* Author : Boris Mikhailenko <stg34@stargazer.dp.ua>
*/
-/*
- $Revision: 1.79 $
- $Date: 2010/03/25 15:18:48 $
- $Author: faust $
- */
-
#ifndef _GNU_SOURCE
#define _GNU_SOURCE
#endif
-#include <sys/types.h>
-#include <sys/socket.h>
-#include <unistd.h> // close
+#include "inetaccess.h"
+
+#include "stg/common.h"
+#include "stg/locker.h"
+#include "stg/tariff.h"
+#include "stg/settings.h"
+#include <algorithm>
#include <csignal>
#include <cstdlib>
#include <cstdio> // snprintf
#include <cerrno>
#include <cmath>
-#include <algorithm>
-
-#include "stg/common.h"
-#include "stg/locker.h"
-#include "stg/tariff.h"
-#include "stg/user_property.h"
-#include "stg/settings.h"
-#include "stg/plugin_creator.h"
-#include "inetaccess.h"
-extern volatile time_t stgTime;
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <unistd.h> // close
-//-----------------------------------------------------------------------------
-//-----------------------------------------------------------------------------
-//-----------------------------------------------------------------------------
-namespace
-{
-PLUGIN_CREATOR<AUTH_IA> iac;
+#define IA_PROTO_VER (6)
-void InitEncrypt(BLOWFISH_CTX * ctx, const std::string & password);
-void Decrypt(BLOWFISH_CTX * ctx, void * dst, const void * src, size_t len8);
-void Encrypt(BLOWFISH_CTX * ctx, void * dst, const void * src, size_t len8);
-}
+extern volatile time_t stgTime;
-extern "C" PLUGIN * GetPlugin();
-//-----------------------------------------------------------------------------
-//-----------------------------------------------------------------------------
-//-----------------------------------------------------------------------------
-PLUGIN * GetPlugin()
+extern "C" STG::Plugin* GetPlugin()
{
-return iac.GetPlugin();
+ static AUTH_IA plugin;
+ return &plugin;
}
//-----------------------------------------------------------------------------
//-----------------------------------------------------------------------------
: userDelay(0),
userTimeout(0),
port(0),
- errorStr(),
- freeMbShowType(freeMbCash)
+ freeMbShowType(freeMbCash),
+ logProtocolErrors(false)
{
}
//-----------------------------------------------------------------------------
-int AUTH_IA_SETTINGS::ParseSettings(const MODULE_SETTINGS & s)
+int AUTH_IA_SETTINGS::ParseSettings(const STG::ModuleSettings & s)
{
int p;
-PARAM_VALUE pv;
-std::vector<PARAM_VALUE>::const_iterator pvi;
+STG::ParamValue pv;
+std::vector<STG::ParamValue>::const_iterator pvi;
///////////////////////////
pv.param = "Port";
pvi = find(s.moduleParams.begin(), s.moduleParams.end(), pv);
-if (pvi == s.moduleParams.end())
+if (pvi == s.moduleParams.end() || pvi->value.empty())
{
errorStr = "Parameter \'Port\' not found.";
printfd(__FILE__, "Parameter 'Port' not found\n");
///////////////////////////
pv.param = "UserDelay";
pvi = find(s.moduleParams.begin(), s.moduleParams.end(), pv);
-if (pvi == s.moduleParams.end())
+if (pvi == s.moduleParams.end() || pvi->value.empty())
{
errorStr = "Parameter \'UserDelay\' not found.";
printfd(__FILE__, "Parameter 'UserDelay' not found\n");
///////////////////////////
pv.param = "UserTimeout";
pvi = find(s.moduleParams.begin(), s.moduleParams.end(), pv);
-if (pvi == s.moduleParams.end())
+if (pvi == s.moduleParams.end() || pvi->value.empty())
{
errorStr = "Parameter \'UserTimeout\' not found.";
printfd(__FILE__, "Parameter 'UserTimeout' not found\n");
printfd(__FILE__, "Cannot parse parameter 'UserTimeout'\n");
return -1;
}
+///////////////////////////
+pv.param = "LogProtocolErrors";
+pvi = find(s.moduleParams.begin(), s.moduleParams.end(), pv);
+if (pvi == s.moduleParams.end() || pvi->value.empty())
+ logProtocolErrors = false;
+else if (ParseYesNo(pvi->value[0], &logProtocolErrors))
+ {
+ errorStr = "Cannot parse parameter \'LogProtocolErrors\': " + errorStr;
+ printfd(__FILE__, "Cannot parse parameter 'LogProtocolErrors'\n");
