5 * Admin interface for configuration
7 * (c) 2001 Straylight/Edgeware
10 /*----- Licensing notice --------------------------------------------------*
12 * This file is part of Trivial IP Encryption (TrIPE).
14 * TrIPE is free software; you can redistribute it and/or modify
15 * it under the terms of the GNU General Public License as published by
16 * the Free Software Foundation; either version 2 of the License, or
17 * (at your option) any later version.
19 * TrIPE is distributed in the hope that it will be useful,
20 * but WITHOUT ANY WARRANTY; without even the implied warranty of
21 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
22 * GNU General Public License for more details.
24 * You should have received a copy of the GNU General Public License
25 * along with TrIPE; if not, write to the Free Software Foundation,
26 * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
29 /*----- Header files ------------------------------------------------------*/
33 /*----- Global variables --------------------------------------------------*/
37 const trace_opt tr_opts
[] = {
38 { 't', T_TUNNEL
, "tunnel events" },
39 { 'r', T_PEER
, "peer events" },
40 { 'a', T_ADMIN
, "admin interface" },
41 { 's', T_KEYSET
, "symmetric keyset management" },
42 { 'x', T_KEYEXCH
, "key exchange" },
43 { 'm', T_KEYMGMT
, "key management" },
44 { 'l', T_CHAL
, "challenge management" },
45 { 'p', T_PACKET
, "packet contents" },
46 { 'c', T_CRYPTO
, "crypto details" },
47 { 'A', T_ALL
, "all of the above" },
51 unsigned tr_flags
= 0;
54 static const trace_opt w_opts
[] = {
55 { 't', AF_TRACE
, "trace messages" },
56 { 'n', AF_NOTE
, "asynchronous notifications" },
57 { 'w', AF_WARN
, "warnings" },
58 { 'A', AF_ALLMSGS
, "all of the above" },
62 /*----- Static variables --------------------------------------------------*/
66 static const char *sockname
;
67 static unsigned flags
= 0;
68 static admin
*a_stdin
= 0;
69 static sig s_term
, s_int
, s_hup
;
74 #define T_RESOLVE SEC(30)
77 static void a_destroy(admin */
*a*/
);
78 static void a_lock(admin */
*a*/
);
79 static void a_unlock(admin */
*a*/
);
81 #define BOOL(x) ((x) ? "t" : "nil")
83 /*----- Output functions --------------------------------------------------*/
85 /* --- @trywrite@ --- *
87 * Arguments: @admin *a@ = pointer to an admin block
88 * @const char *p@ = pointer to buffer to write
89 * @size_t sz@ = size of data to write
91 * Returns: The number of bytes written, or less than zero on error.
93 * Use: Attempts to write data to a client.
96 static ssize_t
trywrite(admin
*a
, const char *p
, size_t sz
)
103 n
= write(a
->w
.fd
, p
, sz
);
113 if (errno
!= EAGAIN
&& errno
!= EWOULDBLOCK
) {
115 a_warn("ADMIN", "client-write-error", "?ERRNO", A_END
);
122 /* --- @doqueue@ -- *
124 * Arguments: @oqueue *q@ = pointer to output queue
125 * @const char *p@ = pointer to buffer to write
126 * @size_t sz@ = size of buffer
128 * Returns: Nonzero if the queue was previously empty.
130 * Use: Queues data to be written later.
133 static int doqueue(oqueue
*q
, const char *p
, size_t sz
)
142 else if (o
->p_in
< o
->buf
+ OBUFSZ
)
146 o
= xmalloc(sizeof(obuf
));
148 o
->p_in
= o
->p_out
= o
->buf
;
156 n
= o
->buf
+ OBUFSZ
- o
->p_in
;
159 memcpy(o
->p_in
, p
, n
);
168 /* --- @dosend@ --- *
170 * Arguemnts: @admin *a@ = pointer to an admin block
171 * @const char *p@ = pointer to buffer to write
172 * @size_t sz@ = size of data to write
176 * Use: Sends data to an admin client.
179 static void dosend(admin
*a
, const char *p
, size_t sz
)
186 if ((n
= trywrite(a
, p
, sz
)) < 0)
193 if (doqueue(&a
->out
, p
, sz
))
197 /* --- @a_flush@ --- *
199 * Arguments: @int fd@ = file descriptor
200 * @unsigned mode@ = what's happening
201 * @void *v@ = pointer to my admin block
205 * Use: Flushes buffers when a client is ready to read again.
208 static void a_flush(int fd
, unsigned mode
, void *v
)
216 if ((n
= trywrite(a
, o
->p_out
, o
->p_in
- o
->p_out
)) < 0)
219 if (o
->p_in
< o
->p_out
)
232 /*----- Utility functions -------------------------------------------------*/
234 /* --- @quotify@ --- *
236 * Arguments: @dstr *d@ = where to write the answer
237 * @const char *p@ = string to quotify
241 * Use: Quotes the given string if necessary, according to our
245 static void quotify(dstr
*d
, const char *p
)
249 if (*p
&& !p
[strcspn(p
, "\"' \t\n\v")])
254 if (*p
== '\\' || *p
== '\"')
262 /* --- @a_vformat@ --- *
264 * Arguments: @dstr *d@ = where to leave the formatted message
265 * @const char *fmt@ = pointer to format string
266 * @va_list ap@ = arguments in list
270 * Use: Main message token formatting driver.
