2 control.c -- Control socket handling.
3 Copyright (C) 2007 Guus Sliepen <guus@tinc-vpn.org>
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License as published by
7 the Free Software Foundation; either version 2 of the License, or
8 (at your option) any later version.
10 This program is distributed in the hope that it will be useful,
11 but WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 GNU General Public License for more details.
15 You should have received a copy of the GNU General Public License
16 along with this program; if not, write to the Free Software
17 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
27 #include "control_common.h"
32 static int control_socket = -1;
33 static struct event control_event;
34 static splay_tree_t *control_socket_tree;
35 extern char *controlsocketname;
37 static void handle_control_data(struct bufferevent *event, void *data) {
38 tinc_ctl_request_t req;
39 tinc_ctl_request_t res;
40 struct evbuffer *res_data = NULL;
43 if(EVBUFFER_LENGTH(event->input) < sizeof req)
46 /* Copy the structure to ensure alignment */
47 memcpy(&req, EVBUFFER_DATA(event->input), sizeof req);
49 if(EVBUFFER_LENGTH(event->input) < req.length)
51 req_data = EVBUFFER_DATA(event->input) + sizeof req;
53 if(req.length < sizeof req)
56 memset(&res, 0, sizeof res);
60 res_data = evbuffer_new();
61 if(res_data == NULL) {
62 res.res_errno = ENOMEM;
66 if(req.type == REQ_STOP) {
67 logger(LOG_NOTICE, _("Got '%s' command"), "stop");
72 if(req.type == REQ_DUMP_NODES) {
73 logger(LOG_NOTICE, _("Got '%s' command"), "dump nodes");
74 res.res_errno = dump_nodes(res_data);
78 if(req.type == REQ_DUMP_EDGES) {
79 logger(LOG_NOTICE, _("Got '%s' command"), "dump edges");
80 res.res_errno = dump_edges(res_data);
84 if(req.type == REQ_DUMP_SUBNETS) {
85 logger(LOG_NOTICE, _("Got '%s' command"), "dump subnets");
86 res.res_errno = dump_subnets(res_data);
90 if(req.type == REQ_DUMP_CONNECTIONS) {
91 logger(LOG_NOTICE, _("Got '%s' command"), "dump connections");
92 res.res_errno = dump_connections(res_data);
96 if(req.type == REQ_DUMP_GRAPH) {
97 logger(LOG_NOTICE, _("Got '%s' command"), "dump graph");
98 res.res_errno = dump_graph(res_data);
102 if(req.type == REQ_PURGE) {
103 logger(LOG_NOTICE, _("Got '%s' command"), "purge");
108 if(req.type == REQ_SET_DEBUG) {
109 debug_t new_debug_level;
111 logger(LOG_NOTICE, _("Got '%s' command"), "debug");
112 if(req.length != sizeof req + sizeof debug_level)
113 res.res_errno = EINVAL;
115 memcpy(&new_debug_level, req_data, sizeof new_debug_level);
116 logger(LOG_NOTICE, _("Changing debug level from %d to %d"),
117 debug_level, new_debug_level);
118 if(evbuffer_add_printf(res_data,
119 _("Changing debug level from %d to %d\n"),
120 debug_level, new_debug_level) == -1)
121 res.res_errno = errno;
122 debug_level = new_debug_level;
127 if(req.type == REQ_RETRY) {
128 logger(LOG_NOTICE, _("Got '%s' command"), "retry");
133 if(req.type == REQ_RELOAD) {
134 logger(LOG_NOTICE, _("Got '%s' command"), "reload");
135 res.res_errno = reload_configuration();
139 logger(LOG_DEBUG, _("Malformed control command received"));
140 res.res_errno = EINVAL;
143 res.length = (sizeof res)
144 + ((res_data == NULL) ? 0 : EVBUFFER_LENGTH(res_data));
145 evbuffer_drain(event->input, req.length);
146 if(bufferevent_write(event, &res, sizeof res) == -1)
148 if(res_data != NULL) {
149 if(bufferevent_write_buffer(event, res_data) == -1)
151 evbuffer_free(res_data);
156 logger(LOG_INFO, _("Closing control socket on error"));
157 evbuffer_free(res_data);
158 close(event->ev_read.ev_fd);
159 splay_delete(control_socket_tree, event);
162 static void handle_control_error(struct bufferevent *event, short what, void *data) {
163 if(what & EVBUFFER_EOF)
164 logger(LOG_DEBUG, _("Control socket connection closed by peer"));
