You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

преди 4 години
преди 4 години
преди 4 години
преди 4 години
преди 4 години
преди 4 години
преди 4 години
преди 4 години
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785
  1. // snfNETmgr.cpp
  2. //
  3. // (C) Copyright 2006 - 2009 ARM Research Labs, LLC
  4. // See www.armresearch.com for the copyright terms.
  5. //
  6. // See snfNETmgr.hpp for details.
  7. #include <sys/types.h>
  8. #include <sys/stat.h>
  9. #include <ctime>
  10. #include <cstring>
  11. #include <string>
  12. #include <vector>
  13. #include <fstream>
  14. #include <sstream>
  15. #include "snfNETmgr.hpp"
  16. #include "snf_sync.hpp"
  17. #include "../CodeDweller/mangler.hpp"
  18. #include "../CodeDweller/base64codec.hpp"
  19. // #include "tcp_watchdog.hpp" No longer using TCPWatchdog -- see below _M
  20. using namespace std;
  21. ///// utilities ////////////////////////////////////////////////////////////////
  22. const int MSecsInSecs = 1000; // Multiplier - seconds to milliseconds.
  23. unsigned long long int SecsAsMSecs(unsigned int Secs) {
  24. return (MSecsInSecs * Secs);
  25. }
  26. //// snfNETmgr /////////////////////////////////////////////////////////////////
  27. const ThreadType snfNETmgr::Type("snfNETManager"); // The thread's type.
  28. const ThreadState snfNETmgr::Sleeping("Sleeping"); // Taking a break.
  29. const ThreadState snfNETmgr::SYNC_Connect("Connecting"); // Connecting to SYNC server.
  30. const ThreadState snfNETmgr::SYNC_Read_Challenge("Reading challenge"); // Reading challenge.
  31. const ThreadState snfNETmgr::SYNC_Compute_Response("Computing crypto"); // Computing crypto response.
  32. const ThreadState snfNETmgr::SYNC_Send_Response("Sending crypto"); // Sending crypto response.
  33. const ThreadState snfNETmgr::SYNC_Read_Availabilty("Reading Availability"); // Reading rulebase status.
  34. const ThreadState snfNETmgr::SYNC_Send_GBUdb_Alerts("Sending GBUdb"); // Sending GBUdb alerts.
  35. const ThreadState snfNETmgr::SYNC_Send_Status_Reports("Sending Status"); // Sending status reports.
  36. const ThreadState snfNETmgr::SYNC_Send_Samples("Sending Samples"); // Sending message samples.
  37. const ThreadState snfNETmgr::SYNC_Send_End_Of_Report("Sending End"); // Sending end of client data.
  38. const ThreadState snfNETmgr::SYNC_Read_Server_Response("Reading Server"); // Reading server data.
  39. const ThreadState snfNETmgr::SYNC_Close_Connection("Closing Connection"); // Closing connection.
  40. const ThreadState snfNETmgr::SYNC_Parse_GBUdb_Reflections("Parsing GBUdb"); // Parsing GBUdb reflections.
  41. const ThreadState snfNETmgr::SYNC_Log_Event("Logging SYNC"); // Logging SYNC event.
  42. snfNETmgr::snfNETmgr() : // Starting up the NETmgr
  43. Thread(snfNETmgr::Type, "NET Manager"), // Network manager and Name.
  44. myLOGmgr(NULL), // No LOGmgr yet.
  45. isTimeToStop(false), // Not time to stop yet.
  46. isConfigured(false), // Not configured yet.
  47. SYNCTimer(30000), // Sync every 30 secs by default.
  48. SyncSecsOverride(-1) { // Override is -1 (off) by default.
  49. run(); // Run the thread.
  50. }
  51. snfNETmgr::~snfNETmgr() { // On descruction, NETmgr must
  52. stop(); // Stop it's thread (if not already)
  53. myLOGmgr = NULL; // Clear out the LOGmgr hookup
  54. isConfigured = false; // and the configured flag.
  55. }
  56. void snfNETmgr::stop() { // The stop method...
  57. if(!isTimeToStop) { // only does it's work once:
  58. isTimeToStop = true; // tells it's thread to stop
  59. join(); // and waits for it to shut down.
  60. }
  61. }
  62. void snfNETmgr::myTask() { // Here's the thread task.
  63. Sleeper WaitASecond(1000); // Heartbeat timer.
  64. while(false == isTimeToStop) { // Until it's time to stop,
  65. CurrentThreadState(Sleeping); // post our status,
  66. WaitASecond(); // pause for a second,
  67. if(isConfigured) { // then poll our tasks.
  68. // Do stuff here that requires configuration data.
  69. if(SYNCTimer.isExpired()) { sync(); SYNCTimer.restart(); } // If it's time to sync - do it :-)
  70. }
  71. }
  72. }
  73. void snfNETmgr::linkLOGmgr(snfLOGmgr& L) { // Set the LOGmgr.
  74. myLOGmgr = &L;
  75. }
  76. void snfNETmgr::linkGBUdbmgr(snfGBUdbmgr& G) { // Set the GBUdbmgr.
