3 * $Id: admin.c,v 1.2 2001/02/03 22:40:29 mdw Exp $
5 * Admin interface for configuration
7 * (c) 2001 Straylight/Edgeware
10 /*----- Licensing notice --------------------------------------------------*
12 * This file is part of Trivial IP Encryption (TrIPE).
14 * TrIPE is free software; you can redistribute it and/or modify
15 * it under the terms of the GNU General Public License as published by
16 * the Free Software Foundation; either version 2 of the License, or
17 * (at your option) any later version.
19 * TrIPE is distributed in the hope that it will be useful,
20 * but WITHOUT ANY WARRANTY; without even the implied warranty of
21 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
22 * GNU General Public License for more details.
24 * You should have received a copy of the GNU General Public License
25 * along with TrIPE; if not, write to the Free Software Foundation,
26 * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
29 /*----- Revision history --------------------------------------------------*
32 * Revision 1.2 2001/02/03 22:40:29 mdw
33 * Put timer information into the entropy pool when packets are received
34 * and on similar events. Reseed the generator on the interval timer.
36 * Revision 1.1 2001/02/03 20:26:37 mdw
41 /*----- Header files ------------------------------------------------------*/
45 /*----- Global variables --------------------------------------------------*/
49 const trace_opt tr_opts[] = {
50 { 't', T_TUNNEL, "tunnel events" },
51 { 'r', T_PEER, "peer events" },
52 { 'a', T_ADMIN, "admin interface" },
53 { 'p', T_PACKET, "packet contents" },
54 { 'c', T_CRYPTO, "crypto details" },
55 { 's', T_KEYSET, "symmetric keyset management" },
56 { 'x', T_KEYEXCH, "key exchange" },
57 { 'm', T_KEYMGMT, "key management" },
58 { 'A', T_ALL, "all of the above" },
62 unsigned tr_flags = 0;
65 /*----- Static variables --------------------------------------------------*/
69 static const char *sockname;
70 static unsigned flags = 0;
71 static admin *a_stdin = 0;
72 static sig s_term, s_int, s_hup;
77 #define T_RESOLVE SEC(30)
79 /*----- Utility functions -------------------------------------------------*/
81 /* --- @a_write@ --- *
83 * Arguments: @admin *a@ = admin connection to write to
84 * @const char *fmt@ = pointer to format string
85 * @...@ = other arguments
89 * Use: Sends a message to an admin connection.
92 static void a_write(admin *a, const char *fmt, ...)
97 dstr_vputf(&d, fmt, ap);
99 write(a->fd, d.buf, d.len);
103 /* --- @a_warn@ --- *
105 * Arguments: @const char *fmt@ = pointer to format string
106 * @...@ = other arguments
110 * Use: Informs all admin connections of a warning.
113 void a_warn(const char *fmt, ...)
120 dstr_puts(&d, "WARN ");
122 dstr_vputf(&d, fmt, ap);
124 if (!(flags & F_INIT))
128 for (a = admins; a; a = a->next)
129 write(a->fd, d.buf, d.len);
134 /* --- @a_trace@ --- *
136 * Arguments: @const char *p@ = pointer to a buffer
137 * @size_t sz@ = size of the buffer
138 * @void *v@ = uninteresting pointer
142 * Use: Custom trace output handler.
146 static void a_trace(const char *p, size_t sz, void *v)
151 dstr_puts(&d, "TRACE ");
152 dstr_putm(&d, p, sz);
154 for (a = admins; a; a = a->next)
155 write(a->fd, d.buf, d.len);
160 /* --- @a_quit@ --- *
166 * Use: Shuts things down nicely.
176 /* --- @a_sigdie@ --- *
178 * Arguments: @int sig@ = signal number
179 * @void *v@ = an uninteresting argument
183 * Use Shuts down on receipt of a fatal signal.
186 static void a_sigdie(int sig, void *v)
192 case SIGTERM: p = "SIGTERM"; break;
193 case SIGINT: p = "SIGINT"; break;
195 sprintf(buf, "signal %i", sig);
199 a_warn("shutting down on %s", p);
203 /* --- @a_sighup@ --- *
205 * Arguments: @int sig@ = signal number
206 * @void *v@ = an uninteresting argument
210 * Use Logs a message about SIGHUP not being useful.