+ return -1;
+ }
/////////////////////////////////////////////////////////////
std::string freeMbType;
int n = 0;
pv.param = "FreeMb";
pvi = find(s.moduleParams.begin(), s.moduleParams.end(), pv);
-if (pvi == s.moduleParams.end())
+if (pvi == s.moduleParams.end() || pvi->value.empty())
{
errorStr = "Parameter \'FreeMb\' not found.";
printfd(__FILE__, "Parameter 'FreeMb' not found\n");
#ifdef IA_PHASE_DEBUG
IA_PHASE::IA_PHASE()
: phase(1),
- phaseTime(),
flog(NULL)
{
gettimeofday(&phaseTime, NULL);
}
#else
IA_PHASE::IA_PHASE()
- : phase(1),
- phaseTime()
+ : phase(1)
{
gettimeofday(&phaseTime, NULL);
}
gettimeofday(&phaseTime, NULL);
}
//-----------------------------------------------------------------------------
-void IA_PHASE::SetPhase5()
-{
-#ifdef IA_PHASE_DEBUG
-WritePhaseChange(5);
-#endif
-phase = 5;
-gettimeofday(&phaseTime, NULL);
-}
-//-----------------------------------------------------------------------------
int IA_PHASE::GetPhase() const
{
return phase;
//-----------------------------------------------------------------------------
//-----------------------------------------------------------------------------
AUTH_IA::AUTH_IA()
- : ctxS(),
- errorStr(),
- iaSettings(),
- settings(),
- nonstop(false),
+ : nonstop(false),
isRunningRun(false),
isRunningRunTimeouter(false),
users(NULL),
stgSettings(NULL),
- ip2user(),
- recvThread(),
- timeouterThread(),
- mutex(),
listenSocket(-1),
- connSynAck6(),
- connSynAck8(),
- disconnSynAck6(),
- disconnSynAck8(),
- aliveSyn6(),
- aliveSyn8(),
- fin6(),
- fin8(),
- packetTypes(),
enabledDirs(0xFFffFFff),
onDelUserNotifier(*this),
- logger(GetPluginLogger(GetStgLogger(), "auth_ia"))
+ logger(STG::PluginLogger::get("auth_ia"))
{
-InitEncrypt(&ctxS, "pr7Hhen");
+InitContext("pr7Hhen", 7, &ctxS);
pthread_mutexattr_t attr;
pthread_mutexattr_init(&attr);
{
touchTime = stgTime;
std::string monFile = ia->stgSettings->GetMonitorDir() + "/inetaccess_r";
- TouchFile(monFile.c_str());
+ TouchFile(monFile);
}
}
// TODO change counter to timer and MONITOR_TIME_DELAY_SEC
if (++a % (50 * 60) == 0 && ia->stgSettings->GetMonitoring())
{
- TouchFile(monFile.c_str());
+ TouchFile(monFile);
}
}
return ret;
}
//-----------------------------------------------------------------------------
+int AUTH_IA::Reload(const STG::ModuleSettings & ms)
+{
+AUTH_IA_SETTINGS newIaSettings;
+if (newIaSettings.ParseSettings(ms))
+ {
+ printfd(__FILE__, "AUTH_IA::Reload() - Failed to reload InetAccess.\n");
+ logger("AUTH_IA: Cannot reload InetAccess. Errors found.");
+ return -1;
+ }
+
+printfd(__FILE__, "AUTH_IA::Reload() - Reloaded InetAccess successfully.\n");
+logger("AUTH_IA: Reloaded InetAccess successfully.");
+iaSettings = newIaSettings;
+return 0;
+}
+//-----------------------------------------------------------------------------
int AUTH_IA::PrepareNet()
{
struct sockaddr_in listenAddr;
if (dataLen > 256)
return -1;
+uint32_t sip = outerAddr.sin_addr.s_addr;
+uint16_t sport = htons(outerAddr.sin_port);
+
int protoVer;
-if (CheckHeader(buffer, &protoVer))
+if (CheckHeader(buffer, sip, &protoVer))
return -1;
char login[PASSWD_LEN]; //TODO why PASSWD_LEN ?
memset(login, 0, PASSWD_LEN);
-Decrypt(&ctxS, login, buffer + 8, PASSWD_LEN / 8);
+DecryptString(login, buffer + 8, PASSWD_LEN, &ctxS);
-uint32_t sip = outerAddr.sin_addr.s_addr;
-uint16_t sport = htons(outerAddr.sin_port);
-
-USER_PTR user;
+UserPtr user;
if (users->FindByName(login, &user))
{
logger("User's connect failed: user '%s' not found. IP %s",
login,
inet_ntostring(sip).c_str());
printfd(__FILE__, "User '%s' NOT found!\n", login);
- SendError(sip, sport, protoVer, "îÅÐÒÁ×ÉÌØÎÙÊ ÌÏÇÉÎ!");
+ SendError(sip, sport, protoVer, IconvString("Неправильный логин.", "utf8", "koi8-ru"));
return -1;
}
printfd(__FILE__, "User '%s' FOUND!\n", user->GetLogin().c_str());
-if (user->GetProperty().disabled.Get())
+if (user->GetProperties().disabled.Get())
