2 * Emergency Access Daemon
3 * Copyright (C) 2008 Felix Fietkau <nbd@nbd.name>
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License version 2
7 * as published by the Free Software Foundation
9 * This program is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 * GNU General Public License for more details.
15 #include <sys/types.h>
17 #include <sys/select.h>
31 #include <t_defines.h>
38 #include "ead-crypt.h"
39 #include "libbridge.h"
44 #include <linux/if_packet.h>
47 #define PASSWD_FILE "/etc/passwd"
49 #ifndef DEFAULT_IFNAME
50 #define DEFAULT_IFNAME "eth0"
53 #ifndef DEFAULT_DEVNAME
54 #define DEFAULT_DEVNAME "Unknown"
58 #define PCAP_TIMEOUT 200
60 #if EAD_DEBUGLEVEL >= 1
61 #define DEBUG(n, format, ...) do { \
62 if (EAD_DEBUGLEVEL >= n) \
63 fprintf(stderr, format, ##__VA_ARGS__); \
67 #define DEBUG(n, format, ...) do {} while(0)
71 struct list_head list
;
79 static char ethmac
[6] = "\x00\x13\x37\x00\x00\x00"; /* last 3 bytes will be randomized */
80 static pcap_t
*pcap_fp
= NULL
;
81 static pcap_t
*pcap_fp_rx
= NULL
;
82 static char pktbuf_b
[PCAP_MRU
];
83 static struct ead_packet
*pktbuf
= (struct ead_packet
*)pktbuf_b
;
84 static u16_t nid
= 0xffff; /* node id */
85 static char username
[32] = "";
86 static int state
= EAD_TYPE_SET_USERNAME
;
87 static const char *passwd_file
= PASSWD_FILE
;
88 static const char password
[MAXPARAMLEN
];
89 static bool child_pending
= false;
91 static unsigned char abuf
[MAXPARAMLEN
+ 1];
92 static unsigned char pwbuf
[MAXPARAMLEN
];
93 static unsigned char saltbuf
[MAXSALTLEN
];
94 static unsigned char pw_saltbuf
[MAXSALTLEN
];
95 static struct list_head instances
;
96 static const char *dev_name
= DEFAULT_DEVNAME
;
97 static bool nonfork
= false;
98 static struct ead_instance
*instance
= NULL
;
100 static struct t_pwent tpe
= {
103 .password
.data
= pwbuf
,
105 .salt
.data
= saltbuf
,
108 struct t_confent
*tce
= NULL
;
109 static struct t_server
*ts
= NULL
;
110 static struct t_num A
, *B
= NULL
;
114 set_recv_type(pcap_t
*p
, bool rx
)
116 #ifdef PACKET_RECV_TYPE
117 struct sockaddr_ll sll
;
122 fd
= pcap_get_selectable_fd(p
);
127 mask
= 1 << PACKET_BROADCAST
;
131 setsockopt(fd
, SOL_PACKET
, PACKET_RECV_TYPE
, &mask
, sizeof(mask
));
137 ead_open_pcap(const char *ifname
, char *errbuf
, bool rx
)
141 p
= pcap_create(ifname
, errbuf
);
145 pcap_set_snaplen(p
, PCAP_MRU
);
146 pcap_set_promisc(p
, rx
);
147 pcap_set_timeout(p
, PCAP_TIMEOUT
);
148 #ifdef HAS_PROTO_EXTENSION
149 pcap_set_protocol(p
, (rx
? htons(ETH_P_IP
) : 0));
151 pcap_set_buffer_size(p
, (rx
? 10 : 1) * PCAP_MRU
);
153 set_recv_type(p
, rx
);
159 get_random_bytes(void *ptr
, int len
)
163 fd
= open("/dev/urandom", O_RDONLY
);
173 prepare_password(void)
175 static char lbuf
[1024];
176 unsigned char dig
[SHA_DIGESTSIZE
];
177 BigInteger x
, v
, n
, g
;
179 int ulen
= strlen(username
);
182 lbuf
[sizeof(lbuf
) - 1] = 0;
184 f
= fopen(passwd_file
, "r");
188 while (fgets(lbuf
, sizeof(lbuf
) - 1, f
) != NULL
) {
191 if (strncmp(lbuf
, username
, ulen
) != 0)
194 if (lbuf
[ulen
] != ':')
197 str
= &lbuf
[ulen
+ 1];
199 if (strncmp(str
, "$1$", 3) != 0)
202 s2
