--- gvpe/src/gvpe.C	2007/12/01 23:35:31	1.12
+++ gvpe/src/gvpe.C	2013/07/13 04:10:29	1.24
@@ -2,23 +2,33 @@
     gvpe.C -- the main file for gvpe
     Copyright (C) 1998-2002 Ivo Timmermans <ivo@o2w.nl>
                   2000-2002 Guus Sliepen <guus@sliepen.eu.org>
-                  2003-2005 Marc Lehmann <gvpe@schmorp.de>
+                  2003-2013 Marc Lehmann <gvpe@schmorp.de>
  
     This file is part of GVPE.
 
-    GVPE is free software; you can redistribute it and/or modify
-    it under the terms of the GNU General Public License as published by
-    the Free Software Foundation; either version 2 of the License, or
-    (at your option) any later version.
- 
-    This program is distributed in the hope that it will be useful,
-    but WITHOUT ANY WARRANTY; without even the implied warranty of
-    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-    GNU General Public License for more details.
- 
-    You should have received a copy of the GNU General Public License
-    along with gvpe; if not, write to the Free Software
-    Foundation, Inc. 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
+    GVPE is free software; you can redistribute it and/or modify it
+    under the terms of the GNU General Public License as published by the
+    Free Software Foundation; either version 3 of the License, or (at your
+    option) any later version.
+   
+    This program is distributed in the hope that it will be useful, but
+    WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General
+    Public License for more details.
+   
+    You should have received a copy of the GNU General Public License along
+    with this program; if not, see <http://www.gnu.org/licenses/>.
+   
+    Additional permission under GNU GPL version 3 section 7
+   
+    If you modify this Program, or any covered work, by linking or
+    combining it with the OpenSSL project's OpenSSL library (or a modified
+    version of that library), containing parts covered by the terms of the
+    OpenSSL or SSLeay licenses, the licensors of this Program grant you
+    additional permission to convey the resulting work.  Corresponding
+    Source for a non-source form of such a combination shall include the
+    source code for the parts of OpenSSL used as well as that of the
+    covered work.
 */
 
 #include "config.h"
@@ -32,6 +42,7 @@
 #include <getopt.h>
 #include <signal.h>
 #include <sys/types.h>
+#include <sys/stat.h>
 #include <unistd.h>
 #include <signal.h>
 #include <termios.h>
@@ -67,15 +78,15 @@
 static int do_detach = 1;
 
 static struct option const long_options[] =
-    {
-      {"config", required_argument, NULL, 'c'},
-      {"help", no_argument, &show_help, 1},
-      {"version", no_argument, &show_version, 1},
-      {"no-detach", no_argument, &do_detach, 0},
-      {"log-level", required_argument, NULL, 'l'},
-      {"mlock", no_argument, &do_mlock, 1},
-      {NULL, 0, NULL, 0}
-    };
+{
+  {"config", required_argument, NULL, 'c'},
+  {"help", no_argument, &show_help, 1},
+  {"version", no_argument, &show_version, 1},
+  {"no-detach", no_argument, &do_detach, 0},
+  {"log-level", required_argument, NULL, 'l'},
+  {"mlock", no_argument, &do_mlock, 1},
+  {NULL, 0, NULL, 0}
+};
 
 static void
 usage (int status)
@@ -89,7 +100,7 @@
               ("  -c, --config=DIR           Read configuration options from DIR.\n"
                "  -D, --no-detach            Don't fork and detach.\n"
                "  -l, --log-level=LEVEL      Set logging level (info, notice, warn are common).\n"
-               "  -L, --mlock                Lock tinc into main memory.\n"
+               "  -L, --mlock                Lock gvpe into main memory.\n"
                "      --help                 Display this help and exit.\n"
                "      --version              Output version information and exit.\n\n"));
       printf (_("Report bugs to <gvpe@schmorp.de>.\n"));
@@ -98,7 +109,7 @@
   exit (status);
 }
 
-void
+static void
 parse_options (int argc, char **argv, char **envp)
 {
   int r;
@@ -141,10 +152,9 @@
     }
 }
 
-/*
-  Close network connections, and terminate neatly
-*/
-void cleanup_and_exit(int c)
+// close network connections, and terminate neatly
+static void
+cleanup_and_exit (int c)
 {
   network.shutdown_all ();
 
@@ -156,35 +166,33 @@
   exit (c);
 }
 
-/*
-  Signal handlers.
-*/
-RETSIGTYPE
+// signal handlers
+static RETSIGTYPE
 sigterm_handler (int a)
 {
   network.events |= vpn::EVENT_SHUTDOWN;
   network.event.start ();
 }
 
