diff options
Diffstat (limited to 'one.cpp')
| -rw-r--r-- | one.cpp | 413 |
1 files changed, 352 insertions, 61 deletions
@@ -43,7 +43,16 @@ #include <fcntl.h> #include <sys/types.h> #include <sys/stat.h> +#include <sys/uio.h> +#include <dirent.h> #include <signal.h> +#ifdef __LINUX__ +#include <sys/prctl.h> +#include <sys/syscall.h> +#include <sys/wait.h> +#include <linux/capability.h> +#include <linux/securebits.h> +#endif #endif #include <string> @@ -58,6 +67,8 @@ #include "node/CertificateOfMembership.hpp" #include "node/Utils.hpp" #include "node/NetworkController.hpp" +#include "node/Buffer.hpp" +#include "node/World.hpp" #include "osdep/OSUtils.hpp" #include "osdep/Http.hpp" @@ -110,6 +121,9 @@ static void cliPrintHelp(const char *pn,FILE *out) fprintf(out," join <network> - Join a network" ZT_EOL_S); fprintf(out," leave <network> - Leave a network" ZT_EOL_S); fprintf(out," set <network> <setting> - Set a network setting" ZT_EOL_S); + fprintf(out," listmoons - List moons (federated root sets)" ZT_EOL_S); + fprintf(out," orbit <world ID> <seed> - Join a moon via any member root" ZT_EOL_S); + fprintf(out," deorbit <world ID> - Leave a moon" ZT_EOL_S); } static std::string cliFixJsonCRs(const std::string &s) @@ -285,7 +299,7 @@ static int cli(int argc,char **argv) nlohmann::json j; try { - j = nlohmann::json::parse(responseBody); + j = OSUtils::jsonParse(responseBody); } catch (std::exception &exc) { printf("%u %s invalid JSON response (%s)" ZT_EOL_S,scode,command.c_str(),exc.what()); return 1; @@ -295,14 +309,16 @@ static int cli(int argc,char **argv) } if (scode == 200) { - std::ostringstream out; if (json) { - out << j.dump(2) << ZT_EOL_S; + printf("%s" ZT_EOL_S,OSUtils::jsonDump(j).c_str()); } else { - if (j.is_object()) - out << "200 info " << j["address"].get<std::string>() << " " << j["version"].get<std::string>() << " " << ((j["tcpFallbackActive"]) ? "TUNNELED" : ((j["online"]) ? "ONLINE" : "OFFLINE")) << ZT_EOL_S; + if (j.is_object()) { + printf("200 info %s %s %s" ZT_EOL_S, + OSUtils::jsonString(j["address"],"-").c_str(), + OSUtils::jsonString(j["version"],"-").c_str(), + ((j["tcpFallbackActive"]) ? "TUNNELED" : ((j["online"]) ? "ONLINE" : "OFFLINE"))); + } } - printf("%s",out.str().c_str()); return 0; } else { printf("%u %s %s" ZT_EOL_S,scode,command.c_str(),responseBody.c_str()); @@ -313,7 +329,7 @@ static int cli(int argc,char **argv) nlohmann::json j; try { - j = nlohmann::json::parse(responseBody); + j = OSUtils::jsonParse(responseBody); } catch (std::exception &exc) { printf("%u %s invalid JSON response (%s)" ZT_EOL_S,scode,command.c_str(),exc.what()); return 1; @@ -323,24 +339,24 @@ static int cli(int argc,char **argv) } if (scode == 200) { - std::ostringstream out; if (json) { - out << j.dump(2) << ZT_EOL_S; + printf("%s" ZT_EOL_S,OSUtils::jsonDump(j).c_str()); } else { - out << "200 listpeers <ztaddr> <path> <latency> <version> <role>" << ZT_EOL_S; + printf("200 listpeers <ztaddr> <path> <latency> <version> <role>" ZT_EOL_S); if (j.is_array()) { for(unsigned long k=0;k<j.size();++k) { - auto &p = j[k]; + nlohmann::json &p = j[k]; std::string bestPath; - auto paths = p["paths"]; + nlohmann::json &paths = p["paths"]; if (paths.is_array()) { for(unsigned long i=0;i<paths.size();++i) { - auto &path = paths[i]; + nlohmann::json &path = paths[i]; if (path["preferred"]) { char tmp[256]; std::string addr = path["address"]; const uint64_t now = OSUtils::now(); - Utils::snprintf(tmp,sizeof(tmp),"%s;%llu;%llu",addr.c_str(),now - (uint64_t)path["lastSend"],now - (uint64_t)path["lastReceive"]); + const double lq = (path.count("linkQuality")) ? (double)path["linkQuality"] : -1.0; + Utils::snprintf(tmp,sizeof(tmp),"%s;%llu;%llu;%1.2f",addr.c_str(),now - (uint64_t)path["lastSend"],now - (uint64_t)path["lastReceive"],lq); bestPath = tmp; break; } @@ -357,11 +373,15 @@ static int cli(int argc,char **argv) ver[0] = '-'; ver[1] = (char)0; } - out << "200 listpeers " << p["address"].get<std::string>() << " " << bestPath << " " << p["latency"] << " " << ver << " " << p["role"].get<std::string>() << ZT_EOL_S; + printf("200 listpeers %s %s %d %s %s" ZT_EOL_S, + OSUtils::jsonString(p["address"],"-").c_str(), + bestPath.c_str(), + (int)OSUtils::jsonInt(p["latency"],0), + ver, + OSUtils::jsonString(p["role"],"-").c_str()); } } } - printf("%s",out.str().c_str()); return 0; } else { printf("%u %s %s" ZT_EOL_S,scode,command.c_str(),responseBody.c_str()); @@ -372,7 +392,7 @@ static int cli(int argc,char **argv) nlohmann::json j; try { - j = nlohmann::json::parse(responseBody); + j = OSUtils::jsonParse(responseBody); } catch (std::exception &exc) { printf("%u %s invalid JSON response (%s)" ZT_EOL_S,scode,command.c_str(),exc.what()); return 1; @@ -382,35 +402,38 @@ static int cli(int argc,char **argv) } if (scode == 200) { - std::ostringstream out; if (json) { - out << j.dump(2) << ZT_EOL_S; + printf("%s" ZT_EOL_S,OSUtils::jsonDump(j).c_str()); } else { - out << "200 listnetworks <nwid> <name> <mac> <status> <type> <dev> <ZT assigned ips>" << ZT_EOL_S; + printf("200 listnetworks <nwid> <name> <mac> <status> <type> <dev> <ZT assigned ips>" ZT_EOL_S); if (j.is_array()) { for(unsigned long i=0;i<j.size();++i) { - auto &n = j[i]; + nlohmann::json &n = j[i]; if (n.is_object()) { std::string aa; - auto &assignedAddresses = n["assignedAddresses"]; + nlohmann::json &assignedAddresses = n["assignedAddresses"]; if (assignedAddresses.is_array()) { for(unsigned long j=0;j<assignedAddresses.size();++j) { - auto &addr = assignedAddresses[j]; + nlohmann::json &addr = assignedAddresses[j]; if (addr.is_string()) { if (aa.length() > 0) aa.push_back(','); - aa.append(addr); + aa.append(addr.get<std::string>()); } } } if (aa.length() == 0) aa = "-"; - std::string name = n["name"]; - if (name.length() == 0) name = "-"; - out << "200 listnetworks " << n["nwid"].get<std::string>() << " " << name << " " << n["mac"].get<std::string>() << " " << n["status"].get<std::string>() << " " << n["type"].get<std::string>() << " " << n["portDeviceName"].get<std::string>() << " " << aa << ZT_EOL_S; + printf("200 listnetworks %s %s %s %s %s %s %s" ZT_EOL_S, + OSUtils::jsonString(n["nwid"],"-").c_str(), + OSUtils::jsonString(n["name"],"-").c_str(), + OSUtils::jsonString(n["mac"],"-").c_str(), + OSUtils::jsonString(n["status"],"-").c_str(), + OSUtils::jsonString(n["type"],"-").c_str(), + OSUtils::jsonString(n["portDeviceName"],"-").c_str(), + aa.c_str()); } } } } - printf("%s",out.str().c_str()); return 0; } else { printf("%u %s %s" ZT_EOL_S,scode,command.c_str(),responseBody.c_str()); @@ -468,6 +491,75 @@ static int cli(int argc,char **argv) printf("%u %s %s" ZT_EOL_S,scode,command.c_str(),responseBody.c_str()); return 1; } + } else if (command == "listmoons") { + const unsigned int scode = Http::GET(1024 * 1024 * 16,60000,(const struct sockaddr *)&addr,"/moon",requestHeaders,responseHeaders,responseBody); + + nlohmann::json