search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
proto: 802.11: minor: Markus as lead author
[netsniff-ng.git] / src / ct_usermgmt.c
blob86eaefaf6f8378ddd2462550b1f60175f7f07d0a
1 /*
2 * netsniff-ng - the packet sniffing beast
3 * By Daniel Borkmann <daniel@netsniff-ng.org>
4 * Copyright 2011 Daniel Borkmann.
5 * Subject to the GPL, version 2.
6 */
7
8 #include <stdio.h>
9 #include <stdint.h>
10 #include <stdlib.h>
11 #include <unistd.h>
12 #include <fcntl.h>
13 #include <string.h>
14 #include <syslog.h>
15 #include <limits.h>
16 #include <arpa/inet.h>
17
18 #include "die.h"
19 #include "ct_usermgmt.h"
20 #include "locking.h"
21 #include "xmalloc.h"
22 #include "xio.h"
23 #include "curvetun.h"
24 #include "xutils.h"
25 #include "curve.h"
26 #include "hash.h"
27 #include "crypto_verify_32.h"
28 #include "crypto_hash_sha512.h"
29 #include "crypto_box_curve25519xsalsa20poly1305.h"
30 #include "crypto_auth_hmacsha512256.h"
31
32 #define crypto_box_pub_key_size crypto_box_curve25519xsalsa20poly1305_PUBLICKEYBYTES
33
34 /* Config line format: username;pubkey\n */
35
36 struct user_store {
37 char username[256];
38 unsigned char publickey[crypto_box_pub_key_size];
39 struct curve25519_proto proto_inf;
40 struct user_store *next;
41 };
42
43 struct sock_map_entry {
44 int fd;
45 struct curve25519_proto *proto;
46 struct sock_map_entry *next;
47 };
48
49 struct sockaddr_map_entry {
50 struct sockaddr_storage *sa;
51 size_t sa_len;
52 struct curve25519_proto *proto;
53 struct sockaddr_map_entry *next;
54 };
55
56 static struct user_store *store = NULL;
57 static struct rwlock store_lock;
58
59 static struct hash_table sock_mapper;
60 static struct rwlock sock_map_lock;
61
62 static struct hash_table sockaddr_mapper;
63 static struct rwlock sockaddr_map_lock;
64
65 static unsigned char token[crypto_auth_hmacsha512256_KEYBYTES];
66
67 static void init_sock_mapper(void)
68 {
69 rwlock_init(&sock_map_lock);
70
71 rwlock_wr_lock(&sock_map_lock);
72
73 memset(&sock_mapper, 0, sizeof(sock_mapper));
74 init_hash(&sock_mapper);
75
76 rwlock_unlock(&sock_map_lock);
77 }
78
79 static void init_sockaddr_mapper(void)
80 {
81 rwlock_init(&sockaddr_map_lock);
82 rwlock_wr_lock(&sockaddr_map_lock);
83
84 memset(&sockaddr_mapper, 0, sizeof(sockaddr_mapper));
85 init_hash(&sockaddr_mapper);
86
87 rwlock_unlock(&sockaddr_map_lock);
88 }
89
90 static int cleanup_batch_sock_mapper(void *ptr)
91 {
92 struct sock_map_entry *next;
93 struct sock_map_entry *e = ptr;
94
95 if (!e)
96 return 0;
97
98 while ((next = e->next)) {
99 e->next = NULL;
100 xfree(e);
101 e = next;
102 }
103
104 xfree(e);
105
106 return 0;
107 }
108
109 static void destroy_sock_mapper(void)
110 {
111 rwlock_wr_lock(&sock_map_lock);
112 for_each_hash(&sock_mapper, cleanup_batch_sock_mapper);
113 free_hash(&sock_mapper);
114 rwlock_unlock(&sock_map_lock);
115
116 rwlock_destroy(&sock_map_lock);
117 }
118
119 static int cleanup_batch_sockaddr_mapper(void *ptr)
120 {
121 struct sockaddr_map_entry *next;
122 struct sockaddr_map_entry *e = ptr;
123
124 if (!e)
125 return 0;
126
127 while ((next = e->next)) {
128 e->next = NULL;
129 xfree(e);
130 e = next;
131 }
132
133 xfree(e);
134 return 0;
135 }
136
137 static void destroy_sockaddr_mapper(void)
138 {
139 rwlock_wr_lock(&sockaddr_map_lock);
140 for_each_hash(&sockaddr_mapper, cleanup_batch_sockaddr_mapper);
141 free_hash(&sockaddr_mapper);
142 rwlock_unlock(&sockaddr_map_lock);
143
144 rwlock_destroy(&sockaddr_map_lock);
145 }
146
