X-Git-Url: https://tinc-vpn.org/git/browse?p=tinc;a=blobdiff_plain;f=src%2Fcontrol.c;h=98eae804d7cc46b79b0d9448fbadd512d2984618;hp=86224c29f46d82ccdd0f42f3b8990296d19ba3a0;hb=0c7e0210d900185d4c1a9ffd969dc2a26d9523a9;hpb=36623e15a1c8685e5d8730345c1a7f9c93710fef diff --git a/src/control.c b/src/control.c index 86224c29..98eae804 100644 --- a/src/control.c +++ b/src/control.c @@ -1,6 +1,6 @@ /* control.c -- Control socket handling. - Copyright (C) 2007 Guus Sliepen + Copyright (C) 2013 Guus Sliepen This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -25,16 +25,15 @@ #include "graph.h" #include "logger.h" #include "meta.h" +#include "names.h" #include "net.h" #include "netutl.h" #include "protocol.h" #include "route.h" -#include "splay_tree.h" #include "utils.h" #include "xalloc.h" char controlcookie[65]; -extern char *pidfilename; static bool control_return(connection_t *c, int type, int error) { return send_request(c, "%d %d %d", CONTROL, type, error); @@ -44,27 +43,27 @@ static bool control_ok(connection_t *c, int type) { return control_return(c, type, 0); } -bool control_h(connection_t *c, char *request) { +bool control_h(connection_t *c, const char *request) { int type; if(!c->status.control || c->allow_request != CONTROL) { - logger(LOG_ERR, "Unauthorized control request from %s (%s)", c->name, c->hostname); + logger(DEBUG_ALWAYS, LOG_ERR, "Unauthorized control request from %s (%s)", c->name, c->hostname); return false; } if(sscanf(request, "%*d %d", &type) != 1) { - logger(LOG_ERR, "Got bad %s from %s (%s)", "CONTROL", c->name, c->hostname); + logger(DEBUG_ALWAYS, LOG_ERR, "Got bad %s from %s (%s)", "CONTROL", c->name, c->hostname); return false; } switch (type) { case REQ_STOP: - event_loopexit(NULL); + event_exit(); return control_ok(c, REQ_STOP); case REQ_DUMP_NODES: return dump_nodes(c); - + case REQ_DUMP_EDGES: return dump_edges(c); @@ -93,25 +92,21 @@ bool control_h(connection_t *c, char *request) { return control_ok(c, REQ_RETRY); case REQ_RELOAD: - logger(LOG_NOTICE, "Got '%s' command", "reload"); + logger(DEBUG_ALWAYS, LOG_NOTICE, "Got '%s' command", "reload"); int result = reload_configuration(); return control_return(c, REQ_RELOAD, result); case REQ_DISCONNECT: { char name[MAX_STRING_SIZE]; - connection_t *other; - splay_node_t *node, *next; bool found = false; if(sscanf(request, "%*d %*d " MAX_STRING, name) != 1) return control_return(c, REQ_DISCONNECT, -1); - for(node = connection_tree->head; node; node = next) { - next = node->next; - other = node->data; + for list_each(connection_t, other, connection_list) { if(strcmp(other->name, name)) continue; - terminate_connection(other, other->status.active); + terminate_connection(other, other->edge); found = true; } @@ -122,10 +117,17 @@ bool control_h(connection_t *c, char *request) { return dump_traffic(c); case REQ_PCAP: + sscanf(request, "%*d %*d %d", &c->outmaclength); c->status.pcap = true; pcap = true; return true; + case REQ_LOG: + sscanf(request, "%*d %*d %d", &c->outcompression); + c->status.log = true; + logcontrol = true; + return true; + default: return send_request(c, "%d %d", CONTROL, REQ_INVALID); } @@ -135,17 +137,16 @@ bool init_control(void) { randomize(controlcookie, sizeof controlcookie / 2); bin2hex(controlcookie, controlcookie, sizeof controlcookie / 2); + mode_t mask = umask(0); + umask(mask | 077); FILE *f = fopen(pidfilename, "w"); + umask(mask); + if(!f) { - logger(LOG_ERR, "Cannot write control socket cookie file %s: %s", pidfilename, strerror(errno)); + logger(DEBUG_ALWAYS, LOG_ERR, "Cannot write control socket cookie file %s: %s", pidfilename, strerror(errno)); return false; } -#ifdef HAVE_FCHMOD - fchmod(fileno(f), 0600); -#else - chmod(pidfilename, 0600); -#endif // Get the address and port of the first listening socket char *localhost = NULL; @@ -154,8 +155,8 @@ bool init_control(void) { // Make sure we have a valid address, and map 0.0.0.0 and :: to 127.0.0.1 and ::1. - if(getsockname(listen_socket[0].tcp, (struct sockaddr *)&sa, &len)) { - xasprintf(&localhost, "127.0.0.1 port %d", myport); + if(getsockname(listen_socket[0].tcp.fd, (struct sockaddr *)&sa, &len)) { + xasprintf(&localhost, "127.0.0.1 port %s", myport); } else { if(sa.sa.sa_family == AF_INET) { if(sa.in.sin_addr.s_addr == 0) @@ -174,9 +175,50 @@ bool init_control(void) { free(localhost); fclose(f); +#ifndef HAVE_MINGW + int unix_fd = socket(AF_UNIX, SOCK_STREAM, 0); + if(unix_fd < 0) { + logger(DEBUG_ALWAYS, LOG_ERR, "Could not create UNIX socket: %s", sockstrerror(sockerrno)); + return false; + } + + struct sockaddr_un sa_un; + sa_un.sun_family = AF_UNIX; + strncpy(sa_un.sun_path, unixsocketname, sizeof sa_un.sun_path); + + if(connect(unix_fd, (struct sockaddr *)&sa_un, sizeof sa_un) >= 0) { + logger(DEBUG_ALWAYS, LOG_ERR, "UNIX socket %s is still in use!", unixsocketname); + return false; + } + + unlink(unixsocketname); + + umask(mask | 077); + int result = bind(unix_fd, (struct sockaddr *)&sa_un, sizeof sa_un); + umask(mask); + + if(result < 0) { + logger(DEBUG_ALWAYS, LOG_ERR, "Could not bind UNIX socket to %s: %s", unixsocketname, sockstrerror(sockerrno)); + return false; + } + + if(listen(unix_fd, 3) < 0) { + logger(DEBUG_ALWAYS, LOG_ERR, "Could not listen on UNIX socket %s: %s", unixsocketname, sockstrerror(sockerrno)); + return false; + } + + io_add(&unix_socket, handle_new_unix_connection, &unix_socket, unix_fd, IO_READ); +#endif + return true; } void exit_control(void) { +#ifndef HAVE_MINGW + unlink(unixsocketname); + io_del(&unix_socket); + close(unix_socket.fd); +#endif + unlink(pidfilename); }