192 lines
6.0 KiB
C
192 lines
6.0 KiB
C
/*
|
|
* daemon/remote.h - remote control for the unbound daemon.
|
|
*
|
|
* Copyright (c) 2008, NLnet Labs. All rights reserved.
|
|
*
|
|
* This software is open source.
|
|
*
|
|
* Redistribution and use in source and binary forms, with or without
|
|
* modification, are permitted provided that the following conditions
|
|
* are met:
|
|
*
|
|
* Redistributions of source code must retain the above copyright notice,
|
|
* this list of conditions and the following disclaimer.
|
|
*
|
|
* Redistributions in binary form must reproduce the above copyright notice,
|
|
* this list of conditions and the following disclaimer in the documentation
|
|
* and/or other materials provided with the distribution.
|
|
*
|
|
* Neither the name of the NLNET LABS nor the names of its contributors may
|
|
* be used to endorse or promote products derived from this software without
|
|
* specific prior written permission.
|
|
*
|
|
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
|
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
|
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
|
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
|
* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
|
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
|
|
* TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
|
|
* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
|
|
* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
|
|
* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
|
|
* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
*/
|
|
|
|
/**
|
|
* \file
|
|
*
|
|
* This file contains the remote control functionality for the daemon.
|
|
* The remote control can be performed using either the commandline
|
|
* unbound-control tool, or a SSLv3/TLS capable web browser.
|
|
* The channel is secured using SSLv3 or TLSv1, and certificates.
|
|
* Both the server and the client(control tool) have their own keys.
|
|
*/
|
|
|
|
#ifndef DAEMON_REMOTE_H
|
|
#define DAEMON_REMOTE_H
|
|
#ifdef HAVE_OPENSSL_SSL_H
|
|
#include "openssl/ssl.h"
|
|
#endif
|
|
struct config_file;
|
|
struct listen_list;
|
|
struct listen_port;
|
|
struct worker;
|
|
struct comm_reply;
|
|
struct comm_point;
|
|
struct daemon_remote;
|
|
|
|
/** number of seconds timeout on incoming remote control handshake */
|
|
#define REMOTE_CONTROL_TCP_TIMEOUT 120
|
|
|
|
/**
|
|
* a busy control command connection, SSL state
|
|
*/
|
|
struct rc_state {
|
|
/** the next item in list */
|
|
struct rc_state* next;
|
|
/** the commpoint */
|
|
struct comm_point* c;
|
|
/** in the handshake part */
|
|
enum { rc_none, rc_hs_read, rc_hs_write } shake_state;
|
|
#ifdef HAVE_SSL
|
|
/** the ssl state */
|
|
SSL* ssl;
|
|
#endif
|
|
/** the rc this is part of */
|
|
struct daemon_remote* rc;
|
|
};
|
|
|
|
/**
|
|
* The remote control tool state.
|
|
* The state is only created for the first thread, other threads
|
|
* are called from this thread. Only the first threads listens to
|
|
* the control port. The other threads do not, but are called on the
|
|
* command channel(pipe) from the first thread.
|
|
*/
|
|
struct daemon_remote {
|
|
/** the worker for this remote control */
|
|
struct worker* worker;
|
|
/** commpoints for accepting remote control connections */
|
|
struct listen_list* accept_list;
|
|
/* if certificates are used */
|
|
int use_cert;
|
|
/** number of active commpoints that are handling remote control */
|
|
int active;
|
|
/** max active commpoints */
|
|
int max_active;
|
|
/** current commpoints busy; should be a short list, malloced */
|
|
struct rc_state* busy_list;
|
|
#ifdef HAVE_SSL
|
|
/** the SSL context for creating new SSL streams */
|
|
SSL_CTX* ctx;
|
|
#endif
|
|
};
|
|
|
|
/**
|
|
* Create new remote control state for the daemon.
|
|
* @param cfg: config file with key file settings.
|
|
* @return new state, or NULL on failure.
|
|
*/
|
|
struct daemon_remote* daemon_remote_create(struct config_file* cfg);
|
|
|
|
/**
|
|
* remote control state to delete.
|
|
* @param rc: state to delete.
|
|
*/
|
|
void daemon_remote_delete(struct daemon_remote* rc);
|
|
|
|
/**
|
|
* remote control state to clear up. Busy and accept points are closed.
|
|
* Does not delete the rc itself, or the ssl context (with its keys).
|
|
* @param rc: state to clear.
|
|
*/
|
|
void daemon_remote_clear(struct daemon_remote* rc);
|
|
|
|
/**
|
|
* Open and create listening ports for remote control.
|
|
* @param cfg: config options.
|
|
* @return list of ports or NULL on failure.
|
|
* can be freed with listening_ports_free().
|
|
*/
|
|
struct listen_port* daemon_remote_open_ports(struct config_file* cfg);
|
|
|
|
/**
|
|
* Setup comm points for accepting remote control connections.
|
|
* @param rc: state
|
|
* @param ports: already opened ports.
|
|
* @param worker: worker with communication base. and links to command channels.
|
|
* @return false on error.
|
|
*/
|
|
int daemon_remote_open_accept(struct daemon_remote* rc,
|
|
struct listen_port* ports, struct worker* worker);
|
|
|
|
/**
|
|
* Stop accept handlers for TCP (until enabled again)
|
|
* @param rc: state
|
|
*/
|
|
void daemon_remote_stop_accept(struct daemon_remote* rc);
|
|
|
|
/**
|
|
* Stop accept handlers for TCP (until enabled again)
|
|
* @param rc: state
|
|
*/
|
|
void daemon_remote_start_accept(struct daemon_remote* rc);
|
|
|
|
/**
|
|
* Handle nonthreaded remote cmd execution.
|
|
* @param worker: this worker (the remote worker).
|
|
*/
|
|
void daemon_remote_exec(struct worker* worker);
|
|
|
|
#ifdef HAVE_SSL
|
|
/**
|
|
* Print fixed line of text over ssl connection in blocking mode
|
|
* @param ssl: print to
|
|
* @param text: the text.
|
|
* @return false on connection failure.
|
|
*/
|
|
int ssl_print_text(SSL* ssl, const char* text);
|
|
|
|
/**
|
|
* printf style printing to the ssl connection
|
|
* @param ssl: the SSL connection to print to. Blocking.
|
|
* @param format: printf style format string.
|
|
* @return success or false on a network failure.
|
|
*/
|
|
int ssl_printf(SSL* ssl, const char* format, ...)
|
|
ATTR_FORMAT(printf, 2, 3);
|
|
|
|
/**
|
|
* Read until \n is encountered
|
|
* If SSL signals EOF, the string up to then is returned (without \n).
|
|
* @param ssl: the SSL connection to read from. blocking.
|
|
* @param buf: buffer to read to.
|
|
* @param max: size of buffer.
|
|
* @return false on connection failure.
|
|
*/
|
|
int ssl_read_line(SSL* ssl, char* buf, size_t max);
|
|
#endif /* HAVE_SSL */
|
|
|
|
#endif /* DAEMON_REMOTE_H */
|