diff options
Diffstat (limited to 'ostp.d/net')
| -rw-r--r-- | ostp.d/net/otd_auth.c | 205 | ||||
| -rw-r--r-- | ostp.d/net/otd_listen.c | 202 | ||||
| -rw-r--r-- | ostp.d/net/otd_param.c | 97 |
3 files changed, 0 insertions, 504 deletions
diff --git a/ostp.d/net/otd_auth.c b/ostp.d/net/otd_auth.c deleted file mode 100644 index 67b4885..0000000 --- a/ostp.d/net/otd_auth.c +++ /dev/null @@ -1,205 +0,0 @@ -/* - * Copyright (c) 2023-2024 Ian Marco Moffett and the Osmora Team. - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions are met: - * - * 1. Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. Neither the name of Hyra nor the names of its - * contributors may be used to endorse or promote products derived from - * this software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE - * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR - * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - * POSSIBILITY OF SUCH DAMAGE. - */ - -#include <sys/wait.h> -#include <arpa/inet.h> -#include <net/auth.h> -#include <net/listen.h> -#include <net/param.h> -#include <net/stpsession.h> -#include <crypto/ecdh.h> -#include <otconfig.h> -#include <stdio.h> -#include <unistd.h> - -#define KEY_BYTE_WIDTH 32 - -static void -log_pubkey(uint8_t pubkey[KEY_BYTE_WIDTH]) -{ - for (size_t i = 0; i < KEY_BYTE_WIDTH; ++i) { - printf("%02X ", pubkey[i] & 0xFF); - if (i != 0 && i % 4 == 0) { - printf("\n"); - } - } - - printf("\n"); -} - -static void -send_motd(int client_fd, const unsigned char *session_key) -{ - char motd[] = MOTD; - - printf("Sending MOTD...\n"); - if (send_frame(client_fd, motd, sizeof(motd), session_key) < 0) { - printf("Failed to session MOTD\n"); - } -} - -/* - * Check a password to see if it matches with - * the hash in /etc/shadow by using the pwcheck - * script. Returns 0 on success. - */ -static int -pwcheck(char *username, char *pw) -{ - char *pwcheck = "/usr/local/bin/pwcheck"; - pid_t pid; - char *args[] = {pwcheck, username, pw, NULL}; - int status; - - pid = fork(); - if (pid == 0) { - execv(pwcheck, args); - } - - if (waitpid(pid, &status, 0) < 0) { - printf("waidpid() failed\n"); - return -1; - } - - if (WIFEXITED(status)) { - return WEXITSTATUS(status); - } - - return -1; -} - -static int -passwd_auth(int client_fd, const unsigned char *session_key) -{ - int error; - struct session_auth auth; - const size_t LEN = sizeof(auth); - - if (!REQUIRE_USER_AUTH) { - return 0; - } - - error = recv_frame(client_fd, sizeof(auth), session_key, &auth); - if (error < 0) { - return error; - } - - if (pwcheck(auth.username, auth.password) != 0) { - printf("Got bad password for %s\n", auth.username); - auth.code = AUTH_BAD_PW; - error = send_frame(client_fd, &auth, sizeof(auth), session_key); - if (error < 0) { - printf("Failed to ACK user authentication with frame\n"); - } - return -1; - } - - auth.code = AUTH_SUCCESS; - error = send_frame(client_fd, &auth, sizeof(auth), session_key); - if (error < 0) { - printf("Failed to ACK user authentication with frame\n"); - return error; - } - return 0; -} - -static int -client_echo(int client_fd, const unsigned char *session_key) -{ - char buf[4096]; - int error; - - error = recv_frame(client_fd, sizeof(buf) - 1, session_key, buf); - if (error < 0) { - return error; - } - - /* Echo frame to all clients */ - for (size_t i = 1; i < MAX_CLIENTS; ++i) { - if (clients[i] <= 0) - continue; - - send_frame(clients[i], buf, sizeof(buf), session_key); - } - - return 0; -} -/* - * Verify the session request packet and handle - * the rest. - * - * @client_fd: File descriptor for client socket. - * @srq: Session request packet. - */ -int -handle_srq(int client_fd, struct session_request *srq) -{ - struct x25519_keypair keypair; - unsigned char *session_key; - int error; - - if (REQUIRE_USER_AUTH && !ISSET(srq->options, SESSION_REQ_USER)) { - printf("%x\n", srq->options); - printf("User authentication enforced but client 'U' bit not set\n"); - printf("Closing connection...