1
0

Configurator.c 28 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748
  1. /* vim: set expandtab ts=4 sw=4: */
  2. /*
  3. * You may redistribute this program and/or modify it under the terms of
  4. * the GNU General Public License as published by the Free Software Foundation,
  5. * either version 3 of the License, or (at your option) any later version.
  6. *
  7. * This program is distributed in the hope that it will be useful,
  8. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  9. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  10. * GNU General Public License for more details.
  11. *
  12. * You should have received a copy of the GNU General Public License
  13. * along with this program. If not, see <https://www.gnu.org/licenses/>.
  14. */
  15. #include "client/AdminClient.h"
  16. #include "client/Configurator.h"
  17. #include "benc/String.h"
  18. #include "benc/Dict.h"
  19. #include "benc/Int.h"
  20. #include "benc/List.h"
  21. #include "memory/Allocator.h"
  22. #include "util/events/Event.h"
  23. #include "util/events/UDPAddrIface.h"
  24. #include "util/Bits.h"
  25. #include "util/log/Log.h"
  26. #include "util/platform/Sockaddr.h"
  27. #include "util/Defined.h"
  28. #include "util/events/Timeout.h"
  29. #include <stdlib.h>
  30. #include <stdbool.h>
  31. struct Context
  32. {
  33. struct Log* logger;
  34. struct Allocator* alloc;
  35. struct AdminClient* client;
  36. struct Allocator* currentReqAlloc;
  37. struct AdminClient_Result* currentResult;
  38. struct EventBase* base;
  39. };
  40. static void rpcCallback(struct AdminClient_Promise* p, struct AdminClient_Result* res)
  41. {
  42. struct Context* ctx = p->userData;
  43. Allocator_adopt(ctx->alloc, p->alloc);
  44. ctx->currentResult = res;
  45. EventBase_endLoop(ctx->base);
  46. }
  47. static void die(struct AdminClient_Result* res, struct Context* ctx, struct Allocator* alloc)
  48. {
  49. Log_keys(ctx->logger, "message bytes = [%s]", res->messageBytes);
  50. #ifndef Log_KEYS
  51. Log_critical(ctx->logger, "enable Log_LEVEL=KEYS to see message content.");
  52. #endif
  53. Dict d = NULL;
  54. struct AdminClient_Promise* exitPromise =
  55. AdminClient_rpcCall(String_CONST("Core_exit"), &d, ctx->client, alloc);
  56. exitPromise->callback = rpcCallback;
  57. exitPromise->userData = ctx;
  58. EventBase_beginLoop(ctx->base);
  59. if (ctx->currentResult->err) {
  60. Log_critical(ctx->logger, "Failed to stop the core.");
  61. }
  62. Log_critical(ctx->logger, "Aborting.");
  63. exit(1);
  64. }
  65. static int rpcCall0(String* function,
  66. Dict* args,
  67. struct Context* ctx,
  68. struct Allocator* alloc,
  69. Dict** resultP,
  70. bool exitIfError)
  71. {
  72. ctx->currentReqAlloc = Allocator_child(alloc);
  73. ctx->currentResult = NULL;
  74. struct AdminClient_Promise* promise = AdminClient_rpcCall(function, args, ctx->client, alloc);
  75. promise->callback = rpcCallback;
  76. promise->userData = ctx;
  77. EventBase_beginLoop(ctx->base);
  78. struct AdminClient_Result* res = ctx->currentResult;
  79. Assert_true(res);
  80. if (res->err) {
  81. Log_critical(ctx->logger,
  82. "Failed to make function call [%s], error: [%s]",
  83. AdminClient_errorString(res->err),
  84. function->bytes);
  85. die(res, ctx, alloc);
  86. }
  87. String* error = Dict_getStringC(res->responseDict, "error");
  88. int ret = 0;
  89. if (error && !String_equals(error, String_CONST("none"))) {
  90. if (exitIfError) {
  91. Log_critical(ctx->logger,
  92. "Got error [%s] calling [%s]",
  93. error->bytes,
  94. function->bytes);
  95. die(res, ctx, alloc);
  96. }
  97. Log_warn(ctx->logger, "Got error [%s] calling [%s], ignoring.",
  98. error->bytes, function->bytes);
  99. ret = 1;
  100. }
  101. if (resultP) {
  102. *resultP = res->responseDict;
  103. } else {
