ExternalVendorCode/ZeroTierOne
1
0
Fork 0
mirror of https://github.com/zerotier/ZeroTierOne.git synced 2025-02-11 21:45:18 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Apple auto-update stuff, now for Windows.

Browse Source
This commit is contained in:
Adam Ierymenko 2015-05-20 19:38:49 -07:00
parent b6698d8415
commit 1213073916
10 changed files with 227 additions and 730 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

328
attic/SoftwareUpdater.cpp
View File

@ -1,328 +0,0 @@
/*
* ZeroTier One - Network Virtualization Everywhere
* Copyright (C) 2011-2015 ZeroTier, Inc.
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
* --
*
* ZeroTier may be used and distributed under the terms of the GPLv3, which
* are available at: http://www.gnu.org/licenses/gpl-3.0.html
*
* If you would like to embed ZeroTier into a commercial application or
* redistribute it in a modified binary form, please contact ZeroTier Networks
* LLC. Start here: http://www.zerotier.com/
*/
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <stdexcept>
#include "../version.h"
#include "Constants.hpp"
#include "SoftwareUpdater.hpp"
#include "Dictionary.hpp"
#include "C25519.hpp"
#include "Identity.hpp"
#include "Logger.hpp"
#include "RuntimeEnvironment.hpp"
#include "Thread.hpp"
#include "Node.hpp"
#include "Utils.hpp"
#include "HttpClient.hpp"
#ifdef __UNIX_LIKE__
#include <unistd.h>
#include <fcntl.h>
#include <sys/types.h>
#include <sys/stat.h>
#endif
namespace ZeroTier {
static inline std::map< Address,Identity > _mkUpdateAuth()
{
std::map< Address,Identity > ua;
{ // 0001
Identity id("e9bc3707b5:0:c4cef17bde99eadf9748c4fd11b9b06dc5cd8eb429227811d2c336e6b96a8d329e8abd0a4f45e47fe1bcebf878c004c822d952ff77fc2833af4c74e65985c435");
ua[id.address()] = id;
}
{ // 0002
Identity id("56520eaf93:0:7d858b47988b34399a9a31136de07b46104d7edb4a98fa1d6da3e583d3a33e48be531532b886f0b12cd16794a66ab9220749ec5112cbe96296b18fe0cc79ca05");
ua[id.address()] = id;
}
{ // 0003
Identity id("7c195de2e0:0:9f659071c960f9b0f0b96f9f9ecdaa27c7295feed9c79b7db6eedcc11feb705e6dd85c70fa21655204d24c897865b99eb946b753a2bbcf2be5f5e006ae618c54");
ua[id.address()] = id;
}
{ // 0004
Identity id("415f4cfde7:0:54118e87777b0ea5d922c10b337c4f4bd1db7141845bd54004b3255551a6e356ba6b9e1e85357dbfafc45630b8faa2ebf992f31479e9005f0472685f2d8cbd6e");
ua[id.address()] = id;
}
return ua;
}
static inline const char *_mkUpdateUrl()
{
#if defined(__LINUX__) && ( defined(__i386__) || defined(__x86_64) || defined(__x86_64__) || defined(__amd64) || defined(__i386) )
if (sizeof(void *) == 8)
return "http://download.zerotier.com/ZeroTierOneInstaller-linux-x64-LATEST.nfo";
else return "http://download.zerotier.com/ZeroTierOneInstaller-linux-x86-LATEST.nfo";
#define GOT_UPDATE_URL
#endif
#ifdef __APPLE__
return "http://download.zerotier.com/ZeroTierOneInstaller-mac-combined-LATEST.nfo";
#define GOT_UPDATE_URL
#endif
#ifdef __WINDOWS__
return "http://download.zerotier.com/ZeroTierOneInstaller-windows-intel-LATEST.nfo";
#define GOT_UPDATE_URL
#endif
#ifndef GOT_UPDATE_URL
return "";
#endif
}
SoftwareUpdater::SoftwareUpdater(const RuntimeEnvironment *renv) :
RR(renv),
_myVersion(packVersion(ZEROTIER_ONE_VERSION_MAJOR,ZEROTIER_ONE_VERSION_MINOR,ZEROTIER_ONE_VERSION_REVISION)),
_lastUpdateAttempt(0),
_status(UPDATE_STATUS_IDLE),
_die(false),
_lock()
{
}
SoftwareUpdater::~SoftwareUpdater()
