ed25519-keys Generate a new Ed25519 public/private keypair.\n" + " generate-ed25519-keys Generate a new Ed25519 public/private key pair.\n" " dump Dump a list of one of the following things:\n" " [reachable] nodes - all known nodes in the VPN\n" " edges - all known connections in the VPN\n" @@ -178,11 +189,13 @@ static bool parse_options(int argc, char **argv) { break; case 'c': /* config file */ + free(confbase); confbase = xstrdup(optarg); confbasegiven = true; break; case 'n': /* net name given */ + free(netname); netname = xstrdup(optarg); break; @@ -195,6 +208,7 @@ static bool parse_options(int argc, char **argv) { break; case 3: /* open control socket here */ + free(pidfilename); pidfilename = xstrdup(optarg); break; @@ -204,6 +218,7 @@ static bool parse_options(int argc, char **argv) { case '?': /* wrong options */ usage(true); + free_names(); return false; default: @@ -224,131 +239,13 @@ static bool parse_options(int argc, char **argv) { if(netname && (strpbrk(netname, "\\/") || *netname == '.')) { fprintf(stderr, "Invalid character in netname!\n"); + free_names(); return false; } return true; } -/* Open a file with the desired permissions, minus the umask. - Also, if we want to create an executable file, we call fchmod() - to set the executable bits. */ - -FILE *fopenmask(const char *filename, const char *mode, mode_t perms) { - mode_t mask = umask(0); - perms &= ~mask; - umask(~perms); - FILE *f = fopen(filename, mode); - - if(!f) { - fprintf(stderr, "Could not open %s: %s\n", filename, strerror(errno)); - return NULL; - } - -#ifdef HAVE_FCHMOD - - if((perms & 0444) && f) { - fchmod(fileno(f), perms); - } - -#endif - umask(mask); - return f; -} - -static void disable_old_keys(const char *filename, const char *what) { - char tmpfile[PATH_MAX] = ""; - char buf[1024]; - bool disabled = false; - bool block = false; - bool error = false; - FILE *r, *w; - - r = fopen(filename, "r"); - - if(!r) { - return; - } - - snprintf(tmpfile, sizeof(tmpfile), "%s.tmp", filename); - - struct stat st = {.st_mode = 0600}; - fstat(fileno(r), &st); - w = fopenmask(tmpfile, "w", st.st_mode); - - while(fgets(buf, sizeof(buf), r)) { - if(!block && !strncmp(buf, "-----BEGIN ", 11)) { - if((strstr(buf, " ED25519 ") && strstr(what, "Ed25519")) || (strstr(buf, " RSA ") && strstr(what, "RSA"))) { - disabled = true; - block = true; - } - } - - bool ed25519pubkey = !strncasecmp(buf, "Ed25519PublicKey", 16) && strchr(" \t=", buf[16]) && strstr(what, "Ed25519"); - - if(ed25519pubkey) { - disabled = true; - } - - if(w) { - if(block || ed25519pubkey) { - fputc('#', w); - } - - if(fputs(buf, w) < 0) { - error = true; - break; - } - } - - if(block && !strncmp(buf, "-----END ", 9)) { - block = false; - } - } - - if(w) - if(fclose(w) < 0) { - error = true; - } - - if(ferror(r) || fclose(r) < 0) { - error = true; - } - - if(disabled) { - if(!w || error) { - fprintf(stderr, "Warning: old key(s) found, remove them by hand!