/*
tincd.c -- the main file for tincd
- Copyright (C) 1998-2001 Ivo Timmermans <itimmermans@bigfoot.com>
- 2000,2001 Guus Sliepen <guus@sliepen.warande.net>
+ Copyright (C) 1998-2002 Ivo Timmermans <ivo@o2w.nl>
+ 2000-2002 Guus Sliepen <guus@sliepen.eu.org>
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
along with this program; if not, write to the Free Software
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
- $Id: tincd.c,v 1.10.4.53 2001/10/27 12:13:17 guus Exp $
+ $Id: tincd.c,v 1.10.4.61 2002/07/16 13:12:49 guus Exp $
*/
#include "config.h"
#include <errno.h>
-#include <fcntl.h>
+#include <fcntl.h>
#include <getopt.h>
#include <signal.h>
#include <stdio.h>
#include <signal.h>
#include <string.h>
#include <termios.h>
+#include <sys/mman.h>
#ifdef HAVE_SYS_IOCTL_H
# include <sys/ioctl.h>
#include <openssl/rand.h>
#include <openssl/rsa.h>
#include <openssl/pem.h>
+#include <openssl/evp.h>
#include <utils.h>
#include <xalloc.h>
char *program_name;
/* If nonzero, display usage information and exit. */
-static int show_help;
+int show_help;
/* If nonzero, print the version on standard output and exit. */
-static int show_version;
+int show_version;
/* If nonzero, it will attempt to kill a running tincd and exit. */
-static int kill_tincd = 0;
+int kill_tincd = 0;
/* If nonzero, generate public/private keypair for this host/net. */
-static int generate_keys = 0;
+int generate_keys = 0;
+
+/* If nonzero, use null ciphers and skip all key exchanges. */
+int bypass_security = 0;
+
+/* If nonzero, disable swapping for this process. */
+int do_mlock = 0;
char *identname; /* program name for syslog */
char *pidfilename; /* pid file location */
{ "no-detach", no_argument, &do_detach, 0 },
{ "generate-keys", optional_argument, NULL, 'K'},
{ "debug", optional_argument, NULL, 'd'},
+ { "bypass-security", no_argument, &bypass_security, 1 },
+ { "mlock", no_argument, &do_mlock, 1},
{ NULL, 0, NULL, 0 }
};
{
printf(_("Usage: %s [option]...\n\n"), program_name);
printf(_(" -c, --config=DIR Read configuration options from DIR.\n"
- " -D, --no-detach Don't fork and detach.\n"
- " -d, --debug[=LEVEL] Increase debug level or set it to LEVEL.\n"
- " -k, --kill[=SIGNAL] Attempt to kill a running tincd and exit.\n"
- " -n, --net=NETNAME Connect to net NETNAME.\n"));
- printf(_(" -K, --generate-keys[=BITS] Generate public/private RSA keypair.\n"
+ " -D, --no-detach Don't fork and detach.\n"
+ " -d, --debug[=LEVEL] Increase debug level or set it to LEVEL.\n"
+ " -k, --kill[=SIGNAL] Attempt to kill a running tincd and exit.\n"
+ " -n, --net=NETNAME Connect to net NETNAME.\n"
+ " -K, --generate-keys[=BITS] Generate public/private RSA keypair.\n"
+ " -L, --mlock Lock tinc into main memory.\n"
" --help Display this help and exit.\n"
- " --version Output version information and exit.\n\n"));
+ " --version Output version information and exit.\n\n"));
printf(_("Report bugs to tinc@nl.linux.org.\n"));
}
exit(status);
{
int r;
int option_index = 0;
-
- while((r = getopt_long(argc, argv, "c:Dd::k::n:K::", long_options, &option_index)) != EOF)
+
+ while((r = getopt_long(argc, argv, "c:DLd::k::n:K::", long_options, &option_index)) != EOF)
{
switch(r)
{
case 0: /* long option */
break;
- case 'c': /* config file */
- confbase = xmalloc(strlen(optarg)+1);
- strcpy(confbase, optarg);
- break;
- case 'D': /* no detach */
- do_detach = 0;
- break;
- case 'd': /* inc debug level */
- if(optarg)
- debug_lvl = atoi(optarg);
- else
- debug_lvl++;
- break;
- case 'k': /* kill old tincds */
- kill_tincd = optarg?atoi(optarg):SIGTERM;
- break;
- case 'n': /* net name given */
- netname = xmalloc(strlen(optarg)+1);
- strcpy(netname, optarg);
- break;
- case 'K': /* generate public/private keypair */
+ case 'c': /* config file */
