Use a control socket directory to restrict access

[tinc] / src / tincd.c

diff --git a/src/tincd.c b/src/tincd.c
index 95c45d3..2044310 100644 (file)
--- a/src/tincd.c
+++ b/src/tincd.c
@@ -102,13 +102,14 @@ static void usage(bool status)
                                program_name);
        else {
                printf(_("Usage: %s [option]...\n\n"), program_name);
-               printf(_("  -c, --config=DIR                     Read configuration options from DIR.\n"
+               printf(_(       "  -c, --config=DIR              Read configuration options from DIR.\n"
                                "  -D, --no-detach               Don't fork and detach.\n"
                                "  -d, --debug[=LEVEL]           Increase debug level or set it to LEVEL.\n"
                                "  -n, --net=NETNAME             Connect to net NETNAME.\n"
                                "  -L, --mlock                   Lock tinc into main memory.\n"
                                "      --logfile[=FILENAME]      Write log entries to a logfile.\n"
                                "      --controlsocket=FILENAME  Open control socket at FILENAME.\n"
+                               "      --bypass-security         Disables meta protocol security, for debugging.\n"
                                "      --help                    Display this help and exit.\n"
                                "      --version                 Output version information and exit.\n\n"));
                printf(_("Report bugs to tinc@tinc-vpn.org.\n"));
@@ -217,7 +218,7 @@ static void make_names(void)
 #endif
 
        if(!controlsocketname)
-               asprintf(&controlsocketname, LOCALSTATEDIR "/run/%s.control", identname);
+               asprintf(&controlsocketname, "%s/run/%s.control/socket", LOCALSTATEDIR, identname);
 
        if(!logfilename)
                asprintf(&logfilename, LOCALSTATEDIR "/log/%s.log", identname);