Home Explore Help
Sign In
OWEALs
/
tinc
mirror of https://tinc-vpn.org/git/tinc
2
0
Fork 0
Files Issues 0 Wiki
Tree: 3fae14fae5
Branches Tags
tinc
/
src
/
tincd.c

tincd.c 18 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838 
  1. /*
    2. 

  2.     tincd.c -- the main file for tincd
    3. 

  3.     Copyright (C) 1998-2005 Ivo Timmermans
    4. 

  4.                   2000-2017 Guus Sliepen <guus@tinc-vpn.org>
    5. 

  5.                   2008      Max Rijevski <maksuf@gmail.com>
    6. 

  6.                   2009      Michael Tokarev <mjt@tls.msk.ru>
    7. 

  7.                   2010      Julien Muchembled <jm@jmuchemb.eu>
    8. 

  8.                   2010      Timothy Redaelli <timothy@redaelli.eu>
    9. 

  9. 

  10.     This program is free software; you can redistribute it and/or modify
    11. 

  11.     it under the terms of the GNU General Public License as published by
    12. 

  12.     the Free Software Foundation; either version 2 of the License, or
    13. 

  13.     (at your option) any later version.
    14. 

  14. 

  15.     This program is distributed in the hope that it will be useful,
    16. 

  16.     but WITHOUT ANY WARRANTY; without even the implied warranty of
    17. 

  17.     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    18. 

  18.     GNU General Public License for more details.
    19. 

  19. 

  20.     You should have received a copy of the GNU General Public License along
    21. 

  21.     with this program; if not, write to the Free Software Foundation, Inc.,
    22. 

  22.     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
    23. 

  23. */
    24. 

  24. 

  25. #include "system.h"
    26. 

  26. 

  27. /* Darwin (MacOS/X) needs the following definition... */
    28. 

  28. #ifndef _P1003_1B_VISIBLE
    29. 

  29. #define _P1003_1B_VISIBLE
    30. 

  30. #endif
    31. 

  31. 

  32. #ifdef HAVE_SYS_MMAN_H
    33. 

  33. #include <sys/mman.h>
    34. 

  34. #endif
    35. 

  35. 

  36. #include <openssl/rand.h>
    37. 

  37. #include <openssl/rsa.h>
    38. 

  38. #include <openssl/pem.h>
    39. 

  39. #include <openssl/evp.h>
    40. 

  40. #include <openssl/engine.h>
    41. 

  41. 

  42. #ifdef HAVE_LZO
    43. 

  43. #include LZO1X_H
    44. 

  44. #endif
    45. 

  45. 

  46. #ifndef HAVE_MINGW
    47. 

  47. #include <pwd.h>
    48. 

  48. #include <grp.h>
    49. 

  49. #include <time.h>
    50. 

  50. #endif
    51. 

  51. 

  52. #ifdef HAVE_GETOPT_LONG
    53. 

  53. #include <getopt.h>
    54. 

  54. #else
    55. 

  55. #include "getopt.h"
    56. 

  56. #endif
    57. 

  57. 

  58. #include "pidfile.h"
    59. 

  59. 

  60. #include "conf.h"
    61. 

  61. #include "device.h"
    62. 

  62. #include "logger.h"
    63. 

  63. #include "net.h"
    64. 

  64. #include "netutl.h"
    65. 

  65. #include "process.h"
    66. 

  66. #include "protocol.h"
    67. 

  67. #include "utils.h"
    68. 

  68. #include "xalloc.h"
    69. 

  69. 

  70. /* The name this program was run with. */
    71. 

  71. char *program_name = NULL;
    72. 

  72. 

  73. /* If nonzero, display usage information and exit. */
    74. 

  74. bool show_help = false;
    75. 

  75. 

  76. /* If nonzero, print the version on standard output and exit.  */
    77. 

  77. bool show_version = false;
    78. 

  78. 

  79. /* If nonzero, it will attempt to kill a running tincd and exit. */
    80. 

  80. int kill_tincd = 0;
    81. 

  81. 

  82. /* If nonzero, generate public/private keypair for this host/net. */
    83. 

  83. int generate_keys = 0;
    84. 

  84. 

  85. /* If nonzero, use null ciphers and skip all key exchanges. */
    86. 

  86. bool bypass_security = false;
    87. 

  87. 

  88. /* If nonzero, disable swapping for this process. */
    89. 

  89. bool do_mlock = false;
    90. 

  90. 

  91. /* If nonzero, chroot to netdir after startup. */
    92. 

  92. static bool do_chroot = false;
    93. 

  93. 

  94. /* If !NULL, do setuid to given user after startup */
    95. 

  95. static const char *switchuser = NULL;
    96. 

  96. 

  97. /* If nonzero, write log entries to a separate file. */
    98. 

  98. bool use_logfile = false;
    99. 

  99. 

  100. char *identname = NULL;                         /* program name for syslog */
    101. 

