search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
netsniff-ng: tpacketv3: 'fix' packet accounting output
[netsniff-ng.git] / ct_usermgmt.c
blobc303cd53c9028f78c1c11b120cf18f14cc4a50e1
1 /*
2 * netsniff-ng - the packet sniffing beast
3 * Copyright 2011 Daniel Borkmann.
4 * Subject to the GPL, version 2.
5 */
6
7 #include <stdio.h>
8 #include <stdint.h>
9 #include <stdlib.h>
10 #include <unistd.h>
11 #include <fcntl.h>
12 #include <string.h>
13 #include <syslog.h>
14 #include <limits.h>
15 #include <arpa/inet.h>
16
17 #include "die.h"
18 #include "ct_usermgmt.h"
19 #include "locking.h"
20 #include "xmalloc.h"
21 #include "ioexact.h"
22 #include "ioops.h"
23 #include "str.h"
24 #include "curvetun.h"
25 #include "curve.h"
26 #include "crypto.h"
27 #include "hash.h"
28
29 struct user_store {
30 char username[256];
31 unsigned char publickey[crypto_box_pub_key_size];
32 struct curve25519_proto proto_inf;
33 struct user_store *next;
34 };
35
36 struct sock_map_entry {
37 int fd;
38 struct curve25519_proto *proto;
39 struct sock_map_entry *next;
40 };
41
42 struct sockaddr_map_entry {
43 struct sockaddr_storage *sa;
44 size_t sa_len;
45 struct curve25519_proto *proto;
46 struct sockaddr_map_entry *next;
47 };
48
49 static struct user_store *store = NULL;
50 static struct rwlock store_lock;
51
52 static struct hash_table sock_mapper;
53 static struct rwlock sock_map_lock;
54
55 static struct hash_table sockaddr_mapper;
56 static struct rwlock sockaddr_map_lock;
57
58 static unsigned char token[crypto_auth_hmacsha512256_KEYBYTES];
59
60 static void init_sock_mapper(void)
61 {
62 rwlock_init(&sock_map_lock);
63
64 rwlock_wr_lock(&sock_map_lock);
65
66 memset(&sock_mapper, 0, sizeof(sock_mapper));
67 init_hash(&sock_mapper);
68
69 rwlock_unlock(&sock_map_lock);
70 }
71
72 static void init_sockaddr_mapper(void)
73 {
74 rwlock_init(&sockaddr_map_lock);
75 rwlock_wr_lock(&sockaddr_map_lock);
76
77 memset(&sockaddr_mapper, 0, sizeof(sockaddr_mapper));
78 init_hash(&sockaddr_mapper);
79
80 rwlock_unlock(&sockaddr_map_lock);
81 }
82
83 static int cleanup_batch_sock_mapper(void *ptr)
84 {
85 struct sock_map_entry *next;
86 struct sock_map_entry *e = ptr;
87
88 if (!e)
89 return 0;
90
91 while ((next = e->next)) {
92 e->next = NULL;
93 xfree(e);
94 e = next;
95 }
96
97 xfree(e);
98
99 return 0;
100 }
101
102 static void destroy_sock_mapper(void)
103 {
104 rwlock_wr_lock(&sock_map_lock);
105 for_each_hash(&sock_mapper, cleanup_batch_sock_mapper);
106 free_hash(&sock_mapper);
107 rwlock_unlock(&sock_map_lock);
108
109 rwlock_destroy(&sock_map_lock);
110 }
111
112 static int cleanup_batch_sockaddr_mapper(void *ptr)
113 {
114 struct sockaddr_map_entry *next;
115 struct sockaddr_map_entry *e = ptr;
116
117 if (!e)
118 return 0;
119
120 while ((next = e->next)) {
121 e->next = NULL;
122 xfree(e);
123 e = next;
124 }
125
126 xfree(e);
127 return 0;
128 }
129
130 static void destroy_sockaddr_mapper(void)
131 {
132 rwlock_wr_lock(&sockaddr_map_lock);
133 for_each_hash(&sockaddr_mapper, cleanup_batch_sockaddr_mapper);
134 free_hash(&sockaddr_mapper);
135 rwlock_unlock(&sockaddr_map_lock);
136
137 rwlock_destroy(&sockaddr_map_lock);
138 }
139
140 static struct user_store *user_store_alloc(void)
141 {
142 return xzmalloc(sizeof(struct user_store));
143 }
144
