X-Git-Url: https://www.chiark.greenend.org.uk/ucgi/~mdw/git/tripe/blobdiff_plain/de014da64011b21929158b746803d69cbfb05ee6..042d5c20a1c42002b35aa13c7a44dfb4a94d2e65:/admin.c diff --git a/admin.c b/admin.c index 92ea0a64..80d21af6 100644 --- a/admin.c +++ b/admin.c @@ -38,11 +38,12 @@ const trace_opt tr_opts[] = { { 't', T_TUNNEL, "tunnel events" }, { 'r', T_PEER, "peer events" }, { 'a', T_ADMIN, "admin interface" }, - { 'p', T_PACKET, "packet contents" }, - { 'c', T_CRYPTO, "crypto details" }, { 's', T_KEYSET, "symmetric keyset management" }, { 'x', T_KEYEXCH, "key exchange" }, { 'm', T_KEYMGMT, "key management" }, + { 'l', T_CHAL, "challenge management" }, + { 'p', T_PACKET, "packet contents" }, + { 'c', T_CRYPTO, "crypto details" }, { 'A', T_ALL, "all of the above" }, { 0, 0, 0 } }; @@ -77,6 +78,8 @@ static void a_destroy(admin */*a*/); static void a_lock(admin */*a*/); static void a_unlock(admin */*a*/); +#define BOOL(x) ((x) ? "t" : "nil") + /*----- Output functions --------------------------------------------------*/ /* --- @trywrite@ --- * @@ -109,7 +112,7 @@ again: goto again; if (errno != EAGAIN && errno != EWOULDBLOCK) { a_destroy(a); - a_warn("ADMIN client-read-error -- %s", strerror(errno)); + a_warn("ADMIN", "client-write-error", "?ERRNO", A_END); return (-1); } } @@ -228,6 +231,95 @@ static void a_flush(int fd, unsigned mode, void *v) /*----- Utility functions -------------------------------------------------*/ +/* --- @quotify@ --- * + * + * Arguments: @dstr *d@ = where to write the answer + * @const char *p@ = string to quotify + * + * Returns: --- + * + * Use: Quotes the given string if necessary, according to our + * quoting rules. + */ + +static void quotify(dstr *d, const char *p) +{ + if (d->len) + dstr_putc(d, ' '); + if (*p && !p[strcspn(p, "\"' \t\n\v")]) + dstr_puts(d, p); + else { + dstr_putc(d, '\"'); + while (*p) { + if (*p == '\\' || *p == '\"') + dstr_putc(d, '\\'); + dstr_putc(d, *p++); + } + dstr_putc(d, '\"'); + } +} + +/* --- @a_vformat@ --- * + * + * Arguments: @dstr *d@ = where to leave the formatted message + * @const char *fmt@ = pointer to format string + * @va_list ap@ = arguments in list + * + * Returns: --- + * + * Use: Main message token formatting driver. + */ + +static void a_vformat(dstr *d, const char *fmt, va_list ap) +{ + dstr dd = DSTR_INIT; + + while (fmt) { + if (*fmt == '*') { + dstr_putc(d, ' '); + dstr_vputf(d, fmt + 1, &ap); + } else if (*fmt == '?') { + if (strcmp(fmt, "?ADDR") == 0) { + const addr *a = va_arg(ap, const addr *); + switch (a->sa.sa_family) { + case AF_INET: + quotify(d, "INET"); + quotify(d, inet_ntoa(a->sin.sin_addr)); + dstr_putf(d, " %u", (unsigned)ntohs(a->sin.sin_port)); + break; + default: + abort(); + } + } else if (strcmp(fmt, "?B64") == 0) { + const octet *p = va_arg(ap, const octet *); + size_t n = va_arg(ap, size_t); + base64_ctx b64; + dstr_putc(d, ' '); + base64_init(&b64); + b64.indent = ""; + b64.maxline = 0; + base64_encode(&b64, p, n, d); + base64_encode(&b64, 0, 0, d); + while (d->len && d->buf[d->len - 1] == '=') d->len--; + } else if (strcmp(fmt, "?PEER") == 0) + quotify(d, p_name(va_arg(ap, peer *))); + else if (strcmp(fmt, "?ERRNO") == 0) { + dstr_putf(d, " E%d", errno); + quotify(d, strerror(errno)); + } else + abort(); + } else { + if (*fmt == '!') fmt++; + DRESET(&dd); + dstr_vputf(&dd, fmt, &ap); + quotify(d, dd.buf); + } + fmt = va_arg(ap, const char *); + } + + dstr_destroy(&dd); +} + /* --- @a_write@, @a_vwrite@ --- * * * Arguments: @admin *a@ = admin connection to write to @@ -246,17 +338,10 @@ static void a_vwrite(admin *a, const char *status, const char *tag, const char *fmt, va_list ap) { dstr d = DSTR_INIT; - if (tag) dstr_puts(&d, "BG"); dstr_puts(&d, status); - if (tag) { - dstr_putc(&d, ' '); - dstr_puts(&d, tag); - } - if (fmt) { - dstr_putc(&d, ' '); - dstr_vputf(&d, fmt, &ap); - } + if (tag) quotify(&d, tag); + a_vformat(&d, fmt, ap); dstr_putc(&d, '\n'); dosend(a, d.buf, d.len); dstr_destroy(&d); @@ -282,7 +367,7 @@ static void a_write(admin *a, const char *status, const char *tag, * Use: Convenience functions for @a_write@. */ -static void a_ok(admin *a) { a_write(a, "OK", 0, 0); } +static void a_ok(admin *a) { a_write(a, "OK", 0, A_END); } static void a_info(admin *a, const char *fmt, ...) { @@ -347,8 +432,7 @@ static void a_valert(unsigned f_and, unsigned f_eq, const char *tag, if (!