3 * $Id: admin.c,v 1.4 2001/02/06 09:34:53 mdw Exp $
5 * Admin interface for configuration
7 * (c) 2001 Straylight/Edgeware
10 /*----- Licensing notice --------------------------------------------------*
12 * This file is part of Trivial IP Encryption (TrIPE).
14 * TrIPE is free software; you can redistribute it and/or modify
15 * it under the terms of the GNU General Public License as published by
16 * the Free Software Foundation; either version 2 of the License, or
17 * (at your option) any later version.
19 * TrIPE is distributed in the hope that it will be useful,
20 * but WITHOUT ANY WARRANTY; without even the implied warranty of
21 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
22 * GNU General Public License for more details.
24 * You should have received a copy of the GNU General Public License
25 * along with TrIPE; if not, write to the Free Software Foundation,
26 * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
29 /*----- Revision history --------------------------------------------------*
32 * Revision 1.4 2001/02/06 09:34:53 mdw
33 * Change ERR response to FAIL for consistency with other programs.
35 * Revision 1.3 2001/02/04 01:17:12 mdw
36 * The `DAEMON' notification to stdout is replaced by a warning. The
37 * `DAEMON' and `QUIT' command send `OK' on successful completion. Put
38 * assignment of sequence number in a T(...) guard.
40 * Revision 1.2 2001/02/03 22:40:29 mdw
41 * Put timer information into the entropy pool when packets are received
42 * and on similar events. Reseed the generator on the interval timer.
44 * Revision 1.1 2001/02/03 20:26:37 mdw
49 /*----- Header files ------------------------------------------------------*/
53 /*----- Global variables --------------------------------------------------*/
57 const trace_opt tr_opts[] = {
58 { 't', T_TUNNEL, "tunnel events" },
59 { 'r', T_PEER, "peer events" },
60 { 'a', T_ADMIN, "admin interface" },
61 { 'p', T_PACKET, "packet contents" },
62 { 'c', T_CRYPTO, "crypto details" },
63 { 's', T_KEYSET, "symmetric keyset management" },
64 { 'x', T_KEYEXCH, "key exchange" },
65 { 'm', T_KEYMGMT, "key management" },
66 { 'A', T_ALL, "all of the above" },
70 unsigned tr_flags = 0;
73 /*----- Static variables --------------------------------------------------*/
77 static const char *sockname;
78 static unsigned flags = 0;
79 static admin *a_stdin = 0;
80 static sig s_term, s_int, s_hup;
85 #define T_RESOLVE SEC(30)
87 /*----- Utility functions -------------------------------------------------*/
89 /* --- @a_write@ --- *
91 * Arguments: @admin *a@ = admin connection to write to
92 * @const char *fmt@ = pointer to format string
93 * @...@ = other arguments
97 * Use: Sends a message to an admin connection.
100 static void a_write(admin *a, const char *fmt, ...)
105 dstr_vputf(&d, fmt, ap);
107 write(a->fd, d.buf, d.len);
111 /* --- @a_warn@ --- *
113 * Arguments: @const char *fmt@ = pointer to format string
114 * @...@ = other arguments
118 * Use: Informs all admin connections of a warning.
121 void a_warn(const char *fmt, ...)
128 dstr_puts(&d, "WARN ");
130 dstr_vputf(&d, fmt, ap);
132 if (!(flags & F_INIT))
136 for (a = admins; a; a = a->next)
137 write(a->fd, d.buf, d.len);
142 /* --- @a_trace@ --- *
144 * Arguments: @const char *p@ = pointer to a buffer
145 * @size_t sz@ = size of the buffer
146 * @void *v@ = uninteresting pointer
150 * Use: Custom trace output handler.
154 static void a_trace(const char *p, size_t sz, void *v)
159 dstr_puts(&d, "TRACE ");
160 dstr_putm(&d, p, sz);
162 for (a = admins; a; a = a->next)
163 write(a->fd, d.buf, d.len);
168 /* --- @a_quit@ --- *
174 * Use: Shuts things down nicely.
184 /* --- @a_sigdie@ --- *
186 * Arguments: @int sig@ = signal number
187 * @void *v@ = an uninteresting argument
191 * Use Shuts down on receipt of a fatal signal.
