|
|
|
|
@ -21,6 +21,20 @@
|
|
|
|
|
#include <string.h> |
|
|
|
|
#include <stdint.h> |
|
|
|
|
|
|
|
|
|
#ifdef __WINDOWS__ |
|
|
|
|
#include <WinSock2.h> |
|
|
|
|
#include <Windows.h> |
|
|
|
|
#include <ShlObj.h> |
|
|
|
|
#include <netioapi.h> |
|
|
|
|
#include <iphlpapi.h> |
|
|
|
|
#else |
|
|
|
|
#include <sys/types.h> |
|
|
|
|
#include <sys/socket.h> |
|
|
|
|
#include <sys/wait.h> |
|
|
|
|
#include <unistd.h> |
|
|
|
|
#include <ifaddrs.h> |
|
|
|
|
#endif |
|
|
|
|
|
|
|
|
|
#include "SoftwareUpdater.hpp" |
|
|
|
|
|
|
|
|
|
#include "../version.h" |
|
|
|
|
@ -42,225 +56,36 @@
|
|
|
|
|
|
|
|
|
|
namespace ZeroTier { |
|
|
|
|
|
|
|
|
|
#if 0 |
|
|
|
|
#ifdef ZT_AUTO_UPDATE |
|
|
|
|
#define ZT_AUTO_UPDATE_MAX_HTTP_RESPONSE_SIZE (1024 * 1024 * 64) |
|
|
|
|
#define ZT_AUTO_UPDATE_CHECK_PERIOD 21600000 |
|
|
|
|
class BackgroundSoftwareUpdateChecker |
|
|
|
|
{ |
|
|
|
|
public: |
|
|
|
|
bool isValidSigningIdentity(const Identity &id) |
|
|
|
|
{ |
|
|
|
|
return ( |
|
|
|
|
/* 0001 - 0004 : obsolete, used in old versions */ |
|
|
|
|
/* 0005 */ (id == Identity("ba57ea350e:0:9d4be6d7f86c5660d5ee1951a3d759aa6e12a84fc0c0b74639500f1dbc1a8c566622e7d1c531967ebceb1e9d1761342f88324a8ba520c93c35f92f35080fa23f")) |
|
|
|
|
/* 0006 */ ||(id == Identity("5067b21b83:0:8af477730f5055c48135b84bed6720a35bca4c0e34be4060a4c636288b1ec22217eb22709d610c66ed464c643130c51411bbb0294eef12fbe8ecc1a1e2c63a7a")) |
|
|
|
|
/* 0007 */ ||(id == Identity("4f5e97a8f1:0:57880d056d7baeb04bbc057d6f16e6cb41388570e87f01492fce882485f65a798648595610a3ad49885604e7fb1db2dd3c2c534b75e42c3c0b110ad07b4bb138")) |
|
|
|
|
/* 0008 */ ||(id == Identity("580bbb8e15:0:ad5ef31155bebc6bc413991992387e083fed26d699997ef76e7c947781edd47d1997161fa56ba337b1a2b44b129fd7c7197ce5185382f06011bc88d1363b4ddd")) |
|
|
|
|
); |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
void doUpdateCheck() |
|
|
|
|
{ |
|
|
|
|
std::string url(OneService::autoUpdateUrl()); |
|
|
|
|
if ((url.length() <= 7)||(url.substr(0,7) != "http://")) |
|
|
|
|
return; |
|
|
|
|
|
|
|
|
|
std::string httpHost; |
|
|
|
|
std::string httpPath; |
|
|
|
|
{ |
|
|
|
|
std::size_t slashIdx = url.substr(7).find_first_of('/'); |
|
|
|
|
if (slashIdx == std::string::npos) { |
|
|
|
|
httpHost = url.substr(7); |
|
|
|
|
httpPath = "/"; |
|
|
|
|
} else { |
|
|
|
|
httpHost = url.substr(7,slashIdx); |
|
|
|
|
httpPath = url.substr(slashIdx + 7); |
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|
if (httpHost.length() == 0) |
|
|
|
|
return; |
|
|
|
|
|
|
|
|
|
std::vector<InetAddress> ips(OSUtils::resolve(httpHost.c_str())); |