{
logger("Cannont authorize '%s', user is disabled.", login);
- SendError(sip, sport, protoVer, "õÞÅÔÎÁÑ ÚÁÐÉÓØ ÚÁÂÌÏËÉÒÏ×ÁÎÁ");
+ SendError(sip, sport, protoVer, IconvString("Учетная запись заблокирована.", "utf8", "koi8-ru"));
return 0;
}
-if (user->GetProperty().passive.Get())
+if (user->GetProperties().passive.Get())
{
logger("Cannont authorize '%s', user is passive.", login);
- SendError(sip, sport, protoVer, "õÞÅÔÎÁÑ ÚÁÐÉÓØ ÚÁÍÏÒÏÖÅÎÁ");
+ SendError(sip, sport, protoVer, IconvString("Учетная запись заморожена.", "utf8", "koi8-ru"));
return 0;
}
-if (!user->GetProperty().ips.Get().IsIPInIPS(sip))
+if (!user->GetProperties().ips.Get().find(sip))
{
printfd(__FILE__, "User %s. IP address is incorrect. IP %s\n",
user->GetLogin().c_str(), inet_ntostring(sip).c_str());
logger("User %s. IP address is incorrect. IP %s",
user->GetLogin().c_str(), inet_ntostring(sip).c_str());
- SendError(sip, sport, protoVer, "ðÏÌØÚÏ×ÁÔÅÌØ ÎÅ ÏÐÏÚÎÁÎ! ðÒÏ×ÅÒØÔÅ IP ÁÄÒÅÓ.");
+ SendError(sip, sport, protoVer, IconvString("Пользователь не опознан. Проверьте IP-адрес.", "utf8", "koi8-ru"));
return 0;
}
return PacketProcessor(buffer, dataLen, sip, sport, protoVer, user);
}
//-----------------------------------------------------------------------------
-int AUTH_IA::CheckHeader(const char * buffer, int * protoVer)
+int AUTH_IA::CheckHeader(const char * buffer, uint32_t sip, int * protoVer)
{
if (strncmp(IA_ID, buffer, strlen(IA_ID)) != 0)
{
- //SendError(userIP, updateMsg);
printfd(__FILE__, "update needed - IA_ID\n");
- //SendError(userIP, "Incorrect header!");
+ if (iaSettings.LogProtocolErrors())
+ logger("IP: %s. Header: invalid packed signature.", inet_ntostring(sip).c_str());
return -1;
}
if (buffer[6] != 0) //proto[0] shoud be 0
{
printfd(__FILE__, "update needed - PROTO major: %d\n", buffer[6]);
- //SendError(userIP, updateMsg);
+ if (iaSettings.LogProtocolErrors())
+ logger("IP: %s. Header: invalid protocol major version: %d.", inet_ntostring(sip).c_str(), buffer[6]);
return -1;
}
if (buffer[7] < 6)
{
// need update
- //SendError(userIP, updateMsg);
printfd(__FILE__, "update needed - PROTO minor: %d\n", buffer[7]);
+ if (iaSettings.LogProtocolErrors())
+ logger("IP: %s. Header: invalid protocol minor version: %d.", inet_ntostring(sip).c_str(), buffer[7]);
return -1;
}
else
//-----------------------------------------------------------------------------
int AUTH_IA::Timeouter()
{
-STG_LOCKER lock(&mutex, __FILE__, __LINE__);
+STG_LOCKER lock(&mutex);
std::map<uint32_t, IA_USER>::iterator it;
it = ip2user.begin();
-uint32_t sip;
while (it != ip2user.end())
{
- sip = it->first;
+ uint32_t sip = it->first;
static UTIME currTime;
gettimeofday(&currTime, NULL);
if ((it->second.phase.GetPhase() == 2)
&& (currTime - it->second.phase.GetTime()) > iaSettings.GetUserDelay())
{
+ if (iaSettings.LogProtocolErrors())
+ logger("User '%s'. Protocol version: %d. Phase 2: connect request timeout (%f > %d).", it->second.login.c_str(), it->second.protoVer, (currTime - it->second.phase.GetTime()).AsDouble(), iaSettings.GetUserDelay().GetSec());
it->second.phase.SetPhase1();
printfd(__FILE__, "Phase changed from 2 to 1. Reason: timeout\n");
ip2user.erase(it++);
if ((currTime - it->second.phase.GetTime()) > iaSettings.GetUserTimeout())
{
+ if (iaSettings.LogProtocolErrors())
+ logger("User '%s'. Protocol version: %d. Phase 3: alive timeout (%f > %d).", it->second.login.c_str(), it->second.protoVer, (currTime - it->second.phase.GetTime()).AsDouble(), iaSettings.GetUserTimeout().GetSec());
users->Unauthorize(it->second.user->GetLogin(), this);
ip2user.erase(it++);
continue;
if ((it->second.phase.GetPhase() == 4)
&& ((currTime - it->second.phase.GetTime()) > iaSettings.GetUserDelay()))
{
+ if (iaSettings.LogProtocolErrors())
+ logger("User '%s'. Protocol version: %d. Phase 4: disconnect request timeout (%f > %d).", it->second.login.c_str(), it->second.protoVer, (currTime - it->second.phase.GetTime()).AsDouble(), iaSettings.GetUserDelay().GetSec());
