int urandombytes(unsigned char *x, unsigned long long xlen)
{
static int urandomfd = -1;
int tries = 0;
if (urandomfd == -1) {
for (tries = 0; tries < 4; ++tries) {
urandomfd = open("/dev/urandom",O_RDONLY);
if (urandomfd != -1) break;
sleep(1);
}
if (urandomfd == -1) {
WHY_perror("open(/dev/urandom)");
return -1;
}
}
tries = 0;
while (xlen > 0) {
int i = (xlen < 1048576) ? xlen : 1048576;
i = read(urandomfd, x, i);
if (i == -1) {
if (++tries > 4) {
WHY_perror("read(/dev/urandom)");
return -1;
}
sleep(1);
} else {
tries = 0;
x += i;
xlen -= i;
}
}
return 0;
}
int overlay_mdp_client_init()
{
if (mdp_client_socket==-1) {
/* Open socket to MDP server (thus connection is always local) */
if (0) WHY("Use of abstract name space socket for Linux not implemented");
mdp_client_socket = socket(AF_UNIX, SOCK_DGRAM, 0);
if (mdp_client_socket < 0) {
WHY_perror("socket");
return WHY("Could not open socket to MDP server");
}
/* We must bind to a temporary file name */
struct sockaddr_un name;
unsigned int random_value;
if (urandombytes((unsigned char *)&random_value,sizeof(int)))
return WHY("urandombytes() failed");
name.sun_family = AF_UNIX;
if (overlay_mdp_client_socket_path_len==-1) {
char fmt[1024];
if (!FORM_SERVAL_INSTANCE_PATH(fmt, "mdp-client-%d-%08x.socket"))
return WHY("Could not form MDP client socket name");
snprintf(overlay_mdp_client_socket_path,1024,fmt,getpid(),random_value);
overlay_mdp_client_socket_path_len=strlen(overlay_mdp_client_socket_path)+1;
if(config.debug.io) DEBUGF("MDP client socket name='%s'",overlay_mdp_client_socket_path);
}
if (overlay_mdp_client_socket_path_len > sizeof(name.sun_path) - 1)
FATALF("MDP socket path too long (%d > %d)", overlay_mdp_client_socket_path_len, sizeof(name.sun_path) - 1);
bcopy(overlay_mdp_client_socket_path,name.sun_path,
overlay_mdp_client_socket_path_len);
unlink(name.sun_path);
int len = 1 + strlen(name.sun_path) + sizeof(name.sun_family) + 1;
int r=bind(mdp_client_socket, (struct sockaddr *)&name, len);
if (r) {
WHY_perror("bind");
return WHY("Could not bind MDP client socket to file name");
}
int send_buffer_size=128*1024;
if (setsockopt(mdp_client_socket, SOL_SOCKET, SO_RCVBUF,
&send_buffer_size, sizeof(send_buffer_size)) == -1)
WARN_perror("setsockopt");
}
return 0;
}
ssize_t recvwithttl(int sock,unsigned char *buffer, size_t bufferlen,int *ttl,
struct sockaddr *recvaddr, socklen_t *recvaddrlen)
{
struct msghdr msg;
struct iovec iov[1];
iov[0].iov_base=buffer;
iov[0].iov_len=bufferlen;
bzero(&msg,sizeof(msg));
msg.msg_name = recvaddr;
msg.msg_namelen = *recvaddrlen;
msg.msg_iov = &iov[0];
msg.msg_iovlen = 1;
// setting the following makes the data end up in the wrong place
// msg.msg_iov->iov_base=iov_buffer;
// msg.msg_iov->iov_len=sizeof(iov_buffer);
struct cmsghdr cmsgcmsg[16];
msg.msg_control = &cmsgcmsg[0];
msg.msg_controllen = sizeof(struct cmsghdr)*16;
msg.msg_flags = 0;
ssize_t len = recvmsg(sock,&msg,0);
if (len == -1 && errno != EAGAIN && errno != EWOULDBLOCK)
return WHY_perror("recvmsg");
if (0&&debug&DEBUG_PACKETRX) {
DEBUGF("recvmsg returned %lld (flags=%d, msg_controllen=%d)", (long long) len, msg.msg_flags, msg.msg_controllen);
dump("received data", buffer, len);
}
struct cmsghdr *cmsg;
if (len>0)
{
for (cmsg = CMSG_FIRSTHDR(&msg);
cmsg != NULL;
cmsg = CMSG_NXTHDR(&msg,cmsg)) {
if ((cmsg->cmsg_level == IPPROTO_IP) &&
((cmsg->cmsg_type == IP_RECVTTL) ||(cmsg->cmsg_type == IP_TTL))
&&(cmsg->cmsg_len) ) {
if (debug&DEBUG_PACKETRX)
DEBUGF(" TTL (%p) data location resolves to %p", ttl,CMSG_DATA(cmsg));
if (CMSG_DATA(cmsg)) {
*ttl = *(unsigned char *) CMSG_DATA(cmsg);
if (debug&DEBUG_PACKETRX)
DEBUGF(" TTL of packet is %d", *ttl);
}
} else {
if (debug&DEBUG_PACKETRX)
DEBUGF("I didn't expect to see level=%02x, type=%02x",
cmsg->cmsg_level,cmsg->cmsg_type);
}
}
}
*recvaddrlen=msg.msg_namelen;
return len;
}
int
doifaddrs(void) {
struct ifaddrs *ifaddr, *ifa;
char *name;
struct socket_address addr, broadcast;
struct in_addr netmask;
bzero(&addr, sizeof(addr));
bzero(&broadcast, sizeof(broadcast));
if (config.debug.overlayinterfaces) DEBUGF("called");
if (getifaddrs(&ifaddr) == -1)
return WHY_perror("getifaddr()");
broadcast.addrlen = sizeof(addr.inet);
broadcast.inet.sin_family = AF_INET;
for (ifa = ifaddr; ifa != NULL ; ifa = ifa->ifa_next) {
if (!ifa->ifa_addr || !ifa->ifa_netmask)
continue;
/* We're only interested in IPv4 addresses */
if (ifa->ifa_addr->sa_family != AF_INET) {
if (config.debug.overlayinterfaces) DEBUGF("Skipping non-AF_INET address on %s", ifa->ifa_name);
continue;
}
/* Not broadcast? Not interested.. */
if ((ifa->ifa_flags & IFF_BROADCAST) == 0) {
if (config.debug.overlayinterfaces) DEBUGF("Skipping non-broadcast address on %s", ifa->ifa_name);
continue;
}
name = ifa->ifa_name;
addr.addrlen = sizeof(addr.inet);
bcopy(ifa->ifa_addr, &addr.addr, addr.addrlen);
netmask = ((struct sockaddr_in *)ifa->ifa_netmask)->sin_addr;
broadcast.inet.sin_addr.s_addr=addr.inet.sin_addr.s_addr | ~netmask.s_addr;
overlay_interface_register(name, &addr, &broadcast);
}
freeifaddrs(ifaddr);
return 0;
}
/* for when all other options fail, as can happen on Android,
if the permissions for the socket-based method are broken.
Down side is that it while it gets the interface name and
broadcast, it doesn't get the local address for that
interface.
