3 Copyright (C) 2004-2007 Chris Porter.
10 #include <sys/types.h>
11 #include <sys/socket.h>
14 #include <sys/ioctl.h>
19 #include "../lib/sstring.h"
20 #include "../lib/irc_string.h"
21 #include "../core/config.h"
22 #include "../core/events.h"
23 #include "../lib/version.h"
25 #include "nterfacer.h"
28 MODULE_VERSION("1.1p" PROTOCOL_VERSION
);
30 struct service_node
*tree
= NULL
;
31 struct esocket_events nterfacer_events
;
32 struct esocket
*nterfacer_sock
;
33 struct rline
*rlines
= NULL
;
34 unsigned short nterfacer_token
= BLANK_TOKEN
;
35 struct nterface_auto_log
*nrl
;
37 struct service_node
*ping
= NULL
;
39 struct permitted
*permits
;
42 int ping_handler(struct rline
*ri
, int argc
, char **argv
);
46 int debug_mode
= getcopyconfigitemintpositive("nterfacer", "debug", 0);
48 nrl
= nterface_open_log("nterfacer", "logs/nterfacer.log", debug_mode
);
50 loaded
= load_permits();
52 nterface_log(nrl
, NL_ERROR
, "No permits loaded successfully.");
55 nterface_log(nrl
, NL_INFO
, "Loaded %d permit%s successfully.", loaded
, loaded
==1?"":"s");
58 nterfacer_events
.on_accept
= nterfacer_accept_event
;
59 nterfacer_events
.on_line
= nterfacer_line_event
;
60 nterfacer_events
.on_disconnect
= NULL
;
62 nterfacer_token
= esocket_token();
64 ping
= register_service("nterfacer");
68 register_handler(ping
, "ping", 0, ping_handler
);
71 accept_fd
= setup_listening_socket();
73 nterface_log(nrl
, NL_ERROR
, "Unable to setup listening socket!");
75 nterfacer_sock
= esocket_add(accept_fd
, ESOCKET_UNIX_DOMAIN
, &nterfacer_events
, nterfacer_token
);
78 /* the main unix domain socket must NOT have a disconnect event. */
79 nterfacer_events
.on_disconnect
= nterfacer_disconnect_event
;
82 void free_handler(struct handler
*hp
) {
83 freesstring(hp
->command
);
87 void free_handlers(struct service_node
*tp
) {
88 struct handler
*hp
, *lp
;
90 for(hp
=tp
->handlers
;hp
;) {
100 struct service_node
*tp
, *lp
;
104 deregister_service(ping
);
114 if((accept_fd
!= -1) && nterfacer_sock
) {
115 esocket_clean_by_token(nterfacer_token
);
116 nterfacer_sock
= NULL
;
120 if(permits
&& permit_count
) {
121 for(i
=0;i
<permit_count
;i
++) {
122 freesstring(permits
[i
].hostname
);
123 freesstring(permits
[i
].password
);
130 nrl
= nterface_close_log(nrl
);
133 int load_permits(void) {
134 int loaded_lines
= 0, i
, j
;
135 struct permitted
*new_permits
, *resized
, *item
;
136 struct hostent
*host
;
137 array
*hostnamesa
, *passwordsa
;
138 sstring
**hostnames
, **passwords
;
140 hostnamesa
= getconfigitems("nterfacer", "hostname");
141 passwordsa
= getconfigitems("nterfacer", "password");
142 if(!hostnamesa
|| !passwordsa
) {
143 nterface_log(nrl
, NL_ERROR
, "Unable to load hostnames/passwords.");
146 if(hostnamesa
->cursi
!= passwordsa
->cursi
) {
147 nterface_log(nrl
, NL_ERROR
, "Different number of hostnames/passwords in config file.");
151 hostnames
= (sstring
**)hostnamesa
->content
;
152 passwords
= (sstring