|
|
|
|
for(std::vector<InetAddress>::iterator ip(ips.begin());ip!=ips.end();++ip) { |
|
|
|
|
if (!ip->port()) |
|
|
|
|
ip->setPort(80); |
|
|
|
|
std::string nfoPath = httpPath + "LATEST.nfo"; |
|
|
|
|
std::map<std::string,std::string> requestHeaders,responseHeaders; |
|
|
|
|
std::string body; |
|
|
|
|
requestHeaders["Host"] = httpHost; |
|
|
|
|
unsigned int scode = Http::GET(ZT_AUTO_UPDATE_MAX_HTTP_RESPONSE_SIZE,60000,reinterpret_cast<const struct sockaddr *>(&(*ip)),nfoPath.c_str(),requestHeaders,responseHeaders,body); |
|
|
|
|
//fprintf(stderr,"UPDATE %s %s %u %lu\n",ip->toString().c_str(),nfoPath.c_str(),scode,body.length());
|
|
|
|
|
if ((scode == 200)&&(body.length() > 0)) { |
|
|
|
|
/* NFO fields:
|
|
|
|
|
* |
|
|
|
|
* file=<filename> |
|
|
|
|
* signedBy=<signing identity> |
|
|
|
|
* ed25519=<ed25519 ECC signature of archive in hex> |
|
|
|
|
* vMajor=<major version> |
|
|
|
|
* vMinor=<minor version> |
|
|
|
|
* vRevision=<revision> */ |
|
|
|
|
Dictionary<4096> nfo(body.c_str()); |
|
|
|
|
char tmp[2048]; |
|
|
|
|
|
|
|
|
|
if (nfo.get("vMajor",tmp,sizeof(tmp)) <= 0) return; |
|
|
|
|
const unsigned int vMajor = Utils::strToUInt(tmp); |
|
|
|
|
if (nfo.get("vMinor",tmp,sizeof(tmp)) <= 0) return; |
|
|
|
|
const unsigned int vMinor = Utils::strToUInt(tmp); |
|
|
|
|
if (nfo.get("vRevision",tmp,sizeof(tmp)) <= 0) return; |
|
|
|
|
const unsigned int vRevision = Utils::strToUInt(tmp); |
|
|
|
|
if (Utils::compareVersion(vMajor,vMinor,vRevision,ZEROTIER_ONE_VERSION_MAJOR,ZEROTIER_ONE_VERSION_MINOR,ZEROTIER_ONE_VERSION_REVISION) <= 0) { |
|
|
|
|
//fprintf(stderr,"UPDATE %u.%u.%u is not newer than our version\n",vMajor,vMinor,vRevision);
|
|
|
|
|
return; |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
if (nfo.get("signedBy",tmp,sizeof(tmp)) <= 0) return; |
|
|
|
|
Identity signedBy; |
|
|
|
|
if ((!signedBy.fromString(tmp))||(!isValidSigningIdentity(signedBy))) { |
|
|
|
|
//fprintf(stderr,"UPDATE invalid signedBy or not authorized signing identity.\n");
|
|
|
|
|
return; |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
if (nfo.get("file",tmp,sizeof(tmp)) <= 0) return; |
|
|
|
|
std::string filePath(tmp); |
|
|
|
|
if ((!filePath.length())||(filePath.find("..") != std::string::npos)) |
|
|
|
|
return; |
|
|
|
|
filePath = httpPath + filePath; |
|
|
|
|
|
|
|
|
|
std::string fileData; |
|
|
|
|
if (Http::GET(ZT_AUTO_UPDATE_MAX_HTTP_RESPONSE_SIZE,60000,reinterpret_cast<const struct sockaddr *>(&(*ip)),filePath.c_str(),requestHeaders,responseHeaders,fileData) != 200) { |
|
|
|
|