  104. Allocator_free(ctx->currentReqAlloc);
  105. }
  106. ctx->currentReqAlloc = NULL;
  107. return ret;
  108. }
  109. static void rpcCall(String* function, Dict* args, struct Context* ctx, struct Allocator* alloc)
  110. {
  111. rpcCall0(function, args, ctx, alloc, NULL, true);
  112. }
  113. static void authorizedPasswords(List* list, struct Context* ctx)
  114. {
  115. uint32_t count = List_size(list);
  116. for (uint32_t i = 0; i < count; i++) {
  117. Dict* d = List_getDict(list, i);
  118. Log_info(ctx->logger, "Checking authorized password %d.", i);
  119. if (!d) {
  120. Log_critical(ctx->logger, "Not a dictionary type %d.", i);
  121. exit(-1);
  122. }
  123. String* passwd = Dict_getStringC(d, "password");
  124. if (!passwd) {
  125. Log_critical(ctx->logger, "Must specify a password %d.", i);
  126. exit(-1);
  127. }
  128. }
  129. for (uint32_t i = 0; i < count; i++) {
  130. struct Allocator* child = Allocator_child(ctx->alloc);
  131. Dict* d = List_getDict(list, i);
  132. String* passwd = Dict_getStringC(d, "password");
  133. String* user = Dict_getStringC(d, "user");
  134. String* displayName = user;
  135. if (!displayName) {
  136. displayName = String_printf(child, "password [%d]", i);
  137. }
  138. //String* publicKey = Dict_getStringC(d, "publicKey");
  139. String* ipv6 = Dict_getStringC(d, "ipv6");
  140. Log_info(ctx->logger, "Adding authorized password #[%d] for user [%s].",
  141. i, displayName->bytes);
  142. Dict *args = Dict_new(child);
  143. uint32_t i = 1;
  144. Dict_putIntC(args, "authType", i, child);
  145. Dict_putStringC(args, "password", passwd, child);
  146. if (user) {
  147. Dict_putStringC(args, "user", user, child);
  148. }
  149. Dict_putStringC(args, "displayName", displayName, child);
  150. if (ipv6) {
  151. Log_info(ctx->logger,
  152. " This connection password restricted to [%s] only.", ipv6->bytes);
  153. Dict_putStringC(args, "ipv6", ipv6, child);
  154. }
  155. rpcCall(String_CONST("AuthorizedPasswords_add"), args, ctx, child);
  156. Allocator_free(child);
  157. }
  158. }
  159. static void udpInterfaceSetBeacon(
  160. Dict* udp, int beacon, uint16_t beaconPort, int ifNum, struct Context* ctx)
  161. {
  162. if (!beacon) { return; }
  163. if (beacon > 2 || beacon < 0) {
  164. Log_error(ctx->logger, "interfaces.UDPInterface.beacon may only be 0, 1,or 2");
  165. return;
  166. }
  167. if (!beaconPort) {
  168. Log_error(ctx->logger, "interfaces.UDPInterface.beacon requires beaconPort");
  169. return;
  170. }
  171. List* devices = Dict_getListC(udp, "beaconDevices");
  172. if (!devices) {
  173. Log_error(ctx->logger, "interfaces.UDPInterface.beacon requires beaconDevices");
  174. return;
  175. }
  176. // We can cast beacon to an int here because we know it's small enough
  177. Log_info(ctx->logger, "Setting beacon mode UDPInterface to [%d].", (int) beacon);
  178. Dict* d = Dict_new(ctx->alloc);
  179. Dict_putIntC(d, "state", beacon, ctx->alloc);
  180. Dict_putIntC(d, "interfaceNumber", ifNum, ctx->alloc);
  181. rpcCall(String_CONST("UDPInterface_beacon"), d, ctx, ctx->alloc);
  182. d = Dict_new(ctx->alloc);
  183. Dict_putListC(d, "devices", devices, ctx->alloc);
  184. Dict_putIntC(d, "interfaceNumber", ifNum, ctx->alloc);
  185. rpcCall(String_CONST("UDPInterface_setBroadcastDevices"), d, ctx, ctx->alloc);
  186. }
  187. static void udpInterface(Dict* config, struct Context* ctx)
  188. {
  189. List* ifaces = Dict_getListC(config, "UDPInterface");
  190. if (!ifaces) {
  191. ifaces = List_new(ctx->alloc);
  192. List_addDict(ifaces, Dict_getDictC(config, "UDPInterface"), ctx->alloc);
  193. }
  194. uint32_t count = List_size(ifaces);
  195. for (uint32_t i = 0; i < count; i++) {
  196. Dict *udp = List_getDict(ifaces, i);
  197. if (!udp) {
  198. continue;
  199. }
  200. // Setup the interface.
