upstream/unbound
1
0
Fork 0
mirror of https://github.com/NLnetLabs/unbound.git synced 2025-12-20 23:00:56 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
unbound/daemon/remote.c

311 lines
7.9 KiB
C
Raw Normal View History

remote control setup, port binding and service. git-svn-id: file:///svn/unbound/trunk@1227 be551aaa-1e26-0410-a405-d3ace91eadb9
2008-09-10 11:23:01 -04:00
/*
* daemon/remote.c - remote control for the unbound daemon.
*
* Copyright (c) 2008, NLnet Labs. All rights reserved.
*
* This software is open source.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
*
* Redistributions in binary form must reproduce the above copyright notice,
* this list of conditions and the following disclaimer in the documentation
* and/or other materials provided with the distribution.
*
* Neither the name of the NLNET LABS nor the names of its contributors may
* be used to endorse or promote products derived from this software without
* specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
* TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE
* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*/
/**
* \file
*
* This file contains the remote control functionality for the daemon.
* The remote control can be performed using either the commandline
* unbound-control tool, or a SSLv3/TLS capable web browser.
* The channel is secured using SSLv3 or TLSv1, and certificates.
* Both the server and the client(control tool) have their own keys.
*/
#include "config.h"
#include "daemon/remote.h"
#include "daemon/worker.h"
#include "util/log.h"
#include "util/config_file.h"
#include "util/net_help.h"
#include "services/listen_dnsport.h"
#ifdef HAVE_SYS_TYPES_H
# include <sys/types.h>
#endif
#ifdef HAVE_NETDB_H
#include <netdb.h>
#endif
struct daemon_remote*
daemon_remote_create(struct worker* worker)
{
struct daemon_remote* rc = (struct daemon_remote*)calloc(1,
sizeof(*rc));
if(!rc) {
log_err("out of memory in daemon_remote_create");
return NULL;
}
rc->worker = worker;
rc->max_active = 10;
/* TODO setup the context */
return rc;
}
void daemon_remote_delete(struct daemon_remote* rc)
{
struct rc_state* p, *np;
if(!rc) return;
/* but do not close the ports */
listen_list_delete(rc->accept_list);
/* do close these sockets */
p = rc->busy_list;
while(p) {
np = p->next;
if(p->ssl)
SSL_free(p->ssl);
comm_point_delete(p->c);
free(p);
p = np;
}
SSL_CTX_free(rc->ctx);
free(rc);
}
/**
* Add and open a new control port
* @param ip: ip str
* @param nr: port nr
* @param list: list head
* @param noproto_is_err: if lack of protocol support is an error.
* @return false on failure.
*/
static int
add_open(char* ip, int nr, struct listen_port** list, int noproto_is_err)
{
struct addrinfo hints;
struct addrinfo* res;
struct listen_port* n;
int noproto;
int fd, r;
char port[15];
snprintf(port, sizeof(port), "%d", nr);
port[sizeof(port)-1]=0;
memset(&hints, 0, sizeof(hints));
hints.ai_socktype = SOCK_STREAM;
hints.ai_flags = AI_PASSIVE | AI_NUMERICHOST;
if((r = getaddrinfo(ip, port, &hints, &res)) != 0 || !res) {
log_err("control interface %s:%s getaddrinfo: %s %s",
ip?ip:"default", port, gai_strerror(r),
#ifdef EAI_SYSTEM
r==EAI_SYSTEM?(char*)strerror(errno):""
#else
""
#endif
);
}
/* open fd */
fd = create_tcp_accept_sock(res, 1, &noproto);
freeaddrinfo(res);
if(fd == -1 && noproto) {
if(!noproto_is_err)
return 1; /* return success, but do nothing */
log_err("cannot open control interface %s %d : "
"protocol not supported", ip, nr);
return 0;
}
if(fd == -1) {
log_err("cannot open control interface %s %d", ip, nr);
return 0;
}
/* alloc */
n = (struct listen_port*)calloc(1, sizeof(*n));
if(!n) {
