X-Git-Url: https://tinc-vpn.org/git/browse?p=tinc;a=blobdiff_plain;f=src%2Fcontrol.c;h=98eae804d7cc46b79b0d9448fbadd512d2984618;hp=b8e5204b9db0a58d6e1b2e2fbe1bd1f6d82a01f8;hb=0c7e0210d900185d4c1a9ffd969dc2a26d9523a9;hpb=79e46d08a46f2fef2ee4e8eac7ba487007160564 diff --git a/src/control.c b/src/control.c index b8e5204b..98eae804 100644 --- a/src/control.c +++ b/src/control.c @@ -1,6 +1,6 @@ /* control.c -- Control socket handling. - Copyright (C) 2007 Guus Sliepen + Copyright (C) 2013 Guus Sliepen This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -24,12 +24,16 @@ #include "control_common.h" #include "graph.h" #include "logger.h" +#include "meta.h" +#include "names.h" +#include "net.h" +#include "netutl.h" #include "protocol.h" +#include "route.h" #include "utils.h" #include "xalloc.h" char controlcookie[65]; -extern char *controlcookiename; static bool control_return(connection_t *c, int type, int error) { return send_request(c, "%d %d %d", CONTROL, type, error); @@ -39,27 +43,27 @@ static bool control_ok(connection_t *c, int type) { return control_return(c, type, 0); } -bool control_h(connection_t *c, char *request) { +bool control_h(connection_t *c, const char *request) { int type; if(!c->status.control || c->allow_request != CONTROL) { - logger(LOG_ERR, "Unauthorized control request from %s (%s)", c->name, c->hostname); + logger(DEBUG_ALWAYS, LOG_ERR, "Unauthorized control request from %s (%s)", c->name, c->hostname); return false; } if(sscanf(request, "%*d %d", &type) != 1) { - logger(LOG_ERR, "Got bad %s from %s (%s)", "CONTROL", c->name, c->hostname); + logger(DEBUG_ALWAYS, LOG_ERR, "Got bad %s from %s (%s)", "CONTROL", c->name, c->hostname); return false; } switch (type) { case REQ_STOP: - event_loopexit(NULL); + event_exit(); return control_ok(c, REQ_STOP); case REQ_DUMP_NODES: return dump_nodes(c); - + case REQ_DUMP_EDGES: return dump_edges(c); @@ -88,59 +92,133 @@ bool control_h(connection_t *c, char *request) { return control_ok(c, REQ_RETRY); case REQ_RELOAD: - logger(LOG_NOTICE, "Got '%s' command", "reload"); + logger(DEBUG_ALWAYS, LOG_NOTICE, "Got '%s' command", "reload"); int result = reload_configuration(); return control_return(c, REQ_RELOAD, result); case REQ_DISCONNECT: { char name[MAX_STRING_SIZE]; - connection_t *other; - splay_node_t *node, *next; bool found = false; if(sscanf(request, "%*d %*d " MAX_STRING, name) != 1) return control_return(c, REQ_DISCONNECT, -1); - for(node = connection_tree->head; node; node = next) { - next = node->next; - other = node->data; + for list_each(connection_t, other, connection_list) { if(strcmp(other->name, name)) continue; - terminate_connection(other, other->status.active); + terminate_connection(other, other->edge); found = true; } return control_return(c, REQ_DISCONNECT, found ? 0 : -2); } + case REQ_DUMP_TRAFFIC: + return dump_traffic(c); + + case REQ_PCAP: + sscanf(request, "%*d %*d %d", &c->outmaclength); + c->status.pcap = true; + pcap = true; + return true; + + case REQ_LOG: + sscanf(request, "%*d %*d %d", &c->outcompression); + c->status.log = true; + logcontrol = true; + return true; + default: return send_request(c, "%d %d", CONTROL, REQ_INVALID); } } -bool init_control() { +bool init_control(void) { randomize(controlcookie, sizeof controlcookie / 2); bin2hex(controlcookie, controlcookie, sizeof controlcookie / 2); - controlcookie[sizeof controlcookie - 1] = 0; - FILE *f = fopen(controlcookiename, "w"); + mode_t mask = umask(0); + umask(mask | 077); + FILE *f = fopen(pidfilename, "w"); + umask(mask); + if(!f) { - logger(LOG_ERR, "Cannot write control socket cookie file %s: %s", controlcookiename, strerror(errno)); + logger(DEBUG_ALWAYS, LOG_ERR, "Cannot write control socket cookie file %s: %s", pidfilename, strerror(errno)); return false; } -#ifdef HAVE_FCHMOD - fchmod(fileno(f), 0600); -#else - chmod(controlcookiename, 0600); -#endif + // Get the address and port of the first listening socket + + char *localhost = NULL; + sockaddr_t sa; + socklen_t len = sizeof sa; - fprintf(f, "%s %s %d\n", controlcookie, myport, getpid()); + // Make sure we have a valid address, and map 0.0.0.0 and :: to 127.0.0.1 and ::1. + + if(getsockname(listen_socket[0].tcp.fd, (struct sockaddr *)&sa, &len)) { + xasprintf(&localhost, "127.0.0.1 port %s", myport); + } else { + if(sa.sa.sa_family == AF_INET) { + if(sa.in.sin_addr.s_addr == 0) + sa.in.sin_addr.s_addr = htonl(0x7f000001); + } else if(sa.sa.sa_family == AF_INET6) { + static const uint8_t zero[16] = {0}; + if(!memcmp(sa.in6.sin6_addr.s6_addr, zero, sizeof zero)) + sa.in6.sin6_addr.s6_addr[15] = 1; + } + + localhost = sockaddr2hostname(&sa); + } + + fprintf(f, "%d %s %s\n", (int)getpid(), controlcookie, localhost); + + free(localhost); fclose(f); +#ifndef HAVE_MINGW + int unix_fd = socket(AF_UNIX, SOCK_STREAM, 0); + if(unix_fd < 0) { + logger(DEBUG_ALWAYS, LOG_ERR, "Could not create UNIX socket: %s", sockstrerror(sockerrno)); + return false; + } + + struct sockaddr_un sa_un; + sa_un.sun_family = AF_UNIX; + strncpy(sa_un.sun_path, unixsocketname, sizeof sa_un.sun_path); + + if(connect(unix_fd, (struct sockaddr *)&sa_un, sizeof sa_un) >= 0) { + logger(DEBUG_ALWAYS, LOG_ERR, "UNIX socket %s is still in use!", unixsocketname); + return false; + } + + unlink(unixsocketname); + + umask(mask | 077); + int result = bind(unix_fd, (struct sockaddr *)&sa_un, sizeof sa_un); + umask(mask); + + if(result < 0) { + logger(DEBUG_ALWAYS, LOG_ERR, "Could not bind UNIX socket to %s: %s", unixsocketname, sockstrerror(sockerrno)); + return false; + } + + if(listen(unix_fd, 3) < 0) { + logger(DEBUG_ALWAYS, LOG_ERR, "Could not listen on UNIX socket %s: %s", unixsocketname, sockstrerror(sockerrno)); + return false; + } + + io_add(&unix_socket, handle_new_unix_connection, &unix_socket, unix_fd, IO_READ); +#endif + return true; } -void exit_control() { - unlink(controlcookiename); +void exit_control(void) { +#ifndef HAVE_MINGW + unlink(unixsocketname); + io_del(&unix_socket); + close(unix_socket.fd); +#endif + + unlink(pidfilename); }