diff --git a/CHANGELOG b/CHANGELOG index 3ecee1f..14ad313 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,12 +1,22 @@ -iodine - IP over DNS is now easy +iodine - http://code.kryo.se/iodine - http://code.kryo.se/iodine - -******************************** +*********************************** CHANGES: +2007-11-30: 0.4.1 "Tea Online" + - Introduced encoding API + - Switched to new Base32 implementation + - Added Base64 implementation that only uses 63 chars (not used yet) + - Refined 'install' make target and use $(MAKE) for recursive calls + - All received error messages (RCODE field) are echoed + - Top domain limited to 128 chars + - Case preservation check sent after login to decide codec + - Fixed crash on incoming NULL query in server with bad top domain + - /etc/resolv.conf is consulted if no nameserver is given on commandline + - Applied patch from Matthew W. S. Bell (Detach before chroot/dropping priv) + 2007-03-25: 0.4.0 "Run Home" - Added multiuser support (up to 8 users simultaneously) - Added authentication (password entered as argument or on stdin) diff --git a/Makefile b/Makefile index c6d63a2..7516942 100644 --- a/Makefile +++ b/Makefile @@ -1,6 +1,11 @@ -PREFIX=/usr/local +prefix=/usr/local +sbindir=$(prefix)/sbin +datadir=$(prefix)/share +mandir=$(datadir)/man -INSTALL=/usr/bin/install +DESTDIR= + +INSTALL=install INSTALL_FLAGS= MKDIR=mkdir @@ -10,26 +15,31 @@ RM=rm RM_FLAGS=-f all: - @(cd src; make all) + @(cd src; $(MAKE) all) install: all - $(MKDIR) $(MKDIR_FLAGS) $(PREFIX)/sbin - $(INSTALL) $(INSTALL_FLAGS) bin/iodine $(PREFIX)/sbin/iodine - $(INSTALL) $(INSTALL_FLAGS) bin/iodined $(PREFIX)/sbin/iodined - $(MKDIR) $(MKDIR_FLAGS) $(PREFIX)/man/man8 - $(INSTALL) $(INSTALL_FLAGS) man/iodine.8 $(PREFIX)/man/man8/iodine.8 + $(MKDIR) $(MKDIR_FLAGS) $(DESTDIR)$(sbindir) + $(INSTALL) $(INSTALL_FLAGS) bin/iodine $(DESTDIR)$(sbindir)/iodine + chmod 755 $(DESTDIR)$(sbindir)/iodine + $(INSTALL) $(INSTALL_FLAGS) bin/iodined $(DESTDIR)$(sbindir)/iodined + chmod 755 $(DESTDIR)$(sbindir)/iodined + $(MKDIR) $(MKDIR_FLAGS) $(DESTDIR)$(mandir)/man8 + $(INSTALL) $(INSTALL_FLAGS) man/iodine.8 $(DESTDIR)$(mandir)/man8/iodine.8 + chmod 644 $(DESTDIR)$(mandir)/man8/iodine.8 uninstall: - $(RM) $(RM_FLAGS) $(PREFIX)/sbin/iodine - $(RM) $(RM_FLAGS) $(PREFIX)/sbin/iodined - $(RM) $(RM_FLAGS) $(PREFIX)/man/man8/iodine.8 + $(RM) $(RM_FLAGS) $(DESTDIR)$(sbindir)/iodine + $(RM) $(RM_FLAGS) $(DESTDIR)$(sbindir)/iodined + $(RM) $(RM_FLAGS) $(DESTDIR)$(mandir)/man8/iodine.8 test: all + @echo "!! The check library is required for compiling and running the tests" + @echo "!! Get it at http://check.sf.net" @(cd tests; make all) clean: @echo "Cleaning..." - @(cd src; make clean) - @(cd tests; make clean) + @(cd src; $(MAKE) clean) + @(cd tests; $(MAKE) clean) @rm -rf bin diff --git a/README b/README index f52ed4f..8e44993 100644 --- a/README +++ b/README @@ -1,9 +1,7 @@ -iodine - IP over DNS is now easy +iodine - http://code.kryo.se/iodine - http://code.kryo.se/iodine - -******************************** +*********************************** This is a piece of software that lets you tunnel IPv4 data through a DNS server. This can be usable in different situations where internet access is @@ -30,13 +28,18 @@ HOW TO USE: Server side: To use this tunnel, you need control over a real domain (like mytunnel.com), -and a server with a static public IP number that does not yet run a DNS -server. Then, delegate a subdomain (say, tunnel1.mytunnel.com) to the server. -If you use BIND for the domain, add these lines to the zone file: +and a server with a public IP number (not behind NAT) that does not yet run +a DNS server. Then, delegate a subdomain (say, tunnel1.mytunnel.com) to the +server. If you use BIND for the domain, add these lines to the zone file: tunnel1host IN A 10.15.213.99 tunnel1 IN NS tunnel1host.mytunnel.com. +Do not use CNAME instead of A above. +If your server has a dynamic IP, use a dynamic dns provider: + +tunnel1 IN NS tunnel1host.mydyndnsprovider.com + Now any DNS querys for domains ending with tunnel1.mytunnnel.com will be sent to your server. Start iodined on the server. The first argument is the tunnel IP address (like 192.168.99.1) and the second is the assigned domain (in this @@ -60,13 +63,11 @@ either side. MISC. INFO: -Note that you can have only one client per server at the same time. This is -because of the fragmentation of big packets going upstream, and will be fixed -in future versions. - Try experimenting with the MTU size (-m option) to get maximum bandwidth. It is set to 1024 by default, which seems to work with most DNS servers. If you have -problems, try setting it to below 512. +problems, try setting it to 220 as this ensures all packets to be < 512 bytes. +Some DNS servers enforce a 512 byte packet limit, and this is probably the case +if you can ping through the tunnel but not login via SSH. If you have problems, try inspecting the traffic with network monitoring tools and make sure that the relaying DNS server has not cached the response. A @@ -90,7 +91,7 @@ iptables -t nat -A PREROUTING -i eth0 -p udp --dport 53 -j DNAT --to :5353 PORTABILITY: iodine has been tested on Linux (arm, ia64, x86, AMD64 and SPARC64), FreeBSD -(ia64, x86), OpenBSD (x86), NetBSD (x86) and MacOS X (10.3, ppc, with +(ia64, x86), OpenBSD (x86), NetBSD (x86) and MacOS X (ppc and x86, with http://www-user.rhrk.uni-kl.de/~nissler/tuntap/). It should work on other unix-like systems as well that has TUN/TAP tunneling support (after some patching). Let us know if you get it to run on other platforms. diff --git a/TODO b/TODO index 766d37b..e852d32 100644 --- a/TODO +++ b/TODO @@ -1,9 +1,7 @@ -iodine - IP over DNS is now easy +iodine - http://code.kryo.se/iodine - http://code.kryo.se/iodine - -******************************** +*********************************** The TODO list is now located at diff --git a/man/iodine.8 b/man/iodine.8 index 69921c7..3720a50 100644 --- a/man/iodine.8 +++ b/man/iodine.8 @@ -1,5 +1,5 @@ .\" groff -man -Tascii iodine.8 -.TH IODINE 8 "FEB 2007" "User Manuals" +.TH IODINE 8 "JUN 2007" "User Manuals" .SH NAME iodine, iodined \- tunnel IPv4 over DNS .SH SYNOPSIS @@ -16,7 +16,9 @@ iodine, iodined \- tunnel IPv4 over DNS .B ] [-d .I device .B ] +.B [ .I nameserver +.B ] .I topdomain .B iodined [-v] @@ -93,7 +95,8 @@ You must make sure the dns requests are forwarded to this port yourself. .B nameserver The nameserver to use to relay the dns traffic. This can be any relaying nameserver or the ip number of the server running iodined if reachable. -Normally, you should specify a nameserver from your +This argument is optional, and if not specified a nameserver will be read +from the .I /etc/resolv.conf file. .TP @@ -179,6 +182,12 @@ The normal case is to route all traffic through the DNS tunnel. To do this, firs add a route to the nameserver you use with the default gateway as gateway. Then replace the default gateway with the servers IP address within the DNS tunnel, and configure the server to do NAT. +.TP +.B MTU issues: +Some relaying DNS servers enforce a 512 byte packet limit. All larger packets are +simply dropped. If you can ping through the tunnel but not login via SSH, this is +most likely the case. Set the MTU on the server to 220 to ensure that all packets +are less than 512 bytes. This will however greatly affect performance. .SH BUGS File bugs at http://dev.kryo.se/iodine/ .SH AUTHORS diff --git a/src/Makefile b/src/Makefile index ebf27e9..958aa70 100644 --- a/src/Makefile +++ b/src/Makefile @@ -1,8 +1,9 @@ CC = gcc +COMMONOBJS = tun.o dns.o read.o encoding.o login.o base32.o base64.o md5.o common.o +CLIENTOBJS = iodine.o CLIENT = ../bin/iodine -CLIENTOBJS = iodine.o tun.o dns.o read.o encoding.o login.o base32.o md5.o common.o +SERVEROBJS = iodined.o user.o SERVER = ../bin/iodined -SERVEROBJS = iodined.o tun.o dns.o read.o encoding.o login.o base32.o md5.o common.o user.o OS = `uname | tr "a-z" "A-Z"` ARCH = `uname -m` @@ -15,15 +16,15 @@ all: stateos $(CLIENT) $(SERVER) $(TESTSUITE) stateos: @echo OS is $(OS), arch is $(ARCH) -$(CLIENT): $(CLIENTOBJS) +$(CLIENT): $(COMMONOBJS) $(CLIENTOBJS) @echo LD $@ @mkdir -p ../bin - @$(CC) $(CLIENTOBJS) -o $(CLIENT) $(LDFLAGS) + @$(CC) $(COMMONOBJS) $(CLIENTOBJS) -o $(CLIENT) $(LDFLAGS) -$(SERVER): $(SERVEROBJS) +$(SERVER): $(COMMONOBJS) $(SERVEROBJS) @echo LD $@ @mkdir -p ../bin - @$(CC) $(SERVEROBJS) -o $(SERVER) $(LDFLAGS) + @$(CC) $(COMMONOBJS) $(SERVEROBJS) -o $(SERVER) $(LDFLAGS) .c.o: @echo CC $< diff --git a/src/base32.c b/src/base32.c index 7357604..d42c5e9 100644 --- a/src/base32.c +++ b/src/base32.