3 * $Id: admin.c,v 1.5 2001/02/16 21:22:51 mdw Exp $
5 * Admin interface for configuration
7 * (c) 2001 Straylight/Edgeware
10 /*----- Licensing notice --------------------------------------------------*
12 * This file is part of Trivial IP Encryption (TrIPE).
14 * TrIPE is free software; you can redistribute it and/or modify
15 * it under the terms of the GNU General Public License as published by
16 * the Free Software Foundation; either version 2 of the License, or
17 * (at your option) any later version.
19 * TrIPE is distributed in the hope that it will be useful,
20 * but WITHOUT ANY WARRANTY; without even the implied warranty of
21 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
22 * GNU General Public License for more details.
24 * You should have received a copy of the GNU General Public License
25 * along with TrIPE; if not, write to the Free Software Foundation,
26 * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
29 /*----- Revision history --------------------------------------------------*
32 * Revision 1.5 2001/02/16 21:22:51 mdw
33 * Support for displaying statistics. Make client connections blocking, so
34 * that things don't get dropped. (This might change again if I add
37 * Revision 1.4 2001/02/06 09:34:53 mdw
38 * Change ERR response to FAIL for consistency with other programs.
40 * Revision 1.3 2001/02/04 01:17:12 mdw
41 * The `DAEMON' notification to stdout is replaced by a warning. The
42 * `DAEMON' and `QUIT' command send `OK' on successful completion. Put
43 * assignment of sequence number in a T(...) guard.
45 * Revision 1.2 2001/02/03 22:40:29 mdw
46 * Put timer information into the entropy pool when packets are received
47 * and on similar events. Reseed the generator on the interval timer.
49 * Revision 1.1 2001/02/03 20:26:37 mdw
54 /*----- Header files ------------------------------------------------------*/
58 /*----- Global variables --------------------------------------------------*/
62 const trace_opt tr_opts[] = {
63 { 't', T_TUNNEL, "tunnel events" },
64 { 'r', T_PEER, "peer events" },
65 { 'a', T_ADMIN, "admin interface" },
66 { 'p', T_PACKET, "packet contents" },
67 { 'c', T_CRYPTO, "crypto details" },
68 { 's', T_KEYSET, "symmetric keyset management" },
69 { 'x', T_KEYEXCH, "key exchange" },
70 { 'm', T_KEYMGMT, "key management" },
71 { 'A', T_ALL, "all of the above" },
75 unsigned tr_flags = 0;
78 /*----- Static variables --------------------------------------------------*/
82 static const char *sockname;
83 static unsigned flags = 0;
84 static admin *a_stdin = 0;
85 static sig s_term, s_int, s_hup;
90 #define T_RESOLVE SEC(30)
92 /*----- Utility functions -------------------------------------------------*/
94 /* --- @a_write@ --- *
96 * Arguments: @admin *a@ = admin connection to write to
97 * @const char *fmt@ = pointer to format string
98 * @...@ = other arguments
102 * Use: Sends a message to an admin connection.
105 static void a_write(admin *a, const char *fmt, ...)
110 dstr_vputf(&d, fmt, ap);
112 write(a->fd, d.buf, d.len);
116 /* --- @a_warn@ --- *
118 * Arguments: @const char *fmt@ = pointer to format string
119 * @...@ = other arguments
123 * Use: Informs all admin connections of a warning.
126 void a_warn(const char *fmt, ...)
133 dstr_puts(&d, "WARN ");
135 dstr_vputf(&d, fmt, ap);
137 if (!(flags & F_INIT))
141 for (a = admins; a; a = a->next)
142 write(a->fd, d.buf, d.len);
147 /* --- @a_trace@ --- *
149 * Arguments: @const char *p@ = pointer to a buffer
150 * @size_t sz@ = size of the buffer
151 * @void *v@ = uninteresting pointer
155 * Use: Custom trace output handler.
159 static void a_trace(const char *p, size_t sz, void *v)
164 dstr_puts(&d, "TRACE ");
165 dstr_putm(&d, p, sz);
167 for (a = admins; a; a = a->next)
168 write(a->fd, d.buf, d.len);
173 /* --- @a_quit@ --- *
179 * Use: Shuts things down nicely.
189 /* --- @a_sigdie@ --- *
191 * Arguments: @int sig@ = signal number
192 * @void *v@ = an uninteresting argument
196 * Use Shuts down on receipt of a fatal signal.
199 static void a_sigdie(int sig, void *v)
205 case SIGTERM: p = "SIGTERM"; break;
206 case SIGINT: p = "SIGINT"; break;
208 sprintf(buf, "signal %i", sig);
212 a_warn("shutting down on %s", p);
216 /* --- @a_sighup@ --- *
218 * Arguments: @int sig@ = signal number
219 * @void *v@ = an uninteresting argument
223 * Use Logs a message about SIGHUP not being useful.
