Commit Graph

172 Commits

Author SHA1 Message Date
Andrew Bettison
98ec1c9608 Redesign the Keyring REST API (fixes #132)
The new API follows REST rules by using the proper request verbs:
POST, PUT, PATCH and DELETE, instead of just GET.

The legacy GET-only API is still supported for backward compatibility,
but not longer tested or documented.

Add a new query-single-identity operation.

Implement the lock-single-identity operation, which until now had been
documented but not yet implemented.  Whenever a single identity is
locked (released), any other unlocked identities with the same PIN are
flagged to indicate that the PIN is not "fully" unlocked, so that the
next time the PIN is entered, the slot decryption is re-tried for
non-loaded identities, and the locked identity will be unlocked again.

Update the 'keyring' and 'keyringrestful' test scripts:
- refactored to reduce curl command-line clutter in test cases
- now tests the redesigned request verbs and paths
- added a test for GET /restful/keyring/SID
- added a test for PUT /restful/keyring/SID/lock
2018-03-19 18:06:23 +10:30
Andrew Bettison
c35af0617a Fix header files for Xcode iOS build
- make "debug.h" a private header so that the DEBUG() macro does not
  interfere with Xcode Debug builds, which set DEBUG=1
- move all #include "debug.h" from headers into .c files
- move 'struct idebug' into a new public header "idebug.h" so that
  "log.h" can be public
- move HTTPD port number defs from "httpd.h" to "constants.h", so that
  "httpd.h" can be private and "conf.h" can be public
- add missing nested includes so each header compiles stand-alone
  without error
- #include "sodium.h" instead of <sodium.h>
- #include "sqlite3.h" instead of <sqlite3.h>
- add header guard to "fifo.h"
- fix header guard in "sync_keys.h"
2018-03-06 15:29:29 +10:30
Andrew Bettison
3ffa4b10af Add Swift keyring client API with tests
Add a swift-client-api subdirectory containing a Swift source package
and a Makefile.in that compiles it into the "ServalClient" Swift module
using the Swift package manager.  The Swift API contains the following
classes:

- ServalKeyring provides the operations: add, remove, set, list
- AbstractId and its specialisation SubscriberId, already in near-final
  form, are data types for SID and the like
- ServalRestfulClient (internal) uses an HTTP client to access the
  Serval DNA RESTful interface

Improve the REST /keyring/set operation to only alter the DID or Name if
the corresponding query parameter is supplied.  Modify the internal
keyring_set_did() function to only assign the DID or Name if the
corresponding parameter is not a null pointer.

The configure script ensures that the Swift build target version is
10.10 or later when compiling for Mac OS-X, so that the package manager
will succeed.

Add autoconf macros for the Swift package manager.
2018-03-06 15:29:17 +10:30
Andrew Bettison
92fa6c196a Rewrite logging system
Rename the logging primitive functions and utility functions, prefixing
all with 'serval_log', eg: logMessage() -> serval_logf() etc.

Add an XPRINTF xhexdump() function and use it to implement the
serval_log_hexdump() utility, renamed from dump().  Add macros
WHY_dump(), WARN_dump(), HINT_dump() and DEBUG_dump(), and use them
everywhere.

Remove the 'log.console.dump_config' and 'log.file.dump_config'
configuration options; configuration is now dumped in every log prolog.

The logging system now constructs the log prolog by invoking the new
'log_prolog' trigger, so that it no longer depends on the version string
and configuration system.  Any system that wants to present a message in
the log prolog can define its own trigger, which calls standard log
primitives to print the message.

Split the logging system into a front-end (log.c) that provides the
logging primitives and is independent of the configuration system, and a
set of back-end "outputters" (log_output_console.c, log_output_file.c,
log_output_android.c) that may depend on the configuration system and
are decoupled from the front-end using the 'logoutput' link section.

These log outputters are explicitly linked into executables by the
Makefile rules, but could also be linked in using USE_FEATURE().  The
USE_FEATURE() calls have _not_ been added to servald_features.c, so that
different daemon executables can be built with the same feature set but
different log outputs.
2018-03-06 15:16:56 +10:30
Andrew Bettison
c3cf86161f Improve validation of keyring DID and Name (fixes #131)
Correct the maximum DID length defined in "serval_types.h" from 32 to
31.  Add a definition of the maximum identity Name length and use it
instead of the bare constant 64, eg, in the MDP_DNALOOKUP request
handling code.

Introduce a dataformats.h function for validating an identity name, and
use it to validate the 'name' parameter in the CLI 'keyring set'
command.

Add 'did' and 'name' parameter validation to the GET /restful/keyring/add
and GET /restful/keyring/SID/set requests (#131).

Rename keyring_set_did() to keyring_set_did_name() and assert that DID
and Name lengths have been validated before storing in the keyring.