*/
int scrapeProcNetRoute()
{
if (config.debug.overlayinterfaces) DEBUG("called");
FILE *f=fopen("/proc/net/route","r");
if (!f)
return WHY_perror("fopen(\"/proc/net/route\")");
char line[1024],name[1024],dest[1024],mask[1024];
/* skip header line */
line[0] = '\0';
if (fgets(line,1024,f) == NULL)
return WHYF_perror("fgets(%p,1024,\"/proc/net/route\")", line);
line[0] = '\0';
if (fgets(line,1024,f) == NULL)
return WHYF_perror("fgets(%p,1024,\"/proc/net/route\")", line);
struct socket_address addr, broadcast;
bzero(&addr, sizeof(addr));
bzero(&broadcast, sizeof(broadcast));
addr.addrlen = sizeof(addr.inet);
addr.inet.sin_family = AF_INET;
broadcast.addrlen = sizeof(addr.inet);
broadcast.inet.sin_family = AF_INET;
while(line[0]) {
int r;
if ((r=sscanf(line,"%s %s %*s %*s %*s %*s %*s %s",name,dest,mask))==3) {
addr.inet.sin_addr.s_addr=strtol(dest,NULL,16);
struct in_addr netmask = {.s_addr=strtol(mask,NULL,16)};
broadcast.inet.sin_addr.s_addr=addr.inet.sin_addr.s_addr | ~netmask.s_addr;
overlay_interface_register(name,&addr,&broadcast);
}
line[0] = '\0';
if (fgets(line,1024,f) == NULL)
return WHYF_perror("fgets(%p,1024,\"/proc/net/route\")", line);
}
fclose(f);
return 0;
}
int overlay_mdp_reply(int sock,struct sockaddr_un *recvaddr,int recvaddrlen,
overlay_mdp_frame *mdpreply)
{
int replylen;
if (!recvaddr) return 0;
replylen=overlay_mdp_relevant_bytes(mdpreply);
if (replylen<0) return WHY("Invalid MDP frame (could not compute length)");
errno=0;
int r=sendto(sock,(char *)mdpreply,replylen,0,
(struct sockaddr *)recvaddr,recvaddrlen);
if (r<replylen) {
WHY_perror("sendto(d)");
return WHYF("sendto() failed when sending MDP reply, sock=%d, r=%d", sock, r);
} else
if (0) DEBUGF("reply of %d bytes sent",r);
return 0;
}
int
dna_helper_start()
{
if (!config.dna.helper.executable[0]) {
/* Check if we have a helper configured. If not, then set
dna_helper_pid to magic value of 0 so that we don't waste time
in future looking up the dna helper configuration value. */
INFO("DNAHELPER none configured");
dna_helper_pid = 0;
return 0;
}
if (!my_subscriber)
return WHY("Unable to lookup my SID");
const char *mysid = alloca_tohex_sid_t(my_subscriber->sid);
dna_helper_close_pipes();
int stdin_fds[2], stdout_fds[2], stderr_fds[2];
if (pipe(stdin_fds) == -1)
return WHY_perror("pipe");
if (pipe(stdout_fds) == -1) {
WHY_perror("pipe");
close(stdin_fds[0]);
close(stdin_fds[1]);
return -1;
}
if (pipe(stderr_fds) == -1) {
WHY_perror("pipe");
close(stdin_fds[0]);
close(stdin_fds[1]);
close(stdout_fds[0]);
close(stdout_fds[1]);
return -1;
}
// Construct argv[] for execv() and log messages.
const char *argv[config.dna.helper.argv.ac + 2];
argv[0] = config.dna.helper.executable;
unsigned i;
for (i = 0; i < config.dna.helper.argv.ac; ++i)
argv[i + 1] = config.dna.helper.argv.av[i].value;
argv[i + 1] = NULL;
strbuf argv_sb = strbuf_append_argv(strbuf_alloca(1024), config.dna.helper.argv.ac + 1, argv);
switch (dna_helper_pid = fork()) {
case 0:
/* Child, should exec() to become helper after installing file descriptors. */
close_log_file();
setenv("MYSID", mysid, 1);
signal(SIGTERM, SIG_DFL);
close(stdin_fds[1]);
close(stdout_fds[0]);
close(stderr_fds[0]);
if (dup2(stderr_fds[1], 2) == -1 || dup2(stdout_fds[1], 1) == -1 || dup2(stdin_fds[0], 0) == -1) {
LOG_perror(LOG_LEVEL_FATAL, "dup2");
_exit(-1);
}
{
execv(config.dna.helper.executable, (char **)argv);
LOGF_perror(LOG_LEVEL_FATAL, "execv(%s, [%s])",
alloca_str_toprint(config.dna.helper.executable),
strbuf_str(argv_sb)
);
}
do { _exit(-1); } while (1);
break;
case -1:
/* fork failed */
WHY_perror("fork");
close(stdin_fds[0]);
close(stdin_fds[1]);
close(stdout_fds[0]);
close(stdout_fds[1]);
close(stderr_fds[0]);
close(stderr_fds[1]);
return -1;
default:
/* Parent, should put file descriptors into place for use */
close(stdin_fds[0]);
close(stdout_fds[1]);
close(stderr_fds[1]);
dna_helper_started = 0;
dna_helper_stdin = stdin_fds[1];
dna_helper_stdout = stdout_fds[0];
dna_helper_stderr = stderr_fds[0];
INFOF("STARTED DNA HELPER pid=%u stdin=%d stdout=%d stderr=%d executable=%s argv=[%s]",
dna_helper_pid,
dna_helper_stdin,
dna_helper_stdout,
dna_helper_stderr,
alloca_str_toprint(config.dna.helper.executable),
strbuf_str(argv_sb)
);
sched_replies.poll.fd = dna_helper_stdout;
sched_replies.poll.events = POLLIN;
sched_errors.poll.fd = dna_helper_stderr;
sched_errors.poll.events = POLLIN;
sched_requests.poll.fd = -1;
sched_requests.poll.events = POLLOUT;
sched_harvester.alarm = gettime_ms() + 1000;
sched_harvester.deadline = sched_harvester.alarm + 1000;
reply_bufend = reply_buffer;
discarding_until_nl = 0;
awaiting_reply = 0;
watch(&sched_replies);
watch(&sched_errors);
schedule(&sched_harvester);
return 0;
}
return -1;
}
int log_backtrace(int level, struct __sourceloc whence)
{
#ifndef NO_BACKTRACE
_log_iterator it;
_log_iterator_start(&it);
_rotate_log_file(&it);
char execpath[MAXPATHLEN];
if (get_self_executable_path(execpath, sizeof execpath) == -1)
return WHY("cannot log backtrace: own executable path unknown");
char tempfile[MAXPATHLEN];
if (!FORM_SERVAL_INSTANCE_PATH(tempfile, "servalgdb.XXXXXX"))
return -1;
int tmpfd = mkstemp(tempfile);
if (tmpfd == -1)
return WHYF_perror("mkstemp(%s)", alloca_str_toprint(tempfile));
if (write_str(tmpfd, "backtrace\n") == -1) {
close(tmpfd);
unlink(tempfile);
return -1;
}
if (close(tmpfd) == -1) {
WHY_perror("close");
unlink(tempfile);
return -1;
}
char pidstr[12];
snprintf(pidstr, sizeof pidstr, "%jd", (intmax_t)getpid());
int stdout_fds[2];
if (pipe(stdout_fds) == -1)
return WHY_perror("pipe");
pid_t child_pid;
switch (child_pid = fork()) {
case -1: // error
WHY_perror("fork");
close(stdout_fds[0]);
close(stdout_fds[1]);
return WHY("cannot log backtrace: fork failed");
case 0: // child
if (dup2(stdout_fds[1], 1) == -1 || dup2(stdout_fds[1], 2) == -1) {
perror("dup2");
_exit(-1);
}
close(0);
if (open("/dev/null", O_RDONLY) != 0) {
perror("open(\"/dev/null\")");
_exit(-2);
}
close(stdout_fds[0]);
/* XXX: Need the cast on Solaris because it defins NULL as 0L and gcc doesn't
* see it as a sentinal */
execlp("gdb", "gdb", "-n", "-batch", "-x", tempfile, execpath, pidstr, (void*)NULL);
perror("execlp(\"gdb\")");
do { _exit(-3); } while (1);
break;
}
// parent
close(stdout_fds[1]);
_log_iterator_printf_nl(&it, level, whence, "GDB BACKTRACE");
char buf[1024];
char *const bufe = buf + sizeof buf;
char *linep = buf;
char *readp = buf;
ssize_t nr;
while ((nr = read(stdout_fds[0], readp, bufe - readp)) > 0) {
char *p = readp;
readp = readp + nr;
for (; p < readp; ++p)
if (*p == '\n' || *p == '\0') {
*p = '\0';
_log_iterator_printf_nl(&it, level, __NOWHERE__, "%s", linep);
linep = p + 1;
}
if (readp >= bufe && linep == buf) {
// Line does not fit into buffer.
char t = bufe[-1];
bufe[-1] = '\0';
_log_iterator_printf_nl(&it, level, __NOWHERE__, "%s", buf);
buf[0] = t;
readp = buf + 1;
} else if (readp + 120 >= bufe && linep != buf) {
// Buffer low on space.
if (linep < readp)
memmove(buf, linep, readp - linep);
readp -= linep - buf;
linep = buf;
}
// Invariant: readp < bufe
}
if (nr == -1)
WHY_perror("read");
if (readp > linep) {
*readp = '\0';
_log_iterator_printf_nl(&it, level, __NOWHERE__, "%s", linep);
}
close(stdout_fds[0]);
int status = 0;
if (waitpid(child_pid, &status, 0) == -1)
WHY_perror("waitpid");
strbuf b = strbuf_local(buf, sizeof buf);
strbuf_append_exit_status(b, status);
_log_iterator_printf_nl(&it, level, __NOWHERE__, "gdb %s", buf);
unlink(tempfile);
#endif
return 0;
}
int overlay_saw_mdp_frame(overlay_mdp_frame *mdp, time_ms_t now)
{
IN();
int i;
int match=-1;
switch(mdp->packetTypeAndFlags&MDP_TYPE_MASK) {
case MDP_TX:
/* Regular MDP frame addressed to us. Look for matching port binding,
and if available, push to client. Else do nothing, or if we feel nice
send back a connection refused type message? Silence is probably the
more prudent path.
