1 /* $OpenBSD: control.c,v 1.40 2011/05/20 09:43:53 reyk Exp $ */ 2 3 /* 4 * Copyright (c) 2003, 2004 Henning Brauer <henning@openbsd.org> 5 * 6 * Permission to use, copy, modify, and distribute this software for any 7 * purpose with or without fee is hereby granted, provided that the above 8 * copyright notice and this permission notice appear in all copies. 9 * 10 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 11 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 12 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 13 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 14 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17 */ 18 19 #include <sys/queue.h> 20 #include <sys/param.h> 21 #include <sys/stat.h> 22 #include <sys/socket.h> 23 #include <sys/un.h> 24 25 #include <net/if.h> 26 27 #include <errno.h> 28 #include <event.h> 29 #include <fcntl.h> 30 #include <stdlib.h> 31 #include <string.h> 32 #include <unistd.h> 33 #include <signal.h> 34 35 #include <openssl/ssl.h> 36 37 #include "relayd.h" 38 39 #define CONTROL_BACKLOG 5 40 41 struct ctl_connlist ctl_conns; 42 43 void control_accept(int, short, void *); 44 void control_close(int); 45 46 int 47 control_init(struct privsep *ps, struct control_sock *cs) 48 { 49 struct relayd *env = ps->ps_env; 50 struct sockaddr_un sun; 51 int fd; 52 mode_t old_umask, mode; 53 54 if (cs->cs_name == NULL) 55 return (0); 56 57 if ((fd = socket(AF_UNIX, SOCK_STREAM, 0)) == -1) { 58 log_warn("%s: socket", __func__); 59 return (-1); 60 } 61 62 sun.sun_family = AF_UNIX; 63 if (strlcpy(sun.sun_path, cs->cs_name, 64 sizeof(sun.sun_path)) >= sizeof(sun.sun_path)) { 65 log_warn("%s: %s name too long", __func__, cs->cs_name); 66 close(fd); 67 return (-1); 68 } 69 70 if (unlink(cs->cs_name) == -1) 71 if (errno != ENOENT) { 72 log_warn("%s: unlink %s", __func__, cs->cs_name); 73 close(fd); 74 return (-1); 75 } 76 77 if (cs->cs_restricted) { 78 old_umask = umask(S_IXUSR|S_IXGRP|S_IXOTH); 79 mode = S_IRUSR|S_IWUSR|S_IRGRP|S_IWGRP|S_IROTH|S_IWOTH; 80 } else { 81 old_umask = umask(S_IXUSR|S_IXGRP|S_IWOTH|S_IROTH|S_IXOTH); 82 mode = S_IRUSR|S_IWUSR|S_IRGRP|S_IWGRP; 83 } 84 85 if (bind(fd, (struct sockaddr *)&sun, sizeof(sun)) == -1) { 86 log_warn("%s: bind: %s", __func__, cs->cs_name); 87 close(fd); 88 (void)umask(old_umask); 89 return (-1); 90 } 91 (void)umask(old_umask); 92 93 if (chmod(cs->cs_name, mode) == -1) { 94 log_warn("%s: chmod", __func__); 95 close(fd); 96 (void)unlink(cs->cs_name); 97 return (-1); 98 } 99 100 socket_set_blockmode(fd, BM_NONBLOCK); 101 cs->cs_fd = fd; 102 cs->cs_env = env; 103 104 return (0); 105 } 106 107 int 108 control_listen(struct control_sock *cs) 109 { 110 if (cs->cs_name == NULL) 111 return (0); 112 113 if (listen(cs->cs_fd, CONTROL_BACKLOG) == -1) { 114 log_warn("%s: listen", __func__); 115 return (-1); 116 } 117 118 event_set(&cs->cs_ev, cs->cs_fd, EV_READ | EV_PERSIST, 119 control_accept, cs->cs_env); 120 event_add(&cs->cs_ev, NULL); 121 122 return (0); 123 } 124 125 void 126 control_cleanup(struct control_sock *cs) 127 { 128 if (cs->cs_name == NULL) 129 return; 130 (void)unlink(cs->cs_name); 131 } 132 133 /* ARGSUSED */ 134 void 135 control_accept(int listenfd, short event, void *arg) 136 { 137 int connfd; 138 socklen_t len; 139 struct sockaddr_un sun; 140 struct ctl_conn *c; 141 struct relayd *env = arg; 142 143 len = sizeof(sun); 