/* vim: set expandtab ts=4 sw=4: */
/*
* You may redistribute this program and/or modify it under the terms of
* the GNU General Public License as published by the Free Software Foundation,
* either version 3 of the License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see .
*/
#define _POSIX_C_SOURCE 200112L
#include "client/AdminClient.h"
#include "admin/angel/Core.h"
#include "admin/angel/InterfaceWaiter.h"
#include "client/Configurator.h"
#include "crypto/Key.h"
#include "benc/Dict.h"
#include "benc/Int.h"
#include "benc/List.h"
#include "benc/serialization/BencSerializer.h"
#include "benc/serialization/json/JsonBencSerializer.h"
#include "benc/serialization/json/JsonBencMessageReader.h"
#include "benc/serialization/standard/BencMessageReader.h"
#include "benc/serialization/standard/BencMessageWriter.h"
#include "crypto/random/test/DeterminentRandomSeed.h"
#include "crypto/AddressCalc.h"
#include "crypto/Ca.h"
#include "dht/Address.h"
#include "exception/Except.h"
#include "interface/Iface.h"
#include "io/ArrayReader.h"
#include "io/FileWriter.h"
#include "io/Reader.h"
#include "io/Writer.h"
#include "memory/Allocator.h"
#include "util/AddrTools.h"
#include "util/ArchInfo.h"
#include "util/Assert.h"
#include "util/Base32.h"
#include "util/CString.h"
#include "util/Defined.h"
#include "util/events/UDPAddrIface.h"
#include "util/events/Time.h"
#include "util/events/EventBase.h"
#include "util/events/Pipe.h"
#include "util/events/Process.h"
#include "util/events/libuv/Glock.h"
#include "util/Hex.h"
#include "util/log/Log.h"
#include "util/log/FileWriterLog.h"
#include "util/SysInfo.h"
#include "util/version/Version.h"
#include
#include
#include
#include
#include
#include
#include
#define DEFAULT_TUN_DEV "tun0"
#ifndef CJD_PACKAGE_VERSION
#define CJD_PACKAGE_VERSION "unknown"
#endif
static int genconf(struct Allocator* alloc, struct Random* rand, bool eth, bool seed)
{
if (seed) {
uint8_t seedbuf[64];
Bits_memset(seedbuf, 0, 64);
Assert_true(64 == read(STDIN_FILENO, seedbuf, 64));
RandomSeed_t* rs = DeterminentRandomSeed_new(alloc, seedbuf);
rand = Random_newWithSeed(alloc, NULL, rs, NULL);
}
uint8_t password[32];
uint8_t password2[32];
uint8_t password3[32];
uint8_t password4[32];
Random_base32(rand, password, 32);
Random_base32(rand, password2, 32);
Random_base32(rand, password3, 32);
Random_base32(rand, password4, 32);
uint16_t port = 0;
while (port <= 1024) {
port = Random_uint16(rand);
}
uint8_t publicKey[32];
uint8_t publicKeyBase32[53];
uint8_t ip[16];
uint8_t address[40];
uint8_t privateKey[32];
uint8_t privateKeyHex[65];
Key_gen(ip, publicKey, privateKey, rand);
Base32_encode(publicKeyBase32, 53, publicKey, 32);
Hex_encode(privateKeyHex, 65, privateKey, 32);
AddrTools_printIp(address, ip);
printf("{\n");
printf(" // Private key:\n"
" // Your confidentiality and data integrity depend on this key, keep it secret!\n"
" \"privateKey\": \"%s\",\n\n", privateKeyHex);
printf(" // This key corresponds to the public key and ipv6 address:\n"
" \"publicKey\": \"%s.k\",\n", publicKeyBase32);
printf(" \"ipv6\": \"%s\",\n", address);
printf("\n"
" // Anyone connecting and offering these passwords on connection will be allowed.\n"
" //\n"
" // WARNING: If a \"login\" parameter is passed, someone sniffing on the wire can\n"
" // sniff the packet and crack to find it. If the \"login\" is not passed\n"
" // then the hash of the 'password' is effectively the login, therefore\n"
" // that can be cracked.\n"
" //\n"
" \"authorizedPasswords\": [\n"
" // Password is a unique string which is known to the client and server.\n"
" // User is an optional login name and will also be used to display the peer.\n"
" { \"password\": \"%s\", \"user\": \"default-login\" }\n", password);
printf("\n"
