X-Git-Url: https://www.tinc-vpn.org/git/browse?p=tinc;a=blobdiff_plain;f=src%2Ftincd.c;h=0ccbdee6f13f6e7bca8a95b8efd580132f771afa;hp=f98afe41533fec14afb724e914139e9ca035f2df;hb=66067cc9c1347fb2de35660d531fdd4be8aede6a;hpb=cf49b2c0647554613874cce495e4a7937a9f7863

diff --git a/src/tincd.c b/src/tincd.c
index f98afe41..0ccbdee6 100644
--- a/src/tincd.c
+++ b/src/tincd.c
@@ -1,7 +1,7 @@
 /*
     tincd.c -- the main file for tincd
-    Copyright (C) 1998,1999,2000 Ivo Timmermans <itimmermans@bigfoot.com>
-                            2000 Guus Sliepen <guus@sliepen.warande.net>
+    Copyright (C) 1998-2001 Ivo Timmermans <itimmermans@bigfoot.com>
+                  2000,2001 Guus Sliepen <guus@sliepen.warande.net>
 
     This program is free software; you can redistribute it and/or modify
     it under the terms of the GNU General Public License as published by
@@ -17,7 +17,7 @@
     along with this program; if not, write to the Free Software
     Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
 
-    $Id: tincd.c,v 1.10.4.35 2000/11/24 23:13:07 guus Exp $
+    $Id: tincd.c,v 1.10.4.55 2001/10/28 08:41:19 guus Exp $
 */
 
 #include "config.h"
@@ -38,25 +38,9 @@
 # include <sys/ioctl.h>
 #endif
 
-#ifdef HAVE_OPENSSL_RAND_H
-# include <openssl/rand.h>
-#else
-# include <rand.h>
-#endif
-
-#ifdef HAVE_OPENSSL_RSA_H
-# include <openssl/rsa.h>
-#else
-# include <rsa.h>
-#endif
-
-#ifdef HAVE_OPENSSL_ERR_H
-# include <openssl/err.h>
-#else
-# include <err.h>
-#endif
-
-
+#include <openssl/rand.h>
+#include <openssl/rsa.h>
+#include <openssl/pem.h>
 
 #include <utils.h>
 #include <xalloc.h>
@@ -74,19 +58,19 @@
 char *program_name;
 
 /* If nonzero, display usage information and exit. */
-static int show_help;
+int show_help;
 
 /* If nonzero, print the version on standard output and exit.  */
-static int show_version;
+int show_version;
 
 /* If nonzero, it will attempt to kill a running tincd and exit. */
-static int kill_tincd = 0;
-
-/* If zero, don't detach from the terminal. */
-extern int do_detach;
+int kill_tincd = 0;
 
 /* If nonzero, generate public/private keypair for this host/net. */
-static int generate_keys = 0;
+int generate_keys = 0;
+
+/* If nonzero, use null ciphers and skip all key exchanges. */
+int bypass_security = 0;
 
 char *identname;                 /* program name for syslog */
 char *pidfilename;               /* pid file location */
@@ -97,12 +81,14 @@ char **environment;              /* A pointer to the environment on
 static struct option const long_options[] =
 {
   { "config", required_argument, NULL, 'c' },
-  { "kill", no_argument, NULL, 'k' },
+  { "kill", optional_argument, NULL, 'k' },
   { "net", required_argument, NULL, 'n' },
   { "help", no_argument, &show_help, 1 },
   { "version", no_argument, &show_version, 1 },
   { "no-detach", no_argument, &do_detach, 0 },
   { "generate-keys", optional_argument, NULL, 'K'},
+  { "debug", optional_argument, NULL, 'd'},
+  { "bypass-security", no_argument, &bypass_security, 1 },
   { NULL, 0, NULL, 0 }
 };
 
