2 * daemon/remote.h - remote control for the unbound daemon.
4 * Copyright (c) 2008, NLnet Labs. All rights reserved.
6 * This software is open source.
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
12 * Redistributions of source code must retain the above copyright notice,
13 * this list of conditions and the following disclaimer.
15 * Redistributions in binary form must reproduce the above copyright notice,
16 * this list of conditions and the following disclaimer in the documentation
17 * and/or other materials provided with the distribution.
19 * Neither the name of the NLNET LABS nor the names of its contributors may
20 * be used to endorse or promote products derived from this software without
21 * specific prior written permission.
23 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
24 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
25 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
26 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
27 * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
28 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
29 * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
30 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
31 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
32 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
33 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
39 * This file contains the remote control functionality for the daemon.
40 * The remote control can be performed using either the commandline
41 * unbound-control tool, or a SSLv3/TLS capable web browser.
42 * The channel is secured using SSLv3 or TLSv1, and certificates.
43 * Both the server and the client(control tool) have their own keys.
46 #ifndef DAEMON_REMOTE_H
47 #define DAEMON_REMOTE_H
48 #ifdef HAVE_OPENSSL_SSL_H
49 #include "openssl/ssl.h"
59 /** number of milliseconds timeout on incoming remote control handshake */
60 #define REMOTE_CONTROL_TCP_TIMEOUT 120000
63 * a busy control command connection, SSL state
66 /** the next item in list */
67 struct rc_state* next;
70 /** in the handshake part */
71 enum { rc_none, rc_hs_read, rc_hs_write } shake_state;
76 /** file descriptor */
78 /** the rc this is part of */
79 struct daemon_remote* rc;
83 * The remote control tool state.
84 * The state is only created for the first thread, other threads
85 * are called from this thread. Only the first threads listens to
86 * the control port. The other threads do not, but are called on the
87 * command channel(pipe) from the first thread.
89 struct daemon_remote {
90 /** the worker for this remote control */
91 struct worker* worker;
92 /** commpoints for accepting remote control connections */
93 struct listen_list* accept_list;
94 /* if certificates are used */
96 /** number of active commpoints that are handling remote control */
98 /** max active commpoints */
100 /** current commpoints busy; should be a short list, malloced */
101 struct rc_state* busy_list;
103 /** the SSL context for creating new SSL streams */
109 * Connection to print to, either SSL or plain over fd
111 struct remote_stream {
113 /** SSL structure, nonNULL if using SSL */
116 /** file descriptor for plain transfer */
119 typedef struct remote_stream RES;
122 * Create new remote control state for the daemon.
123 * @param cfg: config file with key file settings.
124 * @return new state, or NULL on failure.
126 struct daemon_remote* daemon_remote_create(struct config_file* cfg);
129 * remote control state to delete.
130 * @param rc: state to delete.
132 void daemon_remote_delete(struct daemon_remote* rc);
135 * remote control state to clear up. Busy and accept points are closed.
136 * Does not delete the rc itself, or the ssl context (with its keys).
137 * @param rc: state to clear.
139 void daemon_remote_clear(struct daemon_remote* rc);
142 * Open and create listening ports for remote control.
143 * @param cfg: config options.
144 * @return list of ports or NULL on failure.
145 * can be freed with listening_ports_free().
147 struct listen_port* daemon_remote_open_ports(struct config_file* cfg);
150 * Setup comm points for accepting remote control connections.
152 * @param ports: already opened ports.
153 * @param worker: worker with communication base. and links to command channels.
154 * @return false on error.
156 int daemon_remote_open_accept(struct daemon_remote* rc,
157 struct listen_port* ports, struct worker* worker);
160 * Stop accept handlers for TCP (until enabled again)
163 void daemon_remote_stop_accept(struct daemon_remote* rc);
166 * Stop accept handlers for TCP (until enabled again)
169 void daemon_remote_start_accept(struct daemon_remote* rc);
172 * Handle nonthreaded remote cmd execution.
173 * @param worker: this worker (the remote worker).
175 void daemon_remote_exec(struct worker* worker);
179 * Print fixed line of text over ssl connection in blocking mode
180 * @param ssl: print to
181 * @param text: the text.
182 * @return false on connection failure.
184 int ssl_print_text(RES* ssl, const char* text);
187 * printf style printing to the ssl connection
188 * @param ssl: the RES connection to print to. Blocking.
189 * @param format: printf style format string.
190 * @return success or false on a network failure.
192 int ssl_printf(RES* ssl, const char* format, ...)
193 ATTR_FORMAT(printf, 2, 3);
196 * Read until \n is encountered
197 * If stream signals EOF, the string up to then is returned (without \n).
198 * @param ssl: the RES connection to read from. blocking.
199 * @param buf: buffer to read to.
200 * @param max: size of buffer.
201 * @return false on connection failure.
203 int ssl_read_line(RES* ssl, char* buf, size_t max);
204 #endif /* HAVE_SSL */
206 #endif /* DAEMON_REMOTE_H */