X-Git-Url: https://tinc-vpn.org/git/browse?p=tinc;a=blobdiff_plain;f=src%2Ftincd.c;h=1f3644270aa44a715db950bbadd590faf9939cd4;hp=a8a0146dfc32a87813ab3d00f04a65c8e9b61ff5;hb=ab7c61b06f6c6e991225f2fcc32d02b8e1084aee;hpb=ec316aa32e8567395a88c4583007f01ffae008ce

diff --git a/src/tincd.c b/src/tincd.c
index a8a0146d..1f364427 100644
--- a/src/tincd.c
+++ b/src/tincd.c
@@ -2,6 +2,7 @@
     tincd.c -- the main file for tincd
     Copyright (C) 1998-2005 Ivo Timmermans
                   2000-2009 Guus Sliepen <guus@tinc-vpn.org>
+                  2009      Michael Tokarev <mjt@tls.msk.ru>
 
     This program is free software; you can redistribute it and/or modify
     it under the terms of the GNU General Public License as published by
@@ -13,11 +14,9 @@
     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
     GNU General Public License for more details.
 
-    You should have received a copy of the GNU General Public License
-    along with this program; if not, write to the Free Software
-    Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-
-    $Id$
+    You should have received a copy of the GNU General Public License along
+    with this program; if not, write to the Free Software Foundation, Inc.,
+    51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 */
 
 #include "system.h"
@@ -115,6 +114,7 @@ static struct option const long_options[] = {
 
 #ifdef HAVE_MINGW
 static struct WSAData wsa_state;
+CRITICAL_SECTION mutex;
 #endif
 
 static void usage(bool status)
@@ -160,8 +160,13 @@ static bool parse_options(int argc, char **argv)
 				break;
 
 			case 'L':				/* no detach */
+#ifndef HAVE_MLOCKALL
+				logger(LOG_ERR, _("%s not supported on this platform"), "mlockall()");
+				return false;
+#else
 				do_mlock = true;
 				break;
+#endif
 
 			case 'd':				/* inc debug level */
 				if(optarg)
@@ -223,7 +228,7 @@ static bool parse_options(int argc, char **argv)
 
 					generate_keys &= ~7;	/* Round it to bytes */
 				} else
-					generate_keys = 1024;
+					generate_keys = 2048;
 				break;
 
 			case 'R':				/* chroot to NETNAME dir */
@@ -332,7 +337,7 @@ static bool keygen(int bits)
 	} else
 		fprintf(stderr, _("Done.\n"));
 
-	asprintf(&filename, "%s/rsa_key.priv", confbase);
+	xasprintf(&filename, "%s/rsa_key.priv", confbase);
 	f = ask_and_open(filename, _("private RSA key"));
 
 	if(!f)
@@ -351,9 +356,9 @@ static bool keygen(int bits)
 	free(filename);
 
 	if(name)
-		asprintf(&filename, "%s/hosts/%s", confbase, name);
+		xasprintf(&filename, "%s/hosts/%s", confbase, name);
 	else
-		asprintf(&filename, "%s/rsa_key.pub", confbase);
+		xasprintf(&filename, "%s/rsa_key.pub", confbase);
 
 	f = ask_and_open(filename, _("public RSA key"));
 
@@ -384,7 +389,7 @@ static void make_names(void)
 #endif
 
 	if(netname)
-		asprintf(&identname, "tinc.%s", netname);
+		xasprintf(&identname, "tinc.%s", netname);
 	else
 		identname = xstrdup("tinc");
 
@@ -392,12 +397,12 @@ static void make_names(void)
 	if(!RegOpenKeyEx(HKEY_LOCAL_MACHINE, "SOFTWARE\\tinc", 0, KEY_READ, &key)) {
 		if(!RegQueryValueEx(key, NULL, 0, 0, installdir, &len)) {
 			if(!logfilename)
-				asprintf(&logfilename, "%s/log/%s.log", identname);
+				xasprintf(&logfilename, "%s/log/%s.log", identname);
 			if(!confbase) {
 				if(netname)
-					asprintf(&confbase, "%s/%s", installdir, netname);
+					xasprintf(&confbase, "%s/%s", installdir, netname);
 				else
-					asprintf(&confbase, "%s", installdir);
+					xasprintf(&confbase, "%s", installdir);
 			}
 		}
 		RegCloseKey(key);
@@ -407,19 +412,19 @@ static void make_names(void)
 #endif
 
 	if(!pidfilename)
-		asprintf(&pidfilename, LOCALSTATEDIR "/run/%s.pid", identname);
+		xasprintf(&pidfilename, LOCALSTATEDIR "/run/%s.pid", identname);
 
 	if(!logfilename)
-		asprintf(&logfilename, LOCALSTATEDIR "/log/%s.log", identname);
+		xasprintf(&logfilename, LOCALSTATEDIR "/log/%s.log", identname);
 
 	if(netname) {
 		if(!confbase)
-			asprintf(&confbase, CONFDIR "/tinc/%s", netname);
+			xasprintf(&confbase, CONFDIR "/tinc/%s", netname);
 		else
 			logger(LOG_INFO, _("Both netname and configuration directory given, using the latter..."));
 	} else {
 		if(!confbase)
-			asprintf(&confbase, CONFDIR "/tinc");
+			xasprintf(&confbase, CONFDIR "/tinc");
 	}
 }
 