213 static void a_sighup(int sig, void *v)
215 a_warn("received SIGHUP: ignoring");
218 /*----- Adding peers ------------------------------------------------------*/
220 /* --- @a_resolve@ --- *
222 * Arguments: @struct hostent *h@ = pointer to resolved hostname
223 * @void *v@ = pointer to admin block
227 * Use: Handles a completed name resolution.
230 static void a_resolve(struct hostent *h, void *v)
233 T( trace(T_ADMIN, "admin: %u resolved", a->seq); )
237 a_write(a, "ERR couldn't resolve hostname `%s'\n", a->paddr);
238 else if (p_find(a->pname))
239 a_write(a, "ERR peer `%s' already registered\n", a->pname);
241 memcpy(&a->peer.sin.sin_addr, h->h_addr, sizeof(struct in_addr));
242 if (!p_create(a->pname, &a->peer.sa, a->sasz))
243 a_write(a, "ERR couldn't create peer\n");
250 selbuf_enable(&a->b);
253 /* --- @a_timer@ --- *
255 * Arguments: @struct timeval *tv@ = timer
256 * @void *v@ = pointer to admin block
260 * Use: Times out a resolver.
263 static void a_timer(struct timeval *tv, void *v)
266 T( trace(T_ADMIN, "admin: %u resolver timeout", a->seq); )
268 a_write(a, "ERR timeout resolving `%s'\n", a->paddr);
272 selbuf_enable(&a->b);
275 /* --- @acmd_add@ --- *
277 * Arguments: @admin *a@ = connection which requested the addition
278 * @unsigned ac@ = argument count
279 * @char *av[]@ = pointer to the argument list
283 * Use: Adds a new peer.
286 static void acmd_add(admin *a, unsigned ac, char *av[])
292 /* --- Make sure someone's not got there already --- */
295 a_write(a, "ERR peer `%s' already registered\n", av[0]);
299 /* --- Fill in the easy bits of address --- */
302 a->peer.sin.sin_family = AF_INET;
303 a->sasz = sizeof(a->peer.sin);
304 pt = strtoul(av[2], &p, 0);
306 struct servent *s = getservbyname(av[2], "udp");
308 a_write(a, "ERR service `%s' not known\n", av[2]);
311 pt = ntohs(s->s_port);
313 if (pt == 0 || pt >= 65536) {
314 a_write(a, "ERR bad port number %lu\n", pt);
317 a->peer.sin.sin_port = htons(pt);
319 /* --- If the name is numeric, do it the easy way --- */
321 if (inet_aton(av[1], &a->peer.sin.sin_addr)) {
322 if (!p_create(av[0], &a->peer.sa, a->sasz))
323 a_write(a, "ERR couldn't create peer\n");
329 /* --- Store everything for later and crank up the resolver --- *
331 * We disable the line buffer until the resolver completes (or times out).
332 * This prevents other commands on the same connection (though the rest of
333 * the system continues regardless), but makes life simpler for the client.
