3 Copyright (C) 2004-2007 Chris Porter.
10 #include <sys/types.h>
11 #include <sys/socket.h>
14 #include <sys/ioctl.h>
19 #include "../lib/sstring.h"
20 #include "../lib/irc_string.h"
21 #include "../core/config.h"
22 #include "../core/events.h"
23 #include "../lib/version.h"
25 #include "nterfacer.h"
28 MODULE_VERSION("1.1p" PROTOCOL_VERSION
);
30 struct service_node
*tree
= NULL
;
31 struct esocket_events nterfacer_events
;
32 struct esocket
*nterfacer_sock
;
33 struct rline
*rlines
= NULL
;
34 unsigned short nterfacer_token
= BLANK_TOKEN
;
35 struct nterface_auto_log
*nrl
;
37 struct service_node
*ping
= NULL
;
39 struct permitted
*permits
;
42 int ping_handler(struct rline
*ri
, int argc
, char **argv
);
46 int debug_mode
= getcopyconfigitemintpositive("nterfacer", "debug", 0);
48 nrl
= nterface_open_log("nterfacer", "logs/nterfacer.log", debug_mode
);
50 loaded
= load_permits();
52 nterface_log(nrl
, NL_ERROR
, "No permits loaded successfully.");
55 nterface_log(nrl
, NL_INFO
, "Loaded %d permit%s successfully.", loaded
, loaded
==1?"":"s");
58 nterfacer_events
.on_accept
= nterfacer_accept_event
;
59 nterfacer_events
.on_line
= nterfacer_line_event
;
60 nterfacer_events
.on_disconnect
= NULL
;
62 nterfacer_token
= esocket_token();
64 ping
= register_service("nterfacer");
68 register_handler(ping
, "ping", 0, ping_handler
);
71 accept_fd
= setup_listening_socket();
73 nterface_log(nrl
, NL_ERROR
, "Unable to setup listening socket!");
75 nterfacer_sock
= esocket_add(accept_fd
, ESOCKET_UNIX_DOMAIN
, &nterfacer_events
, nterfacer_token
);
78 /* the main unix domain socket must NOT have a disconnect event. */
79 nterfacer_events
.on_disconnect
= nterfacer_disconnect_event
;
82 void free_handler(struct handler
*hp
) {
83 freesstring(hp
->command
);
87 void free_handlers(struct service_node
*tp
) {
88 struct handler
*hp
, *lp
;
90 for(hp
=tp
->handlers
;hp
;) {
100 struct service_node
*tp
, *lp
;
104 deregister_service(ping
);
114 if((accept_fd
!= -1) && nterfacer_sock
) {
115 esocket_clean_by_token(nterfacer_token
);
116 nterfacer_sock
= NULL
;
120 if(permits
&& permit_count
) {
121 for(i
=0;i
<permit_count
;i
++) {
122 freesstring(permits
[i
].hostname
);
123 freesstring(permits
[i
].password
);
130 nrl
= nterface_close_log(nrl
);
133 int load_permits(void) {
134 int loaded_lines
= 0, i
, j
;
135 struct permitted
*new_permits
, *resized
, *item
;
136 struct hostent
*host
;
137 array
*hostnamesa
, *passwordsa
;
138 sstring
**hostnames
, **passwords
;
140 hostnamesa
= getconfigitems("nterfacer", "hostname");
141 passwordsa
= getconfigitems("nterfacer", "password");
142 if(!hostnamesa
|| !passwordsa
) {
143 nterface_log(nrl
, NL_ERROR
, "Unable to load hostnames/passwords.");
146 if(hostnamesa
->cursi
!= passwordsa
->cursi
) {
147 nterface_log(nrl
, NL_ERROR
, "Different number of hostnames/passwords in config file.");
151 hostnames
= (sstring
**)hostnamesa
->content
;
152 passwords
= (sstring
**)passwordsa
->content
