search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
curvetun: Fix issues detected by the Coverity scanner
[netsniff-ng.git] / curvetun_mgmt_users.c
blob52b20d87ad1ab35228c936ddc3eb0e7c67c456c6
1 /*
2 * netsniff-ng - the packet sniffing beast
3 * Copyright 2011 Daniel Borkmann.
4 * Subject to the GPL, version 2.
5 */
6
7 #include <stdio.h>
8 #include <stdint.h>
9 #include <stdlib.h>
10 #include <unistd.h>
11 #include <fcntl.h>
12 #include <string.h>
13 #include <syslog.h>
14 #include <limits.h>
15 #include <arpa/inet.h>
16
17 #include "die.h"
18 #include "locking.h"
19 #include "xmalloc.h"
20 #include "ioexact.h"
21 #include "ioops.h"
22 #include "str.h"
23 #include "curvetun.h"
24 #include "curve.h"
25 #include "crypto.h"
26 #include "curvetun_mgmt_users.h"
27 #include "hash.h"
28
29 struct user_store {
30 char username[256];
31 unsigned char publickey[crypto_box_pub_key_size];
32 struct curve25519_proto proto_inf;
33 struct user_store *next;
34 };
35
36 struct sock_map_entry {
37 int fd;
38 struct curve25519_proto *proto;
39 struct sock_map_entry *next;
40 };
41
42 struct sockaddr_map_entry {
43 struct sockaddr_storage *sa;
44 size_t sa_len;
45 struct curve25519_proto *proto;
46 struct sockaddr_map_entry *next;
47 };
48
49 static struct user_store *store = NULL;
50 static struct rwlock store_lock;
51
52 static struct hash_table sock_mapper;
53 static struct rwlock sock_map_lock;
54
55 static struct hash_table sockaddr_mapper;
56 static struct rwlock sockaddr_map_lock;
57
58 static unsigned char token[crypto_auth_hmacsha512256_KEYBYTES];
59
60 static void init_sock_mapper(void)
61 {
62 rwlock_init(&sock_map_lock);
63
64 rwlock_wr_lock(&sock_map_lock);
65
66 memset(&sock_mapper, 0, sizeof(sock_mapper));
67 init_hash(&sock_mapper);
68
69 rwlock_unlock(&sock_map_lock);
70 }
71
72 static void init_sockaddr_mapper(void)
73 {
74 rwlock_init(&sockaddr_map_lock);
75 rwlock_wr_lock(&sockaddr_map_lock);
76
77 memset(&sockaddr_mapper, 0, sizeof(sockaddr_mapper));
78 init_hash(&sockaddr_mapper);
79
80 rwlock_unlock(&sockaddr_map_lock);
81 }
82
83 static int cleanup_batch_sock_mapper(void *ptr)
84 {
85 struct sock_map_entry *next;
86 struct sock_map_entry *e = ptr;
87
88 if (!e)
89 return 0;
90
91 while ((next = e->next)) {
92 e->next = NULL;
93 xfree(e);
94 e = next;
95 }
96
97 xfree(e);
98
99 return 0;
100 }
101
102 static void destroy_sock_mapper(void)
103 {
104 rwlock_wr_lock(&sock_map_lock);
105 for_each_hash(&sock_mapper, cleanup_batch_sock_mapper);
106 free_hash(&sock_mapper);
107 rwlock_unlock(&sock_map_lock);
108
109 rwlock_destroy(&sock_map_lock);
110 }
111
112 static int cleanup_batch_sockaddr_mapper(void *ptr)
113 {
114 struct sockaddr_map_entry *next;
115 struct sockaddr_map_entry *e = ptr;
116
117 if (!e)
118 return 0;
119
120 while ((next = e->next)) {
121 e->next = NULL;
122 xfree(e);
123 e = next;
124 }
125
126 xfree(e);
127 return 0;
128 }
129
130 static void destroy_sockaddr_mapper(void)
131 {
132 rwlock_wr_lock(&sockaddr_map_lock);
133 for_each_hash(&sockaddr_mapper, cleanup_batch_sockaddr_mapper);
134 free_hash(&sockaddr_mapper);
135 rwlock_unlock(&sockaddr_map_lock);
136
137 rwlock_destroy(&sockaddr_map_lock);
138 }
139
140 static struct user_store *user_store_alloc(void)
141 {
142 return xzmalloc(sizeof(struct user_store));
143 }
144
145 static void user_store_free(struct user_store *us)
146 {
