Home Explore Help
Register Sign In
OWEALs
/
tinc
mirror of https://tinc-vpn.org/git/tinc
2
0
Fork 0
Files Issues 0 Wiki
Tree: 4887f56e56
Branches Tags
tinc
/
src
/
tincd.c

tincd.c 18 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830 
  1. /*
    2. 

  2.     tincd.c -- the main file for tincd
    3. 

  3.     Copyright (C) 1998-2005 Ivo Timmermans
    4. 

  4.                   2000-2019 Guus Sliepen <guus@tinc-vpn.org>
    5. 

  5.                   2008      Max Rijevski <maksuf@gmail.com>
    6. 

  6.                   2009      Michael Tokarev <mjt@tls.msk.ru>
    7. 

  7.                   2010      Julien Muchembled <jm@jmuchemb.eu>
    8. 

  8.                   2010      Timothy Redaelli <timothy@redaelli.eu>
    9. 

  9. 

  10.     This program is free software; you can redistribute it and/or modify
    11. 

  11.     it under the terms of the GNU General Public License as published by
    12. 

  12.     the Free Software Foundation; either version 2 of the License, or
    13. 

  13.     (at your option) any later version.
    14. 

  14. 

  15.     This program is distributed in the hope that it will be useful,
    16. 

  16.     but WITHOUT ANY WARRANTY; without even the implied warranty of
    17. 

  17.     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    18. 

  18.     GNU General Public License for more details.
    19. 

  19. 

  20.     You should have received a copy of the GNU General Public License along
    21. 

  21.     with this program; if not, write to the Free Software Foundation, Inc.,
    22. 

  22.     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
    23. 

  23. */
    24. 

  24. 

  25. #include "system.h"
    26. 

  26. 

  27. /* Darwin (MacOS/X) needs the following definition... */
    28. 

  28. #ifndef _P1003_1B_VISIBLE
    29. 

  29. #define _P1003_1B_VISIBLE
    30. 

  30. #endif
    31. 

  31. 

  32. #ifdef HAVE_SYS_MMAN_H
    33. 

  33. #include <sys/mman.h>
    34. 

  34. #endif
    35. 

  35. 

  36. #include <openssl/rand.h>
    37. 

  37. #include <openssl/rsa.h>
    38. 

  38. #include <openssl/pem.h>
    39. 

  39. #include <openssl/evp.h>
    40. 

  40. #ifndef OPENSSL_NO_ENGINE
    41. 

  41. #include <openssl/engine.h>
    42. 

  42. #endif
    43. 

  43. #include <openssl/bn.h>
    44. 

  44. 

  45. #ifdef HAVE_LZO
    46. 

  46. #include LZO1X_H
    47. 

  47. #endif
    48. 

  48. 

  49. #ifndef HAVE_MINGW
    50. 

  50. #include <pwd.h>
    51. 

  51. #include <grp.h>
    52. 

  52. #include <time.h>
    53. 

  53. #endif
    54. 

  54. 

  55. #ifdef HAVE_GETOPT_LONG
    56. 

  56. #include <getopt.h>
    57. 

  57. #else
    58. 

  58. #include "getopt.h"
    59. 

  59. #endif
    60. 

  60. 

  61. #include "pidfile.h"
    62. 

  62. 

  63. #include "conf.h"
    64. 

  64. #include "device.h"
    65. 

  65. #include "logger.h"
    66. 

  66. #include "net.h"
    67. 

  67. #include "netutl.h"
    68. 

  68. #include "process.h"
    69. 

  69. #include "protocol.h"
    70. 

  70. #include "utils.h"
    71. 

  71. #include "xalloc.h"
    72. 

  72. 

  73. /* The name this program was run with. */
    74. 

  74. char *program_name = NULL;
    75. 

  75. 

  76. /* If nonzero, display usage information and exit. */
    77. 

  77. bool show_help = false;
    78. 

  78. 

  79. /* If nonzero, print the version on standard output and exit.  */
    80. 

  80. bool show_version = false;
    81. 

  81. 

  82. /* If nonzero, it will attempt to kill a running tincd and exit. */
    83. 

  83. int kill_tincd = 0;
    84. 

  84. 

  85. /* If nonzero, generate public/private keypair for this host/net. */
    86. 

  86. int generate_keys = 0;
    87. 

  87. 

  88. /* If nonzero, use null ciphers and skip all key exchanges. */
    89. 

  89. bool bypass_security = false;
    90. 

  90. 

  91. /* If nonzero, disable swapping for this process. */
    92. 

  92. bool do_mlock = false;
    93. 

  93. 

  94. /* If nonzero, chroot to netdir after startup. */
    95. 

  95. static bool do_chroot = false;
    96. 

  96. 

  97. /* If !NULL, do setuid to given user after startup */
    98. 

  98. static const char *switchuser = NULL;
    99. 

  99. 