@@ -116,8 +102,8 @@ usage(int status)
       printf(_("Usage: %s [option]...\n\n"), program_name);
       printf(_("  -c, --config=DIR           Read configuration options from DIR.\n"
 	       "  -D, --no-detach            Don't fork and detach.\n"
-	       "  -d                         Increase debug level.\n"
-	       "  -k, --kill                 Attempt to kill a running tincd and exit.\n"
+	       "  -d, --debug[=LEVEL]        Increase debug level or set it to LEVEL.\n"
+	       "  -k, --kill[=SIGNAL]        Attempt to kill a running tincd and exit.\n"
 	       "  -n, --net=NETNAME          Connect to net NETNAME.\n"));
       printf(_("  -K, --generate-keys[=BITS] Generate public/private RSA keypair.\n"
                "      --help                 Display this help and exit.\n"
@@ -133,7 +119,7 @@ parse_options(int argc, char **argv, char **envp)
   int r;
   int option_index = 0;
   
-  while((r = getopt_long(argc, argv, "c:Ddkn:K::", long_options, &option_index)) != EOF)
+  while((r = getopt_long(argc, argv, "c:Dd::k::n:K::", long_options, &option_index)) != EOF)
     {
       switch(r)
         {
@@ -147,10 +133,13 @@ parse_options(int argc, char **argv, char **envp)
 	  do_detach = 0;
 	  break;
 	case 'd': /* inc debug level */
-	  debug_lvl++;
+	  if(optarg)
+	    debug_lvl = atoi(optarg);
+	  else
+	    debug_lvl++;
 	  break;
 	case 'k': /* kill old tincds */
-	  kill_tincd = 1;
+	  kill_tincd = optarg?atoi(optarg):SIGTERM;
 	  break;
 	case 'n': /* net name given */
 	  netname = xmalloc(strlen(optarg)+1);
@@ -162,7 +151,8 @@ parse_options(int argc, char **argv, char **envp)
               generate_keys = atoi(optarg);
               if(generate_keys < 512)
                 {
-                  fprintf(stderr, _("Invalid argument! BITS must be a number equal to or greater than 512.\n"));
+                  fprintf(stderr, _("Invalid argument `%s'; BITS must be a number equal to or greater than 512.\n"),
+			  optarg);
                   usage(1);
                 }
               generate_keys &= ~7;	/* Round it to bytes */
@@ -211,27 +201,56 @@ void indicator(int a, int b, void *p)
   }
 }
 
-/* Generate a public/private RSA keypair, and possibly store it into the configuration file. */
-
+/*
+  Generate a public/private RSA keypair, and ask for a file to store
+  them in.
+*/
 int keygen(int bits)
 {
   RSA *rsa_key;
+  FILE *f;
+  char *name = NULL;
+  char *filename;
 
   fprintf(stderr, _("Generating %d bits keys:\n"), bits);
   rsa_key = RSA_generate_key(bits, 0xFFFF, indicator, NULL);
+
   if(!rsa_key)
     {
-      fprintf(stderr, _("Error during key generation!"));
+      fprintf(stderr, _("Error during key generation!\n"));
       return -1;
-     }
+    }
   else
     fprintf(stderr, _("Done.\n"));
 
-  fprintf(stderr, _("Please copy the private key to tinc.conf and the\npublic key to your host configuration file:\n\n"));
-  printf("PublicKey = %s\n", BN_bn2hex(rsa_key->n));
-  printf("PrivateKey = %s\n", BN_bn2hex(rsa_key->d));
+  get_config_string(lookup_config(config_tree, "Name"), &name);
+
+  if(name)
+    asprintf(&filename, "%s/hosts/%s", confbase, name);
+  else
+    asprintf(&filename, "%s/rsa_key.pub", confbase);
+
+  if((f = ask_and_safe_open(filename, _("public RSA key"), "a")) == NULL)
+    return -1;
+
+  if(ftell(f))
+    fprintf(stderr, _("Appending key to existing contents.\nMake sure only one key is stored in the file.\n"));
+
+  PEM_write_RSAPublicKey(f, rsa_key);
+  fclose(f);
+  free(filename);
   