//fprintf(stderr,"UPDATE GET %s failed\n",filePath.c_str());
|
|
|
|
|
return; |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
if (nfo.get("ed25519",tmp,sizeof(tmp)) <= 0) return; |
|
|
|
|
std::string ed25519(Utils::unhex(tmp)); |
|
|
|
|
if ((ed25519.length() == 0)||(!signedBy.verify(fileData.data(),(unsigned int)fileData.length(),ed25519.data(),(unsigned int)ed25519.length()))) { |
|
|
|
|
//fprintf(stderr,"UPDATE %s failed signature check!\n",filePath.c_str());
|
|
|
|
|
return; |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
/* --------------------------------------------------------------- */ |
|
|
|
|
/* We made it! Begin OS-specific installation code. */ |
|
|
|
|
|
|
|
|
|
#ifdef __APPLE__ |
|
|
|
|
/* OSX version is in the form of a MacOSX .pkg file, so we will
|
|
|
|
|
* launch installer (normally in /usr/sbin) to install it. It will |
|
|
|
|
* then turn around and shut down the service, update files, and |
|
|
|
|
* relaunch. */ |
|
|
|
|
{ |
|
|
|
|
char bashp[128],pkgp[128]; |
|
|
|
|
Utils::snprintf(bashp,sizeof(bashp),"/tmp/ZeroTierOne-update-%u.%u.%u.sh",vMajor,vMinor,vRevision); |
|
|
|
|
Utils::snprintf(pkgp,sizeof(pkgp),"/tmp/ZeroTierOne-update-%u.%u.%u.pkg",vMajor,vMinor,vRevision); |
|
|
|
|
FILE *pkg = fopen(pkgp,"w"); |
|
|
|
|
if ((!pkg)||(fwrite(fileData.data(),fileData.length(),1,pkg) != 1)) { |
|
|
|
|
fclose(pkg); |
|
|
|
|
unlink(bashp); |
|
|
|
|
unlink(pkgp); |
|
|
|
|
fprintf(stderr,"UPDATE error writing %s\n",pkgp); |
|
|
|
|
return; |
|
|
|
|
} |
|
|
|
|
fclose(pkg); |
|
|
|
|
FILE *bash = fopen(bashp,"w"); |
|
|
|
|
if (!bash) { |
|
|
|
|
fclose(pkg); |
|
|
|
|
unlink(bashp); |
|
|
|
|
unlink(pkgp); |
|
|
|
|
fprintf(stderr,"UPDATE error writing %s\n",bashp); |
|
|
|
|
return; |
|
|
|
|
} |
|
|
|
|
fprintf(bash, |
|
|
|
|
"#!/bin/bash\n" |
|
|
|
|
"export PATH=/bin:/usr/bin:/usr/sbin:/sbin:/usr/local/bin:/usr/local/sbin\n" |
|
|
|
|
"sleep 1\n" |
|
|
|
|
"installer -pkg \"%s\" -target /\n" |
|
|
|
|
"sleep 1\n" |
|
|
|
|
"rm -f \"%s\" \"%s\"\n" |
|
|
|
|
"exit 0\n", |
|
|
|
|
pkgp, |
|
|
|
|
pkgp, |
|
|
|
|
bashp); |
|
|
|
|
fclose(bash); |
|
|
|
|
long pid = (long)vfork(); |
|
|
|
|
if (pid == 0) { |
|
|
|
|
setsid(); // detach from parent so that shell isn't killed when parent is killed
|
|
|
|
|
signal(SIGHUP,SIG_IGN); |
|
|
|
|
signal(SIGTERM,SIG_IGN); |
|
|
|
|
signal(SIGQUIT,SIG_IGN); |
|
|
|
|
execl("/bin/bash","/bin/bash",bashp,(char *)0); |
|
|
|
|
exit(0); |
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|
#endif // __APPLE__
|
|
|
|
|
|
|
|
|
|
#ifdef __WINDOWS__ |
|
|
|
|