-RETSIGTYPE
+static RETSIGTYPE
 sighup_handler (int a)
 {
   network.events |= vpn::EVENT_RECONNECT;
   network.event.start ();
 }
 
-RETSIGTYPE
+static RETSIGTYPE
 sigusr1_handler (int a)
 {
   network.dump_status ();
 }
 
-RETSIGTYPE
+static RETSIGTYPE
 sigusr2_handler (int a)
 {
 }
 
-void
+static void
 setup_signals (void)
 {
   struct sigaction act;
@@ -195,13 +203,58 @@
   act.sa_handler = sighup_handler;  sigaction (SIGHUP , &act, NULL);
   act.sa_handler = sigusr1_handler; sigaction (SIGUSR1, &act, NULL);
   act.sa_handler = sigusr2_handler; sigaction (SIGUSR2, &act, NULL);
-  act.sa_handler = SIG_IGN;         sigaction (SIGCHLD, &act, NULL);
   act.sa_handler = SIG_IGN;         sigaction (SIGPIPE, &act, NULL);
   act.sa_flags = SA_RESETHAND;
   act.sa_handler = sigterm_handler; sigaction (SIGINT , &act, NULL);
   act.sa_handler = sigterm_handler; sigaction (SIGTERM, &act, NULL);
 }
 
+static int rand_fd;
+
+// antique C++ requires external linkage :/
+void
+reseed_rng (ev::timer &w, int revents)
+{
+  char buf [SEED_SIZE];
+  int n = read (rand_fd, buf, sizeof (buf));
+
+  if (n > 0)
+    RAND_seed (buf, n);
+}
+
+static void
+setup_rng (void)
+{
+  if (!*conf.seed_dev)
+    return;
+
+#ifndef O_BINARY
+#  define O_BINARY 0
+#endif
+#ifndef O_NONBLOCK
+#  define O_NONBLOCK 0
+#endif
+
+  rand_fd = open (conf.seed_dev, O_RDONLY | O_NONBLOCK | O_BINARY);
+
+  if (rand_fd < 0)
+    {
+      slog (L_ERR, _("unable to open seed device '%s': %s, exiting."), conf.seed_dev, strerror (errno));
+      exit (EXIT_FAILURE);
+    }
+
+  static ev::timer reseed_timer;
+
+  if (conf.reseed)
+    {
+      reseed_timer.set<reseed_rng> ();
+      reseed_timer.set (conf.reseed, conf.reseed);
+      reseed_timer.start (EV_DEFAULT);
+    }
+
+  reseed_rng (reseed_timer, 0);
+}
+
 int
 main (int argc, char **argv, char **envp)
 {
@@ -226,9 +279,9 @@
               VERSION, __DATE__, __TIME__, PROTOCOL_MAJOR, PROTOCOL_MINOR);
       printf (_("Built with kernel interface %s/%s.\n"), IFTYPE, IFSUBTYPE);
       printf (_
-              ("Copyright (C) 2003 Marc Lehmann <gvpe@schmorp.de> and others.\n"
+              ("Copyright (C) 2003-2011 Marc Lehmann <gvpe@schmorp.de> and others.\n"
                "See the AUTHORS file for a complete list.\n\n"
-               "tinc comes with ABSOLUTELY NO WARRANTY.  This is free software,\n"
+               "GVPE comes with ABSOLUTELY NO WARRANTY.  This is free software,\n"
                "and you are welcome to redistribute it under certain conditions;\n"
                "see the file COPYING for details.\n"));
 
@@ -266,7 +319,7 @@
 
   set_loglevel (llevel != L_NONE ? llevel : conf.llevel);
 
-  RAND_load_file ("/dev/urandom", 1024);
+  setup_rng ();
 
   if (!THISNODE)
     {
@@ -281,12 +334,13 @@
   setup_signals ();
 
   if (!network.setup ())
-    {
-      ev_loop (EV_DEFAULT_ 0);
-      cleanup_and_exit (EXIT_FAILURE);
-    }
+    if (network.drop_privileges ())
+      {
+        ev_run (EV_DEFAULT_ 0);
+        cleanup_and_exit (EXIT_FAILURE);
+      }
 
-  slog (L_ERR, _("unable to setup network, unrecoverable error, exiting."));
+  slog (L_CRIT, _("unrecoverable error while setting up network, exiting."));
   cleanup_and_exit (EXIT_FAILURE);
 }