  101. char *pidfilename = NULL;                       /* pid file location */
    102. 

  102. char *logfilename = NULL;                       /* log file location */
    103. 

  103. char **g_argv;                                  /* a copy of the cmdline arguments */
    104. 

  104. 

  105. static int status = 1;
    106. 

  106. 

  107. static struct option const long_options[] = {
    108. 

  108. 	{"config", required_argument, NULL, 'c'},
    109. 

  109. 	{"kill", optional_argument, NULL, 'k'},
    110. 

  110. 	{"net", required_argument, NULL, 'n'},
    111. 

  111. 	{"help", no_argument, NULL, 1},
    112. 

  112. 	{"version", no_argument, NULL, 2},
    113. 

  113. 	{"no-detach", no_argument, NULL, 'D'},
    114. 

  114. 	{"generate-keys", optional_argument, NULL, 'K'},
    115. 

  115. 	{"debug", optional_argument, NULL, 'd'},
    116. 

  116. 	{"bypass-security", no_argument, NULL, 3},
    117. 

  117. 	{"mlock", no_argument, NULL, 'L'},
    118. 

  118. 	{"chroot", no_argument, NULL, 'R'},
    119. 

  119. 	{"user", required_argument, NULL, 'U'},
    120. 

  120. 	{"logfile", optional_argument, NULL, 4},
    121. 

  121. 	{"pidfile", required_argument, NULL, 5},
    122. 

  122. 	{"option", required_argument, NULL, 'o'},
    123. 

  123. 	{NULL, 0, NULL, 0}
    124. 

  124. };
    125. 

  125. 

  126. #ifdef HAVE_MINGW
    127. 

  127. static struct WSAData wsa_state;
    128. 

  128. CRITICAL_SECTION mutex;
    129. 

  129. int main2(int argc, char **argv);
    130. 

  130. #endif
    131. 

  131. 

  132. static void usage(bool status) {
    133. 

  133. 	if(status)
    134. 

  134. 		fprintf(stderr, "Try `%s --help\' for more information.\n",
    135. 

  135. 		        program_name);
    136. 

  136. 	else {
    137. 

  137. 		printf("Usage: %s [option]...\n\n", program_name);
    138. 

  138. 		printf("  -c, --config=DIR               Read configuration options from DIR.\n"
    139. 

  139. 		       "  -D, --no-detach                Don't fork and detach.\n"
    140. 

  140. 		       "  -d, --debug[=LEVEL]            Increase debug level or set it to LEVEL.\n"
    141. 

  141. 		       "  -k, --kill[=SIGNAL]            Attempt to kill a running tincd and exit.\n"
    142. 

  142. 		       "  -n, --net=NETNAME              Connect to net NETNAME.\n"
    143. 

  143. 		       "  -K, --generate-keys[=BITS]     Generate public/private RSA keypair.\n"
    144. 

  144. 		       "  -L, --mlock                    Lock tinc into main memory.\n"
    145. 

  145. 		       "      --logfile[=FILENAME]       Write log entries to a logfile.\n"
    146. 

  146. 		       "      --pidfile=FILENAME         Write PID to FILENAME.\n"
    147. 

  147. 		       "  -o, --option=[HOST.]KEY=VALUE  Set global/host configuration value.\n"
    148. 

  148. 		       "  -R, --chroot                   chroot to NET dir at startup.\n"
    149. 

  149. 		       "  -U, --user=USER                setuid to given USER at startup.\n"
    150. 

  150. 		       "      --help                     Display this help and exit.\n"
    151. 

  151. 		       "      --version                  Output version information and exit.\n\n");
    152. 

  152. 		printf("Report bugs to tinc@tinc-vpn.org.\n");
    153. 

  153. 	}
    154. 

  154. }
    155. 

  155. 

  156. static bool parse_options(int argc, char **argv) {
    157. 

  157. 	config_t *cfg;
    158. 

  158. 	int r;
    159. 

  159. 	int option_index = 0;
    160. 

  160. 	int lineno = 0;
    161. 

  161. 

  162. 	cmdline_conf = list_alloc((list_action_t)free_config);
    163. 

  163. 

  164. 	while((r = getopt_long(argc, argv, "c:DLd::k::n:o:K::RU:", long_options, &option_index)) != EOF) {
    165. 

  165. 		switch(r) {
    166. 

  166. 		case 0:                         /* long option */
    167. 

  167. 			break;
    168. 

  168. 

  169. 		case 'c':                               /* config file */
    170. 

  170. 			if(confbase) {
    171. 

  171. 				fprintf(stderr, "Only one configuration directory can be given.\n");
    172. 

  172. 				usage(true);
    173. 

  173. 				return false;
    174. 

  174. 			}
    175. 

  175. 

  176. 			confbase = xstrdup(optarg);
    177. 

  177. 			break;
    178. 

  178. 

  179. 		case 'D':                               /* no detach */
    180. 

