static agent_t *
s_agent_new (zctx_t *ctx, void *control)
{
agent_t *self = (agent_t *) zmalloc (sizeof (agent_t));
self->ctx = ctx;
self->control = control;
self->router = zsocket_new (ctx, ZMQ_ROUTER);
// Connect our data socket to caller's endpoint
self->data = zsocket_new (ctx, ZMQ_PAIR);
char *endpoint = zstr_recv (self->control);
int rc = zsocket_connect (self->data, "%s", endpoint);
assert (rc != -1);
free (endpoint);
// Create new client codec using cert from API
byte public_key [32];
byte secret_key [32];
rc = zmq_recv (self->control, public_key, 32, 0);
assert (rc == 32);
rc = zmq_recv (self->control, secret_key, 32, 0);
assert (rc == 32);
self->cert = zcert_new_from (public_key, secret_key);
self->metadata = zhash_new ();
zhash_autofree (self->metadata);
self->clients = zhash_new ();
self->max_clients = 100;
self->max_pending = 10;
self->client_ttl = 3600; // 60 minutes
self->pending_ttl = 60; // 60 seconds
return self;
}
static agent_t *
s_agent_new (zctx_t *ctx, void *control)
{
agent_t *self = (agent_t *) zmalloc (sizeof (agent_t));
self->ctx = ctx;
self->control = control;
self->state = waiting;
self->dealer = zsocket_new (ctx, ZMQ_DEALER);
// Connect our data socket to caller's endpoint
self->data = zsocket_new (ctx, ZMQ_PAIR);
char *endpoint = zstr_recv (self->control);
int rc = zsocket_connect (self->data, "%s", endpoint);
assert (rc != -1);
free (endpoint);
// Create new client codec using cert from API
byte public_key [32];
byte secret_key [32];
rc = zmq_recv (self->control, public_key, 32, 0);
assert (rc == 32);
rc = zmq_recv (self->control, secret_key, 32, 0);
assert (rc == 32);
zcert_t *cert = zcert_new_from (public_key, secret_key);
self->codec = curve_codec_new_client (cert);
zcert_destroy (&cert);
return self;
}
zcert_t *
zcert_dup (zcert_t *source)
{
zcert_t *self = zcert_new_from (source->public_key, source->secret_key);
zhash_destroy (&self->metadata);
self->metadata = zhash_dup (source->metadata);
return self;
}
zcert_t *
zcert_new (void)
{
#if defined (HAVE_LIBSODIUM)
byte public_key [32] = { 0 };
byte secret_key [32] = { 0 };
int rc = crypto_box_keypair (public_key, secret_key);
assert (rc == 0);
return zcert_new_from (public_key, secret_key);
#else
return NULL;
#endif
}
zcert_t *
zcert_dup (zcert_t *self)
{
if (self) {
zcert_t *copy = zcert_new_from (self->public_key, self->secret_key);
if (copy) {
zhash_destroy (©->metadata);
copy->metadata = zhash_dup (self->metadata);
if (!copy->metadata)
zcert_destroy (©);
}
return copy;
}
else
return NULL;
}
zcert_t *
zcert_load (char *format, ...)
{
#if (ZMQ_VERSION_MAJOR == 4)
assert (format);
va_list argptr;
va_start (argptr, format);
char *filename = zsys_vprintf (format, argptr);
va_end (argptr);
// Try first to load secret certificate, which has both keys
// Then fallback to loading public certificate
char filename_secret [256];
snprintf (filename_secret, 256, "%s_secret", filename);
zconfig_t *root = zconfig_load (filename_secret);
if (!root)
root = zconfig_load (filename);
zcert_t *self = NULL;
if (root) {
char *public_text = zconfig_resolve (root, "/curve/public-key", NULL);
char *secret_text = zconfig_resolve (root, "/curve/secret-key", NULL);
if (public_text && strlen (public_text) == 40) {
byte public_key [32] = { 0 };
byte secret_key [32] = { 0 };
zmq_z85_decode (public_key, public_text);
if (secret_text && strlen (secret_text) == 40)
zmq_z85_decode (secret_key, secret_text);
// Load metadata into certificate
self = zcert_new_from (public_key, secret_key);
zconfig_t *metadata = zconfig_locate (root, "/metadata");
zconfig_t *item = metadata? zconfig_child (metadata): NULL;
while (item) {
zcert_set_meta (self, zconfig_name (item), zconfig_value (item));
item = zconfig_next (item);
}
}
}
zconfig_destroy (&root);
zstr_free (&filename);
return self;
#else
return NULL;
#endif
}
zcert_t *
zcert_new (void)
{
byte public_key [32] = { 0 };
byte secret_key [32] = { 0 };
