X-Git-Url: https://git.stg.codes/stg.git/blobdiff_plain/25c5bd4fe8c9fd7c4898e7dfbbdbf68dc172dcd7..de7760b87ad8ca38954140a738d66a133f7021f0:/projects/stargazer/plugins/authorization/inetaccess/inetaccess.cpp diff --git a/projects/stargazer/plugins/authorization/inetaccess/inetaccess.cpp b/projects/stargazer/plugins/authorization/inetaccess/inetaccess.cpp index 5a92cff5..5a15a10a 100644 --- a/projects/stargazer/plugins/authorization/inetaccess/inetaccess.cpp +++ b/projects/stargazer/plugins/authorization/inetaccess/inetaccess.cpp @@ -47,16 +47,21 @@ #include "stg/plugin_creator.h" #include "inetaccess.h" -extern volatile const time_t stgTime; - -void InitEncrypt(BLOWFISH_CTX * ctx, const string & password); -void Decrypt(BLOWFISH_CTX * ctx, char * dst, const char * src, int len8); -void Encrypt(BLOWFISH_CTX * ctx, char * dst, const char * src, int len8); +extern volatile time_t stgTime; //----------------------------------------------------------------------------- //----------------------------------------------------------------------------- //----------------------------------------------------------------------------- +namespace +{ PLUGIN_CREATOR iac; + +void InitEncrypt(BLOWFISH_CTX * ctx, const std::string & password); +void Decrypt(BLOWFISH_CTX * ctx, void * dst, const void * src, size_t len8); +void Encrypt(BLOWFISH_CTX * ctx, void * dst, const void * src, size_t len8); +} + +extern "C" PLUGIN * GetPlugin(); //----------------------------------------------------------------------------- //----------------------------------------------------------------------------- //----------------------------------------------------------------------------- @@ -80,7 +85,7 @@ int AUTH_IA_SETTINGS::ParseSettings(const MODULE_SETTINGS & s) { int p; PARAM_VALUE pv; -vector::const_iterator pvi; +std::vector::const_iterator pvi; /////////////////////////// pv.param = "Port"; pvi = find(s.moduleParams.begin(), s.moduleParams.end(), pv); @@ -96,7 +101,7 @@ if (ParseIntInRange(pvi->value[0], 2, 65535, &p)) printfd(__FILE__, "Cannot parse parameter 'Port'\n"); return -1; } -port = p; +port = static_cast(p); /////////////////////////// pv.param = "UserDelay"; pvi = find(s.moduleParams.begin(), s.moduleParams.end(), pv); @@ -129,8 +134,19 @@ if (ParseIntInRange(pvi->value[0], 15, 1200, &userTimeout)) printfd(__FILE__, "Cannot parse parameter 'UserTimeout'\n"); return -1; } +/////////////////////////// +pv.param = "LogProtocolErrors"; +pvi = find(s.moduleParams.begin(), s.moduleParams.end(), pv); +if (pvi == s.moduleParams.end()) + logProtocolErrors = false; +else if (ParseYesNo(pvi->value[0], &logProtocolErrors)) + { + errorStr = "Cannot parse parameter \'LogProtocolErrors\': " + errorStr; + printfd(__FILE__, "Cannot parse parameter 'LogProtocolErrors'\n"); + return -1; + } ///////////////////////////////////////////////////////////// -string freeMbType; +std::string freeMbType; int n = 0; pv.param = "FreeMb"; pvi = find(s.moduleParams.begin(), s.moduleParams.end(), pv); @@ -477,7 +493,7 @@ while (ia->nonstop) if ((touchTime + MONITOR_TIME_DELAY_SEC <= stgTime) && ia->stgSettings->GetMonitoring()) { touchTime = stgTime; - string monFile = ia->stgSettings->GetMonitorDir() + "/inetaccess_r"; + std::string monFile = ia->stgSettings->GetMonitorDir() + "/inetaccess_r"; TouchFile(monFile.c_str()); } } @@ -497,7 +513,7 @@ AUTH_IA * ia = static_cast(d); ia->isRunningRunTimeouter = true; int a = -1; -string monFile = ia->stgSettings->GetMonitorDir() + "/inetaccess_t"; +std::string monFile = ia->stgSettings->GetMonitorDir() + "/inetaccess_t"; while (ia->nonstop) { struct timespec ts = {0, 20000000}; @@ -536,7 +552,7 @@ if (listenSocket < 0) } listenAddr.sin_family = AF_INET; -listenAddr.sin_port = htons(iaSettings.GetUserPort()); +listenAddr.sin_port = htons(static_cast(iaSettings.GetUserPort())); listenAddr.sin_addr.s_addr = inet_addr("0.0.0.0"); if (bind(listenSocket, (struct sockaddr*)&listenAddr, sizeof(listenAddr)) < 0) @@ -564,7 +580,7 @@ if (!WaitPackets(listenSocket)) // Timeout struct sockaddr_in outerAddr; socklen_t outerAddrLen(sizeof(outerAddr)); -int dataLen = recvfrom(listenSocket, buffer, bufferSize, 0, (struct sockaddr *)&outerAddr, &outerAddrLen); +ssize_t dataLen = recvfrom(listenSocket, buffer, bufferSize, 0, (struct sockaddr *)&outerAddr, &outerAddrLen); if (!dataLen) // EOF { @@ -585,8 +601,11 @@ if (dataLen <= 0) // Error if (dataLen > 256) return -1; +uint32_t sip = outerAddr.sin_addr.s_addr; +uint16_t sport = htons(outerAddr.sin_port); + int protoVer; -if (CheckHeader(buffer, &protoVer)) +if (CheckHeader(buffer, sip, &protoVer)) return -1; char login[PASSWD_LEN]; //TODO why PASSWD_LEN ? @@ -594,9 +613,6 @@ memset(login, 0, PASSWD_LEN); Decrypt(&ctxS, login, buffer + 8, PASSWD_LEN / 8); -uint32_t sip = outerAddr.sin_addr.s_addr; -uint16_t sport = htons(outerAddr.sin_port); - USER_PTR user; if (users->FindByName(login, &user)) { @@ -637,12 +653,14 @@ if (!user->GetProperty().ips.Get().IsIPInIPS(sip)) return PacketProcessor(buffer, dataLen, sip, sport, protoVer, user); } //----------------------------------------------------------------------------- -int AUTH_IA::CheckHeader(const char * buffer, int * protoVer) +int AUTH_IA::CheckHeader(const char * buffer, uint32_t sip, int * protoVer) { if (strncmp(IA_ID, buffer, strlen(IA_ID)) != 0) { //SendError(userIP, updateMsg); printfd(__FILE__, "update needed - IA_ID\n"); + if (iaSettings.LogProtocolErrors()) + logger("IP: %s. Header: invalid packed signature.", inet_ntostring(sip).c_str()); //SendError(userIP, "Incorrect header!"); return -1; } @@ -650,6 +668,8 @@ if (strncmp(IA_ID, buffer, strlen(IA_ID)) != 0) if (buffer[6] != 0) //proto[0] shoud be 0 { printfd(__FILE__, "update needed - PROTO major: %d\n", buffer[6]); + if (iaSettings.LogProtocolErrors()) + logger("IP: %s. Header: invalid protocol major version: %d.", inet_ntostring(sip).c_str(), buffer[6]); //SendError(userIP, updateMsg); return -1; } @@ -659,6 +679,8 @@ if (buffer[7] < 6) // need update //SendError(userIP, updateMsg); printfd(__FILE__, "update needed - PROTO minor: %d\n", buffer[7]); + if (iaSettings.LogProtocolErrors()) + logger("IP: %s. Header: invalid protocol minor version: %d.", inet_ntostring(sip).c_str(), buffer[7]); return -1; } else @@ -672,7 +694,7 @@ int AUTH_IA::Timeouter() { STG_LOCKER lock(&mutex, __FILE__, __LINE__); -map::iterator it; +std::map::iterator it; it = ip2user.begin(); uint32_t sip; @@ -686,6 +708,8 @@ while (it != ip2user.end()) if ((it->second.phase.GetPhase() == 2) && (currTime - it->second.phase.GetTime()) > iaSettings.GetUserDelay()) { + if (iaSettings.LogProtocolErrors()) + logger("User '%s'. Protocol version: %d. Phase 2: connect request timeout (%f > %d).", it->second.login.c_str(), it->second.protoVer, (currTime - it->second.phase.GetTime()).AsDouble(), iaSettings.GetUserDelay()); it->second.phase.SetPhase1(); printfd(__FILE__, "Phase changed from 2 to 1. Reason: timeout\n"); ip2user.erase(it++); @@ -728,6 +752,8 @@ while (it != ip2user.end()) if ((currTime - it->second.phase.GetTime()) > iaSettings.GetUserTimeout()) { + if (iaSettings.LogProtocolErrors()) + logger("User '%s'. Protocol version: %d. Phase 3: alive timeout (%f > %d).", it->second.login.c_str(), it->second.protoVer, (currTime - it->second.phase.GetTime()).AsDouble(), iaSettings.GetUserTimeout()); users->Unauthorize(it->second.user->GetLogin(), this); ip2user.erase(it++); continue; @@ -737,6 +763,8 @@ while (it != ip2user.end()) if ((it->second.phase.GetPhase() == 4) && ((currTime - it->second.phase.GetTime()) > iaSettings.GetUserDelay())) { + if (iaSettings.LogProtocolErrors()) + logger("User '%s'. Protocol version: %d. Phase 4: disconnect request timeout (%f > %d).", it->second.login.c_str(), it->second.protoVer, (currTime - it->second.phase.GetTime()).AsDouble(), iaSettings.GetUserDelay()); it->second.phase.SetPhase3(); printfd(__FILE__, "Phase changed from 4 to 3. Reason: timeout\n"); } @@ -747,13 +775,13 @@ while (it != ip2user.end()) return 0; } //----------------------------------------------------------------------------- -int AUTH_IA::PacketProcessor(char * buff, int dataLen, uint32_t sip, uint16_t sport, int protoVer, USER_PTR user) +int AUTH_IA::PacketProcessor(void * buff, size_t dataLen, uint32_t sip, uint16_t sport, int protoVer, USER_PTR user) { std::string login(user->GetLogin()); -const int offset = LOGIN_LEN + 2 + 6; // LOGIN_LEN + sizeOfMagic + sizeOfVer; +const size_t offset = LOGIN_LEN + 2 + 6; // LOGIN_LEN + sizeOfMagic + sizeOfVer; STG_LOCKER lock(&mutex, __FILE__, __LINE__); -map::iterator it(ip2user.find(sip)); +std::map::iterator it(ip2user.find(sip)); if (it == ip2user.end()) { @@ -807,14 +835,13 @@ if (iaUser->password != user->GetProperty().password.Get()) iaUser->password = user->GetProperty().password.Get(); } -buff += offset; -Decrypt(&iaUser->ctx, buff, buff, (dataLen - offset) / 8); +Decrypt(&iaUser->ctx, static_cast(buff) + offset, static_cast(buff) + offset, (dataLen - offset) / 8); char packetName[IA_MAX_TYPE_LEN]; -strncpy(packetName, buff + 4, IA_MAX_TYPE_LEN); +strncpy(packetName, static_cast(buff) + offset + 4, IA_MAX_TYPE_LEN); packetName[IA_MAX_TYPE_LEN - 1] = 0; -map::iterator pi(packetTypes.find(packetName)); +std::map::iterator pi(packetTypes.find(packetName)); if (pi == packetTypes.end()) { SendError(sip, sport, protoVer, "îÅÐÒÁ×ÉÌØÎÙÊ ÌÏÇÉÎ ÉÌÉ ÐÁÒÏÌØ!"); @@ -846,15 +873,15 @@ switch (pi->second) switch (protoVer) { case 6: - if (Process_CONN_SYN_6((CONN_SYN_6 *)(buff - offset), &(it->second), sip)) + if (Process_CONN_SYN_6(static_cast(buff), &(it->second), sip)) return -1; return Send_CONN_SYN_ACK_6(iaUser, sip); case 7: - if (Process_CONN_SYN_7((CONN_SYN_7 *)(buff - offset), &(it->second), sip)) + if (Process_CONN_SYN_7(static_cast(buff), &(it->second), sip)) return -1; return Send_CONN_SYN_ACK_7(iaUser, sip); case 