**)passwordsa
->content
;
154 new_permits
= calloc(hostnamesa
->cursi
, sizeof(struct permitted
));
157 for(i
=0;i
<hostnamesa
->cursi
;i
++) {
158 item
->hostname
= getsstring(hostnames
[i
]->content
, hostnames
[i
]->length
);
160 host
= gethostbyname(item
->hostname
->content
);
162 nterface_log(nrl
, NL_WARNING
, "Couldn't resolve hostname: %s (item %d).", item
->hostname
->content
, i
+ 1);
163 freesstring(item
->hostname
);
167 item
->ihost
= (*(struct in_addr
*)host
->h_addr
).s_addr
;
168 for(j
=0;j
<loaded_lines
;j
++) {
169 if(new_permits
[j
].ihost
== item
->ihost
) {
170 nterface_log(nrl
, NL_WARNING
, "Host with items %d and %d is identical, dropping item %d.", j
+ 1, i
+ 1, i
+ 1);
176 freesstring(item
->hostname
);
180 item
->password
= getsstring(passwords
[i
]->content
, passwords
[i
]->length
);
181 nterface_log(nrl
, NL_DEBUG
, "Loaded permit, hostname: %s.", item
->hostname
->content
);
192 resized
= realloc(new_permits
, sizeof(struct permitted
) * loaded_lines
);
199 permit_count
= loaded_lines
;
204 int setup_listening_socket(void) {
205 struct sockaddr_in sin
;
207 unsigned int opt
= 1;
209 fd
= socket(AF_INET
, SOCK_STREAM
, 0);
211 /* also shamelessly ripped from proxyscan */
213 nterface_log(nrl
, NL_ERROR
, "Unable to open listening socket (%d).", errno
);
217 if(setsockopt(fd
, SOL_SOCKET
, SO_REUSEADDR
, (const char *) &opt
, sizeof(opt
)) != 0) {
218 nterface_log(nrl
, NL_ERROR
, "Unable to set SO_REUSEADDR on listen socket.");
222 /* Initialiase the addresses */
223 memset(&sin
, 0, sizeof(sin
));
224 sin
.sin_family
= AF_INET
;
225 sin
.sin_port
= htons(getcopyconfigitemintpositive("nterfacer", "port", NTERFACER_PORT
));
227 if(bind(fd
, (struct sockaddr
*) &sin
, sizeof(sin
))) {
228 nterface_log(nrl
, NL_ERROR
, "Unable to bind listen socket (%d).", errno
);
234 if(ioctl(fd
, FIONBIO
, &opt
)) {
235 nterface_log(nrl
, NL_ERROR
, "Unable to set listen socket non-blocking.");
242 struct service_node
*register_service(char *name
) {
243 struct service_node
*np
= malloc(sizeof(service_node
));
246 np
->name
= getsstring(name
, strlen(name
));
260 struct handler
*register_handler(struct service_node
*service
, char *command
, int args
, handler_function fp
) {
261 struct handler
*hp
= malloc(sizeof(handler
));
264 hp
->command
= getsstring(command
, strlen(command
));
274 hp
->next
= service
->handlers
;
275 hp
->service
= service
;
276 service
->handlers
= hp
;
281 void deregister_handler(struct handler
*hl
) {
282 struct service_node
*service
= (struct service_node
*)hl
->service
;
283 struct handler
*np
, *lp
= NULL
;
284 for(np
=service
->handlers
;np
;lp
=np
,np
=np
->next
) {
289 service
->handlers
= np
->next
;
297 void deregister_service(struct service_node
*service
) {
298 struct service_node
*sp
, *lp
= NULL
;
299 struct rline
*li
, *pi
= NULL
;
301 for(sp
=tree
;sp
;lp
=sp
,sp
=sp
->next
) {
312 if(!sp
) /* already freed */
315 free_handlers(service
