mirror
/
devilutionX-ZeroTierOne
mirror of https://github.com/diasurgical/ZeroTierOne.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Apple auto-update stuff, now for Windows.

pull/1/head
Adam Ierymenko 11 years ago
parent
b6698d8415
commit
1213073916
10 changed files with 227 additions and 730 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 328
      attic/SoftwareUpdater.cpp
  2. 186
      attic/SoftwareUpdater.hpp
  3. 6
      ext/installfiles/mac/postinst.sh
  4. 22
      ext/installfiles/mac/preinst.sh
  5. 4
      make-mac.mk
  6. 2
      node/Node.cpp
  7. 25
      node/Peer.hpp
  8. 27
      node/Utils.hpp
  9. 180
      service/OneService.cpp
  10. 177
      updater.cpp

328
attic/SoftwareUpdater.cpp
Unescape View File

@ -1,328 +0,0 @@
/*
* ZeroTier One - Network Virtualization Everywhere
* Copyright (C) 2011-2015 ZeroTier, Inc.
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
* --
*
* ZeroTier may be used and distributed under the terms of the GPLv3, which
* are available at: http://www.gnu.org/licenses/gpl-3.0.html
*
* If you would like to embed ZeroTier into a commercial application or
* redistribute it in a modified binary form, please contact ZeroTier Networks
* LLC. Start here: http://www.zerotier.com/
*/
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <stdexcept>
#include "../version.h"
#include "Constants.hpp"
#include "SoftwareUpdater.hpp"
#include "Dictionary.hpp"
#include "C25519.hpp"
#include "Identity.hpp"
#include "Logger.hpp"
#include "RuntimeEnvironment.hpp"
#include "Thread.hpp"
#include "Node.hpp"
#include "Utils.hpp"
#include "HttpClient.hpp"
#ifdef __UNIX_LIKE__
#include <unistd.h>
#include <fcntl.h>
#include <sys/types.h>
#include <sys/stat.h>
#endif
namespace ZeroTier {
static inline std::map< Address,Identity > _mkUpdateAuth()
{
std::map< Address,Identity > ua;
{ // 0001
Identity id("e9bc3707b5:0:c4cef17bde99eadf9748c4fd11b9b06dc5cd8eb429227811d2c336e6b96a8d329e8abd0a4f45e47fe1bcebf878c004c822d952ff77fc2833af4c74e65985c435");
ua[id.address()] = id;
}
{ // 0002
Identity id("56520eaf93:0:7d858b47988b34399a9a31136de07b46104d7edb4a98fa1d6da3e583d3a33e48be531532b886f0b12cd16794a66ab9220749ec5112cbe96296b18fe0cc79ca05");
ua[id.address()] = id;
}
{ // 0003
Identity id("7c195de2e0:0:9f659071c960f9b0f0b96f9f9ecdaa27c7295feed9c79b7db6eedcc11feb705e6dd85c70fa21655204d24c897865b99eb946b753a2bbcf2be5f5e006ae618c54");
ua[id.address()] = id;
}
{ // 0004
Identity id("415f4cfde7:0:54118e87777b0ea5d922c10b337c4f4bd1db7141845bd54004b3255551a6e356ba6b9e1e85357dbfafc45630b8faa2ebf992f31479e9005f0472685f2d8cbd6e");
ua[id.address()] = id;
}
return ua;
}
static inline const char *_mkUpdateUrl()
{
#if defined(__LINUX__) && ( defined(__i386__) || defined(__x86_64) || defined(__x86_64__) || defined(__amd64) || defined(__i386) )
if (sizeof(void *) == 8)
return "http://download.zerotier.com/ZeroTierOneInstaller-linux-x64-LATEST.nfo";
else return "http://download.zerotier.com/ZeroTierOneInstaller-linux-x86-LATEST.nfo";
#define GOT_UPDATE_URL
#endif
#ifdef __APPLE__
return "http://download.zerotier.com/ZeroTierOneInstaller-mac-combined-LATEST.nfo";
#define GOT_UPDATE_URL
#endif
#ifdef __WINDOWS__
return "http://download.zerotier.com/ZeroTierOneInstaller-windows-intel-LATEST.nfo";
#define GOT_UPDATE_URL
#endif
#ifndef GOT_UPDATE_URL
return "";
#endif
}
SoftwareUpdater::SoftwareUpdater(const RuntimeEnvironment *renv) :
RR(renv),