147 if (!us)
148 return;
149 memset(us, 0, sizeof(struct user_store));
150 xfree(us);
151 }
152
153 /* already in lock */
154 static int __check_duplicate_username(char *username, size_t len)
155 {
156 int duplicate = 0;
157 struct user_store *elem = store;
158
159 while (elem) {
160 if (!memcmp(elem->username, username,
161 strlen(elem->username) + 1)) {
162 duplicate = 1;
163 break;
164 }
165 elem = elem->next;
166 }
167
168 return duplicate;
169 }
170
171 /* already in lock */
172 static int __check_duplicate_pubkey(unsigned char *pubkey, size_t len)
173 {
174 int duplicate = 0;
175 struct user_store *elem = store;
176
177 while (elem) {
178 if (!memcmp(elem->publickey, pubkey,
179 sizeof(elem->publickey))) {
180 duplicate = 1;
181 break;
182 }
183 elem = elem->next;
184 }
185
186 return duplicate;
187 }
188
189 enum parse_states {
190 PARSE_USERNAME,
191 PARSE_PUBKEY,
192 PARSE_DONE,
193 };
194
195 static int parse_line(char *line, char *homedir)
196 {
197 char *str;
198 enum parse_states s = PARSE_USERNAME;
199 struct user_store *elem;
200 unsigned char pkey[crypto_box_pub_key_size];
201
202 elem = user_store_alloc();
203 elem->next = store;
204
205 str = strtok(line, ";");
206 for (; str != NULL;) {
207 switch (s) {
208 case PARSE_USERNAME:
209 if (__check_duplicate_username(str, strlen(str) + 1)) {
210 user_store_free(elem);
211 return -EINVAL;
212 }
213 strlcpy(elem->username, str, sizeof(elem->username));
214 s = PARSE_PUBKEY;
215 break;
216 case PARSE_PUBKEY:
217 if (!curve25519_pubkey_hexparse_32(pkey, sizeof(pkey),
218 str, strlen(str))) {
219 user_store_free(elem);
220 return -EINVAL;
221 }
222 if (__check_duplicate_pubkey(pkey, sizeof(pkey))) {
223 user_store_free(elem);
224 return -EINVAL;
225 }
226 memcpy(elem->publickey, pkey, sizeof(elem->publickey));
227 curve25519_proto_init(&elem->proto_inf, elem->publickey, sizeof(elem->publickey));
228 s = PARSE_DONE;
229 break;
230 case PARSE_DONE:
231 break;
232 default:
233 user_store_free(elem);
234 return -EIO;
235 }
236
237 str = strtok(NULL, ";");
238 }
239
240 store = elem;
241 return s == PARSE_DONE ? 0 : -EIO;
242 }
243
244 void parse_userfile_and_generate_user_store_or_die(char *homedir)
245 {
246 FILE *fp;
247 char path[PATH_MAX], buff[512];
248 int line = 1, ret, fd;
249
250 memset(path, 0, sizeof(path));
251 slprintf(path, sizeof(path), "%s/%s", homedir, FILE_CLIENTS);
252
253 rwlock_init(&store_lock);
254 rwlock_wr_lock(&store_lock);
255
256 fp = fopen(path, "r");
257 if (!fp)
258 panic("Cannot open client file!\n");
259
260 memset(buff, 0, sizeof(buff));
261 while (fgets(buff, sizeof(buff), fp) != NULL) {
262 buff[sizeof(buff) - 1] = 0;
263 /* A comment. Skip this line */
264 if (buff[0] == '#' || buff[0] == '\n') {
265 memset(buff, 0, sizeof(buff));
266 line++;
267 continue;
268 }
269
270 ret = parse_line(buff, homedir);
271 if (ret < 0)
272 panic("Cannot parse line %d from clients!\n", line);
273 line++;
274 memset(buff, 0, sizeof(buff));
275 }
276
277 fclose(fp);
278
279 if (store == NULL)
280 panic("No registered clients found!\n");
281
282 rwlock_unlock(&store_lock);
283
284 init_sock_mapper();
285 init_sockaddr_mapper();
286
287 /*
288 * Pubkey is also used as a hmac of the initial packet to check
289 * the integrity of the packet, so that we know if it's just random
290 * garbage or a 'valid' packet. Again, just for the integrity!