= strchr(str
+ 3, '$');
206 if (s2
- str
>= MAXSALTLEN
)
209 strncpy((char *) pw_saltbuf
, str
, s2
- str
);
210 pw_saltbuf
[s2
- str
] = 0;
212 s2
= strchr(s2
, ':');
217 if (s2
- str
>= MAXPARAMLEN
)
220 strncpy((char *)password
, str
, MAXPARAMLEN
);
230 tce
= gettcid(tpe
.index
);
232 t_random(tpe
.password
.data
, SALTLEN
);
233 } while (memcmp(saltbuf
, (char *)dig
, sizeof(saltbuf
)) == 0);
237 n
= BigIntegerFromBytes(tce
->modulus
.data
, tce
->modulus
.len
);
238 g
= BigIntegerFromBytes(tce
->generator
.data
, tce
->generator
.len
);
239 v
= BigIntegerFromInt(0);
242 SHA1Update(&ctxt
, (unsigned char *) username
, strlen(username
));
243 SHA1Update(&ctxt
, (unsigned char *) ":", 1);
244 SHA1Update(&ctxt
, (unsigned char *) password
, strlen(password
));
245 SHA1Final(dig
, &ctxt
);
248 SHA1Update(&ctxt
, saltbuf
, tpe
.salt
.len
);
249 SHA1Update(&ctxt
, dig
, sizeof(dig
));
250 SHA1Final(dig
, &ctxt
);
252 /* x = H(s, H(u, ':', p)) */
253 x
= BigIntegerFromBytes(dig
, sizeof(dig
));
255 BigIntegerModExp(v
, g
, x
, n
);
256 tpe
.password
.len
= BigIntegerToBytes(v
, (unsigned char *)pwbuf
);
266 chksum(u16_t sum
, const u8_t
*data
, u16_t len
)
270 const u8_t
*last_byte
;
273 last_byte
= data
+ len
- 1;
275 while(dataptr
< last_byte
) { /* At least two more bytes */
276 t
= (dataptr
[0] << 8) + dataptr
[1];
284 if(dataptr
== last_byte
) {
285 t
= (dataptr
[0] << 8) + 0;
292 /* Return sum in host byte order. */
297 ead_send_packet_clone(struct ead_packet
*pkt
)
301 memcpy(pktbuf
, pkt
, offsetof(struct ead_packet
, msg
));
302 memcpy(pktbuf
->eh
.ether_shost
, ethmac
, 6);
303 memcpy(pktbuf
->eh
.ether_dhost
, pkt
->eh
.ether_shost
, 6);
306 len
= sizeof(struct ead_packet
) - sizeof(struct ether_header
) + ntohl(pktbuf
->msg
.len
);
307 pktbuf
->len
[0] = len
>> 8;
308 pktbuf
->len
[1] = len
& 0xff;
309 memcpy(pktbuf
->srcipaddr
, &pkt
->msg
.ip
, 4);
310 memcpy(pktbuf
->destipaddr
, pkt
->srcipaddr
, 4);
313 pktbuf
->ipchksum
= 0;
314 sum
= chksum(0, (void *) &pktbuf
->vhl
, UIP_IPH_LEN
);
317 pktbuf
->ipchksum
= htons(~sum
);
320 pktbuf
->srcport
= pkt
->destport
;
321 pktbuf
->destport
= pkt
->srcport
;
325 pktbuf
->udplen
= htons(len
);
326 pktbuf
->udpchksum
= 0;
327 sum
= len
+ UIP_PROTO_UDP
;
328 sum
= chksum(sum
, (void *) &pktbuf
->srcipaddr
[0], 8); /* src, dest ip */
329 sum
= chksum(sum
, (void *) &pktbuf
->srcport
, len
);
332 pktbuf
->udpchksum
= htons(~sum
);
333 pcap_sendpacket(pcap_fp
, (void *) pktbuf
, sizeof(struct ead_packet
) + ntohl(pktbuf
->msg
.len
));
337 set_state(int nstate
)
342 if (nstate
< state
) {
343 if ((nstate
< EAD_TYPE_GET_PRIME
) &&
344 (state
>= EAD_TYPE_GET_PRIME
)) {
352 case EAD_TYPE_SET_USERNAME
:
353 if (!prepare_password())
355 ts
= t_serveropenraw(&tpe
, tce
);
359 case EAD_TYPE_GET_PRIME
:
360 B
= t_servergenexp(ts
);
362 case EAD_TYPE_SEND_A
:
363 skey
= t_servergetkey(ts
, &A
);
377 handle_ping(struct ead_packet
*pkt
, int len
, int *nstate
)
379 struct ead_msg
*msg
= &pktbuf
->msg
;
380 struct ead_msg_pong
*pong
= EAD_DATA(msg
, pong
);
383 slen
= strlen(dev_name
);
387 msg
->len
= htonl(sizeof(struct ead_msg_pong
) + slen
);
388 strncpy(pong
