The FreeRADIUS server  $Id: 15bac2a4c627c01d1aa2047687b3418955ac7f00 $
proto_control_unix.c
Go to the documentation of this file.
1 /*
2  * This program is free software; you can redistribute it and/or modify
3  * it under the terms of the GNU General Public License as published by
4  * the Free Software Foundation; either version 2 of the License, or
5  * (at your option) any later version.
6  *
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10  * GNU General Public License for more details.
11  *
12  * You should have received a copy of the GNU General Public License
13  * along with this program; if not, write to the Free Software
14  * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
15  */
16 
17 /**
18  * $Id: f76145658fe4765af75814a5420b7505f7cb7f8b $
19  * @file proto_control_unix.c
20  * @brief Control handler for Unix sockets.
21  *
22  * @copyright 2018 The FreeRADIUS server project.
23  * @copyright 2018 Alan DeKok (aland@deployingradius.com)
24  */
25 #include <freeradius-devel/server/main_config.h>
26 
27 #include <freeradius-devel/io/application.h>
28 #include <freeradius-devel/io/listen.h>
29 #include <freeradius-devel/io/schedule.h>
30 #include <freeradius-devel/server/protocol.h>
31 #include <freeradius-devel/util/perm.h>
32 #include <freeradius-devel/util/trie.h>
33 #include <freeradius-devel/util/file.h>
34 
35 #include <netdb.h>
36 
37 #include "proto_control.h"
38 
39 #include <freeradius-devel/bio/fd.h>
40 
41 #ifdef HAVE_SYS_STAT_H
42 #endif
43 
44 #include <fcntl.h>
45 #include <libgen.h>
46 
47 typedef struct {
48  char const *name; //!< socket name
49 
50  int sockfd;
51 
52  fr_bio_t *fd_bio;
53 
54  fr_stats_t stats; //!< statistics for this socket
55 
56  fr_io_address_t *connection; //!< for connected sockets.
57 
58 
59  fr_io_data_read_t read; //!< function to process data *after* reading
60  FILE *stdout_fp;
61  FILE *stderr_fp;
62 
63  fr_conduit_type_t misc_conduit;
64  FILE *misc;
65  fr_cmd_info_t *info; //!< for running commands
66 
67  fr_client_t radclient; //!< for faking out clients
68 } proto_control_unix_thread_t;
69 
70 typedef struct {
71  CONF_SECTION *cs; //!< our configuration
72 
73  char const *filename; //!< filename of control socket
74  char const *uid_name; //!< name of UID to require
75  char const *gid_name; //!< name of GID to require
76  uid_t uid; //!< UID value
77  gid_t gid; //!< GID value
78 
79  uint32_t recv_buff; //!< How big the kernel's receive buffer should be.
80 
81  uint32_t max_packet_size; //!< for message ring buffer.
82 
83  char const *mode_name;
84  bool read_only;
85 
86  bool recv_buff_is_set; //!< Whether we were provided with a receive
87  //!< buffer value.
88  char const *peer_uid_name; //!< name of UID to require
89  char const *peer_gid_name; //!< name of GID to require
90  uid_t peer_uid; //!< UID value
91  gid_t peer_gid; //!< GID value
92 
93 } proto_control_unix_t;
94 
95 static const conf_parser_t peercred_config[] = {
96  { FR_CONF_OFFSET("uid", proto_control_unix_t, peer_uid_name) },
97  { FR_CONF_OFFSET("gid", proto_control_unix_t, peer_gid_name) },
98 
99  CONF_PARSER_TERMINATOR
100 };
101 
102 static const conf_parser_t unix_listen_config[] = {
103  { FR_CONF_OFFSET_FLAGS("filename", CONF_FLAG_REQUIRED, proto_control_unix_t, filename),
104  .dflt = "${run_dir}/radiusd.sock}" },
105  { FR_CONF_OFFSET("uid", proto_control_unix_t, uid_name) },
106  { FR_CONF_OFFSET("gid", proto_control_unix_t, gid_name) },
107  { FR_CONF_OFFSET("mode", proto_control_unix_t, mode_name) },
108 
109  { FR_CONF_OFFSET_IS_SET("recv_buff", FR_TYPE_UINT32, 0, proto_control_unix_t, recv_buff) },
110 
111  { FR_CONF_OFFSET("max_packet_size", proto_control_unix_t, max_packet_size), .dflt = "4096" } ,
112 
113  { FR_CONF_POINTER("peercred", 0, CONF_FLAG_SUBSECTION, NULL), .subcs = (void const *) peercred_config },
114 
115  CONF_PARSER_TERMINATOR
116 };
117 
118 #define FR_READ (1)
119 #define FR_WRITE (2)
120 
121 static fr_table_num_sorted_t mode_names[] = {
122  { L("read-only"), FR_READ },
123  { L("read-write"), FR_READ | FR_WRITE },
124  { L("ro"), FR_READ },
125  { L("rw"), FR_READ | FR_WRITE }
126 };
127 static size_t mode_names_len = NUM_ELEMENTS(mode_names);
128 
129 #undef INT
130 #define INT size_t
131 #define SINT ssize_t
132 
133 static SINT write_stdout(void *instance, char const *buffer, INT buffer_size)
134 {
135  proto_control_unix_thread_t *thread = talloc_get_type_abort(instance, proto_control_unix_thread_t);
136 
137  return fr_conduit_write(thread->sockfd, FR_CONDUIT_STDOUT, buffer, buffer_size);
138 }
139 
140 static SINT write_stderr(void *instance, char const *buffer, INT buffer_size)
141 {
142  proto_control_unix_thread_t *thread = talloc_get_type_abort(instance, proto_control_unix_thread_t)
143 ;
144  return fr_conduit_write(thread->sockfd, FR_CONDUIT_STDERR, buffer, buffer_size);
145 }
146 
147 static SINT write_misc(void *instance, char const *buffer, INT buffer_size)
148 {
149  proto_control_unix_thread_t *thread = talloc_get_type_abort(instance, proto_control_unix_thread_t);
150 
151  return fr_conduit_write(thread->sockfd, thread->misc_conduit, buffer, buffer_size);
152 }
153 
154 
155 /*
156  * Run a command.
