X-Git-Url: https://tinc-vpn.org/git/browse?p=tinc;a=blobdiff_plain;f=src%2Ftincd.c;h=044fe0c427316ca58d92f82f817473c66bfed976;hp=318f7594e630f2bf288e9f744c44d23a9f4f1caa;hb=227ccd3a8a5602e4c31add8da1bfd8b35c6a801f;hpb=125c4978812cffa5154ce5378a276f43f78417d8 diff --git a/src/tincd.c b/src/tincd.c index 318f7594..044fe0c4 100644 --- a/src/tincd.c +++ b/src/tincd.c @@ -1,7 +1,7 @@ /* tincd.c -- the main file for tincd - Copyright (C) 1998-2001 Ivo Timmermans - 2000,2001 Guus Sliepen + Copyright (C) 1998-2002 Ivo Timmermans + 2000-2002 Guus Sliepen This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -17,13 +17,13 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: tincd.c,v 1.10.4.45 2001/03/01 21:32:04 guus Exp $ + $Id: tincd.c,v 1.10.4.61 2002/07/16 13:12:49 guus Exp $ */ #include "config.h" #include -#include +#include #include #include #include @@ -33,36 +33,16 @@ #include #include #include +#include #ifdef HAVE_SYS_IOCTL_H # include #endif -#ifdef HAVE_OPENSSL_RAND_H -# include -#else -# include -#endif - -#ifdef HAVE_OPENSSL_RSA_H -# include -#else -# include -#endif - -#ifdef HAVE_OPENSSL_ERR_H -# include -#else -# include -#endif - -#ifdef HAVE_OPENSSL_PEM_H -# include -#else -# include -#endif - - +#include +#include +#include +#include #include #include @@ -80,16 +60,22 @@ char *program_name; /* If nonzero, display usage information and exit. */ -static int show_help; +int show_help; /* If nonzero, print the version on standard output and exit. */ -static int show_version; +int show_version; /* If nonzero, it will attempt to kill a running tincd and exit. */ -static int kill_tincd = 0; +int kill_tincd = 0; /* If nonzero, generate public/private keypair for this host/net. */ -static int generate_keys = 0; +int generate_keys = 0; + +/* If nonzero, use null ciphers and skip all key exchanges. */ +int bypass_security = 0; + +/* If nonzero, disable swapping for this process. */ +int do_mlock = 0; char *identname; /* program name for syslog */ char *pidfilename; /* pid file location */ @@ -100,12 +86,15 @@ char **environment; /* A pointer to the environment on static struct option const long_options[] = { { "config", required_argument, NULL, 'c' }, - { "kill", no_argument, NULL, 'k' }, + { "kill", optional_argument, NULL, 'k' }, { "net", required_argument, NULL, 'n' }, { "help", no_argument, &show_help, 1 }, { "version", no_argument, &show_version, 1 }, { "no-detach", no_argument, &do_detach, 0 }, { "generate-keys", optional_argument, NULL, 'K'}, + { "debug", optional_argument, NULL, 'd'}, + { "bypass-security", no_argument, &bypass_security, 1 }, + { "mlock", no_argument, &do_mlock, 1}, { NULL, 0, NULL, 0 } }; @@ -118,13 +107,14 @@ usage(int status) { printf(_("Usage: %s [option]...\n\n"), program_name); printf(_(" -c, --config=DIR Read configuration options from DIR.\n" - " -D, --no-detach Don't fork and detach.\n" - " -d Increase debug level.\n" - " -k, --kill Attempt to kill a running tincd and exit.\n" - " -n, --net=NETNAME Connect to net NETNAME.\n")); - printf(_(" -K, --generate-keys[=BITS] Generate public/private RSA keypair.\n" + " -D, --no-detach Don't fork and detach.\n" + " -d, --debug[=LEVEL] Increase debug level or set it to LEVEL.\n" + " -k, --kill[=SIGNAL] Attempt to kill a running tincd and exit.\n" + " -n, --net=NETNAME Connect to net NETNAME.