X-Git-Url: https://git.stg.codes/stg.git/blobdiff_plain/53c1823aaef2eb8d547a8eed8cfe12fe7204ca79..b6d9fa3d29a5f5bccd6d475a4b15af0812d19a35:/projects/stargazer/plugins/authorization/inetaccess/inetaccess.cpp?ds=sidebyside
diff --git a/projects/stargazer/plugins/authorization/inetaccess/inetaccess.cpp b/projects/stargazer/plugins/authorization/inetaccess/inetaccess.cpp
index 4986080e..5a15a10a 100644
--- a/projects/stargazer/plugins/authorization/inetaccess/inetaccess.cpp
+++ b/projects/stargazer/plugins/authorization/inetaccess/inetaccess.cpp
@@ -36,6 +36,7 @@
#include <cstdlib>
#include <cstdio> // snprintf
#include <cerrno>
+#include <cmath>
#include <algorithm>
#include "stg/common.h"
@@ -46,16 +47,21 @@
#include "stg/plugin_creator.h"
#include "inetaccess.h"
-extern volatile const time_t stgTime;
-
-void InitEncrypt(BLOWFISH_CTX * ctx, const string & password);
-void Decrypt(BLOWFISH_CTX * ctx, char * dst, const char * src, int len8);
-void Encrypt(BLOWFISH_CTX * ctx, char * dst, const char * src, int len8);
+extern volatile time_t stgTime;
//-----------------------------------------------------------------------------
//-----------------------------------------------------------------------------
//-----------------------------------------------------------------------------
+namespace
+{
PLUGIN_CREATOR<AUTH_IA> iac;
+
+void InitEncrypt(BLOWFISH_CTX * ctx, const std::string & password);
+void Decrypt(BLOWFISH_CTX * ctx, void * dst, const void * src, size_t len8);
+void Encrypt(BLOWFISH_CTX * ctx, void * dst, const void * src, size_t len8);
+}
+
+extern "C" PLUGIN * GetPlugin();
//-----------------------------------------------------------------------------
//-----------------------------------------------------------------------------
//-----------------------------------------------------------------------------
@@ -79,7 +85,7 @@ int AUTH_IA_SETTINGS::ParseSettings(const MODULE_SETTINGS & s)
{
int p;
PARAM_VALUE pv;
-vector<PARAM_VALUE>::const_iterator pvi;
+std::vector<PARAM_VALUE>::const_iterator pvi;
///////////////////////////
pv.param = "Port";
pvi = find(s.moduleParams.begin(), s.moduleParams.end(), pv);
@@ -95,7 +101,7 @@ if (ParseIntInRange(pvi->value[0], 2, 65535, &p))
printfd(__FILE__, "Cannot parse parameter 'Port'\n");
return -1;
}
-port = p;
+port = static_cast<uint16_t>(p);
///////////////////////////
pv.param = "UserDelay";
pvi = find(s.moduleParams.begin(), s.moduleParams.end(), pv);
@@ -128,8 +134,19 @@ if (ParseIntInRange(pvi->value[0], 15, 1200, &userTimeout))
printfd(__FILE__, "Cannot parse parameter 'UserTimeout'\n");
return -1;
}
+///////////////////////////
+pv.param = "LogProtocolErrors";
+pvi = find(s.moduleParams.begin(), s.moduleParams.end(), pv);
+if (pvi == s.moduleParams.end())
+ logProtocolErrors = false;
+else if (ParseYesNo(pvi->value[0], &logProtocolErrors))
+ {
+ errorStr = "Cannot parse parameter \'LogProtocolErrors\': " + errorStr;
+ printfd(__FILE__, "Cannot parse parameter 'LogProtocolErrors'\n");
+ return -1;
+ }
/////////////////////////////////////////////////////////////
-string freeMbType;
+std::string freeMbType;
int n = 0;
pv.param = "FreeMb";
pvi = find(s.moduleParams.begin(), s.moduleParams.end(), pv);
@@ -321,9 +338,9 @@ AUTH_IA::AUTH_IA()
fin6(),
fin8(),
packetTypes(),
- WriteServLog(GetStgLogger()),
enabledDirs(0xFFffFFff),
- onDelUserNotifier(*this)
+ onDelUserNotifier(*this),
+ logger(GetPluginLogger(GetStgLogger(), "auth_ia"))
{
InitEncrypt(&ctxS, "pr7Hhen");
@@ -393,6 +410,7 @@ if (!isRunningRun)
{
errorStr = "Cannot create thread.";
printfd(__FILE__, "Cannot create recv thread\n");
+ logger("Cannot create recv thread.");
return -1;
}
}
@@ -403,6 +421,7 @@ if (!isRunningRunTimeouter)
{
errorStr = "Cannot create thread.";
printfd(__FILE__, "Cannot create timeouter thread\n");
+ logger("Cannot create timeouter thread.");
return -1;
}
}
@@ -431,31 +450,6 @@ if (isRunningRun)
struct timespec ts = {0, 200000000};
nanosleep(&ts, NULL);
}
-
- //after 5 seconds waiting thread still running. now killing it