147 static struct user_store *user_store_alloc(void)
148 {
149 return xzmalloc(sizeof(struct user_store));
150 }
151
152 static void user_store_free(struct user_store *us)
153 {
154 if (!us)
155 return;
156 memset(us, 0, sizeof(struct user_store));
157 xfree(us);
158 }
159
160 /* already in lock */
161 static int __check_duplicate_username(char *username, size_t len)
162 {
163 int duplicate = 0;
164 struct user_store *elem = store;
165
166 while (elem) {
167 if (!memcmp(elem->username, username,
168 strlen(elem->username) + 1)) {
169 duplicate = 1;
170 break;
171 }
172 elem = elem->next;
173 }
174
175 return duplicate;
176 }
177
178 /* already in lock */
179 static int __check_duplicate_pubkey(unsigned char *pubkey, size_t len)
180 {
181 int duplicate = 0;
182 struct user_store *elem = store;
183
184 while (elem) {
185 if (!memcmp(elem->publickey, pubkey,
186 sizeof(elem->publickey))) {
187 duplicate = 1;
188 break;
189 }
190 elem = elem->next;
191 }
192
193 return duplicate;
194 }
195
196 enum parse_states {
197 PARSE_USERNAME,
198 PARSE_PUBKEY,
199 PARSE_DONE,
200 };
201
202 static int parse_line(char *line, char *homedir)
203 {
204 int ret;
205 char *str;
206 enum parse_states s = PARSE_USERNAME;
207 struct user_store *elem;
208 unsigned char pkey[crypto_box_pub_key_size];
209
210 elem = user_store_alloc();
211 elem->next = store;
212
213 str = strtok(line, ";");
214 for (; str != NULL;) {
215 switch (s) {
216 case PARSE_USERNAME:
217 if (__check_duplicate_username(str, strlen(str) + 1))
218 return -EINVAL;
219 strlcpy(elem->username, str, sizeof(elem->username));
220 s = PARSE_PUBKEY;
221 break;
222 case PARSE_PUBKEY:
223 if (!curve25519_pubkey_hexparse_32(pkey, sizeof(pkey),
224 str, strlen(str)))
225 return -EINVAL;
226 if (__check_duplicate_pubkey(pkey, sizeof(pkey)))
227 return -EINVAL;
228 memcpy(elem->publickey, pkey, sizeof(elem->publickey));
229 ret = curve25519_proto_init(&elem->proto_inf,
230 elem->publickey,
231 sizeof(elem->publickey),
232 homedir, 1);
233 if (ret)
234 return -EIO;
235 s = PARSE_DONE;
236 break;
237 case PARSE_DONE:
238 break;
239 default:
240 return -EIO;
241 }
242
243 str = strtok(NULL, ";");
244 }
245
246 store = elem;
247 return s == PARSE_DONE ? 0 : -EIO;
248 }
249
250 void parse_userfile_and_generate_user_store_or_die(char *homedir)
251 {
252 FILE *fp;
253 char path[PATH_MAX], buff[512];
254 int line = 1, ret, fd;
255
256 memset(path, 0, sizeof(path));
257 slprintf(path, sizeof(path), "%s/%s", homedir, FILE_CLIENTS);
258
259 rwlock_init(&store_lock);
260 rwlock_wr_lock(&store_lock);
261
262 fp = fopen(path, "r");
263 if (!fp)
264 panic("Cannot open client file!\n");
265
266 memset(buff, 0, sizeof(buff));
267 while (fgets(buff, sizeof(buff), fp) != NULL) {
268 buff[sizeof(buff) - 1] = 0;
269 /* A comment. Skip this line */
270 if (buff[0] == '#' || buff[0] == '\n') {
271 memset(buff, 0, sizeof(buff));
272 line++;
273 continue;
274 }
275
276 ret = parse_line(buff, homedir);
277 if (ret < 0)
278 panic("Cannot parse line %d from clients!\n", line);
279 line++;
280 memset(buff, 0, sizeof(buff));
281 }
282
283 fclose(fp);
284
285 if (store == NULL)
286 panic("No registered clients found!\n");
287
288 rwlock_unlock(&store_lock);
289
290 init_sock_mapper();
291 init_sockaddr_mapper();
292
293 /*
294 * Pubkey is also used as a hmac of the initial packet to check
295 * the integrity of the packet, so that we know if it's just random
296 * garbage or a 'valid' packet. Again, just for the integrity!
