1238106Sdes/* 2238106Sdes * daemon/remote.h - remote control for the unbound daemon. 3238106Sdes * 4238106Sdes * Copyright (c) 2008, NLnet Labs. All rights reserved. 5238106Sdes * 6238106Sdes * This software is open source. 7238106Sdes * 8238106Sdes * Redistribution and use in source and binary forms, with or without 9238106Sdes * modification, are permitted provided that the following conditions 10238106Sdes * are met: 11238106Sdes * 12238106Sdes * Redistributions of source code must retain the above copyright notice, 13238106Sdes * this list of conditions and the following disclaimer. 14238106Sdes * 15238106Sdes * Redistributions in binary form must reproduce the above copyright notice, 16238106Sdes * this list of conditions and the following disclaimer in the documentation 17238106Sdes * and/or other materials provided with the distribution. 18238106Sdes * 19238106Sdes * Neither the name of the NLNET LABS nor the names of its contributors may 20238106Sdes * be used to endorse or promote products derived from this software without 21238106Sdes * specific prior written permission. 22238106Sdes * 23238106Sdes * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 24266114Sdes * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 25266114Sdes * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 26266114Sdes * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 27266114Sdes * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 28266114Sdes * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED 29266114Sdes * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR 30266114Sdes * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF 31266114Sdes * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 32266114Sdes * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 33266114Sdes * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 34238106Sdes */ 35238106Sdes 36238106Sdes/** 37238106Sdes * \file 38238106Sdes * 39238106Sdes * This file contains the remote control functionality for the daemon. 40238106Sdes * The remote control can be performed using either the commandline 41238106Sdes * unbound-control tool, or a SSLv3/TLS capable web browser. 42238106Sdes * The channel is secured using SSLv3 or TLSv1, and certificates. 43238106Sdes * Both the server and the client(control tool) have their own keys. 44238106Sdes */ 45238106Sdes 46238106Sdes#ifndef DAEMON_REMOTE_H 47238106Sdes#define DAEMON_REMOTE_H 48238106Sdes#ifdef HAVE_OPENSSL_SSL_H 49238106Sdes#include "openssl/ssl.h" 50238106Sdes#endif 51238106Sdesstruct config_file; 52238106Sdesstruct listen_list; 53238106Sdesstruct listen_port; 54238106Sdesstruct worker; 55238106Sdesstruct comm_reply; 56238106Sdesstruct comm_point; 57238106Sdesstruct daemon_remote; 58238106Sdes 59307729Sdes/** number of milliseconds timeout on incoming remote control handshake */ 60307729Sdes#define REMOTE_CONTROL_TCP_TIMEOUT 120000 61238106Sdes 62238106Sdes/** 63238106Sdes * a busy control command connection, SSL state 64238106Sdes */ 65238106Sdesstruct rc_state { 66238106Sdes /** the next item in list */ 67238106Sdes struct rc_state* next; 68238106Sdes /** the commpoint */ 69238106Sdes struct comm_point* c; 70238106Sdes /** in the handshake part */ 71238106Sdes enum { rc_none, rc_hs_read, rc_hs_write } shake_state; 72249141Sdes#ifdef HAVE_SSL 73238106Sdes /** the ssl state */ 74238106Sdes SSL* ssl; 75249141Sdes#endif 76356345Scy /** file descriptor */ 77356345Scy int fd; 78238106Sdes /** the rc this is part of */ 79238106Sdes struct daemon_remote* rc; 80238106Sdes}; 81238106Sdes 82238106Sdes/** 83238106Sdes * The remote control tool state. 84238106Sdes * The state is only created for the first thread, other threads 85238106Sdes * are called from this thread. Only the first threads listens to 86238106Sdes * the control port. The other threads do not, but are called on the 87238106Sdes * command channel(pipe) from the first thread. 