X-Git-Url: http://tinc-vpn.org/git/browse?a=blobdiff_plain;f=src%2Fcontrol.c;h=19f074a6a691136b8ea1fa6257085de5a54af929;hb=5a132550deb58473285e5f91705d286aef47be71;hp=2c5d4be847eba078069795c134f4cce929ff2d64;hpb=1065879c8c6e8cdf8d3755024241f31eaabd4138;p=tinc diff --git a/src/control.c b/src/control.c index 2c5d4be8..19f074a6 100644 --- a/src/control.c +++ b/src/control.c @@ -25,6 +25,7 @@ #include "conf.h" #include "control.h" #include "control_common.h" +#include "graph.h" #include "logger.h" #include "xalloc.h" @@ -35,20 +36,21 @@ extern char *controlsocketname; static void handle_control_data(struct bufferevent *event, void *data) { tinc_ctl_request_t req; - size_t size; tinc_ctl_request_t res; struct evbuffer *res_data = NULL; + void *req_data; - if(EVBUFFER_LENGTH(event->input) < sizeof(tinc_ctl_request_t)) + if(EVBUFFER_LENGTH(event->input) < sizeof req) return; /* Copy the structure to ensure alignment */ - memcpy(&req, EVBUFFER_DATA(event->input), sizeof(tinc_ctl_request_t)); + memcpy(&req, EVBUFFER_DATA(event->input), sizeof req); if(EVBUFFER_LENGTH(event->input) < req.length) return; + req_data = EVBUFFER_DATA(event->input) + sizeof req; - if(req.length < sizeof(tinc_ctl_request_t)) + if(req.length < sizeof req) goto failure; memset(&res, 0, sizeof res); @@ -56,7 +58,7 @@ static void handle_control_data(struct bufferevent *event, void *data) { res.id = req.id; res_data = evbuffer_new(); - if (res_data == NULL) { + if(res_data == NULL) { res.res_errno = ENOMEM; goto respond; } @@ -103,6 +105,37 @@ static void handle_control_data(struct bufferevent *event, void *data) { goto respond; } + if(req.type == REQ_SET_DEBUG) { + debug_t new_debug_level; + + logger(LOG_NOTICE, _("Got '%s' command"), "debug"); + if(req.length != sizeof req + sizeof debug_level) + res.res_errno = EINVAL; + else { + memcpy(&new_debug_level, req_data, sizeof new_debug_level); + logger(LOG_NOTICE, _("Changing debug level from %d to %d"), + debug_level, new_debug_level); + if(evbuffer_add_printf(res_data, + _("Changing debug level from %d to %d\n"), + debug_level, new_debug_level) == -1) + res.res_errno = errno; + debug_level = new_debug_level; + } + goto respond; + } + + if(req.type == REQ_RETRY) { + logger(LOG_NOTICE, _("Got '%s' command"), "retry"); + retry(); + goto respond; + } + + if(req.type == REQ_RELOAD) { + logger(LOG_NOTICE, _("Got '%s' command"), "reload"); + res.res_errno = reload_configuration(); + goto respond; + } + logger(LOG_DEBUG, _("Malformed control command received")); res.res_errno = EINVAL; @@ -158,6 +191,7 @@ static void handle_new_control_socket(int fd, short events, void *data) { memset(&greeting, 0, sizeof greeting); greeting.version = TINC_CTL_VERSION_CURRENT; + greeting.pid = getpid(); if(bufferevent_write(ev, &greeting, sizeof greeting) == -1) { logger(LOG_ERR, _("Cannot send greeting for new control connection: %s"), @@ -180,10 +214,11 @@ static int control_compare(const struct event *a, const struct event *b) { bool init_control() { int result; struct sockaddr_un addr; + char *lastslash; if(strlen(controlsocketname) >= sizeof addr.sun_path) { logger(LOG_ERR, _("Control socket filename too long!")); - return false; + goto bail; } memset(&addr, 0, sizeof addr); @@ -194,12 +229,43 @@ bool init_control() { if(control_socket < 0) { logger(LOG_ERR, _("Creating UNIX socket failed: %s"), strerror(errno)); - return false; + goto bail; + } + + /* + * Restrict connections to our control socket by ensuring the parent + * directory can be traversed only by root. Note this is not totally + * race-free unless all ancestors are writable only by trusted users, + * which we don't verify. + */ + + struct stat statbuf; + lastslash = strrchr(controlsocketname, '/'); + if(lastslash != NULL) { + *lastslash = 0; /* temporarily change controlsocketname to be dir */ + if(mkdir(controlsocketname, 0700) < 0 && errno != EEXIST) { + logger(LOG_ERR, _("Unable to create control socket directory %s: %s"), controlsocketname, strerror(errno)); + *lastslash = '/'; + goto bail; + } + + result = stat(controlsocketname, &statbuf); + *lastslash = '/'; + } else + result = stat(".", &statbuf); + + if(result < 0) { + logger(LOG_ERR, _("Examining control socket directory failed: %s"), strerror(errno)); + goto bail; + } + + if(statbuf.st_uid != 0 || (statbuf.st_mode & S_IXOTH) != 0 || (statbuf.st_gid != 0 && (statbuf.st_mode & S_IXGRP)) != 0) { + logger(LOG_ERR, _("Control socket directory ownership/permissions insecure.")); + goto bail; } - //unlink(controlsocketname); result = bind(control_socket, (struct sockaddr *)&addr, sizeof addr); - + if(result < 0 && errno == EADDRINUSE) { result = connect(control_socket, (struct sockaddr *)&addr, sizeof addr); if(result < 0) { @@ -207,33 +273,36 @@ bool init_control() { unlink(controlsocketname); result = bind(control_socket, (struct sockaddr *)&addr, sizeof addr); } else { - close(control_socket); if(netname) logger(LOG_ERR, _("Another tincd is already running for net `%s'."), netname); else logger(LOG_ERR, _("Another tincd is already running.")); - return false; + goto bail; } } if(result < 0) { - logger(LOG_ERR, _("Can't bind to %s: %s\n"), controlsocketname, strerror(errno)); - close(control_socket); - return false; + logger(LOG_ERR, _("Can't bind to %s: %s"), controlsocketname, strerror(errno)); + goto bail; } if(listen(control_socket, 3) < 0) { - logger(LOG_ERR, _("Can't listen on %s: %s\n"), controlsocketname, strerror(errno)); - close(control_socket); - return false; + logger(LOG_ERR, _("Can't listen on %s: %s"), controlsocketname, strerror(errno)); + goto bail; } control_socket_tree = splay_alloc_tree((splay_compare_t)control_compare, (splay_action_t)bufferevent_free); event_set(&control_event, control_socket, EV_READ | EV_PERSIST, handle_new_control_socket, NULL); event_add(&control_event, NULL); - return true; + +bail: + if(control_socket != -1) { + close(control_socket); + control_socket = -1; + } + return false; } void exit_control() {