static bool checkArgs(Dict* args, struct Function* func, String* txid, struct Admin* admin)
{
struct Dict_Entry* entry = *func->args;
String* error = NULL;
uint8_t buffer[1024];
struct Allocator* alloc = BufferAllocator_new(buffer, 1024);
while (entry != NULL) {
String* key = (String*) entry->key;
Assert_true(entry->val->type == Object_DICT);
Dict* value = entry->val->as.dictionary;
entry = entry->next;
if (*Dict_getInt(value, String_CONST("required")) == 0) {
continue;
}
String* type = Dict_getString(value, String_CONST("type"));
if ((type == STRING && !Dict_getString(args, key))
|| (type == DICT && !Dict_getDict(args, key))
|| (type == INTEGER && !Dict_getInt(args, key))
|| (type == LIST && !Dict_getList(args, key)))
{
error = String_printf(alloc,
"Entry [%s] is required and must be of type [%s]",
key->bytes,
type->bytes);
break;
}
}
if (error) {
Dict d = Dict_CONST(String_CONST("error"), String_OBJ(error), NULL);
Admin_sendMessage(&d, txid, admin);
}
return !error;
}
static void authorizedPasswords(List* list, struct Context* ctx)
{
uint32_t count = List_size(list);
for (uint32_t i = 0; i < count; i++) {
Dict* d = List_getDict(list, i);
Log_info(ctx->logger, "Checking authorized password %d.", i);
if (!d) {
Log_critical(ctx->logger, "Not a dictionary type %d.", i);
exit(-1);
}
String* passwd = Dict_getString(d, String_CONST("password"));
if (!passwd) {
Log_critical(ctx->logger, "Must specify a password %d.", i);
exit(-1);
}
}
Log_info(ctx->logger, "Flushing existing authorized passwords");
rpcCall(String_CONST("AuthorizedPasswords_flush"), NULL, ctx, ctx->alloc);
for (uint32_t i = 0; i < count; i++) {
Dict* d = List_getDict(list, i);
String* passwd = Dict_getString(d, String_CONST("password"));
Log_info(ctx->logger, "Adding authorized password #[%d].", i);
Dict args = Dict_CONST(
String_CONST("authType"), Int_OBJ(1), Dict_CONST(
String_CONST("password"), String_OBJ(passwd), NULL
));
struct Allocator* child = ctx->alloc->child(ctx->alloc);
rpcCall(String_CONST("AuthorizedPasswords_add"), &args, ctx, child);
child->free(child);
}
}
static int getcmds(Dict* config)
{
uint8_t privateKey[32];
struct Address addr;
parsePrivateKey(config, &addr, privateKey);
uint8_t myIp[40];
Address_printIp(myIp, &addr);
Dict* router = Dict_getDict(config, BSTR("router"));
Dict* iface = Dict_getDict(router, BSTR("interface"));
String* type = Dict_getString(iface, BSTR("type"));
String* tunDevice = Dict_getString(iface, BSTR("tunDevice"));
if (!String_equals(type, BSTR("TUNInterface"))) {
fprintf(stderr, "router.interface.type is not recognized.\n");
return -1;
}
char* tunDev = tunDevice ? tunDevice->bytes : "tun0";
if (strrchr(tunDev, '/') != NULL) {
tunDev = strrchr(tunDev, '/') + 1;
}
printf("#!/bin/bash\n"
"# Run these commands as root now and every time the system is rebooted\n"
"# in order to get the interfaces setup properly.\n\n");
printf("/sbin/ip addr add %s dev %s\n", myIp, tunDev);
printf("/sbin/ip -6 route add fc00::/8 dev %s\n", tunDev);
printf("/sbin/ip link set %s up\n", tunDev);
return 0;
}
static void ipTunnel(Dict* ifaceConf, struct Allocator* tempAlloc, struct Context* ctx)
{
List* incoming = Dict_getList(ifaceConf, String_CONST("allowedConnections"));
Dict* d;
for (int i = 0; (d = List_getDict(incoming, i)) != NULL; i++) {
String* key = Dict_getString(d, String_CONST("publicKey"));
String* ip4 = Dict_getString(d, String_CONST("ip4Address"));
String* ip6 = Dict_getString(d, String_CONST("ip6Address"));
if (!key) {
Log_critical(ctx->logger, "In router.ipTunnel.allowedConnections[%d]"
"'publicKey' required.", i);
exit(1);
}
if (!ip4 && !ip6) {
Log_critical(ctx->logger, "In router.ipTunnel.allowedConnections[%d]"
"either ip4Address or ip6Address required.", i);
exit(1);
}
Log_debug(ctx->logger, "Allowing IpTunnel connections from [%s]", key->bytes);
Dict_putString(d, String_CONST("publicKeyOfAuthorizedNode"), key, tempAlloc);
rpcCall0(String_CONST("IpTunnel_allowConnection"), d, ctx, tempAlloc, true);
}
List* outgoing = Dict_getList(ifaceConf, String_CONST("outgoingConnections"));
String* s;
for (int i = 0; (s = List_getString(outgoing, i)) != NULL; i++) {
Log_debug(ctx->logger, "Initiating IpTunnel connection to [%s]", s->bytes);
Dict requestDict =
Dict_CONST(String_CONST("publicKeyOfNodeToConnectTo"), String_OBJ(s), NULL);
rpcCall0(String_CONST("IpTunnel_connectTo"), &requestDict, ctx, tempAlloc, true);
}
}
static void handleRequestFromChild(struct Admin* admin,
uint8_t buffer[MAX_API_REQUEST_SIZE],
size_t amount,
struct Allocator* allocator)
{
String* txid = NULL;
int skip = 0;
if (!memcmp(buffer, "0123", 4)) {
// out of band txid
txid = &(String) { .len = 4, .bytes = (char*) buffer + 4 };
skip = 8;
}
struct Reader* reader = ArrayReader_new(buffer + skip, amount - skip, allocator);
Dict message;
if (List_getStandardBencSerializer()->parseDictionary(reader, allocator, &message)) {
return;
}
String* query = Dict_getString(&message, CJDHTConstants_QUERY);
if (!query) {
return;
}
// If they're asking for a cookie then lets give them one.