{
_die = true;
for(;;) {
_lock.lock();
bool ip = (_status != UPDATE_STATUS_IDLE);
_lock.unlock();
if (ip)
Thread::sleep(500);
else break;
}
}
void SoftwareUpdater::cleanOldUpdates()
{
std::string updatesDir(RR->homePath + ZT_PATH_SEPARATOR_S + "updates.d");
std::map<std::string,bool> dl(Utils::listDirectory(updatesDir.c_str()));
for(std::map<std::string,bool>::iterator i(dl.begin());i!=dl.end();++i) {
if (!i->second)
Utils::rm((updatesDir + ZT_PATH_SEPARATOR_S + i->first).c_str());
}
}
void SoftwareUpdater::sawRemoteVersion(unsigned int vmaj,unsigned int vmin,unsigned int rev)
{
const uint64_t tmp = packVersion(vmaj,vmin,rev);
if (tmp > _myVersion) {
Mutex::Lock _l(_lock);
if ((_status == UPDATE_STATUS_IDLE)&&(!_die)&&(ZT_DEFAULTS.updateLatestNfoURL.length())) {
const uint64_t now = Utils::now();
if ((now - _lastUpdateAttempt) >= ZT_UPDATE_MIN_INTERVAL) {
_lastUpdateAttempt = now;
_status = UPDATE_STATUS_GETTING_NFO;
RR->http->GET(ZT_DEFAULTS.updateLatestNfoURL,HttpClient::NO_HEADERS,ZT_UPDATE_HTTP_TIMEOUT,&_cbHandleGetLatestVersionInfo,this);
}
}
}
}
void SoftwareUpdater::checkNow()
{
Mutex::Lock _l(_lock);
if (_status == UPDATE_STATUS_IDLE) {
_lastUpdateAttempt = Utils::now();
_status = UPDATE_STATUS_GETTING_NFO;
RR->http->GET(ZT_DEFAULTS.updateLatestNfoURL,HttpClient::NO_HEADERS,ZT_UPDATE_HTTP_TIMEOUT,&_cbHandleGetLatestVersionInfo,this);
}
}
const char *SoftwareUpdater::parseNfo(
const char *nfoText,
unsigned int &vMajor,
unsigned int &vMinor,
unsigned int &vRevision,
Address &signedBy,
std::string &signature,
std::string &url)
{
try {
Dictionary nfo(nfoText);
vMajor = Utils::strToUInt(nfo.get("vMajor").c_str());
vMinor = Utils::strToUInt(nfo.get("vMinor").c_str());
vRevision = Utils::strToUInt(nfo.get("vRevision").c_str());
signedBy = nfo.get("signedBy");
signature = Utils::unhex(nfo.get("ed25519"));
url = nfo.get("url");
if (signature.length() != ZT_C25519_SIGNATURE_LEN)
return "bad ed25519 signature, invalid length";
if ((url.length() <= 7)||(url.substr(0,7) != "http://"))
return "invalid URL, must begin with http://";
return (const char *)0;
} catch ( ... ) {
return "invalid NFO file format or one or more required fields missing";
}
}
bool SoftwareUpdater::validateUpdate(
const void *data,
unsigned int len,
const Address &signedBy,
const std::string &signature)
{
std::map< Address,Identity >::const_iterator updateAuthority = ZT_DEFAULTS.updateAuthorities.find(signedBy);
if (updateAuthority == ZT_DEFAULTS.updateAuthorities.end())
return false;
return updateAuthority->second.verify(data,len,signature.data(),(unsigned int)signature.length());
}
void SoftwareUpdater::_cbHandleGetLatestVersionInfo(void *arg,int code,const std::string &url,const std::string &body)
{
SoftwareUpdater *upd = (SoftwareUpdater *)arg;
const RuntimeEnvironment *RR = (const RuntimeEnvironment *)upd->RR;
Mutex::Lock _l(upd->_lock);
if ((upd->_die)||(upd->_status != UPDATE_STATUS_GETTING_NFO)) {
upd->_status = UPDATE_STATUS_IDLE;
return;
}
if (code != 200) {
LOG("software update check failed: server responded with code %d",code);
upd->_status = UPDATE_STATUS_IDLE;
return;
}
try {
unsigned int vMajor = 0,vMinor = 0,vRevision = 0;
Address signedBy;
std::string signature,url;
const char *err = parseNfo(body.c_str(),vMajor,vMinor,vRevision,signedBy,signature,url);
if (err) {
