1b7579f77SDag-Erling Smørgrav /* 2b7579f77SDag-Erling Smørgrav * daemon/remote.h - remote control for the unbound daemon. 3b7579f77SDag-Erling Smørgrav * 4b7579f77SDag-Erling Smørgrav * Copyright (c) 2008, NLnet Labs. All rights reserved. 5b7579f77SDag-Erling Smørgrav * 6b7579f77SDag-Erling Smørgrav * This software is open source. 7b7579f77SDag-Erling Smørgrav * 8b7579f77SDag-Erling Smørgrav * Redistribution and use in source and binary forms, with or without 9b7579f77SDag-Erling Smørgrav * modification, are permitted provided that the following conditions 10b7579f77SDag-Erling Smørgrav * are met: 11b7579f77SDag-Erling Smørgrav * 12b7579f77SDag-Erling Smørgrav * Redistributions of source code must retain the above copyright notice, 13b7579f77SDag-Erling Smørgrav * this list of conditions and the following disclaimer. 14b7579f77SDag-Erling Smørgrav * 15b7579f77SDag-Erling Smørgrav * Redistributions in binary form must reproduce the above copyright notice, 16b7579f77SDag-Erling Smørgrav * this list of conditions and the following disclaimer in the documentation 17b7579f77SDag-Erling Smørgrav * and/or other materials provided with the distribution. 18b7579f77SDag-Erling Smørgrav * 19b7579f77SDag-Erling Smørgrav * Neither the name of the NLNET LABS nor the names of its contributors may 20b7579f77SDag-Erling Smørgrav * be used to endorse or promote products derived from this software without 21b7579f77SDag-Erling Smørgrav * specific prior written permission. 22b7579f77SDag-Erling Smørgrav * 23b7579f77SDag-Erling Smørgrav * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 2417d15b25SDag-Erling Smørgrav * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 2517d15b25SDag-Erling Smørgrav * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 2617d15b25SDag-Erling Smørgrav * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 2717d15b25SDag-Erling Smørgrav * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 2817d15b25SDag-Erling Smørgrav * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED 2917d15b25SDag-Erling Smørgrav * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR 3017d15b25SDag-Erling Smørgrav * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF 3117d15b25SDag-Erling Smørgrav * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 3217d15b25SDag-Erling Smørgrav * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 3317d15b25SDag-Erling Smørgrav * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 34b7579f77SDag-Erling Smørgrav */ 35b7579f77SDag-Erling Smørgrav 36b7579f77SDag-Erling Smørgrav /** 37b7579f77SDag-Erling Smørgrav * \file 38b7579f77SDag-Erling Smørgrav * 39b7579f77SDag-Erling Smørgrav * This file contains the remote control functionality for the daemon. 40b7579f77SDag-Erling Smørgrav * The remote control can be performed using either the commandline 41b7579f77SDag-Erling Smørgrav * unbound-control tool, or a SSLv3/TLS capable web browser. 42b7579f77SDag-Erling Smørgrav * The channel is secured using SSLv3 or TLSv1, and certificates. 