297 */
298
299 memset(path, 0, sizeof(path));
300 slprintf(path, sizeof(path), "%s/%s", homedir, FILE_PUBKEY);
301
302 fd = open_or_die(path, O_RDONLY);
303 ret = read(fd, token, sizeof(token));
304 if (ret != crypto_auth_hmacsha512256_KEYBYTES)
305 panic("Cannot read public key!\n");
306 close(fd);
307 }
308
309 void dump_user_store(void)
310 {
311 int i;
312 struct user_store *elem;
313
314 rwlock_rd_lock(&store_lock);
315
316 elem = store;
317 while (elem) {
318 printf("%s -> ", elem->username);
319 for (i = 0; i < sizeof(elem->publickey); ++i)
320 if (i == (sizeof(elem->publickey) - 1))
321 printf("%02x\n", (unsigned char)
322 elem->publickey[i]);
323 else
324 printf("%02x:", (unsigned char)
325 elem->publickey[i]);
326 elem = elem->next;
327 }
328
329 rwlock_unlock(&store_lock);
330 }
331
332 void destroy_user_store(void)
333 {
334 struct user_store *elem, *nelem = NULL;
335
336 rwlock_wr_lock(&store_lock);
337
338 elem = store;
339 while (elem) {
340 nelem = elem->next;
341 elem->next = NULL;
342 user_store_free(elem);
343 elem = nelem;
344 }
345 rwlock_unlock(&store_lock);
346
347 rwlock_destroy(&store_lock);
348
349 destroy_sock_mapper();
350 destroy_sockaddr_mapper();
351 }
352
353 int username_msg(char *username, size_t len, char *dst, size_t dlen)
354 {
355 int fd;
356 ssize_t ret;
357 uint32_t salt;
358 unsigned char h[crypto_hash_sha512_BYTES];
359 struct username_struct *us = (struct username_struct *) dst;
360 char *uname;
361 size_t uname_len;
362
363 if (dlen < sizeof(struct username_struct))
364 return -ENOMEM;
365
366 uname_len = 512;
367 uname = xzmalloc(uname_len);
368
369 fd = open_or_die("/dev/random", O_RDONLY);
370 ret = read_exact(fd, &salt, sizeof(salt), 0);
371 if (ret != sizeof(salt))
372 panic("Cannot read from /dev/random!\n");
373 close(fd);
374
375 slprintf(uname, uname_len, "%s%u", username, salt);
376 crypto_hash_sha512(h, (unsigned char *) uname, strlen(uname));
377
378 us->salt = htonl(salt);
379 memcpy(us->hash, h, sizeof(us->hash));
380
381 xfree(uname);
382 return 0;
383 }
384
385 enum is_user_enum username_msg_is_user(char *src, size_t slen, char *username,
386 size_t len)
387 {
388 char *uname;
389 size_t uname_len;
390 uint32_t salt;
391 struct username_struct *us = (struct username_struct *) src;
392 unsigned char h[crypto_hash_sha512_BYTES];
393
394 if (slen < sizeof(struct username_struct)) {
395 errno = ENOMEM;
396 return USERNAMES_ERR;
397 }
398
399 uname_len = 512;
400 uname = xzmalloc(uname_len);
401
402 salt = ntohl(us->salt);
403
404 slprintf(uname, uname_len, "%s%u", username, salt);
405 crypto_hash_sha512(h, (unsigned char *) uname, strlen(uname));
406 xfree(uname);
407
408 if (!crypto_verify_32(&h[0], &us->hash[0]) &&
409 !crypto_verify_32(&h[32], &us->hash[32]))
410 return USERNAMES_OK;
411 else
412 return USERNAMES_NE;
413 }
414
415 static int register_user_by_socket(int fd, struct curve25519_proto *proto)
416 {
417 void **pos;
418 struct sock_map_entry *entry;
419
420 rwlock_wr_lock(&sock_map_lock);
421
422 entry = xzmalloc(sizeof(*entry));
423 entry->fd = fd;
424 entry->proto = proto;
425
426 pos = insert_hash(entry->fd, entry, &sock_mapper);
427 if (pos) {