157  */
158 static ssize_t mod_read_command(fr_listen_t *li, UNUSED void **packet_ctx, UNUSED fr_time_t *recv_time_p, uint8_t *buffer, UNUSED size_t buffer_len, UNUSED size_t *leftover)
159 {
160  proto_control_unix_t const *inst = talloc_get_type_abort_const(li->app_io_instance, proto_control_unix_t);
161  proto_control_unix_thread_t *thread = talloc_get_type_abort(li->thread_instance, proto_control_unix_thread_t);
162  fr_conduit_hdr_t *hdr = (fr_conduit_hdr_t *) buffer;
163  uint32_t status;
164  uint8_t *cmd = buffer + sizeof(*hdr);
165  int rcode;
166  char string[1024];
167 
168  hdr->length = ntohl(hdr->length);
169  if (hdr->length >= sizeof(string)) goto fail;
170 
171  /*
172  * If the write gives us nothing, send an empty SUCCESS back.
173  */
174  if (!hdr->length) {
175  status = FR_CONDUIT_SUCCESS;
176  goto done;
177  }
178 
179  /*
180  * fr_command_run() expects a zero-terminated string...
181  */
182  memcpy(string, cmd, hdr->length);
183  string[hdr->length] = '\0';
184 
185  /*
186  * Content is the string we need help for.
187  */
188  if (htons(hdr->conduit) == FR_CONDUIT_HELP) {
189  fr_radmin_help(thread->stdout_fp, string);
190  // @todo - have in-band signalling saying that the help is done?
191  // we want to be able to say that *this* help is done.
192  // the best way to do that is to have a token, and every command
193  // from the other end sends a token, and we echo it back here...
194  // Or, since we currently can't do streaming commands, it's OK?
195  // Or, we assume that origin 0 is for interactive commands,
196  // and that the other origins are for streaming output...
197  status = FR_CONDUIT_SUCCESS;
198  goto done;
199  }
200 
201  if (htons(hdr->conduit) == FR_CONDUIT_COMPLETE) {
202  uint16_t start;
203 
204  if (hdr->length < 2) goto fail;
205 
206  start = (string[0] << 8) | string[1];
207 
208  thread->misc_conduit = FR_CONDUIT_COMPLETE;
209 
210  fr_radmin_complete(thread->misc, string + 2, start);
211  thread->misc_conduit = FR_CONDUIT_STDOUT;
212  status = FR_CONDUIT_SUCCESS;
213  goto done;
214  }
215 
216  if (htons(hdr->conduit) != FR_CONDUIT_STDIN) {
217  DEBUG("ERROR: Ignoring data which is from wrong input");
218  return 0;
219  }
220 
221  DEBUG("radmin-remote> %.*s", (int) hdr->length, cmd);
222 
223  rcode = fr_radmin_run(thread->info, thread->stdout_fp, thread->stderr_fp, string, inst->read_only);
224  if (rcode < 0) {
225 fail:
226  status = FR_CONDUIT_FAIL;
227 
228  } else if (rcode == 0) {
229  /*
230  * The other end should keep track of it's
231  * context, and send us full lines.
232  */
233  (void) fr_command_clear(0, thread->info);
234  status = FR_CONDUIT_PARTIAL;
235  } else {
236  status = FR_CONDUIT_SUCCESS;
237  }
238 
239 done:
240  status = htonl(status);
241  (void) fr_conduit_write(thread->sockfd, FR_CONDUIT_CMD_STATUS, &status, sizeof(status));
242 
243  return 0;
244 }
245 
246 /*
247  * Process an initial connection request.
248  */
249 static ssize_t mod_read_init(fr_listen_t *li, UNUSED void **packet_ctx, UNUSED fr_time_t *recv_time_p, uint8_t *buffer, size_t buffer_len, UNUSED size_t *leftover)
250 {
251  proto_control_unix_thread_t *thread = talloc_get_type_abort(li->thread_instance, proto_control_unix_thread_t);
252  fr_conduit_hdr_t *hdr = (fr_conduit_hdr_t *) buffer;
253  uint32_t magic;
254 
255  if (htons(hdr->conduit) != FR_CONDUIT_INIT_ACK) {
256  DEBUG("ERROR: Connection is missing initial ACK packet.");
257  return -1;
258  }
259 
260  if (buffer_len < sizeof(*hdr)) {
261  DEBUG("ERROR: Initial ACK is malformed");
262  return -1;
263  }
264 
265  if (htonl(hdr->length) != 8) {
266  DEBUG("ERROR: Initial ACK has wrong length (%lu).", (size_t) htonl(hdr->length));
267  return -1;
268  }
269 
270  memcpy(&magic, buffer + sizeof(*hdr), sizeof(magic));
271  magic = htonl(magic);
272  if (magic != FR_CONDUIT_MAGIC) {
273  DEBUG("ERROR: Connection from incompatible version of radmin.");
274  return -1;
275  }
276 
277  /*
278  * Next 4 bytes are zero, we ignore them.