8: - if (Process_CONN_SYN_8((CONN_SYN_8 *)(buff - offset), &(it->second), sip)) + if (Process_CONN_SYN_8(static_cast(buff), &(it->second), sip)) return -1; return Send_CONN_SYN_ACK_8(iaUser, sip); } @@ -864,15 +891,15 @@ switch (pi->second) switch (protoVer) { case 6: - if (Process_CONN_ACK_6((CONN_ACK_6 *)(buff - offset), iaUser, sip)) + if (Process_CONN_ACK_6(static_cast(buff), iaUser, sip)) return -1; return Send_ALIVE_SYN_6(iaUser, sip); case 7: - if (Process_CONN_ACK_7((CONN_ACK_6 *)(buff - offset), iaUser, sip)) + if (Process_CONN_ACK_7(static_cast(buff), iaUser, sip)) return -1; return Send_ALIVE_SYN_7(iaUser, sip); case 8: - if (Process_CONN_ACK_8((CONN_ACK_8 *)(buff - offset), iaUser, sip)) + if (Process_CONN_ACK_8(static_cast(buff), iaUser, sip)) return -1; return Send_ALIVE_SYN_8(iaUser, sip); } @@ -882,11 +909,11 @@ switch (pi->second) switch (protoVer) { case 6: - return Process_ALIVE_ACK_6((ALIVE_ACK_6 *)(buff - offset), iaUser, sip); + return Process_ALIVE_ACK_6(static_cast(buff), iaUser, sip); case 7: - return Process_ALIVE_ACK_7((ALIVE_ACK_6 *)(buff - offset), iaUser, sip); + return Process_ALIVE_ACK_7(static_cast(buff), iaUser, sip); case 8: - return Process_ALIVE_ACK_8((ALIVE_ACK_8 *)(buff - offset), iaUser, sip); + return Process_ALIVE_ACK_8(static_cast(buff), iaUser, sip); } break; @@ -894,15 +921,15 @@ switch (pi->second) switch (protoVer) { case 6: - if (Process_DISCONN_SYN_6((DISCONN_SYN_6 *)(buff - offset), iaUser, sip)) + if (Process_DISCONN_SYN_6(static_cast(buff), iaUser, sip)) return -1; return Send_DISCONN_SYN_ACK_6(iaUser, sip); case 7: - if (Process_DISCONN_SYN_7((DISCONN_SYN_6 *)(buff - offset), iaUser, sip)) + if (Process_DISCONN_SYN_7(static_cast(buff), iaUser, sip)) return -1; return Send_DISCONN_SYN_ACK_7(iaUser, sip); case 8: - if (Process_DISCONN_SYN_8((DISCONN_SYN_8 *)(buff - offset), iaUser, sip)) + if (Process_DISCONN_SYN_8(static_cast(buff), iaUser, sip)) return -1; return Send_DISCONN_SYN_ACK_8(iaUser, sip); } @@ -912,15 +939,15 @@ switch (pi->second) switch (protoVer) { case 6: - if (Process_DISCONN_ACK_6((DISCONN_ACK_6 *)(buff - offset), iaUser, sip, it)) + if (Process_DISCONN_ACK_6(static_cast(buff), iaUser, sip, it)) return -1; return Send_FIN_6(iaUser, sip, it); case 7: - if (Process_DISCONN_ACK_7((DISCONN_ACK_6 *)(buff - offset), iaUser, sip, it)) + if (Process_DISCONN_ACK_7(static_cast(buff), iaUser, sip, it)) return -1; return Send_FIN_7(iaUser, sip, it); case 8: - if (Process_DISCONN_ACK_8((DISCONN_ACK_8 *)(buff - offset), iaUser, sip, it)) + if (Process_DISCONN_ACK_8(static_cast(buff), iaUser, sip, it)) return -1; return Send_FIN_8(iaUser, sip, it); } @@ -938,7 +965,7 @@ uint32_t ip = u->GetCurrIP(); if (!ip) return; -map::iterator it; +std::map::iterator it; STG_LOCKER lock(&mutex, __FILE__, __LINE__); it = ip2user.find(ip); @@ -957,12 +984,12 @@ if (it->second.user == u) } } //----------------------------------------------------------------------------- -int AUTH_IA::SendError(uint32_t ip, uint16_t port, int protoVer, const string & text) +int AUTH_IA::SendError(uint32_t ip, uint16_t port, int protoVer, const std::string & text) { struct sockaddr_in sendAddr; +ssize_t res; switch (protoVer) { - int res; case 6: case 7: ERR err; @@ -1008,7 +1035,7 @@ switch (protoVer) return 0; } //----------------------------------------------------------------------------- -int AUTH_IA::Send(uint32_t ip, uint16_t port, const char * buffer, int len) +int AUTH_IA::Send(uint32_t ip, uint16_t port, const char * buffer, size_t len) { struct sockaddr_in sendAddr; @@ -1016,9 +1043,7 @@ sendAddr.sin_family = AF_INET; sendAddr.sin_port = htons(port); sendAddr.sin_addr.s_addr = ip; -int res = sendto(listenSocket, buffer, len, 0, (struct sockaddr*)&sendAddr, sizeof(sendAddr)); - -if (res == len) +if (sendto(listenSocket, buffer, len, 0, (struct sockaddr*)&sendAddr, sizeof(sendAddr)) == static_cast(len)) return 0; return -1; @@ -1028,7 +1053,7 @@ int AUTH_IA::SendMessage(const STG_MSG & msg, uint32_t ip) const { printfd(__FILE__, "SendMessage userIP=%s\n", inet_ntostring(ip).c_str()); -map::iterator it; +std::map::iterator it; STG_LOCKER lock(&mutex, __FILE__, __LINE__); it = ip2user.find(ip); @@ -1074,8 +1099,8 @@ memset(&info, 0, sizeof(INFO_7)); info.len = 264; strncpy((char*)info.type, "INFO_7", 16); -info.infoType = msg.header.type; -info.showTime = msg.header.showTime; +info.infoType = static_cast(msg.header.type); +info.showTime = static_cast(msg.header.showTime); info.sendTime = msg.header.creationTime; size_t len = info.len; @@ -1103,8 +1128,8 @@ memset(&info, 0, sizeof(INFO_8)); info.len = 1056; strncpy((char*)info.type, "INFO_8", 16); -info.infoType = msg.header.type; -info.showTime = msg.header.showTime; +info.infoType = static_cast(msg.header.type); +info.showTime = static_cast(msg.header.showTime); info.sendTime = msg.header.creationTime; strncpy((char*)info.text, msg.text.c_str(), IA_MAX_MSG_LEN_8 - 1); @@ -1172,6 +1197,8 @@ if ((iaUser->phase.GetPhase() == 2) && (connAck->rnd == iaUser->rnd + 1)) else { errorStr = iaUser->user->GetStrError(); + if (iaSettings.LogProtocolErrors()) + logger("IP: %s. User '%s'. Protocol version: %d. CONN_ACK: phase 2, authorization error ('%s').", inet_ntostring(sip).c_str(), iaUser->login.c_str(), iaUser->protoVer, errorStr.c_str()); iaUser->phase.SetPhase1(); ip2user.erase(sip); printfd(__FILE__, "Phase changed from 2 to 1. Reason: failed to authorize user\n"); @@ -1179,6 +1206,13 @@ if ((iaUser->phase.GetPhase() == 2) && (connAck->rnd == iaUser->rnd + 1)) } } printfd(__FILE__, "Invalid phase or control number. Phase: %d. Control number: %d\n", iaUser->phase.GetPhase(), connAck->rnd); +if (iaSettings.LogProtocolErrors()) + { + if (iaUser->phase.GetPhase() != 2) + logger("IP: %s. User '%s'. Protocol version: %d. CONN_ACK: invalid phase, expected 2, got %d.", inet_ntostring(sip).c_str(), iaUser->login.c_str(), iaUser->protoVer, iaUser->phase.GetPhase()); + if (connAck->rnd != iaUser->rnd + 1) + logger("IP: %s. User '%s'. Protocol version: %d. CONN_ACK: invalid control number, expected %d, got %d.", inet_ntostring(sip).c_str(), iaUser->login.c_str(), iaUser->protoVer, (iaUser->rnd + 1), connAck->rnd); + } return -1; } //----------------------------------------------------------------------------- @@ -1208,6 +1242,8 @@ if ((iaUser->phase.GetPhase() == 2) && (connAck->rnd == iaUser->rnd + 1)) else { errorStr = iaUser->user->GetStrError(); + if (iaSettings.LogProtocolErrors()) + logger("IP: %s. User '%s'. Protocol version: %d. CONN_ACK: phase 2, authorization