\n" + " -K, --generate-keys[=BITS] Generate public/private RSA keypair.\n" + " -L, --mlock Lock tinc into main memory.\n" " --help Display this help and exit.\n" - " --version Output version information and exit.\n\n")); + " --version Output version information and exit.\n\n")); printf(_("Report bugs to tinc@nl.linux.org.\n")); } exit(status); @@ -135,48 +125,80 @@ parse_options(int argc, char **argv, char **envp) { int r; int option_index = 0; - - while((r = getopt_long(argc, argv, "c:Ddkn:K::", long_options, &option_index)) != EOF) + + while((r = getopt_long(argc, argv, "c:DLd::k::n:K::", long_options, &option_index)) != EOF) { switch(r) { case 0: /* long option */ break; - case 'c': /* config file */ - confbase = xmalloc(strlen(optarg)+1); - strcpy(confbase, optarg); - break; - case 'D': /* no detach */ - do_detach = 0; - break; - case 'd': /* inc debug level */ - if(optarg) - debug_lvl = atoi(optarg); - else - debug_lvl++; - break; - case 'k': /* kill old tincds */ - kill_tincd = 1; - break; - case 'n': /* net name given */ - netname = xmalloc(strlen(optarg)+1); - strcpy(netname, optarg); - break; - case 'K': /* generate public/private keypair */ + case 'c': /* config file */ + confbase = xmalloc(strlen(optarg)+1); + strcpy(confbase, optarg); + break; + case 'D': /* no detach */ + do_detach = 0; + break; + case 'L': /* no detach */ + do_mlock = 1; + break; + case 'd': /* inc debug level */ + if(optarg) + debug_lvl = atoi(optarg); + else + debug_lvl++; + break; + case 'k': /* kill old tincds */ + if(optarg) + { + if(!strcasecmp(optarg, "HUP")) + kill_tincd = SIGHUP; + else if(!strcasecmp(optarg, "TERM")) + kill_tincd = SIGTERM; + else if(!strcasecmp(optarg, "KILL")) + kill_tincd = SIGKILL; + else if(!strcasecmp(optarg, "USR1")) + kill_tincd = SIGUSR1; + else if(!strcasecmp(optarg, "USR2")) + kill_tincd = SIGUSR2; + else if(!strcasecmp(optarg, "WINCH")) + kill_tincd = SIGWINCH; + else if(!strcasecmp(optarg, "INT")) + kill_tincd = SIGINT; + else if(!strcasecmp(optarg, "ALRM")) + kill_tincd = SIGALRM; + else + { + kill_tincd = atoi(optarg); + if(!kill_tincd) + { + fprintf(stderr, _("Invalid argument `%s'; SIGNAL must be a number or one of HUP, TERM, KILL, USR1, USR2, WINCH, INT or ALRM.\n"), optarg); + usage(1); + } + } + } + else + kill_tincd = SIGTERM; + break; + case 'n': /* net name given */ + netname = xmalloc(strlen(optarg)+1); + strcpy(netname, optarg); + break; + case 'K': /* generate public/private keypair */ if(optarg) { generate_keys = atoi(optarg); if(generate_keys < 512) { fprintf(stderr, _("Invalid argument `%s'; BITS must be a number equal to or greater than 512.\n"), - optarg); + optarg); usage(1); } - generate_keys &= ~7; /* Round it to bytes */ + generate_keys &= ~7; /* Round it to bytes */ } else generate_keys = 1024; - break; + break; case '?': usage(1); default: @@ -204,7 +226,7 @@ void indicator(int a, int b, void *p) switch(b) { case 0: - fprintf(stderr, " p\n"); + fprintf(stderr, " p\n"); break; case 1: fprintf(stderr, " q\n"); @@ -226,7 +248,7 @@ int keygen(int bits) { RSA *rsa_key; FILE *f; - config_t const *cfg; + char *name = NULL; char *filename; fprintf(stderr, _("Generating %d bits keys:\n"), bits); @@ -234,16 +256,18 @@ int keygen(int bits) if(!rsa_key) { - fprintf(stderr, _("Error during key generation!")); + fprintf(stderr, _("Error during key generation!\n")); return -1; - } + } else fprintf(stderr, _("Done.