*/
if (debug & DEBUG_MDPREQUESTS)
DEBUGF("Received packet with listener (MDP ports: src=%s*:%d, dst=%d)",
alloca_tohex(mdp->out.src.sid, 7),
mdp->out.src.port,mdp->out.dst.port);
// TODO pass in dest subscriber as an argument, we should know it by now
struct subscriber *destination = NULL;
if (!is_broadcast(mdp->out.dst.sid)){
destination = find_subscriber(mdp->out.dst.sid, SID_SIZE, 1);
}
for(i=0;i<MDP_MAX_BINDINGS;i++)
{
if (mdp_bindings[i].port!=mdp->out.dst.port)
continue;
if ((!destination) || mdp_bindings[i].subscriber == destination){
/* exact match, so stop searching */
match=i;
break;
}else if (!mdp_bindings[i].subscriber){
/* If we find an "ANY" binding, remember it. But we will prefer an exact match if we find one */
match=i;
}
}
if (match>-1) {
struct sockaddr_un addr;
bcopy(mdp_bindings[match].socket_name,addr.sun_path,mdp_bindings[match].name_len);
addr.sun_family=AF_UNIX;
errno=0;
int len=overlay_mdp_relevant_bytes(mdp);
int r=sendto(mdp_named.poll.fd,mdp,len,0,(struct sockaddr*)&addr,sizeof(addr));
if (r==overlay_mdp_relevant_bytes(mdp)) {
RETURN(0);
}
WHY("didn't send mdp packet");
if (errno==ENOENT) {
/* far-end of socket has died, so drop binding */
INFOF("Closing dead MDP client '%s'",mdp_bindings[match].socket_name);
overlay_mdp_releasebindings(&addr,mdp_bindings[match].name_len);
}
WHY_perror("sendto(e)");
RETURN(WHY("Failed to pass received MDP frame to client"));
} else {
/* No socket is bound, ignore the packet ... except for magic sockets */
switch(mdp->out.dst.port) {
case MDP_PORT_VOMP:
RETURN(vomp_mdp_received(mdp));
case MDP_PORT_KEYMAPREQUEST:
/* Either respond with the appropriate SAS, or record this one if it
verifies out okay. */
if (debug & DEBUG_MDPREQUESTS)
DEBUG("MDP_PORT_KEYMAPREQUEST");
RETURN(keyring_mapping_request(keyring,mdp));
case MDP_PORT_DNALOOKUP: /* attempt to resolve DID to SID */
{
int cn=0,in=0,kp=0;
char did[64+1];
int pll=mdp->out.payload_length;
if (pll>64) pll=64;
/* get did from the packet */
if (mdp->out.payload_length<1) {
RETURN(WHY("Empty DID in DNA resolution request")); }
bcopy(&mdp->out.payload[0],&did[0],pll);
did[pll]=0;
if (debug & DEBUG_MDPREQUESTS)
DEBUG("MDP_PORT_DNALOOKUP");
int results=0;
while(keyring_find_did(keyring,&cn,&in,&kp,did))
{
/* package DID and Name into reply (we include the DID because
it could be a wild-card DID search, but the SID is implied
in the source address of our reply). */
if (keyring->contexts[cn]->identities[in]->keypairs[kp]->private_key_len > DID_MAXSIZE)
/* skip excessively long DID records */
continue;
const unsigned char *packedSid = keyring->contexts[cn]->identities[in]->keypairs[0]->public_key;
const char *unpackedDid = (const char *) keyring->contexts[cn]->identities[in]->keypairs[kp]->private_key;
const char *name = (const char *)keyring->contexts[cn]->identities[in]->keypairs[kp]->public_key;
// URI is sid://SIDHEX/DID
strbuf b = strbuf_alloca(SID_STRLEN + DID_MAXSIZE + 10);
strbuf_puts(b, "sid://");
strbuf_tohex(b, packedSid, SID_SIZE);
strbuf_puts(b, "/local/");
strbuf_puts(b, unpackedDid);
overlay_mdp_dnalookup_reply(&mdp->out.src, packedSid, strbuf_str(b), unpackedDid, name);
kp++;
results++;
}
if (!results) {
/* No local results, so see if servald has been configured to use
a DNA-helper that can provide additional mappings. This provides
a generalised interface for resolving telephone numbers into URIs.
The first use will be for resolving DIDs to SIP addresses for
OpenBTS boxes run by the OTI/Commotion project.
The helper is run asynchronously, and the replies will be delivered
when results become available, so this function will return
immediately, so as not to cause blockages and delays in servald.
*/
dna_helper_enqueue(mdp, did, mdp->out.src.sid);
monitor_tell_formatted(MONITOR_DNAHELPER, "LOOKUP:%s:%d:%s\n", alloca_tohex_sid(mdp->out.src.sid), mdp->out.src.port, did);
}
RETURN(0);
}
break;
case MDP_PORT_ECHO: /* well known ECHO port for TCP/UDP and now MDP */
{
/* Echo is easy: we swap the sender and receiver addresses (and thus port
numbers) and send the frame back. */
/* Swap addresses */
overlay_mdp_swap_src_dst(mdp);
/* Prevent echo:echo connections and the resulting denial of service from triggering endless pongs. */
if (mdp->out.dst.port==MDP_PORT_ECHO) {
RETURN(WHY("echo loop averted"));
}
/* If the packet was sent to broadcast, then replace broadcast address
with our local address. For now just responds with first local address */
if (is_broadcast(mdp->out.src.sid))
{
if (my_subscriber)
bcopy(my_subscriber->sid,
mdp->out.src.sid,SID_SIZE);
else
/* No local addresses, so put all zeroes */
bzero(mdp->out.src.sid,SID_SIZE);
}
/* queue frame for delivery */
overlay_mdp_dispatch(mdp,0 /* system generated */,
NULL,0);
/* and switch addresses back around in case the caller was planning on
using MDP structure again (this happens if there is a loop-back reply
and the frame needs sending on, as happens with broadcasts. MDP ping
is a simple application where this occurs). */
overlay_mdp_swap_src_dst(mdp);
}
break;
default:
/* Unbound socket. We won't be sending ICMP style connection refused
messages, partly because they are a waste of bandwidth. */
RETURN(WHYF("Received packet for which no listening process exists (MDP ports: src=%d, dst=%d",
mdp->out.src.port,mdp->out.dst.port));
}
}
break;
default:
RETURN(WHYF("We should only see MDP_TX frames here (MDP message type = 0x%x)",
mdp->packetTypeAndFlags));
}
RETURN(0);
}
static int overlay_saw_mdp_frame(struct overlay_frame *frame, overlay_mdp_frame *mdp, time_ms_t now)
{
IN();
int i;
int match=-1;
switch(mdp->packetTypeAndFlags&MDP_TYPE_MASK) {
case MDP_TX:
/* Regular MDP frame addressed to us. Look for matching port binding,
and if available, push to client. Else do nothing, or if we feel nice
send back a connection refused type message? Silence is probably the
more prudent path.
