File: [local] / src / usr.sbin / snmpd / Attic / control.c (download)
Revision 1.7, Thu Feb 7 11:33:26 2008 UTC (16 years, 3 months ago) by reyk
Branch: MAIN
CVS Tags: OPENBSD_4_4_BASE, OPENBSD_4_4, OPENBSD_4_3_BASE, OPENBSD_4_3 Changes since 1.6: +20 -1 lines
add a imsg which allows to "lock" the control connection, the
restricted connection will reject any commands except snmp traps.
|
/* $OpenBSD: control.c,v 1.7 2008/02/07 11:33:26 reyk Exp $ */
/*
* Copyright (c) 2003, 2004 Henning Brauer <henning@openbsd.org>
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
#include <sys/queue.h>
#include <sys/param.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <sys/socket.h>
#include <sys/un.h>
#include <sys/tree.h>
#include <net/if.h>
#include <errno.h>
#include <event.h>
#include <fcntl.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include <signal.h>
#include "snmpd.h"
#define CONTROL_BACKLOG 5
struct ctl_connlist ctl_conns;
struct ctl_conn *control_connbyfd(int);
void control_close(int);
struct imsgbuf *ibuf_parent = NULL;
int
control_init(void)
{
struct sockaddr_un sun;
int fd;
mode_t old_umask;
if ((fd = socket(AF_UNIX, SOCK_STREAM, 0)) == -1) {
log_warn("control_init: socket");
return (-1);
}
sun.sun_family = AF_UNIX;
if (strlcpy(sun.sun_path, SNMPD_SOCKET,
sizeof(sun.sun_path)) >= sizeof(sun.sun_path)) {
log_warn("control_init: %s name too long", SNMPD_SOCKET);
close(fd);
return (-1);
}
if (unlink(SNMPD_SOCKET) == -1)
if (errno != ENOENT) {
log_warn("control_init: unlink %s", SNMPD_SOCKET);
close(fd);
return (-1);
}
old_umask = umask(S_IXUSR|S_IXGRP|S_IWOTH|S_IROTH|S_IXOTH);
if (bind(fd, (struct sockaddr *)&sun, sizeof(sun)) == -1) {
log_warn("control_init: bind: %s", SNMPD_SOCKET);
close(fd);
(void)umask(old_umask);
return (-1);
}
(void)umask(old_umask);
if (chmod(SNMPD_SOCKET, S_IRUSR|S_IWUSR|S_IRGRP|S_IWGRP) == -1) {
log_warn("control_init: chmod");
close(fd);
(void)unlink(SNMPD_SOCKET);
return (-1);
}
session_socket_blockmode(fd, BM_NONBLOCK);
control_state.fd = fd;
return (0);
}
int
control_listen(struct snmpd *env, struct imsgbuf *parent)
{
ibuf_parent = parent;
if (listen(control_state.fd, CONTROL_BACKLOG) == -1) {
log_warn("control_listen: listen");
return (-1);
}
event_set(&control_state.ev, control_state.fd, EV_READ | EV_PERSIST,
control_accept, env);
event_add(&control_state.ev, NULL);
return (0);
}
void
control_cleanup(void)
{
(void)unlink(SNMPD_SOCKET);
}
/* ARGSUSED */
void
control_accept(int listenfd, short event, void *arg)
{
int connfd;
socklen_t len;
struct sockaddr_un sun;
struct ctl_conn *c;
struct snmpd *env = arg;
len = sizeof(sun);
if ((connfd = accept(listenfd,
(struct sockaddr *)&sun, &len)) == -1) {
if (errno != EWOULDBLOCK && errno != EINTR)
log_warn("control_accept");
return;
}
session_socket_blockmode(connfd, BM_NONBLOCK);