- if (isRunningRun)
- {
- if (pthread_kill(recvThread, SIGINT))
- {
- errorStr = "Cannot kill thread.";
- printfd(__FILE__, "Cannot kill thread\n");
- return -1;
- }
- for (int i = 0; i < 25 && isRunningRun; ++i)
- {
- struct timespec ts = {0, 200000000};
- nanosleep(&ts, NULL);
- }
- if (isRunningRun)
- {
- printfd(__FILE__, "Failed to stop recv thread\n");
- }
- else
- {
- pthread_join(recvThread, NULL);
- }
- printfd(__FILE__, "AUTH_IA killed Run\n");
- }
}
FinalizeNet();
@@ -468,38 +462,23 @@ if (isRunningRunTimeouter)
struct timespec ts = {0, 200000000};
nanosleep(&ts, NULL);
}
-
- //after 5 seconds waiting thread still running. now killing it
- if (isRunningRunTimeouter)
- {
- if (pthread_kill(timeouterThread, SIGINT))
- {
- errorStr = "Cannot kill thread.";
- return -1;
- }
- for (int i = 0; i < 25 && isRunningRunTimeouter; ++i)
- {
- struct timespec ts = {0, 200000000};
- nanosleep(&ts, NULL);
- }
- if (isRunningRunTimeouter)
- {
- printfd(__FILE__, "Failed to stop timeouter thread\n");
- }
- else
- {
- pthread_join(timeouterThread, NULL);
- }
- printfd(__FILE__, "AUTH_IA killed Timeouter\n");
- }
}
-printfd(__FILE__, "AUTH_IA::Stoped successfully.\n");
+
users->DelNotifierUserDel(&onDelUserNotifier);
+
+if (isRunningRun || isRunningRunTimeouter)
+ return -1;
+
+printfd(__FILE__, "AUTH_IA::Stoped successfully.\n");
return 0;
}
//-----------------------------------------------------------------------------
void * AUTH_IA::Run(void * d)
{
+sigset_t signalSet;
+sigfillset(&signalSet);
+pthread_sigmask(SIG_BLOCK, &signalSet, NULL);
+
AUTH_IA * ia = static_cast<AUTH_IA *>(d);
ia->isRunningRun = true;
@@ -514,7 +493,7 @@ while (ia->nonstop)
if ((touchTime + MONITOR_TIME_DELAY_SEC <= stgTime) && ia->stgSettings->GetMonitoring())
{
touchTime = stgTime;
- string monFile = ia->stgSettings->GetMonitorDir() + "/inetaccess_r";
+ std::string monFile = ia->stgSettings->GetMonitorDir() + "/inetaccess_r";
TouchFile(monFile.c_str());
}
}
@@ -525,12 +504,16 @@ return NULL;
//-----------------------------------------------------------------------------
void * AUTH_IA::RunTimeouter(void * d)
{
+sigset_t signalSet;
+sigfillset(&signalSet);
+pthread_sigmask(SIG_BLOCK, &signalSet, NULL);
+
AUTH_IA * ia = static_cast<AUTH_IA *>(d);
ia->isRunningRunTimeouter = true;
int a = -1;
-string monFile = ia->stgSettings->GetMonitorDir() + "/inetaccess_t";
+std::string monFile = ia->stgSettings->GetMonitorDir() + "/inetaccess_t";
while (ia->nonstop)
{
struct timespec ts = {0, 20000000};
@@ -564,16 +547,18 @@ listenSocket = socket(AF_INET, SOCK_DGRAM, 0);
if (listenSocket < 0)
{
errorStr = "Cannot create socket.";
+ logger("Cannot create a socket: %s", strerror(errno));
return -1;
}
listenAddr.sin_family = AF_INET;
-listenAddr.sin_port = htons(iaSettings.GetUserPort());
+listenAddr.sin_port = htons(static_cast<uint16_t>(iaSettings.GetUserPort()));
listenAddr.sin_addr.s_addr = inet_addr("0.0.0.0");
if (bind(listenSocket, (struct sockaddr*)&listenAddr, sizeof(listenAddr)) < 0)
{
errorStr = "AUTH_IA: Bind failed.";
+ logger("Cannot bind the socket: %s", strerror(errno));
return -1;
}
@@ -595,7 +580,7 @@ if (!WaitPackets(listenSocket)) // Timeout
struct sockaddr_in outerAddr;
socklen_t outerAddrLen(sizeof(outerAddr));
-int dataLen = recvfrom(listenSocket, buffer, bufferSize, 0, (struct sockaddr *)&outerAddr, &outerAddrLen);
+ssize_t dataLen = recvfrom(listenSocket, buffer, bufferSize, 0, (struct sockaddr *)&outerAddr, &outerAddrLen);
if (!dataLen) // EOF
{
@@ -607,6 +592,7 @@ if (dataLen <= 0) // Error
if (errno != EINTR)
{
printfd(__FILE__, "recvfrom res=%d, error: '%s'\n", dataLen, strerror(errno));
+ logger("recvfrom error: %s", strerror(errno));
return -1;
}
return 0;
@@ -615,8 +601,11 @@ if (dataLen <= 0) // Error
if (dataLen > 256)
return -1;
+uint32_t sip = outerAddr.sin_addr.s_addr;
+uint16_t sport = htons(outerAddr.sin_port);
+
int protoVer;
-if (CheckHeader(buffer, &protoVer))
+if (CheckHeader(buffer, sip, &protoVer))
return -1;
char login[PASSWD_LEN]; //TODO why PASSWD_LEN ?