  77. myGBUdbmgr = &G;
  78. }
  79. // In theory, configure will get called each time the rulebase manager loads
  80. // a new configuration / rulebase. The configure() method updates the bits of
  81. // NETmgr that run background tasks. Live-Data tasks pass their grab()bed
  82. // CFGData object in order to maintain self-consistency.
  83. void snfNETmgr::configure(snfCFGData& CFGData) { // Update the configuration.
  84. ScopeMutex CFGDataExchange(ConfigMutex); // Lock the config data during updates.
  85. // Update the internal config data from CFGData while we are locked.
  86. // Internal functions which depend on this data will lock the object,
  87. // grab the bits they depend upon for that pass, and then unlock.
  88. RulebaseFilePath = CFGData.RuleFilePath; // Where we can find our rulebase?
  89. SyncHostName = CFGData.network_sync_host; // Where do we connect to sync?
  90. SyncHostPort = CFGData.network_sync_port; // What port do we use to sync?
  91. HandshakeFilePath = CFGData.paths_workspace_path + ".handshake"; // Where we store our handshake.
  92. UpdateReadyFilePath = CFGData.paths_workspace_path + "UpdateReady.txt"; // Where we put update trigger files.
  93. SyncSecsConfigured = CFGData.network_sync_secs; // Capture the configured sync time.
  94. if(0 > SyncSecsOverride) { // If the sync timer isn't in override,
  95. if(SYNCTimer.getDuration() != SecsAsMSecs(SyncSecsConfigured)) { // And the config time is different than
  96. SYNCTimer.setDuration(SecsAsMSecs(SyncSecsConfigured)); // the timer's current setting then set
  97. } // the timer to the new value.
  98. } // If we are in override, timer is set.
  99. License = CFGData.node_licenseid; // Capture our node id (license id).
  100. SecurityKey = CFGData.SecurityKey; // Capture our security key.
  101. evolvePad(CFGData.SecurityKey); // Seed our Pad generator with it.
  102. // Safety check before turning this on ;-)
  103. if(
  104. NULL != myLOGmgr &&
  105. NULL != myGBUdbmgr
  106. ) { // If we are properly linked then
  107. isConfigured = true; // at this point we are configured!
  108. }
  109. }
  110. void snfNETmgr::sendSample( // Send a sampled message...
  111. snfCFGData& CFGData, // Use this configuration,
  112. snfScanData& ScanData, // Include this scan data,
  113. const unsigned char* MessageBuffer, // This is the message itself
  114. int MessageLength // and it is this size.
  115. ) {
  116. string TimeStamp; (*myLOGmgr).Timestamp(TimeStamp); // Grab a timestamp.
  117. ostringstream XML; // Make formatting easier with this.
  118. //-- <sample...>
  119. XML << "<sample node=\'" << CFGData.node_licenseid << "\' "
  120. << "time=\'" << TimeStamp << "\' "
  121. << "result=\'" << ScanData.CompositeFinalResult << "\'>" << endl;
  122. //-- <ip...>
  123. XML << "<ip range=\'";
  124. string IPRange;
  125. switch(ScanData.SourceIPRange()) {
  126. case Unknown: { IPRange = "Unknown"; break; } // Unknown - not defined.
  127. case White: { IPRange = "White"; break; } // This is a good guy.
  128. case Normal: { IPRange = "Normal"; break; } // Benefit of the doubt.
  129. case New: { IPRange = "New"; break; } // It is new to us.
  130. case Caution: { IPRange = "Caution"; break; } // This is suspicious.
  131. case Black: { IPRange = "Black"; break; } // This is bad.
  132. case Truncate: { IPRange = "Truncate"; break; } // Don't even bother looking.
  133. }
  134. SocketAddress IP;
  135. IP.setAddress(ScanData.SourceIPRecord().IP);
  136. XML << IPRange << "\' ip=\'" << (string) IP4Address(IP.getAddress()) << "\' t=\'";
  137. string IPType;
  138. switch(ScanData.SourceIPRecord().GBUdbData.Flag()) {
  139. case Good: { IPType = "Good"; break; }
  140. case Bad: { IPType = "Bad"; break; }
  141. case Ugly: { IPType = "Ugly"; break; }
  142. case Ignore: { IPType = "Ignore"; break; }
  143. }
  144. XML << IPType << "\' b=\'" << ScanData.SourceIPRecord().GBUdbData.Bad()
  145. << "\' g=\'" << ScanData.SourceIPRecord().GBUdbData.Good()
  146. << "\'/>" << endl;
  147. //-- <match...> as many as needed
  148. if(0 < ScanData.MatchRecords.size()) { // If we have match records - emit them.
  149. list<snf_match>::iterator iM; // Grab an iterator.
  150. for( // Emit each snf_match entry.
  151. iM = ScanData.MatchRecords.begin();
  152. iM != ScanData.MatchRecords.end();
  153. iM++) {
  154. XML << "<match r=\'" << (*iM).ruleid << "\' "
  155. << "g=\'" << (*iM).symbol << "\' "
  156. << "i=\'" << (*iM).index << "\' "
  157. << "e=\'" << (*iM).endex << "\' "
  158. << "f=\'" << (*iM).flag << "\'/>";
  159. }
  160. }
  161. //-- <msg...>
  162. XML << "<msg size=\'" << ScanData.ScanSize << "'>" << endl; // Starting with the msg element.
  163. to_base64 EncodedMessageData(
  164. reinterpret_cast<const char*>(MessageBuffer), MessageLength); // Encode the message to base64.