it->second.phase.SetPhase3();
printfd(__FILE__, "Phase changed from 4 to 3. Reason: timeout\n");
}
return 0;
}
//-----------------------------------------------------------------------------
-int AUTH_IA::PacketProcessor(void * buff, size_t dataLen, uint32_t sip, uint16_t sport, int protoVer, USER_PTR user)
+int AUTH_IA::PacketProcessor(void * buff, size_t dataLen, uint32_t sip, uint16_t sport, int protoVer, UserPtr user)
{
std::string login(user->GetLogin());
const size_t offset = LOGIN_LEN + 2 + 6; // LOGIN_LEN + sizeOfMagic + sizeOfVer;
-STG_LOCKER lock(&mutex, __FILE__, __LINE__);
+STG_LOCKER lock(&mutex);
std::map<uint32_t, IA_USER>::iterator it(ip2user.find(sip));
if (it == ip2user.end())
{
- USER_PTR userPtr;
+ UserPtr userPtr;
if (!users->FindByIPIdx(sip, &userPtr))
{
if (userPtr->GetID() != user->GetID())
userPtr->GetLogin().c_str(),
inet_ntostring(sip).c_str(),
login.c_str());
- SendError(sip, sport, protoVer, "÷ÁÛ IP ÁÄÒÅÓ ÕÖÅ ÉÓÐÏÌØÚÕÅÔÓÑ!");
+ SendError(sip, sport, protoVer, IconvString("IP-адрес уже сипользуется.", "utf8", "koi8-ru"));
return 0;
}
}
it->second.user->GetLogin().c_str(),
inet_ntostring(sip).c_str(),
user->GetLogin().c_str());
- SendError(sip, sport, protoVer, "÷ÁÛ IP ÁÄÒÅÓ ÕÖÅ ÉÓÐÏÌØÚÕÅÔÓÑ!");
+ SendError(sip, sport, protoVer, IconvString("IP-адрес уже используется.", "utf8", "koi8-ru"));
return 0;
}
IA_USER * iaUser = &(it->second);
-if (iaUser->password != user->GetProperty().password.Get())
+if (iaUser->password != user->GetProperties().password.Get())
{
- InitEncrypt(&iaUser->ctx, user->GetProperty().password.Get());
- iaUser->password = user->GetProperty().password.Get();
+ const std::string & password = user->GetProperties().password.Get();
+ InitContext(password.c_str(), password.length(), &iaUser->ctx);
+ iaUser->password = user->GetProperties().password.Get();
}
-Decrypt(&iaUser->ctx, static_cast<char *>(buff) + offset, static_cast<char *>(buff) + offset, (dataLen - offset) / 8);
+DecryptString(static_cast<char *>(buff) + offset, static_cast<char *>(buff) + offset, (dataLen - offset), &iaUser->ctx);
char packetName[IA_MAX_TYPE_LEN];
strncpy(packetName, static_cast<char *>(buff) + offset + 4, IA_MAX_TYPE_LEN);
std::map<std::string, int>::iterator pi(packetTypes.find(packetName));
if (pi == packetTypes.end())
{
- SendError(sip, sport, protoVer, "îÅÐÒÁ×ÉÌØÎÙÊ ÌÏÇÉÎ ÉÌÉ ÐÁÒÏÌØ!");
+ SendError(sip, sport, protoVer, IconvString("Неправильный логин или пароль.", "utf8", "koi8-ru"));
printfd(__FILE__, "Login or password is wrong!\n");
logger("User's connect failed. User: '%s', ip %s. Wrong login or password",
login.c_str(),
login.c_str(),
inet_ntostring(user->GetCurrIP()).c_str(),
inet_ntostring(sip).c_str());
- SendError(sip, sport, protoVer, "÷ÁÛ ÌÏÇÉÎ ÕÖÅ ÉÓÐÏÌØÚÕÅÔÓÑ!");
+ SendError(sip, sport, protoVer, IconvString("Логин уже используется.", "utf8", "koi8-ru"));
ip2user.erase(it);
return 0;
}
return -1;
}
//-----------------------------------------------------------------------------
-void AUTH_IA::DelUser(USER_PTR u)
+void AUTH_IA::DelUser(UserPtr u)
{
uint32_t ip = u->GetCurrIP();
std::map<uint32_t, IA_USER>::iterator it;
-STG_LOCKER lock(&mutex, __FILE__, __LINE__);
+STG_LOCKER lock(&mutex);
it = ip2user.find(ip);
if (it == ip2user.end())
{
return -1;
}
//-----------------------------------------------------------------------------
-int AUTH_IA::SendMessage(const STG_MSG & msg, uint32_t ip) const
+int AUTH_IA::SendMessage(const STG::Message & msg, uint32_t ip) const
{
printfd(__FILE__, "SendMessage userIP=%s\n", inet_ntostring(ip).c_str());
std::map<uint32_t, IA_USER>::iterator it;
-STG_LOCKER lock(&mutex, __FILE__, __LINE__);
+STG_LOCKER lock(&mutex);
it = ip2user.find(ip);
if (it == ip2user.end())
{
return 0;
}
//-----------------------------------------------------------------------------