273 static void a_vformat(dstr
*d
, const char *fmt
, va_list ap
)
280 dstr_vputf(d
, fmt
+ 1, &ap
);
281 } else if (*fmt
== '?') {
282 if (strcmp(fmt
, "?ADDR") == 0) {
283 const addr
*a
= va_arg(ap
, const addr
*);
284 switch (a
->sa
.sa_family
) {
287 quotify(d
, inet_ntoa(a
->sin
.sin_addr
));
288 dstr_putf(d
, " %u", (unsigned)ntohs(a
->sin
.sin_port
));
293 } else if (strcmp(fmt
, "?B64") == 0) {
294 const octet
*p
= va_arg(ap
, const octet
*);
295 size_t n
= va_arg(ap
, size_t);
301 base64_encode(&b64
, p
, n
, d
);
302 base64_encode(&b64
, 0, 0, d
);
303 while (d
->len
&& d
->buf
[d
->len
- 1] == '=') d
->len
--;
304 } else if (strcmp(fmt
, "?PEER") == 0)
305 quotify(d
, p_name(va_arg(ap
, peer
*)));
306 else if (strcmp(fmt
, "?ERRNO") == 0) {
307 dstr_putf(d
, " E%d", errno
);
308 quotify(d
, strerror(errno
));
312 if (*fmt
== '!') fmt
++;
314 dstr_vputf(&dd
, fmt
, &ap
);
317 fmt
= va_arg(ap
, const char *);
323 /* --- @a_write@, @a_vwrite@ --- *
325 * Arguments: @admin *a@ = admin connection to write to
326 * @const char *status@ = status code to report
327 * @const char *tag@ = tag string, or null
328 * @const char *fmt@ = pointer to format string
329 * @va_list ap@ = arguments in list
330 * @...@ = other arguments
334 * Use: Sends a message to an admin connection.
337 static void a_vwrite(admin
*a
, const char *status
, const char *tag
,
338 const char *fmt
, va_list ap
)
341 if (tag
) dstr_puts(&d
, "BG");
342 dstr_puts(&d
, status
);
343 if (tag
) quotify(&d
, tag
);
344 a_vformat(&d
, fmt
, ap
);
346 dosend(a
, d
.buf
, d
.len
);
350 static void a_write(admin
*a
, const char *status
, const char *tag
,
351 const char *fmt
, ...)
355 a_vwrite(a
, status
, tag
, fmt
, ap
);
359 /* --- @a_ok@, @a_info@, @a_fail@ --- *
361 * Arguments: @admin *a@ = connection
362 * @const char *fmt@ = format string
363 * @...@ = other arguments
367 * Use: Convenience functions for @a_write@.
370 static void a_ok(admin
*a
) { a_write(a
, "OK", 0, A_END
); }
372 static void a_info(admin
*a
, const char *fmt
, ...)
376 a_vwrite(a
, "INFO", 0, fmt
, ap
);
380 static void a_fail(admin
*a
, const char *fmt
, ...)
384 a_vwrite(a
, "FAIL", 0, fmt
, ap
);
388 /* --- @a_alert@, @a_valert@, @a_rawalert@ --- *
390 * Arguments: @unsigned f_and, f_eq@ = filter for connections
391 * @const char *status@ = status string
392 * @const char *fmt@ = pointer to format string
393 * @const char *p@ = pointer to raw string
394 * @size_t sz@ = size of raw string
395 * @va_list ap@ = arguments in list
396 * @...@ = other arguments
400 * Use: Write a message to all admin connections matched by the given
404 static void a_rawalert(unsigned f_and
, unsigned f_eq
, const char *status
,
405 const char *p
, size_t sz
)
410 if (!(flags
& F_INIT
))
412 dstr_puts(&d
, status
);
415 dstr_putm(&d
, p
, sz
);
420 for (a
= admins
; a
; a
= aa
) {
422 if ((a
->f
& f_and
) == f_eq
)
423 dosend(a
, d
.buf
, d
.len
);
428 static void a_valert(unsigned f_and
, unsigned f_eq
, const char *tag
,
429 const char *fmt
, va_list ap
)
433 if (!(flags
& F_INIT
))
435 a_vformat(&d
, fmt
, ap
);
436 a_rawalert(f_and
, f_eq
, tag
, fmt ? d
.buf
: 0, fmt ? d
.len
: 0);
441 static void a_alert(unsigned f_and
, unsigned f_eq
, const char *tag
,
442 const char *fmt
, ...)
446 a_valert(f_and
, f_eq
, tag
, fmt
, ap
);
451 /* --- @a_warn@ --- *
453 * Arguments: @const char *fmt@ = pointer to format string
454 * @...@ = other arguments
458 * Use: Informs all admin connections of a warning.
461 void a_warn(const char *fmt
, ...)
467 a_valert(0, 0, "WARN", fmt
, ap
);
470 fprintf(stderr
, "%s: ", QUIS
);
471 a_vformat(&d
, fmt
, ap
);
473 dstr_write(&d
, stderr
);
479 /* --- @a_trace@ --- *
481 * Arguments: @const char *p@ = pointer to a buffer
482 * @size_t sz@ = size of the buffer
483 * @void *v@ = uninteresting pointer
487 * Use: Custom trace output handler. Sends trace messages to
488 * interested admin connections.
492 static void a_trace(const char *p
, size_t sz
, void *v
)
493 { a_rawalert(AF_TRACE
, AF_TRACE
, "TRACE", p
, sz
); }
496 /* --- @a_notify@ --- *
498 * Arguments: @const char *fmt@ = pointer to format string
499 * @...@ = other arguments
503 * Use: Sends a notification to interested admin connections.
506 void a_notify(const char *fmt
, ...)
511 a_valert(AF_NOTE
, AF_NOTE
, "NOTE", fmt
, ap
);
515 /* --- @a_quit@ --- *
521 * Use: Shuts things down nicely.
530 while ((p
= p_first()) != 0)
535 /* --- @a_sigdie@ --- *
537 * Arguments: @int sig@ = signal number
538 * @void *v@ = an uninteresting argument
542 * Use Shuts down on receipt of a fatal signal.