error ('%s').", inet_ntostring(sip).c_str(), iaUser->login.c_str(), iaUser->protoVer, errorStr.c_str()); iaUser->phase.SetPhase1(); ip2user.erase(sip); printfd(__FILE__, "Phase changed from 2 to 1. Reason: failed to authorize user\n"); @@ -1215,6 +1251,13 @@ if ((iaUser->phase.GetPhase() == 2) && (connAck->rnd == iaUser->rnd + 1)) } } printfd(__FILE__, "Invalid phase or control number. Phase: %d. Control number: %d\n", iaUser->phase.GetPhase(), connAck->rnd); +if (iaSettings.LogProtocolErrors()) + { + if (iaUser->phase.GetPhase() != 2) + logger("IP: %s. User '%s'. Protocol version: %d. CONN_ACK: invalid phase, expected 2, got %d.", inet_ntostring(sip).c_str(), iaUser->login.c_str(), iaUser->protoVer, iaUser->phase.GetPhase()); + if (connAck->rnd != iaUser->rnd + 1) + logger("IP: %s. User '%s'. Protocol version: %d. CONN_ACK: invalid control number, expected %d, got %d.", inet_ntostring(sip).c_str(), iaUser->login.c_str(), iaUser->protoVer, (iaUser->rnd + 1), connAck->rnd); + } return -1; } //----------------------------------------------------------------------------- @@ -1257,11 +1300,13 @@ if ((iaUser->phase.GetPhase() == 3) && (aliveAck->rnd == iaUser->rnd + 1)) return 0; } //----------------------------------------------------------------------------- -int AUTH_IA::Process_DISCONN_SYN_6(DISCONN_SYN_6 *, IA_USER * iaUser, uint32_t) +int AUTH_IA::Process_DISCONN_SYN_6(DISCONN_SYN_6 *, IA_USER * iaUser, uint32_t sip) { printfd(__FILE__, "DISCONN_SYN_6\n"); if (iaUser->phase.GetPhase() != 3) { + if (iaSettings.LogProtocolErrors()) + logger("IP: %s. User '%s'. Protocol version: %d. DISCONN_SYN: invalid phase, expected 3, got %d.", inet_ntostring(sip).c_str(), iaUser->login.c_str(), iaUser->protoVer, iaUser->phase.GetPhase()); printfd(__FILE__, "Invalid phase. Expected 3, actual %d\n", iaUser->phase.GetPhase()); errorStr = "Incorrect request DISCONN_SYN"; return -1; @@ -1278,10 +1323,12 @@ int AUTH_IA::Process_DISCONN_SYN_7(DISCONN_SYN_7 * disconnSyn, IA_USER * iaUser, return Process_DISCONN_SYN_6(disconnSyn, iaUser, sip); } //----------------------------------------------------------------------------- -int AUTH_IA::Process_DISCONN_SYN_8(DISCONN_SYN_8 *, IA_USER * iaUser, uint32_t) +int AUTH_IA::Process_DISCONN_SYN_8(DISCONN_SYN_8 *, IA_USER * iaUser, uint32_t sip) { if (iaUser->phase.GetPhase() != 3) { + if (iaSettings.LogProtocolErrors()) + logger("IP: %s. User '%s'. Protocol version: %d. DISCONN_SYN: invalid phase, expected 3, got %d.", inet_ntostring(sip).c_str(), iaUser->login.c_str(), iaUser->protoVer, iaUser->phase.GetPhase()); errorStr = "Incorrect request DISCONN_SYN"; printfd(__FILE__, "Invalid phase. Expected 3, actual %d\n", iaUser->phase.GetPhase()); return -1; @@ -1295,8 +1342,8 @@ return 0; //----------------------------------------------------------------------------- int AUTH_IA::Process_DISCONN_ACK_6(DISCONN_ACK_6 * disconnAck, IA_USER * iaUser, - uint32_t, - map::iterator) + uint32_t sip, + std::map::iterator) { #ifdef ARCH_BE SwapBytes(disconnAck->len); @@ -1305,6 +1352,13 @@ SwapBytes(disconnAck->rnd); printfd(__FILE__, "DISCONN_ACK_6\n"); if (!