LOG("software update check aborted: .nfo file parse error: %s",err);
upd->_status = UPDATE_STATUS_IDLE;
return;
}
if (!ZT_DEFAULTS.updateAuthorities.count(signedBy)) {
LOG("software update check aborted: .nfo file specifies unknown signing authority");
upd->_status = UPDATE_STATUS_IDLE;
return;
}
#ifndef ZT_ALWAYS_UPDATE /* for testing */
if (packVersion(vMajor,vMinor,vRevision) <= upd->_myVersion) {
TRACE("software update check complete: version on update site is not newer than my version, no update necessary");
upd->_status = UPDATE_STATUS_IDLE;
return;
}
#endif
upd->_status = UPDATE_STATUS_GETTING_FILE;
upd->_signedBy = signedBy;
upd->_signature = signature;
RR->http->GET(url,HttpClient::NO_HEADERS,ZT_UPDATE_HTTP_TIMEOUT,&_cbHandleGetLatestVersionBinary,arg);
} catch ( ... ) {
LOG("software update check failed: .nfo file invalid or missing field(s)");
upd->_status = UPDATE_STATUS_IDLE;
}
}
void SoftwareUpdater::_cbHandleGetLatestVersionBinary(void *arg,int code,const std::string &url,const std::string &body)
{
SoftwareUpdater *upd = (SoftwareUpdater *)arg;
const RuntimeEnvironment *RR = (const RuntimeEnvironment *)upd->RR;
Mutex::Lock _l(upd->_lock);
if (!validateUpdate(body.data(),(unsigned int)body.length(),upd->_signedBy,upd->_signature)) {
LOG("software update failed: update fetched from '%s' failed signature check (image size: %u)",url.c_str(),(unsigned int)body.length());
upd->_status = UPDATE_STATUS_IDLE;
return;
}
size_t lastSlash = url.rfind('/');
if (lastSlash == std::string::npos) { // sanity check, shouldn't happen
LOG("software update failed: invalid URL");
upd->_status = UPDATE_STATUS_IDLE;
return;
}
std::string updatesDir(RR->homePath + ZT_PATH_SEPARATOR_S + "updates.d");
std::string updateFilename(url.substr(lastSlash + 1));
if ((updateFilename.length() < 3)||(updateFilename.find("..") != std::string::npos)) {
LOG("software update failed: invalid URL: filename contains invalid characters");
upd->_status = UPDATE_STATUS_IDLE;
return;
}
for(std::string::iterator c(updateFilename.begin());c!=updateFilename.end();++c) {
// Only allow a list of whitelisted characters to make up the filename to prevent any
// path shenanigans, esp on Windows where / is not the path separator.
if (!strchr("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ-_.0123456789",*c)) {
LOG("software update failed: invalid URL: filename contains invalid characters");
upd->_status = UPDATE_STATUS_IDLE;
return;
}
}
std::string updatePath(updatesDir + ZT_PATH_SEPARATOR_S + updateFilename);
#ifdef __WINDOWS__
CreateDirectoryA(updatesDir.c_str(),NULL);
#else
mkdir(updatesDir.c_str(),0755);
#endif
FILE *upf = fopen(updatePath.c_str(),"wb");
if (!upf) {
LOG("software update failed: unable to open %s for writing",updatePath.c_str());
upd->_status = UPDATE_STATUS_IDLE;
return;
}
if (fwrite(body.data(),body.length(),1,upf) != 1) {
LOG("software update failed: unable to write to %s",updatePath.c_str());
upd->_status = UPDATE_STATUS_IDLE;
fclose(upf);
Utils::rm(updatePath);
return;
}
fclose(upf);
#ifdef __UNIX_LIKE__
::chmod(updatePath.c_str(),0755);
#endif
// We exit with this reason code and the path as the text. It is the
// caller's responsibility (main.c) to pick this up and do the right
// thing.
upd->_status = UPDATE_STATUS_IDLE;
RR->node->terminate(Node::NODE_RESTART_FOR_UPGRADE,updatePath.c_str());
}
} // namespace ZeroTier