" // More passwords should look like this.\n"
" // { \"password\": \"%s\", \"user\": \"my-second-peer\" },\n", password2);
printf(" // { \"password\": \"%s\", \"user\": \"my-third-peer\" },\n", password3);
printf(" // { \"password\": \"%s\", \"user\": \"my-fourth-peer\" },\n", password4);
printf("\n"
" // Below is an example of your connection credentials\n"
" // that you can give to other people so they can connect\n"
" // to you using your default password (from above).\n"
" // The login field here yourself to your peer and the peerName field\n"
" // is the name the peer which will be displayed in peerStats\n"
" // Adding a unique password for each peer is advisable\n"
" // so that leaks can be isolated.\n"
" /*\n"
" \"your.external.ip.goes.here:%u\": {\n", port);
printf(" \"login\": \"default-login\",\n"
" \"password\": \"%s\",\n", password);
printf(" \"publicKey\": \"%s.k\",\n", publicKeyBase32);
printf(" \"peerName\": \"your-name-goes-here\"\n"
" },\n"
" */\n");
printf(" ],\n"
"\n"
" // Settings for administering and extracting information from your router.\n"
" // This interface provides functions which can be called through a UDP socket.\n"
" // See admin/Readme.md for more information about the API and try:\n"
" // ./tools/cexec\n"
" // For a list of functions which can be called.\n"
" // For example: ./tools/cexec 'memory()'\n"
" // will call a function which gets the core's current memory consumption.\n"
" // ./tools/cjdnslog\n"
" // is a tool which uses this admin interface to get logs from cjdns.\n"
" \"admin\": {\n"
" // Port to bind the admin RPC server to.\n"
" \"bind\": \"127.0.0.1:11234\",\n"
"\n"
" // Password for admin RPC server.\n"
" // This is a static password by default, so that tools like\n"
" // ./tools/cexec can use the API without you creating a\n"
" // config file at ~/.cjdnsadmin first. If you decide to\n"
" // expose the admin API to the network, change the password!\n"
" \"password\": \"NONE\"\n");
printf(" },\n"
"\n"
" // Interfaces to connect to the switch core.\n"
" \"interfaces\": {\n"
" // The interface which connects over UDP/IP based VPN tunnel.\n"
" \"UDPInterface\": [\n"
" {\n"
" // Bind to this port.\n"
" \"bind\": \"0.0.0.0:%u\",\n", port);
printf(" // Set the DSCP value for Qos. Default is 0.\n"
" // \"dscp\": 46,\n"
"\n"
" // Automatically connect to other nodes on the same LAN\n"
" // This works by binding a second port and sending beacons\n"
" // containing the main data port.\n"
" // beacon is a number between 0 and 2:\n"
" // 0 -> do not beacon nor connect to other nodes who beacon\n"
" // 1 -> quiet mode, accept beacons from other nodes only\n"
" // 2 -> send and accept beacons\n"
" // beaconDevices is a list which can contain names of devices such\n"
" // as eth0, as well as broadcast addresses to send to, such as\n"
" // 192.168.101.255, or the pseudo-name \"all\".\n"
" // in order to auto-peer, all cjdns nodes must use the same\n"
" // beaconPort.\n"
" \"beacon\": 2,\n"
" \"beaconDevices\": [ \"all\" ],\n"
" \"beaconPort\": 64512,\n");
printf("\n"
" // Nodes to connect to (IPv4 only).\n"
" \"connectTo\": {\n"
" // Add connection credentials here to join the network\n"
" // If you have several, don't forget the separating commas\n"
" // They should look like:\n"
" // \"ipv4 address:port\": {\n"
" // \"login\": \"(optional) name your peer has for you\"\n"
" // \"password\": \"password to connect with\",\n"
" // \"publicKey\": \"remote node key.k\",\n"
" // \"peerName\": \"(optional) human-readable name for peer\"\n"
" // },\n"
" // Ask somebody who is already connected.\n"
" }\n"
" },\n"
" {\n"
" // Bind to this port.\n"
" \"bind\": \"[::]:%u\",\n", port);
printf(" // Set the DSCP value for Qos. Default is 0.\n"
" // \"dscp\": 46,\n");
printf("\n"
