2 * Client for the Emergency Access Daemon
3 * Copyright (C) 2008 Felix Fietkau <nbd@openwrt.org>
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License version 2
7 * as published by the Free Software Foundation
9 * This program is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 * GNU General Public License for more details.
15 #include <sys/types.h>
16 #include <sys/socket.h>
18 #include <netinet/in.h>
30 #include <t_defines.h>
33 #include "ead-crypt.h"
35 #include "pw_encrypt_md5.c"
37 #define EAD_TIMEOUT 400
38 #define EAD_TIMEOUT_LONG 2000
40 static char msgbuf[1500];
41 static struct ead_msg *msg = (struct ead_msg *) msgbuf;
42 static uint16_t nid = 0xffff;
43 struct sockaddr_in local, remote;
47 static unsigned char *skey = NULL;
48 static unsigned char bbuf[MAXPARAMLEN];
49 static unsigned char saltbuf[MAXSALTLEN];
50 static char *username = NULL;
51 static char password[MAXPARAMLEN] = "";
52 static char pw_md5[MD5_OUT_BUFSIZE];
53 static char pw_salt[MAXSALTLEN];
55 static struct t_client *tc = NULL;
56 static struct t_num salt = { .data = saltbuf };
57 static struct t_num *A, B;
58 static struct t_preconf *tcp;
59 static int auth_type = EAD_AUTH_DEFAULT;
60 static int timeout = EAD_TIMEOUT;
63 set_nonblock(int enable)
65 if (enable == !!(sockflags & O_NONBLOCK));
68 sockflags ^= O_NONBLOCK;
69 fcntl(s, F_SETFL, sockflags);
73 send_packet(int type, bool (*handler)(void), unsigned int max)
83 sendto(s, msgbuf, sizeof(struct ead_msg) + ntohl(msg->len), 0, (struct sockaddr *) &remote, sizeof(remote));
86 tv.tv_sec = timeout / 1000;
87 tv.tv_usec = (timeout % 1000) * 1000;
92 nfds = select(s + 1, &fds, NULL, NULL, &tv);
97 if (!FD_ISSET(s, &fds))
100 len = read(s, msgbuf, sizeof(msgbuf));
104 if (len < sizeof(struct ead_msg))
107 if (len < sizeof(struct ead_msg) + ntohl(msg->len))
110 if (msg->magic != htonl(EAD_MAGIC))
113 if ((nid != 0xffff) && (ntohs(msg->nid) != nid))
116 if (msg->type != type)
122 if ((max > 0) && (res >= max))
130 prepare_password(void)
133 case EAD_AUTH_DEFAULT:
136 md5_crypt(pw_md5, (unsigned char *) password, (unsigned char *) pw_salt);
137 strncpy(password, pw_md5, sizeof(password));
145 struct ead_msg_pong *pong = EAD_DATA(msg, pong);
146 int len = ntohl(msg->len) - sizeof(struct ead_msg_pong);
152 auth_type = ntohs(pong->auth_type);
154 printf("%04x: %s\n", ntohs(msg->nid), pong->name);
161 struct ead_msg_salt *sb = EAD_DATA(msg, salt);
164 memcpy(salt.data, sb->salt, salt.len);
166 if (auth_type == EAD_AUTH_MD5) {
167 memcpy(pw_salt, sb->ext_salt, MAXSALTLEN);
168 pw_salt[MAXSALTLEN - 1] = 0;
171 tcp = t_getpreparam(sb->prime);
172 tc = t_clientopen(username, &tcp->modulus, &tcp->generator, &salt);
174 fprintf(stderr, "Client open failed\n");
184 struct ead_msg_number *num = EAD_DATA(msg, number);
185 int len = ntohl(msg->len) - sizeof(struct ead_msg_number);
189 memcpy(bbuf, num->data, len);
200 handle_done_auth(void)
202 struct ead_msg_auth *auth = EAD_DATA(msg, auth);
203 if (t_clientverify(tc, auth->data) != 0) {
204 fprintf(stderr, "Client auth verify failed\n");
211 handle_cmd_data(void)
213 struct ead_msg_cmd_data *cmd = EAD_ENC_DATA(msg, cmd_data);
214 int datalen = ead_decrypt_message(msg) - sizeof(struct ead_msg_cmd_data);
