3 Copyright (C) 2004-2007 Chris Porter.
10 #include <sys/types.h>
11 #include <sys/socket.h>
14 #include <sys/ioctl.h>
18 #include <netinet/in.h>
19 #include <arpa/inet.h>
21 #include "../lib/sstring.h"
22 #include "../lib/irc_string.h"
23 #include "../core/config.h"
24 #include "../core/events.h"
25 #include "../lib/version.h"
27 #include "nterfacer.h"
30 MODULE_VERSION("1.1p" PROTOCOL_VERSION
);
32 struct service_node
*tree
= NULL
;
33 struct esocket_events nterfacer_events
;
34 struct esocket
*nterfacer_sock
;
35 struct rline
*rlines
= NULL
;
36 unsigned short nterfacer_token
= BLANK_TOKEN
;
37 struct nterface_auto_log
*nrl
;
39 struct service_node
*ping
= NULL
;
41 struct permitted
*permits
;
44 int ping_handler(struct rline
*ri
, int argc
, char **argv
);
48 int debug_mode
= getcopyconfigitemintpositive("nterfacer", "debug", 0);
50 nrl
= nterface_open_log("nterfacer", "logs/nterfacer.log", debug_mode
);
52 loaded
= load_permits();
54 nterface_log(nrl
, NL_ERROR
, "No permits loaded successfully.");
57 nterface_log(nrl
, NL_INFO
, "Loaded %d permit%s successfully.", loaded
, loaded
==1?"":"s");
60 nterfacer_events
.on_accept
= nterfacer_accept_event
;
61 nterfacer_events
.on_line
= nterfacer_line_event
;
62 nterfacer_events
.on_disconnect
= NULL
;
64 nterfacer_token
= esocket_token();
66 ping
= register_service("nterfacer");
70 register_handler(ping
, "ping", 0, ping_handler
);
73 accept_fd
= setup_listening_socket();
75 nterface_log(nrl
, NL_ERROR
, "Unable to setup listening socket!");
77 nterfacer_sock
= esocket_add(accept_fd
, ESOCKET_UNIX_DOMAIN
, &nterfacer_events
, nterfacer_token
);
80 /* the main unix domain socket must NOT have a disconnect event. */
81 nterfacer_events
.on_disconnect
= nterfacer_disconnect_event
;
84 void free_handler(struct handler
*hp
) {
85 freesstring(hp
->command
);
89 void free_handlers(struct service_node
*tp
) {
90 struct handler
*hp
, *lp
;
92 for(hp
=tp
->handlers
;hp
;) {
102 struct service_node
*tp
, *lp
;
106 deregister_service(ping
);
116 if((accept_fd
!= -1) && nterfacer_sock
) {
117 esocket_clean_by_token(nterfacer_token
);
118 nterfacer_sock
= NULL
;
122 if(permits
&& permit_count
) {
123 for(i
=0;i
<permit_count
;i
++) {
124 freesstring(permits
[i
].hostname
);
125 freesstring(permits
[i
].password
);
132 nrl
= nterface_close_log(nrl
);
133 nscheckfreeall(POOL_NTERFACER
);
136 int load_permits(void) {
137 int loaded_lines
= 0, i
, j
;
138 struct permitted
*new_permits
, *resized
, *item
;
139 struct hostent
*host
;
140 array
*hostnamesa
, *passwordsa
;
141 sstring
**hostnames
, **passwords
;
143 hostnamesa
= getconfigitems("nterfacer", "hostname");
144 passwordsa
= getconfigitems("nterfacer", "password");
145 if(!hostnamesa
|| !passwordsa
) {
146 nterface_log(nrl
, NL_ERROR
, "Unable to load hostnames/passwords.");
149 if(hostnamesa
->cursi
!= passwordsa
->cursi
) {
150 nterface_log(nrl
, NL_ERROR
, "Different number of hostnames/passwords in config file.");
154 hostnames