186
attic/SoftwareUpdater.hpp
View File

@ -1,186 +0,0 @@
/*
* ZeroTier One - Network Virtualization Everywhere
* Copyright (C) 2011-2015 ZeroTier, Inc.
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
* --
*
* ZeroTier may be used and distributed under the terms of the GPLv3, which
* are available at: http://www.gnu.org/licenses/gpl-3.0.html
*
* If you would like to embed ZeroTier into a commercial application or
* redistribute it in a modified binary form, please contact ZeroTier Networks
* LLC. Start here: http://www.zerotier.com/
*/
#ifndef ZT_SOFTWAREUPDATER_HPP
#define ZT_SOFTWAREUPDATER_HPP
#include <stdint.h>
#include <string>
#include "../node/Constants.hpp"
#include "../node/Mutex.hpp"
#include "../node/Address.hpp"
#include "HttpClient.hpp"
/**
* Delay between fetches of the root topology update URL
*
* 86400000 = check once every 24 hours (this doesn't change often)
*/
#define ZT_UPDATE_ROOT_TOPOLOGY_CHECK_INTERVAL 86400000
/**
* Minimum interval between attempts to do a software update
*/
#define ZT_UPDATE_MIN_INTERVAL 120000
/**
* Maximum interval between checks for new versions
*/
#define ZT_UPDATE_MAX_INTERVAL 7200000
/**
* Software update HTTP timeout in seconds
*/
#define ZT_UPDATE_HTTP_TIMEOUT 120
namespace ZeroTier {
/**
* Software updater
*/
class SoftwareUpdater
{
public:
SoftwareUpdater();
~SoftwareUpdater();
/**
* Remove old updates in updates.d
*/
void cleanOldUpdates();
/**
* Called on each version message from a peer
*
* If a peer has a newer version, that causes an update to be started.
*
* @param vmaj Peer's major version
* @param vmin Peer's minor version
* @param rev Peer's revision
*/
void sawRemoteVersion(unsigned int vmaj,unsigned int vmin,unsigned int rev);
/**
* Check for updates now regardless of last check time or version
*
* This only starts a check if one is not in progress. Otherwise it does
* nothing.
*/
void checkNow();
/**
* Check for updates now if it's been longer than ZT_UPDATE_MAX_INTERVAL
*
* This is called periodically from the main loop.
*/
inline void checkIfMaxIntervalExceeded(uint64_t now)
{
if ((now - _lastUpdateAttempt) >= ZT_UPDATE_MAX_INTERVAL)
checkNow();
}
/**
* Pack three-component version into a 64-bit integer
*
* @param vmaj Major version (0..65535)
* @param vmin Minor version (0..65535)
* @param rev Revision (0..65535)
* @return Version packed into an easily comparable 64-bit integer
*/
static inline uint64_t packVersion(unsigned int vmaj,unsigned int vmin,unsigned int rev)
throw()
{
return ( ((uint64_t)(vmaj & 0xffff) << 32) | ((uint64_t)(vmin & 0xffff) << 16) | (uint64_t)(rev & 0xffff) );
}
/**
* Parse NFO data from .nfo file on software update site
*
* The first argument is the NFO data, and all the remaining arguments are
* result parameters to be filled with results. If an error is returned the
* results in the parameters should be considered undefined.
*
* @param nfo NFO data
* @param vMajor Result: major version
* @param vMinor Result: minor version
* @param vRevision Result: revision number
* @param signedBy Result: signing identity
* @param signature Result: Ed25519 signature data
* @param url Result: URL of update binary
* @return NULL on success or error message on failure
*/
static const char *parseNfo(
const char *nfoText,
unsigned int &vMajor,
unsigned int &vMinor,
unsigned int &vRevision,
Address &signedBy,
std::string &signature,
std::string &url);
/**
* Validate an update once downloaded
*
* This obtains the identity corresponding to the address from the compiled-in
* list of valid signing identities.
*
* @param data Update data
* @param len Length of update data
* @param signedBy Signing authority address
* @param signature Signing authority signature
* @return True on validation success, false if rejected
*/
static bool validateUpdate(
const void *data,
unsigned int len,
const Address &signedBy,
const std::string &signature);
private:
static void _cbHandleGetLatestVersionInfo(void *arg,int code,const std::string &url,const std::string &body);
static void _cbHandleGetLatestVersionBinary(void *arg,int code,const std::string &url,const std::string &body);
HttpClient httpClient;
const uint64_t _myVersion;
volatile uint64_t _lastUpdateAttempt;
volatile enum {
UPDATE_STATUS_IDLE,
UPDATE_STATUS_GETTING_NFO,
UPDATE_STATUS_GETTING_FILE
} _status;
volatile bool _die;
Address _signedBy;
std::string _signature;
Mutex _lock;
};
} // namespace ZeroTier
#endif

6
ext/installfiles/mac/postinst.sh
View File

@ -3,15 +3,11 @@
export PATH=/bin:/usr/bin:/sbin:/usr/sbin export PATH=/bin:/usr/bin:/sbin:/usr/sbin
launchctl unload /Library/LaunchDaemons/com.zerotier.one.plist >>/dev/null 2>&1 launchctl unload /Library/LaunchDaemons/com.zerotier.one.plist >>/dev/null 2>&1
sleep 1
killall zerotier-one
sleep 1
killall -9 zerotier-one
cd "/Library/Application Support/ZeroTier/One" cd "/Library/Application Support/ZeroTier/One"
rm -rf node.log node.log.old root-topology shutdownIfUnreadable autoupdate.log updates.d rm -rf node.log node.log.old root-topology shutdownIfUnreadable autoupdate.log updates.d
if [ ! -f authtoken.secret ]; then if [ ! -f authtoken.secret ]; then
head -c 1024 /dev/urandom | md5 | head -c 24 >authtoken.secret head -c 4096 /dev/urandom | md5 | head -c 24 >authtoken.secret
chown root authtoken.secret chown root authtoken.secret
chgrp wheel authtoken.secret chgrp wheel authtoken.secret
chmod 0600 authtoken.secret chmod 0600 authtoken.secret

22
ext/installfiles/mac/preinst.sh
View File

@ -4,11 +4,23 @@ export PATH=/bin:/usr/bin:/sbin:/usr/sbin
if [ -f /Library/LaunchDaemons/com.zerotier.one.plist ]; then if [ -f /Library/LaunchDaemons/com.zerotier.one.plist ]; then
launchctl unload /Library/LaunchDaemons/com.zerotier.one.plist >>/dev/null 2>&1 launchctl unload /Library/LaunchDaemons/com.zerotier.one.plist >>/dev/null 2>&1
sleep 1
killall zerotier-one
sleep 1
killall -9 zerotier-one
fi fi
cd /Applications sleep 1
if [ -d "/Library/Application Support/ZeroTier/One" ]; then
cd "/Library/Application Support/ZeroTier/One"
if [ -f "zerotier-one.pid" ]; then
ztpid=`cat zerotier-one.pid`
if [ "$ztpid" -gt "0" ]; then
kill `cat zerotier-one.pid`
fi
fi
fi
sleep 1
cd "/Applications"
rm -rf "ZeroTier One.app" rm -rf "ZeroTier One.app"
exit 0