-  fflush(stdin);
+  asprintf(&filename, "%s/rsa_key.priv", confbase);
+  if((f = ask_and_safe_open(filename, _("private RSA key"), "a")) == NULL)
+    return -1;
+
+  if(ftell(f))
+    fprintf(stderr, _("Appending key to existing contents.\nMake sure only one key is stored in the file.\n"));
+
+  PEM_write_RSAPrivateKey(f, rsa_key, NULL, NULL, 0, NULL, NULL);
+  fclose(f);
+  free(filename);
+
   return 0;
 }
 
@@ -247,7 +266,7 @@ void make_names(void)
       if(!confbase)
         asprintf(&confbase, "%s/tinc/%s", CONFDIR, netname);
       else
-        fprintf(stderr, _("Both netname and configuration directory given, using the latter...\n"));
+        syslog(LOG_INFO, _("Both netname and configuration directory given, using the latter..."));
       if(!identname)
         asprintf(&identname, "tinc.%s", netname);
     }
@@ -271,17 +290,13 @@ main(int argc, char **argv, char **envp)
   bindtextdomain (PACKAGE, LOCALEDIR);
   textdomain (PACKAGE);
 
-  /* Do some intl stuff right now */
-  
-  unknown = _("unknown");
-
   environment = envp;
   parse_options(argc, argv, envp);
 
   if(show_version)
     {
       printf(_("%s version %s (built %s %s, protocol %d)\n"), PACKAGE, VERSION, __DATE__, __TIME__, PROT_CURRENT);
-      printf(_("Copyright (C) 1998,1999,2000 Ivo Timmermans, Guus Sliepen and others.\n"
+      printf(_("Copyright (C) 1998-2001 Ivo Timmermans, Guus Sliepen and others.\n"
 	       "See the AUTHORS file for a complete list.\n\n"
 	       "tinc comes with ABSOLUTELY NO WARRANTY.  This is free software,\n"
 	       "and you are welcome to redistribute it under certain conditions;\n"
@@ -295,33 +310,40 @@ main(int argc, char **argv, char **envp)
 
   if(geteuid())
     {
-      fprintf(stderr, _("You must be root to run this program. Sorry.\n"));
+      fprintf(stderr, _("You must be root to run this program.\n"));
       return 1;
     }
 
+#ifdef HAVE_SOLARIS
+  openlog("tinc", LOG_CONS, LOG_DAEMON);        /* Catch all syslog() calls issued before detaching */
+#else  
+  openlog("tinc", LOG_PERROR, LOG_DAEMON);      /* Catch all syslog() calls issued before detaching */
+#endif
+
   g_argv = argv;
 
   make_names();
+  init_configuration(&config_tree);
 
   /* Slllluuuuuuurrrrp! */
-
+cp
   RAND_load_file("/dev/urandom", 1024);
-
+cp
   if(generate_keys)
-    exit(keygen(generate_keys));
-
+    {
+      read_server_config();
+      exit(keygen(generate_keys));
+    }
+    
   if(kill_tincd)
-    exit(kill_other());
+    exit(kill_other(kill_tincd));
 
   if(read_server_config())
-    return 1;
-
+    exit(1);
+cp
   if(detach())
     exit(0);
-
-  if(debug_lvl >= DEBUG_ERROR)
-    ERR_load_crypto_strings();
-    
+cp
   for(;;)
     {
       if(!setup_network_connections())
@@ -335,14 +357,13 @@ main(int argc, char **argv, char **envp)
 
       if(do_detach)
         {
-          syslog(LOG_NOTICE, _("Restarting in %d seconds!"), MAXTIMEOUT);
-          sleep(MAXTIMEOUT);
+          syslog(LOG_NOTICE, _("Restarting in %d seconds!"), maxtimeout);
+          sleep(maxtimeout);
         }
       else
         {
           syslog(LOG_ERR, _("Not restarting."));
-          exit(0);
+          exit(1);
         }
     }
 }
-