166 logger(LOG_DEBUG, _("Error while reading from control socket: %s"), strerror(errno));
168 close(event->ev_read.ev_fd);
169 splay_delete(control_socket_tree, event);
172 static void handle_new_control_socket(int fd, short events, void *data) {
174 struct bufferevent *ev;
175 tinc_ctl_greeting_t greeting;
177 newfd = accept(fd, NULL, NULL);
180 logger(LOG_ERR, _("Accepting a new connection failed: %s"), strerror(errno));
181 event_del(&control_event);
185 ev = bufferevent_new(newfd, handle_control_data, NULL, handle_control_error, NULL);
187 logger(LOG_ERR, _("Could not create bufferevent for new control connection: %s"), strerror(errno));
192 memset(&greeting, 0, sizeof greeting);
193 greeting.version = TINC_CTL_VERSION_CURRENT;
194 greeting.pid = getpid();
195 if(bufferevent_write(ev, &greeting, sizeof greeting) == -1) {
197 _("Cannot send greeting for new control connection: %s"),
199 bufferevent_free(ev);
204 bufferevent_enable(ev, EV_READ);
205 splay_insert(control_socket_tree, ev);
207 logger(LOG_DEBUG, _("Control socket connection accepted"));
210 static int control_compare(const struct event *a, const struct event *b) {
211 return a < b ? -1 : a > b ? 1 : 0;
214 bool init_control() {
216 struct sockaddr_un addr;
219 if(strlen(controlsocketname) >= sizeof addr.sun_path) {
220 logger(LOG_ERR, _("Control socket filename too long!"));
224 memset(&addr, 0, sizeof addr);
225 addr.sun_family = AF_UNIX;
226 strncpy(addr.sun_path, controlsocketname, sizeof addr.sun_path - 1);
228 control_socket = socket(PF_UNIX, SOCK_STREAM, 0);
230 if(control_socket < 0) {
231 logger(LOG_ERR, _("Creating UNIX socket failed: %s"), strerror(errno));
236 * Restrict connections to our control socket by ensuring the parent
237 * directory can be traversed only by root. Note this is not totally
238 * race-free unless all ancestors are writable only by trusted users,
239 * which we don't verify.
243 lastslash = strrchr(controlsocketname, '/');
244 if(lastslash != NULL) {
245 *lastslash = 0; /* temporarily change controlsocketname to be dir */
246 if(mkdir(controlsocketname, 0700) < 0 && errno != EEXIST) {
247 logger(LOG_ERR, _("Unable to create control socket directory %s: %s"), controlsocketname, strerror(errno));
252 result = stat(controlsocketname, &statbuf);
255 result = stat(".", &statbuf);
258 logger(LOG_ERR, _("Examining control socket directory failed: %s"), strerror(errno));
262 if(statbuf.st_uid != 0 || (statbuf.st_mode & S_IXOTH) != 0 || (statbuf.st_gid != 0 && (statbuf.st_mode & S_IXGRP)) != 0) {
263 logger(LOG_ERR, _("Control socket directory ownership/permissions insecure."));
267 result = bind(control_socket, (struct sockaddr *)&addr, sizeof addr);
269 if(result < 0 && errno == EADDRINUSE) {
270 result = connect(control_socket, (struct sockaddr *)&addr, sizeof addr);
272 logger(LOG_WARNING, _("Removing old control socket."));
273 unlink(controlsocketname);
274 result = bind(control_socket, (struct sockaddr *)&addr, sizeof addr);
277 logger(LOG_ERR, _("Another tincd is already running for net `%s'."), netname);
279 logger(LOG_ERR, _("Another tincd is already running."));
285 logger(LOG_ERR, _("Can't bind to %s: %s"), controlsocketname, strerror(errno));
289 if(listen(control_socket, 3) < 0) {
290 logger(LOG_ERR, _("Can't listen on %s: %s"), controlsocketname, strerror(errno));
294 control_socket_tree = splay_alloc_tree((splay_compare_t)control_compare, (splay_action_t)bufferevent_free);
296 event_set(&control_event, control_socket, EV_READ | EV_PERSIST, handle_new_control_socket, NULL);
297 event_add(&control_event, NULL);
301 if(control_socket != -1) {
302 close(control_socket);
308 void exit_control() {
309 event_del(&control_event);
310 close(control_socket);
311 unlink(controlsocketname);