  201. String* bindStr = Dict_getStringC(udp, "bind");
  202. Dict* d = Dict_new(ctx->alloc);
  203. if (bindStr) {
  204. Dict_putStringC(d, "bindAddress", bindStr, ctx->alloc);
  205. }
  206. int64_t* dscp = Dict_getIntC(udp, "dscp");
  207. if (dscp) {
  208. Dict_putIntC(d, "dscp", *dscp, ctx->alloc);
  209. }
  210. int64_t* beaconPort_p = Dict_getIntC(udp, "beaconPort");
  211. uint16_t beaconPort = (beaconPort_p) ? *beaconPort_p : 0;
  212. int64_t* beaconP = Dict_getIntC(udp, "beacon");
  213. int64_t beacon = (beaconP) ? *beaconP : 0;
  214. if (beacon && beaconPort) { Dict_putIntC(d, "beaconPort", beaconPort, ctx->alloc); }
  215. Dict* resp = NULL;
  216. rpcCall0(String_CONST("UDPInterface_new"), d, ctx, ctx->alloc, &resp, true);
  217. int ifNum = *(Dict_getIntC(resp, "interfaceNumber"));
  218. udpInterfaceSetBeacon(udp, beacon, beaconPort, ifNum, ctx);
  219. // Make the connections.
  220. Dict* connectTo = Dict_getDictC(udp, "connectTo");
  221. if (connectTo) {
  222. struct Dict_Entry* entry = *connectTo;
  223. struct Allocator* perCallAlloc = Allocator_child(ctx->alloc);
  224. while (entry != NULL) {
  225. String* key = (String*) entry->key;
  226. if (entry->val->type != Object_DICT) {
  227. Log_critical(ctx->logger, "interfaces.UDPInterface.connectTo: entry [%s] "
  228. "is not a dictionary type.", key->bytes);
  229. exit(-1);
  230. }
  231. Dict* value = entry->val->as.dictionary;
  232. Log_keys(ctx->logger, "Attempting to connect to node [%s].", key->bytes);
  233. key = String_clone(key, perCallAlloc);
  234. char* lastColon = CString_strrchr(key->bytes, ':');
  235. if (lastColon) {
  236. if (!Sockaddr_parse(key->bytes, NULL)) {
  237. // it's a sockaddr, fall through
  238. } else {
  239. // try it as a hostname.
  240. Log_critical(ctx->logger, "Couldn't add connection [%s], "
  241. "hostnames aren't supported.", key->bytes);
  242. exit(-1);
  243. }
  244. } else {
  245. // it doesn't have a port
  246. Log_critical(ctx->logger, "Connection [%s] must be $IP:$PORT, or "
  247. "[$IP]:$PORT for IPv6.", key->bytes);
  248. exit(-1);
  249. }
  250. Dict_putIntC(value, "interfaceNumber", ifNum, perCallAlloc);
  251. Dict_putStringC(value, "address", key, perCallAlloc);
  252. rpcCall(String_CONST("UDPInterface_beginConnection"), value, ctx, perCallAlloc);
  253. // Make a IPTunnel exception for this node
  254. Dict* aed = Dict_new(perCallAlloc);
  255. *lastColon = '\0';
  256. Dict_putStringC(aed, "route", String_new(key->bytes, perCallAlloc),
  257. perCallAlloc);
  258. *lastColon = ':';
  259. rpcCall(String_CONST("RouteGen_addException"), aed, ctx, perCallAlloc);
  260. entry = entry->next;
  261. }
  262. Allocator_free(perCallAlloc);
  263. }
  264. }
  265. }
  266. static void tunInterface(Dict* ifaceConf, struct Allocator* tempAlloc, struct Context* ctx)
  267. {
  268. String* ifaceType = Dict_getStringC(ifaceConf, "type");
  269. if (!String_equals(ifaceType, String_CONST("TUNInterface"))) {
  270. return;
  271. }
  272. // Setup the interface.