  180. 			do_detach = false;
    181. 

  181. 			break;
    182. 

  182. 

  183. 		case 'L':                               /* no detach */
    184. 

  184. #ifndef HAVE_MLOCKALL
    185. 

  185. 			logger(LOG_ERR, "%s not supported on this platform", "mlockall()");
    186. 

  186. 			return false;
    187. 

  187. #else
    188. 

  188. 			do_mlock = true;
    189. 

  189. 			break;
    190. 

  190. #endif
    191. 

  191. 

  192. 		case 'd':                               /* increase debug level */
    193. 

  193. 			if(!optarg && optind < argc && *argv[optind] != '-') {
    194. 

  194. 				optarg = argv[optind++];
    195. 

  195. 			}
    196. 

  196. 

  197. 			if(optarg) {
    198. 

  198. 				debug_level = atoi(optarg);
    199. 

  199. 			} else {
    200. 

  200. 				debug_level++;
    201. 

  201. 			}
    202. 

  202. 

  203. 			break;
    204. 

  204. 

  205. 		case 'k':                               /* kill old tincds */
    206. 

  206. #ifndef HAVE_MINGW
    207. 

  207. 			if(!optarg && optind < argc && *argv[optind] != '-') {
    208. 

  208. 				optarg = argv[optind++];
    209. 

  209. 			}
    210. 

  210. 

  211. 			if(optarg) {
    212. 

  212. 				if(!strcasecmp(optarg, "HUP")) {
    213. 

  213. 					kill_tincd = SIGHUP;
    214. 

  214. 				} else if(!strcasecmp(optarg, "TERM")) {
    215. 

  215. 					kill_tincd = SIGTERM;
    216. 

  216. 				} else if(!strcasecmp(optarg, "KILL")) {
    217. 

  217. 					kill_tincd = SIGKILL;
    218. 

  218. 				} else if(!strcasecmp(optarg, "USR1")) {
    219. 

  219. 					kill_tincd = SIGUSR1;
    220. 

  220. 				} else if(!strcasecmp(optarg, "USR2")) {
    221. 

  221. 					kill_tincd = SIGUSR2;
    222. 

  222. 				} else if(!strcasecmp(optarg, "WINCH")) {
    223. 

  223. 					kill_tincd = SIGWINCH;
    224. 

  224. 				} else if(!strcasecmp(optarg, "INT")) {
    225. 

  225. 					kill_tincd = SIGINT;
    226. 

  226. 				} else if(!strcasecmp(optarg, "ALRM")) {
    227. 

  227. 					kill_tincd = SIGALRM;
    228. 

  228. 				} else if(!strcasecmp(optarg, "ABRT")) {
    229. 

  229. 					kill_tincd = SIGABRT;
    230. 

  230. 				} else {
    231. 

  231. 					kill_tincd = atoi(optarg);
    232. 

  232. 

  233. 					if(!kill_tincd) {
    234. 

  234. 						fprintf(stderr, "Invalid argument `%s'; SIGNAL must be a number or one of HUP, TERM, KILL, USR1, USR2, WINCH, INT or ALRM.\n",
    235. 

  235. 						        optarg);
    236. 

  236. 						usage(true);
    237. 

  237. 						return false;
    238. 

  238. 					}
    239. 

  239. 				}
    240. 

  240. 			} else {
    241. 

  241. 				kill_tincd = SIGTERM;
    242. 

  242. 			}
    243. 

  243. 

  244. #else
    245. 

  245. 			kill_tincd = 1;
    246. 

  246. #endif
    247. 

  247. 			break;
    248. 

  248. 

  249. 		case 'n':                               /* net name given */
    250. 

  250. 

  251. 			/* netname "." is special: a "top-level name" */
    252. 

  252. 			if(netname) {
    253. 

  253. 				fprintf(stderr, "Only one netname can be given.\n");
    254. 

  254. 				usage(true);
    255. 

  255. 				return false;
    256. 

  256. 			}
    257. 

  257. 

  258. 			if(optarg && strcmp(optarg, ".")) {
    259. 

  259. 				netname = xstrdup(optarg);
    260. 

  260. 			}
    261. 

  261. 

  262. 			break;
    263. 

  263. 

  264. 		case 'o':                               /* option */
    265. 

  265. 			cfg = parse_config_line(optarg, NULL, ++lineno);
    266. 

  266. 

  267. 			if(!cfg) {
    268. 

  268. 				return false;
    269. 

  269. 			}
    270. 

  270. 

  271. 			list_insert_tail(cmdline_conf, cfg);
    272. 

  272. 			break;
    273. 

  273. 

  274. 		case 'K':                               /* generate public/private keypair */
    275. 

  275. 			if(!optarg && optind < argc && *argv[optind] != '-') {
    276. 

  276. 				optarg = argv[optind++];
    277. 

  277. 			}
    278. 

  278. 

  279. 			if(optarg) {
    280. 