= (sstring
**)hostnamesa
->content
;
155 passwords
= (sstring
**)passwordsa
->content
;
157 new_permits
= ntmalloc(hostnamesa
->cursi
* sizeof(struct permitted
));
158 memset(new_permits
, 0, hostnamesa
->cursi
* sizeof(struct permitted
));
161 for(i
=0;i
<hostnamesa
->cursi
;i
++) {
162 item
->hostname
= getsstring(hostnames
[i
]->content
, hostnames
[i
]->length
);
164 host
= gethostbyname(item
->hostname
->content
);
166 nterface_log(nrl
, NL_WARNING
, "Couldn't resolve hostname: %s (item %d).", item
->hostname
->content
, i
+ 1);
167 freesstring(item
->hostname
);
171 item
->ihost
= (*(struct in_addr
*)host
->h_addr
).s_addr
;
172 for(j
=0;j
<loaded_lines
;j
++) {
173 if(new_permits
[j
].ihost
== item
->ihost
) {
174 nterface_log(nrl
, NL_WARNING
, "Host with items %d and %d is identical, dropping item %d.", j
+ 1, i
+ 1, i
+ 1);
180 freesstring(item
->hostname
);
184 item
->password
= getsstring(passwords
[i
]->content
, passwords
[i
]->length
);
185 nterface_log(nrl
, NL_DEBUG
, "Loaded permit, hostname: %s.", item
->hostname
->content
);
196 resized
= ntrealloc(new_permits
, sizeof(struct permitted
) * loaded_lines
);
203 permit_count
= loaded_lines
;
208 int setup_listening_socket(void) {
209 struct sockaddr_in sin
;
211 unsigned int opt
= 1;
213 fd
= socket(AF_INET
, SOCK_STREAM
, 0);
215 /* also shamelessly ripped from proxyscan */
217 nterface_log(nrl
, NL_ERROR
, "Unable to open listening socket (%d).", errno
);
221 if(setsockopt(fd
, SOL_SOCKET
, SO_REUSEADDR
, (const char *) &opt
, sizeof(opt
)) != 0) {
222 nterface_log(nrl
, NL_ERROR
, "Unable to set SO_REUSEADDR on listen socket.");
226 /* Initialiase the addresses */
227 memset(&sin
, 0, sizeof(sin
));
228 sin
.sin_family
= AF_INET
;
229 sin
.sin_port
= htons(getcopyconfigitemintpositive("nterfacer", "port", NTERFACER_PORT
));
231 if(bind(fd
, (struct sockaddr
*) &sin
, sizeof(sin
))) {
232 nterface_log(nrl
, NL_ERROR
, "Unable to bind listen socket (%d).", errno
);
238 if(ioctl(fd
, FIONBIO
, &opt
)) {
239 nterface_log(nrl
, NL_ERROR
, "Unable to set listen socket non-blocking.");
246 struct service_node
*register_service(char *name
) {
247 struct service_node
*np
= ntmalloc(sizeof(service_node
));
250 np
->name
= getsstring(name
, strlen(name
));
264 struct handler
*register_handler(struct service_node
*service
, char *command
, int args
, handler_function fp
) {
265 struct handler
*hp
= ntmalloc(sizeof(handler
));
268 hp
->command
= getsstring(command
, strlen(command
));
278 hp
->next
= service
->handlers
;
279 hp
->service
= service
;
280 service
->handlers
= hp
;
285 void deregister_handler(struct handler
*hl
) {
286 struct service_node
*service
= (struct service_node
*)hl
->service
;
287 struct handler
*np
, *lp
= NULL
;
288 for(np
=service
->handlers
;np
;lp
=np
,np
=np
->next
) {
293 service
->handlers
= np
->next
;
301 void deregister_service(struct service_node
*service
) {
302 struct service_node
*sp
, *lp
= NULL
;
303 struct rline
*li
, *pi
= NULL