43b7579f77SDag-Erling Smørgrav * Both the server and the client(control tool) have their own keys. 44b7579f77SDag-Erling Smørgrav */ 45b7579f77SDag-Erling Smørgrav 46b7579f77SDag-Erling Smørgrav #ifndef DAEMON_REMOTE_H 47b7579f77SDag-Erling Smørgrav #define DAEMON_REMOTE_H 48b7579f77SDag-Erling Smørgrav #ifdef HAVE_OPENSSL_SSL_H 498f76bb7dSCy Schubert #include <openssl/ssl.h> 50b7579f77SDag-Erling Smørgrav #endif 51b7579f77SDag-Erling Smørgrav struct config_file; 52b7579f77SDag-Erling Smørgrav struct listen_list; 53b7579f77SDag-Erling Smørgrav struct listen_port; 54b7579f77SDag-Erling Smørgrav struct worker; 55b7579f77SDag-Erling Smørgrav struct comm_reply; 56b7579f77SDag-Erling Smørgrav struct comm_point; 57b7579f77SDag-Erling Smørgrav struct daemon_remote; 58b7579f77SDag-Erling Smørgrav 59b5663de9SDag-Erling Smørgrav /** number of milliseconds timeout on incoming remote control handshake */ 60b5663de9SDag-Erling Smørgrav #define REMOTE_CONTROL_TCP_TIMEOUT 120000 61b7579f77SDag-Erling Smørgrav 62b7579f77SDag-Erling Smørgrav /** 63b7579f77SDag-Erling Smørgrav * a busy control command connection, SSL state 64b7579f77SDag-Erling Smørgrav */ 65b7579f77SDag-Erling Smørgrav struct rc_state { 66b7579f77SDag-Erling Smørgrav /** the next item in list */ 67b7579f77SDag-Erling Smørgrav struct rc_state* next; 68b7579f77SDag-Erling Smørgrav /** the commpoint */ 69b7579f77SDag-Erling Smørgrav struct comm_point* c; 70b7579f77SDag-Erling Smørgrav /** in the handshake part */ 71b7579f77SDag-Erling Smørgrav enum { rc_none, rc_hs_read, rc_hs_write } shake_state; 728ed2b524SDag-Erling Smørgrav #ifdef HAVE_SSL 73b7579f77SDag-Erling Smørgrav /** the ssl state */ 74b7579f77SDag-Erling Smørgrav SSL* ssl; 758ed2b524SDag-Erling Smørgrav #endif 767da0adf7SDag-Erling Smørgrav /** file descriptor */ 777da0adf7SDag-Erling Smørgrav int fd; 78b7579f77SDag-Erling Smørgrav /** the rc this is part of */ 79b7579f77SDag-Erling Smørgrav struct daemon_remote* rc; 80b7579f77SDag-Erling Smørgrav }; 81b7579f77SDag-Erling Smørgrav 82b7579f77SDag-Erling Smørgrav /** 83b7579f77SDag-Erling Smørgrav * The remote control tool state. 84b7579f77SDag-Erling Smørgrav * The state is only created for the first thread, other threads 85b7579f77SDag-Erling Smørgrav * are called from this thread. Only the first threads listens to 86b7579f77SDag-Erling Smørgrav * the control port. The other threads do not, but are called on the 87b7579f77SDag-Erling Smørgrav * command channel(pipe) from the first thread. 88b7579f77SDag-Erling Smørgrav */ 89b7579f77SDag-Erling Smørgrav struct daemon_remote { 90b7579f77SDag-Erling Smørgrav /** the worker for this remote control */ 91b7579f77SDag-Erling Smørgrav struct worker* worker; 92b7579f77SDag-Erling Smørgrav /** commpoints for accepting remote control connections */ 93b7579f77SDag-Erling Smørgrav struct listen_list* accept_list; 9431099b50SDag-Erling Smørgrav /* if certificates are used */ 9531099b50SDag-Erling Smørgrav int use_cert; 96b7579f77SDag-Erling Smørgrav /** number of active commpoints that are handling remote control */ 97b7579f77SDag-Erling Smørgrav int active; 98b7579f77SDag-Erling Smørgrav /** max active commpoints */ 99b7579f77SDag-Erling Smørgrav int max_active; 100b7579f77SDag-Erling Smørgrav /** current