String* cookie = BSTR("cookie");
if (String_equals(query, cookie)) {
Dict* d = Dict_new(allocator);
char bytes[32];
snprintf(bytes, 32, "%u", (uint32_t) Time_currentTimeSeconds(admin->eventBase));
String* theCookie = &(String) { .len = strlen(bytes), .bytes = bytes };
Dict_putString(d, cookie, theCookie, allocator);
Admin_sendMessage(d, txid, admin);
return;
}
// If this is a permitted query, make sure the cookie is right.
String* auth = BSTR("auth");
bool authed = false;
if (String_equals(query, auth)) {
if (!authValid(&message, buffer + skip, reader->bytesRead(reader), admin)) {
Dict* d = Dict_new(allocator);
Dict_putString(d, BSTR("error"), BSTR("Auth failed."), allocator);
Admin_sendMessage(d, txid, admin);
return;
}
query = Dict_getString(&message, BSTR("aq"));
authed = true;
}
for (int i = 0; i < admin->functionCount; i++) {
if (String_equals(query, admin->functions[i].name)
&& (authed || !admin->functions[i].needsAuth))
{
admin->functions[i].call(&message, admin->functions[i].context, txid);
}
}
return;
}
static void tunInterface(Dict* ifaceConf, struct Allocator* tempAlloc, struct Context* ctx)
{
String* ifaceType = Dict_getString(ifaceConf, String_CONST("type"));
if (!String_equals(ifaceType, String_CONST("TUNInterface"))) {
return;
}
// Setup the interface.
String* tunfd = Dict_getString(ifaceConf, String_CONST("tunfd"));
String* device = Dict_getString(ifaceConf, String_CONST("tunDevice"));
Dict* args = Dict_new(tempAlloc);
if (tunfd && device) {
Dict_putString(args, String_CONST("path"), device, tempAlloc);
Dict_putString(args, String_CONST("type"),
String_new(tunfd->bytes, tempAlloc), tempAlloc);
Dict* res = NULL;
rpcCall0(String_CONST("FileNo_import"), args, ctx, tempAlloc, &res, false);
if (res) {
Dict* args = Dict_new(tempAlloc);
int64_t* tunfd = Dict_getInt(res, String_CONST("tunfd"));
int64_t* type = Dict_getInt(res, String_CONST("type"));
Dict_putInt(args, String_CONST("tunfd"), *tunfd, tempAlloc);
Dict_putInt(args, String_CONST("type"), *type, tempAlloc);
rpcCall0(String_CONST("Core_initTunfd"), args, ctx, tempAlloc, NULL, false);
}
} else {
if (device) {
Dict_putString(args, String_CONST("desiredTunName"), device, tempAlloc);
}
rpcCall0(String_CONST("Core_initTunnel"), args, ctx, tempAlloc, NULL, false);
}
}
static void adminPing(Dict* args, void* vcontext, String* txid, struct Allocator* requestAlloc)
{
struct Context* context = vcontext;
String* pathStr = Dict_getString(args, String_CONST("path"));
int64_t* timeoutPtr = Dict_getInt(args, String_CONST("timeout"));
String* data = Dict_getString(args, String_CONST("data"));
int64_t* keyPing = Dict_getInt(args, String_CONST("keyPing"));
uint32_t timeout = (timeoutPtr) ? *timeoutPtr : DEFAULT_TIMEOUT;
uint64_t path;
String* err = NULL;
if (pathStr->len != 19 || AddrTools_parsePath(&path, (uint8_t*) pathStr->bytes)) {
err = String_CONST("path was not parsable.");
} else {
struct SwitchPinger_Ping* ping = SwitchPinger_newPing(path,
data,
timeout,
adminPingOnResponse,
context->alloc,
context->switchPinger);
if (keyPing && *keyPing) { ping->keyPing = true; }
if (!ping) {
err = String_CONST("no open slots to store ping, try later.");
} else {
ping->onResponseContext = Allocator_clone(ping->pingAlloc, (&(struct Ping) {
.context = context,
.txid = String_clone(txid, ping->pingAlloc),
.path = String_clone(pathStr, ping->pingAlloc)
}));
}
}
static void allowConnection(Dict* args, void* vcontext, String* txid)
{
struct Context* context = (struct Context*) vcontext;
String* publicKeyOfAuthorizedNode =
Dict_getString(args, String_CONST("publicKeyOfAuthorizedNode"));
String* ip6Address = Dict_getString(args, String_CONST("ip6Address"));
String* ip4Address = Dict_getString(args, String_CONST("ip4Address"));
uint8_t pubKey[32];
uint8_t ip6Addr[16];
uint8_t ip6ToGive[16];
uint8_t ip4ToGive[4];
char* error;
int ret;
if (!ip6Address && !ip4Address) {
error = "Must specify ip6Address or ip4Address";
} else if ((ret = Key_parse(publicKeyOfAuthorizedNode, pubKey, ip6Addr)) != 0) {