  165. const int SampleLineLength = 64; // 64 bytes per line is good.
  166. for(int i = 0; i < MessageLength;) { // Now we break it into lines
  167. for(int l = 0; l < SampleLineLength && i < MessageLength; l++, i++) { // that are a reasonable length.
  168. XML << EncodedMessageData.at(i); // Emit one character at a time...
  169. } // At the end of a reasonable
  170. XML << endl; // length we terminate the line.
  171. }
  172. XML << "</msg>" << endl; // End of the <msg> element.
  173. //-- done with the sample!
  174. XML << "</sample>" << endl;
  175. // Last thing we do is post the formatted string to the buffer.
  176. const unsigned int SampleSafetyLimit = 100000; // 100 Kbyte limit on samples.
  177. ScopeMutex DoNotDisturb(myMutex); // Don't bug me man I'm busy.
  178. if(SampleSafetyLimit < SamplesBuffer.length()) // If the samples buffer is full
  179. SamplesBuffer.clear(); // clear it before adding more.
  180. SamplesBuffer.append(XML.str()); // Append the XML to the buffer.
  181. }
  182. string snfNETmgr::getSamples() { // Synchronized way to get Samples.
  183. ScopeMutex DoNotDisturb(myMutex); // Lock the mutex to protect our work.
  184. string SamplesBatch = SamplesBuffer; // Copy the samples to a new string.
  185. SamplesBuffer.clear(); // Clear the samples buffer.
  186. return SamplesBatch; // Return a batch of Samples.
  187. }
  188. void snfNETmgr::sendReport(const string& S) { // How to send a status report.
  189. const unsigned int ReportSafetyLimit = 100000; // 100 Kbytes limit on reports.
  190. ScopeMutex DoNotDisturb(myMutex); // Lock the mutex for a moment.
  191. if(ReportSafetyLimit < ReportsBuffer.length()) // If the reports buffer is full
  192. ReportsBuffer.clear(); // clear it before adding more.
  193. ReportsBuffer.append(S); // Append the report.
  194. }
  195. string snfNETmgr::getReports() { // Synchronized way to get Reports.
  196. ScopeMutex DoNotDisturb(myMutex); // Lock the mutex to protect our work.
  197. string ReportsBatch = ReportsBuffer; // Copy the reports to a new string.
  198. ReportsBuffer.clear(); // Clear the reports buffer.
  199. return ReportsBatch; // Return a batch of Reports.
  200. }
  201. RuntimeCheck RulebaseUTCGoodTimestampLength("SNFNetmgr.cpp:RulebaseUTC snprintf(...) == CorrectTimestampLength");
  202. string& snfNETmgr::RulebaseUTC(string& t) { // Gets local rulebase file UTC.
  203. struct stat RulebaseStat; // First we need a stat buffer.
  204. if(0 != stat(RulebaseFilePath.c_str(), &RulebaseStat)) { // If we can't get the stat we
  205. t.append("000000000000"); return t; // will return 000000000000 to
  206. } // make sure we should get the file.
  207. struct tm RulebaseTime; // Allocate a time structure.
  208. RulebaseTime = *(gmtime(&RulebaseStat.st_mtime)); // Copy the file time to it as UTC.
  209. char TimestampBfr[16]; // Timestamp buffer.
  210. size_t l = snprintf( // Format yyyymmddhhmmss
  211. TimestampBfr, sizeof(TimestampBfr),
  212. "%04d%02d%02d%02d%02d%02d",
  213. RulebaseTime.tm_year+1900,
  214. RulebaseTime.tm_mon+1,
  215. RulebaseTime.tm_mday,
  216. RulebaseTime.tm_hour,
  217. RulebaseTime.tm_min,
  218. RulebaseTime.tm_sec
  219. );
  220. const size_t CorrectTimestampLength = 4+2+2+2+2+2;
  221. RulebaseUTCGoodTimestampLength(l == CorrectTimestampLength);
  222. t.append(TimestampBfr); // Append the timestamp to t
  223. return t; // and return it to the caller.
  224. }
  225. unsigned long snfNETmgr::ResolveHostIPFromName(const string& N) { // Host name resolution tool.
  226. ScopeMutex OneAtATimePlease(ResolverMutex); // Resolve only one at a time.
  227. unsigned long IP = inet_addr(N.c_str()); // See if it's an IP.
  228. if (INADDR_NONE == IP) { // If it's not an IP resolve it.
  229. hostent* H = gethostbyname(N.c_str()); // Resolve the host.
  230. if (NULL == H) { // If we didn't get a resolution
  231. return INADDR_NONE; // return no address.