/* Windows version comes in the form of .MSI package that
|
|
|
|
|
* takes care of everything. */ |
|
|
|
|
{ |
|
|
|
|
char tempp[512],batp[512],msip[512],cmdline[512]; |
|
|
|
|
if (GetTempPathA(sizeof(tempp),tempp) <= 0) |
|
|
|
|
return; |
|
|
|
|
CreateDirectoryA(tempp,(LPSECURITY_ATTRIBUTES)0); |
|
|
|
|
Utils::snprintf(batp,sizeof(batp),"%s\\ZeroTierOne-update-%u.%u.%u.bat",tempp,vMajor,vMinor,vRevision); |
|
|
|
|
Utils::snprintf(msip,sizeof(msip),"%s\\ZeroTierOne-update-%u.%u.%u.msi",tempp,vMajor,vMinor,vRevision); |
|
|
|
|
FILE *msi = fopen(msip,"wb"); |
|
|
|
|
if ((!msi)||(fwrite(fileData.data(),(size_t)fileData.length(),1,msi) != 1)) { |
|
|
|
|
fclose(msi); |
|
|
|
|
return; |
|
|
|
|
} |
|
|
|
|
fclose(msi); |
|
|
|
|
FILE *bat = fopen(batp,"wb"); |
|
|
|
|
if (!bat) |
|
|
|
|
return; |
|
|
|
|
fprintf(bat, |
|
|
|
|
"TIMEOUT.EXE /T 1 /NOBREAK\r\n" |
|
|
|
|
"NET.EXE STOP \"ZeroTierOneService\"\r\n" |
|
|
|
|
"TIMEOUT.EXE /T 1 /NOBREAK\r\n" |
|
|
|
|
"MSIEXEC.EXE /i \"%s\" /qn\r\n" |
|
|
|
|
"TIMEOUT.EXE /T 1 /NOBREAK\r\n" |
|
|
|
|
"NET.EXE START \"ZeroTierOneService\"\r\n" |
|
|
|
|
"DEL \"%s\"\r\n" |
|
|
|
|
"DEL \"%s\"\r\n", |
|
|
|
|
msip, |
|
|
|
|
msip, |
|
|
|
|
batp); |
|
|
|
|
fclose(bat); |
|
|
|
|
STARTUPINFOA si; |
|
|
|
|
PROCESS_INFORMATION pi; |
|
|
|
|
memset(&si,0,sizeof(si)); |
|
|
|
|
memset(&pi,0,sizeof(pi)); |
|
|
|
|
Utils::snprintf(cmdline,sizeof(cmdline),"CMD.EXE /c \"%s\"",batp); |
|
|
|
|
CreateProcessA(NULL,cmdline,NULL,NULL,FALSE,CREATE_NO_WINDOW|CREATE_NEW_PROCESS_GROUP,NULL,NULL,&si,&pi); |
|
|
|
|
} |
|
|
|
|
#endif // __WINDOWS__
|
|
|
|
|
|
|
|
|
|
/* --------------------------------------------------------------- */ |
|
|
|
|
|
|
|
|
|
return; |
|
|
|
|
} // else try to fetch from next IP address
|
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
void threadMain() |
|
|
|
|
throw() |
|
|
|
|
{ |
|
|
|
|
try { |
|
|
|
|
this->doUpdateCheck(); |
|
|
|
|
} catch ( ... ) {} |
|
|
|
|
} |
|
|
|
|
}; |
|
|
|
|
static BackgroundSoftwareUpdateChecker backgroundSoftwareUpdateChecker; |
|
|
|
|
#endif // ZT_AUTO_UPDATE
|
|
|
|
|
#endif |
|
|
|
|
|
|
|
|
|
SoftwareUpdater::SoftwareUpdater(Node &node,const std::string &homePath) : |
|
|
|
|
_node(node), |
|
|
|
|
_lastCheckTime(0), |
|
|
|
|
_homePath(homePath), |
|
|
|
|
_channel(ZT_SOFTWARE_UPDATE_DEFAULT_CHANNEL), |
|
|
|
|
_latestBinLength(0), |
|
|
|
|
_latestBinValid(false) |
|
|
|
|
_latestValid(false), |
|
|
|
|
_downloadLength(0) |
|
|
|
|
{ |
|
|
|
|
// Check for a cached newer update. If there's a cached update that is not newer or looks bad, delete.