);
318 if(li
->service
== service
) {
332 freesstring(service
->name
);
337 void nterfacer_accept_event(struct esocket
*socket
) {
338 struct sockaddr_in sin
;
339 unsigned int addrsize
= sizeof(sin
);
340 int newfd
= accept(socket
->fd
, (struct sockaddr
*)&sin
, &addrsize
), i
;
341 struct sconnect
*temp
;
342 struct permitted
*item
= NULL
;
343 struct esocket
*newsocket
;
344 unsigned int opt
= 1;
347 nterface_log(nrl
, NL_WARNING
, "Unable to accept nterfacer fd!");
351 if(ioctl(newfd
, FIONBIO
, &opt
)) {
352 nterface_log(nrl
, NL_ERROR
, "Unable to set accepted socket non-blocking.");
356 for(i
=0;i
<permit_count
;i
++) {
357 if(permits
[i
].ihost
== sin
.sin_addr
.s_addr
) {
364 /* Someone needs to figure out how to print the IP :) */
365 nterface_log(nrl
, NL_INFO
, "Unauthorised connection closed");
370 temp
= (struct sconnect
*)malloc(sizeof(struct sconnect
));
377 /* do checks on hostname first */
379 newsocket
= esocket_add(newfd
, ESOCKET_UNIX_DOMAIN_CONNECTED
, &nterfacer_events
, nterfacer_token
);
385 newsocket
->tag
= temp
;
387 nterface_log(nrl
, NL_INFO
, "New connection from %s.", item
->hostname
->content
);
389 temp
->status
= SS_IDLE
;
392 esocket_write_line(newsocket
, "nterfacer " PROTOCOL_VERSION
);
395 void derive_key(unsigned char *out
, char *password
, char *segment
, unsigned char *noncea
, unsigned char *nonceb
, unsigned char *extra
, int extralen
) {
398 SHA256_Update(&c
, (unsigned char *)password
, strlen(password
));
399 SHA256_Update(&c
, (unsigned char *)":", 1);
400 SHA256_Update(&c
, (unsigned char *)segment
, strlen(segment
));
401 SHA256_Update(&c
, (unsigned char *)":", 1);
402 SHA256_Update(&c
, noncea
, 16);
403 SHA256_Update(&c
, (unsigned char *)":", 1);
404 SHA256_Update(&c
, nonceb
, 16);
405 SHA256_Update(&c
, (unsigned char *)":", 1);
406 SHA256_Update(&c
, extra
, extralen
);
407 SHA256_Final(out
, &c
);
410 SHA256_Update(&c
, out
, 32);
411 SHA256_Final(out
, &c
);
414 int nterfacer_line_event(struct esocket
*sock
, char *newline
) {
415 struct sconnect
*socket
= sock
->tag
;
416 char *response
, *theirnonceh
= NULL
, *theirivh
= NULL
;
417 unsigned char theirnonce
[16], theiriv
[16];
420 switch(socket
->status
) {
422 if(strcasecmp(newline
, ANTI_FULL_VERSION
)) {
423 nterface_log(nrl
, NL_INFO
, "Protocol mismatch from %s: %s", socket
->permit
->hostname
->content
, newline
);
426 unsigned char challenge
[32];
427 char ivhex
[16 * 2 + 1], noncehex
[16 * 2 + 1];
429 if(!get_entropy(challenge
, 32) || !get_entropy(socket
->iv
, 16)) {
430 nterface_log(nrl
, NL_ERROR
, "Unable to open challenge/IV entropy bin!");
434 int_to_hex(challenge
, socket
->challenge
, 32);
435 int_to_hex(socket
->iv
, ivhex
, 16);
437 memcpy(socket
->response
, challenge_response(socket
->challenge
, socket
->permit
->password
->content
), sizeof(socket
->response
));
438 socket
->response
[sizeof(socket
->response
) - 1] = '\0'; /* just in case */
440 socket