(flags & F_INIT)) return; - if (fmt) - dstr_vputf(&d, fmt, &ap); + a_vformat(&d, fmt, ap); a_rawalert(f_and, f_eq, tag, fmt ? d.buf : 0, fmt ? d.len : 0); dstr_destroy(&d); } @@ -382,9 +466,12 @@ void a_warn(const char *fmt, ...) if (flags & F_INIT) a_valert(0, 0, "WARN", fmt, ap); else { + dstr d = DSTR_INIT; fprintf(stderr, "%s: ", QUIS); - vfprintf(stderr, fmt, ap); - fputc('\n', stderr); + a_vformat(&d, fmt, ap); + dstr_putc(&d, '\n'); + dstr_write(&d, stderr); + dstr_destroy(&d); } va_end(ap); } @@ -468,7 +555,7 @@ static void a_sigdie(int sig, void *v) p = buf; break; } - a_warn("SERVER quit signal %s", p); + a_warn("SERVER", "quit", "signal", "%s", p, A_END); a_quit(); } @@ -484,7 +571,7 @@ static void a_sigdie(int sig, void *v) static void a_sighup(int sig, void *v) { - a_warn("SERVER ignore signal SIGHUP"); + a_warn("SERVER", "ignore", "signal", "SIGHUP", A_END); } /* --- @a_parsetime@ --- * @@ -510,8 +597,30 @@ static long a_parsetime(const char *p) return (t); } +/* --- @a_findpeer@ --- * + * + * Arguments: @admin *a@ = admin connection + * @const char *pn@ = peer name + * + * Returns: The peer, or null if not there. + * + * Use: Finds a peer, reporting an error if it failed. + */ + +static peer *a_findpeer(admin *a, const char *pn) +{ + peer *p; + + if ((p = p_find(pn)) == 0) + a_fail(a, "unknown-peer", "%s", pn, A_END); + return (p); +} + /*----- Backgrounded operations -------------------------------------------*/ +#define BGTAG(bg) \ + (((admin_bgop *)(bg))->tag ? ((admin_bgop *)(bg))->tag : "") + /* --- @a_bgrelease@ --- * * * Arguments: @admin_bgop *bg@ = backgrounded operation @@ -526,19 +635,15 @@ static void a_bgrelease(admin_bgop *bg) { admin *a = bg->a; - if (bg->tag) - xfree(bg->tag); - else - selbuf_enable(&a->b); - if (bg->next) - bg->next->prev = bg->prev; - if (bg->prev) - bg->prev->next = bg->next; - else - a->bg = bg->next; + T( trace(T_ADMIN, "admin: release bgop %s", BGTAG(bg)); ) + if (bg->tag) xfree(bg->tag); + else selbuf_enable(&a->b); + if (bg->next) bg->next->prev = bg->prev; + if (bg->prev) bg->prev->next = bg->next; + else a->bg = bg->next; xfree(bg); - if (a->f & AF_CLOSE) - a_destroy(a); + if (a->f & AF_CLOSE) a_destroy(a); + a_unlock(a); } /* --- @a_bgok@, @a_bginfo@, @a_bgfail@ --- * @@ -553,7 +658,7 @@ static void a_bgrelease(admin_bgop *bg) */ static void a_bgok(admin_bgop *bg) - { a_write(bg->a, "OK", bg->tag, 0); } + { a_write(bg->a, "OK", bg->tag, A_END); } static void a_bginfo(admin_bgop *bg, const char *fmt, ...) { @@ -596,114 +701,199 @@ static void a_bgadd(admin *a, admin_bgop *bg, const char *tag, bg->cancel = cancel; bg->next = a->bg; bg->prev = 0; + if (a->bg) a->bg->prev = bg; a->bg = bg; - if (tag) a_write(a, "DETACH", tag, 0); + a_lock(a); + T( trace(T_ADMIN, "admin: add bgop %s", BGTAG(bg)); ) + if (tag) a_write(a, "DETACH", tag, A_END); } -/*----- Adding peers ------------------------------------------------------*/ +/*----- Name resolution operations ----------------------------------------*/ -/* --- @a_addfree@ --- * +/* --- @a_resolved@ --- * * - * Arguments: @admin_addop *add@ = operation block + * Arguments: @struct hostent *h@ = pointer to resolved hostname + * @void *v@ = pointer to resolver operation * * Returns: --- * - * Use: Frees an add operation. + * Use: Handles a completed name resolution. */ -static void a_addfree(admin_addop *add) +static void a_resolved(struct hostent *h, void *v) { - if (add->peer.name) xfree(add->peer.name); - if (add->paddr) xfree(add->paddr); -} + admin_resop *r = v; + + T( trace(T_ADMIN, "admin: resop %s resolved", BGTAG(r)); ) + TIMER; + if (!h) { + a_bgfail(&r->bg, "resolve-error", "%s", r->addr, A_END); + r->func(r, ARES_FAIL); + } else { + memcpy(&r->sa.sin.sin_addr, h->h_addr, sizeof(struct in_addr)); + r->func(r, ARES_OK); + } + sel_rmtimer(&r->t); + xfree(r->addr); + a_bgrelease(&r->bg); +} -/* --- @a_addcancel@ --- * +/* --- @a_restimer@ --- * * - * Arguments: @admin_bgop *bg@ = background operation + * Arguments: @struct timeval *tv@ = timer + * @void *v@ = pointer to resolver operation * * Returns: --- * - * Use: Cancels an add operation. + * Use: Times out a resolver. */ -static void a_addcancel(admin_bgop *bg) +static void a_restimer(struct timeval *tv, void *v) { - admin_addop *add = (admin_addop *)bg; - - sel_rmtimer(&add->t); - bres_abort(&add->r); - a_addfree(add); + admin_resop *r = v; + + T( trace(T_ADMIN, "admin: resop %s timeout", BGTAG(r)); ) + a_bgfail(&r->bg, "resolver-timeout", "%s", r->addr, A_END); + r->func(r, ARES_FAIL); + bres_abort(&r->r); + xfree(r->addr); + a_bgrelease(&r->bg); } -/* --- @a_doadd@ --- * +/* --- @a_rescancel@ --- * * - * Arguments: @admin_addop *add@ = operation block + * Arguments: @admin_bgop *bg@ = background operation * * Returns: --- * - * Use: Does the peer add thing. + * Use: Cancels an add operation. */ -static void a_doadd(admin_addop *add) +static void a_rescancel(admin_bgop *bg) { - if (p_find(add->peer.name)) - a_bgfail(&add->bg, "peer-exists %s", add->peer.name); - else if (!p_create(&add->peer)) - a_bgfail(&add->bg, "peer-create-fail %s", add->peer.name); - else - a_bgok(&add->bg); + admin_resop *r = (admin_resop *)bg; + + T( trace(T_ADMIN, "admin: cancel resop %s", BGTAG(r)); ) + r->func(r, ARES_FAIL); + sel_rmtimer(&r->t); + xfree(r->addr); + bres_abort(&r->r); } - -/* --- @a_addresolve@ --- * + +/* --- @a_resolve@ --- * * - * Arguments: @struct hostent *h@ = pointer to resolved hostname - * @void *v@ = pointer to add operation + * Arguments: @admin *a@ = administration connection + * @admin_resop *r@ = resolver operation to run + * @const char *tag@ = background operation tag + * @void (*func)(struct admin_resop *, int@ = handler function + * @unsigned ac@ = number of remaining arguments + * @char *av[]@ = pointer to remaining arguments * * Returns: --- * - * Use: Handles a completed name resolution. + * Use: Cranks up a resolver job. */ -static void a_addresolve(struct hostent *h, void *v) +static void a_resolve(admin *a, admin_resop *r, const char *tag, + void (*func)(struct admin_resop *, int), + unsigned ac, char *av[]) { - admin_addop *add = v; + struct timeval tv; + unsigned long pt; + char *p; + int i = 0; - a_lock(add->bg.a); - T( trace(T_ADMIN, "admin: %u resolved", add->bg.a->seq); ) - TIMER; - if (!h) - a_bgfail(&add->bg, "resolve-error %s", add->paddr); - else { - memcpy(&add->peer.sa.sin.sin_addr, h->h_addr, sizeof(struct in_addr)); - a_doadd(add); + /* --- Fill in the easy bits of address --- */ + + r->addr = 0; + r->func = func; + if (mystrieq(av[i], "inet")) i++; + if (ac - i != 2) { + a_fail(a, "bad-addr-syntax", "[inet] ADDRESS PORT", A_END); + goto fail; } - sel_rmtimer(&add->t); - a_addfree(add); - a_bgrelease(&add->bg); - a_unlock(add->bg.a); + r->sa.sin.sin_family = AF_INET; + r->sasz = sizeof(r->sa.sin); + r->addr = xstrdup(av[i]); + pt = strtoul(av[i + 1], &p, 0); + if (*p) { + struct servent *s = getservbyname(av[i + 1], "udp"); + if (!s) { + a_fail(a, "unknown-service", "%s", av[i + 1], A_END); + goto fail; + } + pt = ntohs(s->s_port); + } + if (pt == 0 || pt >= 65536) { + a_fail(a, "invalid-port", "%lu", pt, A_END); + goto fail; + } + r->sa.sin.sin_port = htons(pt); + + /* --- Report backgrounding --- * + * + * Do this for consistency of interface, even if we're going to get the + * answer straight away. + */ + + a_bgadd(a, &r->bg, tag, a_rescancel); + T( trace(T_ADMIN, "admin: %u, resop %s, hostname `%s'", + a->seq, BGTAG(r), r->addr); ) + + /* --- If the