  273. String* tunfd = Dict_getStringC(ifaceConf, "tunfd");
  274. String* device = Dict_getStringC(ifaceConf, "tunDevice");
  275. Dict* args = Dict_new(tempAlloc);
  276. if (tunfd && device) {
  277. Log_warn(ctx->logger, "tunfd is nolonger used, see Admin_importFd() and Core_initTunFd()");
  278. } else {
  279. if (device) {
  280. Dict_putStringC(args, "desiredTunName", device, tempAlloc);
  281. }
  282. rpcCall0(String_CONST("Core_initTunnel"), args, ctx, tempAlloc, NULL, false);
  283. }
  284. }
  285. static void socketInterface(Dict* ifaceConf, struct Allocator* tempAlloc, struct Context* ctx)
  286. {
  287. String* ifaceType = Dict_getStringC(ifaceConf, "type");
  288. if (!String_equals(ifaceType, String_CONST("SocketInterface"))) {
  289. return;
  290. }
  291. // Setup the interface.
  292. String* socketFullPath = Dict_getStringC(ifaceConf, "socketFullPath");
  293. Dict* args = Dict_new(tempAlloc);
  294. if (!socketFullPath) {
  295. Log_critical(ctx->logger, "In router.interface"
  296. " 'socketFullPath' is required if it's SocketInterface.");
  297. exit(1);
  298. }
  299. if (Dict_getIntC(ifaceConf, "socketAttemptToCreate")) {
  300. Log_warn(ctx->logger, "SocketInterface \"socketAttemptToCreate\" nolonger has any "
  301. "effect, you must create the socket from the outside");
  302. }
  303. Dict_putStringC(args, "socketFullPath", socketFullPath, tempAlloc);
  304. rpcCall0(String_CONST("Core_initSocket"), args, ctx, tempAlloc, NULL, true);
  305. }
  306. static void ipTunnel(Dict* ifaceConf, struct Allocator* tempAlloc, struct Context* ctx)
  307. {
  308. List* incoming = Dict_getListC(ifaceConf, "allowedConnections");
  309. if (incoming) {
  310. Dict* d;
  311. for (int i = 0; (d = List_getDict(incoming, i)) != NULL; i++) {
  312. String* key = Dict_getStringC(d, "publicKey");
  313. String* ip4 = Dict_getStringC(d, "ip4Address");
  314. // Note that the prefix length has to be a proper int in the config
  315. // (not quoted!)
  316. int64_t* ip4Prefix = Dict_getIntC(d, "ip4Prefix");
  317. String* ip6 = Dict_getStringC(d, "ip6Address");
  318. int64_t* ip6Prefix = Dict_getIntC(d, "ip6Prefix");
  319. if (!key) {
  320. Log_critical(ctx->logger, "In router.ipTunnel.allowedConnections[%d]"
  321. "'publicKey' required.", i);
  322. exit(1);
  323. }
  324. if (!ip4 && !ip6) {
  325. Log_critical(ctx->logger, "In router.ipTunnel.allowedConnections[%d]"
  326. "either 'ip4Address' or 'ip6Address' required.", i);
  327. exit(1);
  328. } else if (ip4Prefix && !ip4) {
  329. Log_critical(ctx->logger, "In router.ipTunnel.allowedConnections[%d]"
  330. "'ip4Address' required with 'ip4Prefix'.", i);
  331. exit(1);
  332. } else if (ip6Prefix && !ip6) {
  333. Log_critical(ctx->logger, "In router.ipTunnel.allowedConnections[%d]"
  334. "'ip6Address' required with 'ip6Prefix'.", i);
  335. exit(1);
  336. }
  337. Log_debug(ctx->logger, "Allowing IpTunnel connections from [%s]", key->bytes);
  338. if (ip4) {
  339. Log_debug(ctx->logger, "Issue IPv4 address %s", ip4->bytes);
  340. if (ip4Prefix) {
  341. Log_debug(ctx->logger, "Issue IPv4 netmask/prefix length /%d",
  342. (int) *ip4Prefix);
  343. } else {
  344. Log_debug(ctx->logger, "Use default netmask/prefix length /0");
  345. }
  346. }
  347. if (ip6) {
  348. Log_debug(ctx->logger, "Issue IPv6 address [%s]", ip6->bytes);
  349. if (ip6Prefix) {
  350. Log_debug(ctx->logger, "Issue IPv6 netmask/prefix length /%d",
  351. (int) *ip6Prefix);
  352. } else {
  353. Log_debug(ctx->logger, "Use default netmask/prefix length /0");