->name
, dev_name
, slen
);
389 pong
->name
[slen
] = 0;
390 pong
->auth_type
= htons(EAD_AUTH_MD5
);
396 handle_set_username(struct ead_packet
*pkt
, int len
, int *nstate
)
398 struct ead_msg
*msg
= &pkt
->msg
;
399 struct ead_msg_user
*user
= EAD_DATA(msg
, user
);
401 set_state(EAD_TYPE_SET_USERNAME
); /* clear old state */
402 strncpy(username
, user
->username
, sizeof(username
));
403 username
[sizeof(username
) - 1] = 0;
408 *nstate
= EAD_TYPE_GET_PRIME
;
413 handle_get_prime(struct ead_packet
*pkt
, int len
, int *nstate
)
415 struct ead_msg
*msg
= &pktbuf
->msg
;
416 struct ead_msg_salt
*salt
= EAD_DATA(msg
, salt
);
418 msg
->len
= htonl(sizeof(struct ead_msg_salt
));
419 salt
->prime
= tce
->index
- 1;
420 salt
->len
= ts
->s
.len
;
421 memcpy(salt
->salt
, ts
->s
.data
, ts
->s
.len
);
422 memcpy(salt
->ext_salt
, pw_saltbuf
, MAXSALTLEN
);
424 *nstate
= EAD_TYPE_SEND_A
;
429 handle_send_a(struct ead_packet
*pkt
, int len
, int *nstate
)
431 struct ead_msg
*msg
= &pkt
->msg
;
432 struct ead_msg_number
*number
= EAD_DATA(msg
, number
);
433 len
= ntohl(msg
->len
) - sizeof(struct ead_msg_number
);
435 if (len
> MAXPARAMLEN
+ 1)
440 memcpy(A
.data
, number
->data
, len
);
443 number
= EAD_DATA(msg
, number
);
444 msg
->len
= htonl(sizeof(struct ead_msg_number
) + B
->len
);
445 memcpy(number
->data
, B
->data
, B
->len
);
447 *nstate
= EAD_TYPE_SEND_AUTH
;
452 handle_send_auth(struct ead_packet
*pkt
, int len
, int *nstate
)
454 struct ead_msg
*msg
= &pkt
->msg
;
455 struct ead_msg_auth
*auth
= EAD_DATA(msg
, auth
);
457 if (t_serververify(ts
, auth
->data
) != 0) {
458 DEBUG(2, "Client authentication failed\n");
459 *nstate
= EAD_TYPE_SET_USERNAME
;
464 auth
= EAD_DATA(msg
, auth
);
465 msg
->len
= htonl(sizeof(struct ead_msg_auth
));
467 DEBUG(2, "Client authentication successful\n");
468 memcpy(auth
->data
, t_serverresponse(ts
), sizeof(auth
->data
));
470 *nstate
= EAD_TYPE_SEND_CMD
;
475 handle_send_cmd(struct ead_packet
*pkt
, int len
, int *nstate
)
477 struct ead_msg
*msg
= &pkt
->msg
;
478 struct ead_msg_cmd
*cmd
= EAD_ENC_DATA(msg
, cmd
);
479 struct ead_msg_cmd_data
*cmddata
;
480 struct timeval tv
, to
, tn
;
489 datalen
= ead_decrypt_message(msg
) - sizeof(struct ead_msg_cmd
);
493 type
= ntohs(cmd
->type
);
494 timeout
= ntohs(cmd
->timeout
);
497 cmd
->data
[datalen
] = 0;
503 fcntl(pfd
[0], F_SETFL
, O_NONBLOCK
| fcntl(pfd
[0], F_GETFL
));
504 child_pending
= true;
508 fd
= open("/dev/null", O_RDWR
);
514 system((char *)cmd
->data
);
516 } else if (pid
> 0) {
519 timeout
= EAD_CMD_TIMEOUT
;
525 case EAD_CMD_BACKGROUND
:
528 /* close stdin, stdout, stderr, replace with fd to /dev/null */
529 fd
= open("/dev/null", O_RDWR
);
535 system((char *)cmd
->data
);
537 } else if (pid
> 0) {
546 cmddata
= EAD_ENC_DATA(msg
, cmd_data
);
551 /* send keepalive packets every 200 ms so that the client doesn't timeout */
552 gettimeofday(&to
, NULL
);
553 memcpy(&tn
, &to
, sizeof(tn
));
554 tv
.tv_usec
= PCAP_TIMEOUT
* 1000;
558 FD_SET(pfd
[0], &fds
);
559 nfds
= select(pfd
[0] + 1, &fds
, NULL
, NULL
, &tv
);
562 bytes
= read(pfd
[0], cmddata
->data
, 1024);
566 if (!bytes