279  */
280  if (write(thread->sockfd, buffer, buffer_len) < (ssize_t) buffer_len) {
281  DEBUG("ERROR: Blocking write to socket... oops");
282  return -1;
283  }
284 
285  thread->read = mod_read_command;
286 
287  return 0;
288 }
289 
290 static ssize_t mod_read(fr_listen_t *li, void **packet_ctx, fr_time_t *recv_time_p, uint8_t *buffer, size_t buffer_len, size_t *leftover)
291 {
292  proto_control_unix_thread_t *thread = talloc_get_type_abort(li->thread_instance, proto_control_unix_thread_t);
293  ssize_t data_size;
294 
295  fr_conduit_type_t conduit;
296  bool want_more;
297 
298  /*
299  * Read data into the buffer.
300  */
301  data_size = fr_conduit_read_async(thread->sockfd, &conduit, buffer, buffer_len, leftover, &want_more);
302  if (data_size < 0) {
303  DEBUG2("proto_control_unix got read error %zd: %s", data_size, fr_syserror(errno));
304  return data_size;
305  }
306 
307  /*
308  * Note that we return ERROR for all bad packets, as
309  * there's no point in reading packets from a TCP
310  * connection which isn't sending us properly formatted
311  * packets.
312  */
313 
314  /*
315  * Not enough for a full packet, ask the caller to read more.
316  */
317  if (want_more) {
318  return 0;
319  }
320 
321  // @todo - maybe convert timestamp?
322  *recv_time_p = fr_time();
323  *leftover = 0;
324 
325  /*
326  * Print out what we received.
327  */
328  DEBUG3("proto_control_unix - Received command packet length %d on %s",
329  (int) data_size, thread->name);
330 
331  /*
332  * Run the state machine to process the rest of the packet.
333  */
334  return thread->read(li, packet_ctx, recv_time_p, buffer, (size_t) data_size, leftover);
335 }
336 
337 
338 static ssize_t mod_write(fr_listen_t *li, UNUSED void *packet_ctx, UNUSED fr_time_t request_time,
339  uint8_t *buffer, size_t buffer_len, size_t written)
340 {
341  proto_control_unix_thread_t *thread = talloc_get_type_abort(li->thread_instance, proto_control_unix_thread_t);
342  ssize_t data_size;
343 
344  /*
345  * @todo - share a stats interface with the parent? or
346  * put the stats in the listener, so that proto_control
347  * can update them, too.. <sigh>
348  */
349  thread->stats.total_responses++;
350 
351  /*
352  * Only write replies if they're RADIUS packets.
353  * sometimes we want to NOT send a reply...
354  */
355  data_size = write(thread->sockfd, buffer + written, buffer_len - written);
356 
357  /*
358  * This socket is dead. That's an error...
359  */
360  if (data_size <= 0) return data_size;
361 
362 #ifdef __COVERITY__
363  /*
364  * data_size and written have type size_t, so
365  * their sum can at least in theory exceed SSIZE_MAX.
366  * We add this check to placate Coverity.
367  *
368  * When Coverity examines this function it doesn't have
369  * the caller context to see that it's honoring needed
370  * preconditions (buffer_len <=SSIZE_MAX, and the loop
371  * schema needed to use this function).
372  */
373  if (data_size + written > SSIZE_MAX) return -1;
374 #endif
375 
376  return data_size + written;
377 }
378 
379 
380 static int mod_connection_set(fr_listen_t *li, fr_io_address_t *connection)
381 {
382  proto_control_unix_thread_t *thread = talloc_get_type_abort(li->thread_instance, proto_control_unix_thread_t);
383 
384  thread->connection = connection;
385 
386  // @todo - set name to path + peer ID of other end?
387 
388  return 0;
389 }
390 
391 static void mod_network_get(int *ipproto, bool *dynamic_clients, fr_trie_t const **trie, UNUSED void *instance)
392 {
393  *ipproto = IPPROTO_TCP;
394  *dynamic_clients = false;
395  *trie = NULL;
396 }
397 
398 /** Open a UNIX listener for control sockets
399  *
400  */
401 static int mod_open(fr_listen_t *li)
402 {
403  proto_control_unix_t const *inst = talloc_get_type_abort_const(li->app_io_instance, proto_control_unix_t);
404  proto_control_unix_thread_t *thread = talloc_get_type_abort(li->thread_instance, proto_control_unix_thread_t);
405 
406  CONF_ITEM *ci;
407  CONF_SECTION *server_cs;
408 
409  fr_bio_fd_info_t const *info;
410  fr_bio_fd_config_t cfg;
411 
412  fr_assert(!thread->connection);
413 
414  cfg = (fr_bio_fd_config_t) {
415  .type = FR_BIO_FD_LISTEN,
416  .socket_type = SOCK_STREAM,
417  .path = inst->filename,
418  .uid = inst->uid,
419  .gid = inst->gid,
420  .perm = 0x700,
421  .async = true,
422  };
423 
424  thread->fd_bio = fr_bio_fd_alloc(thread, &cfg, 0);
425  if (!thread->fd_bio) {
426  PERROR("Failed allocating UNIX path %s", inst->filename);
427  return -1;
428  }
429 
430  info = fr_bio_fd_info(thread->fd_bio);
431  fr_assert(info != NULL);
432 
433  li->fd = thread->sockfd = info->socket.fd;
434 
435  ci = cf_parent(inst->cs); /* listen { ... } */
436  fr_assert(ci != NULL);
437  ci = cf_parent(ci);
438  fr_assert(ci != NULL);
439 
440  server_cs = cf_item_to_section(ci);
441 
442  thread->name = talloc_typed_asprintf(thread, "control_unix from filename %s", inst->filename);
443 
444  /*
445  * Set up the fake client
446  */
447  thread->radclient.longname = inst->filename;
448  thread->radclient.ipaddr.af = AF_INET;
449  thread->radclient.src_ipaddr.af = AF_INET;
450 
451  thread->radclient.server_cs = server_cs;
452  fr_assert(thread->radclient.server_cs != NULL);
453  thread->radclient.server = cf_section_name2(thread->radclient.server_cs);
454 
455  return 0;
456 }
457 
458 #if !defined(HAVE_GETPEEREID) && defined(SO_PEERCRED)
459 static int getpeereid(int s, uid_t *euid, gid_t *egid)
460 {
461  struct ucred cr;
462  socklen_t cl = sizeof(cr);
463 
464  if (getsockopt(s, SOL_SOCKET, SO_PEERCRED, &cr, &cl) < 0) {
465  return -1;
466  }
467 
468  *euid = cr.uid;
469  *egid = cr.gid;
470  return 0;
471 }
472 
473 /* we now have getpeereid() in this file */
474 #define HAVE_GETPEEREID (1)
475 
476 #endif /* HAVE_GETPEEREID */
477 
478 static int _close_cookies(proto_control_unix_thread_t *thread)
479 {
480  if (thread->stdout_fp) fclose(thread->stdout_fp);
481  if (thread->stderr_fp) fclose(thread->stderr_fp);
482  if (thread->misc) fclose(thread->misc);
483 
484  return 0;
485 }
486 
487 /** Set the file descriptor for this socket.