545 static void a_sigdie(int sig
, void *v
)
551 case SIGTERM
: p
= "SIGTERM"; break;
552 case SIGINT
: p
= "SIGINT"; break;
554 sprintf(buf
, "%i", sig
);
558 a_warn("SERVER", "quit", "signal", "%s", p
, A_END
);
562 /* --- @a_sighup@ --- *
564 * Arguments: @int sig@ = signal number
565 * @void *v@ = an uninteresting argument
569 * Use Logs a message about SIGHUP not being useful.
572 static void a_sighup(int sig
, void *v
)
574 a_warn("SERVER", "ignore", "signal", "SIGHUP", A_END
);
577 /* --- @a_parsetime@ --- *
579 * Arguments; @const char *p@ = time string to parse
581 * Returns: Time in seconds, or @< 0@ on error.
584 static long a_parsetime(const char *p
)
587 long t
= strtol(p
, &q
, 0);
593 case 's': if (q
[1] != 0)
600 /* --- @a_findpeer@ --- *
602 * Arguments: @admin *a@ = admin connection
603 * @const char *pn@ = peer name
605 * Returns: The peer, or null if not there.
607 * Use: Finds a peer, reporting an error if it failed.
610 static peer
*a_findpeer(admin
*a
, const char *pn
)
614 if ((p
= p_find(pn
)) == 0)
615 a_fail(a
, "unknown-peer", "%s", pn
, A_END
);
619 /*----- Backgrounded operations -------------------------------------------*/
622 (((admin_bgop *)(bg))->tag ? ((admin_bgop *)(bg))->tag : "<foreground>")
624 /* --- @a_bgrelease@ --- *
626 * Arguments: @admin_bgop *bg@ = backgrounded operation
630 * Use: Removes a backgrounded operation from the queue, since
631 * (presumably) it's done.
634 static void a_bgrelease(admin_bgop
*bg
)
638 T( trace(T_ADMIN
, "admin: release bgop %s", BGTAG(bg
)); )
639 if (bg
->tag
) xfree(bg
->tag
);
640 else selbuf_enable(&a
->b
);
641 if (bg
->next
) bg
->next
->prev
= bg
->prev
;
642 if (bg
->prev
) bg
->prev
->next
= bg
->next
;
643 else a
->bg
= bg
->next
;
645 if (a
->f
& AF_CLOSE
) a_destroy(a
);
649 /* --- @a_bgok@, @a_bginfo@, @a_bgfail@ --- *
651 * Arguments: @admin_bgop *bg@ = backgrounded operation
652 * @const char *fmt@ = format string
653 * @...@ = other arguments
657 * Use: Convenience functions for @a_write@.
660 static void a_bgok(admin_bgop
*bg
)
661 { a_write(bg
->a
, "OK", bg
->tag
, A_END
); }
663 static void a_bginfo(admin_bgop
*bg
, const char *fmt
, ...)
667 a_vwrite(bg
->a
, "INFO", bg
->tag
, fmt
, ap
);
671 static void a_bgfail(admin_bgop
*bg
, const char *fmt
, ...)
675 a_vwrite(bg
->a
, "FAIL", bg
->tag
, fmt
, ap
);
679 /* --- @a_bgadd@ --- *
681 * Arguments: @admin *a@ = administration connection
682 * @admin_bgop *bg@ = pointer to background operation
683 * @const char *tag@ = background tag, or null for foreground
684 * @void (*cancel)(admin_bgop *)@ = cancel function
688 * Use: Links a background job into the list.
691 static void a_bgadd(admin
*a
, admin_bgop
*bg
, const char *tag
,
692 void (*cancel
)(admin_bgop
*))
695 bg
->tag
= xstrdup(tag
);
698 selbuf_disable(&a
->b
);
704 if (a
->bg
) a
->bg
->prev
= bg
;
707 T( trace(T_ADMIN
, "admin: add bgop %s", BGTAG(bg
)); )
708 if (tag
) a_write(a
, "DETACH", tag
, A_END
);
711 /*----- Name resolution operations ----------------------------------------*/
713 /* --- @a_resolved@ --- *
715 * Arguments: @struct hostent *h@ = pointer to resolved hostname
716 * @void *v@ = pointer to resolver operation
720 * Use: Handles a completed name resolution.
723 static void a_resolved(struct hostent
*h
, void *v
)
727 T( trace(T_ADMIN
, "admin: resop %s resolved", BGTAG(r
)); )
730 a_bgfail(&r
->bg
, "resolve-error", "%s", r
->addr
, A_END
);
731 r
->func(r
, ARES_FAIL
);
733 memcpy(&r
->sa
.sin
.sin_addr
, h
->h_addr
, sizeof(struct in_addr
));
741 /* --- @a_restimer@ --- *
743 * Arguments: @struct timeval *tv@ = timer
744 * @void *v@ = pointer to resolver operation
748 * Use: Times out a resolver.
751 static void a_restimer(struct timeval
*tv
, void *v
)
755 T( trace(T_ADMIN
, "admin: resop %s timeout", BGTAG(r
)); )
756 a_bgfail(&r
->bg
, "resolver-timeout", "%s", r
->addr
, A_END
);
757 r
->func(r
, ARES_FAIL
);
763 /* --- @a_rescancel@ --- *
765 * Arguments: @admin_bgop *bg@ = background operation
769 * Use: Cancels an add operation.
