xtunnelschilddata.cpp

xtunnel nat/fw traversal source code

/*

	File:       XTunnelsChildData.cp

	Contains:   X-Tunnels data members only child maintains

	Copyright:  (c) 2003 by Xten Networks, Inc., all rights reserved.

*/

#if DEBUG
#include <iostream>
#endif // DEBUG
#include <algorithm>
#include <string.h>
#include <time.h>
#include <unistd.h>
#include <signal.h>
#include "XTunnelsChildData.h"
#include "XTunnelsFamilyData.h"
#include "XTunnelsParentData.h"

#if DEBUG
using std::cout;
using std::endl;
#endif // DEBUG
using std::min;

namespace XTunnels {

// for sending (receiving is in each packet) -- specified by echoing last algorithm received from client
long sServerPacketEncryption = EAlgorithm_None;
unsigned long g_ulPacketIndex = 0; // all packets sent and received count, for the new security field

unsigned long sQuitReason = 0; 
const char* sQuitMessage = NULL;

// passed to RunChild(), this can be disabled by SIGALRM
int sClientTCPSocket = 0;
// cached by parent's ip allowableness inquiry
struct in_addr g_tConnectedClientsIP = { 0 };

// opened on successful connection for UDP redirection
int sClientUDPRedirectSocket = 0;
u_buf_t sLastUDPRedirectSource = { 0 };

// timeout related information
unsigned long g_ulChildDeathwatchTimeout = EChildDeathwatchTimeOut; // may be changed by client
time_t g_tLastSentToClient = 0;
time_t g_tLastReceivedFromClient = 0;

// this must be set before fork() to be valid, otherwise child will disconnect as too busy
int sCurrentChildIndex = 0;
SChild g_tCurrentChildInfo = { 0 };


// for disconnect packet
const char* g_pMessageIllegalEncryption = "Illegal data encryption request"; // kDisconnectReasonMustClose

CXTunnelsChildData* CXTunnelsChildData::s_pCurrentChildData = NULL;

bool CXTunnelsChildData::InitializeChildData()
   {
   s_pCurrentChildData = new CXTunnelsChildData;
   return NULL != s_pCurrentChildData;
   }
   
CXTunnelsChildData::CXTunnelsChildData() :
   m_szCachedUserID(NULL),
   m_szCachedHost(NULL),
   m_szCachedPassword(NULL),
   m_ulKeyEncryptionType(EAlgorithm_None),
   m_ulClientChallengeBlobSize(0),
   m_ulServerChallengeBlobSize(0),
   m_szClientDecryptionKey(NULL),
   m_szServerEncryptionKey(NULL)
   {
   memset(&m_tVersion, 0, sizeof(m_tVersion));
   memset(szClientChallengeBlob, 0, ChallengeReplyParam::kMaxChallengeReplyBlobSize);
   memset(szServerChallengeBlob, 0, ChallengeReplyParam::kMaxChallengeReplyBlobSize);
   }

CXTunnelsChildData::~CXTunnelsChildData()
   {
   delete m_szCachedUserID;
   delete m_szCachedHost;
   delete m_szCachedPassword;
   delete m_szClientDecryptionKey;
   delete m_szServerEncryptionKey;
   }

void CXTunnelsChildData::SetUserID(const char* szUserID)
   {
   delete m_szCachedUserID;
   if (szUserID)
      {
      m_szCachedUserID = new char[strlen(szUserID) + 1];
      strcpy(m_szCachedUserID, szUserID);
      }
   else
      m_szCachedUserID = NULL;
   }
void CXTunnelsChildData::SetHost(const char* szHost)
   {
   delete m_szCachedHost;
   if (szHost)
      {
      m_szCachedHost = new char[strlen(szHost) + 1];
      strcpy(m_szCachedHost, szHost);
      }
   else
      m_szCachedHost = NULL;
   }
void CXTunnelsChildData::SetPassword(const char* szPassword)
   {
   delete m_szCachedPassword;
   if (szPassword)
      {
      m_szCachedPassword = new char[strlen(szPassword) + 1];
      strcpy(m_szCachedPassword, szPassword);
      }
   else
      m_szCachedPassword = NULL;
   }

void CXTunnelsChildData::MakeDigestWithColonPassword(
   unsigned long ulSessionKeySize,
   char* szSessionKey,
	unsigned long& ulOutDigestSize,
	char* pOutDigest
   )
	{
	MakeSessionKeyColonPasswordDigest(
	   m_ulKeyEncryptionType,
	   ulSessionKeySize,
	   szSessionKey,
	   m_szCachedPassword ? m_szCachedPassword : "",
	   ulOutDigestSize,
	   pOutDigest
	   );

