X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~mdw/git/tripe/blobdiff_plain/0ed0735f38c78e11cdf1c2b095ba754a92d2d201..aa2405e804f2c2e06204c31ebe8e84e2db3ebefd:/server/admin.c diff --git a/server/admin.c b/server/admin.c index 4dbaf33e..00288f30 100644 --- a/server/admin.c +++ b/server/admin.c @@ -1,13 +1,11 @@ /* -*-c-*- - * - * $Id$ * * Admin interface for configuration * * (c) 2001 Straylight/Edgeware */ -/*----- Licensing notice --------------------------------------------------* +/*----- Licensing notice --------------------------------------------------* * * This file is part of Trivial IP Encryption (TrIPE). * @@ -15,12 +13,12 @@ * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. - * + * * TrIPE is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. - * + * * You should have received a copy of the GNU General Public License * along with TrIPE; if not, write to the Free Software Foundation, * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. @@ -72,6 +70,7 @@ static sig s_term, s_int, s_hup; #define F_DAEMON 1u #define F_INIT 2u +#define F_FOREGROUND 4u #define T_RESOLVE SEC(30) #define T_PING SEC(5) @@ -385,7 +384,7 @@ static void a_rawalert(unsigned f_and, unsigned f_eq, const char *status, { admin *a, *aa; dstr d = DSTR_INIT; - + if (!(flags & F_INIT)) return; dstr_puts(&d, status); @@ -501,12 +500,9 @@ void a_notify(const char *fmt, ...) void a_quit(void) { - peer *p; - close(sock.fd); unlink(sockname); - while ((p = p_first()) != 0) - p_destroy(p); + FOREACH_PEER(p, { p_destroy(p); }); exit(0); } @@ -567,10 +563,10 @@ static long a_parsetime(const char *p) case 'h': t *= 60; case 'm': t *= 60; case 's': if (q[1] != 0) - default: t = -1; + default: t = -1; case 0: break; } - return (t); + return (t); } /* --- @a_findpeer@ --- * @@ -986,7 +982,7 @@ static void a_resolved(struct hostent *h, void *v) sel_rmtimer(&r->t); xfree(r->addr); a_bgrelease(&r->bg); -} +} /* --- @a_restimer@ --- * * @@ -1059,21 +1055,25 @@ static void a_resolve(admin *a, admin_resop *r, const char *tag, r->addr = 0; r->func = func; if (mystrieq(av[i], "inet")) i++; - if (ac - i != 2) { - a_fail(a, "bad-addr-syntax", "[inet] ADDRESS PORT", A_END); + if (ac - i != 1 && ac - i != 2) { + a_fail(a, "bad-addr-syntax", "[inet] ADDRESS [PORT]", A_END); goto fail; } r->sa.sin.sin_family = AF_INET; r->sasz = sizeof(r->sa.sin); r->addr = xstrdup(av[i]); - pt = strtoul(av[i + 1], &p, 0); - if (*p) { - struct servent *s = getservbyname(av[i + 1], "udp"); - if (!s) { - a_fail(a, "unknown-service", "%s", av[i + 1], A_END); - goto fail; + if (!av[i + 1]) + pt = TRIPE_PORT; + else { + pt = strtoul(av[i + 1], &p, 0); + if (*p) { + struct servent *s = getservbyname(av[i + 1], "udp"); + if (!s) { + a_fail(a, "unknown-service", "%s", av[i + 1], A_END); + goto fail; + } + pt = ntohs(s->s_port); } - pt = ntohs(s->s_port); } if (pt == 0 || pt >= 65536) { a_fail(a, "invalid-port", "%lu", pt, A_END); @@ -1093,7 +1093,7 @@ static void a_resolve(admin *a, admin_resop *r, const char *tag, a->seq, BGTAG(r), r->addr); ) /* --- If the name is numeric, do it the easy way --- */ - + if (inet_aton(av[i], &r->sa.sin.sin_addr)) { T( trace(T_ADMIN, "admin: resop %s done the easy way", BGTAG(r)); ) func(r, ARES_OK); @@ -1175,7 +1175,9 @@ static void a_doadd(admin_resop *r, int rc) if (rc == ARES_OK) { add->peer.sasz = add->r.sasz; add->peer.sa = add->r.sa; - if (p_find(add->peer.name)) + if (p_findbyaddr(&add->r.sa)) + a_bgfail(&add->r.bg, "peer-addr-exists", "?ADDR", &add->r.sa, A_END); + else if (p_find(add->peer.name)) a_bgfail(&add->r.bg, "peer-exists", "%s", add->peer.name, A_END); else if (!p_create(&add->peer)) a_bgfail(&add->r.bg, "peer-create-fail", "%s", add->peer.name, A_END); @@ -1208,6 +1210,7 @@ static void acmd_add(admin *a, unsigned ac, char *av[]) add->peer.name = 0; add->peer.t_ka = 0; add->peer.tops = tun_default; + add->peer.kxf = 0; /* --- Parse options --- */ @@ -1227,11 +1230,12 @@ static void acmd_add(admin *a, unsigned ac, char *av[]) } }) OPTTIME("-keepalive", t, { add->peer.t_ka = t; }) + OPT("-cork", { add->peer.kxf |= KXF_CORK; }) }); /* --- Make sure someone's not got there already --- */ - if (!*av) + if (!av[0] || !av[1]) goto bad_syntax; if (p_find(*av)) { a_fail(a, "peer-exists", "%s", *av, A_END); @@ -1349,7 +1353,7 @@ static void a_ping(admin *a, unsigned ac, char *av[], a_bgrelease(&pg->bg); } return; - + bad_syntax: a_fail(a, "bad-syntax", "%s", cmd, "[OPTIONS] PEER", cmd, A_END); fail: @@ -1565,7 +1569,7 @@ static int traceish(admin *a, unsigned ac, char *av[], } a_fail(a, "bad-%s-option", what, "%c", *p, A_END); return (0); - tropt_ok:; + tropt_ok:; break; } p++; @@ -1609,7 +1613,7 @@ static void acmd_daemon(admin *a, unsigned ac, char *av[]) a_notify("DAEMON", A_END); if (a_stdin) a_destroy(a_stdin); - if (u_daemon()) + if (daemonize()) a_fail(a, "daemon-error", "?ERRNO", A_END); else { flags |= F_DAEMON; @@ -1644,10 +1648,7 @@ static void acmd_bgcancel(admin *a, unsigned ac, char *av[]) static void acmd_list(admin *a, unsigned ac, char *av[]) { - peer *p; - - for (p = p_first(); p; p = p_next(p)) - a_info(a, "%s", p_name(p), A_END); + FOREACH_PEER(p, { a_info(a, "%s", p_name(p), A_END); }); a_ok(a); } @@ -1669,7 +1670,7 @@ static void acmd_setifname(admin *a, unsigned ac, char *av[]) a_notify("NEWIFNAME", "?PEER", p, "%s", p_ifname(p), "%s", av[1], A_END); p_setifname(p, av[1]); a_ok(a); - } + } } static void acmd_getchal(admin *a, unsigned ac, char *av[]) @@ -1779,7 +1780,7 @@ static void acmd_stats(admin *a, unsigned ac, char *av[]) "ip-bytes-in=%lu", st->sz_ipin, A_END); a_info(a, - "ip-packets-out=%lu", st->n_ipout, + "ip-packets-out=%lu", st->n_ipout, "ip-bytes-out=%lu", st->sz_ipout, A_END); a_info(a, "rejected-packets=%lu", st->n_reject, A_END); @@ -1882,7 +1883,7 @@ static const acmd acmdtab[] = { { "tunnels", 0, 0, 0, acmd_tunnels }, { "version", 0, 0, 0, acmd_version }, { "warn", "MESSAGE ...", 1, 0xffff, acmd_warn }, - { "watch", "[OPTIONS]", 0, 1, acmd_watch }, + { "watch", "[OPTIONS]", 0, 1, acmd_watch }, { 0, 0, 0, 0, 0 } }; @@ -1893,7 +1894,7 @@ static void acmd_help(admin *a, unsigned ac, char *av[]) for (c = acmdtab; c->name; c++) { if (c->help) a_info(a, "%s", c->name, "*%s", c->help, A_END); - else + else a_info(a, "%s", c->name, A_END); } a_ok(a); @@ -1912,53 +1913,66 @@ static void acmd_help(admin *a, unsigned ac, char *av[]) static void a_destroypending(void) { - admin *a, *aa; + admin *a, *aa, *head; admin_bgop *bg, *bbg; admin_service *svc, *ssvc; - /* --- Destroy connections marked as pending --- */ + /* --- Destroy connections marked as pending --- * + * + * Slightly messy. Killing clients may cause others to finally die. Make + * sure that they can be put on the list