@@ -624,15 +613,12 @@ memset(login, 0, PASSWD_LEN);
Decrypt(&ctxS, login, buffer + 8, PASSWD_LEN / 8);
-uint32_t sip = outerAddr.sin_addr.s_addr;
-uint16_t sport = htons(outerAddr.sin_port);
-
USER_PTR user;
if (users->FindByName(login, &user))
{
- WriteServLog("User's connect failed: user '%s' not found. IP %s",
- login,
- inet_ntostring(sip).c_str());
+ logger("User's connect failed: user '%s' not found. IP %s",
+ login,
+ inet_ntostring(sip).c_str());
printfd(__FILE__, "User '%s' NOT found!\n", login);
SendError(sip, sport, protoVer, "îÅÐÒÁ×ÉÌØÎÙÊ ÌÏÇÉÎ!");
return -1;
@@ -642,12 +628,14 @@ printfd(__FILE__, "User '%s' FOUND!\n", user->GetLogin().c_str());
if (user->GetProperty().disabled.Get())
{
+ logger("Cannont authorize '%s', user is disabled.", login);
SendError(sip, sport, protoVer, "õÞÅÔÎÁÑ ÚÁÐÉÓØ ÚÁÂÌÏËÉÒÏ×ÁÎÁ");
return 0;
}
if (user->GetProperty().passive.Get())
{
+ logger("Cannont authorize '%s', user is passive.", login);
SendError(sip, sport, protoVer, "õÞÅÔÎÁÑ ÚÁÐÉÓØ ÚÁÍÏÒÏÖÅÎÁ");
return 0;
}
@@ -656,8 +644,8 @@ if (!user->GetProperty().ips.Get().IsIPInIPS(sip))
{
printfd(__FILE__, "User %s. IP address is incorrect. IP %s\n",
user->GetLogin().c_str(), inet_ntostring(sip).c_str());
- WriteServLog("User %s. IP address is incorrect. IP %s",
- user->GetLogin().c_str(), inet_ntostring(sip).c_str());
+ logger("User %s. IP address is incorrect. IP %s",
+ user->GetLogin().c_str(), inet_ntostring(sip).c_str());
SendError(sip, sport, protoVer, "ðÏÌØÚÏ×ÁÔÅÌØ ÎÅ ÏÐÏÚÎÁÎ! ðÒÏ×ÅÒØÔÅ IP ÁÄÒÅÓ.");
return 0;
}
@@ -665,12 +653,14 @@ if (!user->GetProperty().ips.Get().IsIPInIPS(sip))
return PacketProcessor(buffer, dataLen, sip, sport, protoVer, user);
}
//-----------------------------------------------------------------------------
-int AUTH_IA::CheckHeader(const char * buffer, int * protoVer)
+int AUTH_IA::CheckHeader(const char * buffer, uint32_t sip, int * protoVer)
{
if (strncmp(IA_ID, buffer, strlen(IA_ID)) != 0)
{
//SendError(userIP, updateMsg);
printfd(__FILE__, "update needed - IA_ID\n");
+ if (iaSettings.LogProtocolErrors())
+ logger("IP: %s. Header: invalid packed signature.", inet_ntostring(sip).c_str());
//SendError(userIP, "Incorrect header!");
return -1;
}
@@ -678,6 +668,8 @@ if (strncmp(IA_ID, buffer, strlen(IA_ID)) != 0)
if (buffer[6] != 0) //proto[0] shoud be 0
{
printfd(__FILE__, "update needed - PROTO major: %d\n", buffer[6]);
+ if (iaSettings.LogProtocolErrors())
+ logger("IP: %s. Header: invalid protocol major version: %d.", inet_ntostring(sip).c_str(), buffer[6]);
//SendError(userIP, updateMsg);
return -1;
}
@@ -687,6 +679,8 @@ if (buffer[7] < 6)
// need update
//SendError(userIP, updateMsg);
printfd(__FILE__, "update needed - PROTO minor: %d\n", buffer[7]);
+ if (iaSettings.LogProtocolErrors())
+ logger("IP: %s. Header: invalid protocol minor version: %d.", inet_ntostring(sip).c_str(), buffer[7]);
return -1;
}
else
@@ -700,7 +694,7 @@ int AUTH_IA::Timeouter()
{
STG_LOCKER lock(&mutex, __FILE__, __LINE__);
-map<uint32_t, IA_USER>::iterator it;
+std::map<uint32_t, IA_USER>::iterator it;
it = ip2user.begin();
uint32_t sip;
@@ -714,6 +708,8 @@ while (it != ip2user.end())
if ((it->second.phase.GetPhase() == 2)
&& (currTime - it->second.phase.GetTime()) > iaSettings.GetUserDelay())
{
+ if (iaSettings.LogProtocolErrors())
+ logger("User '%s'. Protocol version: %d. Phase 2: connect request timeout (%f > %d).", it->second.login.c_str(), it->second.protoVer, (currTime - it->second.phase.GetTime()).AsDouble(), iaSettings.GetUserDelay());
it->second.phase.SetPhase1();
printfd(__FILE__, "Phase changed from 2 to 1. Reason: timeout\n");
ip2user.erase(it++);
@@ -756,6 +752,8 @@ while (it != ip2user.end())
if ((currTime - it->second.phase.GetTime()) > iaSettings.GetUserTimeout())
{
+ if (iaSettings.LogProtocolErrors())
+ logger("User '%s'. Protocol version: %d. Phase 3: alive timeout (%f > %d).", it->second.login.c_str(), it->second.protoVer, (currTime - it->second.phase.GetTime()).AsDouble(), iaSettings.GetUserTimeout());
users->Unauthorize(it->second.user->GetLogin(), this);
ip2user.erase(it++);
continue;
@@ -765,6 +763,8 @@ while (it != ip2user.end())
if ((it->second.phase.GetPhase() == 4)
&& ((currTime - it->second.phase.GetTime()) > iaSettings.GetUserDelay()))
{
+ if (iaSettings.LogProtocolErrors())
