X-Git-Url: https://www.tinc-vpn.org/git/browse?a=blobdiff_plain;f=src%2Ftincctl.c;h=d02bda52e1b2ded0cbbaa5072a9b2f1a7f4f627a;hb=d219fe2c09652fcdc6b457bb5fd72ad18a3a33c5;hp=4349b79c07ed0d62218ddc69ce9522b96a964a13;hpb=fb1e69072e9c1dda35033cc2785c27e324a2abda;p=tinc diff --git a/src/tincctl.c b/src/tincctl.c index 4349b79c..d02bda52 100644 --- a/src/tincctl.c +++ b/src/tincctl.c @@ -116,7 +116,7 @@ static void usage(bool status) { " del VARIABLE [VALUE] Remove VARIABLE [only ones with watching VALUE]\n" " start [tincd options] Start tincd.\n" " stop Stop tincd.\n" - " restart Restart tincd.\n" + " restart [tincd options] Restart tincd.\n" " reload Partially reload configuration of running tincd.\n" " pid Show PID of currently running tincd.\n" " generate-keys [bits] Generate new RSA and ECDSA public/private keypairs.\n" @@ -227,6 +227,16 @@ static void disable_old_keys(const char *filename, const char *what) { w = fopen(tmpfile, "w"); +#ifdef HAVE_FCHMOD + /* Let the temporary file have the same permissions as the original. */ + + if(w) { + struct stat st = {.st_mode = 0600}; + fstat(fileno(r), &st); + fchmod(fileno(w), st.st_mode); + } +#endif + while(fgets(buf, sizeof buf, r)) { if(!block && !strncmp(buf, "-----BEGIN ", 11)) { if((strstr(buf, " EC ") && strstr(what, "ECDSA")) || (strstr(buf, " RSA ") && strstr(what, "RSA"))) { @@ -324,8 +334,6 @@ static FILE *ask_and_open(const char *filename, const char *what, const char *mo filename = buf2; } - umask(0077); /* Disallow everything for group and other */ - disable_old_keys(filename, what); /* Open it first to keep the inode busy */ @@ -871,7 +879,7 @@ static int cmd_stop(int argc, char *argv[]) { } static int cmd_restart(int argc, char *argv[]) { - cmd_stop(argc, argv); + cmd_stop(1, argv); return cmd_start(argc, argv); } @@ -1406,6 +1414,7 @@ static int cmd_config(int argc, char *argv[]) { /* Some simple checks. */ bool found = false; + bool warnonremove = false; for(int i = 0; variables[i].name; i++) { if(strcasecmp(variables[i].name, variable)) @@ -1444,6 +1453,16 @@ static int cmd_config(int argc, char *argv[]) { return 1; } + /* Change "add" into "set" for variables that do not allow multiple occurences. + Turn on warnings when it seems variables might be removed unintentionally. */ + + if(action == 1 && !(variables[i].type & VAR_MULTIPLE)) { + warnonremove = true; + action = 0; + } else if(action == 0 && (variables[i].type & VAR_MULTIPLE)) { + warnonremove = true; + } + break; } @@ -1526,9 +1545,14 @@ static int cmd_config(int argc, char *argv[]) { } // Set } else if(action == 0) { + // Warn if "set" was used for variables that can occur multiple times + if(warnonremove && strcasecmp(bvalue, value)) + fprintf(stderr, "Warning: removing %s = %s\n", variable, bvalue); + // Already set? Delete the rest... if(set) continue; + // Otherwise, replace. if(fprintf(tf, "%s = %s\n", variable, value) < 0) { fprintf(stderr, "Error writing to temporary file %s: %s\n", tmpfile, strerror(errno)); @@ -1702,7 +1726,9 @@ static int cmd_init(int argc, char *argv[]) { fprintf(stderr, "Could not create file %s: %s\n", filename, strerror(errno)); return 1; } - fchmod(fileno(f), 0755); + mode_t mask = umask(0); + umask(mask); + fchmod(fileno(f), 0755 & ~mask); fprintf(f, "#!/bin/sh\n\necho 'Unconfigured tinc-up script, please edit!'\n\n#ifconfig $INTERFACE netmask \n"); fclose(f); }