without clobbering anything or + * getting lost. + */ - for (a = a_dead; a; a = aa) { - aa = a->next; - assert(a->f & AF_DEAD); + while (a_dead) { + head = a_dead; + a_dead = 0; + for (a = head; a; a = aa) { + aa = a->next; + assert(a->f & AF_DEAD); - /* --- Report what we're doing --- */ + /* --- Report what we're doing --- */ - T( trace(T_ADMIN, "admin: completing destruction of connection %u", - a->seq); ) + T( trace(T_ADMIN, "admin: completing destruction of connection %u", + a->seq); ) - /* --- Abort any background jobs in progress --- */ + /* --- If this is the foreground client then shut down --- */ - for (bg = a->bg; bg; bg = bbg) { - bbg = bg->next; - bg->cancel(bg); - if (bg->tag) xfree(bg->tag); - xfree(bg); - } + if (a->f & AF_FOREGROUND) { + T( trace(T_ADMIN, "admin: foreground client quit: shutting down"); ) + a_warn("SERVER", "quit", "foreground-eof", A_END); + a_quit(); + } - /* --- Release services I hold, and abort pending jobs --- */ + /* --- Abort any background jobs in progress --- */ - for (svc = a->svcs; svc; svc = ssvc) { - ssvc = svc->next; - a_svcrelease(svc); - } - a_jobtablefinal(&a->j); + for (bg = a->bg; bg; bg = bbg) { + bbg = bg->next; + bg->cancel(bg); + if (bg->tag) xfree(bg->tag); + xfree(bg); + } - /* --- Close file descriptors and selectory --- */ + /* --- Release services I hold, and abort pending jobs --- */ - selbuf_destroy(&a->b); - if (a->b.reader.fd != a->w.fd) close(a->b.reader.fd); - close(a->w.fd); - if (a_stdin == a) a_stdin = 0; + for (svc = a->svcs; svc; svc = ssvc) { + ssvc = svc->next; + a_svcrelease(svc); + } + a_jobtablefinal(&a->j); - /* --- Done --- */ + /* --- Close file descriptors and selectory --- */ - DESTROY(a); - } + selbuf_destroy(&a->b); + if (a->b.reader.fd != a->w.fd) close(a->b.reader.fd); + close(a->w.fd); + if (a_stdin == a) a_stdin = 0; - /* --- All pending destruction completed --- */ + /* --- Done --- */ - a_dead = 0; + DESTROY(a); + } + } } /* --- @a_destroy@ --- * @@ -2016,7 +2030,7 @@ static void a_line(char *p, size_t len, void *vp) { admin *a = vp; const acmd *c; - char *av[16]; + char *av[16 + 1]; size_t ac; TIMER; @@ -2031,16 +2045,17 @@ static void a_line(char *p, size_t len, void *vp) } return; } - ac = str_qsplit(p, av, 16, 0, STRF_QUOTE); + ac = str_qsplit(p, av, N(av) - 1, 0, STRF_QUOTE); if (!ac) return; + av[ac] = 0; for (c = acmdtab; c->name; c++) { if (mystrieq(av[0], c->name)) { ac--; if (c->argmin > ac || ac > c->argmax) { if (!c->help) a_fail(a, "bad-syntax", "%s", c->name, "", A_END); - else + else a_fail(a, "bad-syntax", "%s", c->name, "%s", c->help, A_END); } else c->func(a, ac, av + 1); @@ -2138,13 +2153,15 @@ void a_daemon(void) { flags |= F_DAEMON; } /* --- @a_init@ --- * * * Arguments: @const char *name@ = socket name to create + * @uid_t u@ = user to own the socket + * @gid_t g@ = group to own the socket * * Returns: --- * * Use: Creates the admin listening socket. */ -void a_init(const char *name) +void a_init(const char *name, uid_t u, gid_t g) { int fd; int n = 5; @@ -2200,6 +2217,11 @@ again: goto again; } chmod(sun.sun_path, 0600); + if (chown(sun.sun_path, u, g)) { + T( trace(T_ADMIN, + "admin: failed to give away socket: %s", + strerror(errno)); ) + } fdflags(fd, O_NONBLOCK, O_NONBLOCK, FD_CLOEXEC, FD_CLOEXEC); if (listen(fd, 5)) die(EXIT_FAILURE, "couldn't listen on socket: %s", strerror(errno));