X-Git-Url: https://tinc-vpn.org/git/browse?p=tinc;a=blobdiff_plain;f=src%2Ftincd.c;h=bcbd54a667ca8a03f709c19455f28476bdaa850d;hp=d2ce14d03fb00f0a4d566f7f8f01b47c9b5b3371;hb=1401faf608e1c8af0d0754e545b0ec79d2bd5d93;hpb=2ed68134047a19e708c2a2af32c58968835a7043 diff --git a/src/tincd.c b/src/tincd.c index d2ce14d0..bcbd54a6 100644 --- a/src/tincd.c +++ b/src/tincd.c @@ -1,7 +1,7 @@ /* tincd.c -- the main file for tincd - Copyright (C) 1998,1999,2000 Ivo Timmermans - 2000 Guus Sliepen + Copyright (C) 1998-2002 Ivo Timmermans + 2000-2002 Guus Sliepen This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -17,46 +17,39 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: tincd.c,v 1.10.4.33 2000/11/22 16:19:07 zarq Exp $ + $Id: tincd.c,v 1.10.4.71 2003/07/06 23:16:29 guus Exp $ */ #include "config.h" #include -#include +#include #include #include #include #include -#include #include #include #include #include -#ifdef HAVE_SYS_IOCTL_H -# include +/* Darwin (MacOS/X) needs the following definition... */ +#ifndef _P1003_1B_VISIBLE +#define _P1003_1B_VISIBLE #endif -#ifdef HAVE_OPENSSL_RAND_H -# include -#else -# include -#endif - -#ifdef HAVE_OPENSSL_RSA_H -# include -#else -# include -#endif +#include -#ifdef HAVE_OPENSSL_ERR_H -# include -#else -# include +#ifdef HAVE_SYS_IOCTL_H +# include #endif +#include +#include +#include +#include +#include #include #include @@ -67,289 +60,385 @@ #include "process.h" #include "protocol.h" #include "subnet.h" +#include "logger.h" #include "system.h" /* The name this program was run with. */ -char *program_name; +char *program_name = NULL; /* If nonzero, display usage information and exit. */ -static int show_help; +int show_help = 0; /* If nonzero, print the version on standard output and exit. */ -static int show_version; +int show_version = 0; /* If nonzero, it will attempt to kill a running tincd and exit. */ -static int kill_tincd = 0; - -/* If zero, don't detach from the terminal. */ -extern int do_detach; +int kill_tincd = 0; /* If nonzero, generate public/private keypair for this host/net. */ -static int generate_keys = 0; - -char *identname; /* program name for syslog */ -char *pidfilename; /* pid file location */ -char **g_argv; /* a copy of the cmdline arguments */ -char **environment; /* A pointer to the environment on - startup */ - -void cleanup_and_exit(int); -int kill_other(void); -void make_names(void); -int write_pidfile(void); - -static struct option const long_options[] = -{ - { "config", required_argument, NULL, 'c' }, - { "kill", no_argument, NULL, 'k' }, - { "net", required_argument, NULL, 'n' }, - { "help", no_argument, &show_help, 1 }, - { "version", no_argument, &show_version, 1 }, - { "no-detach", no_argument, &do_detach, 0 }, - { "generate-keys", optional_argument, NULL, 'K'}, - { NULL, 0, NULL, 0 } +int generate_keys = 0; + +/* If nonzero, use null ciphers and skip all key exchanges. */ +int bypass_security = 0; + +/* If nonzero, disable swapping for this process. */ +int do_mlock = 0; + +/* If nonzero, write log entries to a separate file. */ +int use_logfile = 0; + +char *identname = NULL; /* program name for syslog */ +char *pidfilename = NULL; /* pid file location */ +char *logfilename = NULL; /* log file location */ +char **g_argv; /* a copy of the cmdline arguments */ +char **environment; /* A pointer to the environment on + startup */ + +static struct option const long_options[] = { + {"config", required_argument, NULL, 'c'}, + {"kill", optional_argument, NULL, 'k'}, + {"net", required_argument, NULL, 'n'}, + {"help", no_argument, &show_help, 1}, + {"version", no_argument, &show_version, 1}, + {"no-detach", no_argument, &do_detach, 0}, + {"generate-keys", optional_argument, NULL, 'K'}, + {"debug", optional_argument, NULL, 'd'}, + {"bypass-security", no_argument, &bypass_security, 1}, + {"mlock", no_argument, &do_mlock, 1}, + {"logfile", optional_argument, NULL, 'F'}, + {NULL, 0, NULL, 0} }; -static void -usage(int status) +static void usage(int status) { - if(status != 0) - fprintf(stderr, _("Try `%s --help\' for more information.\n"), program_name); - else - { - printf(_("Usage: %s [option]...\n\n"), program_name); - printf(_(" -c, --config=DIR Read configuration options from DIR.\n" - " -D, --no-detach Don't fork and detach.\n" - " -d Increase debug level.\n" - " -k, --kill Attempt to kill a running tincd and exit.\n" - " -n, --net=NETNAME Connect to net NETNAME.\n")); - printf(_(" -K, --generate-keys[=BITS] Generate public/private RSA keypair.\n" - " --help Display this help and exit.\n" - " --version Output version information and exit.\n\n")); - printf(_("Report bugs to tinc@nl.linux.org.\n")); - } - exit(status); + if(status != 0) + fprintf(stderr, _("Try `%s --help\' for more information.\n"), + program_name); + else { + printf(_("Usage: %s [option]...\n\n"), program_name); + printf(_(" -c, --config=DIR Read configuration options from DIR.\n" + " -D, --no-detach Don't fork and detach.\n" + " -d, --debug[=LEVEL] Increase debug level or set it to LEVEL.\n" + " -k, --kill[=SIGNAL] Attempt to kill a running tincd and exit.\n" + " -n, --net=NETNAME Connect to net NETNAME.\n" + " -K, --generate-keys[=BITS] Generate public/private RSA keypair.\n" + " -L, --mlock Lock tinc into main memory.\n" + " -F, --logfile[=FILENAME] Write log entries to a logfile.\n" + " --help Display this help and exit.\n" + " --version Output version information and exit.\n\n")); + printf(_("Report bugs to tinc@nl.linux.org.\n")); + } + + exit(status); } -void -parse_options(int argc, char **argv, char **envp) +static void parse_options(int argc, char **argv, char **envp) { - int r; - int option_index = 0; - - while((r = getopt_long(argc, argv, "c:Ddkn:K::", long_options, &option_index)) != EOF) - { - switch(r) - { - case 0: /* long option */ - break; - case 'c': /* config file */ - confbase = xmalloc(strlen(optarg)+1); - strcpy(confbase, optarg); - break; - case 'D': /* no detach */ - do_detach = 0; - break; - case 'd': /* inc debug level */ - debug_lvl++; - break; - case 'k': /* kill old tincds */ - kill_tincd = 1; - break; - case 'n': /* net name given */ - netname = xmalloc(strlen(optarg)+1); - strcpy(netname, optarg); - break; - case 'K': /* generate public/private keypair */ - if(optarg) - { - generate_keys = atoi(optarg); - if(generate_keys < 512) - { - fprintf(stderr, _("Invalid argument! BITS must be a number equal to or greater than 512.