summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorOthmar Gsenger <otti@anytun.org>2008-11-28 17:39:14 +0000
committerOthmar Gsenger <otti@anytun.org>2008-11-28 17:39:14 +0000
commit409d58d0b63a113b29d8ce7c75a70e6dbbb39e69 (patch)
tree27a2526d6fc3b4600f18572e77f9fb8890ccfb39
parentfixed datatypes (really using boost now) (diff)
added compile time options NOCRYPT,NODAEMON,NOEXEC for easyier windows porting
moved crypto init functions to cryptinit.hpp and exec to sysexec.hpp (as this will be platform dependant)
-rw-r--r--src/anytun.cpp158
-rw-r--r--src/authAlgo.cpp3
-rw-r--r--src/authAlgo.h3
-rw-r--r--src/authAlgoFactory.cpp2
-rw-r--r--src/cipher.cpp7
-rw-r--r--src/cipher.h3
-rw-r--r--src/cipherFactory.cpp2
-rw-r--r--src/cryptinit.hpp82
-rw-r--r--src/daemon.hpp6
-rw-r--r--src/keyDerivation.cpp7
-rw-r--r--src/keyDerivation.h3
-rw-r--r--src/keyDerivationFactory.cpp2
-rw-r--r--src/sysexec.hpp26
13 files changed, 152 insertions, 152 deletions
diff --git a/src/anytun.cpp b/src/anytun.cpp
index 3e1c4fc..553c451 100644
--- a/src/anytun.cpp
+++ b/src/anytun.cpp
@@ -40,7 +40,9 @@
#include <unistd.h>
#include <boost/bind.hpp>
+#ifndef NOCRYPT
#include <gcrypt.h>
+#endif
#include <cerrno> // for ENOMEM
#include "datatypes.h"
@@ -76,6 +78,10 @@
#include "threadParam.h"
#define MAX_PACKET_LENGTH 1600
+#include "cryptinit.hpp"
+#include "daemon.hpp"
+#include "sysexec.hpp"
+
#define SESSION_KEYLEN_AUTH 20 // TODO: hardcoded size
#define SESSION_KEYLEN_ENCR 16 // TODO: hardcoded size
#define SESSION_KEYLEN_SALT 14 // TODO: hardcoded size
@@ -342,150 +348,6 @@ void receiver(void* p)
}
}
-// boost thread callbacks for libgcrypt
-#if defined(BOOST_HAS_PTHREADS)
-
-static int boost_mutex_init(void **priv)
-{
- boost::mutex *lock = new boost::mutex();
- if (!lock)
- return ENOMEM;
- *priv = lock;
- return 0;
-}
-
-static int boost_mutex_destroy(void **lock)
-{
- delete reinterpret_cast<boost::mutex*>(*lock);
- return 0;
-}
-
-static int boost_mutex_lock(void **lock)
-{
- reinterpret_cast<boost::mutex*>(*lock)->lock();
- return 0;
-}
-
-static int boost_mutex_unlock(void **lock)
-{
- reinterpret_cast<boost::mutex*>(*lock)->unlock();
- return 0;
-}
-
-static struct gcry_thread_cbs gcry_threads_boost =
-{ GCRY_THREAD_OPTION_USER, NULL,
- boost_mutex_init, boost_mutex_destroy,
- boost_mutex_lock, boost_mutex_unlock };
-#else
-#error this libgcrypt thread callbacks only work with pthreads
-#endif
-
-#define MIN_GCRYPT_VERSION "1.2.0"
-
-bool initLibGCrypt()
-{
- // make libgcrypt thread safe
- // this must be called before any other libgcrypt call
- gcry_control( GCRYCTL_SET_THREAD_CBS, &gcry_threads_boost );
-
- // this must be called right after the GCRYCTL_SET_THREAD_CBS command
- // no other function must be called till now
- if( !gcry_check_version( MIN_GCRYPT_VERSION ) ) {
- std::cout << "initLibGCrypt: Invalid Version of libgcrypt, should be >= " << MIN_GCRYPT_VERSION << std::endl;
- return false;
- }
-
- gcry_error_t err = gcry_control (GCRYCTL_DISABLE_SECMEM, 0);
- if( err ) {
- char buf[STERROR_TEXT_MAX];
- buf[0] = 0;
- std::cout << "initLibGCrypt: Failed to disable secure memory: " << gpg_strerror_r(err, buf, STERROR_TEXT_MAX) << std::endl;
- return false;
- }
-
- // Tell Libgcrypt that initialization has completed.
