Commit graph

2519 commits

Author SHA1 Message Date
Guus Sliepen
2faf3e91af Add two more test scripts. 2013-09-05 15:36:37 +02:00
Guus Sliepen
6242b68242 Fix multicast device. 2013-09-05 14:51:13 +02:00
Guus Sliepen
09b5a3c020 Exit value 1 instead of a random non-zero value. 2013-09-05 14:50:10 +02:00
Guus Sliepen
bdbb710060 Add a test for invite and join commands. 2013-09-02 00:15:50 +02:00
Guus Sliepen
566ef6bcba Also test whether tinc daemons can connect to each other after import/export. 2013-09-02 00:15:18 +02:00
Guus Sliepen
796c14b75c Slightly relax the connection rate limit for a single address.
The restriction of accepting only 1 connection per second from a single address
is a bit too much, especially if one wants to join a VPN using an invitation,
which requires two connections.
2013-09-02 00:11:04 +02:00
Guus Sliepen
933f7f7526 Send a RELOAD to a running tincd when a new invitation key has been generated. 2013-09-01 22:59:51 +02:00
Guus Sliepen
4e7e4818b7 Clean up leftover tincd and sptps_test processes. 2013-09-01 22:59:24 +02:00
Guus Sliepen
b00a6d0666 Fix tincd logfile location when running tests. 2013-09-01 21:55:16 +02:00
Etienne Dechamps
c179dd0fc8 Fix broken build with --with-openssl, --with-libgcrypt.
When --with-openssl is used, $openssl is set to the specified path.
Unfortunately, that confuses the OPENSSL conditional which expects it to
be set to "true". The result is that the contents of the openssl/
directory are not built when --with-openssl is used, resulting in
undefined references and a broken build.

In addition, there is a typo in the GCRYPT conditional definition
("grypt" instead of "gcrypt") which means GCRYPT never gets set,
(presumably) breaking builds using libgcrypt.

These regressions were introduced in
9b9230a0a7.
2013-09-01 21:24:59 +02:00
Guus Sliepen
a4e49f4566 Add test for import, export and exchange commands. 2013-09-01 21:07:02 +02:00
Guus Sliepen
2cd8e2b8e8 Small fixes for tests. 2013-09-01 21:06:25 +02:00
Guus Sliepen
09cd7ac62a Make sptps_test more easy to work with.
It now defers reading from stdin until after the authentication phase is
completed.  Furthermore, it supports the -q, -r, -w options similar to those of
Jürgen Nickelsen's socket.
2013-09-01 16:02:49 +02:00
Guus Sliepen
1cdb0c21d4 Some shells set $_ to an absolute path. 2013-09-01 15:40:59 +02:00
Guus Sliepen
05a7f0b2fb Start of a test suite. 2013-09-01 12:48:31 +02:00
Guus Sliepen
d01ab07f78 Allow testing the replay window with sptps_test. 2013-08-30 14:23:02 +02:00
Guus Sliepen
ccbf70b66f Fix the replay window in SPTPS. 2013-08-30 14:22:05 +02:00
Guus Sliepen
c7752ca73e Fix CTR mode. 2013-08-30 13:43:23 +02:00
Guus Sliepen
d0aa0817d2 Add an option to test datagram SPTPS with packet loss. 2013-08-30 13:04:14 +02:00
Guus Sliepen
5da0ebd421 When generating invitations, handle any order of Port and Adress statements. 2013-08-28 14:24:07 +02:00
Guus Sliepen
f0e11cd2c5 Call WSAStartup() in main().
The tinc utility defered calling WSAStartup() until it tried to connect to a
running tinc daemon. However, socket functions are now also used for other
things (like joining another VPN using an invitation). Now we just
unconditionally call WSAStartup() early in main().
2013-08-27 21:19:50 +02:00
Guus Sliepen
82575bd44d Tell invited node about Mode and Broadcast settings.
Since these settings really should be the same for all nodes in a VPN.
2013-08-24 00:48:24 +02:00
Guus Sliepen
57991e2642 Use PATHEXT when checking for the presence of scripts on Windows.
It seems like a lot of overhead to call access() for every possible extension
defined in PATHEXT, but apparently this is what Windows does itself too. At
least this avoids calling system() when the script one is looking for does not
exist at all.

Since the tinc utility also needs to call scripts, execute_script() is now
split off into its own source file.
2013-08-23 21:23:46 +02:00
Guus Sliepen
21184674b3 Execute scripts when invitations are created or accepted. 2013-08-21 00:24:55 +02:00
Guus Sliepen
9699f08afc Ensure the invitation filenames do not reveal the secret cookie.
Since filenames could potentially leak to unprivileged users (for example,
because of locatedb), it should not contain the cookie used for invitations.
Instead, tinc now uses the hash of the cookie and the invitation key as the
filename to store pending invitations in.
2013-08-20 23:09:36 +02:00
Guus Sliepen
5dec1c2571 Let a server explicitly send a notification when the invitation protocol succeeded. 2013-08-20 22:36:31 +02:00
Guus Sliepen
c798f73093 Use our own infrastructure for finding out the local node's externally visible host name. 2013-08-20 22:18:01 +02:00
Guus Sliepen
160b7cb5e3 Resolve the local host name before generating the invitation file. 2013-08-20 16:47:07 +02:00
Guus Sliepen
65f5e8fba4 Bind outgoing sockets again.
Commit cff5a84 removed the feature of binding outgoing TCP sockets to a local
address. We now call bind() again, but only if there is exactly one listening
socket with the same address family as the destination address of the outgoing
socket.
2013-08-18 23:55:40 +02:00
Guus Sliepen
0c54f36553 Remove broadcast of KEY_CHANGED message during tinc's initialization. 2013-08-18 22:43:55 +02:00
Guus Sliepen
09b0b49b98 Fix order of tincd's initialization.
The order in which tinc initialized things was not completely correct. Now, it
is done as follows:

- Load and parse configuration files.
- Create all TCP and UDP listening sockets.
- Create PID file and UNIX socket.
- Run the tinc-up script.
- Drop privileges.
- Start outgoing connections.
- Run the main loop.