*/
if (config.debug.mdprequests)
DEBUGF("Received packet with listener (MDP ports: src=%s*:%d, dst=%d)",
alloca_tohex(mdp->out.src.sid, 7),
mdp->out.src.port,mdp->out.dst.port);
// TODO pass in dest subscriber as an argument, we should know it by now
struct subscriber *destination = NULL;
if (frame)
destination = frame->destination;
else if (!is_sid_broadcast(mdp->out.dst.sid)){
destination = find_subscriber(mdp->out.dst.sid, SID_SIZE, 1);
}
for(i=0;i<MDP_MAX_BINDINGS;i++)
{
if (mdp_bindings[i].port!=mdp->out.dst.port)
continue;
if ((!destination) || mdp_bindings[i].subscriber == destination){
/* exact match, so stop searching */
match=i;
break;
}else if (!mdp_bindings[i].subscriber){
/* If we find an "ANY" binding, remember it. But we will prefer an exact match if we find one */
match=i;
}
}
if (match>-1) {
struct sockaddr_un addr;
bcopy(mdp_bindings[match].socket_name,addr.sun_path,mdp_bindings[match].name_len);
addr.sun_family=AF_UNIX;
errno=0;
int len=overlay_mdp_relevant_bytes(mdp);
int r=sendto(mdp_named.poll.fd,mdp,len,0,(struct sockaddr*)&addr,sizeof(addr));
if (r==overlay_mdp_relevant_bytes(mdp)) {
RETURN(0);
}
WHY("didn't send mdp packet");
if (errno==ENOENT) {
/* far-end of socket has died, so drop binding */
INFOF("Closing dead MDP client '%s'",mdp_bindings[match].socket_name);
overlay_mdp_releasebindings(&addr,mdp_bindings[match].name_len);
}
WHY_perror("sendto(e)");
RETURN(WHY("Failed to pass received MDP frame to client"));
} else {
/* No socket is bound, ignore the packet ... except for magic sockets */
RETURN(overlay_mdp_try_interal_services(frame, mdp));
}
break;
default:
RETURN(WHYF("We should only see MDP_TX frames here (MDP message type = 0x%x)",
mdp->packetTypeAndFlags));
}
RETURN(0);
OUT();
}
/*
Open keyring file, read BAM and create initial context using the
stored salt. */
keyring_file *keyring_open(char *file)
{
/* Allocate structure */
keyring_file *k=calloc(sizeof(keyring_file),1);
if (!k) {
WHY_perror("calloc");
return NULL;
}
/* Open keyring file read-write if we can, else use it read-only */
k->file=fopen(file,"r+");
if (!k->file) k->file=fopen(file,"r");
if (!k->file) k->file=fopen(file,"w+");
if (!k->file) {
WHY_perror("fopen");
WHYF("Could not open keyring file %s", file);
keyring_free(k);
return NULL;
}
if (fseeko(k->file,0,SEEK_END)) {
WHY_perror("fseeko");
WHYF("Could not seek to end of keyring file %s", file);
keyring_free(k);
return NULL;
}
k->file_size=ftello(k->file);
if (k->file_size<KEYRING_PAGE_SIZE) {
/* Uninitialised, so write 2KB of zeroes,
followed by 2KB of random bytes as salt. */
if (fseeko(k->file,0,SEEK_SET)) {
WHY_perror("fseeko");
WHYF("Could not seek to start of keyring file %s", file);
keyring_free(k);
return NULL;
}
unsigned char buffer[KEYRING_PAGE_SIZE];
bzero(&buffer[0],KEYRING_BAM_BYTES);
if (fwrite(&buffer[0],2048,1,k->file)!=1) {
WHY_perror("fwrite");
WHYF("Could not write empty bitmap in fresh keyring file %s", file);
keyring_free(k);
return NULL;
}
if (urandombytes(&buffer[0],KEYRING_PAGE_SIZE-KEYRING_BAM_BYTES)) {
WHYF("Could not get random keyring salt to put in fresh keyring file %s", file);
keyring_free(k);
return NULL;
}
if (fwrite(&buffer[0],KEYRING_PAGE_SIZE-KEYRING_BAM_BYTES,1,k->file) != 1) {
WHY_perror("fwrite");
WHYF("Could not write keyring salt in fresh keyring file %s", file);
keyring_free(k);
return NULL;
}
k->file_size=KEYRING_PAGE_SIZE;
}
/* Read BAMs for each slab in the file */
keyring_bam **b=&k->bam;
off_t offset=0;
while(offset<k->file_size) {
/* Read bitmap from slab.
Also, if offset is zero, read the salt */
if (fseeko(k->file,offset,SEEK_SET)) {
WHY_perror("fseeko");
WHYF("Could not seek to BAM in keyring file %s", file);
keyring_free(k);
return NULL;
}
*b=calloc(sizeof(keyring_bam),1);
if (!(*b)) {
WHY_perror("calloc");
WHYF("Could not allocate keyring_bam structure for key ring file %s", file);
keyring_free(k);
return NULL;
}
(*b)->file_offset=offset;
/* Read bitmap */
int r=fread(&(*b)->bitmap[0],KEYRING_BAM_BYTES,1,k->file);
if (r!=1) {
WHY_perror("fread");
WHYF("Could not read BAM from keyring file %s", file);
keyring_free(k);
return NULL;
}
/* Read salt if this is the first bitmap block.
We setup a context for this self-supplied key-ring salt.
(other keyring salts may be provided later on, resulting in
multiple contexts being loaded) */
if (!offset) {
k->contexts[0]=calloc(sizeof(keyring_context),1);
if (!k->contexts[0]) {
WHY_perror("calloc");
WHYF("Could not allocate keyring_context for keyring file %s", file);
keyring_free(k);
return NULL;
}
k->contexts[0]->KeyRingPin=strdup(""); /* Implied empty PIN if none provided */
k->contexts[0]->KeyRingSaltLen=KEYRING_PAGE_SIZE-KEYRING_BAM_BYTES;
k->contexts[0]->KeyRingSalt=malloc(k->contexts[0]->KeyRingSaltLen);
if (!k->contexts[0]->KeyRingSalt) {
WHY_perror("malloc");
WHYF("Could not allocate keyring_context->salt for keyring file %s", file);
keyring_free(k);
return NULL;
}
r=fread(&k->contexts[0]->KeyRingSalt[0],k->contexts[0]->KeyRingSaltLen,1,k->file);
if (r!=1) {
WHY_perror("fread");
WHYF("Could not read salt from keyring file %s", file);
keyring_free(k);
return NULL;
}
k->context_count=1;
}
/* Skip to next slab, and find next bam pointer. */
offset+=KEYRING_PAGE_SIZE*(KEYRING_BAM_BYTES<<3);
b=&(*b)->next;
}
return k;
}
void rhizome_direct_http_dispatch(rhizome_direct_sync_request *r)
{
DEBUGF("Dispatch size_high=%lld",r->cursor->size_high);
rhizome_direct_transport_state_http *state = r->transport_specific_state;
int sock=socket(AF_INET, SOCK_STREAM, 0);
if (sock==-1) {
WHY_perror("socket");
goto end;
}
struct hostent *hostent;
hostent = gethostbyname(state->host);
if (!hostent) {
DEBUGF("could not resolve hostname");
goto end;
}
struct sockaddr_in addr;
addr.sin_family = AF_INET;
addr.sin_port = htons(state->port);
addr.sin_addr = *((struct in_addr *)hostent->h_addr);
bzero(&(addr.sin_zero),8);
if (connect(sock,(struct sockaddr *)&addr,sizeof(struct sockaddr)) == -1) {
WHY_perror("connect");
close(sock);
goto end;
}
char boundary[20];
char buffer[8192];
strbuf bb = strbuf_local(boundary, sizeof boundary);
strbuf_sprintf(bb, "%08lx%08lx", random(), random());
assert(!strbuf_overrun(bb));
strbuf content_preamble = strbuf_alloca(200);
strbuf content_postamble = strbuf_alloca(40);
strbuf_sprintf(content_preamble,
"--%s\r\n"
"Content-Disposition: form-data; name=\"data\"; filename=\"IHAVEs\"\r\n"
"Content-Type: application/octet-stream\r\n"
"\r\n",
boundary
);
strbuf_sprintf(content_postamble, "\r\n--%s--\r\n", boundary);
assert(!strbuf_overrun(content_preamble));
assert(!strbuf_overrun(content_postamble));
int content_length = strbuf_len(content_preamble)
+ r->cursor->buffer_offset_bytes
+ r->cursor->buffer_used
+ strbuf_len(content_postamble);
strbuf request = strbuf_local(buffer, sizeof buffer);
strbuf_sprintf(request,
"POST /rhizome/enquiry HTTP/1.0\r\n"
"Content-Length: %d\r\n"
"Content-Type: multipart/form-data; boundary=%s\r\n"
"\r\n%s",
content_length, boundary, strbuf_str(content_preamble)
);
assert(!strbuf_overrun(request));
/* TODO: Refactor this code so that it uses our asynchronous framework.
