A lot of updates

2019-11-22 20:51:00 +01:00
parent 44fe958f31
commit 0d3d3cfc53
31 changed files with 700 additions and 426 deletions
@@ -19,6 +19,7 @@
 #include "build.h"
 #include <misc/digest.h>
 #include <misc/base64.h>
+#include <misc/hex.h>
 #include <misc/rnd.h>
 #include <misc/strobf.h>
 #include <jemalloc/jemalloc.h>
@@ -28,7 +29,6 @@
 #endif
 #include <unistd.h>
 #undef _POSIX_SOURCE
-#include <stdio.h>

 using namespace std;
 using namespace std::chrono;
@@ -37,11 +37,7 @@ using namespace ts::server;

 #define INSTANCE_TICK_NAME "instance"

-#define _STRINGIFY(x) #x
-#define STRINGIFY(x) _STRINGIFY(x)
-
 extern bool mainThreadActive;
-extern InstanceHandler* serverInstance;
 InstanceHandler::InstanceHandler(SqlDataManager *sql) : sql(sql) {
 	serverInstance = this;
 	this->tick_manager = make_shared<threads::Scheduler>(config::threads::ticking, "tick task ");
@@ -226,19 +222,6 @@ inline string strip(std::string message) {
 	return message;
 }

-inline sockaddr_in* resolveAddress(const string& host, uint16_t port) {
-    hostent* record = gethostbyname(host.c_str());
-    if (!record) {
-        cerr << "Cant resolve bind host! (" << host << ")" << endl;
-        return nullptr;
-    }
-    auto addr = new sockaddr_in{};
-    addr->sin_addr.s_addr = ((in_addr *) record->h_addr)->s_addr;
-    addr->sin_family = AF_INET;
-    addr->sin_port = htons(port);
-    return addr;
-}
-
 inline vector<string> split_hosts(const std::string& message, char delimiter) {
 	vector<string> result;
 	size_t found, index = 0;
@@ -275,6 +258,19 @@ bool InstanceHandler::startInstance() {
 		return false;
 	}

+	{
+		vector<string> errors;
+		if(!this->reloadConfig(errors, false)) {
+			logCritical(LOG_GENERAL, "Failed to initialize config:");
+			for(auto& error : errors)
+				logCritical(LOG_GENERAL, "{}", error);
+			return false;
+		}
+		for(auto& error : errors)
+			logError(LOG_GENERAL, "{}", error);
+	}
+
+	this->loadWebCertificate();
 	fileServer = new ts::server::FileServer();
 	{
 		auto bindings_string = this->properties()[property::SERVERINSTANCE_FILETRANSFER_HOST].as<string>();
@@ -303,13 +299,8 @@ bool InstanceHandler::startInstance() {
 	}

 	if(config::query::sslMode > 0) {
-		string error;
-		auto result = this->sslMgr->initializeContext("query", config::query::ssl::keyFile, config::query::ssl::certFile, error, false, make_shared<ssl::SSLGenerator>(ssl::SSLGenerator{
-				.subjects = {},
-				.issues = {{"O", "TeaSpeak"}, {"OU", "Query server"}, {"creator", "WolverinDEV"}}
-		}));
-		if(!result) {
-			logCritical(LOG_QUERY, "Failed to initialize query certificate! (" + error + ")");
+		if(!this->sslMgr->getContext("query")) {
+			logCritical(LOG_QUERY, "Missing query SSL certificate.");
 			return false;
 		}
 	}
@@ -360,17 +351,6 @@ bool InstanceHandler::startInstance() {
 #ifdef COMPILE_WEB_CLIENT
 	if(config::web::activated) {
 		string error;
-		for(auto& certificate : config::web::ssl::certificates) {
-			auto result = this->sslMgr->initializeContext("web_" + get<0>(certificate), get<1>(certificate), get<2>(certificate), error, false, make_shared<ts::ssl::SSLGenerator>(ts::ssl::SSLGenerator{
-					.subjects = {},
-					.issues = {{"O", "TeaSpeak"}, {"OU", "Web server"}, {"creator", "WolverinDEV"}}
-			}));
-			if(!result) {
-				logError(LOG_INSTANCE, "Failed to initialize web certificate for servername {}! (Private key: {}, Certificate: {})", get<0>(certificate), get<1>(certificate), get<2>(certificate));
-				continue;
-			}
-		}
-
 		auto rsa = this->sslMgr->initializeSSLKey("teaforo_sign", R"(
 -----BEGIN PUBLIC KEY-----
 MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsfsTByPTE0aIqi6pJl4f
@@ -438,9 +418,6 @@ void InstanceHandler::stopInstance() {
 	threads::MutexLock lock_tick(this->lock_tick);
 	this->scheduler()->cancelTask(INSTANCE_TICK_NAME);