772 static void a_rescancel(admin_bgop
*bg
)
774 admin_resop
*r
= (admin_resop
*)bg
;
776 T( trace(T_ADMIN
, "admin: cancel resop %s", BGTAG(r
)); )
777 r
->func(r
, ARES_FAIL
);
783 /* --- @a_resolve@ --- *
785 * Arguments: @admin *a@ = administration connection
786 * @admin_resop *r@ = resolver operation to run
787 * @const char *tag@ = background operation tag
788 * @void (*func)(struct admin_resop *, int@ = handler function
789 * @unsigned ac@ = number of remaining arguments
790 * @char *av[]@ = pointer to remaining arguments
794 * Use: Cranks up a resolver job.
797 static void a_resolve(admin
*a
, admin_resop
*r
, const char *tag
,
798 void (*func
)(struct admin_resop
*, int),
799 unsigned ac
, char *av
[])
806 /* --- Fill in the easy bits of address --- */
810 if (mystrieq(av
[i
], "inet")) i
++;
812 a_fail(a
, "bad-addr-syntax", "[inet] ADDRESS PORT", A_END
);
815 r
->sa
.sin
.sin_family
= AF_INET
;
816 r
->sasz
= sizeof(r
->sa
.sin
);
817 r
->addr
= xstrdup(av
[i
]);
818 pt
= strtoul(av
[i
+ 1], &p
, 0);
820 struct servent
*s
= getservbyname(av
[i
+ 1], "udp");
822 a_fail(a
, "unknown-service", "%s", av
[i
+ 1], A_END
);
825 pt
= ntohs(s
->s_port
);
827 if (pt
== 0 || pt
>= 65536) {
828 a_fail(a
, "invalid-port", "%lu", pt
, A_END
);
831 r
->sa
.sin
.sin_port
= htons(pt
);
833 /* --- Report backgrounding --- *
835 * Do this for consistency of interface, even if we're going to get the
836 * answer straight away.
839 a_bgadd(a
, &r
->bg
, tag
, a_rescancel
);
840 T( trace(T_ADMIN
, "admin: %u, resop %s, hostname `%s'",
841 a
->seq
, BGTAG(r
), r
->addr
); )
843 /* --- If the name is numeric, do it the easy way --- */
845 if (inet_aton(av
[i
], &r
->sa
.sin
.sin_addr
)) {
846 T( trace(T_ADMIN
, "admin: resop %s done the easy way", BGTAG(r
)); )
853 /* --- Store everything for later and crank up the resolver --- */
855 gettimeofday(&tv
, 0);
856 tv
.tv_sec
+= T_RESOLVE
;
857 sel_addtimer(&sel
, &r
->t
, &tv
, a_restimer
, r
);
858 bres_byname(&r
->r
, r
->addr
, a_resolved
, r
);
863 if (r
->addr
) xfree(r
->addr
);
867 /*----- Adding peers ------------------------------------------------------*/
869 /* --- @a_doadd@ --- *
871 * Arguments: @admin_resop *r@ = resolver operation
872 * @int rc@ = how it worked
876 * Use: Handles a completed resolution.
879 static void a_doadd(admin_resop
*r
, int rc
)
881 admin_addop
*add
= (admin_addop
*)r
;
883 T( trace(T_ADMIN
, "admin: done add op %s", BGTAG(add
)); )
886 add
->peer
.sasz
= add
->r
.sasz
;
887 add
->peer
.sa
= add
->r
.sa
;
888 if (p_find(add
->peer
.name
))
889 a_bgfail(&add
->r
.bg
, "peer-exists", "%s", add
->peer
.name
, A_END
);
890 else if (!p_create(&add
->peer
))
891 a_bgfail(&add
->r
.bg
, "peer-create-fail", "%s", add
->peer
.name
, A_END
);
896 xfree(add
->peer
.name
);
899 /* --- @acmd_add@ --- *
901 * Arguments: @admin *a@ = connection which requested the addition
902 * @unsigned ac@ = argument count
903 * @char *av[]@ = pointer to the argument list
907 * Use: Adds a new peer.
910 static void acmd_add(admin
*a
, unsigned ac
, char *av
[])
914 admin_addop
*add
= 0;
916 /* --- Set stuff up --- */
918 add
= xmalloc(sizeof(*add
));
919 add
->peer
.name
= xstrdup(av
[0]);
921 add
->peer
.tops
= tun_default
;
923 /* --- Make sure someone's not got there already --- */
926 a_fail(a
, "peer-exists", "%s", av
[0], A_END
);
930 /* --- Parse options --- */
936 if (mystrieq(av
[i
], "-background")) {
937 if (!av
[++i
]) goto bad_syntax
;
939 } else if (mystrieq(av
[i
], "-tunnel")) {
940 if (!av
[++i
]) goto bad_syntax
;
943 a_fail(a
, "unknown-tunnel", "%s", av
[i
], A_END
);
946 if (mystrieq(av
[i
], tunnels
[j
]->name
)) {
947 add
->peer
.tops
= tunnels
[j
];
951 } else if (mystrieq(av
[i
], "-keepalive")) {
953 if (!av
[++i
]) goto bad_syntax
;
954 if ((t
= a_parsetime(av
[i
])) < 0) {
955 a_fail(a
, "bad-time-spec", "%s", av
[i
], A_END
);
959 } else if (mystrieq(av
[i
], "--")) {
967 /* --- Crank up the resolver --- */
969 a_resolve(a
, &add
->r
, tag
, a_doadd
, ac
- i
, av
+ i
);
972 /* --- Clearing up --- */
975 a_fail(a
, "bad-syntax", "add", "PEER [OPTIONS] ADDR ...", A_END
);
977 xfree(add
->peer
.name
);
982 /*----- Ping --------------------------------------------------------------*/
984 /* --- @a_pingcancel@ --- *
986 * Arguments: @admin_bgop *bg@ = background operation block
990 * Use: Cancels a running ping.