j; + try { + j = OSUtils::jsonParse(responseBody); + } catch (std::exception &exc) { + printf("%u %s invalid JSON response (%s)" ZT_EOL_S,scode,command.c_str(),exc.what()); + return 1; + } catch ( ... ) { + printf("%u %s invalid JSON response (unknown exception)" ZT_EOL_S,scode,command.c_str()); + return 1; + } + + if (scode == 200) { + printf("%s" ZT_EOL_S,OSUtils::jsonDump(j).c_str()); + return 0; + } else { + printf("%u %s %s" ZT_EOL_S,scode,command.c_str(),responseBody.c_str()); + return 1; + } + } else if (command == "orbit") { + const uint64_t worldId = Utils::hexStrToU64(arg1.c_str()); + const uint64_t seed = Utils::hexStrToU64(arg2.c_str()); + if ((worldId)&&(seed)) { + char jsons[1024]; + Utils::snprintf(jsons,sizeof(jsons),"{\"seed\":\"%s\"}",arg2.c_str()); + char cl[128]; + Utils::snprintf(cl,sizeof(cl),"%u",(unsigned int)strlen(jsons)); + requestHeaders["Content-Type"] = "application/json"; + requestHeaders["Content-Length"] = cl; + unsigned int scode = Http::POST( + 1024 * 1024 * 16, + 60000, + (const struct sockaddr *)&addr, + (std::string("/moon/") + arg1).c_str(), + requestHeaders, + jsons, + (unsigned long)strlen(jsons), + responseHeaders, + responseBody); + if (scode == 200) { + printf("200 orbit OK" ZT_EOL_S); + return 0; + } else { + printf("%u %s %s" ZT_EOL_S,scode,command.c_str(),responseBody.c_str()); + return 1; + } + } + } else if (command == "deorbit") { + unsigned int scode = Http::DEL( + 1024 * 1024 * 16, + 60000, + (const struct sockaddr *)&addr, + (std::string("/moon/") + arg1).c_str(), + requestHeaders, + responseHeaders, + responseBody); + if (scode == 200) { + if (json) { + printf("%s",cliFixJsonCRs(responseBody).c_str()); + } else { + printf("200 deorbit OK" ZT_EOL_S); + } + return 0; + } else { + printf("%u %s %s" ZT_EOL_S,scode,command.c_str(),responseBody.c_str()); + return 1; + } } else if (command == "set") { if (arg1.length() != 16) { cliPrintHelp(argv[0],stderr); @@ -491,7 +583,7 @@ static int cli(int argc,char **argv) (std::string("/network/") + arg1).c_str(), requestHeaders, jsons, - strlen(jsons), + (unsigned long)strlen(jsons), responseHeaders, responseBody); if (scode == 200) { @@ -533,7 +625,8 @@ static void idtoolPrintHelp(FILE *out,const char *pn) fprintf(out," getpublic <identity.secret>" ZT_EOL_S); fprintf(out," sign <identity.secret> <file>" ZT_EOL_S); fprintf(out," verify <identity.secret/public> <file> <signature>" ZT_EOL_S); - fprintf(out," mkcom <identity.secret> [<id,value,maxDelta> ...] (hexadecimal integers)" ZT_EOL_S); + fprintf(out," initmoon <identity.public of first seed>" ZT_EOL_S); + fprintf(out," genmoon <moon json>" ZT_EOL_S); } static Identity getIdFromArg(char *arg) @@ -568,7 +661,7 @@ static int idtool(int argc,char **argv) int vanityBits = 0; if (argc >= 5) { vanity = Utils::hexStrToU64(argv[4]) & 0xffffffffffULL; - vanityBits = 4 * strlen(argv[4]); + vanityBits = 4 * (int)strlen(argv[4]); if (vanityBits > 40) vanityBits = 40; } @@ -678,34 +771,93 @@ static int idtool(int argc,char **argv) fprintf(stderr,"%s signature check FAILED" ZT_EOL_S,argv[3]); return 1; } - } else if (!strcmp(argv[1],"mkcom")) { + } else if (!strcmp(argv[1],"initmoon")) { if (argc < 3) { idtoolPrintHelp(stdout,argv[0]); - return 1; - } + } else { + const Identity id = getIdFromArg(argv[2]); + if (!id) { + fprintf(stderr,"%s is not a valid identity" ZT_EOL_S,argv[2]); + return 1; + } - Identity id = getIdFromArg(argv[2]); - if ((!id)||(!id.hasPrivate())) { - fprintf(stderr,"Identity argument invalid, does not include private key, or file unreadable: %s" ZT_EOL_S,argv[2]); - return 1; + C25519::Pair kp(C25519::generate()); + + nlohmann::json mj; + mj["objtype"] = "world"; + mj["worldType"] = "moon"; + mj["updatesMustBeSignedBy"] = mj["signingKey"] = Utils::hex(kp.pub.data,(unsigned int)kp.pub.size()); + mj["signingKey_SECRET"] = Utils::hex(kp.priv.data,(unsigned int)kp.priv.size()); + mj["id"] = id.address().toString(); + nlohmann::json seedj; + seedj["identity"] = id.toString(false); + seedj["stableEndpoints"] = nlohmann::json::array(); + (mj["roots"] = nlohmann::json::array()).push_back(seedj); + std::string mjd(OSUtils::jsonDump(mj)); + + printf("%s" ZT_EOL_S,mjd.c_str()); } + } else if (!strcmp(argv[1],"genmoon")) { + if (argc < 3) { + idtoolPrintHelp(stdout,argv[0]); + } else { + std::string buf; + if (!OSUtils::readFile(argv[2],buf)) { + fprintf(stderr,"cannot read %s" ZT_EOL_S,argv[2]); + return 1; + } + nlohmann::json mj(OSUtils::jsonParse(buf)); + + const uint64_t id = Utils::hexStrToU64(OSUtils::jsonString(mj["id"],"0").c_str()); + if (!id) { + fprintf(stderr,"ID in %s is invalid" ZT_EOL_S,argv[2]); + return 1; + } - CertificateOfMembership com; - for(int a=3;a<argc;++a) { - std::vector<std::string> params(Utils::split(argv[a],",","","")); - if (params.size() == 3) { - uint64_t qId = Utils::hexStrToU64(params[0].c_str()); - uint64_t qValue = Utils::hexStrToU64(params[1].c_str()); - uint64_t qMaxDelta = Utils::hexStrToU64(params[2].c_str()); - com.setQualifier(qId,qValue,qMaxDelta); + World::Type t; + if (mj["worldType"] == "moon") { + t = World::TYPE_MOON; + } else if (mj["worldType"] == "planet") { + t = World::TYPE_PLANET; + } else { + fprintf(stderr,"invalid worldType" ZT_EOL_S); + return 1; } - } - if (!com.sign(id)) { - fprintf(stderr,"Signature of certificate of membership failed." ZT_EOL_S); - return 1; - } - printf("%s",com.toString().c_str()); + C25519::Pair signingKey; + C25519::Public updatesMustBeSignedBy; + Utils::unhex(OSUtils::jsonString(mj["signingKey"],""),signingKey.pub.data,(unsigned int)signingKey.pub.size()); + Utils::unhex(OSUtils::jsonString(mj["signingKey_SECRET"],""),signingKey.priv.data,(unsigned int)signingKey.priv.size()); + Utils::unhex(OSUtils::jsonString(mj["updatesMustBeSignedBy"],""),updatesMustBeSignedBy.data,(unsigned int)updatesMustBeSignedBy.size()); + + std::vector<World::Root> roots; + nlohmann::json &rootsj = mj["roots"]; + if (rootsj.is_array()) { + for(unsigned long i=0;i<(unsigned long)rootsj.size();++i) { + nlohmann::json &r = rootsj[i]; + if (r.is_object()) { + roots.push_back(World::Root()); + roots.back().identity = Identity(OSUtils::jsonString(r["identity"],"")); + nlohmann::json &stableEndpointsj = r["stableEndpoints"]; + if (stableEndpointsj.is_array()) { + for(unsigned long k=0;k<(unsigned long)stableEndpointsj.size();++k) + roots.back().stableEndpoints.push_back(InetAddress(OSUtils::jsonString(stableEndpointsj[k],""))); + std::sort(roots.back().stableEndpoints.begin(),roots.back().stableEndpoints.end()); + } + } + } + } + std::sort(roots.begin(),roots.end()); + + const uint64_t now = OSUtils::now(); + World w(World::make(t,id,now,updatesMustBeSignedBy,roots,signingKey)); + Buffer<ZT_WORLD_MAX_SERIALIZED_LENGTH> wbuf; + w.serialize(wbuf); + char fn[128]; + Utils::snprintf(fn,sizeof(fn),"%.16llx.moon",w.id()); + OSUtils::writeFile(fn,wbuf.data(),wbuf.size()); + printf("wrote %s (signed world with timestamp %llu)" ZT_EOL_S,fn,(unsigned long long)now); + } } else { idtoolPrintHelp(stdout,argv[0]); return 1; @@ -731,6 +883,147 @@ static void _sighandlerQuit(int sig) } #endif +// Drop privileges on Linux, if supported by libc etc. and "zerotier-one" user exists on system +#ifdef __LINUX__ +#ifndef PR_CAP_AMBIENT +#define PR_CAP_AMBIENT 47 +#define PR_CAP_AMBIENT_IS_SET 1 +#define PR_CAP_AMBIENT_RAISE 2 +#define PR_CAP_AMBIENT_LOWER 3 +#define PR_CAP_AMBIENT_CLEAR_ALL 4 +#endif +#define ZT_LINUX_USER "zerotier-one" +#define ZT_HAVE_DROP_PRIVILEGES 1 +namespace { + +// libc doesn't export capset, it is instead located in libcap +// We ignore libcap and call it manually. +struct cap_header_struct { + __u32 version; + int pid; +}; +struct cap_data_struct { + __u32 effective; + __u32 permitted; + __u32 inheritable; +}; +static inline int _zt_capset(cap_header_struct* hdrp, cap_data_struct* datap) { return syscall(SYS_capset, hdrp, datap); } + +static void _notDropping(const char *procName,const std::string &homeDir) +{ + struct stat buf; + if (lstat(homeDir.c_str(),&buf) < 0) { + if (buf.st_uid != 0 || buf.st_gid != 0) { + fprintf(stderr, "%s: FATAL: failed to drop privileges and can't run as root since privileges were previously dropped (home directory not owned by root)" ZT_EOL_S,procName); + exit(1); + } + } + fprintf(stderr, "%s: WARNING: failed to drop privileges (kernel may not support required prctl features), running as root" ZT_EOL_S,procName); +} + +static int _setCapabilities(int flags) +{ + cap_header_struct capheader = {_LINUX_CAPABILITY_VERSION_1, 0}; + cap_data_struct capdata; + capdata.inheritable = capdata.permitted = capdata.effective = flags; + return _zt_capset(&capheader, &capdata); +} + +static void _recursiveChown(const char *path,uid_t uid,gid_t gid) +{ + struct dirent de; + struct dirent *dptr; + lchown(path,uid,gid); + DIR *d = opendir(path); + if (!d) + return; + dptr = (struct dirent *)0; + for(;;) { + if (readdir_r(d,&de,&dptr) != 0) + break; + if (!dptr) + break; + if ((strcmp(dptr->d_name,".") != 0)&&(strcmp(dptr->d_name,"..") != 0)&&(strlen(dptr->d_name) > 0)) { + std::string p(path); + p.push_back(ZT_PATH_SEPARATOR); + p.append(dptr->d_name); + _recursiveChown(p.c_str(),uid,gid); // will just fail and return on regular files + } + } + closedir(d); +} + +static void dropPrivileges(const char *procName,const std::string &homeDir) +{ + if (getuid() != 0) + return; + + // dropPrivileges switches to zerotier-one user while retaining CAP_NET_ADMIN + // and CAP_NET_RAW capabilities. + struct passwd *targetUser = getpwnam(ZT_LINUX_USER); + if (!targetUser) + return; + + if (prctl(PR_CAP_AMBIENT, PR_CAP_AMBIENT_IS_SET, CAP_NET_RAW, 0, 0) < 0) { + // Kernel has no support for ambient capabilities. + _notDropping(procName,homeDir); + return; + } + if (prctl(PR_SET_SECUREBITS, SECBIT_KEEP_CAPS | SECBIT_NOROOT) < 0) { + _notDropping(procName,homeDir); + return; + } + + // Change ownership of our home directory if everything looks good (does nothing if already chown'd) + _recursiveChown(homeDir.c_str(),targetUser->pw_uid,targetUser->pw_gid); + + if (_setCapabilities((1 << CAP_NET_ADMIN) | (1 << CAP_NET_RAW) | (1 << CAP_SETUID) | (1 << CAP_SETGID)) < 0) { + _notDropping(procName,homeDir); + return; + } + + int oldDumpable = prctl(PR_GET_DUMPABLE); + if (prctl(PR_SET_DUMPABLE, 0) < 0) { + // Disable ptracing. Otherwise there is a