+ confbase = xmalloc(strlen(optarg)+1);
+ strcpy(confbase, optarg);
+ break;
+ case 'D': /* no detach */
+ do_detach = 0;
+ break;
+ case 'L': /* no detach */
+ do_mlock = 1;
+ break;
+ case 'd': /* inc debug level */
+ if(optarg)
+ debug_lvl = atoi(optarg);
+ else
+ debug_lvl++;
+ break;
+ case 'k': /* kill old tincds */
+ if(optarg)
+ {
+ if(!strcasecmp(optarg, "HUP"))
+ kill_tincd = SIGHUP;
+ else if(!strcasecmp(optarg, "TERM"))
+ kill_tincd = SIGTERM;
+ else if(!strcasecmp(optarg, "KILL"))
+ kill_tincd = SIGKILL;
+ else if(!strcasecmp(optarg, "USR1"))
+ kill_tincd = SIGUSR1;
+ else if(!strcasecmp(optarg, "USR2"))
+ kill_tincd = SIGUSR2;
+ else if(!strcasecmp(optarg, "WINCH"))
+ kill_tincd = SIGWINCH;
+ else if(!strcasecmp(optarg, "INT"))
+ kill_tincd = SIGINT;
+ else if(!strcasecmp(optarg, "ALRM"))
+ kill_tincd = SIGALRM;
+ else
+ {
+ kill_tincd = atoi(optarg);
+ if(!kill_tincd)
+ {
+ fprintf(stderr, _("Invalid argument `%s'; SIGNAL must be a number or one of HUP, TERM, KILL, USR1, USR2, WINCH, INT or ALRM.\n"), optarg);
+ usage(1);
+ }
+ }
+ }
+ else
+ kill_tincd = SIGTERM;
+ break;
+ case 'n': /* net name given */
+ netname = xmalloc(strlen(optarg)+1);
+ strcpy(netname, optarg);
+ break;
+ case 'K': /* generate public/private keypair */
if(optarg)
{
generate_keys = atoi(optarg);
if(generate_keys < 512)
{
fprintf(stderr, _("Invalid argument `%s'; BITS must be a number equal to or greater than 512.\n"),
- optarg);
+ optarg);
usage(1);
}
- generate_keys &= ~7; /* Round it to bytes */
+ generate_keys &= ~7; /* Round it to bytes */
}
else
generate_keys = 1024;
- break;
+ break;
case '?':
usage(1);
default:
switch(b)
{
case 0:
- fprintf(stderr, " p\n");
+ fprintf(stderr, " p\n");
break;
case 1:
fprintf(stderr, " q\n");
PEM_write_RSAPublicKey(f, rsa_key);
fclose(f);
free(filename);
-
+
asprintf(&filename, "%s/rsa_key.priv", confbase);
if((f = ask_and_safe_open(filename, _("private RSA key"), "a")) == NULL)
return -1;
if(show_version)
{
printf(_("%s version %s (built %s %s, protocol %d)\n"), PACKAGE, VERSION, __DATE__, __TIME__, PROT_CURRENT);
- printf(_("Copyright (C) 1998-2001 Ivo Timmermans, Guus Sliepen and others.\n"
- "See the AUTHORS file for a complete list.\n\n"
- "tinc comes with ABSOLUTELY NO WARRANTY. This is free software,\n"
- "and you are welcome to redistribute it under certain conditions;\n"
- "see the file COPYING for details.\n"));
+ printf(_("Copyright (C) 1998-2002 Ivo Timmermans, Guus Sliepen and others.\n"
+ "See the AUTHORS file for a complete list.\n\n"
+ "tinc comes with ABSOLUTELY NO WARRANTY. This is free software,\n"
+ "and you are welcome to redistribute it under certain conditions;\n"
+ "see the file COPYING for details.\n"));
return 0;
}
if(show_help)
usage(0);
- if(geteuid())
- {
- fprintf(stderr, _("You must be root to run this program.\n"));
- return 1;
- }
-
-#ifdef HAVE_SOLARIS
+#ifndef LOG_PERROR
openlog("tinc", LOG_CONS, LOG_DAEMON); /* Catch all syslog() calls issued before detaching */
-#else
+#else
openlog("tinc", LOG_PERROR, LOG_DAEMON); /* Catch all syslog() calls issued before detaching */
#endif
+ /* Lock all pages into memory if requested */
+
+ if(do_mlock)
+ if(mlockall(MCL_CURRENT | MCL_FUTURE)) {
+ syslog(LOG_ERR, _("System call `%s' failed: %s"), "mlockall", strerror(errno));
+ return -1;
+ }
+
g_argv = argv;
make_names();
+ init_configuration(&config_tree);
/* Slllluuuuuuurrrrp! */
cp
RAND_load_file("/dev/urandom", 1024);
+
+#ifdef HAVE_SSLEAY_ADD_ALL_ALGORITHMS
+ SSLeay_add_all_algorithms();
+#else
+ OpenSSL_add_all_algorithms();
+#endif
+
cp
if(generate_keys)
{
read_server_config();
exit(keygen(generate_keys));
}
-
+
if(kill_tincd)
exit(kill_other(kill_tincd));
main_loop();
cleanup_and_exit(1);
}
-
+
syslog(LOG_ERR, _("Unrecoverable error"));
cp_trace();
projects / tinc / blobdiff