" // Nodes to connect to (IPv6 only).\n"
" \"connectTo\": {\n"
" // Add connection credentials here to join the network\n"
" // Ask somebody who is already connected.\n"
" }\n"
" }\n");
#ifdef HAS_ETH_INTERFACE
printf(" ],\n\n"
" // The interface which allows peering using layer-2 ethernet frames\n"
" \"%sETHInterface\": [\n"
" // Alternatively bind to just one device and either beacon and/or\n"
" // connect to a specified MAC address\n"
" {\n"
" // Bind to this device (interface name, not MAC)\n"
" // \"all\" is a pseudo-name which will try to connect to all devices.\n"
" \"bind\": \"all\",\n"
"\n"
" // Auto-connect to other cjdns nodes on the same network.\n"
" // Options:\n"
" //\n"
" // 0 -- Disabled.\n"
" //\n"
" // 1 -- Accept beacons, this will cause cjdns to accept incoming\n"
" // beacon messages and try connecting to the sender.\n"
" //\n"
" // 2 -- Accept and send beacons, this will cause cjdns to broadcast\n"
" // messages on the local network which contain a randomly\n"
" // generated per-session password, other nodes which have this\n"
" // set to 1 or 2 will hear the beacon messages and connect\n"
" // automatically.\n"
" //\n"
" \"beacon\": 2,\n"
"\n"
" // Node(s) to connect to manually\n"
" // Note: does not work with \"all\" pseudo-device-name\n"
" \"connectTo\": {\n"
" // Credentials for connecting look similar to UDP credentials\n"
" // except they begin with the mac address, for example:\n"
" // \"01:02:03:04:05:06\":{\"password\":\"a\",\"publicKey\":\"b\"}\n"
" }\n"
" }\n"
" ]\n\n", (eth) ? "" : "_disabled_");
#else
printf(" ]\n");
#endif
printf(" },\n"
"\n"
" // Configuration for the router.\n"
" \"router\": {\n"
" // supernodes, if none are specified they'll be taken from your peers\n"
" \"supernodes\": [\n"
" //\"6743gf5tw80ExampleExampleExampleExamplevlyb23zfnuzv0.k\",\n"
" ],\n"
"\n"
" // The interface which is used for connecting to the cjdns network.\n"
" \"interface\": {\n"
" // The type of interface (only TUNInterface is supported for now)\n"
" \"type\": \"TUNInterface\"\n");
#ifndef __APPLE__
printf("\n"
" // The name of a persistent TUN device to use.\n"
" // This for starting cjdroute as its own user.\n"
" // *MOST USERS DON'T NEED THIS*\n"
" //\"tunDevice\": \"" DEFAULT_TUN_DEV "\"\n");
#endif
printf(" },\n"
"\n"
" // As an alternative to the TUN interface, you can create a socket interface\n"
" // which will create a UNIX socket which emits packets that would otherwise\n"
" // be sent through the TUN device.\n"
" // To enable this interface, change the name of the above TUN interface to\n"
" // \"_disabled_interface\" and change the name of this interface to\n"
" // simply \"interface\"\n"
" \"_disabled_interface\": {\n"
" \"type\": \"SocketInterface\",\n"
"\n"
" // The filesystem path to the socket to create or connect to.\n"
" \"socketFullPath\": \"/var/run/cjdns.sock\"\n"
" },\n"
"\n");
printf(" // System for tunneling IPv4 and ICANN IPv6 through cjdns.\n"
" // This is using the cjdns switch layer as a VPN carrier.\n"
" \"ipTunnel\": {\n"
" // Nodes allowed to connect to us.\n"
" // When a node with the given public key connects, give them the\n"
" // ip4 and/or ip6 addresses listed.\n"
" \"allowedConnections\": [\n");
printf(" // Give the client an address on 192.168.1.0/24, and an address\n"
" // it thinks has all of IPv6 behind it.\n"
" // ip4Prefix is the set of addresses which are routable from the tun\n"
" // for example, if you're advertizing a VPN into a company network\n"
" // which exists in 10.123.45.0/24 space, ip4Prefix should be 24\n"
" // default is 32 for ipv4 and 128 for ipv6\n"
" // so by default it will not install a route\n"
" // ip4Alloc is the block of addresses which are allocated to the\n"
" // for example if you want to issue 4 addresses to the client, those\n"