name is numeric, do it the easy way --- */ + + if (inet_aton(av[i], &r->sa.sin.sin_addr)) { + T( trace(T_ADMIN, "admin: resop %s done the easy way", BGTAG(r)); ) + func(r, ARES_OK); + xfree(r->addr); + a_bgrelease(&r->bg); + return; + } + + /* --- Store everything for later and crank up the resolver --- */ + + gettimeofday(&tv, 0); + tv.tv_sec += T_RESOLVE; + sel_addtimer(&sel, &r->t, &tv, a_restimer, r); + bres_byname(&r->r, r->addr, a_resolved, r); + return; + +fail: + func(r, ARES_FAIL); + if (r->addr) xfree(r->addr); + xfree(r); } -/* --- @a_addtimer@ --- * +/*----- Adding peers ------------------------------------------------------*/ + +/* --- @a_doadd@ --- * * - * Arguments: @struct timeval *tv@ = timer - * @void *v@ = pointer to add operation + * Arguments: @admin_resop *r@ = resolver operation + * @int rc@ = how it worked * * Returns: --- * - * Use: Times out a resolver. + * Use: Handles a completed resolution. */ -static void a_addtimer(struct timeval *tv, void *v) +static void a_doadd(admin_resop *r, int rc) { - admin_addop *add = v; - - a_lock(add->bg.a); - T( trace(T_ADMIN, "admin: %u resolver timeout", add->bg.a->seq); ) - a_bgfail(&add->bg, "resolver-timeout %s\n", add->paddr); - bres_abort(&add->r); - a_addfree(add); - a_bgrelease(&add->bg); - a_unlock(add->bg.a); + admin_addop *add = (admin_addop *)r; + + T( trace(T_ADMIN, "admin: done add op %s", BGTAG(add)); ) + + if (rc == ARES_OK) { + add->peer.sasz = add->r.sasz; + add->peer.sa = add->r.sa; + if (p_find(add->peer.name)) + a_bgfail(&add->r.bg, "peer-exists", "%s", add->peer.name, A_END); + else if (!p_create(&add->peer)) + a_bgfail(&add->r.bg, "peer-create-fail", "%s", add->peer.name, A_END); + else + a_bgok(&add->r.bg); + } + + xfree(add->peer.name); } /* --- @acmd_add@ --- * @@ -719,27 +909,23 @@ static void a_addtimer(struct timeval *tv, void *v) static void acmd_add(admin *a, unsigned ac, char *av[]) { - unsigned long pt; - struct timeval tv; unsigned i, j; - char *p; const char *tag = 0; admin_addop *add = 0; - /* --- Make sure someone's not got there already --- */ - - if (p_find(av[0])) { - a_fail(a, "peer-exists %s", av[0]); - goto fail; - } - /* --- Set stuff up --- */ add = xmalloc(sizeof(*add)); add->peer.name = xstrdup(av[0]); add->peer.t_ka = 0; add->peer.tops = tun_default; - add->paddr = 0; + + /* --- Make sure someone's not got there already --- */ + + if (p_find(av[0])) { + a_fail(a, "peer-exists", "%s", av[0], A_END); + goto fail; + } /* --- Parse options --- */ @@ -754,8 +940,8 @@ static void acmd_add(admin *a, unsigned ac, char *av[]) if (!av[++i]) goto bad_syntax; for (j = 0;; j++) { if (!tunnels[j]) { - a_fail(a, "unknown-tunnel %s", av[i]); - return; + a_fail(a, "unknown-tunnel", "%s", av[i], A_END); + goto fail; } if (mystrieq(av[i], tunnels[j]->name)) { add->peer.tops = tunnels[j]; @@ -766,8 +952,8 @@ static void acmd_add(admin *a, unsigned ac, char *av[]) long t; if (!av[++i]) goto bad_syntax; if ((t = a_parsetime(av[i])) < 0) { - a_fail(a, "bad-time-spec %s", av[i]); - return; + a_fail(a, "bad-time-spec", "%s", av[i], A_END); + goto fail; } add->peer.t_ka = t; } else if (mystrieq(av[i], "--")) { @@ -778,65 +964,18 @@ static void acmd_add(admin *a, unsigned ac, char *av[]) i++; } - /* --- Fill in the easy bits of address --- */ + /* --- Crank up the resolver --- */ - if (mystrieq(av[i], "inet")) i++; - if (ac - i != 2) { - a_fail(a, "bad-syntax -- add PEER [OPTIONS] [inet] ADDRESS PORT"); - goto fail; - } - add->peer.sa.sin.sin_family = AF_INET; - add->peer.sasz = sizeof(add->peer.sa.sin); - add->paddr = xstrdup(av[i]); - pt = strtoul(av[i + 1], &p, 0); - if (*p) { - struct servent *s = getservbyname(av[i + 1], "udp"); - if (!s) { - a_fail(a, "unknown-service %s", av[i + 1]); - goto fail; - } - pt = ntohs(s->s_port); - } - if (pt == 0 || pt >= 65536) { - a_fail(a, "invalid-port %lu", pt); - goto fail; - } - add->peer.sa.sin.sin_port = htons(pt); - - /* --- Report backgrounding --- * - * - * Do