488  *
489  */
490 static int mod_fd_set(fr_listen_t *li, int fd)
491 {
492  proto_control_unix_t const *inst = talloc_get_type_abort_const(li->app_io_instance, proto_control_unix_t);
493  proto_control_unix_thread_t *thread = talloc_get_type_abort(li->thread_instance, proto_control_unix_thread_t);
494 
495  cookie_io_functions_t io;
496 
497 #ifdef HAVE_GETPEEREID
498  /*
499  * Perform user authentication.
500  *
501  * @todo - this really belongs in the accept() callback,
502  * so that we don't create an entirely new listener and
503  * then close it.
504  */
505  if (inst->peer_uid || inst->peer_gid) {
506  uid_t uid;
507  gid_t gid;
508 
509  if (getpeereid(fd, &uid, &gid) < 0) {
510  ERROR("Failed getting peer credentials for %s: %s",
511  inst->filename, fr_syserror(errno));
512  return -1;
513  }
514 
515  /*
516  * Only do UID checking if the caller is
517  * non-root. The superuser can do anything, so
518  * we might as well let them do anything.
519  */
520  if (uid != 0) do {
521  /*
522  * Allow entry if UID or GID matches.
523  */
524  if (inst->peer_uid_name && (inst->peer_uid == uid)) break;
525  if (inst->peer_gid_name && (inst->peer_gid == gid)) break;
526 
527  if (inst->peer_uid_name && (inst->peer_uid != uid)) {
528  ERROR("Unauthorized connection to %s from uid %ld",
529  inst->filename, (long int) uid);
530  return -1;
531  }
532 
533  if (inst->peer_gid_name && (inst->peer_gid != gid)) {
534  ERROR("Unauthorized connection to %s from gid %ld",
535  inst->filename, (long int) gid);
536  return -1;
537  }
538 
539  } while (0);
540 
541  thread->name = talloc_typed_asprintf(thread, "proto unix filename %s from peer UID %u GID %u",
542  inst->filename,
543  (unsigned int) uid, (unsigned int) gid);
544  } else
545 #endif
546 
547 
548  thread->name = talloc_typed_asprintf(thread, "proto unix filename %s", inst->filename);
549 
550  thread->sockfd = fd;
551  thread->read = mod_read_init;
552 
553  /*
554  * These must be set separately as they have different prototypes.
555  */
556  io.read = NULL;
557  io.seek = NULL;
558  io.close = NULL;
559  io.write = write_stdout;
560 
561  thread->stdout_fp = fopencookie(thread, "w", io);
562 
563  io.write = write_stderr;
564  thread->stderr_fp = fopencookie(thread, "w", io);
565 
566  io.write = write_misc;
567  thread->misc = fopencookie(thread, "w", io);
568 
569  talloc_set_destructor(thread, _close_cookies);
570 
571  /*
572  * @todo - if we move to a binary protocol, then we
573  * should change this to a small (i.e. 1K) buffer. The
574  * data should be sent over to the remote side as quickly
575  * as possible.
