X-Git-Url: https://tinc-vpn.org/git/browse?a=blobdiff_plain;f=src%2Ftincd.c;h=8a4c1f394830d8e5a8c6e7a407c87cf05bd052a1;hb=ce4d55b72fd4290d4710f10e755f6dd9ed039d88;hp=5bfeeabb364cbe68b32b919d86520a0ff18c2088;hpb=e62fd508158749a0d55eae06c2e361df5d6da6e0;p=tinc diff --git a/src/tincd.c b/src/tincd.c index 5bfeeabb..8a4c1f39 100644 --- a/src/tincd.c +++ b/src/tincd.c @@ -55,6 +55,8 @@ #include "xalloc.h" #include "version.h" #include "random.h" +#include "sandbox.h" +#include "watchdog.h" /* If nonzero, display usage information and exit. */ static bool show_help = false; @@ -130,7 +132,7 @@ static void usage(bool status) { fprintf(stderr, "Try `%s --help\' for more information.\n", program_name); else { - static const char *message = + fprintf(stdout, "Usage: %s [option]...\n" "\n" " -c, --config=DIR Read configuration options from DIR.\n" @@ -152,10 +154,20 @@ static void usage(bool status) { " --help Display this help and exit.\n" " --version Output version information and exit.\n" "\n" - "Report bugs to tinc@tinc-vpn.org.\n"; + "Report bugs to tinc@tinc-vpn.org.\n", + program_name); + } +} - printf(message, program_name); +// Try to resolve path to absolute, return a copy of the argument if this fails. +static char *get_path_arg(char *arg) { + char *result = absolute_path(arg); + + if(!result) { + result = xstrdup(arg); } + + return result; } static bool parse_options(int argc, char **argv) { @@ -174,8 +186,9 @@ static bool parse_options(int argc, char **argv) { goto exit_fail; case OPT_CONFIG_FILE: + assert(optarg); free(confbase); - confbase = xstrdup(optarg); + confbase = get_path_arg(optarg); break; case OPT_NO_DETACH: @@ -205,6 +218,7 @@ static bool parse_options(int argc, char **argv) { break; case OPT_NETNAME: + assert(optarg); free(netname); netname = xstrdup(optarg); break; @@ -263,14 +277,15 @@ static bool parse_options(int argc, char **argv) { if(optarg) { free(logfilename); - logfilename = xstrdup(optarg); + logfilename = get_path_arg(optarg); } break; case OPT_PIDFILE: + assert(optarg); free(pidfilename); - pidfilename = xstrdup(optarg); + pidfilename = get_path_arg(optarg); break; default: @@ -312,6 +327,44 @@ exit_fail: return false; } +static bool read_sandbox_level(void) { + sandbox_level_t level; + char *value = NULL; + + if(get_config_string(lookup_config(&config_tree, "Sandbox"), &value)) { + if(!strcasecmp("off", value)) { + level = SANDBOX_NONE; + } else if(!strcasecmp("normal", value)) { + level = SANDBOX_NORMAL; + } else if(!strcasecmp("high", value)) { + level = SANDBOX_HIGH; + } else { + logger(DEBUG_ALWAYS, LOG_ERR, "Bad sandbox value %s!", value); + free(value); + return false; + } + + free(value); + } else { +#ifdef HAVE_SANDBOX + level = SANDBOX_NORMAL; +#else + level = SANDBOX_NONE; +#endif + } + +#ifndef HAVE_SANDBOX + + if(level > SANDBOX_NONE) { + logger(DEBUG_ALWAYS, LOG_ERR, "Sandbox is used but is not supported on this platform"); + return false; + } + +#endif + sandbox_set_level(level); + return true; +} + static bool drop_privs(void) { #ifndef HAVE_WINDOWS uid_t uid = 0; @@ -363,7 +416,8 @@ static bool drop_privs(void) { } #endif - return true; + + return sandbox_enter(); } #ifdef HAVE_WINDOWS @@ -408,7 +462,7 @@ int main(int argc, char **argv) { } if(show_version) { - static const char *message = + fprintf(stdout, "%s version %s (built %s %s, protocol %d.%d)\n" "Features:" #ifdef HAVE_OPENSSL @@ -438,6 +492,9 @@ int main(int argc, char **argv) { #ifdef HAVE_MINIUPNPC " miniupnpc" #endif +#ifdef HAVE_SANDBOX + " sandbox" +#endif #ifdef ENABLE_UML " uml" #endif @@ -450,9 +507,8 @@ int main(int argc, char **argv) { "\n" "tinc comes with ABSOLUTELY NO WARRANTY. This is free software,\n" "and you are welcome to redistribute it under certain conditions;\n" - "see the file COPYING for details.\n"; - - printf(message, PACKAGE, BUILD_VERSION, BUILD_DATE, BUILD_TIME, PROT_MAJOR, PROT_MINOR); + "see the file COPYING for details.\n", + PACKAGE, BUILD_VERSION, BUILD_DATE, BUILD_TIME, PROT_MAJOR, PROT_MINOR); return 0; } @@ -521,6 +577,10 @@ int main(int argc, char **argv) { return 1; } + if(!read_sandbox_level()) { + return 1; + } + if(debug_level == DEBUG_NOTHING) { int level = 0; @@ -635,8 +695,16 @@ int main2(int argc, char **argv) { try_outgoing_connections(); +#ifdef HAVE_WATCHDOG + watchdog_start(); +#endif + status = main_loop(); +#ifdef HAVE_WATCHDOG + watchdog_stop(); +#endif + /* Shutdown properly. */ end: