X-Git-Url: https://tinc-vpn.org/git/browse?p=tinc;a=blobdiff_plain;f=src%2Fcontrol.c;h=98eae804d7cc46b79b0d9448fbadd512d2984618;hp=6a39e02eeca2395aca9f9f2406d394c86fa7cf6d;hb=0c7e0210d900185d4c1a9ffd969dc2a26d9523a9;hpb=f0a57eab4cfd64d4f8261b1885a2072177f9e76b diff --git a/src/control.c b/src/control.c index 6a39e02e..98eae804 100644 --- a/src/control.c +++ b/src/control.c @@ -1,6 +1,6 @@ /* control.c -- Control socket handling. - Copyright (C) 2007 Guus Sliepen + Copyright (C) 2013 Guus Sliepen This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -12,259 +12,213 @@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - - $Id$ + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. */ -#include - #include "system.h" +#include "crypto.h" #include "conf.h" #include "control.h" #include "control_common.h" +#include "graph.h" #include "logger.h" +#include "meta.h" +#include "names.h" +#include "net.h" +#include "netutl.h" +#include "protocol.h" +#include "route.h" +#include "utils.h" #include "xalloc.h" -static int control_socket = -1; -static struct event control_event; -static splay_tree_t *control_socket_tree; -extern char *controlsocketname; - -static void handle_control_data(struct bufferevent *event, void *data) { - tinc_ctl_request_t req; - size_t size; - tinc_ctl_request_t res; - struct evbuffer *res_data = NULL; - void *req_data; - - if(EVBUFFER_LENGTH(event->input) < sizeof(tinc_ctl_request_t)) - return; - - /* Copy the structure to ensure alignment */ - memcpy(&req, EVBUFFER_DATA(event->input), sizeof(tinc_ctl_request_t)); +char controlcookie[65]; - if(EVBUFFER_LENGTH(event->input) < req.length) - return; - req_data = EVBUFFER_DATA(event->input) + sizeof(tinc_ctl_request_t); +static bool control_return(connection_t *c, int type, int error) { + return send_request(c, "%d %d %d", CONTROL, type, error); +} - if(req.length < sizeof(tinc_ctl_request_t)) - goto failure; +static bool control_ok(connection_t *c, int type) { + return control_return(c, type, 0); +} - memset(&res, 0, sizeof res); - res.type = req.type; - res.id = req.id; +bool control_h(connection_t *c, const char *request) { + int type; - res_data = evbuffer_new(); - if (res_data == NULL) { - res.res_errno = ENOMEM; - goto respond; + if(!c->status.control || c->allow_request != CONTROL) { + logger(DEBUG_ALWAYS, LOG_ERR, "Unauthorized control request from %s (%s)", c->name, c->hostname); + return false; } - if(req.type == REQ_STOP) { - logger(LOG_NOTICE, _("Got '%s' command"), "stop"); - event_loopexit(NULL); - goto respond; + if(sscanf(request, "%*d %d", &type) != 1) { + logger(DEBUG_ALWAYS, LOG_ERR, "Got bad %s from %s (%s)", "CONTROL", c->name, c->hostname); + return false; } - if(req.type == REQ_DUMP_NODES) { - logger(LOG_NOTICE, _("Got '%s' command"), "dump nodes"); - res.res_errno = dump_nodes(res_data); - goto respond; - } + switch (type) { + case REQ_STOP: + event_exit(); + return control_ok(c, REQ_STOP); - if(req.type == REQ_DUMP_EDGES) { - logger(LOG_NOTICE, _("Got '%s' command"), "dump edges"); - res.res_errno = dump_edges(res_data); - goto respond; - } + case REQ_DUMP_NODES: + return dump_nodes(c); - if(req.type == REQ_DUMP_SUBNETS) { - logger(LOG_NOTICE, _("Got '%s' command"), "dump subnets"); - res.res_errno = dump_subnets(res_data); - goto respond; - } + case REQ_DUMP_EDGES: + return dump_edges(c); - if(req.type == REQ_DUMP_CONNECTIONS) { - logger(LOG_NOTICE, _("Got '%s' command"), "dump connections"); - res.res_errno = dump_connections(res_data); - goto respond; - } + case REQ_DUMP_SUBNETS: + return dump_subnets(c); - if(req.type == REQ_DUMP_GRAPH) { - logger(LOG_NOTICE, _("Got '%s' command"), "dump graph"); - res.res_errno = dump_graph(res_data); - goto respond; - } + case REQ_DUMP_CONNECTIONS: + return dump_connections(c); - if(req.type == REQ_PURGE) { - logger(LOG_NOTICE, _("Got '%s' command"), "purge"); - purge(); - goto respond; - } + case REQ_PURGE: + purge(); + return control_ok(c, REQ_PURGE); - if(req.type == REQ_SET_DEBUG) { - debug_t