144 if ((connfd = accept(listenfd, 145 (struct sockaddr *)&sun, &len)) == -1) { 146 if (errno != EWOULDBLOCK && errno != EINTR) 147 log_warn("%s: accept", __func__); 148 return; 149 } 150 151 socket_set_blockmode(connfd, BM_NONBLOCK); 152 153 if ((c = calloc(1, sizeof(struct ctl_conn))) == NULL) { 154 close(connfd); 155 log_warn("%s: calloc", __func__); 156 return; 157 } 158 159 imsg_init(&c->iev.ibuf, connfd); 160 c->iev.handler = control_dispatch_imsg; 161 c->iev.events = EV_READ; 162 event_set(&c->iev.ev, c->iev.ibuf.fd, c->iev.events, 163 c->iev.handler, env); 164 event_add(&c->iev.ev, NULL); 165 166 TAILQ_INSERT_TAIL(&ctl_conns, c, entry); 167 } 168 169 struct ctl_conn * 170 control_connbyfd(int fd) 171 { 172 struct ctl_conn *c; 173 174 for (c = TAILQ_FIRST(&ctl_conns); c != NULL && c->iev.ibuf.fd != fd; 175 c = TAILQ_NEXT(c, entry)) 176 ; /* nothing */ 177 178 return (c); 179 } 180 181 void 182 control_close(int fd) 183 { 184 struct ctl_conn *c; 185 186 if ((c = control_connbyfd(fd)) == NULL) { 187 log_warn("%s: fd %d not found", __func__, fd); 188 return; 189 } 190 191 msgbuf_clear(&c->iev.ibuf.w); 192 TAILQ_REMOVE(&ctl_conns, c, entry); 193 194 event_del(&c->iev.ev); 195 close(c->iev.ibuf.fd); 196 free(c); 197 } 198 199 /* ARGSUSED */ 200 void 201 control_dispatch_imsg(int fd, short event, void *arg) 202 { 203 struct ctl_conn *c; 204 struct imsg imsg; 205 struct ctl_id id; 206 int n; 207 int verbose; 208 struct relayd *env = arg; 209 210 if ((c = control_connbyfd(fd)) == NULL) { 211 log_warn("%s: fd %d not found", __func__, fd); 212 return; 213 } 214 215 if (event & EV_READ) { 216 if ((n = imsg_read(&c->iev.ibuf)) == -1 || n == 0) { 217 control_close(fd); 218 return; 219 } 220 } 221 222 if (event & EV_WRITE) { 223 if (msgbuf_write(&c->iev.ibuf.w) < 0) { 224 control_close(fd); 225 return; 226 } 227 } 228 229 for (;;) { 230 if ((n = imsg_get(&c->iev.ibuf, &imsg)) == -1) { 231 control_close(fd); 232 return; 233 } 234 235 if (n == 0) 236 break; 237 238 if (c->waiting) { 239 log_debug("%s: unexpected imsg %d", 240 __func__, imsg.hdr.type); 241 imsg_free(&imsg); 242 control_close(fd); 243 return; 244 } 245 246 switch (imsg.hdr.type) { 247 case IMSG_CTL_SHOW_SUM: 248 show(c); 249 break; 250 case IMSG_CTL_SESSION: 251 show_sessions(c); 252 break; 253 case IMSG_CTL_RDR_DISABLE: 254 if (imsg.hdr.len != IMSG_HEADER_SIZE + sizeof(id)) 255 fatalx("invalid imsg header len"); 256 memcpy(&id, imsg.data, sizeof(id)); 257 if (disable_rdr(c, &id)) 258 imsg_compose_event(&c->iev, IMSG_CTL_FAIL, 259 0, 0, -1, NULL, 0); 260 else { 261 memcpy(imsg.data, &id, sizeof(id)); 262 control_imsg_forward(&imsg); 263 imsg_compose_event(&c->iev, IMSG_CTL_OK, 264 0, 0, -1, NULL, 0); 265 } 266 break; 267 case IMSG_CTL_RDR_ENABLE: 268 if (imsg.hdr.len != IMSG_HEADER_SIZE + sizeof(id)) 269 fatalx("invalid imsg header len"); 270 memcpy(&id, imsg.data, sizeof(id)); 271 if (enable_rdr(c, &id)) 272 imsg_compose_event(&c->iev, IMSG_CTL_FAIL, 273 0, 0, -1, NULL, 0); 274 else { 275 memcpy(imsg.data, &id, sizeof(id)); 276 control_imsg_forward(&imsg); 277 imsg_compose_event(&c->iev, IMSG_CTL_OK, 278 0, 0, -1, NULL, 0); 279 } 280 break; 281 case IMSG_CTL_TABLE_DISABLE: 282 if (imsg.hdr.len != IMSG_HEADER_SIZE + sizeof(id)) 283 fatalx("invalid imsg header len"); 284 memcpy(&id, imsg.data, sizeof(id)); 285 if (disable_table(c, &id)) 286 