194 static void a_sigdie(int sig, void *v)
200 case SIGTERM: p = "SIGTERM"; break;
201 case SIGINT: p = "SIGINT"; break;
203 sprintf(buf, "signal %i", sig);
207 a_warn("shutting down on %s", p);
211 /* --- @a_sighup@ --- *
213 * Arguments: @int sig@ = signal number
214 * @void *v@ = an uninteresting argument
218 * Use Logs a message about SIGHUP not being useful.
221 static void a_sighup(int sig, void *v)
223 a_warn("received SIGHUP: ignoring");
226 /*----- Adding peers ------------------------------------------------------*/
228 /* --- @a_resolve@ --- *
230 * Arguments: @struct hostent *h@ = pointer to resolved hostname
231 * @void *v@ = pointer to admin block
235 * Use: Handles a completed name resolution.
238 static void a_resolve(struct hostent *h, void *v)
241 T( trace(T_ADMIN, "admin: %u resolved", a->seq); )
245 a_write(a, "FAIL couldn't resolve hostname `%s'\n", a->paddr);
246 else if (p_find(a->pname))
247 a_write(a, "FAIL peer `%s' already registered\n", a->pname);
249 memcpy(&a->peer.sin.sin_addr, h->h_addr, sizeof(struct in_addr));
250 if (!p_create(a->pname, &a->peer.sa, a->sasz))
251 a_write(a, "FAIL couldn't create peer\n");
258 selbuf_enable(&a->b);
261 /* --- @a_timer@ --- *
263 * Arguments: @struct timeval *tv@ = timer
264 * @void *v@ = pointer to admin block
268 * Use: Times out a resolver.
271 static void a_timer(struct timeval *tv, void *v)
274 T( trace(T_ADMIN, "admin: %u resolver timeout", a->seq); )
276 a_write(a, "FAIL timeout resolving `%s'\n", a->paddr);
280 selbuf_enable(&a->b);
283 /* --- @acmd_add@ --- *
285 * Arguments: @admin *a@ = connection which requested the addition
286 * @unsigned ac@ = argument count
287 * @char *av[]@ = pointer to the argument list
291 * Use: Adds a new peer.
294 static void acmd_add(admin *a, unsigned ac, char *av[])
300 /* --- Make sure someone's not got there already --- */
303 a_write(a, "FAIL peer `%s' already registered\n", av[0]);
307 /* --- Fill in the easy bits of address --- */
310 a->peer.sin.sin_family = AF_INET;
311 a->sasz = sizeof(a->peer.sin);
312 pt = strtoul(av[2], &p, 0);
314 struct servent *s = getservbyname(av[2], "udp");
316 a_write(a, "FAIL service `%s' not known\n", av[2]);
319 pt = ntohs(s->s_port);
321 if (pt == 0 || pt >= 65536) {
322 a_write(a, "FAIL bad port number %lu\n", pt);
325 a->peer.sin.sin_port = htons(pt);
327 /* --- If the name is numeric, do it the easy way --- */
329 if (inet_aton(av[1], &a->peer.sin.sin_addr)) {
330 if (!p_create(av[0], &a->peer.sa, a->sasz))
331 a_write(a, "FAIL couldn't create peer\n");
337 /* --- Store everything for later and crank up the resolver --- *
339 * We disable the line buffer until the resolver completes (or times out).
340 * This prevents other commands on the same connection (though the rest of
341 * the system continues regardless), but makes life simpler for the client.
