Version 1.0.0
This commit is contained in:
@@ -12,6 +12,10 @@
|
||||
#include <cxxopts.hpp>
|
||||
#include <columnlynx/common/net/virtual_interface.hpp>
|
||||
|
||||
#if defined(__WIN32__)
|
||||
#include <windows.h>
|
||||
#endif
|
||||
|
||||
using asio::ip::tcp;
|
||||
using namespace ColumnLynx::Utils;
|
||||
using namespace ColumnLynx::Net;
|
||||
@@ -48,7 +52,15 @@ int main(int argc, char** argv) {
|
||||
#else
|
||||
("i,interface", "Override used interface", cxxopts::value<std::string>()->default_value("lynx0"))
|
||||
#endif
|
||||
("ignore-whitelist", "Ignore if server is not in whitelisted_keys", cxxopts::value<bool>()->default_value("false"));
|
||||
("ignore-whitelist", "Ignore if server is not in whitelisted_keys", cxxopts::value<bool>()->default_value("false"))
|
||||
#if defined(__WIN32__)
|
||||
/* Get config dir in LOCALAPPDATA\ColumnLynx\ */
|
||||
("config-dir", "Override config dir path", cxxopts::value<std::string>()->default_value(std::string((std::getenv("LOCALAPPDATA") ? std::getenv("LOCALAPPDATA") : "C:\\ProgramData")) + "\\ColumnLynx\\"));
|
||||
#elif defined(__APPLE__)
|
||||
("config-dir", "Override config dir path", cxxopts::value<std::string>()->default_value(std::string((std::getenv("HOME") ? std::getenv("HOME") : "")) + "/Library/Application Support/ColumnLynx/"));
|
||||
#else
|
||||
("config-dir", "Override config dir path", cxxopts::value<std::string>()->default_value(std::string((std::getenv("SUDO_USER") ? "/home/" + std::string(std::getenv("SUDO_USER")) : (std::getenv("HOME") ? std::getenv("HOME") : ""))) + "/.config/columnlynx/"));
|
||||
#endif
|
||||
|
||||
bool insecureMode = options.parse(argc, argv).count("ignore-whitelist") > 0;
|
||||
|
||||
@@ -72,6 +84,21 @@ int main(int argc, char** argv) {
|
||||
//WintunInitialize();
|
||||
#endif
|
||||
|
||||
// Get the config path, ENV > CLI > /etc/columnlynx
|
||||
std::string configPath = optionsObj["config-dir"].as<std::string>();
|
||||
const char* envConfigPath = std::getenv("COLUMNLYNX_CONFIG_DIR");
|
||||
if (envConfigPath != nullptr) {
|
||||
configPath = std::string(envConfigPath);
|
||||
}
|
||||
|
||||
if (configPath.back() != '/' && configPath.back() != '\\') {
|
||||
#if defined(__WIN32__)
|
||||
configPath += "\\";
|
||||
#else
|
||||
configPath += "/";
|
||||
#endif
|
||||
}
|
||||
|
||||
std::shared_ptr<VirtualInterface> tun = std::make_shared<VirtualInterface>(optionsObj["interface"].as<std::string>());
|
||||
log("Using virtual interface: " + tun->getName());
|
||||
|
||||
@@ -84,7 +111,7 @@ int main(int argc, char** argv) {
|
||||
std::shared_ptr<uint64_t> sessionID = std::make_shared<uint64_t>(0);
|
||||
|
||||
asio::io_context io;
|
||||
auto client = std::make_shared<ColumnLynx::Net::TCP::TCPClient>(io, host, port, sodiumWrapper, aesKey, sessionID, insecureMode, tun);
|
||||
auto client = std::make_shared<ColumnLynx::Net::TCP::TCPClient>(io, host, port, sodiumWrapper, aesKey, sessionID, insecureMode, configPath, tun);