  100. /* If nonzero, write log entries to a separate file. */
    101. 

  101. bool use_logfile = false;
    102. 

  102. 

  103. char *identname = NULL;                         /* program name for syslog */
    104. 

  104. char *pidfilename = NULL;                       /* pid file location */
    105. 

  105. char *logfilename = NULL;                       /* log file location */
    106. 

  106. char **g_argv;                                  /* a copy of the cmdline arguments */
    107. 

  107. 

  108. static int status = 1;
    109. 

  109. 

  110. static struct option const long_options[] = {
    111. 

  111. 	{"config", required_argument, NULL, 'c'},
    112. 

  112. 	{"kill", optional_argument, NULL, 'k'},
    113. 

  113. 	{"net", required_argument, NULL, 'n'},
    114. 

  114. 	{"help", no_argument, NULL, 1},
    115. 

  115. 	{"version", no_argument, NULL, 2},
    116. 

  116. 	{"no-detach", no_argument, NULL, 'D'},
    117. 

  117. 	{"generate-keys", optional_argument, NULL, 'K'},
    118. 

  118. 	{"debug", optional_argument, NULL, 'd'},
    119. 

  119. 	{"bypass-security", no_argument, NULL, 3},
    120. 

  120. 	{"mlock", no_argument, NULL, 'L'},
    121. 

  121. 	{"chroot", no_argument, NULL, 'R'},
    122. 

  122. 	{"user", required_argument, NULL, 'U'},
    123. 

  123. 	{"logfile", optional_argument, NULL, 4},
    124. 

  124. 	{"pidfile", required_argument, NULL, 5},
    125. 

  125. 	{"option", required_argument, NULL, 'o'},
    126. 

  126. 	{NULL, 0, NULL, 0}
    127. 

  127. };
    128. 

  128. 

  129. #ifdef HAVE_MINGW
    130. 

  130. static struct WSAData wsa_state;
    131. 

  131. CRITICAL_SECTION mutex;
    132. 

  132. int main2(int argc, char **argv);
    133. 

  133. #endif
    134. 

  134. 

  135. static void usage(bool status) {
    136. 

  136. 	if(status)
    137. 

  137. 		fprintf(stderr, "Try `%s --help\' for more information.\n",
    138. 

  138. 		        program_name);
    139. 

  139. 	else {
    140. 

  140. 		printf("Usage: %s [option]...\n\n", program_name);
    141. 

  141. 		printf("  -c, --config=DIR               Read configuration options from DIR.\n"
    142. 

  142. 		       "  -D, --no-detach                Don't fork and detach.\n"
    143. 

  143. 		       "  -d, --debug[=LEVEL]            Increase debug level or set it to LEVEL.\n"
    144. 

  144. 		       "  -k, --kill[=SIGNAL]            Attempt to kill a running tincd and exit.\n"
    145. 

  145. 		       "  -n, --net=NETNAME              Connect to net NETNAME.\n"
    146. 

  146. 		       "  -K, --generate-keys[=BITS]     Generate public/private RSA keypair.\n"
    147. 

  147. 		       "  -L, --mlock                    Lock tinc into main memory.\n"
    148. 

  148. 		       "      --logfile[=FILENAME]       Write log entries to a logfile.\n"
    149. 

  149. 		       "      --pidfile=FILENAME         Write PID to FILENAME.\n"
    150. 

  150. 		       "  -o, --option=[HOST.]KEY=VALUE  Set global/host configuration value.\n"
    151. 

  151. 		       "  -R, --chroot                   chroot to NET dir at startup.\n"
    152. 

  152. 		       "  -U, --user=USER                setuid to given USER at startup.\n"
    153. 

  153. 		       "      --help                     Display this help and exit.\n"
    154. 

  154. 		       "      --version                  Output version information and exit.\n\n");
    155. 

  155. 		printf("Report bugs to tinc@tinc-vpn.org.\n");
    156. 

  156. 	}
    157. 

  157. }
    158. 

  158. 

  159. static bool parse_options(int argc, char **argv) {
    160. 

  160. 	config_t *cfg;
    161. 

  161. 	int r;
    162. 

  162. 	int option_index = 0;
    163. 

  163. 	int lineno = 0;
    164. 

  164. 

  165. 	cmdline_conf = list_alloc((list_action_t)free_config);
    166. 

  166. 

  167. 	while((r = getopt_long(argc, argv, "c:DLd::k::n:o:K::RU:", long_options, &option_index)) != EOF) {
    168. 

  168. 		switch(r) {
    169. 

  169. 		case 0:                         /* long option */
    170. 

  170. 			break;
    171. 

  171. 

  172. 		case 'c':                               /* config file */
    173. 

  173. 			if(confbase) {
    174. 

  174. 				fprintf(stderr, "Only one configuration directory can be given.\n");
    175. 

  175. 				usage(true);
    176. 

