Nelze vybrat více než 25 témat Téma musí začínat písmenem nebo číslem, může obsahovat pomlčky („-“) a může být dlouhé až 35 znaků.

snfNETmgr.cpp 48KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778
  1. // snfNETmgr.cpp
  2. //
  3. // (C) Copyright 2006 - 2009 ARM Research Labs, LLC
  4. // See www.armresearch.com for the copyright terms.
  5. //
  6. // See snfNETmgr.hpp for details.
  7. #include <sys/types.h>
  8. #include <sys/stat.h>
  9. #include <ctime>
  10. #include <cstring>
  11. #include <string>
  12. #include <vector>
  13. #include <fstream>
  14. #include <sstream>
  15. #include "snfNETmgr.hpp"
  16. #include "snf_sync.hpp"
  17. #include "../CodeDweller/mangler.hpp"
  18. #include "../CodeDweller/base64codec.hpp"
  19. // #include "tcp_watchdog.hpp" No longer using TCPWatchdog -- see below _M
  20. using namespace std;
  21. ///// utilities ////////////////////////////////////////////////////////////////
  22. const int MSecsInSecs = 1000; // Multiplier - seconds to milliseconds.
  23. unsigned long long int SecsAsMSecs(unsigned int Secs) {
  24. return (MSecsInSecs * Secs);
  25. }
  26. //// snfNETmgr /////////////////////////////////////////////////////////////////
  27. const ThreadType snfNETmgr::Type("snfNETManager"); // The thread's type.
  28. const ThreadState snfNETmgr::Sleeping("Sleeping"); // Taking a break.
  29. const ThreadState snfNETmgr::SYNC_Connect("Connecting"); // Connecting to SYNC server.
  30. const ThreadState snfNETmgr::SYNC_Read_Challenge("Reading challenge"); // Reading challenge.
  31. const ThreadState snfNETmgr::SYNC_Compute_Response("Computing crypto"); // Computing crypto response.
  32. const ThreadState snfNETmgr::SYNC_Send_Response("Sending crypto"); // Sending crypto response.
  33. const ThreadState snfNETmgr::SYNC_Read_Availabilty("Reading Availability"); // Reading rulebase status.
  34. const ThreadState snfNETmgr::SYNC_Send_GBUdb_Alerts("Sending GBUdb"); // Sending GBUdb alerts.
  35. const ThreadState snfNETmgr::SYNC_Send_Status_Reports("Sending Status"); // Sending status reports.
  36. const ThreadState snfNETmgr::SYNC_Send_Samples("Sending Samples"); // Sending message samples.
  37. const ThreadState snfNETmgr::SYNC_Send_End_Of_Report("Sending End"); // Sending end of client data.
  38. const ThreadState snfNETmgr::SYNC_Read_Server_Response("Reading Server"); // Reading server data.
  39. const ThreadState snfNETmgr::SYNC_Close_Connection("Closing Connection"); // Closing connection.
  40. const ThreadState snfNETmgr::SYNC_Parse_GBUdb_Reflections("Parsing GBUdb"); // Parsing GBUdb reflections.
  41. const ThreadState snfNETmgr::SYNC_Log_Event("Logging SYNC"); // Logging SYNC event.
  42. snfNETmgr::snfNETmgr() : // Starting up the NETmgr
  43. Thread(snfNETmgr::Type, "NET Manager"), // Network manager and Name.
  44. myLOGmgr(NULL), // No LOGmgr yet.
  45. isTimeToStop(false), // Not time to stop yet.
  46. isConfigured(false), // Not configured yet.
  47. SYNCTimer(30000), // Sync every 30 secs by default.
  48. SyncSecsOverride(-1) { // Override is -1 (off) by default.
  49. run(); // Run the thread.
  50. }
  51. snfNETmgr::~snfNETmgr() { // On descruction, NETmgr must
  52. stop(); // Stop it's thread (if not already)
  53. myLOGmgr = NULL; // Clear out the LOGmgr hookup
  54. isConfigured = false; // and the configured flag.
  55. }
  56. void snfNETmgr::stop() { // The stop method...
  57. if(!isTimeToStop) { // only does it's work once:
  58. isTimeToStop = true; // tells it's thread to stop
  59. join(); // and waits for it to shut down.
  60. }
  61. }
  62. void snfNETmgr::myTask() { // Here's the thread task.
  63. Sleeper WaitASecond(1000); // Heartbeat timer.
  64. while(false == isTimeToStop) { // Until it's time to stop,
  65. CurrentThreadState(Sleeping); // post our status,
  66. WaitASecond(); // pause for a second,
  67. if(isConfigured) { // then poll our tasks.
  68. // Do stuff here that requires configuration data.
  69. if(SYNCTimer.isExpired()) { sync(); SYNCTimer.restart(); } // If it's time to sync - do it :-)
  70. }
  71. }
  72. }
  73. void snfNETmgr::linkLOGmgr(snfLOGmgr& L) { // Set the LOGmgr.
  74. myLOGmgr = &L;
  75. }
  76. void snfNETmgr::linkGBUdbmgr(snfGBUdbmgr& G) { // Set the GBUdbmgr.