;
154 new_permits
= ntmalloc(hostnamesa
->cursi
* sizeof(struct permitted
));
155 memset(new_permits
, 0, hostnamesa
->cursi
* sizeof(struct permitted
));
158 for(i
=0;i
<hostnamesa
->cursi
;i
++) {
159 item
->hostname
= getsstring(hostnames
[i
]->content
, hostnames
[i
]->length
);
161 host
= gethostbyname(item
->hostname
->content
);
163 nterface_log(nrl
, NL_WARNING
, "Couldn't resolve hostname: %s (item %d).", item
->hostname
->content
, i
+ 1);
164 freesstring(item
->hostname
);
168 item
->ihost
= (*(struct in_addr
*)host
->h_addr
).s_addr
;
169 for(j
=0;j
<loaded_lines
;j
++) {
170 if(new_permits
[j
].ihost
== item
->ihost
) {
171 nterface_log(nrl
, NL_WARNING
, "Host with items %d and %d is identical, dropping item %d.", j
+ 1, i
+ 1, i
+ 1);
177 freesstring(item
->hostname
);
181 item
->password
= getsstring(passwords
[i
]->content
, passwords
[i
]->length
);
182 nterface_log(nrl
, NL_DEBUG
, "Loaded permit, hostname: %s.", item
->hostname
->content
);
193 resized
= ntrealloc(new_permits
, sizeof(struct permitted
) * loaded_lines
);
200 permit_count
= loaded_lines
;
205 int setup_listening_socket(void) {
206 struct sockaddr_in sin
;
208 unsigned int opt
= 1;
210 fd
= socket(AF_INET
, SOCK_STREAM
, 0);
212 /* also shamelessly ripped from proxyscan */
214 nterface_log(nrl
, NL_ERROR
, "Unable to open listening socket (%d).", errno
);
218 if(setsockopt(fd
, SOL_SOCKET
, SO_REUSEADDR
, (const char *) &opt
, sizeof(opt
)) != 0) {
219 nterface_log(nrl
, NL_ERROR
, "Unable to set SO_REUSEADDR on listen socket.");
223 /* Initialiase the addresses */
224 memset(&sin
, 0, sizeof(sin
));
225 sin
.sin_family
= AF_INET
;
226 sin
.sin_port
= htons(getcopyconfigitemintpositive("nterfacer", "port", NTERFACER_PORT
));
228 if(bind(fd
, (struct sockaddr
*) &sin
, sizeof(sin
))) {
229 nterface_log(nrl
, NL_ERROR
, "Unable to bind listen socket (%d).", errno
);
235 if(ioctl(fd
, FIONBIO
, &opt
)) {
236 nterface_log(nrl
, NL_ERROR
, "Unable to set listen socket non-blocking.");
243 struct service_node
*register_service(char *name
) {
244 struct service_node
*np
= ntmalloc(sizeof(service_node
));
247 np
->name
= getsstring(name
, strlen(name
));
261 struct handler
*register_handler(struct service_node
*service
, char *command
, int args
, handler_function fp
) {
262 struct handler
*hp
= ntmalloc(sizeof(handler
));
265 hp
->command
= getsstring(command
, strlen(command
));
275 hp
->next
= service
->handlers
;
276 hp
->service
= service
;
277 service
->handlers
= hp
;
282 void deregister_handler(struct handler
*hl
) {
283 struct service_node
*service
= (struct service_node
*)hl
->service
;
284 struct handler
*np
, *lp
= NULL
;
285 for(np
=service
->handlers
;np
;lp
=np
,np
=np
->next
) {
290 service
->handlers
= np
->next
;
298 void deregister_service(struct service_node
*service
) {
299 struct service_node
*sp
, *lp
= NULL
;
300 struct rline
*li
, *pi
= NULL
;
302 for(sp
=tree
;sp
;lp
=sp
,sp
=sp
->next
) {
313 if(!sp