  280. 				generate_keys = atoi(optarg);
    281. 

  281. 

  282. 				if(generate_keys < 512) {
    283. 

  283. 					fprintf(stderr, "Invalid argument `%s'; BITS must be a number equal to or greater than 512.\n",
    284. 

  284. 					        optarg);
    285. 

  285. 					usage(true);
    286. 

  286. 					return false;
    287. 

  287. 				}
    288. 

  288. 

  289. 				generate_keys &= ~7;    /* Round it to bytes */
    290. 

  290. 			} else {
    291. 

  291. 				generate_keys = 2048;
    292. 

  292. 			}
    293. 

  293. 

  294. 			break;
    295. 

  295. 

  296. 		case 'R':                               /* chroot to NETNAME dir */
    297. 

  297. 			do_chroot = true;
    298. 

  298. 			break;
    299. 

  299. 

  300. 		case 'U':                               /* setuid to USER */
    301. 

  301. 			switchuser = optarg;
    302. 

  302. 			break;
    303. 

  303. 

  304. 		case 1:                                 /* show help */
    305. 

  305. 			show_help = true;
    306. 

  306. 			break;
    307. 

  307. 

  308. 		case 2:                                 /* show version */
    309. 

  309. 			show_version = true;
    310. 

  310. 			break;
    311. 

  311. 

  312. 		case 3:                                 /* bypass security */
    313. 

  313. 			bypass_security = true;
    314. 

  314. 			break;
    315. 

  315. 

  316. 		case 4:                                 /* write log entries to a file */
    317. 

  317. 			use_logfile = true;
    318. 

  318. 

  319. 			if(!optarg && optind < argc && *argv[optind] != '-') {
    320. 

  320. 				optarg = argv[optind++];
    321. 

  321. 			}
    322. 

  322. 

  323. 			if(optarg) {
    324. 

  324. 				if(logfilename) {
    325. 

  325. 					fprintf(stderr, "Only one logfile can be given.\n");
    326. 

  326. 					usage(true);
    327. 

  327. 					return false;
    328. 

  328. 				}
    329. 

  329. 

  330. 				logfilename = xstrdup(optarg);
    331. 

  331. 			}
    332. 

  332. 

  333. 			break;
    334. 

  334. 

  335. 		case 5:                                 /* write PID to a file */
    336. 

  336. 			if(pidfilename) {
    337. 

  337. 				fprintf(stderr, "Only one pidfile can be given.\n");
    338. 

  338. 				usage(true);
    339. 

  339. 				return false;
    340. 

  340. 			}
    341. 

  341. 

  342. 			pidfilename = xstrdup(optarg);
    343. 

  343. 			break;
    344. 

  344. 

  345. 		case '?':
    346. 

  346. 			usage(true);
    347. 

  347. 			return false;
    348. 

  348. 

  349. 		default:
    350. 

  350. 			break;
    351. 

  351. 		}
    352. 

  352. 	}
    353. 

  353. 

  354. 	if(optind < argc) {
    355. 

  355. 		fprintf(stderr, "%s: unrecognized argument '%s'\n", argv[0], argv[optind]);
    356. 

  356. 		usage(true);
    357. 

  357. 		return false;
    358. 

  358. 	}
    359. 

  359. 

  360. 	return true;
    361. 

  361. }
    362. 

  362. 

  363. /* This function prettyprints the key generation process */
    364. 

  364. 

  365. static int indicator(int a, int b, BN_GENCB *cb) {
    366. 

  366. 	switch(a) {
    367. 

  367. 	case 0:
    368. 

  368. 		fprintf(stderr, ".");
    369. 

  369. 		break;
    370. 

  370. 

  371. 	case 1:
    372. 

  372. 		fprintf(stderr, "+");
    373. 

  373. 		break;
    374. 

  374. 

  375. 	case 2:
    376. 

  376. 		fprintf(stderr, "-");
    377. 

  377. 		break;
    378. 

  378. 

  379. 	case 3:
    380. 

  380. 		switch(b) {
    381. 

  381. 		case 0:
    382. 

  382. 			fprintf(stderr, " p\n");
    383. 

  383. 			break;
    384. 

  384. 

  385. 		case 1:
    386. 

  386. 			fprintf(stderr, " q\n");
    387. 

  387. 			break;
    388. 

  388. 

  389. 		default:
    390. 

  390. 			fprintf(stderr, "?");
    391. 

  391. 		}
    392. 

  392. 

  393. 		break;
    394. 

  394. 

  395. 	default:
    396. 

  396. 		fprintf(stderr, "?");
    397. 

  397. 	}
    398. 

  398. 

  399. 	return 1;
    400. 

  400. }
    401. 

  401. 

  402. #ifndef HAVE_BN_GENCB_NEW
    403. 

  403. BN_GENCB *BN_GENCB_new(void) {
    404. 

  404. 	return xmalloc_and_zero(sizeof(BN_GENCB));
    405. 

