2 * daemon/remote.h - remote control for the unbound daemon.
4 * Copyright (c) 2008, NLnet Labs. All rights reserved.
6 * This software is open source.
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
12 * Redistributions of source code must retain the above copyright notice,
13 * this list of conditions and the following disclaimer.
15 * Redistributions in binary form must reproduce the above copyright notice,
16 * this list of conditions and the following disclaimer in the documentation
17 * and/or other materials provided with the distribution.
19 * Neither the name of the NLNET LABS nor the names of its contributors may
20 * be used to endorse or promote products derived from this software without
21 * specific prior written permission.
23 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
24 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
25 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
26 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE
27 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
28 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
29 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
30 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
31 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
32 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
33 * POSSIBILITY OF SUCH DAMAGE.
39 * This file contains the remote control functionality for the daemon.
40 * The remote control can be performed using either the commandline
41 * unbound-control tool, or a SSLv3/TLS capable web browser.
42 * The channel is secured using SSLv3 or TLSv1, and certificates.
43 * Both the server and the client(control tool) have their own keys.
46 #ifndef DAEMON_REMOTE_H
47 #define DAEMON_REMOTE_H
48 #ifdef HAVE_OPENSSL_SSL_H
49 #include "openssl/ssl.h"
59 /** number of seconds timeout on incoming remote control handshake */
60 #define REMOTE_CONTROL_TCP_TIMEOUT 120
63 * a busy control command connection, SSL state
66 /** the next item in list */
67 struct rc_state* next;
70 /** in the handshake part */
71 enum { rc_none, rc_hs_read, rc_hs_write } shake_state;
76 /** the rc this is part of */
77 struct daemon_remote* rc;
81 * The remote control tool state.
82 * The state is only created for the first thread, other threads
83 * are called from this thread. Only the first threads listens to
84 * the control port. The other threads do not, but are called on the
85 * command channel(pipe) from the first thread.
87 struct daemon_remote {
88 /** the worker for this remote control */
89 struct worker* worker;
90 /** commpoints for accepting remote control connections */
91 struct listen_list* accept_list;
92 /** number of active commpoints that are handling remote control */
94 /** max active commpoints */
96 /** current commpoints busy; should be a short list, malloced */
97 struct rc_state* busy_list;
99 /** the SSL context for creating new SSL streams */
105 * Create new remote control state for the daemon.
106 * @param cfg: config file with key file settings.
107 * @return new state, or NULL on failure.
109 struct daemon_remote* daemon_remote_create(struct config_file* cfg);
112 * remote control state to delete.
113 * @param rc: state to delete.
115 void daemon_remote_delete(struct daemon_remote* rc);
118 * remote control state to clear up. Busy and accept points are closed.
119 * Does not delete the rc itself, or the ssl context (with its keys).
120 * @param rc: state to clear.
122 void daemon_remote_clear(struct daemon_remote* rc);
125 * Open and create listening ports for remote control.
126 * @param cfg: config options.
127 * @return list of ports or NULL on failure.
128 * can be freed with listening_ports_free().
130 struct listen_port* daemon_remote_open_ports(struct config_file* cfg);
133 * Setup comm points for accepting remote control connections.
135 * @param ports: already opened ports.
136 * @param worker: worker with communication base. and links to command channels.
137 * @return false on error.
139 int daemon_remote_open_accept(struct daemon_remote* rc,
140 struct listen_port* ports, struct worker* worker);
143 * Stop accept handlers for TCP (until enabled again)
146 void daemon_remote_stop_accept(struct daemon_remote* rc);
149 * Stop accept handlers for TCP (until enabled again)
152 void daemon_remote_start_accept(struct daemon_remote* rc);
155 * Handle nonthreaded remote cmd execution.
156 * @param worker: this worker (the remote worker).
158 void daemon_remote_exec(struct worker* worker);
160 /** handle remote control accept callbacks */
161 int remote_accept_callback(struct comm_point*, void*, int, struct comm_reply*);
163 /** handle remote control data callbacks */
164 int remote_control_callback(struct comm_point*, void*, int, struct comm_reply*);
168 * Print fixed line of text over ssl connection in blocking mode
169 * @param ssl: print to
170 * @param text: the text.
171 * @return false on connection failure.
173 int ssl_print_text(SSL* ssl, const char* text);
176 * printf style printing to the ssl connection
177 * @param ssl: the SSL connection to print to. Blocking.
178 * @param format: printf style format string.
179 * @return success or false on a network failure.
181 int ssl_printf(SSL* ssl, const char* format, ...)
182 ATTR_FORMAT(printf, 2, 3);
185 * Read until \n is encountered
186 * If SSL signals EOF, the string up to then is returned (without \n).
187 * @param ssl: the SSL connection to read from. blocking.
188 * @param buf: buffer to read to.
189 * @param max: size of buffer.
190 * @return false on connection failure.
192 int ssl_read_line(SSL* ssl, char* buf, size_t max);
193 #endif /* HAVE_SSL */
195 /** routine to printout option values over SSL */
196 void remote_get_opt_ssl(char* line, void* arg);
198 #endif /* DAEMON_REMOTE_H */