X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~mdw/git/tripe/blobdiff_plain/46dde0806919904d146851bf8bd93fac9915730b..11ad66c29764521f87f0dd399a1e592147c7af36:/server/admin.c diff --git a/server/admin.c b/server/admin.c index 382baca9..2d1658ee 100644 --- a/server/admin.c +++ b/server/admin.c @@ -9,19 +9,18 @@ * * This file is part of Trivial IP Encryption (TrIPE). * - * TrIPE is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. + * TrIPE is free software: you can redistribute it and/or modify it under + * the terms of the GNU General Public License as published by the Free + * Software Foundation; either version 3 of the License, or (at your + * option) any later version. * - * TrIPE is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. + * TrIPE is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. * * You should have received a copy of the GNU General Public License - * along with TrIPE; if not, write to the Free Software Foundation, - * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + * along with TrIPE. If not, see . */ /*----- Header files ------------------------------------------------------*/ @@ -40,6 +39,7 @@ const trace_opt tr_opts[] = { { 'x', T_KEYEXCH, "key exchange" }, { 'm', T_KEYMGMT, "key management" }, { 'l', T_CHAL, "challenge management" }, + { 'v', T_PRIVSEP, "privilege separation" }, { 'p', T_PACKET, "packet contents" }, { 'c', T_CRYPTO, "crypto details" }, { 'A', T_ALL, "all of the above" }, @@ -50,7 +50,9 @@ unsigned tr_flags = 0; #endif static const trace_opt w_opts[] = { +#ifndef NTRACE { 't', AF_TRACE, "trace messages" }, +#endif { 'n', AF_NOTE, "asynchronous notifications" }, { 'w', AF_WARN, "warnings" }, { 'A', AF_ALLMSGS, "all of the above" }, @@ -234,24 +236,42 @@ static void a_flush(int fd, unsigned mode, void *v) * * Arguments: @dstr *d@ = where to leave the formatted message * @const char *fmt@ = pointer to format string - * @va_list ap@ = arguments in list + * @va_list *ap@ = arguments in list * * Returns: --- * - * Use: Main message token formatting driver. + * Use: Main message token formatting driver. The arguments are + * interleaved formatting tokens and their parameters, finally + * terminated by an entry @A_END@. + * + * Tokens recognized: + * + * * "*..." ... -- pretokenized @dstr_putf@-like string + * + * * "?ADDR" SOCKADDR -- a socket address, to be converted + * + * * "?B64" BUFFER SIZE -- binary data to be base64-encoded + * + * * "?TOKENS" VECTOR -- null-terminated vector of tokens + * + * * "?PEER" PEER -- peer's name + * + * * "?ERRNO" ERRNO -- system error code + * + * * "[!]..." ... -- @dstr_putf@-like string as single token */ -static void a_vformat(dstr *d, const char *fmt, va_list ap) +void a_vformat(dstr *d, const char *fmt, va_list *ap) { dstr dd = DSTR_INIT; while (fmt) { if (*fmt == '*') { - dstr_putc(d, ' '); - dstr_vputf(d, fmt + 1, &ap); + if (d->len) dstr_putc(d, ' '); + dstr_vputf(d, fmt + 1, ap); } else if (*fmt == '?') { if (strcmp(fmt, "?ADDR") == 0) { - const addr *a = va_arg(ap, const addr *); + const addr *a = va_arg(*ap, const addr *); switch (a->sa.sa_family) { case AF_INET: u_quotify(d, "INET"); @@ -262,8 +282,8 @@ static void a_vformat(dstr *d, const char *fmt, va_list ap) abort(); } } else if (strcmp(fmt, "?B64") == 0) { - const octet *p = va_arg(ap, const octet *); - size_t n = va_arg(ap, size_t); + const