2 protocol_auth.c -- handle the meta-protocol, authentication
3 Copyright (C) 2014-2017 Guus Sliepen <guus@meshlink.io>
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License as published by
7 the Free Software Foundation; either version 2 of the License, or
8 (at your option) any later version.
10 This program is distributed in the hope that it will be useful,
11 but WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 GNU General Public License for more details.
15 You should have received a copy of the GNU General Public License along
16 with this program; if not, write to the Free Software Foundation, Inc.,
17 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
23 #include "connection.h"
28 #include "meshlink_internal.h"
38 #include "ed25519/sha512.h"
42 extern bool node_write_devclass(meshlink_handle_t *mesh, node_t *n);
44 static bool send_proxyrequest(meshlink_handle_t *mesh, connection_t *c) {
45 switch(mesh->proxytype) {
50 sockaddr2str(&c->address, &host, &port);
51 send_request(mesh, c, "CONNECT %s:%s HTTP/1.1\r\n\r", host, port);
58 if(c->address.sa.sa_family != AF_INET) {
59 logger(mesh, MESHLINK_ERROR, "Cannot connect to an IPv6 host through a SOCKS 4 proxy!");
63 char s4req[9 + (mesh->proxyuser ? strlen(mesh->proxyuser) : 0)];
66 memcpy(s4req + 2, &c->address.in.sin_port, 2);
67 memcpy(s4req + 4, &c->address.in.sin_addr, 4);
70 memcpy(s4req + 8, mesh->proxyuser, strlen(mesh->proxyuser));
73 s4req[sizeof(s4req) - 1] = 0;
75 return send_meta(mesh, c, s4req, sizeof(s4req));
79 int len = 3 + 6 + (c->address.sa.sa_family == AF_INET ? 4 : 16);
83 len += 3 + strlen(mesh->proxyuser) + strlen(mesh->proxypass);
94 s5req[i++] = strlen(mesh->proxyuser);
95 memcpy(s5req + i, mesh->proxyuser, strlen(mesh->proxyuser));
96 i += strlen(mesh->proxyuser);
97 s5req[i++] = strlen(mesh->proxypass);
98 memcpy(s5req + i, mesh->proxypass, strlen(mesh->proxypass));
99 i += strlen(mesh->proxypass);
109 if(c->address.sa.sa_family == AF_INET) {
111 memcpy(s5req + i, &c->address.in.sin_addr, 4);
113 memcpy(s5req + i, &c->address.in.sin_port, 2);
116 } else if(c->address.sa.sa_family == AF_INET6) {
118 memcpy(s5req + i, &c->address.in6.sin6_addr, 16);
120 memcpy(s5req + i, &c->address.in6.sin6_port, 2);
124 logger(mesh, MESHLINK_ERROR, "Address family %hx not supported for SOCKS 5 proxies!", c->address.sa.sa_family);
132 return send_meta(mesh, c, s5req, sizeof(s5req));
136 logger(mesh, MESHLINK_ERROR, "Proxy type not implemented yet");
140 logger(mesh, MESHLINK_ERROR, "Unknown proxy type");
145 bool send_id(meshlink_handle_t *mesh, connection_t *c) {
147 int minor = mesh->self->connection->protocol_minor;
149 if(mesh->proxytype && c->outgoing)
150 if(!send_proxyrequest(mesh, c)) {
154 return send_request(mesh, c, "%d %s %d.%d %s", ID, mesh->self->connection->name, mesh->self->connection->protocol_major, minor, mesh->appname);
157 static bool finalize_invitation(meshlink_handle_t *mesh, connection_t *c, const void *data, uint16_t len) {
160 if(strchr(data, '\n')) {
161 logger(mesh, MESHLINK_ERROR, "Received invalid key from invited node %s!\n", c->name);
165 // Create a new host config file
166 char filename[PATH_MAX];
167 snprintf(filename, sizeof(filename), "%s" SLASH "hosts" SLASH "%s", mesh->confbase, c->name);
169 if(!access(filename, F_OK)) {
170 logger(mesh, MESHLINK_ERROR, "Host config file for %s already exists!\n", c->name);
174 FILE *f = fopen(filename, "w");
177 logger(mesh, MESHLINK_ERROR, "Error trying to create %s: %s\n", filename, strerror(errno));
181 fprintf(f, "ECDSAPublicKey = %s\n", (const char *)data);
184 logger(mesh, MESHLINK_INFO, "Key succesfully received from %s", c->name);
186 //TODO: callback to application to inform of an accepted invitation
188 sptps_send_record(&c->sptps, 2, data, 0);
190 load_all_nodes(mesh);
195 static bool receive_invitation_sptps(void *handle, uint8_t type, const void *data, uint16_t len) {
196 connection_t *c = handle;
197 meshlink_handle_t *mesh = c->mesh;
