Exemplo n.º 1
0
void
p2pRequest(struct session *session_a, struct session *session_b)
{

	char		*ip_a;
	char		*ip_b;
	uint32_t	 port;
	DNDSMessage_t	*msg;

	if (session_a->netc == NULL || session_b->netc == NULL) {
		return;
	}

	if (!strcmp(session_a->netc->peer->host, session_b->netc->peer->host)) {
		ip_a = session_a->ip_local;
		ip_b = session_b->ip_local;
	} else {
		ip_a = session_a->netc->peer->host;
		ip_b = session_b->netc->peer->host;
	}

	 /* basic random port : 49152–65535 */
	port = rand() % (65535-49152+1)+49152;

	jlog(L_DEBUG, "node A ip public %s", ip_a);
	jlog(L_DEBUG, "node B ip public %s", ip_b);

	/* msg session A */
	DNDSMessage_new(&msg);
	DNDSMessage_set_pdu(msg, pdu_PR_dnm);

	DNMessage_set_operation(msg, dnop_PR_p2pRequest);

	P2pRequest_set_macAddrDst(msg, session_b->tun_mac_addr);
	P2pRequest_set_ipAddrDst(msg, ip_b);
	P2pRequest_set_port(msg, port);
	P2pRequest_set_side(msg, P2pSide_client);

	net_send_msg(session_a->netc, msg);
	DNDSMessage_del(msg);

	/* msg session B */
	DNDSMessage_new(&msg);
	DNDSMessage_set_pdu(msg, pdu_PR_dnm);

	DNMessage_set_operation(msg, dnop_PR_p2pRequest);

	P2pRequest_set_macAddrDst(msg, session_a->tun_mac_addr);
	P2pRequest_set_ipAddrDst(msg, ip_a);
	P2pRequest_set_port(msg, port);
	P2pRequest_set_side(msg, P2pSide_server);

	net_send_msg(session_b->netc, msg);
	DNDSMessage_del(msg);

}
Exemplo n.º 2
0
static void on_secure(netc_t *netc)
{
	struct session *session;
	session = netc->ext_ptr;

	if (session->state == SESSION_STATE_WAIT_STEPUP) {

		/* Set the session as authenticated */
		session->state = SESSION_STATE_AUTHED;

		/* Send a message to acknowledge the client */
		DNDSMessage_t *msg = NULL;
		DNDSMessage_new(&msg);
		DNDSMessage_set_channel(msg, 0);
		DNDSMessage_set_pdu(msg, pdu_PR_dnm);

		DNMessage_set_seqNumber(msg, 1);
		DNMessage_set_ackNumber(msg, 0);
		DNMessage_set_operation(msg, dnop_PR_authResponse);

		AuthResponse_set_result(msg, DNDSResult_success);
		net_send_msg(session->netc, msg);
		DNDSMessage_del(msg);

		context_add_session(session->context, session);
		jlog(L_DEBUG, "session id: %d", session->id);
	}
}
Exemplo n.º 3
0
void test_NetinfoResponse()
{
	/// Building a NetinfoResponse ///

	DNDSMessage_t *msg;	// a DNDS Message

	DNDSMessage_new(&msg);
	DNDSMessage_set_channel(msg, 0);
	DNDSMessage_set_pdu(msg, pdu_PR_dnm);

	DNMessage_set_seqNumber(msg, 0);
	DNMessage_set_ackNumber(msg, 600);
	DNMessage_set_operation(msg, dnop_PR_netinfoResponse);

	NetinfoResponse_set_ipAddress(msg, "192.168.10.5");
	NetinfoResponse_set_netmask(msg, "255.255.255.0");
	NetinfoResponse_set_result(msg, DNDSResult_success);

	/// Encoding part

	asn_enc_rval_t ec;	// Encoder return value
	FILE *fp = fopen("dnds.ber", "wb"); // BER output
	ec = der_encode(&asn_DEF_DNDSMessage, msg, write_out, fp);
	fclose(fp);

	xer_fprint(stdout, &asn_DEF_DNDSMessage, msg);

