static void authorizedPasswords(List* list, struct Context* ctx) { uint32_t count = List_size(list); for (uint32_t i = 0; i < count; i++) { Dict* d = List_getDict(list, i); Log_info(ctx->logger, "Checking authorized password %d.", i); if (!d) { Log_critical(ctx->logger, "Not a dictionary type %d.", i); exit(-1); } String* passwd = Dict_getString(d, String_CONST("password")); if (!passwd) { Log_critical(ctx->logger, "Must specify a password %d.", i); exit(-1); } } for (uint32_t i = 0; i < count; i++) { struct Allocator* child = Allocator_child(ctx->alloc); Dict* d = List_getDict(list, i); String* passwd = Dict_getString(d, String_CONST("password")); String* user = Dict_getString(d, String_CONST("user")); if (!user) { user = String_printf(child, "password [%d]", i); } Log_info(ctx->logger, "Adding authorized password #[%d] for user [%s].", i, user->bytes); Dict args = Dict_CONST( String_CONST("authType"), Int_OBJ(1), Dict_CONST( String_CONST("password"), String_OBJ(passwd), Dict_CONST( String_CONST("user"), String_OBJ(user), NULL ))); rpcCall(String_CONST("AuthorizedPasswords_add"), &args, ctx, child); Allocator_free(child); } }
static void authorizedPasswords(List* list, struct Context* ctx) { uint32_t count = List_size(list); for (uint32_t i = 0; i < count; i++) { Dict* d = List_getDict(list, i); if (!d) { fprintf(stderr, "authorizedPasswords[%u] is not a dictionary type.\n", i); exit(-1); } String* passwd = Dict_getString(d, BSTR("password")); int64_t* authType = Dict_getInt(d, BSTR("authType")); int64_t* trust = Dict_getInt(d, BSTR("trust")); authorizedPassword(passwd, authType, trust, i, ctx); } }
static void security(List* securityConf, struct Allocator* tempAlloc, struct Context* ctx) { bool noFiles = false; for (int i = 0; i < List_size(securityConf); i++) { if (String_equals(String_CONST("nofiles"), List_getString(securityConf, i))) { noFiles = true; } else { Dict* userDict = List_getDict(securityConf, i); String* userName = Dict_getString(userDict, String_CONST("setuser")); if (userName) { Dict d = Dict_CONST(String_CONST("user"), String_OBJ(userName), NULL); // If this call returns an error, it is ok. rpcCall0(String_CONST("Security_setUser"), &d, ctx, tempAlloc, false); } } } if (noFiles) { Dict d = NULL; rpcCall(String_CONST("Security_noFiles"), &d, ctx, tempAlloc); } }
static void security(struct Allocator* tempAlloc, List* conf, struct Log* log, struct Context* ctx) { int seccomp = 1; int nofiles = 0; int noforks = 1; int chroot = 1; int setupComplete = 1; int setuser = 1; if (Defined(win32)) { setuser = 0; } int uid = -1; int64_t* group = NULL; int keepNetAdmin = 1; do { Dict* d = Dict_new(tempAlloc); Dict_putString(d, String_CONST("user"), String_CONST("nobody"), tempAlloc); if (!Defined(win32)) { Dict* ret = NULL; rpcCall0(String_CONST("Security_getUser"), d, ctx, tempAlloc, &ret, true); uid = *Dict_getInt(ret, String_CONST("uid")); group = Dict_getInt(ret, String_CONST("gid")); } } while (0); for (int i = 0; conf && i < List_size(conf); i++) { Dict* elem = List_getDict(conf, i); String* s; if (elem && (s = Dict_getString(elem, String_CONST("setuser")))) { if (setuser == 0) { continue; } Dict* d = Dict_new(tempAlloc); Dict_putString(d, String_CONST("user"), s, tempAlloc); Dict* ret = NULL; rpcCall0(String_CONST("Security_getUser"), d, ctx, tempAlloc, &ret, true); uid = *Dict_getInt(ret, String_CONST("uid")); group = Dict_getInt(ret, String_CONST("gid")); int64_t* nka = Dict_getInt(elem, String_CONST("keepNetAdmin")); int64_t* exemptAngel = Dict_getInt(elem, String_CONST("exemptAngel")); keepNetAdmin = ((nka) ? *nka : ((exemptAngel) ? *exemptAngel : 0)); continue; } if (elem && (s = Dict_getString(elem, String_CONST("chroot")))) { Log_debug(log, "Security_chroot(%s)", s->bytes); Dict* d = Dict_new(tempAlloc); Dict_putString(d, String_CONST("root"), s, tempAlloc); rpcCall0(String_CONST("Security_chroot"), d, ctx, tempAlloc, NULL, false); chroot = 0; continue; } uint64_t* x; if (elem && (x = Dict_getInt(elem, String_CONST("nofiles")))) { if (!*x) { continue; } nofiles = 1; continue; } if (elem && (x = Dict_getInt(elem, String_CONST("setuser")))) { if (!*x) { setuser = 0; } continue; } if (elem && (x = Dict_getInt(elem, String_CONST("seccomp")))) { if (!*x) { seccomp = 0; } continue; } if (elem && (x = Dict_getInt(elem, String_CONST("noforks")))) { if (!*x) { noforks = 0; } continue; } if (elem && (x = Dict_getInt(elem, String_CONST("chroot")))) { if (!*x) { chroot = 0; } continue; } if (elem && (x = Dict_getInt(elem, String_CONST("setupComplete")))) { if (!