576  */
577  (void) setvbuf(thread->stdout_fp, NULL, _IOLBF, 0);
578  (void) setvbuf(thread->stderr_fp, NULL, _IOLBF, 0);
579  (void) setvbuf(thread->misc, NULL, _IOLBF, 0);
580 
581  thread->info = talloc_zero(thread, fr_cmd_info_t);
582  fr_command_info_init(thread, thread->info);
583 
584  return 0;
585 }
586 
587 static char const *mod_name(fr_listen_t *li)
588 {
589  proto_control_unix_thread_t *thread = talloc_get_type_abort(li->thread_instance, proto_control_unix_thread_t);
590 
591  return thread->name;
592 }
593 
594 
595 static int mod_instantiate(module_inst_ctx_t const *mctx)
596 {
597  proto_control_unix_t *inst = talloc_get_type_abort(mctx->mi->data, proto_control_unix_t);
598  CONF_SECTION *conf = mctx->mi->conf;
599 
600  inst->cs = conf;
601 
602  if (inst->recv_buff_is_set) {
603  FR_INTEGER_BOUND_CHECK("recv_buff", inst->recv_buff, >=, 32);
604  FR_INTEGER_BOUND_CHECK("recv_buff", inst->recv_buff, <=, INT_MAX);
605  }
606 
607  if (inst->uid_name) {
608  struct passwd *pwd;
609 
610  if (fr_perm_getpwnam(conf, &pwd, inst->uid_name) < 0) {
611  PERROR("Failed getting uid for %s", inst->uid_name);
612  return -1;
613  }
614  inst->uid = pwd->pw_uid;
615  talloc_free(pwd);
616 
617  } else if (main_config->server_uid) {
618  inst->uid = main_config->server_uid;
619 
620  } else {
621  inst->uid = getuid();
622  }
623 
624  if (inst->gid_name) {
625  if (fr_perm_gid_from_str(conf, &inst->gid, inst->gid_name) < 0) {
626  PERROR("Failed getting gid for %s", inst->gid_name);
627  return -1;
628  }
629 
630  } else if (main_config->server_gid) {
631  inst->gid = main_config->server_gid;
632 
633  } else {
634  inst->gid = getgid();
635  }
636 
637  /*
638  * And for peer creds
639  */
640  if (inst->peer_uid_name) {
641  struct passwd *pwd;
642 
643  if (fr_perm_getpwnam(conf, &pwd, inst->peer_uid_name) < 0) {
644  PERROR("Failed getting peer uid for %s", inst->peer_uid_name);
645  return -1;
646  }
647  inst->peer_uid = pwd->pw_uid;
648  talloc_free(pwd);
649  }
650 
651  if (inst->peer_gid_name) {
652  if (fr_perm_gid_from_str(conf, &inst->peer_gid, inst->peer_gid_name) < 0) {
653  PERROR("Failed getting peer gid for %s", inst->peer_gid_name);
654  return -1;
655  }
656  }
657 
658  if (!inst->mode_name) {
659  inst->read_only = true;
660  } else {
661  int mode;
662 
663  mode = fr_table_value_by_str(mode_names, inst->mode_name, 0);
664  if (!mode) {
665  ERROR("Invalid mode name \"%s\"",
666  inst->mode_name);
667  return -1;
668  }
669 
670  if ((mode & FR_WRITE) == 0) {
671  inst->read_only = true;
672  } else {
673  inst->read_only = false;
674  }
675  }
676 
677  FR_INTEGER_BOUND_CHECK("max_packet_size", inst->max_packet_size, >=, 20);
678  FR_INTEGER_BOUND_CHECK("max_packet_size", inst->max_packet_size, <=, 65536);
679 
680  return 0;
681 }
682 
683 static fr_client_t *mod_client_find(fr_listen_t *li, UNUSED fr_ipaddr_t const *ipaddr, UNUSED int ipproto)
684 {
685  proto_control_unix_thread_t *thread = talloc_get_type_abort(li->thread_instance, proto_control_unix_thread_t);
686 
687  return &thread->radclient;
688 }
689 
690 extern fr_app_io_t proto_control_unix;
691 fr_app_io_t proto_control_unix = {
692  .common = {
693  .magic = MODULE_MAGIC_INIT,
694  .name = "control_unix",
695  .config = unix_listen_config,
696  .inst_size = sizeof(proto_control_unix_t),
697  .thread_inst_size = sizeof(proto_control_unix_thread_t),
698  .instantiate = mod_instantiate
699  },
700  .default_message_size = 4096,
701 
702  .open = mod_open,
703  .read = mod_read,
704  .write = mod_write,
705  .fd_set = mod_fd_set,
706  .connection_set = mod_connection_set,
707  .network_get = mod_network_get,
708  .client_find = mod_client_find,
709  .get_name = mod_name,
710 };
buffer
static int const char char buffer[256]
Definition: acutest.h:574
fr_app_io_t::common
module_t common
Common fields to all loadable modules.
Definition: app_io.h:34
fr_app_io_t
Public structure describing an I/O path for a protocol.
Definition: app_io.h:33
fr_radmin_run
int fr_radmin_run(fr_cmd_info_t *info, FILE *fp, FILE *fp_err, char *str, bool read_only)
Run a command from an input string.
Definition: radmin.c:1135
fr_radmin_complete
void fr_radmin_complete(FILE *fp, const char *text, int start)
Definition: radmin.c:1171
fr_radmin_help
void fr_radmin_help(FILE *fp, char const *text)
Definition: radmin.c:1166
fr_bio_s
Definition: base.h:112
L
#define L(_str)
Helper for initialising arrays of string literals.
Definition: build.h:207
UNUSED
#define UNUSED
Definition: build.h:313
NUM_ELEMENTS
#define NUM_ELEMENTS(_t)
Definition: build.h:335
CONF_PARSER_TERMINATOR
#define CONF_PARSER_TERMINATOR
Definition: cf_parse.h:627
FR_INTEGER_BOUND_CHECK
#define FR_INTEGER_BOUND_CHECK(_name, _var, _op, _bound)
Definition: cf_parse.h:487
FR_CONF_OFFSET
#define FR_CONF_OFFSET(_name, _struct, _field)
conf_parser_t which parses a single CONF_PAIR, writing the result to a field in a struct
Definition: cf_parse.h:268
FR_CONF_POINTER
#define FR_CONF_POINTER(_name, _type, _flags, _res_p)
conf_parser_t which parses a single CONF_PAIR producing a single global result
Definition: cf_parse.h:310
FR_CONF_OFFSET_IS_SET
#define FR_CONF_OFFSET_IS_SET(_name, _type, _flags, _struct, _field)
conf_parser_t which parses a single CONF_PAIR, writing the result to a field in a struct,...