;
305 for(sp
=tree
;sp
;lp
=sp
,sp
=sp
->next
) {
316 if(!sp
) /* already freed */
319 free_handlers(service
);
322 if(li
->service
== service
) {
336 freesstring(service
->name
);
341 void nterfacer_accept_event(struct esocket
*socket
) {
342 struct sockaddr_in sin
;
343 unsigned int addrsize
= sizeof(sin
);
344 int newfd
= accept(socket
->fd
, (struct sockaddr
*)&sin
, &addrsize
), i
;
345 struct sconnect
*temp
;
346 struct permitted
*item
= NULL
;
347 struct esocket
*newsocket
;
348 unsigned int opt
= 1;
351 nterface_log(nrl
, NL_WARNING
, "Unable to accept nterfacer fd!");
355 if(ioctl(newfd
, FIONBIO
, &opt
)) {
356 nterface_log(nrl
, NL_ERROR
, "Unable to set accepted socket non-blocking.");
360 for(i
=0;i
<permit_count
;i
++) {
361 if(permits
[i
].ihost
== sin
.sin_addr
.s_addr
) {
368 nterface_log(nrl
, NL_INFO
, "Unauthorised connection from %s closed", inet_ntoa(sin
.sin_addr
));
373 temp
= (struct sconnect
*)ntmalloc(sizeof(struct sconnect
));
380 /* do checks on hostname first */
382 newsocket
= esocket_add(newfd
, ESOCKET_UNIX_DOMAIN_CONNECTED
, &nterfacer_events
, nterfacer_token
);
388 newsocket
->tag
= temp
;
390 nterface_log(nrl
, NL_INFO
, "New connection from %s.", item
->hostname
->content
);
392 temp
->status
= SS_IDLE
;
395 esocket_write_line(newsocket
, "nterfacer " PROTOCOL_VERSION
);
398 void derive_key(unsigned char *out
, char *password
, char *segment
, unsigned char *noncea
, unsigned char *nonceb
, unsigned char *extra
, int extralen
) {
401 SHA256_Update(&c
, (unsigned char *)password
, strlen(password
));
402 SHA256_Update(&c
, (unsigned char *)":", 1);
403 SHA256_Update(&c
, (unsigned char *)segment
, strlen(segment
));
404 SHA256_Update(&c
, (unsigned char *)":", 1);
405 SHA256_Update(&c
, noncea
, 16);
406 SHA256_Update(&c
, (unsigned char *)":", 1);
407 SHA256_Update(&c
, nonceb
, 16);
408 SHA256_Update(&c
, (unsigned char *)":", 1);
409 SHA256_Update(&c
, extra
, extralen
);
410 SHA256_Final(out
, &c
);
413 SHA256_Update(&c
, out
, 32);
414 SHA256_Final(out
, &c
);
417 int nterfacer_line_event(struct esocket
*sock
, char *newline
) {
418 struct sconnect
*socket
= sock
->tag
;
419 char *response
, *theirnonceh
= NULL
, *theirivh
= NULL
;
420 unsigned char theirnonce
[16], theiriv
[16];
423 switch(socket
->status
) {
425 if(strcasecmp(newline
, ANTI_FULL_VERSION
)) {
426 nterface_log(nrl
, NL_INFO
, "Protocol mismatch from %s: %s", socket
->permit
->hostname
->content
, newline
);
429 unsigned char challenge
[32];
430 char ivhex
[16 * 2 + 1], noncehex
[16 * 2 + 1];
432 if(!get_entropy(challenge
, 32) || !get_entropy(socket
->iv
, 16)) {
433 nterface_log(nrl
, NL_ERROR
, "Unable to open challenge/IV entropy bin!");
437 int_to_hex(challenge
, socket
->challenge
, 32);
438 int_to_hex(socket
->iv
, ivhex
, 16);
440 memcpy(socket
->response
, challenge_response(socket
->challenge
, socket
->permit
->password
->content
), sizeof(socket
->response
));
441 socket
->response
[sizeof(socket
->response