/*
	switch (m_ulKeyEncryptionType)
	   {
	   case EAlgorithm_MD5:
      	MakeMD5SessionKeyColonPasswordDigest(
      	   ulSessionKeySize,
      	   szSessionKey,
      	   m_szCachedPassword ? m_szCachedPassword : "",
      	   ulOutDigestSize,
      	   pOutDigest
      	);
         break;
	   case EAlgorithm_SHA1:
      	MakeSHA1SessionKeyColonPasswordDigest(
      	   ulSessionKeySize,
      	   szSessionKey,
      	   m_szCachedPassword ? m_szCachedPassword : "",
      	   ulOutDigestSize,
      	   pOutDigest
      	);
         break;
      default:
         ulOutDigestSize = 0;
         pOutDigest[0] = 0;
         break;
      }
*/
	}

const char* CXTunnelsChildData::GetDigestString(char* pDigest, char* szOutString)
   {
	switch (m_ulKeyEncryptionType)
	   {
	   case EAlgorithm_MD5:
         return GetUUIDString((uuid_t*)pDigest, szOutString);
	   case EAlgorithm_SHA1:
         return GetSHA1DigestString((unsigned char*)pDigest, szOutString);
      default:
         return NULL;
      }
   }
	
char* CXTunnelsChildData::MakeDigestStringWithColonPassword(unsigned long ulSessionKeySize, char* szSessionKey)
	{
	if (!m_szCachedPassword)
	   return NULL;
	   
	unsigned long ulDigestSize = 0;
	char pOutDigest[ChallengeReplyParam::kMaxChallengeReplyBlobSize] = { 0 };
   const char* szStaticDigestString = NULL;

	MakeSessionKeyColonPasswordDigest(
	   m_ulKeyEncryptionType,
	   ulSessionKeySize,
	   szSessionKey,
	   m_szCachedPassword,
	   ulDigestSize,
	   pOutDigest
	   );

   szStaticDigestString = GetDigestString(pOutDigest, NULL);
   
   if (szStaticDigestString)
      {
   	char* szNewResultString = new char[strlen(szStaticDigestString) + 1];
   	strcpy(szNewResultString, szStaticDigestString);
   	return szNewResultString;
   	}
   else
      return NULL;
	}

void CXTunnelsChildData::GetClientChallengeBlob(unsigned long& outBlobSize, char* outBlob)
	{
	outBlobSize = m_ulClientChallengeBlobSize;
	memcpy(outBlob, szClientChallengeBlob, outBlobSize);
	}

bool CXTunnelsChildData::CheckServerChallengeBlob(unsigned long inClientBlobSize, char* inClientBlob)
	{
	if (inClientBlobSize != m_ulServerChallengeBlobSize)
	   {
#if DEBUG
      cout << "X-Tunnels: CheckServerChallengeBlob mismatched blob sizes for client ["
         << inClientBlobSize << "] and server [" << m_ulServerChallengeBlobSize << "] "
         << endl;
#endif // DEBUG
		return false;
		}

	bool checked = 0 == memcmp(inClientBlob, szServerChallengeBlob, inClientBlobSize);
#if DEBUG
/*
   cout << "X-Tunnels: CheckServerChallengeBlob checked " << ChildData()->UserID() << "@" << ChildData()->Host() << "/" 
				<< ChildData()->Password() << " and got " << (checked ? "true" : "false") << endl;

	char server[255];
	char source[255];
	strcpy(server, ChildData()->GetDigestString(szServerChallengeBlob, NULL));
	strcpy(source, ChildData()->GetDigestString(inClientBlob, NULL));
	cout << "Our expected result: " << server << "[" << m_ulServerChallengeBlobSize << "]" << endl;
	cout << "Client's result    : " << source << "[" << inClientBlobSize << "]" << endl;
*/
#endif //DEBUG
	return checked;
	}

void CXTunnelsChildData::MakeServerChallengeBlob(unsigned long inUniqueIDSize, char* inUniqueID)
	{
	MakeDigestWithColonPassword(inUniqueIDSize, inUniqueID, m_ulServerChallengeBlobSize, szServerChallengeBlob);