Update the Keyring REST API tech document.
2018-03-06 15:14:18 +10:30
Jeremy Lakeman
e158a38137 Clean up a number of memory leaks, as revealed by clang's sanitiser 2017-09-11 14:09:27 +09:30
Andrew Bettison
6d2eb268ed Add 'cmd_cleanup' trigger
The new 'cmd_cleanup' trigger replaces the old command_cleanup()
function, which was causing linking problems on OS X and inverted strict
dependency.  The keyring cmd_cleanup calls keyring_free(global_keyring),
instead of merely asserting keyring == NULL, so the error exit cases of
many CLI functions have been simplified.
2016-11-14 11:28:03 +10:30
Andrew Bettison
a8e394d299 Add "keyring remove" command
Adds a CLI and RESTful API operation for "keyring remove", with simple
test cases.  Added the corresponding Java API operation.  Updated the
API documentation.

API change: for consistency with RESTful API design, the GET
/restful/keyring/add operation now returns "201 Created" not "200 OK" if
successful.
2016-11-07 13:07:49 +10:30
Jeremy Lakeman
65831e31d4 Report the state of each network interface in routing table 2016-10-20 08:48:35 -04:00
Andrew Bettison
71cbe86566 Switch to feature-driven linking
This introduces a new way of linking Serval executables and dynamic
libraries from static libraries like libservald.a -- called
"feature-driven" linking.

The Makefile now links servald and serval-tests from libservald.a,
rather than from an explicit list of object (.o) files.  Thanks to the
section-based method for registering functions such as HTTP handlers,
CLI commands and MDP handlers, these object files had become
"stand-alone" and hence were no longer included in the link because
there was no unresolved reference that required them to be linked in.

The new "feature.h" provides the DECLARE_FEATURE(name) macro that each
stand-alone source file uses to declare the named feature(s) it
provides.  Each executable can call the USE_FEATURE(name) macro in any
of its explicitly-linked source files to cause the corresponding
object(s) to be included in the link, eg, servald_features.c.

The DEFINE_BINDING() macro has been extended so that every individual
MDP binding is given a feature name based on its port number macro, eg,
"mdp_binding_MDP_PORT_ECHO".

Some features have been factored into their own separate source files so
they can be omitted or included in a build independently of each other:
- the MDP bindings for MDP_PORT_DNALOOKUP, MDP_PORT_ECHO,
  MDP_PORT_TRACE, MDP_PORT_KEYMAPREQUEST, MDP_PORT_RHIZOME_xxx,
  MDP_PORT_PROBE, MDP_PORT_STUN, MDP_PORT_STUNREQ
- the CLI "log" and "echo" commands
- the CLI "rhizome direct" command

The JNI source files are only compiled if the <jni.h> header is present,
otherwise they are omitted from libservald.so.
2016-10-19 09:33:01 +10:30
Andrew Bettison
43e76ec7b5 Change signature of strn_fromprint()
The 'dst' parameter is now (char *) instead of (unsigned char *) because
in general it is used to produce human-readable (ASCII) strings, not
binary data.
2016-10-13 16:23:18 +10:30
Jeremy Lakeman
62a1ca46bc Wait for path establishment in network scan test 2016-09-27 15:51:23 +09:30
Jeremy Lakeman
ced74d0b6b Simplify BK handling using new signing key typedefs 2016-09-27 15:20:12 +09:30
Jeremy Lakeman
88f77b61c4 Errors while unpacking keyring entries should be soft errors
The keyring can have any random data that might pass any number of consistency checks
2016-09-27 10:37:02 +09:30
Jeremy Lakeman
b927af79a8 Introduce new typedef for signing keys to expose their internal structure 2016-09-27 10:28:46 +09:30
Jeremy Lakeman
a531c0e960 Use a random walk to find free keyring slots
Always round the file size up to the nearest 16 slots
2016-09-20 16:47:30 +09:30
Jeremy Lakeman
4e50b1716c Test reachable bit flags about ourself 2016-09-20 15:04:28 +09:30
Jeremy Lakeman
275c99bc4e Add cli option for changing an entry pin 2016-09-20 10:00:02 +09:30
Andrew Bettison
2cfdafdb56 Add some MDP client DEBUG trace statements 2016-09-06 13:31:38 +09:30
Jeremy Lakeman
b6256ea89a Add identity_t type & rename signing key api to identity. 2016-08-16 12:22:13 +09:30
Jeremy Lakeman
83b6ecb453 Roll an in memory identity when the keyring is empty 2016-08-02 11:01:32 +09:30
Jeremy Lakeman
df6688c496 Add signing key to restful keyring API 2016-07-25 16:54:11 +09:30
Jeremy Lakeman
d028818c0b Detect combined identities & transmit them more efficiently 2016-07-25 15:50:43 +09:30
Jeremy Lakeman
bdc1db0090 Refactor remote identity locking to save memory 2016-07-05 11:30:10 +09:30
Jeremy Lakeman
848f01e7d3 Only log debug statements if a keyring identity cannot be opened 2016-05-31 13:51:54 +09:30
Jeremy Lakeman
16a14269af Encrypt payloads without needing a sender
- reworked keyring identity handling to reduce memory searching
2016-05-31 12:50:32 +09:30
Jeremy Lakeman
5feb67512c Generate encryption key from signing key for new identities 2016-05-09 10:51:52 +09:30
Jeremy Lakeman
bd47a8eb60 Use libsodium for retrieving random bytes 2016-05-09 10:32:04 +09:30
Jeremy Lakeman
e15e332072 Swap from included nacl to host libsodium 2016-05-09 10:32:04 +09:30
Jeremy Lakeman
231ab257e4 Define internal port bindings with section linking tricks 2016-03-07 15:50:34 +10:30
Jeremy Lakeman
d0da910b19 Avoid undefined behaviour as highlighted by clang 2016-01-27 16:27:47 +10:30
Jeremy Lakeman
953950a8ad Only log debug messages for keyring slots that fail validation 2016-01-12 15:05:41 +10:30
Andrew Bettison
90e02141d1 Reimplement WHY() macro without comma operator
GCC 4.9 and later warn about unused values produced by the comma
operator.  Since the -Wno-unused-value option was removed from the
non-Android Makefile.in, it will not compile the WHY() macro and its
variants, with the -Wall option.

