static void ss_relay_readcb(struct bufferevent *buffev, void *_arg)
{
redsocks_client *client = _arg;
struct bufferevent * from = buffev;
struct bufferevent * to = client->client;
size_t input_size = evbuffer_get_contiguous_space(bufferevent_get_input(from));
size_t output_size = evbuffer_get_length(bufferevent_get_output(to));
assert(buffev == client->relay);
redsocks_touch_client(client);
if (client->state == ss_connected)
{
/* decrypt and forward data to client side */
if (output_size < to->wm_write.high)
{
if (input_size)
decrypt_buffer(client, from, to);
if (bufferevent_enable(from, EV_READ) == -1)
redsocks_log_errno(client, LOG_ERR, "bufferevent_enable");
}
else
{
if (bufferevent_disable(from, EV_READ) == -1)
redsocks_log_errno(client, LOG_ERR, "bufferevent_disable");
}
}
else
{
redsocks_drop_client(client);
}
}
static void ss_client_writecb(struct bufferevent *buffev, void *_arg)
{
redsocks_client *client = _arg;
struct bufferevent * from = client->relay;
struct bufferevent * to = buffev;
size_t input_size = evbuffer_get_contiguous_space(bufferevent_get_input(from));
size_t output_size = evbuffer_get_length(bufferevent_get_output(to));
assert(buffev == client->client);
redsocks_touch_client(client);
if (process_shutdown_on_write_(client, from, to))
return;
if (client->state == ss_connected)
{
/* encrypt and forward data received from client side */
if (output_size < to->wm_write.high)
{
if (input_size)
decrypt_buffer(client, from, to);
if (!(client->relay_evshut & EV_READ) && bufferevent_enable(from, EV_READ) == -1)
redsocks_log_errno(client, LOG_ERR, "bufferevent_enable");
}
}
else
{
redsocks_drop_client(client);
}
}
void decrypt_file(FILE* enc_file, FILE* raw_file, unsigned char* key) {
int size = file_size(enc_file);
char* enc_buf = calloc(1, size);
fread(enc_buf, 1, size, enc_file);
if(decrypt_buffer(enc_buf, size, (char*)key, 16) != 0) {
printf("There was an error decrypting the file!\n");
return;
}
char* raw_buf = enc_buf;
file_header* header = (file_header*) raw_buf;
if(header->magic_number != MAGIC) {
printf("Invalid password!\n");
return;
}
if(!check_hostname(header)) {
printf("[#] Warning: File not encrypted by current machine.\n");
}
printf("=> Decrypted file successfully\n");
int write_size = MIN(header->file_size, size - sizeof(file_header));
fwrite(raw_buf+sizeof(file_header), 1, write_size, raw_file);
free(enc_buf);
}
void decrypt_IOS(IOS *ios)
{
u8 key[16];
get_title_key(ios->ticket, key);
aes_set_key(key);
int i;
for (i = 0; i < ios->content_count; i++)
{
decrypt_buffer(i, ios->encrypted_buffer[i], ios->decrypted_buffer[i], ios->buffer_size[i]);
}
}
size_t config_read_encrypted_buffer(const char *name, unsigned char **buffer, unsigned const char key[KDF_HASH_LEN])
{
_cleanup_free_ unsigned char *encrypted_buffer = NULL;
size_t len;
len = config_read_buffer(name, &encrypted_buffer);
if (!encrypted_buffer) {
*buffer = NULL;
return 0;
}
return decrypt_buffer(encrypted_buffer, len, key, buffer);
}
static
void
mainloop(THREAD_DATA *td)
{
THREAD_DATA::net_t *n = td->net;
ticks_ms_t acc, ticks, lticks; /* accumulator, current ticks, last iteration ticks */
int pktl; /* packet length */
uint8_t pkt[MAX_PACKET]; /* buffer space for a packet */
if (connect_to_server(td) != 0) {
free_thread_data(td);
LogFmt(OP_MOD, "Error performing initial connect");
return;
}
acc = 0;
ticks = get_ticks_ms();
lticks = ticks;
ticks_ms_t last_botman_checkin = ticks;
ticks_ms_t last_botman_stopcheck = ticks;