+ logger("User '%s'. Protocol version: %d. Phase 4: disconnect request timeout (%f > %d).", it->second.login.c_str(), it->second.protoVer, (currTime - it->second.phase.GetTime()).AsDouble(), iaSettings.GetUserDelay());
it->second.phase.SetPhase3();
printfd(__FILE__, "Phase changed from 4 to 3. Reason: timeout\n");
}
@@ -775,13 +775,13 @@ while (it != ip2user.end())
return 0;
}
//-----------------------------------------------------------------------------
-int AUTH_IA::PacketProcessor(char * buff, int dataLen, uint32_t sip, uint16_t sport, int protoVer, USER_PTR user)
+int AUTH_IA::PacketProcessor(void * buff, size_t dataLen, uint32_t sip, uint16_t sport, int protoVer, USER_PTR user)
{
std::string login(user->GetLogin());
-const int offset = LOGIN_LEN + 2 + 6; // LOGIN_LEN + sizeOfMagic + sizeOfVer;
+const size_t offset = LOGIN_LEN + 2 + 6; // LOGIN_LEN + sizeOfMagic + sizeOfVer;
STG_LOCKER lock(&mutex, __FILE__, __LINE__);
-map<uint32_t, IA_USER>::iterator it(ip2user.find(sip));
+std::map<uint32_t, IA_USER>::iterator it(ip2user.find(sip));
if (it == ip2user.end())
{
@@ -794,10 +794,10 @@ if (it == ip2user.end())
userPtr->GetLogin().c_str(),
inet_ntostring(sip).c_str(),
login.c_str());
- WriteServLog("IP address already in use by user '%s'. IP %s, login: '%s'",
- userPtr->GetLogin().c_str(),
- inet_ntostring(sip).c_str(),
- login.c_str());
+ logger("IP address is already in use by user '%s'. IP %s, login: '%s'",
+ userPtr->GetLogin().c_str(),
+ inet_ntostring(sip).c_str(),
+ login.c_str());
SendError(sip, sport, protoVer, "÷ÁÛ IP ÁÄÒÅÓ ÕÖÅ ÉÓÐÏÌØÚÕÅÔÓÑ!");
return 0;
}
@@ -819,10 +819,10 @@ else if (user->GetID() != it->second.user->GetID())
it->second.user->GetLogin().c_str(),
inet_ntostring(sip).c_str(),
user->GetLogin().c_str());
- WriteServLog("IP address already in use by user '%s'. IP %s, login: '%s'",
- it->second.user->GetLogin().c_str(),
- inet_ntostring(sip).c_str(),
- user->GetLogin().c_str());
+ logger("IP address is already in use by user '%s'. IP %s, login: '%s'",
+ it->second.user->GetLogin().c_str(),
+ inet_ntostring(sip).c_str(),
+ user->GetLogin().c_str());
SendError(sip, sport, protoVer, "÷ÁÛ IP ÁÄÒÅÓ ÕÖÅ ÉÓÐÏÌØÚÕÅÔÓÑ!");
return 0;
}
@@ -835,21 +835,20 @@ if (iaUser->password != user->GetProperty().password.Get())
iaUser->password = user->GetProperty().password.Get();
}
-buff += offset;
-Decrypt(&iaUser->ctx, buff, buff, (dataLen - offset) / 8);
+Decrypt(&iaUser->ctx, static_cast<char *>(buff) + offset, static_cast<char *>(buff) + offset, (dataLen - offset) / 8);
char packetName[IA_MAX_TYPE_LEN];
-strncpy(packetName, buff + 4, IA_MAX_TYPE_LEN);
+strncpy(packetName, static_cast<char *>(buff) + offset + 4, IA_MAX_TYPE_LEN);
packetName[IA_MAX_TYPE_LEN - 1] = 0;
-map<string, int>::iterator pi(packetTypes.find(packetName));
+std::map<std::string, int>::iterator pi(packetTypes.find(packetName));
if (pi == packetTypes.end())
{
SendError(sip, sport, protoVer, "îÅÐÒÁ×ÉÌØÎÙÊ ÌÏÇÉÎ ÉÌÉ ÐÁÒÏÌØ!");
printfd(__FILE__, "Login or password is wrong!\n");
- WriteServLog("User's connect failed. User: '%s', ip %s. Wrong login or password",
- login.c_str(),
- inet_ntostring(sip).c_str());
+ logger("User's connect failed. User: '%s', ip %s. Wrong login or password",
+ login.c_str(),
+ inet_ntostring(sip).c_str());
ip2user.erase(it);
return 0;
}
@@ -859,10 +858,10 @@ if (user->IsAuthorizedBy(this) && user->GetCurrIP() != sip)
printfd(__FILE__, "Login %s already in use from ip %s. IP %s\n",
login.c_str(), inet_ntostring(user->GetCurrIP()).c_str(),
inet_ntostring(sip).c_str());
- WriteServLog("Login %s already in use from ip %s. IP %s",
- login.c_str(),
- inet_ntostring(user->GetCurrIP()).c_str(),
- inet_ntostring(sip).c_str());
+ logger("Login '%s' is already in use from ip %s. IP %s",
+ login.c_str(),
+ inet_ntostring(user->GetCurrIP()).c_str(),
+ inet_ntostring(sip).c_str());
SendError(sip, sport, protoVer, "÷ÁÛ ÌÏÇÉÎ ÕÖÅ ÉÓÐÏÌØÚÕÅÔÓÑ!");
ip2user.erase(it);
return 0;
@@ -874,15 +873,15 @@ switch (pi->second)
switch (protoVer)
{
case 6:
- if (Process_CONN_SYN_6((CONN_SYN_6 *)(buff - offset), &(it->second), sip))
+ if (Process_CONN_SYN_6(static_cast<CONN_SYN_6 *>(buff), &(it->second), sip))
return -1;
return Send_CONN_SYN_ACK_6(iaUser, sip);
case 7:
- if (Process_CONN_SYN_7((CONN_SYN_7 *)(buff - offset), &(it->second), sip))
+ if (Process_CONN_SYN_7(static_cast<CONN_SYN_7 *>(buff), &(it->second), sip))
return -1;
return Send_CONN_SYN_ACK_7(iaUser, sip);
case 8:
- if (Process_CONN_SYN_8((CONN_SYN_8 *)(buff - offset), &(it->second), sip))
+ if (Process_CONN_SYN_8(static_cast<CONN_SYN_8 *>(buff), &(it->second), sip))
return -1;
return Send_CONN_SYN_ACK_8(iaUser, sip);
}
@@ -892,15 +891,15 @@ switch (pi->second)
switch (protoVer)
{
case 6:
- if (Process_CONN_ACK_6((CONN_ACK_6 *)(buff - offset), iaUser, sip))
+ if (Process_CONN_ACK_6(static_cast<CONN_ACK_6 *>(buff), iaUser, sip))
return -1;
return Send_ALIVE_SYN_6(iaUser, sip);
case 7:
- if (Process_CONN_ACK_7((CONN_ACK_6 *)(buff - offset), iaUser, sip))
+ if (Process_CONN_ACK_7(static_cast<CONN_ACK_6 *>(buff), iaUser, sip))
return -1;
return Send_ALIVE_SYN_7(iaUser, sip);
case 8:
- if (Process_CONN_ACK_8((CONN_ACK_8 *)(buff - offset), iaUser, sip))
+ if (Process_CONN_ACK_8(static_cast<CONN_ACK_8 *>(buff), iaUser, sip))
return -1;
return Send_ALIVE_SYN_8(iaUser, sip);
}
@@ -910,11 +909,11 @@ switch (pi->second)
switch (protoVer)
{
case 6:
- return Process_ALIVE_ACK_6((ALIVE_ACK_6 *)(buff - offset), iaUser, sip);
+ return Process_ALIVE_ACK_6(static_cast<ALIVE_ACK_6 *>(buff), iaUser, sip);
case 7:
- return Process_ALIVE_ACK_7((ALIVE_ACK_6 *)(buff - offset), iaUser, sip);
+ return Process_ALIVE_ACK_7(static_cast<ALIVE_ACK_6 *>(buff), iaUser, sip);
case 8:
- return Process_ALIVE_ACK_8((ALIVE_ACK_8 *)(buff - offset), iaUser, sip);
+ return Process_ALIVE_ACK_8(static_cast<ALIVE_ACK_8 *>(buff), iaUser, sip);
}
break;
@@ -922,15 +921,15 @@ switch (pi->second)
switch (protoVer)
{
case 6:
- if (Process_DISCONN_SYN_6((DISCONN_SYN_6 *)(buff - offset), iaUser, sip))
+ if (Process_DISCONN_SYN_6(static_cast<DISCONN_SYN_6 *>(buff), iaUser, sip))
return -1;
return Send_DISCONN_SYN_ACK_6(iaUser, sip);
case 7:
- if (Process_DISCONN_SYN_7((DISCONN_SYN_6 *)(buff - offset), iaUser, sip))
+ if (Process_DISCONN_SYN_7(static_cast<DISCONN_SYN_6 *>(buff), iaUser, sip))
return -1;
return Send_DISCONN_SYN_ACK_7(iaUser, sip);
case 8:
- if (Process_DISCONN_SYN_8((DISCONN_SYN_8 *)(buff - offset), iaUser, sip))
+ if (Process_DISCONN_SYN_8(static_cast<DISCONN_SYN_8 *>(buff), iaUser, sip))
return -1;
return Send_DISCONN_SYN_ACK_8(iaUser, sip);
}
@@ -940,15 +939,15 @@ switch (pi->second)
switch (protoVer)
{
case 6:
- if (Process_DISCONN_ACK_6((DISCONN_ACK_6 *)(buff - offset), iaUser, sip, it))
+ if (Process_DISCONN_ACK_6(static_cast<DISCONN_ACK_6 *>(buff), iaUser, sip, it))
return -1;
return Send_FIN_6(iaUser, sip, it);
case 7:
- if (Process_DISCONN_ACK_7((DISCONN_ACK_6 *)(buff - offset), iaUser, sip, it))
+ if (Process_DISCONN_ACK_7(static_cast<DISCONN_ACK_6 *>(buff), iaUser, sip, it))
return -1;
return Send_FIN_7(iaUser, sip, it);
case 8:
- if (Process_DISCONN_ACK_8((DISCONN_ACK_8 *)(buff - offset), iaUser, sip, it))
+ if (Process_DISCONN_ACK_8(static_cast<DISCONN_ACK_8 *>(buff), iaUser, sip, it))
return -1;
return Send_FIN_8(iaUser, sip, it);
}
@@ -966,7 +965,7 @@ uint32_t ip = u->GetCurrIP();
if (!ip)
return;
-map<uint32_t, IA_USER>::iterator it;
+std::map<uint32_t, IA_USER>::iterator it;
STG_LOCKER lock(&mutex, __FILE__, __LINE__);
it = ip2user.find(ip);
@@ -985,12 +984,12 @@ if (it->second.user == u)
}
}
//-----------------------------------------------------------------------------
-int AUTH_IA::SendError(uint32_t ip, uint16_t port, int protoVer, const string & text)
+int AUTH_IA::SendError(uint32_t ip, uint16_t port, int protoVer, const std::string & text)
{
struct sockaddr_in sendAddr;
+ssize_t res;
switch (protoVer)
{
- int res;
case 6:
case 7:
ERR err;
@@ -1036,7 +1035,7 @@ switch (protoVer)
return 0;
}
//-----------------------------------------------------------------------------
-int AUTH_IA::Send(uint32_t ip, uint16_t port, const char * buffer, int len)
+int AUTH_IA::Send(uint32_t ip, uint16_t port, const char * buffer, size_t len)
{
struct sockaddr_in sendAddr;
@@ -1044,9 +1043,7 @@ sendAddr.sin_family = AF_INET;
sendAddr.sin_port = htons(port);
sendAddr.sin_addr.s_addr = ip;
-int res = sendto(listenSocket, buffer, len, 0, (struct sockaddr*)&sendAddr, sizeof(sendAddr));
-
-if (res == len)
+if (sendto(listenSocket, buffer, len, 0, (struct sockaddr*)&sendAddr, sizeof(sendAddr)) == static_cast<ssize_t>(len))
return 0;
return -1;
@@ -1056,7 +1053,7 @@ int AUTH_IA::SendMessage(const STG_MSG & msg, uint32_t ip) const
{
printfd(__FILE__, "SendMessage userIP=%s\n", inet_ntostring(ip).c_str());
-map<uint32_t, IA_USER>::iterator it;