((iaUser->phase.GetPhase() == 4) && (disconnAck->rnd == iaUser->rnd + 1))) { + if (iaSettings.LogProtocolErrors()) + { + if (iaUser->phase.GetPhase() != 4) + logger("IP: %s. User '%s'. Protocol version: %d. DISCONN_ACK: invalid phase, expected 4, got %d.", inet_ntostring(sip).c_str(), iaUser->login.c_str(), iaUser->protoVer, iaUser->phase.GetPhase()); + if (disconnAck->rnd != iaUser->rnd + 1) + logger("IP: %s. User '%s'. Protocol version: %d. DISCONN_ACK: invalid control number, expected %d, got %d.", inet_ntostring(sip).c_str(), iaUser->login.c_str(), iaUser->protoVer, (iaUser->rnd + 1), disconnAck->rnd); + } printfd(__FILE__, "Invalid phase or control number. Phase: %d. Control number: %d\n", iaUser->phase.GetPhase(), disconnAck->rnd); return -1; } @@ -1312,12 +1366,12 @@ if (!((iaUser->phase.GetPhase() == 4) && (disconnAck->rnd == iaUser->rnd + 1))) return 0; } //----------------------------------------------------------------------------- -int AUTH_IA::Process_DISCONN_ACK_7(DISCONN_ACK_7 * disconnAck, IA_USER * iaUser, uint32_t sip, map::iterator it) +int AUTH_IA::Process_DISCONN_ACK_7(DISCONN_ACK_7 * disconnAck, IA_USER * iaUser, uint32_t sip, std::map::iterator it) { return Process_DISCONN_ACK_6(disconnAck, iaUser, sip, it); } //----------------------------------------------------------------------------- -int AUTH_IA::Process_DISCONN_ACK_8(DISCONN_ACK_8 * disconnAck, IA_USER * iaUser, uint32_t, map::iterator) +int AUTH_IA::Process_DISCONN_ACK_8(DISCONN_ACK_8 * disconnAck, IA_USER * iaUser, uint32_t sip, std::map::iterator) { #ifdef ARCH_BE SwapBytes(disconnAck->len); @@ -1326,6 +1380,13 @@ SwapBytes(disconnAck->rnd); printfd(__FILE__, "DISCONN_ACK_8\n"); if (!((iaUser->phase.GetPhase() == 4) && (disconnAck->rnd == iaUser->rnd + 1))) { + if (iaSettings.LogProtocolErrors()) + { + if (iaUser->phase.GetPhase() != 4) + logger("IP: %s. User '%s'. Protocol version: %d. DISCONN_ACK: invalid phase, expected 4, got %d.", inet_ntostring(sip).c_str(), iaUser->login.c_str(), iaUser->protoVer, iaUser->phase.GetPhase()); + if (disconnAck->rnd != iaUser->rnd + 1) + logger("IP: %s. User '%s'. Protocol version: %d. DISCONN_ACK: invalid control number, expected %d, got %d.", inet_ntostring(sip).c_str(), iaUser->login.c_str(), iaUser->protoVer, (iaUser->rnd + 1), disconnAck->rnd); + } printfd(__FILE__, "Invalid phase or control number. Phase: %d. Control number: %d\n", iaUser->phase.GetPhase(), disconnAck->rnd); return -1; } @@ -1349,7 +1410,7 @@ for (int j = 0; j < DIR_NUM; j++) } //--- Fill static data in connSynAck --- -iaUser->rnd = random(); +iaUser->rnd = static_cast(random()); connSynAck6.rnd = iaUser->rnd; connSynAck6.userTimeOut = iaSettings.GetUserTimeout(); @@ -1391,7 +1452,7 @@ for (int j = 0; j < DIR_NUM; j++) } //--- Fill static data in connSynAck --- -iaUser->rnd = random(); +iaUser->rnd = static_cast(random()); connSynAck8.rnd = iaUser->rnd; connSynAck8.userTimeOut = iaSettings.GetUserTimeout(); @@ -1411,7 +1472,7 @@ return Send(sip, iaUser->port, (char*)&connSynAck8, Min8(sizeof(CONN_SYN_ACK_8)) int AUTH_IA::Send_ALIVE_SYN_6(IA_USER * iaUser, uint32_t sip) { aliveSyn6.len = Min8(sizeof(ALIVE_SYN_6)); -aliveSyn6.rnd = iaUser->rnd = random(); +aliveSyn6.rnd = iaUser->rnd = static_cast(random()); strcpy((char*)aliveSyn6.type, "ALIVE_SYN"); @@ -1501,7 +1562,7 @@ aliveSyn8.hdr.protoVer[0] = 0; aliveSyn8.hdr.protoVer[1] = 8; aliveSyn8.len = Min8(sizeof(ALIVE_SYN_8)); -aliveSyn8.rnd = iaUser->rnd = random(); +aliveSyn8.rnd = iaUser->rnd = static_cast(random()); strcpy((char*)aliveSyn8.type, "ALIVE_SYN"); @@ -1586,7 +1647,7 @@ int AUTH_IA::Send_DISCONN_SYN_ACK_6(IA_USER * iaUser, uint32_t sip) { disconnSynAck6.len = Min8(sizeof(DISCONN_SYN_ACK_6)); strcpy((char*)disconnSynAck6.type, "DISCONN_SYN_ACK"); -disconnSynAck6.rnd = iaUser->rnd = random(); +disconnSynAck6.rnd = iaUser->rnd = static_cast(random()); #ifdef ARCH_BE SwapBytes(disconnSynAck6.len); @@ -1610,7 +1671,7 @@ disconnSynAck8.hdr.protoVer[1] = 8; disconnSynAck8.len = Min8(sizeof(DISCONN_SYN_ACK_8)); strcpy((char*)disconnSynAck8.type, "DISCONN_SYN_ACK"); -disconnSynAck8.rnd = iaUser->rnd = random(); +disconnSynAck8.rnd = iaUser->rnd = static_cast(random()); #ifdef ARCH_BE SwapBytes(disconnSynAck8.len); @@ -1621,7 +1682,7 @@ Encrypt(&iaUser->ctx, (char*)&disconnSynAck8, (char*)&disconnSynAck8, Min8(sizeo return Send(sip, iaUser->port, (char*)&disconnSynAck8, Min8(sizeof(disconnSynAck8))); } //----------------------------------------------------------------------------- -int AUTH_IA::Send_FIN_6(IA_USER * iaUser, uint32_t sip, map::iterator it) +int AUTH_IA::Send_FIN_6(IA_USER * iaUser, uint32_t sip, std::map::iterator it) { fin6.len = Min8(sizeof(FIN_6)); strcpy((char*)fin6.type, "FIN"); @@ -1642,12 +1703,12 @@ ip2user.erase(it); return res; } //----------------------------------------------------------------------------- -int AUTH_IA::Send_FIN_7(IA_USER * iaUser, uint32_t sip, map::iterator it) +int AUTH_IA::Send_FIN_7(IA_USER * iaUser, uint32_t sip, std::map::iterator it) { return Send_FIN_6(iaUser, sip, it); } //----------------------------------------------------------------------------- -int AUTH_IA::Send_FIN_8(IA_USER * iaUser, uint32_t sip, map::iterator it) +int AUTH_IA::Send_FIN_8(IA_USER * iaUser, uint32_t sip, std::map::iterator it) { strcpy((char*)fin8.hdr.magic, IA_ID); fin8.hdr.protoVer[0] = 0; @@ -1671,9 +1732,11 @@ ip2user.erase(it); return res; } +namespace +{ //----------------------------------------------------------------------------- inline -void InitEncrypt(BLOWFISH_CTX * ctx, const string & password) +void InitEncrypt(BLOWFISH_CTX * ctx, const std::string & password) { unsigned char keyL[PASSWD_LEN]; memset(keyL, 0, PASSWD_LEN); @@ -1682,15 +1745,17 @@ Blowfish_Init(ctx, keyL, PASSWD_LEN); } //----------------------------------------------------------------------------- inline -void Decrypt(BLOWFISH_CTX * ctx, char * dst, const char * src, int len8) +void Decrypt(BLOWFISH_CTX * ctx, void * dst, const void * src, size_t len8) { -for (int i = 0; i < len8; i++) - DecodeString(dst + i * 8, src + i * 8, ctx); +for (size_t i = 0; i < len8; i++) + DecodeString(static_cast(dst) + i * 8, static_cast(src) + i * 8, ctx); } //----------------------------------------------------------------------------- inline -void Encrypt(BLOWFISH_CTX * ctx, char * dst, const char * src, int len8) +void Encrypt(BLOWFISH_CTX * ctx, void * dst, const void * src, size_t len8) { -for (int i = 0; i < len8; i++) - EncodeString(dst + i * 8, src + i * 8, ctx); +for (size_t i = 0; i < len8; i++) + EncodeString(static_cast(dst) + i * 8, static_cast(src) + i * 8, ctx); +} +//----------------------------------------------------------------------------- }