@@ -452,7 +457,8 @@ static bool drop_privs() {
 		uid = pw->pw_uid;
 		if (initgroups(switchuser, pw->pw_gid) != 0 ||
 		    setgid(pw->pw_gid) != 0) {
-			logger(LOG_ERR, _("%s failed"), "initgroups()");
+			logger(LOG_ERR, _("System call `%s' failed: %s"),
+			       "initgroups", strerror(errno));
 			return false;
 		}
 		endgrent();
@@ -460,8 +466,9 @@ static bool drop_privs() {
 	}
 	if (do_chroot) {
 		tzset();	/* for proper timestamps in logs */
-		if (chroot(confbase) != 0 || chdir(".") != 0) {
-			logger(LOG_ERR, _("%s failed"), "chroot()");
+		if (chroot(confbase) != 0 || chdir("/") != 0) {
+			logger(LOG_ERR, _("System call `%s' failed: %s"),
+			       "chroot", strerror(errno));
 			return false;
 		}
 		free(confbase);
@@ -469,13 +476,23 @@ static bool drop_privs() {
 	}
 	if (switchuser)
 		if (setuid(uid) != 0) {
-			logger(LOG_ERR, _("%s failed"), "setuid()");
+			logger(LOG_ERR, _("System call `%s' failed: %s"),
+			       "setuid", strerror(errno));
 			return false;
 		}
 #endif
 	return true;
 }
 
+#ifdef HAVE_MINGW
+# define setpriority(level) SetPriorityClass(GetCurrentProcess(), level)
+#else
+# define NORMAL_PRIORITY_CLASS 0
+# define BELOW_NORMAL_PRIORITY_CLASS 10
+# define HIGH_PRIORITY_CLASS -10
+# define setpriority(level) nice(level)
+#endif
+
 int main(int argc, char **argv)
 {
 	program_name = argv[0];
@@ -511,20 +528,6 @@ int main(int argc, char **argv)
 
 	openlogger("tinc", use_logfile?LOGMODE_FILE:LOGMODE_STDERR);
 
-	/* Lock all pages into memory if requested */
-
-	if(do_mlock)
-#ifdef HAVE_MLOCKALL
-		if(mlockall(MCL_CURRENT | MCL_FUTURE)) {
-			logger(LOG_ERR, _("System call `%s' failed: %s"), "mlockall",
-				   strerror(errno));
-#else
-	{
-		logger(LOG_ERR, _("mlockall() not supported on this platform!"));
-#endif
-		return -1;
-	}
-
 	g_argv = argv;
 
 	init_configuration(&config_tree);
@@ -565,24 +568,54 @@ int main(int argc, char **argv)
 
 int main2(int argc, char **argv)
 {
+	InitializeCriticalSection(&mutex);
+	EnterCriticalSection(&mutex);
 #endif
 
 	if(!detach())
 		return 1;
 
+#ifdef HAVE_MLOCKALL
+	/* Lock all pages into memory if requested.
+	 * This has to be done after daemon()/fork() so it works for child.
+	 * No need to do that in parent as it's very short-lived. */
+	if(do_mlock && mlockall(MCL_CURRENT | MCL_FUTURE) != 0) {
+		logger(LOG_ERR, _("System call `%s' failed: %s"), "mlockall",
+		   strerror(errno));
+		return 1;
+	}
+#endif
+
 	/* Setup sockets and open device. */
 
 	if(!setup_network())
 		goto end;
 
-	/* drop privileges */
-	if (!drop_privs())
-		goto end;
-
 	/* Initiate all outgoing connections. */
 
 	try_outgoing_connections();
 
+	/* Change process priority */
+
+        char *priority = 0;
+
+        if(get_config_string(lookup_config(config_tree, "ProcessPriority"), &priority)) {
+                if(!strcasecmp(priority, "Normal"))
+                        setpriority(NORMAL_PRIORITY_CLASS);
+                else if(!strcasecmp(priority, "Low"))
+                        setpriority(BELOW_NORMAL_PRIORITY_CLASS);
+                else if(!strcasecmp(priority, "High"))
+                        setpriority(HIGH_PRIORITY_CLASS);
+                else {
+                        logger(LOG_ERR, _("Invalid priority `%s`!"), priority);
+                        goto end;
+                }
+        }
+
+	/* drop privileges */
+	if (!drop_privs())
+		goto end;
+
 	/* Start main loop. It only exits when tinc is killed. */
 
 	status = main_loop();