226 static void a_sighup(int sig, void *v)
228 a_warn("received SIGHUP: ignoring");
231 /*----- Adding peers ------------------------------------------------------*/
233 /* --- @a_resolve@ --- *
235 * Arguments: @struct hostent *h@ = pointer to resolved hostname
236 * @void *v@ = pointer to admin block
240 * Use: Handles a completed name resolution.
243 static void a_resolve(struct hostent *h, void *v)
246 T( trace(T_ADMIN, "admin: %u resolved", a->seq); )
250 a_write(a, "FAIL couldn't resolve hostname `%s'\n", a->paddr);
251 else if (p_find(a->pname))
252 a_write(a, "FAIL peer `%s' already registered\n", a->pname);
254 memcpy(&a->peer.sin.sin_addr, h->h_addr, sizeof(struct in_addr));
255 if (!p_create(a->pname, &a->peer.sa, a->sasz))
256 a_write(a, "FAIL couldn't create peer\n");
263 selbuf_enable(&a->b);
266 /* --- @a_timer@ --- *
268 * Arguments: @struct timeval *tv@ = timer
269 * @void *v@ = pointer to admin block
273 * Use: Times out a resolver.
276 static void a_timer(struct timeval *tv, void *v)
279 T( trace(T_ADMIN, "admin: %u resolver timeout", a->seq); )
281 a_write(a, "FAIL timeout resolving `%s'\n", a->paddr);
285 selbuf_enable(&a->b);
288 /* --- @acmd_add@ --- *
290 * Arguments: @admin *a@ = connection which requested the addition
291 * @unsigned ac@ = argument count
292 * @char *av[]@ = pointer to the argument list
296 * Use: Adds a new peer.
299 static void acmd_add(admin *a, unsigned ac, char *av[])
305 /* --- Make sure someone's not got there already --- */
308 a_write(a, "FAIL peer `%s' already registered\n", av[0]);
312 /* --- Fill in the easy bits of address --- */
315 a->peer.sin.sin_family = AF_INET;
316 a->sasz = sizeof(a->peer.sin);
317 pt = strtoul(av[2], &p, 0);
319 struct servent *s = getservbyname(av[2], "udp");
321 a_write(a, "FAIL service `%s' not known\n", av[2]);
324 pt = ntohs(s->s_port);
326 if (pt == 0 || pt >= 65536) {
327 a_write(a, "FAIL bad port number %lu\n", pt);
330 a->peer.sin.sin_port = htons(pt);
332 /* --- If the name is numeric, do it the easy way --- */
334 if (inet_aton(av[1], &a->peer.sin.sin_addr)) {
335 if (!p_create(av[0], &a->peer.sa, a->sasz))
336 a_write(a, "FAIL couldn't create peer\n");
342 /* --- Store everything for later and crank up the resolver --- *
344 * We disable the line buffer until the resolver completes (or times out).
345 * This prevents other commands on the same connection (though the rest of
346 * the system continues regardless), but makes life simpler for the client.
349 a->pname = xstrdup(av[0]);
350 a->paddr = xstrdup(av[1]);
351 selbuf_disable(&a->b);
352 gettimeofday(&tv, 0);
353 tv.tv_sec += T_RESOLVE;
354 sel_addtimer(&sel, &a->t, &tv, a_timer, a);
355 bres_byname(&a->r, a->paddr, a_resolve, a);
356 T( trace(T_ADMIN, "admin: %u resolving hostname `%s'",
360 /*----- Administration commands -------------------------------------------*/
362 /* --- Miscellaneous commands --- */
366 static void acmd_trace(admin *a, unsigned ac, char *av[])
368 if (!ac || strcmp(av[0], "?") == 0) {
370 a_write(a, "INFO Trace options:\n");
371 for (t = tr_opts; t->ch; t++) {
372 a_write(a, "INFO %c %c %s\n",
373 t->ch, (tr_flags & t->f) == t->f ? '*' : ' ', t->help);
377 unsigned f = tr_flags;
383 case '+': sense = 1; break;
384 case '-': sense = 0; break;
386 for (tt = tr_opts; tt->ch; tt++) {
388 if (sense) f |= tt->f;
393 a_write(a, "FAIL unknown trace option `%c'\n", *p);
401 trace_level(tr_flags);
408 static void acmd_port(admin *a, unsigned ac, char *av[])
410 a_write(a, "INFO %u\nOK\n", p_port());
413 static void a_destroy(admin */*a*/);