*/
int len = strbuf_len(request);
int sent=0;
while(sent<len) {
DEBUGF("write(%d, %s, %d)", sock, alloca_toprint(-1, &buffer[sent], len-sent), len-sent);
int count=write(sock,&buffer[sent],len-sent);
if (count == -1) {
if (errno==EPIPE) goto rx;
WHYF_perror("write(%d)", len - sent);
close(sock);
goto end;
}
sent+=count;
}
len=r->cursor->buffer_offset_bytes+r->cursor->buffer_used;
sent=0;
while(sent<len) {
int count=write(sock,&r->cursor->buffer[sent],len-sent);
if (count == -1) {
if (errno == EPIPE)
goto rx;
WHYF_perror("write(%d)", count);
close(sock);
goto end;
}
sent+=count;
}
strbuf_reset(request);
strbuf_puts(request, strbuf_str(content_postamble));
len = strbuf_len(request);
sent=0;
while(sent<len) {
DEBUGF("write(%d, %s, %d)", sock, alloca_toprint(-1, &buffer[sent], len-sent), len-sent);
int count=write(sock,&buffer[sent],len-sent);
if (count == -1) {
if (errno==EPIPE) goto rx;
WHYF_perror("write(%d)", len - sent);
close(sock);
goto end;
}
sent+=count;
}
struct http_response_parts parts;
rx:
/* request sent, now get response back. */
if (receive_http_response(sock, buffer, sizeof buffer, &parts) == -1) {
close(sock);
goto end;
}
/* For some reason the response data gets overwritten during a push,
so we need to copy it, and use the copy instead. */
unsigned char *actionlist=alloca(parts.content_length);
bcopy(parts.content_start, actionlist, parts.content_length);
dump("response", actionlist, parts.content_length);
/* We now have the list of (1+RHIZOME_BAR_PREFIX_BYTES)-byte records that indicate
the list of BAR prefixes that differ between the two nodes. We can now action
those which are relevant, i.e., based on whether we are pushing, pulling or
synchronising (both).
I am currently undecided as to whether it is cleaner to have some general
rhizome direct function for doing that, or whether it just adds unnecessary
complication, and the responses should just be handled in here.
For now, I am just going to implement it in here, and we can generalise later.
*/
int i;
for(i=10;i<content_length;i+=(1+RHIZOME_BAR_PREFIX_BYTES))
{
int type=actionlist[i];
unsigned long long
bid_prefix_ll=rhizome_bar_bidprefix_ll((unsigned char *)&actionlist[i+1]);
DEBUGF("%s %016llx* @ 0x%x",type==1?"push":"pull",bid_prefix_ll,i);
if (type==2&&r->pullP) {
/* Need to fetch manifest. Once we have the manifest, then we can
use our normal bundle fetch routines from rhizome_fetch.c
Generate a request like: GET /rhizome/manifestbybar/<hex of bar>
and add it to our list of HTTP fetch requests, then watch
until the request is finished. That will give us the manifest.
Then as noted above, we can use that to pull the file down using
existing routines.
*/
if (!rhizome_fetch_request_manifest_by_prefix
(&addr,&actionlist[i+1],RHIZOME_BAR_PREFIX_BYTES,
1 /* import, getting file if needed */))
{
/* Fetching the manifest, and then using it to see if we want to
fetch the file for import is all handled asynchronously, so just
wait for it to finish. */
while(rhizome_file_fetch_queue_count) fd_poll();
}
} else if (type==1&&r->pushP) {
/* Form up the POST request to submit the appropriate bundle. */
/* Start by getting the manifest, which is the main thing we need, and also
gives us the information we need for sending any associated file. */
rhizome_manifest
*m=rhizome_direct_get_manifest(&actionlist[i+1],
RHIZOME_BAR_PREFIX_BYTES);
if (!m) {
WHY("This should never happen. The manifest exists, but when I went looking for it, it doesn't appear to be there.");
goto next_item;
}
/* Get filehash and size from manifest if present */
const char *id = rhizome_manifest_get(m, "id", NULL, 0);
DEBUGF("bundle id = '%s'",id);
const char *hash = rhizome_manifest_get(m, "filehash", NULL, 0);
DEBUGF("bundle file hash = '%s'",hash);
long long filesize = rhizome_manifest_get_ll(m, "filesize");
DEBUGF("file size = %lld",filesize);
/* We now have everything we need to compose the POST request and send it.
*/
char *template="POST /rhizome/import HTTP/1.0\r\n"
/* for when all other options fail, as can happen on Android,
if the permissions for the socket-based method are broken.
Down side is that it while it gets the interface name and
broadcast, it doesn't get the local address for that
interface.
*/
int scrapeProcNetRoute()
{
if (debug & DEBUG_OVERLAYINTERFACES) DEBUG("called");
FILE *f=fopen("/proc/net/route","r");
if (!f) return WHY_perror("fopen(\"/proc/net/route\")");
char line[1024],name[1024],dest[1024],mask[1024];
/* skip header line */
line[0]=0; fgets(line,1024,f);
line[0]=0; fgets(line,1024,f);
while(line[0]) {
int r;
if ((r=sscanf(line,"%s %s %*s %*s %*s %*s %*s %s",name,dest,mask))==3)
{
struct in_addr addr = {.s_addr=strtol(dest,NULL,16)};
struct in_addr netmask = {.s_addr=strtol(mask,NULL,16)};
overlay_interface_register(name,addr,netmask);
}
line[0]=0; fgets(line,1024,f);
}
fclose(f);
return 0;
}
#endif
#ifdef SIOCGIFCONF
/* Not present in Linux */
#ifndef _SIZEOF_ADDR_IFREQ
#define _SIZEOF_ADDR_IFREQ(x) sizeof(struct ifreq)
#endif
int
lsif(void) {
char buf[8192];
struct ifconf ifc;
int sck, nInterfaces, ofs;
struct ifreq *ifr;
struct in_addr addr, netmask;
if (debug & DEBUG_OVERLAYINTERFACES) DEBUG("called");
/* Get a socket handle. */
sck = socket(PF_INET, SOCK_DGRAM, 0);
if(sck < 0) {
WHY_perror("socket");
return 1;
}
/* Query available interfaces. */
ifc.ifc_len = sizeof(buf);
ifc.ifc_buf = buf;
if(ioctl(sck, SIOCGIFCONF, &ifc) < 0) {
WHY_perror("ioctl(SIOCGIFCONF)");
close(sck);
return 1;
}
/* Iterate through the list of interfaces. */
nInterfaces = 0;
ofs = 0;
while (ofs < ifc.ifc_len && ofs < sizeof(buf)) {
ifr = (struct ifreq *)(ifc.ifc_ifcu.ifcu_buf + ofs);
ofs += _SIZEOF_ADDR_IFREQ(*ifr);
/* We're only interested in IPv4 addresses */
if (ifr->ifr_ifru.ifru_addr.sa_family != AF_INET) {
if (debug & DEBUG_OVERLAYINTERFACES) DEBUGF("Skipping non-AF_INET address on %s", ifr->ifr_name);
continue;
}
addr = ((struct sockaddr_in *)&ifr->ifr_ifru.ifru_addr)->sin_addr;
/* Get interface flags */
if (ioctl(sck, SIOCGIFFLAGS, ifr) == -1)
FATAL_perror("ioctl(SIOCGIFFLAGS)");
/* Not broadcast? Not interested.. */
if ((ifr->ifr_ifru.ifru_flags & IFF_BROADCAST) == 0) {
if (debug & DEBUG_OVERLAYINTERFACES) DEBUGF("Skipping non-broadcast address on %s", ifr->ifr_name);
continue;
}
/* Get netmask */
if (ioctl(sck, SIOCGIFNETMASK, ifr, sizeof(*ifr)) != 0) {
WHY_perror("ioctl(SIOCGIFNETMASK)");
continue;
}
netmask = ((struct sockaddr_in *)&ifr->ifr_ifru.ifru_addr)->sin_addr;
overlay_interface_register(ifr->ifr_name, addr, netmask);
nInterfaces++;
}
if (debug & DEBUG_OVERLAYINTERFACES) DEBUGF("Examined %d interface addresses", nInterfaces);
close(sck);
return 0;
}
#endif
#ifdef HAVE_IFADDRS_H
int
doifaddrs(void) {
struct ifaddrs *ifaddr, *ifa;
char *name;
struct in_addr addr, netmask;
if (debug & DEBUG_OVERLAYINTERFACES) DEBUGF("called");
if (getifaddrs(&ifaddr) == -1)
return WHY_perror("getifaddr()");
for (ifa = ifaddr; ifa != NULL ; ifa = ifa->ifa_next) {
/* We're only interested in IPv4 addresses */
if (ifa->ifa_addr->sa_family != AF_INET) {
if (debug & DEBUG_OVERLAYINTERFACES) DEBUGF("Skipping non-AF_INET address on %s", ifa->ifa_name);
continue;
}
/* Not broadcast? Not interested.. */
if ((ifa->ifa_flags & IFF_BROADCAST) == 0) {
if (debug & DEBUG_OVERLAYINTERFACES) DEBUGF("Skipping non-broadcast address on %s", ifa->ifa_name);
continue;
}
name = ifa->ifa_name;
addr = ((struct sockaddr_in *)ifa->ifa_addr)->sin_addr;
netmask = ((struct sockaddr_in *)ifa->ifa_netmask)->sin_addr;
overlay_interface_register(name, addr, netmask);
}
freeifaddrs(ifaddr);
return 0;
}
/* Start the Rhizome HTTP server by creating a socket, binding it to an available port, and
marking it as passive. If called repeatedly and frequently, this function will only try to start
the server after a certain time has elapsed since the last attempt.
