summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorBenjamin Cohen <bencoh@notk.org>2019-07-15 16:36:47 +0200
committerBenjamin Cohen <bencoh@notk.org>2019-07-15 16:40:45 +0200
commit0128072ff592abe6fd70bb7fbdf86a818ba3ef57 (patch)
treeae434efcd83f5d339c4bf7a2e41090d651a6d7f8
parent1250fff1f58ce1a081509ce862be32c8f0842665 (diff)
Add AppendHostFile server option.wheezy-1.1
By default tinc 1.1 appends learned Ed25519 pubkeys to host files. The new AppendHostFile server option allows disabling it.
-rw-r--r--bash_completion.d/tinc2
-rw-r--r--doc/tinc.conf.5.in4
-rw-r--r--src/conf.c4
-rw-r--r--src/tincctl.c1
4 files changed, 10 insertions, 1 deletions
diff --git a/bash_completion.d/tinc b/bash_completion.d/tinc
index 575f412a..6be0dccb 100644
--- a/bash_completion.d/tinc
+++ b/bash_completion.d/tinc
@@ -4,7 +4,7 @@ _tinc() {
cur="${COMP_WORDS[COMP_CWORD]}"
prev="${COMP_WORDS[COMP_CWORD-1]}"
opts="-c -d -D -K -n -o -L -R -U --config --no-detach --debug --net --option --mlock --logfile --pidfile --chroot --user --help --version"
- confvars="Address AddressFamily BindToAddress BindToInterface Broadcast BroadcastSubnet Cipher ClampMSS Compression ConnectTo DecrementTTL Device DeviceStandby DeviceType Digest DirectOnly Ed25519PrivateKeyFile Ed25519PublicKey Ed25519PublicKeyFile ExperimentalProtocol Forwarding FWMark GraphDumpFile Hostnames IffOneQueue IndirectData Interface InvitationExpire KeyExpire ListenAddress LocalDiscovery MACExpire MACLength MaxOutputBufferSize MaxTimeout Mode MTUInfoInterval Name PMTU PMTUDiscovery PingInterval PingTimeout Port PriorityInheritance PrivateKeyFile ProcessPriority Proxy PublicKeyFile ReplayWindow StrictSubnets Subnet TCPOnly TunnelServer UDPDiscovery UDPDiscoveryKeepaliveInterval UDPDiscoveryInterval UDPDiscoveryTimeout UDPInfoInterval UDPRcvBuf UDPSndBuf UPnP UPnPDiscoverWait UPnPRefreshPeriod VDEGroup VDEPort Weight"
+ confvars="Address AddressFamily AppendHostFile BindToAddress BindToInterface Broadcast BroadcastSubnet Cipher ClampMSS Compression ConnectTo DecrementTTL Device DeviceStandby DeviceType Digest DirectOnly Ed25519PrivateKeyFile Ed25519PublicKey Ed25519PublicKeyFile ExperimentalProtocol Forwarding FWMark GraphDumpFile Hostnames IffOneQueue IndirectData Interface InvitationExpire KeyExpire ListenAddress LocalDiscovery MACExpire MACLength MaxOutputBufferSize MaxTimeout Mode MTUInfoInterval Name PMTU PMTUDiscovery PingInterval PingTimeout Port PriorityInheritance PrivateKeyFile ProcessPriority Proxy PublicKeyFile ReplayWindow StrictSubnets Subnet TCPOnly TunnelServer UDPDiscovery UDPDiscoveryKeepaliveInterval UDPDiscoveryInterval UDPDiscoveryTimeout UDPInfoInterval UDPRcvBuf UDPSndBuf UPnP UPnPDiscoverWait UPnPRefreshPeriod VDEGroup VDEPort Weight"
commands="add connect debug del disconnect dump edit export export-all generate-ed25519-keys generate-keys generate-rsa-keys get help import info init invite join list log network pcap pid purge reload restart retry set sign start stop top verify version"
case ${prev} in
diff --git a/doc/tinc.conf.5.in b/doc/tinc.conf.5.in
index a907e5fc..9c9a158a 100644
--- a/doc/tinc.conf.5.in
+++ b/doc/tinc.conf.5.in
@@ -114,6 +114,10 @@ If
.Qq any
is selected, then depending on the operating system both IPv4 and IPv6 or just
IPv6 listening sockets will be created.
+.It Va AppendHostFile Li = yes | no Po no Pc Bq custom
+If set to no,
+.Nm tinc
+will not append learned node keys to host files.
.It Va AutoConnect Li = yes | no Pq yes
If set to yes,
.Nm tinc
diff --git a/src/conf.c b/src/conf.c
index a33bdfea..34b423d9 100644
--- a/src/conf.c
+++ b/src/conf.c
@@ -454,7 +454,11 @@ bool read_host_config(splay_tree_t *config_tree, const char *name, bool verbose)
bool append_config_file(const char *name, const char *key, const char *value) {
char fname[PATH_MAX];
+ bool append;
snprintf(fname, sizeof(fname), "%s" SLASH "hosts" SLASH "%s", confbase, name);
+ if (get_config_bool(lookup_config(config_tree, "AppendHostFile"), &append) && !append) {
+ return false;
+ }
FILE *fp = fopen(fname, "a");
diff --git a/src/tincctl.c b/src/tincctl.c
index 08f30189..eec7332c 100644
--- a/src/tincctl.c
+++ b/src/tincctl.c
@@ -1724,6 +1724,7 @@ ecdsa_t *get_pubkey(FILE *f) {
const var_t variables[] = {
/* Server configuration */
{"AddressFamily", VAR_SERVER | VAR_SAFE},
+ {"AppendHostFile", VAR_SERVER | VAR_SAFE},
{"AutoConnect", VAR_SERVER | VAR_SAFE},
{"BindToAddress", VAR_SERVER | VAR_MULTIPLE},
{"BindToInterface", VAR_SERVER},