octet *p = va_arg(*ap, const octet *); + size_t n = va_arg(*ap, size_t); base64_ctx b64; dstr_putc(d, ' '); base64_init(&b64); @@ -273,10 +293,10 @@ static void a_vformat(dstr *d, const char *fmt, va_list ap) base64_encode(&b64, 0, 0, d); while (d->len && d->buf[d->len - 1] == '=') d->len--; } else if (strcmp(fmt, "?TOKENS") == 0) { - const char *const *av = va_arg(ap, const char *const *); + const char *const *av = va_arg(*ap, const char *const *); while (*av) u_quotify(d, *av++); } else if (strcmp(fmt, "?PEER") == 0) - u_quotify(d, p_name(va_arg(ap, peer *))); + u_quotify(d, p_name(va_arg(*ap, peer *))); else if (strcmp(fmt, "?ERRNO") == 0) { dstr_putf(d, " E%d", errno); u_quotify(d, strerror(errno)); @@ -285,22 +305,43 @@ static void a_vformat(dstr *d, const char *fmt, va_list ap) } else { if (*fmt == '!') fmt++; DRESET(&dd); - dstr_vputf(&dd, fmt, &ap); + dstr_vputf(&dd, fmt, ap); u_quotify(d, dd.buf); } - fmt = va_arg(ap, const char *); + fmt = va_arg(*ap, const char *); } + dstr_putz(d); dstr_destroy(&dd); } +/* --- @a_format@ --- * + * + * Arguments: @dstr *d@ = where to leave the formatted message + * @const char *fmt@ = pointer to format string + * + * Returns: --- + * + * Use: Writes a tokenized message into a string, for later + * presentation. + */ + +void a_format(dstr *d, const char *fmt, ...) +{ + va_list ap; + + va_start(ap, fmt); + a_vformat(d, fmt, &ap); + va_end(ap); +} + /* --- @a_write@, @a_vwrite@ --- * * * Arguments: @admin *a@ = admin connection to write to * @const char *status@ = status code to report * @const char *tag@ = tag string, or null * @const char *fmt@ = pointer to format string - * @va_list ap@ = arguments in list + * @va_list *ap@ = arguments in list * @...@ = other arguments * * Returns: --- @@ -309,7 +350,7 @@ static void a_vformat(dstr *d, const char *fmt, va_list ap) */ static void a_vwrite(admin *a, const char *status, const char *tag, - const char *fmt, va_list ap) + const char *fmt, va_list *ap) { dstr d = DSTR_INIT; @@ -328,11 +369,11 @@ static void a_write(admin *a, const char *status, const char *tag, va_list ap; va_start(ap, fmt); - a_vwrite(a, status, tag, fmt, ap); + a_vwrite(a, status, tag, fmt, &ap); va_end(ap); } -/* --- @a_ok@, @a_info@, @a_fail@ --- * +/* --- @a_ok@, @a_fail@ --- * * * Arguments: @admin *a@ = connection * @const char *fmt@ = format string @@ -345,21 +386,32 @@ static void a_write(admin *a, const char *status, const char *tag, static void a_ok(admin *a) { a_write(a, "OK", 0, A_END); } -static void a_info(admin *a, const char *fmt, ...) +static void a_fail(admin *a, const char *fmt, ...) { va_list ap; va_start(ap, fmt); - a_vwrite(a, "INFO", 0, fmt, ap); + a_vwrite(a, "FAIL", 0, fmt, &ap); va_end(ap); } -static void a_fail(admin *a, const char *fmt, ...) +/* --- @a_info@ --- * + * + * Arguments: @admin *a@ = connection + * @const char *fmt@ = format string + * @...@ = other arguments + * + * Returns: --- + * + * Use: Report information to an admin client. + */ + +void a_info(admin *a, const char *fmt, ...) { va_list ap; va_start(ap, fmt); - a_vwrite(a, "FAIL", 0, fmt, ap); + a_vwrite(a, "INFO", 0, fmt, &ap); va_end(ap); } @@ -370,7 +422,7 @@ static void a_fail(admin *a, const char *fmt, ...) * @const char *fmt@ = pointer to format string * @const char *p@ = pointer to raw string * @size_t sz@ = size of raw string - * @va_list ap@ = arguments in list + * @va_list *ap@ = arguments in list * @...