Return -1 if an error occurs (message logged).
Return 0 if the server was started.
Return 1 if the server is already started successfully.
Return 2 if the server was not started because it is too soon since last failed attempt.
*/
int rhizome_http_server_start()
{
if (rhizome_server_socket != -1)
return 1;
/* Only try to start http server every five seconds. */
time_ms_t now = gettime_ms();
if (now < rhizome_server_last_start_attempt + 5000)
return 2;
rhizome_server_last_start_attempt = now;
if (debug & DEBUG_RHIZOME_TX)
DEBUGF("Starting rhizome HTTP server");
unsigned short port;
for (port = RHIZOME_HTTP_PORT; port <= RHIZOME_HTTP_PORT_MAX; ++port) {
/* Create a new socket, reusable and non-blocking. */
if (rhizome_server_socket == -1) {
rhizome_server_socket = socket(AF_INET,SOCK_STREAM,0);
if (rhizome_server_socket == -1) {
WHY_perror("socket");
goto error;
}
int on=1;
if (setsockopt(rhizome_server_socket, SOL_SOCKET, SO_REUSEADDR, (char *)&on, sizeof(on)) == -1) {
WHY_perror("setsockopt(REUSEADDR)");
goto error;
}
if (ioctl(rhizome_server_socket, FIONBIO, (char *)&on) == -1) {
WHY_perror("ioctl(FIONBIO)");
goto error;
}
}
/* Bind it to the next port we want to try. */
struct sockaddr_in address;
bzero((char *) &address, sizeof(address));
address.sin_family = AF_INET;
address.sin_addr.s_addr = INADDR_ANY;
address.sin_port = htons(port);
if (bind(rhizome_server_socket, (struct sockaddr *) &address, sizeof(address)) == -1) {
if (errno != EADDRINUSE) {
WHY_perror("bind");
goto error;
}
} else {
/* We bound to a port. The battle is half won. Now we have to successfully listen on that
port, which could also fail with EADDRINUSE, in which case we have to scrap the socket and
create a new one, because once bound, a socket stays bound.
*/
if (listen(rhizome_server_socket, 20) != -1)
goto success;
if (errno != EADDRINUSE) {
WHY_perror("listen");
goto error;
}
close(rhizome_server_socket);
rhizome_server_socket = -1;
}
}
WHYF("No ports available in range %u to %u", RHIZOME_HTTP_PORT, RHIZOME_HTTP_PORT_MAX);
error:
if (rhizome_server_socket != -1) {
close(rhizome_server_socket);
rhizome_server_socket = -1;
}
return WHY("Failed to start rhizome HTTP server");
success:
INFOF("RHIZOME HTTP SERVER, START port=%d, fd=%d", port, rhizome_server_socket);
rhizome_http_server_port = port;
/* Add Rhizome HTTPd server to list of file descriptors to watch */
server_alarm.function = rhizome_server_poll;
server_stats.name="rhizome_server_poll";
server_alarm.stats=&server_stats;
server_alarm.poll.fd = rhizome_server_socket;
server_alarm.poll.events = POLLIN;
watch(&server_alarm);
return 0;
}
int overlay_mdp_send(overlay_mdp_frame *mdp,int flags,int timeout_ms)
{
int len=4;
if (mdp_client_socket==-1)
if (overlay_mdp_client_init() != 0)
return -1;
/* Minimise frame length to save work and prevent accidental disclosure of
memory contents. */
len=overlay_mdp_relevant_bytes(mdp);
if (len<0) return WHY("MDP frame invalid (could not compute length)");
/* Construct name of socket to send to. */
struct sockaddr_un name;
name.sun_family = AF_UNIX;
if (!FORM_SERVAL_INSTANCE_PATH(name.sun_path, "mdp.socket"))
return -1;
set_nonblock(mdp_client_socket);
int result=sendto(mdp_client_socket, mdp, len, 0,
(struct sockaddr *)&name, sizeof(struct sockaddr_un));
set_block(mdp_client_socket);
if (result<0) {
mdp->packetTypeAndFlags=MDP_ERROR;
mdp->error.error=1;
snprintf(mdp->error.message,128,"Error sending frame to MDP server.");
return WHY_perror("sendto(f)");
} else {
if (!(flags&MDP_AWAITREPLY)) {
return 0;
}
}
int port=0;
if ((mdp->packetTypeAndFlags&MDP_TYPE_MASK) == MDP_TX)
port = mdp->out.src.port;
time_ms_t started = gettime_ms();
while(timeout_ms>=0 && overlay_mdp_client_poll(timeout_ms)>0){
int ttl=-1;
if (!overlay_mdp_recv(mdp, port, &ttl)) {
/* If all is well, examine result and return error code provided */
if ((mdp->packetTypeAndFlags&MDP_TYPE_MASK)==MDP_ERROR)
return mdp->error.error;
else
/* Something other than an error has been returned */
return 0;
}
// work out how much longer we can wait for a valid response
time_ms_t now = gettime_ms();
timeout_ms -= (now - started);
}
/* Timeout */
mdp->packetTypeAndFlags=MDP_ERROR;
mdp->error.error=1;
snprintf(mdp->error.message,128,"Timeout waiting for reply to MDP packet (packet was successfully sent).");
return -1; /* WHY("Timeout waiting for server response"); */
}
/*
return codes:
1: connection still open.
0: connection finished.
<0: an error occurred.
*/
static int rhizome_server_http_send_bytes(rhizome_http_request *r)
{
// keep writing until the write would block or we run out of data
while(r->request_type){
/* Flush anything out of the buffer if present, before doing any further
processing */
if (r->request_type&RHIZOME_HTTP_REQUEST_FROMBUFFER)
{
int bytes=r->buffer_length-r->buffer_offset;
bytes=write(r->alarm.poll.fd,&r->buffer[r->buffer_offset],bytes);
if (bytes<=0){
// stop writing when the tcp buffer is full
// TODO errors?
return 1;
}
if (0)
dump("bytes written",&r->buffer[r->buffer_offset],bytes);
r->buffer_offset+=bytes;
// reset inactivity timer
r->alarm.alarm = gettime_ms()+RHIZOME_IDLE_TIMEOUT;
r->alarm.deadline = r->alarm.alarm+RHIZOME_IDLE_TIMEOUT;
unschedule(&r->alarm);
schedule(&r->alarm);
if (r->buffer_offset>=r->buffer_length) {
/* Buffer's cleared */
r->request_type&=~RHIZOME_HTTP_REQUEST_FROMBUFFER;
r->buffer_offset=0; r->buffer_length=0;
}
// go around the loop again to work out what we should do next
continue;
}
switch(r->request_type&(~RHIZOME_HTTP_REQUEST_FROMBUFFER))
{
case RHIZOME_HTTP_REQUEST_FAVICON:
if (r->buffer_size<favicon_len) {
free(r->buffer);
r->buffer_size=0;
r->buffer=malloc(favicon_len);
if (!r->buffer) r->request_type=0;
}
if (r->buffer)
{
int i;
for(i=0;i<favicon_len;i++)
r->buffer[i]=favicon_bytes[i];
r->buffer_length=i;
if (debug & DEBUG_RHIZOME_TX)
DEBUGF("favicon buffer_length=%d\n", r->buffer_length);
r->request_type=RHIZOME_HTTP_REQUEST_FROMBUFFER;
}
break;
case RHIZOME_HTTP_REQUEST_BLOB:
{
/* Get more data from the file and put it in the buffer */
int read_size = 65536;
if (r->blob_end-r->source_index < read_size)
read_size = r->blob_end-r->source_index;
r->request_type=0;
if (read_size>0){
if (r->buffer_size < read_size) {
if (r->buffer)
free(r->buffer);
r->buffer=malloc(read_size);
if (!r->buffer) {
WHY_perror("malloc");
r->request_type=0; break;
}
r->buffer_size=read_size;
}
if(sqlite3_blob_read(r->blob,&r->buffer[0],read_size,r->source_index)
==SQLITE_OK)
{
r->buffer_length = read_size;
r->source_index+=read_size;
r->request_type|=RHIZOME_HTTP_REQUEST_FROMBUFFER;
}
}
if (r->source_index >= r->blob_end){
sqlite3_blob_close(r->blob);
r->blob=0;
}else
r->request_type|=RHIZOME_HTTP_REQUEST_BLOB;
}
break;
default:
WHY("sending data from this type of HTTP request not implemented");
r->request_type=0;
break;
}
}
if (!r->request_type) return rhizome_server_free_http_request(r);
return 1;
}
static int rhizome_server_sql_query_http_response(rhizome_http_request *r,
char *column,char *table,char *query_body,
int bytes_per_row,int dehexP)
{
/* Run the provided SQL query progressively and return the values of the first
column it returns. As the result list may be very long, we will add the
LIMIT <skip>,<count> clause to do it piece by piece.