336 a->pname = xstrdup(av[0]);
337 a->paddr = xstrdup(av[1]);
338 selbuf_disable(&a->b);
339 gettimeofday(&tv, 0);
340 tv.tv_sec += T_RESOLVE;
341 sel_addtimer(&sel, &a->t, &tv, a_timer, a);
342 bres_byname(&a->r, a->paddr, a_resolve, a);
343 T( trace(T_ADMIN, "admin: %u resolving hostname `%s'",
347 /*----- Administration commands -------------------------------------------*/
349 /* --- Miscellaneous commands --- */
353 static void acmd_trace(admin *a, unsigned ac, char *av[])
355 if (!ac || strcmp(av[0], "?") == 0) {
357 a_write(a, "INFO Trace options:\n");
358 for (t = tr_opts; t->ch; t++) {
359 a_write(a, "INFO %c %c %s\n",
360 t->ch, (tr_flags & t->f) == t->f ? '*' : ' ', t->help);
364 unsigned f = tr_flags;
370 case '+': sense = 1; break;
371 case '-': sense = 0; break;
373 for (tt = tr_opts; tt->ch; tt++) {
375 if (sense) f |= tt->f;
380 a_write(a, "ERR unknown trace option `%c'\n", *p);
388 trace_level(tr_flags);
395 static void acmd_port(admin *a, unsigned ac, char *av[])
397 a_write(a, "INFO %u\nOK\n", p_port());
400 static void a_destroy(admin */*a*/);
402 static void acmd_daemon(admin *a, unsigned ac, char *av[])
404 if (flags & F_DAEMON)
405 a_write(a, "ERR already running as a daemon\n");
408 a_write(a_stdin, "WARN becoming a daemon\n");
412 a_write(a, "ERR error becoming a daemon: %s", strerror(errno));
418 static void acmd_list(admin *a, unsigned ac, char *av[])
421 for (p = p_first(); p; p = p_next(p))
422 a_write(a, "INFO %s\n", p_name(p));
426 static void acmd_ifname(admin *a, unsigned ac, char *av[])
430 if ((p = p_find(av[0])) == 0)
431 a_write(a, "ERR peer `%s' not found\n", av[0]);
433 a_write(a, "INFO %s\nOK\n", p_ifname(p));
436 static void acmd_addr(admin *a, unsigned ac, char *av[])
441 if ((p = p_find(av[0])) == 0)
442 a_write(a, "ERR peer `%s' not found\n", av[0]);
445 assert(ad->sa.sa_family == AF_INET);
446 a_write(a, "INFO %s %u\nOK\n",
447 inet_ntoa(ad->sin.sin_addr),
448 (unsigned)ntohs(ad->sin.sin_port));
452 static void acmd_kill(admin *a, unsigned ac, char *av[])
455 if ((p = p_find(av[0])) == 0)
456 a_write(a, "ERR peer `%s' not found\n", av[0]);
463 static void acmd_quit(admin *a, unsigned ac, char *av[])
465 a_warn("closing down on admin request");
469 /* --- The command table and help --- */
471 typedef struct acmd {
474 unsigned argmin, argmax;
475 void (*func)(admin */*a*/, unsigned /*ac*/, char */*av*/[]);
478 static void acmd_help(admin */*a*/, unsigned /*ac*/, char */*av*/[]);
480 static const acmd acmdtab[] = {
481 { "help", "HELP", 0, 0, acmd_help },
483 { "trace", "TRACE [options]", 0, 1, acmd_trace },
485 { "port", "PORT", 0, 0, acmd_port },
486 { "daemon", "DAEMON", 0, 0, acmd_daemon },
487 { "list", "LIST", 0, 0, acmd_list },
488 { "ifname", "IFNAME peer", 1, 1, acmd_ifname },
489 { "addr", "ADDR peer", 1, 1, acmd_addr },
490 { "kill", "KILL peer", 1, 1, acmd_kill },
491 { "add", "ADD peer addr port", 3, 3, acmd_add },
492 { "quit", "QUIT", 0, 0, acmd_quit },
496 static void acmd_help(admin *a, unsigned ac, char *av[])
499 for (c = acmdtab; c->name; c++)
500 a_write(a, "INFO %s\n", c->help);
504 /*----- Connection handling -----------------------------------------------*/
506 /* --- @a_destroy@ --- *
508 * Arguments: @admin *a@ = pointer to an admin block
512 * Use: Destroys an admin block.
515 static void a_destroy(admin *a)
517 T( trace(T_ADMIN, "admin: destroying connection %u", a->seq); )
518 selbuf_destroy(&a->b);
519 if (a->b.reader.fd != a->fd)
520 close(a->b.reader.fd);
529 a->next->prev = a->prev;
531 a->prev->next = a->next;
539 /* --- @a_line@ --- *
541 * Arguments: @char *p@ = pointer to the line read
542 * @void *vp@ = pointer to my admin block
546 * Use: Handles a line of input.
549 static void a_line(char *p, void *vp)
561 ac = str_qsplit(p, av, 4, 0, STRF_QUOTE);
564 for (p = av[0]; *p; p++) *p = tolower((unsigned char)*p);
565 for (c = acmdtab; c->name; c++) {
566 if (strcmp(av[0], c->name) == 0) {
568 if (c->argmin > ac || ac > c->argmax)
569 a_write(a, "ERR syntax: %s\n", c->help);
571 c->func(a, ac, av + 1);
575 a_write(a, "ERR unknown command `%s'\n", av[0]);
578 /* --- @a_create@ --- *
580 * Arguments: @int fd_in, fd_out@ = file descriptors to use
584 * Use: Creates a new admin connection.