291 */
292
293 memset(path, 0, sizeof(path));
294 slprintf(path, sizeof(path), "%s/%s", homedir, FILE_PUBKEY);
295
296 fd = open_or_die(path, O_RDONLY);
297 ret = read(fd, token, sizeof(token));
298 if (ret != crypto_auth_hmacsha512256_KEYBYTES)
299 panic("Cannot read public key!\n");
300 close(fd);
301 }
302
303 void dump_user_store(void)
304 {
305 int i;
306 struct user_store *elem;
307
308 rwlock_rd_lock(&store_lock);
309
310 elem = store;
311 while (elem) {
312 printf("%s -> ", elem->username);
313 for (i = 0; i < sizeof(elem->publickey); ++i)
314 if (i == (sizeof(elem->publickey) - 1))
315 printf("%02x\n", (unsigned char)
316 elem->publickey[i]);
317 else
318 printf("%02x:", (unsigned char)
319 elem->publickey[i]);
320 elem = elem->next;
321 }
322
323 rwlock_unlock(&store_lock);
324 }
325
326 void destroy_user_store(void)
327 {
328 struct user_store *elem, *nelem = NULL;
329
330 rwlock_wr_lock(&store_lock);
331
332 elem = store;
333 while (elem) {
334 nelem = elem->next;
335 elem->next = NULL;
336 user_store_free(elem);
337 elem = nelem;
338 }
339 rwlock_unlock(&store_lock);
340
341 rwlock_destroy(&store_lock);
342
343 destroy_sock_mapper();
344 destroy_sockaddr_mapper();
345 }
346
347 int username_msg(char *username, size_t len, char *dst, size_t dlen)
348 {
349 int fd;
350 ssize_t ret;
351 uint32_t salt;
352 unsigned char h[crypto_hash_sha512_BYTES];
353 struct username_struct *us = (struct username_struct *) dst;
354 char *uname;
355 size_t uname_len;
356
357 if (dlen < sizeof(struct username_struct))
358 return -ENOMEM;
359
360 uname_len = 512;
361 uname = xzmalloc(uname_len);
362
363 fd = open_or_die("/dev/random", O_RDONLY);
364 ret = read_exact(fd, &salt, sizeof(salt), 0);
365 if (ret != sizeof(salt))
366 panic("Cannot read from /dev/random!\n");
367 close(fd);
368
369 slprintf(uname, uname_len, "%s%u", username, salt);
370 crypto_hash_sha512(h, (unsigned char *) uname, strlen(uname));
371
372 us->salt = htonl(salt);
373 memcpy(us->hash, h, sizeof(us->hash));
374
375 xfree(uname);
376 return 0;
377 }
378
379 enum is_user_enum username_msg_is_user(char *src, size_t slen, char *username,
380 size_t len)
381 {
382 char *uname;
383 size_t uname_len;
384 uint32_t salt;
385 struct username_struct *us = (struct username_struct *) src;
386 unsigned char h[crypto_hash_sha512_BYTES];
387
388 if (slen < sizeof(struct username_struct)) {
389 errno = ENOMEM;
390 return USERNAMES_ERR;
391 }
392
393 uname_len = 512;
394 uname = xzmalloc(uname_len);
395
396 salt = ntohl(us->salt);
397
398 slprintf(uname, uname_len, "%s%u", username, salt);
399 crypto_hash_sha512(h, (unsigned char *) uname, strlen(uname));
400 xfree(uname);
401
402 if (!crypto_verify_32(&h[0], &us->hash[0]) &&
403 !crypto_verify_32(&h[32], &us->hash[32]))
404 return USERNAMES_OK;
405 else
406 return USERNAMES_NE;
407 }
408
409 static int register_user_by_socket(int fd, struct curve25519_proto *proto)
410 {
411 void **pos;
412 struct sock_map_entry *entry;
413
414 rwlock_wr_lock(&sock_map_lock);
415
416 entry = xzmalloc(sizeof(*entry));
417 entry->fd = fd;
418 entry->proto = proto;
419
420 pos = insert_hash(entry->fd, entry, &sock_mapper);
421 if (pos) {