415 static void acmd_daemon(admin *a, unsigned ac, char *av[])
417 if (flags & F_DAEMON)
418 a_write(a, "FAIL already running as a daemon\n");
420 a_warn("becoming a daemon");
424 a_write(a, "FAIL error becoming a daemon: %s", strerror(errno));
432 static void acmd_list(admin *a, unsigned ac, char *av[])
435 for (p = p_first(); p; p = p_next(p))
436 a_write(a, "INFO %s\n", p_name(p));
440 static void acmd_ifname(admin *a, unsigned ac, char *av[])
444 if ((p = p_find(av[0])) == 0)
445 a_write(a, "FAIL peer `%s' not found\n", av[0]);
447 a_write(a, "INFO %s\nOK\n", p_ifname(p));
450 static void acmd_addr(admin *a, unsigned ac, char *av[])
455 if ((p = p_find(av[0])) == 0)
456 a_write(a, "FAIL peer `%s' not found\n", av[0]);
459 assert(ad->sa.sa_family == AF_INET);
460 a_write(a, "INFO %s %u\nOK\n",
461 inet_ntoa(ad->sin.sin_addr),
462 (unsigned)ntohs(ad->sin.sin_port));
466 static void acmd_stats(admin *a, unsigned ac, char *av[])
471 if ((p = p_find(av[0])) == 0)
472 a_write(a, "FAIL peer `%s' not found\n", av[0]);
475 a_write(a, "INFO start-time=%s\n", timestr(st->t_start));
476 a_write(a, "INFO last-packet-time=%s\n", timestr(st->t_last));
477 a_write(a, "INFO packets-in=%lu bytes-in=%lu\n", st->n_in, st->sz_in);
478 a_write(a, "INFO packets-out=%lu bytes-out=%lu\n",
479 st->n_out, st->sz_out);
480 a_write(a, "INFO keyexch-packets-in=%lu keyexch-bytes-in=%lu\n",
481 st->n_kxin, st->sz_kxin);
482 a_write(a, "INFO keyexch-packets-out=%lu keyexch-bytes-out=%lu\n",
483 st->n_kxout, st->sz_kxout);
484 a_write(a, "INFO ip-packets-in=%lu ip-bytes-in=%lu\n",
485 st->n_ipin, st->sz_ipin);
486 a_write(a, "INFO ip-packets-out=%lu ip-bytes-out=%lu\n",
487 st->n_ipout, st->sz_ipout);
488 a_write(a, "INFO rejected-packets=%lu\n", st->n_reject);
493 static void acmd_kill(admin *a, unsigned ac, char *av[])
496 if ((p = p_find(av[0])) == 0)
497 a_write(a, "FAIL peer `%s' not found\n", av[0]);
504 static void acmd_quit(admin *a, unsigned ac, char *av[])
506 a_warn("closing down on admin request");
511 /* --- The command table and help --- */
513 typedef struct acmd {
516 unsigned argmin, argmax;
517 void (*func)(admin */*a*/, unsigned /*ac*/, char */*av*/[]);
520 static void acmd_help(admin */*a*/, unsigned /*ac*/, char */*av*/[]);
522 static const acmd acmdtab[] = {
523 { "help", "HELP", 0, 0, acmd_help },
525 { "trace", "TRACE [options]", 0, 1, acmd_trace },
527 { "port", "PORT", 0, 0, acmd_port },
528 { "daemon", "DAEMON", 0, 0, acmd_daemon },
529 { "list", "LIST", 0, 0, acmd_list },
530 { "ifname", "IFNAME peer", 1, 1, acmd_ifname },
531 { "addr", "ADDR peer", 1, 1, acmd_addr },
532 { "stats", "STATS peer", 1, 1, acmd_stats },
533 { "kill", "KILL peer", 1, 1, acmd_kill },
534 { "add", "ADD peer addr port", 3, 3, acmd_add },
535 { "quit", "QUIT", 0, 0, acmd_quit },
539 static void acmd_help(admin *a, unsigned ac, char *av[])
542 for (c = acmdtab; c->name; c++)
543 a_write(a, "INFO %s\n", c->help);
547 /*----- Connection handling -----------------------------------------------*/
549 /* --- @a_destroy@ --- *
551 * Arguments: @admin *a@ = pointer to an admin block
555 * Use: Destroys an admin block.
558 static void a_destroy(admin *a)
560 T( trace(T_ADMIN, "admin: destroying connection %u", a->seq); )
561 selbuf_destroy(&a->b);
562 if (a->b.reader.fd != a->fd)
563 close(a->b.reader.fd);
572 a->next->prev = a->prev;
574 a->prev->next = a->next;
582 /* --- @a_line@ --- *
584 * Arguments: @char *p@ = pointer to the line read
585 * @void *vp@ = pointer to my admin block
589 * Use: Handles a line of input.
