/*
control.c -- Control socket handling.
- Copyright (C) 2007 Guus Sliepen <guus@tinc-vpn.org>
+ Copyright (C) 2013 Guus Sliepen <guus@tinc-vpn.org>
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
- You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-
- $Id$
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write to the Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
-#include <sys/un.h>
-
#include "system.h"
+#include "crypto.h"
#include "conf.h"
#include "control.h"
+#include "control_common.h"
+#include "graph.h"
#include "logger.h"
+#include "meta.h"
+#include "names.h"
+#include "net.h"
+#include "netutl.h"
+#include "protocol.h"
+#include "route.h"
+#include "utils.h"
#include "xalloc.h"
-static int control_socket = -1;
-static struct event control_event;
-static splay_tree_t *control_socket_tree;
-extern char *controlfilename;
+char controlcookie[65];
+
+static bool control_return(connection_t *c, int type, int error) {
+ return send_request(c, "%d %d %d", CONTROL, type, error);
+}
+
+static bool control_ok(connection_t *c, int type) {
+ return control_return(c, type, 0);
+}
-static void handle_control_data(int fd, short events, void *event) {
- char buf[MAXBUFSIZE];
- size_t inlen;
+bool control_h(connection_t *c, const char *request) {
+ int type;
- inlen = read(fd, buf, sizeof buf);
+ if(!c->status.control || c->allow_request != CONTROL) {
+ logger(DEBUG_ALWAYS, LOG_ERR, "Unauthorized control request from %s (%s)", c->name, c->hostname);
+ return false;
+ }
- if(inlen <= 0) {
- logger(LOG_DEBUG, _("Closing control socket"));
- event_del(event);
- splay_delete(control_socket_tree, event);
- close(fd);
+ if(sscanf(request, "%*d %d", &type) != 1) {
+ logger(DEBUG_ALWAYS, LOG_ERR, "Got bad %s from %s (%s)", "CONTROL", c->name, c->hostname);
+ return false;
+ }
+
+ switch (type) {
+ case REQ_STOP:
+ event_exit();
+ return control_ok(c, REQ_STOP);
+
+ case REQ_DUMP_NODES:
+ return dump_nodes(c);
+
+ case REQ_DUMP_EDGES:
+ return dump_edges(c);
+
+ case REQ_DUMP_SUBNETS:
+ return dump_subnets(c);
+
+ case REQ_DUMP_CONNECTIONS:
+ return dump_connections(c);
+
+ case REQ_PURGE:
+ purge();
+ return control_ok(c, REQ_PURGE);
+
+ case REQ_SET_DEBUG: {
+ int new_level;
+ if(sscanf(request, "%*d %*d %d", &new_level) != 1)
+ return false;
+ send_request(c, "%d %d %d", CONTROL, REQ_SET_DEBUG, debug_level);
+ if(new_level >= 0)
+ debug_level = new_level;
+ return true;
+ }
+
+ case REQ_RETRY:
+ retry();
+ return control_ok(c, REQ_RETRY);
+
+ case REQ_RELOAD:
+ logger(DEBUG_ALWAYS, LOG_NOTICE, "Got '%s' command", "reload");
+ int result = reload_configuration();
+ return control_return(c, REQ_RELOAD, result);
+
+ case REQ_DISCONNECT: {
+ char name[MAX_STRING_SIZE];
+ bool found = false;
+
+ if(sscanf(request, "%*d %*d " MAX_STRING, name) != 1)
+ return control_return(c, REQ_DISCONNECT, -1);
+
+ for list_each(connection_t, other, connection_list) {
+ if(strcmp(other->name, name))
+ continue;
+ terminate_connection(other, other->status.active);
+ found = true;
+ }
+
+ return control_return(c, REQ_DISCONNECT, found ? 0 : -2);
+ }
+
+ case REQ_DUMP_TRAFFIC:
+ return dump_traffic(c);
+
+ case REQ_PCAP:
+ sscanf(request, "%*d %*d %d", &c->outmaclength);
+ c->status.pcap = true;
+ pcap = true;
+ return true;
+
+ case REQ_LOG:
+ sscanf(request, "%*d %*d %d", &c->outcompression);
+ c->status.log = true;
+ logcontrol = true;
+ return true;
+
+ default:
+ return send_request(c, "%d %d", CONTROL, REQ_INVALID);
}
}
-static void handle_new_control_socket(int fd, short events, void *data) {
- int newfd;
- struct event *ev;
+bool init_control(void) {
+ randomize(controlcookie, sizeof controlcookie / 2);
+ bin2hex(controlcookie, controlcookie, sizeof controlcookie / 2);
- newfd = accept(fd, NULL, NULL);
+ mode_t mask = umask(0);
+ umask(mask | 077);
+ FILE *f = fopen(pidfilename, "w");
+ umask(mask);
- if(newfd < 0) {
- logger(LOG_ERR, _("Accepting a new connection failed: %s"), strerror(errno));
- event_del(&control_event);
- return;
+ if(!f) {
+ logger(DEBUG_ALWAYS, LOG_ERR, "Cannot write control socket cookie file %s: %s", pidfilename, strerror(errno));
+ return false;
}
- ev = xmalloc(sizeof *ev);
- event_set(ev, newfd, EV_READ | EV_PERSIST, handle_control_data, ev);
- event_add(ev, NULL);
- splay_insert(control_socket_tree, ev);
-
- logger(LOG_DEBUG, _("Control socket connection accepted"));
-}
+ // Get the address and port of the first listening socket
-static int control_compare(const struct event *a, const struct event *b) {
- return a < b ? -1 : a > b ? 1 : 0;
-}
+ char *localhost = NULL;
+ sockaddr_t sa;
+ socklen_t len = sizeof sa;
-void init_control() {
- struct sockaddr_un addr;
+ // Make sure we have a valid address, and map 0.0.0.0 and :: to 127.0.0.1 and ::1.