+std::map<uint32_t, IA_USER>::iterator it;
STG_LOCKER lock(&mutex, __FILE__, __LINE__);
it = ip2user.find(ip);
@@ -1102,8 +1099,8 @@ memset(&info, 0, sizeof(INFO_7));
info.len = 264;
strncpy((char*)info.type, "INFO_7", 16);
-info.infoType = msg.header.type;
-info.showTime = msg.header.showTime;
+info.infoType = static_cast<int8_t>(msg.header.type);
+info.showTime = static_cast<int8_t>(msg.header.showTime);
info.sendTime = msg.header.creationTime;
size_t len = info.len;
@@ -1131,8 +1128,8 @@ memset(&info, 0, sizeof(INFO_8));
info.len = 1056;
strncpy((char*)info.type, "INFO_8", 16);
-info.infoType = msg.header.type;
-info.showTime = msg.header.showTime;
+info.infoType = static_cast<int8_t>(msg.header.type);
+info.showTime = static_cast<int8_t>(msg.header.showTime);
info.sendTime = msg.header.creationTime;
strncpy((char*)info.text, msg.text.c_str(), IA_MAX_MSG_LEN_8 - 1);
@@ -1200,6 +1197,8 @@ if ((iaUser->phase.GetPhase() == 2) && (connAck->rnd == iaUser->rnd + 1))
else
{
errorStr = iaUser->user->GetStrError();
+ if (iaSettings.LogProtocolErrors())
+ logger("IP: %s. User '%s'. Protocol version: %d. CONN_ACK: phase 2, authorization error ('%s').", inet_ntostring(sip).c_str(), iaUser->login.c_str(), iaUser->protoVer, errorStr.c_str());
iaUser->phase.SetPhase1();
ip2user.erase(sip);
printfd(__FILE__, "Phase changed from 2 to 1. Reason: failed to authorize user\n");
@@ -1207,6 +1206,13 @@ if ((iaUser->phase.GetPhase() == 2) && (connAck->rnd == iaUser->rnd + 1))
}
}
printfd(__FILE__, "Invalid phase or control number. Phase: %d. Control number: %d\n", iaUser->phase.GetPhase(), connAck->rnd);
+if (iaSettings.LogProtocolErrors())
+ {
+ if (iaUser->phase.GetPhase() != 2)
+ logger("IP: %s. User '%s'. Protocol version: %d. CONN_ACK: invalid phase, expected 2, got %d.", inet_ntostring(sip).c_str(), iaUser->login.c_str(), iaUser->protoVer, iaUser->phase.GetPhase());
+ if (connAck->rnd != iaUser->rnd + 1)
+ logger("IP: %s. User '%s'. Protocol version: %d. CONN_ACK: invalid control number, expected %d, got %d.", inet_ntostring(sip).c_str(), iaUser->login.c_str(), iaUser->protoVer, (iaUser->rnd + 1), connAck->rnd);
+ }
return -1;
}
//-----------------------------------------------------------------------------
@@ -1236,6 +1242,8 @@ if ((iaUser->phase.GetPhase() == 2) && (connAck->rnd == iaUser->rnd + 1))
else
{
errorStr = iaUser->user->GetStrError();
+ if (iaSettings.LogProtocolErrors())
+ logger("IP: %s. User '%s'. Protocol version: %d. CONN_ACK: phase 2, authorization error ('%s').", inet_ntostring(sip).c_str(), iaUser->login.c_str(), iaUser->protoVer, errorStr.c_str());
iaUser->phase.SetPhase1();
ip2user.erase(sip);
printfd(__FILE__, "Phase changed from 2 to 1. Reason: failed to authorize user\n");
@@ -1243,6 +1251,13 @@ if ((iaUser->phase.GetPhase() == 2) && (connAck->rnd == iaUser->rnd + 1))
}
}
printfd(__FILE__, "Invalid phase or control number. Phase: %d. Control number: %d\n", iaUser->phase.GetPhase(), connAck->rnd);
+if (iaSettings.LogProtocolErrors())
+ {
+ if (iaUser->phase.GetPhase() != 2)
+ logger("IP: %s. User '%s'. Protocol version: %d. CONN_ACK: invalid phase, expected 2, got %d.", inet_ntostring(sip).c_str(), iaUser->login.c_str(), iaUser->protoVer, iaUser->phase.GetPhase());
+ if (connAck->rnd != iaUser->rnd + 1)
+ logger("IP: %s. User '%s'. Protocol version: %d. CONN_ACK: invalid control number, expected %d, got %d.", inet_ntostring(sip).c_str(), iaUser->login.c_str(), iaUser->protoVer, (iaUser->rnd + 1), connAck->rnd);
+ }
return -1;
}
//-----------------------------------------------------------------------------
@@ -1285,11 +1300,13 @@ if ((iaUser->phase.GetPhase() == 3) && (aliveAck->rnd == iaUser->rnd + 1))
return 0;
}
//-----------------------------------------------------------------------------
-int AUTH_IA::Process_DISCONN_SYN_6(DISCONN_SYN_6 *, IA_USER * iaUser, uint32_t)
+int AUTH_IA::Process_DISCONN_SYN_6(DISCONN_SYN_6 *, IA_USER * iaUser, uint32_t sip)
{
printfd(__FILE__, "DISCONN_SYN_6\n");
if (iaUser->phase.GetPhase() != 3)
{
+ if (iaSettings.LogProtocolErrors())
+ logger("IP: %s. User '%s'. Protocol version: %d. DISCONN_SYN: invalid phase, expected 3, got %d.", inet_ntostring(sip).c_str(), iaUser->login.c_str(), iaUser->protoVer, iaUser->phase.GetPhase());
printfd(__FILE__, "Invalid phase. Expected 3, actual %d\n", iaUser->phase.GetPhase());
errorStr = "Incorrect request DISCONN_SYN";