->status
= SS_VERSIONED
;
441 if(!generate_nonce(socket
->ournonce
, 1)) {
442 nterface_log(nrl
, NL_ERROR
, "Unable to generate nonce!");
445 int_to_hex(socket
->ournonce
, noncehex
, 16);
447 if(esocket_write_line(sock
, "%s %s %s", socket
->challenge
, ivhex
, noncehex
))
453 for(response
=newline
;*response
;response
++) {
454 if((*response
== ' ') && (*(response
+ 1))) {
456 theirivh
= response
+ 1;
462 for(response
=theirivh
;*response
;response
++) {
463 if((*response
== ' ') && (*(response
+ 1))) {
465 theirnonceh
= response
+ 1;
471 if(!theirivh
|| (strlen(theirivh
) != 32) || !hex_to_int(theirivh
, theiriv
, sizeof(theiriv
)) ||
472 !theirnonceh
|| (strlen(theirnonceh
) != 32) || !hex_to_int(theirnonceh
, theirnonce
, sizeof(theirnonce
))) {
473 nterface_log(nrl
, NL_INFO
, "Protocol error drop: %s", socket
->permit
->hostname
->content
);
477 if(!memcmp(socket
->ournonce
, theirnonce
, sizeof(theirnonce
))) {
478 nterface_log(nrl
, NL_INFO
, "Bad nonce drop: %s", socket
->permit
->hostname
->content
);
482 if(!strncasecmp(newline
, socket
->response
, sizeof(socket
->response
))) {
483 unsigned char theirkey
[32], ourkey
[32];
485 derive_key(ourkey
, socket
->permit
->password
->content
, socket
->challenge
, socket
->ournonce
, theirnonce
, (unsigned char *)"SERVER", 6);
487 derive_key(theirkey
, socket
->permit
->password
->content
, socket
->response
, theirnonce
, socket
->ournonce
, (unsigned char *)"CLIENT", 6);
488 nterface_log(nrl
, NL_INFO
, "Authed: %s", socket
->permit
->hostname
->content
);
489 socket
->status
= SS_AUTHENTICATED
;
490 switch_buffer_mode(sock
, ourkey
, socket
->iv
, theirkey
, theiriv
);
492 if(esocket_write_line(sock
, "Oauth"))
495 nterface_log(nrl
, NL_INFO
, "Bad CR drop: %s", socket
->permit
->hostname
->content
);
500 case SS_AUTHENTICATED
:
501 nterface_log(nrl
, NL_INFO
|NL_LOG_ONLY
, "L(%s): %s", socket
->permit
->hostname
->content
, newline
);
502 reason
= nterfacer_new_rline(newline
, sock
, &number
);
504 if(reason
== RE_SOCKET_ERROR
)
506 if(reason
!= RE_BAD_LINE
) {
507 if(esocket_write_line(sock
, "%d,E%d,%s", number
, reason
, request_error(reason
)))
520 int nterfacer_new_rline(char *line
, struct esocket
*socket
, int *number
) {
521 char *sp
, *p
, *parsebuf
= NULL
, *pp
, commandbuf
[MAX_BUFSIZE
], *args
[MAX_ARGS
], *newp
;
523 struct service_node
*service
;
524 struct rline
*prequest
;
528 if(!line
|| !line
[0] || (line
[0] == ','))
531 for(sp
=line
;*sp
;sp
++)
535 if(!*sp
|| !*(sp
+ 1))
540 for(service
=tree
;service
;service
=service
->next
)
541 if(!strcmp(service
->name
->content
, line
))
552 *number
= positive_atoi(sp
+ 1);
554 if((*number
< 1) || (*number
> 0xffff))
558 nterface_log(nrl
, NL_DEBUG
, "Unable to find service: %s", line
);
559 return RE_SERVICER_NOT_FOUND
;
564 for(pp
=p
+1;*pp
;pp
++) {
565 if((*pp
== '\\') && *(pp
+ 1)) {
566 if(*(pp
+ 1) == ',') {
568 } else if(*(pp
+ 1) == '\\') {
572 } else if(*pp
== ',') {