error = Key_parse_strerror(ret);
} else if (ip6Address && evutil_inet_pton(AF_INET6, ip6Address->bytes, ip6ToGive) < 1) {
error = "malformed ip6Address";
} else if (ip4Address && evutil_inet_pton(AF_INET, ip4Address->bytes, ip4ToGive) < 1) {
error = "malformed ip4Address";
} else {
int conn = IpTunnel_allowConnection(pubKey,
(ip6Address) ? ip6ToGive : NULL,
(ip4Address) ? ip4ToGive : NULL,
context->ipTun);
sendResponse(conn, txid, context->admin);
return;
}
sendError(error, txid, context->admin);
}
static inline bool authValid(Dict* message, uint8_t* buffer, uint32_t length, struct Admin* admin)
{
String* cookieStr = Dict_getString(message, String_CONST("cookie"));
uint32_t cookie = (cookieStr != NULL) ? strtoll(cookieStr->bytes, NULL, 10) : 0;
if (!cookie) {
int64_t* cookieInt = Dict_getInt(message, String_CONST("cookie"));
cookie = (cookieInt) ? *cookieInt : 0;
}
uint64_t nowSecs = Time_currentTimeSeconds(admin->eventBase);
String* submittedHash = Dict_getString(message, String_CONST("hash"));
if (cookie > nowSecs || cookie < nowSecs - 20 || !submittedHash || submittedHash->len != 64) {
return false;
}
uint8_t* hashPtr = (uint8_t*) strstr((char*) buffer, submittedHash->bytes);
if (!hashPtr || !admin->password) {
return false;
}
uint8_t passAndCookie[64];
snprintf((char*) passAndCookie, 64, "%s%u", admin->password->bytes, cookie);
uint8_t hash[32];
crypto_hash_sha256(hash, passAndCookie, strlen((char*) passAndCookie));
Hex_encode(hashPtr, 64, hash, 32);
crypto_hash_sha256(hash, buffer, length);
Hex_encode(hashPtr, 64, hash, 32);
return memcmp(hashPtr, submittedHash->bytes, 64) == 0;
}
static void reconf(struct event_base* eventbase,
Dict* mainConf,
struct Log* logger,
struct Allocator* alloc)
{
Dict* adminConf = Dict_getDict(mainConf, String_CONST("admin"));
String* address = Dict_getString(adminConf, String_CONST("bind"));
String* password = Dict_getString(adminConf, String_CONST("password"));
if (!(address && password)) {
Log_critical(logger, "Can't get the admin address and password from conf file.");
exit(-1);
}
struct sockaddr_storage addr;
memset(&addr, 0, sizeof(struct sockaddr_storage));
int addrLen = sizeof(struct sockaddr_storage);
if (evutil_parse_sockaddr_port(address->bytes, (struct sockaddr*) &addr, &addrLen)) {
Log_critical(logger, "Unable to parse [%s] as an ip address port, "
"eg: 127.0.0.1:11234", address->bytes);
exit(-1);
}
Configurator_config(mainConf, &addr, addrLen, password, eventbase, logger, alloc);
}
static void allowConnection(Dict* args,
void* vcontext,
String* txid,
struct Allocator* requestAlloc)
{
struct Context* context = (struct Context*) vcontext;
String* publicKeyOfAuthorizedNode =
Dict_getString(args, String_CONST("publicKeyOfAuthorizedNode"));
String* ip6Address = Dict_getString(args, String_CONST("ip6Address"));
int64_t* ip6Prefix = Dict_getInt(args, String_CONST("ip6Prefix"));
String* ip4Address = Dict_getString(args, String_CONST("ip4Address"));
int64_t* ip4Prefix = Dict_getInt(args, String_CONST("ip4Prefix"));
uint8_t pubKey[32];
uint8_t ip6Addr[16];
struct Sockaddr_storage ip6ToGive;
struct Sockaddr_storage ip4ToGive;
char* error;
int ret;
if (!ip6Address && !ip4Address) {
error = "Must specify ip6Address or ip4Address";
} else if ((ret = Key_parse(publicKeyOfAuthorizedNode, pubKey, ip6Addr)) != 0) {
error = Key_parse_strerror(ret);
} else if (ip6Prefix && !ip6Address) {
error = "Must specify ip6Address with ip6Prefix";
} else if (ip6Prefix && (*ip6Prefix > 128 || *ip6Prefix < 0)) {
error = "ip6Prefix out of range: must be 0 to 128";
} else if (ip4Prefix && (*ip4Prefix > 32 || *ip4Prefix < 0)) {
error = "ip4Prefix out of range: must be 0 to 32";
} else if (ip4Prefix && !ip4Address) {
error = "Must specify ip4Address with ip4Prefix";
} else if (ip6Address
&& (Sockaddr_parse(ip6Address->bytes, &ip6ToGive)
|| Sockaddr_getFamily(&ip6ToGive.addr) != Sockaddr_AF_INET6))
{
error = "malformed ip6Address";
