dcrubro/columnlynx
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 3 Wiki Activity

Added checking of whitelisted keys on server

Browse Source
This commit is contained in:
DcruBro
2025-11-25 00:22:52 +01:00
parent 022debfa5b
commit de3ec98363
6 changed files with 88 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
src/server/main.cpp
View File

@@ -12,6 +12,7 @@
#include <unordered_set>
#include <cxxopts/cxxopts.hpp>
#include <columnlynx/common/net/virtual_interface.hpp>
//#include <nlohmann/json.hpp>
using asio::ip::tcp;
using namespace ColumnLynx::Utils;
@@ -41,7 +42,8 @@ int main(int argc, char** argv) {
options.add_options()
("h,help", "Print help")
("4,ipv4-only", "Force IPv4 only operation", cxxopts::value<bool>()->default_value("false"));
("4,ipv4-only", "Force IPv4 only operation", cxxopts::value<bool>()->default_value("false"))
("c,config", "Specify config file location", cxxopts::value<std::string>()->default_value("config.json"));
PanicHandler::init();
@@ -53,6 +55,7 @@ int main(int argc, char** argv) {
}
bool ipv4Only = result["ipv4-only"].as<bool>();
std::string configPath = result["config"].as<std::string>();
log("ColumnLynx Server, Version " + getVersion());
log("This software is licensed under the GPLv2 only OR the GPLv3. See LICENSES/ for details.");
@@ -64,6 +67,18 @@ int main(int argc, char** argv) {
std::shared_ptr<VirtualInterface> tun = std::make_shared<VirtualInterface>("utun0");
log("Using virtual interface: " + tun->getName());
/*
// Load the config
std::ifstream f(configPath);
if (!f) {
error("Could not open config.");
return 1;
}
nlohmann::json j;
f >> j; // parse
*/
// Generate a temporary keypair, replace with actual CA signed keys later (Note, these are stored in memory)
LibSodiumWrapper sodiumWrapper = LibSodiumWrapper();
log("Server public key: " + bytesToHexString(sodiumWrapper.getPublicKey(), crypto_sign_PUBLICKEYBYTES));

10
src/server/server/net/tcp/tcp_connection.cpp
View File

@@ -115,6 +115,14 @@ namespace ColumnLynx::Net::TCP {
Utils::log("Client protocol version " + std::to_string(clientProtoVer) + " accepted from " + reqAddr + ".");
std::memcpy(mConnectionPublicKey.data(), data.data() + 1, std::min(data.size() - 1, sizeof(mConnectionPublicKey))); // Store the client's public key (for identification)
std::vector<std::string> whitelistedKeys = Utils::getWhitelistedKeys();
if (std::find(whitelistedKeys.begin(), whitelistedKeys.end(), Utils::bytesToHexString(mConnectionPublicKey.data(), mConnectionPublicKey.size())) == whitelistedKeys.end()) {
Utils::warn("Non-whitelisted client attempted to connect, terminating. Client IP: " + reqAddr);
disconnect();
}
mHandler->sendMessage(ServerMessageType::HANDSHAKE_IDENTIFY, Utils::uint8ArrayToString(mLibSodiumWrapper->getPublicKey(), crypto_sign_PUBLICKEYBYTES)); // This public key should always exist
break;
}
@@ -188,7 +196,7 @@ namespace ColumnLynx::Net::TCP {
SessionRegistry::getInstance().lockIP(mConnectionSessionID, clientIP);
uint64_t sessionIDNet = Utils::htobe64(mConnectionSessionID);
uint64_t sessionIDNet = Utils::chtobe64(mConnectionSessionID);
std::vector<uint8_t> payload(sizeof(uint64_t) + sizeof(tunConfig));
std::memcpy(payload.data(), &sessionIDNet, sizeof(uint64_t));