1238106Sdes/* 2238106Sdes * daemon/remote.h - remote control for the unbound daemon. 3238106Sdes * 4238106Sdes * Copyright (c) 2008, NLnet Labs. All rights reserved. 5238106Sdes * 6238106Sdes * This software is open source. 7238106Sdes * 8238106Sdes * Redistribution and use in source and binary forms, with or without 9238106Sdes * modification, are permitted provided that the following conditions 10238106Sdes * are met: 11238106Sdes * 12238106Sdes * Redistributions of source code must retain the above copyright notice, 13238106Sdes * this list of conditions and the following disclaimer. 14238106Sdes * 15238106Sdes * Redistributions in binary form must reproduce the above copyright notice, 16238106Sdes * this list of conditions and the following disclaimer in the documentation 17238106Sdes * and/or other materials provided with the distribution. 18238106Sdes * 19238106Sdes * Neither the name of the NLNET LABS nor the names of its contributors may 20238106Sdes * be used to endorse or promote products derived from this software without 21238106Sdes * specific prior written permission. 22238106Sdes * 23238106Sdes * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 24269257Sdes * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 25269257Sdes * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 26269257Sdes * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 27269257Sdes * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 28269257Sdes * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED 29269257Sdes * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR 30269257Sdes * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF 31269257Sdes * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 32269257Sdes * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 33269257Sdes * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 34238106Sdes */ 35238106Sdes 36238106Sdes/** 37238106Sdes * \file 38238106Sdes * 39238106Sdes * This file contains the remote control functionality for the daemon. 40238106Sdes * The remote control can be performed using either the commandline 41238106Sdes * unbound-control tool, or a SSLv3/TLS capable web browser. 42238106Sdes * The channel is secured using SSLv3 or TLSv1, and certificates. 43238106Sdes * Both the server and the client(control tool) have their own keys. 44238106Sdes */ 45238106Sdes 46238106Sdes#ifndef DAEMON_REMOTE_H 47238106Sdes#define DAEMON_REMOTE_H 48238106Sdes#ifdef HAVE_OPENSSL_SSL_H 49238106Sdes#include "openssl/ssl.h" 50238106Sdes#endif 51238106Sdesstruct config_file; 52238106Sdesstruct listen_list; 53238106Sdesstruct listen_port; 54238106Sdesstruct worker; 55238106Sdesstruct comm_reply; 56238106Sdesstruct comm_point; 57238106Sdesstruct daemon_remote; 58238106Sdes 59238106Sdes/** number of seconds timeout on incoming remote control handshake */ 60238106Sdes#define REMOTE_CONTROL_TCP_TIMEOUT 120 61238106Sdes 62238106Sdes/** 63238106Sdes * a busy control command connection, SSL state 64238106Sdes */ 65238106Sdesstruct rc_state { 66238106Sdes /** the next item in list */ 67238106Sdes struct rc_state* next; 68238106Sdes /** the commpoint */ 69238106Sdes struct comm_point* c; 70238106Sdes /** in the handshake part */ 71238106Sdes enum { rc_none, rc_hs_read, rc_hs_write } shake_state; 72249141Sdes#ifdef HAVE_SSL 73238106Sdes /** the ssl state */ 74238106Sdes SSL* ssl; 75249141Sdes#endif 76238106Sdes /** the rc this is part of */ 77238106Sdes struct daemon_remote* rc; 78238106Sdes}; 79238106Sdes 80238106Sdes/** 81238106Sdes * The remote control tool state. 82238106Sdes * The state is only created for the first thread, other threads 83238106Sdes * are called from this thread. Only the first threads listens to 84238106Sdes * the control port. The other threads do not, but are called on the 85238106Sdes * command channel(pipe) from the first thread. 