- err = gcry_control(GCRYCTL_INITIALIZATION_FINISHED);
- if( err ) {
- char buf[STERROR_TEXT_MAX];
- buf[0] = 0;
- std::cout << "initLibGCrypt: Failed to finish initialization: " << gpg_strerror_r(err, buf, STERROR_TEXT_MAX) << std::endl;
- return false;
- }
-
- cLog.msg(Log::PRIO_NOTICE) << "initLibGCrypt: libgcrypt init finished";
- return true;
-}
-
-void chrootAndDrop(std::string const& chrootdir, std::string const& username)
-{
- if (getuid() != 0)
- {
- std::cerr << "this programm has to be run as root in order to run in a chroot" << std::endl;
- exit(-1);
- }
-
- struct passwd *pw = getpwnam(username.c_str());
- if(pw) {
- if(chroot(chrootdir.c_str()))
- {
- std::cerr << "can't chroot to " << chrootdir << std::endl;
- exit(-1);
- }
- cLog.msg(Log::PRIO_NOTICE) << "we are in chroot jail (" << chrootdir << ") now" << std::endl;
- chdir("/");
- if (initgroups(pw->pw_name, pw->pw_gid) || setgid(pw->pw_gid) || setuid(pw->pw_uid))
- {
- std::cerr << "can't drop to user " << username << " " << pw->pw_uid << ":" << pw->pw_gid << std::endl;
- exit(-1);
- }
- cLog.msg(Log::PRIO_NOTICE) << "dropped user to " << username << " " << pw->pw_uid << ":" << pw->pw_gid << std::endl;
- }
- else
- {
- std::cerr << "unknown user " << username << std::endl;
- exit(-1);
- }
-}
-
-void daemonize()
-{
- pid_t pid;
-
- pid = fork();
- if(pid) exit(0);
- setsid();
- pid = fork();
- if(pid) exit(0);
-
-// std::cout << "running in background now..." << std::endl;
-
- int fd;
-// for (fd=getdtablesize();fd>=0;--fd) // close all file descriptors
- for (fd=0;fd<=2;fd++) // close all file descriptors
- close(fd);
- fd=open("/dev/null",O_RDWR); // stdin
- dup(fd); // stdout
- dup(fd); // stderr
- umask(027);
-}
-
-int execScript(std::string const& script, std::string const& ifname)
-{
- pid_t pid;
- pid = fork();
- if(!pid) {
- int fd;
- for (fd=getdtablesize();fd>=0;--fd) // close all file descriptors
- close(fd);
- fd=open("/dev/null",O_RDWR); // stdin
- dup(fd); // stdout
- dup(fd); // stderr
- return execl("/bin/sh", "/bin/sh", script.c_str(), ifname.c_str(), NULL);
- }
- int status = 0;
- waitpid(pid, &status, 0);
- return status;
-}
int main(int argc, char* argv[])
{
@@ -513,10 +375,12 @@ int main(int argc, char* argv[])
cLog.msg(Log::PRIO_NOTICE) << "dev created (opened)";
cLog.msg(Log::PRIO_NOTICE) << "dev opened - actual name is '" << dev.getActualName() << "'";
cLog.msg(Log::PRIO_NOTICE) << "dev type is '" << dev.getTypeString() << "'";
+#ifndef NOEXEC
if(gOpt.getPostUpScript() != "") {
int postup_ret = execScript(gOpt.getPostUpScript(), dev.getActualName());
cLog.msg(Log::PRIO_NOTICE) << "post up script '" << gOpt.getPostUpScript() << "' returned " << postup_ret;