344 a->pname = xstrdup(av[0]);
345 a->paddr = xstrdup(av[1]);
346 selbuf_disable(&a->b);
347 gettimeofday(&tv, 0);
348 tv.tv_sec += T_RESOLVE;
349 sel_addtimer(&sel, &a->t, &tv, a_timer, a);
350 bres_byname(&a->r, a->paddr, a_resolve, a);
351 T( trace(T_ADMIN, "admin: %u resolving hostname `%s'",
355 /*----- Administration commands -------------------------------------------*/
357 /* --- Miscellaneous commands --- */
361 static void acmd_trace(admin *a, unsigned ac, char *av[])
363 if (!ac || strcmp(av[0], "?") == 0) {
365 a_write(a, "INFO Trace options:\n");
366 for (t = tr_opts; t->ch; t++) {
367 a_write(a, "INFO %c %c %s\n",
368 t->ch, (tr_flags & t->f) == t->f ? '*' : ' ', t->help);
372 unsigned f = tr_flags;
378 case '+': sense = 1; break;
379 case '-': sense = 0; break;
381 for (tt = tr_opts; tt->ch; tt++) {
383 if (sense) f |= tt->f;
388 a_write(a, "FAIL unknown trace option `%c'\n", *p);
396 trace_level(tr_flags);
403 static void acmd_port(admin *a, unsigned ac, char *av[])
405 a_write(a, "INFO %u\nOK\n", p_port());
408 static void a_destroy(admin */*a*/);
410 static void acmd_daemon(admin *a, unsigned ac, char *av[])
412 if (flags & F_DAEMON)
413 a_write(a, "FAIL already running as a daemon\n");
415 a_warn("becoming a daemon");
419 a_write(a, "FAIL error becoming a daemon: %s", strerror(errno));
427 static void acmd_list(admin *a, unsigned ac, char *av[])
430 for (p = p_first(); p; p = p_next(p))
431 a_write(a, "INFO %s\n", p_name(p));
435 static void acmd_ifname(admin *a, unsigned ac, char *av[])
439 if ((p = p_find(av[0])) == 0)
440 a_write(a, "FAIL peer `%s' not found\n", av[0]);
442 a_write(a, "INFO %s\nOK\n", p_ifname(p));
445 static void acmd_addr(admin *a, unsigned ac, char *av[])
450 if ((p = p_find(av[0])) == 0)
451 a_write(a, "FAIL peer `%s' not found\n", av[0]);
454 assert(ad->sa.sa_family == AF_INET);
455 a_write(a, "INFO %s %u\nOK\n",
456 inet_ntoa(ad->sin.sin_addr),
457 (unsigned)ntohs(ad->sin.sin_port));
461 static void acmd_kill(admin *a, unsigned ac, char *av[])
464 if ((p = p_find(av[0])) == 0)
465 a_write(a, "FAIL peer `%s' not found\n", av[0]);
472 static void acmd_quit(admin *a, unsigned ac, char *av[])
474 a_warn("closing down on admin request");
479 /* --- The command table and help --- */
481 typedef struct acmd {
484 unsigned argmin, argmax;
485 void (*func)(admin */*a*/, unsigned /*ac*/, char */*av*/[]);
488 static void acmd_help(admin */*a*/, unsigned /*ac*/, char */*av*/[]);
490 static const acmd acmdtab[] = {
491 { "help", "HELP", 0, 0, acmd_help },
493 { "trace", "TRACE [options]", 0, 1, acmd_trace },
495 { "port", "PORT", 0, 0, acmd_port },
496 { "daemon", "DAEMON", 0, 0, acmd_daemon },
497 { "list", "LIST", 0, 0, acmd_list },
498 { "ifname", "IFNAME peer", 1, 1, acmd_ifname },
499 { "addr", "ADDR peer", 1, 1, acmd_addr },
500 { "kill", "KILL peer", 1, 1, acmd_kill },
501 { "add", "ADD peer addr port", 3, 3, acmd_add },
502 { "quit", "QUIT", 0, 0, acmd_quit },
506 static void acmd_help(admin *a, unsigned ac, char *av[])
509 for (c = acmdtab; c->name; c++)
510 a_write(a, "INFO %s\n", c->help);
514 /*----- Connection handling -----------------------------------------------*/
516 /* --- @a_destroy@ --- *
518 * Arguments: @admin *a@ = pointer to an admin block
522 * Use: Destroys an admin block.
525 static void a_destroy(admin *a)
527 T( trace(T_ADMIN, "admin: destroying connection %u", a->seq); )
528 selbuf_destroy(&a->b);
529 if (a->b.reader.fd != a->fd)
530 close(a->b.reader.fd);
539 a->next->prev = a->prev;
541 a->prev->next = a->next;
549 /* --- @a_line@ --- *
551 * Arguments: @char *p@ = pointer to the line read
552 * @void *vp@ = pointer to my admin block
556 * Use: Handles a line of input.
559 static void a_line(char *p, void *vp)
571 ac = str_qsplit(p, av, 4, 0, STRF_QUOTE);
574 for (p = av[0]; *p; p++) *p = tolower((unsigned char)*p);
575 for (c = acmdtab; c->name; c++) {
576 if (strcmp(av[0], c->name) == 0) {
578 if (c->argmin > ac || ac > c->argmax)
579 a_write(a, "FAIL syntax: %s\n", c->help);
581 c->func(a, ac, av + 1);
585 a_write(a, "FAIL unknown command `%s'\n", av[0]);
588 /* --- @a_create@ --- *
590 * Arguments: @int fd_in, fd_out@ = file descriptors to use
594 * Use: Creates a new admin connection.