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2006-2007 Bjorn Andersson + * Copyright (c) 2006-2007 Bjorn Andersson , Erik Ekman * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -18,140 +18,160 @@ #include #include +#include "encoding.h" #include "base32.h" static const char cb32[] = "abcdefghijklmnopqrstuvwxyz0123456789"; +static unsigned char rev32[128]; +static int reverse_init = 0; + +static struct encoder base32_encoder = +{ + "BASE32", + base32_encode, + base32_decode, + base32_handles_dots, + base32_handles_dots +}; + +struct encoder +*get_base32_encoder() +{ + return &base32_encoder; +} int -base32_encode(char **buf, size_t *buflen, const void *data, size_t size) +base32_handles_dots() +{ + return 0; +} + +int +base32_encode(char *buf, size_t *buflen, const void *data, size_t size) { size_t newsize; - char *newbuf; - char *s; - char *p; - char *q; + size_t maxsize; + unsigned char *s; + unsigned char *p; + unsigned char *q; int i; - newsize = 8 * (size / 5 + 1) + 1; - if (newsize > *buflen) { - if ((newbuf = realloc(*buf, newsize)) == NULL) { - free(*buf); - *buf = NULL; - *buflen = 0; - return 0; - } + memset(buf, 0, *buflen); - *buf = newbuf; - *buflen = newsize; + /* how many chars can we encode within the buf */ + maxsize = 5 * (*buflen / 8 - 1) - 1; + /* how big will the encoded data be */ + newsize = 8 * (size / 5 + 1) + 1; + /* if the buffer is too small, eat some of the data */ + if (*buflen < newsize) { + size = maxsize; } - p = s = *buf; - q = (char*)data; + p = s = (unsigned char *) buf; + q = (unsigned char *)data; for(i=0;i> 3)]; - p[1] = cb32[((q[0] & 0x07) << 2) | ((q[1] & 0xc0) >> 6)]; + p[0] = cb32[((q[0] & 0xf8) >> 3)]; + p[1] = cb32[(((q[0] & 0x07) << 2) | ((q[1] & 0xc0) >> 6))]; p[2] = (i+1 < size) ? cb32[((q[1] & 0x3e) >> 1)] : '\0'; p[3] = (i+1 < size) ? cb32[((q[1] & 0x01) << 4) | ((q[2] & 0xf0) >> 4)] : '\0'; p[4] = (i+2 < size) ? cb32[((q[2] & 0x0f) << 1) | ((q[3] & 0x80) >> 7)] : '\0'; - p[5] = (i+3 < size) ? cb32[((q[3] & 0x3e) >> 2)] : '\0'; - p[6] = (i+3 < size) ? cb32[((q[3] & 0x03) << 3) | ((q[4] & 0xe0) > 5)] : '\0'; + p[5] = (i+3 < size) ? cb32[((q[3] & 0x7c) >> 2)] : '\0'; + p[6] = (i+3 < size) ? cb32[((q[3] & 0x03) << 3) | ((q[4] & 0xe0) >> 5)] : '\0'; p[7] = (i+4 < size) ? cb32[((q[4] & 0x1f))] : '\0'; q += 5; p += 8; } *p = 0; - return strlen(s); + + /* store number of bytes from data that was used */ + *buflen = size; + + return strlen(buf) - 1; } #define DECODE_ERROR 0xffffffff +#define REV32(x) rev32[(int) (x)] static int -pos(char c) +decode_token(const unsigned char *t, unsigned char *data, size_t len) { - const char *p; - for (p = cb32; *p; p++) - if (*p == c) - return p - cb32; - return -1; -} - -static int -decode_token(const char *t, char *data) -{ - int len; - - len = strlen(t); - if (len < 2) return 0; - data[0] = ((pos(t[0]) & 0x1f) << 3) | - ((pos(t[1]) & 0x1c) >> 2); + data[0] = ((REV32(t[0]) & 0x1f) << 3) | + ((REV32(t[1]) & 0x1c) >> 2); if (len < 4) return 1; - data[1] = ((pos(t[1]) & 0x03) << 6) | - ((pos(t[2]) & 0x1f) << 1) | - ((pos(t[3]) & 0x10) >> 4); + data[1] = ((REV32(t[1]) & 0x03) << 6) | + ((REV32(t[2]) & 0x1f) << 1) | + ((REV32(t[3]) & 0x10) >> 4); if (len < 5) return 2; - data[2] = ((pos(t[3]) & 0x0f) << 4) | - ((pos(t[4]) & 0x1e) >> 1); + data[2] = ((REV32(t[3]) & 0x0f) << 4) | + ((REV32(t[4]) & 0x1e) >> 1); if (len < 7) return 3; - data[3] = ((pos(t[4]) & 0x01) << 7) | - ((pos(t[5]) & 0x1f) << 2) | - ((pos(t[6]) & 0x18) >> 3); + data[3] = ((REV32(t[4]) & 0x01) << 7) | + ((REV32(t[5]) & 0x1f) << 2) | + ((REV32(t[6]) & 0x18) >> 3); if (len < 8) return 4; - data[4] = ((pos(t[6]) & 0x07) << 5) | - ((pos(t[7]) & 0x1f)); + data[4] = ((REV32(t[6]) & 0x07) << 5) | + ((REV32(t[7]) & 0x1f)); return 5; } int -base32_decode(void **buf, size_t *buflen, const char *str) +base32_decode(void *buf, size_t *buflen, const char *str, size_t slen) { unsigned char *q; size_t newsize; + size_t maxsize; const char *p; - char *newbuf; + unsigned char c; int len; - - newsize = 5 * (strlen(str) / 8 + 1) + 1; - if (newsize > *buflen) { - if ((newbuf = realloc(*buf, newsize)) == NULL) { - free(*buf); - *buf = NULL; - *buflen = 0; - return 0; - } + int i; - *buf = newbuf; - *buflen = newsize; + if (!reverse_init) { + for (i = 0; i < 32; i++) { + c = cb32[i]; + rev32[(int) c] = i; + } + reverse_init = 1; + } + + /* chars needed to decode slen */ + newsize = 5 * (slen / 8 + 1) + 1; + /* encoded chars that fit in buf */ + maxsize = 8 * (*buflen / 5 + 1) + 1; + /* if the buffer is too small, eat some of the data */ + if (*buflen < newsize) { + slen = maxsize; } - q = *buf; + q = buf; for (p = str; *p && strchr(cb32, *p); p += 8) { - len = decode_token(p, (char *) q); + len = decode_token((unsigned char *) p, (unsigned char *) q, slen); q += len; + slen -= 8; if (len < 5) break; } *q = '\0'; - return q - (unsigned char *) *buf; + return q - (unsigned char *) buf; } diff --git a/src/base32.h b/src/base32.h index be3b7ea..fa94151 100644 --- a/src/base32.h +++ b/src/base32.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2006-2007 Bjorn Andersson + * Copyright (c) 2006-2007 Bjorn Andersson , Erik Ekman * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -17,7 +17,9 @@ #ifndef __BASE32_H__ #define __BASE32_H__ -int base32_encode(char **, size_t *, const void *, size_t); -int base32_decode(void **, size_t *, const char *); +struct encoder *get_base32_encoder(void); +int base32_handles_dots(); +int base32_encode(char *, size_t *, const void *, size_t); +int base32_decode(void *, size_t *, const char *, size_t); #endif diff --git a/src/base64.c b/src/base64.c new file mode 100644 index 0000000..512a199 --- /dev/null +++ b/src/base64.c @@ -0,0 +1,338 @@ +/* + * Copyright (c) 2006-2007 Bjorn Andersson , Erik Ekman + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include +#include +#include + +#include "encoding.h" +#include "common.h" +#include "base64.h" + +static const char cb64[] = + "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ-0123456789."; +static unsigned char rev64[128]; +static int reverse_init = 0; + +#define REV64(x) rev64[(int) (x)] +#define MODE (cb64[62]) +#define P62 (cb64[62]) +#define P63 (cb64[63]) + +static struct encoder base64_encoder = +{ + "BASE64", + base64_encode, + base64_decode, + base64_handles_dots, + base64_handles_dots +}; + +struct encoder +*get_base64_encoder() +{ + return &base64_encoder; +} + +int +base64_handles_dots() +{ + return 0; +} + +static void +findesc(int *count, unsigned char *esc, char c1, char c2, char c3, char c4) +{ + int min1 = 0; + int min2 = 0; + + int num1 = 0xFF; /* a very big number */ + int num2 = 0xFE; /* a nearly as big number */ + + int i; + + /* check if no more escapes needed */ + if (count[62] == 0 && count[63] == 0) { + esc[0] = MODE; + esc[1] = MODE; + return; + } + + for (i = 0; i < 62; i++) { + if (i == c1 || i == c2 || i == c3 || i == c4) { + continue; + } + + if (count[i] < num1) { + min2 = min1; + num2 = num1; + min1 = i; + num1 = count[i]; + } else if (count[i] < num2) { + min2 = i; + num2 = count[i]; + } + } + + esc[0] = cb64[min1]; + esc[1] = cb64[min2]; +} + +static void +escape_chars(char *buf, size_t buflen) +{ + int counter[64]; + int escapes; + int reset; + int i; + unsigned char temp[4096]; + unsigned char *r; + unsigned char *w; + unsigned char *e; + unsigned char esc[2]; + + memset(counter, 0, sizeof(counter)); + esc[0] = P62; + esc[1] = P63; + + /* first, find the number of times each token is used */ + r = (unsigned char *) buf; + w = temp; + while (*r) { + counter[REV64(*r)]++; + *w++ = *r++; + } + + /* check if work needed */ + if (counter[62] == 0 && counter[63] == 0) + return; + + r = temp; + w = (unsigned char *) buf; + reset = 1; + escapes = 0; + /* check a block for esc chars */ + while (*r) { + if (reset == 0 && escapes == 0 && ( + r[0] == esc[0] || r[1] == esc[0] ||r[2] == esc[0] ||r[2] == esc[0] || + r[0] == esc[1] || r[1] == esc[1] ||r[2] == esc[1] ||r[2] == esc[1])) { + /* last set of escape chars were unused. + * if we reset last escape switch then maybe we dont have to switch now */ + + /* change the latest escape switch to 999 (RESET) */ + e[1] = MODE; + e[2] = MODE; + + /* store default esc chars */ + esc[0] = P62; + esc[1] = P63; + + reset = 1; + } + /* these two if blocks can not be combined because a block can contain both + * char 9 and/or . and the current escape chars. */ + if (r[0] == esc[0] || r[1] == esc[0] ||r[2] == esc[0] ||r[2] == esc[0] || + r[0] == esc[1] || r[1] == esc[1] ||r[2] == esc[1] ||r[2] == esc[1]) { + /* switch escape chars */ + escapes = 0; + reset = 0; + + /* find 2 suitable escape chars */ + findesc(counter, esc, REV64(r[0]), REV64(r[1]), REV64(r[2]), REV64(r[3])); + + /* store escape switch position */ + e = w; + + /* write new escape chars */ + *w++ = MODE; + *w++ = esc[0]; + *w++ = esc[1]; + } + + /* update