|
||||
auto udpClient = std::make_shared<ColumnLynx::Net::UDP::UDPClient>(io, host, port, aesKey, sessionID, tun);
|
||||
|
||||
client->start();
|
||||
|
||||
@@ -150,11 +150,12 @@ namespace ColumnLynx::Net::TCP {
|
||||
void TCPClient::mHandleMessage(ServerMessageType type, const std::string& data) {
|
||||
switch (type) {
|
||||
case ServerMessageType::HANDSHAKE_IDENTIFY: {
|
||||
Utils::log("Received server identity: " + data);
|
||||
std::memcpy(mServerPublicKey, data.data(), std::min(data.size(), sizeof(mServerPublicKey)));
|
||||
std::string hexServerPub = Utils::bytesToHexString(mServerPublicKey, 32);
|
||||
Utils::log("Received server identity. Public Key: " + hexServerPub);
|
||||
|
||||
// Verify pubkey against whitelisted_keys
|
||||
std::vector<std::string> whitelistedKeys = Utils::getWhitelistedKeys();
|
||||
std::vector<std::string> whitelistedKeys = Utils::getWhitelistedKeys(mConfigDirPath);
|
||||
if (std::find(whitelistedKeys.begin(), whitelistedKeys.end(), Utils::bytesToHexString(mServerPublicKey, 32)) == whitelistedKeys.end()) { // Key verification is handled in later steps of the handshake
|
||||
if (!mInsecureMode) {
|
||||
Utils::error("Server public key not in whitelisted_keys. Terminating connection.");
|
||||
|
||||
@@ -41,4 +41,27 @@ namespace ColumnLynx::Utils {
|
||||
randombytes_buf(randbytes.data(), randbytes.size());
|
||||
return randbytes;
|
||||
}
|
||||
|
||||
bool LibSodiumWrapper::recomputeKeys(PrivateSeed privateSeed, PublicKey storedPubKey) {
|
||||
int res = crypto_sign_seed_keypair(mPublicKey.data(), mPrivateKey.data(), privateSeed.data());
|
||||
|
||||
if (res != 0) {
|
||||
return false;
|
||||
}
|
||||
|
||||
// Convert to Curve25519 keys for encryption
|
||||
res = crypto_sign_ed25519_pk_to_curve25519(mXPublicKey.data(), mPublicKey.data());
|
||||
res = crypto_sign_ed25519_sk_to_curve25519(mXPrivateKey.data(), mPrivateKey.data());
|
||||
|
||||
if (res != 0) {
|
||||
return false;
|
||||
}
|
||||
|
||||
// Compare to stored for verification
|
||||
if (sodium_memcmp(mPublicKey.data(), storedPubKey.data(), crypto_sign_PUBLICKEYBYTES) != 0) {
|
||||
return false;
|
||||
}
|
||||
|
||||
return true;
|
||||
}
|
||||
}
|
||||
@@ -49,7 +49,7 @@ namespace ColumnLynx::Utils {
|
||||
}
|
||||
|
||||
std::string getVersion() {
|
||||
return "b0.3";
|
||||
return "1.0.0";
|
||||
}
|
||||
|
||||
unsigned short serverPort() {
|
||||
@@ -101,14 +101,19 @@ namespace ColumnLynx::Utils {
|
||||
return bytes;
|
||||
}
|
||||
|
||||
std::vector<std::string> getWhitelistedKeys() {
|
||||
std::vector<std::string> getWhitelistedKeys(std::string basePath) {
|
||||
// Currently re-reads the file every time, should be fine.
|
||||
// Advantage of it is that you don't need to reload the server binary after adding/removing keys. Disadvantage is re-reading the file every time.
|
||||
// I might redo this part.