	DNDSMessage_del(msg);
}
Exemplo n.º 4
0
void test_NetinfoRequest()
{
	/// Building a NetinfoRequest ///

	DNDSMessage_t *msg;	// a DNDS Message

	DNDSMessage_new(&msg);
	DNDSMessage_set_channel(msg, 0);
	DNDSMessage_set_pdu(msg, pdu_PR_dnm);

	DNMessage_set_seqNumber(msg, 600);
	DNMessage_set_ackNumber(msg, 0);
	DNMessage_set_operation(msg, dnop_PR_netinfoRequest);

	uint8_t macAddr[ETH_ALEN] = { 0xd, 0xe, 0xa, 0xd, 0xb, 0xe };

	NetinfoRequest_set_ipLocal(msg, "192.168.10.10");
	NetinfoRequest_set_macAddr(msg, macAddr);

	/// Encoding part

	asn_enc_rval_t ec;	// Encoder return value
	FILE *fp = fopen("dnds.ber", "wb"); // BER output
	ec = der_encode(&asn_DEF_DNDSMessage, msg, write_out, fp);
	fclose(fp);

	xer_fprint(stdout, &asn_DEF_DNDSMessage, msg);

	DNDSMessage_del(msg);
}
Exemplo n.º 5
0
void test_AuthResponse_dnm()
{
	/// Building an AuthRequest ///

	DNDSMessage_t *msg;	// a DNDS Message

	DNDSMessage_new(&msg);
	DNDSMessage_set_channel(msg, 0);
	DNDSMessage_set_pdu(msg, pdu_PR_dnm);	// Dynamic Network Message

	DNMessage_set_seqNumber(msg, 0);
	DNMessage_set_ackNumber(msg, 100);
	DNMessage_set_operation(msg, dnop_PR_authResponse);

	AuthResponse_set_result(msg, DNDSResult_success);

	/// Encoding part

	asn_enc_rval_t ec;	// Encoder return value
	FILE *fp = fopen("dnds.ber", "wb"); // BER output
	ec = der_encode(&asn_DEF_DNDSMessage, msg, write_out, fp);
	fclose(fp);

	xer_fprint(stdout, &asn_DEF_DNDSMessage, msg);

	DNDSMessage_del(msg);
}
Exemplo n.º 6
0
void test_P2pResponse_dnm()
{
	/// Building a P2pRequest ///

	uint8_t macAddrDst[ETH_ALEN] = { 0xaf, 0xbe, 0xcd, 0xdc, 0xeb, 0xfa };

	DNDSMessage_t *msg;	// a DNDS Message

	DNDSMessage_new(&msg);
	DNDSMessage_set_channel(msg, 0);
	DNDSMessage_set_pdu(msg, pdu_PR_dnm);	// Dynamic Network Message

	DNMessage_set_seqNumber(msg, 0);
	DNMessage_set_ackNumber(msg, 801);
	DNMessage_set_operation(msg, dnop_PR_p2pResponse);

	P2pResponse_set_macAddrDst(msg, macAddrDst);
	P2pResponse_set_result(msg, DNDSResult_success);

	/// Encoding part

	asn_enc_rval_t ec;	// Encoder return value
	FILE *fp = fopen("dnds.ber", "wb"); // BER output
	ec = der_encode(&asn_DEF_DNDSMessage, msg, write_out, fp);
	fclose(fp);

	xer_fprint(stdout, &asn_DEF_DNDSMessage, msg);

	DNDSMessage_del(msg);
}
Exemplo n.º 7
0
void test_P2pRequest_dnm()
{
	/// Building a P2pRequest ///
	int ret;
	uint8_t macAddrSrc[ETH_ALEN] = { 0xe6, 0x1b, 0x23, 0x0c, 0x0c, 0x5d };
	uint8_t macAddrDst[ETH_ALEN] = { 0xe6, 0x1b, 0x23, 0x0c, 0x0c, 0x5d };