\n")); - usage(1); - } - generate_keys &= ~7; /* Round it to bytes */ - } - else - generate_keys = 1024; - break; - case '?': - usage(1); - default: - break; - } - } + int r; + int option_index = 0; + + while((r = getopt_long(argc, argv, "c:DLd::k::n:K::F::", long_options, &option_index)) != EOF) { + switch (r) { + case 0: /* long option */ + break; + + case 'c': /* config file */ + confbase = xmalloc(strlen(optarg) + 1); + strcpy(confbase, optarg); + break; + + case 'D': /* no detach */ + do_detach = 0; + break; + + case 'L': /* no detach */ + do_mlock = 1; + break; + + case 'd': /* inc debug level */ + if(optarg) + debug_level = atoi(optarg); + else + debug_level++; + break; + + case 'k': /* kill old tincds */ + if(optarg) { + if(!strcasecmp(optarg, "HUP")) + kill_tincd = SIGHUP; + else if(!strcasecmp(optarg, "TERM")) + kill_tincd = SIGTERM; + else if(!strcasecmp(optarg, "KILL")) + kill_tincd = SIGKILL; + else if(!strcasecmp(optarg, "USR1")) + kill_tincd = SIGUSR1; + else if(!strcasecmp(optarg, "USR2")) + kill_tincd = SIGUSR2; + else if(!strcasecmp(optarg, "WINCH")) + kill_tincd = SIGWINCH; + else if(!strcasecmp(optarg, "INT")) + kill_tincd = SIGINT; + else if(!strcasecmp(optarg, "ALRM")) + kill_tincd = SIGALRM; + else { + kill_tincd = atoi(optarg); + + if(!kill_tincd) { + fprintf(stderr, _("Invalid argument `%s'; SIGNAL must be a number or one of HUP, TERM, KILL, USR1, USR2, WINCH, INT or ALRM.\n"), + optarg); + usage(1); + } + } + } else + kill_tincd = SIGTERM; + break; + + case 'n': /* net name given */ + netname = xstrdup(optarg); + break; + + case 'K': /* generate public/private keypair */ + if(optarg) { + generate_keys = atoi(optarg); + + if(generate_keys < 512) { + fprintf(stderr, _("Invalid argument `%s'; BITS must be a number equal to or greater than 512.\n"), + optarg); + usage(1); + } + + generate_keys &= ~7; /* Round it to bytes */ + } else + generate_keys = 1024; + break; + + case 'F': /* write log entries to a file */ + use_logfile = 1; + if(optarg) + logfilename = xstrdup(optarg); + break; + + case '?': + usage(1); + + default: + break; + } + } } /* This function prettyprints the key generation process */ -void indicator(int a, int b, void *p) +static void indicator(int a, int b, void *p) { - switch(a) - { - case 0: - fprintf(stderr, "."); - break; - case 1: - fprintf(stderr, "+"); - break; - case 2: - fprintf(stderr, "-"); - break; - case 3: - switch(b) - { - case 0: - fprintf(stderr, " p\n"); - break; - case 1: - fprintf(stderr, " q\n"); - break; - default: - fprintf(stderr, "?"); - } - break; - default: - fprintf(stderr, "?"); - } + switch (a) { + case 0: + fprintf(stderr, "."); + break; + + case 1: + fprintf(stderr, "+"); + break; + + case 2: + fprintf(stderr, "-"); + break; + + case 3: + switch (b) { + case 0: + fprintf(stderr, " p\n"); + break; + + case 1: + fprintf(stderr, " q\n"); + break; + + default: + fprintf(stderr, "?"); + } + break; + + default: + fprintf(stderr, "?"); + } } -/* Generate a public/private RSA keypair, and possibly store it into the configuration file. */ - -int keygen(int bits) +/* + Generate a public/private RSA keypair, and ask for a file to store + them in. +*/ +static int keygen(int bits) { - RSA *rsa_key; - - fprintf(stderr, _("Generating %d bits keys:\n"), bits); - rsa_key = RSA_generate_key(bits, 0xFFFF, indicator, NULL); - if(!rsa_key) - { - fprintf(stderr, _("Error during key generation!")); - return -1; - } - else - fprintf(stderr, _("Done.