  354. }
  355. }
  356. Dict_putStringC(d, "publicKeyOfAuthorizedNode", key, tempAlloc);
  357. rpcCall0(String_CONST("IpTunnel_allowConnection"), d, ctx, tempAlloc, NULL, true);
  358. }
  359. }
  360. List* outgoing = Dict_getListC(ifaceConf, "outgoingConnections");
  361. if (outgoing) {
  362. String* s;
  363. for (int i = 0; (s = List_getString(outgoing, i)) != NULL; i++) {
  364. Log_debug(ctx->logger, "Initiating IpTunnel connection to [%s]", s->bytes);
  365. Dict requestDict =
  366. Dict_CONST(String_CONST("publicKeyOfNodeToConnectTo"), String_OBJ(s), NULL);
  367. rpcCall0(String_CONST("IpTunnel_connectTo"), &requestDict, ctx, tempAlloc, NULL, true);
  368. }
  369. }
  370. }
  371. static void supernodes(List* supernodes, struct Allocator* tempAlloc, struct Context* ctx)
  372. {
  373. if (!supernodes) { return; }
  374. String* s;
  375. for (int i = 0; (s = List_getString(supernodes, i)) != NULL; i++) {
  376. Log_debug(ctx->logger, "Loading supernode connection to [%s]", s->bytes);
  377. Dict reqDict = Dict_CONST(String_CONST("key"), String_OBJ(s), NULL);
  378. rpcCall0(String_CONST("SupernodeHunter_addSnode"), &reqDict, ctx, tempAlloc, NULL, true);
  379. }
  380. }
  381. static void routerConfig(Dict* routerConf, struct Allocator* tempAlloc, struct Context* ctx)
  382. {
  383. tunInterface(Dict_getDictC(routerConf, "interface"), tempAlloc, ctx);
  384. socketInterface(Dict_getDictC(routerConf, "interface"), tempAlloc, ctx);
  385. ipTunnel(Dict_getDictC(routerConf, "ipTunnel"), tempAlloc, ctx);
  386. supernodes(Dict_getListC(routerConf, "supernodes"), tempAlloc, ctx);
  387. }
  388. static void ethInterfaceSetBeacon(int ifNum, Dict* eth, struct Context* ctx)
  389. {
  390. int64_t* beaconP = Dict_getIntC(eth, "beacon");
  391. if (beaconP) {
  392. int64_t beacon = *beaconP;
  393. if (beacon > 2 || beacon < 0) {
  394. Log_error(ctx->logger, "interfaces.ETHInterface.beacon may only be 0, 1,or 2");
  395. } else {
  396. // We can cast beacon to an int here because we know it's small enough
  397. Log_info(ctx->logger, "Setting beacon mode on ETHInterface to [%d].", (int) beacon);
  398. Dict d = Dict_CONST(String_CONST("interfaceNumber"), Int_OBJ(ifNum),
  399. Dict_CONST(String_CONST("state"), Int_OBJ(beacon), NULL));
  400. rpcCall(String_CONST("ETHInterface_beacon"), &d, ctx, ctx->alloc);
  401. }
  402. }
  403. }
  404. static void ethInterface(Dict* config, struct Context* ctx)
  405. {
  406. List* ifaces = Dict_getListC(config, "ETHInterface");
  407. if (!ifaces) {
  408. ifaces = List_new(ctx->alloc);
  409. List_addDict(ifaces, Dict_getDictC(config, "ETHInterface"), ctx->alloc);
  410. }
  411. uint32_t count = List_size(ifaces);
  412. for (uint32_t i = 0; i < count; i++) {
  413. Dict *eth = List_getDict(ifaces, i);
  414. if (!eth) { continue; }
  415. String* deviceStr = Dict_getStringC(eth, "bind");
  416. if (!deviceStr || !String_equals(String_CONST("all"), deviceStr)) { continue; }
  417. Log_info(ctx->logger, "Setting up all ETHInterfaces...");
  418. Dict* res = NULL;
  419. Dict* d = Dict_new(ctx->alloc);
  420. if (rpcCall0(String_CONST("ETHInterface_listDevices"), d, ctx, ctx->alloc, &res, false)) {
  421. Log_info(ctx->logger, "Getting device list failed");
  422. break;
  423. }
  424. List* devs = Dict_getListC(res, "devices");
  425. uint32_t devCount = List_size(devs);
  426. for (uint32_t j = 0; j < devCount; j++) {
  427. Dict* d = Dict_new(ctx->alloc);
  428. String* deviceName = List_getString(devs, j);
  429. // skip loopback...