&& !child_pending
)
568 DEBUG(3, "Sending %d bytes of console data, type=%d, timeout=%d\n", bytes
, ntohl(msg
->type
), timeout
);
569 ead_encrypt_message(msg
, sizeof(struct ead_msg_cmd_data
) + bytes
);
570 ead_send_packet_clone(pkt
);
571 gettimeofday(&tn
, NULL
);
572 } while (tn
.tv_sec
< to
.tv_sec
+ timeout
);
579 ead_encrypt_message(msg
, sizeof(struct ead_msg_cmd_data
));
587 parse_message(struct ead_packet
*pkt
, int len
)
589 bool (*handler
)(struct ead_packet
*pkt
, int len
, int *nstate
);
590 int min_len
= sizeof(struct ead_packet
);
592 int type
= ntohl(pkt
->msg
.type
);
594 if ((type
>= EAD_TYPE_GET_PRIME
) &&
598 if ((type
!= EAD_TYPE_PING
) &&
599 ((ntohs(pkt
->msg
.sid
) & EAD_INSTANCE_MASK
) >>
600 EAD_INSTANCE_SHIFT
) != instance
->id
)
605 handler
= handle_ping
;
607 case EAD_TYPE_SET_USERNAME
:
608 handler
= handle_set_username
;
609 min_len
+= sizeof(struct ead_msg_user
);
611 case EAD_TYPE_GET_PRIME
:
612 handler
= handle_get_prime
;
614 case EAD_TYPE_SEND_A
:
615 handler
= handle_send_a
;
616 min_len
+= sizeof(struct ead_msg_number
);
618 case EAD_TYPE_SEND_AUTH
:
619 handler
= handle_send_auth
;
620 min_len
+= sizeof(struct ead_msg_auth
);
622 case EAD_TYPE_SEND_CMD
:
623 handler
= handle_send_cmd
;
624 min_len
+= sizeof(struct ead_msg_cmd
) + sizeof(struct ead_msg_encrypted
);
631 DEBUG(2, "discarding packet: message too small\n");
635 pktbuf
->msg
.magic
= htonl(EAD_MAGIC
);
636 pktbuf
->msg
.type
= htonl(type
+ 1);
637 pktbuf
->msg
.nid
= htons(nid
);
638 pktbuf
->msg
.sid
= pkt
->msg
.sid
;
641 if (handler(pkt
, len
, &nstate
)) {
642 DEBUG(2, "sending response to packet type %d: %d\n", type
+ 1, ntohl(pktbuf
->msg
.len
));
643 /* format response packet */
644 ead_send_packet_clone(pkt
);
650 handle_packet(u_char
*user
, const struct pcap_pkthdr
*h
, const u_char
*bytes
)
652 struct ead_packet
*pkt
= (struct ead_packet
*) bytes
;
654 if (h
->len
< sizeof(struct ead_packet
))
657 if (pkt
->eh
.ether_type
!= htons(ETHERTYPE_IP
))
660 if (memcmp(pkt
->eh
.ether_dhost
, "\xff\xff\xff\xff\xff\xff", 6) != 0)
663 if (pkt
->proto
!= UIP_PROTO_UDP
)
666 if (pkt
->destport
!= htons(EAD_PORT
))
669 if (pkt
->msg
.magic
!= htonl(EAD_MAGIC
))
672 if (h
->len
< sizeof(struct ead_packet
) + ntohl(pkt
->msg
.len
))
675 if ((pkt
->msg
.nid
!= 0xffff) &&
676 (pkt
->msg
.nid
!= htons(nid
)))
679 parse_message(pkt
, h
->len
);
683 ead_pcap_reopen(bool first
)
685 static char errbuf
[PCAP_ERRBUF_SIZE
] = "";
687 if (pcap_fp_rx
&& (pcap_fp_rx
!= pcap_fp
))
688 pcap_close(pcap_fp_rx
);
695 if (instance
->bridge
[0]) {
696 pcap_fp_rx
= ead_open_pcap(instance
->bridge
, errbuf
, 1);
697 pcap_fp
= ead_open_pcap(instance
->ifname
, errbuf
, 0);
699 pcap_fp
= ead_open_pcap(instance
->ifname
, errbuf
, 1);
703 pcap_fp_rx
= pcap_fp
;
704 if (first
&& !pcap_fp
) {
705 DEBUG(1, "WARNING: unable to open interface '%s'\n", instance
->ifname
);
711 pcap_setfilter(pcap_fp_rx
, &pktfilter
);
719 if (pcap_dispatch(pcap_fp_rx
, 1, handle_packet
, NULL
) < 0) {
720 ead_pcap_reopen(false);
728 usage(const char *prog
)
730 fprintf(stderr
, "Usage: %s [<options>]\n"
732 "\t-B Run in background mode\n"