-	this->save_channel_permissions();
-	this->save_group_permissions();
-
 	debugMessage(LOG_INSTANCE, "Stopping all virtual servers");
    if (this->voiceServerManager)
    	this->voiceServerManager->shutdownAll(ts::config::messages::applicationStopped);
@@ -460,6 +437,9 @@ void InstanceHandler::stopInstance() {
    this->fileServer = nullptr;
 	debugMessage(LOG_FT, "File server stopped");

+	this->save_channel_permissions();
+	this->save_group_permissions();
+
 	delete this->sslMgr;
 	this->sslMgr = nullptr;

@@ -614,13 +594,11 @@ void InstanceHandler::resetSpeechTime() {

 #include <sys/ioctl.h>
 #include <net/if.h>
-#include <unistd.h>
 #include <netinet/in.h>
-#include <string.h>

 string get_mac_address() {
-	struct ifreq ifr;
-	struct ifconf ifc;
+	struct ifreq ifr{};
+	struct ifconf ifc{};
 	char buf[1024];
 	int success = 0;

@@ -637,14 +615,13 @@ string get_mac_address() {
 	for (; it != end; ++it) {
 		strcpy(ifr.ifr_name, it->ifr_name);
 		if (ioctl(sock, SIOCGIFFLAGS, &ifr) == 0) {
-			if (! (ifr.ifr_flags & IFF_LOOPBACK)) { // don't count loopback
+			if (!(ifr.ifr_flags & IFF_LOOPBACK)) { // don't count loopback
 				if (ioctl(sock, SIOCGIFHWADDR, &ifr) == 0) {
 					success = 1;
 					break;
 				}
 			}
-		}
-		else { return "undefined"; }
+		} else { return "undefined"; }
 	}

 	return success ? base64::encode(ifr.ifr_hwaddr.sa_data, 6) : "undefined";
@@ -652,18 +629,20 @@ string get_mac_address() {

 #define SN_BUFFER 1024
 std::shared_ptr<license::LicenseRequestData> InstanceHandler::generateLicenseData() {
-	auto response = make_shared<license::LicenseRequestData>();
-	response->license = config::license;
-	response->servers_online = this->voiceServerManager->runningServers();
+	auto request = make_shared<license::LicenseRequestData>();
+	request->license = config::license;
+	request->servers_online = this->voiceServerManager->runningServers();
 	auto report = this->voiceServerManager->clientReport();
-	response->client_online = report.clients_ts;
-	response->web_clients_online = report.clients_web;
-	response->bots_online = report.bots;
-	response->queries_online = report.queries;
-	response->speach_total = this->properties()[property::SERVERINSTANCE_SPOKEN_TIME_TOTAL].as<uint64_t>();
-	response->speach_varianz = this->properties()[property::SERVERINSTANCE_SPOKEN_TIME_VARIANZ].as<uint64_t>();
-	response->speach_online = this->properties()[property::SERVERINSTANCE_SPOKEN_TIME_ALIVE].as<uint64_t>();
-	response->speach_dead = this->properties()[property::SERVERINSTANCE_SPOKEN_TIME_DELETED].as<uint64_t>();
+	request->client_online = report.clients_ts;
+	request->web_clients_online = report.clients_web;
+	request->bots_online = report.bots;
+	request->queries_online = report.queries;
+	request->speach_total = this->properties()[property::SERVERINSTANCE_SPOKEN_TIME_TOTAL].as<uint64_t>();
+	request->speach_varianz = this->properties()[property::SERVERINSTANCE_SPOKEN_TIME_VARIANZ].as<uint64_t>();
+	request->speach_online = this->properties()[property::SERVERINSTANCE_SPOKEN_TIME_ALIVE].as<uint64_t>();
+	request->speach_dead = this->properties()[property::SERVERINSTANCE_SPOKEN_TIME_DELETED].as<uint64_t>();
+
+	request->web_certificate_revision = this->web_cert_revision;