4
make-mac.mk
View File

@ -20,6 +20,10 @@ ifeq ($(ZT_OFFICIAL_RELEASE),1)
CODESIGN_CERT="Developer ID Application: ZeroTier Networks LLC (8ZD9JUCZ4V)" CODESIGN_CERT="Developer ID Application: ZeroTier Networks LLC (8ZD9JUCZ4V)"
endif endif
ifeq ($(ZT_AUTO_UPDATE),1)
DEFS+=-DZT_AUTO_UPDATE
endif
# Build with ZT_ENABLE_NETWORK_CONTROLLER=1 to build with the Sqlite network controller # Build with ZT_ENABLE_NETWORK_CONTROLLER=1 to build with the Sqlite network controller
ifeq ($(ZT_ENABLE_NETWORK_CONTROLLER),1) ifeq ($(ZT_ENABLE_NETWORK_CONTROLLER),1)
DEFS+=-DZT_ENABLE_NETWORK_CONTROLLER DEFS+=-DZT_ENABLE_NETWORK_CONTROLLER

2
node/Node.cpp
View File

@ -443,7 +443,7 @@ std::string Node::dataStoreGet(const char *name)
void Node::postNewerVersionIfNewer(unsigned int major,unsigned int minor,unsigned int rev) void Node::postNewerVersionIfNewer(unsigned int major,unsigned int minor,unsigned int rev)
{ {
if (Peer::compareVersion(major,minor,rev,_newestVersionSeen[0],_newestVersionSeen[1],_newestVersionSeen[2]) > 0) { if (Utils::compareVersion(major,minor,rev,_newestVersionSeen[0],_newestVersionSeen[1],_newestVersionSeen[2]) > 0) {
_newestVersionSeen[0] = major; _newestVersionSeen[0] = major;
_newestVersionSeen[1] = minor; _newestVersionSeen[1] = minor;
_newestVersionSeen[2] = rev; _newestVersionSeen[2] = rev;

25
node/Peer.hpp
View File

@ -407,31 +407,6 @@ public:
else return std::pair<InetAddress,InetAddress>(); else return std::pair<InetAddress,InetAddress>();
} }
/**
* Compare Peer version tuples
*/
static inline int compareVersion(unsigned int maj1,unsigned int min1,unsigned int rev1,unsigned int maj2,unsigned int min2,unsigned int rev2)
throw()
{
if (maj1 > maj2)
return 1;
else if (maj1 < maj2)
return -1;
else {
if (min1 > min2)
return 1;
else if (min1 < min2)
return -1;
else {
if (rev1 > rev2)
return 1;
else if (rev1 < rev2)
return -1;
else return 0;
}
}
}
private: private:
void _announceMulticastGroups(const RuntimeEnvironment *RR,uint64_t now); void _announceMulticastGroups(const RuntimeEnvironment *RR,uint64_t now);

27
node/Utils.hpp
View File

@ -381,6 +381,33 @@ public:
} }
static inline int64_t ntoh(int64_t n) throw() { return (int64_t)ntoh((uint64_t)n); } static inline int64_t ntoh(int64_t n) throw() { return (int64_t)ntoh((uint64_t)n); }
/**
* Compare Peer version tuples
*
* @return -1, 0, or 1 based on whether first tuple is less than, equal to, or greater than second
*/
static inline int compareVersion(unsigned int maj1,unsigned int min1,unsigned int rev1,unsigned int maj2,unsigned int min2,unsigned int rev2)
throw()
{
if (maj1 > maj2)
return 1;
else if (maj1 < maj2)
return -1;
else {
if (min1 > min2)
return 1;
else if (min1 < min2)
return -1;
else {
if (rev1 > rev2)
return 1;
else if (rev1 < rev2)
return -1;
else return 0;
}
}
}
/** /**
* Hexadecimal characters 0-f * Hexadecimal characters 0-f
*/ */