Otherwise, the response is prefixed by a 256 byte header, including the public
key of the sending node, and allowing space for information about encryption of
the body, although encryption is not yet implemented here.
*/
if (r->buffer == NULL || r->buffer_size < 16384) {
if (r->buffer)
free(r->buffer);
r->buffer_size = 16384;
r->buffer = malloc(r->buffer_size);
if (r->buffer == NULL) {
r->buffer_size = 0;
WHY_perror("malloc");
return WHY("Cannot send response, out of memory");
}
}
r->buffer_length=0;
r->buffer_offset=0;
r->source_record_size=bytes_per_row;
r->source_count = 0;
sqlite_exec_int64(&r->source_count, "SELECT COUNT(*) %s", query_body);
/* Work out total response length */
long long response_bytes=256+r->source_count*r->source_record_size;
rhizome_server_http_response_header(r, 200, "servalproject.org/rhizome-list", response_bytes);
if (debug & DEBUG_RHIZOME_TX)
DEBUGF("headers consumed %d bytes", r->buffer_length);
/* Clear and prepare response header */
bzero(&r->buffer[r->buffer_length],256);
r->buffer[r->buffer_length]=0x01; /* type of response (list) */
r->buffer[r->buffer_length+1]=0x01; /* version of response */
if (debug & DEBUG_RHIZOME_TX)
DEBUGF("Found %lld records",r->source_count);
/* Number of records we intend to return */
r->buffer[r->buffer_length+4]=(r->source_count>>0)&0xff;
r->buffer[r->buffer_length+5]=(r->source_count>>8)&0xff;
r->buffer[r->buffer_length+6]=(r->source_count>>16)&0xff;
r->buffer[r->buffer_length+7]=(r->source_count>>24)&0xff;
r->buffer_length+=256;
/* copy our public key in to bytes 32+ */
// TODO get out public key (SID) from keyring and copy into response packet
/* build templated query */
strbuf b = strbuf_local(r->source, sizeof r->source);
strbuf_sprintf(b, "SELECT %s,rowid %s", column, query_body);
if (strbuf_overrun(b))
WHYF("SQL query overrun: %s", strbuf_str(b));
r->source_index=0;
r->source_flags=dehexP;
DEBUGF("buffer_length=%d",r->buffer_length);
/* Populate spare space in buffer with rows of data */
return rhizome_server_sql_query_fill_buffer(r, table, column);
}
int monitor_client_read(int fd, struct monitor_state *res, struct monitor_command_handler *handlers, int handler_count)
{
/* Read any available bytes */
int oldOffset = res->bufferBytes;
if (oldOffset+1>=MONITOR_CLIENT_BUFFER_SIZE)
return WHY("Buffer full without finding command");
if (res->bufferBytes==0)
res->cmd = (char *)res->buffer;
int bytesRead=read(fd, res->buffer + oldOffset, MONITOR_CLIENT_BUFFER_SIZE - oldOffset);
if (bytesRead<1){
switch(errno) {
case ENOTRECOVERABLE:
/* transient errors */
WHY_perror("read");
case EINTR:
case EAGAIN:
#if defined(EWOULDBLOCK) && EWOULDBLOCK != EAGAIN
case EWOULDBLOCK:
#endif
return 0;
}
WHY_perror("read");
return -1;
}
res->bufferBytes+=bytesRead;
again:
// wait until we have the whole command line
if (res->state == STATE_INIT){
int i;
for(i=oldOffset;i<res->bufferBytes;i++){
if (res->buffer[i]=='\n'){
// skip any leading \n's
if ((char*)(res->buffer+i) == res->cmd){
res->cmd++;
continue;
}
res->buffer[i]=0;
res->dataBytes = 0;
res->cmdBytes = i + 1;
if (*res->cmd=='*'){
res->cmd++;
for (; isdigit(*res->cmd); ++res->cmd)
res->dataBytes = res->dataBytes * 10 + *res->cmd - '0';
if (res->dataBytes<0 || res->dataBytes > MONITOR_CLIENT_BUFFER_SIZE)
return WHYF("Invalid data length %d", res->dataBytes);
if (*res->cmd==':')
res->cmd++;
}
// find all arguments, initialise argc / argv && null terminate strings
{
char *p=res->cmd;
res->argc=0;
while (*p && res->argc<MAX_ARGS){
if (*p==':'){
*p=0;
res->argv[res->argc]=p+1;
res->argc++;
}
p++;
}
}
if (res->dataBytes){
res->data=(unsigned char *)&res->buffer[i+1];
res->state = STATE_DATA;
}else{
res->data=NULL;
res->state = STATE_READY;
}
break;
}
}
}
// make sure all the data has arrived
if (res->state == STATE_DATA){
if (res->bufferBytes >= res->dataBytes + res->cmdBytes){
res->state = STATE_READY;
}
}
// ok, now we can try to process the command
if (res->state == STATE_READY){
int handled=0;
int i;
// call all handlers that match (yes there might be more than one)
for (i=0;i<handler_count;i++){
/* since we know res->cmd is terminated with a '\n',
and there shouldn't be a '\n' in h->command,
this shouldn't run past the end of the buffer */
if (handlers[i].handler && (!handlers[i].command || strcase_startswith(res->cmd,handlers[i].command, NULL))){
if (handlers[i].handler(res->cmd, res->argc, res->argv, res->data, res->dataBytes, handlers[i].context)>0)
handled=1;
}
}
if (!handled){
INFOF("Event \"%s\" was not handled", res->cmd);
}
// shuffle any unprocessed bytes
int remaining = res->bufferBytes - (res->dataBytes + res->cmdBytes);
if (remaining>0){
bcopy(res->buffer+res->dataBytes + res->cmdBytes,res->buffer,remaining);
}
res->bufferBytes=remaining;
res->cmdBytes=0;
res->dataBytes=0;
res->state = STATE_INIT;
res->cmd = (char *)res->buffer;
oldOffset = 0;
goto again;
}
if (res->bufferBytes >= MONITOR_CLIENT_BUFFER_SIZE)
return WHY("Buffer full");
return 0;
}
int
lsif(void) {
char buf[8192];
struct ifconf ifc;
int sck;
struct ifreq *ifr;
struct in_addr netmask;
struct socket_address addr, broadcast;
bzero(&addr, sizeof(addr));
bzero(&broadcast, sizeof(broadcast));
if (config.debug.overlayinterfaces) DEBUG("called");
/* Get a socket handle. */
sck = socket(PF_INET, SOCK_DGRAM, 0);
if(sck < 0) {
WHY_perror("socket");
return 1;
}
/* Query available interfaces. */
ifc.ifc_len = sizeof buf;
ifc.ifc_buf = buf;
if(ioctl(sck, SIOCGIFCONF, &ifc) < 0) {
WHY_perror("ioctl(SIOCGIFCONF)");
close(sck);
return 1;
}
broadcast.addrlen = sizeof(addr.inet);
broadcast.inet.sin_family = AF_INET;
/* Iterate through the list of interfaces. */
unsigned nInterfaces = 0;
unsigned ofs = 0;
while (ofs < (unsigned)ifc.ifc_len && ofs < sizeof buf) {
ifr = (struct ifreq *)(ifc.ifc_ifcu.ifcu_buf + ofs);
ofs += _SIZEOF_ADDR_IFREQ(*ifr);
/* We're only interested in IPv4 addresses */
if (ifr->ifr_ifru.ifru_addr.sa_family != AF_INET) {
if (config.debug.overlayinterfaces) DEBUGF("Skipping non-AF_INET address on %s", ifr->ifr_name);
continue;
}
addr.addrlen = sizeof(addr.inet);
bcopy(&ifr->ifr_ifru.ifru_addr, &addr.addr, addr.addrlen);
/* Get interface flags */
if (ioctl(sck, SIOCGIFFLAGS, ifr) == -1)
FATAL_perror("ioctl(SIOCGIFFLAGS)");
/* Not broadcast? Not interested.. */
if ((ifr->ifr_ifru.ifru_flags & IFF_BROADCAST) == 0) {
if (config.debug.overlayinterfaces) DEBUGF("Skipping non-broadcast address on %s", ifr->ifr_name);
continue;
}
/* Get netmask */
if (ioctl(sck, SIOCGIFNETMASK, ifr, sizeof(*ifr)) != 0) {
WHY_perror("ioctl(SIOCGIFNETMASK)");
continue;
}
netmask = ((struct sockaddr_in *)&ifr->ifr_ifru.ifru_addr)->sin_addr;
broadcast.inet.sin_addr.s_addr=addr.inet.sin_addr.s_addr | ~netmask.s_addr;
overlay_interface_register(ifr->ifr_name, &addr, &broadcast);
nInterfaces++;
}
if (config.debug.overlayinterfaces) DEBUGF("Examined %u interface addresses", nInterfaces);
close(sck);
return 0;
}
/* Read the slot, and try to decrypt it.