new_debug_level; - - logger(LOG_NOTICE, _("Got '%s' command"), "debug"); - if(req.length != sizeof(req) + sizeof debug_level) - res.res_errno = EINVAL; - else { - memcpy(&new_debug_level, req_data, sizeof(debug_t)); - logger(LOG_NOTICE, _("Changing debug level from %d to %d"), - debug_level, new_debug_level); - if(evbuffer_add_printf(res_data, - _("Changing debug level from %d to %d\n"), - debug_level, new_debug_level) == -1) - res.res_errno = errno; - debug_level = new_debug_level; + case REQ_SET_DEBUG: { + int new_level; + if(sscanf(request, "%*d %*d %d", &new_level) != 1) + return false; + send_request(c, "%d %d %d", CONTROL, REQ_SET_DEBUG, debug_level); + if(new_level >= 0) + debug_level = new_level; + return true; } - goto respond; - } - if(req.type == REQ_RETRY) { - logger(LOG_NOTICE, _("Got '%s' command"), "retry"); - retry(); - goto respond; - } + case REQ_RETRY: + retry(); + return control_ok(c, REQ_RETRY); - logger(LOG_DEBUG, _("Malformed control command received")); - res.res_errno = EINVAL; - -respond: - res.length = (sizeof res) - + ((res_data == NULL) ? 0 : EVBUFFER_LENGTH(res_data)); - evbuffer_drain(event->input, req.length); - if(bufferevent_write(event, &res, sizeof res) == -1) - goto failure; - if(res_data != NULL) { - if(bufferevent_write_buffer(event, res_data) == -1) - goto failure; - evbuffer_free(res_data); - } - return; + case REQ_RELOAD: + logger(DEBUG_ALWAYS, LOG_NOTICE, "Got '%s' command", "reload"); + int result = reload_configuration(); + return control_return(c, REQ_RELOAD, result); -failure: - logger(LOG_INFO, _("Closing control socket on error")); - evbuffer_free(res_data); - close(event->ev_read.ev_fd); - splay_delete(control_socket_tree, event); -} + case REQ_DISCONNECT: { + char name[MAX_STRING_SIZE]; + bool found = false; -static void handle_control_error(struct bufferevent *event, short what, void *data) { - if(what & EVBUFFER_EOF) - logger(LOG_DEBUG, _("Control socket connection closed by peer")); - else - logger(LOG_DEBUG, _("Error while reading from control socket: %s"), strerror(errno)); + if(sscanf(request, "%*d %*d " MAX_STRING, name) != 1) + return control_return(c, REQ_DISCONNECT, -1); - close(event->ev_read.ev_fd); - splay_delete(control_socket_tree, event); -} + for list_each(connection_t, other, connection_list) { + if(strcmp(other->name, name)) + continue; + terminate_connection(other, other->edge); + found = true; + } -static void handle_new_control_socket(int fd, short events, void *data) { - int newfd; - struct bufferevent *ev; - tinc_ctl_greeting_t greeting; + return control_return(c, REQ_DISCONNECT, found ? 0 : -2); + } - newfd = accept(fd, NULL, NULL); + case REQ_DUMP_TRAFFIC: + return dump_traffic(c); - if(newfd < 0) { - logger(LOG_ERR, _("Accepting a new connection failed: %s"), strerror(errno)); - event_del(&control_event); - return; - } + case REQ_PCAP: + sscanf(request, "%*d %*d %d", &c->outmaclength); + c->status.pcap = true; + pcap = true; + return true; - ev = bufferevent_new(newfd, handle_control_data, NULL, handle_control_error, NULL); - if(!ev) { - logger(LOG_ERR, _("Could not create bufferevent for new control connection: %s"), strerror(errno)); - close(newfd); - return; + case REQ_LOG: + sscanf(request, "%*d %*d %d", &c->outcompression); + c->status.log = true; + logcontrol = true; + return true; + + default: + return send_request(c, "%d %d", CONTROL, REQ_INVALID); } +} - memset(&greeting, 0, sizeof greeting); - greeting.version = TINC_CTL_VERSION_CURRENT; - if(bufferevent_write(ev, &greeting, sizeof greeting) == -1) { - logger(LOG_ERR, - _("Cannot send greeting for new control connection: %s"), - strerror(errno)); - bufferevent_free(ev); - close(newfd); - return; +bool init_control(void) { + randomize(controlcookie, sizeof controlcookie / 2); + bin2hex(controlcookie, controlcookie, sizeof controlcookie / 2); + + mode_t mask = umask(0); + umask(mask | 077); + FILE *f = fopen(pidfilename, "w"); + umask(mask); + + if(!f) { + logger(DEBUG_ALWAYS, LOG_ERR, "Cannot write control socket cookie file %s: %s", pidfilename, strerror(errno)); + return false; } - bufferevent_enable(ev, EV_READ); - splay_insert(control_socket_tree, ev); + // Get the address and port of the first listening socket - logger(LOG_DEBUG, _("Control socket connection accepted")); -} + char *localhost = NULL; + sockaddr_t sa; + socklen_t len = sizeof sa; -static int control_compare(const struct event *a, const struct event *b) { - return a < b ? -1 : a > b ? 