/*
tincd.c -- the main file for tincd
- Copyright (C) 1998,1999,2000 Ivo Timmermans <itimmermans@bigfoot.com>
- 2000 Guus Sliepen <guus@sliepen.warande.net>
+ Copyright (C) 1998-2002 Ivo Timmermans <ivo@o2w.nl>
+ 2000-2002 Guus Sliepen <guus@sliepen.eu.org>
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
along with this program; if not, write to the Free Software
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
- $Id: tincd.c,v 1.10.4.40 2001/01/06 18:03:41 guus Exp $
+ $Id: tincd.c,v 1.10.4.60 2002/06/21 10:11:34 guus Exp $
*/
#include "config.h"
#include <errno.h>
-#include <fcntl.h>
+#include <fcntl.h>
#include <getopt.h>
#include <signal.h>
#include <stdio.h>
# include <sys/ioctl.h>
#endif
-#ifdef HAVE_OPENSSL_RAND_H
-# include <openssl/rand.h>
-#else
-# include <rand.h>
-#endif
-
-#ifdef HAVE_OPENSSL_RSA_H
-# include <openssl/rsa.h>
-#else
-# include <rsa.h>
-#endif
-
-#ifdef HAVE_OPENSSL_ERR_H
-# include <openssl/err.h>
-#else
-# include <err.h>
-#endif
-
-#ifdef HAVE_OPENSSL_PEM_H
-# include <openssl/pem.h>
-#else
-# include <pem.h>
-#endif
-
-
+#include <openssl/rand.h>
+#include <openssl/rsa.h>
+#include <openssl/pem.h>
+#include <openssl/evp.h>
#include <utils.h>
#include <xalloc.h>
char *program_name;
/* If nonzero, display usage information and exit. */
-static int show_help;
+int show_help;
/* If nonzero, print the version on standard output and exit. */
-static int show_version;
+int show_version;
/* If nonzero, it will attempt to kill a running tincd and exit. */
-static int kill_tincd = 0;
-
-/* If zero, don't detach from the terminal. */
-extern int do_detach;
+int kill_tincd = 0;
/* If nonzero, generate public/private keypair for this host/net. */
-static int generate_keys = 0;
+int generate_keys = 0;
+
+/* If nonzero, use null ciphers and skip all key exchanges. */
+int bypass_security = 0;
char *identname; /* program name for syslog */
char *pidfilename; /* pid file location */
static struct option const long_options[] =
{
{ "config", required_argument, NULL, 'c' },
- { "kill", no_argument, NULL, 'k' },
+ { "kill", optional_argument, NULL, 'k' },
{ "net", required_argument, NULL, 'n' },
{ "help", no_argument, &show_help, 1 },
{ "version", no_argument, &show_version, 1 },
{ "no-detach", no_argument, &do_detach, 0 },
{ "generate-keys", optional_argument, NULL, 'K'},
+ { "debug", optional_argument, NULL, 'd'},
+ { "bypass-security", no_argument, &bypass_security, 1 },
{ NULL, 0, NULL, 0 }
};
{
printf(_("Usage: %s [option]...\n\n"), program_name);
printf(_(" -c, --config=DIR Read configuration options from DIR.\n"
- " -D, --no-detach Don't fork and detach.\n"
- " -d Increase debug level.\n"
- " -k, --kill Attempt to kill a running tincd and exit.\n"
- " -n, --net=NETNAME Connect to net NETNAME.\n"));
+ " -D, --no-detach Don't fork and detach.\n"
+ " -d, --debug[=LEVEL] Increase debug level or set it to LEVEL.\n"
+ " -k, --kill[=SIGNAL] Attempt to kill a running tincd and exit.\n"
+ " -n, --net=NETNAME Connect to net NETNAME.\n"));
printf(_(" -K, --generate-keys[=BITS] Generate public/private RSA keypair.\n"
" --help Display this help and exit.\n"
- " --version Output version information and exit.\n\n"));