145 static void user_store_free(struct user_store *us)
146 {
147 if (!us)
148 return;
149 memset(us, 0, sizeof(struct user_store));
150 xfree(us);
151 }
152
153 /* already in lock */
154 static int __check_duplicate_username(char *username, size_t len)
155 {
156 int duplicate = 0;
157 struct user_store *elem = store;
158
159 while (elem) {
160 if (!memcmp(elem->username, username,
161 strlen(elem->username) + 1)) {
162 duplicate = 1;
163 break;
164 }
165 elem = elem->next;
166 }
167
168 return duplicate;
169 }
170
171 /* already in lock */
172 static int __check_duplicate_pubkey(unsigned char *pubkey, size_t len)
173 {
174 int duplicate = 0;
175 struct user_store *elem = store;
176
177 while (elem) {
178 if (!memcmp(elem->publickey, pubkey,
179 sizeof(elem->publickey))) {
180 duplicate = 1;
181 break;
182 }
183 elem = elem->next;
184 }
185
186 return duplicate;
187 }
188
189 enum parse_states {
190 PARSE_USERNAME,
191 PARSE_PUBKEY,
192 PARSE_DONE,
193 };
194
195 static int parse_line(char *line, char *homedir)
196 {
197 char *str;
198 enum parse_states s = PARSE_USERNAME;
199 struct user_store *elem;
200 unsigned char pkey[crypto_box_pub_key_size];
201
202 elem = user_store_alloc();
203 elem->next = store;
204
205 str = strtok(line, ";");
206 for (; str != NULL;) {
207 switch (s) {
208 case PARSE_USERNAME:
209 if (__check_duplicate_username(str, strlen(str) + 1))
210 return -EINVAL;
211 strlcpy(elem->username, str, sizeof(elem->username));
212 s = PARSE_PUBKEY;
213 break;
214 case PARSE_PUBKEY:
215 if (!curve25519_pubkey_hexparse_32(pkey, sizeof(pkey),
216 str, strlen(str)))
217 return -EINVAL;
218 if (__check_duplicate_pubkey(pkey, sizeof(pkey)))
219 return -EINVAL;
220 memcpy(elem->publickey, pkey, sizeof(elem->publickey));
221 curve25519_proto_init(&elem->proto_inf, elem->publickey, sizeof(elem->publickey));
222 s = PARSE_DONE;
223 break;
224 case PARSE_DONE:
225 break;
226 default:
227 return -EIO;
228 }
229
230 str = strtok(NULL, ";");
231 }
232
233 store = elem;
234 return s == PARSE_DONE ? 0 : -EIO;
235 }
236
237 void parse_userfile_and_generate_user_store_or_die(char *homedir)
238 {
239 FILE *fp;
240 char path[PATH_MAX], buff[512];
241 int line = 1, ret, fd;
242
243 memset(path, 0, sizeof(path));
244 slprintf(path, sizeof(path), "%s/%s", homedir, FILE_CLIENTS);
245
246 rwlock_init(&store_lock);
247 rwlock_wr_lock(&store_lock);
248
249 fp = fopen(path, "r");
250 if (!fp)
251 panic("Cannot open client file!\n");
252
253 memset(buff, 0, sizeof(buff));
254 while (fgets(buff, sizeof(buff), fp) != NULL) {
255 buff[sizeof(buff) - 1] = 0;
256 /* A comment. Skip this line */
257 if (buff[0] == '#' || buff[0] == '\n') {
258 memset(buff, 0, sizeof(buff));
259 line++;
260 continue;
261 }
262
263 ret = parse_line(buff, homedir);
264 if (ret < 0)
265 panic("Cannot parse line %d from clients!\n", line);
266 line++;
267 memset(buff, 0, sizeof(buff));
268 }
269
270 fclose(fp);
271
272 if (store == NULL)
273 panic("No registered clients found!\n");
274
275 rwlock_unlock(&store_lock);
276
277 init_sock_mapper();
278 init_sockaddr_mapper();
279
280 /*
281 * Pubkey is also used as a hmac of the initial packet to check
282 * the integrity of the packet, so that we know if it's just random
283 * garbage or a 'valid' packet. Again, just for the integrity!