*x) { setupComplete = 0; } continue; } Log_info(ctx->logger, "Unrecognized entry in security at index [%d]", i); } if (chroot) { Log_debug(log, "Security_chroot(/var/run)"); Dict* d = Dict_new(tempAlloc); Dict_putString(d, String_CONST("root"), String_CONST("/var/run/"), tempAlloc); rpcCall0(String_CONST("Security_chroot"), d, ctx, tempAlloc, NULL, false); } /* FIXME(sdg): moving noforks after setuser might make nproc <- 0,0 work on older kernels, where doing it before causes setuid to fail w EAGAIN. */ if (noforks) { Log_debug(log, "Security_noforks()"); Dict* d = Dict_new(tempAlloc); rpcCall(String_CONST("Security_noforks"), d, ctx, tempAlloc); } if (setuser) { Log_debug(log, "Security_setUser(uid:%d, keepNetAdmin:%d)", uid, keepNetAdmin); Dict* d = Dict_new(tempAlloc); Dict_putInt(d, String_CONST("uid"), uid, tempAlloc); if (group) { Dict_putInt(d, String_CONST("gid"), (int)*group, tempAlloc); } Dict_putInt(d, String_CONST("keepNetAdmin"), keepNetAdmin, tempAlloc); rpcCall0(String_CONST("Security_setUser"), d, ctx, tempAlloc, NULL, false); } if (nofiles) { Log_debug(log, "Security_nofiles()"); Dict* d = Dict_new(tempAlloc); rpcCall(String_CONST("Security_nofiles"), d, ctx, tempAlloc); } if (seccomp) { Log_debug(log, "Security_seccomp()"); Dict* d = Dict_new(tempAlloc); rpcCall(String_CONST("Security_seccomp"), d, ctx, tempAlloc); } if (setupComplete) { Log_debug(log, "Security_setupComplete()"); Dict* d = Dict_new(tempAlloc); rpcCall(String_CONST("Security_setupComplete"), d, ctx, tempAlloc); } }
static void ethInterface(Dict* config, struct Context* ctx) { List* ifaces = Dict_getList(config, String_CONST("ETHInterface")); if (!ifaces) { ifaces = List_new(ctx->alloc); List_addDict(ifaces, Dict_getDict(config, String_CONST("ETHInterface")), ctx->alloc); } uint32_t count = List_size(ifaces); for (uint32_t i = 0; i < count; i++) { Dict *eth = List_getDict(ifaces, i); if (!eth) { continue; } String* deviceStr = Dict_getString(eth, String_CONST("bind")); if (!deviceStr || !String_equals(String_CONST("all"), deviceStr)) { continue; } Log_info(ctx->logger, "Setting up all ETHInterfaces..."); Dict* res = NULL; Dict* d = Dict_new(ctx->alloc); if (rpcCall0(String_CONST("ETHInterface_listDevices"), d, ctx, ctx->alloc, &res, false)) { Log_info(ctx->logger, "Getting device list failed"); break; } List* devs = Dict_getList(res, String_CONST("devices")); uint32_t devCount = List_size(devs); for (uint32_t j = 0; j < devCount; j++) { Dict* d = Dict_new(ctx->alloc); String* deviceName = List_getString(devs, j); // skip loopback... if (String_equals(String_CONST("lo"), deviceName)) { continue; } Dict_putString(d, String_CONST("bindDevice"), deviceName, ctx->alloc); Dict* resp; Log_info(ctx->logger, "Creating new ETHInterface [%s]", deviceName->bytes); if (rpcCall0(String_CONST("ETHInterface_new"), d, ctx, ctx->alloc, &resp, false)) { Log_warn(ctx->logger, "Failed to create ETHInterface."); continue; } int ifNum = *(Dict_getInt(resp, String_CONST("interfaceNumber"))); ethInterfaceSetBeacon(ifNum, eth, ctx); } return; } for (uint32_t i = 0; i < count; i++) { Dict *eth = List_getDict(ifaces, i); if (!eth) { continue; } // Setup the interface. String* deviceStr = Dict_getString(eth, String_CONST("bind")); Log_info(ctx->logger, "Setting up ETHInterface [%d].", i); Dict* d = Dict_new(ctx->alloc); if (deviceStr) { Log_info(ctx->logger, "Binding to device [%s].", deviceStr->bytes); Dict_putString(d, String_CONST("bindDevice"), deviceStr, ctx->alloc); } Dict* resp = NULL; if (rpcCall0(String_CONST("ETHInterface_new"), d, ctx, ctx->alloc, &resp, false)) { Log_warn(ctx->logger, "Failed to create ETHInterface."); continue; } int ifNum = *(Dict_getInt(resp, String_CONST("interfaceNumber"))); ethInterfaceSetBeacon(ifNum, eth, ctx); // Make the connections. Dict* connectTo = Dict_getDict(eth, String_CONST("connectTo")); if (connectTo) { Log_info(ctx->logger, "ETHInterface should connect to a specific node."); struct Dict_Entry* entry = *connectTo; while (entry != NULL) { String* key = (String*) entry->key; if (entry->val->type != Object_DICT) { Log_critical(ctx->logger, "interfaces.ETHInterface.connectTo: entry [%s] " "is not a dictionary type.", key->bytes); exit(-1); } Dict* value = entry->val->as.dictionary; Log_keys(ctx->logger, "Attempting to connect to node [%s].", key->bytes); struct Allocator* perCallAlloc = Allocator_child(ctx->alloc); // Turn the dict from the config into our RPC args dict by filling in all // the arguments, Dict_putString(value, String_CONST("macAddress"), key, perCallAlloc); Dict_putInt(value, String_CONST("interfaceNumber"), ifNum, perCallAlloc); rpcCall(String_CONST("ETHInterface_beginConnection"), value, ctx, perCallAlloc); Allocator_free(perCallAlloc); entry = entry->next; } } } }