428 entry->next = (*pos);
429 (*pos) = entry;
430 }
431
432 rwlock_unlock(&sock_map_lock);
433
434 return 0;
435 }
436
437 static int register_user_by_sockaddr(struct sockaddr_storage *sa,
438 size_t sa_len,
439 struct curve25519_proto *proto)
440 {
441 void **pos;
442 struct sockaddr_map_entry *entry;
443 unsigned int hash = hash_name((char *) sa, sa_len);
444
445 rwlock_wr_lock(&sockaddr_map_lock);
446
447 entry = xzmalloc(sizeof(*entry));
448 entry->sa = xmemdupz(sa, sa_len);
449 entry->sa_len = sa_len;
450 entry->proto = proto;
451
452 pos = insert_hash(hash, entry, &sockaddr_mapper);
453 if (pos) {
454 entry->next = (*pos);
455 (*pos) = entry;
456 }
457
458 rwlock_unlock(&sockaddr_map_lock);
459
460 return 0;
461 }
462
463 int try_register_user_by_socket(struct curve25519_struct *c,
464 char *src, size_t slen, int sock, int log)
465 {
466 int ret = -1;
467 char *cbuff = NULL;
468 size_t real_len = 132;
469 ssize_t clen;
470 struct user_store *elem;
471 enum is_user_enum err;
472 unsigned char auth[crypto_auth_hmacsha512256_BYTES];
473 struct taia arrival_taia;
474
475 /* assert(132 == clen + sizeof(auth)); */
476 /*
477 * Check hmac first, if malicious, drop immediately before we
478 * investigate more efforts.
479 */
480 if (slen < real_len)
481 return -1;
482
483 taia_now(&arrival_taia);
484
485 memcpy(auth, src, sizeof(auth));
486
487 src += sizeof(auth);
488 real_len -= sizeof(auth);
489
490 if (crypto_auth_hmacsha512256_verify(auth, (unsigned char *) src,
491 real_len, token)) {
492 syslog(LOG_ERR, "Bad packet hmac for id %d! Dropping!\n", sock);
493 return -1;
494 } else {
495 if (log)
496 syslog(LOG_INFO, "Good packet hmac for id %d!\n", sock);
497 }
498
499 rwlock_rd_lock(&store_lock);
500
501 elem = store;
502 while (elem) {
503 clen = curve25519_decode(c, &elem->proto_inf,
504 (unsigned char *) src, real_len,
505 (unsigned char **) &cbuff,
506 &arrival_taia);
507 if (clen <= 0) {
508 elem = elem->next;
509 continue;
510 }
511
512 cbuff += crypto_box_zerobytes;
513 clen -= crypto_box_zerobytes;
514
515 if (log)
516 syslog(LOG_INFO, "Packet decoded sucessfully for id %d!\n", sock);
517
518 err = username_msg_is_user(cbuff, clen, elem->username,
519 strlen(elem->username) + 1);
520 if (err == USERNAMES_OK) {
521 if (log)
522 syslog(LOG_INFO, "Found user %s for id %d! Registering ...\n",
523 elem->username, sock);
524 ret = register_user_by_socket(sock, &elem->proto_inf);
525 break;
526 }
527
528 elem = elem->next;
529 }
530
531 rwlock_unlock(&store_lock);
532
533 if (ret == -1)
534 syslog(LOG_ERR, "User not found! Dropping connection!\n");
535
536 return ret;
537 }
538
539 int try_register_user_by_sockaddr(struct curve25519_struct *c,
540 char *src, size_t slen,
541 struct sockaddr_storage *sa,
542 size_t sa_len, int log)
543 {
544 int ret = -1;
545 char *cbuff = NULL;
546 struct user_store *elem;
547 ssize_t clen;
548 size_t real_len = 132;
549 enum is_user_enum err;
550 unsigned char auth[crypto_auth_hmacsha512256_BYTES];
551 struct taia arrival_taia;
552
553 /* assert(132 == clen + sizeof(auth)); */
554 /*
555 * Check hmac first, if malicious, drop immediately before we
556 * investigate more efforts.