  176. 				return false;
    177. 

  177. 			}
    178. 

  178. 

  179. 			confbase = xstrdup(optarg);
    180. 

  180. 			break;
    181. 

  181. 

  182. 		case 'D':                               /* no detach */
    183. 

  183. 			do_detach = false;
    184. 

  184. 			break;
    185. 

  185. 

  186. 		case 'L':                               /* no detach */
    187. 

  187. #ifndef HAVE_MLOCKALL
    188. 

  188. 			logger(LOG_ERR, "%s not supported on this platform", "mlockall()");
    189. 

  189. 			return false;
    190. 

  190. #else
    191. 

  191. 			do_mlock = true;
    192. 

  192. 			break;
    193. 

  193. #endif
    194. 

  194. 

  195. 		case 'd':                               /* increase debug level */
    196. 

  196. 			if(!optarg && optind < argc && *argv[optind] != '-') {
    197. 

  197. 				optarg = argv[optind++];
    198. 

  198. 			}
    199. 

  199. 

  200. 			if(optarg) {
    201. 

  201. 				debug_level = atoi(optarg);
    202. 

  202. 			} else {
    203. 

  203. 				debug_level++;
    204. 

  204. 			}
    205. 

  205. 

  206. 			break;
    207. 

  207. 

  208. 		case 'k':                               /* kill old tincds */
    209. 

  209. #ifndef HAVE_MINGW
    210. 

  210. 			if(!optarg && optind < argc && *argv[optind] != '-') {
    211. 

  211. 				optarg = argv[optind++];
    212. 

  212. 			}
    213. 

  213. 

  214. 			if(optarg) {
    215. 

  215. 				if(!strcasecmp(optarg, "HUP")) {
    216. 

  216. 					kill_tincd = SIGHUP;
    217. 

  217. 				} else if(!strcasecmp(optarg, "TERM")) {
    218. 

  218. 					kill_tincd = SIGTERM;
    219. 

  219. 				} else if(!strcasecmp(optarg, "KILL")) {
    220. 

  220. 					kill_tincd = SIGKILL;
    221. 

  221. 				} else if(!strcasecmp(optarg, "USR1")) {
    222. 

  222. 					kill_tincd = SIGUSR1;
    223. 

  223. 				} else if(!strcasecmp(optarg, "USR2")) {
    224. 

  224. 					kill_tincd = SIGUSR2;
    225. 

  225. 				} else if(!strcasecmp(optarg, "WINCH")) {
    226. 

  226. 					kill_tincd = SIGWINCH;
    227. 

  227. 				} else if(!strcasecmp(optarg, "INT")) {
    228. 

  228. 					kill_tincd = SIGINT;
    229. 

  229. 				} else if(!strcasecmp(optarg, "ALRM")) {
    230. 

  230. 					kill_tincd = SIGALRM;
    231. 

  231. 				} else if(!strcasecmp(optarg, "ABRT")) {
    232. 

  232. 					kill_tincd = SIGABRT;
    233. 

  233. 				} else {
    234. 

  234. 					kill_tincd = atoi(optarg);
    235. 

  235. 

  236. 					if(!kill_tincd) {
    237. 

  237. 						fprintf(stderr, "Invalid argument `%s'; SIGNAL must be a number or one of HUP, TERM, KILL, USR1, USR2, WINCH, INT or ALRM.\n",
    238. 

  238. 						        optarg);
    239. 

  239. 						usage(true);
    240. 

  240. 						return false;
    241. 

  241. 					}
    242. 

  242. 				}
    243. 

  243. 			} else {
    244. 

  244. 				kill_tincd = SIGTERM;
    245. 

  245. 			}
    246. 

  246. 

  247. #else
    248. 

  248. 			kill_tincd = 1;
    249. 

  249. #endif
    250. 

  250. 			break;
    251. 

  251. 

  252. 		case 'n':                               /* net name given */
    253. 

  253. 

  254. 			/* netname "." is special: a "top-level name" */
    255. 

  255. 			if(netname) {
    256. 

  256. 				fprintf(stderr, "Only one netname can be given.\n");
    257. 

  257. 				usage(true);
    258. 

  258. 				return false;
    259. 

  259. 			}
    260. 

  260. 

  261. 			if(optarg && strcmp(optarg, ".")) {
    262. 

  262. 				netname = xstrdup(optarg);
    263. 

  263. 			}
    264. 

  264. 

  265. 			break;
    266. 

  266. 

  267. 		case 'o':                               /* option */
    268. 

  268. 			cfg = parse_config_line(optarg, NULL, ++lineno);
    269. 

  269. 

  270. 			if(!cfg) {
    271. 

  271. 				return false;
    272. 

  272. 			}
    273. 

  273. 

  274. 			list_insert_tail(cmdline_conf, cfg);
    275. 

  275. 			break;
    276. 

  276. 