\n"); - - if(w) { - unlink(tmpfile); - } - - return; - } - -#ifdef HAVE_MINGW - // We cannot atomically replace files on Windows. - char bakfile[PATH_MAX] = ""; - snprintf(bakfile, sizeof(bakfile), "%s.bak", filename); - - if(rename(filename, bakfile) || rename(tmpfile, filename)) { - rename(bakfile, filename); -#else - - if(rename(tmpfile, filename)) { -#endif - fprintf(stderr, "Warning: old key(s) found, remove them by hand!\n"); - } else { -#ifdef HAVE_MINGW - unlink(bakfile); -#endif - fprintf(stderr, "Warning: old key(s) found and disabled.\n"); - } - } - - unlink(tmpfile); -} - static FILE *ask_and_open(const char *filename, const char *what, const char *mode, bool ask, mode_t perms) { FILE *r; char directory[PATH_MAX] = "."; @@ -416,7 +313,7 @@ ask_filename: } /* - Generate a public/private Ed25519 keypair, and ask for a file to store + Generate a public/private Ed25519 key pair, and ask for a file to store them in. */ static bool ed25519_keygen(bool ask) { @@ -424,7 +321,7 @@ static bool ed25519_keygen(bool ask) { FILE *f; char fname[PATH_MAX]; - fprintf(stderr, "Generating Ed25519 keypair:\n"); + fprintf(stderr, "Generating Ed25519 key pair:\n"); if(!(key = ecdsa_generate())) { fprintf(stderr, "Error during key generation!\n"); @@ -480,7 +377,7 @@ error: #ifndef DISABLE_LEGACY /* - Generate a public/private RSA keypair, and ask for a file to store + Generate a public/private RSA key pair, and ask for a file to store them in. */ static bool rsa_keygen(int bits, bool ask) { @@ -566,15 +463,15 @@ bool recvline(int fd, char *line, size_t len) { } while(!(newline = memchr(buffer, '\n', blen))) { - int result = recv(fd, buffer + blen, sizeof(buffer) - blen, 0); + ssize_t nrecv = recv(fd, buffer + blen, sizeof(buffer) - blen, 0); - if(result == -1 && sockerrno == EINTR) { + if(nrecv == -1 && sockerrno == EINTR) { continue; - } else if(result <= 0) { + } else if(nrecv <= 0) { return false; } - blen += result; + blen += nrecv; } if((size_t)(newline - buffer) >= len) { @@ -593,15 +490,15 @@ bool recvline(int fd, char *line, size_t len) { static bool recvdata(int fd, char *data, size_t len) { while(blen < len) { - int result = recv(fd, buffer + blen, sizeof(buffer) - blen, 0); + ssize_t nrecv = recv(fd, buffer + blen, sizeof(buffer) - blen, 0); - if(result == -1 && sockerrno == EINTR) { + if(nrecv == -1 && sockerrno == EINTR) { continue; - } else if(result <= 0) { + } else if(nrecv <= 0) { return false; } - blen += result; + blen += nrecv; } memcpy(data, buffer, len); @@ -614,7 +511,7 @@ static bool recvdata(int fd, char *data, size_t len) { bool sendline(int fd, char *format, ...) { static char buffer[4096]; char *p = buffer; - int blen; + ssize_t blen; va_list ap; va_start(ap, format); @@ -630,16 +527,16 @@ bool sendline(int fd, char *format, ...) { blen++; while(blen) { - int result = send(fd, p, blen, MSG_NOSIGNAL); + ssize_t nsend = send(fd, p, blen, MSG_NOSIGNAL); - if(result == -1 && sockerrno == EINTR) { + if(nsend == -1 && sockerrno == EINTR) { continue; - } else if(result <= 0) { + } else if(nsend <= 0) { return false; } - p += result; - blen -= result; + p += nsend; + blen -= nsend; } return true; @@ -680,11 +577,12 @@ static void pcap(int fd, FILE *out, uint32_t snaplen) { char line[32]; while(recvline(fd, line, sizeof(line))) { - int code, req, len; - int n = sscanf(line, "%d %d %d", &code, &req, &len); + int code, req; + size_t len; + int n = sscanf(line, "%d %d %zd", &code, &req, &len); gettimeofday(&tv, NULL); - if(n != 3 || code != CONTROL || req != REQ_PCAP || len < 0 || (size_t)len > sizeof(data)) { + if(n != 3 || code != CONTROL || req != REQ_PCAP || len > sizeof(data)) { break; } @@ -725,6 +623,24 @@ static void logcontrol(int fd, FILE *out, int level) { } } +static bool stop_tincd(void) { + if(!connect_tincd(true)) { + return false; + } + + sendline(fd, "%d %d", CONTROL, REQ_STOP); + + while(recvline(fd, line, sizeof(line))) { + // wait for tincd to close the connection... + } + + close(fd); + pid = 0; + fd = -1; + + return true; +} + #ifdef HAVE_MINGW static bool remove_service(void) { SC_HANDLE manager = NULL; @@ -742,7 +658,12 @@ static bool remove_service(void) { service = OpenService(manager, identname, SERVICE_ALL_ACCESS); if(!service) { - fprintf(stderr, "Could not open %s service: %s\n", identname, winerror(GetLastError())); + if(GetLastError() == ERROR_SERVICE_DOES_NOT_EXIST) { + success = stop_tincd(); + } else { + fprintf(stderr, "Could not open %s service: %s\n", identname, winerror(GetLastError())); + } + goto exit; } @@ -827,14 +748,17 @@ bool connect_tincd(bool verbose) { return false; } - struct sockaddr_un sa; + struct sockaddr_un sa = { + .sun_family = AF_UNIX, + }; - sa.sun_family = AF_UNIX; + if(strlen(unixsocketname) >= sizeof(sa.sun_path)) { + fprintf(stderr, "UNIX socket filename %s is too long!", unixsocketname); + return false; + } strncpy(sa.sun_path, unixsocketname, sizeof(sa.sun_path)); - sa.sun_path[sizeof(sa.sun_path) - 1] = 0; - fd = socket(AF_UNIX, SOCK_STREAM, 0); if(fd < 0) { @@ -883,7 +807,6 @@ bool connect_tincd(bool verbose) { return false; } -#ifdef HAVE_MINGW unsigned long arg = 0; if(ioctlsocket(fd, FIONBIO, &arg) != 0) { @@ -892,8 +815,6 @@ bool connect_tincd(bool verbose) { } } -#endif - if(connect(fd, res->ai_addr, res->ai_addrlen) < 0) { if(verbose) { fprintf(stderr, "Cannot connect to %s port %s: %s\n", host, port, sockstrerror(sockerrno)); @@ -963,10 +884,12 @@ static int cmd_start(int argc, char *argv[]) { #endif + char *default_c = "tincd"; + if(slash++) { xasprintf(&c, "%.*stincd", (int)(slash - program_name), program_name); } else { - c = "tincd"; + c = default_c; } int nargc = 0; @@ -997,6 +920,12 @@ static int cmd_start(int argc, char *argv[]) { #ifdef HAVE_MINGW int status = spawnvp(_P_WAIT, c, nargv); + free(nargv); + + if(c != default_c) { + free(c); + } + if(status == -1) { fprintf(stderr, "Error starting %s: %s\n", c, strerror(errno)); return 1; @@ -1009,6 +938,11 @@ static int cmd_start(int argc, char *argv[]) { if(socketpair(AF_UNIX, SOCK_STREAM, 0, pfd)) { fprintf(stderr, "Could not create umbilical socket: %s\n", strerror(errno)); free(nargv); + + if(c != default_c) { + free(c); + } + return 1; } @@ -1017,6 +951,11 @@ static int cmd_start(int argc, char *argv[]) { if(pid == -1) { fprintf(stderr, "Could not fork: %s\n", strerror(errno)); free(nargv); + + if(c != default_c) { + free(c); + } + return 1; } @@ -1032,7 +971,6 @@ static int cmd_start(int argc, char *argv[]) { free(nargv); - int