993 static void a_pingcancel(admin_bgop
*bg
)
995 admin_pingop
*pg
= (admin_pingop
*)bg
;
996 T( trace(T_ADMIN
, "admin: cancel ping op %s", BGTAG(pg
)); )
997 p_pingdone(&pg
->ping
, PING_NONOTIFY
);
1000 /* --- @a_pong@ --- *
1002 * Arguments: @int rc@ = return code
1003 * @void *v@ = ping operation block
1007 * Use: Collects what happened to a ping message.
1010 static void a_pong(int rc
, void *v
)
1012 admin_pingop
*pg
= v
;
1018 gettimeofday(&tv
, 0);
1019 tv_sub(&tv
, &tv
, &pg
->pingtime
);
1020 millis
= (double)tv
.tv_sec
* 1000 + (double)tv
.tv_usec
/1000;
1021 a_bginfo(&pg
->bg
, "ping-ok", "%.1f", millis
, A_END
);
1025 a_bginfo(&pg
->bg
, "ping-timeout", A_END
);
1029 a_bginfo(&pg
->bg
, "ping-peer-died", A_END
);
1035 T( trace(T_ADMIN
, "admin: ponged ping op %s", BGTAG(pg
)); )
1036 a_bgrelease(&pg
->bg
);
1039 /* --- @acmd_ping@, @acmd_eping@ --- *
1041 * Arguments: @admin *a@ = connection which requested the ping
1042 * @unsigned ac@ = argument count
1043 * @char *av[]@ = pointer to the argument list
1047 * Use: Pings a peer.
1050 static void a_ping(admin
*a
, unsigned ac
, char *av
[],
1051 const char *cmd
, unsigned msg
)
1056 admin_pingop
*pg
= 0;
1057 const char *tag
= 0;
1063 if (mystrieq(av
[i
], "-background")) {
1064 if (!av
[++i
]) goto bad_syntax
;
1066 } else if (mystrieq(av
[i
], "-timeout")) {
1067 if (!av
[++i
]) goto bad_syntax
;
1068 if ((t
= a_parsetime(av
[i
])) < 0) {
1069 a_fail(a
, "bad-time-spec", "%s", av
[i
], A_END
);
1072 } else if (mystrieq(av
[i
], "--")) {
1080 if (!av
[i
]) goto bad_syntax
;
1081 if ((p
= a_findpeer(a
, av
[i
])) == 0)
1083 pg
= xmalloc(sizeof(*pg
));
1084 gettimeofday(&pg
->pingtime
, 0);
1085 a_bgadd(a
, &pg
->bg
, tag
, a_pingcancel
);
1086 T( trace(T_ADMIN
, "admin: ping op %s: %s to %s",
1087 BGTAG(pg
), cmd
, p_name(p
)); )
1088 if (p_pingsend(p
, &pg
->ping
, msg
, t
, a_pong
, pg
)) {
1089 a_bgfail(&pg
->bg
, "ping-send-failed", A_END
);
1090 a_bgrelease(&pg
->bg
);
1095 a_fail(a
, "bad-syntax", "%s", cmd
, "[OPTIONS] PEER", cmd
, A_END
);
1099 static void acmd_ping(admin
*a
, unsigned ac
, char *av
[])
1100 { a_ping(a
, ac
, av
, "ping", MISC_PING
); }
1101 static void acmd_eping(admin
*a
, unsigned ac
, char *av
[])
1102 { a_ping(a
, ac
, av
, "eping", MISC_EPING
); }
1104 /*----- Administration commands -------------------------------------------*/
1106 /* --- Miscellaneous commands --- */
1108 /* --- @traceish@ --- *
1110 * Arguments: @admin *a@ = connection to complain on
1111 * @unsigned ac@ = number of arguments
1112 * @char *av[]@ = vector of arguments
1113 * @const char *what@ = what we're messing with
1114 * @const trace_opt *tt@ = options table
1115 * @unsigned *ff@ = where the flags are
1117 * Returns: Nonzero if anything changed.
1119 * Use: Guts of trace-ish commands like `trace' and `watch'.
1122 static int traceish(admin
*a
, unsigned ac
, char *av
[],
1123 const char *what
, const trace_opt
*tt
, unsigned *ff
)
1127 if (!ac
|| strcmp(av
[0], "?") == 0) {
1129 for (t
= tt
; t
->ch
; t
++) {
1130 a_info(a
, "*%c%c %s",
1131 t
->ch
, (*ff
& t
->f
) == t
->f ?