422 entry->next = (*pos);
423 (*pos) = entry;
424 }
425
426 rwlock_unlock(&sock_map_lock);
427
428 return 0;
429 }
430
431 static int register_user_by_sockaddr(struct sockaddr_storage *sa,
432 size_t sa_len,
433 struct curve25519_proto *proto)
434 {
435 void **pos;
436 struct sockaddr_map_entry *entry;
437 unsigned int hash = hash_name((char *) sa, sa_len);
438
439 rwlock_wr_lock(&sockaddr_map_lock);
440
441 entry = xzmalloc(sizeof(*entry));
442 entry->sa = xmemdupz(sa, sa_len);
443 entry->sa_len = sa_len;
444 entry->proto = proto;
445
446 pos = insert_hash(hash, entry, &sockaddr_mapper);
447 if (pos) {
448 entry->next = (*pos);
449 (*pos) = entry;
450 }
451
452 rwlock_unlock(&sockaddr_map_lock);
453
454 return 0;
455 }
456
457 int try_register_user_by_socket(struct curve25519_struct *c,
458 char *src, size_t slen, int sock, int log)
459 {
460 int ret = -1;
461 char *cbuff = NULL;
462 size_t real_len = 132;
463 ssize_t clen;
464 struct user_store *elem;
465 enum is_user_enum err;
466 unsigned char auth[crypto_auth_hmacsha512256_BYTES];
467 struct taia arrival_taia;
468
469 /* assert(132 == clen + sizeof(auth)); */
470 /*
471 * Check hmac first, if malicious, drop immediately before we
472 * investigate more efforts.
473 */
474 if (slen < real_len)
475 return -1;
476
477 taia_now(&arrival_taia);
478
479 memcpy(auth, src, sizeof(auth));
480
481 src += sizeof(auth);
482 real_len -= sizeof(auth);
483
484 if (crypto_auth_hmacsha512256_verify(auth, (unsigned char *) src,
485 real_len, token)) {
486 syslog(LOG_ERR, "Bad packet hmac for id %d! Dropping!\n", sock);
487 return -1;
488 } else {
489 if (log)
490 syslog(LOG_INFO, "Good packet hmac for id %d!\n", sock);
491 }
492
493 rwlock_rd_lock(&store_lock);
494
495 elem = store;
496 while (elem) {
497 clen = curve25519_decode(c, &elem->proto_inf,
498 (unsigned char *) src, real_len,
499 (unsigned char **) &cbuff,
500 &arrival_taia);
501 if (clen <= 0) {
502 elem = elem->next;
503 continue;
504 }
505
506 cbuff += crypto_box_zerobytes;
507 clen -= crypto_box_zerobytes;
508
509 if (log)
510 syslog(LOG_INFO, "Packet decoded successfully for id %d!\n", sock);
511
512 err = username_msg_is_user(cbuff, clen, elem->username,
513 strlen(elem->username) + 1);
514 if (err == USERNAMES_OK) {
515 if (log)
516 syslog(LOG_INFO, "Found user %s for id %d! Registering ...\n",
517 elem->username, sock);
518 ret = register_user_by_socket(sock, &elem->proto_inf);
519 break;
520 }
521
522 elem = elem->next;
523 }
524
525 rwlock_unlock(&store_lock);
526
527 if (ret == -1)
528 syslog(LOG_ERR, "User not found! Dropping connection!\n");
529
530 return ret;
531 }
532
533 int try_register_user_by_sockaddr(struct curve25519_struct *c,
534 char *src, size_t slen,
535 struct sockaddr_storage *sa,
536 size_t sa_len, int log)
537 {
538 int ret = -1;
539 char *cbuff = NULL;
540 struct user_store *elem;
541 ssize_t clen;
542 size_t real_len = 132;
543 enum is_user_enum err;
544 unsigned char auth[crypto_auth_hmacsha512256_BYTES];
545 struct taia arrival_taia;
546
547 /* assert(132 == clen + sizeof(auth)); */
548 /*
549 * Check hmac first, if malicious, drop immediately before we
550 * investigate more efforts.
