mirror of
https://gitlab.com/openconnect/ocserv.git
synced 2026-02-10 00:37:00 +08:00
Allow modifying the default occtl socket file.
This commit is contained in:
Nikos Mavrogiannopoulos
@@ -32,6 +32,7 @@
|
||||
#include <c-strcase.h>
|
||||
|
||||
#include <vpn.h>
|
||||
#include <ctl.h>
|
||||
#include <tlslib.h>
|
||||
|
||||
#define OLD_DEFAULT_CFG_FILE "/etc/ocserv.conf"
|
||||
@@ -75,6 +76,7 @@ static struct cfg_options available_options[] = {
|
||||
{ .name = "disconnect-script", .type = OPTION_STRING, .mandatory = 0 },
|
||||
{ .name = "pid-file", .type = OPTION_STRING, .mandatory = 0 },
|
||||
{ .name = "socket-file", .type = OPTION_STRING, .mandatory = 1 },
|
||||
{ .name = "occtl-socket-file", .type = OPTION_STRING, .mandatory = 0 },
|
||||
{ .name = "banner", .type = OPTION_STRING, .mandatory = 0 },
|
||||
/* this is alias for cisco-client-compat */
|
||||
{ .name = "always-require-cert", .type = OPTION_BOOLEAN, .mandatory = 0 },
|
||||
@@ -360,6 +362,9 @@ unsigned force_cert_auth;
|
||||
READ_STRING("pid-file", pid_file);
|
||||
|
||||
READ_STRING("socket-file", config->socket_file_prefix);
|
||||
READ_STRING("occtl-socket-file", config->occtl_socket_file);
|
||||
if (config->occtl_socket_file == NULL)
|
||||
config->occtl_socket_file = talloc_strdup(config, OCCTL_UNIX_SOCKET);
|
||||
|
||||
READ_STRING("banner", config->banner);
|
||||
READ_TF("cisco-client-compat", config->cisco_client_compat, 0);
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
#ifndef CTL_H
|
||||
# define CTL_H
|
||||
|
||||
#define OCSERV_UNIX_NAME "/var/run/ocserv.usocket"
|
||||
#define OCCTL_UNIX_SOCKET "/var/run/occtl.socket"
|
||||
|
||||
enum {
|
||||
CTL_CMD_STATUS = 1,
|
||||
|
||||
@@ -88,7 +88,7 @@ void ctl_handler_deinit(main_server_st * s)
|
||||
return;
|
||||
|
||||
if (s->ctl_fd >= 0) {
|
||||
mslog(s, NULL, LOG_DEBUG, "closing unix socket connection");
|
||||
/*mslog(s, NULL, LOG_DEBUG, "closing unix socket connection");*/
|
||||
close(s->ctl_fd);
|
||||
/*remove(OCSERV_UNIX_NAME); */
|
||||
}
|
||||
@@ -102,19 +102,20 @@ int ctl_handler_init(main_server_st * s)
|
||||
struct sockaddr_un sa;
|
||||
int sd, e;
|
||||
|
||||
if (s->config->use_occtl == 0)
|
||||
if (s->config->use_occtl == 0 || s->config->occtl_socket_file == NULL)
|
||||
return 0;
|
||||
|
||||
mslog(s, NULL, LOG_DEBUG, "initializing control unix socket: %s", s->config->occtl_socket_file);
|
||||
memset(&sa, 0, sizeof(sa));
|
||||
sa.sun_family = AF_UNIX;
|
||||
snprintf(sa.sun_path, sizeof(sa.sun_path), "%s", OCSERV_UNIX_NAME);
|
||||
remove(OCSERV_UNIX_NAME);
|
||||
snprintf(sa.sun_path, sizeof(sa.sun_path), "%s", s->config->occtl_socket_file);
|
||||
remove(s->config->occtl_socket_file);
|
||||
|
||||
sd = socket(AF_UNIX, SOCK_STREAM, 0);
|
||||
if (sd == -1) {
|
||||
e = errno;
|
||||
mslog(s, NULL, LOG_ERR, "could not create socket '%s': %s",
|
||||
OCSERV_UNIX_NAME, strerror(e));
|
||||
s->config->occtl_socket_file, strerror(e));
|
||||
return -1;
|
||||
}
|
||||
|
||||
@@ -123,22 +124,22 @@ int ctl_handler_init(main_server_st * s)
|
||||
if (ret == -1) {
|
||||
e = errno;
|
||||
mslog(s, NULL, LOG_ERR, "could not bind socket '%s': %s",
|
||||
OCSERV_UNIX_NAME, strerror(e));
|
||||
s->config->occtl_socket_file, strerror(e));
|
||||
return -1;
|
||||
}
|
||||
|
||||