This commit removes the comma operator from the WHY() macro and its
variants, and replaces it with a new inline wrapper function.

This commit also removes the WHYNULL() macro and fixes the three places
it was used.
2015-10-26 15:58:52 +10:30
Jeremy Lakeman
0c275e67ef Clean up compilation warnings 2015-10-19 13:45:57 +10:30
Jeremy Lakeman
2fdd23e864 Do not add name and number to seeded keyring entry 2015-09-28 12:04:13 +09:30
Jeremy Lakeman
79e8a94792 Add route_link.h 2015-09-28 11:58:48 +09:30
Andrew Bettison
b7ba297e31 Add TODO comments to randomise keyring slot allocation 2015-08-24 22:41:53 +09:30
Andrew Bettison
166a03c7c6 Remove useless safety checks 2015-08-24 22:41:53 +09:30
Andrew Bettison
7d9a5faa4e Move if(config.debug.xxx) tests into DEBUGF()
Original DEBUG() and DEBUGF() macros renamed to _DEBUG() and _DEBUGF()
New DEBUG() and DEBUGF() macros, first argument is flagname
New DEBUGF2(foo, bar, ...) macro does if(config.debug.foo||config.debug.bar) test
Replace almost all config.debug.xxx references to IF_DEBUG(xxx)
2015-07-13 16:00:05 +09:30
Andrew Bettison
d0317470c1 Fix test failure: create keyring
Was not overwriting keyring file.  Also refactored keyring structs to
replace off_t with size_t.
2015-02-23 13:24:05 +10:30
Jeremy Lakeman
6ab2cc5bb6 Only support one keyring pin per open file 2014-10-31 15:30:07 +10:30
Jeremy Lakeman
851144ea0a Refactor keyring identity iteration 2014-10-31 15:19:59 +10:30
Jeremy Lakeman
a37db8e958 Move most console commands to other files 2014-08-25 16:03:30 +09:30
Andrew Bettison
d436705e64 Fix conflict on UNUSED() macro from OpenJDK 7
The OpenJDK 7 recently introduced the UNUSED() macro in their jni_md.h
header file, which is included from <jni.h>.  This causes a
compile-error if "constants.h", which defines our own UNUSED() macro, is
included as well as <jni.h>.

The OpenJDK UNUSED() macro is unsuitable for our own use, because it
prefixes the unused identifier with "UNUSED_" whereas we depend on the
parameter name remaining unchanged.

I have reported this as a Request for Enhancement with Oracle Java,
asking them to remove the UNUSED() macro, since it is not used by any
JNI or Java extension header files.  Review ID: JI-9013689.

In the meantime, constants.h now undefines UNUSED before defining it, so
including <jni.h> before "constants.h" will avoid a compile error.
2014-07-23 11:55:55 +09:30
Andrew Bettison
bb677e50fd Refactor keyring open/seed out of server()
Now the keyring is opened and seeded before the server daemon process is
forked, and any keyring error prevents the server from starting

No longer necessary to pass a (cli_parsed*) argument to server()
2014-04-07 16:22:31 +09:30
Andrew Bettison
53c1b1c04c Filesystem Heirarchy Standard (FHS) paths
If no instance directory specified, then use paths like
/etc/serval/serval.conf
/var/cache/serval
/var/log/serval
/var/run/serval
etc. for files, instead of all in a single directory.

Log all directory creation as INFO messages.

Interpretation of log.file.directory_path has changed slightly.

Updated servald configuration tech doc.
2014-03-26 15:35:43 +10:30
Jeremy Lakeman
2480fb4a08 Migrate keyring sas commands 2014-02-19 16:37:45 +10:30
Jeremy Lakeman
487df0408d Refactor mdp packet processing to avoid using struct overlay_mdp_frame 2014-02-19 16:34:11 +10:30
Jeremy Lakeman
5f2c6e364a Refactor interface addresses to use new socket_address struct 2014-01-09 15:01:38 +10:30
Andrew Bettison
72040517e1 New enum rhizome_payload_status
Refactor a lot of Rhizome bundle storage code to use the new "enum
rhizome_payload_status" instead of mysterious int values to represent
the outcome of the operation.
2013-12-30 16:30:35 +10:30