284 */
285
286 memset(path, 0, sizeof(path));
287 slprintf(path, sizeof(path), "%s/%s", homedir, FILE_PUBKEY);
288
289 fd = open_or_die(path, O_RDONLY);
290 ret = read(fd, token, sizeof(token));
291 if (ret != crypto_auth_hmacsha512256_KEYBYTES)
292 panic("Cannot read public key!\n");
293 close(fd);
294 }
295
296 void dump_user_store(void)
297 {
298 int i;
299 struct user_store *elem;
300
301 rwlock_rd_lock(&store_lock);
302
303 elem = store;
304 while (elem) {
305 printf("%s -> ", elem->username);
306 for (i = 0; i < sizeof(elem->publickey); ++i)
307 if (i == (sizeof(elem->publickey) - 1))
308 printf("%02x\n", (unsigned char)
309 elem->publickey[i]);
310 else
311 printf("%02x:", (unsigned char)
312 elem->publickey[i]);
313 elem = elem->next;
314 }
315
316 rwlock_unlock(&store_lock);
317 }
318
319 void destroy_user_store(void)
320 {
321 struct user_store *elem, *nelem = NULL;
322
323 rwlock_wr_lock(&store_lock);
324
325 elem = store;
326 while (elem) {
327 nelem = elem->next;
328 elem->next = NULL;
329 user_store_free(elem);
330 elem = nelem;
331 }
332 rwlock_unlock(&store_lock);
333
334 rwlock_destroy(&store_lock);
335
336 destroy_sock_mapper();
337 destroy_sockaddr_mapper();
338 }
339
340 int username_msg(char *username, size_t len, char *dst, size_t dlen)
341 {
342 int fd;
343 ssize_t ret;
344 uint32_t salt;
345 unsigned char h[crypto_hash_sha512_BYTES];
346 struct username_struct *us = (struct username_struct *) dst;
347 char *uname;
348 size_t uname_len;
349
350 if (dlen < sizeof(struct username_struct))
351 return -ENOMEM;
352
353 uname_len = 512;
354 uname = xzmalloc(uname_len);
355
356 fd = open_or_die("/dev/random", O_RDONLY);
357 ret = read_exact(fd, &salt, sizeof(salt), 0);
358 if (ret != sizeof(salt))
359 panic("Cannot read from /dev/random!\n");
360 close(fd);
361
362 slprintf(uname, uname_len, "%s%u", username, salt);
363 crypto_hash_sha512(h, (unsigned char *) uname, strlen(uname));
364
365 us->salt = htonl(salt);
366 memcpy(us->hash, h, sizeof(us->hash));
367
368 xfree(uname);
369 return 0;
370 }
371
372 enum is_user_enum username_msg_is_user(char *src, size_t slen, char *username,
373 size_t len)
374 {
375 char *uname;
376 size_t uname_len;
377 uint32_t salt;
378 struct username_struct *us = (struct username_struct *) src;
379 unsigned char h[crypto_hash_sha512_BYTES];
380
381 if (slen < sizeof(struct username_struct)) {
382 errno = ENOMEM;
383 return USERNAMES_ERR;
384 }
385
386 uname_len = 512;
387 uname = xzmalloc(uname_len);
388
389 salt = ntohl(us->salt);
390
391 slprintf(uname, uname_len, "%s%u", username, salt);
392 crypto_hash_sha512(h, (unsigned char *) uname, strlen(uname));
393 xfree(uname);
394
395 if (!crypto_verify_32(&h[0], &us->hash[0]) &&
396 !crypto_verify_32(&h[32], &us->hash[32]))
397 return USERNAMES_OK;
398 else
399 return USERNAMES_NE;
400 }
401
402 static int register_user_by_socket(int fd, struct curve25519_proto *proto)
403 {
404 void **pos;
405 struct sock_map_entry *entry;
406
407 rwlock_wr_lock(&sock_map_lock);
408
409 entry = xzmalloc(sizeof(*entry));
410 entry->fd = fd;
411 entry->proto = proto;
412
413 pos = insert_hash(entry->fd, entry, &sock_mapper);
414 if (pos) {
