X-Git-Url: https://tinc-vpn.org/git/browse?a=blobdiff_plain;f=src%2Ftincctl.c;h=bfc16af44aadcb7402a9d9e152a451741e7c2428;hb=046a10d692d1ac22de4daf783ee4fe025c4eb6ec;hp=dccd49d88fd08a29449d03d579217f38190f44fa;hpb=b0ffeb7eeb21920842382c302ca15ec0d758e9b6;p=tinc diff --git a/src/tincctl.c b/src/tincctl.c index dccd49d8..bfc16af4 100644 --- a/src/tincctl.c +++ b/src/tincctl.c @@ -1,6 +1,6 @@ /* tincctl.c -- Controlling a running tincd - Copyright (C) 2007-2018 Guus Sliepen + Copyright (C) 2007-2021 Guus Sliepen This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -40,6 +40,7 @@ #include "tincctl.h" #include "top.h" #include "version.h" +#include "subnet.h" #ifndef MSG_NOSIGNAL #define MSG_NOSIGNAL 0 @@ -125,12 +126,12 @@ static void usage(bool status) { " reload Partially reload configuration of running tincd.\n" " pid Show PID of currently running tincd.\n" #ifdef DISABLE_LEGACY - " generate-keys Generate a new Ed25519 public/private keypair.\n" + " generate-keys Generate a new Ed25519 public/private key pair.\n" #else - " generate-keys [bits] Generate new RSA and Ed25519 public/private keypairs.\n" - " generate-rsa-keys [bits] Generate a new RSA public/private keypair.\n" + " generate-keys [bits] Generate new RSA and Ed25519 public/private key pairs.\n" + " generate-rsa-keys [bits] Generate a new RSA public/private key pair.\n" #endif - " generate-ed25519-keys Generate a new Ed25519 public/private keypair.\n" + " generate-ed25519-keys Generate a new Ed25519 public/private key pair.\n" " dump Dump a list of one of the following things:\n" " [reachable] nodes - all known nodes in the VPN\n" " edges - all known connections in the VPN\n" @@ -237,7 +238,7 @@ static bool parse_options(int argc, char **argv) { FILE *fopenmask(const char *filename, const char *mode, mode_t perms) { mode_t mask = umask(0); perms &= ~mask; - umask(~perms); + umask(~perms & 0777); FILE *f = fopen(filename, mode); if(!f) { @@ -262,19 +263,21 @@ static void disable_old_keys(const char *filename, const char *what) { bool disabled = false; bool block = false; bool error = false; - FILE *r, *w; - r = fopen(filename, "r"); + FILE *r = fopen(filename, "r"); + FILE *w = NULL; if(!r) { return; } - snprintf(tmpfile, sizeof(tmpfile), "%s.tmp", filename); + int result = snprintf(tmpfile, sizeof(tmpfile), "%s.tmp", filename); - struct stat st = {.st_mode = 0600}; - fstat(fileno(r), &st); - w = fopenmask(tmpfile, "w", st.st_mode); + if(result < sizeof(tmpfile)) { + struct stat st = {.st_mode = 0600}; + fstat(fileno(r), &st); + w = fopenmask(tmpfile, "w", st.st_mode); + } while(fgets(buf, sizeof(buf), r)) { if(!block && !strncmp(buf, "-----BEGIN ", 11)) { @@ -416,7 +419,7 @@ ask_filename: } /* - Generate a public/private Ed25519 keypair, and ask for a file to store + Generate a public/private Ed25519 key pair, and ask for a file to store them in. */ static bool ed25519_keygen(bool ask) { @@ -424,7 +427,7 @@ static bool ed25519_keygen(bool ask) { FILE *f; char fname[PATH_MAX]; - fprintf(stderr, "Generating Ed25519 keypair:\n"); + fprintf(stderr, "Generating Ed25519 key pair:\n"); if(!