579 if(*pp
== '\0') { /* if we're at the end already, we have no arguments */
582 argcount
= 1; /* we have a comma, so we have one already */
587 for(hl
=service
->handlers
;hl
;hl
=hl
->next
)
588 if(!strncmp(hl
->command
->content
, commandbuf
, sizeof(commandbuf
)))
592 return RE_COMMAND_NOT_FOUND
;
595 parsebuf
= (char *)malloc(strlen(pp
) + 1);
596 MemCheckR(parsebuf
, RE_MEM_ERROR
);
599 for(newp
=args
[0]=parsebuf
,pp
++;*pp
;pp
++) {
600 if((*pp
== '\\') && *(pp
+ 1)) {
601 if(*(pp
+ 1) == ',') {
603 } else if(*(pp
+ 1) == '\\') {
607 } else if(*pp
== ',') {
609 args
[argcount
++] = newp
;
610 if(argcount
> MAX_ARGS
) {
612 return RE_TOO_MANY_ARGS
;
620 if(argcount
< hl
->args
) {
621 if(argcount
&& parsebuf
)
623 return RE_WRONG_ARG_COUNT
;
626 prequest
= (struct rline
*)malloc(sizeof(struct rline
));
629 if(argcount
&& parsebuf
)
634 prequest
->service
= service
;
635 prequest
->handler
= hl
;
636 prequest
->buf
[0] = '\0';
637 prequest
->curpos
= prequest
->buf
;
638 prequest
->tag
= NULL
;
639 prequest
->id
= *number
;
640 prequest
->next
= rlines
;
641 prequest
->socket
= socket
;
644 re
= (hl
->function
)(prequest
, argcount
, args
);
646 if(argcount
&& parsebuf
)
652 void nterfacer_disconnect_event(struct esocket
*sock
) {
653 struct sconnect
*socket
= sock
->tag
;
657 nterface_log(nrl
, NL_INFO
, "Disconnected from %s.", socket
->permit
->hostname
->content
);
660 for(li
=rlines
;li
;li
=li
->next
)
661 if(li
->socket
->tag
== socket
)
667 int ri_append(struct rline
*li
, char *format
, ...) {
668 char buf
[MAX_BUFSIZE
], escapedbuf
[MAX_BUFSIZE
* 2 + 1], *p
, *tp
;
669 int sizeleft
= sizeof(li
->buf
) - (li
->curpos
- li
->buf
);
672 va_start(ap
, format
);
674 if(vsnprintf(buf
, sizeof(buf
), format
, ap
) >= sizeof(buf
)) {
681 for(tp
=escapedbuf
,p
=buf
;*p
||(*tp
='\0');*tp
++=*p
++)
682 if((*p
== ',') || (*p
== '\\'))
686 if(li
->curpos
== li
->buf
) {
687 li
->curpos
+=snprintf(li
->curpos
, sizeleft
, "%s", escapedbuf
);
689 li
->curpos
+=snprintf(li
->curpos
, sizeleft
, ",%s", escapedbuf
);
693 if(sizeof(li
->buf
) - (li
->curpos
- li
->buf
) > 0) {
700 int ri_error(struct rline
*li
, int error_code
, char *format
, ...) {
701 char buf
[MAX_BUFSIZE
], escapedbuf
[MAX_BUFSIZE
* 2 + 1], *p
, *tp
;
702 struct rline
*pp
, *lp
= NULL
;
707 va_start(ap
, format
);
708 vsnprintf(buf
, sizeof(buf
), format
, ap
);
711 for(tp
=escapedbuf
,p
=buf
;*p
||(*tp
='\0');*tp
++=*p
++)
712 if((*p
== ',') || (*p
== '\\'))
715 if(esocket_write_line(li
->socket
, "%d,OE%d,%s", li
->id
, error_code
, escapedbuf
))
716 retval
= RE_SOCKET_ERROR
;
719 for(pp
=rlines
;pp
;lp
=pp
,pp
=pp
->next
) {
734 int ri_final(struct rline
*li
) {
735 struct rline
*pp
, *lp
= NULL
;
739 if(esocket_write_line(li
->socket
, "%d,OO%s", li
->id
, li
->buf
))
740 retval
= RE_SOCKET_ERROR
;
742 for(pp
=rlines
;pp
;lp
=pp
,pp
=pp
->next
) {
757 int ping_handler(struct rline
*ri
, int argc
, char **argv
) {