ticks_ms_t last_config_mtime_check = ticks;
while (td->running >= 0) {
ticks = get_ticks_ms();
acc += ticks - lticks;
lticks = ticks;
/* check in with the bot manager */
if (ticks - last_botman_checkin >= BOTMAN_CHECKIN_INTERVAL) {
botman_bot_checkin(td->botman_handle);
last_botman_checkin = ticks;
}
if (ticks - last_botman_stopcheck >= BOTMAN_STOPCHECK_INTERVAL) {
if (botman_bot_shouldstop(td->botman_handle)) {
td->running = -1;
}
last_botman_stopcheck = ticks;
}
/* flush out tick events to bots */
if (acc >= STEP_INTERVAL) {
libman_expire_timers(td);
while(acc >= STEP_INTERVAL) {
/* event_tick */
libman_export_event(td, EVENT_TICK, NULL);
acc -= STEP_INTERVAL;
}
}
/* if the bot is disconnected, see if it is time to reconnect */
if (n->state == NS_DISCONNECTED) {
if (ticks - n->ticks->disconnected > 60000) {
free_thread_data(td);
init_thread_data(td);
connect_to_server(td);
} else {
usleep(50000); /* 50ms */
continue;
}
}
/* see if the config file has been modified and if so send a reread event */
if (ticks - last_config_mtime_check >= CONFIG_MTIME_POLL_INTERVAL) {
struct stat attr;
memset(&attr, 0, sizeof(struct stat));
if (stat(td->config->filename, &attr) == 0) {
if (td->config->last_modified_time != attr.st_mtime) {
libman_export_event(td, EVENT_CONFIG_CHANGE, NULL);
td->config->last_modified_time = attr.st_mtime;
}
}
last_config_mtime_check = ticks;
}
/* use up to STEP_INTERVAL ms for the db thread */
ticks_ms_t ticks_taken = get_ticks_ms() - ticks;
ticks_ms_t db_ticks = ticks_taken > STEP_INTERVAL ? STEP_INTERVAL : STEP_INTERVAL - ticks_taken;
db_instance_export_events(db_ticks);
/* read a packet or wait for a timeout */
ticks_taken = get_ticks_ms() - ticks;
ticks_ms_t timeout = ticks_taken > STEP_INTERVAL ? 0 : STEP_INTERVAL - ticks_taken;
while (poll(n->pfd, 1, (int)timeout) > 0) {
/* process incoming packet, data is waiting */
pktl = (int)read(n->fd, pkt, MAX_PACKET);
if (pktl >= 0) {
++n->stats->packets_read;
n->ticks->last_pkt_received = get_ticks_ms();
if (n->encrypt->use_encryption) {
if (pkt[0] == 0x00) {
if (pktl >= 2) {
decrypt_buffer(td, &pkt[2], pktl-2);
}
} else {
decrypt_buffer(td, &pkt[1], pktl-1);
}
}
if (td->debug->spew_packets) {
spew_packet(pkt, pktl, DIR_INCOMING);
}
process_incoming_packet(td, pkt, pktl);
}
ticks_taken = get_ticks_ms() - ticks;
timeout = timeout > ticks_taken ? timeout - ticks_taken : 0;
}
/* update the tick count after potential sleeping in poll() */
ticks = get_ticks_ms();
/* network state specfic actions */
if (n->state == NS_CONNECTING) {
/* retransmit connection request if it was lost */
if (ticks - n->ticks->last_connection_request > 15000) {
pkt_send_client_key(n->encrypt->client_key);
n->ticks->last_connection_request = ticks;
}
} else if (ticks - n->ticks->last_pkt_received > 30*1000) {
/* disconnect if no packets have been received for 30 seconds */
Log(OP_MOD, "No data received for 30 seconds, reconnecting...");
disconnect_from_server(td);
continue;
}
/* transmit player position update if necessary */
if (n->state == NS_CONNECTED && td->in_arena) {
if ((ticks - n->ticks->last_pos_update_sent > 100
&& td->bot_ship != SHIP_SPECTATOR)
|| (ticks - n->ticks->last_pos_update_sent > 1000
&& td->bot_ship == SHIP_SPECTATOR)) {
pkt_send_position_update(td->bot_pos->x, td->bot_pos->y,
td->bot_vel->x, td->bot_vel->y);
n->ticks->last_pos_update_sent = ticks;
}
}
/* send periodic info/einfo */
if (n->state == NS_CONNECTED) {
// subtract 10000 to offset this by 10 seconds from *einfo to avoid filling buffers with commands/responses