  277. 		case 'K':                               /* generate public/private keypair */
    278. 

  278. 			if(!optarg && optind < argc && *argv[optind] != '-') {
    279. 

  279. 				optarg = argv[optind++];
    280. 

  280. 			}
    281. 

  281. 

  282. 			if(optarg) {
    283. 

  283. 				generate_keys = atoi(optarg);
    284. 

  284. 

  285. 				if(generate_keys < 512) {
    286. 

  286. 					fprintf(stderr, "Invalid argument `%s'; BITS must be a number equal to or greater than 512.\n",
    287. 

  287. 					        optarg);
    288. 

  288. 					usage(true);
    289. 

  289. 					return false;
    290. 

  290. 				}
    291. 

  291. 

  292. 				generate_keys &= ~7;    /* Round it to bytes */
    293. 

  293. 			} else {
    294. 

  294. 				generate_keys = 2048;
    295. 

  295. 			}
    296. 

  296. 

  297. 			break;
    298. 

  298. 

  299. 		case 'R':                               /* chroot to NETNAME dir */
    300. 

  300. 			do_chroot = true;
    301. 

  301. 			break;
    302. 

  302. 

  303. 		case 'U':                               /* setuid to USER */
    304. 

  304. 			switchuser = optarg;
    305. 

  305. 			break;
    306. 

  306. 

  307. 		case 1:                                 /* show help */
    308. 

  308. 			show_help = true;
    309. 

  309. 			break;
    310. 

  310. 

  311. 		case 2:                                 /* show version */
    312. 

  312. 			show_version = true;
    313. 

  313. 			break;
    314. 

  314. 

  315. 		case 3:                                 /* bypass security */
    316. 

  316. 			bypass_security = true;
    317. 

  317. 			break;
    318. 

  318. 

  319. 		case 4:                                 /* write log entries to a file */
    320. 

  320. 			use_logfile = true;
    321. 

  321. 

  322. 			if(!optarg && optind < argc && *argv[optind] != '-') {
    323. 

  323. 				optarg = argv[optind++];
    324. 

  324. 			}
    325. 

  325. 

  326. 			if(optarg) {
    327. 

  327. 				if(logfilename) {
    328. 

  328. 					fprintf(stderr, "Only one logfile can be given.\n");
    329. 

  329. 					usage(true);
    330. 

  330. 					return false;
    331. 

  331. 				}
    332. 

  332. 

  333. 				logfilename = xstrdup(optarg);
    334. 

  334. 			}
    335. 

  335. 

  336. 			break;
    337. 

  337. 

  338. 		case 5:                                 /* write PID to a file */
    339. 

  339. 			if(pidfilename) {
    340. 

  340. 				fprintf(stderr, "Only one pidfile can be given.\n");
    341. 

  341. 				usage(true);
    342. 

  342. 				return false;
    343. 

  343. 			}
    344. 

  344. 

  345. 			pidfilename = xstrdup(optarg);
    346. 

  346. 			break;
    347. 

  347. 

  348. 		case '?':
    349. 

  349. 			usage(true);
    350. 

  350. 			return false;
    351. 

  351. 

  352. 		default:
    353. 

  353. 			break;
    354. 

  354. 		}
    355. 

  355. 	}
    356. 

  356. 

  357. 	if(optind < argc) {
    358. 

  358. 		fprintf(stderr, "%s: unrecognized argument '%s'\n", argv[0], argv[optind]);
    359. 

  359. 		usage(true);
    360. 

  360. 		return false;
    361. 

  361. 	}
    362. 

  362. 

  363. 	return true;
    364. 

  364. }
    365. 

  365. 

  366. /* This function prettyprints the key generation process */
    367. 

  367. 

  368. static int indicator(int a, int b, BN_GENCB *cb) {
    369. 

  369. 	(void)cb;
    370. 

  370. 

  371. 	switch(a) {
    372. 

  372. 	case 0:
    373. 

  373. 		fprintf(stderr, ".");
    374. 

  374. 		break;
    375. 

  375. 

  376. 	case 1:
    377. 

  377. 		fprintf(stderr, "+");
    378. 

  378. 		break;
    379. 

  379. 

  380. 	case 2:
    381. 

  381. 		fprintf(stderr, "-");
    382. 

  382. 		break;
    383. 

  383. 

  384. 	case 3:
    385. 

  385. 		switch(b) {
    386. 

  386. 		case 0:
    387. 

  387. 			fprintf(stderr, " p\n");
    388. 

  388. 			break;
    389. 

  389. 

  390. 		case 1:
    391. 

  391. 			fprintf(stderr, " q\n");
    392. 

  392. 			break;
    393. 

  393. 

  394. 		default:
    395. 

  395. 			fprintf(stderr, "?");
    396. 

  396. 		}
    397. 

  397. 

  398. 		break;
    399. 

  399. 

  400. 	default:
    401. 