  232. } // If we did resolve the address
  233. IP = *((unsigned long*)H->h_addr_list[0]); // get the primary entry.
  234. }
  235. return ntohl(IP); // Return what we got (host order)
  236. }
  237. // The Evolving One Time Pad engine is just slightly better than calling
  238. // rand() with the system time as a seed. However, it does have the advantage
  239. // that in order to guess it's initial state an attacker would need to already
  240. // know the license id and authentication. It also has the advantage that it
  241. // adds small amounts of entropy over time and never really forgets them. For
  242. // example, the exact time between calls to evolvePad is dependent on how long
  243. // it takes to sync which is dependent on how much data there is to report
  244. // which is dependent on the number and size of messages scanned etc... and
  245. // this is also impacted a bit by network performance issues during the sync.
  246. // Sensitivity to this entropy has millisecond resolution. This is a cross-
  247. // platform solution that depends only on our own code ;-)
  248. void snfNETmgr::evolvePad(string Entropy) { // Add entropy and evolve.
  249. ScopeMutex OneAtATimePlease(PadMutex); // Protect the one time pad.
  250. myLOGmgr->Timestamp(Entropy); // Time matters ;-)
  251. for(unsigned int a = 0; a < Entropy.length(); a++) { // Add the entropy to our generator.
  252. PadGenerator.Encrypt(Entropy.at(a));
  253. }
  254. msclock rt = myLOGmgr->RunningTime(); // Get the elapsed running time so far.
  255. unsigned char* rtb = reinterpret_cast<unsigned char*>(&rt); // Convert that long long into bytes.
  256. for(unsigned int a = 0; a < sizeof(msclock); a++) { // Encrypt those bytes one by one
  257. PadGenerator.Encrypt(rtb[a]); // to add more entropy.
  258. }
  259. }
  260. // To get a pad of any length you like, use the OneTimePad()
  261. // Note that we don't assign a value to x before using it! If we get lucky,
  262. // we will get some random value from ram as additional entropy ;-) If we end
  263. // up starting with zero, that's ok too.
  264. PadBuffer snfNETmgr::OneTimePad(int Len) { // Get Len bytes of one time pad.
  265. PadBuffer B; // Start with a buffer.
  266. B.reserve(Len); // Reserve Len bytes.
  267. unsigned char x = PadGenerator.Encrypt(0); // Get an unexposed byte to start with.
  268. for(int a = 0; a < Len; a++) { // Create Len bytes of pad by evolving
  269. B.push_back(x = PadGenerator.Encrypt(x)); // x through itself and copying the
  270. } // data into the buffer.
  271. return B; // Return the result.
  272. }
  273. // Handshake tries to return the current stored handshake. If it can't then it
  274. // returns a new handshake based on data from the pad generator.
  275. PadBuffer snfNETmgr::Handshake() { // What is the current handshake?
  276. if(CurrentHandshake.size() != SNFHandshakeSize) { // If we don't have one make one!
  277. CurrentHandshake = OneTimePad(SNFHandshakeSize); // Set up a default handshake to use
  278. try { // if we can't remember the real one.
  279. ifstream HSF(HandshakeFilePath.c_str(), ios::binary); // Open the handshake file.
  280. char* bfr = reinterpret_cast<char*>(&CurrentHandshake[0]); // Manufacture a proper pointer.
  281. HSF.read(bfr, SNFHandshakeSize); // Read the data (overwrite the HSB).
  282. HSF.close(); // Close the file.
  283. } catch(...) { } // Ignore any errors.
  284. }
  285. return CurrentHandshake; // Return the buffer.
  286. }
  287. PadBuffer& snfNETmgr::Handshake(PadBuffer& NewHandshake) { // Store a new handshake.
  288. CurrentHandshake = NewHandshake; // Grab the new handshake
  289. try { // then try to store it...
  290. ofstream HSF(HandshakeFilePath.c_str(), ios::binary | ios::trunc); // Open the handshake file.
  291. char* bfr = reinterpret_cast<char*>(&NewHandshake[0]); // Access the raw buffer.
  292. HSF.write(bfr, NewHandshake.size()); // Replace the old handshake
  293. HSF.close(); // close the file.
  294. } catch(...) {} // Ignore errors.
  295. return NewHandshake; // Return what we were given.
  296. }
  297. void snfNETmgr::postUpdateTrigger(string& updateUTC) { // Post an update trigger file.
  298. try { // Safely post an update trigger.
  299. ofstream HSF(UpdateReadyFilePath.c_str(), ios::binary | ios::trunc); // Open/create the trigger file.
  300. char* bfr = reinterpret_cast<char*>(&updateUTC[0]); // Access the raw UTC buffer.
  301. HSF.write(bfr, updateUTC.size()); // Write the update timestamp.
  302. HSF.close(); // close the file.
  303. } catch(...) {} // Ignore errors.
  304. }
  305. // Utility to read a line from a non-blocking TCPHost & check the timeout.
  306. const unsigned int MaxReadLineLength = 1024; // How long a line can be.
  307. string readLineTimeout(TCPHost& S, Timeout& T) { // Read a line from S until T.
  308. Sleeper WaitForMoreData(50); // How long to wait when no data.
  309. string LineBuffer = ""; // Buffer for the line.
  310. while( // Keep going as long as:
  311. false == T.isExpired() && // our timeout has not expired AND
  312. MaxReadLineLength > LineBuffer.length() // we haven't reached our limit.
  313. ) {
  314. char c = 0; // One byte at a time
  315. if(1 == S.receive(&c, sizeof(c))) { // Read from the TCPHost.