if (td->periodic->info && ticks - (td->periodic->last_info - 10000U) >= td->periodic->info) {
int nhere = player_get_phere(td);
PLAYER *parray = player_get_parray(td);
for (int i = 0; i < nhere; ++i) {
if (parray[i].here && td->enter->send_info) {
PrivMessage(&parray[i], "*info");
}
}
td->periodic->last_info = ticks;
}
if (td->periodic->einfo && ticks - td->periodic->last_einfo >= td->periodic->einfo) {
int nhere = player_get_phere(td);
PLAYER *parray = player_get_parray(td);
for (int i = 0; i < nhere; ++i) {
if (parray[i].here && td->enter->send_einfo) {
PrivMessage(&parray[i], "*einfo");
}
}
td->periodic->last_einfo = ticks;
}
}
/* retransmit reliable packets that have not been acked */
rpacket_list_t *l = n->rel_o->queue;
rpacket_list_t::iterator iter = l->begin();
while (iter != l->end()) {
RPACKET *rp = *iter;
if (ticks - rp->ticks > RELIABLE_RETRANSMIT_INTERVAL) {
PACKET *p = allocate_packet(rp->len);
memcpy(p->data, rp->data, rp->len);
/* update packets retransmit tick */
rp->ticks = ticks;
queue_packet(p, SP_HIGH);
}
++iter;
}
/* free absent players if its time */
ticks_ms_t flush_check_interval = 60 * 60 * 1000;
if (ticks - td->arena->ticks->last_player_flush > flush_check_interval) {
player_free_absent_players(td, flush_check_interval, true);
td->arena->ticks->last_player_flush = ticks;
}
/* write packets generated during loop iteration */
send_outgoing_packets(td);
} /* while td->running != 0 */
}
/* handle reading from a client connection */
static void handle_connection_read(int sock, void *data) {
data_packet receive_packet;
u_int32_t packet_crc32;
u_int32_t calculated_crc32;
struct crypt_instance *CI;
time_t packet_time;
time_t current_time;
int16_t return_code;
unsigned long packet_age = 0L;
int bytes_to_recv;
int rc;
char host_name[MAX_HOSTNAME_LENGTH];
char svc_description[MAX_DESCRIPTION_LENGTH];
char plugin_output[MAX_PLUGINOUTPUT_LENGTH];
int packet_length = sizeof(receive_packet);
int plugin_length = MAX_PLUGINOUTPUT_LENGTH;
CI = data;
/* process all data we get from the client... */
/* read the packet from the client */
bytes_to_recv = sizeof(receive_packet);
rc = recvall(sock, (char *)&receive_packet, &bytes_to_recv, socket_timeout);
/* recv() error or client disconnect */
if (rc <= 0) {
if (bytes_to_recv == OLD_PACKET_LENGTH) {
packet_length = OLD_PACKET_LENGTH;
plugin_length = OLD_PLUGINOUTPUT_LENGTH;
}
else {
if (debug == TRUE)
syslog(LOG_ERR, "End of connection...");
encrypt_cleanup(decryption_method, CI);
close(sock);
if (mode == SINGLE_PROCESS_DAEMON)
return;
else
do_exit(STATE_OK);
}
}
/* we couldn't read the correct amount of data, so bail out */
if (bytes_to_recv != packet_length) {
syslog(LOG_ERR, "Data sent from client was too short (%d < %d), aborting...", bytes_to_recv, packet_length);
encrypt_cleanup(decryption_method, CI);
close(sock);
return;
if (mode == SINGLE_PROCESS_DAEMON)
return;
else
do_exit(STATE_CRITICAL);
}
/* if we're single-process, we need to set things up so we handle the next packet after this one... */
if (mode == SINGLE_PROCESS_DAEMON)
register_read_handler(sock, handle_connection_read, (void *)CI);
/* decrypt the packet */
decrypt_buffer((char *)&receive_packet, packet_length, password, decryption_method, CI);
/* make sure this is the right type of packet */
if (ntohs(receive_packet.packet_version) != NSCA_PACKET_VERSION_3) {
syslog(LOG_ERR, "Received invalid packet type/version from client - possibly due to client using wrong password or crypto algorithm?");