" // being 192.168.123.0 to 192.168.123.3, you would set this to 30\n"
" // default is 32 for ipv4 and 128 for ipv6 (1 address)\n"
" // {\n"
" // \"publicKey\": "
"\"f64hfl7c4uxt6krmhPutTheRealAddressOfANodeHere7kfm5m0.k\",\n"
" // \"ip4Address\": \"192.168.1.24\",\n"
" // \"ip4Prefix\": 0,\n"
" // \"ip4Alloc\": 32,\n"
" // \"ip6Address\": \"2001:123:ab::10\",\n"
" // \"ip6Prefix\": 0\n"
" // \"ip6Alloc\": 64,\n"
" // },\n"
"\n"
" // It's ok to only specify one address and prefix/alloc are optional.\n"
" // {\n"
" // \"publicKey\": "
"\"ydq8csdk8p8ThisIsJustAnExampleAddresstxuyqdf27hvn2z0.k\",\n"
" // \"ip4Address\": \"192.168.1.25\",\n"
" // \"ip4Prefix\": 0,\n"
" // }\n"
" ],\n"
"\n"
" \"outgoingConnections\": [\n"
" // Connect to one or more machines and ask them for IP addresses.\n"
" // \"6743gf5tw80ExampleExampleExampleExamplevlyb23zfnuzv0.k\",\n"
" // \"pw9tfmr8pcrExampleExampleExampleExample8rhg1pgwpwf80.k\",\n"
" // \"g91lxyxhq0kExampleExampleExampleExample6t0mknuhw75l0.k\"\n"
" ]\n"
" }\n"
" },\n"
"\n");
printf(" // Dropping permissions.\n"
" // In the event of a serious security exploit in cjdns, leak of confidential\n"
" // network traffic and/or keys is highly likely but the following rules are\n"
" // designed to prevent the attack from spreading to the system on which cjdns\n"
" // is running.\n"
" // Counter-intuitively, cjdns is *more* secure if it is started as root because\n"
" // non-root users do not have permission to use chroot or change usernames,\n"
" // limiting the effectiveness of the mitigations herein.\n"
" \"security\": [\n"
" // Change the user id to sandbox the cjdns process after it starts.\n"
" // If keepNetAdmin is set to 0, IPTunnel will be unable to set IP addresses\n"
" // and ETHInterface will be unable to hot-add new interfaces\n"
" // Use { \"setuser\": 0 } to disable.\n"
" // Default: enabled with keepNetAdmin\n");
if (Defined(Cjdns_android) || Defined(darwin)) {
printf(" { \"setuser\": 0 },\n");
} else {
printf(" { \"setuser\": \"nobody\", \"keepNetAdmin\": 1 },\n");
}
printf("\n"
" // Chroot changes the filesystem root directory which cjdns sees, blocking it\n"
" // from accessing files outside of the chroot sandbox, if the user does not\n"
" // have permission to use chroot(), this will fail quietly.\n"
" // Use { \"chroot\": 0 } to disable.\n");
if (Defined(Cjdns_android)) {
printf(" // Default: disabled\n"
" { \"chroot\": 0 },\n");
}
else {
printf(" // Default: enabled (using \"/var/run\")\n"
" { \"chroot\": \"/var/run/\" },\n");
}
printf("\n"
" // Nofiles is a deprecated security feature which prevents cjdns from opening\n"
" // any files at all, using this will block setting of IP addresses and\n"
" // hot-adding ETHInterface devices but for users who do not need this, it\n"
" // provides a formidable sandbox.\n"
" // Default: disabled\n"
" { \"nofiles\": 0 },\n"
"\n"
" // Noforks will prevent cjdns from spawning any new processes or threads,\n"
" // this prevents many types of exploits from attacking the wider system.\n"
" // Default: enabled\n"
" { \"noforks\": 1 },\n"
"\n"
" // Seccomp is the most advanced sandboxing feature in cjdns, it uses\n"
" // SECCOMP_BPF to filter the system calls which cjdns is able to make on a\n"
" // linux system, strictly limiting it's access to the outside world\n"
" // This will fail quietly on any non-linux system\n");
if (Defined(Cjdns_android)) {
printf(" // Default: disabled\n"
" { \"seccomp\": 0 },\n");
}
else {
printf(" // Default: enabled\n"
" { \"seccomp\": 1 },\n");
}
printf("\n"
" // The client sets up the core using a sequence of RPC calls, the responses\n"
" // to these calls are verified but in the event that the client crashes\n"
" // setup of the core completes, it could leave the core in an insecure state\n"