small window when previous + // compromised ZeroTier process could ptrace us, when we still have CAP_SETUID. + // (this is mitigated anyway on most distros by ptrace_scope=1) + fprintf(stderr,"%s: FATAL: prctl(PR_SET_DUMPABLE) failed while attempting to relinquish root permissions" ZT_EOL_S,procName); + exit(1); + } + + // Relinquish root + if (setgid(targetUser->pw_gid) < 0) { + perror("setgid"); + exit(1); + } + if (setuid(targetUser->pw_uid) < 0) { + perror("setuid"); + exit(1); + } + + if (_setCapabilities((1 << CAP_NET_ADMIN) | (1 << CAP_NET_RAW)) < 0) { + fprintf(stderr,"%s: FATAL: unable to drop capabilities after relinquishing root" ZT_EOL_S,procName); + exit(1); + } + + if (prctl(PR_SET_DUMPABLE, oldDumpable) < 0) { + fprintf(stderr,"%s: FATAL: prctl(PR_SET_DUMPABLE) failed while attempting to relinquish root permissions" ZT_EOL_S,procName); + exit(1); + } + + if (prctl(PR_CAP_AMBIENT, PR_CAP_AMBIENT_RAISE, CAP_NET_ADMIN, 0, 0) < 0) { + fprintf(stderr,"%s: FATAL: prctl(PR_CAP_AMBIENT,PR_CAP_AMBIENT_RAISE,CAP_NET_ADMIN) failed while attempting to relinquish root permissions" ZT_EOL_S,procName); + exit(1); + } + if (prctl(PR_CAP_AMBIENT, PR_CAP_AMBIENT_RAISE, CAP_NET_RAW, 0, 0) < 0) { + fprintf(stderr,"%s: FATAL: prctl(PR_CAP_AMBIENT,PR_CAP_AMBIENT_RAISE,CAP_NET_RAW) failed while attempting to relinquish root permissions" ZT_EOL_S,procName); + exit(1); + } +} + +} // anonymous namespace +#endif // __LINUX__ + /****************************************************************************/ /* Windows helper functions and signal handlers */ /****************************************************************************/ @@ -893,14 +1186,11 @@ static void printHelp(const char *cn,FILE *out) fprintf(out, COPYRIGHT_NOTICE ZT_EOL_S LICENSE_GRANT ZT_EOL_S); - std::string updateUrl(OneService::autoUpdateUrl()); - if (updateUrl.length()) - fprintf(out,"Automatic updates enabled:" ZT_EOL_S" %s" ZT_EOL_S" (all updates are securely authenticated by 256-bit ECDSA signature)" ZT_EOL_S"" ZT_EOL_S,updateUrl.c_str()); fprintf(out,"Usage: %s [-switches] [home directory]" ZT_EOL_S"" ZT_EOL_S,cn); fprintf(out,"Available switches:" ZT_EOL_S); fprintf(out," -h - Display this help" ZT_EOL_S); fprintf(out," -v - Show version" ZT_EOL_S); - fprintf(out," -U - Run as unprivileged user (skip privilege check)" ZT_EOL_S); + fprintf(out," -U - Skip privilege check and do not attempt to drop privileges" ZT_EOL_S); fprintf(out," -p<port> - Port for UDP and TCP/HTTP (default: 9993, 0 for random)" ZT_EOL_S); #ifdef __UNIX_LIKE__ @@ -1071,7 +1361,7 @@ int main(int argc,char **argv) fprintf(stderr,"%s: no home path specified and no platform default available" ZT_EOL_S,argv[0]); return 1; } else { - std::vector<std::string> hpsp(Utils::split(homeDir.c_str(),ZT_PATH_SEPARATOR_S,"","")); + std::vector<std::string> hpsp(OSUtils::split(homeDir.c_str(),ZT_PATH_SEPARATOR_S,"","")); std::string ptmp; if (homeDir[0] == ZT_PATH_SEPARATOR) ptmp.push_back(ZT_PATH_SEPARATOR); @@ -1141,6 +1431,11 @@ int main(int argc,char **argv) #endif // __WINDOWS__ #ifdef __UNIX_LIKE__ + +#ifdef ZT_HAVE_DROP_PRIVILEGES + dropPrivileges(argv[0],homeDir); +#endif + std::string pidPath(homeDir + ZT_PATH_SEPARATOR_S + ZT_PID_PATH); { // Write .pid file to home folder @@ -1182,9 +1477,5 @@ int main(int argc,char **argv) delete zt1Service; zt1Service = (OneService *)0; -#ifdef __UNIX_LIKE__ - OSUtils::rm(pidPath.c_str()); -#endif - return returnValue; } |