1 : 0; -} + // Make sure we have a valid address, and map 0.0.0.0 and :: to 127.0.0.1 and ::1. -bool init_control() { - int result; - struct sockaddr_un addr; + if(getsockname(listen_socket[0].tcp.fd, (struct sockaddr *)&sa, &len)) { + xasprintf(&localhost, "127.0.0.1 port %s", myport); + } else { + if(sa.sa.sa_family == AF_INET) { + if(sa.in.sin_addr.s_addr == 0) + sa.in.sin_addr.s_addr = htonl(0x7f000001); + } else if(sa.sa.sa_family == AF_INET6) { + static const uint8_t zero[16] = {0}; + if(!memcmp(sa.in6.sin6_addr.s6_addr, zero, sizeof zero)) + sa.in6.sin6_addr.s6_addr[15] = 1; + } - if(strlen(controlsocketname) >= sizeof addr.sun_path) { - logger(LOG_ERR, _("Control socket filename too long!")); - return false; + localhost = sockaddr2hostname(&sa); } - memset(&addr, 0, sizeof addr); - addr.sun_family = AF_UNIX; - strncpy(addr.sun_path, controlsocketname, sizeof addr.sun_path - 1); + fprintf(f, "%d %s %s\n", (int)getpid(), controlcookie, localhost); - control_socket = socket(PF_UNIX, SOCK_STREAM, 0); + free(localhost); + fclose(f); - if(control_socket < 0) { - logger(LOG_ERR, _("Creating UNIX socket failed: %s"), strerror(errno)); +#ifndef HAVE_MINGW + int unix_fd = socket(AF_UNIX, SOCK_STREAM, 0); + if(unix_fd < 0) { + logger(DEBUG_ALWAYS, LOG_ERR, "Could not create UNIX socket: %s", sockstrerror(sockerrno)); return false; } - //unlink(controlsocketname); - result = bind(control_socket, (struct sockaddr *)&addr, sizeof addr); - - if(result < 0 && errno == EADDRINUSE) { - result = connect(control_socket, (struct sockaddr *)&addr, sizeof addr); - if(result < 0) { - logger(LOG_WARNING, _("Removing old control socket.")); - unlink(controlsocketname); - result = bind(control_socket, (struct sockaddr *)&addr, sizeof addr); - } else { - close(control_socket); - if(netname) - logger(LOG_ERR, _("Another tincd is already running for net `%s'."), netname); - else - logger(LOG_ERR, _("Another tincd is already running.")); - return false; - } + struct sockaddr_un sa_un; + sa_un.sun_family = AF_UNIX; + strncpy(sa_un.sun_path, unixsocketname, sizeof sa_un.sun_path); + + if(connect(unix_fd, (struct sockaddr *)&sa_un, sizeof sa_un) >= 0) { + logger(DEBUG_ALWAYS, LOG_ERR, "UNIX socket %s is still in use!", unixsocketname); + return false; } + unlink(unixsocketname); + + umask(mask | 077); + int result = bind(unix_fd, (struct sockaddr *)&sa_un, sizeof sa_un); + umask(mask); + if(result < 0) { - logger(LOG_ERR, _("Can't bind to %s: %s\n"), controlsocketname, strerror(errno)); - close(control_socket); + logger(DEBUG_ALWAYS, LOG_ERR, "Could not bind UNIX socket to %s: %s", unixsocketname, sockstrerror(sockerrno)); return false; } - if(listen(control_socket, 3) < 0) { - logger(LOG_ERR, _("Can't listen on %s: %s\n"), controlsocketname, strerror(errno)); - close(control_socket); + if(listen(unix_fd, 3) < 0) { + logger(DEBUG_ALWAYS, LOG_ERR, "Could not listen on UNIX socket %s: %s", unixsocketname, sockstrerror(sockerrno)); return false; } - control_socket_tree = splay_alloc_tree((splay_compare_t)control_compare, (splay_action_t)bufferevent_free); - - event_set(&control_event, control_socket, EV_READ | EV_PERSIST, handle_new_control_socket, NULL); - event_add(&control_event, NULL); + io_add(&unix_socket, handle_new_unix_connection, &unix_socket, unix_fd, IO_READ); +#endif return true; } -void exit_control() { - event_del(&control_event); - close(control_socket); - unlink(controlsocketname); +void exit_control(void) { +#ifndef HAVE_MINGW + unlink(unixsocketname); + io_del(&unix_socket); + close(unix_socket.fd); +#endif + + unlink(pidfilename); }