  401. 		fprintf(stderr, "?");
    402. 

  402. 	}
    403. 

  403. 

  404. 	return 1;
    405. 

  405. }
    406. 

  406. 

  407. #ifndef HAVE_BN_GENCB_NEW
    408. 

  408. BN_GENCB *BN_GENCB_new(void) {
    409. 

  409. 	return xmalloc_and_zero(sizeof(BN_GENCB));
    410. 

  410. }
    411. 

  411. 

  412. void BN_GENCB_free(BN_GENCB *cb) {
    413. 

  413. 	free(cb);
    414. 

  414. }
    415. 

  415. #endif
    416. 

  416. 

  417. /*
    418. 

  418.   Generate a public/private RSA keypair, and ask for a file to store
    419. 

  419.   them in.
    420. 

  420. */
    421. 

  421. static bool keygen(int bits) {
    422. 

  422. 	BIGNUM *e = NULL;
    423. 

  423. 	RSA *rsa_key;
    424. 

  424. 	FILE *f;
    425. 

  425. 	char filename[PATH_MAX];
    426. 

  426. 	BN_GENCB *cb;
    427. 

  427. 	int result;
    428. 

  428. 

  429. 	fprintf(stderr, "Generating %d bits keys:\n", bits);
    430. 

  430. 

  431. 	cb = BN_GENCB_new();
    432. 

  432. 

  433. 	if(!cb) {
    434. 

  434. 		abort();
    435. 

  435. 	}
    436. 

  436. 

  437. 	BN_GENCB_set(cb, indicator, NULL);
    438. 

  438. 

  439. 	rsa_key = RSA_new();
    440. 

  440. 

  441. 	if(BN_hex2bn(&e, "10001") == 0) {
    442. 

  442. 		abort();
    443. 

  443. 	}
    444. 

  444. 

  445. 	if(!rsa_key || !e) {
    446. 

  446. 		abort();
    447. 

  447. 	}
    448. 

  448. 

  449. 	result = RSA_generate_key_ex(rsa_key, bits, e, cb);
    450. 

  450. 

  451. 	BN_free(e);
    452. 

  452. 	BN_GENCB_free(cb);
    453. 

  453. 

  454. 	if(!result) {
    455. 

  455. 		fprintf(stderr, "Error during key generation!\n");
    456. 

  456. 		RSA_free(rsa_key);
    457. 

  457. 		return false;
    458. 

  458. 	} else {
    459. 

  459. 		fprintf(stderr, "Done.\n");
    460. 

  460. 	}
    461. 

  461. 

  462. 	snprintf(filename, sizeof(filename), "%s/rsa_key.priv", confbase);
    463. 

  463. 	f = ask_and_open(filename, "private RSA key");
    464. 

  464. 

  465. 	if(!f) {
    466. 

  466. 		RSA_free(rsa_key);
    467. 

  467. 		return false;
    468. 

  468. 	}
    469. 

  469. 

  470. #ifdef HAVE_FCHMOD
    471. 

  471. 	/* Make it unreadable for others. */
    472. 

  472. 	fchmod(fileno(f), 0600);
    473. 

  473. #endif
    474. 

  474. 

  475. 	fputc('\n', f);
    476. 

  476. 	PEM_write_RSAPrivateKey(f, rsa_key, NULL, NULL, 0, NULL, NULL);
    477. 

  477. 	fclose(f);
    478. 

  478. 

  479. 	char *name = get_name();
    480. 

  480. 

  481. 	if(name) {
    482. 

  482. 		snprintf(filename, sizeof(filename), "%s/hosts/%s", confbase, name);
    483. 

  483. 		free(name);
    484. 

  484. 	} else {
    485. 

  485. 		snprintf(filename, sizeof(filename), "%s/rsa_key.pub", confbase);
    486. 

  486. 	}
    487. 

  487. 

  488. 	f = ask_and_open(filename, "public RSA key");
    489. 

  489. 

  490. 	if(!f) {
    491. 

  491. 		RSA_free(rsa_key);
    492. 

  492. 		return false;
    493. 

  493. 	}
    494. 

  494. 

  495. 	fputc('\n', f);
    496. 

  496. 	PEM_write_RSAPublicKey(f, rsa_key);
    497. 

  497. 	fclose(f);
    498. 

  498. 

  499. 	RSA_free(rsa_key);
    500. 

  500. 

  501. 	return true;
    502. 

  502. }
    503. 

  503. 

  504. /*
    505. 

  505.   Set all files and paths according to netname
    506. 

  506. */
    507. 

  507. static void make_names(void) {
    508. 

  508. #ifdef HAVE_MINGW
    509. 

  509. 	HKEY key;
    510. 

  510. 	char installdir[1024] = "";
    511. 

  511. 	DWORD len = sizeof(installdir);
    512. 

  512. #endif
    513. 

  513. 