  405. }
    406. 

  406. 

  407. void BN_GENCB_free(BN_GENCB *cb) {
    408. 

  408. 	free(cb);
    409. 

  409. }
    410. 

  410. #endif
    411. 

  411. 

  412. /*
    413. 

  413.   Generate a public/private RSA keypair, and ask for a file to store
    414. 

  414.   them in.
    415. 

  415. */
    416. 

  416. static bool keygen(int bits) {
    417. 

  417. 	BIGNUM *e = NULL;
    418. 

  418. 	RSA *rsa_key;
    419. 

  419. 	FILE *f;
    420. 

  420. 	char filename[PATH_MAX];
    421. 

  421. 	BN_GENCB *cb;
    422. 

  422. 	int result;
    423. 

  423. 

  424. 	fprintf(stderr, "Generating %d bits keys:\n", bits);
    425. 

  425. 

  426. 	cb = BN_GENCB_new();
    427. 

  427. 

  428. 	if(!cb) {
    429. 

  429. 		abort();
    430. 

  430. 	}
    431. 

  431. 

  432. 	BN_GENCB_set(cb, indicator, NULL);
    433. 

  433. 

  434. 	rsa_key = RSA_new();
    435. 

  435. 	BN_hex2bn(&e, "10001");
    436. 

  436. 

  437. 	if(!rsa_key || !e) {
    438. 

  438. 		abort();
    439. 

  439. 	}
    440. 

  440. 

  441. 	result = RSA_generate_key_ex(rsa_key, bits, e, cb);
    442. 

  442. 

  443. 	BN_free(e);
    444. 

  444. 	BN_GENCB_free(cb);
    445. 

  445. 

  446. 	if(!result) {
    447. 

  447. 		fprintf(stderr, "Error during key generation!\n");
    448. 

  448. 		RSA_free(rsa_key);
    449. 

  449. 		return false;
    450. 

  450. 	} else {
    451. 

  451. 		fprintf(stderr, "Done.\n");
    452. 

  452. 	}
    453. 

  453. 

  454. 	snprintf(filename, sizeof(filename), "%s/rsa_key.priv", confbase);
    455. 

  455. 	f = ask_and_open(filename, "private RSA key");
    456. 

  456. 

  457. 	if(!f) {
    458. 

  458. 		RSA_free(rsa_key);
    459. 

  459. 		return false;
    460. 

  460. 	}
    461. 

  461. 

  462. #ifdef HAVE_FCHMOD
    463. 

  463. 	/* Make it unreadable for others. */
    464. 

  464. 	fchmod(fileno(f), 0600);
    465. 

  465. #endif
    466. 

  466. 

  467. 	fputc('\n', f);
    468. 

  468. 	PEM_write_RSAPrivateKey(f, rsa_key, NULL, NULL, 0, NULL, NULL);
    469. 

  469. 	fclose(f);
    470. 

  470. 

  471. 	char *name = get_name();
    472. 

  472. 

  473. 	if(name) {
    474. 

  474. 		snprintf(filename, sizeof(filename), "%s/hosts/%s", confbase, name);
    475. 

  475. 		free(name);
    476. 

  476. 	} else {
    477. 

  477. 		snprintf(filename, sizeof(filename), "%s/rsa_key.pub", confbase);
    478. 

  478. 	}
    479. 

  479. 

  480. 	f = ask_and_open(filename, "public RSA key");
    481. 

  481. 

  482. 	if(!f) {
    483. 

  483. 		RSA_free(rsa_key);
    484. 

  484. 		return false;
    485. 

  485. 	}
    486. 

  486. 

  487. 	fputc('\n', f);
    488. 

  488. 	PEM_write_RSAPublicKey(f, rsa_key);
    489. 

  489. 	fclose(f);
    490. 

  490. 

  491. 	RSA_free(rsa_key);
    492. 

  492. 

  493. 	return true;
    494. 

  494. }
    495. 

  495. 

  496. /*
    497. 

  497.   Set all files and paths according to netname
    498. 

  498. */
    499. 

  499. static void make_names(void) {
    500. 

  500. #ifdef HAVE_MINGW
    501. 

  501. 	HKEY key;
    502. 

  502. 	char installdir[1024] = "";
    503. 

  503. 	DWORD len = sizeof(installdir);
    504. 

  504. #endif
    505. 

  505. 

  506. 	if(netname) {
    507. 

  507. 		xasprintf(&identname, "tinc.%s", netname);
    508. 

  508. 	} else {
    509. 

  509. 		identname = xstrdup("tinc");
    510. 

  510. 	}
    511. 

  511. 

  512. #ifdef HAVE_MINGW
    513. 

  513. 

  514. 	if(!RegOpenKeyEx(HKEY_LOCAL_MACHINE, "SOFTWARE\\tinc", 0, KEY_READ, &key)) {
    515. 