180
service/OneService.cpp
View File

@ -28,6 +28,7 @@
#include <stdio.h> #include <stdio.h>
#include <stdlib.h> #include <stdlib.h>
#include <string.h> #include <string.h>
#include <stdint.h>
#include <string> #include <string>
#include <map> #include <map>
@ -46,9 +47,12 @@
#include "../node/Utils.hpp" #include "../node/Utils.hpp"
#include "../node/InetAddress.hpp" #include "../node/InetAddress.hpp"
#include "../node/MAC.hpp" #include "../node/MAC.hpp"
#include "../node/Identity.hpp"
#include "../osdep/Phy.hpp" #include "../osdep/Phy.hpp"
#include "../osdep/Thread.hpp"
#include "../osdep/OSUtils.hpp" #include "../osdep/OSUtils.hpp"
#include "../osdep/Http.hpp"
#include "OneService.hpp" #include "OneService.hpp"
#include "ControlPlane.hpp" #include "ControlPlane.hpp"
@ -57,10 +61,14 @@
#include "../controller/SqliteNetworkController.hpp" #include "../controller/SqliteNetworkController.hpp"
#else #else
class SqliteNetworkController; class SqliteNetworkController;
#endif #endif // ZT_ENABLE_NETWORK_CONTROLLER
#ifdef __WINDOWS__ #ifdef __WINDOWS__
#include <ShlObj.h> #include <ShlObj.h>
#else
#include <sys/types.h>
#include <sys/wait.h>
#include <unistd.h>
#endif #endif
// Include the right tap device driver for this platform -- add new platforms here // Include the right tap device driver for this platform -- add new platforms here
@ -98,6 +106,168 @@ namespace ZeroTier {
namespace { namespace {
#ifdef ZT_AUTO_UPDATE
#define ZT_AUTO_UPDATE_MAX_HTTP_RESPONSE_SIZE (1024 * 1024 * 64)
class BackgroundSoftwareUpdateChecker
{
public:
bool isValidSigningIdentity(const Identity &id)
{
return (
/* 0005 */ (id == Identity("ba57ea350e:0:9d4be6d7f86c5660d5ee1951a3d759aa6e12a84fc0c0b74639500f1dbc1a8c566622e7d1c531967ebceb1e9d1761342f88324a8ba520c93c35f92f35080fa23f"))
/* 0006 */ ||(id == Identity("5067b21b83:0:8af477730f5055c48135b84bed6720a35bca4c0e34be4060a4c636288b1ec22217eb22709d610c66ed464c643130c51411bbb0294eef12fbe8ecc1a1e2c63a7a"))
/* 0007 */ ||(id == Identity("4f5e97a8f1:0:57880d056d7baeb04bbc057d6f16e6cb41388570e87f01492fce882485f65a798648595610a3ad49885604e7fb1db2dd3c2c534b75e42c3c0b110ad07b4bb138"))
/* 0008 */ ||(id == Identity("580bbb8e15:0:ad5ef31155bebc6bc413991992387e083fed26d699997ef76e7c947781edd47d1997161fa56ba337b1a2b44b129fd7c7197ce5185382f06011bc88d1363b4ddd"))
);
}
void doUpdateCheck()
{
std::string url(OneService::autoUpdateUrl());
if ((url.length() <= 7)||(url.substr(0,7) != "http://"))
return;
std::string httpHost;
std::string httpPath;
{
std::size_t slashIdx = url.substr(7).find_first_of('/');
if (slashIdx == std::string::npos) {
httpHost = url.substr(7);
httpPath = "/";
} else {
httpHost = url.substr(7,slashIdx);
httpPath = url.substr(slashIdx + 7);
}
}
if (httpHost.length() == 0)
return;
std::vector<InetAddress> ips(OSUtils::resolve(httpHost.c_str()));
for(std::vector<InetAddress>::iterator ip(ips.begin());ip!=ips.end();++ip) {
if (!ip->port())
ip->setPort(80);
std::string nfoPath = httpPath + "LATEST.nfo";
std::map<std::string,std::string> requestHeaders,responseHeaders;
std::string body;
requestHeaders["Host"] = httpHost;
unsigned int scode = Http::GET(ZT_AUTO_UPDATE_MAX_HTTP_RESPONSE_SIZE,60000,reinterpret_cast<const struct sockaddr *>(&(*ip)),nfoPath.c_str(),requestHeaders,responseHeaders,body);
//fprintf(stderr,"UPDATE %s %s %u %lu\n",ip->toString().c_str(),nfoPath.c_str(),scode,body.length());
if ((scode == 200)&&(body.length() > 0)) {
/* NFO fields:
*
* file=<filename>
* signedBy=<signing identity>
* ed25519=<ed25519 ECC signature of archive>
* vMajor=<major version>
* vMinor=<minor version>
* vRevision=<revision> */
Dictionary nfo(body);
unsigned int vMajor = Utils::strToUInt(nfo.get("vMajor","0").c_str());
unsigned int vMinor = Utils::strToUInt(nfo.get("vMinor","0").c_str());
unsigned int vRevision = Utils::strToUInt(nfo.get("vRevision","0").c_str());
if (Utils::compareVersion(vMajor,vMinor,vRevision,ZEROTIER_ONE_VERSION_MAJOR,ZEROTIER_ONE_VERSION_MINOR,ZEROTIER_ONE_VERSION_REVISION) <= 0) {
//fprintf(stderr,"UPDATE %u.%u.%u is not newer than our version\n",vMajor,vMinor,vRevision);
return;
}
Identity signedBy;
if ((!signedBy.fromString(nfo.get("signedBy","")))||(!isValidSigningIdentity(signedBy))) {