415 entry->next = (*pos);
416 (*pos) = entry;
417 }
418
419 rwlock_unlock(&sock_map_lock);
420
421 return 0;
422 }
423
424 static int register_user_by_sockaddr(struct sockaddr_storage *sa,
425 size_t sa_len,
426 struct curve25519_proto *proto)
427 {
428 void **pos;
429 struct sockaddr_map_entry *entry;
430 unsigned int hash = hash_name((char *) sa, sa_len);
431
432 rwlock_wr_lock(&sockaddr_map_lock);
433
434 entry = xzmalloc(sizeof(*entry));
435 entry->sa = xmemdupz(sa, sa_len);
436 entry->sa_len = sa_len;
437 entry->proto = proto;
438
439 pos = insert_hash(hash, entry, &sockaddr_mapper);
440 if (pos) {
441 entry->next = (*pos);
442 (*pos) = entry;
443 }
444
445 rwlock_unlock(&sockaddr_map_lock);
446
447 return 0;
448 }
449
450 int try_register_user_by_socket(struct curve25519_struct *c,
451 char *src, size_t slen, int sock, int log)
452 {
453 int ret = -1;
454 char *cbuff = NULL;
455 size_t real_len = 132;
456 ssize_t clen;
457 struct user_store *elem;
458 enum is_user_enum err;
459 unsigned char auth[crypto_auth_hmacsha512256_BYTES];
460 struct taia arrival_taia;
461
462 /* assert(132 == clen + sizeof(auth)); */
463 /*
464 * Check hmac first, if malicious, drop immediately before we
465 * investigate more efforts.
466 */
467 if (slen < real_len)
468 return -1;
469
470 taia_now(&arrival_taia);
471
472 memcpy(auth, src, sizeof(auth));
473
474 src += sizeof(auth);
475 real_len -= sizeof(auth);
476
477 if (crypto_auth_hmacsha512256_verify(auth, (unsigned char *) src,
478 real_len, token)) {
479 syslog(LOG_ERR, "Bad packet hmac for id %d! Dropping!\n", sock);
480 return -1;
481 } else {
482 if (log)
483 syslog(LOG_INFO, "Good packet hmac for id %d!\n", sock);
484 }
485
486 rwlock_rd_lock(&store_lock);
487
488 elem = store;
489 while (elem) {
490 clen = curve25519_decode(c, &elem->proto_inf,
491 (unsigned char *) src, real_len,
492 (unsigned char **) &cbuff,
493 &arrival_taia);
494 if (clen <= 0) {
495 elem = elem->next;
496 continue;
497 }
498
499 cbuff += crypto_box_zerobytes;
500 clen -= crypto_box_zerobytes;
501
502 if (log)
503 syslog(LOG_INFO, "Packet decoded successfully for id %d!\n", sock);
504
505 err = username_msg_is_user(cbuff, clen, elem->username,
506 strlen(elem->username) + 1);
507 if (err == USERNAMES_OK) {
508 if (log)
509 syslog(LOG_INFO, "Found user %s for id %d! Registering ...\n",
510 elem->username, sock);
511 ret = register_user_by_socket(sock, &elem->proto_inf);
512 break;
513 }
514
515 elem = elem->next;
516 }
517
518 rwlock_unlock(&store_lock);
519
520 if (ret == -1)
521 syslog(LOG_ERR, "User not found! Dropping connection!\n");
522
523 return ret;
524 }
525
526 int try_register_user_by_sockaddr(struct curve25519_struct *c,
527 char *src, size_t slen,
528 struct sockaddr_storage *sa,
529 size_t sa_len, int log)
530 {
531 int ret = -1;
532 char *cbuff = NULL;
533 struct user_store *elem;
534 ssize_t clen;
535 size_t real_len = 132;
536 enum is_user_enum err;
537 unsigned char auth[crypto_auth_hmacsha512256_BYTES];
538 struct taia arrival_taia;
539
540 /* assert(132 == clen + sizeof(auth)); */
541 /*
542 * Check hmac first, if malicious, drop immediately before we
543 * investigate more efforts.