return -1;
@@ -1306,10 +1323,12 @@ int AUTH_IA::Process_DISCONN_SYN_7(DISCONN_SYN_7 * disconnSyn, IA_USER * iaUser,
return Process_DISCONN_SYN_6(disconnSyn, iaUser, sip);
}
//-----------------------------------------------------------------------------
-int AUTH_IA::Process_DISCONN_SYN_8(DISCONN_SYN_8 *, IA_USER * iaUser, uint32_t)
+int AUTH_IA::Process_DISCONN_SYN_8(DISCONN_SYN_8 *, IA_USER * iaUser, uint32_t sip)
{
if (iaUser->phase.GetPhase() != 3)
{
+ if (iaSettings.LogProtocolErrors())
+ logger("IP: %s. User '%s'. Protocol version: %d. DISCONN_SYN: invalid phase, expected 3, got %d.", inet_ntostring(sip).c_str(), iaUser->login.c_str(), iaUser->protoVer, iaUser->phase.GetPhase());
errorStr = "Incorrect request DISCONN_SYN";
printfd(__FILE__, "Invalid phase. Expected 3, actual %d\n", iaUser->phase.GetPhase());
return -1;
@@ -1323,8 +1342,8 @@ return 0;
//-----------------------------------------------------------------------------
int AUTH_IA::Process_DISCONN_ACK_6(DISCONN_ACK_6 * disconnAck,
IA_USER * iaUser,
- uint32_t,
- map<uint32_t, IA_USER>::iterator)
+ uint32_t sip,
+ std::map<uint32_t, IA_USER>::iterator)
{
#ifdef ARCH_BE
SwapBytes(disconnAck->len);
@@ -1333,6 +1352,13 @@ SwapBytes(disconnAck->rnd);
printfd(__FILE__, "DISCONN_ACK_6\n");
if (!((iaUser->phase.GetPhase() == 4) && (disconnAck->rnd == iaUser->rnd + 1)))
{
+ if (iaSettings.LogProtocolErrors())
+ {
+ if (iaUser->phase.GetPhase() != 4)
+ logger("IP: %s. User '%s'. Protocol version: %d. DISCONN_ACK: invalid phase, expected 4, got %d.", inet_ntostring(sip).c_str(), iaUser->login.c_str(), iaUser->protoVer, iaUser->phase.GetPhase());
+ if (disconnAck->rnd != iaUser->rnd + 1)
+ logger("IP: %s. User '%s'. Protocol version: %d. DISCONN_ACK: invalid control number, expected %d, got %d.", inet_ntostring(sip).c_str(), iaUser->login.c_str(), iaUser->protoVer, (iaUser->rnd + 1), disconnAck->rnd);
+ }
printfd(__FILE__, "Invalid phase or control number. Phase: %d. Control number: %d\n", iaUser->phase.GetPhase(), disconnAck->rnd);
return -1;
}
@@ -1340,12 +1366,12 @@ if (!((iaUser->phase.GetPhase() == 4) && (disconnAck->rnd == iaUser->rnd + 1)))
return 0;
}
//-----------------------------------------------------------------------------
-int AUTH_IA::Process_DISCONN_ACK_7(DISCONN_ACK_7 * disconnAck, IA_USER * iaUser, uint32_t sip, map<uint32_t, IA_USER>::iterator it)
+int AUTH_IA::Process_DISCONN_ACK_7(DISCONN_ACK_7 * disconnAck, IA_USER * iaUser, uint32_t sip, std::map<uint32_t, IA_USER>::iterator it)
{
return Process_DISCONN_ACK_6(disconnAck, iaUser, sip, it);
}
//-----------------------------------------------------------------------------
-int AUTH_IA::Process_DISCONN_ACK_8(DISCONN_ACK_8 * disconnAck, IA_USER * iaUser, uint32_t, map<uint32_t, IA_USER>::iterator)
+int AUTH_IA::Process_DISCONN_ACK_8(DISCONN_ACK_8 * disconnAck, IA_USER * iaUser, uint32_t sip, std::map<uint32_t, IA_USER>::iterator)
{
#ifdef ARCH_BE
SwapBytes(disconnAck->len);
@@ -1354,6 +1380,13 @@ SwapBytes(disconnAck->rnd);
printfd(__FILE__, "DISCONN_ACK_8\n");
if (!((iaUser->phase.GetPhase() == 4) && (disconnAck->rnd == iaUser->rnd + 1)))
{
+ if (iaSettings.LogProtocolErrors())
+ {
+ if (iaUser->phase.GetPhase() != 4)
+ logger("IP: %s. User '%s'. Protocol version: %d. DISCONN_ACK: invalid phase, expected 4, got %d.", inet_ntostring(sip).c_str(), iaUser->login.c_str(), iaUser->protoVer, iaUser->phase.GetPhase());
+ if (disconnAck->rnd != iaUser->rnd + 1)
+ logger("IP: %s. User '%s'. Protocol version: %d. DISCONN_ACK: invalid control number, expected %d, got %d.", inet_ntostring(sip).c_str(), iaUser->login.c_str(), iaUser->protoVer, (iaUser->rnd + 1), disconnAck->rnd);
+ }
printfd(__FILE__, "Invalid phase or control number. Phase: %d. Control number: %d\n", iaUser->phase.GetPhase(), disconnAck->rnd);
return -1;
}
@@ -1377,7 +1410,7 @@ for (int j = 0; j < DIR_NUM; j++)
}
//--- Fill static data in connSynAck ---
-iaUser->rnd = random();
+iaUser->rnd = static_cast<uint32_t>(random());
connSynAck6.rnd = iaUser->rnd;
connSynAck6.userTimeOut = iaSettings.GetUserTimeout();
@@ -1419,7 +1452,7 @@ for (int j = 0; j < DIR_NUM; j++)
}
//--- Fill static data in connSynAck ---
-iaUser->rnd = random();
+iaUser->rnd = static_cast<uint32_t>(random());
connSynAck8.rnd = iaUser->rnd;
connSynAck8.userTimeOut = iaSettings.GetUserTimeout();