  77. myGBUdbmgr = &G;
  78. }
  79. // In theory, configure will get called each time the rulebase manager loads
  80. // a new configuration / rulebase. The configure() method updates the bits of
  81. // NETmgr that run background tasks. Live-Data tasks pass their grab()bed
  82. // CFGData object in order to maintain self-consistency.
  83. void snfNETmgr::configure(snfCFGData& CFGData) { // Update the configuration.
  84. ScopeMutex CFGDataExchange(ConfigMutex); // Lock the config data during updates.
  85. // Update the internal config data from CFGData while we are locked.
  86. // Internal functions which depend on this data will lock the object,
  87. // grab the bits they depend upon for that pass, and then unlock.
  88. RulebaseFilePath = CFGData.RuleFilePath; // Where we can find our rulebase?
  89. SyncHostName = CFGData.network_sync_host; // Where do we connect to sync?
  90. SyncHostPort = CFGData.network_sync_port; // What port do we use to sync?
  91. HandshakeFilePath = CFGData.paths_workspace_path + ".handshake"; // Where we store our handshake.
  92. UpdateReadyFilePath = CFGData.paths_workspace_path + "UpdateReady.txt"; // Where we put update trigger files.
  93. SyncSecsConfigured = CFGData.network_sync_secs; // Capture the configured sync time.
  94. if(0 > SyncSecsOverride) { // If the sync timer isn't in override,
  95. if(SYNCTimer.getDuration() != SecsAsMSecs(SyncSecsConfigured)) { // And the config time is different than
  96. SYNCTimer.setDuration(SecsAsMSecs(SyncSecsConfigured)); // the timer's current setting then set
  97. } // the timer to the new value.
  98. } // If we are in override, timer is set.
  99. License = CFGData.node_licenseid; // Capture our node id (license id).
  100. SecurityKey = CFGData.SecurityKey; // Capture our security key.
  101. evolvePad(CFGData.SecurityKey); // Seed our Pad generator with it.
  102. // Safety check before turning this on ;-)
  103. if(
  104. NULL != myLOGmgr &&
  105. NULL != myGBUdbmgr
  106. ) { // If we are properly linked then
  107. isConfigured = true; // at this point we are configured!
  108. }
  109. }
  110. void snfNETmgr::sendSample( // Send a sampled message...
  111. snfCFGData& CFGData, // Use this configuration,
  112. snfScanData& ScanData, // Include this scan data,
  113. const unsigned char* MessageBuffer, // This is the message itself
  114. int MessageLength // and it is this size.
  115. ) {
  116. string TimeStamp; (*myLOGmgr).Timestamp(TimeStamp); // Grab a timestamp.
  117. ostringstream XML; // Make formatting easier with this.
  118. //-- <sample...>
  119. XML << "<sample node=\'" << CFGData.node_licenseid << "\' "
  120. << "time=\'" << TimeStamp << "\' "
  121. << "result=\'" << ScanData.CompositeFinalResult << "\'>" << endl;
  122. //-- <ip...>
  123. XML << "<ip range=\'";
  124. string IPRange;
  125. switch(ScanData.SourceIPRange()) {
  126. case Unknown: { IPRange = "Unknown"; break; } // Unknown - not defined.
  127. case White: { IPRange = "White"; break; } // This is a good guy.
  128. case Normal: { IPRange = "Normal"; break; } // Benefit of the doubt.
  129. case New: { IPRange = "New"; break; } // It is new to us.
  130. case Caution: { IPRange = "Caution"; break; } // This is suspicious.
  131. case Black: { IPRange = "Black"; break; } // This is bad.
  132. case Truncate: { IPRange = "Truncate"; break; } // Don't even bother looking.
  133. }
  134. SocketAddress IP;
  135. IP.setAddress(ScanData.SourceIPRecord().IP);
  136. XML << IPRange << "\' ip=\'" << (string) IP4Address(IP.getAddress()) << "\' t=\'";
  137. string IPType;
  138. switch(ScanData.SourceIPRecord().GBUdbData.Flag()) {
  139. case Good: { IPType = "Good"; break; }
  140. case Bad: { IPType = "Bad"; break; }
  141. case Ugly: { IPType = "Ugly"; break; }
  142. case Ignore: { IPType = "Ignore"; break; }
  143. }
  144. XML << IPType << "\' b=\'" << ScanData.SourceIPRecord().GBUdbData.Bad()
  145. << "\' g=\'" << ScanData.SourceIPRecord().GBUdbData.Good()
  146. << "\'/>" << endl;
  147. //-- <match...> as many as needed
  148. if(0 < ScanData.MatchRecords.size()) { // If we have match records - emit them.
  149. list<snf_match>::iterator iM; // Grab an iterator.
  150. for( // Emit each snf_match entry.