544 */
545 if (slen < real_len)
546 return -1;
547
548 taia_now(&arrival_taia);
549
550 memcpy(auth, src, sizeof(auth));
551
552 src += sizeof(auth);
553 real_len -= sizeof(auth);
554
555 if (crypto_auth_hmacsha512256_verify(auth, (unsigned char *) src,
556 real_len, token)) {
557 syslog(LOG_ERR, "Got bad packet hmac! Dropping!\n");
558 return -1;
559 } else {
560 if (log)
561 syslog(LOG_INFO, "Got good packet hmac!\n");
562 }
563
564 rwlock_rd_lock(&store_lock);
565
566 elem = store;
567 while (elem) {
568 clen = curve25519_decode(c, &elem->proto_inf,
569 (unsigned char *) src, real_len,
570 (unsigned char **) &cbuff,
571 &arrival_taia);
572 if (clen <= 0) {
573 elem = elem->next;
574 continue;
575 }
576
577 cbuff += crypto_box_zerobytes;
578 clen -= crypto_box_zerobytes;
579
580 if (log)
581 syslog(LOG_INFO, "Packet decoded successfully!\n");
582
583 err = username_msg_is_user(cbuff, clen, elem->username,
584 strlen(elem->username) + 1);
585 if (err == USERNAMES_OK) {
586 if (log)
587 syslog(LOG_INFO, "Found user %s! Registering ...\n",
588 elem->username);
589 ret = register_user_by_sockaddr(sa, sa_len,
590 &elem->proto_inf);
591 break;
592 }
593
594 elem = elem->next;
595 }
596
597 rwlock_unlock(&store_lock);
598
599 if (ret == -1)
600 syslog(LOG_ERR, "User not found! Dropping connection!\n");
601
602 return ret;
603 }
604
605 int get_user_by_socket(int fd, struct curve25519_proto **proto)
606 {
607 int ret = -1;
608 struct sock_map_entry *entry;
609
610 errno = 0;
611
612 rwlock_rd_lock(&sock_map_lock);
613
614 entry = lookup_hash(fd, &sock_mapper);
615 while (entry && fd != entry->fd)
616 entry = entry->next;
617 if (entry && fd == entry->fd) {
618 (*proto) = entry->proto;
619 ret = 0;
620 } else {
621 (*proto) = NULL;
622 errno = ENOENT;
623 }
624
625 rwlock_unlock(&sock_map_lock);
626
627 return ret;
628 }
629
630 int get_user_by_sockaddr(struct sockaddr_storage *sa, size_t sa_len,
631 struct curve25519_proto **proto)
632 {
633 int ret = -1;
634 struct sockaddr_map_entry *entry;
635 unsigned int hash = hash_name((char *) sa, sa_len);
636
637 errno = 0;
638
639 rwlock_rd_lock(&sockaddr_map_lock);
640
641 entry = lookup_hash(hash, &sockaddr_mapper);
642 while (entry && entry->sa_len == sa_len &&
643 memcmp(sa, entry->sa, entry->sa_len))
644 entry = entry->next;
645 if (entry && entry->sa_len == sa_len &&
646 !memcmp(sa, entry->sa, entry->sa_len)) {
647 (*proto) = entry->proto;
648 ret = 0;
649 } else {
650 (*proto) = NULL;
651 errno = ENOENT;
652 }
653
654 rwlock_unlock(&sockaddr_map_lock);
655
656 return ret;
657 }
658
659 static struct sock_map_entry *socket_to_sock_map_entry(int fd)