" // This call constitutes the client telling the core that the security rules\n"
" // have been fully applied and the core may run. Without it, the core will\n"
" // exit within a few seconds with return code 232.\n"
" // Default: enabled\n"
" { \"setupComplete\": 1 }\n"
" ],\n"
"\n"
" // Logging\n"
" \"logging\": {\n"
" // Uncomment to have cjdns log to stdout rather than making logs available\n"
" // via the admin socket.\n"
" // \"logTo\": \"stdout\"\n"
" },\n"
"\n"
" // If set to non-zero, cjdns will not fork to the background.\n"
" // Recommended for use in conjunction with \"logTo\":\"stdout\".\n");
printf(" \"noBackground\": %d,\n", Defined(win32) ? 1 : 0);
printf("\n"
" // Path for admin control pipe:\n"
" // If you pass only a filename then cjdns will guess the full path\n"
" // On unix the default path is /tmp/\n"
" // On windows: \\\\.\\pipe\\\n"
" \"pipe\": \"cjdroute.sock\",\n");
printf("\n"
" // This is to make the configuration be parsed in strict mode, which allows\n"
" // it to be edited externally using cjdnsconf.\n"
" \"version\": 2\n");
printf("}\n");
return 0;
}
static int usage(struct Allocator* alloc, char* appName)
{
char* sysInfo = SysInfo_describe(SysInfo_detect(), alloc);
printf("Cjdns %s %s\n"
"Usage:\n"
" cjdroute --help This information\n"
" cjdroute --genconf [--eth] Generate a configuration file, write it to stdout\n"
" if --eth is specified then eth beaconing will\n"
" be enabled. Caution it can interfere with UDP\n"
" beaconing\n"
" cjdroute --genconf-seed [--eth] Generate a configuration file from a 64 byte seed\n"
" which is read in from stdin."
" cjdroute --version Print the protocol version which this node speaks.\n"
" cjdroute --cleanconf < conf Print a clean (valid json) version of the config.\n"
" cjdroute --nobg Never fork to the background no matter the config.\n"
"\n"
"To get the router up and running.\n"
"Step 1:\n"
" Generate a new configuration file.\n"
" cjdroute --genconf > cjdroute.conf\n"
"\n"
"Step 2:\n"
" Find somebody to connect to.\n"
" Check out the IRC channel #cjdns on Efnet and Freenode\n"
" for information about how to meet new people and make connect to them.\n"
" Read more here: https://github.com/cjdelisle/cjdns/#2-find-a-friend\n"
"\n"
"Step 3:\n"
" Add that somebody's node to your cjdroute.conf file.\n"
" https://github.com/cjdelisle/cjdns/#3-connect-your-node-to-your-friends-node\n"
"\n"
"Step 4:\n"
" Fire it up!\n"
" sudo cjdroute < cjdroute.conf\n"
"\n"
"For more information about other functions and non-standard setups, see README.md\n",
ArchInfo_getArchStr(), sysInfo);
return 0;
}
struct CheckRunningInstanceContext
{
struct EventBase* base;
struct Allocator* alloc;
struct AdminClient_Result* res;
};
static void checkRunningInstanceCallback(struct AdminClient_Promise* p,
struct AdminClient_Result* res)
{
struct CheckRunningInstanceContext* ctx = p->userData;
// Prevent this from freeing until after we drop out of the loop.
Allocator_adopt(ctx->alloc, p->alloc);
ctx->res = res;
EventBase_endLoop(ctx->base);
}
static void checkRunningInstance(struct Allocator* allocator,
struct EventBase* base,
String* addr,
String* password,
struct Log* logger,
struct Except* eh)
{
struct Allocator* alloc = Allocator_child(allocator);
struct Sockaddr_storage pingAddrStorage;
if (Sockaddr_parse(addr->bytes, &pingAddrStorage)) {
Except_throw(eh, "Unable to parse [%s] as an ip address port, eg: 127.0.0.1:11234",
addr->bytes);
}
struct UDPAddrIface* udp = Except_er(eh, UDPAddrIface_new(base, NULL, alloc, logger));
struct AdminClient* adminClient =
AdminClient_new(&udp->generic, &pingAddrStorage.addr, password, base, logger, alloc);
// 100 milliseconds is plenty to wait for a process to respond on the same machine.