The PID file can only be created correctly if the listening sockets have been
set up ,as it includes the address and port of the first listening socket. The
tinc-up script has to be run after the PID file and UNIX socket have been
created so it can change their permissions if necessary. Outgoing connections
should only be started right before the main loop, because this is not really
part of the initialization.
2013-08-18 22:35:27 +02:00
Guus Sliepen
8f84244458 Don't force a .bat extension for scripts under Windows. 2013-08-18 18:20:41 +02:00
Guus Sliepen
b180c1af99 Create UNIX socket at the same time as the PID file is created.
The PID file was created before tinc-up was called, but the UNIX socket was
created afterwards, which meant one could not change the UNIX socket's owner or
permissions from the tinc-up script.
2013-08-18 17:02:49 +02:00
Guus Sliepen
707914e0e4 Remove texi2html rule in docs/Makefile.
According to Debian, texi2html is deprecated and makeinfo --html should be used
instead. Automake already provides a html target that invokes makeinfo.
2013-08-14 16:20:32 +02:00
Guus Sliepen
5e50a56dd9 Stop using EXTRA_DIST in src/Makefile.am.
Automake finds the files in the subdirectories of src/ now that they are
properly declared in the _SOURCES variables. Using EXTRA_DIST would now cause
.o files to be included in the tarball.
2013-08-14 16:17:12 +02:00
Guus Sliepen
60e7749428 Releasing 1.1pre8. 2013-08-13 22:05:43 +02:00
Guus Sliepen
6aa864baa6 Don't typedef the same struct in two header files.
Some (older?) versions of GCC don't like this.
2013-08-13 20:40:40 +02:00
Guus Sliepen
5e00a24e1f Update copyright notices. 2013-08-13 20:38:57 +02:00
Guus Sliepen
a61d3d1c0b Build .tar.gz instead of .tar.xz.
Only FreeBSD's tar supports xz compression, the other BSDs do not. NetBSD doesn't even
like bzip2.
2013-08-13 20:37:55 +02:00
Guus Sliepen
2df534808d Move .h files from noinst_HEADERS to tincd_SOURCES.
This is the recommended way according to the Automake manual.
2013-08-13 20:35:48 +02:00
Guus Sliepen
de8e6bf452 Don't echo broadcast packets back when Broadcast = direct. 2013-08-08 17:40:15 +02:00
Guus Sliepen
81c7120320 Fix a typo. 2013-08-02 23:51:55 +02:00
Guus Sliepen
76c90e1639 Non-zero exit code when reloading config file fails after SIGHUP.
When reloading the configuration file via the tinc command, the user will get
an error message if reloading has failed. However, no such warning exists when
sending a HUP signal. Previously, tincd would exit in both cases, but with a
zero exit code. Now it will exit with code 1 when reloading fails after a
SIGHUP, but tincd will keep running if it is signaled via the tinc command.
Instead, the tinc command will exit with a non-zero exit code.
2013-08-02 23:50:44 +02:00
Guus Sliepen
f3a2bed063 Really retry outgoing connections immediately if requested.
The retry() function would only abort connections that were in progress of
being made, it wouldn't reschedule the outgoing connections that had been
sleeping.
2013-08-02 20:53:54 +02:00
Guus Sliepen
1e7d1cd3c7 Clean up the SIGINT handler. 2013-08-02 20:50:19 +02:00
Guus Sliepen
a38e0d6213 Use umask() to set file and UNIX socket permissions without race conditions.
As mentioned by Erik Tews, calling fchmod() after fopen() leaves a small window
for exploits. As long as tinc is single-threaded, we can use umask() instead to
reduce file permissions. This also works when creating the AF_UNIX control socket.

The umask of the user running tinc(d) is used for most files, except for the
private keys, invitation files, PID file and control socket.
2013-08-02 19:28:34 +02:00
Guus Sliepen
a1f4f14c6c Defer handling netname conflicts when accepting an invitation.
In case no explicit netname of configuration directory is specified when
accepting an invitation, the netname specified in the invitation data is
used. However, this new netname is only known after making the connection
to the server. If the new netname conflicts with an existing one at the
client, we ask the user for a netname that doesn't conflict. However, we
should first finish accepting the invitation, so we don't run into the
problem that the server times out and cancels the invitation. So, we create
a random netname and store the files there, and only after we finish
accepting the invitation we ask the user for a better netname, and then
just rename the temporary directory to the final name.
2013-07-26 15:48:52 +02:00
Guus Sliepen
d47c79533f Make absolutely sure we can write config files before accepting an invitation. 2013-07-26 15:44:05 +02:00
Guus Sliepen
37cca72e6c Choose a different Port when 655 isn't available when doing "tinc join". 2013-07-26 14:53:36 +02:00
Guus Sliepen
8f2db4afdd Choose a different Port when 655 isn't available when doing "tinc init".
If port 655 cannot be bound to when using the init command, tinc will try to
find a random port number that can be bound to, and will add the appropriate
Port variable to its host config file. A warning will be printed as well.
2013-07-26 14:17:15 +02:00