557 */
558 if (slen < real_len)
559 return -1;
560
561 taia_now(&arrival_taia);
562
563 memcpy(auth, src, sizeof(auth));
564
565 src += sizeof(auth);
566 real_len -= sizeof(auth);
567
568 if (crypto_auth_hmacsha512256_verify(auth, (unsigned char *) src,
569 real_len, token)) {
570 syslog(LOG_ERR, "Got bad packet hmac! Dropping!\n");
571 return -1;
572 } else {
573 if (log)
574 syslog(LOG_INFO, "Got good packet hmac!\n");
575 }
576
577 rwlock_rd_lock(&store_lock);
578
579 elem = store;
580 while (elem) {
581 clen = curve25519_decode(c, &elem->proto_inf,
582 (unsigned char *) src, real_len,
583 (unsigned char **) &cbuff,
584 &arrival_taia);
585 if (clen <= 0) {
586 elem = elem->next;
587 continue;
588 }
589
590 cbuff += crypto_box_zerobytes;
591 clen -= crypto_box_zerobytes;
592
593 if (log)
594 syslog(LOG_INFO, "Packet decoded sucessfully!\n");
595
596 err = username_msg_is_user(cbuff, clen, elem->username,
597 strlen(elem->username) + 1);
598 if (err == USERNAMES_OK) {
599 if (log)
600 syslog(LOG_INFO, "Found user %s! Registering ...\n",
601 elem->username);
602 ret = register_user_by_sockaddr(sa, sa_len,
603 &elem->proto_inf);
604 break;
605 }
606
607 elem = elem->next;
608 }
609
610 rwlock_unlock(&store_lock);
611
612 if (ret == -1)
613 syslog(LOG_ERR, "User not found! Dropping connection!\n");
614
615 return ret;
616 }
617
618 int get_user_by_socket(int fd, struct curve25519_proto **proto)
619 {
620 int ret = -1;
621 struct sock_map_entry *entry;
622
623 errno = 0;
624
625 rwlock_rd_lock(&sock_map_lock);
626
627 entry = lookup_hash(fd, &sock_mapper);
628 while (entry && fd != entry->fd)
629 entry = entry->next;
630 if (entry && fd == entry->fd) {
631 (*proto) = entry->proto;
632 ret = 0;
633 } else {
634 (*proto) = NULL;
635 errno = ENOENT;
636 }
637
638 rwlock_unlock(&sock_map_lock);
639
640 return ret;
641 }
642
643 int get_user_by_sockaddr(struct sockaddr_storage *sa, size_t sa_len,
644 struct curve25519_proto **proto)
645 {
646 int ret = -1;
647 struct sockaddr_map_entry *entry;
648 unsigned int hash = hash_name((char *) sa, sa_len);
649
650 errno = 0;
651
652 rwlock_rd_lock(&sockaddr_map_lock);
653
654 entry = lookup_hash(hash, &sockaddr_mapper);
655 while (entry && entry->sa_len == sa_len &&
656 memcmp(sa, entry->sa, entry->sa_len))
657 entry = entry->next;
658 if (entry && entry->sa_len == sa_len &&
659 !memcmp(sa, entry->sa, entry->sa_len)) {
660 (*proto) = entry->proto;
661 ret = 0;
662 } else {
663 (*proto) = NULL;
664 errno = ENOENT;
665 }
666
667 rwlock_unlock(&sockaddr_map_lock);
668
669 return ret;
670 }
671
672 static struct sock_map_entry *socket_to_sock_map_entry(int fd)