/*return;*/
close(sock);
if (mode == SINGLE_PROCESS_DAEMON)
return;
else
do_exit(STATE_OK);
}
/* check the crc 32 value */
packet_crc32 = ntohl(receive_packet.crc32_value);
receive_packet.crc32_value = 0L;
calculated_crc32 = calculate_crc32((char *)&receive_packet, packet_length);
if (packet_crc32 != calculated_crc32) {
syslog(LOG_ERR, "Dropping packet with invalid CRC32 - possibly due to client using wrong password or crypto algorithm?");
/*return;*/
close(sock);
if (mode == SINGLE_PROCESS_DAEMON)
return;
else
do_exit(STATE_OK);
}
/* host name */
strncpy(host_name, receive_packet.host_name, sizeof(host_name) - 1);
host_name[sizeof(host_name) - 1] = '\0';
/* check the timestamp in the packet */
packet_age = (unsigned long)(current_time - packet_time);
if (debug == TRUE)
syslog(LOG_ERR, "Time difference in packet: %lu seconds for host %s", packet_age, host_name);
if ((max_packet_age > 0 && (packet_age > max_packet_age) && (packet_age >= 0)) ||
((max_packet_age > 0) && (packet_age < (0 - max_packet_age)) && (packet_age < 0))
) {
syslog(LOG_ERR, "Dropping packet with stale timestamp for %s - packet was %lu seconds old.", host_name, packet_age);
close(sock);
if (mode == SINGLE_PROCESS_DAEMON)
return;
else
do_exit(STATE_OK);
}
/**** GET THE SERVICE CHECK INFORMATION ****/
/* plugin return code */
return_code = ntohs(receive_packet.return_code);
/* service description */
strncpy(svc_description, receive_packet.svc_description, sizeof(svc_description) - 1);
svc_description[sizeof(svc_description) - 1] = '\0';
/* plugin output */
strncpy(plugin_output, receive_packet.plugin_output, plugin_length - 1);
plugin_output[plugin_length - 1] = '\0';
/* log info to syslog facility */
if (debug == TRUE) {
if (!strcmp(svc_description, ""))
syslog(LOG_NOTICE, "HOST CHECK -> Host Name: '%s', Return Code: '%d', Output: '%s'", host_name, return_code, plugin_output);
else
syslog(LOG_NOTICE, "SERVICE CHECK -> Host Name: '%s', Service Description: '%s', Return Code: '%d', Output: '%s'", host_name, svc_description, return_code, plugin_output);
}
/* write the check result to the external command file.
* Note: it's OK to hang at this point if the write doesn't succeed, as there's
* no way we could handle any other connection properly anyway. so we don't
* use poll() - which fails on a pipe with any data, so it would cause us to
* only ever write one command at a time into the pipe.
*/
if (check_result_path == NULL) {
write_check_result(host_name, svc_description, return_code, plugin_output, time(NULL));
} else {
write_checkresult_file(host_name, svc_description, return_code, plugin_output, time(NULL));
}
return;
}
GkmDataResult
gkm_secret_binary_read (GkmSecretCollection *collection, GkmSecretData *sdata,
gconstpointer data, gsize n_data)
{
gsize offset;
guchar major, minor, crypto, hash;
guint32 flags;
guint32 lock_timeout;
time_t mtime, ctime;
char *display_name;
guint32 tmp;
guint32 num_items;
guint32 crypto_size;
guint32 hash_iterations;
guchar salt[8];
ItemInfo *items;
GkmSecret* master;
GkmSecretObject *obj;
EggBuffer to_decrypt = EGG_BUFFER_EMPTY;
GkmDataResult res = GKM_DATA_FAILURE;
GHashTable *checks = NULL;
GkmSecretItem *item;
EggBuffer buffer;
GList *l, *iteml;
int i;
display_name = NULL;
items = 0;
obj = GKM_SECRET_OBJECT (collection);
/* The buffer we read from */
egg_buffer_init_static (&buffer, data, n_data);
if (buffer.len < KEYRING_FILE_HEADER_LEN ||