}
+#endif
PacketSource* src;
if(gOpt.getLocalAddr() == "")
@@ -537,6 +401,7 @@ int main(int argc, char* argv[])
createConnection(endpoint,cl,gOpt.getSeqWindowSize(), queue, gOpt.getMux());
}
+#ifndef NODAEMON
if(gOpt.getChroot())
chrootAndDrop(gOpt.getChrootDir(), gOpt.getUsername());
if(gOpt.getDaemonize())
@@ -544,6 +409,7 @@ int main(int argc, char* argv[])
daemonize();
daemonized = true;
}
+#endif
if(pidFile.is_open()) {
pid_t pid = getpid();
@@ -556,9 +422,11 @@ int main(int argc, char* argv[])
ThreadParam p(dev, *src, cl, queue,*(new OptionConnectTo()));
- // this must be called before any other libgcrypt call
+#ifndef NOCRYPT
+// this must be called before any other libgcrypt call
if(!initLibGCrypt())
return -1;
+#endif
boost::thread senderThread(boost::bind(sender,&p));
boost::thread receiverThread(boost::bind(receiver,&p));
diff --git a/src/authAlgo.cpp b/src/authAlgo.cpp
index 80ee3ba..ebd76d2 100644
--- a/src/authAlgo.cpp
+++ b/src/authAlgo.cpp
@@ -54,6 +54,7 @@ u_int32_t NullAuthAlgo::getMaxLength()
return MAX_LENGTH_;
}
+#ifndef NOCRYPT
//****** Sha1AuthAlgo ******
Sha1AuthAlgo::Sha1AuthAlgo() : ctx_(NULL)
@@ -128,3 +129,5 @@ u_int32_t Sha1AuthAlgo::getMaxLength()
{
return MAX_LENGTH_;
}
+#endif
+
diff --git a/src/authAlgo.h b/src/authAlgo.h
index c53f3c0..2e01c0b 100644
--- a/src/authAlgo.h
+++ b/src/authAlgo.h
@@ -81,7 +81,7 @@ public:
static const u_int32_t MAX_LENGTH_ = 0;
};
-
+#ifndef NOCRYPT
//****** Sha1AuthAlgo ******
//* HMAC SHA1 Auth Tag Generator Class
@@ -101,5 +101,6 @@ public:
private:
gcry_md_hd_t ctx_;
};
+#endif
#endif
diff --git a/src/authAlgoFactory.cpp b/src/authAlgoFactory.cpp
index 4e51f36..333c47c 100644
--- a/src/authAlgoFactory.cpp
+++ b/src/authAlgoFactory.cpp
@@ -40,8 +40,10 @@ AuthAlgo* AuthAlgoFactory::create(std::string const& type)
{
if( type == "null" )
return new NullAuthAlgo();
+#ifndef NOCRYPT
else if( type == "sha1" )
return new Sha1AuthAlgo();
+#endif
else
throw std::invalid_argument("auth algo not available");
}
diff --git a/src/cipher.cpp b/src/cipher.cpp
index ab8b013..edfc760 100644
--- a/src/cipher.cpp
+++ b/src/cipher.cpp
@@ -34,10 +34,12 @@
#include <string>
#include <cstdio>
#include <cstring>
+#ifndef NOCRYPT
#include <gcrypt.h>
+#include "mpi.h"
+#endif
#include "cipher.h"
-#include "mpi.h"
#include "log.h"
@@ -73,7 +75,7 @@ u_int32_t NullCipher::decipher(u_int8_t* in, u_int32_t ilen, u_int8_t* out, u_in
return (ilen < olen) ? ilen : olen;
}
-
+#ifndef NOCRYPT
//****** AesIcmCipher ******
AesIcmCipher::AesIcmCipher() : cipher_(NULL)
@@ -178,4 +180,5 @@ void AesIcmCipher::calc(u_int8_t* in, u_int32_t ilen, u_int8_t* out, u_int32_t o
return;
}
}
+#endif
diff --git a/src/cipher.h b/src/cipher.h
index f590aef..d402bce 100644
--- a/src/cipher.h
+++ b/src/cipher.h
@@ -70,6 +70,7 @@ protected:
u_int32_t decipher(u_int8_t* in, u_int32_t ilen, u_int8_t* out, u_int32_t olen, seq_nr_t seq_nr, sender_id_t sender_id, mux_t mux);
};
+#ifndef NOCRYPT
//****** AesIcmCipher ******
class AesIcmCipher : public Cipher
@@ -90,6 +91,6 @@ private:
gcry_cipher_hd_t cipher_;
Buffer salt_;
};
-
+#endif
#endif
diff --git a/src/cipherFactory.cpp b/src/cipherFactory.cpp
index 228b29b..b02e5bc 100644
--- a/src/cipherFactory.cpp
+++ b/src/cipherFactory.cpp
@@ -40,8 +40,10 @@ Cipher* CipherFactory::create(std::string const& type)
{
if( type == "null" )
return new NullCipher();
+#ifndef NOCRYPT
else if( type == "aes-ctr" )
return new AesIcmCipher();
+#endif
else
throw std::invalid_argument("cipher not available");
}
diff --git a/src/cryptinit.hpp b/src/cryptinit.hpp
new file mode 100644
index 0000000..567a374
--- /dev/null
+++ b/src/cryptinit.hpp
@@ -0,0 +1,82 @@
+#ifndef _CRYPTINIT_HPP
+#define _CRYPTINIT_HPP
+#ifndef NOCRYPT
+
+// boost thread callbacks for libgcrypt
+#if defined(BOOST_HAS_PTHREADS)
+
+static int boost_mutex_init(void **priv)
+{
+ boost::mutex *lock = new boost::mutex();
+ if (!lock)
+ return ENOMEM;
+ *priv = lock;
+ return 0;
+}
+
+static int boost_mutex_destroy(void **lock)
+{
+ delete reinterpret_cast<boost::mutex*>(*lock);
+ return 0;
+}
+
+static int boost_mutex_lock(void **lock)
+{
+ reinterpret_cast<boost::mutex*>(*lock)->lock();
+ return 0;
+}
+
+static int boost_mutex_unlock(void **lock)
+{
+ reinterpret_cast<boost::mutex*>(*lock)->unlock();
+ return 0;
+}
+
+static struct gcry_thread_cbs gcry_threads_boost =
+{ GCRY_THREAD_OPTION_USER, NULL,
+ boost_mutex_init, boost_mutex_destroy,
+ boost_mutex_lock, boost_mutex_unlock };
+#else
+#error this libgcrypt thread callbacks only work with pthreads
+#endif
+
+
+#define MIN_GCRYPT_VERSION "1.2.0"
+
+bool initLibGCrypt()
+{
+ // make libgcrypt thread safe
+ // this must be called before any other libgcrypt call
+ gcry_control( GCRYCTL_SET_THREAD_CBS, &gcry_threads_boost );
+
+ // this must be called right after the GCRYCTL_SET_THREAD_CBS command
+ // no other function must be called till now
+ if( !gcry_check_version( MIN_GCRYPT_VERSION ) ) {
+ std::cout << "initLibGCrypt: Invalid Version of libgcrypt, should be >= " << MIN_GCRYPT_VERSION << std::endl;
+ return false;
+ }
+
+ gcry_error_t err = gcry_control (GCRYCTL_DISABLE_SECMEM, 0);
+ if( err ) {
+ char buf[STERROR_TEXT_MAX];
+ buf[0] = 0;
+ std::cout << "initLibGCrypt: Failed to disable secure memory: " << gpg_strerror_r(err, buf, STERROR_TEXT_MAX) << std::endl;
+ return false;
+ }
+
+ // Tell Libgcrypt that initialization has completed.