this for consistency of interface, even if we're going to get the - * answer straight away. - */ - - a_bgadd(a, &add->bg, tag, a_addcancel); - - /* --- If the name is numeric, do it the easy way --- */ - - if (inet_aton(av[i], &add->peer.sa.sin.sin_addr)) { - a_doadd(add); - a_addfree(add); - a_bgrelease(&add->bg); - return; - } - - /* --- Store everything for later and crank up the resolver --- */ - - gettimeofday(&tv, 0); - tv.tv_sec += T_RESOLVE; - sel_addtimer(&sel, &add->t, &tv, a_addtimer, add); - bres_byname(&add->r, add->paddr, a_addresolve, add); - T( trace(T_ADMIN, "admin: %u resolving hostname `%s'", - a->seq, add->paddr); ) + a_resolve(a, &add->r, tag, a_doadd, ac - i, av + i); return; + /* --- Clearing up --- */ + bad_syntax: - a_fail(a, "bad-syntax -- add PEER [OPTIONS] ADDR ..."); + a_fail(a, "bad-syntax", "add", "PEER [OPTIONS] ADDR ...", A_END); fail: - if (add) { - a_addfree(add); - xfree(add); - } + xfree(add->peer.name); + xfree(add); return; } @@ -854,6 +993,7 @@ fail: static void a_pingcancel(admin_bgop *bg) { admin_pingop *pg = (admin_pingop *)bg; + T( trace(T_ADMIN, "admin: cancel ping op %s", BGTAG(pg)); ) p_pingdone(&pg->ping, PING_NONOTIFY); } @@ -873,28 +1013,27 @@ static void a_pong(int rc, void *v) struct timeval tv; double millis; - a_lock(pg->bg.a); switch (rc) { case PING_OK: gettimeofday(&tv, 0); tv_sub(&tv, &tv, &pg->pingtime); millis = (double)tv.tv_sec * 1000 + (double)tv.tv_usec/1000; - a_bginfo(&pg->bg, "ping-ok %.1f", millis); + a_bginfo(&pg->bg, "ping-ok", "%.1f", millis, A_END); a_bgok(&pg->bg); break; case PING_TIMEOUT: - a_bginfo(&pg->bg, "ping-timeout"); + a_bginfo(&pg->bg, "ping-timeout", A_END); a_bgok(&pg->bg); break; case PING_PEERDIED: - a_bginfo(&pg->bg, "ping-peer-died"); + a_bginfo(&pg->bg, "ping-peer-died", A_END); a_bgok(&pg->bg); break; default: abort(); } + T( trace(T_ADMIN, "admin: ponged ping op %s", BGTAG(pg)); ) a_bgrelease(&pg->bg); - a_unlock(pg->bg.a); } /* --- @acmd_ping@, @acmd_eping@ --- * @@ -927,7 +1066,7 @@ static void a_ping(admin *a, unsigned ac, char *av[], } else if (mystrieq(av[i], "-timeout")) { if (!av[++i]) goto bad_syntax; if ((t = a_parsetime(av[i])) < 0) { - a_fail(a, "bad-time-spec %s", av[i]); + a_fail(a, "bad-time-spec", "%s", av[i], A_END); return; } } else if (mystrieq(av[i], "--")) { @@ -939,21 +1078,21 @@ static void a_ping(admin *a, unsigned ac, char *av[], } if (!av[i]) goto bad_syntax; - if ((p = p_find(av[i])) == 0) { - a_fail(a, "unknown-peer %s", av[i]); + if ((p = a_findpeer(a, av[i])) == 0) return; - } pg = xmalloc(sizeof(*pg)); gettimeofday(&pg->pingtime, 0); a_bgadd(a, &pg->bg, tag, a_pingcancel); + T( trace(T_ADMIN, "admin: ping op %s: %s to %s", + BGTAG(pg), cmd, p_name(p)); ) if (p_pingsend(p, &pg->ping, msg, t, a_pong, pg)) { - a_bgfail(&pg->bg, "ping-send-failed"); + a_bgfail(&pg->bg, "ping-send-failed", A_END); a_bgrelease(&pg->bg); } return; bad_syntax: - a_fail(a, "bad-syntax -- %s [OPTIONS] PEER", cmd); + a_fail(a, "bad-syntax", "%s", cmd, "[OPTIONS] PEER", cmd, A_END); return; } @@ -987,10 +1126,9 @@ static int traceish(admin *a, unsigned ac, char *av[], if (!ac || strcmp(av[0], "?") == 0) { const trace_opt *t; - a_info(a, "Current %s status:", what); for (t = tt; t->ch; t++) { - a_info(a, "%c %c %s", - t->ch, (*ff & t->f) == t->f ? '*' : ' ', t->help); + a_info(a, "*%c%c %s", + t->ch, (*ff & t->f) == t->f ? '+' : ' ', t->help, A_END); } } else { unsigned sense = 1; @@ -1010,7 +1148,7 @@ static int traceish(admin *a, unsigned ac, char *av[], goto tropt_ok; } } - a_fail(a, "bad-%s-option %c", what, *p); + a_fail(a, "bad-%s-option", what, "%c", *p, A_END); return (0); tropt_ok:; break; @@ -1039,23 +1177,6 @@ static void acmd_watch(admin *a, unsigned ac, char *av[]) traceish(a, ac, av, "watch", w_opts, &a->f); } -static void quotify(dstr *d, const char *p) -{ - if (d->len) - dstr_putc(d, ' '); - if (*p && !p[strcspn(p, "\"' \t\n\v")]) - dstr_puts(d, p); - else { - dstr_putc(d, '\"'); - while (*p) { - if (*p == '\\' || *p == '\"') - dstr_putc(d, '\\'); - dstr_putc(d, *p++); - } - dstr_putc(d, '\"'); - } -} - static void alertcmd(admin *a, unsigned f_and, unsigned f_eq, const char *tag, unsigned ac, char *av[]) { @@ -1078,20 +1199,20 @@ static void acmd_warn(admin *a, unsigned ac, char *av[]) static void acmd_port(admin *a, unsigned ac, char *av[]) { - a_info(a, "%u", p_port()); + a_info(a, "%u", p_port(), A_END); a_ok(a); } static void acmd_daemon(admin *a, unsigned ac, char *av[]) { if (flags & F_DAEMON) - a_fail(a, "already-daemon"); + a_fail(a, "already-daemon", A_END); else { - a_notify("DAEMON"); + a_notify("DAEMON", A_END); if (a_stdin) a_destroy(a_stdin); if (u_daemon()) - a_fail(a, "daemon-error -- %s", strerror(errno)); + a_fail(a, "daemon-error", "?ERRNO", A_END); else { flags |= F_DAEMON; a_ok(a); @@ -1103,7 +1224,7 @@ static void acmd_list(admin *a, unsigned ac, char *av[]) { peer *p; for (p = p_first(); p; p = p_next(p)) - a_info(a, "%s", p_name(p)); + a_info(a, "%s", p_name(p), A_END); a_ok(a); } @@ -1111,10 +1232,51 @@ static void acmd_ifname(admin *a, unsigned ac, char *av[]) { peer *p; - if ((p = p_find(av[0])) == 0) - a_fail(a, "unknown-peer %s", av[0]); - else { - a_info(a, "%s", p_ifname(p)); + if ((p = a_findpeer(a, av[0])) != 0) { + a_info(a, "%s", p_ifname(p), A_END); + a_ok(a); + } +} + +static void acmd_getchal(admin *a, unsigned ac, char *av[]) +{ + buf b; + + buf_init(&b, buf_i, PKBUFSZ); + c_new(&b); + a_info(a, "?B64", BBASE(&b), (size_t)BLEN(&b), A_END); + a_ok(a); +} + +static void acmd_checkchal(admin *a, unsigned ac, char *av[]) +{ + base64_ctx b64; + buf b; + dstr d = DSTR_INIT; + + base64_init(&b64); + base64_decode(&b64, av[0], strlen(av[0]), &d); + base64_decode(&b64, 0, 0, &d); + buf_init(&b, d.buf, d.len); + if (c_check(&b) || BBAD(&b) || BLEFT(&b)) + a_fail(a, "invalid-challenge", A_END); + else + a_ok(a); + dstr_destroy(&d); +} + +static void acmd_greet(admin *a, unsigned ac, char *av[]) +{ + peer *p; + base64_ctx b64; + dstr d = DSTR_INIT; + + if ((p = a_findpeer(a, av[0])) != 0) { + base64_init(&b64); + base64_decode(&b64, av[1], strlen(av[1]), &d); + base64_decode(&b64, 0, 0, &d); + p_greet(p, d.buf, d.len); + dstr_destroy(&d); a_ok(a); } } @@ -1124,52 +1286,66 @@ static void acmd_addr(admin *a, unsigned ac, char *av[]) peer *p; const addr *ad; - if ((p = p_find(av[0])) == 0) - a_fail(a, "unknown-peer %s", av[0]); - else { + if ((p = a_findpeer(a, av[0])) != 0) { ad = p_addr(p); assert(ad->sa.sa_family == AF_INET); - a_info(a, "INET %s %u", - inet_ntoa(ad->sin.sin_addr), - (unsigned)ntohs(ad->sin.sin_port)); + a_info(a, "?ADDR", ad, A_END); a_ok(a); } } -static void acmd_stats(admin *a, unsigned ac, char *av[]) +static void acmd_peerinfo(admin *a, unsigned ac, char *av[]) { peer *p; - stats *st; + const peerspec *ps; - if ((p = p_find(av[0])) == 0) - a_fail(a, "unknown-peer %s", av[0]); - else { - st = p_stats(p); - a_info(a, "start-time=%s", timestr(st->t_start)); - a_info(a, "last-packet-time=%s", timestr(st->t_last)); - a_info(a, "last-keyexch-time=%s", timestr(st->t_kx)); - a_info(a, "packets-in=%lu bytes-in=%lu", st->n_in, st->sz_in); - a_info(a, "packets-out=%lu bytes-out=%lu", - st->n_out, st->sz_out); - a_info(a, "keyexch-packets-in=%lu keyexch-bytes-in=%lu", - st->n_kxin, st->sz_kxin); - a_info(a, "keyexch-packets-out=%lu keyexch-bytes-out=%lu", - st->n_kxout, st->sz_kxout); - a_info(a, "ip-packets-in=%lu ip-bytes-in=%lu", - st->n_ipin, st->sz_ipin); - a_info(a, "ip-packets-out=%lu ip-bytes-out=%lu", - st->n_ipout, st->sz_ipout); - a_info(a, "rejected-packets=%lu", st->n_reject); + if ((p = a_findpeer(a, av[0])) != 0) { + ps = p_spec(p); + a_info(a, "tunnel=%s", ps->tops->name, A_END); + a_info(a, "keepalive=%lu", ps->t_ka, A_END); a_ok(a); } } +static void acmd_servinfo(admin *a, unsigned ac, char *av[]) +{ + a_info(a, "implementation=edgeware-tripe", A_END); + a_info(a, "version=%s", VERSION, A_END); + a_info(a, "daemon=%s", BOOL(flags & F_DAEMON), A_END); + a_ok(a); +} + +static void acmd_stats(admin *a, unsigned ac, char *av[]) +{ + peer *p; + stats *st; + + if ((p = a_findpeer(a, av[0])) == 0) + return; + + st = p_stats(p); + a_info(a, "start-time=%s", timestr(st->t_start), A_END); + a_info(a, "last-packet-time=%s", timestr(st->t_last), A_END); + a_info(a, "last-keyexch-time=%s", timestr(st->t_kx), A_END); + a_info(a, "packets-in=%lu bytes-in=%lu", st->n_in, st->sz_in, A_END); + a_info(a, "packets-out=%lu bytes-out=%lu", + st->n_out, st->sz_out, A_END); + a_info(a, "keyexch-packets-in=%lu keyexch-bytes-in=%lu", + st->n_kxin, st->sz_kxin, A_END); + a_info(a, "keyexch-packets-out=%lu keyexch-bytes-out=%lu", + st->n_kxout, st->sz_kxout, A_END); + a_info(a, "ip-packets-in=%lu ip-bytes-in=%lu", + st->n_ipin, st->sz_ipin, A_END); + a_info(a, "ip-packets-out=%lu ip-bytes-out=%lu", + st->n_ipout, st->sz_ipout, A_END); + a_info(a, "rejected-packets=%lu", st->n_reject, A_END); + a_ok(a); +} + static void acmd_kill(admin *a, unsigned ac, char *av[]) { peer *p; - if ((p = p_find(av[0])) == 0) - a_fail(a, "unknown-peer %s", av[0]); - else { + if ((p = a_findpeer(a, av[0])) != 0) { p_destroy(p); a_ok(a); } @@ -1178,9 +1354,7 @@ static void acmd_kill(admin *a, unsigned ac, char *av[]) static void acmd_forcekx(admin *a, unsigned ac, char *av[]) { peer *p; - if ((p = p_find(av[0])) == 0) - a_fail(a, "unknown-peer %s", av[0]); - else { + if ((p = a_findpeer(a, av[0])) != 0) { kx_start(&p->kx, 1); a_ok(a); } @@ -1191,7 +1365,7 @@ static void acmd_reload(admin *a, unsigned ac, char *av[]) static void acmd_quit(admin *a, unsigned ac, char *av[]) { - a_warn("SERVER quit admin-request"); + a_warn("SERVER", "quit", "admin-request", A_END); a_ok(a); a_unlock(a); a_quit(); @@ -1199,7 +1373,7 @@ static void acmd_quit(admin *a, unsigned ac, char *av[]) static void acmd_version(admin *a, unsigned ac, char *av[]) { - a_info(a, "%s %s", PACKAGE, VERSION); + a_info(a, "%s", PACKAGE, "%s", VERSION, A_END); a_ok(a); } @@ -1207,7 +1381,7 @@ static void acmd_tunnels(admin *a, unsigned ac, char *av[]) { int i; for (i = 0; tunnels[i]; i++) - a_info(a, "%s", tunnels[i]->name); + a_info(a, "%s", tunnels[i]->name, A_END); a_ok(a); } @@ -1223,37 +1397,45 @@ typedef struct acmd { static void acmd_help(admin */*a*/, unsigned /*ac*/, char */*av*/[]); static const acmd acmdtab[] = { - { "add", "add PEER [OPTIONS] ADDR ...", - 2, 0xffff, acmd_add }, - { "addr", "addr PEER", 1, 1, acmd_addr }, - { "daemon", "daemon", 0, 0, acmd_daemon }, - { "eping", "eping [OPTIONS] PEER", 1, 0xffff, acmd_eping }, - { "forcekx", "forcekx PEER", 1, 1, acmd_forcekx }, - { "help", "help", 0, 0, acmd_help }, - { "ifname", "ifname PEER", 1, 1, acmd_ifname }, - { "kill", "kill PEER", 1, 1, acmd_kill }, - { "list", "list", 0, 0, acmd_list }, - { "notify", "notify MESSAGE ...", 1, 0xffff, acmd_notify }, - { "ping", "ping [OPTIONS] PEER", 1, 0xffff, acmd_ping }, - { "port", "port", 0, 0, acmd_port }, - { "quit", "quit", 0, 0, acmd_quit }, - { "reload", "reload", 0, 0, acmd_reload }, - { "stats", "stats PEER", 1, 1, acmd_stats }, + { "add", "PEER [OPTIONS] ADDR ...", 2, 0xffff, acmd_add }, + { "addr", "PEER", 1, 1, acmd_addr }, + { "checkchal", "CHAL", 1, 1, acmd_checkchal }, + { "daemon", 0, 0, 0, acmd_daemon }, + { "eping", "[OPTIONS] PEER", 1, 0xffff, acmd_eping }, + { "forcekx", "PEER", 1, 1, acmd_forcekx }, + { "getchal", 0, 0, 0, acmd_getchal }, + { "greet", "PEER CHAL", 2, 2, acmd_greet }, + { "help", 0, 0, 0, acmd_help }, + { "ifname", "PEER", 1, 1, acmd_ifname }, + { "kill", "PEER", 1, 1, acmd_kill }, + { "list", 0, 0, 0, acmd_list }, + { "notify", "MESSAGE ...", 1, 0xffff, acmd_notify }, + { "peerinfo", "PEER", 1, 1, acmd_peerinfo }, + { "ping", "[OPTIONS] PEER", 1, 0xffff, acmd_ping }, + { "port", 0, 0, 0, acmd_port }, + { "quit", 0, 0, 0, acmd_quit }, + { "reload", 0, 0, 0, acmd_reload }, + { "servinfo", 0, 0, 0, acmd_servinfo }, + { "stats", "PEER", 1, 1, acmd_stats }, #ifndef NTRACE - { "trace", "trace [OPTIONS]", 0, 1, acmd_trace }, + { "trace", "[OPTIONS]", 0, 1, acmd_trace }, #endif - { "tunnels", "tunnels", 0, 0, acmd_tunnels }, - { "version", "version", 0, 0, acmd_version }, - { "warn", "warn MESSAGE ...", 1, 0xffff, acmd_warn }, - { "watch", "watch [OPTIONS]", 0, 1, acmd_watch }, + { "tunnels", 0, 0, 0, acmd_tunnels }, + { "version", 0, 0, 0, acmd_version }, + { "warn", "MESSAGE ...", 1, 0xffff, acmd_warn }, + { "watch", "[OPTIONS]", 0, 1, acmd_watch }, { 0, 0, 0, 0, 0 } }; static void acmd_help(admin *a, unsigned ac, char *av[]) { const acmd *c; - for (c = acmdtab; c->name; c++) - a_info(a, "%s", c->help); + for (c = acmdtab; c->name; c++) { + if (c->help) + a_info(a, "%s", c->name, "*%s", c->help, A_END); + else + a_info(a, "%s", c->name, A_END); + } a_ok(a); } @@ -1269,32 +1451,20 @@ static void acmd_help(admin *a, unsigned ac, char *av[]) * immediately. */ -static void a_lock(admin *a) { assert(!(a->f & AF_LOCK)); a->f |= AF_LOCK; } +static void a_lock(admin *a) { a->ref++; } -/* --- @a_unlock@ --- * +/* --- @a_dodestroy@ --- * * * Arguments: @admin *a@ = pointer to an admin block * * Returns: --- * - * Use: Unlocks an admin block, allowing its destruction. This is - * also the second half of @a_destroy@. + * Use: Actually does the legwork of destroying an admin block. */ -static void a_unlock(admin *a) +static void a_dodestroy(admin *a) { admin_bgop *bg, *bbg; - - assert(a->f & AF_LOCK); - - /* --- If we're not dead, that's fine --- */ - - if (!(a->f & AF_DEAD)) { - a->f &= ~AF_LOCK; - return; - } - - /* --- If we are, then destroy the rest of the block --- */ T( trace(T_ADMIN, "admin: completing destruction of connection %u", a->seq); ) @@ -1320,6 +1490,23 @@ static void a_unlock(admin *a) DESTROY(a); } +/* --- @a_unlock@ --- * + * + * Arguments: @admin *a@ = pointer to an admin block + * + * Returns: --- + * + * Use: Unlocks an admin block, allowing its destruction. This is + * also the second half of @a_destroy@. + */ + +static void a_unlock(admin *a) +{ + assert(a->ref); + if (!--a->ref && (a->f & AF_DEAD)) + a_dodestroy(a); +} + /* --- @a_destroy@ --- * * * Arguments: @admin *a@ = pointer to an admin block @@ -1361,12 +1548,10 @@ static void a_destroy(admin *a) /* --- If the block is locked, that's all we can manage --- */ - if (a->f & AF_LOCK) { - T( trace(T_ADMIN, "admin: deferring destruction..."); ) - return; - } - a->f |= AF_LOCK; - a_unlock(a); + if (!a->ref) + a_dodestroy(a); + T( else + trace(T_ADMIN, "admin: deferring destruction..."); ) } /* --- @a_line@ --- * @@ -1405,9 +1590,12 @@ static void a_line(char *p, size_t len, void *vp) for (c = acmdtab; c->name; c++) { if (mystrieq(av[0], c->name)) { ac--; - if (c->argmin > ac || ac > c->argmax) - a_fail(a, "bad-syntax -- %s", c->help); - else { + if (c->argmin > ac || ac > c->argmax) { + if (!c->help) + a_fail(a, "bad-syntax", "%s", c->name, "", A_END); + else + a_fail(a, "bad-syntax", "%s", c->name, "%s", c->help, A_END); + } else { a_lock(a); c->func(a, ac, av + 1); a_unlock(a); @@ -1415,7 +1603,7 @@ static void a_line(char *p, size_t len, void *vp) return; } } - a_fail(a, "unknown-command %s", av[0]); + a_fail(a, "unknown-command", "%s", av[0], A_END); } /* --- @a_create@ --- * @@ -1436,6 +1624,7 @@ void a_create(int fd_in, int fd_out, unsigned f) a->seq = seq++; ) T( trace(T_ADMIN, "admin: accepted connection %u", a->seq); ) a->bg = 0; + a->ref = 0; a->f = f; if (fd_in == STDIN_FILENO) a_stdin = a; fdflags(fd_in, O_NONBLOCK, O_NONBLOCK, FD_CLOEXEC, FD_CLOEXEC); @@ -1470,7 +1659,7 @@ static void a_accept(int fd, unsigned mode, void *v) if ((nfd = accept(fd, (struct sockaddr *)&sun, &sz)) < 0) { if (errno != EINTR && errno != EAGAIN && errno != EWOULDBLOCK && errno != ECONNABORTED && errno != EPROTO) - a_warn("ADMIN accept-error -- %s", strerror(errno)); + a_warn("ADMIN", "accept-error", "?ERRNO", A_END); return; } a_create(nfd, nfd, 0);