  316. LineBuffer.push_back(c); // Push the byte onto the string.
  317. if('\n' == c) break; // If it was a newline we're done!
  318. } else { // If we didn't get any data
  319. WaitForMoreData(); // pause before our next run.
  320. }
  321. }
  322. return LineBuffer; // Always return our buffer.
  323. }
  324. // Utility to write data to a non-blocking TCPHost & check the timeout.
  325. // Some networks can only handle small packets and fragmentation can be a
  326. // problem. Also, on Win* especially, sending small chunks is _MUCH_ more
  327. // reliable than trying to send large buffers all at once. SO - here we break
  328. // down our sending operations into medium sized chunks of data. The underlying
  329. // os can reorganize these chunks as needed for the outgouing stream. If the OS
  330. // needs us to slow down (doesn't send full chunks) then we introduce a small
  331. // delay between chunks to give the channel more time.
  332. const int MaxSendChunkSize = 512; // Size of one chunk in a write.
  333. void sendDataTimeout(TCPHost& S, Timeout& T, char* Bfr, int Len) { // Send and keep track of time.
  334. Sleeper WaitForMoreRoom(15); // Wait to send more data.
  335. int Remaining = Len; // This is how much we have left.
  336. while( // For as long as:
  337. false == T.isExpired() && // We still have time left AND
  338. 0 < Remaining // We still have data left
  339. ) {
  340. int ThisChunkSize = Remaining; // Hope to send it all in one chunk
  341. if(MaxSendChunkSize < ThisChunkSize) ThisChunkSize = MaxSendChunkSize; // but break it down as needed.
  342. int SentThisTime = S.transmit(Bfr, ThisChunkSize); // Send the data. How much went?
  343. Remaining -= SentThisTime; // Calculate how much is left.
  344. Bfr += SentThisTime; // Move our pointer (old school!)
  345. if(ThisChunkSize > SentThisTime) WaitForMoreRoom(); // If some of this chunk didn't go
  346. } // the pause before the next chunk.
  347. }
  348. void sendDataTimeout(TCPHost& S, Timeout& T, string& D) { // Send a string and keep track
  349. sendDataTimeout(S, T, const_cast<char*>(D.c_str()), D.length()); // of time. (Polymorphism is fun)
  350. }
  351. void snfNETmgr::sync() { // Synchronize with central command.
  352. // Keep these things in scope. This is how we roll.
  353. string HostName;
  354. int HostPort;
  355. string Secret;
  356. string Node;
  357. // Grab our configuration data (marchng orders).
  358. if(!isConfigured) return; // If we're not configured, don't!
  359. else {
  360. ScopeMutex GettingConfig(ConfigMutex); // Temporarily lock our config.
  361. HostName = SyncHostName; // We will connect to this host.
  362. HostPort = SyncHostPort; // We will connect to this port.
  363. Secret = SecurityKey; // Get the security key.
  364. Node = License; // Get the Node ID.
  365. }
  366. try { // Lots can go wrong so catch it :-)
  367. // 20080326 _M Blocking sockets tend to lock up so I've refactored this
  368. // code to use non-blocking sockets. This is actually part of the previous
  369. // refactor (TCPWatchdog see below) since without the watchdog there is no
  370. // way to get out of a blocking socket if it's dead.
  371. // 20080325 _M TCPWatchdog is a brute. It doesn't pay attention to thread
  372. // states. A weird bug showed up where the SYNC session seemed to hang and
  373. // the TCPWatchdog was left alive. In the process of hunting down this bug
  374. // I decided to remove the TCPWatchdog and put appropriate timeout checking
  375. // in each of the comms loops instead. So, from now on:
  376. // if(SessionDog.isExpired()) throw SyncFailed("Out Of Time");
  377. const int SyncSessionTimeout = 2 * SYNCTimer.getDuration(); // Timeout is twice poll time.
  378. Timeout SessionDog(SyncSessionTimeout); // Give this long for a session.
  379. // Connect to the sync host.
  380. CurrentThreadState(SYNC_Connect);
  381. SocketAddress SyncHostAddress; // We'll need an address.
  382. SyncHostAddress.setPort(HostPort); // Set the port.
  383. SyncHostAddress.setAddress(ResolveHostIPFromName(HostName)); // Resolve and set the IP.
  384. TCPHost SyncServer(SyncHostAddress); // Set up a host connection.
  385. SyncServer.makeNonBlocking(); // Make the connection non-blocking.
  386. PollTimer WaitForOpen(10, 340); // Expand 10ms to 340ms between tries.
  387. while(!SessionDog.isExpired()) { // Wait & Watch for a good connection.
  388. try { SyncServer.open(); } // Try opening the connection.
  389. catch(exception& e) { // If we get an exception then
  390. string ConnectFailMessage = "snfNETmgr::sync().open() "; // format a useful message about
  391. ConnectFailMessage.append(e.what()); // the error and then throw
  392. throw SyncFailed(ConnectFailMessage); // a SyncFailed exception.