) - 1] = '\0'; /* just in case */
443 socket
->status
= SS_VERSIONED
;
444 if(!generate_nonce(socket
->ournonce
, 1)) {
445 nterface_log(nrl
, NL_ERROR
, "Unable to generate nonce!");
448 int_to_hex(socket
->ournonce
, noncehex
, 16);
450 if(esocket_write_line(sock
, "%s %s %s", socket
->challenge
, ivhex
, noncehex
))
456 for(response
=newline
;*response
;response
++) {
457 if((*response
== ' ') && (*(response
+ 1))) {
459 theirivh
= response
+ 1;
465 for(response
=theirivh
;*response
;response
++) {
466 if((*response
== ' ') && (*(response
+ 1))) {
468 theirnonceh
= response
+ 1;
474 if(!theirivh
|| (strlen(theirivh
) != 32) || !hex_to_int(theirivh
, theiriv
, sizeof(theiriv
)) ||
475 !theirnonceh
|| (strlen(theirnonceh
) != 32) || !hex_to_int(theirnonceh
, theirnonce
, sizeof(theirnonce
))) {
476 nterface_log(nrl
, NL_INFO
, "Protocol error drop: %s", socket
->permit
->hostname
->content
);
480 if(!memcmp(socket
->ournonce
, theirnonce
, sizeof(theirnonce
))) {
481 nterface_log(nrl
, NL_INFO
, "Bad nonce drop: %s", socket
->permit
->hostname
->content
);
485 if(!strncasecmp(newline
, socket
->response
, sizeof(socket
->response
))) {
486 unsigned char theirkey
[32], ourkey
[32];
488 derive_key(ourkey
, socket
->permit
->password
->content
, socket
->challenge
, socket
->ournonce
, theirnonce
, (unsigned char *)"SERVER", 6);
490 derive_key(theirkey
, socket
->permit
->password
->content
, socket
->response
, theirnonce
, socket
->ournonce
, (unsigned char *)"CLIENT", 6);
491 nterface_log(nrl
, NL_INFO
, "Authed: %s", socket
->permit
->hostname
->content
);
492 socket
->status
= SS_AUTHENTICATED
;
493 switch_buffer_mode(sock
, ourkey
, socket
->iv
, theirkey
, theiriv
);
495 if(esocket_write_line(sock
, "Oauth"))
498 nterface_log(nrl
, NL_INFO
, "Bad CR drop: %s", socket
->permit
->hostname
->content
);
503 case SS_AUTHENTICATED
:
504 nterface_log(nrl
, NL_INFO
|NL_LOG_ONLY
, "L(%s): %s", socket
->permit
->hostname
->content
, newline
);
505 reason
= nterfacer_new_rline(newline
, sock
, &number
);
507 if(reason
== RE_SOCKET_ERROR
)
509 if(reason
!= RE_BAD_LINE
) {
510 if(esocket_write_line(sock
, "%d,E%d,%s", number
, reason
, request_error(reason
)))
523 int nterfacer_new_rline(char *line
, struct esocket
*socket
, int *number
) {
524 char *sp
, *p
, *parsebuf
= NULL
, *pp
, commandbuf
[MAX_BUFSIZE
], *args
[MAX_ARGS
], *newp
;
526 struct service_node
*service
;
527 struct rline
*prequest
;
531 if(!line
|| !line
[0] || (line
[0] == ','))
534 for(sp
=line
;*sp
;sp
++)
538 if(!*sp
|| !*(sp
+ 1))
543 for(service
=tree
;service
;service
=service
->next
)
544 if(!strcmp(service
->name
->content
, line
))
555 *number
= positive_atoi(sp
+ 1);
557 if((*number
< 1) || (*number
> 0xffff))
561 nterface_log(nrl
, NL_DEBUG
, "Unable to find service: %s", line
);
562 return RE_SERVICER_NOT_FOUND
;
567 for(pp
=p
+1;*pp
;pp
++) {
568 if((*pp
== '\\') && *(pp
+ 1)) {
569 if(*(pp
+ 1) == ',') {
571 } else if(*(pp
+ 1) == '\\') {
575 } else if(*pp