	DNDSMessage_t *msg;	// a DNDS Message

	DNDSMessage_new(&msg);
	DNDSMessage_set_channel(msg, 0);
	DNDSMessage_set_pdu(msg, pdu_PR_dnm);	// Dynamic Network Message

	DNMessage_set_seqNumber(msg, 801);
	DNMessage_set_ackNumber(msg, 0);
	DNMessage_set_operation(msg, dnop_PR_p2pRequest);

	P2pRequest_set_ipAddrDst(msg, "66.55.44.33");
	P2pRequest_set_port(msg, 9000);
	P2pRequest_set_side(msg, P2pSide_client);
	P2pRequest_set_macAddrDst(msg, macAddrDst);

	/// Encoding part

	asn_enc_rval_t ec;	// Encoder return value
	FILE *fp = fopen("dnds.ber", "wb"); // BER output
	ec = der_encode(&asn_DEF_DNDSMessage, msg, write_out, fp);
	fclose(fp);

	xer_fprint(stdout, &asn_DEF_DNDSMessage, msg);

	DNDSMessage_del(msg);
}
Exemplo n.º 8
0
void transmit_netinfo_response(netc_t *netc)
{
	struct session *session = netc->ext_ptr;

	DNDSMessage_t *msg = NULL;
	DNDSMessage_new(&msg);
	DNDSMessage_set_channel(msg, 0);
	DNDSMessage_set_pdu(msg, pdu_PR_dnm);

	DNMessage_set_seqNumber(msg, 1);
	DNMessage_set_ackNumber(msg, 0);
	DNMessage_set_operation(msg, dnop_PR_netinfoResponse);

	net_send_msg(session->netc, msg);
	DNDSMessage_del(msg);
	transmit_node_connectinfo(ConnectState_connected,
				session->ip, session->cert_name);
}
Exemplo n.º 9
0
/* Authentication Request from the node */
int
authRequest(struct session *session, DNDSMessage_t *req_msg)
{
	char		*certName = NULL;
	size_t	 	 length = 0;

	struct session *old_session = NULL;

	if (session->state != SESSION_STATE_NOT_AUTHED) {
		jlog(L_WARNING, "authRequest duplicate");
		return -1;
	}

	DNDSMessage_t *msg = NULL;

	DNDSMessage_new(&msg);
	DNDSMessage_set_channel(msg, 0);
	DNDSMessage_set_pdu(msg, pdu_PR_dnm);

	DNMessage_set_seqNumber(msg, 1);
	DNMessage_set_ackNumber(msg, 0);
	DNMessage_set_operation(msg, dnop_PR_authResponse);

	AuthRequest_get_certName(req_msg, &certName, &length);

	jlog(L_DEBUG, "URI:%s", certName);
	session->node_info = cn2node_info(certName);
	if (session->node_info == NULL) {
		jlog(L_WARNING, "cn2node_info failed");
		DNDSMessage_del(msg);
		return -1;
	}

//	jlog(L_DEBUG, "type: %s", session->node_info->type);
	jlog(L_DEBUG, "uuid: %s", session->node_info->uuid);
	jlog(L_DEBUG, "network_uuid: %s", session->node_info->network_uuid);
	jlog(L_DEBUG, "network_id: %s", session->node_info->network_id);
	jlog(L_DEBUG, "v: %d", session->node_info->v);

	if (session->node_info->v == 1) {
		session->vnetwork = vnetwork_lookup_id(session->node_info->network_id);
		if (session->vnetwork != NULL) {
			strncpy(session->node_info->network_uuid, session->vnetwork->uuid, 36);
			session->node_info->network_uuid[36] = '\0';
		}
	} else
		session->vnetwork = vnetwork_lookup(session->node_info->network_uuid);

	if (session->vnetwork == NULL) {
		AuthResponse_set_result(msg, DNDSResult_noRight);
		net_send_msg(session->netc, msg);
		DNDSMessage_del(msg);
		return -1;
	}