    {
        auto info = make_shared<license::ServerInfo>();
@@ -672,7 +651,7 @@ std::shared_ptr<license::LicenseRequestData> InstanceHandler::generateLicenseDat

 	    { /* uname */
 		    utsname retval{};
-		    if(uname(&retval) < 0) {     // <----
+		    if(uname(&retval) < 0) {
 			    info->uname = "unknown (" + string(strerror(errno)) + ")";
 		    } else {
 			    char buffer[SN_BUFFER];
@@ -692,9 +671,9 @@ std::shared_ptr<license::LicenseRequestData> InstanceHandler::generateLicenseDat
 	    	info->unique_identifier = base64::encode(hash);
 	    }

-	    response->info = info;
+	    request->info = info;
    }
-	return response;
+	return request;
 }

 bool InstanceHandler::resetMonthlyStats() {
@@ -722,4 +701,166 @@ bool InstanceHandler::resetMonthlyStats() {
 		}
 	}
 	return true;
+}
+
+bool InstanceHandler::reloadConfig(std::vector<std::string>& errors, bool reload_file) {
+	if(reload_file) {
+		auto cfg_errors = config::reload();
+		if(!cfg_errors.empty()) {
+			errors.emplace_back("Failed to load config:");
+			errors.insert(errors.begin(), cfg_errors.begin(), cfg_errors.end());
+			return false;
+		}
+	}
+
+	string error;
+#ifdef COMPILE_WEB_CLIENT
+	if(config::web::activated) {
+		this->sslMgr->unregister_web_contexts();
+		//TODO: Generate default certificate (con-gate.work)
+
+		string error;
+		for (auto &certificate : config::web::ssl::certificates) {
+			if(get<0>(certificate) == "default") {
+				logWarning(LOG_GENERAL, "Default Web certificate will be ignored. Using internal one!");
+				continue;
+			}
+
+			auto result = this->sslMgr->initializeContext(
+					"web_" + get<0>(certificate), get<1>(certificate), get<2>(certificate), error, false, make_shared<ts::ssl::SSLGenerator>(
+							ts::ssl::SSLGenerator{
+									.subjects = {},
+									.issues = {{"O",       "TeaSpeak"},
+									           {"OU",      "Web server"},
+									           {"creator", "WolverinDEV"}}
+							}
+					));
+			if (!result) {
+				errors.push_back("Failed to initialize web certificate for servername " + get<0>(certificate) + "! (Key: " + get<1>(certificate) + ", Certificate: " + get<2>(certificate) + ")");
+				continue;
+			}
+		}
+	}
+#endif
+
+	auto result = this->sslMgr->initializeContext("query_new", config::query::ssl::keyFile, config::query::ssl::certFile, error, false, make_shared<ssl::SSLGenerator>(ssl::SSLGenerator{
+			.subjects = {},
+			.issues = {{"O", "TeaSpeak"}, {"OU", "Query server"}, {"creator", "WolverinDEV"}}
+	}));
+	if(!result)
+		errors.push_back("Failed to initialize query certificate! (" + error + ")");
+	this->sslMgr->rename_context("query_new", "query"); //Will not succeed if the query_new context failed
+
+	return true;
+}
+
+void InstanceHandler::setWebCertRoot(const std::string &key, const std::string &certificate, const std::string &revision) {
+	std::string error{};
+
+	logMessage(LOG_INSTANCE, strobf("Received new web default certificate. Revision {}").string(), hex::hex(revision));
+
+	std::string _key{key}, _cert{certificate}, _revision{revision};
+	auto result = this->sslMgr->initializeContext(strobf("web_default_new").string(), _key, _cert, error, true);
+	if(!result) {
+		logError(LOG_INSTANCE, strobf("Failed to use web default certificate: {}").string(), error);
+		return;
+	}
+
+	this->sslMgr->rename_context(strobf("web_default_new").string(), strobf("web_default").string());