_myVersion(packVersion(ZEROTIER_ONE_VERSION_MAJOR,ZEROTIER_ONE_VERSION_MINOR,ZEROTIER_ONE_VERSION_REVISION)),
_lastUpdateAttempt(0),
_status(UPDATE_STATUS_IDLE),
_die(false),
_lock()
{
}
SoftwareUpdater::~SoftwareUpdater()
{
_die = true;
for(;;) {
_lock.lock();
bool ip = (_status != UPDATE_STATUS_IDLE);
_lock.unlock();
if (ip)
Thread::sleep(500);
else break;
}
}
void SoftwareUpdater::cleanOldUpdates()
{
std::string updatesDir(RR->homePath + ZT_PATH_SEPARATOR_S + "updates.d");
std::map<std::string,bool> dl(Utils::listDirectory(updatesDir.c_str()));
for(std::map<std::string,bool>::iterator i(dl.begin());i!=dl.end();++i) {
if (!i->second)
Utils::rm((updatesDir + ZT_PATH_SEPARATOR_S + i->first).c_str());
}
}
void SoftwareUpdater::sawRemoteVersion(unsigned int vmaj,unsigned int vmin,unsigned int rev)
{
const uint64_t tmp = packVersion(vmaj,vmin,rev);
if (tmp > _myVersion) {
Mutex::Lock _l(_lock);
if ((_status == UPDATE_STATUS_IDLE)&&(!_die)&&(ZT_DEFAULTS.updateLatestNfoURL.length())) {
const uint64_t now = Utils::now();
if ((now - _lastUpdateAttempt) >= ZT_UPDATE_MIN_INTERVAL) {
_lastUpdateAttempt = now;
_status = UPDATE_STATUS_GETTING_NFO;
RR->http->GET(ZT_DEFAULTS.updateLatestNfoURL,HttpClient::NO_HEADERS,ZT_UPDATE_HTTP_TIMEOUT,&_cbHandleGetLatestVersionInfo,this);
}
}
}
}
void SoftwareUpdater::checkNow()
{
Mutex::Lock _l(_lock);
if (_status == UPDATE_STATUS_IDLE) {
_lastUpdateAttempt = Utils::now();
_status = UPDATE_STATUS_GETTING_NFO;
RR->http->GET(ZT_DEFAULTS.updateLatestNfoURL,HttpClient::NO_HEADERS,ZT_UPDATE_HTTP_TIMEOUT,&_cbHandleGetLatestVersionInfo,this);
}
}
const char *SoftwareUpdater::parseNfo(
const char *nfoText,
unsigned int &vMajor,
unsigned int &vMinor,
unsigned int &vRevision,
Address &signedBy,
std::string &signature,
std::string &url)
{
try {
Dictionary nfo(nfoText);
vMajor = Utils::strToUInt(nfo.get("vMajor").c_str());
vMinor = Utils::strToUInt(nfo.get("vMinor").c_str());
vRevision = Utils::strToUInt(nfo.get("vRevision").c_str());
signedBy = nfo.get("signedBy");
signature = Utils::unhex(nfo.get("ed25519"));
url = nfo.get("url");
if (signature.length() != ZT_C25519_SIGNATURE_LEN)
return "bad ed25519 signature, invalid length";
if ((url.length() <= 7)||(url.substr(0,7) != "http://"))
return "invalid URL, must begin with http://";
return (const char *)0;
} catch ( ... ) {
return "invalid NFO file format or one or more required fields missing";
}
}
bool SoftwareUpdater::validateUpdate(
const void *data,
unsigned int len,
const Address &signedBy,
const std::string &signature)
{
std::map< Address,Identity >::const_iterator updateAuthority = ZT_DEFAULTS.updateAuthorities.find(signedBy);
if (updateAuthority == ZT_DEFAULTS.updateAuthorities.end())
return false;
return updateAuthority->second.verify(data,len,signature.data(),(unsigned int)signature.length());
}
void SoftwareUpdater::_cbHandleGetLatestVersionInfo(void *arg,int code,const std::string &url,const std::string &body)
{
SoftwareUpdater *upd = (SoftwareUpdater *)arg;
const RuntimeEnvironment *RR = (const RuntimeEnvironment *)upd->RR;
Mutex::Lock _l(upd->_lock);
if ((upd->_die)||(upd->_status != UPDATE_STATUS_GETTING_NFO)) {
upd->_status = UPDATE_STATUS_IDLE;
return;
}
if (code != 200) {
LOG("software update check failed: server responded with code %d",code);
upd->_status = UPDATE_STATUS_IDLE;
return;
}
try {
unsigned int vMajor = 0,vMinor = 0,vRevision = 0;
Address signedBy;
std::string signature,url;