673 {
674 struct sock_map_entry *entry, *ret = NULL;
675
676 errno = 0;
677
678 rwlock_rd_lock(&sock_map_lock);
679
680 entry = lookup_hash(fd, &sock_mapper);
681 while (entry && fd != entry->fd)
682 entry = entry->next;
683 if (entry && fd == entry->fd)
684 ret = entry;
685 else
686 errno = ENOENT;
687
688 rwlock_unlock(&sock_map_lock);
689
690 return ret;
691 }
692
693 void remove_user_by_socket(int fd)
694 {
695 struct sock_map_entry *pos;
696 struct sock_map_entry *entry = socket_to_sock_map_entry(fd);
697
698 if (!entry)
699 return;
700
701 rwlock_wr_lock(&sock_map_lock);
702
703 pos = remove_hash(entry->fd, entry, entry->next, &sock_mapper);
704 while (pos && pos->next && pos->next != entry)
705 pos = pos->next;
706 if (pos && pos->next && pos->next == entry)
707 pos->next = entry->next;
708
709 memset(entry->proto->enonce, 0, sizeof(entry->proto->enonce));
710 memset(entry->proto->dnonce, 0, sizeof(entry->proto->dnonce));
711
712 entry->proto = NULL;
713 entry->next = NULL;
714
715 xfree(entry);
716
717 rwlock_unlock(&sock_map_lock);
718 }
719
720 static struct sockaddr_map_entry *
721 sockaddr_to_sockaddr_map_entry(struct sockaddr_storage *sa, size_t sa_len)
722 {
723 struct sockaddr_map_entry *entry, *ret = NULL;
724 unsigned int hash = hash_name((char *) sa, sa_len);
725
726 errno = 0;
727
728 rwlock_rd_lock(&sockaddr_map_lock);
729
730 entry = lookup_hash(hash, &sockaddr_mapper);
731 while (entry && entry->sa_len == sa_len &&
732 memcmp(sa, entry->sa, entry->sa_len))
733 entry = entry->next;
734 if (entry && entry->sa_len == sa_len &&
735 !memcmp(sa, entry->sa, entry->sa_len))
736 ret = entry;
737 else
738 errno = ENOENT;
739
740 rwlock_unlock(&sockaddr_map_lock);
741
742 return ret;
743 }
744
745 void remove_user_by_sockaddr(struct sockaddr_storage *sa, size_t sa_len)
746 {
747 struct sockaddr_map_entry *pos;
748 struct sockaddr_map_entry *entry;
749 unsigned int hash = hash_name((char *) sa, sa_len);
750
751 entry = sockaddr_to_sockaddr_map_entry(sa, sa_len);
752 if (!entry)
753 return;
754
755 rwlock_wr_lock(&sockaddr_map_lock);
756
757 pos = remove_hash(hash, entry, entry->next, &sockaddr_mapper);
758 while (pos && pos->next && pos->next != entry)
759 pos = pos->next;
760 if (pos && pos->next && pos->next == entry)
761 pos->next = entry->next;
762
763 memset(entry->proto->enonce, 0, sizeof(entry->proto->enonce));
764 memset(entry->proto->dnonce, 0, sizeof(entry->proto->dnonce));
765
766 entry->proto = NULL;
767 entry->next = NULL;
768
769 xfree(entry->sa);
770 xfree(entry);
771
772 rwlock_unlock(&sockaddr_map_lock);
773 }
netsniff-ng toolkit, the packet sniffing beast, staging tree