counter on remaining chars */ + for (i = 0; i < 4; i++) { + if (r[i]) + counter[REV64(r[i])]--; + } + + /* do the escaping */ + for (i = 0; i < 4; i++) { + if (r[i] == P62) { + r[i] = esc[0]; + escapes++; + } else if (r[i] == P63) { + r[i] = esc[1]; + escapes++; + } + } + + /* copy back to buf */ + *w++ = *r++; + *w++ = *r++; + *w++ = *r++; + *w++ = *r++; + } +} + +int +base64_encode(char *buf, size_t *buflen, const void *data, size_t size) +{ + size_t newsize; + size_t maxsize; + unsigned char c; + unsigned char *s; + unsigned char *p; + unsigned char *q; + int i; + + memset(buf, 0, *buflen); + + if (!reverse_init) { + for (i = 0; i < 64; i++) { + c = cb64[i]; + rev64[(int) c] = i; + } + reverse_init = 1; + } + + /* how many chars can we encode within the buf */ + maxsize = 3 * (*buflen / 4 - 1) - 1; + /* how big will the encoded data be */ + newsize = 4 * (size / 3 + 1) + 1; + /* if the buffer is too small, eat some of the data */ + if (*buflen < newsize) { + size = maxsize; + } + + p = s = (unsigned char *) buf; + q = (unsigned char *)data; + + for(i=0;i> 2)]; + p[1] = cb64[(((q[0] & 0x03) << 4) | ((q[1] & 0xf0) >> 4))]; + p[2] = (i+1 < size) ? cb64[((q[1] & 0x0f) << 2 ) | ((q[2] & 0xc0) >> 6)] : '\0'; + p[3] = (i+2 < size) ? cb64[(q[2] & 0x3f)] : '\0'; + + q += 3; + p += 4; + } + *p = 0; + + escape_chars(buf, *buflen); + + /* store number of bytes from data that was used */ + *buflen = size; + + return strlen(buf) - 1; +} + +#define DECODE_ERROR 0xffffffff + +static int +decode_token(const unsigned char *t, unsigned char *data, size_t len) +{ + if (len < 2) + return 0; + + data[0] = ((REV64(t[0]) & 0x3f) << 2) | + ((REV64(t[1]) & 0x30) >> 4); + + if (len < 3) + return 1; + + data[1] = ((REV64(t[1]) & 0x0f) << 4) | + ((REV64(t[2]) & 0x3c) >> 2); + + if (len < 4) + return 2; + + data[2] = ((REV64(t[2]) & 0x03) << 6) | + (REV64(t[3]) & 0x3f); + + return 3; +} + +int +base64_decode(void *buf, size_t *buflen, const char *str, size_t slen) +{ + unsigned char *q; + size_t newsize; + size_t maxsize; + const char *p; + unsigned char c; + unsigned char block[4]; + unsigned char prot62; + unsigned char prot63; + int len; + int i; + + if (!reverse_init) { + for (i = 0; i < 64; i++) { + c = cb64[i]; + rev64[(int) c] = i; + } + reverse_init = 1; + } + + /* chars needed to decode slen */ + newsize = 3 * (slen / 4 + 1) + 1; + /* encoded chars that fit in buf */ + maxsize = 4 * (*buflen / 3 + 1) + 1; + /* if the buffer is too small, eat some of the data */ + if (*buflen < newsize) { + slen = maxsize; + } + + prot62 = P62; + prot63 = P63; + + q = buf; + for (p = str; *p; p += 4) { + /* handle escape instructions */ + if (*p == MODE) { + p++; + if (p[0] == MODE && p[1] == MODE) { + /* reset escape chars */ + prot62 = P62; + prot63 = P63; + + p += 2; + } else { + prot62 = *p++; + prot63 = *p++; + } + } + /* since the str is const, we unescape in another buf */ + for (i = 0; i < 4; i++) { + block[i] = p[i]; + if (prot62 == block[i]) { + block[i] = P62; + } else if (prot63 == block[i]) { + block[i] = P63; + } + } + len = decode_token(block, (unsigned char *) q, slen); + q += len; + slen -= 4; + + if (len < 3) + break; + } + *q = '\0'; + + return q - (unsigned char *) buf; +} + diff --git a/src/base64.h b/src/base64.h new file mode 100644 index 0000000..6ee0656 --- /dev/null +++ b/src/base64.h @@ -0,0 +1,25 @@ +/* + * Copyright (c) 2006-2007 Bjorn Andersson , Erik Ekman + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#ifndef __BASE64_H__ +#define __BASE64_H__ + +struct encoder *get_base64_encoder(void); +int base64_handles_dots(); +int base64_encode(char *, size_t *, const void *, size_t); +int base64_decode(void *, size_t *, const char *, size_t); + +#endif diff --git a/src/common.c b/src/common.c index 521d2e6..73cf24d 100644 --- a/src/common.c +++ b/src/common.c @@ -29,6 +29,7 @@ #include #include #include +#include #include "common.h" @@ -71,13 +72,11 @@ close_dns(int fd) void do_chroot(char *newroot) { - if (newroot) { - if (chroot(newroot) != 0 || chdir("/") != 0) - err(1, "%s", newroot); + if (chroot(newroot) != 0 || chdir("/") != 0) + err(1, "%s", newroot); - seteuid(geteuid()); - setuid(getuid()); - } + seteuid(geteuid()); + setuid(getuid()); } void @@ -88,3 +87,27 @@ do_detach() umask(0); alarm(0); } + +void +read_password(char *buf, size_t len) +{ + struct termios old; + struct termios tp; + char pwd[80]; + + tcgetattr(0, &tp); + old = tp; + + tp.c_lflag &= (~ECHO); + tcsetattr(0, TCSANOW, &tp); + + printf("Enter password: "); + fflush(stdout); + scanf("%79s", pwd); + printf("\n"); + + tcsetattr(0, TCSANOW, &old); + + strncpy(buf, pwd, len); + buf[len-1] = '\0'; +} diff --git a/src/common.h b/src/common.h index 40b80f1..811aa40 100644 --- a/src/common.h +++ b/src/common.h @@ -17,6 +17,7 @@ #ifndef __COMMON_H__ #define __COMMON_H__ +#include #include #include @@ -27,15 +28,18 @@ #define MAX(a,b) ((a)>(b)?(a):(b)) #endif +#define QUERY_NAME_SIZE 256 + struct packet { - int len; - int offset; - char data[64*1024]; + int len; /* Total packet length */ + int sentlen; /* Length of chunk currently transmitted */ + int offset; /* Current offset */ + char data[64*1024]; /* The data */ }; struct query { - char name[258]; + char name[QUERY_NAME_SIZE]; short type; short id; struct sockaddr from; @@ -48,4 +52,6 @@ void close_dns(int); void do_chroot(char *); void do_detach(); +void read_password(char*, size_t); + #endif diff --git a/src/dns.c b/src/dns.c index f50ffc8..1b6dd60 100644 --- a/src/dns.c +++ b/src/dns.c @@ -61,7 +61,7 @@ dns_encode(char *buf, size_t buflen, struct query *q, qr_t qr, char *data, size_ name = 0xc000 | ((p - buf) & 0x3fff); - putname(&p, 256, q->name); + putname(&p, sizeof(q->name), q->name); putshort(&p, q->type); putshort(&p, C_IN); @@ -78,7 +78,7 @@ dns_encode(char *buf, size_t buflen, struct query *q, qr_t qr, char *data, size_ header->qdcount = htons(1); header->arcount = htons(1); - putname(&p, 256, data); + putname(&p, datalen, data); putshort(&p, q->type); putshort(&p, C_IN); @@ -101,11 +101,11 @@ dns_encode(char *buf, size_t buflen, struct query *q, qr_t qr, char *data, size_ int dns_decode(char *buf, size_t buflen, struct query *q, qr_t qr, char *packet, size_t packetlen) { + char name[QUERY_NAME_SIZE]; char rdata[4*1024]; HEADER *header; short qdcount; short ancount; - char name[255]; uint32_t ttl; short class; short type; @@ -137,7 +137,29 @@ dns_decode(char *buf, size_t buflen, struct query *q, qr_t qr, char *packet, siz switch (qr) { case QR_ANSWER: if(qdcount != 1 || ancount != 1) { - warnx("no query or answer in answer"); + switch (header->rcode) { + case REFUSED: + warnx("Got REFUSED as reply"); + break; + + case NOTIMP: + warnx("Got NOTIMP as reply"); + break; + + case NXDOMAIN: + warnx("Got NXDOMAIN as reply"); + break; + + + case SERVFAIL: + warnx("Got SERVFAIL as reply"); + break; + + case NOERROR: + default: + warnx("no query or answer in answer"); + break; + } return -1; } @@ -167,8 +189,8 @@ dns_decode(char *buf, size_t buflen, struct query *q, qr_t qr, char *packet, siz return -1; } - readname(packet, packetlen, &data, name, sizeof(name) -1); - name[256] = 0; + readname(packet, packetlen, &data, name, sizeof(name) - 1); + name[sizeof(name)-1] = '\0'; readshort(packet, &data, &type); readshort(packet, &data, &class); @@ -177,7 +199,8 @@ dns_decode(char *buf, size_t buflen, struct query *q, qr_t qr, char *packet, siz break; } - strncpy(q->name, name, 257); + strncpy(q->name, name, sizeof(q->name)); + q->name[sizeof(q->name) - 1] = '\0'; q->type = type; q->id = id; @@ -188,27 +211,3 @@ dns_decode(char *buf, size_t buflen, struct query *q, qr_t qr, char *packet, siz return rv; } -int -dns_build_hostname(char *buf, size_t buflen, - const char *data, const size_t datalen, - const char *topdomain) -{ - int consumed; - int avail; - char *b; - - avail = MIN(0xFF, buflen) - strlen(topdomain) - 2; - memset(buf, 0, buflen); - b = buf; - - consumed = encode_data(data, datalen, avail, b); - - b += strlen(buf); - if (*b != '.') - *b++ = '.'; - - strncpy(b, topdomain, strlen(topdomain)+1); - - return consumed; -} - diff --git a/src/dns.h b/src/dns.h index 5a96f22..0ced1f1 100644 --- a/src/dns.h +++ b/src/dns.h @@ -24,8 +24,6 @@ typedef enum { QR_ANSWER = 1 } qr_t; -int dns_build_hostname(char *, size_t, const char *, const size_t, const char *); - int dns_encode(char *, size_t, struct query *, qr_t, char *, size_t); int dns_decode(char *, size_t, struct query *, qr_t, char *, size_t); diff --git a/src/encoding.c b/src/encoding.c index 4de10c6..127e871 100644 --- a/src/encoding.c +++ b/src/encoding.c @@ -14,207 +14,80 @@ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -#include -#include #include +#include "encoding.h" -/* For FreeBSD */ -#ifndef MIN -#define MIN(a,b) ((a)<(b)?