660 {
661 struct sock_map_entry *entry, *ret = NULL;
662
663 errno = 0;
664
665 rwlock_rd_lock(&sock_map_lock);
666
667 entry = lookup_hash(fd, &sock_mapper);
668 while (entry && fd != entry->fd)
669 entry = entry->next;
670 if (entry && fd == entry->fd)
671 ret = entry;
672 else
673 errno = ENOENT;
674
675 rwlock_unlock(&sock_map_lock);
676
677 return ret;
678 }
679
680 void remove_user_by_socket(int fd)
681 {
682 struct sock_map_entry *pos;
683 struct sock_map_entry *entry = socket_to_sock_map_entry(fd);
684
685 if (!entry)
686 return;
687
688 rwlock_wr_lock(&sock_map_lock);
689
690 pos = remove_hash(entry->fd, entry, entry->next, &sock_mapper);
691 while (pos && pos->next && pos->next != entry)
692 pos = pos->next;
693 if (pos && pos->next && pos->next == entry)
694 pos->next = entry->next;
695
696 memset(entry->proto->enonce, 0, sizeof(entry->proto->enonce));
697 memset(entry->proto->dnonce, 0, sizeof(entry->proto->dnonce));
698
699 entry->proto = NULL;
700 entry->next = NULL;
701
702 xfree(entry);
703
704 rwlock_unlock(&sock_map_lock);
705 }
706
707 static struct sockaddr_map_entry *
708 sockaddr_to_sockaddr_map_entry(struct sockaddr_storage *sa, size_t sa_len)
709 {
710 struct sockaddr_map_entry *entry, *ret = NULL;
711 unsigned int hash = hash_name((char *) sa, sa_len);
712
713 errno = 0;
714
715 rwlock_rd_lock(&sockaddr_map_lock);
716
717 entry = lookup_hash(hash, &sockaddr_mapper);
718 while (entry && entry->sa_len == sa_len &&
719 memcmp(sa, entry->sa, entry->sa_len))
720 entry = entry->next;
721 if (entry && entry->sa_len == sa_len &&
722 !memcmp(sa, entry->sa, entry->sa_len))
723 ret = entry;
724 else
725 errno = ENOENT;
726
727 rwlock_unlock(&sockaddr_map_lock);
728
729 return ret;
730 }
731
732 void remove_user_by_sockaddr(struct sockaddr_storage *sa, size_t sa_len)
733 {
734 struct sockaddr_map_entry *pos;
735 struct sockaddr_map_entry *entry;
736 unsigned int hash = hash_name((char *) sa, sa_len);
737
738 entry = sockaddr_to_sockaddr_map_entry(sa, sa_len);
739 if (!entry)
740 return;
741
742 rwlock_wr_lock(&sockaddr_map_lock);
743
744 pos = remove_hash(hash, entry, entry->next, &sockaddr_mapper);
745 while (pos && pos->next && pos->next != entry)
746 pos = pos->next;
747 if (pos && pos->next && pos->next == entry)
748 pos->next = entry->next;
749
750 memset(entry->proto->enonce, 0, sizeof(entry->proto->enonce));
751 memset(entry->proto->dnonce, 0, sizeof(entry->proto->dnonce));
752
753 entry->proto = NULL;
754 entry->next = NULL;
755
756 xfree(entry->sa);
757 xfree(entry);
758
759 rwlock_unlock(&sockaddr_map_lock);
760 }
netsniff-ng toolkit, the packet sniffing beast, staging tree