X-Git-Url: https://www.tinc-vpn.org/git/browse?a=blobdiff_plain;f=src%2Ftincctl.c;h=f6e60fe6f263870935657c096279010ced04bc1b;hb=5fca595b80f5d2a6629d74e89ca2ef46ba9ae292;hp=1183dd78c4401874d41a635722f0947bbff7a1b6;hpb=ce5e0f6557edba19f8077661c034f48cdfd64b9a;p=tinc diff --git a/src/tincctl.c b/src/tincctl.c index 1183dd78..f6e60fe6 100644 --- a/src/tincctl.c +++ b/src/tincctl.c @@ -40,7 +40,6 @@ #include "top.h" #ifdef HAVE_MINGW -#define mkdir(a, b) mkdir(a) #define SCRIPTEXTENSION ".bat" #else #define SCRIPTEXTENSION "" @@ -117,7 +116,7 @@ static void usage(bool status) { " del VARIABLE [VALUE] Remove VARIABLE [only ones with watching VALUE]\n" " start [tincd options] Start tincd.\n" " stop Stop tincd.\n" - " restart Restart tincd.\n" + " restart [tincd options] Restart tincd.\n" " reload Partially reload configuration of running tincd.\n" " pid Show PID of currently running tincd.\n" " generate-keys [bits] Generate new RSA and ECDSA public/private keypairs.\n" @@ -228,6 +227,16 @@ static void disable_old_keys(const char *filename, const char *what) { w = fopen(tmpfile, "w"); +#ifdef HAVE_FCHMOD + /* Let the temporary file have the same permissions as the original. */ + + if(w) { + struct stat st = {.st_mode = 0600}; + fstat(fileno(r), &st); + fchmod(fileno(w), st.st_mode); + } +#endif + while(fgets(buf, sizeof buf, r)) { if(!block && !strncmp(buf, "-----BEGIN ", 11)) { if((strstr(buf, " EC ") && strstr(what, "ECDSA")) || (strstr(buf, " RSA ") && strstr(what, "RSA"))) { @@ -325,8 +334,6 @@ static FILE *ask_and_open(const char *filename, const char *what, const char *mo filename = buf2; } - umask(0077); /* Disallow everything for group and other */ - disable_old_keys(filename, what); /* Open it first to keep the inode busy */ @@ -872,7 +879,7 @@ static int cmd_stop(int argc, char *argv[]) { } static int cmd_restart(int argc, char *argv[]) { - cmd_stop(argc, argv); + cmd_stop(1, argv); return cmd_start(argc, argv); } @@ -1296,6 +1303,7 @@ const var_t variables[] = { {"KeyExpire", VAR_SERVER}, {"LocalDiscovery", VAR_SERVER}, {"MACExpire", VAR_SERVER}, + {"MaxConnectionBurst", VAR_SERVER}, {"MaxOutputBufferSize", VAR_SERVER}, {"MaxTimeout", VAR_SERVER}, {"Mode", VAR_SERVER | VAR_SAFE}, @@ -1702,7 +1710,9 @@ static int cmd_init(int argc, char *argv[]) { fprintf(stderr, "Could not create file %s: %s\n", filename, strerror(errno)); return 1; } - fchmod(fileno(f), 0755); + mode_t mask = umask(0); + umask(mask); + fchmod(fileno(f), 0755 & ~mask); fprintf(f, "#!/bin/sh\n\necho 'Unconfigured tinc-up script, please edit!'\n\n#ifconfig $INTERFACE netmask \n"); fclose(f); }