  515. 		if(!RegQueryValueEx(key, NULL, 0, 0, (LPBYTE)installdir, &len)) {
    516. 

  516. 			if(!confbase) {
    517. 

  517. 				if(netname) {
    518. 

  518. 					xasprintf(&confbase, "%s/%s", installdir, netname);
    519. 

  519. 				} else {
    520. 

  520. 					xasprintf(&confbase, "%s", installdir);
    521. 

  521. 				}
    522. 

  522. 			}
    523. 

  523. 

  524. 			if(!logfilename) {
    525. 

  525. 				xasprintf(&logfilename, "%s/tinc.log", confbase);
    526. 

  526. 			}
    527. 

  527. 		}
    528. 

  528. 

  529. 		RegCloseKey(key);
    530. 

  530. 

  531. 		if(*installdir) {
    532. 

  532. 			return;
    533. 

  533. 		}
    534. 

  534. 	}
    535. 

  535. 

  536. #endif
    537. 

  537. 

  538. 	if(!pidfilename) {
    539. 

  539. 		xasprintf(&pidfilename, LOCALSTATEDIR "/run/%s.pid", identname);
    540. 

  540. 	}
    541. 

  541. 

  542. 	if(!logfilename) {
    543. 

  543. 		xasprintf(&logfilename, LOCALSTATEDIR "/log/%s.log", identname);
    544. 

  544. 	}
    545. 

  545. 

  546. 	if(netname) {
    547. 

  547. 		if(!confbase) {
    548. 

  548. 			xasprintf(&confbase, CONFDIR "/tinc/%s", netname);
    549. 

  549. 		} else {
    550. 

  550. 			logger(LOG_INFO, "Both netname and configuration directory given, using the latter...");
    551. 

  551. 		}
    552. 

  552. 	} else {
    553. 

  553. 		if(!confbase) {
    554. 

  554. 			xasprintf(&confbase, CONFDIR "/tinc");
    555. 

  555. 		}
    556. 

  556. 	}
    557. 

  557. }
    558. 

  558. 

  559. static void free_names() {
    560. 

  560. 	if(identname) {
    561. 

  561. 		free(identname);
    562. 

  562. 	}
    563. 

  563. 

  564. 	if(netname) {
    565. 

  565. 		free(netname);
    566. 

  566. 	}
    567. 

  567. 

  568. 	if(pidfilename) {
    569. 

  569. 		free(pidfilename);
    570. 

  570. 	}
    571. 

  571. 

  572. 	if(logfilename) {
    573. 

  573. 		free(logfilename);
    574. 

  574. 	}
    575. 

  575. 

  576. 	if(confbase) {
    577. 

  577. 		free(confbase);
    578. 

  578. 	}
    579. 

  579. }
    580. 

  580. 

  581. static bool drop_privs() {
    582. 

  582. #ifdef HAVE_MINGW
    583. 

  583. 

  584. 	if(switchuser) {
    585. 

  585. 		logger(LOG_ERR, "%s not supported on this platform", "-U");
    586. 

  586. 		return false;
    587. 

  587. 	}
    588. 

  588. 

  589. 	if(do_chroot) {
    590. 

  590. 		logger(LOG_ERR, "%s not supported on this platform", "-R");
    591. 

  591. 		return false;
    592. 

  592. 	}
    593. 

  593. 

  594. #else
    595. 

  595. 	uid_t uid = 0;
    596. 

  596. 

  597. 	if(switchuser) {
    598. 

  598. 		struct passwd *pw = getpwnam(switchuser);
    599. 

  599. 

  600. 		if(!pw) {
    601. 

  601. 			logger(LOG_ERR, "unknown user `%s'", switchuser);
    602. 

  602. 			return false;
    603. 

  603. 		}
    604. 

  604. 

  605. 		uid = pw->pw_uid;
    606. 

  606. 

  607. 		if(initgroups(switchuser, pw->pw_gid) != 0 ||
    608. 

  608. 		                setgid(pw->pw_gid) != 0) {
    609. 

  609. 			logger(LOG_ERR, "System call `%s' failed: %s",
    610. 

  610. 			       "initgroups", strerror(errno));
    611. 

  611. 			return false;
    612. 

  612. 		}
    613. 

  613. 

  614. #ifndef ANDROID
    615. 

  615. // Not supported in android NDK
    616. 

  616. 		endgrent();
    617. 

  617. 		endpwent();
    618. 

  618. #endif
    619. 

  619. 	}
    620. 

  620. 

  621. 	if(do_chroot) {
    622. 

  622. 		tzset();        /* for proper timestamps in logs */
    623. 

  623. 

  624. 		if(chroot(confbase) != 0 || chdir("/") != 0) {
    625. 

  625. 			logger(LOG_ERR, "System call `%s' failed: %s",
    626. 

  626. 			       "chroot", strerror(errno));
    627. 

  627. 			return false;
    628. 