#if DEBUG
   /*
	char server[255];
	char source[255];
	strcpy(server, GetDigestString(szServerChallengeBlob, NULL));
	strcpy(source, GetDigestString(inUniqueID, NULL));
	cout << "X-Tunnels: MakeServerChallengeBlob used password " << Password() << "[" 
			<< strlen(Password()) << "])" << " for -- " << endl;

	cout << "Our challenge: " << source << "[" << inUniqueIDSize << "]" << endl;
	cout << "Our response to our challenge:" << server << "[" << m_ulServerChallengeBlobSize << "]" << endl;
	*/
#endif //DEBUG
	}

void CXTunnelsChildData::MakeClientChallengeBlob(unsigned long inUniqueIDSize, char* inUniqueID)
	{
	MakeDigestWithColonPassword(inUniqueIDSize, inUniqueID, m_ulClientChallengeBlobSize, szClientChallengeBlob);

#if DEBUG
   /*
	char client[255];
	char source[255];
	strcpy(client, GetDigestString(szClientChallengeBlob, NULL));
	strcpy(source, GetDigestString(inUniqueID, NULL));
	cout << "X-Tunnels: MakeClientChallengeBlob used password " << Password() << "[" 
			<< strlen(Password()) << "])" << " for -- " << endl;

	cout << "Client's challenge: " << source << "[" << inUniqueIDSize << "]" << endl;
	cout << "Our response to client's challenge:" << client << "[" << m_ulClientChallengeBlobSize << "]" << endl;
	*/
#endif //DEBUG
	}


void CXTunnelsChildData::MakeServerEncryptionKey(unsigned long inServerSessionIDSize, char* szServerSessionID)
	{
	//memset(sServerSessionKey, 0, EMaxSmallBufferSize);
	delete m_szServerEncryptionKey;
	m_szServerEncryptionKey = NULL;

	if (!inServerSessionIDSize || !szServerSessionID)
		{
		//sServerSessionKey[0] = 0;
		}
	else
		{
		//memcpy(sServerSessionKey, szServerSessionID, inServerSessionIDSize);
		//sServerSessionKey[inServerSessionIDSize] = 0;

      m_szServerEncryptionKey = MakeDigestStringWithColonPassword(inServerSessionIDSize, szServerSessionID);
       
#if DEBUG
/*
      if (m_szServerEncryptionKey)
         {
        	cout << "X-Tunnels: MakeServerEncryptionKey using password '" << Password() <<"' encryption=" << m_ulKeyEncryptionType << ":" << endl;
        	cout << "Server's (our) sent session key: " << szServerSessionID << " }[" << inServerSessionIDSize << "] " << endl;
        	cout << "Calculated encryption key      : " << m_szServerEncryptionKey << " }[" << strlen(m_szServerEncryptionKey) << "] " << endl;
       	}
      else
         cout << "X-Tunnels: MakeServerEncryptionKey() didn't make anything " << endl;
*/
#endif //DEBUG
		}
	}
	
void CXTunnelsChildData::MakeClientDecryptionKey(unsigned long inClientSessionIDSize, char* szClientSessionID)
	{
	//memset(sClientSessionKey, 0, EMaxSmallBufferSize);
	delete m_szClientDecryptionKey;
	m_szClientDecryptionKey = NULL;

	if (!inClientSessionIDSize || !szClientSessionID)
		{
		//sClientSessionKey[0] = 0;
		}
	else
		{
		//memcpy(sClientSessionKey, szClientSessionID, inClientSessionIDSize);
		//sClientSessionKey[inClientSessionIDSize] = 0;

      m_szClientDecryptionKey = MakeDigestStringWithColonPassword(inClientSessionIDSize, szClientSessionID);