|
|
|
|
|
try { |
|
|
|
|
std::string buf; |
|
|
|
|
if (OSUtils::readFile((_homePath + ZT_PATH_SEPARATOR_S ZT_SOFTWARE_UPDATE_META_FILENAME).c_str(),buf)) { |
|
|
|
|
nlohmann::json meta = OSUtils::jsonParse(buf); |
|
|
|
|
buf = std::string(); |
|
|
|
|
const unsigned int rvMaj = (unsigned int)OSUtils::jsonInt(meta[ZT_SOFTWARE_UPDATE_JSON_VERSION_MAJOR],0); |
|
|
|
|
const unsigned int rvMin = (unsigned int)OSUtils::jsonInt(meta[ZT_SOFTWARE_UPDATE_JSON_VERSION_MINOR],0); |
|
|
|
|
const unsigned int rvRev = (unsigned int)OSUtils::jsonInt(meta[ZT_SOFTWARE_UPDATE_JSON_VERSION_REVISION],0); |
|
|
|
|
if ((Utils::compareVersion(rvMaj,rvMin,rvRev,ZEROTIER_ONE_VERSION_MAJOR,ZEROTIER_ONE_VERSION_MINOR,ZEROTIER_ONE_VERSION_REVISION) > 0)&&(OSUtils::readFile((_homePath + ZT_PATH_SEPARATOR_S ZT_SOFTWARE_UPDATE_BIN_FILENAME).c_str(),buf))) { |
|
|
|
|
if ((uint64_t)buf.length() == OSUtils::jsonInt(meta[ZT_SOFTWARE_UPDATE_JSON_UPDATE_SIZE],0)) { |
|
|
|
|
_latestMeta = meta; |
|
|
|
|
_latestValid = true; |
|
|
|
|
//printf("CACHED UPDATE IS NEWER AND LOOKS GOOD\n");
|
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|
} catch ( ... ) {} // exceptions indicate invalid cached update
|
|
|
|
|
if (!_latestValid) { |
|
|
|
|
OSUtils::rm((_homePath + ZT_PATH_SEPARATOR_S ZT_SOFTWARE_UPDATE_META_FILENAME).c_str()); |
|
|
|
|
OSUtils::rm((_homePath + ZT_PATH_SEPARATOR_S ZT_SOFTWARE_UPDATE_BIN_FILENAME).c_str()); |
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
SoftwareUpdater::~SoftwareUpdater() |
|
|
|
|
@ -286,8 +111,9 @@ void SoftwareUpdater::setUpdateDistribution(bool distribute)
|
|
|
|
|
uint8_t sha512[ZT_SHA512_DIGEST_LEN]; |
|
|
|
|
SHA512::hash(sha512,d.bin.data(),(unsigned int)d.bin.length()); |
|
|
|
|
if (!memcmp(sha512,metaHash.data(),ZT_SHA512_DIGEST_LEN)) { // double check that hash in JSON is correct
|
|
|
|
|
d.meta[ZT_SOFTWARE_UPDATE_JSON_UPDATE_SIZE] = d.bin.length(); // override with correct value -- setting this in meta json is optional
|
|
|
|
|
_dist[Array<uint8_t,16>(sha512)] = d; |
|
|
|
|
printf("update-dist.d: %s\n",u->c_str()); |
|
|
|
|
//printf("update-dist.d: %s\n",u->c_str());
|
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|
} catch ( ... ) {} // ignore bad meta JSON, etc.
|
|
|
|
|
@ -351,19 +177,24 @@ void SoftwareUpdater::handleSoftwareUpdateUserMessage(uint64_t origin,const void
|
|
|
|
|
if ((len <= ZT_SOFTWARE_UPDATE_MAX_SIZE)&&(hash.length() >= 16)) { |
|
|
|
|
if (_latestMeta != req) { |
|
|
|
|
_latestMeta = req; |
|
|
|
|
_latestBin = ""; |
|
|
|
|
memcpy(_latestBinHashPrefix.data,hash.data(),16); |
|
|
|
|
_latestBinLength = len; |
|
|
|
|
_latestBinValid = false; |
|
|
|
|
printf("<< LATEST\n%s\n",OSUtils::jsonDump(req).c_str()); |
|
|
|
|
_latestValid = false; |
|
|
|
|
|
|
|
|
|
OSUtils::rm((_homePath + ZT_PATH_SEPARATOR_S ZT_SOFTWARE_UPDATE_META_FILENAME).c_str()); |
|
|
|
|
OSUtils::rm((_homePath + ZT_PATH_SEPARATOR_S ZT_SOFTWARE_UPDATE_BIN_FILENAME).c_str()); |
|
|