  628. 		}
    629. 

  629. 

  630. 		free(confbase);
    631. 

  631. 		confbase = xstrdup("");
    632. 

  632. 	}
    633. 

  633. 

  634. 	if(switchuser)
    635. 

  635. 		if(setuid(uid) != 0) {
    636. 

  636. 			logger(LOG_ERR, "System call `%s' failed: %s",
    637. 

  637. 			       "setuid", strerror(errno));
    638. 

  638. 			return false;
    639. 

  639. 		}
    640. 

  640. 

  641. #endif
    642. 

  642. 	return true;
    643. 

  643. }
    644. 

  644. 

  645. #ifdef HAVE_MINGW
    646. 

  646. # define setpriority(level) !SetPriorityClass(GetCurrentProcess(), (level))
    647. 

  647. #else
    648. 

  648. # define NORMAL_PRIORITY_CLASS 0
    649. 

  649. # define BELOW_NORMAL_PRIORITY_CLASS 10
    650. 

  650. # define HIGH_PRIORITY_CLASS -10
    651. 

  651. # define setpriority(level) (setpriority(PRIO_PROCESS, 0, (level)))
    652. 

  652. #endif
    653. 

  653. 

  654. int main(int argc, char **argv) {
    655. 

  655. 	program_name = argv[0];
    656. 

  656. 

  657. 	if(!parse_options(argc, argv)) {
    658. 

  658. 		return 1;
    659. 

  659. 	}
    660. 

  660. 

  661. 	make_names();
    662. 

  662. 

  663. 	if(show_version) {
    664. 

  664. 		printf("%s version %s\n", PACKAGE, VERSION);
    665. 

  665. 		printf("Copyright (C) 1998-2017 Ivo Timmermans, Guus Sliepen and others.\n"
    666. 

  666. 		       "See the AUTHORS file for a complete list.\n\n"
    667. 

  667. 		       "tinc comes with ABSOLUTELY NO WARRANTY.  This is free software,\n"
    668. 

  668. 		       "and you are welcome to redistribute it under certain conditions;\n"
    669. 

  669. 		       "see the file COPYING for details.\n");
    670. 

  670. 

  671. 		return 0;
    672. 

  672. 	}
    673. 

  673. 

  674. 	if(show_help) {
    675. 

  675. 		usage(false);
    676. 

  676. 		return 0;
    677. 

  677. 	}
    678. 

  678. 

  679. 	if(kill_tincd) {
    680. 

  680. 		return !kill_other(kill_tincd);
    681. 

  681. 	}
    682. 

  682. 

  683. 	openlogger("tinc", use_logfile ? LOGMODE_FILE : LOGMODE_STDERR);
    684. 

  684. 

  685. 	g_argv = argv;
    686. 

  686. 

  687. 	if(getenv("LISTEN_PID") && atoi(getenv("LISTEN_PID")) == getpid()) {
    688. 

  688. 		do_detach = false;
    689. 

  689. 	}
    690. 

  690. 

  691. #ifdef HAVE_UNSETENV
    692. 

  692. 	unsetenv("LISTEN_PID");
    693. 

  693. #endif
    694. 

  694. 

  695. 	init_configuration(&config_tree);
    696. 

  696. 

  697. 	/* Slllluuuuuuurrrrp! */
    698. 

  698. 

  699. 	RAND_load_file("/dev/urandom", 1024);
    700. 

  700. 

  701. 	ENGINE_load_builtin_engines();
    702. 

  702. 	ENGINE_register_all_complete();
    703. 

  703. 

  704. 	OpenSSL_add_all_algorithms();
    705. 

  705. 

  706. 	if(generate_keys) {
    707. 

  707. 		read_server_config();
    708. 

  708. 		return !keygen(generate_keys);
    709. 

  709. 	}
    710. 

  710. 

  711. 	if(!read_server_config()) {
    712. 

  712. 		return 1;
    713. 

  713. 	}
    714. 

  714. 

  715. #ifdef HAVE_LZO
    716. 

  716. 

  717. 	if(lzo_init() != LZO_E_OK) {
    718. 

  718. 		logger(LOG_ERR, "Error initializing LZO compressor!");
    719. 

  719. 		return 1;
    720. 

  720. 	}
    721. 

  721. 

  722. #endif
    723. 

  723. 

  724. #ifdef HAVE_MINGW
    725. 

  725. 

  726. 	if(WSAStartup(MAKEWORD(2, 2), &wsa_state)) {
    727. 

  727. 		logger(LOG_ERR, "System call `%s' failed: %s", "WSAStartup", winerror(GetLastError()));
    728. 

  728. 		return 1;
    729. 

  729. 	}
    730. 

  730. 

  731. 	if(!do_detach || !init_service()) {
    732. 

  732. 		return main2(argc, argv);
    733. 

  733. 	} else {
    734. 

  734. 		return 1;
    735. 

  735. 	}
    736. 