+ " --version Output version information and exit.\n\n"));
printf(_("Report bugs to tinc@nl.linux.org.\n"));
}
exit(status);
{
int r;
int option_index = 0;
-
- while((r = getopt_long(argc, argv, "c:Ddkn:K::", long_options, &option_index)) != EOF)
+
+ while((r = getopt_long(argc, argv, "c:Dd::k::n:K::", long_options, &option_index)) != EOF)
{
switch(r)
{
case 0: /* long option */
break;
- case 'c': /* config file */
- confbase = xmalloc(strlen(optarg)+1);
- strcpy(confbase, optarg);
- break;
- case 'D': /* no detach */
- do_detach = 0;
- break;
- case 'd': /* inc debug level */
- if(optarg)
- debug_lvl = atoi(optarg);
- else
- debug_lvl++;
- break;
- case 'k': /* kill old tincds */
- kill_tincd = 1;
- break;
- case 'n': /* net name given */
- netname = xmalloc(strlen(optarg)+1);
- strcpy(netname, optarg);
- break;
- case 'K': /* generate public/private keypair */
+ case 'c': /* config file */
+ confbase = xmalloc(strlen(optarg)+1);
+ strcpy(confbase, optarg);
+ break;
+ case 'D': /* no detach */
+ do_detach = 0;
+ break;
+ case 'd': /* inc debug level */
+ if(optarg)
+ debug_lvl = atoi(optarg);
+ else
+ debug_lvl++;
+ break;
+ case 'k': /* kill old tincds */
+ if(optarg)
+ {
+ if(!strcasecmp(optarg, "HUP"))
+ kill_tincd = SIGHUP;
+ else if(!strcasecmp(optarg, "TERM"))
+ kill_tincd = SIGTERM;
+ else if(!strcasecmp(optarg, "KILL"))
+ kill_tincd = SIGKILL;
+ else if(!strcasecmp(optarg, "USR1"))
+ kill_tincd = SIGUSR1;
+ else if(!strcasecmp(optarg, "USR2"))
+ kill_tincd = SIGUSR2;
+ else if(!strcasecmp(optarg, "WINCH"))
+ kill_tincd = SIGWINCH;
+ else if(!strcasecmp(optarg, "INT"))
+ kill_tincd = SIGINT;
+ else if(!strcasecmp(optarg, "ALRM"))
+ kill_tincd = SIGALRM;
+ else
+ {
+ kill_tincd = atoi(optarg);
+ if(!kill_tincd)
+ {
+ fprintf(stderr, _("Invalid argument `%s'; SIGNAL must be a number or one of HUP, TERM, KILL, USR1, USR2, WINCH, INT or ALRM.\n"), optarg);
+ usage(1);
+ }
+ }
+ }
+ else
+ kill_tincd = SIGTERM;
+ break;
+ case 'n': /* net name given */
+ netname = xmalloc(strlen(optarg)+1);
+ strcpy(netname, optarg);
+ break;
+ case 'K': /* generate public/private keypair */
if(optarg)
{
generate_keys = atoi(optarg);
if(generate_keys < 512)
{
fprintf(stderr, _("Invalid argument `%s'; BITS must be a number equal to or greater than 512.\n"),
- optarg);
+ optarg);
usage(1);
}
- generate_keys &= ~7; /* Round it to bytes */
+ generate_keys &= ~7; /* Round it to bytes */
}
else
generate_keys = 1024;
- break;
+ break;
case '?':
usage(1);
default:
switch(b)
{
case 0:
- fprintf(stderr, " p\n");
+ fprintf(stderr, " p\n");
break;
case 1:
fprintf(stderr, " q\n");
{
RSA *rsa_key;
FILE *f;
+ char *name = NULL;
char *filename;
fprintf(stderr, _("Generating %d bits keys:\n"), bits);
if(!rsa_key)
{
- fprintf(stderr, _("Error during key generation!"));
+ fprintf(stderr, _("Error during key generation!\n"));
return -1;
- }
+ }
else
fprintf(stderr, _("Done.\n"));
- asprintf(&filename, "%s/rsa_key.pub", confbase);
- if((f = ask_and_safe_open(filename, _("public RSA key"))) == NULL)
+ get_config_string(lookup_config(config_tree, "Name"), &name);
+
+ if(name)
+ asprintf(&filename, "%s/hosts/%s", confbase, name);