adminClient->millisecondsToWait = 100;
Dict* pingArgs = Dict_new(alloc);
// Indirection is needed otherwise adopt doesn't work
struct Allocator* alloc1 = Allocator_child(alloc);
struct AdminClient_Promise* pingPromise =
AdminClient_rpcCall(String_new("ping", alloc), pingArgs, adminClient, alloc1);
struct CheckRunningInstanceContext* ctx =
Allocator_malloc(alloc, sizeof(struct CheckRunningInstanceContext));
ctx->base = base;
ctx->alloc = alloc;
ctx->res = NULL;
pingPromise->callback = checkRunningInstanceCallback;
pingPromise->userData = ctx;
EventBase_beginLoop(base);
Assert_true(ctx->res);
if (ctx->res->err != AdminClient_Error_TIMEOUT) {
Except_throw(eh, "Startup failed: cjdroute is already running. [%d]", ctx->res->err);
}
Allocator_free(alloc);
}
static void onCoreExit(int64_t exit_status, int term_signal)
{
printf("Core exited with status [%d], signal [%d]\n", (int)exit_status, term_signal);
exit(exit_status);
}
#define Chunk_MAX_LEN 4000
struct Chunk {
uint32_t length;
struct Chunk* next;
uint8_t buf[Chunk_MAX_LEN];
};
static struct Message* readToMsg(FILE* f, struct Allocator* alloc)
{
struct Allocator* child = Allocator_child(alloc);
struct Chunk* c = NULL;
uint32_t totalLength = 0;
do {
struct Chunk* cc = Allocator_calloc(child, sizeof(struct Chunk), 1);
cc->length = fread(cc->buf, 1, Chunk_MAX_LEN, f);
totalLength += cc->length;
cc->next = c;
c = cc;
} while (c->length == Chunk_MAX_LEN);
struct Message* out = Message_new(0, totalLength, alloc);
while (c) {
Er_assert(Message_epush(out, c->buf, c->length));
c = c->next;
}
Allocator_free(child);
return out;
}
static String* getPipePath(Dict* config, struct Allocator* alloc)
{
String* pipePath = Dict_getStringC(config, "pipe");
char* pp = (pipePath) ? pipePath->bytes : "cjdroute.sock";
if (pp[0] == Pipe_PATH_SEP[0]) {
return pipePath;
}
char* path = Pipe_PATH;
if (Defined(Cjdns_android)) {
char* t = getenv("TMPDIR");
if (!t) {
t = getenv("HOME");
}
if (t) {
path = t;
}
}
String* out = String_newBinary(NULL,
strlen(pp) + strlen(Pipe_PATH_SEP) + strlen(path) + 2, alloc);
snprintf(out->bytes, out->len, "%s%s%s", path, Pipe_PATH_SEP, pp);
out->len = strlen(out->bytes);
return out;
}
// This is invoked from cjdroute.rs
int cjdroute2_main(int argc, char** argv);
int cjdroute2_main(int argc, char** argv)
{
Glock_init();
#ifdef Log_KEYS
fprintf(stderr, "Log_LEVEL = KEYS, EXPECT TO SEE PRIVATE KEYS IN YOUR LOGS!\n");
#endif
if (argc > 1 && (!CString_strcmp("angel", argv[1]) || !CString_strcmp("core", argv[1]))) {
return Core_main(argc, argv);
}
Assert_ifParanoid(argc > 0);
struct Except* eh = NULL;
// Allow it to allocate 8MB
struct Allocator* allocator = Allocator_new(1<<23);
struct Random* rand = Random_new(allocator, NULL, eh);
struct EventBase* eventBase = EventBase_new(allocator);
if (argc == 2) {
// one argument
if ((CString_strcmp(argv[1], "--help") == 0) || (CString_strcmp(argv[1], "-h") == 0)) {
return usage(allocator, argv[0]);
} else if (CString_strcmp(argv[1], "--genconf-seed") == 0) {
return genconf(allocator, rand, 0, 1);
} else if (CString_strcmp(argv[1], "--genconf") == 0) {
return genconf(allocator, rand, 0, 0);
} else if ((CString_strcmp(argv[1], "--version") == 0)
|| (CString_strcmp(argv[1], "-v") == 0))
{
printf("Cjdns version: %s\n", CJD_PACKAGE_VERSION);
printf("Cjdns protocol version: %d\n", Version_CURRENT_PROTOCOL);
return 0;
} else if (CString_strcmp(argv[1], "--cleanconf") == 0) {
// Performed after reading configuration
} else if (CString_strcmp(argv[1], "--nobg") == 0) {
// Performed while reading configuration
} else {
fprintf(stderr, "%s: unrecognized option '%s'\n", argv[0], argv[1]);
fprintf(stderr, "Try `%s --help' for more information.\n", argv[0]);
return -1;
}
} else if (argc > 2) {
// more than one argument?