  393. }
  394. if(SyncServer.isOpen()) break; // When successful, let's Go!
  395. else WaitForOpen.pause(); // When not yet successful, pause
  396. } // then try again if we have time.
  397. if(!SyncServer.isOpen()) throw SyncFailed("Connect Timed Out"); // Check our connection.
  398. if(SessionDog.isExpired()) throw SyncFailed("Out Of Time"); // Check our session time.
  399. // Start communicating.
  400. string LineBuffer = ""; // Input Line Buffer.
  401. // Read challenge
  402. CurrentThreadState(SYNC_Read_Challenge);
  403. LineBuffer = readLineTimeout(SyncServer, SessionDog); // Read the challenge line.
  404. snf_sync Challenge(LineBuffer.c_str(), LineBuffer.length()); // Interpret what we read.
  405. if( // Check that it's good...
  406. Challenge.bad() || // A complete packet was read
  407. 0 >= Challenge.snf_sync_challenge_txt.length() // and the challenge is present.
  408. ) throw SyncFailed("sync() Challenge.bad()"); // If not then throw.
  409. if(SessionDog.isExpired()) throw SyncFailed("Out Of Time"); // Check our session time.
  410. // Write response
  411. CurrentThreadState(SYNC_Compute_Response);
  412. from_base64 DecodedChallenge(Challenge.snf_sync_challenge_txt); // Decode the challenge.
  413. //--- Prepare the secret.
  414. MANGLER ResponseGenerator; // Grab a mangler.
  415. for(unsigned int i = 0; i < Secret.length(); i++) // Fill it with the
  416. ResponseGenerator.Encrypt(Secret.at(i)); // security key.
  417. const int ManglerKeyExpansionCount = 1024; // Loop this many to randomize.
  418. for(int x = 0, i = 0; i < ManglerKeyExpansionCount; i++) // For the required number of loops,
  419. x = ResponseGenerator.Encrypt(x); // have Mangler chase it's tail.
  420. //--- Absorb the challenge.
  421. for(unsigned int i = 0; i < DecodedChallenge.size(); i++) // Evolve through the challenge.
  422. ResponseGenerator.Encrypt(DecodedChallenge.at(i));
  423. /*** We now have half of the key for this session ***/
  424. //--- Encrypt our Pad.
  425. PadBuffer NewPad = OneTimePad(); // Grab a new Pad (default size).
  426. base64buffer ResponseBin; // With the key now established,
  427. for(unsigned int i = 0; i < NewPad.size(); i++) // encrypt the one time pad for
  428. ResponseBin.push_back( // transfer.
  429. ResponseGenerator.Encrypt(NewPad[i]));
  430. //--- Encrypt our Handshake.
  431. PadBuffer CurrentHandshake = Handshake(); // Recall the secret handshake.
  432. for(unsigned int i = 0; i < CurrentHandshake.size(); i++) // Encrypt that into the stream.
  433. ResponseBin.push_back(
  434. ResponseGenerator.Encrypt(CurrentHandshake[i]));
  435. //--- Encrypt our Signature.
  436. for(unsigned int x = 0, i = 0; i < SNFSignatureSize; i++) // Generate a hash by having Mangler
  437. ResponseBin.push_back( // chase it's tail for the appropriate
  438. x = ResponseGenerator.Encrypt(x)); // number of bytes.
  439. //--- Encode our response as base64 and send it.
  440. to_base64 ResponseTxt(ResponseBin); // Encode the cyphertext as base64.
  441. string ResponseTxtString; // Create a handy string and place
  442. ResponseTxtString.assign(ResponseTxt.begin(), ResponseTxt.end()); // the base 64 text into it.
  443. string ResponseMsg; // Build an appropriate response
  444. ResponseMsg.append("<snf><sync><response nodeid=\'"); // identifying this node
  445. ResponseMsg.append(Node); // with the license id
  446. ResponseMsg.append("\' text=\'"); // and providing an appropriately
  447. ResponseMsg.append(ResponseTxtString); // mangled response string
  448. ResponseMsg.append("\'/></sync></snf>\n"); // for authentication.
  449. CurrentThreadState(SYNC_Send_Response);
  450. sendDataTimeout(SyncServer, SessionDog, ResponseMsg); // Send the response.
  451. if(SessionDog.isExpired()) throw SyncFailed("Out Of Time"); // Check our session time.
  452. // Read rulebase info or error
  453. CurrentThreadState(SYNC_Read_Availabilty);
  454. LineBuffer = readLineTimeout(SyncServer, SessionDog); // Read the rulebase status line.
  455. snf_sync RulebaseResponse(LineBuffer.c_str(), LineBuffer.length()); // Interpret what we read.
  456. if( // Check that it's good...
  457. RulebaseResponse.bad() // A complete packet was read.
  458. ) throw SyncFailed("sync() Response.bad()"); // If not then throw.
  459. if(0 < RulebaseResponse.snf_sync_error_message.length()) { // If the response was an error
  460. PadBuffer NewNullHandshake; // then we will assume we are out
  461. NewNullHandshake.assign(SNFHandshakeSize, 0); // of sync with the server so we
  462. Handshake(NewNullHandshake); // will set the NULL handshake and
  463. throw SyncFailed("sync() Response error message"); // fail this sync attempt.