  514. 	if(netname) {
    515. 

  515. 		xasprintf(&identname, "tinc.%s", netname);
    516. 

  516. 	} else {
    517. 

  517. 		identname = xstrdup("tinc");
    518. 

  518. 	}
    519. 

  519. 

  520. #ifdef HAVE_MINGW
    521. 

  521. 

  522. 	if(!RegOpenKeyEx(HKEY_LOCAL_MACHINE, "SOFTWARE\\tinc", 0, KEY_READ, &key)) {
    523. 

  523. 		if(!RegQueryValueEx(key, NULL, 0, 0, (LPBYTE)installdir, &len)) {
    524. 

  524. 			if(!confbase) {
    525. 

  525. 				if(netname) {
    526. 

  526. 					xasprintf(&confbase, "%s/%s", installdir, netname);
    527. 

  527. 				} else {
    528. 

  528. 					xasprintf(&confbase, "%s", installdir);
    529. 

  529. 				}
    530. 

  530. 			}
    531. 

  531. 

  532. 			if(!logfilename) {
    533. 

  533. 				xasprintf(&logfilename, "%s/tinc.log", confbase);
    534. 

  534. 			}
    535. 

  535. 		}
    536. 

  536. 

  537. 		RegCloseKey(key);
    538. 

  538. 

  539. 		if(*installdir) {
    540. 

  540. 			return;
    541. 

  541. 		}
    542. 

  542. 	}
    543. 

  543. 

  544. #endif
    545. 

  545. 

  546. 	if(!pidfilename) {
    547. 

  547. 		xasprintf(&pidfilename, RUNSTATEDIR "/%s.pid", identname);
    548. 

  548. 	}
    549. 

  549. 

  550. 	if(!logfilename) {
    551. 

  551. 		xasprintf(&logfilename, LOCALSTATEDIR "/log/%s.log", identname);
    552. 

  552. 	}
    553. 

  553. 

  554. 	if(netname) {
    555. 

  555. 		if(!confbase) {
    556. 

  556. 			xasprintf(&confbase, CONFDIR "/tinc/%s", netname);
    557. 

  557. 		} else {
    558. 

  558. 			logger(LOG_INFO, "Both netname and configuration directory given, using the latter...");
    559. 

  559. 		}
    560. 

  560. 	} else {
    561. 

  561. 		if(!confbase) {
    562. 

  562. 			xasprintf(&confbase, CONFDIR "/tinc");
    563. 

  563. 		}
    564. 

  564. 	}
    565. 

  565. }
    566. 

  566. 

  567. static void free_names() {
    568. 

  568. 	free(identname);
    569. 

  569. 	free(netname);
    570. 

  570. 	free(pidfilename);
    571. 

  571. 	free(logfilename);
    572. 

  572. 	free(confbase);
    573. 

  573. }
    574. 

  574. 

  575. static bool drop_privs() {
    576. 

  576. #ifdef HAVE_MINGW
    577. 

  577. 

  578. 	if(switchuser) {
    579. 

  579. 		logger(LOG_ERR, "%s not supported on this platform", "-U");
    580. 

  580. 		return false;
    581. 

  581. 	}
    582. 

  582. 

  583. 	if(do_chroot) {
    584. 

  584. 		logger(LOG_ERR, "%s not supported on this platform", "-R");
    585. 

  585. 		return false;
    586. 

  586. 	}
    587. 

  587. 

  588. #else
    589. 

  589. 	uid_t uid = 0;
    590. 

  590. 

  591. 	if(switchuser) {
    592. 

  592. 		struct passwd *pw = getpwnam(switchuser);
    593. 

  593. 

  594. 		if(!pw) {
    595. 

  595. 			logger(LOG_ERR, "unknown user `%s'", switchuser);
    596. 

  596. 			return false;
    597. 

  597. 		}
    598. 

  598. 

  599. 		uid = pw->pw_uid;
    600. 

  600. 

  601. 		if(initgroups(switchuser, pw->pw_gid) != 0 ||
    602. 

  602. 		                setgid(pw->pw_gid) != 0) {
    603. 

  603. 			logger(LOG_ERR, "System call `%s' failed: %s",
    604. 

  604. 			       "initgroups", strerror(errno));
    605. 

  605. 			return false;
    606. 

  606. 		}
    607. 

  607. 

  608. #ifndef ANDROID
    609. 

  609. // Not supported in android NDK
    610. 

  610. 		endgrent();
    611. 

  611. 		endpwent();
    612. 

  612. #endif
    613. 

  613. 	}
    614. 

  614. 

  615. 	if(do_chroot) {
    616. 

  616. 		tzset();        /* for proper timestamps in logs */
    617. 

  617. 

  618. 		if(chroot(confbase) != 0 || chdir("/") != 0) {
    619. 

  619. 			logger(LOG_ERR, "System call `%s' failed: %s",
    620. 