#if (ZMQ_VERSION_MAJOR == 4)
if (zsys_has_curve ()) {
char public_txt [41];
char secret_txt [41];
int rc = zmq_curve_keypair (public_txt, secret_txt);
if (rc != 0)
return NULL;
zmq_z85_decode (public_key, public_txt);
zmq_z85_decode (secret_key, secret_txt);
}
#endif
return zcert_new_from (public_key, secret_key);
}
static void
s_test_loader (zcertstore_t *certstore)
{
zcertstore_empty (certstore);
byte public_key [32] = { 31, 133, 154, 36, 47, 67, 155, 5, 63, 1,
155, 230, 78, 191, 156, 199, 94, 125, 157, 168,
109, 69, 19, 241, 44, 29, 154, 216, 59, 219,
155, 185 };
byte secret_key [32] = { 31, 133, 154, 36, 47, 67, 155, 5, 63, 1,
155, 230, 78, 191, 156, 199, 94, 125, 157, 168,
109, 69, 19, 241, 44, 29, 154, 216, 59, 219,
155, 185 };
zcert_t *cert = zcert_new_from (public_key, secret_key);
zcertstore_insert (certstore, &cert);
test_loader_state *state = (test_loader_state *)certstore->state;
state->index++;
}
///
// Accepts public/secret key pair from caller
QmlZcert *QmlZcertAttached::constructFrom (byte *publicKey, byte *secretKey) {
QmlZcert *qmlSelf = new QmlZcert ();
qmlSelf->self = zcert_new_from (publicKey, secretKey);
return qmlSelf;
};
///
// Accepts public/secret key pair from caller
QZcert* QZcert::newFrom (const byte *publicKey, const byte *secretKey, QObject *qObjParent)
{
return new QZcert (zcert_new_from (publicKey, secretKey), qObjParent);
}
int main(int argc, char **argv)
{
if( argc < 4 ) {
printf("HEY! Usage:\n banshare-report [-d] <program-name> <jail-name> <banned-ip>\n\n");
printf(" where -d sets debug mode\n");
exit(1);
}
int baseind = 1;
if( argv[1][0] == '-' && argv[1][1] == 'd') {
debug = 1;
baseind = 2;
}
char *progname = argv[baseind];
char *jailname = argv[baseind+1];
char *bannedip = argv[baseind+2];
zauth_t *auth;
zcert_t *cert;
zcert_t *server_public_cert;
char certdir[256];
char servercert[512];
if (access("/etc/ssl/certs/banshare/", R_OK) == 0 ) { // ubuntu, CentOS 6.x
strcpy(certdir, "/etc/ssl/certs/banshare");
strcpy(servercert, "/etc/ssl/certs/banshare/server_banshare");
} else if (access("/etc/pki/tls/certs/banshare/", R_OK) == 0 ) { // CentOS 5.x
strcpy(certdir, "/etc/pki/tls/certs/banshare");
strcpy(servercert, "/etc/pki/tls/certs/banshare/server_banshare");
}
zctx_t *ctx = zctx_new();
if (enc) {
auth = zauth_new (ctx);
zauth_set_verbose (auth, true);
zauth_configure_curve (auth, "*", certdir);
cert = zcert_new_from(banshare_client_public, banshare_client_private);
server_public_cert = zcert_load(servercert);
}
void *rep_sock = zsocket_new(ctx, ZMQ_REQ); // This will be request socket to complement the server's REP socket!
if (enc) {
zcert_apply (cert, rep_sock);
zsocket_set_curve_serverkey (rep_sock, zcert_public_txt(server_public_cert));
}
zsocket_set_rcvtimeo(rep_sock, 3000); // set read and write timeouts to 3 sec.
zsocket_set_sndtimeo(rep_sock, 3000);
int rc;
char *servip;
if (server_is_local()) {
servip = "127.0.0.1";
} else {
servip = BANSHARE_SERVER_IP;
}
rc = zsocket_connect(rep_sock, "tcp://%s:%d", servip, SERVER_REPORT_PORT);
if (rc != 0) {
printf("Connect to REQ socket to %s:%d FAILED with rc=%d\n", servip, SERVER_REPORT_PORT, rc);
exit(0);
}
if (debug) printf("Connected to tcp://%s:%d Just fine...\n", servip, SERVER_REPORT_PORT);
zclock_sleep(500);
while (!zctx_interrupted) {
char buf[1000];
int ret1 = zstr_sendf(rep_sock, "%s;%s;%s;%s", progname, jailname, bannedip, this_ip);
if (ret1 == -1) {
printf("Timeout while sending report! Server is DOWN?\n");
exit(1);
}
if( debug) printf("Sent: %s;%s;%s;%s to %s\n", progname, jailname, bannedip, this_ip, servip);
// and like all good req-rep sockets, we should get a response!
char *rec = zstr_recv(rep_sock);
if (!rec) {
printf("Timeout while waiting for OK! Server is DOWN?\n");
exit(1);
}
if (debug) printf("Got %s back from server\n", rec);
zstr_free(&rec);
// Oh, all that was really difficult, wasn't it? we are done. disconnect and exit
exit(0);
}
}