Decryption is symmetric with encryption, so the same function is used
for munging the slot before making use of it, whichever way we are going.
Once munged, we then need to verify that the slot is valid, and if so
unpack the details of the identity.
*/
int keyring_decrypt_pkr(keyring_file *k,keyring_context *c,
const char *pin,int slot_number)
{
int exit_code=1;
unsigned char slot[KEYRING_PAGE_SIZE];
unsigned char hash[crypto_hash_sha512_BYTES];
unsigned char work[65536];
keyring_identity *id=NULL;
/* 1. Read slot. */
if (fseeko(k->file,slot_number*KEYRING_PAGE_SIZE,SEEK_SET))
return WHY_perror("fseeko");
if (fread(&slot[0],KEYRING_PAGE_SIZE,1,k->file)!=1)
return WHY_perror("fread");
/* 2. Decrypt data from slot. */
if (keyring_munge_block(slot,KEYRING_PAGE_SIZE,
k->contexts[0]->KeyRingSalt,
k->contexts[0]->KeyRingSaltLen,
c->KeyRingPin,pin)) {
WHY("keyring_munge_block() failed");
goto kdp_safeexit;
}
/* 3. Unpack contents of slot into a new identity in the provided context. */
id=keyring_unpack_identity(slot,pin);
if (!id) {
// Don't complain, because this happens routinely when trying pins against slots.
// WHY("keyring_unpack_identity() failed");
goto kdp_safeexit;
}
id->slot=slot_number;
/* 4. Verify that slot is self-consistent (check MAC) */
if (keyring_identity_mac(k->contexts[0],id,&slot[0],hash)) {
WHY("could not calculate MAC for identity");
goto kdp_safeexit;
}
/* compare hash to record */
if (memcmp(hash,&slot[32],crypto_hash_sha512_BYTES))
{
WHY("Slot is not valid (MAC mismatch)");
dump("computed",hash,crypto_hash_sha512_BYTES);
dump("stored",&slot[32],crypto_hash_sha512_BYTES);
goto kdp_safeexit;
}
// add any unlocked subscribers to our memory table, flagged as local sid's
int i=0;
for (i=0;i<id->keypair_count;i++){
if (id->keypairs[i]->type == KEYTYPE_CRYPTOBOX){
struct subscriber *subscriber = find_subscriber(id->keypairs[i]->public_key, SID_SIZE, 1);
if (subscriber){
set_reachable(subscriber, REACHABLE_SELF);
if (!my_subscriber)
my_subscriber=subscriber;
}
}
}
/* Well, it's all fine, so add the id into the context and return */
c->identities[c->identity_count++]=id;
return 0;
kdp_safeexit:
/* Clean up any potentially sensitive data before exiting */
bzero(slot,KEYRING_PAGE_SIZE);
bzero(hash,crypto_hash_sha512_BYTES);
bzero(&work[0],65536);
if (id) keyring_free_identity(id); id=NULL;
return exit_code;
}
int
dna_helper_start()
{
const char *command = confValueGet("dna.helper.executable", NULL);
const char *arg = confValueGet("dna.helper.argv.1", NULL);
if (!command || !command[0]) {
/* Check if we have a helper configured. If not, then set
dna_helper_pid to magic value of 0 so that we don't waste time
in future looking up the dna helper configuration value. */
INFO("DNAHELPER none configured");
dna_helper_pid = 0;
return 0;
}
if (!my_subscriber)
return WHY("Unable to lookup my SID");
const char *mysid = alloca_tohex_sid(my_subscriber->sid);
dna_helper_close_pipes();
int stdin_fds[2], stdout_fds[2], stderr_fds[2];
if (pipe(stdin_fds) == -1)
return WHY_perror("pipe");
if (pipe(stdout_fds) == -1) {
WHY_perror("pipe");
close(stdin_fds[0]);
close(stdin_fds[1]);
return -1;
}
if (pipe(stderr_fds) == -1) {
WHY_perror("pipe");
close(stdin_fds[0]);
close(stdin_fds[1]);
close(stdout_fds[0]);
close(stdout_fds[1]);
return -1;
}
switch (dna_helper_pid = fork()) {
case 0:
/* Child, should exec() to become helper after installing file descriptors. */
setenv("MYSID", mysid, 1);
set_logging(stderr);
signal(SIGTERM, SIG_DFL);
close(stdin_fds[1]);
close(stdout_fds[0]);
close(stderr_fds[0]);
if (dup2(stderr_fds[1], 2) == -1 || dup2(stdout_fds[1], 1) == -1 || dup2(stdin_fds[0], 0) == -1) {
LOG_perror(LOG_LEVEL_FATAL, "dup2");
fflush(stderr);
_exit(-1);
}
/* XXX: Need the cast on Solaris because it defins NULL as 0L and gcc doesn't
* see it as a sentinal */
execl(command, command, arg, (void *)NULL);
LOGF_perror(LOG_LEVEL_FATAL, "execl(%s, %s, %s, NULL)", command, command, arg ? arg : "NULL");
fflush(stderr);
do { _exit(-1); } while (1);
break;
case -1:
/* fork failed */
WHY_perror("fork");
close(stdin_fds[0]);
close(stdin_fds[1]);
close(stdout_fds[0]);
close(stdout_fds[1]);
close(stderr_fds[0]);
close(stderr_fds[1]);
return -1;
default:
/* Parent, should put file descriptors into place for use */
close(stdin_fds[0]);
close(stdout_fds[1]);
close(stderr_fds[1]);
dna_helper_started = 0;
dna_helper_stdin = stdin_fds[1];
dna_helper_stdout = stdout_fds[0];
dna_helper_stderr = stderr_fds[0];
INFOF("STARTED DNA HELPER pid=%u stdin=%d stdout=%d stderr=%d executable=%s arg=%s",
dna_helper_pid,
dna_helper_stdin,
dna_helper_stdout,
dna_helper_stderr,
command,
arg ? arg : "NULL"
);
sched_requests.function = monitor_requests;
sched_requests.context = NULL;
sched_requests.poll.fd = -1;
sched_requests.poll.events = POLLOUT;
sched_requests.stats = NULL;
sched_timeout.function = reply_timeout;
sched_timeout.context = NULL;
sched_timeout.stats = NULL;
sched_replies.function = monitor_replies;
sched_replies.context = NULL;
sched_replies.poll.fd = dna_helper_stdout;
sched_replies.poll.events = POLLIN;
sched_replies.stats = NULL;
sched_errors.function = monitor_errors;
sched_errors.context = NULL;
sched_errors.poll.fd = dna_helper_stderr;
sched_errors.poll.events = POLLIN;
sched_errors.stats = NULL;
sched_harvester.function = harvester;
sched_harvester.stats = NULL;
sched_harvester.alarm = gettime_ms() + 1000;
sched_harvester.deadline = sched_harvester.alarm + 1000;
reply_bufend = reply_buffer;
discarding_until_nl = 0;
awaiting_reply = 0;
watch(&sched_replies);
watch(&sched_errors);
schedule(&sched_harvester);
return 0;
}
return -1;
}