  151. iM = ScanData.MatchRecords.begin();
  152. iM != ScanData.MatchRecords.end();
  153. iM++) {
  154. XML << "<match r=\'" << (*iM).ruleid << "\' "
  155. << "g=\'" << (*iM).symbol << "\' "
  156. << "i=\'" << (*iM).index << "\' "
  157. << "e=\'" << (*iM).endex << "\' "
  158. << "f=\'" << (*iM).flag << "\'/>";
  159. }
  160. }
  161. //-- <msg...>
  162. XML << "<msg size=\'" << ScanData.ScanSize << "'>" << endl; // Starting with the msg element.
  163. to_base64 EncodedMessageData(
  164. reinterpret_cast<const char*>(MessageBuffer), MessageLength); // Encode the message to base64.
  165. const int SampleLineLength = 64; // 64 bytes per line is good.
  166. for(int i = 0; i < MessageLength;) { // Now we break it into lines
  167. for(int l = 0; l < SampleLineLength && i < MessageLength; l++, i++) { // that are a reasonable length.
  168. XML << EncodedMessageData.at(i); // Emit one character at a time...
  169. } // At the end of a reasonable
  170. XML << endl; // length we terminate the line.
  171. }
  172. XML << "</msg>" << endl; // End of the <msg> element.
  173. //-- done with the sample!
  174. XML << "</sample>" << endl;
  175. // Last thing we do is post the formatted string to the buffer.
  176. const unsigned int SampleSafetyLimit = 100000; // 100 Kbyte limit on samples.
  177. ScopeMutex DoNotDisturb(myMutex); // Don't bug me man I'm busy.
  178. if(SampleSafetyLimit < SamplesBuffer.length()) // If the samples buffer is full
  179. SamplesBuffer.clear(); // clear it before adding more.
  180. SamplesBuffer.append(XML.str()); // Append the XML to the buffer.
  181. }
  182. string snfNETmgr::getSamples() { // Synchronized way to get Samples.
  183. ScopeMutex DoNotDisturb(myMutex); // Lock the mutex to protect our work.
  184. string SamplesBatch = SamplesBuffer; // Copy the samples to a new string.
  185. SamplesBuffer.clear(); // Clear the samples buffer.
  186. return SamplesBatch; // Return a batch of Samples.
  187. }
  188. void snfNETmgr::sendReport(const string& S) { // How to send a status report.
  189. const unsigned int ReportSafetyLimit = 100000; // 100 Kbytes limit on reports.
  190. ScopeMutex DoNotDisturb(myMutex); // Lock the mutex for a moment.
  191. if(ReportSafetyLimit < ReportsBuffer.length()) // If the reports buffer is full
  192. ReportsBuffer.clear(); // clear it before adding more.
  193. ReportsBuffer.append(S); // Append the report.
  194. }
  195. string snfNETmgr::getReports() { // Synchronized way to get Reports.
  196. ScopeMutex DoNotDisturb(myMutex); // Lock the mutex to protect our work.
  197. string ReportsBatch = ReportsBuffer; // Copy the reports to a new string.
  198. ReportsBuffer.clear(); // Clear the reports buffer.
  199. return ReportsBatch; // Return a batch of Reports.
  200. }
  201. string& snfNETmgr::RulebaseUTC(string& t) { // Gets local rulebase file UTC.
  202. struct stat RulebaseStat; // First we need a stat buffer.
  203. if(0 != stat(RulebaseFilePath.c_str(), &RulebaseStat)) { // If we can't get the stat we
  204. t.append("000000000000"); return t; // will return 000000000000 to
  205. } // make sure we should get the file.
  206. struct tm RulebaseTime; // Allocate a time structure.
  207. RulebaseTime = *(gmtime(&RulebaseStat.st_mtime)); // Copy the file time to it as UTC.
  208. char TimestampBfr[20]; // Timestamp buffer.
  209. sprintf(TimestampBfr,"%04d%02d%02d%02d%02d%02d", // Format yyyymmddhhmmss
  210. RulebaseTime.tm_year+1900,
  211. RulebaseTime.tm_mon+1,
  212. RulebaseTime.tm_mday,
  213. RulebaseTime.tm_hour,
  214. RulebaseTime.tm_min,
  215. RulebaseTime.tm_sec
  216. );
  217. t.append(TimestampBfr); // Append the timestamp to t
  218. return t; // and return it to the caller.
  219. }
  220. unsigned long snfNETmgr::ResolveHostIPFromName(const string& N) { // Host name resolution tool.
  221. ScopeMutex OneAtATimePlease(ResolverMutex); // Resolve only one at a time.
  222. unsigned long IP = inet_addr(N.c_str()); // See if it's an IP.
  223. if (INADDR_NONE == IP) { // If it's not an IP resolve it.
  224. hostent* H = gethostbyname(N.c_str()); // Resolve the host.
  225. if (NULL == H) { // If we didn't get a resolution
  226. return INADDR_NONE; // return no address.
  227. } // If we did resolve the address
  228. IP = *((unsigned long*)H->h_addr_list[0]); // get the primary entry.
  229. }
  230. return ntohl(IP); // Return what we got (host order)
  231. }
  232. // The Evolving One Time Pad engine is just slightly better than calling
  233. // rand() with the system time as a seed. However, it does have the advantage
  234. // that in order to guess it's initial state an attacker would need to already
  235. // know the license id and authentication. It also has the advantage that it
  236. // adds small amounts of entropy over time and never really forgets them. For
  237. // example, the exact time between calls to evolvePad is dependent on how long
  238. // it takes to sync which is dependent on how much data there is to report
  239. // which is dependent on the number and size of messages scanned etc... and
  240. // this is also impacted a bit by network performance issues during the sync.