587 void a_create(int fd_in, int fd_out)
589 admin *a = CREATE(admin);
590 T( static unsigned seq = 0; )
592 T( trace(T_ADMIN, "admin: accepted connection %u", a->seq); )
594 if (fd_in == STDIN_FILENO)
596 fdflags(fd_in, O_NONBLOCK, O_NONBLOCK, FD_CLOEXEC, FD_CLOEXEC);
598 fdflags(fd_out, O_NONBLOCK, O_NONBLOCK, FD_CLOEXEC, FD_CLOEXEC);
600 selbuf_init(&a->b, &sel, fd_in, a_line, a);
608 /* --- @a_accept@ --- *
610 * Arguments: @int fd@ = file descriptor to accept
611 * @unsigned mode@ = what to do
612 * @void *v@ = uninteresting pointer
616 * Use: Accepts a new admin connection.
619 static void a_accept(int fd, unsigned mode, void *v)
622 struct sockaddr_un sun;
623 size_t sz = sizeof(sun);
625 if ((nfd = accept(fd, (struct sockaddr *)&sun, &sz)) < 0) {
626 a_warn("accept admin connection failed: %s", strerror(errno));
632 /* --- @a_daemon@ --- *
638 * Use: Informs the admin module that it's a daemon.
646 /* --- @a_init@ --- *
648 * Arguments: @const char *name@ = socket name to create
652 * Use: Creates the admin listening socket.
655 void a_init(const char *name)
659 struct sockaddr_un sun;
663 /* --- Set up the socket address --- */
665 sz = strlen(name) + 1;
666 if (sz > sizeof(sun.sun_path))
667 die(EXIT_FAILURE, "socket name `%s' too long", name);
669 sun.sun_family = AF_UNIX;
670 memcpy(sun.sun_path, name, sz);
671 sz += offsetof(struct sockaddr_un, sun_path);
673 /* --- Attempt to bind to the socket --- */
677 if ((fd = socket(PF_UNIX, SOCK_STREAM, 0)) < 0)
678 die(EXIT_FAILURE, "couldn't create socket: %s", strerror(errno));
679 if (bind(fd, (struct sockaddr *)&sun, sz) < 0) {
682 if (errno != EADDRINUSE) {
683 die(EXIT_FAILURE, "couldn't bind to address `%s': %s",
684 sun.sun_path, strerror(e));
687 die(EXIT_FAILURE, "too many retries; giving up");
689 if (!connect(fd, (struct sockaddr *)&sun, sz)) {
690 die(EXIT_FAILURE, "server already listening on admin socket `%s'",
693 if (errno != ECONNREFUSED)
694 die(EXIT_FAILURE, "couldn't bind to address: %s", strerror(e));
695 if (stat(sun.sun_path, &st)) {
696 die(EXIT_FAILURE, "couldn't stat `%s': %s",
697 sun.sun_path, strerror(errno));
699 if (!S_ISSOCK(st.st_mode))
700 die(EXIT_FAILURE, "object `%s' isn't a socket", sun.sun_path);
701 T( trace(T_ADMIN, "stale socket found; removing it"); )
702 unlink(sun.sun_path);
706 chmod(sun.sun_path, 0600);
707 fdflags(fd, O_NONBLOCK, O_NONBLOCK, FD_CLOEXEC, FD_CLOEXEC);
709 die(EXIT_FAILURE, "couldn't listen on socket: %s", strerror(errno));
711 /* --- Listen to the socket --- */
713 sel_initfile(&sel, &sock, fd, SEL_READ, a_accept, 0);
717 T( trace_custom(a_trace, 0);
718 trace(T_ADMIN, "admin: enabled custom tracing"); )
721 /* --- Set up signal handlers --- */
723 sig_add(&s_term, SIGTERM, a_sigdie, 0);
724 sig_add(&s_hup, SIGHUP, a_sighup, 0);
725 sigaction(SIGINT, 0, &sa);
726 if (sa.sa_handler != SIG_IGN)
727 sig_add(&s_int, SIGINT, a_sigdie, 0);
730 /*----- That's all, folks -------------------------------------------------*/