-int AUTH_IA::RealSendMessage6(const STG_MSG & msg, uint32_t ip, IA_USER & user)
+int AUTH_IA::RealSendMessage6(const STG::Message & msg, uint32_t ip, IA_USER & user)
{
printfd(__FILE__, "RealSendMessage 6 user=%s\n", user.login.c_str());
char buffer[256];
memcpy(buffer, &info, sizeof(INFO_6));
-Encrypt(&user.ctx, buffer, buffer, len / 8);
+EncryptString(buffer, buffer, len, &user.ctx);
return Send(ip, iaSettings.GetUserPort(), buffer, len);
}
//-----------------------------------------------------------------------------
-int AUTH_IA::RealSendMessage7(const STG_MSG & msg, uint32_t ip, IA_USER & user)
+int AUTH_IA::RealSendMessage7(const STG::Message & msg, uint32_t ip, IA_USER & user)
{
printfd(__FILE__, "RealSendMessage 7 user=%s\n", user.login.c_str());
char buffer[300];
memcpy(buffer, &info, sizeof(INFO_7));
-Encrypt(&user.ctx, buffer, buffer, len / 8);
+EncryptString(buffer, buffer, len, &user.ctx);
return Send(ip, iaSettings.GetUserPort(), buffer, len);
}
//-----------------------------------------------------------------------------
-int AUTH_IA::RealSendMessage8(const STG_MSG & msg, uint32_t ip, IA_USER & user)
+int AUTH_IA::RealSendMessage8(const STG::Message & msg, uint32_t ip, IA_USER & user)
{
printfd(__FILE__, "RealSendMessage 8 user=%s\n", user.login.c_str());
char buffer[1500];
memcpy(buffer, &info, sizeof(INFO_8));
-Encrypt(&user.ctx, buffer, buffer, len / 8);
+EncryptString(buffer, buffer, len, &user.ctx);
return Send(ip, user.port, buffer, len);
}
//-----------------------------------------------------------------------------
#ifdef ARCH_BE
SwapBytes(connSyn->dirs);
#endif
-int ret = Process_CONN_SYN_6((CONN_SYN_6*)connSyn, iaUser, sip);
+int ret = Process_CONN_SYN_6(reinterpret_cast<CONN_SYN_6 *>(connSyn), iaUser, sip);
enabledDirs = connSyn->dirs;
return ret;
}
else
{
errorStr = iaUser->user->GetStrError();
+ if (iaSettings.LogProtocolErrors())
+ logger("IP: %s. User '%s'. Protocol version: %d. CONN_ACK: phase 2, authorization error ('%s').", inet_ntostring(sip).c_str(), iaUser->login.c_str(), iaUser->protoVer, errorStr.c_str());
iaUser->phase.SetPhase1();
ip2user.erase(sip);
printfd(__FILE__, "Phase changed from 2 to 1. Reason: failed to authorize user\n");
return -1;
}
}
-printfd(__FILE__, "Invalid phase or control number. Phase: %d. Control number: %d\n", iaUser->phase.GetPhase(), connAck->rnd);
+printfd(__FILE__, "Invalid phase or control number. Phase: %d. Control number: %d, expected: %d\n", iaUser->phase.GetPhase(), connAck->rnd, iaUser->rnd + 1);
+if (iaSettings.LogProtocolErrors())
+ {
+ if (iaUser->phase.GetPhase() != 2)
+ logger("IP: %s. User '%s'. Protocol version: %d. CONN_ACK: invalid phase, expected 2, got %d.", inet_ntostring(sip).c_str(), iaUser->login.c_str(), iaUser->protoVer, iaUser->phase.GetPhase());
+ if (connAck->rnd != iaUser->rnd + 1)
+ logger("IP: %s. User '%s'. Protocol version: %d. CONN_ACK: invalid control number, expected %d, got %d.", inet_ntostring(sip).c_str(), iaUser->login.c_str(), iaUser->protoVer, (iaUser->rnd + 1), connAck->rnd);
+ }
return -1;
}
//-----------------------------------------------------------------------------
else
{
errorStr = iaUser->user->GetStrError();
+ if (iaSettings.LogProtocolErrors())
+ logger("IP: %s. User '%s'. Protocol version: %d. CONN_ACK: phase 2, authorization error ('%s').", inet_ntostring(sip).c_str(), iaUser->login.c_str(), iaUser->protoVer, errorStr.c_str());
iaUser->phase.SetPhase1();
ip2user.erase(sip);
printfd(__FILE__, "Phase changed from 2 to 1. Reason: failed to authorize user\n");
return -1;
}
}
-printfd(__FILE__, "Invalid phase or control number. Phase: %d. Control number: %d\n", iaUser->phase.GetPhase(), connAck->rnd);
+printfd(__FILE__, "Invalid phase or control number. Phase: %d. Control number: %d, expected: %d\n", iaUser->phase.GetPhase(), connAck->rnd, iaUser->rnd + 1);
+if (iaSettings.LogProtocolErrors())
+ {