  241. // Sensitivity to this entropy has millisecond resolution. This is a cross-
  242. // platform solution that depends only on our own code ;-)
  243. void snfNETmgr::evolvePad(string Entropy) { // Add entropy and evolve.
  244. ScopeMutex OneAtATimePlease(PadMutex); // Protect the one time pad.
  245. myLOGmgr->Timestamp(Entropy); // Time matters ;-)
  246. for(unsigned int a = 0; a < Entropy.length(); a++) { // Add the entropy to our generator.
  247. PadGenerator.Encrypt(Entropy.at(a));
  248. }
  249. msclock rt = myLOGmgr->RunningTime(); // Get the elapsed running time so far.
  250. unsigned char* rtb = reinterpret_cast<unsigned char*>(&rt); // Convert that long long into bytes.
  251. for(unsigned int a = 0; a < sizeof(msclock); a++) { // Encrypt those bytes one by one
  252. PadGenerator.Encrypt(rtb[a]); // to add more entropy.
  253. }
  254. }
  255. // To get a pad of any length you like, use the OneTimePad()
  256. // Note that we don't assign a value to x before using it! If we get lucky,
  257. // we will get some random value from ram as additional entropy ;-) If we end
  258. // up starting with zero, that's ok too.
  259. PadBuffer snfNETmgr::OneTimePad(int Len) { // Get Len bytes of one time pad.
  260. PadBuffer B; // Start with a buffer.
  261. B.reserve(Len); // Reserve Len bytes.
  262. unsigned char x; // Get an unsigned char, unknown value.
  263. for(int a = 0; a < Len; a++) { // Create Len bytes of pad by evolving
  264. B.push_back(x = PadGenerator.Encrypt(x)); // x through itself and copying the
  265. } // data into the buffer.
  266. return B; // Return the result.
  267. }
  268. // Handshake tries to return the current stored handshake. If it can't then it
  269. // returns a new handshake based on data from the pad generator.
  270. PadBuffer snfNETmgr::Handshake() { // What is the current handshake?
  271. if(CurrentHandshake.size() != SNFHandshakeSize) { // If we don't have one make one!
  272. CurrentHandshake = OneTimePad(SNFHandshakeSize); // Set up a default handshake to use
  273. try { // if we can't remember the real one.
  274. ifstream HSF(HandshakeFilePath.c_str(), ios::binary); // Open the handshake file.
  275. char* bfr = reinterpret_cast<char*>(&CurrentHandshake[0]); // Manufacture a proper pointer.
  276. HSF.read(bfr, SNFHandshakeSize); // Read the data (overwrite the HSB).
  277. HSF.close(); // Close the file.
  278. } catch(...) { } // Ignore any errors.
  279. }
  280. return CurrentHandshake; // Return the buffer.
  281. }
  282. PadBuffer& snfNETmgr::Handshake(PadBuffer& NewHandshake) { // Store a new handshake.
  283. CurrentHandshake = NewHandshake; // Grab the new handshake
  284. try { // then try to store it...
  285. ofstream HSF(HandshakeFilePath.c_str(), ios::binary | ios::trunc); // Open the handshake file.
  286. char* bfr = reinterpret_cast<char*>(&NewHandshake[0]); // Access the raw buffer.
  287. HSF.write(bfr, NewHandshake.size()); // Replace the old handshake
  288. HSF.close(); // close the file.
  289. } catch(...) {} // Ignore errors.
  290. return NewHandshake; // Return what we were given.
  291. }
  292. void snfNETmgr::postUpdateTrigger(string& updateUTC) { // Post an update trigger file.
  293. try { // Safely post an update trigger.
  294. ofstream HSF(UpdateReadyFilePath.c_str(), ios::binary | ios::trunc); // Open/create the trigger file.
  295. char* bfr = reinterpret_cast<char*>(&updateUTC[0]); // Access the raw UTC buffer.
  296. HSF.write(bfr, updateUTC.size()); // Write the update timestamp.
  297. HSF.close(); // close the file.
  298. } catch(...) {} // Ignore errors.
  299. }
  300. // Utility to read a line from a non-blocking TCPHost & check the timeout.
  301. const unsigned int MaxReadLineLength = 1024; // How long a line can be.
  302. string readLineTimeout(TCPHost& S, Timeout& T) { // Read a line from S until T.
  303. Sleeper WaitForMoreData(50); // How long to wait when no data.
  304. string LineBuffer = ""; // Buffer for the line.
  305. while( // Keep going as long as:
  306. false == T.isExpired() && // our timeout has not expired AND
  307. MaxReadLineLength > LineBuffer.length() // we haven't reached our limit.
  308. ) {
  309. char c = 0; // One byte at a time
  310. if(1 == S.receive(&c, sizeof(c))) { // Read from the TCPHost.