'+' : ' ', t
->help
, A_END
);
1141 case '+': sense
= 1; break;
1142 case '-': sense
= 0; break;
1144 for (t
= tt
; t
->ch
; t
++) {
1146 if (sense
) f
|= t
->f
;
1151 a_fail(a
, "bad-%s-option", what
, "%c", *p
, A_END
);
1167 static void acmd_trace(admin
*a
, unsigned ac
, char *av
[])
1169 if (traceish(a
, ac
, av
, "trace", tr_opts
, &tr_flags
))
1170 trace_level(tr_flags
);
1175 static void acmd_watch(admin
*a
, unsigned ac
, char *av
[])
1177 traceish(a
, ac
, av
, "watch", w_opts
, &a
->f
);
1180 static void alertcmd(admin
*a
, unsigned f_and
, unsigned f_eq
,
1181 const char *tag
, unsigned ac
, char *av
[])
1186 dstr_puts(&d
, "USER");
1187 for (i
= 0; i
< ac
; i
++)
1190 a_rawalert(f_and
, f_eq
, tag
, d
.buf
, d
.len
);
1195 static void acmd_notify(admin
*a
, unsigned ac
, char *av
[])
1196 { alertcmd(a
, AF_NOTE
, AF_NOTE
, "NOTE", ac
, av
); }
1197 static void acmd_warn(admin
*a
, unsigned ac
, char *av
[])
1198 { alertcmd(a
, AF_WARN
, AF_WARN
, "WARN", ac
, av
); }
1200 static void acmd_port(admin
*a
, unsigned ac
, char *av
[])
1202 a_info(a
, "%u", p_port(), A_END
);
1206 static void acmd_daemon(admin
*a
, unsigned ac
, char *av
[])
1208 if (flags
& F_DAEMON
)
1209 a_fail(a
, "already-daemon", A_END
);
1211 a_notify("DAEMON", A_END
);
1215 a_fail(a
, "daemon-error", "?ERRNO", A_END
);
1223 static void acmd_list(admin
*a
, unsigned ac
, char *av
[])
1226 for (p
= p_first(); p
; p
= p_next(p
))
1227 a_info(a
, "%s", p_name(p
), A_END
);
1231 static void acmd_ifname(admin
*a
, unsigned ac
, char *av
[])
1235 if ((p
= a_findpeer(a
, av
[0])) != 0) {
1236 a_info(a
, "%s", p_ifname(p
), A_END
);
1241 static void acmd_getchal(admin
*a
, unsigned ac
, char *av
[])
1245 buf_init(&b
, buf_i
, PKBUFSZ
);
1247 a_info(a
, "?B64", BBASE(&b
), (size_t)BLEN(&b
), A_END
);
1251 static void acmd_checkchal(admin
*a
, unsigned ac
, char *av
[])
1258 base64_decode(&b64
, av
[0], strlen(av
[0]), &d
);
1259 base64_decode(&b64
, 0, 0, &d
);
1260 buf_init(&b
, d
.buf
, d
.len
);
1261 if (c_check(&b
) || BBAD(&b
) || BLEFT(&b
))
1262 a_fail(a
, "invalid-challenge", A_END
);
1268 static void acmd_greet(admin
*a
, unsigned ac
, char *av
[])
1274 if ((p
= a_findpeer(a
, av
[0])) != 0) {
1276 base64_decode(&b64
, av
[1], strlen(av
[1]), &d
);
1277 base64_decode(&b64
, 0, 0, &d
);
1278 p_greet(p
, d
.buf
, d
.len
);
1284 static void acmd_addr(admin
*a
, unsigned ac
, char *av
[])
1289 if ((p
= a_findpeer(a
, av
[0])) != 0) {
1291 assert(ad
->sa
.sa_family
== AF_INET
);
1292 a_info(a
, "?ADDR", ad
, A_END
);
1297 static void acmd_peerinfo(admin
*a
, unsigned ac
, char *av
[])
1302 if ((p
= a_findpeer(a
, av
[0])) != 0) {
1304 a_info(a
, "tunnel=%s", ps
->tops
->name
, A_END
);
1305 a_info(a
, "keepalive=%lu", ps
->t_ka
, A_END
);
1310 static void acmd_servinfo(admin
*a
, unsigned ac
, char *av
[])
1312 a_info(a
, "implementation=edgeware-tripe", A_END
);
1313 a_info(a
, "version=%s", VERSION
, A_END
);
1314 a_info(a
, "daemon=%s", BOOL(flags
& F_DAEMON
), A_END
);
1318 static void acmd_stats(admin
*a
, unsigned ac
, char *av
[])
1323 if ((p
= a_findpeer(a
, av
[0])) == 0)
1327 a_info(a
, "start-time=%s", timestr(st
->t_start
), A_END
);
1328 a_info(a
, "last-packet-time=%s", timestr(st
->t_last
), A_END
);
1329 a_info(a
, "last-keyexch-time=%s", timestr(st
->t_kx
), A_END
);
1330 a_info(a
, "packets-in=%lu bytes-in=%lu", st
->n_in
, st
->sz_in
, A_END
);
1331 a_info(a
, "packets-out=%lu bytes-out=%lu",
1332 st
->n_out
, st
->sz_out
, A_END
);
1333 a_info(a
, "keyexch-packets-in=%lu keyexch-bytes-in=%lu",
1334 st
->n_kxin
, st
->sz_kxin
, A_END
);
1335 a_info(a
, "keyexch-packets-out=%lu keyexch-bytes-out=%lu",
1336 st
->n_kxout
, st
->sz_kxout
, A_END
);
1337 a_info(a
, "ip-packets-in=%lu ip-bytes-in=%lu",
1338 st
->n_ipin
, st
->sz_ipin
, A_END
);
1339 a_info(a
, "ip-packets-out=%lu ip-bytes-out=%lu",
1340 st
->n_ipout
, st
->sz_ipout
, A_END
);
1341 a_info(a
, "rejected-packets=%lu", st
->n_reject
, A_END
);
1345 static void acmd_kill(admin
*a
, unsigned ac
, char *av
[])
1348 if ((p
= a_findpeer(a
, av
[0])) != 0) {
1354 static void acmd_forcekx(admin
*a
, unsigned ac
, char *av
[])
1357 if ((p
= a_findpeer(a
, av
[0])) != 0) {
1358 kx_start(&p
->kx
, 1);
1363 static void acmd_reload(admin
*a
, unsigned ac
, char *av
[])
1364 { p_keyreload(); a_ok(a
); }
1366 static void acmd_quit(admin
*a
, unsigned ac
, char *av
[])
1368 a_warn("SERVER", "quit", "admin-request", A_END
);
1374 static void acmd_version(admin
*a
, unsigned ac
, char *av