const char *err = parseNfo(body.c_str(),vMajor,vMinor,vRevision,signedBy,signature,url);
if (err) {
LOG("software update check aborted: .nfo file parse error: %s",err);
upd->_status = UPDATE_STATUS_IDLE;
return;
}
if (!ZT_DEFAULTS.updateAuthorities.count(signedBy)) {
LOG("software update check aborted: .nfo file specifies unknown signing authority");
upd->_status = UPDATE_STATUS_IDLE;
return;
}
#ifndef ZT_ALWAYS_UPDATE /* for testing */
if (packVersion(vMajor,vMinor,vRevision) <= upd->_myVersion) {
TRACE("software update check complete: version on update site is not newer than my version, no update necessary");
upd->_status = UPDATE_STATUS_IDLE;
return;
}
#endif
upd->_status = UPDATE_STATUS_GETTING_FILE;
upd->_signedBy = signedBy;
upd->_signature = signature;
RR->http->GET(url,HttpClient::NO_HEADERS,ZT_UPDATE_HTTP_TIMEOUT,&_cbHandleGetLatestVersionBinary,arg);
} catch ( ... ) {
LOG("software update check failed: .nfo file invalid or missing field(s)");
upd->_status = UPDATE_STATUS_IDLE;
}
}
void SoftwareUpdater::_cbHandleGetLatestVersionBinary(void *arg,int code,const std::string &url,const std::string &body)
{
SoftwareUpdater *upd = (SoftwareUpdater *)arg;
const RuntimeEnvironment *RR = (const RuntimeEnvironment *)upd->RR;
Mutex::Lock _l(upd->_lock);
if (!validateUpdate(body.data(),(unsigned int)body.length(),upd->_signedBy,upd->_signature)) {
LOG("software update failed: update fetched from '%s' failed signature check (image size: %u)",url.c_str(),(unsigned int)body.length());
upd->_status = UPDATE_STATUS_IDLE;
return;
}
size_t lastSlash = url.rfind('/');
if (lastSlash == std::string::npos) { // sanity check, shouldn't happen
LOG("software update failed: invalid URL");
upd->_status = UPDATE_STATUS_IDLE;
return;
}
std::string updatesDir(RR->homePath + ZT_PATH_SEPARATOR_S + "updates.d");
std::string updateFilename(url.substr(lastSlash + 1));
if ((updateFilename.length() < 3)||(updateFilename.find("..") != std::string::npos)) {
LOG("software update failed: invalid URL: filename contains invalid characters");
upd->_status = UPDATE_STATUS_IDLE;
return;
}
for(std::string::iterator c(updateFilename.begin());c!=updateFilename.end();++c) {
// Only allow a list of whitelisted characters to make up the filename to prevent any
// path shenanigans, esp on Windows where / is not the path separator.
if (!strchr("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ-_.0123456789",*c)) {
LOG("software update failed: invalid URL: filename contains invalid characters");
upd->_status = UPDATE_STATUS_IDLE;
return;
}
}
std::string updatePath(updatesDir + ZT_PATH_SEPARATOR_S + updateFilename);
#ifdef __WINDOWS__
CreateDirectoryA(updatesDir.c_str(),NULL);
#else
mkdir(updatesDir.c_str(),0755);
#endif
FILE *upf = fopen(updatePath.c_str(),"wb");
if (!upf) {
LOG("software update failed: unable to open %s for writing",updatePath.c_str());
upd->_status = UPDATE_STATUS_IDLE;
return;
}
if (fwrite(body.data(),body.length(),1,upf) != 1) {
LOG("software update failed: unable to write to %s",updatePath.c_str());
upd->_status = UPDATE_STATUS_IDLE;
fclose(upf);
Utils::rm(updatePath);
return;
}
fclose(upf);
#ifdef __UNIX_LIKE__
::chmod(updatePath.c_str(),0755);
#endif
// We exit with this reason code and the path as the text. It is the
// caller's responsibility (main.c) to pick this up and do the right
// thing.
upd->_status = UPDATE_STATUS_IDLE;
RR->node->terminate(Node::NODE_RESTART_FOR_UPGRADE,updatePath.c_str());
}
} // namespace ZeroTier