551 */
552 if (slen < real_len)
553 return -1;
554
555 taia_now(&arrival_taia);
556
557 memcpy(auth, src, sizeof(auth));
558
559 src += sizeof(auth);
560 real_len -= sizeof(auth);
561
562 if (crypto_auth_hmacsha512256_verify(auth, (unsigned char *) src,
563 real_len, token)) {
564 syslog(LOG_ERR, "Got bad packet hmac! Dropping!\n");
565 return -1;
566 } else {
567 if (log)
568 syslog(LOG_INFO, "Got good packet hmac!\n");
569 }
570
571 rwlock_rd_lock(&store_lock);
572
573 elem = store;
574 while (elem) {
575 clen = curve25519_decode(c, &elem->proto_inf,
576 (unsigned char *) src, real_len,
577 (unsigned char **) &cbuff,
578 &arrival_taia);
579 if (clen <= 0) {
580 elem = elem->next;
581 continue;
582 }
583
584 cbuff += crypto_box_zerobytes;
585 clen -= crypto_box_zerobytes;
586
587 if (log)
588 syslog(LOG_INFO, "Packet decoded successfully!\n");
589
590 err = username_msg_is_user(cbuff, clen, elem->username,
591 strlen(elem->username) + 1);
592 if (err == USERNAMES_OK) {
593 if (log)
594 syslog(LOG_INFO, "Found user %s! Registering ...\n",
595 elem->username);
596 ret = register_user_by_sockaddr(sa, sa_len,
597 &elem->proto_inf);
598 break;
599 }
600
601 elem = elem->next;
602 }
603
604 rwlock_unlock(&store_lock);
605
606 if (ret == -1)
607 syslog(LOG_ERR, "User not found! Dropping connection!\n");
608
609 return ret;
610 }
611
612 int get_user_by_socket(int fd, struct curve25519_proto **proto)
613 {
614 int ret = -1;
615 struct sock_map_entry *entry;
616
617 errno = 0;
618
619 rwlock_rd_lock(&sock_map_lock);
620
621 entry = lookup_hash(fd, &sock_mapper);
622 while (entry && fd != entry->fd)
623 entry = entry->next;
624 if (entry && fd == entry->fd) {
625 (*proto) = entry->proto;
626 ret = 0;
627 } else {
628 (*proto) = NULL;
629 errno = ENOENT;
630 }
631
632 rwlock_unlock(&sock_map_lock);
633
634 return ret;
635 }
636
637 int get_user_by_sockaddr(struct sockaddr_storage *sa, size_t sa_len,
638 struct curve25519_proto **proto)
639 {
640 int ret = -1;
641 struct sockaddr_map_entry *entry;
642 unsigned int hash = hash_name((char *) sa, sa_len);
643
644 errno = 0;
645
646 rwlock_rd_lock(&sockaddr_map_lock);
647
648 entry = lookup_hash(hash, &sockaddr_mapper);
649 while (entry && entry->sa_len == sa_len &&
650 memcmp(sa, entry->sa, entry->sa_len))
651 entry = entry->next;
652 if (entry && entry->sa_len == sa_len &&
653 !memcmp(sa, entry->sa, entry->sa_len)) {
654 (*proto) = entry->proto;
655 ret = 0;
656 } else {
657 (*proto) = NULL;
658 errno = ENOENT;
659 }
660
661 rwlock_unlock(&sockaddr_map_lock);
662
663 return ret;
664 }
665
666 static struct sock_map_entry *socket_to_sock_map_entry(int fd)