  620. 			       "chroot", strerror(errno));
    621. 

  621. 			return false;
    622. 

  622. 		}
    623. 

  623. 

  624. 		free(confbase);
    625. 

  625. 		confbase = xstrdup("");
    626. 

  626. 	}
    627. 

  627. 

  628. 	if(switchuser)
    629. 

  629. 		if(setuid(uid) != 0) {
    630. 

  630. 			logger(LOG_ERR, "System call `%s' failed: %s",
    631. 

  631. 			       "setuid", strerror(errno));
    632. 

  632. 			return false;
    633. 

  633. 		}
    634. 

  634. 

  635. #endif
    636. 

  636. 	return true;
    637. 

  637. }
    638. 

  638. 

  639. #ifdef HAVE_MINGW
    640. 

  640. # define setpriority(level) !SetPriorityClass(GetCurrentProcess(), (level))
    641. 

  641. #else
    642. 

  642. # define NORMAL_PRIORITY_CLASS 0
    643. 

  643. # define BELOW_NORMAL_PRIORITY_CLASS 10
    644. 

  644. # define HIGH_PRIORITY_CLASS -10
    645. 

  645. # define setpriority(level) (setpriority(PRIO_PROCESS, 0, (level)))
    646. 

  646. #endif
    647. 

  647. 

  648. int main(int argc, char **argv) {
    649. 

  649. 	program_name = argv[0];
    650. 

  650. 

  651. 	if(!parse_options(argc, argv)) {
    652. 

  652. 		return 1;
    653. 

  653. 	}
    654. 

  654. 

  655. 	if(show_version) {
    656. 

  656. 		printf("%s version %s\n", PACKAGE, VERSION);
    657. 

  657. 		printf("Copyright (C) 1998-2019 Ivo Timmermans, Guus Sliepen and others.\n"
    658. 

  658. 		       "See the AUTHORS file for a complete list.\n\n"
    659. 

  659. 		       "tinc comes with ABSOLUTELY NO WARRANTY.  This is free software,\n"
    660. 

  660. 		       "and you are welcome to redistribute it under certain conditions;\n"
    661. 

  661. 		       "see the file COPYING for details.\n");
    662. 

  662. 

  663. 		return 0;
    664. 

  664. 	}
    665. 

  665. 

  666. 	if(show_help) {
    667. 

  667. 		usage(false);
    668. 

  668. 		return 0;
    669. 

  669. 	}
    670. 

  670. 

  671. 	make_names();
    672. 

  672. 

  673. 	if(kill_tincd) {
    674. 

  674. 		return !kill_other(kill_tincd);
    675. 

  675. 	}
    676. 

  676. 

  677. 	openlogger("tinc", use_logfile ? LOGMODE_FILE : LOGMODE_STDERR);
    678. 

  678. 

  679. 	g_argv = argv;
    680. 

  680. 

  681. 	if(getenv("LISTEN_PID") && atoi(getenv("LISTEN_PID")) == getpid()) {
    682. 

  682. 		do_detach = false;
    683. 

  683. 	}
    684. 

  684. 

  685. #ifdef HAVE_UNSETENV
    686. 

  686. 	unsetenv("LISTEN_PID");
    687. 

  687. #endif
    688. 

  688. 

  689. 	init_configuration(&config_tree);
    690. 

  690. 

  691. #ifndef OPENSSL_NO_ENGINE
    692. 

  692. 	ENGINE_load_builtin_engines();
    693. 

  693. 	ENGINE_register_all_complete();
    694. 

  694. #endif
    695. 

  695. 

  696. #if OPENSSL_VERSION_NUMBER < 0x10100000L
    697. 

  697. 	OpenSSL_add_all_algorithms();
    698. 

  698. #endif
    699. 

  699. 

  700. 	if(generate_keys) {
    701. 

  701. 		read_server_config();
    702. 

  702. 		return !keygen(generate_keys);
    703. 

  703. 	}
    704. 

  704. 

  705. 	if(!read_server_config()) {
    706. 

  706. 		return 1;
    707. 

  707. 	}
    708. 

  708. 

  709. #ifdef HAVE_LZO
    710. 

  710. 

  711. 	if(lzo_init() != LZO_E_OK) {
    712. 

  712. 		logger(LOG_ERR, "Error initializing LZO compressor!");
    713. 

  713. 		return 1;
    714. 

  714. 	}
    715. 

  715. 

  716. #endif
    717. 

  717. 

  718. #ifdef HAVE_MINGW
    719. 

  719. 

  720. 	if(WSAStartup(MAKEWORD(2, 2), &wsa_state)) {
    721. 

  721. 		logger(LOG_ERR, "System call `%s' failed: %s", "WSAStartup", winerror(GetLastError()));
    722. 

  722. 		return 1;
    723. 

  723. 	}
    724. 

  724. 

  725. 	if(!do_detach || !init_service()) {
    726. 