//fprintf(stderr,"UPDATE invalid signedBy or not authorized signing identity.\n");
return;
}
std::string filePath(nfo.get("file",""));
if ((!filePath.length())||(filePath.find("..") != std::string::npos))
return;
filePath = httpPath + filePath;
std::string fileData;
if (Http::GET(ZT_AUTO_UPDATE_MAX_HTTP_RESPONSE_SIZE,60000,reinterpret_cast<const struct sockaddr *>(&(*ip)),filePath.c_str(),requestHeaders,responseHeaders,fileData) != 200) {
//fprintf(stderr,"UPDATE GET %s failed\n",filePath.c_str());
return;
}
std::string ed25519(nfo.get("ed25519",""));
if ((ed25519.length() == 0)||(!signedBy.verify(fileData.data(),(unsigned int)fileData.length(),ed25519.data(),(unsigned int)ed25519.length()))) {
//fprintf(stderr,"UPDATE %s failed signature check!\n",filePath.c_str());
return;
}
/* --------------------------------------------------------------- */
/* We made it! Begin OS-specific installation code. */
#ifdef __APPLE__
/* OSX version is in the form of a MacOSX .pkg file, so we will
* launch installer (normally in /usr/sbin) to install it. It will
* then turn around and shut down the service, update files, and
* relaunch. */
{
char bashp[128],pkgp[128];
Utils::snprintf(bashp,sizeof(bashp),"/tmp/ZeroTierOne-update-%u.%u.%u.sh",vMajor,vMinor,vRevision);
Utils::snprintf(pkgp,sizeof(pkgp),"/tmp/ZeroTierOne-update-%u.%u.%u.pkg",vMajor,vMinor,vRevision);
FILE *pkg = fopen(pkgp,"w");
if ((!pkg)||(fwrite(fileData.data(),fileData.length(),1,pkg) != 1)) {
fclose(pkg);
unlink(bashp);
unlink(pkgp);
fprintf(stderr,"UPDATE error writing %s\n",pkgp);
return;
}
fclose(pkg);
FILE *bash = fopen(bashp,"w");
if (!bash) {
fclose(pkg);
unlink(bashp);
unlink(pkgp);
fprintf(stderr,"UPDATE error writing %s\n",bashp);
return;
}
fprintf(bash,
"#!/bin/bash\n"
"export PATH=/bin:/usr/bin:/usr/sbin:/sbin:/usr/local/bin:/usr/local/sbin\n"
"sleep 2\n"
"installer -pkg \"%s\" -target /\n"
"sleep 1\n"
"rm -f \"%s\" \"%s\"\n"
"exit 0\n",
pkgp,
pkgp,
bashp);
fclose(bash);
long pid = (long)vfork();
if (pid == 0) {
execl("/bin/bash","/bin/bash",bashp,(char *)0);
exit(0);
}
}
#endif // __APPLE__
#ifdef __WINDOWS__
/* Windows version comes in the form of .MSI package that
* takes care of everything. */
{
}
#endif // __WINDOWS__
/* --------------------------------------------------------------- */
return;
} // else try to fetch from next IP address
}
}
void threadMain()
throw()
{
try {
this->doUpdateCheck();
} catch ( ... ) {}
}
};
static BackgroundSoftwareUpdateChecker backgroundSoftwareUpdateChecker;
#endif // ZT_AUTO_UPDATE
class OneServiceImpl; class OneServiceImpl;
static int SnodeVirtualNetworkConfigFunction(ZT1_Node *node,void *uptr,uint64_t nwid,enum ZT1_VirtualNetworkConfigOperation op,const ZT1_VirtualNetworkConfig *nwconf); static int SnodeVirtualNetworkConfigFunction(ZT1_Node *node,void *uptr,uint64_t nwid,enum ZT1_VirtualNetworkConfigOperation op,const ZT1_VirtualNetworkConfig *nwconf);
@ -197,6 +367,10 @@ public:
char portstr[64]; char portstr[64];
Utils::snprintf(portstr,sizeof(portstr),"%u",port); Utils::snprintf(portstr,sizeof(portstr),"%u",port);
OSUtils::writeFile((_homePath + ZT_PATH_SEPARATOR_S + "zerotier-one.port").c_str(),std::string(portstr)); OSUtils::writeFile((_homePath + ZT_PATH_SEPARATOR_S + "zerotier-one.port").c_str(),std::string(portstr));
#ifdef ZT_AUTO_UPDATE
Thread::start(&backgroundSoftwareUpdateChecker);
#endif
} }
virtual ~OneServiceImpl() virtual ~OneServiceImpl()
@ -956,11 +1130,11 @@ std::string OneService::autoUpdateUrl()
*/ */
#if defined(__APPLE__) && ( defined(__i386__) || defined(__x86_64) || defined(__x86_64__) || defined(__amd64) || defined(__i386) ) #if defined(__APPLE__) && ( defined(__i386__) || defined(__x86_64) || defined(__x86_64__) || defined(__amd64) || defined(__i386) )
return "http://download.zerotier.com/update/mac_intel/LATEST.nfo"; return "http://download.zerotier.com/update/mac_intel/";
#endif #endif
#ifdef __WINDOWS__ #ifdef __WINDOWS__
return "http://download.zerotier.com/update/win_intel/LATEST.nfo"; return "http://download.zerotier.com/update/win_intel/";
#endif #endif
#endif // ZT_AUTO_UPDATE #endif // ZT_AUTO_UPDATE