static void ipTunnel(Dict* ifaceConf, struct Allocator* tempAlloc, struct Context* ctx) { List* incoming = Dict_getList(ifaceConf, String_CONST("allowedConnections")); if (incoming) { Dict* d; for (int i = 0; (d = List_getDict(incoming, i)) != NULL; i++) { String* key = Dict_getString(d, String_CONST("publicKey")); String* ip4 = Dict_getString(d, String_CONST("ip4Address")); // Note that the prefix length has to be a proper int in the config // (not quoted!) int64_t* ip4Prefix = Dict_getInt(d, String_CONST("ip4Prefix")); String* ip6 = Dict_getString(d, String_CONST("ip6Address")); int64_t* ip6Prefix = Dict_getInt(d, String_CONST("ip6Prefix")); if (!key) { Log_critical(ctx->logger, "In router.ipTunnel.allowedConnections[%d]" "'publicKey' required.", i); exit(1); } if (!ip4 && !ip6) { Log_critical(ctx->logger, "In router.ipTunnel.allowedConnections[%d]" "either 'ip4Address' or 'ip6Address' required.", i); exit(1); } else if (ip4Prefix && !ip4) { Log_critical(ctx->logger, "In router.ipTunnel.allowedConnections[%d]" "'ip4Address' required with 'ip4Prefix'.", i); exit(1); } else if (ip6Prefix && !ip6) { Log_critical(ctx->logger, "In router.ipTunnel.allowedConnections[%d]" "'ip6Address' required with 'ip6Prefix'.", i); exit(1); } Log_debug(ctx->logger, "Allowing IpTunnel connections from [%s]", key->bytes); if (ip4) { Log_debug(ctx->logger, "Issue IPv4 address %s", ip4->bytes); if (ip4Prefix) { Log_debug(ctx->logger, "Issue IPv4 netmask/prefix length /%d", (int) *ip4Prefix); } else { Log_debug(ctx->logger, "Use default netmask/prefix length /0"); } } if (ip6) { Log_debug(ctx->logger, "Issue IPv6 address [%s]", ip6->bytes); if (ip6Prefix) { Log_debug(ctx->logger, "Issue IPv6 netmask/prefix length /%d", (int) *ip6Prefix); } else { Log_debug(ctx->logger, "Use default netmask/prefix length /0"); } } Dict_putString(d, String_CONST("publicKeyOfAuthorizedNode"), key, tempAlloc); rpcCall0(String_CONST("IpTunnel_allowConnection"), d, ctx, tempAlloc, NULL, true); } } List* outgoing = Dict_getList(ifaceConf, String_CONST("outgoingConnections")); if (outgoing) { String* s; for (int i = 0; (s = List_getString(outgoing, i)) != NULL; i++) { Log_debug(ctx->logger, "Initiating IpTunnel connection to [%s]", s->bytes); Dict requestDict = Dict_CONST(String_CONST("publicKeyOfNodeToConnectTo"), String_OBJ(s), NULL); rpcCall0(String_CONST("IpTunnel_connectTo"), &requestDict, ctx, tempAlloc, NULL, true); } } }
static void udpInterface(Dict* config, struct Context* ctx) { List* ifaces = Dict_getList(config, String_CONST("UDPInterface")); if (!ifaces) { ifaces = List_new(ctx->alloc); List_addDict(ifaces, Dict_getDict(config, String_CONST("UDPInterface")), ctx->alloc); } uint32_t count = List_size(ifaces); for (uint32_t i = 0; i < count; i++) { Dict *udp = List_getDict(ifaces, i); if (!udp) { continue; } // Setup the interface. String* bindStr = Dict_getString(udp, String_CONST("bind")); Dict* d = Dict_new(ctx->alloc); if (bindStr) { Dict_putString(d, String_CONST("bindAddress"), bindStr, ctx->alloc); } Dict* resp = NULL; rpcCall0(String_CONST("UDPInterface_new"), d, ctx, ctx->alloc, &resp, true); int ifNum = *(Dict_getInt(resp, String_CONST("interfaceNumber"))); // Make the connections. Dict* connectTo = Dict_getDict(udp, String_CONST("connectTo")); if (connectTo) { struct Dict_Entry* entry = *connectTo; struct Allocator* perCallAlloc = Allocator_child(ctx->alloc); while (entry != NULL) { String* key = (String*) entry->key; if (entry->val->type != Object_DICT) { Log_critical(ctx->logger, "interfaces.UDPInterface.connectTo: entry [%s] " "is not a dictionary type.", key->bytes); exit(-1); } Dict* all = entry->val->as.dictionary; Dict* value = Dict_new(perCallAlloc); String* pub_d = Dict_getString(all, String_CONST("publicKey")); String* pss_d = Dict_getString(all, String_CONST("password")); String* peerName_d = Dict_getString(all, String_CONST("peerName")); String* login_d = Dict_getString(all, String_CONST("login")); if ( !pub_d || !pss_d ) { const char * error_name = "(unknown)"; if ( !pub_d ) { error_name = "publicKey"; } if ( !pss_d ) { error_name = "password"; } Log_warn(ctx->logger, "Skipping peer: missing %s for peer [%s]", error_name, key->bytes); if (abort_if_invalid_ref) { Assert_failure("Invalid peer reference"); } else { entry = entry->next; continue; } } Dict_putString(value, String_CONST("publicKey"), pub_d, perCallAlloc); Dict_putString(value, String_CONST("password"), pss_d, perCallAlloc); Dict_putString(value, String_CONST("peerName"), peerName_d, perCallAlloc); Dict_putString(value, String_CONST("login"), login_d, perCallAlloc); Log_keys(ctx->logger, "Attempting to connect to node [%s].", key->bytes); key = String_clone(key, perCallAlloc); char* lastColon = CString_strrchr(key->bytes, ':'); if (!Sockaddr_parse(key->bytes, NULL)) { // it's a sockaddr, fall through } else if (lastColon) { // try it as a hostname. int port = atoi(lastColon+1); if (!port) { Log_critical(ctx->logger, "Couldn't get port number from [%s]", key->bytes); exit(-1); } *lastColon = '\0'; struct Sockaddr* adr = Sockaddr_fromName(key->bytes, perCallAlloc); if (adr != NULL) { Sockaddr_setPort(adr, port); key = String_new(Sockaddr_print(adr, perCallAlloc), perCallAlloc); } else { Log_warn(ctx->logger, "Failed to lookup hostname [%s]", key->bytes); entry = entry->next; continue; } } struct Allocator* child = Allocator_child(ctx->alloc); struct Message* msg = Message_new(0, AdminClient_MAX_MESSAGE_SIZE + 256, child); int r = BencMessageWriter_writeDictTry(value, msg, NULL); const int max_reference_size = 298; if (r != 0 || msg->length > max_reference_size) { Log_warn(ctx->logger, "Peer skipped:"); Log_warn(ctx->logger, "Too long peer reference for [%s]", key->bytes); if (abort_if_invalid_ref) { Assert_failure("Invalid peer reference"); } else { entry = entry->next; continue; } } Dict_putInt(value, String_CONST("interfaceNumber"), ifNum, perCallAlloc); Dict_putString(value, String_CONST("address"), key, perCallAlloc); rpcCall(String_CONST("UDPInterface_beginConnection"), value, ctx, perCallAlloc); entry = entry->next; } Allocator_free(perCallAlloc); } } }
int main(int argc, char** argv) { #ifdef Log_KEYS fprintf(stderr, "Log_LEVEL = KEYS, EXPECT TO SEE PRIVATE KEYS IN YOUR LOGS!\n"); #endif Assert_true(argc > 0); struct Except* eh = NULL; // Allow it to allocate 4MB struct Allocator* allocator = MallocAllocator_new(1<<22); struct Random* rand = Random_new(allocator, NULL, eh); struct EventBase* eventBase = EventBase_new(allocator); if (argc == 2) { // one argument if (strcmp(argv[1], "--help") == 0) { return usage(argv[0]); } else if (strcmp(argv[1], "--genconf") == 0) { return genconf(rand); } else if (strcmp(argv[1], "--pidfile") == 0) { // Performed after reading the configuration } else if (strcmp(argv[1], "--reconf") == 0) { // Performed after reading the configuration } else if (strcmp(argv[1], "--bench") == 0) { return benchmark(); } else if (strcmp(argv[1], "--version") == 0) { //printf("Version ID: %s\n", RouterModule_gitVersion()); return 0; } else { fprintf(stderr, "%s: unrecognized option '%s'\n", argv[0], argv[1]); fprintf(stderr, "Try `%s --help' for more information.\n", argv[0]); return -1; } } else if (argc > 2) { // more than one argument? fprintf(stderr, "%s: too many arguments\n", argv[0]); fprintf(stderr, "Try `%s --help' for more information.\n", argv[0]); return -1; } if (isatty(STDIN_FILENO)) { // We were started from a terminal // The chances an user wants to type in a configuration // bij hand are pretty slim so we show him the usage return usage(argv[0]); } else { // We assume stdin is a configuration file and that we should // start routing } struct Reader* stdinReader = FileReader_new(stdin, allocator); Dict config; if (JsonBencSerializer_get()->parseDictionary(stdinReader, allocator, &config)) { fprintf(stderr, "Failed to parse configuration.\n"); return -1; } struct Writer* logWriter = FileWriter_new(stdout, allocator); struct Log* logger = WriterLog_new(logWriter, allocator); // --------------------- Setup Pipes to Angel --------------------- // int pipeToAngel[2]; int pipeFromAngel[2]; if (Pipe_createUniPipe(pipeToAngel) || Pipe_createUniPipe(pipeFromAngel)) { Except_raise(eh, -1, "Failed to create pipes to angel [%s]", Errno_getString()); } char pipeToAngelStr[8]; snprintf(pipeToAngelStr, 8, "%d", pipeToAngel[0]); char pipeFromAngelStr[8]; snprintf(pipeFromAngelStr, 8, "%d", pipeFromAngel[1]); char* args[] = { "angel", pipeToAngelStr, pipeFromAngelStr, NULL }; // --------------------- Spawn Angel --------------------- // String* privateKey = Dict_getString(&config, String_CONST("privateKey")); String* corePath = getCorePath(allocator); if (!corePath) { Except_raise(eh, -1, "Can't find a usable cjdns core executable, " "make sure it is in the same directory as cjdroute"); } if (!privateKey) { Except_raise(eh, -1, "Need to specify privateKey."); } Log_info(logger, "Forking angel to background."); Process_spawn(corePath->bytes, args); // --------------------- Get Admin --------------------- // Dict* configAdmin = Dict_getDict(&config, String_CONST("admin")); String* adminPass = Dict_getString(configAdmin, String_CONST("password")); String* adminBind = Dict_getString(configAdmin, String_CONST("bind")); if (!adminPass) { adminPass = String_newBinary(NULL, 32, allocator); Random_base32(rand, (uint8_t*) adminPass->bytes, 32); adminPass->len = strlen(adminPass->bytes); } if (!adminBind) { adminBind = String_new("127.0.0.1:0", allocator); } // --------------------- Get user for angel to setuid() ---------------------- // String* securityUser = NULL; List* securityConf = Dict_getList(&config, String_CONST("security")); for (int i = 0; i < List_size(securityConf); i++) { securityUser = Dict_getString(List_getDict(securityConf, i), String_CONST("setuser")); if (securityUser) { int64_t* ea = Dict_getInt(List_getDict(securityConf, i), String_CONST("exemptAngel")); if (ea && *ea) { securityUser = NULL; } break; } } // --------------------- Pre-Configure Angel ------------------------- // Dict* preConf = Dict_new(allocator); Dict* adminPreConf = Dict_new(allocator); Dict_putDict(preConf, String_CONST("admin"), adminPreConf, allocator); Dict_putString(adminPreConf, String_CONST("core"), corePath, allocator); Dict_putString(preConf, String_CONST("privateKey"), privateKey, allocator); Dict_putString(adminPreConf, String_CONST("bind"), adminBind, allocator); Dict_putString(adminPreConf, String_CONST("pass"), adminPass, allocator); if (securityUser) { Dict_putString(adminPreConf, String_CONST("user"), securityUser, allocator); } #define CONFIG_BUFF_SIZE 1024 uint8_t buff[CONFIG_BUFF_SIZE] = {0}; struct Writer* toAngelWriter = ArrayWriter_new(buff, CONFIG_BUFF_SIZE - 1, allocator); if (StandardBencSerializer_get()->serializeDictionary(toAngelWriter, preConf)) { Except_raise(eh, -1, "Failed to serialize pre-configuration"); } write(pipeToAngel[1], buff, toAngelWriter->bytesWritten(toAngelWriter)); Log_keys(logger, "Sent [%s] to angel process.", buff); // --------------------- Get Response from Angel --------------------- // uint32_t amount = Waiter_getData(buff, CONFIG_BUFF_SIZE, pipeFromAngel[0], eventBase, eh); Dict responseFromAngel; struct Reader* responseFromAngelReader = ArrayReader_new(buff, amount, allocator); if (StandardBencSerializer_get()->parseDictionary(responseFromAngelReader, allocator, &responseFromAngel)) { Except_raise(eh, -1, "Failed to parse pre-configuration response [%s]", buff); } // --------------------- Get Admin Addr/Port/Passwd --------------------- // Dict* responseFromAngelAdmin = Dict_getDict(&responseFromAngel, String_CONST("admin")); adminBind = Dict_getString(responseFromAngelAdmin, String_CONST("bind")); if (!adminBind) { Except_raise(eh, -1, "didn't get address and port back from angel"); } struct Sockaddr_storage adminAddr; if (Sockaddr_parse(adminBind->bytes, &adminAddr)) { Except_raise(eh, -1, "Unable to parse [%s] as an ip address port, eg: 127.0.0.1:11234", adminBind->bytes); } // sanity check Assert_true(EventBase_eventCount(eventBase) == 0); // --------------------- Configuration ------------------------- // Configurator_config(&config, &adminAddr.addr, adminPass, eventBase, logger, allocator); return 0; }
int main(int argc, char** argv) { #ifdef Log_KEYS fprintf(stderr, "Log_LEVEL = KEYS, EXPECT TO SEE PRIVATE KEYS IN YOUR LOGS!\n"); #endif if (argc < 2) { // Fall through. } else if (!CString_strcmp("angel", argv[1])) { return AngelInit_main(argc, argv); } else if (!CString_strcmp("core", argv[1])) { return Core_main(argc, argv); } Assert_ifParanoid(argc > 0); struct Except* eh = NULL; // Allow it to allocate 8MB struct Allocator* allocator = MallocAllocator_new(1<<23); struct Random* rand = Random_new(allocator, NULL, eh); struct EventBase* eventBase = EventBase_new(allocator); if (argc == 2) { // one argument if ((CString_strcmp(argv[1], "--help") == 0) || (CString_strcmp(argv[1], "-h") == 0)) { return usage(allocator, argv[0]); } else if (CString_strcmp(argv[1], "--genconf") == 0) { return genconf(rand); } else if (CString_strcmp(argv[1], "--pidfile") == 0) { // deprecated fprintf(stderr, "'--pidfile' option is deprecated.