+ if (iaUser->phase.GetPhase() != 2)
+ logger("IP: %s. User '%s'. Protocol version: %d. CONN_ACK: invalid phase, expected 2, got %d.", inet_ntostring(sip).c_str(), iaUser->login.c_str(), iaUser->protoVer, iaUser->phase.GetPhase());
+ if (connAck->rnd != iaUser->rnd + 1)
+ logger("IP: %s. User '%s'. Protocol version: %d. CONN_ACK: invalid control number, expected %d, got %d.", inet_ntostring(sip).c_str(), iaUser->login.c_str(), iaUser->protoVer, (iaUser->rnd + 1), connAck->rnd);
+ }
return -1;
}
//-----------------------------------------------------------------------------
return 0;
}
//-----------------------------------------------------------------------------
-int AUTH_IA::Process_DISCONN_SYN_6(DISCONN_SYN_6 *, IA_USER * iaUser, uint32_t)
+int AUTH_IA::Process_DISCONN_SYN_6(DISCONN_SYN_6 *, IA_USER * iaUser, uint32_t sip)
{
printfd(__FILE__, "DISCONN_SYN_6\n");
if (iaUser->phase.GetPhase() != 3)
{
+ if (iaSettings.LogProtocolErrors())
+ logger("IP: %s. User '%s'. Protocol version: %d. DISCONN_SYN: invalid phase, expected 3, got %d.", inet_ntostring(sip).c_str(), iaUser->login.c_str(), iaUser->protoVer, iaUser->phase.GetPhase());
printfd(__FILE__, "Invalid phase. Expected 3, actual %d\n", iaUser->phase.GetPhase());
errorStr = "Incorrect request DISCONN_SYN";
return -1;
return Process_DISCONN_SYN_6(disconnSyn, iaUser, sip);
}
//-----------------------------------------------------------------------------
-int AUTH_IA::Process_DISCONN_SYN_8(DISCONN_SYN_8 *, IA_USER * iaUser, uint32_t)
+int AUTH_IA::Process_DISCONN_SYN_8(DISCONN_SYN_8 *, IA_USER * iaUser, uint32_t sip)
{
if (iaUser->phase.GetPhase() != 3)
{
+ if (iaSettings.LogProtocolErrors())
+ logger("IP: %s. User '%s'. Protocol version: %d. DISCONN_SYN: invalid phase, expected 3, got %d.", inet_ntostring(sip).c_str(), iaUser->login.c_str(), iaUser->protoVer, iaUser->phase.GetPhase());
errorStr = "Incorrect request DISCONN_SYN";
printfd(__FILE__, "Invalid phase. Expected 3, actual %d\n", iaUser->phase.GetPhase());
return -1;
//-----------------------------------------------------------------------------
int AUTH_IA::Process_DISCONN_ACK_6(DISCONN_ACK_6 * disconnAck,
IA_USER * iaUser,
- uint32_t,
+ uint32_t sip,
std::map<uint32_t, IA_USER>::iterator)
{
#ifdef ARCH_BE
printfd(__FILE__, "DISCONN_ACK_6\n");
if (!((iaUser->phase.GetPhase() == 4) && (disconnAck->rnd == iaUser->rnd + 1)))
{
+ if (iaSettings.LogProtocolErrors())
+ {
+ if (iaUser->phase.GetPhase() != 4)
+ logger("IP: %s. User '%s'. Protocol version: %d. DISCONN_ACK: invalid phase, expected 4, got %d.", inet_ntostring(sip).c_str(), iaUser->login.c_str(), iaUser->protoVer, iaUser->phase.GetPhase());
+ if (disconnAck->rnd != iaUser->rnd + 1)
+ logger("IP: %s. User '%s'. Protocol version: %d. DISCONN_ACK: invalid control number, expected %d, got %d.", inet_ntostring(sip).c_str(), iaUser->login.c_str(), iaUser->protoVer, (iaUser->rnd + 1), disconnAck->rnd);
+ }
printfd(__FILE__, "Invalid phase or control number. Phase: %d. Control number: %d\n", iaUser->phase.GetPhase(), disconnAck->rnd);
return -1;
}
return Process_DISCONN_ACK_6(disconnAck, iaUser, sip, it);
}
//-----------------------------------------------------------------------------
-int AUTH_IA::Process_DISCONN_ACK_8(DISCONN_ACK_8 * disconnAck, IA_USER * iaUser, uint32_t, std::map<uint32_t, IA_USER>::iterator)
+int AUTH_IA::Process_DISCONN_ACK_8(DISCONN_ACK_8 * disconnAck, IA_USER * iaUser, uint32_t sip, std::map<uint32_t, IA_USER>::iterator)
{
#ifdef ARCH_BE
SwapBytes(disconnAck->len);
printfd(__FILE__, "DISCONN_ACK_8\n");
if (!((iaUser->phase.GetPhase() == 4) && (disconnAck->rnd == iaUser->rnd + 1)))
{
+ if (iaSettings.LogProtocolErrors())
+ {
+ if (iaUser->phase.GetPhase() != 4)
+ logger("IP: %s. User '%s'. Protocol version: %d. DISCONN_ACK: invalid phase, expected 4, got %d.", inet_ntostring(sip).c_str(), iaUser->login.c_str(), iaUser->protoVer, iaUser->phase.GetPhase());