186
attic/SoftwareUpdater.hpp
Unescape View File

@ -1,186 +0,0 @@
/*
* ZeroTier One - Network Virtualization Everywhere
* Copyright (C) 2011-2015 ZeroTier, Inc.
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
* --
*
* ZeroTier may be used and distributed under the terms of the GPLv3, which
* are available at: http://www.gnu.org/licenses/gpl-3.0.html
*
* If you would like to embed ZeroTier into a commercial application or
* redistribute it in a modified binary form, please contact ZeroTier Networks
* LLC. Start here: http://www.zerotier.com/
*/
#ifndef ZT_SOFTWAREUPDATER_HPP
#define ZT_SOFTWAREUPDATER_HPP
#include <stdint.h>
#include <string>
#include "../node/Constants.hpp"
#include "../node/Mutex.hpp"
#include "../node/Address.hpp"
#include "HttpClient.hpp"
/**
* Delay between fetches of the root topology update URL
*
* 86400000 = check once every 24 hours (this doesn't change often)
*/
#define ZT_UPDATE_ROOT_TOPOLOGY_CHECK_INTERVAL 86400000
/**
* Minimum interval between attempts to do a software update
*/
#define ZT_UPDATE_MIN_INTERVAL 120000
/**
* Maximum interval between checks for new versions
*/
#define ZT_UPDATE_MAX_INTERVAL 7200000
/**
* Software update HTTP timeout in seconds
*/
#define ZT_UPDATE_HTTP_TIMEOUT 120
namespace ZeroTier {
/**
* Software updater
*/
class SoftwareUpdater
{
public:
SoftwareUpdater();
~SoftwareUpdater();
/**
* Remove old updates in updates.d
*/
void cleanOldUpdates();
/**
* Called on each version message from a peer
*
* If a peer has a newer version, that causes an update to be started.
*
* @param vmaj Peer's major version
* @param vmin Peer's minor version
* @param rev Peer's revision
*/
void sawRemoteVersion(unsigned int vmaj,unsigned int vmin,unsigned int rev);
/**
* Check for updates now regardless of last check time or version
*
* This only starts a check if one is not in progress. Otherwise it does
* nothing.
*/
void checkNow();
/**
* Check for updates now if it's been longer than ZT_UPDATE_MAX_INTERVAL
*
* This is called periodically from the main loop.
*/
inline void checkIfMaxIntervalExceeded(uint64_t now)
{
if ((now - _lastUpdateAttempt) >= ZT_UPDATE_MAX_INTERVAL)
checkNow();
}
/**
* Pack three-component version into a 64-bit integer
*
* @param vmaj Major version (0..65535)
* @param vmin Minor version (0..65535)
* @param rev Revision (0..65535)
* @return Version packed into an easily comparable 64-bit integer
*/
static inline uint64_t packVersion(unsigned int vmaj,unsigned int vmin,unsigned int rev)
throw()
{
return ( ((uint64_t)(vmaj & 0xffff) << 32) | ((uint64_t)(vmin & 0xffff) << 16) | (uint64_t)(rev & 0xffff) );
}
/**
* Parse NFO data from .nfo file on software update site
*
* The first argument is the NFO data, and all the remaining arguments are
* result parameters to be filled with results. If an error is returned the
* results in the parameters should be considered undefined.
*
* @param nfo NFO data
* @param vMajor Result: major version
* @param vMinor Result: minor version
* @param vRevision Result: revision number
* @param signedBy Result: signing identity
* @param signature Result: Ed25519 signature data
* @param url Result: URL of update binary
* @return NULL on success or error message on failure
*/
static const char *parseNfo(
const char *nfoText,
unsigned int &vMajor,
unsigned int &vMinor,
unsigned int &vRevision,
Address &signedBy,
std::string &signature,
std::string &url);
/**
* Validate an update once downloaded
*
* This obtains the identity corresponding to the address from the compiled-in
* list of valid signing identities.
*
* @param data Update data
* @param len Length of update data
* @param signedBy Signing authority address
* @param signature Signing authority signature
* @return True on validation success, false if rejected
*/
static bool validateUpdate(
const void *data,
unsigned int len,
const Address &signedBy,
const std::string &signature);
private:
static void _cbHandleGetLatestVersionInfo(void *arg,int code,const std::string &url,const std::string &body);
static void _cbHandleGetLatestVersionBinary(void *arg,int code,const std::string &url,const std::string &body);
HttpClient httpClient;
const uint64_t _myVersion;
volatile uint64_t _lastUpdateAttempt;
volatile enum {
UPDATE_STATUS_IDLE,
UPDATE_STATUS_GETTING_NFO,
UPDATE_STATUS_GETTING_FILE
} _status;
volatile bool _die;
Address _signedBy;
std::string _signature;
Mutex _lock;
};
} // namespace ZeroTier
#endif

6
ext/installfiles/mac/postinst.sh
Unescape View File

@ -3,15 +3,11 @@
export PATH=/bin:/usr/bin:/sbin:/usr/sbin
launchctl unload /Library/LaunchDaemons/com.zerotier.one.plist >>/dev/null 2>&1
sleep 1
killall zerotier-one
sleep 1
killall -9 zerotier-one
cd "/Library/Application Support/ZeroTier/One"
rm -rf node.log node.log.old root-topology shutdownIfUnreadable autoupdate.log updates.d
if [ ! -f authtoken.secret ]; then
head -c 1024 /dev/urandom | md5 | head -c 24 >authtoken.secret
head -c 4096 /dev/urandom | md5 | head -c 24 >authtoken.secret
chown root authtoken.secret
chgrp wheel authtoken.secret
chmod 0600 authtoken.secret