667 {
668 struct sock_map_entry *entry, *ret = NULL;
669
670 errno = 0;
671
672 rwlock_rd_lock(&sock_map_lock);
673
674 entry = lookup_hash(fd, &sock_mapper);
675 while (entry && fd != entry->fd)
676 entry = entry->next;
677 if (entry && fd == entry->fd)
678 ret = entry;
679 else
680 errno = ENOENT;
681
682 rwlock_unlock(&sock_map_lock);
683
684 return ret;
685 }
686
687 void remove_user_by_socket(int fd)
688 {
689 struct sock_map_entry *pos;
690 struct sock_map_entry *entry = socket_to_sock_map_entry(fd);
691
692 if (!entry)
693 return;
694
695 rwlock_wr_lock(&sock_map_lock);
696
697 pos = remove_hash(entry->fd, entry, entry->next, &sock_mapper);
698 while (pos && pos->next && pos->next != entry)
699 pos = pos->next;
700 if (pos && pos->next && pos->next == entry)
701 pos->next = entry->next;
702
703 memset(entry->proto->enonce, 0, sizeof(entry->proto->enonce));
704 memset(entry->proto->dnonce, 0, sizeof(entry->proto->dnonce));
705
706 entry->proto = NULL;
707 entry->next = NULL;
708
709 xfree(entry);
710
711 rwlock_unlock(&sock_map_lock);
712 }
713
714 static struct sockaddr_map_entry *
715 sockaddr_to_sockaddr_map_entry(struct sockaddr_storage *sa, size_t sa_len)
716 {
717 struct sockaddr_map_entry *entry, *ret = NULL;
718 unsigned int hash = hash_name((char *) sa, sa_len);
719
720 errno = 0;
721
722 rwlock_rd_lock(&sockaddr_map_lock);
723
724 entry = lookup_hash(hash, &sockaddr_mapper);
725 while (entry && entry->sa_len == sa_len &&
726 memcmp(sa, entry->sa, entry->sa_len))
727 entry = entry->next;
728 if (entry && entry->sa_len == sa_len &&
729 !memcmp(sa, entry->sa, entry->sa_len))
730 ret = entry;
731 else
732 errno = ENOENT;
733
734 rwlock_unlock(&sockaddr_map_lock);
735
736 return ret;
737 }
738
739 void remove_user_by_sockaddr(struct sockaddr_storage *sa, size_t sa_len)
740 {
741 struct sockaddr_map_entry *pos;
742 struct sockaddr_map_entry *entry;
743 unsigned int hash = hash_name((char *) sa, sa_len);
744
745 entry = sockaddr_to_sockaddr_map_entry(sa, sa_len);
746 if (!entry)
747 return;
748
749 rwlock_wr_lock(&sockaddr_map_lock);
750
751 pos = remove_hash(hash, entry, entry->next, &sockaddr_mapper);
752 while (pos && pos->next && pos->next != entry)
753 pos = pos->next;
754 if (pos && pos->next && pos->next == entry)
755 pos->next = entry->next;
756
757 memset(entry->proto->enonce, 0, sizeof(entry->proto->enonce));
758 memset(entry->proto->dnonce, 0, sizeof(entry->proto->dnonce));
759
760 entry->proto = NULL;
761 entry->next = NULL;
762
763 xfree(entry->sa);
764 xfree(entry);
765
766 rwlock_unlock(&sockaddr_map_lock);
767 }
netsniff-ng toolkit, the packet sniffing beast, staging tree