@ = other arguments * * Returns: --- @@ -404,7 +456,7 @@ static void a_rawalert(unsigned f_and, unsigned f_eq, const char *status, } static void a_valert(unsigned f_and, unsigned f_eq, const char *status, - const char *fmt, va_list ap) + const char *fmt, va_list *ap) { dstr d = DSTR_INIT; @@ -421,7 +473,7 @@ static void a_alert(unsigned f_and, unsigned f_eq, const char *status, va_list ap; va_start(ap, fmt); - a_valert(f_and, f_eq, status, fmt, ap); + a_valert(f_and, f_eq, status, fmt, &ap); va_end(ap); } @@ -441,11 +493,11 @@ void a_warn(const char *fmt, ...) va_start(ap, fmt); if (flags & F_INIT) - a_valert(0, 0, "WARN", fmt, ap); + a_valert(0, 0, "WARN", fmt, &ap); else { dstr d = DSTR_INIT; fprintf(stderr, "%s: ", QUIS); - a_vformat(&d, fmt, ap); + a_vformat(&d, fmt, &ap); dstr_putc(&d, '\n'); dstr_write(&d, stderr); dstr_destroy(&d); @@ -485,7 +537,7 @@ void a_notify(const char *fmt, ...) va_list ap; va_start(ap, fmt); - a_valert(AF_NOTE, AF_NOTE, "NOTE", fmt, ap); + a_valert(AF_NOTE, AF_NOTE, "NOTE", fmt, &ap); va_end(ap); } @@ -503,6 +555,7 @@ void a_quit(void) close(sock.fd); unlink(sockname); FOREACH_PEER(p, { p_destroy(p); }); + ps_quit(); exit(0); } @@ -654,7 +707,7 @@ static void a_bginfo(admin_bgop *bg, const char *fmt, ...) { va_list ap; va_start(ap, fmt); - a_vwrite(bg->a, "INFO", bg->tag, fmt, ap); + a_vwrite(bg->a, "INFO", bg->tag, fmt, &ap); va_end(ap); } @@ -662,7 +715,7 @@ static void a_bgfail(admin_bgop *bg, const char *fmt, ...) { va_list ap; va_start(ap, fmt); - a_vwrite(bg->a, "FAIL", bg->tag, fmt, ap); + a_vwrite(bg->a, "FAIL", bg->tag, fmt, &ap); va_end(ap); } @@ -971,7 +1024,7 @@ static void a_resolved(struct hostent *h, void *v) admin_resop *r = v; T( trace(T_ADMIN, "admin: resop %s resolved", BGTAG(r)); ) - TIMER; + QUICKRAND; if (!h) { a_bgfail(&r->bg, "resolve-error", "%s", r->addr, A_END); r->func(r, ARES_FAIL); @@ -1062,7 +1115,7 @@ static void a_resolve(admin *a, admin_resop *r, const char *tag, r->sa.sin.sin_family = AF_INET; r->sasz = sizeof(r->sa.sin); r->addr = xstrdup(av[i]); - if (!av[i + i]) + if (!av[i + 1]) pt = TRIPE_PORT; else { pt = strtoul(av[i + 1], &p, 0); @@ -1185,6 +1238,7 @@ static void a_doadd(admin_resop *r, int rc) a_bgok(&add->r.bg); } + if (add->peer.tag) xfree(add->peer.tag); xfree(add->peer.name); } @@ -1208,9 +1262,11 @@ static void acmd_add(admin *a, unsigned ac, char *av[]) add = xmalloc(sizeof(*add)); add->peer.name = 0; + add->peer.tag = 0; + add->peer.privtag = 0; add->peer.t_ka = 0; add->peer.tops = tun_default; - add->peer.kxf = 0; + add->peer.f = 0; /* --- Parse options --- */ @@ -1230,7 +1286,18 @@ static void acmd_add(admin *a, unsigned ac, char *av[]) } }) OPTTIME("-keepalive", t, { add->peer.t_ka = t; }) - OPT("-cork", { add->peer.kxf |= KXF_CORK; }) + OPT("-cork", { add->peer.f |= KXF_CORK; }) + OPTARG("-key", arg, { + if (add->peer.tag) + xfree(add->peer.tag); + add->peer.tag = xstrdup(arg); + }) + OPT("-mobile", { add->peer.f |= PSF_MOBILE; }) + OPTARG("-priv", arg, { + if (add->peer.privtag) + xfree(add->peer.privtag); + add->peer.privtag = xstrdup(arg); + }) }); /* --- Make sure someone's not got there already --- */ @@ -1255,6 +1322,8 @@ bad_syntax: a_fail(a, "bad-syntax", "add", "[OPTIONS] PEER ADDR ...", A_END); fail: if (add->peer.name) xfree(add->peer.name); + if (add->peer.tag) xfree(add->peer.tag); + if (add->peer.privtag) xfree(add->peer.privtag); xfree(add); return; } @@ -1646,6 +1715,41 @@ static void acmd_bgcancel(admin *a, unsigned ac, char *av[]) } } +static void acmd_algs(admin *a, unsigned ac, char *av[]) +{ + peer *p; + const kdata *kd; + const dhgrp *g; + const algswitch *algs; + + if (!ac) + kd = master; + else { + if ((p = a_findpeer(a, av[0])) == 0) return; + kd = p->kx.kpriv; + } + g = kd->grp; + algs = &kd->algs; + + g->ops->grpinfo(g, a); + a_info(a, + "hash=%s", algs->h->name, + "mgf=%s", algs->mgf->name, + "hash-sz=%lu", (unsigned long)algs->h->hashsz, + A_END); + a_info(a, + "bulk-transform=%s", algs->bulk->ops->name, + "bulk-overhead=%lu", + (unsigned long)algs->bulk->ops->overhead(algs->bulk), + A_END); + algs->bulk->ops->alginfo(algs->bulk, a); + a_info(a, + "cipher-data-limit=%lu", + (unsigned long)algs->bulk->ops->expsz(algs->bulk), + A_END); + a_ok(a); +} + static void acmd_list(admin *a, unsigned ac, char *av[]) { FOREACH_PEER(p, { a_info(a, "%s", p_name(p), A_END); }); @@ -1733,10 +1837,16 @@ static void acmd_peerinfo(admin *a, unsigned ac, char *av[]) { peer *p; const peerspec *ps; + const char *ptag; if ((p = a_findpeer(a, av[0])) != 0) { ps = p_spec(p); a_info(a, "tunnel=%s", ps->tops->name, A_END); + a_info(a, "key=%s", p_tag(p), + "current-key=%s", p->kx.kpub->tag, A_END); + if ((ptag = p_privtag(p)) == 0) ptag = "(default)"; + a_info(a, "private-key=%s", ptag, + "current-private-key=%s", p->kx.kpriv->tag, A_END); a_info(a, "keepalive=%lu", ps->t_ka, A_END); a_ok(a); } @@ -1846,6 +1956,7 @@ static void acmd_help(admin */*a*/, unsigned /*ac*/, char */*av*/[]); static const acmd acmdtab[] = { { "add", "[OPTIONS] PEER ADDR ...", 2, 0xffff, acmd_add }, { "addr", "PEER", 1, 1, acmd_addr }, + { "algs", "[PEER]", 0, 1, acmd_algs }, { "bgcancel", "TAG", 1, 1, acmd_bgcancel }, { "checkchal", "CHAL", 1, 1, acmd_checkchal }, { "daemon", 0, 0, 0, acmd_daemon }, @@ -1913,61 +2024,66 @@ static void acmd_help(admin *a, unsigned ac, char *av[]) static void a_destroypending(void) { - admin *a, *aa; + admin *a, *aa, *head; admin_bgop *bg, *bbg; admin_service *svc, *ssvc; - /* --- Destroy connections marked as pending --- */ + /* --- Destroy connections marked as pending --- * + * + * Slightly messy. Killing clients may cause others to finally die. Make + * sure that they can be put on the list without clobbering anything or + * getting lost. + */ - for (a = a_dead; a; a = aa) { - aa = a->next; - assert(a->f & AF_DEAD); + while (a_dead) { + head = a_dead; + a_dead = 0; + for (a = head; a; a = aa) { + aa = a->next; + assert(a->f & AF_DEAD); - /* --- Report what we're doing --- */ + /* --- Report what we're doing --- */ - T( trace(T_ADMIN, "admin: completing destruction of connection %u", - a->seq); ) + T( trace(T_ADMIN, "admin: completing destruction of connection %u", + a->seq); ) - /* --- If this is the foreground client then shut down --- */ + /* --- If this is the foreground client then shut down --- */ - if (a->f & AF_FOREGROUND) { - T( trace(T_ADMIN, "admin: foreground client quit: shutting down"); ) - a_warn("SERVER", "quit", "foreground-eof", A_END); - a_quit(); - } + if (a->f & AF_FOREGROUND) { + T( trace(T_ADMIN, "admin: foreground client quit: shutting