} else if (ip4Address
&& (Sockaddr_parse(ip4Address->bytes, &ip4ToGive)
|| Sockaddr_getFamily(&ip4ToGive.addr) != Sockaddr_AF_INET))
{
error = "malformed ip4Address";
} else {
int conn = IpTunnel_allowConnection(pubKey,
(ip6Address) ? &ip6ToGive.addr : NULL,
(ip6Prefix) ? (uint8_t) (*ip6Prefix) : 0,
(ip4Address) ? &ip4ToGive.addr : NULL,
(ip4Prefix) ? (uint8_t) (*ip4Prefix) : 0,
context->ipTun);
sendResponse(conn, txid, context->admin);
return;
}
sendError(error, txid, context->admin);
}
static void beginConnection(Dict* args, void* vcontext, String* txid)
{
struct Context* ctx = vcontext;
String* password = Dict_getString(args, String_CONST("password"));
String* publicKey = Dict_getString(args, String_CONST("publicKey"));
String* address = Dict_getString(args, String_CONST("address"));
int64_t* interfaceNumber = Dict_getInt(args, String_CONST("interfaceNumber"));
uint32_t ifNum = (interfaceNumber) ? ((uint32_t) *interfaceNumber) : 0;
String* error = NULL;
uint8_t pkBytes[32];
if (ctx->ifCount == 0) {
error = String_CONST("no interfaces are setup, call UDPInterface_new() first");
} else if (interfaceNumber && (*interfaceNumber >= ctx->ifCount || *interfaceNumber < 0)) {
error = String_CONST("invalid interfaceNumber");
} else if (!publicKey
|| publicKey->len < 52
|| (publicKey->len > 52 && publicKey->bytes[52] != '.'))
{
error = String_CONST("publicKey must be 52 characters long.");
} else if (Base32_decode(pkBytes, 32, (uint8_t*)publicKey->bytes, 52) != 32) {
error = String_CONST("failed to parse publicKey.");
} else {
struct UDPInterface* udpif = ctx->ifaces[ifNum];
switch (UDPInterface_beginConnection(address->bytes, pkBytes, password, udpif)) {
case UDPInterface_beginConnection_OUT_OF_SPACE:
error = String_CONST("no more space to register with the switch.");
break;
case UDPInterface_beginConnection_BAD_KEY:
error = String_CONST("invalid cjdns public key.");
break;
case UDPInterface_beginConnection_BAD_ADDRESS:
error = String_CONST("unable to parse ip address and port.");
break;
case UDPInterface_beginConnection_ADDRESS_MISMATCH:
error = String_CONST("different address type than this socket is bound to.");
break;
case 0:
error = String_CONST("none");
break;
default:
error = String_CONST("unknown error");
}
}
Dict out = Dict_CONST(String_CONST("error"), String_OBJ(error), NULL);
Admin_sendMessage(&out, txid, ctx->admin);
}
static void subscribe(Dict* args, void* vcontext, String* txid)
{
struct AdminLog* log = (struct AdminLog*) vcontext;
String* levelName = Dict_getString(args, String_CONST("level"));
enum Log_Level level = (levelName) ? Log_levelForName(levelName->bytes) : Log_Level_DEBUG;
int64_t* lineNumPtr = Dict_getInt(args, String_CONST("line"));
String* fileStr = Dict_getString(args, String_CONST("file"));
const char* file = (fileStr && fileStr->len > 0) ? fileStr->bytes : NULL;
char* error = "2+2=5";
if (level == Log_Level_INVALID) {
level = Log_Level_KEYS;
}
if (lineNumPtr && *lineNumPtr < 0) {
error = "Invalid line number, must be positive or 0 to signify any line is acceptable.";
} else if (log->subscriptionCount >= MAX_SUBSCRIPTIONS) {
error = "Max subscription count reached.";
} else {
struct Subscription* sub = &log->subscriptions[log->subscriptionCount];
sub->level = level;
sub->alloc = Allocator_child(log->alloc);
if (file) {
int i;
for (i = 0; i < FILE_NAME_COUNT; i++) {
if (log->fileNames[i] && !strcmp(log->fileNames[i], file)) {
file = log->fileNames[i];
sub->internalName = true;
break;
}
}
if (i == FILE_NAME_COUNT) {
file = String_new(file, sub->alloc)->bytes;
sub->internalName = false;
}
}
sub->file = file;
sub->lineNum = (lineNumPtr) ? *lineNumPtr : 0;
sub->txid = String_clone(txid, sub->alloc);
Random_bytes(log->rand, (uint8_t*) sub->streamId, 8);
uint8_t streamIdHex[20];
Hex_encode(streamIdHex, 20, sub->streamId, 8);
Dict response = Dict_CONST(
String_CONST("error"), String_OBJ(String_CONST("none")), Dict_CONST(
String_CONST("streamId"), String_OBJ(String_CONST((char*)streamIdHex)), NULL