memcmp (buffer.buf, KEYRING_FILE_HEADER, KEYRING_FILE_HEADER_LEN) != 0) {
egg_buffer_uninit (&buffer);
return GKM_DATA_UNRECOGNIZED;
}
offset = KEYRING_FILE_HEADER_LEN;
major = buffer.buf[offset++];
minor = buffer.buf[offset++];
crypto = buffer.buf[offset++];
hash = buffer.buf[offset++];
if (major != 0 || minor != 0 || crypto != 0 || hash != 0) {
egg_buffer_uninit (&buffer);
return GKM_DATA_UNRECOGNIZED;
}
if (!buffer_get_utf8_string (&buffer, offset, &offset, &display_name) ||
!buffer_get_time (&buffer, offset, &offset, &ctime) ||
!buffer_get_time (&buffer, offset, &offset, &mtime) ||
!egg_buffer_get_uint32 (&buffer, offset, &offset, &flags) ||
!egg_buffer_get_uint32 (&buffer, offset, &offset, &lock_timeout) ||
!egg_buffer_get_uint32 (&buffer, offset, &offset, &hash_iterations) ||
!buffer_get_bytes (&buffer, offset, &offset, salt, 8))
goto bail;
for (i = 0; i < 4; i++) {
if (!egg_buffer_get_uint32 (&buffer, offset, &offset, &tmp))
goto bail;
}
if (!egg_buffer_get_uint32 (&buffer, offset, &offset, &num_items))
goto bail;
items = g_new0 (ItemInfo, num_items + 1);
/* Hashed data, without secrets */
if (!read_hashed_item_info (&buffer, &offset, items, num_items))
goto bail;
if (!egg_buffer_get_uint32 (&buffer, offset, &offset, &crypto_size))
goto bail;
/* Make the crypted part is the right size */
if (crypto_size % 16 != 0)
goto bail;
/* Ensure the file is large enough to hold all the data (in case it got truncated) */
if (buffer.len < offset + crypto_size)
goto bail;
/* Copy the data into to_decrypt into non-pageable memory */
egg_buffer_set_allocator (&to_decrypt, egg_secure_realloc);
egg_buffer_reserve (&to_decrypt, crypto_size);
memcpy (to_decrypt.buf, buffer.buf + offset, crypto_size);
to_decrypt.len = crypto_size;
if (sdata != NULL) {
master = gkm_secret_data_get_master (sdata);
if (!decrypt_buffer (&to_decrypt, master, salt, hash_iterations))
goto bail;
if (!verify_decrypted_buffer (&to_decrypt)) {
res = GKM_DATA_LOCKED;
goto bail;
} else {
offset = 16; /* Skip hash */
if (!read_full_item_info (&to_decrypt, &offset, items, num_items))
goto bail;
}
}
/* Correctly read all data, possibly including the decrypted data.
* Now update the keyring and items: */
gkm_secret_object_set_label (obj, display_name);
gkm_secret_object_set_modified (obj, mtime);
gkm_secret_object_set_created (obj, ctime);
if (flags & LOCK_ON_IDLE_FLAG)
gkm_secret_collection_set_lock_idle (collection, lock_timeout);
else if (flags & LOCK_AFTER_FLAG)
gkm_secret_collection_set_lock_after (collection, lock_timeout);
/* Build a Hash table where we can track ids we haven't yet seen */
checks = g_hash_table_new_full (g_str_hash, g_str_equal, g_free, NULL);
iteml = gkm_secret_collection_get_items (collection);
for (l = iteml; l; l = g_list_next (l))
g_hash_table_insert (checks, g_strdup (gkm_secret_object_get_identifier (l->data)), "unused");
g_list_free (iteml);
for (i = 0; i < num_items; i++) {
/* We've seen this id */
g_hash_table_remove (checks, items[i].identifier);
item = gkm_secret_collection_get_item (collection, items[i].identifier);
if (item == NULL)
item = gkm_secret_collection_new_item (collection, items[i].identifier);
setup_item_from_info (item, sdata, &items[i]);
}
g_hash_table_foreach (checks, remove_unavailable_item, collection);
res = GKM_DATA_SUCCESS;
bail:
egg_buffer_uninit (&to_decrypt);
if (checks)
g_hash_table_destroy (checks);
g_free (display_name);
for (i = 0; items && i < num_items; i++)
free_item_info (&items[i]);
g_free (items);
return res;
}