+ else
+ asprintf(&filename, "%s/rsa_key.pub", confbase);
+
+ if((f = ask_and_safe_open(filename, _("public RSA key"), "a")) == NULL)
return -1;
+
+ if(ftell(f))
+ fprintf(stderr, _("Appending key to existing contents.\nMake sure only one key is stored in the file.\n"));
+
PEM_write_RSAPublicKey(f, rsa_key);
fclose(f);
free(filename);
-
+
asprintf(&filename, "%s/rsa_key.priv", confbase);
- if((f = ask_and_safe_open(filename, _("private RSA key"))) == NULL)
+ if((f = ask_and_safe_open(filename, _("private RSA key"), "a")) == NULL)
return -1;
+
+ if(ftell(f))
+ fprintf(stderr, _("Appending key to existing contents.\nMake sure only one key is stored in the file.\n"));
+
PEM_write_RSAPrivateKey(f, rsa_key, NULL, NULL, 0, NULL, NULL);
fclose(f);
free(filename);
bindtextdomain (PACKAGE, LOCALEDIR);
textdomain (PACKAGE);
- /* Do some intl stuff right now */
-
- unknown = _("unknown");
-
environment = envp;
parse_options(argc, argv, envp);
if(show_version)
{
printf(_("%s version %s (built %s %s, protocol %d)\n"), PACKAGE, VERSION, __DATE__, __TIME__, PROT_CURRENT);
- printf(_("Copyright (C) 1998,1999,2000 Ivo Timmermans, Guus Sliepen and others.\n"
- "See the AUTHORS file for a complete list.\n\n"
- "tinc comes with ABSOLUTELY NO WARRANTY. This is free software,\n"
- "and you are welcome to redistribute it under certain conditions;\n"
- "see the file COPYING for details.\n"));
+ printf(_("Copyright (C) 1998-2002 Ivo Timmermans, Guus Sliepen and others.\n"
+ "See the AUTHORS file for a complete list.\n\n"
+ "tinc comes with ABSOLUTELY NO WARRANTY. This is free software,\n"
+ "and you are welcome to redistribute it under certain conditions;\n"
+ "see the file COPYING for details.\n"));
return 0;
}
if(show_help)
usage(0);
- if(geteuid())
- {
- fprintf(stderr, _("You must be root to run this program.\n"));
- return 1;
- }
-
- openlog("tinc", LOG_PERROR, LOG_DAEMON); /* Catch all syslog() calls issued before detaching */
+#ifndef LOG_PERROR
+ openlog("tinc", LOG_CONS, LOG_DAEMON); /* Catch all syslog() calls issued before detaching */
+#else
+ openlog("tinc", LOG_PERROR, LOG_DAEMON); /* Catch all syslog() calls issued before detaching */
+#endif
g_argv = argv;
make_names();
+ init_configuration(&config_tree);
/* Slllluuuuuuurrrrp! */
cp
RAND_load_file("/dev/urandom", 1024);
+
+#ifdef HAVE_SSLEAY_ADD_ALL_ALGORITHMS
+ SSLeay_add_all_algorithms();
+#else
+ OpenSSL_add_all_algorithms();
+#endif
+
cp
if(generate_keys)
- exit(keygen(generate_keys));
+ {
+ read_server_config();
+ exit(keygen(generate_keys));
+ }
if(kill_tincd)
- exit(kill_other());
+ exit(kill_other(kill_tincd));
if(read_server_config())
- return 1;
+ exit(1);
cp
if(detach())
exit(0);
cp
- if(debug_lvl >= DEBUG_ERROR)
- ERR_load_crypto_strings();
-
for(;;)
{
if(!setup_network_connections())
main_loop();
cleanup_and_exit(1);
}
-
+
syslog(LOG_ERR, _("Unrecoverable error"));
cp_trace();
if(do_detach)
{
- syslog(LOG_NOTICE, _("Restarting in %d seconds!"), MAXTIMEOUT);
- sleep(MAXTIMEOUT);
+ syslog(LOG_NOTICE, _("Restarting in %d seconds!"), maxtimeout);
+ sleep(maxtimeout);
}
else
{
syslog(LOG_ERR, _("Not restarting."));
- exit(0);
+ exit(1);
}
}
}
-