(a):(b)) -#endif - -#define SPACING 63 -#define ENC_CHUNK 8 -#define RAW_CHUNK 5 - -static const char base32[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZ98765-"; -static const char padder[] = " 1234"; -static char reverse32[128]; -static int reverse_init = 0; - -/* Eat 5 bytes from src, write 8 bytes to dest */ -static void -encode_chunk(char *dest, const char *src) -{ - unsigned char c; - - *dest++ = base32[(*src & 0xF8) >> 3]; /* 1111 1000 first byte */ - - c = (*src++ & 0x07) << 2; /* 0000 0111 first byte */ - c |= ((*src & 0xC0) >> 6); /* 1100 0000 second byte */ - *dest++ = base32[(int) c]; - - *dest++ = base32[(*src & 0x3E) >> 1]; /* 0011 1110 second byte */ - - c = (*src++ & 0x01) << 4; /* 0000 0001 second byte */ - c |= ((*src & 0xF0) >> 4); /* 1111 0000 third byte */ - *dest++ = base32[(int) c]; - - c = (*src++ & 0x0F) << 1; /* 0000 1111 third byte */ - c |= ((*src & 0x80) >> 7); /* 1000 0000 fourth byte */ - *dest++ = base32[(int) c]; - - *dest++ = base32[(*src & 0x7C) >> 2]; /* 0111 1100 fourth byte */ - - c = (*src++ & 0x03) << 3; /* 0000 0011 fourth byte */ - c |= ((*src & 0xE0) >> 5); /* 1110 0000 fifth byte */ - *dest++ = base32[(int) c]; - - *dest++ = base32[*src++ & 0x1F]; /* 0001 1111 fifth byte */ -} - -/* Eat 8 bytes from src, write 5 bytes to dest */ -static void -decode_chunk(char *dest, char *src) -{ - unsigned char c; - int i; - - if (!reverse_init) { - for (i = 0; i < 32; i++) { - c = base32[i]; - reverse32[(int) c] = i; - } - reverse_init = 1; - } - - c = reverse32[(int) *src++] << 3; /* Take bits 11111 from byte 1 */ - c |= (reverse32[(int) *src] & 0x1C) >> 2; /* Take bits 11100 from byte 2 */ - *dest++ = c; - - c = (reverse32[(int) *src++] & 0x3) << 6; /* Take bits 00011 from byte 2 */ - c |= reverse32[(int) *src++] << 1; /* Take bits 11111 from byte 3 */ - c |= (reverse32[(int) *src] & 0x10) >> 4; /* Take bits 10000 from byte 4 */ - *dest++ = c; - - c = (reverse32[(int) *src++] & 0xF) << 4; /* Take bits 01111 from byte 4 */ - c |= (reverse32[(int) *src] & 0x1E) >> 1; /* Take bits 11110 from byte 5 */ - *dest++ = c; - - c = reverse32[(int) *src++] << 7; /* Take bits 00001 from byte 5 */ - c |= reverse32[(int) *src++] << 2; /* Take bits 11111 from byte 6 */ - c |= (reverse32[(int) *src] & 0x18) >> 3; /* Take bits 11000 from byte 7 */ - *dest++ = c; - - c = (reverse32[(int) *src++] & 0x7) << 5; /* Take bits 00111 from byte 7 */ - c |= reverse32[(int) *src++]; /* Take bits 11111 from byte 8 */ - *dest++ = c; -} int -encode_data(const char *buf, const size_t len, int space, char *dest) +unpack_data(char *buf, size_t buflen, char *data, size_t datalen, struct encoder *enc) { - int final; - int write; - int realwrite; - int chunks; - int leftovers; - int i; - char encoded[255]; - char padding[5]; - const char *dp; - char *pp; - char *ep; - - space -= space / SPACING; - chunks = (space - 1) / ENC_CHUNK; - while ((chunks + 1) * ENC_CHUNK + 1 > space) { - chunks--; - } - write = RAW_CHUNK * chunks; - write = MIN(write, len); /* do not use more bytes than is available; */ - final = (write == len); /* is this the last block? */ - chunks = write / RAW_CHUNK; - leftovers = write % RAW_CHUNK; - - memset(encoded, 0, sizeof(encoded)); - ep = encoded; - dp = buf; - for (i = 0; i < chunks; i++) { - encode_chunk(ep, dp); - ep += ENC_CHUNK; - dp += RAW_CHUNK; - } - realwrite = ENC_CHUNK * chunks; - memset(padding, 0, sizeof(padding)); - pp = padding; - if (leftovers) { - pp += RAW_CHUNK - leftovers; - memcpy(pp, dp, leftovers); - - pp = padding; - *ep++ = padder[leftovers]; - encode_chunk(ep, pp); - - realwrite += ENC_CHUNK + 1; /* plus padding character */ - } - ep = encoded; - if (len > 0) { - for (i = 1; i <= realwrite; i++) { - if (i % SPACING == 0) { - *dest++ = '.'; - } - *dest++ = *ep++; - } - } - - return write; + if (!enc->eats_dots()) + datalen = inline_undotify(data, datalen); + return enc->decode(buf, &buflen, data, datalen); } -int -decode_data(char *dest, int size, const char *src, char *srcend) +int +inline_dotify(char *buf, size_t buflen) { - int len; - int i; - int chunks; - int padded; - char encoded[255]; - char padding[5]; - int enclen; - char *pp; - char *ep; + unsigned dots; + unsigned pos; + unsigned total; + char *reader, *writer; - memset(encoded, 0, sizeof(encoded)); - memset(dest, 0, size); + total = strlen(buf); + dots = total / 62; - /* First byte is not encoded */ - *dest++ = *src++; - len = 1; + writer = buf; + writer += total; + writer += dots; - ep = encoded; - enclen = 0; - while(enclen < sizeof(encoded) && src < srcend) { - if(*src == '.') { - src++; + total += dots; + if (strlen(buf) + dots > buflen) { + writer = buf; + writer += buflen; + total = buflen; + } + + reader = writer - dots; + pos = (unsigned) (reader - buf) + 1; + + while (dots) { + if (pos % 62 == 0) { + *writer-- = '.'; + dots--; + } + *writer-- = *reader--; + pos--; + } + + /* return new length of string */ + return total; +} + +int +inline_undotify(char *buf, size_t len) +{ + unsigned pos; + unsigned dots; + char *reader, *writer; + + writer = buf; + reader = writer; + + pos = 0; + dots = 0; + + while (pos < len) { + if (*reader == '.') { + reader++; + pos++; + dots++; continue; } - - *ep++ = *src++; - enclen++; + *writer++ = *reader++; + pos++; } - chunks = enclen / 8; - padded = enclen % 8; - - ep = encoded; - for (i = 0; i < chunks-1; i++) { - decode_chunk(dest, ep); - dest += RAW_CHUNK; - ep += ENC_CHUNK; - len += RAW_CHUNK; - } - /* Read last chunk */ - if (padded) { - pp = padding; - padded = *ep++ - '0'; - decode_chunk(pp, ep); - pp += RAW_CHUNK - padded; - memcpy(dest, pp, padded); - len += padded; - } else { - decode_chunk(dest, ep); - len += RAW_CHUNK; - } - - return len; + + /* return new length of string */ + return len - dots; } - diff --git a/src/encoding.h b/src/encoding.h index 2e4351b..4473b2f 100644 --- a/src/encoding.h +++ b/src/encoding.h @@ -17,7 +17,17 @@ #ifndef _ENCODING_H_ #define _ENCODING_H_ -int encode_data(const char *, const size_t, int, char *); -int decode_data(char *, int, const char *, char *); +struct encoder { + char name[8]; + int (*encode) (char *, size_t *, const void *, size_t); + int (*decode) (void *, size_t *, const char *, size_t); + int (*places_dots) (void); + int (*eats_dots) (void); +}; + +int unpack_data(char *, size_t, char *, size_t, struct encoder *); +int inline_dotify(char *, size_t); +int inline_undotify(char *, size_t); + #endif /* _ENCODING_H_ */ diff --git a/src/iodine.c b/src/iodine.c index a26281f..3b2cc61 100644 --- a/src/iodine.c +++ b/src/iodine.c @@ -23,6 +23,7 @@ #include #include #include +#include #include #include #include @@ -35,6 +36,8 @@ #endif #include "common.h" +#include "encoding.h" +#include "base32.h" #include "dns.h" #include "login.h" #include "tun.h" @@ -42,23 +45,37 @@ static void send_ping(int fd); static void send_chunk(int fd); +static int build_hostname(char *buf, size_t buflen, + const char *data, const size_t datalen, + const char *topdomain, struct encoder *encoder); -int running = 1; -char password[33]; +static int running = 1; +static char password[33]; -struct sockaddr_in peer; +static struct sockaddr_in nameserv; static char *topdomain; -uint16_t rand_seed; +static uint16_t rand_seed; /* Current IP packet */ -static char activepacket[4096]; +static struct packet packet; + +/* My userid at the server */ static char userid; -static int lastlen; -static int packetpos; -static int packetlen; + +/* DNS id for next packet */ static uint16_t chunkid; +/* Base32 encoder used for non-data packets */ +static struct encoder *b32; + +/* The encoder used for data packets + * Defaults to Base32, can be changed after handshake */ +static struct encoder *dataenc; + +/* result of case preservation check done after login */ +static int case_preserved; + static void sighandler(int sig) { @@ -66,57 +83,96 @@ sighandler(int sig) } static void -send_packet(int fd, char cmd, const char *data, const size_t datalen) +send_query(int fd, char *hostname) { char packet[4096]; struct query q; - char buf[4096]; size_t len; q.id = ++chunkid; q.type = T_NULL; + len = dns_encode(packet, sizeof(packet), &q, QR_QUERY, hostname, strlen(hostname)); + + sendto(fd, packet, len, 0, (struct sockaddr*)&nameserv, sizeof(nameserv)); +} + +static void +send_packet(int fd, char cmd, const char *data, const size_t datalen) +{ + char buf[4096]; + buf[0] = cmd; - len = dns_build_hostname(buf + 1, sizeof(buf) - 1, data, datalen, topdomain); - len = dns_encode(packet, sizeof(packet), &q, QR_QUERY, buf, strlen(buf)); + build_hostname(buf + 1, sizeof(buf) - 1, data, datalen, topdomain, b32); + send_query(fd, buf); +} - sendto(fd, packet, len, 0, (struct sockaddr*)&peer, sizeof(peer)); +static