22
ext/installfiles/mac/preinst.sh
Unescape View File

@ -4,11 +4,23 @@ export PATH=/bin:/usr/bin:/sbin:/usr/sbin
if [ -f /Library/LaunchDaemons/com.zerotier.one.plist ]; then
launchctl unload /Library/LaunchDaemons/com.zerotier.one.plist >>/dev/null 2>&1
sleep 1
killall zerotier-one
sleep 1
killall -9 zerotier-one
fi
cd /Applications
sleep 1
if [ -d "/Library/Application Support/ZeroTier/One" ]; then
cd "/Library/Application Support/ZeroTier/One"
if [ -f "zerotier-one.pid" ]; then
ztpid=`cat zerotier-one.pid`
if [ "$ztpid" -gt "0" ]; then
kill `cat zerotier-one.pid`
fi
fi
fi
sleep 1
cd "/Applications"
rm -rf "ZeroTier One.app"
exit 0

4
make-mac.mk
Unescape View File

@ -20,6 +20,10 @@ ifeq ($(ZT_OFFICIAL_RELEASE),1)
CODESIGN_CERT="Developer ID Application: ZeroTier Networks LLC (8ZD9JUCZ4V)"
endif
ifeq ($(ZT_AUTO_UPDATE),1)
DEFS+=-DZT_AUTO_UPDATE
endif
# Build with ZT_ENABLE_NETWORK_CONTROLLER=1 to build with the Sqlite network controller
ifeq ($(ZT_ENABLE_NETWORK_CONTROLLER),1)
DEFS+=-DZT_ENABLE_NETWORK_CONTROLLER

2
node/Node.cpp
Unescape View File

@ -443,7 +443,7 @@ std::string Node::dataStoreGet(const char *name)
void Node::postNewerVersionIfNewer(unsigned int major,unsigned int minor,unsigned int rev)
{
if (Peer::compareVersion(major,minor,rev,_newestVersionSeen[0],_newestVersionSeen[1],_newestVersionSeen[2]) > 0) {
if (Utils::compareVersion(major,minor,rev,_newestVersionSeen[0],_newestVersionSeen[1],_newestVersionSeen[2]) > 0) {
_newestVersionSeen[0] = major;
_newestVersionSeen[1] = minor;
_newestVersionSeen[2] = rev;

25
node/Peer.hpp
Unescape View File

@ -407,31 +407,6 @@ public:
else return std::pair<InetAddress,InetAddress>();
}
/**
* Compare Peer version tuples
*/
static inline int compareVersion(unsigned int maj1,unsigned int min1,unsigned int rev1,unsigned int maj2,unsigned int min2,unsigned int rev2)
throw()
{
if (maj1 > maj2)
return 1;
else if (maj1 < maj2)
return -1;
else {
if (min1 > min2)
return 1;
else if (min1 < min2)
return -1;
else {
if (rev1 > rev2)
return 1;
else if (rev1 < rev2)
return -1;
else return 0;
}
}
}
private:
void _announceMulticastGroups(const RuntimeEnvironment *RR,uint64_t now);

27
node/Utils.hpp
Unescape View File

@ -381,6 +381,33 @@ public:
}
static inline int64_t ntoh(int64_t n) throw() { return (int64_t)ntoh((uint64_t)n); }
/**
* Compare Peer version tuples
*
* @return -1, 0, or 1 based on whether first tuple is less than, equal to, or greater than second
*/
static inline int compareVersion(unsigned int maj1,unsigned int min1,unsigned int rev1,unsigned int maj2,unsigned int min2,unsigned int rev2)
throw()
{
if (maj1 > maj2)
return 1;
else if (maj1 < maj2)
return -1;
else {
if (min1 > min2)
return 1;
else if (min1 < min2)
return -1;
else {
if (rev1 > rev2)
return 1;
else if (rev1 < rev2)
return -1;
else return 0;
}
}
}
/**
* Hexadecimal characters 0-f
*/