commpoints busy; should be a short list, malloced */ 101b7579f77SDag-Erling Smørgrav struct rc_state* busy_list; 1028ed2b524SDag-Erling Smørgrav #ifdef HAVE_SSL 103b7579f77SDag-Erling Smørgrav /** the SSL context for creating new SSL streams */ 104b7579f77SDag-Erling Smørgrav SSL_CTX* ctx; 1058ed2b524SDag-Erling Smørgrav #endif 106b7579f77SDag-Erling Smørgrav }; 107b7579f77SDag-Erling Smørgrav 108b7579f77SDag-Erling Smørgrav /** 1097da0adf7SDag-Erling Smørgrav * Connection to print to, either SSL or plain over fd 1107da0adf7SDag-Erling Smørgrav */ 1117da0adf7SDag-Erling Smørgrav struct remote_stream { 1127da0adf7SDag-Erling Smørgrav #ifdef HAVE_SSL 1137da0adf7SDag-Erling Smørgrav /** SSL structure, nonNULL if using SSL */ 1147da0adf7SDag-Erling Smørgrav SSL* ssl; 1157da0adf7SDag-Erling Smørgrav #endif 1167da0adf7SDag-Erling Smørgrav /** file descriptor for plain transfer */ 1177da0adf7SDag-Erling Smørgrav int fd; 1187da0adf7SDag-Erling Smørgrav }; 1197da0adf7SDag-Erling Smørgrav typedef struct remote_stream RES; 1207da0adf7SDag-Erling Smørgrav 1217da0adf7SDag-Erling Smørgrav /** 122b7579f77SDag-Erling Smørgrav * Create new remote control state for the daemon. 123b7579f77SDag-Erling Smørgrav * @param cfg: config file with key file settings. 124b7579f77SDag-Erling Smørgrav * @return new state, or NULL on failure. 125b7579f77SDag-Erling Smørgrav */ 126b7579f77SDag-Erling Smørgrav struct daemon_remote* daemon_remote_create(struct config_file* cfg); 127b7579f77SDag-Erling Smørgrav 128b7579f77SDag-Erling Smørgrav /** 129b7579f77SDag-Erling Smørgrav * remote control state to delete. 130b7579f77SDag-Erling Smørgrav * @param rc: state to delete. 131b7579f77SDag-Erling Smørgrav */ 132b7579f77SDag-Erling Smørgrav void daemon_remote_delete(struct daemon_remote* rc); 133b7579f77SDag-Erling Smørgrav 134b7579f77SDag-Erling Smørgrav /** 135b7579f77SDag-Erling Smørgrav * remote control state to clear up. Busy and accept points are closed. 136b7579f77SDag-Erling Smørgrav * Does not delete the rc itself, or the ssl context (with its keys). 137b7579f77SDag-Erling Smørgrav * @param rc: state to clear. 138b7579f77SDag-Erling Smørgrav */ 139b7579f77SDag-Erling Smørgrav void daemon_remote_clear(struct daemon_remote* rc); 140b7579f77SDag-Erling Smørgrav 141b7579f77SDag-Erling Smørgrav /** 142b7579f77SDag-Erling Smørgrav * Open and create listening ports for remote control. 143b7579f77SDag-Erling Smørgrav * @param cfg: config options. 144b7579f77SDag-Erling Smørgrav * @return list of ports or NULL on failure. 145b7579f77SDag-Erling Smørgrav * can be freed with listening_ports_free(). 146b7579f77SDag-Erling Smørgrav */ 147b7579f77SDag-Erling Smørgrav struct listen_port* daemon_remote_open_ports(struct config_file* cfg); 148b7579f77SDag-Erling Smørgrav 149b7579f77SDag-Erling Smørgrav /** 150b7579f77SDag-Erling Smørgrav * Setup comm points for accepting remote control connections. 151b7579f77SDag-Erling Smørgrav * @param rc: state 152b7579f77SDag-Erling Smørgrav * @param ports: already opened ports. 153b7579f77SDag-Erling Smørgrav * @param worker: worker with communication base. and links to command channels. 