|
|
|
|
|
|
|
_download = std::string(); |
|
|
|
|
memcpy(_downloadHashPrefix.data,hash.data(),16); |
|
|
|
|
_downloadLength = len; |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
Buffer<128> gd; |
|
|
|
|
gd.append((uint8_t)VERB_GET_DATA); |
|
|
|
|
gd.append(_latestBinHashPrefix.data,16); |
|
|
|
|
gd.append((uint32_t)_latestBin.length()); |
|
|
|
|
_node.sendUserMessage(ZT_SOFTWARE_UPDATE_SERVICE,ZT_SOFTWARE_UPDATE_USER_MESSAGE_TYPE,gd.data(),gd.size()); |
|
|
|
|
printf(">> GET_DATA @%u\n",(unsigned int)_latestBin.length()); |
|
|
|
|
if ((_downloadLength > 0)&&(_download.length() < _downloadLength)) { |
|
|
|
|
Buffer<128> gd; |
|
|
|
|
gd.append((uint8_t)VERB_GET_DATA); |
|
|
|
|
gd.append(_downloadHashPrefix.data,16); |
|
|
|
|
gd.append((uint32_t)_download.length()); |
|
|
|
|
_node.sendUserMessage(ZT_SOFTWARE_UPDATE_SERVICE,ZT_SOFTWARE_UPDATE_USER_MESSAGE_TYPE,gd.data(),gd.size()); |
|
|
|
|
//printf(">> GET_DATA @%u\n",(unsigned int)_download.length());
|
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
@ -377,36 +208,36 @@ void SoftwareUpdater::handleSoftwareUpdateUserMessage(uint64_t origin,const void
|
|
|
|
|
idx |= (unsigned long)*(reinterpret_cast<const uint8_t *>(data) + 18) << 16; |
|
|
|
|
idx |= (unsigned long)*(reinterpret_cast<const uint8_t *>(data) + 19) << 8; |
|
|
|
|
idx |= (unsigned long)*(reinterpret_cast<const uint8_t *>(data) + 20); |
|
|
|
|
printf("<< GET_DATA @%u from %.10llx for %s\n",(unsigned int)idx,origin,Utils::hex(reinterpret_cast<const uint8_t *>(data) + 1,16).c_str()); |
|
|
|
|
//printf("<< GET_DATA @%u from %.10llx for %s\n",(unsigned int)idx,origin,Utils::hex(reinterpret_cast<const uint8_t *>(data) + 1,16).c_str());
|
|
|
|
|
std::map< Array<uint8_t,16>,_D >::iterator d(_dist.find(Array<uint8_t,16>(reinterpret_cast<const uint8_t *>(data) + 1))); |
|
|
|
|
if ((d != _dist.end())&&(idx < d->second.bin.length())) { |
|
|
|
|
if ((d != _dist.end())&&(idx < (unsigned long)d->second.bin.length())) { |
|
|
|
|
Buffer<ZT_SOFTWARE_UPDATE_CHUNK_SIZE + 128> buf; |
|
|
|
|
buf.append((uint8_t)VERB_DATA); |
|
|
|
|
buf.append(reinterpret_cast<const uint8_t *>(data) + 1,16); |
|
|
|
|
buf.append((uint32_t)idx); |
|
|
|
|
buf.append(d->second.bin.data() + idx,std::min((unsigned long)ZT_SOFTWARE_UPDATE_CHUNK_SIZE,(unsigned long)(d->second.bin.length() - idx))); |
|
|
|
|
_node.sendUserMessage(origin,ZT_SOFTWARE_UPDATE_USER_MESSAGE_TYPE,buf.data(),buf.size()); |
|
|
|
|
printf(">> DATA @%u\n",(unsigned int)idx); |
|
|
|
|
//printf(">> DATA @%u\n",(unsigned int)idx);
|
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|
break; |
|
|
|
|
|
|
|
|
|
case VERB_DATA: |
|
|
|
|
if ((len >= 21)&&(!memcmp(_latestBinHashPrefix.data,reinterpret_cast<const uint8_t *>(data) + 1,16))) { |
|
|
|
|
if ((len >= 21)&&(_downloadLength > 0)&&(!memcmp(_downloadHashPrefix.data,reinterpret_cast<const uint8_t *>(data) + 1,16))) { |
|
|
|
|
unsigned long idx = (unsigned long)*(reinterpret_cast<const uint8_t *>(data) + 17) << 24; |
