X-Git-Url: https://tinc-vpn.org/git/browse?p=tinc;a=blobdiff_plain;f=src%2Ftincd.c;h=044fe0c427316ca58d92f82f817473c66bfed976;hp=b790d7a14075fee88e28f8ae1105bfc3356ec667;hb=227ccd3a8a5602e4c31add8da1bfd8b35c6a801f;hpb=82e383710980534d38bb9a8ef22f20677cd85861 diff --git a/src/tincd.c b/src/tincd.c index b790d7a1..044fe0c4 100644 --- a/src/tincd.c +++ b/src/tincd.c @@ -1,7 +1,7 @@ /* tincd.c -- the main file for tincd - Copyright (C) 1998-2001 Ivo Timmermans - 2000,2001 Guus Sliepen + Copyright (C) 1998-2002 Ivo Timmermans + 2000-2002 Guus Sliepen This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -17,13 +17,13 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: tincd.c,v 1.10.4.53 2001/10/27 12:13:17 guus Exp $ + $Id: tincd.c,v 1.10.4.61 2002/07/16 13:12:49 guus Exp $ */ #include "config.h" #include -#include +#include #include #include #include @@ -33,6 +33,7 @@ #include #include #include +#include #ifdef HAVE_SYS_IOCTL_H # include @@ -41,6 +42,7 @@ #include #include #include +#include #include #include @@ -58,16 +60,22 @@ char *program_name; /* If nonzero, display usage information and exit. */ -static int show_help; +int show_help; /* If nonzero, print the version on standard output and exit. */ -static int show_version; +int show_version; /* If nonzero, it will attempt to kill a running tincd and exit. */ -static int kill_tincd = 0; +int kill_tincd = 0; /* If nonzero, generate public/private keypair for this host/net. */ -static int generate_keys = 0; +int generate_keys = 0; + +/* If nonzero, use null ciphers and skip all key exchanges. */ +int bypass_security = 0; + +/* If nonzero, disable swapping for this process. */ +int do_mlock = 0; char *identname; /* program name for syslog */ char *pidfilename; /* pid file location */ @@ -85,6 +93,8 @@ static struct option const long_options[] = { "no-detach", no_argument, &do_detach, 0 }, { "generate-keys", optional_argument, NULL, 'K'}, { "debug", optional_argument, NULL, 'd'}, + { "bypass-security", no_argument, &bypass_security, 1 }, + { "mlock", no_argument, &do_mlock, 1}, { NULL, 0, NULL, 0 } }; @@ -97,13 +107,14 @@ usage(int status) { printf(_("Usage: %s [option]...\n\n"), program_name); printf(_(" -c, --config=DIR Read configuration options from DIR.\n" - " -D, --no-detach Don't fork and detach.\n" - " -d, --debug[=LEVEL] Increase debug level or set it to LEVEL.\n" - " -k, --kill[=SIGNAL] Attempt to kill a running tincd and exit.\n" - " -n, --net=NETNAME Connect to net NETNAME.\n")); - printf(_(" -K, --generate-keys[=BITS] Generate public/private RSA keypair.\n" + " -D, --no-detach Don't fork and detach.\n" + " -d, --debug[=LEVEL] Increase debug level or set it to LEVEL.\n" + " -k, --kill[=SIGNAL] Attempt to kill a running tincd and exit.\n" + " -n, --net=NETNAME Connect to net NETNAME.\n" + " -K, --generate-keys[=BITS] Generate public/private RSA keypair.\n" + " -L, --mlock Lock tinc into main memory.\n" " --help Display this help and exit.\n" - " --version Output version information and exit.\n\n")); + " --version Output version information and exit.\n\n")); printf(_("Report bugs to tinc@nl.linux.org.\n")); } exit(status); @@ -114,48 +125,80 @@ parse_options(int argc, char **argv, char **envp) { int r; int option_index = 0; - - while((r = getopt_long(argc, argv, "c:Dd::k::n:K::", long_options, &option_index)) != EOF) + + while((r = getopt_long(argc, argv, "c:DLd::k::n:K::", long_options, &option_index)) != EOF) { switch(r) { case 0: /* long option */ break; - case 'c': /* config file */ - confbase = xmalloc(strlen(optarg)+1); - strcpy(confbase, optarg); - break; - case 'D': /* no detach */ - do_detach = 0; - break; - case 'd': /* inc debug level */ - if(optarg) - debug_lvl = atoi(optarg); - else - debug_lvl++; - break; - case 'k': /* kill old tincds */ - kill_tincd = optarg?atoi(optarg):SIGTERM; - break; - case 'n': /* net name given */ - netname = xmalloc(strlen(optarg)+1); - strcpy(netname, optarg); - break; - case 'K': /* generate public/private keypair */ + case 'c': /* config file */ + confbase = xmalloc(strlen(optarg)+1); + strcpy(confbase, optarg); + break; + case 'D': /* no detach */ + do_detach = 0; + break; + case 'L': /* no detach */ + do_mlock = 1; + break; + case 'd': /* inc debug level */ + if(optarg) + debug_lvl = atoi(optarg); + else + debug_lvl++; + break; + case 'k': /* kill old tincds */ + if(optarg) + { + if(!strcasecmp(optarg, "HUP")) + kill_tincd = SIGHUP; + else if(!strcasecmp(optarg, "TERM")) + kill_tincd = SIGTERM; + else if(!strcasecmp(optarg, "KILL")) + kill_tincd = SIGKILL; + else if(!strcasecmp(optarg, "USR1")) + kill_tincd = SIGUSR1; + else if(!strcasecmp(optarg, "USR2")) + kill_tincd = SIGUSR2; + else if(!strcasecmp(optarg, "WINCH")) + kill_tincd = SIGWINCH; + else if(!strcasecmp(optarg, "INT")) + kill_tincd = SIGINT; + else if(!strcasecmp(optarg, "ALRM")) + kill_tincd = SIGALRM; + else + { + kill_tincd = atoi(optarg); + if(!kill_tincd) + { + fprintf(stderr, _("Invalid argument `%s'; SIGNAL must be a number or one of HUP, TERM, KILL, USR1, USR2, WINCH, INT or ALRM.\n"), optarg); + usage(1); + } + } + } + else + kill_tincd = SIGTERM; + break; + case 'n': /* net name given */ + netname = xmalloc(strlen(optarg)+1); + strcpy(netname, optarg); + break; + case 'K': /* generate public/private keypair */ if(optarg) { generate_keys = atoi(optarg); if(generate_keys < 512) { fprintf(stderr, _("Invalid argument `%s'; BITS must be a number equal to or greater than 512.\n"), - optarg); + optarg); usage(1); } - generate_keys &= ~7; /* Round it to bytes */ + generate_keys &= ~7; /* Round it to bytes */ } else generate_keys = 1024; - break; + break; case '?': usage(1); default: @@ -183,7 +226,7 @@ void indicator(int a, int b, void *p) switch(b) { case 0: - fprintf(stderr, " p\n"); + fprintf(stderr, " p\n"); break; case 1: fprintf(stderr, " q\n"); @@ -235,7 +278,7 @@ int keygen(int bits) PEM_write_RSAPublicKey(f, rsa_key); fclose(f); free(filename); - + asprintf(&filename, "%s/rsa_key.priv", confbase); if((f = ask_and_safe_open(filename, _("private RSA key"), "a")) == NULL) return -1; @@ -292,11 +335,11 @@ main(int argc, char **argv, char **envp) if(show_version) { printf(_("%s version %s (built %s %s, protocol %d)\n"), PACKAGE, VERSION, __DATE__, __TIME__, PROT_CURRENT); - printf(_("Copyright (C) 1998-2001 Ivo Timmermans, Guus Sliepen and others.\n" - "See the AUTHORS file for a complete list.\n\n" - "tinc comes with ABSOLUTELY NO WARRANTY. This is free software,\n" - "and you are welcome to redistribute it under certain conditions;\n" - "see the file COPYING for details.\n")); + printf(_("Copyright (C) 1998-2002 Ivo Timmermans, Guus Sliepen and others.\n" + "See the AUTHORS file for a complete list.\n\n" + "tinc comes with ABSOLUTELY NO WARRANTY. This is free software,\n" + "and you are welcome to redistribute it under certain conditions;\n" + "see the file COPYING for details.\n")); return 0; } @@ -304,32 +347,42 @@ main(int argc, char **argv, char **envp) if(show_help) usage(0); - if(geteuid()) - { - fprintf(stderr, _("You must be root to run this program.\n")); - return 1; - } - -#ifdef HAVE_SOLARIS +#ifndef LOG_PERROR openlog("tinc", LOG_CONS, LOG_DAEMON); /* Catch all syslog() calls issued before detaching */ -#else +#else openlog("tinc", LOG_PERROR, LOG_DAEMON); /* Catch all syslog() calls issued before detaching */ #endif + /* Lock all pages into memory if requested */ + + if(do_mlock) + if(mlockall(MCL_CURRENT | MCL_FUTURE)) { + syslog(LOG_ERR, _("System call `%s' failed: %s"), "mlockall", strerror(errno)); + return -1; + } + g_argv = argv; make_names(); + init_configuration(&config_tree); /* Slllluuuuuuurrrrp! */ cp RAND_load_file("/dev/urandom", 1024); + +#ifdef HAVE_SSLEAY_ADD_ALL_ALGORITHMS + SSLeay_add_all_algorithms(); +#else + OpenSSL_add_all_algorithms(); +#endif + cp if(generate_keys) { read_server_config(); exit(keygen(generate_keys)); } - + if(kill_tincd) exit(kill_other(kill_tincd)); @@ -346,7 +399,7 @@ cp main_loop(); cleanup_and_exit(1); } - + syslog(LOG_ERR, _("Unrecoverable error")); cp_trace();