  311. LineBuffer.push_back(c); // Push the byte onto the string.
  312. if('\n' == c) break; // If it was a newline we're done!
  313. } else { // If we didn't get any data
  314. WaitForMoreData(); // pause before our next run.
  315. }
  316. }
  317. return LineBuffer; // Always return our buffer.
  318. }
  319. // Utility to write data to a non-blocking TCPHost & check the timeout.
  320. // Some networks can only handle small packets and fragmentation can be a
  321. // problem. Also, on Win* especially, sending small chunks is _MUCH_ more
  322. // reliable than trying to send large buffers all at once. SO - here we break
  323. // down our sending operations into medium sized chunks of data. The underlying
  324. // os can reorganize these chunks as needed for the outgouing stream. If the OS
  325. // needs us to slow down (doesn't send full chunks) then we introduce a small
  326. // delay between chunks to give the channel more time.
  327. const int MaxSendChunkSize = 512; // Size of one chunk in a write.
  328. void sendDataTimeout(TCPHost& S, Timeout& T, char* Bfr, int Len) { // Send and keep track of time.
  329. Sleeper WaitForMoreRoom(15); // Wait to send more data.
  330. int Remaining = Len; // This is how much we have left.
  331. while( // For as long as:
  332. false == T.isExpired() && // We still have time left AND
  333. 0 < Remaining // We still have data left
  334. ) {
  335. int ThisChunkSize = Remaining; // Hope to send it all in one chunk
  336. if(MaxSendChunkSize < ThisChunkSize) ThisChunkSize = MaxSendChunkSize; // but break it down as needed.
  337. int SentThisTime = S.transmit(Bfr, ThisChunkSize); // Send the data. How much went?
  338. Remaining -= SentThisTime; // Calculate how much is left.
  339. Bfr += SentThisTime; // Move our pointer (old school!)
  340. if(ThisChunkSize > SentThisTime) WaitForMoreRoom(); // If some of this chunk didn't go
  341. } // the pause before the next chunk.
  342. }
  343. void sendDataTimeout(TCPHost& S, Timeout& T, string& D) { // Send a string and keep track
  344. sendDataTimeout(S, T, const_cast<char*>(D.c_str()), D.length()); // of time. (Polymorphism is fun)
  345. }
  346. void snfNETmgr::sync() { // Synchronize with central command.
  347. // Keep these things in scope. This is how we roll.
  348. string HostName;
  349. int HostPort;
  350. string Secret;
  351. string Node;
  352. // Grab our configuration data (marchng orders).
  353. if(!isConfigured) return; // If we're not configured, don't!
  354. else {
  355. ScopeMutex GettingConfig(ConfigMutex); // Temporarily lock our config.
  356. HostName = SyncHostName; // We will connect to this host.
  357. HostPort = SyncHostPort; // We will connect to this port.
  358. Secret = SecurityKey; // Get the security key.
  359. Node = License; // Get the Node ID.
  360. }
  361. try { // Lots can go wrong so catch it :-)
  362. // 20080326 _M Blocking sockets tend to lock up so I've refactored this
  363. // code to use non-blocking sockets. This is actually part of the previous
  364. // refactor (TCPWatchdog see below) since without the watchdog there is no
  365. // way to get out of a blocking socket if it's dead.
  366. // 20080325 _M TCPWatchdog is a brute. It doesn't pay attention to thread
  367. // states. A weird bug showed up where the SYNC session seemed to hang and
  368. // the TCPWatchdog was left alive. In the process of hunting down this bug
  369. // I decided to remove the TCPWatchdog and put appropriate timeout checking
  370. // in each of the comms loops instead. So, from now on:
  371. // if(SessionDog.isExpired()) throw SyncFailed("Out Of Time");
  372. const int SyncSessionTimeout = 2 * SYNCTimer.getDuration(); // Timeout is twice poll time.
  373. Timeout SessionDog(SyncSessionTimeout); // Give this long for a session.
  374. // Connect to the sync host.
  375. CurrentThreadState(SYNC_Connect);
  376. SocketAddress SyncHostAddress; // We'll need an address.
  377. SyncHostAddress.setPort(HostPort); // Set the port.
  378. SyncHostAddress.setAddress(ResolveHostIPFromName(HostName)); // Resolve and set the IP.
  379. TCPHost SyncServer(SyncHostAddress); // Set up a host connection.
  380. SyncServer.makeNonBlocking(); // Make the connection non-blocking.
  381. PollTimer WaitForOpen(10, 340); // Expand 10ms to 340ms between tries.
  382. while(!SessionDog.isExpired()) { // Wait & Watch for a good connection.
  383. try { SyncServer.open(); } // Try opening the connection.
  384. catch(exception& e) { // If we get an exception then
  385. string ConnectFailMessage = "snfNETmgr::sync().open() "; // format a useful message about
  386. ConnectFailMessage.append(e.what()); // the error and then throw
  387. throw SyncFailed(ConnectFailMessage); // a SyncFailed exception.
  388. }
  389. if(SyncServer.isOpen()) break; // When successful, let's Go!
  390. else WaitForOpen.pause(); // When not yet successful, pause
  391. } // then try again if we have time.