[])
1376 a_info(a
, "%s", PACKAGE
, "%s", VERSION
, A_END
);
1380 static void acmd_tunnels(admin
*a
, unsigned ac
, char *av
[])
1383 for (i
= 0; tunnels
[i
]; i
++)
1384 a_info(a
, "%s", tunnels
[i
]->name
, A_END
);
1388 /* --- The command table and help --- */
1390 typedef struct acmd
{
1393 unsigned argmin
, argmax
;
1394 void (*func
)(admin */
*a*/
, unsigned /*ac*/, char */
*av*/
[]);
1397 static void acmd_help(admin */
*a*/
, unsigned /*ac*/, char */
*av*/
[]);
1399 static const acmd acmdtab
[] = {
1400 { "add", "PEER [OPTIONS] ADDR ...", 2, 0xffff, acmd_add
},
1401 { "addr", "PEER", 1, 1, acmd_addr
},
1402 { "checkchal", "CHAL", 1, 1, acmd_checkchal
},
1403 { "daemon", 0, 0, 0, acmd_daemon
},
1404 { "eping", "[OPTIONS] PEER", 1, 0xffff, acmd_eping
},
1405 { "forcekx", "PEER", 1, 1, acmd_forcekx
},
1406 { "getchal", 0, 0, 0, acmd_getchal
},
1407 { "greet", "PEER CHAL", 2, 2, acmd_greet
},
1408 { "help", 0, 0, 0, acmd_help
},
1409 { "ifname", "PEER", 1, 1, acmd_ifname
},
1410 { "kill", "PEER", 1, 1, acmd_kill
},
1411 { "list", 0, 0, 0, acmd_list
},
1412 { "notify", "MESSAGE ...", 1, 0xffff, acmd_notify
},
1413 { "peerinfo", "PEER", 1, 1, acmd_peerinfo
},
1414 { "ping", "[OPTIONS] PEER", 1, 0xffff, acmd_ping
},
1415 { "port", 0, 0, 0, acmd_port
},
1416 { "quit", 0, 0, 0, acmd_quit
},
1417 { "reload", 0, 0, 0, acmd_reload
},
1418 { "servinfo", 0, 0, 0, acmd_servinfo
},
1419 { "stats", "PEER", 1, 1, acmd_stats
},
1421 { "trace", "[OPTIONS]", 0, 1, acmd_trace
},
1423 { "tunnels", 0, 0, 0, acmd_tunnels
},
1424 { "version", 0, 0, 0, acmd_version
},
1425 { "warn", "MESSAGE ...", 1, 0xffff, acmd_warn
},
1426 { "watch", "[OPTIONS]", 0, 1, acmd_watch
},
1430 static void acmd_help(admin
*a
, unsigned ac
, char *av
[])
1433 for (c
= acmdtab
; c
->name
; c
++) {
1435 a_info(a
, "%s", c
->name
, "*%s", c
->help
, A_END
);
1437 a_info(a
, "%s", c
->name
, A_END
);
1442 /*----- Connection handling -----------------------------------------------*/
1444 /* --- @a_lock@ --- *
1446 * Arguments: @admin *a@ = pointer to an admin block
1450 * Use: Locks an admin block so that it won't be destroyed
1454 static void a_lock(admin
*a
) { a
->ref
++; }
1456 /* --- @a_dodestroy@ --- *
1458 * Arguments: @admin *a@ = pointer to an admin block
1462 * Use: Actually does the legwork of destroying an admin block.
1465 static void a_dodestroy(admin
*a
)
1467 admin_bgop
*bg
, *bbg
;
1469 T( trace(T_ADMIN
, "admin: completing destruction of connection %u",
1472 selbuf_destroy(&a
->b
);
1473 for (bg
= a
->bg
; bg
; bg
= bbg
) {
1476 if (bg
->tag
) xfree(bg
->tag
);
1479 if (a
->b
.reader
.fd
!= a
->w
.fd
) close(a
->b
.reader
.fd
);
1485 a
->next
->prev
= a
->prev
;
1487 a
->prev
->next
= a
->next
;
1493 /* --- @a_unlock@ --- *
1495 * Arguments: @admin *a@ = pointer to an admin block
1499 * Use: Unlocks an admin block, allowing its destruction. This is
1500 * also the second half of @a_destroy@.
1503 static void a_unlock(admin
*a
)
1506 if (!--a
->ref
&& (a
->f
& AF_DEAD
))
1510 /* --- @a_destroy@ --- *
1512 * Arguments: @admin *a@ = pointer to an admin block
1516 * Use: Destroys an admin block. This requires a certain amount of
1520 static void freequeue(oqueue
*q
)
1524 for (o
= q
->hd
; o
; o
= oo
) {
1531 static void a_destroy(admin
*a
)
1533 /* --- Don't multiply destroy admin blocks --- */
1538 /* --- Make sure nobody expects it to work --- */
1541 T( trace(T_ADMIN
, "admin: destroying connection %u", a
->seq
); )
1543 /* --- Free the output buffers --- */
1549 /* --- If the block is locked, that's all we can manage --- */
1554 trace(T_ADMIN
, "admin: deferring destruction..."); )
1557 /* --- @a_line@ --- *
1559 * Arguments: @char *p@ = pointer to the line read
1560 * @size_t len@ = length of the line
1561 * @void *vp@ = pointer to my admin block
1565 * Use: Handles a line of input.
1568 static void a_line(char *p
, size_t len
, void *vp
)
1583 selbuf_disable(&a
->b
);
1587 ac
= str_qsplit(p
, av
, 16, 0, STRF_QUOTE
);
1590 for (c
= acmdtab
; c
->name
; c
++) {
1591 if (mystrieq(av
[0], c
->name
)) {
1593 if (c
->argmin
> ac
|| ac
> c
->argmax
) {
1595 a_fail(a
, "bad-syntax", "%s", c
->name
, "", A_END
);
1597 a_fail(a
, "bad-syntax", "%s", c
->name
, "%s", c
->help
, A_END
);
1600 c
->func(a
, ac
, av
+ 1);
1606 a_fail(a
, "unknown-command", "%s", av
[0], A_END
);
1609 /* --- @a_create@ --- *
1611 * Arguments: @int fd_in, fd_out@ = file descriptors to use
1612 * @unsigned f@ = initial flags to set
1616 * Use: Creates a new admin connection.