203 if(type == 1 && c->status.invitation_used) {
204 return finalize_invitation(mesh, c, data, len);
207 if(type != 0 || len != 18 || c->status.invitation_used) {
211 // Recover the filename from the cookie and the key
212 char *fingerprint = ecdsa_get_base64_public_key(mesh->invitation_key);
214 char hashbuf[18 + strlen(fingerprint)];
216 memcpy(hashbuf, data, 18);
217 memcpy(hashbuf + 18, fingerprint, sizeof(hashbuf) - 18);
218 sha512(hashbuf, sizeof(hashbuf), hash);
219 b64encode_urlsafe(hash, cookie, 18);
222 char filename[PATH_MAX], usedname[PATH_MAX];
223 snprintf(filename, sizeof(filename), "%s" SLASH "invitations" SLASH "%s", mesh->confbase, cookie);
224 snprintf(usedname, sizeof(usedname), "%s" SLASH "invitations" SLASH "%s.used", mesh->confbase, cookie);
226 // Atomically rename the invitation file
227 if(rename(filename, usedname)) {
228 if(errno == ENOENT) {
229 logger(mesh, MESHLINK_ERROR, "Peer %s tried to use non-existing invitation %s\n", c->name, cookie);
231 logger(mesh, MESHLINK_ERROR, "Error trying to rename invitation %s\n", cookie);
237 // Open the renamed file
238 FILE *f = fopen(usedname, "r");
241 logger(mesh, MESHLINK_ERROR, "Error trying to open invitation %s\n", cookie);
246 // Check the timestamp
249 if(fstat(fileno(f), &st)) {
250 logger(mesh, MESHLINK_ERROR, "Could not stat invitation file %s\n", usedname);
256 if(time(NULL) > st.st_mtime + mesh->invitation_timeout) {
257 logger(mesh, MESHLINK_ERROR, "Peer %s tried to use an outdated invitation file %s\n", c->name, usedname);
263 // Read the new node's Name from the file
265 fgets(buf, sizeof(buf), f);
268 buf[strlen(buf) - 1] = 0;
271 len = strcspn(buf, " \t=");
272 char *name = buf + len;
273 name += strspn(name, " \t");
277 name += strspn(name, " \t");
282 if(!*buf || !*name || strcasecmp(buf, "Name") || !check_id(name)) {
283 logger(mesh, MESHLINK_ERROR, "Invalid invitation file %s\n", cookie);
289 c->name = xstrdup(name);
291 // Send the node the contents of the invitation file
295 while((result = fread(buf, 1, sizeof(buf), f))) {
296 sptps_send_record(&c->sptps, 0, buf, result);
299 sptps_send_record(&c->sptps, 1, buf, 0);
303 c->status.invitation_used = true;
305 logger(mesh, MESHLINK_INFO, "Invitation %s succesfully sent to %s", cookie, c->name);
309 bool id_h(meshlink_handle_t *mesh, connection_t *c, const char *request) {
310 char name[MAX_STRING_SIZE];
312 if(sscanf(request, "%*d " MAX_STRING " %d.%d", name, &c->protocol_major, &c->protocol_minor) < 2) {
313 logger(mesh, MESHLINK_ERROR, "Got bad %s from %s", "ID", c->name);
317 /* Check if this is an invitation */
320 if(!mesh->invitation_key) {
321 logger(mesh, MESHLINK_ERROR, "Got invitation from %s but we don't have an invitation key", c->name);
325 c->ecdsa = ecdsa_set_base64_public_key(name + 1);
328 logger(mesh, MESHLINK_ERROR, "Got bad invitation from %s", c->name);
332 c->status.invitation = true;
333 char *mykey = ecdsa_get_base64_public_key(mesh->invitation_key);
339 if(!send_request(mesh, c, "%d %s", ACK, mykey)) {
345 c->protocol_minor = 2;
346 c->allow_request = 1;
348 return sptps_start(&c->sptps, c, false, false, mesh->invitation_key, c->ecdsa, meshlink_invitation_label, sizeof(meshlink_invitation_label), send_meta_sptps, receive_invitation_sptps);
351 /* Check if identity is a valid name */
353 if(!check_id(name)) {
354 logger(mesh, MESHLINK_ERROR, "Got bad %s from %s: %s", "ID", c->name, "invalid name");
358 /* If this is an outgoing connection, make sure we are connected to the right host */
361 if(strcmp(c->name, name)) {
362 logger(mesh, MESHLINK_ERROR, "Peer is %s instead of %s", name, c->name);
370 c->name = xstrdup(name);
373 /* Check if version matches */
375 if(c->protocol_major != mesh->self->connection->protocol_major) {
376 logger(mesh, MESHLINK_ERROR, "Peer %s uses incompatible version %d.%d",
377 c->name, c->protocol_major, c->protocol_minor);
381 if(!c->config_tree) {
382 init_configuration(&c->config_tree);
384 if(!read_host_config(mesh, c->config_tree, c->name)) {