\n"); return 0; } else if (CString_strcmp(argv[1], "--reconf") == 0) { // Performed after reading the configuration } else if (CString_strcmp(argv[1], "--bench") == 0) { return benchmark(); } else if ((CString_strcmp(argv[1], "--version") == 0) || (CString_strcmp(argv[1], "-v") == 0)) { printf("Cjdns protocol version: %d\n", Version_CURRENT_PROTOCOL); return 0; } else if (CString_strcmp(argv[1], "--cleanconf") == 0) { // Performed after reading configuration } else if (CString_strcmp(argv[1], "--nobg") == 0) { // Performed while reading configuration } else { fprintf(stderr, "%s: unrecognized option '%s'\n", argv[0], argv[1]); fprintf(stderr, "Try `%s --help' for more information.\n", argv[0]); return -1; } } else if (argc > 2) { // more than one argument? fprintf(stderr, "%s: too many arguments [%s]\n", argv[0], argv[1]); fprintf(stderr, "Try `%s --help' for more information.\n", argv[0]); // because of '--pidfile $filename'? if (CString_strcmp(argv[1], "--pidfile") == 0) { fprintf(stderr, "\n'--pidfile' option is deprecated.\n"); } return -1; } if (isatty(STDIN_FILENO)) { // We were started from a terminal // The chances an user wants to type in a configuration // bij hand are pretty slim so we show him the usage return usage(allocator, argv[0]); } else { // We assume stdin is a configuration file and that we should // start routing } struct Reader* stdinReader = FileReader_new(stdin, allocator); Dict config; if (JsonBencSerializer_get()->parseDictionary(stdinReader, allocator, &config)) { fprintf(stderr, "Failed to parse configuration.\n"); return -1; } if (argc == 2 && CString_strcmp(argv[1], "--cleanconf") == 0) { struct Writer* stdoutWriter = FileWriter_new(stdout, allocator); JsonBencSerializer_get()->serializeDictionary(stdoutWriter, &config); printf("\n"); return 0; } int forceNoBackground = 0; if (argc == 2 && CString_strcmp(argv[1], "--nobg") == 0) { forceNoBackground = 1; } struct Writer* logWriter = FileWriter_new(stdout, allocator); struct Log* logger = WriterLog_new(logWriter, allocator); // --------------------- Get Admin --------------------- // Dict* configAdmin = Dict_getDict(&config, String_CONST("admin")); String* adminPass = Dict_getString(configAdmin, String_CONST("password")); String* adminBind = Dict_getString(configAdmin, String_CONST("bind")); if (!adminPass) { adminPass = String_newBinary(NULL, 32, allocator); Random_base32(rand, (uint8_t*) adminPass->bytes, 32); adminPass->len = CString_strlen(adminPass->bytes); } if (!adminBind) { Except_throw(eh, "You must specify admin.bind in the cjdroute.conf file."); } // --------------------- Welcome to cjdns ---------------------- // char* archInfo = ArchInfo_describe(ArchInfo_detect(), allocator); char* sysInfo = SysInfo_describe(SysInfo_detect(), allocator); Log_info(logger, "Cjdns %s %s", archInfo, sysInfo); // --------------------- Check for running instance --------------------- // Log_info(logger, "Checking for running instance..."); checkRunningInstance(allocator, eventBase, adminBind, adminPass, logger, eh); // --------------------- Setup Pipes to Angel --------------------- // char angelPipeName[64] = "client-angel-"; Random_base32(rand, (uint8_t*)angelPipeName+13, 31); Assert_ifParanoid(EventBase_eventCount(eventBase) == 0); struct Pipe* angelPipe = Pipe_named(angelPipeName, eventBase, eh, allocator); Assert_ifParanoid(EventBase_eventCount(eventBase) == 2); angelPipe->logger = logger; char* args[] = { "angel", angelPipeName, NULL }; // --------------------- Spawn Angel --------------------- // String* privateKey = Dict_getString(&config, String_CONST("privateKey")); char* corePath = Process_getPath(allocator); if (!corePath) { Except_throw(eh, "Can't find a usable cjdns core executable, " "make sure it is in the same directory as cjdroute"); } if (!privateKey) { Except_throw(eh, "Need to specify privateKey."); } Log_info(logger, "Forking angel to background."); Process_spawn(corePath, args, eventBase, allocator); // --------------------- Get user for angel to setuid() ---------------------- // String* securityUser = NULL; List* securityConf = Dict_getList(&config, String_CONST("security")); for (int i = 0; securityConf && i < List_size(securityConf); i++) { securityUser = Dict_getString(List_getDict(securityConf, i), String_CONST("setuser")); if (securityUser) { int64_t* ea = Dict_getInt(List_getDict(securityConf, i), String_CONST("exemptAngel")); if (ea && *ea) { securityUser = NULL; } break; } } // --------------------- Pre-Configure