  464. }
  465. if(SessionDog.isExpired()) throw SyncFailed("Out Of Time"); // Check our session time.
  466. // Update Handshake
  467. for(int x = 0, i = 0; i < ManglerKeyExpansionCount; i++) // For the required number of loops,
  468. x = ResponseGenerator.Encrypt(x); // have Mangler chase it's tail.
  469. PadBuffer NewHandshake; // Grab a new handshake buffer.
  470. for(unsigned int x = 0, i = 0; i < SNFHandshakeSize; i++) // Create the new handshake as a
  471. NewHandshake.push_back( // mangler hash of the current
  472. x = ResponseGenerator.Encrypt(x)); // key state (proper length of course).
  473. Handshake(NewHandshake); // Save our new handshake to disk.
  474. // Interpret Rulebase Response
  475. myLOGmgr->updateAvailableUTC(RulebaseResponse.snf_sync_rulebase_utc); // Store the latest update UTC.
  476. if(myLOGmgr->isUpdateAvailable()) { // If a new update is read then
  477. postUpdateTrigger(RulebaseResponse.snf_sync_rulebase_utc); // create an update trigger file.
  478. }
  479. // Write our Client reports (multi-line)
  480. CurrentThreadState(SYNC_Send_GBUdb_Alerts);
  481. string ClientReport;
  482. ClientReport.append("<snf><sync><client>\n");
  483. sendDataTimeout(SyncServer, SessionDog, ClientReport);
  484. ClientReport = "";
  485. if(SessionDog.isExpired()) throw SyncFailed("Out Of Time"); // Check our session time.
  486. // Insert our GBUdb Alerts.
  487. list<GBUdbAlert> Alerts; // Make a list of GBUdb Alerts.
  488. myGBUdbmgr->GetAlertsForSync(Alerts); // Get them from our GBUdb.
  489. list<GBUdbAlert>::iterator iA;
  490. for(iA = Alerts.begin(); iA != Alerts.end(); iA++) { // Convert each alert in our list
  491. ClientReport.append((*iA).toXML()); // into XML, follow it up
  492. ClientReport.append("\n"); // with a new line, and send it
  493. }
  494. sendDataTimeout(SyncServer, SessionDog, ClientReport); // Send the Client report data.
  495. ClientReport = ""; // Clear the buffer.
  496. if(SessionDog.isExpired()) throw SyncFailed("Out Of Time"); // Check our session time.
  497. // Send Status Reports - one line at a time.
  498. CurrentThreadState(SYNC_Send_Status_Reports);
  499. /**
  500. *** Instead of splitting up the reports by line we will try sending them
  501. *** all at once using the new sendDataTimeout() function.
  502. ***
  503. if(0 < ReportsBuffer.length()) { // If we have reports - send them.
  504. string DataToSend = getReports(); // Grab a copy and clear the buffer.
  505. int Cursor = 0; // We need a cursor and a length
  506. int Length = 0; // to help us feed this line by line.
  507. while(Cursor < DataToSend.length()) { // While we have more data...
  508. Length = DataToSend.find_first_of('\n', Cursor); // Find the end of the first line.
  509. if(string::npos == Length) break; // If we can't then we're done.
  510. Length = (Length + 1) - Cursor; // If we can, convert that to length.
  511. SyncServer.transmit( // Get and send the line using the
  512. DataToSend.substr(Cursor, Length).c_str(), // substring function.
  513. Length
  514. );
  515. Cursor = Cursor + Length; // Move the cursor for the next line.
  516. if(SessionDog.isExpired()) throw SyncFailed("Out Of Time"); // Check our session time.
  517. }
  518. }
  519. **/
  520. if(0 < ReportsBuffer.length()) { // If we have reports to send
  521. string DataToSend = getReports(); // get (and clear) the reports and
  522. sendDataTimeout(SyncServer, SessionDog, DataToSend); // send them (mindful of timeout).
  523. }
  524. if(SessionDog.isExpired()) throw SyncFailed("Out Of Time"); // Check our session time.
  525. // Send Samples - one line at a time.
  526. CurrentThreadState(SYNC_Send_Samples);
  527. /***
  528. if(0 < SamplesBuffer.length()) {
  529. string DataToSend = getSamples();
  530. int Cursor = 0; // We need a cursor and a length
  531. int Length = 0; // to help us feed this line by line.
  532. while(Cursor < DataToSend.length()) { // While we have more data...
  533. Length = DataToSend.find_first_of('\n', Cursor); // Find the end of the first line.
  534. if(string::npos == Length) break; // If we can't then we're done.
  535. Length = (Length + 1) - Cursor; // If we can, convert that to length.
  536. SyncServer.transmit( // Get and send the line using the
  537. DataToSend.substr(Cursor, Length).c_str(), // substring function.
  538. Length
  539. );
  540. Cursor = Cursor + Length; // Move the cursor for the next line.
  541. if(SessionDog.isExpired()) throw SyncFailed("Out Of Time"); // Check our session time.