1619 void a_create(int fd_in
, int fd_out
, unsigned f
)
1621 admin
*a
= CREATE(admin
);
1623 T( static unsigned seq
= 0;
1625 T( trace(T_ADMIN
, "admin: accepted connection %u", a
->seq
); )
1628 if (fd_in
== STDIN_FILENO
) a_stdin
= a
;
1629 fdflags(fd_in
, O_NONBLOCK
, O_NONBLOCK
, FD_CLOEXEC
, FD_CLOEXEC
);
1630 if (fd_out
!= fd_in
)
1631 fdflags(fd_out
, O_NONBLOCK
, O_NONBLOCK
, FD_CLOEXEC
, FD_CLOEXEC
);
1632 selbuf_init(&a
->b
, &sel
, fd_in
, a_line
, a
);
1633 sel_initfile(&sel
, &a
->w
, fd_out
, SEL_WRITE
, a_flush
, a
);
1634 a
->out
.hd
= a
->out
.tl
= 0;
1637 if (admins
) admins
->prev
= a
;
1641 /* --- @a_accept@ --- *
1643 * Arguments: @int fd@ = file descriptor to accept
1644 * @unsigned mode@ = what to do
1645 * @void *v@ = uninteresting pointer
1649 * Use: Accepts a new admin connection.
1652 static void a_accept(int fd
, unsigned mode
, void *v
)
1655 struct sockaddr_un sun
;
1656 size_t sz
= sizeof(sun
);
1658 if ((nfd
= accept(fd
, (struct sockaddr
*)&sun
, &sz
)) < 0) {
1659 if (errno
!= EINTR
&& errno
!= EAGAIN
&& errno
!= EWOULDBLOCK
&&
1660 errno
!= ECONNABORTED
&& errno
!= EPROTO
)
1661 a_warn("ADMIN", "accept-error", "?ERRNO", A_END
);
1664 a_create(nfd
, nfd
, 0);
1667 /* --- @a_daemon@ --- *
1673 * Use: Informs the admin module that it's a daemon.
1681 /* --- @a_init@ --- *
1683 * Arguments: @const char *name@ = socket name to create
1687 * Use: Creates the admin listening socket.
1690 void a_init(const char *name
)
1694 struct sockaddr_un sun
;
1695 struct sigaction sa
;
1698 /* --- Set up the socket address --- */
1700 sz
= strlen(name
) + 1;
1701 if (sz
> sizeof(sun
.sun_path
))
1702 die(EXIT_FAILURE
, "socket name `%s' too long", name
);
1704 sun
.sun_family
= AF_UNIX
;
1705 memcpy(sun
.sun_path
, name
, sz
);
1706 sz
+= offsetof(struct sockaddr_un
, sun_path
);
1708 /* --- Attempt to bind to the socket --- */
1712 if ((fd
= socket(PF_UNIX
, SOCK_STREAM
, 0)) < 0)
1713 die(EXIT_FAILURE
, "couldn't create socket: %s", strerror(errno
));
1714 if (bind(fd
, (struct sockaddr
*)&sun
, sz
) < 0) {
1717 if (errno
!= EADDRINUSE
) {
1718 die(EXIT_FAILURE
, "couldn't bind to address `%s': %s",
1719 sun
.sun_path
, strerror(e
));
1722 die(EXIT_FAILURE
, "too many retries; giving up");
1724 if (!connect(fd
, (struct sockaddr
*)&sun
, sz
)) {
1725 die(EXIT_FAILURE
, "server already listening on admin socket `%s'",
1728 if (errno
!= ECONNREFUSED
)
1729 die(EXIT_FAILURE
, "couldn't bind to address: %s", strerror(e
));
1730 if (stat(sun
.sun_path
, &st
)) {
1731 die(EXIT_FAILURE
, "couldn't stat `%s': %s",
1732 sun
.sun_path
, strerror(errno
));
1734 if (!S_ISSOCK(st
.st_mode
))
1735 die(EXIT_FAILURE
, "object `%s' isn't a socket", sun
.sun_path
);
1736 T( trace(T_ADMIN
, "admin: stale socket found; removing it"); )
1737 unlink(sun
.sun_path
);
1741 chmod(sun
.sun_path
, 0600);
1742 fdflags(fd
, O_NONBLOCK
, O_NONBLOCK
, FD_CLOEXEC
, FD_CLOEXEC
);
1744 die(EXIT_FAILURE
, "couldn't listen on socket: %s", strerror(errno
));
1746 /* --- Listen to the socket --- */
1748 sel_initfile(&sel
, &sock
, fd
, SEL_READ
, a_accept
, 0);
1752 T( trace_custom(a_trace
, 0);
1753 trace(T_ADMIN
, "admin: enabled custom tracing"); )
1756 /* --- Set up signal handlers --- */
1758 sig_add(&s_term
, SIGTERM
, a_sigdie
, 0);
1759 sig_add(&s_hup
, SIGHUP
, a_sighup
, 0);
1760 signal(SIGPIPE
, SIG_IGN
);
1761 sigaction(SIGINT
, 0, &sa
);
1762 if (sa
.sa_handler
!= SIG_IGN
)
1763 sig_add(&s_int
, SIGINT
, a_sigdie
, 0);
1766 /*----- That's all, folks -------------------------------------------------*/