Angel ------------------------- // Dict* preConf = Dict_new(allocator); Dict* adminPreConf = Dict_new(allocator); Dict_putDict(preConf, String_CONST("admin"), adminPreConf, allocator); Dict_putString(adminPreConf, String_CONST("core"), String_new(corePath, allocator), allocator); Dict_putString(preConf, String_CONST("privateKey"), privateKey, allocator); Dict_putString(adminPreConf, String_CONST("bind"), adminBind, allocator); Dict_putString(adminPreConf, String_CONST("pass"), adminPass, allocator); if (securityUser) { Dict_putString(adminPreConf, String_CONST("user"), securityUser, allocator); } Dict* logging = Dict_getDict(&config, String_CONST("logging")); if (logging) { Dict_putDict(preConf, String_CONST("logging"), logging, allocator); } struct Message* toAngelMsg = Message_new(0, 1024, allocator); BencMessageWriter_write(preConf, toAngelMsg, eh); Interface_sendMessage(&angelPipe->iface, toAngelMsg); Log_debug(logger, "Sent [%d] bytes to angel process", toAngelMsg->length); // --------------------- Get Response from Angel --------------------- // struct Message* fromAngelMsg = InterfaceWaiter_waitForData(&angelPipe->iface, eventBase, allocator, eh); Dict* responseFromAngel = BencMessageReader_read(fromAngelMsg, allocator, eh); // --------------------- Get Admin Addr/Port/Passwd --------------------- // Dict* responseFromAngelAdmin = Dict_getDict(responseFromAngel, String_CONST("admin")); adminBind = Dict_getString(responseFromAngelAdmin, String_CONST("bind")); if (!adminBind) { Except_throw(eh, "didn't get address and port back from angel"); } struct Sockaddr_storage adminAddr; if (Sockaddr_parse(adminBind->bytes, &adminAddr)) { Except_throw(eh, "Unable to parse [%s] as an ip address port, eg: 127.0.0.1:11234", adminBind->bytes); } // sanity check, Pipe_named() creates 2 events, see above. Assert_ifParanoid(EventBase_eventCount(eventBase) == 2); // --------------------- Configuration ------------------------- // Configurator_config(&config, &adminAddr.addr, adminPass, eventBase, logger, allocator); // --------------------- noBackground ------------------------ // int64_t* noBackground = Dict_getInt(&config, String_CONST("noBackground")); if (forceNoBackground || (noBackground && *noBackground)) { EventBase_beginLoop(eventBase); } //Allocator_free(allocator); return 0; }
static void udpInterface(Dict* config, struct Context* ctx) { List* ifaces = Dict_getList(config, String_CONST("UDPInterface")); if (!ifaces) { ifaces = List_new(ctx->alloc); List_addDict(ifaces, Dict_getDict(config, String_CONST("UDPInterface")), ctx->alloc); } uint32_t count = List_size(ifaces); for (uint32_t i = 0; i < count; i++) { Dict *udp = List_getDict(ifaces, i); if (!udp) { continue; } // Setup the interface. String* bindStr = Dict_getString(udp, String_CONST("bind")); Dict* d = Dict_new(ctx->alloc); if (bindStr) { Dict_putString(d, String_CONST("bindAddress"), bindStr, ctx->alloc); } Dict* resp = NULL; rpcCall0(String_CONST("UDPInterface_new"), d, ctx, ctx->alloc, &resp, true); int ifNum = *(Dict_getInt(resp, String_CONST("interfaceNumber"))); // Make the connections. Dict* connectTo = Dict_getDict(udp, String_CONST("connectTo")); if (connectTo) { struct Dict_Entry* entry = *connectTo; struct Allocator* perCallAlloc = Allocator_child(ctx->alloc); while (entry != NULL) { String* key = (String*) entry->key; if (entry->val->type != Object_DICT) { Log_critical(ctx->logger, "interfaces.UDPInterface.connectTo: entry [%s] " "is not a dictionary type.", key->bytes); exit(-1); } Dict* value = entry->val->as.dictionary; Log_keys(ctx->logger, "Attempting to connect to node [%s].", key->bytes); key = String_clone(key, perCallAlloc); char* lastColon = CString_strrchr(key->bytes, ':'); if (!Sockaddr_parse(key->bytes, NULL)) { // it's a sockaddr, fall through } else if (lastColon) { // try it as a hostname. Log_critical(ctx->logger, "Couldn't add connection [%s], " "hostnames aren't supported.", key->bytes); exit(-1); } Dict_putInt(value, String_CONST("interfaceNumber"), ifNum, perCallAlloc); Dict_putString(value, String_CONST("address"), key, perCallAlloc); rpcCall(String_CONST("UDPInterface_beginConnection"), value, ctx, perCallAlloc); // Make a IPTunnel exception for this node Dict* aed = Dict_new(perCallAlloc); *lastColon = '\0'; Dict_putString(aed, String_CONST("route"), String_new(key->bytes, perCallAlloc), perCallAlloc); *lastColon = ':'; rpcCall(String_CONST("RouteGen_addException"), aed, ctx, perCallAlloc); entry = entry->next; } Allocator_free(perCallAlloc); } } }