  736. }
    737. 

  737. 

  738. int main2(int argc, char **argv) {
    739. 

  739. 	InitializeCriticalSection(&mutex);
    740. 

  740. 	EnterCriticalSection(&mutex);
    741. 

  741. #endif
    742. 

  742. 	char *priority = NULL;
    743. 

  743. 

  744. 	if(!detach()) {
    745. 

  745. 		return 1;
    746. 

  746. 	}
    747. 

  747. 

  748. #ifdef HAVE_MLOCKALL
    749. 

  749. 

  750. 	/* Lock all pages into memory if requested.
    751. 

  751. 	 * This has to be done after daemon()/fork() so it works for child.
    752. 

  752. 	 * No need to do that in parent as it's very short-lived. */
    753. 

  753. 	if(do_mlock && mlockall(MCL_CURRENT | MCL_FUTURE) != 0) {
    754. 

  754. 		logger(LOG_ERR, "System call `%s' failed: %s", "mlockall",
    755. 

  755. 		       strerror(errno));
    756. 

  756. 		return 1;
    757. 

  757. 	}
    758. 

  758. 

  759. #endif
    760. 

  760. 

  761. 	/* Setup sockets and open device. */
    762. 

  762. 

  763. 	if(!setup_network()) {
    764. 

  764. 		goto end;
    765. 

  765. 	}
    766. 

  766. 

  767. 	/* Initiate all outgoing connections. */
    768. 

  768. 

  769. 	try_outgoing_connections();
    770. 

  770. 

  771. 	/* Change process priority */
    772. 

  772. 

  773. 	if(get_config_string(lookup_config(config_tree, "ProcessPriority"), &priority)) {
    774. 

  774. 		if(!strcasecmp(priority, "Normal")) {
    775. 

  775. 			if(setpriority(NORMAL_PRIORITY_CLASS) != 0) {
    776. 

  776. 				logger(LOG_ERR, "System call `%s' failed: %s",
    777. 

  777. 				       "setpriority", strerror(errno));
    778. 

  778. 				goto end;
    779. 

  779. 			}
    780. 

  780. 		} else if(!strcasecmp(priority, "Low")) {
    781. 

  781. 			if(setpriority(BELOW_NORMAL_PRIORITY_CLASS) != 0) {
    782. 

  782. 				logger(LOG_ERR, "System call `%s' failed: %s",
    783. 

  783. 				       "setpriority", strerror(errno));
    784. 

  784. 				goto end;
    785. 

  785. 			}
    786. 

  786. 		} else if(!strcasecmp(priority, "High")) {
    787. 

  787. 			if(setpriority(HIGH_PRIORITY_CLASS) != 0) {
    788. 

  788. 				logger(LOG_ERR, "System call `%s' failed: %s",
    789. 

  789. 				       "setpriority", strerror(errno));
    790. 

  790. 				goto end;
    791. 

  791. 			}
    792. 

  792. 		} else {
    793. 

  793. 			logger(LOG_ERR, "Invalid priority `%s`!", priority);
    794. 

  794. 			goto end;
    795. 

  795. 		}
    796. 

  796. 	}
    797. 

  797. 

  798. 	/* drop privileges */
    799. 

  799. 	if(!drop_privs()) {
    800. 

  800. 		goto end;
    801. 

  801. 	}
    802. 

  802. 

  803. 	/* Start main loop. It only exits when tinc is killed. */
    804. 

  804. 

  805. 	status = main_loop();
    806. 

  806. 

  807. 	/* Shutdown properly. */
    808. 

  808. 

  809. 	ifdebug(CONNECTIONS)
    810. 

  810. 	devops.dump_stats();
    811. 

  811. 

  812. 	close_network_connections();
    813. 

  813. 

  814. end:
    815. 

  815. 	logger(LOG_NOTICE, "Terminating");
    816. 

  816. 

  817. #ifndef HAVE_MINGW
    818. 

  818. 	remove_pid(pidfilename);
    819. 

  819. #endif
    820. 

  820. 

  821. 	free(priority);
    822. 

  822. 

  823. 	EVP_cleanup();
    824. 

  824. 	ENGINE_cleanup();
    825. 

  825. 	CRYPTO_cleanup_all_ex_data();
    826. 

  826. #ifdef HAVE_ERR_REMOVE_STATE
    827. 

  827. 	// OpenSSL claims this function was deprecated in 1.0.0,
    828. 

  828. 	// but valgrind's leak detector shows you still need to call it to make sure OpenSSL cleans up properly.
    829. 

  829. 	ERR_remove_state(0);
    830. 

  830. #endif
    831. 

  831. 	ERR_free_strings();
    832. 

  832. 

  833. 	exit_configuration(&config_tree);
    834. 

  834. 	list_delete_list(cmdline_conf);
    835. 

  835. 	free_names();
    836. 

  836. 

  837. 	return status;
    838. 

  838. }
    839.