177
updater.cpp
View File

@ -1,177 +0,0 @@
/*
* ZeroTier One - Network Virtualization Everywhere
* Copyright (C) 2011-2015 ZeroTier, Inc.
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
* --
*
* ZeroTier may be used and distributed under the terms of the GPLv3, which
* are available at: http://www.gnu.org/licenses/gpl-3.0.html
*
* If you would like to embed ZeroTier into a commercial application or
* redistribute it in a modified binary form, please contact ZeroTier Networks
* LLC. Start here: http://www.zerotier.com/
*/
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <stdint.h>
#include <time.h>
#include <string>
#include <vector>
#include <map>
#include <algorithm>
#include <stdexcept>
#include "version.h"
#include "include/ZeroTierOne.h"
#include "node/Constants.hpp"
#ifdef __WINDOWS__
#include <WinSock2.h>
#include <Windows.h>
#include <tchar.h>
#include <wchar.h>
#include <lmcons.h>
#include <newdev.h>
#include <atlbase.h>
#else
#include <unistd.h>
#include <pwd.h>
#include <fcntl.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <signal.h>
#endif
#include "node/Utils.hpp"
#include "node/Address.hpp"
#include "node/Dictionary.hpp"
#include "node/Identity.hpp"
#include "osdep/OSUtils.hpp"
#include "osdep/Http.hpp"
using namespace ZeroTier;
namespace {
static std::map< Address,Identity > updateAuthorities()
{
std::map< Address,Identity > ua;
{ // 0001
Identity id("e9bc3707b5:0:c4cef17bde99eadf9748c4fd11b9b06dc5cd8eb429227811d2c336e6b96a8d329e8abd0a4f45e47fe1bcebf878c004c822d952ff77fc2833af4c74e65985c435");
ua[id.address()] = id;
}
{ // 0002
Identity id("56520eaf93:0:7d858b47988b34399a9a31136de07b46104d7edb4a98fa1d6da3e583d3a33e48be531532b886f0b12cd16794a66ab9220749ec5112cbe96296b18fe0cc79ca05");
ua[id.address()] = id;
}
{ // 0003
Identity id("7c195de2e0:0:9f659071c960f9b0f0b96f9f9ecdaa27c7295feed9c79b7db6eedcc11feb705e6dd85c70fa21655204d24c897865b99eb946b753a2bbcf2be5f5e006ae618c54");
ua[id.address()] = id;
}
{ // 0004
Identity id("415f4cfde7:0:54118e87777b0ea5d922c10b337c4f4bd1db7141845bd54004b3255551a6e356ba6b9e1e85357dbfafc45630b8faa2ebf992f31479e9005f0472685f2d8cbd6e");
ua[id.address()] = id;
}
return ua;
}
static bool validateUpdate(
const void *data,
unsigned int len,
const Address &signedBy,
const std::string &signature)
{
std::map< Address,Identity > ua(updateAuthorities());
std::map< Address,Identity >::const_iterator updateAuthority = ua.find(signedBy);
if (updateAuthority == ua.end())
return false;
return updateAuthority->second.verify(data,len,signature.data(),(unsigned int)signature.length());
}
/*
static inline const char *updateUrl()
{
#if defined(__LINUX__) && ( defined(__i386__) || defined(__x86_64) || defined(__x86_64__) || defined(__amd64) || defined(__i386) )
if (sizeof(void *) == 8)
return "http://download.zerotier.com/ZeroTierOneInstaller-linux-x64-LATEST.nfo";
else return "http://download.zerotier.com/ZeroTierOneInstaller-linux-x86-LATEST.nfo";
#define GOT_UPDATE_URL
#endif
#ifdef __APPLE__
return "http://download.zerotier.com/ZeroTierOneInstaller-mac-combined-LATEST.nfo";
#define GOT_UPDATE_URL
#endif
#ifdef __WINDOWS__
return "http://download.zerotier.com/ZeroTierOneInstaller-windows-intel-LATEST.nfo";
#define GOT_UPDATE_URL
#endif
#ifndef GOT_UPDATE_URL
return "";
#endif
}
*/
static const char *parseUpdateNfo(
const char *nfoText,
unsigned int &vMajor,
unsigned int &vMinor,
unsigned int &vRevision,
Address &signedBy,
std::string &signature,
std::string &url)
{
try {
Dictionary nfo(nfoText);
vMajor = Utils::strToUInt(nfo.get("vMajor").c_str());
vMinor = Utils::strToUInt(nfo.get("vMinor").c_str());
vRevision = Utils::strToUInt(nfo.get("vRevision").c_str());
signedBy = nfo.get("signedBy");
signature = Utils::unhex(nfo.get("ed25519"));
url = nfo.get("url");
if (signature.length() != ZT_C25519_SIGNATURE_LEN)
return "bad ed25519 signature, invalid length";
if ((url.length() <= 7)||(url.substr(0,7) != "http://"))
return "invalid URL, must begin with http://";
return (const char *)0;
} catch ( ... ) {
return "invalid NFO file format or one or more required fields missing";
}
}
} // anonymous namespace
#ifdef __WINDOWS__
int _tmain(int argc, _TCHAR* argv[])
#else
int main(int argc,char **argv)
#endif
{
#ifdef __WINDOWS__
WSADATA wsaData;
WSAStartup(MAKEWORD(2,2),&wsaData);
#endif
return 0;
}