(key = ecdsa_generate())) { fprintf(stderr, "Error during key generation!\n"); @@ -480,7 +483,7 @@ error: #ifndef DISABLE_LEGACY /* - Generate a public/private RSA keypair, and ask for a file to store + Generate a public/private RSA key pair, and ask for a file to store them in. */ static bool rsa_keygen(int bits, bool ask) { @@ -725,6 +728,24 @@ static void logcontrol(int fd, FILE *out, int level) { } } +static bool stop_tincd(void) { + if(!connect_tincd(true)) { + return false; + } + + sendline(fd, "%d %d", CONTROL, REQ_STOP); + + while(recvline(fd, line, sizeof(line))) { + // wait for tincd to close the connection... + } + + close(fd); + pid = 0; + fd = -1; + + return true; +} + #ifdef HAVE_MINGW static bool remove_service(void) { SC_HANDLE manager = NULL; @@ -742,7 +763,12 @@ static bool remove_service(void) { service = OpenService(manager, identname, SERVICE_ALL_ACCESS); if(!service) { - fprintf(stderr, "Could not open %s service: %s\n", identname, winerror(GetLastError())); + if(GetLastError() == ERROR_SERVICE_DOES_NOT_EXIST) { + success = stop_tincd(); + } else { + fprintf(stderr, "Could not open %s service: %s\n", identname, winerror(GetLastError())); + } + goto exit; } @@ -883,7 +909,6 @@ bool connect_tincd(bool verbose) { return false; } -#ifdef HAVE_MINGW unsigned long arg = 0; if(ioctlsocket(fd, FIONBIO, &arg) != 0) { @@ -892,8 +917,6 @@ bool connect_tincd(bool verbose) { } } -#endif - if(connect(fd, res->ai_addr, res->ai_addrlen) < 0) { if(verbose) { fprintf(stderr, "Cannot connect to %s port %s: %s\n", host, port, sockstrerror(sockerrno)); @@ -1083,9 +1106,11 @@ static int cmd_stop(int argc, char *argv[]) { return 1; } -#ifndef HAVE_MINGW +#ifdef HAVE_MINGW + return remove_service() ? EXIT_SUCCESS : EXIT_FAILURE; +#else - if(!connect_tincd(true)) { + if(!stop_tincd()) { if(pid) { if(kill(pid, SIGTERM)) { fprintf(stderr, "Could not send TERM signal to process with PID %d: %s\n", pid, strerror(errno)); @@ -1100,24 +1125,8 @@ static int cmd_stop(int argc, char *argv[]) { return 1; } - sendline(fd, "%d %d", CONTROL, REQ_STOP); - - while(recvline(fd, line, sizeof(line))) { - // Wait for tincd to close the connection... - } - -#else - - if(!remove_service()) { - return 1; - } - -#endif - close(fd); - pid = 0; - fd = -1; - return 0; +#endif } static int cmd_restart(int argc, char *argv[]) { @@ -1346,7 +1355,7 @@ static int cmd_dump(int argc, char *argv[]) { color = "green"; } - printf(" %s [label = \"%s\", color = \"%s\"%s];\n", node, node, color, strcmp(host, "MYSELF") ? "" : ", style = \"filled\""); + printf(" \"%s\" [label = \"%s\", color = \"%s\"%s];\n", node, node, color, strcmp(host, "MYSELF") ? "" : ", style = \"filled\""); } else { if(only_reachable && !status.reachable) { continue; @@ -1376,9 +1385,9 @@ static int cmd_dump(int argc, char *argv[]) { float w = 1 + 65536.0 / weight; if(do_graph == 1 && strcmp(node1, node2) > 0) { - printf(" %s -- %s [w = %f, weight = %f];\n", node1, node2, w, w); + printf(" \"%s\" -- \"%s\" [w = %f, weight = %f];\n", node1, node2, w, w); } else if(do_graph == 2) { - printf(" %s -> %s [w = %f, weight = %f];\n", node1, node2, w, w); + printf(" \"%s\" -> \"%s\" [w = %f, weight = %f];\n", node1, node2, w, w); } } else { printf("%s to %s at %s port %s local %s port %s options %x weight %d\n", from, to, host, port, local_host, local_port, options, weight); @@ -1717,18 +1726,18 @@ ecdsa_t *get_pubkey(FILE *f) { const var_t variables[] = { /* Server configuration */ - {"AddressFamily", VAR_SERVER}, + {"AddressFamily", VAR_SERVER | VAR_SAFE}, {"AutoConnect", VAR_SERVER | VAR_SAFE}, {"BindToAddress", VAR_SERVER | VAR_MULTIPLE}, {"BindToInterface", VAR_SERVER}, {"Broadcast", VAR_SERVER | VAR_SAFE}, {"BroadcastSubnet", VAR_SERVER | VAR_MULTIPLE | VAR_SAFE}, {"ConnectTo", VAR_SERVER | VAR_MULTIPLE | VAR_SAFE}, - {"DecrementTTL", VAR_SERVER}, + {"DecrementTTL", VAR_SERVER | VAR_SAFE}, {"Device", VAR_SERVER}, {"DeviceStandby", VAR_SERVER}, {"DeviceType", VAR_SERVER}, - {"DirectOnly", VAR_SERVER}, + {"DirectOnly", VAR_SERVER | VAR_SAFE}, {"Ed25519PrivateKeyFile", VAR_SERVER}, {"ExperimentalProtocol", VAR_SERVER}, {"Forwarding", VAR_SERVER}, @@ -1738,34 +1747,34 @@ const var_t variables[] = { {"IffOneQueue", VAR_SERVER}, {"Interface", VAR_SERVER}, {"InvitationExpire", VAR_SERVER}, - {"KeyExpire", VAR_SERVER}, + {"KeyExpire", VAR_SERVER | VAR_SAFE}, {"ListenAddress", VAR_SERVER | VAR_MULTIPLE}, - {"LocalDiscovery", VAR_SERVER}, + {"LocalDiscovery", VAR_SERVER | VAR_SAFE}, {"LogLevel", VAR_SERVER}, - {"MACExpire", VAR_SERVER}, - {"MaxConnectionBurst", VAR_SERVER}, - {"MaxOutputBufferSize", VAR_SERVER}, - {"MaxTimeout", VAR_SERVER}, + {"MACExpire", VAR_SERVER | VAR_SAFE}, + {"MaxConnectionBurst", VAR_SERVER | VAR_SAFE}, + {"MaxOutputBufferSize", VAR_SERVER | VAR_SAFE}, + {"MaxTimeout", VAR_SERVER | VAR_SAFE}, {"Mode", VAR_SERVER | VAR_SAFE}, {"Name", VAR_SERVER}, - {"PingInterval", VAR_SERVER}, - {"PingTimeout", VAR_SERVER}, + {"PingInterval", VAR_SERVER | VAR_SAFE}, + {"PingTimeout", VAR_SERVER | VAR_SAFE}, {"PriorityInheritance", VAR_SERVER}, {"PrivateKey", VAR_SERVER | VAR_OBSOLETE}, {"PrivateKeyFile", VAR_SERVER}, {"ProcessPriority", VAR_SERVER}, {"Proxy", VAR_SERVER}, - {"ReplayWindow", VAR_SERVER}, + {"ReplayWindow", VAR_SERVER | VAR_SAFE}, {"ScriptsExtension", VAR_SERVER}, {"ScriptsInterpreter", VAR_SERVER}, - {"StrictSubnets", VAR_SERVER}, - {"TunnelServer", VAR_SERVER}, - {"UDPDiscovery", VAR_SERVER}, - {"UDPDiscoveryKeepaliveInterval", VAR_SERVER}, - {"UDPDiscoveryInterval", VAR_SERVER}, - {"UDPDiscoveryTimeout", VAR_SERVER}, - {"MTUInfoInterval", VAR_SERVER}, - {"UDPInfoInterval", VAR_SERVER}, + {"StrictSubnets", VAR_SERVER | VAR_SAFE}, + {"TunnelServer", VAR_SERVER | VAR_SAFE}, + {"UDPDiscovery", VAR_SERVER | VAR_SAFE}, + {"UDPDiscoveryKeepaliveInterval", VAR_SERVER | VAR_SAFE}, + {"UDPDiscoveryInterval", VAR_SERVER | VAR_SAFE}, + {"UDPDiscoveryTimeout", VAR_SERVER | VAR_SAFE}, + {"MTUInfoInterval", VAR_SERVER | VAR_SAFE}, + {"UDPInfoInterval", VAR_SERVER | VAR_SAFE}, {"UDPRcvBuf", VAR_SERVER}, {"UDPSndBuf", VAR_SERVER}, {"UPnP", VAR_SERVER}, @@ -1776,12 +1785,12 @@ const var_t variables[] = { /* Host configuration */ {"Address", VAR_HOST | VAR_MULTIPLE}, {"Cipher", VAR_SERVER | VAR_HOST}, - {"ClampMSS", VAR_SERVER | VAR_HOST}, - {"Compression", VAR_SERVER | VAR_HOST}, + {"ClampMSS", VAR_SERVER | VAR_HOST | VAR_SAFE}, + {"Compression", VAR_SERVER | VAR_HOST | VAR_SAFE}, {"Digest", VAR_SERVER | VAR_HOST}, {"Ed25519PublicKey", VAR_HOST}, {"Ed25519PublicKeyFile", VAR_SERVER | VAR_HOST}, - {"IndirectData", VAR_SERVER | VAR_HOST}, + {"IndirectData", VAR_SERVER | VAR_HOST | VAR_SAFE}, {"MACLength", VAR_SERVER | VAR_HOST}, {"PMTU", VAR_SERVER | VAR_HOST}, {"PMTUDiscovery", VAR_SERVER | VAR_HOST}, @@ -1789,7 +1798,7 @@ const var_t variables[] = { {"PublicKey", VAR_HOST | VAR_OBSOLETE}, {"PublicKeyFile", VAR_SERVER | VAR_HOST | VAR_OBSOLETE}, {"Subnet", VAR_HOST | VAR_MULTIPLE | VAR_SAFE}, - {"TCPOnly", VAR_SERVER | VAR_HOST}, + {"TCPOnly", VAR_SERVER | VAR_HOST | VAR_SAFE}, {"Weight", VAR_HOST | VAR_SAFE}, {NULL, 0} }; @@ -1880,6 +1889,19 @@ static int cmd_config(int argc, char *argv[]) { found = true; variable = (char *)variables[i].name; + if(!strcasecmp(variable, "Subnet")) { + subnet_t s = {0}; + + if(!str2net(&s, value)) { + fprintf(stderr, "Malformed subnet definition %s\n", value); + } + + if(!subnetcheck(s)) { + fprintf(stderr, "Network address and prefix length do not match: %s\n", value); + return 1; + } + } + /* Discourage use of obsolete variables. */ if(variables[i].type & VAR_OBSOLETE && action >= 0) { @@ -2301,6 +2323,7 @@ static int cmd_init(int argc, char *argv[]) { static int cmd_generate_keys(int argc, char *argv[]) { #ifdef DISABLE_LEGACY + (void)argv; if(argc > 1) { #else @@ -2440,10 +2463,14 @@ static int cmd_edit(int argc, char *argv[]) { char *command; #ifndef HAVE_MINGW const char *editor = getenv("VISUAL"); - if (!editor) + + if(!editor) { editor = getenv("EDITOR"); - if (!editor) + } + + if(!editor) { editor = "vi"; + } xasprintf(&command, "\"%s\" \"%s\"", editor, filename); #else