  392. if(!SyncServer.isOpen()) throw SyncFailed("Connect Timed Out"); // Check our connection.
  393. if(SessionDog.isExpired()) throw SyncFailed("Out Of Time"); // Check our session time.
  394. // Start communicating.
  395. string LineBuffer = ""; // Input Line Buffer.
  396. // Read challenge
  397. CurrentThreadState(SYNC_Read_Challenge);
  398. LineBuffer = readLineTimeout(SyncServer, SessionDog); // Read the challenge line.
  399. snf_sync Challenge(LineBuffer.c_str(), LineBuffer.length()); // Interpret what we read.
  400. if( // Check that it's good...
  401. Challenge.bad() || // A complete packet was read
  402. 0 >= Challenge.snf_sync_challenge_txt.length() // and the challenge is present.
  403. ) throw SyncFailed("sync() Challenge.bad()"); // If not then throw.
  404. if(SessionDog.isExpired()) throw SyncFailed("Out Of Time"); // Check our session time.
  405. // Write response
  406. CurrentThreadState(SYNC_Compute_Response);
  407. from_base64 DecodedChallenge(Challenge.snf_sync_challenge_txt); // Decode the challenge.
  408. //--- Prepare the secret.
  409. MANGLER ResponseGenerator; // Grab a mangler.
  410. for(unsigned int i = 0; i < Secret.length(); i++) // Fill it with the
  411. ResponseGenerator.Encrypt(Secret.at(i)); // security key.
  412. const int ManglerKeyExpansionCount = 1024; // Loop this many to randomize.
  413. for(int x = 0, i = 0; i < ManglerKeyExpansionCount; i++) // For the required number of loops,
  414. x = ResponseGenerator.Encrypt(x); // have Mangler chase it's tail.
  415. //--- Absorb the challenge.
  416. for(unsigned int i = 0; i < DecodedChallenge.size(); i++) // Evolve through the challenge.
  417. ResponseGenerator.Encrypt(DecodedChallenge.at(i));
  418. /*** We now have half of the key for this session ***/
  419. //--- Encrypt our Pad.
  420. PadBuffer NewPad = OneTimePad(); // Grab a new Pad (default size).
  421. base64buffer ResponseBin; // With the key now established,
  422. for(unsigned int i = 0; i < NewPad.size(); i++) // encrypt the one time pad for
  423. ResponseBin.push_back( // transfer.
  424. ResponseGenerator.Encrypt(NewPad[i]));
  425. //--- Encrypt our Handshake.
  426. PadBuffer CurrentHandshake = Handshake(); // Recall the secret handshake.
  427. for(unsigned int i = 0; i < CurrentHandshake.size(); i++) // Encrypt that into the stream.
  428. ResponseBin.push_back(
  429. ResponseGenerator.Encrypt(CurrentHandshake[i]));
  430. //--- Encrypt our Signature.
  431. for(unsigned int x = 0, i = 0; i < SNFSignatureSize; i++) // Generate a hash by having Mangler
  432. ResponseBin.push_back( // chase it's tail for the appropriate
  433. x = ResponseGenerator.Encrypt(x)); // number of bytes.
  434. //--- Encode our response as base64 and send it.
  435. to_base64 ResponseTxt(ResponseBin); // Encode the cyphertext as base64.
  436. string ResponseTxtString; // Create a handy string and place
  437. ResponseTxtString.assign(ResponseTxt.begin(), ResponseTxt.end()); // the base 64 text into it.
  438. string ResponseMsg; // Build an appropriate response
  439. ResponseMsg.append("<snf><sync><response nodeid=\'"); // identifying this node
  440. ResponseMsg.append(Node); // with the license id
  441. ResponseMsg.append("\' text=\'"); // and providing an appropriately
  442. ResponseMsg.append(ResponseTxtString); // mangled response string
  443. ResponseMsg.append("\'/></sync></snf>\n"); // for authentication.
  444. CurrentThreadState(SYNC_Send_Response);
  445. sendDataTimeout(SyncServer, SessionDog, ResponseMsg); // Send the response.
  446. if(SessionDog.isExpired()) throw SyncFailed("Out Of Time"); // Check our session time.
  447. // Read rulebase info or error
  448. CurrentThreadState(SYNC_Read_Availabilty);
  449. LineBuffer = readLineTimeout(SyncServer, SessionDog); // Read the rulebase status line.
  450. snf_sync RulebaseResponse(LineBuffer.c_str(), LineBuffer.length()); // Interpret what we read.
  451. if( // Check that it's good...
  452. RulebaseResponse.bad() // A complete packet was read.
  453. ) throw SyncFailed("sync() Response.bad()"); // If not then throw.
  454. if(0 < RulebaseResponse.snf_sync_error_message.length()) { // If the response was an error
  455. PadBuffer NewNullHandshake; // then we will assume we are out
  456. NewNullHandshake.assign(SNFHandshakeSize, 0); // of sync with the server so we
  457. Handshake(NewNullHandshake); // will set the NULL handshake and
  458. throw SyncFailed("sync() Response error message"); // fail this sync attempt.