Definition: cf_parse.h:282
FR_CONF_OFFSET_FLAGS
#define FR_CONF_OFFSET_FLAGS(_name, _flags, _struct, _field)
conf_parser_t which parses a single CONF_PAIR, writing the result to a field in a struct
Definition: cf_parse.h:256
CONF_FLAG_REQUIRED
@ CONF_FLAG_REQUIRED
Error out if no matching CONF_PAIR is found, and no dflt value is set.
Definition: cf_parse.h:405
CONF_FLAG_SUBSECTION
@ CONF_FLAG_SUBSECTION
Instead of putting the information into a configuration structure, the configuration file routines MA...
Definition: cf_parse.h:399
conf_parser_s
Defines a CONF_PAIR to C data type mapping.
Definition: cf_parse.h:564
cf_item
Common header for all CONF_* types.
Definition: cf_priv.h:49
cf_section
A section grouping multiple CONF_PAIR.
Definition: cf_priv.h:101
cf_section_name2
char const * cf_section_name2(CONF_SECTION const *cs)
Return the second identifier of a CONF_SECTION.
Definition: cf_util.c:1185
cf_item_to_section
CONF_SECTION * cf_item_to_section(CONF_ITEM const *ci)
Cast a CONF_ITEM to a CONF_SECTION.
Definition: cf_util.c:684
cf_parent
#define cf_parent(_cf)
Definition: cf_util.h:101
fr_command_clear
int fr_command_clear(int new_argc, fr_cmd_info_t *info)
Clear out any value boxes etc.
Definition: command.c:2369
fr_command_info_init
void fr_command_info_init(TALLOC_CTX *ctx, fr_cmd_info_t *info)
Initialize an fr_cmd_info_t structure.
Definition: command.c:2397
fr_cmd_info_t
Definition: command.h:38
fr_conduit_write
ssize_t fr_conduit_write(int fd, fr_conduit_type_t conduit, void const *out, size_t outlen)
Definition: conduit.c:228
fr_conduit_read_async
ssize_t fr_conduit_read_async(int fd, fr_conduit_type_t *pconduit, void *out, size_t outlen, size_t *leftover, bool *want_more)
Definition: conduit.c:75
FR_CONDUIT_MAGIC
#define FR_CONDUIT_MAGIC
Definition: conduit.h:32
fr_conduit_hdr_t::conduit
uint16_t conduit
Definition: conduit.h:77
FR_CONDUIT_FAIL
@ FR_CONDUIT_FAIL
Definition: conduit.h:54
FR_CONDUIT_PARTIAL
@ FR_CONDUIT_PARTIAL
Definition: conduit.h:55
FR_CONDUIT_SUCCESS
@ FR_CONDUIT_SUCCESS
Definition: conduit.h:56
fr_conduit_hdr_t::length
uint32_t length
Definition: conduit.h:78
fr_conduit_type_t
fr_conduit_type_t
Definition: conduit.h:34
FR_CONDUIT_STDOUT
@ FR_CONDUIT_STDOUT
Definition: conduit.h:36
FR_CONDUIT_HELP
@ FR_CONDUIT_HELP
Definition: conduit.h:43
FR_CONDUIT_STDIN
@ FR_CONDUIT_STDIN
Definition: conduit.h:35
FR_CONDUIT_STDERR
@ FR_CONDUIT_STDERR
Definition: conduit.h:37
FR_CONDUIT_CMD_STATUS
@ FR_CONDUIT_CMD_STATUS
Definition: conduit.h:38
FR_CONDUIT_INIT_ACK
@ FR_CONDUIT_INIT_ACK
Definition: conduit.h:39
FR_CONDUIT_COMPLETE
@ FR_CONDUIT_COMPLETE
Definition: conduit.h:44
fr_conduit_hdr_t
Definition: conduit.h:75
ERROR
#define ERROR(fmt,...)
Definition: dhcpclient.c:41
DEBUG
#define DEBUG(fmt,...)
Definition: dhcpclient.c:39
MODULE_MAGIC_INIT
#define MODULE_MAGIC_INIT
Stop people using different module/library/server versions together.
Definition: dl_module.h:63
fr_bio_fd_alloc
fr_bio_t * fr_bio_fd_alloc(TALLOC_CTX *ctx, fr_bio_fd_config_t const *cfg, size_t offset)
Allocate a FD bio.
Definition: fd.c:1012
fr_bio_fd_info
fr_bio_fd_info_t const * fr_bio_fd_info(fr_bio_t *bio)
Returns a pointer to the bio-specific information.
Definition: fd.c:1323
fr_bio_fd_info_t::socket
fr_socket_t socket
as connected socket
Definition: fd.h:111
FR_BIO_FD_LISTEN
@ FR_BIO_FD_LISTEN
returns new fd in buffer on fr_bio_read() or fr_bio_fd_accept()
Definition: fd.h:66
fr_bio_fd_config_t::type
fr_bio_fd_type_t type
accept, connected, unconnected, etc.
Definition: fd.h:79
fr_bio_fd_config_t
Configuration for sockets.
Definition: fd.h:78
fr_bio_fd_info_t
Run-time status of the socket.
Definition: fd.h:110
fopencookie
FILE * fopencookie(void *cookie, const char *mode, cookie_io_functions_t io_funcs)
Definition: fopencookie.c:99
cookie_io_functions_t::close
cookie_close_function_t close
Definition: fopencookie.h:55
cookie_io_functions_t::seek
cookie_seek_function_t seek
Definition: fopencookie.h:54
cookie_io_functions_t::read
cookie_read_function_t read
Definition: fopencookie.h:52
cookie_io_functions_t::write
cookie_write_function_t write
Definition: fopencookie.h:53
cookie_io_functions_t
Definition: fopencookie.h:51
fr_ipaddr_t::af
int af
Address family.
Definition: inet.h:64
fr_ipaddr_t
IPv4/6 prefix.