220 write(1, cmd->data, datalen);
228 msg->type = htonl(EAD_TYPE_PING);
230 return send_packet(EAD_TYPE_PONG, handle_pong, (nid == 0xffff ? 0 : 1));
236 msg->type = htonl(EAD_TYPE_SET_USERNAME);
237 msg->len = htonl(sizeof(struct ead_msg_user));
238 strcpy(EAD_DATA(msg, user)->username, username);
239 return send_packet(EAD_TYPE_ACK_USERNAME, handle_none, 1);
245 msg->type = htonl(EAD_TYPE_GET_PRIME);
247 return send_packet(EAD_TYPE_PRIME, handle_prime, 1);
253 struct ead_msg_number *num = EAD_DATA(msg, number);
254 A = t_clientgenexp(tc);
255 msg->type = htonl(EAD_TYPE_SEND_A);
256 msg->len = htonl(sizeof(struct ead_msg_number) + A->len);
257 memcpy(num->data, A->data, A->len);
258 return send_packet(EAD_TYPE_SEND_B, handle_b, 1);
264 struct ead_msg_auth *auth = EAD_DATA(msg, auth);
267 t_clientpasswd(tc, password);
268 skey = t_clientgetkey(tc, &B);
273 msg->type = htonl(EAD_TYPE_SEND_AUTH);
274 msg->len = htonl(sizeof(struct ead_msg_auth));
275 memcpy(auth->data, t_clientresponse(tc), sizeof(auth->data));
276 return send_packet(EAD_TYPE_DONE_AUTH, handle_done_auth, 1);
280 send_command(const char *command)
282 struct ead_msg_cmd *cmd = EAD_ENC_DATA(msg, cmd);
284 msg->type = htonl(EAD_TYPE_SEND_CMD);
285 cmd->type = htons(EAD_CMD_NORMAL);
286 cmd->timeout = htons(10);
287 strncpy((char *)cmd->data, command, 1024);
288 ead_encrypt_message(msg, sizeof(struct ead_msg_cmd) + strlen(command) + 1);
289 return send_packet(EAD_TYPE_RESULT_CMD, handle_cmd_data, 1);
294 usage(const char *prog)
296 fprintf(stderr, "Usage: %s <node> <username>[:<password>]\n"
298 "\n<node>: Node ID (4 digits hex)\n"
299 "\n<username>: Username to authenticate with\n"
301 "\nPassing no arguments shows a list of active nodes on the network\n"
307 int main(int argc, char **argv)
311 const char *command = NULL;
313 msg->magic = htonl(EAD_MAGIC);
316 memset(&local, 0, sizeof(local));
317 memset(&remote, 0, sizeof(remote));
319 remote.sin_family = AF_INET;
320 remote.sin_addr.s_addr = 0xffffffff;
321 remote.sin_port = htons(EAD_PORT);
323 local.sin_family = AF_INET;
324 local.sin_addr.s_addr = INADDR_ANY;
333 st = strchr(username, ':');
337 strncpy(password, st, sizeof(password));
338 password[sizeof(password) - 1] = 0;
339 /* hide command line password */
340 memset(st, 0, strlen(st));
344 nid = strtoul(argv[1], &st, 16);
345 if (st && st[0] != 0)
346 return usage(argv[0]);
351 return usage(argv[0]);
354 msg->nid = htons(nid);
355 s = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);
361 setsockopt(s, SOL_SOCKET, SO_BROADCAST, &val, sizeof(val));
363 if (bind(s, (struct sockaddr *)&local, sizeof(local)) < 0) {
367 sockflags = fcntl(s, F_GETFL);
370 fprintf(stderr, "No devices found\n");
377 if (!username || !password[0])
380 if (!send_username()) {
381 fprintf(stderr, "Device did not accept user name\n");
385 fprintf(stderr, "Failed to get user password info\n");
389 timeout = EAD_TIMEOUT_LONG;
391 fprintf(stderr, "Failed to send local authentication data\n");
395 fprintf(stderr, "Authentication failed\n");
399 fprintf(stderr, "Authentication succesful\n");
402 if (!send_command(command)) {
403 fprintf(stderr, "Command failed\n");