  430. if (String_equals(String_CONST("lo"), deviceName)) { continue; }
  431. Dict_putStringC(d, "bindDevice", deviceName, ctx->alloc);
  432. Dict* resp;
  433. Log_info(ctx->logger, "Creating new ETHInterface [%s]", deviceName->bytes);
  434. if (rpcCall0(String_CONST("ETHInterface_new"), d, ctx, ctx->alloc, &resp, false)) {
  435. Log_warn(ctx->logger, "Failed to create ETHInterface.");
  436. continue;
  437. }
  438. int ifNum = *(Dict_getIntC(resp, "interfaceNumber"));
  439. ethInterfaceSetBeacon(ifNum, eth, ctx);
  440. }
  441. return;
  442. }
  443. for (uint32_t i = 0; i < count; i++) {
  444. Dict *eth = List_getDict(ifaces, i);
  445. if (!eth) { continue; }
  446. // Setup the interface.
  447. String* deviceStr = Dict_getStringC(eth, "bind");
  448. Log_info(ctx->logger, "Setting up ETHInterface [%d].", i);
  449. Dict* d = Dict_new(ctx->alloc);
  450. if (deviceStr) {
  451. Log_info(ctx->logger, "Binding to device [%s].", deviceStr->bytes);
  452. Dict_putStringC(d, "bindDevice", deviceStr, ctx->alloc);
  453. }
  454. Dict* resp = NULL;
  455. if (rpcCall0(String_CONST("ETHInterface_new"), d, ctx, ctx->alloc, &resp, false)) {
  456. Log_warn(ctx->logger, "Failed to create ETHInterface.");
  457. continue;
  458. }
  459. int ifNum = *(Dict_getIntC(resp, "interfaceNumber"));
  460. ethInterfaceSetBeacon(ifNum, eth, ctx);
  461. // Make the connections.
  462. Dict* connectTo = Dict_getDictC(eth, "connectTo");
  463. if (connectTo) {
  464. Log_info(ctx->logger, "ETHInterface should connect to a specific node.");
  465. struct Dict_Entry* entry = *connectTo;
  466. while (entry != NULL) {
  467. String* key = (String*) entry->key;
  468. if (entry->val->type != Object_DICT) {
  469. Log_critical(ctx->logger, "interfaces.ETHInterface.connectTo: entry [%s] "
  470. "is not a dictionary type.", key->bytes);
  471. exit(-1);
  472. }
  473. Dict* value = entry->val->as.dictionary;
  474. Log_keys(ctx->logger, "Attempting to connect to node [%s].", key->bytes);
  475. struct Allocator* perCallAlloc = Allocator_child(ctx->alloc);
  476. // Turn the dict from the config into our RPC args dict by filling in all
  477. // the arguments,
  478. Dict_putStringC(value, "macAddress", key, perCallAlloc);
  479. Dict_putIntC(value, "interfaceNumber", ifNum, perCallAlloc);
  480. rpcCall(String_CONST("ETHInterface_beginConnection"), value, ctx, perCallAlloc);
  481. Allocator_free(perCallAlloc);
  482. entry = entry->next;
  483. }
  484. }
  485. }
  486. }
  487. static void security(struct Allocator* tempAlloc, List* conf, struct Log* log, struct Context* ctx)
  488. {
  489. int seccomp = 1;
  490. int nofiles = 0;
  491. int noforks = 1;
  492. int chroot = 1;
  493. int setupComplete = 1;
  494. int setuser = 1;
  495. if (Defined(win32)) {
  496. setuser = 0;
  497. }
  498. int uid = -1;
  499. int64_t* group = NULL;
  500. int keepNetAdmin = 1;
  501. do {
  502. Dict* d = Dict_new(tempAlloc);
  503. Dict_putStringCC(d, "user", "nobody", tempAlloc);
  504. if (!Defined(win32)) {
  505. Dict* ret = NULL;
  506. int r = rpcCall0(String_CONST("Security_getUser"), d, ctx, tempAlloc, &ret, false);
