Disables encryption and authentication.
Only useful for debugging.
+@item -R, --chroot
+Change process root directory to the directory where the config file is
+located (@file{@value{sysconfdir}/tinc/@var{netname}/} as determined by
+-n/--net option or as given by -c/--config option), for added security.
+The chroot is performed after all the initialization is done, after
+writing pid files and opening network sockets.
+
+Note that this option alone does not do any good without -U/--user, below.
+
+Note also that tinc can't run scripts anymore (such as tinc-down or host-up),
+unless it's setup to be runnable inside chroot environment.
+
+@item -U, --user=@var{user}
+Switch to the given @var{user} after initialization, at the same time as
+chroot is performed (see --chroot above). With this option tinc drops
+privileges, for added security.
+
@item --help
Display a short reminder of these runtime options and terminate.
#include LZO1X_H
+#ifndef HAVE_MINGW
+#include <pwd.h>
+#include <grp.h>
+#include <time.h>
+#endif
+
#include <getopt.h>
#include "pidfile.h"
/* If nonzero, disable swapping for this process. */
bool do_mlock = false;
+/* If nonzero, chroot to netdir after startup. */
+static bool do_chroot = false;
+
+/* If !NULL, do setuid to given user after startup */
+static const char *switchuser = NULL;
+
/* If nonzero, write log entries to a separate file. */
bool use_logfile = false;
{"debug", optional_argument, NULL, 'd'},
{"bypass-security", no_argument, NULL, 3},
{"mlock", no_argument, NULL, 'L'},
+ {"chroot", no_argument, NULL, 'R'},
+ {"user", required_argument, NULL, 'U'},
{"logfile", optional_argument, NULL, 4},
{"pidfile", required_argument, NULL, 5},
{NULL, 0, NULL, 0}
" -L, --mlock Lock tinc into main memory.\n"
" --logfile[=FILENAME] Write log entries to a logfile.\n"
" --pidfile=FILENAME Write PID to FILENAME.\n"
+ " -R, --chroot chroot to NET dir at startup.\n"
+ " -U, --user=USER setuid to given USER at startup.\n"
" --help Display this help and exit.\n"
" --version Output version information and exit.\n\n"));
printf(_("Report bugs to tinc@tinc-vpn.org.\n"));
int r;
int option_index = 0;
- while((r = getopt_long(argc, argv, "c:DLd::k::n:K::", long_options, &option_index)) != EOF) {
+ while((r = getopt_long(argc, argv, "c:DLd::k::n:K::RU:", long_options, &option_index)) != EOF) {
switch (r) {
case 0: /* long option */
break;
generate_keys = 1024;
break;
+ case 'R': /* chroot to NETNAME dir */
+ do_chroot = true;
+ break;
+
+ case 'U': /* setuid to USER */
+ switchuser = optarg;
+ break;
+
case 1: /* show help */
show_help = true;
break;
if (confbase) free(confbase);
}
+static bool drop_privs() {
+#ifdef HAVE_MINGW
+ if (switchuser) {
+ logger(LOG_ERR, _("%s not supported on this platform"), "-U");
+ return false;
+ }
+ if (do_chroot) {
+ logger(LOG_ERR, _("%s not supported on this platform"), "-R");
+ return false;
+ }
+#else
+ uid_t uid = 0;
+ if (switchuser) {
+ struct passwd *pw = getpwnam(switchuser);
+ if (!pw) {
+ logger(LOG_ERR, _("unknown user `%s'"), switchuser);
+ return false;
+ }
+ uid = pw->pw_uid;
+ if (initgroups(switchuser, pw->pw_gid) != 0 ||
+ setgid(pw->pw_gid) != 0) {
+ logger(LOG_ERR, _("%s failed"), "initgroups()");
+ return false;
+ }
+ endgrent();
+ endpwent();
+ }
+ if (do_chroot) {
+ tzset(); /* for proper timestamps in logs */
+ if (chroot(confbase) != 0 || chdir(".") != 0) {
+ logger(LOG_ERR, _("%s failed"), "chroot()");
+ return false;
+ }
+ free(confbase);
+ confbase = xstrdup("");
+ }
+ if (switchuser)
+ if (setuid(uid) != 0) {
+ logger(LOG_ERR, _("%s failed"), "setuid()");
+ return false;
+ }
+#endif
+ return true;
+}
+
int main(int argc, char **argv)
{
program_name = argv[0];
if(!setup_network())
goto end;
+ /* drop privileges */
+ if (!drop_privs())
+ goto end;
+
/* Initiate all outgoing connections. */
try_outgoing_connections();
exit_configuration(&config_tree);
free_names();
-
+
return status;
}
projects / oweals / tinc.git / commitdiff