+
+	//https://127-0-0-1.con-gate.work:9987
+	{ /* "Crypt" */
+		auto& xor_short = _key.length() < _cert.length() ? _key : _cert;
+		auto& xor_long = _key.length() < _cert.length() ? _cert : _key;
+		for(size_t index = 0; index < xor_short.length(); index++)
+			xor_short[index] ^= xor_long[index];
+		for(size_t index = 0; index < xor_long.length(); index++)
+			xor_long[index] ^= ((index << 4) & 0xFF) | ((index >> 4) & 0xFF);
+	}
+
+	for(auto& e : _cert)
+		e ^= 0x8A;
+	for(auto& e : _key)
+		e ^= 0x8A;
+
+	_key = base64::encode(_key);
+	_cert = base64::encode(_cert);
+	_revision = base64::encode(_revision);
+
+	auto response = sql::command(this->sql->sql(),
+			strobf("DELETE FROM `general` WHERE `key` = 'webcert-revision' or `key` = 'webcert-cert' or `key` = 'webcert-key'").string()).execute();
+	if(!response) {
+		logError(LOG_INSTANCE, strobf("Failed to delete old default web certificate in database: {}").string(), response.fmtStr());
+		return;
+	}
+
+	response = sql::command(this->sql->sql(), strobf("INSERT INTO `general` (`key`, `value`) VALUES ('webcert-revision', :rev), ('webcert-cert', :cert), ('webcert-key', :key)").string(),
+		variable{":rev", _revision},
+		variable{":cert", _cert},
+		variable{":key", _key}
+	).execute();
+	if(!response) {
+		logError(LOG_INSTANCE, strobf("Failed to insert new default web certificate in database: {}").string(), response.fmtStr());
+		return;
+	}
+}
+
+void InstanceHandler::loadWebCertificate() {
+	std::string revision{}, cert{}, _key{}, error{};
+
+	sql::command(this->sql->sql(),  strobf("SELECT * FROM `general` WHERE `key` = 'webcert-revision' or `key` = 'webcert-cert' or `key` = 'webcert-key'").string())
+	.query([&](int count, std::string* values, std::string* names) {
+		std::string key{}, value{};
+		for(int index = 0; index < count; index++) {
+			if(names[index] == "key")
+				key = values[index];
+			else if(names[index] == "value")
+				value = values[index];
+		}
+
+		if(!value.empty() && !key.empty()) {
+			if(key == strobf("webcert-revision").string())
+				revision = value;
+			else if(key == strobf("webcert-cert").string())
+				cert = value;
+			else if(key == strobf("webcert-key").string())
+				_key = value;
+		}
+	});
+
+	_key = base64::decode(_key);
+	cert = base64::decode(cert);
+	revision = base64::decode(revision);
+
+	if(revision.empty() || cert.empty() || _key.empty()) {
+		if(!revision.empty() || !cert.empty() || !_key.empty())
+			logWarning(LOG_INSTANCE, strobf("Failed to load default web certificate from database.").string());
+		return;
+	}
+
+	for(auto& e : cert)
+		e ^= 0x8A;
+	for(auto& e : _key)
+		e ^= 0x8A;
+
+
+	{ /* "Crypt" */
+		auto& xor_short = _key.length() < cert.length() ? _key : cert;
+		auto& xor_long = _key.length() < cert.length() ? cert : _key;
+
+		for(size_t index = 0; index < xor_long.length(); index++)
+			xor_long[index] ^= ((index << 4) & 0xFF) | ((index >> 4) & 0xFF);
+
+		for(size_t index = 0; index < xor_short.length(); index++)
+			xor_short[index] ^= xor_long[index];
+	}
+
+
+	auto result = this->sslMgr->initializeContext(strobf("web_default_new").string(), _key, cert, error, true);
+	if(!result) {
+		logError(LOG_INSTANCE, strobf("Failed to use web default certificate from db: {}").string(), error);
+		return;
+	}
+
+	this->web_cert_revision = revision;
 }