\n")); - if(config && (cfg = get_config_val(config, config_name))) - asprintf(&filename, "%s/hosts/%s", confbase, cfg->data.ptr); + get_config_string(lookup_config(config_tree, "Name"), &name); + + if(name) + asprintf(&filename, "%s/hosts/%s", confbase, name); else - asprintf(&filename, "%s/rsa_key.priv", confbase); + asprintf(&filename, "%s/rsa_key.pub", confbase); if((f = ask_and_safe_open(filename, _("public RSA key"), "a")) == NULL) return -1; @@ -254,7 +278,7 @@ int keygen(int bits) PEM_write_RSAPublicKey(f, rsa_key); fclose(f); free(filename); - + asprintf(&filename, "%s/rsa_key.priv", confbase); if((f = ask_and_safe_open(filename, _("private RSA key"), "a")) == NULL) return -1; @@ -305,21 +329,17 @@ main(int argc, char **argv, char **envp) bindtextdomain (PACKAGE, LOCALEDIR); textdomain (PACKAGE); - /* Do some intl stuff right now */ - - unknown = _("unknown"); - environment = envp; parse_options(argc, argv, envp); if(show_version) { printf(_("%s version %s (built %s %s, protocol %d)\n"), PACKAGE, VERSION, __DATE__, __TIME__, PROT_CURRENT); - printf(_("Copyright (C) 1998-2001 Ivo Timmermans, Guus Sliepen and others.\n" - "See the AUTHORS file for a complete list.\n\n" - "tinc comes with ABSOLUTELY NO WARRANTY. This is free software,\n" - "and you are welcome to redistribute it under certain conditions;\n" - "see the file COPYING for details.\n")); + printf(_("Copyright (C) 1998-2002 Ivo Timmermans, Guus Sliepen and others.\n" + "See the AUTHORS file for a complete list.\n\n" + "tinc comes with ABSOLUTELY NO WARRANTY. This is free software,\n" + "and you are welcome to redistribute it under certain conditions;\n" + "see the file COPYING for details.\n")); return 0; } @@ -327,30 +347,44 @@ main(int argc, char **argv, char **envp) if(show_help) usage(0); - if(geteuid()) - { - fprintf(stderr, _("You must be root to run this program.\n")); - return 1; - } - - openlog("tinc", LOG_PERROR, LOG_DAEMON); /* Catch all syslog() calls issued before detaching */ +#ifndef LOG_PERROR + openlog("tinc", LOG_CONS, LOG_DAEMON); /* Catch all syslog() calls issued before detaching */ +#else + openlog("tinc", LOG_PERROR, LOG_DAEMON); /* Catch all syslog() calls issued before detaching */ +#endif + /* Lock all pages into memory if requested */ + + if(do_mlock) + if(mlockall(MCL_CURRENT | MCL_FUTURE)) { + syslog(LOG_ERR, _("System call `%s' failed: %s"), "mlockall", strerror(errno)); + return -1; + } + g_argv = argv; make_names(); + init_configuration(&config_tree); /* Slllluuuuuuurrrrp! */ cp RAND_load_file("/dev/urandom", 1024); + +#ifdef HAVE_SSLEAY_ADD_ALL_ALGORITHMS + SSLeay_add_all_algorithms(); +#else + OpenSSL_add_all_algorithms(); +#endif + cp if(generate_keys) { read_server_config(); exit(keygen(generate_keys)); } - + if(kill_tincd) - exit(kill_other()); + exit(kill_other(kill_tincd)); if(read_server_config()) exit(1); @@ -358,9 +392,6 @@ cp if(detach()) exit(0); cp - if(debug_lvl >= DEBUG_ERROR) - ERR_load_crypto_strings(); - for(;;) { if(!setup_network_connections()) @@ -368,14 +399,14 @@ cp main_loop(); cleanup_and_exit(1); } - + syslog(LOG_ERR, _("Unrecoverable error")); cp_trace(); if(do_detach) { - syslog(LOG_NOTICE, _("Restarting in %d seconds!"), MAXTIMEOUT); - sleep(MAXTIMEOUT); + syslog(LOG_NOTICE, _("Restarting in %d seconds!"), maxtimeout); + sleep(maxtimeout); } else {