  542. }
  543. }
  544. ***/
  545. if(0 < SamplesBuffer.length()) { // If we have samples to send
  546. string DataToSend = getSamples(); // get (and clear) the samples and
  547. sendDataTimeout(SyncServer, SessionDog, DataToSend); // send them (mindful of timeout).
  548. }
  549. if(SessionDog.isExpired()) throw SyncFailed("Out Of Time"); // Check our session time.
  550. // Terminate the client messages.
  551. CurrentThreadState(SYNC_Send_End_Of_Report);
  552. ClientReport.append("</client></sync></snf>\n");
  553. sendDataTimeout(SyncServer, SessionDog, ClientReport); // Send the Client report.
  554. if(SessionDog.isExpired()) throw SyncFailed("Out Of Time"); // Check our session time.
  555. // Read the Server response (multi-line)
  556. CurrentThreadState(SYNC_Read_Server_Response);
  557. string ServerResponse;
  558. string ResponseLine;
  559. while(string::npos == ResponseLine.find("</snf>\n")) { // Until we find the ending...
  560. ResponseLine = readLineTimeout(SyncServer, SessionDog); // Read a line.
  561. if(0 >= ResponseLine.length()) { // If we get an empty line
  562. throw SyncFailed("sync() server response empty line"); // then it's an error.
  563. }
  564. ServerResponse.append(ResponseLine); // Append the line.
  565. if(SessionDog.isExpired()) throw SyncFailed("Out Of Time"); // Check our session time.
  566. }
  567. snf_sync ServerMessages(
  568. ServerResponse.c_str(), ServerResponse.length()); // Interpret what we read.
  569. if( // Check that it's good...
  570. ServerMessages.bad() // A complete packet was read.
  571. ) throw SyncFailed("sync() ServerMessages.bad()"); // If not then throw.
  572. // At this point we should have a good Server response.
  573. CurrentThreadState(SYNC_Close_Connection);
  574. SyncServer.close(); // Close the connection.
  575. evolvePad(Challenge.snf_sync_challenge_txt); // Use this event for more entropy.
  576. // Import any GBUdb reflections.
  577. CurrentThreadState(SYNC_Parse_GBUdb_Reflections);
  578. if(0 < ServerMessages.ServerGBUAlertHandler.AlertList.size()) { // If we have received reflections
  579. myGBUdbmgr->ProcessReflections( // then process them through our
  580. ServerMessages.ServerGBUAlertHandler.AlertList // GBUdb.
  581. );
  582. }
  583. /*** On Sync Override set sync timer to override time. If no override
  584. **** then be sure to reset the timer to the current CFG value if it
  585. **** is not already there. Also, if sync override is not engaged then
  586. **** be sure the overrid flag is set to -1 indicating it is off.
  587. **** Configure() code assumes we are handling the override sync timer
  588. **** functions this way.
  589. ***/
  590. // Assign the SyncSecsOverride with the value we retrieved. It will
  591. // either be a seconds value, or a -1 indicating it was absent from
  592. // the server message.
  593. SyncSecsOverride = ServerMessages.snf_sync_server_resync_secs; // What was the SyncOverride?
  594. const int SecsAsms = 1000; // Multiplier - seconds to milliseconds.
  595. if(0 > SyncSecsOverride) { // If the sync timer IS NOT in override,
  596. if(SYNCTimer.getDuration() != SecsAsMSecs(SyncSecsConfigured)) { // And the config time is different than
  597. SYNCTimer.setDuration(SyncSecsConfigured * SecsAsms); // the timer's current setting then set
  598. } // the timer to the new value.
  599. } else { // If the sync timer IS in override now,
  600. if(SYNCTimer.getDuration() != SecsAsMSecs(SyncSecsOverride)) { // and the override is different than the
  601. SYNCTimer.setDuration(SecsAsMSecs(SyncSecsOverride)); // current setting then override the setting
  602. } // with the new value.
  603. }
  604. // All done
  605. CurrentThreadState(SYNC_Log_Event);
  606. (*myLOGmgr).RecordSyncEvent(); // Finished that -- so log the event.
  607. }
  608. catch (exception& e) { // SYNC Failed and we know more.
  609. const int snf_UNKNOWN_ERROR = 99; // Report an error (unknown code)
  610. string ERROR_SYNC_FAILEDmsg = CurrentThreadState().Name; // Format a useful state message.
  611. ERROR_SYNC_FAILEDmsg.append(": ");
  612. ERROR_SYNC_FAILEDmsg.append(e.what());
  613. (*myLOGmgr).logThisError( // Log the error (if possible)
  614. "SNF_NETWORK", snf_UNKNOWN_ERROR, ERROR_SYNC_FAILEDmsg
  615. );
  616. }
  617. catch (...) { // SYNC Failed if we're here.
  618. const int snf_UNKNOWN_ERROR = 99; // Report an error (unknown code)
  619. string ERROR_SYNC_FAILEDmsg = CurrentThreadState().Name; // Format a useful state message.
  620. ERROR_SYNC_FAILEDmsg.append(": Panic!");
  621. (*myLOGmgr).logThisError( // Log the error (if possible)
  622. "SNF_NETWORK", snf_UNKNOWN_ERROR, ERROR_SYNC_FAILEDmsg
  623. );
  624. }
  625. }