));
Admin_sendMessage(&response, txid, log->admin);
log->subscriptionCount++;
return;
}
Dict response = Dict_CONST(
String_CONST("error"), String_OBJ(String_CONST(error)), NULL
);
Admin_sendMessage(&response, txid, log->admin);
}
static void registerRouter(Dict* config, uint8_t myPubKey[32], struct Context* context)
{
Dict* iface = Dict_getDict(config, BSTR("interface"));
if (String_equals(Dict_getString(iface, BSTR("type")), BSTR("TUNInterface"))) {
String* tunPath = Dict_getString(iface, BSTR("tunDevice"));
context->routerIf = TUNInterface_new(tunPath, context->base, context->allocator);
}
context->routerModule = RouterModule_register(context->registry,
context->allocator,
myPubKey,
context->base,
context->logger,
context->admin);
}
struct EncodingScheme* EncodingScheme_fromList(List* scheme, struct Allocator* alloc)
{
struct EncodingScheme* list = Allocator_malloc(alloc, sizeof(struct EncodingScheme));
list->count = List_size(scheme);
list->forms = Allocator_malloc(alloc, sizeof(struct EncodingScheme_Form) * list->count);
for (int i = 0; i < (int)list->count; i++) {
Dict* form = List_getDict(scheme, i);
uint64_t* prefixLen = Dict_getInt(form, String_CONST("prefixLen"));
uint64_t* bitCount = Dict_getInt(form, String_CONST("bitCount"));
String* prefixStr = Dict_getString(form, String_CONST("prefix"));
if (!prefixLen || !bitCount || !prefixStr || prefixStr->len != 8) {
return NULL;
}
uint32_t prefix_be;
if (Hex_decode((uint8_t*)&prefix_be, 4, prefixStr->bytes, 8) != 4) {
return NULL;
}
list->forms[i].prefixLen = *prefixLen;
list->forms[i].bitCount = *bitCount;
list->forms[i].prefix = Endian_bigEndianToHost32(prefix_be);
}
if (!EncodingScheme_isSane(list)) {
return NULL;
}
return list;
}
static void dumpRumorMill(Dict* args, void* vcontext, String* txid, struct Allocator* requestAlloc)
{
struct Context* ctx = Identity_check((struct Context*) vcontext);
Dict* out = Dict_new(requestAlloc);
struct RumorMill* rm = getRumorMill(ctx, Dict_getString(args, String_CONST("mill")));
if (!rm) {
Dict_putString(out,
String_CONST("error"),
String_CONST("mill must be one of "
"[externalMill,linkMill,nodeMill,dhtMill,splitMill]"),
requestAlloc);
Admin_sendMessage(out, txid, ctx->admin);
return;
}
int64_t* page = Dict_getInt(args, String_CONST("page"));
int ctr = (page) ? *page * ENTRIES_PER_PAGE : 0;
List* table = List_new(requestAlloc);
for (int i = 0; i < ENTRIES_PER_PAGE && ctr < rm->count; i++) {
String* addr = Address_toString(&rm->addresses[ctr++], requestAlloc);
List_addString(table, addr, requestAlloc);
}
Dict_putList(out, String_CONST("addresses"), table, requestAlloc);
Dict_putInt(out, String_CONST("total"), rm->count, requestAlloc);
Admin_sendMessage(out, txid, ctx->admin);
}
static void adminDisconnectPeer(Dict* args,
void* vcontext,
String* txid,
struct Allocator* requestAlloc)
{
struct Context* context = Identity_check((struct Context*)vcontext);
String* pubkeyString = Dict_getString(args, String_CONST("pubkey"));
// parse the key
uint8_t pubkey[32];
uint8_t addr[16];
int error = Key_parse(pubkeyString, pubkey, addr);
char* errorMsg = NULL;
if (error) {
errorMsg = "bad key";
} else {
// try to remove the peer if the key is valid
error = InterfaceController_disconnectPeer(context->ic,pubkey);
if (error) {
errorMsg = "no peer found for that key";
}
}
Dict* response = Dict_new(requestAlloc);
Dict_putInt(response, String_CONST("success"), error ? 0 : 1, requestAlloc);
if (error) {
Dict_putString(response, String_CONST("error"), String_CONST(errorMsg), requestAlloc);
}
Admin_sendMessage(response, txid, context->admin);
}
static void addKey(Dict* args, void* vcontext, String* txid, struct Allocator* requestAlloc)
{
struct Context* context = vcontext;
struct Allocator* alloc = Allocator_child(context->alloc);
String* identStr = Dict_getString(args, String_CONST("ident"));
int ret;
uint8_t key[32];
char* err = "none";
if (identStr->len < 52) {
err = "too short";