@@ -1439,7 +1472,7 @@ return Send(sip, iaUser->port, (char*)&connSynAck8, Min8(sizeof(CONN_SYN_ACK_8))
int AUTH_IA::Send_ALIVE_SYN_6(IA_USER * iaUser, uint32_t sip)
{
aliveSyn6.len = Min8(sizeof(ALIVE_SYN_6));
-aliveSyn6.rnd = iaUser->rnd = random();
+aliveSyn6.rnd = iaUser->rnd = static_cast<uint32_t>(random());
strcpy((char*)aliveSyn6.type, "ALIVE_SYN");
@@ -1462,8 +1495,8 @@ if (dn < DIR_NUM)
aliveSyn6.md[dn],
dn,
stgTime);
- p *= (1024 * 1024);
- if (p == 0)
+ p *= 1024 * 1024;
+ if (std::fabs(p) < 1.0e-3)
{
snprintf((char*)aliveSyn6.freeMb, IA_FREEMB_LEN, "---");
}
@@ -1529,7 +1562,7 @@ aliveSyn8.hdr.protoVer[0] = 0;
aliveSyn8.hdr.protoVer[1] = 8;
aliveSyn8.len = Min8(sizeof(ALIVE_SYN_8));
-aliveSyn8.rnd = iaUser->rnd = random();
+aliveSyn8.rnd = iaUser->rnd = static_cast<uint32_t>(random());
strcpy((char*)aliveSyn8.type, "ALIVE_SYN");
@@ -1552,8 +1585,8 @@ if (dn < DIR_NUM)
aliveSyn8.md[dn],
dn,
stgTime);
- p *= (1024 * 1024);
- if (p == 0)
+ p *= 1024 * 1024;
+ if (std::fabs(p) < 1.0e-3)
{
snprintf((char*)aliveSyn8.freeMb, IA_FREEMB_LEN, "---");
}
@@ -1614,7 +1647,7 @@ int AUTH_IA::Send_DISCONN_SYN_ACK_6(IA_USER * iaUser, uint32_t sip)
{
disconnSynAck6.len = Min8(sizeof(DISCONN_SYN_ACK_6));
strcpy((char*)disconnSynAck6.type, "DISCONN_SYN_ACK");
-disconnSynAck6.rnd = iaUser->rnd = random();
+disconnSynAck6.rnd = iaUser->rnd = static_cast<uint32_t>(random());
#ifdef ARCH_BE
SwapBytes(disconnSynAck6.len);
@@ -1638,7 +1671,7 @@ disconnSynAck8.hdr.protoVer[1] = 8;
disconnSynAck8.len = Min8(sizeof(DISCONN_SYN_ACK_8));
strcpy((char*)disconnSynAck8.type, "DISCONN_SYN_ACK");
-disconnSynAck8.rnd = iaUser->rnd = random();
+disconnSynAck8.rnd = iaUser->rnd = static_cast<uint32_t>(random());
#ifdef ARCH_BE
SwapBytes(disconnSynAck8.len);
@@ -1649,7 +1682,7 @@ Encrypt(&iaUser->ctx, (char*)&disconnSynAck8, (char*)&disconnSynAck8, Min8(sizeo
return Send(sip, iaUser->port, (char*)&disconnSynAck8, Min8(sizeof(disconnSynAck8)));
}
//-----------------------------------------------------------------------------
-int AUTH_IA::Send_FIN_6(IA_USER * iaUser, uint32_t sip, map<uint32_t, IA_USER>::iterator it)
+int AUTH_IA::Send_FIN_6(IA_USER * iaUser, uint32_t sip, std::map<uint32_t, IA_USER>::iterator it)
{
fin6.len = Min8(sizeof(FIN_6));
strcpy((char*)fin6.type, "FIN");
@@ -1670,12 +1703,12 @@ ip2user.erase(it);
return res;
}
//-----------------------------------------------------------------------------
-int AUTH_IA::Send_FIN_7(IA_USER * iaUser, uint32_t sip, map<uint32_t, IA_USER>::iterator it)
+int AUTH_IA::Send_FIN_7(IA_USER * iaUser, uint32_t sip, std::map<uint32_t, IA_USER>::iterator it)
{
return Send_FIN_6(iaUser, sip, it);
}
//-----------------------------------------------------------------------------
-int AUTH_IA::Send_FIN_8(IA_USER * iaUser, uint32_t sip, map<uint32_t, IA_USER>::iterator it)
+int AUTH_IA::Send_FIN_8(IA_USER * iaUser, uint32_t sip, std::map<uint32_t, IA_USER>::iterator it)
{
strcpy((char*)fin8.hdr.magic, IA_ID);
fin8.hdr.protoVer[0] = 0;
@@ -1699,9 +1732,11 @@ ip2user.erase(it);
return res;
}
+namespace
+{
//-----------------------------------------------------------------------------
inline
-void InitEncrypt(BLOWFISH_CTX * ctx, const string & password)
+void InitEncrypt(BLOWFISH_CTX * ctx, const std::string & password)
{
unsigned char keyL[PASSWD_LEN];
memset(keyL, 0, PASSWD_LEN);
@@ -1710,15 +1745,17 @@ Blowfish_Init(ctx, keyL, PASSWD_LEN);
}
//-----------------------------------------------------------------------------
inline
-void Decrypt(BLOWFISH_CTX * ctx, char * dst, const char * src, int len8)
+void Decrypt(BLOWFISH_CTX * ctx, void * dst, const void * src, size_t len8)
{
-for (int i = 0; i < len8; i++)
- DecodeString(dst + i * 8, src + i * 8, ctx);
+for (size_t i = 0; i < len8; i++)
+ DecodeString(static_cast<char *>(dst) + i * 8, static_cast<const char *>(src) + i * 8, ctx);
}
//-----------------------------------------------------------------------------
inline
-void Encrypt(BLOWFISH_CTX * ctx, char * dst, const char * src, int len8)
+void Encrypt(BLOWFISH_CTX * ctx, void * dst, const void * src, size_t len8)
{
-for (int i = 0; i < len8; i++)
- EncodeString(dst + i * 8, src + i * 8, ctx);
+for (size_t i = 0; i < len8; i++)
+ EncodeString(static_cast<char *>(dst) + i * 8, static_cast<const char *>(src) + i * 8, ctx);
+}
+//-----------------------------------------------------------------------------
}