\n")); - - fprintf(stderr, _("Please copy the private key to tinc.conf and the\npublic key to your host configuration file:\n\n")); - printf("PublicKey = %s\n", BN_bn2hex(rsa_key->n)); - printf("PrivateKey = %s\n", BN_bn2hex(rsa_key->d)); - - fflush(stdin); - return 0; + RSA *rsa_key; + FILE *f; + char *name = NULL; + char *filename; + + fprintf(stderr, _("Generating %d bits keys:\n"), bits); + rsa_key = RSA_generate_key(bits, 0xFFFF, indicator, NULL); + + if(!rsa_key) { + fprintf(stderr, _("Error during key generation!\n")); + return -1; + } else + fprintf(stderr, _("Done.\n")); + + get_config_string(lookup_config(config_tree, "Name"), &name); + + if(name) + asprintf(&filename, "%s/hosts/%s", confbase, name); + else + asprintf(&filename, "%s/rsa_key.pub", confbase); + + f = ask_and_safe_open(filename, _("public RSA key"), "a"); + + if(!f) + return -1; + + if(ftell(f)) + fprintf(stderr, _("Appending key to existing contents.\nMake sure only one key is stored in the file.\n")); + + PEM_write_RSAPublicKey(f, rsa_key); + fclose(f); + free(filename); + + asprintf(&filename, "%s/rsa_key.priv", confbase); + f = ask_and_safe_open(filename, _("private RSA key"), "a"); + + if(!f) + return -1; + + if(ftell(f)) + fprintf(stderr, _("Appending key to existing contents.\nMake sure only one key is stored in the file.\n")); + + PEM_write_RSAPrivateKey(f, rsa_key, NULL, NULL, 0, NULL, NULL); + fclose(f); + free(filename); + + return 0; } /* Set all files and paths according to netname */ -void make_names(void) +static void make_names(void) { - if(netname) - { - if(!pidfilename) - asprintf(&pidfilename, LOCALSTATEDIR "/run/tinc.%s.pid", netname); - if(!confbase) - asprintf(&confbase, "%s/tinc/%s", CONFDIR, netname); - else - fprintf(stderr, _("Both netname and configuration directory given, using the latter...\n")); - if(!identname) - asprintf(&identname, "tinc.%s", netname); - } - else - { - if(!pidfilename) - pidfilename = LOCALSTATEDIR "/run/tinc.pid"; - if(!confbase) - asprintf(&confbase, "%s/tinc", CONFDIR); - if(!identname) - identname = "tinc"; - } + if(netname) { + if(!pidfilename) + asprintf(&pidfilename, LOCALSTATEDIR "/run/tinc.%s.pid", netname); + if(!logfilename) + asprintf(&logfilename, LOCALSTATEDIR "/log/tinc.%s.log", netname); + + if(!confbase) + asprintf(&confbase, "%s/tinc/%s", CONFDIR, netname); + else + logger(DEBUG_ALWAYS, LOG_INFO, _("Both netname and configuration directory given, using the latter...")); + + if(!identname) + asprintf(&identname, "tinc.%s", netname); + } else { + if(!pidfilename) + pidfilename = LOCALSTATEDIR "/run/tinc.pid"; + if(!logfilename) + logfilename = LOCALSTATEDIR "/log/tinc.log"; + + if(!confbase) + asprintf(&confbase, "%s/tinc", CONFDIR); + + if(!identname) + identname = "tinc"; + } } -int -main(int argc, char **argv, char **envp) +int main(int argc, char **argv, char **envp) { - program_name = argv[0]; - - setlocale (LC_ALL, ""); - bindtextdomain (PACKAGE, LOCALEDIR); - textdomain (PACKAGE); - - /* Do some intl stuff right now */ - - unknown = _("unknown"); - - environment = envp; - parse_options(argc, argv, envp); - - if(show_version) - { - printf(_("%s version %s (built %s %s, protocol %d)\n"), PACKAGE, VERSION, __DATE__, __TIME__, PROT_CURRENT); - printf(_("Copyright (C) 1998,1999,2000 Ivo Timmermans, Guus Sliepen and others.