// because of '--pidfile $filename'?
if (CString_strcmp(argv[1], "--pidfile") == 0) {
fprintf(stderr, "\n'--pidfile' option is deprecated.\n");
} else if (CString_strcmp(argv[1], "--genconf") == 0 ||
CString_strcmp(argv[1], "--genconf-seed") == 0)
{
bool eth = 0;
for (int i = 2; i < argc; i++) {
if (!CString_strcmp(argv[i], "--eth")) {
eth = 1;
} else {
fprintf(stderr, "%s: unrecognized option '%s'\n", argv[0], argv[i]);
fprintf(stderr, "Try `%s --help' for more information.\n", argv[0]);
return -1;
}
}
return genconf(allocator, rand, eth, CString_strcmp(argv[1], "--genconf-seed") == 0);
} else {
fprintf(stderr, "%s: too many arguments [%s]\n", argv[0], argv[1]);
fprintf(stderr, "Try `%s --help' for more information.\n", argv[0]);
}
return -1;
}
if (isatty(STDIN_FILENO)) {
// We were started from a terminal
// The chances an user wants to type in a configuration
// bij hand are pretty slim so we show him the usage
return usage(allocator, argv[0]);
} else {
// We assume stdin is a configuration file and that we should
// start routing
}
// First try reading the conf with the new parser, then try the old parser
// and if the old parser fails or the parsed content contains "version": 2,
// fail to launch
struct Message* confMsg = readToMsg(stdin, allocator);
struct Reader* confReader = ArrayReader_new(confMsg->msgbytes, Message_getLength(confMsg), allocator);
Dict _config;
Dict* config = &_config;
const char* err = JsonBencMessageReader_readNoExcept(confMsg, allocator, &config, false);
if (!err) {
// If old version is specified, always use old parser so there is no possible error
uint64_t* v = Dict_getIntC(config, "version");
if (!v || *v < 2) { err = "using old parser"; }
}
if (err) {
if (JsonBencSerializer_get()->parseDictionary(confReader, allocator, &_config)) {
fprintf(stderr, "Failed to parse configuration.\n%s\n", err);
return -1;
}
uint64_t* version = Dict_getIntC(config, "version");
if (version && *version >= 2) {
fprintf(stderr, "Invalid cjdroute.conf\n%s\n", err);
return -1;
}
}
if (argc == 2 && CString_strcmp(argv[1], "--cleanconf") == 0) {
// Slip a v2 in there because at this point, the conf file is definitely v2 valid
Dict_putIntC(config, "version", 2, allocator);
struct Writer* stdoutWriter = FileWriter_new(stdout, allocator);
JsonBencSerializer_get()->serializeDictionary(stdoutWriter, config);
printf("\n");
return 0;
}
int forceNoBackground = 0;
if (argc == 2 && CString_strcmp(argv[1], "--nobg") == 0) {
forceNoBackground = 1;
}
struct Log* logger = FileWriterLog_new(stdout, allocator);
// --------------------- Get Admin --------------------- //
Dict* configAdmin = Dict_getDictC(config, "admin");
String* adminPass = Dict_getStringC(configAdmin, "password");
String* adminBind = Dict_getStringC(configAdmin, "bind");
if (!adminPass) {
adminPass = String_newBinary(NULL, 32, allocator);
Random_base32(rand, (uint8_t*) adminPass->bytes, 32);
adminPass->len = CString_strlen(adminPass->bytes);
}
if (!adminBind) {
Except_throw(eh, "You must specify admin.bind in the cjdroute.conf file.");
}
// --------------------- Welcome to cjdns ---------------------- //
char* sysInfo = SysInfo_describe(SysInfo_detect(), allocator);
Log_info(logger, "%s %s %s", CJD_PACKAGE_VERSION, ArchInfo_getArchStr(), sysInfo);
// --------------------- Check for running instance --------------------- //
Log_info(logger, "Checking for running instance...");
checkRunningInstance(allocator, eventBase, adminBind, adminPass, logger, eh);
// --------------------- Setup Pipes to Angel --------------------- //
struct Allocator* corePipeAlloc = Allocator_child(allocator);
String* pipePath = getPipePath(config, corePipeAlloc);
if (!Defined(win32)) {
// win32 sockets are not files
char* lastsep = strrchr(pipePath->bytes, '/');
Assert_true(lastsep);