if ((c = malloc(sizeof(struct ctl_conn))) == NULL) {
log_warn("control_accept");
close(connfd);
return;
}
imsg_init(&c->ibuf, connfd, control_dispatch_imsg);
c->ibuf.events = EV_READ;
event_set(&c->ibuf.ev, c->ibuf.fd, c->ibuf.events,
c->ibuf.handler, env);
event_add(&c->ibuf.ev, NULL);
TAILQ_INSERT_TAIL(&ctl_conns, c, entry);
}
struct ctl_conn *
control_connbyfd(int fd)
{
struct ctl_conn *c;
for (c = TAILQ_FIRST(&ctl_conns); c != NULL && c->ibuf.fd != fd;
c = TAILQ_NEXT(c, entry))
; /* nothing */
return (c);
}
void
control_close(int fd)
{
struct ctl_conn *c;
if ((c = control_connbyfd(fd)) == NULL)
log_warn("control_close: fd %d: not found", fd);
msgbuf_clear(&c->ibuf.w);
TAILQ_REMOVE(&ctl_conns, c, entry);
event_del(&c->ibuf.ev);
close(c->ibuf.fd);
free(c);
}
/* ARGSUSED */
void
control_dispatch_imsg(int fd, short event, void *arg)
{
struct ctl_conn *c;
struct imsg imsg;
int n;
if ((c = control_connbyfd(fd)) == NULL) {
log_warn("control_dispatch_imsg: fd %d: not found", fd);
return;
}
switch (event) {
case EV_READ:
if ((n = imsg_read(&c->ibuf)) == -1 || n == 0) {
control_close(fd);
return;
}
break;
case EV_WRITE:
if (msgbuf_write(&c->ibuf.w) < 0) {
control_close(fd);
return;
}
imsg_event_add(&c->ibuf);
return;
default:
fatalx("unknown event");
}
for (;;) {
if ((n = imsg_get(&c->ibuf, &imsg)) == -1) {
control_close(fd);
return;
}
if (n == 0)
break;
if (c->flags & CTL_CONN_LOCKED) {
switch (imsg.hdr.type) {
case IMSG_SNMP_TRAP:
case IMSG_SNMP_ELEMENT:
case IMSG_SNMP_END:
break;
default:
log_debug("control_dispatch_imsg: "
"client requested restricted command");
imsg_free(&imsg);
control_close(fd);
return;
}
}
switch (imsg.hdr.type) {
case IMSG_CTL_NOTIFY:
if (c->flags & CTL_CONN_NOTIFY) {
log_debug("control_dispatch_imsg: "
"client requested notify more than once");
imsg_compose(&c->ibuf, IMSG_CTL_FAIL, 0, 0, -1,
NULL, 0);
break;
}
c->flags |= CTL_CONN_NOTIFY;
break;
case IMSG_SNMP_LOCK:
/* enable restricted control mode */
c->flags |= CTL_CONN_LOCKED;
break;
case IMSG_SNMP_TRAP:
if (trap_imsg(&c->ibuf, imsg.hdr.pid) == -1) {
log_debug("control_dispatch_imsg: "
"received invalid trap (pid %d)",
imsg.hdr.pid);
imsg_free(&imsg);
control_close(fd);
return;
}
break;
default:
log_debug("control_dispatch_imsg: "
"error handling imsg %d", imsg.hdr.type);
break;
}
imsg_free(&imsg);
}
imsg_event_add(&c->ibuf);
}
void
control_imsg_forward(struct imsg *imsg)
{
struct ctl_conn *c;
TAILQ_FOREACH(c, &ctl_conns, entry)
if (c->flags & CTL_CONN_NOTIFY)
imsg_compose(&c->ibuf, imsg->hdr.type, 0, imsg->hdr.pid,
-1, imsg->data, imsg->hdr.len - IMSG_HEADER_SIZE);
}
void
session_socket_blockmode(int fd, enum blockmodes bm)
{
int flags;
if ((flags = fcntl(fd, F_GETFL, 0)) == -1)
fatal("fcntl F_GETFL");
if (bm == BM_NONBLOCK)
flags |= O_NONBLOCK;
else
flags &= ~O_NONBLOCK;
if ((flags = fcntl(fd, F_SETFL, flags)) == -1)
fatal("fcntl F_SETFL");
}