385 logger(mesh, MESHLINK_ERROR, "Peer %s has unknown identity", c->name);
390 bool blacklisted = false;
391 get_config_bool(lookup_config(c->config_tree, "blacklisted"), &blacklisted);
394 logger(mesh, MESHLINK_EPEER, "Peer %s is blacklisted", c->name);
398 read_ecdsa_public_key(mesh, c);
400 if(!ecdsa_active(c->ecdsa)) {
401 logger(mesh, MESHLINK_ERROR, "No key known for peer %s", c->name);
403 node_t *n = lookup_node(mesh, c->name);
405 if(n && !n->status.waitingforkey) {
406 logger(mesh, MESHLINK_INFO, "Requesting key from peer %s", c->name);
407 send_req_key(mesh, n);
413 /* Forbid version rollback for nodes whose ECDSA key we know */
415 if(ecdsa_active(c->ecdsa) && c->protocol_minor < 2) {
416 logger(mesh, MESHLINK_ERROR, "Peer %s tries to roll back protocol version to %d.%d",
417 c->name, c->protocol_major, c->protocol_minor);
421 c->allow_request = ACK;
422 char label[sizeof(meshlink_tcp_label) + strlen(mesh->self->name) + strlen(c->name) + 2];
425 snprintf(label, sizeof(label), "%s %s %s", meshlink_tcp_label, mesh->self->name, c->name);
427 snprintf(label, sizeof(label), "%s %s %s", meshlink_tcp_label, c->name, mesh->self->name);
430 return sptps_start(&c->sptps, c, c->outgoing, false, mesh->self->connection->ecdsa, c->ecdsa, label, sizeof(label) - 1, send_meta_sptps, receive_meta_sptps);
433 bool send_ack(meshlink_handle_t *mesh, connection_t *c) {
435 /* Check some options */
437 if(mesh->self->options & OPTION_PMTU_DISCOVERY) {
438 c->options |= OPTION_PMTU_DISCOVERY;
441 return send_request(mesh, c, "%d %s %d %x", ACK, mesh->myport, mesh->devclass, (c->options & 0xffffff) | (PROT_MINOR << 24));
444 static void send_everything(meshlink_handle_t *mesh, connection_t *c) {
445 /* Send all known subnets and edges */
447 for splay_each(node_t, n, mesh->nodes) {
448 for splay_each(edge_t, e, n->edge_tree) {
449 send_add_edge(mesh, c, e, 0);
454 bool ack_h(meshlink_handle_t *mesh, connection_t *c, const char *request) {
455 char hisport[MAX_STRING_SIZE];
461 if(sscanf(request, "%*d " MAX_STRING " %d %x", hisport, &devclass, &options) != 3) {
462 logger(mesh, MESHLINK_ERROR, "Got bad %s from %s", "ACK", c->name);
466 if(devclass < 0 || devclass > _DEV_CLASS_MAX) {
467 logger(mesh, MESHLINK_ERROR, "Got bad %s from %s: %s", "ACK", c->name, "devclass invalid");
471 /* Check if we already have a node_t for him */
473 n = lookup_node(mesh, c->name);
477 n->name = xstrdup(c->name);
481 /* Oh dear, we already have a connection to this node. */
482 logger(mesh, MESHLINK_DEBUG, "Established a second connection with %s, closing old connection", n->connection->name);
484 if(n->connection->outgoing) {
486 logger(mesh, MESHLINK_WARNING, "Two outgoing connections to the same node!");
488 c->outgoing = n->connection->outgoing;
491 n->connection->outgoing = NULL;
494 terminate_connection(mesh, n->connection, false);
495 /* Run graph algorithm to keep things in sync */
500 n->devclass = devclass;
501 node_write_devclass(mesh, n);
503 n->last_successfull_connection = time(NULL);
508 if(!(c->options & options & OPTION_PMTU_DISCOVERY)) {
509 c->options &= ~OPTION_PMTU_DISCOVERY;
510 options &= ~OPTION_PMTU_DISCOVERY;
513 c->options |= options;
515 /* Activate this connection */
517 c->allow_request = ALL;
518 c->status.active = true;
520 logger(mesh, MESHLINK_INFO, "Connection with %s activated", c->name);
522 /* Send him everything we know */
524 send_everything(mesh, c);
526 /* Create an edge_t for this connection */
528 assert(devclass >= 0 && devclass <= _DEV_CLASS_MAX);
530 c->edge = new_edge();
531 c->edge->from = mesh->self;
533 sockaddr2str(&c->address, &hisaddress, NULL);
534 c->edge->address = str2sockaddr(hisaddress, hisport);
536 c->edge->weight = dev_class_traits[devclass].edge_weight;
537 c->edge->connection = c;
538 c->edge->options = c->options;
540 edge_add(mesh, c->edge);
542 /* Notify everyone of the new edge */
544 send_add_edge(mesh, mesh->everyone, c->edge, 0);
546 /* Run MST and SSSP algorithms */
projects / meshlink / blob