86238106Sdes */ 87238106Sdesstruct daemon_remote { 88238106Sdes /** the worker for this remote control */ 89238106Sdes struct worker* worker; 90238106Sdes /** commpoints for accepting remote control connections */ 91238106Sdes struct listen_list* accept_list; 92238106Sdes /** number of active commpoints that are handling remote control */ 93238106Sdes int active; 94238106Sdes /** max active commpoints */ 95238106Sdes int max_active; 96238106Sdes /** current commpoints busy; should be a short list, malloced */ 97238106Sdes struct rc_state* busy_list; 98249141Sdes#ifdef HAVE_SSL 99238106Sdes /** the SSL context for creating new SSL streams */ 100238106Sdes SSL_CTX* ctx; 101249141Sdes#endif 102238106Sdes}; 103238106Sdes 104238106Sdes/** 105238106Sdes * Create new remote control state for the daemon. 106238106Sdes * @param cfg: config file with key file settings. 107238106Sdes * @return new state, or NULL on failure. 108238106Sdes */ 109238106Sdesstruct daemon_remote* daemon_remote_create(struct config_file* cfg); 110238106Sdes 111238106Sdes/** 112238106Sdes * remote control state to delete. 113238106Sdes * @param rc: state to delete. 114238106Sdes */ 115238106Sdesvoid daemon_remote_delete(struct daemon_remote* rc); 116238106Sdes 117238106Sdes/** 118238106Sdes * remote control state to clear up. Busy and accept points are closed. 119238106Sdes * Does not delete the rc itself, or the ssl context (with its keys). 120238106Sdes * @param rc: state to clear. 121238106Sdes */ 122238106Sdesvoid daemon_remote_clear(struct daemon_remote* rc); 123238106Sdes 124238106Sdes/** 125238106Sdes * Open and create listening ports for remote control. 126238106Sdes * @param cfg: config options. 127238106Sdes * @return list of ports or NULL on failure. 128238106Sdes * can be freed with listening_ports_free(). 129238106Sdes */ 130238106Sdesstruct listen_port* daemon_remote_open_ports(struct config_file* cfg); 131238106Sdes 132238106Sdes/** 133238106Sdes * Setup comm points for accepting remote control connections. 134238106Sdes * @param rc: state 135238106Sdes * @param ports: already opened ports. 136238106Sdes * @param worker: worker with communication base. and links to command channels. 137238106Sdes * @return false on error. 138238106Sdes */ 139238106Sdesint daemon_remote_open_accept(struct daemon_remote* rc, 140238106Sdes struct listen_port* ports, struct worker* worker); 141238106Sdes 142238106Sdes/** 143238106Sdes * Stop accept handlers for TCP (until enabled again) 144238106Sdes * @param rc: state 145238106Sdes */ 146238106Sdesvoid daemon_remote_stop_accept(struct daemon_remote* rc); 147238106Sdes 148238106Sdes/** 149238106Sdes * Stop accept handlers for TCP (until enabled again) 150238106Sdes * @param rc: state 151238106Sdes */ 152238106Sdesvoid daemon_remote_start_accept(struct daemon_remote* rc); 153238106Sdes 154238106Sdes/** 155238106Sdes * Handle nonthreaded remote cmd execution. 156238106Sdes * @param worker: this worker (the remote worker). 157238106Sdes */ 158238106Sdesvoid daemon_remote_exec(struct worker* worker); 159238106Sdes 160249141Sdes#ifdef HAVE_SSL 161238106Sdes/** 162238106Sdes * Print fixed line of text over ssl connection in blocking mode 163238106Sdes * @param ssl: print to 164238106Sdes * @param text: the text. 165238106Sdes * @return false on connection failure. 166238106Sdes */ 167238106Sdesint ssl_print_text(SSL* ssl, const char* text); 168238106Sdes 169238106Sdes/** 170238106Sdes * printf style printing to the ssl connection 171238106Sdes * @param ssl: the SSL connection to print to. Blocking. 172238106Sdes * @param format: printf style format string. 173238106Sdes * @return success or false on a network failure. 174238106Sdes */ 175238106Sdesint ssl_printf(SSL* ssl, const char* format, ...) 176238106Sdes ATTR_FORMAT(printf, 2, 3); 177238106Sdes 178238106Sdes/** 179238106Sdes * Read until \n is encountered 180238106Sdes * If SSL signals EOF, the string up to then is returned (without \n). 181238106Sdes * @param ssl: the SSL connection to read from. blocking. 182238106Sdes * @param buf: buffer to read to. 183238106Sdes * @param max: size of buffer. 184238106Sdes * @return false on connection failure. 185238106Sdes */ 186238106Sdesint ssl_read_line(SSL* ssl, char* buf, size_t max); 187249141Sdes#endif /* HAVE_SSL */ 188238106Sdes 189238106Sdes#endif /* DAEMON_REMOTE_H */ 190