*lastsep = '\0';
int ret = access(pipePath->bytes, W_OK);
*lastsep = '/';
if (ret) {
Except_throw(eh, "Pipe directory not writable: [%s]", pipePath->bytes);
}
if (unlink(pipePath->bytes) && (errno != ENOENT)) {
Except_throw(eh, "Unable to delete existing pipe at path [%s] err [%s]",
pipePath->bytes, strerror(errno));
}
}
const char* args[] = { "core", pipePath->bytes, NULL };
// --------------------- Spawn Core --------------------- //
String* privateKey = Dict_getStringC(config, "privateKey");
const char* corePath = Process_getPath(allocator);
if (!corePath) {
Except_throw(eh, "Can't find a usable cjdns core executable, "
"make sure it is in the same directory as cjdroute");
}
if (!privateKey) {
Except_throw(eh, "Need to specify privateKey.");
}
Process_spawn(corePath, args, eventBase, allocator, onCoreExit);
// --------------------- Wait for socket ------------------------- //
// cycle for up to 1 minute
int exists = 0;
for (int i = 0; i < 2 * 10 * 60; i++) {
if (Except_er(eh, Pipe_exists(pipePath->bytes, allocator))) {
exists = 1;
break;
}
// sleep 50ms
struct timespec timeout = { 0, 1000000 * 50 };
nanosleep(&timeout, NULL);
}
if (!exists) {
Except_throw(eh, "Core did not setup pipe file [%s] within 60 seconds",
pipePath->bytes);
}
// --------------------- Connect to socket ------------------------- //
struct Pipe* corePipe =
Except_er(eh, Pipe_named(pipePath->bytes, eventBase, logger, allocator));
// --------------------- Pre-Configure Core ------------------------- //
Dict* preConf = Dict_new(allocator);
Dict* adminPreConf = Dict_new(allocator);
Dict_putDictC(preConf, "admin", adminPreConf, allocator);
Dict_putStringC(preConf, "privateKey", privateKey, allocator);
Dict_putStringC(adminPreConf, "bind", adminBind, allocator);
Dict_putStringC(adminPreConf, "pass", adminPass, allocator);
Dict* logging = Dict_getDictC(config, "logging");
if (logging) {
Dict_putDictC(preConf, "logging", logging, allocator);
}
struct Message* toCoreMsg = Message_new(0, 1024, allocator);
Er_assert(BencMessageWriter_write(preConf, toCoreMsg));
Iface_CALL(corePipe->iface.send, toCoreMsg, &corePipe->iface);
Log_debug(logger, "Sent [%d] bytes to core", Message_getLength(toCoreMsg));
// --------------------- Get Response from Core --------------------- //
struct Message* fromCoreMsg =
InterfaceWaiter_waitForData(&corePipe->iface, eventBase, allocator, eh);
Dict* responseFromCore = Except_er(eh, BencMessageReader_read(fromCoreMsg, allocator));
// --------------------- Close the Core Pipe --------------------- //
Allocator_free(corePipeAlloc);
corePipe = NULL;
// --------------------- Get Admin Addr/Port/Passwd --------------------- //
Dict* responseFromCoreAdmin = Dict_getDictC(responseFromCore, "admin");
adminBind = Dict_getStringC(responseFromCoreAdmin, "bind");
if (!adminBind) {
Except_throw(eh, "didn't get address and port back from core");
}
struct Sockaddr_storage adminAddr;
if (Sockaddr_parse(adminBind->bytes, &adminAddr)) {
Except_throw(eh, "Unable to parse [%s] as an ip address port, eg: 127.0.0.1:11234",
adminBind->bytes);
}
//Assert_ifParanoid(EventBase_eventCount(eventBase) == 1);
// --------------------- Configuration ------------------------- //
Configurator_config(config,
&adminAddr.addr,
adminPass,
eventBase,
logger,
allocator);
// --------------------- noBackground ------------------------ //
int64_t* noBackground = Dict_getIntC(config, "noBackground");
if (forceNoBackground || (noBackground && *noBackground)) {
Log_debug(logger, "Keeping cjdns client alive because %s",
(forceNoBackground) ? "--nobg was specified on the command line"
: "noBackground was set in the configuration");
EventBase_beginLoop(eventBase);
}
// Freeing this allocator here causes the core to be terminated in the epoll syscall.
//Allocator_free(allocator);
return 0;
}