remote.h revision 356345 
1/*
2 * daemon/remote.h - remote control for the unbound daemon.
3 *
4 * Copyright (c) 2008, NLnet Labs. All rights reserved.
5 *
6 * This software is open source.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * Redistributions of source code must retain the above copyright notice,
13 * this list of conditions and the following disclaimer.
14 *
15 * Redistributions in binary form must reproduce the above copyright notice,
16 * this list of conditions and the following disclaimer in the documentation
17 * and/or other materials provided with the distribution.
18 *
19 * Neither the name of the NLNET LABS nor the names of its contributors may
20 * be used to endorse or promote products derived from this software without
21 * specific prior written permission.
22 *
23 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
24 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
25 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
26 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
27 * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
28 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
29 * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
30 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
31 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
32 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
33 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
34 */
35
36/**
37 * \file
38 *
39 * This file contains the remote control functionality for the daemon.
40 * The remote control can be performed using either the commandline
41 * unbound-control tool, or a SSLv3/TLS capable web browser.
42 * The channel is secured using SSLv3 or TLSv1, and certificates.
43 * Both the server and the client(control tool) have their own keys.
44 */
45
46#ifndef DAEMON_REMOTE_H
47#define DAEMON_REMOTE_H
48#ifdef HAVE_OPENSSL_SSL_H
49#include "openssl/ssl.h"
50#endif
51struct config_file;
52struct listen_list;
53struct listen_port;
54struct worker;
55struct comm_reply;
56struct comm_point;
57struct daemon_remote;
58
59/** number of milliseconds timeout on incoming remote control handshake */
60#define REMOTE_CONTROL_TCP_TIMEOUT 120000
61
62/**
63 * a busy control command connection, SSL state
64 */
65struct rc_state {
66	/** the next item in list */
67	struct rc_state* next;
68	/** the commpoint */
69	struct comm_point* c;
70	/** in the handshake part */
71	enum { rc_none, rc_hs_read, rc_hs_write } shake_state;
72#ifdef HAVE_SSL
73	/** the ssl state */
74	SSL* ssl;
75#endif
76	/** file descriptor */
77        int fd;
78	/** the rc this is part of */
79	struct daemon_remote* rc;
80};
81
82/**
83 * The remote control tool state.
84 * The state is only created for the first thread, other threads
85 * are called from this thread.  Only the first threads listens to
86 * the control port.  The other threads do not, but are called on the
87 * command channel(pipe) from the first thread.
88 */
89struct daemon_remote {
90	/** the worker for this remote control */
91	struct worker* worker;
92	/** commpoints for accepting remote control connections */
93	struct listen_list* accept_list;
94	/* if certificates are used */
95	int use_cert;
96	/** number of active commpoints that are handling remote control */
97	int active;
98	/** max active commpoints */
99	int max_active;
100	/** current commpoints busy; should be a short list, malloced */
101	struct rc_state* busy_list;
102#ifdef HAVE_SSL
103	/** the SSL context for creating new SSL streams */
104	SSL_CTX* ctx;
105#endif
106};
107
108/**
109 * Connection to print to, either SSL or plain over fd
110 */
111struct remote_stream {
112#ifdef HAVE_SSL
113	/** SSL structure, nonNULL if using SSL */
114	SSL* ssl;
115#endif
116	/** file descriptor for plain transfer */
117	int fd;
118};
119typedef struct remote_stream RES;
120
121/**
122 * Create new remote control state for the daemon.
123 * @param cfg: config file with key file settings.
124 * @return new state, or NULL on failure.
125 */
126struct daemon_remote* daemon_remote_create(struct config_file* cfg);
127
128/**
129 * remote control state to delete.
130 * @param rc: state to delete.
131 */
132void daemon_remote_delete(struct daemon_remote* rc);
133
134/**
135 * remote control state to clear up. Busy and accept points are closed.
136 * Does not delete the rc itself, or the ssl context (with its keys).
137 * @param rc: state to clear.
138 */
139void daemon_remote_clear(struct daemon_remote* rc);
140
141/**
142 * Open and create listening ports for remote control.
143 * @param cfg: config options.
144 * @return list of ports or NULL on failure.
145 *	can be freed with listening_ports_free().
146 */
147struct listen_port* daemon_remote_open_ports(struct config_file* cfg);
148
149/**
150 * Setup comm points for accepting remote control connections.
151 * @param rc: state
152 * @param ports: already opened ports.
153 * @param worker: worker with communication base. and links to command channels.
154 * @return false on error.
155 */
156int daemon_remote_open_accept(struct daemon_remote* rc,
157	struct listen_port* ports, struct worker* worker);
158
159/**
160 * Stop accept handlers for TCP (until enabled again)
161 * @param rc: state
162 */
163void daemon_remote_stop_accept(struct daemon_remote* rc);
164
165/**
166 * Stop accept handlers for TCP (until enabled again)
167 * @param rc: state
168 */
169void daemon_remote_start_accept(struct daemon_remote* rc);
170
171/**
172 * Handle nonthreaded remote cmd execution.
173 * @param worker: this worker (the remote worker).
174 */
175void daemon_remote_exec(struct worker* worker);
176
177#ifdef HAVE_SSL
178/**
179 * Print fixed line of text over ssl connection in blocking mode
180 * @param ssl: print to
181 * @param text: the text.
182 * @return false on connection failure.
183 */
184int ssl_print_text(RES* ssl, const char* text);
185
186/**
187 * printf style printing to the ssl connection
188 * @param ssl: the RES connection to print to. Blocking.
189 * @param format: printf style format string.
190 * @return success or false on a network failure.
191 */
192int ssl_printf(RES* ssl, const char* format, ...)
193        ATTR_FORMAT(printf, 2, 3);
194
195/**
196 * Read until \n is encountered
197 * If stream signals EOF, the string up to then is returned (without \n).
198 * @param ssl: the RES connection to read from. blocking.
199 * @param buf: buffer to read to.
200 * @param max: size of buffer.
201 * @return false on connection failure.
202 */
203int ssl_read_line(RES* ssl, char* buf, size_t max);
204#endif /* HAVE_SSL */
205
206#endif /* DAEMON_REMOTE_H */
207