- control_socket_tree = splay_alloc_tree((splay_compare_t)control_compare, (splay_action_t)free);
+ if(getsockname(listen_socket[0].tcp.fd, (struct sockaddr *)&sa, &len)) {
+ xasprintf(&localhost, "127.0.0.1 port %s", myport);
+ } else {
+ if(sa.sa.sa_family == AF_INET) {
+ if(sa.in.sin_addr.s_addr == 0)
+ sa.in.sin_addr.s_addr = htonl(0x7f000001);
+ } else if(sa.sa.sa_family == AF_INET6) {
+ static const uint8_t zero[16] = {0};
+ if(!memcmp(sa.in6.sin6_addr.s6_addr, zero, sizeof zero))
+ sa.in6.sin6_addr.s6_addr[15] = 1;
+ }
- if(strlen(controlfilename) >= sizeof addr.sun_path) {
- logger(LOG_ERR, _("Control socket filename too long!"));
- return;
+ localhost = sockaddr2hostname(&sa);
}
- memset(&addr, 0, sizeof addr);
- addr.sun_family = AF_UNIX;
- strncpy(addr.sun_path, controlfilename, sizeof addr.sun_path - 1);
+ fprintf(f, "%d %s %s\n", (int)getpid(), controlcookie, localhost);
+
+ free(localhost);
+ fclose(f);
+
+#ifndef HAVE_MINGW
+ int unix_fd = socket(AF_UNIX, SOCK_STREAM, 0);
+ if(unix_fd < 0) {
+ logger(DEBUG_ALWAYS, LOG_ERR, "Could not create UNIX socket: %s", sockstrerror(errno));
+ return false;
+ }
- control_socket = socket(PF_UNIX, SOCK_STREAM, 0);
+ struct sockaddr_un sun;
+ sun.sun_family = AF_UNIX;
+ strncpy(sun.sun_path, unixsocketname, sizeof sun.sun_path);
- if(control_socket < 0) {
- logger(LOG_ERR, _("Creating UNIX socket failed: %s"), strerror(errno));
- return;
+ if(connect(unix_fd, (struct sockaddr *)&sun, sizeof sun) >= 0) {
+ logger(DEBUG_ALWAYS, LOG_ERR, "UNIX socket %s is still in use!", unixsocketname);
+ return false;
}
- unlink(controlfilename);
- if(bind(control_socket, (struct sockaddr *)&addr, sizeof addr) < 0) {
- logger(LOG_ERR, _("Can't bind to %s: %s\n"), controlfilename, strerror(errno));
- close(control_socket);
- return;
+ unlink(unixsocketname);
+
+ umask(mask | 077);
+ int result = bind(unix_fd, (struct sockaddr *)&sun, sizeof sun);
+ umask(mask);
+
+ if(result < 0) {
+ logger(DEBUG_ALWAYS, LOG_ERR, "Could not bind UNIX socket to %s: %s", unixsocketname, sockstrerror(errno));
+ return false;
}
- if(listen(control_socket, 3) < 0) {
- logger(LOG_ERR, _("Can't listen on %s: %s\n"), controlfilename, strerror(errno));
- close(control_socket);
- return;
+ if(listen(unix_fd, 3) < 0) {
+ logger(DEBUG_ALWAYS, LOG_ERR, "Could not listen on UNIX socket %s: %s", unixsocketname, sockstrerror(errno));
+ return false;
}
- event_set(&control_event, control_socket, EV_READ | EV_PERSIST, handle_new_control_socket, NULL);
- event_add(&control_event, NULL);
+ io_add(&unix_socket, handle_new_unix_connection, &unix_socket, unix_fd, IO_READ);
+#endif
+
+ return true;
}
-void exit_control() {
- if(control_socket >= 0) {
- event_del(&control_event);
- close(control_socket);
- }
+void exit_control(void) {
+#ifndef HAVE_MINGW
+ unlink(unixsocketname);
+ io_del(&unix_socket);
+ close(unix_socket.fd);
+#endif
+
+ unlink(pidfilename);
}