) /* already freed */
316 free_handlers(service
);
319 if(li
->service
== service
) {
333 freesstring(service
->name
);
338 void nterfacer_accept_event(struct esocket
*socket
) {
339 struct sockaddr_in sin
;
340 unsigned int addrsize
= sizeof(sin
);
341 int newfd
= accept(socket
->fd
, (struct sockaddr
*)&sin
, &addrsize
), i
;
342 struct sconnect
*temp
;
343 struct permitted
*item
= NULL
;
344 struct esocket
*newsocket
;
345 unsigned int opt
= 1;
348 nterface_log(nrl
, NL_WARNING
, "Unable to accept nterfacer fd!");
352 if(ioctl(newfd
, FIONBIO
, &opt
)) {
353 nterface_log(nrl
, NL_ERROR
, "Unable to set accepted socket non-blocking.");
357 for(i
=0;i
<permit_count
;i
++) {
358 if(permits
[i
].ihost
== sin
.sin_addr
.s_addr
) {
365 /* Someone needs to figure out how to print the IP :) */
366 nterface_log(nrl
, NL_INFO
, "Unauthorised connection closed");
371 temp
= (struct sconnect
*)ntmalloc(sizeof(struct sconnect
));
378 /* do checks on hostname first */
380 newsocket
= esocket_add(newfd
, ESOCKET_UNIX_DOMAIN_CONNECTED
, &nterfacer_events
, nterfacer_token
);
386 newsocket
->tag
= temp
;
388 nterface_log(nrl
, NL_INFO
, "New connection from %s.", item
->hostname
->content
);
390 temp
->status
= SS_IDLE
;
393 esocket_write_line(newsocket
, "nterfacer " PROTOCOL_VERSION
);
396 void derive_key(unsigned char *out
, char *password
, char *segment
, unsigned char *noncea
, unsigned char *nonceb
, unsigned char *extra
, int extralen
) {
399 SHA256_Update(&c
, (unsigned char *)password
, strlen(password
));
400 SHA256_Update(&c
, (unsigned char *)":", 1);
401 SHA256_Update(&c
, (unsigned char *)segment
, strlen(segment
));
402 SHA256_Update(&c
, (unsigned char *)":", 1);
403 SHA256_Update(&c
, noncea
, 16);
404 SHA256_Update(&c
, (unsigned char *)":", 1);
405 SHA256_Update(&c
, nonceb
, 16);
406 SHA256_Update(&c
, (unsigned char *)":", 1);
407 SHA256_Update(&c
, extra
, extralen
);
408 SHA256_Final(out
, &c
);
411 SHA256_Update(&c
, out
, 32);
412 SHA256_Final(out
, &c
);
415 int nterfacer_line_event(struct esocket
*sock
, char *newline
) {
416 struct sconnect
*socket
= sock
->tag
;
417 char *response
, *theirnonceh
= NULL
, *theirivh
= NULL
;
418 unsigned char theirnonce
[16], theiriv
[16];
421 switch(socket
->status
) {
423 if(strcasecmp(newline
, ANTI_FULL_VERSION
)) {
424 nterface_log(nrl
, NL_INFO
, "Protocol mismatch from %s: %s", socket
->permit
->hostname
->content
, newline
);
427 unsigned char challenge
[32];
428 char ivhex
[16 * 2 + 1], noncehex
[16 * 2 + 1];
430 if(!get_entropy(challenge
, 32) || !get_entropy(socket
->iv
, 16)) {
431 nterface_log(nrl
, NL_ERROR
, "Unable to open challenge/IV entropy bin!");
435 int_to_hex(challenge
, socket
->challenge
, 32);
436 int_to_hex(socket
->iv
, ivhex
, 16);
438 memcpy(socket
->response
, challenge_response(socket
->challenge
, socket
->permit
->password
->content
), sizeof(socket
->response
));
439 socket
->response
[sizeof(socket
->response