  459. }
  460. if(SessionDog.isExpired()) throw SyncFailed("Out Of Time"); // Check our session time.
  461. // Update Handshake
  462. for(int x = 0, i = 0; i < ManglerKeyExpansionCount; i++) // For the required number of loops,
  463. x = ResponseGenerator.Encrypt(x); // have Mangler chase it's tail.
  464. PadBuffer NewHandshake; // Grab a new handshake buffer.
  465. for(unsigned int x = 0, i = 0; i < SNFHandshakeSize; i++) // Create the new handshake as a
  466. NewHandshake.push_back( // mangler hash of the current
  467. x = ResponseGenerator.Encrypt(x)); // key state (proper length of course).
  468. Handshake(NewHandshake); // Save our new handshake to disk.
  469. // Interpret Rulebase Response
  470. myLOGmgr->updateAvailableUTC(RulebaseResponse.snf_sync_rulebase_utc); // Store the latest update UTC.
  471. if(myLOGmgr->isUpdateAvailable()) { // If a new update is read then
  472. postUpdateTrigger(RulebaseResponse.snf_sync_rulebase_utc); // create an update trigger file.
  473. }
  474. // Write our Client reports (multi-line)
  475. CurrentThreadState(SYNC_Send_GBUdb_Alerts);
  476. string ClientReport;
  477. ClientReport.append("<snf><sync><client>\n");
  478. sendDataTimeout(SyncServer, SessionDog, ClientReport);
  479. ClientReport = "";
  480. if(SessionDog.isExpired()) throw SyncFailed("Out Of Time"); // Check our session time.
  481. // Insert our GBUdb Alerts.
  482. list<GBUdbAlert> Alerts; // Make a list of GBUdb Alerts.
  483. myGBUdbmgr->GetAlertsForSync(Alerts); // Get them from our GBUdb.
  484. list<GBUdbAlert>::iterator iA;
  485. for(iA = Alerts.begin(); iA != Alerts.end(); iA++) { // Convert each alert in our list
  486. ClientReport.append((*iA).toXML()); // into XML, follow it up
  487. ClientReport.append("\n"); // with a new line, and send it
  488. }
  489. sendDataTimeout(SyncServer, SessionDog, ClientReport); // Send the Client report data.
  490. ClientReport = ""; // Clear the buffer.
  491. if(SessionDog.isExpired()) throw SyncFailed("Out Of Time"); // Check our session time.
  492. // Send Status Reports - one line at a time.
  493. CurrentThreadState(SYNC_Send_Status_Reports);
  494. /**
  495. *** Instead of splitting up the reports by line we will try sending them
  496. *** all at once using the new sendDataTimeout() function.
  497. ***
  498. if(0 < ReportsBuffer.length()) { // If we have reports - send them.
  499. string DataToSend = getReports(); // Grab a copy and clear the buffer.
  500. int Cursor = 0; // We need a cursor and a length
  501. int Length = 0; // to help us feed this line by line.
  502. while(Cursor < DataToSend.length()) { // While we have more data...
  503. Length = DataToSend.find_first_of('\n', Cursor); // Find the end of the first line.
  504. if(string::npos == Length) break; // If we can't then we're done.
  505. Length = (Length + 1) - Cursor; // If we can, convert that to length.
  506. SyncServer.transmit( // Get and send the line using the
  507. DataToSend.substr(Cursor, Length).c_str(), // substring function.
  508. Length
  509. );
  510. Cursor = Cursor + Length; // Move the cursor for the next line.
  511. if(SessionDog.isExpired()) throw SyncFailed("Out Of Time"); // Check our session time.
  512. }
  513. }
  514. **/
  515. if(0 < ReportsBuffer.length()) { // If we have reports to send
  516. string DataToSend = getReports(); // get (and clear) the reports and
  517. sendDataTimeout(SyncServer, SessionDog, DataToSend); // send them (mindful of timeout).
  518. }
  519. if(SessionDog.isExpired()) throw SyncFailed("Out Of Time"); // Check our session time.
  520. // Send Samples - one line at a time.
  521. CurrentThreadState(SYNC_Send_Samples);
  522. /***
  523. if(0 < SamplesBuffer.length()) {
  524. string DataToSend = getSamples();
  525. int Cursor = 0; // We need a cursor and a length
  526. int Length = 0; // to help us feed this line by line.
  527. while(Cursor < DataToSend.length()) { // While we have more data...
  528. Length = DataToSend.find_first_of('\n', Cursor); // Find the end of the first line.
  529. if(string::npos == Length) break; // If we can't then we're done.
  530. Length = (Length + 1) - Cursor; // If we can, convert that to length.
  531. SyncServer.transmit( // Get and send the line using the
  532. DataToSend.substr(Cursor, Length).c_str(), // substring function.
  533. Length
  534. );
  535. Cursor = Cursor + Length; // Move the cursor for the next line.
  536. if(SessionDog.isExpired()) throw SyncFailed("Out Of Time"); // Check our session time.
  537. }
  538. }
  539. ***/
  540. if(0 < SamplesBuffer.length()) { // If we have samples to send
  541. string DataToSend = getSamples(); // get (and clear) the samples and
  542. sendDataTimeout(SyncServer, SessionDog, DataToSend); // send them (mindful of timeout).