  507. if (!r) {
  508. uid = *Dict_getIntC(ret, "uid");
  509. group = Dict_getIntC(ret, "gid");
  510. }
  511. }
  512. } while (0);
  513. for (int i = 0; conf && i < List_size(conf); i++) {
  514. Dict* elem = List_getDict(conf, i);
  515. String* s;
  516. if (elem && (s = Dict_getStringC(elem, "setuser"))) {
  517. if (setuser == 0) { continue; }
  518. Dict* d = Dict_new(tempAlloc);
  519. Dict_putStringC(d, "user", s, tempAlloc);
  520. Dict* ret = NULL;
  521. rpcCall0(String_CONST("Security_getUser"), d, ctx, tempAlloc, &ret, true);
  522. uid = *Dict_getIntC(ret, "uid");
  523. group = Dict_getIntC(ret, "gid");
  524. int64_t* nka = Dict_getIntC(elem, "keepNetAdmin");
  525. int64_t* exemptAngel = Dict_getIntC(elem, "exemptAngel");
  526. keepNetAdmin = ((nka) ? *nka : ((exemptAngel) ? *exemptAngel : 0));
  527. continue;
  528. }
  529. if (elem && (s = Dict_getStringC(elem, "chroot"))) {
  530. Log_debug(log, "Security_chroot(%s)", s->bytes);
  531. Dict* d = Dict_new(tempAlloc);
  532. Dict_putStringC(d, "root", s, tempAlloc);
  533. rpcCall0(String_CONST("Security_chroot"), d, ctx, tempAlloc, NULL, false);
  534. chroot = 0;
  535. continue;
  536. }
  537. uint64_t* x;
  538. if (elem && (x = Dict_getIntC(elem, "nofiles"))) {
  539. if (!*x) { continue; }
  540. nofiles = 1;
  541. continue;
  542. }
  543. if (elem && (x = Dict_getIntC(elem, "setuser"))) {
  544. if (!*x) { setuser = 0; }
  545. continue;
  546. }
  547. if (elem && (x = Dict_getIntC(elem, "seccomp"))) {
  548. if (!*x) { seccomp = 0; }
  549. continue;
  550. }
  551. if (elem && (x = Dict_getIntC(elem, "noforks"))) {
  552. if (!*x) { noforks = 0; }
  553. continue;
  554. }
  555. if (elem && (x = Dict_getIntC(elem, "chroot"))) {
  556. if (!*x) { chroot = 0; }
  557. continue;
  558. }
  559. if (elem && (x = Dict_getIntC(elem, "setupComplete"))) {
  560. if (!*x) { setupComplete = 0; }
  561. continue;
  562. }
  563. Log_info(ctx->logger, "Unrecognized entry in security at index [%d]", i);
  564. }
  565. if (uid == -1) {
  566. Log_critical(ctx->logger,
  567. "User \"nobody\" doesn't exist and no alternative user is set");
  568. die(ctx->currentResult, ctx, tempAlloc);
  569. }
  570. if (chroot) {
  571. Log_debug(log, "Security_chroot(/var/run)");
  572. Dict* d = Dict_new(tempAlloc);
  573. Dict_putStringCC(d, "root", "/var/run/", tempAlloc);
  574. rpcCall0(String_CONST("Security_chroot"), d, ctx, tempAlloc, NULL, false);
  575. }
  576. if (setuser) {
  577. Log_debug(log, "Security_setUser(uid:%d, keepNetAdmin:%d)", uid, keepNetAdmin);
  578. Dict* d = Dict_new(tempAlloc);
  579. Dict_putIntC(d, "uid", uid, tempAlloc);
  580. if (group) {
  581. Dict_putIntC(d, "gid", (int)*group, tempAlloc);
  582. }
  583. Dict_putIntC(d, "keepNetAdmin", keepNetAdmin, tempAlloc);
  584. rpcCall0(String_CONST("Security_setUser"), d, ctx, tempAlloc, NULL, false);
  585. }
  586. if (noforks) {
  587. Log_debug(log, "Security_noforks()");
  588. Dict* d = Dict_new(tempAlloc);
  589. rpcCall(String_CONST("Security_noforks"), d, ctx, tempAlloc);