) - 1] = '\0'; /* just in case */
441 socket
->status
= SS_VERSIONED
;
442 if(!generate_nonce(socket
->ournonce
, 1)) {
443 nterface_log(nrl
, NL_ERROR
, "Unable to generate nonce!");
446 int_to_hex(socket
->ournonce
, noncehex
, 16);
448 if(esocket_write_line(sock
, "%s %s %s", socket
->challenge
, ivhex
, noncehex
))
454 for(response
=newline
;*response
;response
++) {
455 if((*response
== ' ') && (*(response
+ 1))) {
457 theirivh
= response
+ 1;
463 for(response
=theirivh
;*response
;response
++) {
464 if((*response
== ' ') && (*(response
+ 1))) {
466 theirnonceh
= response
+ 1;
472 if(!theirivh
|| (strlen(theirivh
) != 32) || !hex_to_int(theirivh
, theiriv
, sizeof(theiriv
)) ||
473 !theirnonceh
|| (strlen(theirnonceh
) != 32) || !hex_to_int(theirnonceh
, theirnonce
, sizeof(theirnonce
))) {
474 nterface_log(nrl
, NL_INFO
, "Protocol error drop: %s", socket
->permit
->hostname
->content
);
478 if(!memcmp(socket
->ournonce
, theirnonce
, sizeof(theirnonce
))) {
479 nterface_log(nrl
, NL_INFO
, "Bad nonce drop: %s", socket
->permit
->hostname
->content
);
483 if(!strncasecmp(newline
, socket
->response
, sizeof(socket
->response
))) {
484 unsigned char theirkey
[32], ourkey
[32];
486 derive_key(ourkey
, socket
->permit
->password
->content
, socket
->challenge
, socket
->ournonce
, theirnonce
, (unsigned char *)"SERVER", 6);
488 derive_key(theirkey
, socket
->permit
->password
->content
, socket
->response
, theirnonce
, socket
->ournonce
, (unsigned char *)"CLIENT", 6);
489 nterface_log(nrl
, NL_INFO
, "Authed: %s", socket
->permit
->hostname
->content
);
490 socket
->status
= SS_AUTHENTICATED
;
491 switch_buffer_mode(sock
, ourkey
, socket
->iv
, theirkey
, theiriv
);
493 if(esocket_write_line(sock
, "Oauth"))
496 nterface_log(nrl
, NL_INFO
, "Bad CR drop: %s", socket
->permit
->hostname
->content
);
501 case SS_AUTHENTICATED
:
502 nterface_log(nrl
, NL_INFO
|NL_LOG_ONLY
, "L(%s): %s", socket
->permit
->hostname
->content
, newline
);
503 reason
= nterfacer_new_rline(newline
, sock
, &number
);
505 if(reason
== RE_SOCKET_ERROR
)
507 if(reason
!= RE_BAD_LINE
) {
508 if(esocket_write_line(sock
, "%d,E%d,%s", number
, reason
, request_error(reason
)))
521 int nterfacer_new_rline(char *line
, struct esocket
*socket
, int *number
) {
522 char *sp
, *p
, *parsebuf
= NULL
, *pp
, commandbuf
[MAX_BUFSIZE
], *args
[MAX_ARGS
], *newp
;
524 struct service_node
*service
;
525 struct rline
*prequest
;
529 if(!line
|| !line
[0] || (line
[0] == ','))
532 for(sp
=line
;*sp
;sp
++)
536 if(!*sp
|| !*(sp
+ 1))
541 for(service
=tree
;service
;service
=service
->next
)
542 if(!strcmp(service
->name
->content
, line
))
553 *number
= positive_atoi(sp
+ 1);
555 if((*number
< 1) || (*number
> 0xffff))
559 nterface_log(nrl
, NL_DEBUG
, "Unable to find service: %s", line
);
560 return RE_SERVICER_NOT_FOUND
;
565 for(pp
=p
+1;*pp
;pp
++) {
566 if((*pp
== '\\') && *(pp
+ 1)) {
567 if(*(pp
+ 1) == ',') {
569 } else if(*(pp
+ 1) == '\\') {