|
|
|
|
idx |= (unsigned long)*(reinterpret_cast<const uint8_t *>(data) + 18) << 16; |
|
|
|
|
idx |= (unsigned long)*(reinterpret_cast<const uint8_t *>(data) + 19) << 8; |
|
|
|
|
idx |= (unsigned long)*(reinterpret_cast<const uint8_t *>(data) + 20); |
|
|
|
|
printf("<< DATA @%u / %u bytes (we now have %u bytes)\n",(unsigned int)idx,(unsigned int)(len - 21),(unsigned int)_latestBin.length()); |
|
|
|
|
if (idx == _latestBin.length()) { |
|
|
|
|
_latestBin.append(reinterpret_cast<const char *>(data) + 21,len - 21); |
|
|
|
|
if (_latestBin.length() < _latestBinLength) { |
|
|
|
|
//printf("<< DATA @%u / %u bytes (we now have %u bytes)\n",(unsigned int)idx,(unsigned int)(len - 21),(unsigned int)_download.length());
|
|
|
|
|
if (idx == (unsigned long)_download.length()) { |
|
|
|
|
_download.append(reinterpret_cast<const char *>(data) + 21,len - 21); |
|
|
|
|
if (_download.length() < _downloadLength) { |
|
|
|
|
Buffer<128> gd; |
|
|
|
|
gd.append((uint8_t)VERB_GET_DATA); |
|
|
|
|
gd.append(_latestBinHashPrefix.data,16); |
|
|
|
|
gd.append((uint32_t)_latestBin.length()); |
|
|
|
|
gd.append(_downloadHashPrefix.data,16); |
|
|
|
|
gd.append((uint32_t)_download.length()); |
|
|
|
|
_node.sendUserMessage(ZT_SOFTWARE_UPDATE_SERVICE,ZT_SOFTWARE_UPDATE_USER_MESSAGE_TYPE,gd.data(),gd.size()); |
|
|
|
|
printf(">> GET_DATA @%u\n",(unsigned int)_latestBin.length()); |
|
|
|
|
//printf(">> GET_DATA @%u\n",(unsigned int)_download.length());
|
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|
@ -444,47 +275,57 @@ bool SoftwareUpdater::check(const uint64_t now)
|
|
|
|
|
(int)ZT_VENDOR_ZEROTIER, |
|
|
|
|
_channel.c_str()); |
|
|
|
|
_node.sendUserMessage(ZT_SOFTWARE_UPDATE_SERVICE,ZT_SOFTWARE_UPDATE_USER_MESSAGE_TYPE,tmp,len); |
|
|
|
|
printf(">> GET_LATEST\n"); |
|
|
|
|
//printf(">> GET_LATEST\n");
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
if (_latestBinLength > 0) { |
|
|
|
|
if (_latestBin.length() >= _latestBinLength) { |
|
|
|
|
if (_latestBinValid) { |
|
|
|
|
return true; |
|
|
|
|
} else { |
|
|
|
|
// This is the very important security validation part that makes sure
|
|
|
|
|
// this software update doesn't have cooties.
|
|
|
|
|
|
|
|
|
|
try { |
|
|
|
|
// (1) Check the hash itself to make sure the image is basically okay
|
|
|
|
|
uint8_t sha512[ZT_SHA512_DIGEST_LEN]; |
|
|
|
|
SHA512::hash(sha512,_latestBin.data(),(unsigned int)_latestBin.length()); |
|
|
|
|
if (Utils::hex(sha512,ZT_SHA512_DIGEST_LEN) == OSUtils::jsonString(_latestMeta[ZT_SOFTWARE_UPDATE_JSON_UPDATE_HASH],"~")) { |
|
|
|
|
// (2) Check signature by signing authority
|
|
|
|
|
std::string sig(OSUtils::jsonBinFromHex(_latestMeta[ZT_SOFTWARE_UPDATE_JSON_UPDATE_SIGNATURE])); |
|
|
|
|
if (Identity(ZT_SOFTWARE_UPDATE_SIGNING_AUTHORITY).verify(_latestBin.data(),(unsigned int)_latestBin.length(),sig.data(),(unsigned int)sig.length())) { |
|
|
|
|
// If we passed both of these, the update is good!