Definition: merged_model.c:272
fr_io_data_read_t
ssize_t(* fr_io_data_read_t)(fr_listen_t *li, void **packet_ctx, fr_time_t *recv_time, uint8_t *buffer, size_t buffer_len, size_t *leftover)
Read from a socket.
Definition: base.h:176
fr_io_address_t
Definition: base.h:335
fr_listen::app_io_instance
void const * app_io_instance
I/O path configuration context.
Definition: listen.h:32
fr_listen::thread_instance
void * thread_instance
thread / socket context
Definition: listen.h:33
fr_listen::fd
int fd
file descriptor for this socket - set by open
Definition: listen.h:28
fr_listen
Definition: listen.h:25
fr_client_s::server
char const * server
Name of the virtual server client is associated with.
Definition: client.h:129
fr_client_s::ipaddr
fr_ipaddr_t ipaddr
IPv4/IPv6 address of the host.
Definition: client.h:83
fr_client_s::src_ipaddr
fr_ipaddr_t src_ipaddr
IPv4/IPv6 address to send responses from (family must match ipaddr).
Definition: client.h:84
fr_client_s::longname
char const * longname
Client identifier.
Definition: client.h:87
fr_client_s::server_cs
CONF_SECTION * server_cs
Virtual server that the client is associated with.
Definition: client.h:130
fr_client_s
Describes a host allowed to send packets to the server.
Definition: client.h:80
PERROR
#define PERROR(_fmt,...)
Definition: log.h:228
DEBUG3
#define DEBUG3(_fmt,...)
Definition: log.h:266
talloc_free
talloc_free(reap)
main_config
main_config_t const * main_config
Main server configuration.
Definition: main_config.c:69
uint16_t
unsigned short uint16_t
Definition: merged_model.c:31
FR_TYPE_UINT32
@ FR_TYPE_UINT32
32 Bit unsigned integer.
Definition: merged_model.c:99
uint32_t
unsigned int uint32_t
Definition: merged_model.c:33
ssize_t
long int ssize_t
Definition: merged_model.c:24
uint8_t
unsigned char uint8_t
Definition: merged_model.c:30
module_inst_ctx_t::mi
module_instance_t * mi
Instance of the module being instantiated.
Definition: module_ctx.h:51
module_inst_ctx_t
Temporary structure to hold arguments for instantiation calls.
Definition: module_ctx.h:50
fr_perm_getpwnam
int fr_perm_getpwnam(TALLOC_CTX *ctx, struct passwd **out, char const *name)
Resolve a username to a passwd entry.
Definition: perm.c:138
fr_perm_gid_from_str
int fr_perm_gid_from_str(TALLOC_CTX *ctx, gid_t *out, char const *name)
Resolve a group name to a GID.
Definition: perm.c:345
proto_control.h
proto_control_unix_t::mode_name
char const * mode_name
Definition: proto_control_unix.c:83
proto_control_unix_thread_t::misc_conduit
fr_conduit_type_t misc_conduit
Definition: proto_control_unix.c:63
proto_control_unix_thread_t::radclient
fr_client_t radclient
for faking out clients
Definition: proto_control_unix.c:67
proto_control_unix_thread_t::name
char const * name
socket name
Definition: proto_control_unix.c:48
mod_network_get
static void mod_network_get(int *ipproto, bool *dynamic_clients, fr_trie_t const **trie, UNUSED void *instance)
Definition: proto_control_unix.c:391
mod_read
static ssize_t mod_read(fr_listen_t *li, void **packet_ctx, fr_time_t *recv_time_p, uint8_t *buffer, size_t buffer_len, size_t *leftover)
Definition: proto_control_unix.c:290
peercred_config
static const conf_parser_t peercred_config[]
Definition: proto_control_unix.c:95
proto_control_unix_thread_t::stdout_fp
FILE * stdout_fp
Definition: proto_control_unix.c:60
proto_control_unix_t::filename
char const * filename
filename of control socket
Definition: proto_control_unix.c:73
_close_cookies
static int _close_cookies(proto_control_unix_thread_t *thread)
Definition: proto_control_unix.c:478
proto_control_unix_t::peer_gid
gid_t peer_gid
GID value.
Definition: proto_control_unix.c:91
proto_control_unix_t::gid_name
char const * gid_name
name of GID to require
Definition: proto_control_unix.c:75
proto_control_unix_thread_t::misc
FILE * misc
Definition: proto_control_unix.c:64
proto_control_unix_thread_t::sockfd
int sockfd
Definition: proto_control_unix.c:50
proto_control_unix_t::read_only
bool read_only
Definition: proto_control_unix.c:84
proto_control_unix_t::recv_buff_is_set
bool recv_buff_is_set
Whether we were provided with a receive buffer value.
Definition: proto_control_unix.c:86
proto_control_unix_thread_t::info
fr_cmd_info_t * info
for running commands
Definition: proto_control_unix.c:65
proto_control_unix_thread_t::read
fr_io_data_read_t read
function to process data after reading
Definition: proto_control_unix.c:59
proto_control_unix_t::recv_buff
uint32_t recv_buff
How big the kernel's receive buffer should be.
Definition: proto_control_unix.c:79
proto_control_unix_thread_t::connection
fr_io_address_t * connection
for connected sockets.
Definition: proto_control_unix.c:56
proto_control_unix
fr_app_io_t proto_control_unix
Definition: proto_control_unix.c:691
proto_control_unix_t::gid
gid_t gid
GID value.
Definition: proto_control_unix.c:77
mod_open
static int mod_open(fr_listen_t *li)
Open a UNIX listener for control sockets.