status = -1, result; #ifdef SIGINT signal(SIGINT, SIG_IGN); #endif @@ -1040,7 +978,7 @@ static int cmd_start(int argc, char *argv[]) { // Pass all log messages from the umbilical to stderr. // A nul-byte right before closure means tincd started successfully. bool failure = true; - char buf[1024]; + uint8_t buf[1024]; ssize_t len; while((len = read(pfd[0], buf, sizeof(buf))) > 0) { @@ -1060,18 +998,24 @@ static int cmd_start(int argc, char *argv[]) { close(pfd[0]); // Make sure the child process is really gone. - result = waitpid(pid, &status, 0); + int status = -1; + pid_t result = waitpid(pid, &status, 0); #ifdef SIGINT signal(SIGINT, SIG_DFL); #endif - if(failure || result != pid || !WIFEXITED(status) || WEXITSTATUS(status)) { + bool failed = failure || result != pid || !WIFEXITED(status) || WEXITSTATUS(status); + + if(failed) { fprintf(stderr, "Error starting %s\n", c); - return 1; } - return 0; + if(c != default_c) { + free(c); + } + + return failed ? EXIT_FAILURE : EXIT_SUCCESS; #endif } @@ -1083,9 +1027,11 @@ static int cmd_stop(int argc, char *argv[]) { return 1; } -#ifndef HAVE_MINGW +#ifdef HAVE_MINGW + return remove_service() ? EXIT_SUCCESS : EXIT_FAILURE; +#else - if(!connect_tincd(true)) { + if(!stop_tincd()) { if(pid) { if(kill(pid, SIGTERM)) { fprintf(stderr, "Could not send TERM signal to process with PID %d: %s\n", pid, strerror(errno)); @@ -1100,24 +1046,8 @@ static int cmd_stop(int argc, char *argv[]) { return 1; } - sendline(fd, "%d %d", CONTROL, REQ_STOP); - - while(recvline(fd, line, sizeof(line))) { - // Wait for tincd to close the connection... - } - -#else - - if(!remove_service()) { - return 1; - } - -#endif - close(fd); - pid = 0; - fd = -1; - return 0; +#endif } static int cmd_restart(int argc, char *argv[]) { @@ -1170,7 +1100,7 @@ static int dump_invitations(void) { while((ent = readdir(dir))) { char buf[MAX_STRING_SIZE]; - if(b64decode(ent->d_name, buf, 24) != 18) { + if(b64decode_tinc(ent->d_name, buf, 24) != 18) { continue; } @@ -1346,7 +1276,7 @@ static int cmd_dump(int argc, char *argv[]) { color = "green"; } - printf(" %s [label = \"%s\", color = \"%s\"%s];\n", node, node, color, strcmp(host, "MYSELF") ? "" : ", style = \"filled\""); + printf(" \"%s\" [label = \"%s\", color = \"%s\"%s];\n", node, node, color, strcmp(host, "MYSELF") ? "" : ", style = \"filled\""); } else { if(only_reachable && !status.reachable) { continue; @@ -1373,12 +1303,12 @@ static int cmd_dump(int argc, char *argv[]) { } if(do_graph) { - float w = 1 + 65536.0 / weight; + float w = 1.0f + 65536.0f / (float)weight; if(do_graph == 1 && strcmp(node1, node2) > 0) { - printf(" %s -- %s [w = %f, weight = %f];\n", node1, node2, w, w); + printf(" \"%s\" -- \"%s\" [w = %f, weight = %f];\n", node1, node2, w, w); } else if(do_graph == 2) { - printf(" %s -> %s [w = %f, weight = %f];\n", node1, node2, w, w); + printf(" \"%s\" -> \"%s\" [w = %f, weight = %f];\n", node1, node2, w, w); } } else { printf("%s to %s at %s port %s local %s port %s options %x weight %d\n", from, to, host, port, local_host, local_port, options, weight); @@ -1624,8 +1554,8 @@ static int cmd_pid(int argc, char *argv[]) { return 0; } -int rstrip(char *value) { - int len = strlen(value); +size_t rstrip(char *value) { + size_t len = strlen(value); while(len && strchr("\t\r\n ", value[len - 1])) { value[--len] = 0; @@ -1649,7 +1579,7 @@ char *get_my_name(bool verbose) { char *value; while(fgets(buf, sizeof(buf), f)) { - int len = strcspn(buf, "\t ="); + size_t len = strcspn(buf, "\t ="); value = buf + len; value += strspn(value, "\t "); @@ -1688,7 +1618,7 @@ ecdsa_t *get_pubkey(FILE *f) { char *value; while(fgets(buf, sizeof(buf), f)) { - int len = strcspn(buf, "\t ="); + size_t len = strcspn(buf, "\t ="); value = buf + len; value += strspn(value, "\t "); @@ -1717,18 +1647,18 @@ ecdsa_t *get_pubkey(FILE *f) { const var_t variables[] = { /* Server configuration */ - {"AddressFamily", VAR_SERVER}, + {"AddressFamily", VAR_SERVER | VAR_SAFE}, {"AutoConnect", VAR_SERVER | VAR_SAFE}, {"BindToAddress", VAR_SERVER | VAR_MULTIPLE}, {"BindToInterface", VAR_SERVER}, {"Broadcast", VAR_SERVER | VAR_SAFE}, {"BroadcastSubnet", VAR_SERVER | VAR_MULTIPLE | VAR_SAFE}, {"ConnectTo", VAR_SERVER | VAR_MULTIPLE | VAR_SAFE}, - {"DecrementTTL", VAR_SERVER}, + {"DecrementTTL", VAR_SERVER | VAR_SAFE}, {"Device", VAR_SERVER}, {"DeviceStandby", VAR_SERVER}, {"DeviceType", VAR_SERVER}, - {"DirectOnly", VAR_SERVER}, + {"DirectOnly", VAR_SERVER | VAR_SAFE}, {"Ed25519PrivateKeyFile", VAR_SERVER}, {"ExperimentalProtocol", VAR_SERVER}, {"Forwarding", VAR_SERVER}, @@ -1738,34 +1668,34 @@ const var_t variables[] = { {"IffOneQueue", VAR_SERVER}, {"Interface", VAR_SERVER}, {"InvitationExpire", VAR_SERVER}, - {"KeyExpire", VAR_SERVER}, + {"KeyExpire", VAR_SERVER | VAR_SAFE}, {"ListenAddress", VAR_SERVER | VAR_MULTIPLE}, - {"LocalDiscovery", VAR_SERVER}, + {"LocalDiscovery", VAR_SERVER | VAR_SAFE}, {"LogLevel", VAR_SERVER}, - {"MACExpire", VAR_SERVER}, - {"MaxConnectionBurst", VAR_SERVER}, - {"MaxOutputBufferSize", VAR_SERVER}, - {"MaxTimeout", VAR_SERVER}, + {"MACExpire", VAR_SERVER | VAR_SAFE}, + {"MaxConnectionBurst", VAR_SERVER | VAR_SAFE}, + {"MaxOutputBufferSize", VAR_SERVER | VAR_SAFE}, + {"MaxTimeout", VAR_SERVER | VAR_SAFE}, {"Mode", VAR_SERVER | VAR_SAFE}, {"Name", VAR_SERVER}, - {"PingInterval", VAR_SERVER}, - {"PingTimeout", VAR_SERVER}, + {"PingInterval", VAR_SERVER | VAR_SAFE}, + {"PingTimeout", VAR_SERVER | VAR_SAFE}, {"PriorityInheritance", VAR_SERVER}, {"PrivateKey", VAR_SERVER | VAR_OBSOLETE}, {"PrivateKeyFile", VAR_SERVER}, {"ProcessPriority", VAR_SERVER}, {"Proxy", VAR_SERVER}, - {"ReplayWindow", VAR_SERVER}, + {"ReplayWindow", VAR_SERVER | VAR_SAFE}, {"ScriptsExtension", VAR_SERVER}, {"ScriptsInterpreter", VAR_SERVER}, - {"StrictSubnets", VAR_SERVER}, - {"TunnelServer", VAR_SERVER}, - {"UDPDiscovery", VAR_SERVER}, - {"UDPDiscoveryKeepaliveInterval", VAR_SERVER}, - {"UDPDiscoveryInterval", VAR_SERVER}, - {"UDPDiscoveryTimeout", VAR_SERVER}, - {"MTUInfoInterval", VAR_SERVER}, - {"UDPInfoInterval", VAR_SERVER}, + {"StrictSubnets", VAR_SERVER | VAR_SAFE}, + {"TunnelServer", VAR_SERVER | VAR_SAFE}, + {"UDPDiscovery", VAR_SERVER | VAR_SAFE}, + {"UDPDiscoveryKeepaliveInterval", VAR_SERVER | VAR_SAFE}, + {"UDPDiscoveryInterval", VAR_SERVER | VAR_SAFE}, + {"UDPDiscoveryTimeout", VAR_SERVER | VAR_SAFE}, + {"MTUInfoInterval", VAR_SERVER | VAR_SAFE}, + {"UDPInfoInterval", VAR_SERVER | VAR_SAFE}, {"UDPRcvBuf", VAR_SERVER}, {"UDPSndBuf", VAR_SERVER}, {"UPnP", VAR_SERVER}, @@ -1776,12 +1706,12 @@ const var_t variables[] = { /* Host configuration */ {"Address", VAR_HOST | VAR_MULTIPLE}, {"Cipher", VAR_SERVER | VAR_HOST}, - {"ClampMSS", VAR_SERVER | VAR_HOST}, - {"Compression", VAR_SERVER | VAR_HOST}, + {"ClampMSS", VAR_SERVER | VAR_HOST | VAR_SAFE}, + {"Compression", VAR_SERVER | VAR_HOST | VAR_SAFE}, {"Digest", VAR_SERVER | VAR_HOST}, {"Ed25519PublicKey", VAR_HOST}, {"Ed25519PublicKeyFile", VAR_SERVER | VAR_HOST}, - {"IndirectData", VAR_SERVER | VAR_HOST}, + {"IndirectData", VAR_SERVER | VAR_HOST | VAR_SAFE}, {"MACLength", VAR_SERVER | VAR_HOST}, {"PMTU", VAR_SERVER | VAR_HOST}, {"PMTUDiscovery", VAR_SERVER | VAR_HOST}, @@ -1789,7 +1719,7 @@ const var_t variables[] = { {"PublicKey", VAR_HOST | VAR_OBSOLETE}, {"PublicKeyFile", VAR_SERVER | VAR_HOST | VAR_OBSOLETE}, {"Subnet", VAR_HOST | VAR_MULTIPLE | VAR_SAFE}, - {"TCPOnly", VAR_SERVER | VAR_HOST}, + {"TCPOnly", VAR_SERVER | VAR_HOST | VAR_SAFE}, {"Weight", VAR_HOST | VAR_SAFE}, {NULL, 0} }; @@ -1833,7 +1763,7 @@ static int cmd_config(int argc, char *argv[]) { char *node = NULL; char *variable; char *value; - int len; + size_t len; len = strcspn(line, "\t ="); value = line + len; @@ -1880,6 +1810,20 @@ static int cmd_config(int argc, char *argv[]) { found = true; variable = (char *)variables[i].name; + if(!strcasecmp(variable, "Subnet") && *value) { + subnet_t s = {0}; + + if(!str2net(&s, value)) { + fprintf(stderr, "Malformed subnet definition %s\n", value); + return 1; + } + + if(!subnetcheck(s)) { + fprintf(stderr, "Network address and prefix length do not match: %s\n", value); + return 1; + } + } + /* Discourage use of obsolete variables. */ if(variables[i].type & VAR_OBSOLETE && action >= 0) { @@ -1927,6 +1871,11 @@ static int cmd_config(int argc, char *argv[]) { if(node && !check_id(node)) { fprintf(stderr, "Invalid name for node.\n"); + + if(node != line) { + free(node); + } + return 1; } @@ -1935,6 +1884,11 @@ static int cmd_config(int argc, char *argv[]) { fprintf(stderr, "Warning: %s is not a known configuration variable!\n", variable); } else { fprintf(stderr, "%s: is not a known configuration variable! Use --force to use it anyway.\n", variable); + + if(node && node != line) { + free(node); + } + return 1; } } @@ -1944,6 +1898,11 @@ static int cmd_config(int argc, char *argv[]) { if(node) { snprintf(filename, sizeof(filename), "%s" SLASH "%s", hosts_dir, node); + + if(node != line) { + free(node); + node = NULL; + } } else { snprintf(filename, sizeof(filename), "%s", tinc_conf); } @@ -1986,9 +1945,8 @@ static int cmd_config(int argc, char *argv[]) { // Parse line in a simple way char *bvalue; - int len; - len = strcspn(buf2, "\t ="); + size_t len = strcspn(buf2, "\t ="); bvalue = buf2 + len; bvalue += strspn(bvalue, "\t "); @@ -2212,7 +2170,7 @@ static int cmd_init(int argc, char *argv[]) { return 1; } - int len = rstrip(buf); + size_t len = rstrip(buf); if(!len) { fprintf(stderr, "No name given!