} else if (Base32_decode(key, 32, identStr->bytes, 52) != 32) {
err = "failed to parse";
} else if ((ret = RainflyClient_addKey(context->rainfly, key))) {
if (ret == RainflyClient_addKey_TOO_MANY_KEYS) {
err = "RainflyClient_addKey_TOO_MANY_KEYS";
} else {
err = "unknown error";
}
}
Dict* response = Dict_new(alloc);
Dict_putString(response, String_CONST("error"), String_CONST(err), alloc);
Admin_sendMessage(response, txid, context->admin);
Allocator_free(alloc);
}
static void getUser(Dict* args, void* vctx, String* txid, struct Allocator* requestAlloc)
{
struct Context* const ctx = Identity_check((struct Context*) vctx);
String* user = Dict_getString(args, String_CONST("user"));
Dict* ret = Security_getUser((user) ? user->bytes : NULL, requestAlloc);
Admin_sendMessage(ret, txid, ctx->admin);
}
static void addServer(Dict* args, void* vcontext, String* txid, struct Allocator* requestAlloc)
{
struct Context* context = vcontext;
struct Allocator* alloc = Allocator_child(context->alloc);
String* addrStr = Dict_getString(args, String_CONST("addr"));
int ret;
struct Sockaddr_storage ss;
char* err = "none";
if (Sockaddr_parse(addrStr->bytes, &ss)) {
err = "could not parse address";
} else if ((ret = RainflyClient_addServer(context->rainfly, &ss.addr))) {
if (ret == RainflyClient_addServer_WRONG_ADDRESS_TYPE) {
err = "RainflyClient_addServer_WRONG_ADDRESS_TYPE";
} else {
err = "unknown error";
}
}
Dict* response = Dict_new(alloc);
Dict_putString(response, String_CONST("error"), String_CONST(err), alloc);
Admin_sendMessage(response, txid, context->admin);
Allocator_free(alloc);
}
static void initTunnel(Dict* args, void* vcontext, String* txid)
{
struct Context* const ctx = (struct Context*) vcontext;
#define BUFFERSZ 1024
uint8_t buffer[BUFFERSZ];
struct Allocator* const alloc = BufferAllocator_new(buffer, BUFFERSZ);
struct Jmp jmp;
Jmp_try(jmp) {
Core_initTunnel(Dict_getString(args, String_CONST("desiredTunName")),
ctx->ipAddr,
8,
ctx->ducttape,
ctx->logger,
ctx->ipTunnel,
ctx->eventBase,
ctx->alloc,
&jmp.handler);
} Jmp_catch {
String* error = String_printf(alloc, "Failed to configure tunnel [%s]", jmp.message);
sendResponse(error, ctx->admin, txid, alloc);
return;
}
sendResponse(String_CONST("none"), ctx->admin, txid, alloc);
}
static void add(Dict* args, void* vcontext, String* txid)
{
struct Context* context = (struct Context*) vcontext;
String* passwd = Dict_getString(args, String_CONST("password"));
int64_t* authType = Dict_getInt(args, String_CONST("authType"));
int64_t one = 1;
if (!authType) {
authType = &one;
} else if (*authType < 1 || *authType > 255) {
sendResponse(String_CONST("Specified auth type is not supported."), context->admin, txid);
return;
}
int32_t ret = CryptoAuth_addUser(passwd, *authType, context, context->ca);
switch (ret) {
case 0:
sendResponse(String_CONST("none"), context->admin, txid);
break;
case CryptoAuth_addUser_INVALID_AUTHTYPE:
sendResponse(String_CONST("Specified auth type is not supported."),
context->admin, txid);
break;
case CryptoAuth_addUser_OUT_OF_SPACE:
sendResponse(String_CONST("Out of memory to store password."), context->admin, txid);
break;
case CryptoAuth_addUser_DUPLICATE:
sendResponse(String_CONST("Password already added."), context->admin, txid);
break;
default:
sendResponse(String_CONST("Unknown error."), context->admin, txid);
}
}
struct Admin* Admin_new(Dict* config,
char* user,
struct event_base* eventBase,
struct ExceptionHandler* eh,
struct Allocator* allocator)
{
errno = 0;
int pipes[2][2];
if (pipe(pipes[0]) || pipe(pipes[1])) {
eh->exception(__FILE__ " Failed to create pipes.", errno, eh);
}
int pgid = getpid();
int pid = fork();
if (pid < 0) {
eh->exception(__FILE__ " Failed to fork()", errno, eh);
}
bool isChild = (pid == 0);
int inFd = pipes[isChild][0];
close(pipes[!isChild][0]);
int outFd = pipes[!isChild][1];
close(pipes[isChild][1]);
if (isChild) {
// Set the process group so that children will not
// become orphaned if the parent gets signal 11 err um 9.