733 "\t-d <device> Set the device to listen on\n"
734 "\t-D <name> Set the name of the device visible to clients\n"
735 "\t-p <file> Set the password file for authenticating\n"
736 "\t-P <file> Write a pidfile\n"
742 server_handle_sigchld(int sig
)
744 struct ead_instance
*in
;
749 list_for_each(p
, &instances
) {
750 in
= list_entry(p
, struct ead_instance
, list
);
760 instance_handle_sigchld(int sig
)
764 child_pending
= false;
768 start_server(struct ead_instance
*i
)
780 signal(SIGCHLD
, instance_handle_sigchld
);
781 ead_pcap_reopen(true);
784 if (pcap_fp_rx
!= pcap_fp
)
785 pcap_close(pcap_fp_rx
);
792 start_servers(bool restart
)
794 struct ead_instance
*in
;
797 list_for_each(p
, &instances
) {
798 in
= list_entry(p
, struct ead_instance
, list
);
808 stop_server(struct ead_instance
*in
, bool do_free
)
811 kill(in
->pid
, SIGKILL
);
820 server_handle_sigint(int sig
)
822 struct ead_instance
*in
;
823 struct list_head
*p
, *tmp
;
825 list_for_each_safe(p
, tmp
, &instances
) {
826 in
= list_entry(p
, struct ead_instance
, list
);
827 stop_server(in
, true);
833 check_bridge_port(const char *br
, const char *port
, void *arg
)
835 struct ead_instance
*in
;
838 list_for_each(p
, &instances
) {
839 in
= list_entry(p
, struct ead_instance
, list
);
841 if (strcmp(in
->ifname
, port
) != 0)
845 if (strcmp(in
->bridge
, br
) == 0)
848 strncpy(in
->bridge
, br
, sizeof(in
->bridge
));
849 DEBUG(2, "assigning port %s to bridge %s\n", in
->ifname
, in
->bridge
);
850 stop_server(in
, false);
856 check_bridge(const char *name
, void *arg
)
858 br_foreach_port(name
, check_bridge_port
, arg
);
863 check_all_interfaces(void)
865 struct ead_instance
*in
;
868 br_foreach_bridge(check_bridge
, NULL
);
870 /* look for interfaces that are no longer part of a bridge */
871 list_for_each(p
, &instances
) {
872 in
= list_entry(p
, struct ead_instance
, list
);
875 in
->br_check
= false;
876 } else if (in
->bridge
[0]) {
877 DEBUG(2, "removing port %s from bridge %s\n", in
->ifname
, in
->bridge
);
879 stop_server(in
, false);
885 int main(int argc
, char **argv
)
887 struct ead_instance
*in
;
889 const char *pidfile
= NULL
;
890 bool background
= false;
895 return usage(argv
[0]);
897 INIT_LIST_HEAD(&instances
);
898 while ((ch
= getopt(argc
, argv
, "Bd:D:fhp:P:")) != -1) {
907 return usage(argv
[0]);
909 in
= malloc(sizeof(struct ead_instance
));
910 memset(in
, 0, sizeof(struct ead_instance
));
911 INIT_LIST_HEAD(&in
->list
);
912 strncpy(in
->ifname
, optarg
, sizeof(in
->ifname
) - 1);
913 list_add(&in
->list
, &instances
);
920 passwd_file
= optarg
;
927 signal(SIGCHLD
, server_handle_sigchld
);
928 signal(SIGINT
, server_handle_sigint
);
929 signal(SIGTERM
, server_handle_sigint
);
930 signal(SIGKILL
, server_handle_sigint
);
933 fprintf(stderr
, "Error: ead needs at least one interface\n");
941 fd
= open("/dev/null", O_RDWR
);
952 fd
= open(pidfile
, O_CREAT
|O_WRONLY
|O_EXCL
, 0644);
954 len
= sprintf(pid
, "%d\n", getpid());
960 /* randomize the mac address */
961 get_random_bytes(ethmac
+ 3, 3);
962 nid
= *(((u16_t
*) ethmac
) + 2);
964 start_servers(false);
969 check_all_interfaces();