int +build_hostname(char *buf, size_t buflen, + const char *data, const size_t datalen, + const char *topdomain, struct encoder *encoder) +{ + int encsize; + size_t space; + char *b; + + + space = MIN(0xFF, buflen) - strlen(topdomain) - 2; + if (!encoder->places_dots()) + space -= (space / 62); /* space for dots */ + + memset(buf, 0, buflen); + + encsize = encoder->encode(buf, &space, data, datalen); + + if (!encoder->places_dots()) + inline_dotify(buf, buflen); + + b = buf; + b += strlen(buf); + + if (*b != '.') + *b++ = '.'; + + strncpy(b, topdomain, strlen(topdomain)+1); + + return space; } int is_sending() { - return (packetlen != 0); + return (packet.len != 0); } int read_dns(int fd, char *buf, int buflen) { struct sockaddr_in from; - char packet[64*1024]; + char data[64*1024]; socklen_t addrlen; struct query q; int rv; int r; addrlen = sizeof(struct sockaddr); - if ((r = recvfrom(fd, packet, sizeof(packet), 0, - (struct sockaddr*)&from, &addrlen)) == -1) { + if ((r = recvfrom(fd, data, sizeof(data), 0, + (struct sockaddr*)&from, &addrlen)) == -1) { warn("recvfrom"); return 0; } - rv = dns_decode(buf, buflen, &q, QR_ANSWER, packet, r); + rv = dns_decode(buf, buflen, &q, QR_ANSWER, data, r); if (is_sending() && chunkid == q.id) { /* Got ACK on sent packet */ - packetpos += lastlen; - if (packetpos == packetlen) { + packet.offset += packet.sentlen; + if (packet.offset == packet.len) { /* Packet completed */ - packetpos = 0; - packetlen = 0; - lastlen = 0; + packet.offset = 0; + packet.len = 0; + packet.sentlen = 0; } else { /* More to send */ send_chunk(fd); @@ -142,10 +198,10 @@ tunnel_tun(int tun_fd, int dns_fd) inlen = read; compress2((uint8_t*)out, &outlen, (uint8_t*)in, inlen, 9); - memcpy(activepacket, out, MIN(outlen, sizeof(activepacket))); - lastlen = 0; - packetpos = 0; - packetlen = outlen; + memcpy(packet.data, out, MIN(outlen, sizeof(packet.data))); + packet.sentlen = 0; + packet.offset = 0; + packet.len = outlen; send_chunk(dns_fd); @@ -224,33 +280,26 @@ static void send_chunk(int fd) { char hex[] = "0123456789ABCDEF"; - char packet[4096]; - struct query q; char buf[4096]; int avail; int code; char *p; - int len; - q.id = ++chunkid; - q.type = T_NULL; + p = packet.data; + p += packet.offset; + avail = packet.len - packet.offset; - p = activepacket; - p += packetpos; - avail = packetlen - packetpos; + packet.sentlen = build_hostname(buf + 1, sizeof(buf) - 1, p, avail, topdomain, dataenc); - lastlen = dns_build_hostname(buf + 1, sizeof(buf) - 1, p, avail, topdomain); - - if (lastlen == avail) + if (packet.sentlen == avail) code = 1; else code = 0; code |= (userid << 1); buf[0] = hex[code]; - len = dns_encode(packet, sizeof(packet), &q, QR_QUERY, buf, strlen(buf)); - sendto(fd, packet, len, 0, (struct sockaddr*)&peer, sizeof(peer)); + send_query(fd, buf); } void @@ -276,9 +325,9 @@ send_ping(int fd) char data[3]; if (is_sending()) { - lastlen = 0; - packetpos = 0; - packetlen = 0; + packet.sentlen = 0; + packet.offset = 0; + packet.len = 0; } data[0] = userid; @@ -308,6 +357,15 @@ send_version(int fd, uint32_t version) send_packet(fd, 'V', data, sizeof(data)); } +void +send_case_check(int fd) +{ + char buf[512] = "zZaAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyY123-4560789."; + + strncat(buf, topdomain, 512 - strlen(buf)); + send_query(fd, buf); +} + static int handshake(int dns_fd) { @@ -339,15 +397,15 @@ handshake(int dns_fd) read = read_dns(dns_fd, in, sizeof(in)); if(read < 0) { - perror("read"); + warn("handshake read"); continue; } if (read >= 9) { payload = (((in[4] & 0xff) << 24) | - ((in[5] & 0xff) << 16) | - ((in[6] & 0xff) << 8) | - ((in[7] & 0xff))); + ((in[5] & 0xff) << 16) | + ((in[6] & 0xff) << 8) | + ((in[7] & 0xff))); if (strncmp("VACK", in, 4) == 0) { seed = payload; @@ -405,7 +463,7 @@ perform_login: client[64] = 0; if (tun_setip(client) == 0 && tun_setmtu(mtu) == 0) { - return 0; + goto perform_case_check; } else { warnx("Received handshake with bad data"); } @@ -417,23 +475,98 @@ perform_login: printf("Retrying login...\n"); } + errx(1, "couldn't login to server"); + /* NOTREACHED */ - return 1; +perform_case_check: + case_preserved = 0; + for (i=0; running && i<5 ;i++) { + tv.tv_sec = i + 1; + tv.tv_usec = 0; + + send_case_check(dns_fd); + + FD_ZERO(&fds); + FD_SET(dns_fd, &fds); + + r = select(dns_fd + 1, &fds, NULL, NULL, &tv); + + if(r > 0) { + read = read_dns(dns_fd, in, sizeof(in)); + + if(read <= 0) { + warn("read"); + continue; + } + + if (read > 0) { + if (in[0] == 'z' || in[0] == 'Z') { + if (read < (26 * 2)) { + printf("Received short case reply...\n"); + } else { + int k; + + case_preserved = 1; + for (k = 0; k < 26 && case_preserved; k += 2) { + if (in[k] == in[k+1]) { + /* test string: zZaAbBcCdD... */ + case_preserved = 0; + } + } + return 0; + } + } else { + printf("Received bad case check reply\n"); + } + } + } + + printf("Retrying case check...\n"); + } + + printf("No reply on case check, continuing\n"); + return 0; +} + +static char * +get_resolvconf_addr() +{ + static char addr[16]; + char buf[80]; + char *rv; + FILE *fp; + + rv = NULL; + + if ((fp = fopen("/etc/resolv.conf", "r")) == NULL) + err(1, "/etc/resolve.conf"); + + while (feof(fp) == 0) { + fgets(buf, sizeof(buf), fp); + + if (sscanf(buf, "nameserver %15s", addr) == 1) { + rv = addr; + break; + } + } + + fclose(fp); + + return rv; } -static void -set_target(const char *host) +static void +set_nameserver(const char *cp) { - struct hostent *h; + struct in_addr addr; - h = gethostbyname(host); - if (!h) - err(1, "couldn't resolve name %s", host); + if (inet_aton(cp, &addr) != 1) + errx(1, "error parsing nameserver address: '%s'", cp); - memset(&peer, 0, sizeof(peer)); - peer.sin_family = AF_INET; - peer.sin_port = htons(53); - peer.sin_addr = *((struct in_addr *) h->h_addr); + memset(&nameserv, 0, sizeof(nameserv)); + nameserv.sin_family = AF_INET; + nameserv.sin_port = htons(53); + nameserv.sin_addr = addr; } static void @@ -441,7 +574,7 @@ usage() { extern char *__progname; printf("Usage: %s [-v] [-h] [-f] [-u user] [-t chrootdir] [-d device] " - "nameserver topdomain\n", __progname); + "[nameserver] topdomain\n", __progname); exit(2); } @@ -451,7 +584,7 @@ help() { printf("iodine IP over DNS tunneling client\n"); printf("Usage: %s [-v] [-h] [-f] [-u user] [-t chrootdir] [-d device] " - "[-P password] nameserver topdomain\n", __progname); + "[-P password] [nameserver] topdomain\n", __progname); printf(" -v to print version info and exit\n"); printf(" -h to print this help and exit\n"); printf(" -f to keep running in foreground\n"); @@ -459,7 +592,7 @@ help() { printf(" -t dir to chroot to directory dir\n"); printf(" -d device to set tunnel device name\n"); printf(" -P password used for authentication (max 32 chars will be used)\n"); - printf("nameserver is the IP number of the relaying nameserver\n"); + printf("nameserver is the IP number of the relaying nameserver, if absent /etc/resolv.conf is used\n"); printf("topdomain is the FQDN that is delegated to the tunnel endpoint.\n"); exit(0); @@ -469,7 +602,7 @@ static void version() { printf("iodine IP over DNS tunneling client\n"); - printf("version: 0.4.0 from 2007-03-25\n"); + printf("version: 0.4.1 from 2007-11-30\n"); exit(0); } @@ -477,6 +610,7 @@ version() { int main(int argc, char **argv) { + char *nameserv_addr; struct passwd *pw; char *username; int foreground; @@ -492,6 +626,9 @@ main(int argc, char **argv) newroot = NULL; device = NULL; chunkid = 0; + + b32 = get_base32_encoder(); + dataenc = get_base32_encoder(); while ((choice = getopt(argc, argv, "vfhu:t:d:P:")) != -1) { switch(choice) { @@ -514,8 +651,11 @@ main(int argc, char **argv) device = optarg; break; case 'P': - strncpy(password, optarg, 32); - password[32] = 0; + strncpy(password, optarg, sizeof(password)); + password[sizeof(password)-1] = 0; + + /* XXX: find better way of cleaning up ps(1) */ + memset(optarg, 0, strlen(optarg)); break; default: usage(); @@ -524,37 +664,48 @@ main(int argc, char **argv) } if (geteuid() != 0) { - printf("Run as root and you'll be happy.\n"); + warnx("Run as root and you'll be happy.\n"); usage(); } argc -= optind; argv += optind; - - if (argc != 2) + + switch (argc) { + case 1: + nameserv_addr = get_resolvconf_addr(); + topdomain = strdup(argv[0]); + break; + case 2: + nameserv_addr = argv[0]; + topdomain = strdup(argv[1]); + break; + default: usage(); + /* NOTREACHED */ + } - topdomain = strdup(argv[1]); + set_nameserver(nameserv_addr); - if(username) { - pw = getpwnam(username); - if (!pw) { - printf("User %s does not exist!\n", username); + if (strlen(topdomain) > 128 || topdomain[0] == '.') { + warnx("Use a topdomain max 128 chars long. Do not start it with a dot.