\n"); @@ -2301,6 +2259,7 @@ static int cmd_init(int argc, char *argv[]) { static int cmd_generate_keys(int argc, char *argv[]) { #ifdef DISABLE_LEGACY + (void)argv; if(argc > 1) { #else @@ -2440,10 +2399,14 @@ static int cmd_edit(int argc, char *argv[]) { char *command; #ifndef HAVE_MINGW const char *editor = getenv("VISUAL"); - if (!editor) + + if(!editor) { editor = getenv("EDITOR"); - if (!editor) + } + + if(!editor) { editor = "vi"; + } xasprintf(&command, "\"%s\" \"%s\"", editor, filename); #else @@ -2735,11 +2698,11 @@ static int cmd_fsck(int argc, char *argv[]) { static void *readfile(FILE *in, size_t *len) { size_t count = 0; - size_t alloced = 4096; - char *buf = xmalloc(alloced); + size_t bufsize = 4096; + char *buf = xmalloc(bufsize); while(!feof(in)) { - size_t read = fread(buf + count, 1, alloced - count, in); + size_t read = fread(buf + count, 1, bufsize - count, in); if(!read) { break; @@ -2747,9 +2710,9 @@ static void *readfile(FILE *in, size_t *len) { count += read; - if(count >= alloced) { - alloced *= 2; - buf = xrealloc(buf, alloced); + if(count >= bufsize) { + bufsize *= 2; + buf = xrealloc(buf, bufsize); } } @@ -2824,7 +2787,7 @@ static int cmd_sign(int argc, char *argv[]) { long t = time(NULL); char *trailer; xasprintf(&trailer, " %s %ld", name, t); - int trailer_len = strlen(trailer); + size_t trailer_len = strlen(trailer); data = xrealloc(data, len + trailer_len); memcpy(data + len, trailer, trailer_len); @@ -2839,7 +2802,7 @@ static int cmd_sign(int argc, char *argv[]) { return 1; } - b64encode(sig, sig, 64); + b64encode_tinc(sig, sig, 64); ecdsa_free(key); fprintf(stdout, "Signature = %s %ld %s\n", name, t, sig); @@ -2939,7 +2902,7 @@ static int cmd_verify(int argc, char *argv[]) { char *trailer; xasprintf(&trailer, " %s %ld", signer, t); - int trailer_len = strlen(trailer); + size_t trailer_len = strlen(trailer); data = xrealloc(data, len + trailer_len); memcpy(data + len, trailer, trailer_len); @@ -2973,7 +2936,7 @@ static int cmd_verify(int argc, char *argv[]) { fclose(fp); - if(b64decode(sig, sig, 86) != 64 || !ecdsa_verify(key, newline, len + trailer_len - (newline - data), sig)) { + if(b64decode_tinc(sig, sig, 86) != 64 || !ecdsa_verify(key, newline, len + trailer_len - (newline - data), sig)) { fprintf(stderr, "Invalid signature\n"); free(data); ecdsa_free(key); @@ -3298,11 +3261,15 @@ static int cmd_shell(int argc, char *argv[]) { return result; } +static void cleanup() { + free(tinc_conf); + free(hosts_dir); + free_names(); +} int main(int argc, char *argv[]) { program_name = argv[0]; orig_argv = argv; - orig_argc = argc; tty = isatty(0) && isatty(1); if(!parse_options(argc, argv)) { @@ -3312,6 +3279,7 @@ int main(int argc, char *argv[]) { make_names(false); xasprintf(&tinc_conf, "%s" SLASH "tinc.conf", confbase); xasprintf(&hosts_dir, "%s" SLASH "hosts", confbase); + atexit(cleanup); if(show_version) { version(); @@ -3333,7 +3301,8 @@ int main(int argc, char *argv[]) { #endif - srand(time(NULL)); + gettimeofday(&now, NULL); + srand(now.tv_sec + now.tv_usec); crypto_init(); if(optind >= argc) {