	/* check if the node's uuid is known
	if (ctable_find(session->context->atable, session->node_info->uuid) == NULL) {
		AuthResponse_set_result(msg, DNDSResult_noRight);
		net_send_msg(session->netc, msg);
		DNDSMessage_del(msg);
		jlog(L_ERROR, "authentication failed, invalid certificate");
		return -1;
	}
	*/

	/* check if the node is already connected */
	old_session = ctable_find(session->vnetwork->ctable, session->node_info->uuid);
//	if (old_session == NULL) {
		ctable_insert(session->vnetwork->ctable, session->node_info->uuid, session);
/*
	} else {
		// that node is already connected, if the new session is from the same IP
		// disconnect the old session, and let this one connect
		if (old_session->ip == NULL) {
			net_disconnect(old_session->netc);
			ctable_insert(session->vnetwork->ctable, session->node_info->uuid, session);
		} else if (strcmp(old_session->ip, session->ip) == 0) {
			net_disconnect(old_session->netc);
			ctable_insert(session->vnetwork->ctable, session->node_info->uuid, session);
		}
	}
*/

	session->cert_name = strdup(certName);
	if (session->netc->security_level == NET_UNSECURE) {

		AuthResponse_set_result(msg, DNDSResult_success);
		net_send_msg(session->netc, msg);

		session->state = SESSION_STATE_AUTHED;
		session->netc->on_secure(session->netc);

	} else {

		AuthResponse_set_result(msg, DNDSResult_secureStepUp);
		net_send_msg(session->netc, msg);

		krypt_add_passport(session->netc->kconn, session->vnetwork->passport);
		session->state = SESSION_STATE_WAIT_STEPUP;
		net_step_up(session->netc);
	}

	DNDSMessage_del(msg);

	return 0;
}
Exemplo n.º 10
0
int
provisioning(json_t *jmsg)
{
	char		*cert;
	char		*ipaddr;
	char		*pkey;
	char		*response;
	char		*tcert;
	char		*tid;
	json_t		*node;
	struct session	*session;

	if (json_unpack(jmsg, "{s:s}", "response", &response) == -1) {
		jlog(L_ERROR, "json_unpack failed");
		return -1;
	}

	if (strcmp(response, "success") != 0) {
		jlog(L_ERROR, "provisioning != success");
		return -1;
	}

	if (json_unpack(jmsg, "{s:s}", "tid", &tid) == -1) {
		jlog(L_ERROR, "json_unpack failed");
		return -1;
	}

	if ((node = json_object_get(jmsg, "node")) == NULL) {
		jlog(L_ERROR, "json_object_get failed");
		return -1;
	}

	if (json_unpack(node, "{s:s}", "cert", &cert) == -1 ||
	    json_unpack(node, "{s:s}", "pkey", &pkey) == -1 ||
	    json_unpack(node, "{s:s}", "tcert", &tcert) == -1 ||
	    json_unpack(node, "{s:s}", "ipaddr", &ipaddr) == -1) {
		jlog(L_ERROR, "NULL parameter");
		return -1;
	}

	DNDSMessage_t *new_msg;
	DNDSMessage_new(&new_msg);
	DNDSMessage_set_channel(new_msg, 0);
	DNDSMessage_set_pdu(new_msg, pdu_PR_dnm);

	DNMessage_set_operation(new_msg, dnop_PR_provResponse);

	ProvResponse_set_certificate(new_msg, cert, strlen(cert));
	ProvResponse_set_certificateKey(new_msg, (uint8_t*)pkey, strlen(pkey));
	ProvResponse_set_trustedCert(new_msg, (uint8_t*)tcert, strlen(tcert));
	ProvResponse_set_ipAddress(new_msg, ipaddr);

	session = session_tracking_table[atoi(tid) % MAX_SESSION];
	session_tracking_table[atoi(tid) % MAX_SESSION] = NULL;
	if (session)
		net_send_msg(session->netc, new_msg);
	DNDSMessage_del(new_msg);

	/* XXX
	 * If the provisioning is not a success,
	 * we must disconnect the client.
	 */

	return 0;
}