+ err = gcry_control(GCRYCTL_INITIALIZATION_FINISHED);
+ if( err ) {
+ char buf[STERROR_TEXT_MAX];
+ buf[0] = 0;
+ std::cout << "initLibGCrypt: Failed to finish initialization: " << gpg_strerror_r(err, buf, STERROR_TEXT_MAX) << std::endl;
+ return false;
+ }
+
+ cLog.msg(Log::PRIO_NOTICE) << "initLibGCrypt: libgcrypt init finished";
+ return true;
+}
+
+#endif
+#endif
+
diff --git a/src/daemon.hpp b/src/daemon.hpp
index 13c4132..be5c710 100644
--- a/src/daemon.hpp
+++ b/src/daemon.hpp
@@ -1,3 +1,6 @@
+#ifndef _DAEMON_HPP
+#define _DAEMON_HPP
+#ifndef NODAEMON
void chrootAndDrop(std::string const& chrootdir, std::string const& username)
{
@@ -51,5 +54,6 @@ void daemonize()
dup(fd); // stderr
umask(027);
}
-
+#endif
+#endif
diff --git a/src/keyDerivation.cpp b/src/keyDerivation.cpp
index 1c88352..946943e 100644
--- a/src/keyDerivation.cpp
+++ b/src/keyDerivation.cpp
@@ -32,15 +32,16 @@
#include "log.h"
#include "keyDerivation.h"
-#include "mpi.h"
#include "threadUtils.hpp"
#include <stdexcept>
#include <iostream>
#include <string>
+#ifndef NOCRYPT
#include <gcrypt.h>
-
+#include "mpi.h"
+#endif
void KeyDerivation::setLogKDRate(const uint8_t log_rate)
{
@@ -56,6 +57,7 @@ void NullKeyDerivation::generate(satp_prf_label label, seq_nr_t seq_nr, Buffer&
for(u_int32_t i=0; i < key.getLength(); ++i) key[i] = 0;
}
+#ifndef NOCRYPT
//****** AesIcmKeyDerivation ******
AesIcmKeyDerivation::~AesIcmKeyDerivation()
@@ -165,4 +167,5 @@ void AesIcmKeyDerivation::generate(satp_prf_label label, seq_nr_t seq_nr, Buffer
cLog.msg(Log::PRIO_ERR) << "KeyDerivation::generate: Failed to generate cipher bitstream: " << gpg_strerror_r(err, buf, STERROR_TEXT_MAX);
}
}
+#endif
diff --git a/src/keyDerivation.h b/src/keyDerivation.h
index b64500b..0f41895 100644
--- a/src/keyDerivation.h
+++ b/src/keyDerivation.h
@@ -111,6 +111,7 @@ private:
};
+#ifndef NOCRYPT
//****** AesIcmKeyDerivation ******
class AesIcmKeyDerivation : public KeyDerivation
@@ -139,3 +140,5 @@ private:
#endif
+#endif
+
diff --git a/src/keyDerivationFactory.cpp b/src/keyDerivationFactory.cpp
index 56a750a..58518b8 100644
--- a/src/keyDerivationFactory.cpp
+++ b/src/keyDerivationFactory.cpp
@@ -40,8 +40,10 @@ KeyDerivation* KeyDerivationFactory::create(std::string const& type)
{
if( type == "null" )
return new NullKeyDerivation();
+#ifndef NOCRYPT
else if( type == "aes-ctr" )
return new AesIcmKeyDerivation();
+#endif
else
throw std::invalid_argument("key derivation prf not available");
}
diff --git a/src/sysexec.hpp b/src/sysexec.hpp
new file mode 100644
index 0000000..73a18bf
--- /dev/null
+++ b/src/sysexec.hpp
@@ -0,0 +1,26 @@
+#ifndef _SYSEXEC_HPP
+#define _SYSEXEC_HPP
+#ifndef NOEXEC
+
+int execScript(std::string const& script, std::string const& ifname)
+{
+ pid_t pid;
+ pid = fork();
+ if(!pid) {
+ int fd;
+ for (fd=getdtablesize();fd>=0;--fd) // close all file descriptors
+ close(fd);
+ fd=open("/dev/null",O_RDWR); // stdin
+ dup(fd); // stdout
+ dup(fd); // stderr
+ return execl("/bin/sh", "/bin/sh", script.c_str(), ifname.c_str(), NULL);
+ }
+ int status = 0;
+ waitpid(pid, &status, 0);
+ return status;
+}
+
+
+#endif
+#endif
+