remote.h revision 238106
1/* 2 * daemon/remote.h - remote control for the unbound daemon. 3 * 4 * Copyright (c) 2008, NLnet Labs. All rights reserved. 5 * 6 * This software is open source. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 12 * Redistributions of source code must retain the above copyright notice, 13 * this list of conditions and the following disclaimer. 14 * 15 * Redistributions in binary form must reproduce the above copyright notice, 16 * this list of conditions and the following disclaimer in the documentation 17 * and/or other materials provided with the distribution. 18 * 19 * Neither the name of the NLNET LABS nor the names of its contributors may 20 * be used to endorse or promote products derived from this software without 21 * specific prior written permission. 22 * 23 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 24 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 25 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 26 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE 27 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 28 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 29 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 30 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 31 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 32 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 33 * POSSIBILITY OF SUCH DAMAGE. 34 */ 35 36/** 37 * \file 38 * 39 * This file contains the remote control functionality for the daemon. 40 * The remote control can be performed using either the commandline 41 * unbound-control tool, or a SSLv3/TLS capable web browser. 42 * The channel is secured using SSLv3 or TLSv1, and certificates. 43 * Both the server and the client(control tool) have their own keys. 44 */ 45 46#ifndef DAEMON_REMOTE_H 47#define DAEMON_REMOTE_H 48#ifdef HAVE_OPENSSL_SSL_H 49#include "openssl/ssl.h" 50#endif 51struct config_file; 52struct listen_list; 53struct listen_port; 54struct worker; 55struct comm_reply; 56struct comm_point; 57struct daemon_remote; 58 59/** number of seconds timeout on incoming remote control handshake */ 60#define REMOTE_CONTROL_TCP_TIMEOUT 120 61 62/** 63 * a busy control command connection, SSL state 64 */ 65struct rc_state { 66 /** the next item in list */ 67 struct rc_state* next; 68 /** the commpoint */ 69 struct comm_point* c; 70 /** in the handshake part */ 71 enum { rc_none, rc_hs_read, rc_hs_write } shake_state; 72 /** the ssl state */ 73 SSL* ssl; 74 /** the rc this is part of */ 75 struct daemon_remote* rc; 76}; 77 78/** 79 * The remote control tool state. 80 * The state is only created for the first thread, other threads 81 * are called from this thread. Only the first threads listens to 82 * the control port. The other threads do not, but are called on the 83 * command channel(pipe) from the first thread. 84 */ 85struct daemon_remote { 86 /** the worker for this remote control */ 87 struct worker* worker; 88 /** commpoints for accepting remote control connections */ 89 struct listen_list* accept_list; 90 /** number of active commpoints that are handling remote control */ 91 int active; 92 /** max active commpoints */ 93 int max_active; 94 /** current commpoints busy; should be a short list, malloced */ 95 struct rc_state* busy_list; 96 /** the SSL context for creating new SSL streams */ 97 SSL_CTX* ctx; 98}; 99 100/** 101 * Create new remote control state for the daemon. 102 * @param cfg: config file with key file settings. 103 * @return new state, or NULL on failure. 104 */ 105struct daemon_remote* daemon_remote_create(struct config_file* cfg); 106 107/** 108 * remote control state to delete. 109 * @param rc: state to delete. 110 */ 111void daemon_remote_delete(struct daemon_remote* rc); 112 113/** 114 * remote control state to clear up. Busy and accept points are closed. 115 * Does not delete the rc itself, or the ssl context (with its keys). 116 * @param rc: state to clear. 117 */ 118void daemon_remote_clear(struct daemon_remote* rc); 119 120/** 121 * Open and create listening ports for remote control. 122 * @param cfg: config options. 123 * @return list of ports or NULL on failure. 124 * can be freed with listening_ports_free(). 125 */ 126struct listen_port* daemon_remote_open_ports(struct config_file* cfg); 127 128/** 129 * Setup comm points for accepting remote control connections. 130 * @param rc: state 131 * @param ports: already opened ports. 132 * @param worker: worker with communication base. and links to command channels. 133 * @return false on error. 134 */ 135int daemon_remote_open_accept(struct daemon_remote* rc, 136 struct listen_port* ports, struct worker* worker); 137 138/** 139 * Stop accept handlers for TCP (until enabled again) 140 * @param rc: state 141 */ 142void daemon_remote_stop_accept(struct daemon_remote* rc); 143 144/** 145 * Stop accept handlers for TCP (until enabled again) 146 * @param rc: state 147 */ 148void daemon_remote_start_accept(struct daemon_remote* rc); 149 150/** 151 * Handle nonthreaded remote cmd execution. 152 * @param worker: this worker (the remote worker). 153 */ 154void daemon_remote_exec(struct worker* worker); 155 156/** handle remote control accept callbacks */ 157int remote_accept_callback(struct comm_point*, void*, int, struct comm_reply*); 158 159/** handle remote control data callbacks */ 160int remote_control_callback(struct comm_point*, void*, int, struct comm_reply*); 161 162/** 163 * Print fixed line of text over ssl connection in blocking mode 164 * @param ssl: print to 165 * @param text: the text. 166 * @return false on connection failure. 167 */ 168int ssl_print_text(SSL* ssl, const char* text); 169 170/** 171 * printf style printing to the ssl connection 172 * @param ssl: the SSL connection to print to. Blocking. 173 * @param format: printf style format string. 174 * @return success or false on a network failure. 175 */ 176int ssl_printf(SSL* ssl, const char* format, ...) 177 ATTR_FORMAT(printf, 2, 3); 178 179/** 180 * Read until \n is encountered 181 * If SSL signals EOF, the string up to then is returned (without \n). 182 * @param ssl: the SSL connection to read from. blocking. 183 * @param buf: buffer to read to. 184 * @param max: size of buffer. 185 * @return false on connection failure. 186 */ 187int ssl_read_line(SSL* ssl, char* buf, size_t max); 188 189/** routine to printout option values over SSL */ 190void remote_get_opt_ssl(char* line, void* arg); 191 192#endif /* DAEMON_REMOTE_H */ 193