static void ethInterface(Dict* config, struct Context* ctx) { List* ifaces = Dict_getList(config, String_CONST("ETHInterface")); if (!ifaces) { ifaces = List_addDict(ifaces, Dict_getDict(config, String_CONST("ETHInterface")), ctx->alloc); } uint32_t count = List_size(ifaces); for (uint32_t i = 0; i < count; i++) { Dict *eth = List_getDict(ifaces, i); if (!eth) { continue; } // Setup the interface. String* deviceStr = Dict_getString(eth, String_CONST("bind")); Log_info(ctx->logger, "Setting up ETHInterface [%d].", i); Dict* d = Dict_new(ctx->alloc); if (deviceStr) { Log_info(ctx->logger, "Binding to device [%s].", deviceStr->bytes); Dict_putString(d, String_CONST("bindDevice"), deviceStr, ctx->alloc); } if (rpcCall0(String_CONST("ETHInterface_new"), d, ctx, ctx->alloc, false)) { Log_warn(ctx->logger, "Failed to create ETHInterface."); continue; } // Make the connections. Dict* connectTo = Dict_getDict(eth, String_CONST("connectTo")); if (connectTo) { Log_info(ctx->logger, "ETHInterface should connect to a specific node."); struct Dict_Entry* entry = *connectTo; while (entry != NULL) { String* key = (String*) entry->key; if (entry->val->type != Object_DICT) { Log_critical(ctx->logger, "interfaces.ETHInterface.connectTo: entry [%s] " "is not a dictionary type.", key->bytes); exit(-1); } Dict* value = entry->val->as.dictionary; Log_keys(ctx->logger, "Attempting to connect to node [%s].", key->bytes); struct Allocator* perCallAlloc = Allocator_child(ctx->alloc); // Turn the dict from the config into our RPC args dict by filling in all // the arguments, Dict_putString(value, String_CONST("macAddress"), key, perCallAlloc); Dict_putInt(value, String_CONST("interfaceNumber"), i, perCallAlloc); rpcCall(String_CONST("ETHInterface_beginConnection"), value, ctx, perCallAlloc); Allocator_free(perCallAlloc); entry = entry->next; } } int64_t* beaconP = Dict_getInt(eth, String_CONST("beacon")); if (beaconP) { int64_t beacon = *beaconP; if (beacon > 3 || beacon < 0) { Log_error(ctx->logger, "interfaces.ETHInterface.beacon may only be 0, 1,or 2"); } else { // We can cast beacon to an int here because we know it's small enough Log_info(ctx->logger, "Setting beacon mode on ETHInterface to [%d].", (int) beacon); Dict d = Dict_CONST(String_CONST("interfaceNumber"), Int_OBJ(i), Dict_CONST(String_CONST("state"), Int_OBJ(beacon), NULL)); rpcCall(String_CONST("ETHInterface_beacon"), &d, ctx, ctx->alloc); } } } }
static void udpInterface(Dict* config, struct Context* ctx) { List* ifaces = Dict_getList(config, String_CONST("UDPInterface")); if (!ifaces) { ifaces = List_addDict(ifaces, Dict_getDict(config, String_CONST("UDPInterface")), ctx->alloc); } uint32_t count = List_size(ifaces); for (uint32_t i = 0; i < count; i++) { Dict *udp = List_getDict(ifaces, i); if (!udp) { continue; } // Setup the interface. String* bindStr = Dict_getString(udp, String_CONST("bind")); Dict* d = Dict_new(ctx->alloc); if (bindStr) { Dict_putString(d, String_CONST("bindAddress"), bindStr, ctx->alloc); } rpcCall(String_CONST("UDPInterface_new"), d, ctx, ctx->alloc); // Make the connections. Dict* connectTo = Dict_getDict(udp, String_CONST("connectTo")); if (connectTo) { struct Dict_Entry* entry = *connectTo; struct Allocator* perCallAlloc = Allocator_child(ctx->alloc); while (entry != NULL) { String* key = (String*) entry->key; if (entry->val->type != Object_DICT) { Log_critical(ctx->logger, "interfaces.UDPInterface.connectTo: entry [%s] " "is not a dictionary type.", key->bytes); exit(-1); } Dict* value = entry->val->as.dictionary; Log_keys(ctx->logger, "Attempting to connect to node [%s].", key->bytes); key = String_clone(key, perCallAlloc); char* lastColon = strrchr(key->bytes, ':'); if (!Sockaddr_parse(key->bytes, NULL)) { // it's a sockaddr, fall through } else if (lastColon) { // try it as a hostname. int port = atoi(lastColon+1); if (!port) { Log_critical(ctx->logger, "Couldn't get port number from [%s]", key->bytes); exit(-1); } *lastColon = '\0'; struct Sockaddr* adr = Sockaddr_fromName(key->bytes, perCallAlloc); if (adr != NULL) { Sockaddr_setPort(adr, port); key = String_new(Sockaddr_print(adr, perCallAlloc), perCallAlloc); } else { Log_warn(ctx->logger, "Failed to lookup hostname [%s]", key->bytes); entry = entry->next; continue; } } Dict_putString(value, String_CONST("address"), key, perCallAlloc); rpcCall(String_CONST("UDPInterface_beginConnection"), value, ctx, perCallAlloc); entry = entry->next; } Allocator_free(perCallAlloc); } } }