\n"); + usage(); + } + + if (username != NULL) { + if ((pw = getpwnam(username)) == NULL) { + warnx("User %s does not exist!\n", username); usage(); } } - if (strlen(password) == 0) { - printf("Enter password on stdin:\n"); - scanf("%32s", password); - password[32] = 0; - } + if (strlen(password) == 0) + read_password(password, sizeof(password)); if ((tun_fd = open_tun(device)) == -1) goto cleanup1; if ((dns_fd = open_dns(0, INADDR_ANY)) == -1) goto cleanup2; - set_target(argv[0]); signal(SIGINT, sighandler); signal(SIGTERM, sighandler); @@ -562,21 +713,21 @@ main(int argc, char **argv) if(handshake(dns_fd)) goto cleanup2; - printf("Sending queries for %s to %s\n", argv[1], argv[0]); + printf("Sending queries for %s to %s\n", topdomain, nameserv_addr); - do_chroot(newroot); + if (foreground == 0) + do_detach(); + + if (newroot != NULL) + do_chroot(newroot); - if (username) { + if (username != NULL) { if (setgid(pw->pw_gid) < 0 || setuid(pw->pw_uid) < 0) { - printf("Could not switch to user %s!\n", username); + warnx("Could not switch to user %s!\n", username); usage(); } } - if (!foreground) { - do_detach(); - } - tunnel(tun_fd, dns_fd); cleanup2: diff --git a/src/iodined.c b/src/iodined.c index 950b0d8..17f27cc 100644 --- a/src/iodined.c +++ b/src/iodined.c @@ -21,6 +21,7 @@ #include #include #include +#include #include #include #include @@ -34,20 +35,20 @@ #include "common.h" #include "dns.h" +#include "encoding.h" +#include "base32.h" #include "user.h" #include "login.h" #include "tun.h" -#include "encoding.h" #include "version.h" -int running = 1; +static int running = 1; +static char *topdomain; +static char password[33]; +static struct encoder *b32; -char *topdomain; - -char password[33]; - -int my_mtu; -in_addr_t my_ip; +static int my_mtu; +static in_addr_t my_ip; static int read_dns(int, struct query *, char *, int); static void write_dns(int, struct query *, char *, int); @@ -133,6 +134,7 @@ tunnel_dns(int tun_fd, int dns_fd) char logindata[16]; char out[64*1024]; char in[64*1024]; + char unpacked[64*1024]; char *tmp[2]; int userid; int touser; @@ -145,37 +147,37 @@ tunnel_dns(int tun_fd, int dns_fd) return 0; if(in[0] == 'V' || in[0] == 'v') { + read = unpack_data(unpacked, sizeof(unpacked), &(in[1]), read - 1, b32); /* Version greeting, compare and send ack/nak */ if (read > 4) { /* Received V + 32bits version */ + version = (((unpacked[0] & 0xff) << 24) | + ((unpacked[1] & 0xff) << 16) | + ((unpacked[2] & 0xff) << 8) | + ((unpacked[3] & 0xff))); + } - version = (((in[1] & 0xff) << 24) | - ((in[2] & 0xff) << 16) | - ((in[3] & 0xff) << 8) | - ((in[4] & 0xff))); - - if (version == VERSION) { - userid = find_available_user(); - if (userid >= 0) { - users[userid].seed = rand(); - memcpy(&(users[userid].host), &(dummy.q.from), dummy.q.fromlen); - memcpy(&(users[userid].q), &(dummy.q), sizeof(struct query)); - users[userid].addrlen = dummy.q.fromlen; - send_version_response(dns_fd, VERSION_ACK, users[userid].seed, &users[userid]); - users[userid].q.id = 0; - } else { - /* No space for another user */ - send_version_response(dns_fd, VERSION_FULL, USERS, &dummy); - } + if (version == VERSION) { + userid = find_available_user(); + if (userid >= 0) { + users[userid].seed = rand(); + memcpy(&(users[userid].host), &(dummy.q.from), dummy.q.fromlen); + memcpy(&(users[userid].q), &(dummy.q), sizeof(struct query)); + users[userid].addrlen = dummy.q.fromlen; + users[userid].encoder = get_base32_encoder(); + send_version_response(dns_fd, VERSION_ACK, users[userid].seed, &users[userid]); + users[userid].q.id = 0; } else { - send_version_response(dns_fd, VERSION_NACK, VERSION, &dummy); + /* No space for another user */ + send_version_response(dns_fd, VERSION_FULL, USERS, &dummy); } } else { send_version_response(dns_fd, VERSION_NACK, VERSION, &dummy); } } else if(in[0] == 'L' || in[0] == 'l') { + read = unpack_data(unpacked, sizeof(unpacked), &(in[1]), read - 1, b32); /* Login phase, handle auth */ - userid = in[1]; + userid = unpacked[0]; if (userid < 0 || userid >= USERS) { write_dns(dns_fd, &(dummy.q), "BADIP", 5); return 0; /* illegal id */ @@ -187,7 +189,7 @@ tunnel_dns(int tun_fd, int dns_fd) memcmp(&(users[userid].host), &(dummy.q.from), dummy.q.fromlen) != 0) { write_dns(dns_fd, &(dummy.q), "BADIP", 5); } else { - if (read >= 18 && (memcmp(logindata, in+2, 16) == 0)) { + if (read >= 18 && (memcmp(logindata, unpacked+1, 16) == 0)) { /* Login ok, send ip/mtu info */ tempip.s_addr = my_ip; @@ -208,14 +210,21 @@ tunnel_dns(int tun_fd, int dns_fd) } } } else if(in[0] == 'P' || in[0] == 'p') { + read = unpack_data(unpacked, sizeof(unpacked), &(in[1]), read - 1, b32); /* Ping packet, store userid */ - userid = in[1]; + userid = unpacked[0]; if (userid < 0 || userid >= USERS) { write_dns(dns_fd, &(dummy.q), "BADIP", 5); return 0; /* illegal id */ } memcpy(&(users[userid].q), &(dummy.q), sizeof(struct query)); users[userid].last_pkt = time(NULL); + } else if(in[0] == 'Z' || in[0] == 'z') { + /* Case conservation check */ + + /* Reply with received hostname as data */ + write_dns(dns_fd, &(dummy.q), in, read); + return 0; } else if((in[0] >= '0' && in[0] <= '9') || (in[0] >= 'a' && in[0] <= 'f') || (in[0] >= 'A' && in[0] <= 'F')) { @@ -237,12 +246,16 @@ tunnel_dns(int tun_fd, int dns_fd) memcmp(&(users[userid].host), &(dummy.q.from), dummy.q.fromlen) != 0) { write_dns(dns_fd, &(dummy.q), "BADIP", 5); } else { + /* decode with this users encoding */ + read = unpack_data(unpacked, sizeof(unpacked), &(in[1]), read - 1, + users[userid].encoder); + users[userid].last_pkt = time(NULL); memcpy(&(users[userid].q), &(dummy.q), sizeof(struct query)); users[userid].addrlen = dummy.q.fromlen; - memcpy(users[userid].inpacket.data + users[userid].inpacket.offset, in + 1, read - 1); - users[userid].inpacket.len += read - 1; - users[userid].inpacket.offset += read - 1; + memcpy(users[userid].inpacket.data + users[userid].inpacket.offset, unpacked, read); + users[userid].inpacket.len += read; + users[userid].inpacket.offset += read; if (code & 1) { outlen = sizeof(out); @@ -351,12 +364,17 @@ read_dns(int fd, struct query *q, char *buf, int buflen) if (r > 0) { dns_decode(buf, buflen, q, QR_QUERY, packet, r); domain = strstr(q->name, topdomain); - rv = decode_data(buf, buflen, q->name, domain); - q->fromlen = addrlen; - memcpy((struct sockaddr*)&q->from, (struct sockaddr*)&from, addrlen); - } else if (r < 0) { + if (domain) { + rv = (int) (domain - q->name); + memcpy(buf, q->name, MIN(rv, buflen)); + q->fromlen = addrlen; + memcpy((struct sockaddr*)&q->from, (struct sockaddr*)&from, addrlen); + } else { + rv = 0; + } + } else if (r < 0) { /* Error */ - perror("recvfrom"); + warn("read dns"); rv = 0; } @@ -410,24 +428,24 @@ help() { static void version() { printf("iodine IP over DNS tunneling server\n"); - printf("version: 0.4.0 from 2007-03-25\n"); + printf("version: 0.4.1 from 2007-11-30\n"); exit(0); } int main(int argc, char **argv) { - int choice; - int tun_fd; - int dnsd_fd; - char *newroot; - char *username; - char *device; - int foreground; - int mtu; - struct passwd *pw; in_addr_t listen_ip; + struct passwd *pw; + int foreground; + char *username; + char *newroot; + char *device; + int dnsd_fd; + int tun_fd; + int choice; int port; + int mtu; username = NULL; newroot = NULL; @@ -437,7 +455,9 @@ main(int argc, char **argv) listen_ip = INADDR_ANY; port = 53; - memset(password, 0, 33); + b32 = get_base32_encoder(); + + memset(password, 0, sizeof(password)); srand(time(NULL)); while ((choice = getopt(argc, argv, "vfhu:t:d:m:l:p:P:")) != -1) { @@ -474,8 +494,11 @@ main(int argc, char **argv) } break; case 'P': - strncpy(password, optarg, 32); - password[32] = 0; + strncpy(password, optarg, sizeof(password)); + password[sizeof(password)-1] = 0; + + /* XXX: find better way of cleaning up ps(1) */ + memset(optarg, 0, strlen(optarg)); break; default: usage(); @@ -487,7 +510,7 @@ main(int argc, char **argv) argv += optind; if (geteuid() != 0) { - printf("Run as root and you'll be happy.\n"); + warnx("Run as root and you'll be happy.\n"); usage(); } @@ -495,30 +518,30 @@ main(int argc, char **argv) usage(); topdomain = strdup(argv[1]); + if (strlen(topdomain) > 128 || topdomain[0] == '.') { + warnx("Use a topdomain max 128 chars long. Do not start it with a dot.\n"); + usage(); + } - if (username) { - pw = getpwnam(username); - if (!pw) { - printf("User %s does not exist!\n", username); + if (username != NULL) { + if ((pw = getpwnam(username)) == NULL) { + warnx("User %s does not exist!\n", username); usage(); } } if (mtu == 0) { - printf("Bad MTU given.\n"); + warnx("Bad MTU given.\n"); usage(); } if (listen_ip == INADDR_NONE) { - printf("Bad IP address to listen on.\n"); + warnx("Bad IP address to listen on.