+ if (disconnAck->rnd != iaUser->rnd + 1)
+ logger("IP: %s. User '%s'. Protocol version: %d. DISCONN_ACK: invalid control number, expected %d, got %d.", inet_ntostring(sip).c_str(), iaUser->login.c_str(), iaUser->protoVer, (iaUser->rnd + 1), disconnAck->rnd);
+ }
printfd(__FILE__, "Invalid phase or control number. Phase: %d. Control number: %d\n", iaUser->phase.GetPhase(), disconnAck->rnd);
return -1;
}
iaUser->rnd = static_cast<uint32_t>(random());
connSynAck6.rnd = iaUser->rnd;
-connSynAck6.userTimeOut = iaSettings.GetUserTimeout();
-connSynAck6.aliveDelay = iaSettings.GetUserDelay();
+printfd(__FILE__, "Sending CONN_SYN_ACK with control number %d.\n", iaUser->rnd);
+
+connSynAck6.userTimeOut = iaSettings.GetUserTimeout().GetSec();
+connSynAck6.aliveDelay = iaSettings.GetUserDelay().GetSec();
#ifdef ARCH_BE
SwapBytes(connSynAck6.len);
SwapBytes(connSynAck6.aliveDelay);
#endif
-Encrypt(&iaUser->ctx, (char*)&connSynAck6, (char*)&connSynAck6, Min8(sizeof(CONN_SYN_ACK_6))/8);
+EncryptString((char*)&connSynAck6, (char*)&connSynAck6, Min8(sizeof(CONN_SYN_ACK_6)), &iaUser->ctx);
return Send(sip, iaSettings.GetUserPort(), (char*)&connSynAck6, Min8(sizeof(CONN_SYN_ACK_6)));;
}
//-----------------------------------------------------------------------------
iaUser->rnd = static_cast<uint32_t>(random());
connSynAck8.rnd = iaUser->rnd;
-connSynAck8.userTimeOut = iaSettings.GetUserTimeout();
-connSynAck8.aliveDelay = iaSettings.GetUserDelay();
+printfd(__FILE__, "Sending CONN_SYN_ACK with control number %d.\n", iaUser->rnd);
+
+connSynAck8.userTimeOut = iaSettings.GetUserTimeout().GetSec();
+connSynAck8.aliveDelay = iaSettings.GetUserDelay().GetSec();
#ifdef ARCH_BE
SwapBytes(connSynAck8.len);
SwapBytes(connSynAck8.aliveDelay);
#endif
-Encrypt(&iaUser->ctx, (char*)&connSynAck8, (char*)&connSynAck8, Min8(sizeof(CONN_SYN_ACK_8))/8);
+EncryptString((char*)&connSynAck8, (char*)&connSynAck8, Min8(sizeof(CONN_SYN_ACK_8)), &iaUser->ctx);
return Send(sip, iaUser->port, (char*)&connSynAck8, Min8(sizeof(CONN_SYN_ACK_8)));
}
//-----------------------------------------------------------------------------
for (int i = 0; i < DIR_NUM; i++)
{
- aliveSyn6.md[i] = iaUser->user->GetProperty().down.Get()[i];
- aliveSyn6.mu[i] = iaUser->user->GetProperty().up.Get()[i];
+ aliveSyn6.md[i] = iaUser->user->GetProperties().down.Get()[i];
+ aliveSyn6.mu[i] = iaUser->user->GetProperties().up.Get()[i];
aliveSyn6.sd[i] = iaUser->user->GetSessionDownload()[i];
aliveSyn6.su[i] = iaUser->user->GetSessionUpload()[i];
//TODO
int dn = iaSettings.GetFreeMbShowType();
-const TARIFF * tf = iaUser->user->GetTariff();
+const auto tf = iaUser->user->GetTariff();
if (dn < DIR_NUM)
{
}
else
{
- double fmb = iaUser->user->GetProperty().freeMb;
+ double fmb = iaUser->user->GetProperties().freeMb;
fmb = fmb < 0 ? 0 : fmb;
snprintf((char*)aliveSyn6.freeMb, IA_FREEMB_LEN, "%.3f", fmb / p);
}
}
else
{
- double fmb = iaUser->user->GetProperty().freeMb;
+ double fmb = iaUser->user->GetProperties().freeMb;
fmb = fmb < 0 ? 0 : fmb;
snprintf((char*)aliveSyn6.freeMb, IA_FREEMB_LEN, "C%.3f", fmb);
}
iaUser->aliveSent = true;
#endif
-aliveSyn6.cash =(int64_t) (iaUser->user->GetProperty().cash.Get() * 1000.0);
+aliveSyn6.cash =(int64_t) (iaUser->user->GetProperties().cash.Get() * 1000.0);
if (!stgSettings->GetShowFeeInCash())
aliveSyn6.cash -= (int64_t)(tf->GetFee() * 1000.0);
}
#endif
-Encrypt(&(iaUser->ctx), (char*)&aliveSyn6, (char*)&aliveSyn6, Min8(sizeof(aliveSyn6))/8);
+EncryptString((char*)&aliveSyn6, (char*)&aliveSyn6, Min8(sizeof(aliveSyn6)), &iaUser->ctx);
return Send(sip, iaSettings.GetUserPort(), (char*)&aliveSyn6, Min8(sizeof(aliveSyn6)));
}
//-----------------------------------------------------------------------------
for (int i = 0; i < DIR_NUM; i++)
{
- aliveSyn8.md[i] = iaUser->user->GetProperty().down.Get()[i];
- aliveSyn8.mu[i] = iaUser->user->GetProperty().up.Get()[i];