  543. }
  544. if(SessionDog.isExpired()) throw SyncFailed("Out Of Time"); // Check our session time.
  545. // Terminate the client messages.
  546. CurrentThreadState(SYNC_Send_End_Of_Report);
  547. ClientReport.append("</client></sync></snf>\n");
  548. sendDataTimeout(SyncServer, SessionDog, ClientReport); // Send the Client report.
  549. if(SessionDog.isExpired()) throw SyncFailed("Out Of Time"); // Check our session time.
  550. // Read the Server response (multi-line)
  551. CurrentThreadState(SYNC_Read_Server_Response);
  552. string ServerResponse;
  553. string ResponseLine;
  554. while(string::npos == ResponseLine.find("</snf>\n")) { // Until we find the ending...
  555. ResponseLine = readLineTimeout(SyncServer, SessionDog); // Read a line.
  556. if(0 >= ResponseLine.length()) { // If we get an empty line
  557. throw SyncFailed("sync() server response empty line"); // then it's an error.
  558. }
  559. ServerResponse.append(ResponseLine); // Append the line.
  560. if(SessionDog.isExpired()) throw SyncFailed("Out Of Time"); // Check our session time.
  561. }
  562. snf_sync ServerMessages(
  563. ServerResponse.c_str(), ServerResponse.length()); // Interpret what we read.
  564. if( // Check that it's good...
  565. ServerMessages.bad() // A complete packet was read.
  566. ) throw SyncFailed("sync() ServerMessages.bad()"); // If not then throw.
  567. // At this point we should have a good Server response.
  568. CurrentThreadState(SYNC_Close_Connection);
  569. SyncServer.close(); // Close the connection.
  570. evolvePad(Challenge.snf_sync_challenge_txt); // Use this event for more entropy.
  571. // Import any GBUdb reflections.
  572. CurrentThreadState(SYNC_Parse_GBUdb_Reflections);
  573. if(0 < ServerMessages.ServerGBUAlertHandler.AlertList.size()) { // If we have received reflections
  574. myGBUdbmgr->ProcessReflections( // then process them through our
  575. ServerMessages.ServerGBUAlertHandler.AlertList // GBUdb.
  576. );
  577. }
  578. /*** On Sync Override set sync timer to override time. If no override
  579. **** then be sure to reset the timer to the current CFG value if it
  580. **** is not already there. Also, if sync override is not engaged then
  581. **** be sure the overrid flag is set to -1 indicating it is off.
  582. **** Configure() code assumes we are handling the override sync timer
  583. **** functions this way.
  584. ***/
  585. // Assign the SyncSecsOverride with the value we retrieved. It will
  586. // either be a seconds value, or a -1 indicating it was absent from
  587. // the server message.
  588. SyncSecsOverride = ServerMessages.snf_sync_server_resync_secs; // What was the SyncOverride?
  589. const int SecsAsms = 1000; // Multiplier - seconds to milliseconds.
  590. if(0 > SyncSecsOverride) { // If the sync timer IS NOT in override,
  591. if(SYNCTimer.getDuration() != SecsAsMSecs(SyncSecsConfigured)) { // And the config time is different than
  592. SYNCTimer.setDuration(SyncSecsConfigured * SecsAsms); // the timer's current setting then set
  593. } // the timer to the new value.
  594. } else { // If the sync timer IS in override now,
  595. if(SYNCTimer.getDuration() != SecsAsMSecs(SyncSecsOverride)) { // and the override is different than the
  596. SYNCTimer.setDuration(SecsAsMSecs(SyncSecsOverride)); // current setting then override the setting
  597. } // with the new value.
  598. }
  599. // All done
  600. CurrentThreadState(SYNC_Log_Event);
  601. (*myLOGmgr).RecordSyncEvent(); // Finished that -- so log the event.
  602. }
  603. catch (exception& e) { // SYNC Failed and we know more.
  604. const int snf_UNKNOWN_ERROR = 99; // Report an error (unknown code)
  605. string ERROR_SYNC_FAILEDmsg = CurrentThreadState().Name; // Format a useful state message.
  606. ERROR_SYNC_FAILEDmsg.append(": ");
  607. ERROR_SYNC_FAILEDmsg.append(e.what());
  608. (*myLOGmgr).logThisError( // Log the error (if possible)
  609. "SNF_NETWORK", snf_UNKNOWN_ERROR, ERROR_SYNC_FAILEDmsg
  610. );
  611. }
  612. catch (...) { // SYNC Failed if we're here.
  613. const int snf_UNKNOWN_ERROR = 99; // Report an error (unknown code)
  614. string ERROR_SYNC_FAILEDmsg = CurrentThreadState().Name; // Format a useful state message.
  615. ERROR_SYNC_FAILEDmsg.append(": Panic!");
  616. (*myLOGmgr).logThisError( // Log the error (if possible)
  617. "SNF_NETWORK", snf_UNKNOWN_ERROR, ERROR_SYNC_FAILEDmsg
  618. );
  619. }
  620. }