180
service/OneService.cpp
Unescape View File

@ -28,6 +28,7 @@
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <stdint.h>
#include <string>
#include <map>
@ -46,9 +47,12 @@
#include "../node/Utils.hpp"
#include "../node/InetAddress.hpp"
#include "../node/MAC.hpp"
#include "../node/Identity.hpp"
#include "../osdep/Phy.hpp"
#include "../osdep/Thread.hpp"
#include "../osdep/OSUtils.hpp"
#include "../osdep/Http.hpp"
#include "OneService.hpp"
#include "ControlPlane.hpp"
@ -57,10 +61,14 @@
#include "../controller/SqliteNetworkController.hpp"
#else
class SqliteNetworkController;
#endif
#endif // ZT_ENABLE_NETWORK_CONTROLLER
#ifdef __WINDOWS__
#include <ShlObj.h>
#else
#include <sys/types.h>
#include <sys/wait.h>
#include <unistd.h>
#endif
// Include the right tap device driver for this platform -- add new platforms here
@ -98,6 +106,168 @@ namespace ZeroTier {
namespace {
#ifdef ZT_AUTO_UPDATE
#define ZT_AUTO_UPDATE_MAX_HTTP_RESPONSE_SIZE (1024 * 1024 * 64)
class BackgroundSoftwareUpdateChecker
{
public:
bool isValidSigningIdentity(const Identity &id)
{
return (
/* 0005 */ (id == Identity("ba57ea350e:0:9d4be6d7f86c5660d5ee1951a3d759aa6e12a84fc0c0b74639500f1dbc1a8c566622e7d1c531967ebceb1e9d1761342f88324a8ba520c93c35f92f35080fa23f"))
/* 0006 */ ||(id == Identity("5067b21b83:0:8af477730f5055c48135b84bed6720a35bca4c0e34be4060a4c636288b1ec22217eb22709d610c66ed464c643130c51411bbb0294eef12fbe8ecc1a1e2c63a7a"))
/* 0007 */ ||(id == Identity("4f5e97a8f1:0:57880d056d7baeb04bbc057d6f16e6cb41388570e87f01492fce882485f65a798648595610a3ad49885604e7fb1db2dd3c2c534b75e42c3c0b110ad07b4bb138"))
/* 0008 */ ||(id == Identity("580bbb8e15:0:ad5ef31155bebc6bc413991992387e083fed26d699997ef76e7c947781edd47d1997161fa56ba337b1a2b44b129fd7c7197ce5185382f06011bc88d1363b4ddd"))
);
}
void doUpdateCheck()
{
std::string url(OneService::autoUpdateUrl());
if ((url.length() <= 7)||(url.substr(0,7) != "http://"))
return;
std::string httpHost;
std::string httpPath;
{
std::size_t slashIdx = url.substr(7).find_first_of('/');
if (slashIdx == std::string::npos) {
httpHost = url.substr(7);
httpPath = "/";
} else {
httpHost = url.substr(7,slashIdx);
httpPath = url.substr(slashIdx + 7);
}
}
if (httpHost.length() == 0)
return;
std::vector<InetAddress> ips(OSUtils::resolve(httpHost.c_str()));
for(std::vector<InetAddress>::iterator ip(ips.begin());ip!=ips.end();++ip) {
if (!ip->port())
ip->setPort(80);
std::string nfoPath = httpPath + "LATEST.nfo";
std::map<std::string,std::string> requestHeaders,responseHeaders;
std::string body;
requestHeaders["Host"] = httpHost;
unsigned int scode = Http::GET(ZT_AUTO_UPDATE_MAX_HTTP_RESPONSE_SIZE,60000,reinterpret_cast<const struct sockaddr *>(&(*ip)),nfoPath.c_str(),requestHeaders,responseHeaders,body);
//fprintf(stderr,"UPDATE %s %s %u %lu\n",ip->toString().c_str(),nfoPath.c_str(),scode,body.length());
if ((scode == 200)&&(body.length() > 0)) {
/* NFO fields:
*
* file=<filename>
* signedBy=<signing identity>
* ed25519=<ed25519 ECC signature of archive>
* vMajor=<major version>
* vMinor=<minor version>
* vRevision=<revision> */
Dictionary nfo(body);
unsigned int vMajor = Utils::strToUInt(nfo.get("vMajor","0").c_str());
unsigned int vMinor = Utils::strToUInt(nfo.get("vMinor","0").c_str());
unsigned int vRevision = Utils::strToUInt(nfo.get("vRevision","0").c_str());
if (Utils::compareVersion(vMajor,vMinor,vRevision,ZEROTIER_ONE_VERSION_MAJOR,ZEROTIER_ONE_VERSION_MINOR,ZEROTIER_ONE_VERSION_REVISION) <= 0) {
//fprintf(stderr,"UPDATE %u.%u.%u is not newer than our version\n",vMajor,vMinor,vRevision);
return;
}
Identity signedBy;
