ced4c1a327
Using the tinc command, an administrator of an existing VPN can generate invitations for new nodes. The invitation is a small URL that can easily be copy&pasted into email or live chat. Another person can have tinc automatically setup the necessary configuration files and exchange keys with the server, by only using the invitation URL. The invitation protocol uses temporary ECDSA keys. The invitation URL consists of the hostname and port of the server, a hash of the server's temporary ECDSA key and a cookie. When the client wants to accept an invitation, it also creates a temporary ECDSA key, connects to the server and says it wants to accept an invitation. Both sides exchange their temporary keys. The client verifies that the server's key matches the hash in the invitation URL. After setting up an SPTPS connection using the temporary keys, the client gives the cookie to the server. If the cookie is valid, the server sends the client an invitation file containing the client's new name and a copy of the server's host config file. If everything is ok, the client will generate a long-term ECDSA key and send it to the server, which will add it to a new host config file for the client. The invitation protocol currently allows multiple host config files to be send from the server to the client. However, the client filters out most configuration variables for its own host configuration file. In particular, it only accepts Name, Mode, Broadcast, ConnectTo, Subnet and AutoConnect. Also, at the moment no tinc-up script is generated. When an invitation has succesfully been accepted, the client needs to start the tinc daemon manually.
80 lines
2.5 KiB
Text
80 lines
2.5 KiB
Text
_tinc() {
|
|
local cur prev opts confvars commands nets
|
|
COMPREPLY=()
|
|
cur="${COMP_WORDS[COMP_CWORD]}"
|
|
prev="${COMP_WORDS[COMP_CWORD-1]}"
|
|
opts="-c -d -D -K -n -o -L -R -U --config --no-detach --debug --net --option --mlock --logfile --pidfile --chroot --user --help --version"
|
|
confvars="Address AddressFamily BindToAddress BindToInterface Broadcast Cipher ClampMSS Compression ConnectTo DecrementTTL Device DeviceType Digest DirectOnly ECDSAPrivateKeyFile ECDSAPublicKey ECDSAPublicKeyFile ExperimentalProtocol Forwarding GraphDumpFile Hostnames IffOneQueue IndirectData Interface KeyExpire LocalDiscovery MACExpire MACLength MaxOutputBufferSize MaxTimeout Mode Name PMTU PMTUDiscovery PingInterval PingTimeout Port PriorityInheritance PrivateKeyFile ProcessPriority Proxy PublicKeyFile ReplayWindow StrictSubnets Subnet TCPOnly TunnelServer UDPRcvBuf UDPSndBuf VDEGroup VDEPort Weight"
|
|
commands="add connect debug del disconnect dump edit export export-all generate-ecdsa-keys generate-keys generate-rsa-keys get help import info init invite join log pcap pid purge reload restart retry set start stop top version"
|
|
|
|
case ${prev} in
|
|
-c|--config)
|
|
compopt -o dirnames 2>/dev/null
|
|
return 0
|
|
;;
|
|
-n|--net)
|
|
nets=""
|
|
pushd /etc/tinc >/dev/null 2>/dev/null
|
|
for dir in *; do
|
|
if [[ -f "$dir/tinc.conf" ]]; then
|
|
nets="$nets $dir"
|
|
fi
|
|
done
|
|
popd >/dev/null 2>/dev/null
|
|
COMPREPLY=( $(compgen -W "${nets}" -- ${cur}) )
|
|
return 0
|
|
;;
|
|
-o|--option)
|
|
compopt -o nospace
|
|
COMPREPLY=( $(compgen -W "${confvars}" -- ${cur}) )
|
|
if [[ ${#COMPREPLY[*]} == 1 ]] ; then
|
|
COMPREPLY=$COMPREPLY=
|
|
fi
|
|
return 0
|
|
;;
|
|
-U|--user)
|
|
COMPREPLY=( $(compgen -u ${cur}) )
|
|
return 0
|
|
;;
|
|
--logfile|--pidfile)
|
|
compopt -o filenames 2>/dev/null
|
|
COMPREPLY=( $(compgen -f ${cur}) )
|
|
return 0
|
|
esac
|
|
if [[ ${cur} == -* ]] ; then
|
|
COMPREPLY=( $(compgen -W "${opts}" -- ${cur}) )
|
|
return 0
|
|
fi
|
|
if [[ $1 == "d" ]]; then
|
|
if [[ -z ${cur} ]] ; then
|
|
COMPREPLY=( $(compgen -W "${opts}" -- ${cur}) )
|
|
fi
|
|
return 0
|
|
fi
|
|
COMPREPLY=( $(compgen -W "${commands}" -- ${cur}) )
|
|
case $prev in
|
|
get|set|add|del)
|
|
COMPREPLY=( $(compgen -W "${confvars}" -- ${cur}) )
|
|
return 0
|
|
;;
|
|
dump|reachable)
|
|
COMPREPLY=( $(compgen -W "reachable nodes edges subnets connections graph" -- ${cur}) )
|
|
return 0
|
|
;;
|
|
esac
|
|
if [[ -z ${cur} ]] ; then
|
|
COMPREPLY=( $(compgen -W "${opts} ${commands}" -- ${cur}) )
|
|
fi
|
|
return 0
|
|
}
|
|
|
|
_tincd() {
|
|
_tinc d;
|
|
}
|
|
|
|
_tincctl() {
|
|
_tinc ctl;
|
|
}
|
|
|
|
complete -F _tincd tincd
|
|
complete -F _tincctl tinc
|