setpgid(0, pgid);
if (user) {
Security_setUser(user, NULL, AbortHandler_INSTANCE);
}
struct ChildContext context;
memset(&context, 0, sizeof(struct ChildContext));
context.inFd = inFd;
context.outFd = outFd;
context.allocator = allocator;
event_reinit(eventBase);
context.eventBase = eventBase;
child(config, &context);
exit(0);
}
setpgid(pid, pgid);
struct Admin* admin = allocator->calloc(sizeof(struct Admin), 1, allocator);
admin->inFd = inFd;
admin->outFd = outFd;
admin->allocator = allocator;
admin->functionCount = 0;
admin->eventBase = eventBase;
admin->password = Dict_getString(config, BSTR("password"));
admin->pipeEv = event_new(eventBase, inFd, EV_READ | EV_PERSIST, inFromChild, admin);
event_add(admin->pipeEv, NULL);
return admin;
}
static void tunInterface(Dict* ifaceConf, struct Allocator* tempAlloc, struct Context* ctx)
{
String* ifaceType = Dict_getString(ifaceConf, String_CONST("type"));
if (!String_equals(ifaceType, String_CONST("TUNInterface"))) {
return;
}
// Setup the interface.
String* device = Dict_getString(ifaceConf, String_CONST("tunDevice"));
Dict* args = Dict_new(tempAlloc);
if (device) {
Dict_putString(args, String_CONST("desiredTunName"), device, tempAlloc);
}
rpcCall0(String_CONST("Core_initTunnel"), args, ctx, tempAlloc, false);
}
static void rpcCall0(String* function,
Dict* args,
struct Context* ctx,
struct Allocator* alloc,
bool exitIfError)
{
struct AdminClient_Result* res = AdminClient_rpcCall(function, args, ctx->client, alloc);
if (res->err) {
Log_critical(ctx->logger,
"Failed to make function call [%s], error: [%s]",
AdminClient_errorString(res->err),
function->bytes);
die(res, ctx, alloc);
}
String* error = Dict_getString(res->responseDict, String_CONST("error"));
if (error && !String_equals(error, String_CONST("none"))) {
if (exitIfError) {
Log_critical(ctx->logger,
"Got error [%s] calling [%s]",
error->bytes,
function->bytes);
die(res, ctx, alloc);
}
Log_warn(ctx->logger, "Got error [%s] calling [%s], ignoring.",
error->bytes, function->bytes);
}
}
static void pidfile(Dict* config)
{
String* pidFile = Dict_getString(config, BSTR("pidFile"));
if (pidFile) {
printf("%s", pidFile->bytes);
}
}
static void lookup(Dict* args, void* vcontext, String* txid, struct Allocator* requestAlloc)
{
struct Context* ctx = vcontext;
String* addrStr = Dict_getString(args, String_CONST("address"));
char* err = NULL;
uint8_t addr[16];
uint8_t resultBuff[60];
char* result = (char*) resultBuff;
if (addrStr->len != 39) {
err = "address wrong length";
} else if (AddrTools_parseIp(addr, (uint8_t*) addrStr->bytes)) {
err = "failed to parse address";
} else {
struct Node_Two* n = Router_lookup(ctx->router, addr);
if (!n) {
result = "not found";
} else if (Bits_memcmp(addr, n->address.ip6.bytes, 16)) {
Address_print(resultBuff, &n->address);
} else {
AddrTools_printPath(resultBuff, n->address.path);
}
}
Dict response = Dict_CONST(
String_CONST("error"), String_OBJ(String_CONST((err) ? err : "none")), Dict_CONST(
String_CONST("result"), String_OBJ(String_CONST(result)), NULL
));
Admin_sendMessage(&response, txid, ctx->admin);
}
static void authorizedPasswords(List* list, struct Context* ctx)
{
uint32_t count = List_size(list);
for (uint32_t i = 0; i < count; i++) {
Dict* d = List_getDict(list, i);
Log_info(ctx->logger, "Checking authorized password %d.", i);
if (!d) {
Log_critical(ctx->logger, "Not a dictionary type %d.", i);
exit(-1);
}
String* passwd = Dict_getString(d, String_CONST("password"));
if (!passwd) {
Log_critical(ctx->logger, "Must specify a password %d.", i);
exit(-1);
}
}
for (uint32_t i = 0; i < count; i++) {
struct Allocator* child = Allocator_child(ctx->alloc);
Dict* d = List_getDict(list, i);
String* passwd = Dict_getString(d, String_CONST("password"));
String* user = Dict_getString(d, String_CONST("user"));
String* displayName = user;