  590. }
  591. if (nofiles) {
  592. Log_debug(log, "Security_nofiles()");
  593. Dict* d = Dict_new(tempAlloc);
  594. rpcCall(String_CONST("Security_nofiles"), d, ctx, tempAlloc);
  595. }
  596. if (seccomp) {
  597. Log_debug(log, "Security_seccomp()");
  598. Dict* d = Dict_new(tempAlloc);
  599. rpcCall(String_CONST("Security_seccomp"), d, ctx, tempAlloc);
  600. }
  601. if (setupComplete) {
  602. Log_debug(log, "Security_setupComplete()");
  603. Dict* d = Dict_new(tempAlloc);
  604. rpcCall(String_CONST("Security_setupComplete"), d, ctx, tempAlloc);
  605. }
  606. }
  607. static int tryPing(struct Allocator* tempAlloc, struct Context* ctx)
  608. {
  609. Dict* resp = NULL;
  610. Dict* d = Dict_new(tempAlloc);
  611. rpcCall0(String_CONST("ping"), d, ctx, tempAlloc, &resp, false);
  612. if (!resp) { return -1; }
  613. String* q = Dict_getStringC(resp, "q");
  614. if (String_equals(q, String_CONST("pong"))) {
  615. return true;
  616. }
  617. return false;
  618. }
  619. static void awaken(void* vcontext)
  620. {
  621. struct Context* ctx = vcontext;
  622. EventBase_endLoop(ctx->base);
  623. }
  624. static void sleep(int milliseconds, struct Context* ctx, struct Allocator* temp)
  625. {
  626. Timeout_setTimeout(awaken, ctx, milliseconds, ctx->base, temp);
  627. EventBase_beginLoop(ctx->base);
  628. }
  629. static void waitUntilPong(struct Context* ctx)
  630. {
  631. for (int i = 0; i < 10; i++) {
  632. struct Allocator* temp = Allocator_child(ctx->alloc);
  633. if (tryPing(temp, ctx)) {
  634. Allocator_free(temp);
  635. return;
  636. }
  637. sleep(200, ctx, temp);
  638. Allocator_free(temp);
  639. }
  640. Assert_failure("Failed connecting to core (perhaps you have a firewall on loopback device?)");
  641. }
  642. void Configurator_config(Dict* config,
  643. struct Sockaddr* sockAddr,
  644. String* adminPassword,
  645. struct EventBase* eventBase,
  646. struct Log* logger,
  647. struct Allocator* alloc)
  648. {
  649. struct Allocator* tempAlloc = Allocator_child(alloc);
  650. struct UDPAddrIface* udp = Er_assert(UDPAddrIface_new(eventBase, NULL, alloc, logger));
  651. struct AdminClient* client =
  652. AdminClient_new(&udp->generic, sockAddr, adminPassword, eventBase, logger, tempAlloc);
  653. struct Context ctx = {
  654. .logger = logger,
  655. .alloc = tempAlloc,
  656. .client = client,
  657. .base = eventBase,
  658. };
  659. waitUntilPong(&ctx);
  660. List* authedPasswords = Dict_getListC(config, "authorizedPasswords");
  661. if (authedPasswords) {
  662. authorizedPasswords(authedPasswords, &ctx);
  663. }
  664. Dict* ifaces = Dict_getDictC(config, "interfaces");
  665. udpInterface(ifaces, &ctx);
  666. if (Defined(HAS_ETH_INTERFACE)) {
  667. ethInterface(ifaces, &ctx);
  668. }
  669. Dict* routerConf = Dict_getDictC(config, "router");
  670. routerConfig(routerConf, tempAlloc, &ctx);
  671. List* secList = Dict_getListC(config, "security");
  672. security(tempAlloc, secList, logger, &ctx);
  673. Log_debug(logger, "Cjdns started in the background");
  674. Allocator_free(tempAlloc);
  675. }