down"); ) + a_warn("SERVER", "quit", "foreground-eof", A_END); + a_quit(); + } - /* --- Abort any background jobs in progress --- */ + /* --- Abort any background jobs in progress --- */ - for (bg = a->bg; bg; bg = bbg) { - bbg = bg->next; - bg->cancel(bg); - if (bg->tag) xfree(bg->tag); - xfree(bg); - } + for (bg = a->bg; bg; bg = bbg) { + bbg = bg->next; + bg->cancel(bg); + if (bg->tag) xfree(bg->tag); + xfree(bg); + } - /* --- Release services I hold, and abort pending jobs --- */ + /* --- Release services I hold, and abort pending jobs --- */ - for (svc = a->svcs; svc; svc = ssvc) { - ssvc = svc->next; - a_svcrelease(svc); - } - a_jobtablefinal(&a->j); + for (svc = a->svcs; svc; svc = ssvc) { + ssvc = svc->next; + a_svcrelease(svc); + } + a_jobtablefinal(&a->j); - /* --- Close file descriptors and selectory --- */ + /* --- Close file descriptors and selectory --- */ - selbuf_destroy(&a->b); - if (a->b.reader.fd != a->w.fd) close(a->b.reader.fd); - close(a->w.fd); - if (a_stdin == a) a_stdin = 0; + selbuf_destroy(&a->b); + if (a->b.reader.fd != a->w.fd) close(a->b.reader.fd); + close(a->w.fd); + if (a_stdin == a) a_stdin = 0; - /* --- Done --- */ + /* --- Done --- */ - DESTROY(a); + DESTROY(a); + } } - - /* --- All pending destruction completed --- */ - - a_dead = 0; } /* --- @a_destroy@ --- * @@ -2025,10 +2141,10 @@ static void a_line(char *p, size_t len, void *vp) { admin *a = vp; const acmd *c; - char *av[16]; + char *av[16 + 1]; size_t ac; - TIMER; + QUICKRAND; if (a->f & AF_DEAD) return; if (!p) { @@ -2040,9 +2156,10 @@ static void a_line(char *p, size_t len, void *vp) } return; } - ac = str_qsplit(p, av, 16, 0, STRF_QUOTE); + ac = str_qsplit(p, av, N(av) - 1, 0, STRF_QUOTE); if (!ac) return; + av[ac] = 0; for (c = acmdtab; c->name; c++) { if (mystrieq(av[0], c->name)) { ac--; @@ -2109,7 +2226,7 @@ static void a_accept(int fd, unsigned mode, void *v) { int nfd; struct sockaddr_un sun; - size_t sz = sizeof(sun); + socklen_t sz = sizeof(sun); if ((nfd = accept(fd, (struct sockaddr *)&sun, &sz)) < 0) { if (errno != EINTR && errno != EAGAIN && errno != EWOULDBLOCK && @@ -2147,19 +2264,23 @@ void a_daemon(void) { flags |= F_DAEMON; } /* --- @a_init@ --- * * * Arguments: @const char *name@ = socket name to create + * @uid_t u@ = user to own the socket + * @gid_t g@ = group to own the socket + * @mode_t m@ = permissions to set on the socket * * Returns: --- * * Use: Creates the admin listening socket. */ -void a_init(const char *name) +void a_init(const char *name, uid_t u, gid_t g, mode_t m) { int fd; int n = 5; struct sockaddr_un sun; struct sigaction sa; size_t sz; + mode_t omask; /* --- Create services table --- */ @@ -2177,7 +2298,7 @@ void a_init(const char *name) /* --- Attempt to bind to the socket --- */ - umask(0077); + omask = umask(0077); again: if ((fd = socket(PF_UNIX, SOCK_STREAM, 0)) < 0) die(EXIT_FAILURE, "couldn't create socket: %s", strerror(errno)); @@ -2208,7 +2329,15 @@ again: close(fd); goto again; } - chmod(sun.sun_path, 0600); + if (chown(sun.sun_path, u, g)) { + die(EXIT_FAILURE, "failed to set socket owner: %s", + strerror(errno)); + } + if (chmod(sun.sun_path, m)) { + die(EXIT_FAILURE, "failed to set socket permissions: %s", + strerror(errno)); + } + umask(omask); fdflags(fd, O_NONBLOCK, O_NONBLOCK, FD_CLOEXEC, FD_CLOEXEC); if (listen(fd, 5)) die(EXIT_FAILURE, "couldn't listen on socket: %s", strerror(errno));