== ',') {
582 if(*pp
== '\0') { /* if we're at the end already, we have no arguments */
585 argcount
= 1; /* we have a comma, so we have one already */
590 for(hl
=service
->handlers
;hl
;hl
=hl
->next
)
591 if(!strncmp(hl
->command
->content
, commandbuf
, sizeof(commandbuf
)))
595 return RE_COMMAND_NOT_FOUND
;
598 parsebuf
= (char *)ntmalloc(strlen(pp
) + 1);
599 MemCheckR(parsebuf
, RE_MEM_ERROR
);
602 for(newp
=args
[0]=parsebuf
,pp
++;*pp
;pp
++) {
603 if((*pp
== '\\') && *(pp
+ 1)) {
604 if(*(pp
+ 1) == ',') {
606 } else if(*(pp
+ 1) == '\\') {
610 } else if(*pp
== ',') {
612 args
[argcount
++] = newp
;
613 if(argcount
> MAX_ARGS
) {
615 return RE_TOO_MANY_ARGS
;
623 if(argcount
< hl
->args
) {
624 if(argcount
&& parsebuf
)
626 return RE_WRONG_ARG_COUNT
;
629 prequest
= (struct rline
*)ntmalloc(sizeof(struct rline
));
632 if(argcount
&& parsebuf
)
637 prequest
->service
= service
;
638 prequest
->handler
= hl
;
639 prequest
->buf
[0] = '\0';
640 prequest
->curpos
= prequest
->buf
;
641 prequest
->tag
= NULL
;
642 prequest
->id
= *number
;
643 prequest
->next
= rlines
;
644 prequest
->socket
= socket
;
647 re
= (hl
->function
)(prequest
, argcount
, args
);
649 if(argcount
&& parsebuf
)
655 void nterfacer_disconnect_event(struct esocket
*sock
) {
656 struct sconnect
*socket
= sock
->tag
;
660 nterface_log(nrl
, NL_INFO
, "Disconnected from %s.", socket
->permit
->hostname
->content
);
663 for(li
=rlines
;li
;li
=li
->next
)
664 if(li
->socket
&& (li
->socket
->tag
== socket
))
670 int ri_append(struct rline
*li
, char *format
, ...) {
671 char buf
[MAX_BUFSIZE
], escapedbuf
[MAX_BUFSIZE
* 2 + 1], *p
, *tp
;
672 int sizeleft
= sizeof(li
->buf
) - (li
->curpos
- li
->buf
);
675 va_start(ap
, format
);
677 if(vsnprintf(buf
, sizeof(buf
), format
, ap
) >= sizeof(buf
)) {
684 for(tp
=escapedbuf
,p
=buf
;*p
||(*tp
='\0');*tp
++=*p
++)
685 if((*p
== ',') || (*p
== '\\'))
689 if(li
->curpos
== li
->buf
) {
690 li
->curpos
+=snprintf(li
->curpos
, sizeleft
, "%s", escapedbuf
);
692 li
->curpos
+=snprintf(li
->curpos
, sizeleft
, ",%s", escapedbuf
);
696 if(sizeof(li
->buf
) - (li
->curpos
- li
->buf
) > 0) {
703 int ri_error(struct rline
*li
, int error_code
, char *format
, ...) {
704 char buf
[MAX_BUFSIZE
], escapedbuf
[MAX_BUFSIZE
* 2 + 1], *p
, *tp
;
705 struct rline
*pp
, *lp
= NULL
;
710 va_start(ap
, format
);
711 vsnprintf(buf
, sizeof(buf
), format
, ap
);
714 for(tp
=escapedbuf
,p
=buf
;*p
||(*tp
='\0');*tp
++=*p
++)
715 if((*p
== ',') || (*p
== '\\'))
718 if(esocket_write_line(li
->socket
, "%d,OE%d,%s", li
->id
, error_code
, escapedbuf
))
719 retval
= RE_SOCKET_ERROR
;
722 for(pp
=rlines
;pp
;lp
=pp
,pp
=pp
->next
) {
737 int ri_final(struct rline
*li
) {
738 struct rline
*pp
, *lp
= NULL
;
742 if(esocket_write_line(li
->socket
, "%d,OO%s", li
->id
, li
->buf
))
743 retval
= RE_SOCKET_ERROR
;
745 for(pp
=rlines
;pp
;lp
=pp
,pp
=pp
->next
) {
760 int ping_handler(struct rline
*ri
, int argc
, char **argv
) {