close(fd);
log_err("out of memory");
return 0;
}
n->next = *list;
*list = n;
n->fd = fd;
return 1;
}
struct listen_port* daemon_remote_open_ports(struct config_file* cfg)
{
struct listen_port* l = NULL;
log_assert(cfg->remote_control_enable && cfg->control_port);
if(cfg->control_ifs) {
struct config_strlist* p = cfg->control_ifs;
for(p = cfg->control_ifs; p; p = p->next) {
if(!add_open(p->str, cfg->control_port, &l, 1)) {
listening_ports_free(l);
return NULL;
}
}
} else {
/* defaults */
if(cfg->do_ip6 &&
!add_open("::1", cfg->control_port, &l, 0)) {
listening_ports_free(l);
return NULL;
}
if(cfg->do_ip4 &&
!add_open("127.0.0.1", cfg->control_port, &l, 1)) {
listening_ports_free(l);
return NULL;
}
}
return l;
}
/** open accept commpoint */
static int
accept_open(struct daemon_remote* rc, int fd)
{
struct listen_list* n = (struct listen_list*)malloc(sizeof(*n));
if(!n) {
log_err("out of memory");
return 0;
}
n->next = rc->accept_list;
rc->accept_list = n;
/* open commpt */
n->com = comm_point_create_raw(rc->worker->base, fd, 0,
&remote_accept_callback, rc);
if(!n->com)
return 0;
/* keep this port open, its fd is kept in the rc portlist */
n->com->do_not_close = 1;
return 1;
}
int daemon_remote_open_accept(struct daemon_remote* rc,
struct listen_port* ports)
{
struct listen_port* p;
for(p = ports; p; p = p->next) {
if(!accept_open(rc, p->fd)) {
log_err("could not create accept comm point");
return 0;
}
}
return 1;
}
int remote_accept_callback(struct comm_point* c, void* arg, int err,
struct comm_reply* ATTR_UNUSED(rep))
{
struct daemon_remote* rc = (struct daemon_remote*)arg;
struct sockaddr_storage addr;
socklen_t addrlen;
int newfd;
struct rc_state* n;
if(err != NETEVENT_NOERROR) {
log_err("error %d on remote_accept_callback", err);
return 0;
}
/* perform the accept */
newfd = comm_point_perform_accept(c, &addr, &addrlen);
if(newfd == -1)
return 0;
/* create new commpoint unless we are servicing already */
if(rc->active >= rc->max_active) {
log_warn("drop incoming remote control: too many connections");
comm_point_stop_listening(c);
close(newfd);
return 0;
}
/* setup commpoint to service the remote control command */
n = (struct rc_state*)calloc(1, sizeof(*n));
if(!n) {
log_err("out of memory");
close(newfd);
return 0;
}
/* start in reading state */
n->c = comm_point_create_raw(rc->worker->base, newfd, 0,
&remote_control_callback, n);
if(!n->c) {
log_err("out of memory");
close(newfd);
free(n);
return 0;
}
log_addr(VERB_QUERY, "new control connection from", &addr, addrlen);
memcpy(&n->c->repinfo.addr, &addr, addrlen);
n->c->repinfo.addrlen = addrlen;
/* TODO setup ssl, assign fd */
n->rc = rc;
n->next = rc->busy_list;
rc->busy_list = n;
rc->active ++;
return 0;
}
/** delete from list */
static void
state_list_remove_elem(struct rc_state** list, struct comm_point* c)
{
while(*list) {
if( (*list)->c == c) {
*list = (*list)->next;
return;
}
list = &(*list)->next;
}
}
/** decrease active count and remove commpoint from busy list */
static void
clean_point(struct daemon_remote* rc, struct rc_state* s)
{
state_list_remove_elem(&rc->busy_list, s->c);
rc->active --;
if(s->ssl)
SSL_free(s->ssl);
comm_point_delete(s->c);
free(s);
}
int remote_control_callback(struct comm_point* c, void* arg, int err,
struct comm_reply* ATTR_UNUSED(rep))
{
struct rc_state* s = (struct rc_state*)arg;
struct daemon_remote* rc = s->rc;
if(err != NETEVENT_NOERROR) {
clean_point(rc, s);
return 0;
}
/* TODO (continue to) setup the SSL connection */
/* once handshake has completed, check authentication */
/* if OK start to actually handle the request */
return 0;
}
Reference in a new issue Copy permalink