597 void a_create(int fd_in, int fd_out)
599 admin *a = CREATE(admin);
600 T( static unsigned seq = 0;
602 T( trace(T_ADMIN, "admin: accepted connection %u", a->seq); )
604 if (fd_in == STDIN_FILENO)
606 fdflags(fd_in, O_NONBLOCK, O_NONBLOCK, FD_CLOEXEC, FD_CLOEXEC);
608 fdflags(fd_out, O_NONBLOCK, O_NONBLOCK, FD_CLOEXEC, FD_CLOEXEC);
610 selbuf_init(&a->b, &sel, fd_in, a_line, a);
618 /* --- @a_accept@ --- *
620 * Arguments: @int fd@ = file descriptor to accept
621 * @unsigned mode@ = what to do
622 * @void *v@ = uninteresting pointer
626 * Use: Accepts a new admin connection.
629 static void a_accept(int fd, unsigned mode, void *v)
632 struct sockaddr_un sun;
633 size_t sz = sizeof(sun);
635 if ((nfd = accept(fd, (struct sockaddr *)&sun, &sz)) < 0) {
636 a_warn("accept admin connection failed: %s", strerror(errno));
642 /* --- @a_daemon@ --- *
648 * Use: Informs the admin module that it's a daemon.
656 /* --- @a_init@ --- *
658 * Arguments: @const char *name@ = socket name to create
662 * Use: Creates the admin listening socket.
665 void a_init(const char *name)
669 struct sockaddr_un sun;
673 /* --- Set up the socket address --- */
675 sz = strlen(name) + 1;
676 if (sz > sizeof(sun.sun_path))
677 die(EXIT_FAILURE, "socket name `%s' too long", name);
679 sun.sun_family = AF_UNIX;
680 memcpy(sun.sun_path, name, sz);
681 sz += offsetof(struct sockaddr_un, sun_path);
683 /* --- Attempt to bind to the socket --- */
687 if ((fd = socket(PF_UNIX, SOCK_STREAM, 0)) < 0)
688 die(EXIT_FAILURE, "couldn't create socket: %s", strerror(errno));
689 if (bind(fd, (struct sockaddr *)&sun, sz) < 0) {
692 if (errno != EADDRINUSE) {
693 die(EXIT_FAILURE, "couldn't bind to address `%s': %s",
694 sun.sun_path, strerror(e));
697 die(EXIT_FAILURE, "too many retries; giving up");
699 if (!connect(fd, (struct sockaddr *)&sun, sz)) {
700 die(EXIT_FAILURE, "server already listening on admin socket `%s'",
703 if (errno != ECONNREFUSED)
704 die(EXIT_FAILURE, "couldn't bind to address: %s", strerror(e));
705 if (stat(sun.sun_path, &st)) {
706 die(EXIT_FAILURE, "couldn't stat `%s': %s",
707 sun.sun_path, strerror(errno));
709 if (!S_ISSOCK(st.st_mode))
710 die(EXIT_FAILURE, "object `%s' isn't a socket", sun.sun_path);
711 T( trace(T_ADMIN, "stale socket found; removing it"); )
712 unlink(sun.sun_path);
716 chmod(sun.sun_path, 0600);
717 fdflags(fd, O_NONBLOCK, O_NONBLOCK, FD_CLOEXEC, FD_CLOEXEC);
719 die(EXIT_FAILURE, "couldn't listen on socket: %s", strerror(errno));
721 /* --- Listen to the socket --- */
723 sel_initfile(&sel, &sock, fd, SEL_READ, a_accept, 0);
727 T( trace_custom(a_trace, 0);
728 trace(T_ADMIN, "admin: enabled custom tracing"); )
731 /* --- Set up signal handlers --- */
733 sig_add(&s_term, SIGTERM, a_sigdie, 0);
734 sig_add(&s_hup, SIGHUP, a_sighup, 0);
735 sigaction(SIGINT, 0, &sa);
736 if (sa.sa_handler != SIG_IGN)
737 sig_add(&s_int, SIGINT, a_sigdie, 0);
740 /*----- That's all, folks -------------------------------------------------*/