Definition: proto_control_unix.c:401
proto_control_unix_thread_t::stderr_fp
FILE * stderr_fp
Definition: proto_control_unix.c:61
proto_control_unix_t::uid
uid_t uid
UID value.
Definition: proto_control_unix.c:76
proto_control_unix_t::peer_uid
uid_t peer_uid
UID value.
Definition: proto_control_unix.c:90
mod_name
static char const * mod_name(fr_listen_t *li)
Definition: proto_control_unix.c:587
write_stdout
static SINT write_stdout(void *instance, char const *buffer, INT buffer_size)
Definition: proto_control_unix.c:133
proto_control_unix_t::peer_uid_name
char const * peer_uid_name
name of UID to require
Definition: proto_control_unix.c:88
proto_control_unix_t::cs
CONF_SECTION * cs
our configuration
Definition: proto_control_unix.c:71
proto_control_unix_t::peer_gid_name
char const * peer_gid_name
name of GID to require
Definition: proto_control_unix.c:89
mod_read_init
static ssize_t mod_read_init(fr_listen_t *li, UNUSED void **packet_ctx, UNUSED fr_time_t *recv_time_p, uint8_t *buffer, size_t buffer_len, UNUSED size_t *leftover)
Definition: proto_control_unix.c:249
FR_WRITE
#define FR_WRITE
Definition: proto_control_unix.c:119
mod_write
static ssize_t mod_write(fr_listen_t *li, UNUSED void *packet_ctx, UNUSED fr_time_t request_time, uint8_t *buffer, size_t buffer_len, size_t written)
Definition: proto_control_unix.c:338
FR_READ
#define FR_READ
Definition: proto_control_unix.c:118
write_misc
static SINT write_misc(void *instance, char const *buffer, INT buffer_size)
Definition: proto_control_unix.c:147
SINT
#define SINT
Definition: proto_control_unix.c:131
mod_connection_set
static int mod_connection_set(fr_listen_t *li, fr_io_address_t *connection)
Definition: proto_control_unix.c:380
write_stderr
static SINT write_stderr(void *instance, char const *buffer, INT buffer_size)
Definition: proto_control_unix.c:140
mod_fd_set
static int mod_fd_set(fr_listen_t *li, int fd)
Set the file descriptor for this socket.
Definition: proto_control_unix.c:490
proto_control_unix_thread_t::stats
fr_stats_t stats
statistics for this socket
Definition: proto_control_unix.c:54
proto_control_unix_t::max_packet_size
uint32_t max_packet_size
for message ring buffer.
Definition: proto_control_unix.c:81
mod_client_find
static fr_client_t * mod_client_find(fr_listen_t *li, UNUSED fr_ipaddr_t const *ipaddr, UNUSED int ipproto)
Definition: proto_control_unix.c:683
mod_instantiate
static int mod_instantiate(module_inst_ctx_t const *mctx)
Definition: proto_control_unix.c:595
mode_names_len
static size_t mode_names_len
Definition: proto_control_unix.c:127
mod_read_command
static ssize_t mod_read_command(fr_listen_t *li, UNUSED void **packet_ctx, UNUSED fr_time_t *recv_time_p, uint8_t *buffer, UNUSED size_t buffer_len, UNUSED size_t *leftover)
Definition: proto_control_unix.c:158
mode_names
static fr_table_num_sorted_t mode_names[]
Definition: proto_control_unix.c:121
proto_control_unix_thread_t::fd_bio
fr_bio_t * fd_bio
Definition: proto_control_unix.c:52
unix_listen_config
static const conf_parser_t unix_listen_config[]
Definition: proto_control_unix.c:102
proto_control_unix_t::uid_name
char const * uid_name
name of UID to require
Definition: proto_control_unix.c:74
INT
#define INT
Definition: proto_control_unix.c:130
proto_control_unix_t
Definition: proto_control_unix.c:70
proto_control_unix_thread_t
Definition: proto_control_unix.c:47
ipproto
static int ipproto
Definition: radclient-ng.c:92
done
static bool done
Definition: radclient.c:80
DEBUG2
#define DEBUG2(fmt,...)
Definition: radclient.h:43
conf
static rs_t * conf
Definition: radsniff.c:53
module_instance_s::conf
CONF_SECTION * conf
Module's instance configuration.
Definition: module.h:329
module_instance_s::data
void * data
Module's instance data.
Definition: module.h:271
fr_stats_t::total_responses
fr_uint_t total_responses
Definition: stats.h:45
fr_stats_t
Definition: stats.h:41
fr_assert
fr_assert(0)
inst
eap_aka_sim_process_conf_t * inst
Definition: state_machine.c:3620
fr_time
#define fr_time()
Allow us to arbitrarily manipulate time.
Definition: state_test.c:8
fr_syserror
char const * fr_syserror(int num)
Guaranteed to be thread-safe version of strerror.
Definition: syserror.c:243
fr_table_value_by_str
#define fr_table_value_by_str(_table, _name, _def)
Convert a string to a value using a sorted or ordered table.
Definition: table.h:653
fr_table_num_sorted_t
An element in a lexicographically sorted array of name to num mappings.
Definition: table.h:49
talloc_typed_asprintf
char * talloc_typed_asprintf(TALLOC_CTX *ctx, char const *fmt,...)
Call talloc vasprintf, setting the type on the new chunk correctly.
Definition: talloc.c:492
talloc_get_type_abort_const
#define talloc_get_type_abort_const
Definition: talloc.h:282
fr_time_s
"server local" time.
Definition: time.h:69
fr_trie_s
Definition: trie.c:484
fr_socket_t::fd
int fd
File descriptor if this is a live socket.
Definition: socket.h:81
Generated by   doxygen 1.9.1