|
||||
|
||||
std::vector<std::string> out;
|
||||
|
||||
std::ifstream file("whitelisted_keys"); // TODO: This is hardcoded for now, make dynamic
|
||||
std::ifstream file(basePath + "whitelisted_keys");
|
||||
if (!file.is_open()) {
|
||||
warn("Failed to open whitelisted_keys file at path: " + basePath + "whitelisted_keys");
|
||||
return out;
|
||||
}
|
||||
|
||||
std::string line;
|
||||
|
||||
while (std::getline(file, line)) {
|
||||
@@ -123,6 +128,10 @@ namespace ColumnLynx::Utils {
|
||||
std::vector<std::string> readLines;
|
||||
|
||||
std::ifstream file(path);
|
||||
if (!file.is_open()) {
|
||||
throw std::runtime_error("Failed to open config file at path: " + path);
|
||||
}
|
||||
|
||||
std::string line;
|
||||
|
||||
while (std::getline(file, line)) {
|
||||
|
||||
@@ -72,7 +72,7 @@ namespace ColumnLynx::Net {
|
||||
|
||||
if (ioctl(mFd, TUNSETIFF, &ifr) < 0) {
|
||||
close(mFd);
|
||||
throw std::runtime_error("TUNSETIFF failed: " + std::string(strerror(errno)));
|
||||
throw std::runtime_error("TUNSETIFF failed (try running with sudo): " + std::string(strerror(errno)));
|
||||
}
|
||||
|
||||
#elif defined(__APPLE__)
|
||||
@@ -96,7 +96,7 @@ namespace ColumnLynx::Net {
|
||||
|
||||
if (connect(mFd, (struct sockaddr*)&sc, sizeof(sc)) < 0) {
|
||||
if (errno == EPERM)
|
||||
throw std::runtime_error("connect(AF_SYS_CONTROL) failed: Insufficient permissions (try running as root)");
|
||||
throw std::runtime_error("connect(AF_SYS_CONTROL) failed: Insufficient permissions (try running with sudo)");
|
||||
throw std::runtime_error("connect(AF_SYS_CONTROL) failed: " + std::string(strerror(errno)));
|
||||
}
|
||||
|
||||
|
||||
@@ -16,6 +16,10 @@
|
||||
#include <cxxopts.hpp>
|
||||
#include <columnlynx/common/net/virtual_interface.hpp>
|
||||
|
||||
#if defined(__WIN32__)
|
||||
#include <windows.h>
|
||||
#endif
|
||||
|
||||
using asio::ip::tcp;
|
||||
using namespace ColumnLynx::Utils;
|
||||
using namespace ColumnLynx::Net::TCP;
|
||||
@@ -37,7 +41,12 @@ int main(int argc, char** argv) {
|
||||
#else
|
||||
("i,interface", "Override used interface", cxxopts::value<std::string>()->default_value("lynx0"))
|
||||
#endif
|
||||
("config", "Override config file path", cxxopts::value<std::string>()->default_value("./server_config"));
|
||||
#if defined(__WIN32__)
|
||||
/* Get config dir in LOCALAPPDATA\ColumnLynx\ */
|
||||
("config-dir", "Override config dir path", cxxopts::value<std::string>()->default_value("C:\\ProgramData\\ColumnLynx\\"));
|
||||
#else
|
||||
("config-dir", "Override config dir path", cxxopts::value<std::string>()->default_value("/etc/columnlynx"));
|
||||
#endif
|
||||
|
||||
PanicHandler::init();
|
||||
|
||||
@@ -60,7 +69,22 @@ int main(int argc, char** argv) {
|
||||
//WintunInitialize();
|
||||
#endif
|
||||
|
||||
std::unordered_map<std::string, std::string> config = Utils::getConfigMap(optionsObj["config"].as<std::string>());
|
||||
// Get the config path, ENV > CLI > /etc/columnlynx
|
||||
std::string configPath = optionsObj["config-dir"].as<std::string>();
|
||||
const char* envConfigPath = std::getenv("COLUMNLYNX_CONFIG_DIR");