ret = chown(OCSERV_UNIX_NAME, s->config->uid, s->config->gid);
|
||||
ret = chown(s->config->occtl_socket_file, s->config->uid, s->config->gid);
|
||||
if (ret == -1) {
|
||||
e = errno;
|
||||
mslog(s, NULL, LOG_ERR, "could not chown socket '%s': %s",
|
||||
OCSERV_UNIX_NAME, strerror(e));
|
||||
s->config->occtl_socket_file, strerror(e));
|
||||
}
|
||||
|
||||
ret = listen(sd, 1024);
|
||||
if (ret == -1) {
|
||||
e = errno;
|
||||
mslog(s, NULL, LOG_ERR, "could not listen to socket '%s': %s",
|
||||
OCSERV_UNIX_NAME, strerror(e));
|
||||
s->config->occtl_socket_file, strerror(e));
|
||||
return -1;
|
||||
}
|
||||
|
||||
|
||||
@@ -25,6 +25,14 @@ copyright = {
|
||||
|
||||
help-value = h;
|
||||
|
||||
flag = {
|
||||
name = socket-file;
|
||||
value = s;
|
||||
arg-type = file;
|
||||
descrip = "Specify the server's occtl socket file";
|
||||
doc = "This option is only needed if you have multiple servers.";
|
||||
};
|
||||
|
||||
|
||||
doc-section = {
|
||||
ds-type = 'SYNOPSIS';
|
||||
|
||||
@@ -942,7 +942,7 @@ int handle_show_id_cmd(dbus_ctx *ctx, const char *arg)
|
||||
return ret;
|
||||
}
|
||||
|
||||
dbus_ctx *conn_init(void *pool)
|
||||
dbus_ctx *conn_init(void *pool, const char *file)
|
||||
{
|
||||
DBusError err;
|
||||
dbus_ctx *ctx;
|
||||
|
||||
@@ -42,6 +42,7 @@
|
||||
struct unix_ctx {
|
||||
int fd;
|
||||
int is_open;
|
||||
const char *socket_file;
|
||||
};
|
||||
|
||||
static uint8_t msg_map[] = {
|
||||
@@ -172,14 +173,17 @@ int send_cmd(struct unix_ctx *ctx, unsigned cmd, const void *data,
|
||||
}
|
||||
|
||||
static
|
||||
int connect_to_ocserv (void)
|
||||
int connect_to_ocserv (const char *socket_file)
|
||||
{
|
||||
int sd, ret, e;
|
||||
struct sockaddr_un sa;
|
||||
|
||||
if (socket_file == NULL)
|
||||
socket_file = OCCTL_UNIX_SOCKET;
|
||||
|
||||
memset(&sa, 0, sizeof(sa));
|
||||
sa.sun_family = AF_UNIX;
|
||||
snprintf(sa.sun_path, sizeof(sa.sun_path), "%s", OCSERV_UNIX_NAME);
|
||||
snprintf(sa.sun_path, sizeof(sa.sun_path), "%s", socket_file);
|
||||
|
||||
sd = socket(AF_UNIX, SOCK_STREAM, 0);
|
||||
if (sd == -1) {
|
||||
@@ -763,7 +767,7 @@ int handle_show_id_cmd(struct unix_ctx *ctx, const char *arg)
|
||||
|
||||
int conn_prehandle(struct unix_ctx *ctx)
|
||||
{
|
||||
ctx->fd = connect_to_ocserv();
|
||||
ctx->fd = connect_to_ocserv(ctx->socket_file);
|
||||
if (ctx->fd != -1)
|
||||
ctx->is_open = 1;
|
||||
|
||||
@@ -778,9 +782,15 @@ void conn_posthandle(struct unix_ctx *ctx)
|
||||
}
|
||||
}
|
||||
|
||||
struct unix_ctx *conn_init(void *pool)
|
||||
struct unix_ctx *conn_init(void *pool, const char *file)
|
||||
{
|
||||
return talloc_zero(pool, struct unix_ctx);
|
||||
struct unix_ctx *ctx;
|
||||
ctx = talloc_zero(pool, struct unix_ctx);
|
||||
if (ctx == NULL)
|
||||
return NULL;
|
||||
ctx->socket_file = file;
|
||||
|
||||
return ctx;
|
||||
}
|
||||
|
||||
void conn_close(struct unix_ctx* conn)
|
||||
|
||||
43
src/occtl.c
43
src/occtl.c
@@ -148,6 +148,7 @@ static
|
||||
void usage(void)
|
||||
{
|
||||
printf("occtl: [OPTIONS...] {COMMAND}\n\n");
|
||||
printf(" -s --socket-file Specify the server's occtl socket file\n");
|
||||
printf(" -h --help Show this help\n");
|
||||
printf(" -v --version Show the program's version\n");
|
||||
printf("\n");
|
||||
@@ -479,10 +480,27 @@ void initialize_readline(void)