if ((!signedBy.fromString(nfo.get("signedBy","")))||(!isValidSigningIdentity(signedBy))) {
//fprintf(stderr,"UPDATE invalid signedBy or not authorized signing identity.\n");
return;
}
std::string filePath(nfo.get("file",""));
if ((!filePath.length())||(filePath.find("..") != std::string::npos))
return;
filePath = httpPath + filePath;
std::string fileData;
if (Http::GET(ZT_AUTO_UPDATE_MAX_HTTP_RESPONSE_SIZE,60000,reinterpret_cast<const struct sockaddr *>(&(*ip)),filePath.c_str(),requestHeaders,responseHeaders,fileData) != 200) {
//fprintf(stderr,"UPDATE GET %s failed\n",filePath.c_str());
return;
}
std::string ed25519(nfo.get("ed25519",""));
if ((ed25519.length() == 0)||(!signedBy.verify(fileData.data(),(unsigned int)fileData.length(),ed25519.data(),(unsigned int)ed25519.length()))) {
//fprintf(stderr,"UPDATE %s failed signature check!\n",filePath.c_str());
return;
}
/* --------------------------------------------------------------- */
/* We made it! Begin OS-specific installation code. */
#ifdef __APPLE__
/* OSX version is in the form of a MacOSX .pkg file, so we will
* launch installer (normally in /usr/sbin) to install it. It will
* then turn around and shut down the service, update files, and
* relaunch. */
{
char bashp[128],pkgp[128];
Utils::snprintf(bashp,sizeof(bashp),"/tmp/ZeroTierOne-update-%u.%u.%u.sh",vMajor,vMinor,vRevision);
Utils::snprintf(pkgp,sizeof(pkgp),"/tmp/ZeroTierOne-update-%u.%u.%u.pkg",vMajor,vMinor,vRevision);
FILE *pkg = fopen(pkgp,"w");
if ((!pkg)||(fwrite(fileData.data(),fileData.length(),1,pkg) != 1)) {
fclose(pkg);
unlink(bashp);
unlink(pkgp);
fprintf(stderr,"UPDATE error writing %s\n",pkgp);
return;
}
fclose(pkg);
FILE *bash = fopen(bashp,"w");
if (!bash) {
fclose(pkg);
unlink(bashp);
unlink(pkgp);
fprintf(stderr,"UPDATE error writing %s\n",bashp);
return;
}
fprintf(bash,
"#!/bin/bash\n"
"export PATH=/bin:/usr/bin:/usr/sbin:/sbin:/usr/local/bin:/usr/local/sbin\n"
"sleep 2\n"
"installer -pkg \"%s\" -target /\n"
"sleep 1\n"
"rm -f \"%s\" \"%s\"\n"
"exit 0\n",
pkgp,
pkgp,
bashp);
fclose(bash);
long pid = (long)vfork();
if (pid == 0) {
execl("/bin/bash","/bin/bash",bashp,(char *)0);
exit(0);
}
}
#endif // __APPLE__
#ifdef __WINDOWS__
/* Windows version comes in the form of .MSI package that
* takes care of everything. */
{
}
#endif // __WINDOWS__
/* --------------------------------------------------------------- */
return;
} // else try to fetch from next IP address
}
}
void threadMain()
throw()
{
try {
this->doUpdateCheck();
} catch ( ... ) {}
}
};
static BackgroundSoftwareUpdateChecker backgroundSoftwareUpdateChecker;
#endif // ZT_AUTO_UPDATE
class OneServiceImpl;
static int SnodeVirtualNetworkConfigFunction(ZT1_Node *node,void *uptr,uint64_t nwid,enum ZT1_VirtualNetworkConfigOperation op,const ZT1_VirtualNetworkConfig *nwconf);
@ -197,6 +367,10 @@ public:
char portstr[64];
Utils::snprintf(portstr,sizeof(portstr),"%u",port);
OSUtils::writeFile((_homePath + ZT_PATH_SEPARATOR_S + "zerotier-one.port").c_str(),std::string(portstr));
#ifdef ZT_AUTO_UPDATE
Thread::start(&backgroundSoftwareUpdateChecker);
#endif
}
virtual ~OneServiceImpl()
@ -956,11 +1130,11 @@ std::string OneService::autoUpdateUrl()
*/
#if defined(__APPLE__) && ( defined(__i386__) || defined(__x86_64) || defined(__x86_64__) || defined(__amd64) || defined(__i386) )
return "http://download.zerotier.com/update/mac_intel/LATEST.nfo";
return "http://download.zerotier.com/update/mac_intel/";
#endif
#ifdef __WINDOWS__
return "http://download.zerotier.com/update/win_intel/LATEST.nfo";
return "http://download.zerotier.com/update/win_intel/";
#endif
#endif // ZT_AUTO_UPDATE