  726. 		return main2(argc, argv);
    727. 

  727. 	} else {
    728. 

  728. 		return 1;
    729. 

  729. 	}
    730. 

  730. }
    731. 

  731. 

  732. int main2(int argc, char **argv) {
    733. 

  733. 	InitializeCriticalSection(&mutex);
    734. 

  734. 	EnterCriticalSection(&mutex);
    735. 

  735. #endif
    736. 

  736. 	char *priority = NULL;
    737. 

  737. 

  738. 	if(!detach()) {
    739. 

  739. 		return 1;
    740. 

  740. 	}
    741. 

  741. 

  742. #ifdef HAVE_MLOCKALL
    743. 

  743. 

  744. 	/* Lock all pages into memory if requested.
    745. 

  745. 	 * This has to be done after daemon()/fork() so it works for child.
    746. 

  746. 	 * No need to do that in parent as it's very short-lived. */
    747. 

  747. 	if(do_mlock && mlockall(MCL_CURRENT | MCL_FUTURE) != 0) {
    748. 

  748. 		logger(LOG_ERR, "System call `%s' failed: %s", "mlockall",
    749. 

  749. 		       strerror(errno));
    750. 

  750. 		return 1;
    751. 

  751. 	}
    752. 

  752. 

  753. #endif
    754. 

  754. 

  755. 	/* Setup sockets and open device. */
    756. 

  756. 

  757. 	if(!setup_network()) {
    758. 

  758. 		goto end;
    759. 

  759. 	}
    760. 

  760. 

  761. 	/* Initiate all outgoing connections. */
    762. 

  762. 

  763. 	try_outgoing_connections();
    764. 

  764. 

  765. 	/* Change process priority */
    766. 

  766. 

  767. 	if(get_config_string(lookup_config(config_tree, "ProcessPriority"), &priority)) {
    768. 

  768. 		if(!strcasecmp(priority, "Normal")) {
    769. 

  769. 			if(setpriority(NORMAL_PRIORITY_CLASS) != 0) {
    770. 

  770. 				logger(LOG_ERR, "System call `%s' failed: %s",
    771. 

  771. 				       "setpriority", strerror(errno));
    772. 

  772. 				goto end;
    773. 

  773. 			}
    774. 

  774. 		} else if(!strcasecmp(priority, "Low")) {
    775. 

  775. 			if(setpriority(BELOW_NORMAL_PRIORITY_CLASS) != 0) {
    776. 

  776. 				logger(LOG_ERR, "System call `%s' failed: %s",
    777. 

  777. 				       "setpriority", strerror(errno));
    778. 

  778. 				goto end;
    779. 

  779. 			}
    780. 

  780. 		} else if(!strcasecmp(priority, "High")) {
    781. 

  781. 			if(setpriority(HIGH_PRIORITY_CLASS) != 0) {
    782. 

  782. 				logger(LOG_ERR, "System call `%s' failed: %s",
    783. 

  783. 				       "setpriority", strerror(errno));
    784. 

  784. 				goto end;
    785. 

  785. 			}
    786. 

  786. 		} else {
    787. 

  787. 			logger(LOG_ERR, "Invalid priority `%s`!", priority);
    788. 

  788. 			goto end;
    789. 

  789. 		}
    790. 

  790. 	}
    791. 

  791. 

  792. 	/* drop privileges */
    793. 

  793. 	if(!drop_privs()) {
    794. 

  794. 		goto end;
    795. 

  795. 	}
    796. 

  796. 

  797. 	/* Start main loop. It only exits when tinc is killed. */
    798. 

  798. 

  799. 	status = main_loop();
    800. 

  800. 

  801. 	/* Shutdown properly. */
    802. 

  802. 

  803. 	ifdebug(CONNECTIONS)
    804. 

  804. 	devops.dump_stats();
    805. 

  805. 

  806. 	close_network_connections();
    807. 

  807. 

  808. end:
    809. 

  809. 	logger(LOG_NOTICE, "Terminating");
    810. 

  810. 

  811. #ifndef HAVE_MINGW
    812. 

  812. 	remove_pid(pidfilename);
    813. 

  813. #endif
    814. 

  814. 

  815. 	free(priority);
    816. 

  816. 

  817. #if OPENSSL_VERSION_NUMBER < 0x10100000L
    818. 

  818. 	EVP_cleanup();
    819. 

  819. 	ERR_free_strings();
    820. 

  820. #ifndef OPENSSL_NO_ENGINE
    821. 

  821. 	ENGINE_cleanup();
    822. 

  822. #endif
    823. 

  823. #endif
    824. 

  824. 

  825. 	exit_configuration(&config_tree);
    826. 

  826. 	list_delete_list(cmdline_conf);
    827. 

  827. 	free_names();
    828. 

  828. 

  829. 	return status;
    830. 

  830. }
    831.