#if DEBUG
/*
      if (m_szClientDecryptionKey)
         {
        	cout << "X-Tunnels: MakeClientDecryptionKey using password '" << Password() <<"' encryption=" << m_ulKeyEncryptionType << ":" << endl;
        	cout << "Client (them) sent session key: " << szClientSessionID << " }[" << inClientSessionIDSize << "] " << endl;
        	cout << "Calculated decryption key     : " << m_szClientDecryptionKey << " }[" << strlen(m_szClientDecryptionKey) << "] " << endl;
       	}
      else
         cout << "X-Tunnels: MakeClientDecryptionKey() didn't make anything! " << endl;
*/
#endif //DEBUG
		}
/*
#if DEBUG
	char server[255];
	char source[255];
	strcpy(server, GetDigestString(szServerChallengeBlob));
	strcpy(source, GetDigestString(szClientSessionID));
	cout << "X-Tunnels: MakeServerChallengeBlob made " << server	<< "(" << Password() << "[" 
			<< strlen(Password()) << "])" << " for " << source << "[" << inClientSessionIDSize << "]" << endl;
#endif //DEBUG
*/
	}


void CXTunnelsChildData::SetAlarm(int iEventType)
   {
   // never allow for parent
   if (ThisIsParent())
      {
#if DEBUG
      cout << "CXTunnelsChildData::SetAlarm() called when parent -- huh??" << endl;
#endif // DEBUG
      return;
      }
   
   time_t tNow = time(NULL);
   
   switch (iEventType)
      {
      case EReceivedPacket:
         g_tLastReceivedFromClient = tNow;
         break;
      case ESentPacket:
         g_tLastSentToClient = tNow;
         break;
      case EOnDeathwatch:
      default:
         break;
      }
     
   if (g_tCurrentChildInfo.status == SChild::eDeathwatch)
      {
      alarm(g_ulChildDeathwatchTimeout);
      }
    else
      {
      unsigned int uiTimeout = 0;
      if (g_tLastReceivedFromClient && g_tLastSentToClient)
         uiTimeout = min<unsigned int>(g_tLastReceivedFromClient + EChildDisconnectTimeOut, g_tLastSentToClient + EChildPingClientTimeOut);
		else if (g_tLastReceivedFromClient)
         uiTimeout = g_tLastReceivedFromClient + EChildDisconnectTimeOut;
		else if (g_tLastSentToClient)
	     uiTimeout = g_tLastSentToClient + EChildPingClientTimeOut;
	     
      if ((time_t)uiTimeout <= tNow)
         {
		   // make sure our alarm is always positive even if something goes wrong with timestamps
     		//uiTimeout = max<unsigned int>(uiTimeout, tNow + 1);
/*
#if DEBUG
         cout << "X-Tunnels: child " << getpid() << " uiTimeout had expired!! Signaling alarm directly!" << endl;
#endif //DEBUG
*/
         kill(getpid(), SIGALRM);
		   }
		else
		   {
		   uiTimeout -= tNow;
		   alarm(uiTimeout);
/*
#if DEBUG
         cout << "X-Tunnels: child " << getpid() << " alarm() at uiTimeout " << uiTimeout << endl;
#endif //DEBUG
*/
         }
		}
   }

// note that magic number and payload size are not set,
// and inUnencryptedSize does not include magic number or packet index or encryption header
int CXTunnelsChildData::SendPacketToClient(
   TXTunnelsPacket* packet,
   ssize_t inUnencryptedSize, 
   bool bInUseUDPRedirectPort
   )
	{
   TXTunnelsPacket* pTransmissionData = PreparePacketForTransmit(
      packet,
      inUnencryptedSize,
      sServerPacketEncryption,
      g_ulPacketIndex,
      m_szServerEncryptionKey
   );
   if (!pTransmissionData)
      {
		sQuitReason = kDisconnectReasonMustClose;
		sQuitMessage = g_pMessageIllegalEncryption;
		return 1;
      }

   int iTransmitErr = TransmitPreparedPacket(
      pTransmissionData,
      bInUseUDPRedirectPort ? 0 : sClientTCPSocket,
      bInUseUDPRedirectPort ? sClientUDPRedirectSocket : 0,
      &sLastUDPRedirectSource
   );

   if (!iTransmitErr && !bInUseUDPRedirectPort)
      SetAlarm(ESentPacket);

   return iTransmitErr;
	}


} // end namespace XTunnels

/*
// cached from account existence inquiries
char sCachedUserID[EMaxSmallBufferSize] = { 0 };
char sCachedHost[EMaxSmallBufferSize] = { 0 };
char sCachedPassword[EMaxSmallBufferSize] = { 0 };
char sServerEncryptionKey[EMaxSmallBufferSize] = { 0 };
*/