#include "subnet.h"
#include "keys.h"
#include "random.h"
+#include "sandbox.h"
#include "pidfile.h"
#include "console.h"
#endif
#ifndef DISABLE_LEGACY
" legacy_protocol"
+#endif
+#ifdef HAVE_SANDBOX
+ " sandbox"
#endif
"\n\n"
"Copyright (C) 1998-2018 Ivo Timmermans, Guus Sliepen and others.\n"
static void sigint_handler(int sig) {
(void)sig;
- fprintf(stderr, "\n");
+ if(write(2, "\n", 1) < 0) {
+ // nothing we can do
+ }
+
shutdown(fd, SHUT_RDWR);
}
#endif
{"ProcessPriority", VAR_SERVER},
{"Proxy", VAR_SERVER},
{"ReplayWindow", VAR_SERVER | VAR_SAFE},
+ {"Sandbox", VAR_SERVER},
{"ScriptsExtension", VAR_SERVER},
{"ScriptsInterpreter", VAR_SERVER},
{"StrictSubnets", VAR_SERVER | VAR_SAFE},
char filename[PATH_MAX];
if(node) {
- if((size_t)snprintf(filename, sizeof(filename), "%s" SLASH "%s", hosts_dir, node) >= sizeof(filename)) {
- fprintf(stderr, "Filename too long: %s" SLASH "%s\n", hosts_dir, node);
- free(node);
- return 1;
- }
+ size_t wrote = (size_t)snprintf(filename, sizeof(filename), "%s" SLASH "%s", hosts_dir, node);
if(node != line) {
free(node);
node = NULL;
}
+
+ if(wrote >= sizeof(filename)) {
+ fprintf(stderr, "Filename too long: %s" SLASH "%s\n", hosts_dir, node);
+ return 1;
+ }
+
} else {
snprintf(filename, sizeof(filename), "%s", tinc_conf);
}
return 0;
}
+static bool makedir(const char *path, mode_t mode) {
+ if(mkdir(path, mode) && errno != EEXIST) {
+ fprintf(stderr, "Could not create directory %s: %s\n", path, strerror(errno));
+ return false;
+ }
+
+ return true;
+}
+
+bool makedirs(tincd_dir_t dirs) {
+ if(dirs & DIR_CONFBASE && !makedir(confbase, 0777)) {
+ return false;
+ }
+
+ if(dirs & DIR_CONFDIR && !confbase_given && !makedir(confdir, 0755)) {
+ return false;
+ }
+
+ if(dirs & DIR_HOSTS && !makedir(hosts_dir, 0777)) {
+ return false;
+ }
+
+ char path[PATH_MAX];
+
+ if(dirs & DIR_INVITATIONS) {
+ snprintf(path, sizeof(path), "%s" SLASH "invitations", confbase);
+
+ if(!makedir(path, 0700)) {
+ return false;
+ }
+ }
+
+ if(dirs & DIR_CACHE) {
+ snprintf(path, sizeof(path), "%s" SLASH "%s", confbase, "cache");
+
+ if(!makedir(path, 0755)) {
+ return false;
+ }
+ }
+
+ return true;
+}
+
static int cmd_init(int argc, char *argv[]) {
if(!access(tinc_conf, F_OK)) {
fprintf(stderr, "Configuration file %s already exists!\n", tinc_conf);
return 1;
}
- if(!confbase_given && mkdir(confdir, 0755) && errno != EEXIST) {
- fprintf(stderr, "Could not create directory %s: %s\n", confdir, strerror(errno));
- return 1;
- }
-
- if(mkdir(confbase, 0777) && errno != EEXIST) {
- fprintf(stderr, "Could not create directory %s: %s\n", confbase, strerror(errno));
- return 1;
- }
-
- if(mkdir(hosts_dir, 0777) && errno != EEXIST) {
- fprintf(stderr, "Could not create directory %s: %s\n", hosts_dir, strerror(errno));
- return 1;
+ if(!makedirs(DIR_HOSTS | DIR_CONFBASE | DIR_CONFDIR | DIR_CACHE)) {
+ return false;
}
FILE *f = fopen(tinc_conf, "w");
if(first) {
first = false;
} else {
- printf("#---------------------------------------------------------------#\n");
+ printf("\n#---------------------------------------------------------------#\n");
}
result |= export(ent->d_name, stdout);
crypto_init();
prng_init();
+ sandbox_set_level(SANDBOX_NORMAL);
+ sandbox_enter();
+
int result = run_command(argc, argv);
random_exit();