592 static void a_line(char *p, void *vp)
604 ac = str_qsplit(p, av, 4, 0, STRF_QUOTE);
607 for (p = av[0]; *p; p++) *p = tolower((unsigned char)*p);
608 for (c = acmdtab; c->name; c++) {
609 if (strcmp(av[0], c->name) == 0) {
611 if (c->argmin > ac || ac > c->argmax)
612 a_write(a, "FAIL syntax: %s\n", c->help);
614 c->func(a, ac, av + 1);
618 a_write(a, "FAIL unknown command `%s'\n", av[0]);
621 /* --- @a_create@ --- *
623 * Arguments: @int fd_in, fd_out@ = file descriptors to use
627 * Use: Creates a new admin connection.
630 void a_create(int fd_in, int fd_out)
632 admin *a = CREATE(admin);
633 T( static unsigned seq = 0;
635 T( trace(T_ADMIN, "admin: accepted connection %u", a->seq); )
637 if (fd_in == STDIN_FILENO)
639 fdflags(fd_in, O_NONBLOCK, 0, FD_CLOEXEC, FD_CLOEXEC);
641 fdflags(fd_out, O_NONBLOCK, 0, FD_CLOEXEC, FD_CLOEXEC);
643 selbuf_init(&a->b, &sel, fd_in, a_line, a);
651 /* --- @a_accept@ --- *
653 * Arguments: @int fd@ = file descriptor to accept
654 * @unsigned mode@ = what to do
655 * @void *v@ = uninteresting pointer
659 * Use: Accepts a new admin connection.
662 static void a_accept(int fd, unsigned mode, void *v)
665 struct sockaddr_un sun;
666 size_t sz = sizeof(sun);
668 if ((nfd = accept(fd, (struct sockaddr *)&sun, &sz)) < 0) {
669 a_warn("accept admin connection failed: %s", strerror(errno));
675 /* --- @a_daemon@ --- *
681 * Use: Informs the admin module that it's a daemon.
689 /* --- @a_init@ --- *
691 * Arguments: @const char *name@ = socket name to create
695 * Use: Creates the admin listening socket.
698 void a_init(const char *name)
702 struct sockaddr_un sun;
706 /* --- Set up the socket address --- */
708 sz = strlen(name) + 1;
709 if (sz > sizeof(sun.sun_path))
710 die(EXIT_FAILURE, "socket name `%s' too long", name);
712 sun.sun_family = AF_UNIX;
713 memcpy(sun.sun_path, name, sz);
714 sz += offsetof(struct sockaddr_un, sun_path);
716 /* --- Attempt to bind to the socket --- */
720 if ((fd = socket(PF_UNIX, SOCK_STREAM, 0)) < 0)
721 die(EXIT_FAILURE, "couldn't create socket: %s", strerror(errno));
722 if (bind(fd, (struct sockaddr *)&sun, sz) < 0) {
725 if (errno != EADDRINUSE) {
726 die(EXIT_FAILURE, "couldn't bind to address `%s': %s",
727 sun.sun_path, strerror(e));
730 die(EXIT_FAILURE, "too many retries; giving up");
732 if (!connect(fd, (struct sockaddr *)&sun, sz)) {
733 die(EXIT_FAILURE, "server already listening on admin socket `%s'",
736 if (errno != ECONNREFUSED)
737 die(EXIT_FAILURE, "couldn't bind to address: %s", strerror(e));
738 if (stat(sun.sun_path, &st)) {
739 die(EXIT_FAILURE, "couldn't stat `%s': %s",
740 sun.sun_path, strerror(errno));
742 if (!S_ISSOCK(st.st_mode))
743 die(EXIT_FAILURE, "object `%s' isn't a socket", sun.sun_path);
744 T( trace(T_ADMIN, "admin: stale socket found; removing it"); )
745 unlink(sun.sun_path);
749 chmod(sun.sun_path, 0600);
750 fdflags(fd, O_NONBLOCK, O_NONBLOCK, FD_CLOEXEC, FD_CLOEXEC);
752 die(EXIT_FAILURE, "couldn't listen on socket: %s", strerror(errno));
754 /* --- Listen to the socket --- */
756 sel_initfile(&sel, &sock, fd, SEL_READ, a_accept, 0);
760 T( trace_custom(a_trace, 0);
761 trace(T_ADMIN, "admin: enabled custom tracing"); )
764 /* --- Set up signal handlers --- */
766 sig_add(&s_term, SIGTERM, a_sigdie, 0);
767 sig_add(&s_hup, SIGHUP, a_sighup, 0);
768 sigaction(SIGINT, 0, &sa);
769 if (sa.sa_handler != SIG_IGN)
770 sig_add(&s_int, SIGINT, a_sigdie, 0);
773 /*----- That's all, folks -------------------------------------------------*/