177
updater.cpp
Unescape View File

@ -1,177 +0,0 @@
/*
* ZeroTier One - Network Virtualization Everywhere
* Copyright (C) 2011-2015 ZeroTier, Inc.
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
* --
*
* ZeroTier may be used and distributed under the terms of the GPLv3, which
* are available at: http://www.gnu.org/licenses/gpl-3.0.html
*
* If you would like to embed ZeroTier into a commercial application or
* redistribute it in a modified binary form, please contact ZeroTier Networks
* LLC. Start here: http://www.zerotier.com/
*/
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <stdint.h>
#include <time.h>
#include <string>
#include <vector>
#include <map>
#include <algorithm>
#include <stdexcept>
#include "version.h"
#include "include/ZeroTierOne.h"
#include "node/Constants.hpp"
#ifdef __WINDOWS__
#include <WinSock2.h>
#include <Windows.h>
#include <tchar.h>
#include <wchar.h>
#include <lmcons.h>
#include <newdev.h>
#include <atlbase.h>
#else
#include <unistd.h>
#include <pwd.h>
#include <fcntl.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <signal.h>
#endif
#include "node/Utils.hpp"
#include "node/Address.hpp"
#include "node/Dictionary.hpp"
#include "node/Identity.hpp"
#include "osdep/OSUtils.hpp"
#include "osdep/Http.hpp"
using namespace ZeroTier;
namespace {
static std::map< Address,Identity > updateAuthorities()
{
std::map< Address,Identity > ua;
{ // 0001
Identity id("e9bc3707b5:0:c4cef17bde99eadf9748c4fd11b9b06dc5cd8eb429227811d2c336e6b96a8d329e8abd0a4f45e47fe1bcebf878c004c822d952ff77fc2833af4c74e65985c435");
ua[id.address()] = id;
}
{ // 0002
Identity id("56520eaf93:0:7d858b47988b34399a9a31136de07b46104d7edb4a98fa1d6da3e583d3a33e48be531532b886f0b12cd16794a66ab9220749ec5112cbe96296b18fe0cc79ca05");
ua[id.address()] = id;
}
{ // 0003
Identity id("7c195de2e0:0:9f659071c960f9b0f0b96f9f9ecdaa27c7295feed9c79b7db6eedcc11feb705e6dd85c70fa21655204d24c897865b99eb946b753a2bbcf2be5f5e006ae618c54");
ua[id.address()] = id;
}
{ // 0004
Identity id("415f4cfde7:0:54118e87777b0ea5d922c10b337c4f4bd1db7141845bd54004b3255551a6e356ba6b9e1e85357dbfafc45630b8faa2ebf992f31479e9005f0472685f2d8cbd6e");
ua[id.address()] = id;
}
return ua;
}
static bool validateUpdate(
const void *data,
unsigned int len,
const Address &signedBy,
const std::string &signature)
{
std::map< Address,Identity > ua(updateAuthorities());
std::map< Address,Identity >::const_iterator updateAuthority = ua.find(signedBy);
if (updateAuthority == ua.end())
return false;
return updateAuthority->second.verify(data,len,signature.data(),(unsigned int)signature.length());
}
/*
static inline const char *updateUrl()
{
#if defined(__LINUX__) && ( defined(__i386__) || defined(__x86_64) || defined(__x86_64__) || defined(__amd64) || defined(__i386) )
if (sizeof(void *) == 8)
return "http://download.zerotier.com/ZeroTierOneInstaller-linux-x64-LATEST.nfo";
else return "http://download.zerotier.com/ZeroTierOneInstaller-linux-x86-LATEST.nfo";
#define GOT_UPDATE_URL
#endif
#ifdef __APPLE__
return "http://download.zerotier.com/ZeroTierOneInstaller-mac-combined-LATEST.nfo";
#define GOT_UPDATE_URL
#endif
#ifdef __WINDOWS__
return "http://download.zerotier.com/ZeroTierOneInstaller-windows-intel-LATEST.nfo";
#define GOT_UPDATE_URL
#endif
#ifndef GOT_UPDATE_URL
return "";
#endif
}
*/
static const char *parseUpdateNfo(
const char *nfoText,
unsigned int &vMajor,
unsigned int &vMinor,
unsigned int &vRevision,
Address &signedBy,
std::string &signature,
std::string &url)
{
try {
Dictionary nfo(nfoText);
vMajor = Utils::strToUInt(nfo.get("vMajor").c_str());
vMinor = Utils::strToUInt(nfo.get("vMinor").c_str());
vRevision = Utils::strToUInt(nfo.get("vRevision").c_str());
signedBy = nfo.get("signedBy");
signature = Utils::unhex(nfo.get("ed25519"));
url = nfo.get("url");
if (signature.length() != ZT_C25519_SIGNATURE_LEN)
return "bad ed25519 signature, invalid length";
if ((url.length() <= 7)||(url.substr(0,7) != "http://"))
return "invalid URL, must begin with http://";
return (const char *)0;
} catch ( ... ) {
return "invalid NFO file format or one or more required fields missing";
}
}
} // anonymous namespace
#ifdef __WINDOWS__
int _tmain(int argc, _TCHAR* argv[])
#else
int main(int argc,char **argv)
#endif
{
#ifdef __WINDOWS__
WSADATA wsaData;
WSAStartup(MAKEWORD(2,2),&wsaData);
#endif
return 0;
}
Write Preview
Loading…
Cancel
Save