\n"); usage(); } - if (strlen(password) == 0) { - printf("Enter password on stdin:\n"); - scanf("%32s", password); - password[32] = 0; - } + if (strlen(password) == 0) + read_password(password, sizeof(password)); if ((tun_fd = open_tun(device)) == -1) goto cleanup0; @@ -531,22 +554,22 @@ main(int argc, char **argv) my_mtu = mtu; init_users(my_ip); - printf("Listening to dns for domain %s\n", argv[1]); + printf("Listening to dns for domain %s\n", topdomain); - do_chroot(newroot); + if (foreground == 0) + do_detach(); + + if (newroot != NULL) + do_chroot(newroot); signal(SIGINT, sigint); - if (username) { + if (username != NULL) { if (setgid(pw->pw_gid) < 0 || setuid(pw->pw_uid) < 0) { - printf("Could not switch to user %s!\n", username); + warnx("Could not switch to user %s!\n", username); usage(); } } - if (!foreground) { - do_detach(); - } - tunnel(tun_fd, dnsd_fd); cleanup2: diff --git a/src/login.c b/src/login.c index b3f942a..a5cde37 100644 --- a/src/login.c +++ b/src/login.c @@ -47,5 +47,6 @@ login_calculate(char *buf, int buflen, char *pass, int seed) md5_init(&ctx); md5_append(&ctx, temp, 32); md5_finish(&ctx, (unsigned char *) buf); + } diff --git a/src/tun.c b/src/tun.c index cdc9124..144133d 100644 --- a/src/tun.c +++ b/src/tun.c @@ -58,7 +58,9 @@ open_tun(const char *tun_device) if (tun_device != NULL) { strncpy(ifreq.ifr_name, tun_device, IFNAMSIZ); + ifreq.ifr_name[IFNAMSIZ-1] = '\0'; strncpy(if_name, tun_device, sizeof(if_name)); + if_name[sizeof(if_name)-1] = '\0'; if (ioctl(tun_fd, TUNSETIFF, (void *) &ifreq) != -1) { printf("Opened %s\n", ifreq.ifr_name); @@ -102,6 +104,7 @@ open_tun(const char *tun_device) if (tun_device != NULL) { snprintf(tun_name, sizeof(tun_name), "/dev/%s", tun_device); strncpy(if_name, tun_device, sizeof(if_name)); + if_name[sizeof(if_name)-1] = '\0'; if ((tun_fd = open(tun_name, O_RDWR)) < 0) { warn("open_tun: %s: %s", tun_name, strerror(errno)); @@ -140,7 +143,7 @@ close_tun(int tun_fd) } int -write_tun(int tun_fd, char *data, int len) +write_tun(int tun_fd, char *data, size_t len) { #if defined (FREEBSD) || defined (DARWIN) || defined(NETBSD) data += 4; @@ -166,8 +169,8 @@ write_tun(int tun_fd, char *data, int len) return 0; } -int -read_tun(int tun_fd, char *buf, int len) +ssize_t +read_tun(int tun_fd, char *buf, size_t len) { #if defined (FREEBSD) || defined (DARWIN) || defined(NETBSD) /* FreeBSD/Darwin/NetBSD has no header */ @@ -181,6 +184,9 @@ int tun_setip(const char *ip) { char cmdline[512]; +#ifndef LINUX + int r; +#endif if (inet_addr(ip) != INADDR_NONE) { snprintf(cmdline, sizeof(cmdline), @@ -191,8 +197,6 @@ tun_setip(const char *ip) printf("Setting IP of %s to %s\n", if_name, ip); #ifndef LINUX - int r; - r = system(cmdline); if(r != 0) { return r; @@ -212,20 +216,20 @@ tun_setip(const char *ip) } int -tun_setmtu(const int mtu) +tun_setmtu(const size_t mtu) { char cmdline[512]; if (mtu > 200 && mtu < 1500) { snprintf(cmdline, sizeof(cmdline), - "/sbin/ifconfig %s mtu %d", + "/sbin/ifconfig %s mtu %u", if_name, mtu); - printf("Setting MTU of %s to %d\n", if_name, mtu); + printf("Setting MTU of %s to %u\n", if_name, mtu); return system(cmdline); } else { - warn("MTU out of range: %d\n", mtu); + warn("MTU out of range: %u\n", mtu); } return 1; diff --git a/src/tun.h b/src/tun.h index 2313b3a..72773de 100644 --- a/src/tun.h +++ b/src/tun.h @@ -19,9 +19,9 @@ int open_tun(const char *); void close_tun(int); -int write_tun(int, char *, int); -int read_tun(int, char *, int); +int write_tun(int, char *, size_t); +ssize_t read_tun(int, char *, size_t); int tun_setip(const char *); -int tun_setmtu(const int); +int tun_setmtu(const size_t); #endif /* _TUN_H_ */ diff --git a/src/user.c b/src/user.c index ed809b8..6cbddfb 100644 --- a/src/user.c +++ b/src/user.c @@ -14,15 +14,23 @@ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -#include #include +#include #include +#include +#include +#include +#include +#include +#include #include #include +#include +#include #include -#include #include "common.h" +#include "encoding.h" #include "user.h" struct user users[USERS]; diff --git a/src/user.h b/src/user.h index b947ea4..2d0d2ad 100644 --- a/src/user.h +++ b/src/user.h @@ -30,6 +30,7 @@ struct user { struct query q; struct packet inpacket; struct packet outpacket; + struct encoder *encoder; }; extern struct user users[USERS]; diff --git a/src/version.h b/src/version.h index 8b9f6ca..d12c2f9 100644 --- a/src/version.h +++ b/src/version.h @@ -19,7 +19,7 @@ /* This is the version of the network protocol It is usually equal to the latest iodine version number */ -#define VERSION 0x00000400 +#define VERSION 0x00000402 #endif /* _VERSION_H_ */ diff --git a/tests/Makefile b/tests/Makefile index c08d443..94e808e 100644 --- a/tests/Makefile +++ b/tests/Makefile @@ -1,7 +1,7 @@ CC = gcc TEST = test -OBJS = test.o base32.o read.o dns.o encoding.o login.o user.o -SRCOBJS = ../src/base32.o ../src/read.o ../src/dns.o ../src/encoding.o ../src/login.o ../src/md5.o ../src/user.o +OBJS = test.o base32.o base64.o read.o dns.o encoding.o login.o user.o +SRCOBJS = ../src/base32.o ../src/base64.o ../src/read.o ../src/dns.o ../src/encoding.o ../src/login.o ../src/md5.o ../src/user.o OS = `uname | tr "a-z" "A-Z"` diff --git a/tests/base32.c b/tests/base32.c index 34a5da5..b020cda 100644 --- a/tests/base32.c +++ b/tests/base32.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2006 Bjorn Andersson , Erik Ekman + * Copyright (c) 2006-2007 Bjorn Andersson , Erik Ekman * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -20,14 +20,16 @@ #include #include +#include "encoding.h" #include "base32.h" #include "test.h" -struct touple +static struct tuple { char *a; char *b; } testpairs[] = { + { "iodinetestingtesting", "nfxwi0lomv0gk21unfxgo3dfon0gs1th" }, { "abc123", "mfrggmjsgm" }, { NULL, NULL } }; @@ -35,46 +37,37 @@ struct touple START_TEST(test_base32_encode) { size_t len; - char *buf; + char buf[4096]; int val; int i; - len = 0; - buf = NULL; - for (i = 0; testpairs[i].a != NULL; i++) { - val = base32_encode(&buf, &len, testpairs[i].a, strlen(testpairs[i].a)); + len = sizeof(buf); + val = base32_encode(buf, &len, testpairs[i].a, strlen(testpairs[i].a)); fail_unless(val > 0, strerror(errno)); - fail_unless(buf != NULL, "buf == NULL"); fail_unless(strcmp(buf, testpairs[i].b) == 0, va_str("'%s' != '%s'", buf, testpairs[i].b)); } - - free(buf); } END_TEST START_TEST(test_base32_decode) { size_t len; - void *buf; + char buf[4096]; int val; int i; - len = 0; - buf = NULL; - for (i = 0; testpairs[i].a != NULL; i++) { - val = base32_decode(&buf, &len, testpairs[i].b); + len = sizeof(buf); + val = base32_decode(buf, &len, testpairs[i].b, strlen(testpairs[i].b)); fail_unless(val > 0, strerror(errno)); fail_unless(buf != NULL, "buf == NULL"); fail_unless(strcmp(buf, testpairs[i].a) == 0, va_str("'%s' != '%s'", buf, testpairs[i].a)); } - - free(buf); } END_TEST diff --git a/tests/base64.c b/tests/base64.c new file mode 100644 index 0000000..7f12bf4 --- /dev/null +++ b/tests/base64.c @@ -0,0 +1,112 @@ +/* + * Copyright (c) 2006-2007 Bjorn Andersson , Erik Ekman + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include +#include +#include +#include +#include + +#include "encoding.h" +#include "base64.h" +#include "test.h" + +static struct tuple +{ + char *a; + char *b; +} testpairs[] = { + { "iodinetestingtesting", "Aw8KAw4LDgvZDgLUz2rLC2rPBMC" }, + { "abc123", "ywjJmtiZ" }, + { + "\xFF\xEF\x7C\xEF\xAE\x78\xDF\x6D\x74\xCF\x2C\x70\xBE\xEB\x6C\xAE\xAA\x68" + "\x9E\x69\x64\x8E\x28\x60\x7D\xE7\x5C\x6D\xA6\x58\x5D\x65\x54\x4D\x24\x50" + "\x3C\xE3\x4C\x2C\xA2\x48\x1C\x61\x44\x0C\x20\x40\x3F\x3F\x3C\xEF\xAE\x78" + "\xDF\x6D\x74\xCF\x2C\x70\xBE\xEB\x6C\xAE\xAA\x68\x9E\x69\x64\x8E\x28\x60" + "\x7D\xE7\x5C\x6D\xA6\x58\x5D\x65\x54\x4D\x24\x50\x3C\xE3\x4C\x2C\xA2\x48" + "\x1C\x61\x44\x0C\x20\x40\xFF\xEF\x7C\xEF\xAE\x78\xDF\x6D\x74\xCF\x2C\x70" + "\xBE\xEB\x6C\xAE\xAA\x68\x9E\x69\x64\x8E\x28\x60\x7D\xE7\x5C\x6D\xA6\x58" + "\x5D\x65\x54\x4D\x24\x50\x3C\xE3\x4C\x2C\xA2\x48\x1C\x61\x44\x0C\x20\x40", + + "9abba876543210-ZYXWVUTSRQPONMLKJIHGFEDCBAzyxwvutsrqponmlkjihgfe999dcbapZ" + "776543210-ZYXWVUTSRQPONMLKJIHGFEDCBAzyxwvutsrqponmlkjihgfedcba9abba87654" + "3210-ZYXWVUTSRQPONMLKJIHGFEDCBAzyxwvutsrqponmlkjihgfe999dcba" + }, + { + "\xFF\xEF\x7C\xEF\xAE\x78\xDF\x6D\x74\xCF\x2C\x70\xBE\xEB\x6C\xAE\xAA\x68" + "\x9E\x69\x64\x8E\x28\x60\x7D\xE7\x5C\x6D\xA6\x58\x5D\x65\x54\x4D\x24\x50" + "\x3C\xE3\x4C\x2C\xA2\x48\x1C\x61\x44\x0C\x20\x40\x3F\x3F\x3C\xEF\xAE\x78" + "\xDF\x6D\x74\xCF\x2C\x70\xBE\xEB\x6C\xAE\xA1\x61\x91\x61\x61\x81\x28\x60" + "\x7D\xE7\x5C\x6D\xA6\x58\x5D\x65\x54\x4D\x24\x50\x3C\xE3\x4C\x2C\xA2\x48" + "\x1C\x61\x44\x0C\x20\x40\xFF\xEF\x7C\xEF\xAE\x78\xDF\x6D\x74\xCF\x2C\x70" + "\xBE\xEB\x6C\xAE\xA1\x61\x91\x61\x61\x81\x28\x60\x7D\xE7\x5C\x6D\xA6\x58" + "\x5D\x65\x54\x4D\x24\x50\x3C\xE3\x4C\x2C\xA2\x48\x1C\x61\x44\x0C\x20\x40", + + "9IJJI876543210-ZYXWVUTSRQPONMLK9LMJIHGFEDCBAzyxwvutsrqponmlkjihgfedcbapZ" + "776543210-ZYXWVUTSRQfHKwfHGsHGFEDCBAzyxwvutsrqponmlkjihgfedcbaML87654321" + "0-ZYXWVUTSRQfHKwfHGsHGFEDCBAzyxwvutsrqponmlkjihgfedcba" + }, + { NULL, NULL } +}; + +START_TEST(test_base64_encode) +{ + size_t len; + char buf[4096]; + int val; + int i; + + for (i = 0; testpairs[i].a != NULL; i++) { + len = sizeof(buf); + val = base64_encode(buf, &len, testpairs[i].a, strlen(testpairs[i].a)); + + fail_unless(val > 0, strerror(errno)); + fail_unless(strcmp(buf, testpairs[i].b) == 0, + va_str("'%s' != '%s'", buf, testpairs[i].b)); + } +} +END_TEST + +START_TEST(test_base64_decode) +{ + size_t len; + char buf[4096]; + int val; + int i; + + for (i = 0; testpairs[i].a != NULL; i++) { + len = sizeof(buf); + val = base64_decode(buf, &len, testpairs[i].b, strlen(testpairs[i].b)); + + fail_unless(val > 0, strerror(errno)); + fail_unless(buf != NULL, "buf == NULL"); + fail_unless(strcmp(buf, testpairs[i].a) == 0, + va_str("'%s' != '%s'", buf, testpairs[i].a)); + } +} +END_TEST + +TCase * +test_base64_create_tests() +{ + TCase *tc; + + tc = tcase_create("Base64"); + tcase_add_test(tc, test_base64_encode); + tcase_add_test(tc, test_base64_decode); + + return tc; +} diff --git a/tests/dns.c b/tests/dns.c index cbd737a..1311d33 100644 --- a/tests/dns.c +++ b/tests/dns.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2006 Bjorn Andersson , Erik Ekman + * Copyright (c) 2006-2007 Bjorn Andersson , Erik Ekman * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -28,17 +28,17 @@ #include "common.h" #include "dns.h" #include "encoding.h" +#include "base32.h" #include "test.h" static void dump_packet(char *, size_t); static char queryPacket[] = - "\x05\x39\x01\x00\x00\x01\x00\x00\x00\x00\x00\x01\x32\x41\x4A\x42\x43" - "\x55\x59\x54\x43\x50\x45\x42\x39\x47\x51\x39\x4C\x54\x45\x42\x55\x58" - "\x47\x49\x44\x55\x4E\x42\x53\x53\x41\x36\x44\x46\x4F\x4E\x39\x43\x41" - "\x5A\x44\x42\x32\x41\x41\x41\x41\x41\x36\x44\x42\x04\x6B\x72\x79\x6F" - "\x02\x73\x65\x00\x00\x0A\x00\x01\x00\x00\x29\x10\x00\x00\x00\x80\x00" - "\x00\x00"; + "\x05\x39\x01\x00\x00\x01\x00\x00\x00\x00\x00\x01\x2D\x41\x6A\x62\x63" + "\x75\x79\x74\x63\x70\x65\x62\x30\x67\x71\x30\x6C\x74\x65\x62\x75\x78" + "\x67\x69\x64\x75\x6E\x62\x73\x73\x61\x33\x64\x66\x6F\x6E\x30\x63\x61" + "\x7A\x64\x62\x6F\x72\x71\x71\x04\x6B\x72\x79\x6F\x02\x73\x65\x00\x00" + "\x0A\x00\x01\x00\x00\x29\x10\x00\x00\x00\x80\x00\x00\x00"; static char answerPacket[] = "\x05\x39\x84\x00\x00\x01\x00\x01\x00\x00\x00\x00\x05\x73\x69\x6C\x6C" @@ -51,16 +51,16 @@ static char answerPacket[] = static char *msgData = "this is the message to be delivered"; static char *topdomain = "kryo.se"; -static char *queryData = "HELLO this is the test data"; -static char *recData = "AHELLO this is the test data"; /* The A flag is added */ +static char *innerData = "HELLO this is the test data"; START_TEST(test_encode_query) { char buf[512]; char resolv[512]; struct query q; + struct encoder *enc; char *d; - int len; + size_t len; int ret; len = sizeof(buf); @@ -70,9 +70,10 @@ START_TEST(test_encode_query) q.type = T_NULL; q.id = 1337; d = resolv; + enc = get_base32_encoder(); *d++ = 'A'; - encode_data(queryData, strlen(queryData), 100, d); + enc->encode(d, &len, innerData, strlen(innerData)); d = resolv + strlen(resolv); if (*d != '.') { *d++ = '.'; @@ -96,20 +97,22 @@ START_TEST(test_decode_query) char buf[512]; char *domain; struct query q; - int len; - int ret; + struct encoder *enc; + size_t len; memset(&q, 0, sizeof(struct query)); memset(&buf, 0, sizeof(buf)); q.id = 0; len = sizeof(queryPacket) - 1; + enc = get_base32_encoder(); dns_decode(buf, sizeof(buf), &q, QR_QUERY, queryPacket, len); domain = strstr(q.name, topdomain); - ret = decode_data(buf, sizeof(buf), q.name, domain); + len = sizeof(buf); + unpack_data(buf, len, &(q.name[1]), (int) (domain - q.name) - 1, enc); - fail_unless(strncmp(buf, recData, ret) == 0, "Did not extract expected host: '%s'", buf); - fail_unless(strlen(buf) == strlen(recData), va_str("Bad host length: %d, expected %d", strlen(q.name), strlen(recData))); + fail_unless(strncmp(buf, innerData, strlen(innerData)) == 0, "Did not extract expected host: '%s'", buf); + fail_unless(strlen(buf) == strlen(innerData), va_str("Bad host length: %d, expected %d: '%s'", strlen(buf), strlen(innerData), buf)); } END_TEST diff --git a/tests/encoding.c b/tests/encoding.c index dcde87b..fcfae49 100644 --- a/tests/encoding.c +++ b/tests/encoding.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2006 Bjorn Andersson , Erik Ekman + * Copyright (c) 2006-2007 Bjorn Andersson , Erik Ekman * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -22,24 +22,56 @@ #include "encoding.h" #include "test.h" -START_TEST(test_encoding_base32) +struct tuple { - char temp[256]; - char *start = "HELLOTEST"; - char *out = "1HELLOTEST"; - char end[256]; - char *tempend; - int codedlength; + char *a; + char *b; +} dottests[] = { + { "aaaaaaaaaaaaaabaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", + "aaaaaaaaaaaaaabaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.a"}, + { "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", + "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa."}, + { "abc123", "abc123" }, + { NULL, NULL } +}; - memset(temp, 0, sizeof(temp)); - memset(end, 0, sizeof(end)); +START_TEST(test_inline_dotify) +{ + unsigned i; + char temp[1024]; + char *b; - codedlength = encode_data(start, strlen(start), sizeof(temp) - 1, temp + 1); - temp[0] = '1'; - tempend = temp + strlen(temp); - decode_data(end, sizeof(end), temp, tempend); + i = 0; + while (dottests[i].a) { + memset(temp, 0, sizeof(temp)); + strcpy(temp, dottests[i].a); + b = temp; + inline_dotify(b, sizeof(temp)); - fail_unless(strcmp(out, end) == 0, NULL); + fail_unless(strcmp(dottests[i].b, temp) == 0, + va_str("'%s' != '%s'", temp, dottests[i].b)); + i++; + } +} +END_TEST + +START_TEST(test_inline_undotify) +{ + unsigned i; + char temp[1024]; + char *b; + + i = 0; + while (dottests[i].a) { + memset(temp, 0, sizeof(temp)); + strcpy(temp, dottests[i].b); + b = temp; + inline_undotify(b, sizeof(temp)); + + fail_unless(strcmp(dottests[i].a, temp) == 0, + va_str("'%s' != '%s'", temp, dottests[i].a)); + i++; + } } END_TEST @@ -49,7 +81,8 @@ test_encoding_create_tests() TCase *tc; tc = tcase_create("Encoding"); - tcase_add_test(tc, test_encoding_base32); + tcase_add_test(tc, test_inline_dotify); + tcase_add_test(tc, test_inline_undotify); return tc; } diff --git a/tests/login.c b/tests/login.c index cad9b9a..b698b85 100644 --- a/tests/login.c +++ b/tests/login.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2006 Bjorn Andersson , Erik Ekman + * Copyright (c) 2006-2007 Bjorn Andersson , Erik Ekman * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above diff --git a/tests/read.c b/tests/read.c index e0e4472..14a139a 100644 --- a/tests/read.c +++ b/tests/read.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2006 Bjorn Andersson , Erik Ekman + * Copyright (c) 2006-2007 Bjorn Andersson , Erik Ekman * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above diff --git a/tests/test.c b/tests/test.c index 850d1f7..b01417f 100644 --- a/tests/test.c +++ b/tests/test.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2006 Bjorn Andersson , Erik Ekman + * Copyright (c) 2006-2007 Bjorn Andersson , Erik Ekman * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -49,6 +49,9 @@ main() test = test_base32_create_tests(); suite_add_tcase(iodine, test); + test = test_base64_create_tests(); + suite_add_tcase(iodine, test); + test = test_dns_create_tests(); suite_add_tcase(iodine, test); diff --git a/tests/test.h b/tests/test.h index 492cd9b..413ae41 100644 --- a/tests/test.h +++ b/tests/test.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2006 Bjorn Andersson , Erik Ekman + * Copyright (c) 2006-2007 Bjorn Andersson , Erik Ekman * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -18,6 +18,7 @@ #define __TEST_H__ TCase *test_base32_create_tests(); +TCase *test_base64_create_tests(); TCase *test_dns_create_tests(); TCase *test_encoding_create_tests(); TCase *test_read_create_tests(); diff --git a/tests/user.c b/tests/user.c index 8f3ee84..7c3f87a 100644 --- a/tests/user.c +++ b/tests/user.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2006 Bjorn Andersson , Erik Ekman + * Copyright (c) 2006-2007 Bjorn Andersson , Erik Ekman * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -23,6 +23,7 @@ #include #include "common.h" +#include "encoding.h" #include "user.h" #include "test.h"