154b7579f77SDag-Erling Smørgrav * @return false on error. 155b7579f77SDag-Erling Smørgrav */ 156b7579f77SDag-Erling Smørgrav int daemon_remote_open_accept(struct daemon_remote* rc, 157b7579f77SDag-Erling Smørgrav struct listen_port* ports, struct worker* worker); 158b7579f77SDag-Erling Smørgrav 159b7579f77SDag-Erling Smørgrav /** 160b7579f77SDag-Erling Smørgrav * Stop accept handlers for TCP (until enabled again) 161b7579f77SDag-Erling Smørgrav * @param rc: state 162b7579f77SDag-Erling Smørgrav */ 163b7579f77SDag-Erling Smørgrav void daemon_remote_stop_accept(struct daemon_remote* rc); 164b7579f77SDag-Erling Smørgrav 165b7579f77SDag-Erling Smørgrav /** 166b7579f77SDag-Erling Smørgrav * Stop accept handlers for TCP (until enabled again) 167b7579f77SDag-Erling Smørgrav * @param rc: state 168b7579f77SDag-Erling Smørgrav */ 169b7579f77SDag-Erling Smørgrav void daemon_remote_start_accept(struct daemon_remote* rc); 170b7579f77SDag-Erling Smørgrav 171b7579f77SDag-Erling Smørgrav /** 172b7579f77SDag-Erling Smørgrav * Handle nonthreaded remote cmd execution. 173b7579f77SDag-Erling Smørgrav * @param worker: this worker (the remote worker). 174b7579f77SDag-Erling Smørgrav */ 175b7579f77SDag-Erling Smørgrav void daemon_remote_exec(struct worker* worker); 176b7579f77SDag-Erling Smørgrav 1778ed2b524SDag-Erling Smørgrav #ifdef HAVE_SSL 178b7579f77SDag-Erling Smørgrav /** 179b7579f77SDag-Erling Smørgrav * Print fixed line of text over ssl connection in blocking mode 180b7579f77SDag-Erling Smørgrav * @param ssl: print to 181b7579f77SDag-Erling Smørgrav * @param text: the text. 182b7579f77SDag-Erling Smørgrav * @return false on connection failure. 183b7579f77SDag-Erling Smørgrav */ 1847da0adf7SDag-Erling Smørgrav int ssl_print_text(RES* ssl, const char* text); 185b7579f77SDag-Erling Smørgrav 186b7579f77SDag-Erling Smørgrav /** 187b7579f77SDag-Erling Smørgrav * printf style printing to the ssl connection 1887da0adf7SDag-Erling Smørgrav * @param ssl: the RES connection to print to. Blocking. 189b7579f77SDag-Erling Smørgrav * @param format: printf style format string. 190b7579f77SDag-Erling Smørgrav * @return success or false on a network failure. 191b7579f77SDag-Erling Smørgrav */ 1927da0adf7SDag-Erling Smørgrav int ssl_printf(RES* ssl, const char* format, ...) 193b7579f77SDag-Erling Smørgrav ATTR_FORMAT(printf, 2, 3); 194b7579f77SDag-Erling Smørgrav 195b7579f77SDag-Erling Smørgrav /** 196b7579f77SDag-Erling Smørgrav * Read until \n is encountered 1977da0adf7SDag-Erling Smørgrav * If stream signals EOF, the string up to then is returned (without \n). 1987da0adf7SDag-Erling Smørgrav * @param ssl: the RES connection to read from. blocking. 199b7579f77SDag-Erling Smørgrav * @param buf: buffer to read to. 200b7579f77SDag-Erling Smørgrav * @param max: size of buffer. 201b7579f77SDag-Erling Smørgrav * @return false on connection failure. 202b7579f77SDag-Erling Smørgrav */ 2037da0adf7SDag-Erling Smørgrav int ssl_read_line(RES* ssl, char* buf, size_t max); 2048ed2b524SDag-Erling Smørgrav #endif /* HAVE_SSL */ 205b7579f77SDag-Erling Smørgrav 206b7579f77SDag-Erling Smørgrav #endif /* DAEMON_REMOTE_H */ 207