#include <unistd.h>
#include <fcntl.h>
#include <sys/stat.h>
+#include <sys/wait.h>
#include <sys/socket.h>
#include <sys/un.h>
#include <mLib/dstr.h>
#include <mLib/env.h>
#include <mLib/fdflags.h>
+#include <mLib/fdpass.h>
#include <mLib/fwatch.h>
#include <mLib/hash.h>
#include <mLib/macros.h>
+#include <mLib/mdup.h>
#include <mLib/mdwopt.h>
#include <mLib/quis.h>
#include <mLib/report.h>
#include <catacomb/ec-keys.h>
#include <catacomb/group.h>
+#include "priv.h"
#include "protocol.h"
#include "slip.h"
#include "util.h"
#define T_KEYEXCH 64u
#define T_KEYMGMT 128u
#define T_CHAL 256u
+/* T_PRIVSEP in priv.h */
-#define T_ALL 511u
+#define T_ALL 1023u
/* --- Units --- */
typedef struct tunnel_ops {
const char *name; /* Name of this tunnel driver */
+ unsigned flags; /* Various interesting flags */
+#define TUNF_PRIVOPEN 1u /* Need helper to open file */
void (*init)(void); /* Initializes the system */
- tunnel *(*create)(struct peer */*p*/, char **/*ifn*/);
+ tunnel *(*create)(struct peer */*p*/, int /*fd*/, char **/*ifn*/);
/* Initializes a new tunnel */
void (*setifname)(tunnel */*t*/, const char */*ifn*/);
/* Notifies ifname change */
typedef struct peerspec {
char *name; /* Peer's name */
+ char *tag; /* Public key tag */
const tunnel_ops *tops; /* Tunnel operations */
unsigned long t_ka; /* Keep alive interval */
addr sa; /* Socket address to speak to */
peerspec peer; /* Peer pending creation */
} admin_addop;
-typedef struct admin_greetop {
- admin_resop r; /* Name resolution header */
- void *c; /* Challenge block */
- size_t sz; /* Length of challenge */
-} admin_greetop;
-
typedef struct admin_pingop {
admin_bgop bg; /* Background operation header */
ping ping; /* Ping pending response */
#define A_END ((char *)0)
+/* --- @a_vformat@ --- *
+ *
+ * Arguments: @dstr *d@ = where to leave the formatted message
+ * @const char *fmt@ = pointer to format string
+ * @va_list ap@ = arguments in list
+ *
+ * Returns: ---
+ *
+ * Use: Main message token formatting driver. The arguments are
+ * interleaved formatting tokens and their parameters, finally
+ * terminated by an entry @A_END@.
+ *
+ * Tokens recognized:
+ *
+ * * "*..." ... -- pretokenized @dstr_putf@-like string
+ *
+ * * "?ADDR" SOCKADDR -- a socket address, to be converted
+ *
+ * * "?B64" BUFFER SIZE -- binary data to be base64-encoded
+ *
+ * * "?TOKENS" VECTOR -- null-terminated vector of tokens
+ *
+ * * "?PEER" PEER -- peer's name
+ *
+ * * "?ERRNO" ERRNO -- system error code
+ *
+ * * "[!]..." ... -- @dstr_putf@-like string as single token
+ */
+
+extern void a_vformat(dstr */*d*/, const char */*fmt*/, va_list /*ap*/);
+
/* --- @a_warn@ --- *
*
* Arguments: @const char *fmt@ = pointer to format string
/* --- @a_init@ --- *
*
* Arguments: @const char *sock@ = socket name to create
+ * @uid_t u@ = user to own the socket
+ * @gid_t g@ = group to own the socket
+ * @mode_t m@ = permissions to set on the socket
*
* Returns: ---
*
* Use: Creates the admin listening socket.
*/
-extern void a_init(const char */*sock*/);
+extern void a_init(const char */*sock*/,
+ uid_t /*u*/, gid_t /*g*/, mode_t /*m*/);
/*----- Mapping with addresses as keys ------------------------------------*/
extern void am_remove(addrmap */*m*/, void */*i*/);
+/*----- Privilege separation ----------------------------------------------*/
+
+/* --- @ps_trace@ --- *
+ *
+ * Arguments: @unsigned mask@ = trace mask to check
+ * @const char *fmt@ = message format
+ * @...@ = values for placeholders
+ *
+ * Returns: ---
+ *
+ * Use: Writes a trace message.
+ */
+
+T( extern void ps_trace(unsigned /*mask*/, const char */*fmt*/, ...); )
+
+/* --- @ps_warn@ --- *
+ *
+ * Arguments: @const char *fmt@ = message format
+ * @...@ = values for placeholders
+ *
+ * Returns: ---
+ *
+ * Use: Writes a warning message.
+ */
+
+extern void ps_warn(const char */*fmt*/, ...);
+
+/* --- @ps_tunfd@ --- *
+ *
+ * Arguments: @const tunnel_ops *tops@ = pointer to tunnel operations
+ * @char **ifn@ = where to put the interface name
+ *
+ * Returns: The file descriptor, or @-1@ on error.
+ *
+ * Use: Fetches a file descriptor for a tunnel driver.
+ */
+
+extern int ps_tunfd(const tunnel_ops */*tops*/, char **/*ifn*/);
+
+/* --- @ps_split@ --- *
+ *
+ * Arguments: @int detachp@ = whether to detach the child from its terminal
+ *
+ * Returns: ---
+ *
+ * Use: Separates off the privileged tunnel-opening service from the
+ * rest of the server.
+ */
+
+extern void ps_split(int /*detachp*/);
+
+/* --- @ps_quit@ --- *
+ *
+ * Arguments: ---
+ *
+ * Returns: ---
+ *
+ * Use: Detaches from the helper process.
+ */
+
+extern void ps_quit(void);
+
/*----- Peer management ---------------------------------------------------*/
/* --- @p_txstart@ --- *
extern const char *p_name(peer */*p*/);
+/* --- @p_tag@ --- *
+ *
+ * Arguments: @peer *p@ = pointer to a peer block
+ *
+ * Returns: A pointer to the peer's public key tag.
+ */
+
+extern const char *p_tag(peer */*p*/);
+
/* --- @p_spec@ --- *
*
* Arguments: @peer *p@ = pointer to a peer block