|
||||
signal(SIGINT, handle_sigint);
|
||||
}
|
||||
|
||||
static int single_cmd(int argc, char **argv, void *pool, const char *file)
|
||||
{
|
||||
CONN_TYPE *conn;
|
||||
char *line;
|
||||
int ret;
|
||||
|
||||
conn = conn_init(pool, file);
|
||||
|
||||
line = merge_args(argc, argv);
|
||||
ret = handle_cmd(conn, line);
|
||||
|
||||
free(line);
|
||||
return ret;
|
||||
}
|
||||
|
||||
|
||||
int main(int argc, char **argv)
|
||||
{
|
||||
char *line = NULL;
|
||||
CONN_TYPE *conn;
|
||||
const char *file = NULL;
|
||||
void *gl_pool;
|
||||
|
||||
gl_pool = talloc_init("occtl");
|
||||
@@ -493,28 +511,35 @@ int main(int argc, char **argv)
|
||||
|
||||
signal(SIGPIPE, SIG_IGN);
|
||||
|
||||
conn = conn_init(gl_pool);
|
||||
|
||||
if (argc > 1) {
|
||||
int ret;
|
||||
|
||||
if (argv[1][0] == '-') {
|
||||
if (argv[1][1] == 'v'
|
||||
|| (argv[1][1] == '-' && argv[1][2] == 'v')) {
|
||||
version();
|
||||
} else if (argc > 2 && (argv[1][1] == 's'
|
||||
|| (argv[1][1] == '-' && argv[1][2] == 's'))) {
|
||||
file = talloc_strdup(gl_pool, argv[2]);
|
||||
if (argc == 3) {
|
||||
goto interactive;
|
||||
} else {
|
||||
argv += 2;
|
||||
argc -= 2;
|
||||
exit(single_cmd(argc, argv, gl_pool, file));
|
||||
}
|
||||
} else {
|
||||
usage();
|
||||
}
|
||||
exit(0);
|
||||
}
|
||||
}
|
||||
|
||||
line = merge_args(argc, argv);
|
||||
ret = handle_cmd(conn, line);
|
||||
|
||||
free(line);
|
||||
return ret;
|
||||
/* handle all arguments as a command */
|
||||
exit(single_cmd(argc, argv, gl_pool, file));
|
||||
}
|
||||
|
||||
interactive:
|
||||
conn = conn_init(gl_pool, file);
|
||||
|
||||
initialize_readline();
|
||||
|
||||
version();
|
||||
|
||||
@@ -43,7 +43,7 @@ unsigned check_cmd_help(const char *line);
|
||||
# define CONN_TYPE struct unix_ctx
|
||||
#endif
|
||||
|
||||
CONN_TYPE *conn_init(void *pool);
|
||||
CONN_TYPE *conn_init(void *pool, const char *socket_file);
|
||||
void conn_close(CONN_TYPE*);
|
||||
|
||||
int conn_prehandle(CONN_TYPE *ctx);
|
||||
|
||||
@@ -249,13 +249,17 @@ use-utmp = true
|
||||
# or via a unix socket).
|
||||
use-occtl = true
|
||||
|
||||
# socket file used for IPC with occtl. You only need to set that,
|
||||
# if you use more than a single servers.
|
||||
#occtl-socket-file = /var/run/occtl.socket
|
||||
|
||||
# PID file. It can be overriden in the command line.
|
||||
pid-file = /var/run/ocserv.pid
|
||||
|
||||
# The default server directory. Does not require any devices present.
|
||||
#chroot-dir = /path/to/chroot
|
||||
|
||||
# socket file used for IPC, will be appended with .PID
|
||||
# socket file used for server IPC (worker-main), will be appended with .PID
|
||||
# It must be accessible within the chroot environment (if any)
|
||||
socket-file = /var/run/ocserv-socket
|
||||
|
||||
|
||||
@@ -221,6 +221,8 @@ struct cfg_st {
|
||||
unsigned use_utmp;
|
||||
unsigned use_dbus; /* whether the D-BUS service is registered */
|
||||
unsigned use_occtl; /* whether support for the occtl tool will be enabled */
|
||||
char* occtl_socket_file;
|
||||
|
||||
unsigned try_mtu; /* MTU discovery enabled */
|
||||
unsigned cisco_client_compat; /* do not require client certificate,
|
||||
* and allow auth to complete in different
|
||||
|
||||
Reference in New Issue
Block a user