\n" - "See the AUTHORS file for a complete list.\n\n" - "tinc comes with ABSOLUTELY NO WARRANTY. This is free software,\n" - "and you are welcome to redistribute it under certain conditions;\n" - "see the file COPYING for details.\n")); - - return 0; - } - - if(show_help) - usage(0); - - if(geteuid()) - { - fprintf(stderr, _("You must be root to run this program. Sorry.\n")); - return 1; - } - - g_argv = argv; - - make_names(); - - /* Slllluuuuuuurrrrp! */ - - RAND_load_file("/dev/urandom", 1024); - - if(generate_keys) - exit(keygen(generate_keys)); - - if(kill_tincd) - exit(kill_other()); - - if(read_server_config()) - return 1; - - init_processes(); - - if(detach()) - exit(0); - - if(debug_lvl >= DEBUG_ERROR) - ERR_load_crypto_strings(); - - for(;;) - { - if(!setup_network_connections()) - { - main_loop(); - cleanup_and_exit(1); - } - - syslog(LOG_ERR, _("Unrecoverable error")); - cp_trace(); - - if(do_detach) - { - syslog(LOG_NOTICE, _("Restarting in %d seconds!"), MAXTIMEOUT); - sleep(MAXTIMEOUT); - } - else - { - syslog(LOG_ERR, _("Not restarting.")); - exit(0); - } - } -} + program_name = argv[0]; + + setlocale(LC_ALL, ""); + bindtextdomain(PACKAGE, LOCALEDIR); + textdomain(PACKAGE); + + environment = envp; + parse_options(argc, argv, envp); + make_names(); + if(show_version) { + printf(_("%s version %s (built %s %s, protocol %d)\n"), PACKAGE, + VERSION, __DATE__, __TIME__, PROT_CURRENT); + printf(_("Copyright (C) 1998-2002 Ivo Timmermans, Guus Sliepen and others.\n" + "See the AUTHORS file for a complete list.\n\n" + "tinc comes with ABSOLUTELY NO WARRANTY. This is free software,\n" + "and you are welcome to redistribute it under certain conditions;\n" + "see the file COPYING for details.\n")); + + return 0; + } + + if(show_help) + usage(0); + + if(kill_tincd) + exit(kill_other(kill_tincd)); + + openlogger("tinc", LOGMODE_STDERR); + + /* Lock all pages into memory if requested */ + + if(do_mlock) +#ifdef HAVE_MLOCKALL + if(mlockall(MCL_CURRENT | MCL_FUTURE)) { + logger(DEBUG_ALWAYS, LOG_ERR, _("System call `%s' failed: %s"), "mlockall", + strerror(errno)); +#else + { + logger(DEBUG_ALWAYS, LOG_ERR, _("mlockall() not supported on this platform!")); +#endif + return -1; + } + + g_argv = argv; + + init_configuration(&config_tree); + + /* Slllluuuuuuurrrrp! */ + + RAND_load_file("/dev/urandom", 1024); + + OpenSSL_add_all_algorithms(); + + if(generate_keys) { + read_server_config(); + exit(keygen(generate_keys)); + } + + if(read_server_config()) + exit(1); + + if(lzo_init() != LZO_E_OK) { + logger(DEBUG_ALWAYS, LOG_ERR, _("Error initializing LZO compressor!")); + exit(1); + } + + if(detach()) + exit(0); + + for(;;) { + if(!setup_network_connections()) { + main_loop(); + cleanup_and_exit(1); + } + + logger(DEBUG_ALWAYS, LOG_ERR, _("Unrecoverable error")); + cp_trace(); + + if(do_detach) { + logger(DEBUG_ALWAYS, LOG_NOTICE, _("Restarting in %d seconds!"), maxtimeout); + sleep(maxtimeout); + } else { + logger(DEBUG_ALWAYS, LOG_ERR, _("Not restarting.")); + exit(1); + } + } +}