|
||||
if (envConfigPath != nullptr) {
|
||||
configPath = std::string(envConfigPath);
|
||||
}
|
||||
|
||||
if (configPath.back() != '/' && configPath.back() != '\\') {
|
||||
#if defined(__WIN32__)
|
||||
configPath += "\\";
|
||||
#else
|
||||
configPath += "/";
|
||||
#endif
|
||||
}
|
||||
|
||||
std::unordered_map<std::string, std::string> config = Utils::getConfigMap(configPath + "server_config");
|
||||
|
||||
std::shared_ptr<VirtualInterface> tun = std::make_shared<VirtualInterface>(optionsObj["interface"].as<std::string>());
|
||||
log("Using virtual interface: " + tun->getName());
|
||||
@@ -75,14 +99,20 @@ int main(int argc, char** argv) {
|
||||
log("Loading keypair from config file.");
|
||||
|
||||
PublicKey pk;
|
||||
PrivateKey sk;
|
||||
PrivateSeed seed;
|
||||
|
||||
std::copy_n(Utils::hexStringToBytes(itPrivkey->second).begin(), sk.size(), sk.begin());
|
||||
std::copy_n(Utils::hexStringToBytes(itPrivkey->second).begin(), seed.size(), seed.begin());
|
||||
std::copy_n(Utils::hexStringToBytes(itPubkey->second).begin(), pk.size(), pk.begin());
|
||||
|
||||
sodiumWrapper->setKeys(pk, sk);
|
||||
if (!sodiumWrapper->recomputeKeys(seed, pk)) {
|
||||
throw std::runtime_error("Failed to recompute keypair from config file values!");
|
||||
}
|
||||
} else {
|
||||
#if defined(DEBUG)
|
||||
warn("No keypair found in config file! Using random key.");
|
||||
#else
|
||||
throw std::runtime_error("No keypair found in config file! Cannot start server without keys.");
|
||||
#endif
|
||||
}
|
||||
|
||||
log("Server public key: " + bytesToHexString(sodiumWrapper->getPublicKey(), crypto_sign_PUBLICKEYBYTES));
|
||||
@@ -91,7 +121,7 @@ int main(int argc, char** argv) {
|
||||
|
||||
asio::io_context io;
|
||||
|
||||
auto server = std::make_shared<TCPServer>(io, serverPort(), sodiumWrapper, hostRunning, ipv4Only);
|
||||
auto server = std::make_shared<TCPServer>(io, serverPort(), sodiumWrapper, hostRunning, configPath, ipv4Only);
|
||||
auto udpServer = std::make_shared<UDPServer>(io, serverPort(), hostRunning, ipv4Only, tun);
|
||||
|
||||
asio::signal_set signals(io, SIGINT, SIGTERM);
|
||||
|
||||
@@ -145,7 +145,7 @@ namespace ColumnLynx::Net::TCP {
|
||||
|
||||
Utils::debug("Key attempted connect: " + Utils::bytesToHexString(signPk.data(), signPk.size()));
|
||||
|
||||
std::vector<std::string> whitelistedKeys = Utils::getWhitelistedKeys();
|
||||
std::vector<std::string> whitelistedKeys = Utils::getWhitelistedKeys(mConfigDirPath);
|
||||
|
||||
if (std::find(whitelistedKeys.begin(), whitelistedKeys.end(), Utils::bytesToHexString(signPk.data(), signPk.size())) == whitelistedKeys.end()) {
|
||||
Utils::warn("Non-whitelisted client attempted to connect, terminating. Client IP: " + reqAddr);
|
||||
|
||||
@@ -36,6 +36,7 @@ namespace ColumnLynx::Net::TCP {
|
||||
std::move(socket),
|
||||
mSodiumWrapper,
|
||||
&mRawServerConfig,
|
||||
mConfigDirPath,
|
||||
[this](std::shared_ptr<TCPConnection> c) {
|
||||
mClients.erase(c);
|
||||
Utils::log("Client removed.");
|
||||
|
||||
Reference in New Issue
Block a user