\n"); - return -1; - } - - printf("Got public key from peer: \n"); - log_pubkey(srq->pubkey); - printf("Generating keys...\n"); - - if (gen_x25519_keypair(&keypair) < 0) { - printf("Key generation failed!\n"); - return -1; - } - - /* Send back our our public key */ - error = send(client_fd, keypair.pubkey, keypair.pubkey_len, 0); - if (error < 0) { - perror("Failed to send public key"); - return error; - } - - printf("Deriving session key...\n"); - error = gen_session_key(keypair.privkey, srq->pubkey, &session_key); - if (error < 0) { - return error; - } - - /* Handle any requested session parameters */ - if ((error = negotiate_spw(client_fd, session_key)) < 0) { - free_session_key(session_key); - return error; - } - - send_motd(client_fd, session_key); - free_session_key(session_key); - return 0; -} diff --git a/ostp.d/net/otd_listen.c b/ostp.d/net/otd_listen.c deleted file mode 100644 index 216db33..0000000 --- a/ostp.d/net/otd_listen.c +++ /dev/null @@ -1,202 +0,0 @@ -/* - * Copyright (c) 2023-2024 Ian Marco Moffett and the Osmora Team. - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions are met: - * - * 1. Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. Neither the name of Hyra nor the names of its - * contributors may be used to endorse or promote products derived from - * this software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE - * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR - * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - * POSSIBILITY OF SUCH DAMAGE. - */ - -#include <sys/select.h> -#include <arpa/inet.h> -#include <net/auth.h> -#include <net/stpsession.h> -#include <defs.h> -#include <stdio.h> -#include <stdlib.h> -#include <unistd.h> -#include <signal.h> -#include <errno.h> -#include <string.h> - -#define LISTEN_PORT 5352 -#define MAX_BACKLOG 4 -#define MAX_CLIENTS 32 - -static int serv_sock; -static int clients[MAX_CLIENTS] = {0}; - -static void -signal_handle(int sig) -{ - printf("Cleaning up... goodbye!\n"); - - for (int i = 0; i < MAX_CLIENTS; ++i) { - close(clients[i]); - } - - close(serv_sock); - exit(0); -} - -static int -handle_client(struct sockaddr_in *caddr, int clientno) -{ - struct session_request srq; - ssize_t nread; - int client_fd; - - client_fd = clients[clientno]; - - /* Try to read in the session request */ - if ((nread = read(client_fd, &srq, sizeof(srq))) < 0) { - printf("Read failure...\n"); - close(client_fd); - clients[clientno] = -1; - return -1; - } - - if (nread == 0) { - printf("Connection closed by peer\n"); - close(client_fd); - clients[clientno] = -1; - return -1; - } - - /* Is this even a session request? */ - if (nread != sizeof(srq)) { - printf("Rejecting data - not a session request...\n"); - close(client_fd); - clients[clientno] = -1; - return -1; - } - - /* Handle the session request */ - if (handle_srq(client_fd, &srq) < 0) { - close(client_fd); - clients[clientno] = -1; - return -1; - } - - return 0; -} - -static void -read_clients(void) -{ - struct sockaddr_in caddr; - fd_set fds; - socklen_t caddr_len; - int client_sock, error = 0; - char *ip; - - memset(clients, -1, sizeof(clients)); - clients[0] = serv_sock; - - while (1) { - FD_ZERO(&fds); - - for (int i = 0; i < MAX_CLIENTS; ++i) { - if (clients[i] >= 0) - FD_SET(clients[i], &fds); - } - - if (select(1024, &fds, NULL, NULL, NULL) < 0) { - perror("select"); - continue; - } - - /* Check if the servers socket has new connections */ - if (FD_ISSET(serv_sock, &fds)) { - caddr_len = sizeof(caddr); - client_sock = accept(serv_sock, (struct sockaddr *)&caddr, - &caddr_len); - - if (client_sock < 0) { - perror("accept"); - continue; - } - - for (int i = 0; i < MAX_CLIENTS; ++i) { - if (clients[i] < 0) { - clients[i] = client_sock; - ip = inet_ntoa(caddr.sin_addr); - printf("Incoming connection from %s\n", ip); - break; - } - } - } - - /* Handle from data from clients */ - for (int i = 1; i < MAX_CLIENTS; ++i) { - if (clients[i] <= 0) - continue; - if (FD_ISSET(clients[i], &fds) <= 0) - continue; - - handle_client(&caddr, i); - break; - } - } - - close(client_sock); - close(serv_sock); -} - -/* - * Begin listening for incoming connections - * and handle them. - */ -int -net_listen(void) -{ - struct sockaddr_in saddr; - int error; - - signal(SIGTERM, signal_handle); - signal(SIGINT, signal_handle); - - serv_sock = socket(AF_INET, SOCK_STREAM, 0); - if (serv_sock < 0) { - perror("Failed to create socket\n"); - return -1; - } - - saddr.sin_family = AF_INET; - saddr.sin_addr.s_addr = INADDR_ANY; - saddr.sin_port = htons(LISTEN_PORT); - error = bind(serv_sock, (struct sockaddr *)&saddr, sizeof(saddr)); - if (error < 0) { - perror("Failed to bind socket\n"); - close(serv_sock); - return error; - } - - if ((error = listen(serv_sock, MAX_BACKLOG)) < 0) { - perror("Failed to listen"); - return error; - } - - read_clients(); - __builtin_unreachable(); -} diff --git a/ostp.d/net/otd_param.c b/ostp.d/net/otd_param.c deleted file mode 100644 index fe33bd8..0000000 --- a/ostp.d/net/otd_param.c +++ /dev/null @@ -1,97 +0,0 @@ -/* - * Copyright (c) 2023-2024 Ian Marco Moffett and the Osmora Team. - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions are met: - * - * 1. Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. Neither the name of Hyra nor the names of its - * contributors may be used to endorse or promote products derived from - * this software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE - * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR - * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - * POSSIBILITY OF SUCH DAMAGE. - */ - -#include <net/stpsession.h> -#include <net/param.h> -#include <crypto/aes.h> -#include <otconfig.h> -#include <defs.h> -#include <string.h> -#include <stdlib.h> -#include <stdio.h> - -static int -handle_pap(int client_fd, const struct pap *pap, const unsigned char *session_key) -{ - int error = 0; - uint8_t attempts = 0; - struct pap tmp_pap = *pap; - const size_t LEN = sizeof(struct pap); - - /* TODO: Support more SPW bits */ - while (1) { - /* Quick session request, jump right in! */ - if (ISSET(tmp_pap.spw, PAP_SPW_QSR)) { - printf("Got QSR, starting session...\n"); - send_frame(client_fd, &tmp_pap, LEN, session_key); - return 0; - } - - /* We have exhausted our attempts */ - if (attempts >= ARBITRATION_MAX) { - printf("Too many arbitration attempts, bailing!\n"); - return -1; - } - - printf("Got bad SPW from client\n"); - printf("Attempting arbitration...\n"); - - tmp_pap.spw = 0x0; - tmp_pap.code = PAP_BAD_SPW; - - /* Send in PAP and wait for response */ - if ((error = send_frame(client_fd, &tmp_pap, LEN, session_key)) < 0) { - printf("Failed to send PAP frame\n"); - return -1; - } - if ((error = recv_frame(client_fd, LEN, session_key, &tmp_pap)) < 0) { - printf("Failed to recv PAP frame\n"); - return error; - } - - ++attempts; - } - - return 0; -} - -int -negotiate_spw(int client_fd, unsigned char *session_key) -{ - const size_t LEN = sizeof(struct pap); - struct pap pap; - int error; - - /* Get PAP from the network */ - if ((error = recv_frame(client_fd, LEN, session_key, &pap)) < 0) { - return error; - } - - return handle_pap(client_fd, &pap, session_key); -} |