if (!displayName) {
displayName = String_printf(child, "password [%d]", i);
}
//String* publicKey = Dict_getString(d, String_CONST("publicKey"));
String* ipv6 = Dict_getString(d, String_CONST("ipv6"));
Log_info(ctx->logger, "Adding authorized password #[%d] for user [%s].",
i, displayName->bytes);
Dict *args = Dict_new(child);
uint32_t i = 1;
Dict_putInt(args, String_CONST("authType"), i, child);
Dict_putString(args, String_CONST("password"), passwd, child);
if (user) {
Dict_putString(args, String_CONST("user"), user, child);
}
Dict_putString(args, String_CONST("displayName"), displayName, child);
if (ipv6) {
Log_info(ctx->logger,
" This connection password restricted to [%s] only.", ipv6->bytes);
Dict_putString(args, String_CONST("ipv6"), ipv6, child);
}
rpcCall(String_CONST("AuthorizedPasswords_add"), args, ctx, child);
Allocator_free(child);
}
}
static void getRouteLabel(Dict* args, void* vcontext, String* txid, struct Allocator* requestAlloc)
{
struct Context* ctx = Identity_check((struct Context*) vcontext);
char* err = NULL;
String* pathToParentS = Dict_getString(args, String_CONST("pathToParent"));
uint64_t pathToParent = 0;
if (pathToParentS->len != 19 || AddrTools_parsePath(&pathToParent, pathToParentS->bytes)) {
err = "parse_pathToParent";
}
String* pathParentToChildS = Dict_getString(args, String_CONST("pathParentToChild"));
uint64_t pathParentToChild = 0;
if (pathParentToChildS->len != 19
|| AddrTools_parsePath(&pathParentToChild, pathParentToChildS->bytes))
{
err = "parse_pathParentToChild";
}
uint64_t label = UINT64_MAX;
if (!err) {
label = NodeStore_getRouteLabel(ctx->store, pathToParent, pathParentToChild);
err = NodeStore_getRouteLabel_strerror(label);
}
Dict* response = Dict_new(requestAlloc);
if (!err) {
String* printedPath = String_newBinary(NULL, 19, requestAlloc);
AddrTools_printPath(printedPath->bytes, label);
Dict_putString(response, String_new("result", requestAlloc), printedPath, requestAlloc);
Dict_putString(response,
String_new("error", requestAlloc),
String_new("none", requestAlloc),
requestAlloc);
Admin_sendMessage(response, txid, ctx->admin);
} else {
Dict_putString(response,
String_new("error", requestAlloc),
String_new(err, requestAlloc),
requestAlloc);
Admin_sendMessage(response, txid, ctx->admin);
}
}
static void addRemoveSomething(Dict* args,
void* vcontext,
String* txid,
struct Allocator* requestAlloc,
enum addRemoveSomething_What what)
{
struct RouteGen_admin_Ctx* ctx = Identity_check((struct RouteGen_admin_Ctx*) vcontext);
String* route = Dict_getString(args, String_CONST("route"));
char* error = NULL;
struct Sockaddr_storage ss;
if (route->len > 63) {
error = "parse_failed";
}
if (!error) {
if (Sockaddr_parse(route->bytes, &ss)) {
error = "parse_failed";
} else {
int family = Sockaddr_getFamily(&ss.addr);
if (family != Sockaddr_AF_INET && family != Sockaddr_AF_INET6) {
error = "unexpected_af";
}
}
}
int retVal = -1;
Dict* out = Dict_new(requestAlloc);
if (!error) {
switch (what) {
case addRemoveSomething_What_ADD_EXCEPTION:
RouteGen_addException(ctx->rg, &ss.addr); break;
case addRemoveSomething_What_ADD_PREFIX:
RouteGen_addPrefix(ctx->rg, &ss.addr); break;
case addRemoveSomething_What_ADD_LOCALPREFIX:
RouteGen_addLocalPrefix(ctx->rg, &ss.addr); break;
case addRemoveSomething_What_RM_EXCEPTION:
retVal = RouteGen_removeException(ctx->rg, &ss.addr); break;
case addRemoveSomething_What_RM_PREFIX:
retVal = RouteGen_removePrefix(ctx->rg, &ss.addr); break;
case addRemoveSomething_What_RM_LOCALPREFIX:
retVal = RouteGen_removeLocalPrefix(ctx->rg, &ss.addr); break;
default: Assert_failure("invalid op");
}
if (!retVal) {
error = "no_such_route";
} else {
error = "none";
}
}
Dict_putString(out,
String_new("error", requestAlloc),
String_new(error, requestAlloc),
requestAlloc);
Admin_sendMessage(out, txid, ctx->admin);
}