88238106Sdes */ 89238106Sdesstruct daemon_remote { 90238106Sdes /** the worker for this remote control */ 91238106Sdes struct worker* worker; 92238106Sdes /** commpoints for accepting remote control connections */ 93238106Sdes struct listen_list* accept_list; 94276699Sdes /* if certificates are used */ 95276699Sdes int use_cert; 96238106Sdes /** number of active commpoints that are handling remote control */ 97238106Sdes int active; 98238106Sdes /** max active commpoints */ 99238106Sdes int max_active; 100238106Sdes /** current commpoints busy; should be a short list, malloced */ 101238106Sdes struct rc_state* busy_list; 102249141Sdes#ifdef HAVE_SSL 103238106Sdes /** the SSL context for creating new SSL streams */ 104238106Sdes SSL_CTX* ctx; 105249141Sdes#endif 106238106Sdes}; 107238106Sdes 108238106Sdes/** 109356345Scy * Connection to print to, either SSL or plain over fd 110356345Scy */ 111356345Scystruct remote_stream { 112356345Scy#ifdef HAVE_SSL 113356345Scy /** SSL structure, nonNULL if using SSL */ 114356345Scy SSL* ssl; 115356345Scy#endif 116356345Scy /** file descriptor for plain transfer */ 117356345Scy int fd; 118356345Scy}; 119356345Scytypedef struct remote_stream RES; 120356345Scy 121356345Scy/** 122238106Sdes * Create new remote control state for the daemon. 123238106Sdes * @param cfg: config file with key file settings. 124238106Sdes * @return new state, or NULL on failure. 125238106Sdes */ 126238106Sdesstruct daemon_remote* daemon_remote_create(struct config_file* cfg); 127238106Sdes 128238106Sdes/** 129238106Sdes * remote control state to delete. 130238106Sdes * @param rc: state to delete. 131238106Sdes */ 132238106Sdesvoid daemon_remote_delete(struct daemon_remote* rc); 133238106Sdes 134238106Sdes/** 135238106Sdes * remote control state to clear up. Busy and accept points are closed. 136238106Sdes * Does not delete the rc itself, or the ssl context (with its keys). 137238106Sdes * @param rc: state to clear. 138238106Sdes */ 139238106Sdesvoid daemon_remote_clear(struct daemon_remote* rc); 140238106Sdes 141238106Sdes/** 142238106Sdes * Open and create listening ports for remote control. 143238106Sdes * @param cfg: config options. 144238106Sdes * @return list of ports or NULL on failure. 145238106Sdes * can be freed with listening_ports_free(). 146238106Sdes */ 147238106Sdesstruct listen_port* daemon_remote_open_ports(struct config_file* cfg); 148238106Sdes 149238106Sdes/** 150238106Sdes * Setup comm points for accepting remote control connections. 151238106Sdes * @param rc: state 152238106Sdes * @param ports: already opened ports. 153238106Sdes * @param worker: worker with communication base. and links to command channels. 154238106Sdes * @return false on error. 155238106Sdes */ 156238106Sdesint daemon_remote_open_accept(struct daemon_remote* rc, 157238106Sdes struct listen_port* ports, struct worker* worker); 158238106Sdes 159238106Sdes/** 160238106Sdes * Stop accept handlers for TCP (until enabled again) 161238106Sdes * @param rc: state 162238106Sdes */ 163238106Sdesvoid daemon_remote_stop_accept(struct daemon_remote* rc); 164238106Sdes 165238106Sdes/** 166238106Sdes * Stop accept handlers for TCP (until enabled again) 167238106Sdes * @param rc: state 168238106Sdes */ 169238106Sdesvoid daemon_remote_start_accept(struct daemon_remote* rc); 170238106Sdes 171238106Sdes/** 172238106Sdes * Handle nonthreaded remote cmd execution. 173238106Sdes * @param worker: this worker (the remote worker). 174238106Sdes */ 175238106Sdesvoid daemon_remote_exec(struct worker* worker); 176238106Sdes 177249141Sdes#ifdef HAVE_SSL 178238106Sdes/** 179238106Sdes * Print fixed line of text over ssl connection in blocking mode 180238106Sdes * @param ssl: print to 181238106Sdes * @param text: the text. 182238106Sdes * @return false on connection failure. 183238106Sdes */ 184356345Scyint ssl_print_text(RES* ssl, const char* text); 185238106Sdes 186238106Sdes/** 187238106Sdes * printf style printing to the ssl connection 188356345Scy * @param ssl: the RES connection to print to. Blocking. 189238106Sdes * @param format: printf style format string. 190238106Sdes * @return success or false on a network failure. 191238106Sdes */ 192356345Scyint ssl_printf(RES* ssl, const char* format, ...) 193238106Sdes ATTR_FORMAT(printf, 2, 3); 194238106Sdes 195238106Sdes/** 196238106Sdes * Read until \n is encountered 197356345Scy * If stream signals EOF, the string up to then is returned (without \n). 198356345Scy * @param ssl: the RES connection to read from. blocking. 199238106Sdes * @param buf: buffer to read to. 200238106Sdes * @param max: size of buffer. 201238106Sdes * @return false on connection failure. 202238106Sdes */ 203356345Scyint ssl_read_line(RES* ssl, char* buf, size_t max); 204249141Sdes#endif /* HAVE_SSL */ 205238106Sdes 206238106Sdes#endif /* DAEMON_REMOTE_H */ 207