imsg_compose_event(&c->iev, IMSG_CTL_FAIL, 287 0, 0, -1, NULL, 0); 288 else { 289 memcpy(imsg.data, &id, sizeof(id)); 290 control_imsg_forward(&imsg); 291 imsg_compose_event(&c->iev, IMSG_CTL_OK, 292 0, 0, -1, NULL, 0); 293 } 294 break; 295 case IMSG_CTL_TABLE_ENABLE: 296 if (imsg.hdr.len != IMSG_HEADER_SIZE + sizeof(id)) 297 fatalx("invalid imsg header len"); 298 memcpy(&id, imsg.data, sizeof(id)); 299 if (enable_table(c, &id)) 300 imsg_compose_event(&c->iev, IMSG_CTL_FAIL, 301 0, 0, -1, NULL, 0); 302 else { 303 memcpy(imsg.data, &id, sizeof(id)); 304 control_imsg_forward(&imsg); 305 imsg_compose_event(&c->iev, IMSG_CTL_OK, 306 0, 0, -1, NULL, 0); 307 } 308 break; 309 case IMSG_CTL_HOST_DISABLE: 310 if (imsg.hdr.len != IMSG_HEADER_SIZE + sizeof(id)) 311 fatalx("invalid imsg header len"); 312 memcpy(&id, imsg.data, sizeof(id)); 313 if (disable_host(c, &id, NULL)) 314 imsg_compose_event(&c->iev, IMSG_CTL_FAIL, 315 0, 0, -1, NULL, 0); 316 else { 317 memcpy(imsg.data, &id, sizeof(id)); 318 control_imsg_forward(&imsg); 319 imsg_compose_event(&c->iev, IMSG_CTL_OK, 320 0, 0, -1, NULL, 0); 321 } 322 break; 323 case IMSG_CTL_HOST_ENABLE: 324 if (imsg.hdr.len != IMSG_HEADER_SIZE + sizeof(id)) 325 fatalx("invalid imsg header len"); 326 memcpy(&id, imsg.data, sizeof(id)); 327 if (enable_host(c, &id, NULL)) 328 imsg_compose_event(&c->iev, IMSG_CTL_FAIL, 329 0, 0, -1, NULL, 0); 330 else { 331 memcpy(imsg.data, &id, sizeof(id)); 332 control_imsg_forward(&imsg); 333 imsg_compose_event(&c->iev, IMSG_CTL_OK, 334 0, 0, -1, NULL, 0); 335 } 336 break; 337 case IMSG_CTL_SHUTDOWN: 338 case IMSG_CTL_RELOAD: 339 proc_forward_imsg(env->sc_ps, &imsg, PROC_PARENT, -1); 340 break; 341 case IMSG_CTL_POLL: 342 proc_compose_imsg(env->sc_ps, PROC_HCE, -1, 343 IMSG_CTL_POLL, -1, NULL, 0); 344 imsg_compose_event(&c->iev, IMSG_CTL_OK, 345 0, 0, -1, NULL, 0); 346 break; 347 case IMSG_CTL_NOTIFY: 348 if (c->flags & CTL_CONN_NOTIFY) { 349 log_debug("%s: " 350 "client requested notify more than once", 351 __func__); 352 imsg_compose_event(&c->iev, IMSG_CTL_FAIL, 353 0, 0, -1, NULL, 0); 354 break; 355 } 356 c->flags |= CTL_CONN_NOTIFY; 357 break; 358 case IMSG_CTL_VERBOSE: 359 IMSG_SIZE_CHECK(&imsg, &verbose); 360 361 memcpy(&verbose, imsg.data, sizeof(verbose)); 362 363 proc_forward_imsg(env->sc_ps, &imsg, PROC_PARENT, -1); 364 proc_forward_imsg(env->sc_ps, &imsg, PROC_HCE, -1); 365 proc_forward_imsg(env->sc_ps, &imsg, PROC_RELAY, -1); 366 367 memcpy(imsg.data, &verbose, sizeof(verbose)); 368 control_imsg_forward(&imsg); 369 log_verbose(verbose); 370 break; 371 default: 372 log_debug("%s: error handling imsg %d", 373 __func__, imsg.hdr.type); 374 break; 375 } 376 imsg_free(&imsg); 377 } 378 379 imsg_event_add(&c->iev); 380 } 381 382 void 383 control_imsg_forward(struct imsg *imsg) 384 { 385 struct ctl_conn *c; 386 387 TAILQ_FOREACH(c, &ctl_conns, entry) 388 if (c->flags & CTL_CONN_NOTIFY) 389 imsg_compose_event(&c->iev, imsg->hdr.type, 390 0, imsg->hdr.pid, -1, imsg->data, 391 imsg->hdr.len - IMSG_HEADER_SIZE); 392 } 393 394 void 395 socket_set_blockmode(int fd, enum blockmodes bm) 396 { 397 int flags; 398 399 if ((flags = fcntl(fd, F_GETFL, 0)) == -1) 400 fatal("fcntl F_GETFL"); 401 402 if (bm == BM_NONBLOCK) 403 flags |= O_NONBLOCK; 404 else 405 flags &= ~O_NONBLOCK; 406 407 if ((flags = fcntl(fd, F_SETFL, flags)) == -1) 408 fatal("fcntl F_SETFL"); 409 } 410