+ aliveSyn8.md[i] = iaUser->user->GetProperties().down.Get()[i];
+ aliveSyn8.mu[i] = iaUser->user->GetProperties().up.Get()[i];
aliveSyn8.sd[i] = iaUser->user->GetSessionDownload()[i];
aliveSyn8.su[i] = iaUser->user->GetSessionUpload()[i];
if (dn < DIR_NUM)
{
- const TARIFF * tf = iaUser->user->GetTariff();
+ const auto tf = iaUser->user->GetTariff();
double p = tf->GetPriceWithTraffType(aliveSyn8.mu[dn],
aliveSyn8.md[dn],
dn,
}
else
{
- double fmb = iaUser->user->GetProperty().freeMb;
+ double fmb = iaUser->user->GetProperties().freeMb;
fmb = fmb < 0 ? 0 : fmb;
snprintf((char*)aliveSyn8.freeMb, IA_FREEMB_LEN, "%.3f", fmb / p);
}
}
else
{
- double fmb = iaUser->user->GetProperty().freeMb;
+ double fmb = iaUser->user->GetProperties().freeMb;
fmb = fmb < 0 ? 0 : fmb;
snprintf((char*)aliveSyn8.freeMb, IA_FREEMB_LEN, "C%.3f", fmb);
}
iaUser->aliveSent = true;
#endif
-const TARIFF * tf = iaUser->user->GetTariff();
+const auto tf = iaUser->user->GetTariff();
-aliveSyn8.cash =(int64_t) (iaUser->user->GetProperty().cash.Get() * 1000.0);
+aliveSyn8.cash =(int64_t) (iaUser->user->GetProperties().cash.Get() * 1000.0);
if (!stgSettings->GetShowFeeInCash())
aliveSyn8.cash -= (int64_t)(tf->GetFee() * 1000.0);
}
#endif
-Encrypt(&(iaUser->ctx), (char*)&aliveSyn8, (char*)&aliveSyn8, Min8(sizeof(aliveSyn8))/8);
+EncryptString((char*)&aliveSyn8, (char*)&aliveSyn8, Min8(sizeof(aliveSyn8)), &iaUser->ctx);
return Send(sip, iaUser->port, (char*)&aliveSyn8, Min8(sizeof(aliveSyn8)));
}
//-----------------------------------------------------------------------------
SwapBytes(disconnSynAck6.rnd);
#endif
-Encrypt(&iaUser->ctx, (char*)&disconnSynAck6, (char*)&disconnSynAck6, Min8(sizeof(disconnSynAck6))/8);
+EncryptString((char*)&disconnSynAck6, (char*)&disconnSynAck6, Min8(sizeof(disconnSynAck6)), &iaUser->ctx);
return Send(sip, iaSettings.GetUserPort(), (char*)&disconnSynAck6, Min8(sizeof(disconnSynAck6)));
}
//-----------------------------------------------------------------------------
SwapBytes(disconnSynAck8.rnd);
#endif
-Encrypt(&iaUser->ctx, (char*)&disconnSynAck8, (char*)&disconnSynAck8, Min8(sizeof(disconnSynAck8))/8);
+EncryptString((char*)&disconnSynAck8, (char*)&disconnSynAck8, Min8(sizeof(disconnSynAck8)), &iaUser->ctx);
return Send(sip, iaUser->port, (char*)&disconnSynAck8, Min8(sizeof(disconnSynAck8)));
}
//-----------------------------------------------------------------------------
SwapBytes(fin6.len);
#endif
-Encrypt(&iaUser->ctx, (char*)&fin6, (char*)&fin6, Min8(sizeof(fin6))/8);
+EncryptString((char*)&fin6, (char*)&fin6, Min8(sizeof(fin6)), &iaUser->ctx);
users->Unauthorize(iaUser->login, this);
SwapBytes(fin8.len);
#endif
-Encrypt(&iaUser->ctx, (char*)&fin8, (char*)&fin8, Min8(sizeof(fin8))/8);
+EncryptString((char*)&fin8, (char*)&fin8, Min8(sizeof(fin8)), &iaUser->ctx);
users->Unauthorize(iaUser->login, this);
return res;
}
-namespace
-{
-//-----------------------------------------------------------------------------
-inline
-void InitEncrypt(BLOWFISH_CTX * ctx, const std::string & password)
-{
-unsigned char keyL[PASSWD_LEN];
-memset(keyL, 0, PASSWD_LEN);
-strncpy((char *)keyL, password.c_str(), PASSWD_LEN);
-Blowfish_Init(ctx, keyL, PASSWD_LEN);
-}
-//-----------------------------------------------------------------------------
-inline
-void Decrypt(BLOWFISH_CTX * ctx, void * dst, const void * src, size_t len8)
-{
-for (size_t i = 0; i < len8; i++)
- DecodeString(static_cast<char *>(dst) + i * 8, static_cast<const char *>(src) + i * 8, ctx);
-}
-//-----------------------------------------------------------------------------
-inline
-void Encrypt(BLOWFISH_CTX * ctx, void * dst, const void * src, size_t len8)
-{
-for (size_t i = 0; i < len8; i++)
- EncodeString(static_cast<char *>(dst) + i * 8, static_cast<const char *>(src) + i * 8, ctx);
-}
-//-----------------------------------------------------------------------------
-}