573 } else if(*pp
== ',') {
580 if(*pp
== '\0') { /* if we're at the end already, we have no arguments */
583 argcount
= 1; /* we have a comma, so we have one already */
588 for(hl
=service
->handlers
;hl
;hl
=hl
->next
)
589 if(!strncmp(hl
->command
->content
, commandbuf
, sizeof(commandbuf
)))
593 return RE_COMMAND_NOT_FOUND
;
596 parsebuf
= (char *)ntmalloc(strlen(pp
) + 1);
597 MemCheckR(parsebuf
, RE_MEM_ERROR
);
600 for(newp
=args
[0]=parsebuf
,pp
++;*pp
;pp
++) {
601 if((*pp
== '\\') && *(pp
+ 1)) {
602 if(*(pp
+ 1) == ',') {
604 } else if(*(pp
+ 1) == '\\') {
608 } else if(*pp
== ',') {
610 args
[argcount
++] = newp
;
611 if(argcount
> MAX_ARGS
) {
613 return RE_TOO_MANY_ARGS
;
621 if(argcount
< hl
->args
) {
622 if(argcount
&& parsebuf
)
624 return RE_WRONG_ARG_COUNT
;
627 prequest
= (struct rline
*)ntmalloc(sizeof(struct rline
));
630 if(argcount
&& parsebuf
)
635 prequest
->service
= service
;
636 prequest
->handler
= hl
;
637 prequest
->buf
[0] = '\0';
638 prequest
->curpos
= prequest
->buf
;
639 prequest
->tag
= NULL
;
640 prequest
->id
= *number
;
641 prequest
->next
= rlines
;
642 prequest
->socket
= socket
;
645 re
= (hl
->function
)(prequest
, argcount
, args
);
647 if(argcount
&& parsebuf
)
653 void nterfacer_disconnect_event(struct esocket
*sock
) {
654 struct sconnect
*socket
= sock
->tag
;
658 nterface_log(nrl
, NL_INFO
, "Disconnected from %s.", socket
->permit
->hostname
->content
);
661 for(li
=rlines
;li
;li
=li
->next
)
662 if(li
->socket
->tag
== socket
)
668 int ri_append(struct rline
*li
, char *format
, ...) {
669 char buf
[MAX_BUFSIZE
], escapedbuf
[MAX_BUFSIZE
* 2 + 1], *p
, *tp
;
670 int sizeleft
= sizeof(li
->buf
) - (li
->curpos
- li
->buf
);
673 va_start(ap
, format
);
675 if(vsnprintf(buf
, sizeof(buf
), format
, ap
) >= sizeof(buf
)) {
682 for(tp
=escapedbuf
,p
=buf
;*p
||(*tp
='\0');*tp
++=*p
++)
683 if((*p
== ',') || (*p
== '\\'))
687 if(li
->curpos
== li
->buf
) {
688 li
->curpos
+=snprintf(li
->curpos
, sizeleft
, "%s", escapedbuf
);
690 li
->curpos
+=snprintf(li
->curpos
, sizeleft
, ",%s", escapedbuf
);
694 if(sizeof(li
->buf
) - (li
->curpos
- li
->buf
) > 0) {
701 int ri_error(struct rline
*li
, int error_code
, char *format
, ...) {
702 char buf
[MAX_BUFSIZE
], escapedbuf
[MAX_BUFSIZE
* 2 + 1], *p
, *tp
;
703 struct rline
*pp
, *lp
= NULL
;
708 va_start(ap
, format
);
709 vsnprintf(buf
, sizeof(buf
), format
, ap
);
712 for(tp
=escapedbuf
,p
=buf
;*p
||(*tp
='\0');*tp
++=*p
++)
713 if((*p
== ',') || (*p
== '\\'))
716 if(esocket_write_line(li
->socket
, "%d,OE%d,%s", li
->id
, error_code
, escapedbuf
))
717 retval
= RE_SOCKET_ERROR
;
720 for(pp
=rlines
;pp
;lp
=pp
,pp
=pp
->next
) {
735 int ri_final(struct rline
*li
) {
736 struct rline
*pp
, *lp
= NULL
;
740 if(esocket_write_line(li
->socket
, "%d,OO%s", li
->id
, li
->buf
))
741 retval
= RE_SOCKET_ERROR
;
743 for(pp
=rlines
;pp
;lp
=pp
,pp
=pp
->next
) {
758 int ping_handler(struct rline
*ri
, int argc
, char **argv
) {