|
|
|
|
|
_latestBinValid = true; |
|
|
|
|
printf("VALID UPDATE\n%s\n",OSUtils::jsonDump(_latestMeta).c_str()); |
|
|
|
|
if (_latestValid) |
|
|
|
|
return true; |
|
|
|
|
|
|
|
|
|
if (_downloadLength > 0) { |
|
|
|
|
if (_download.length() >= _downloadLength) { |
|
|
|
|
// This is the very important security validation part that makes sure
|
|
|
|
|
// this software update doesn't have cooties.
|
|
|
|
|
|
|
|
|
|
const std::string metaPath(_homePath + ZT_PATH_SEPARATOR_S ZT_SOFTWARE_UPDATE_META_FILENAME); |
|
|
|
|
const std::string binPath(_homePath + ZT_PATH_SEPARATOR_S ZT_SOFTWARE_UPDATE_BIN_FILENAME); |
|
|
|
|
|
|
|
|
|
try { |
|
|
|
|
// (1) Check the hash itself to make sure the image is basically okay
|
|
|
|
|
uint8_t sha512[ZT_SHA512_DIGEST_LEN]; |
|
|
|
|
SHA512::hash(sha512,_download.data(),(unsigned int)_download.length()); |
|
|
|
|
if (Utils::hex(sha512,ZT_SHA512_DIGEST_LEN) == OSUtils::jsonString(_latestMeta[ZT_SOFTWARE_UPDATE_JSON_UPDATE_HASH],"~")) { |
|
|
|
|
// (2) Check signature by signing authority
|
|
|
|
|
std::string sig(OSUtils::jsonBinFromHex(_latestMeta[ZT_SOFTWARE_UPDATE_JSON_UPDATE_SIGNATURE])); |
|
|
|
|
if (Identity(ZT_SOFTWARE_UPDATE_SIGNING_AUTHORITY).verify(_download.data(),(unsigned int)_download.length(),sig.data(),(unsigned int)sig.length())) { |
|
|
|
|
// (3) Try to save file, and if so we are good.
|
|
|
|
|
if (OSUtils::writeFile(metaPath.c_str(),OSUtils::jsonDump(_latestMeta)) && OSUtils::writeFile(binPath.c_str(),_download)) { |
|
|
|
|
OSUtils::lockDownFile(metaPath.c_str(),false); |
|
|
|
|
OSUtils::lockDownFile(binPath.c_str(),false); |
|
|
|
|
_latestValid = true; |
|
|
|
|
//printf("VALID UPDATE\n%s\n",OSUtils::jsonDump(_latestMeta).c_str());
|
|
|
|
|
_download = std::string(); |
|
|
|
|
_downloadLength = 0; |
|
|
|
|
return true; |
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|
} catch ( ... ) {} // any exception equals verification failure
|
|
|
|
|
printf("INVALID UPDATE (!!!)\n%s\n",OSUtils::jsonDump(_latestMeta).c_str()); |
|
|
|
|
|
|
|
|
|
// If we get here, checks failed.
|
|
|
|
|
_latestMeta = nlohmann::json(); |
|
|
|
|
_latestBin = ""; |
|
|
|
|
_latestBinLength = 0; |
|
|
|
|
_latestBinValid = false; |
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|
} catch ( ... ) {} // any exception equals verification failure
|
|
|
|
|
|
|
|
|
|
// If we get here, checks failed.
|
|
|
|
|
//printf("INVALID UPDATE (!!!)\n%s\n",OSUtils::jsonDump(_latestMeta).c_str());
|
|
|
|
|
OSUtils::rm(metaPath.c_str()); |
|
|
|
|
OSUtils::rm(binPath.c_str()); |
|
|
|
|
_latestMeta = nlohmann::json(); |
|
|
|
|
_latestValid = false; |
|
|
|
|
_download = std::string(); |
|
|
|
|
_downloadLength = 0; |
|
|
|
|
} else { |
|
|
|
|
Buffer<128> gd; |
|
|
|
|
gd.append((uint8_t)VERB_GET_DATA); |
|
|
|
|
gd.append(_latestBinHashPrefix.data,16); |
|
|
|
|
gd.append((uint32_t)_latestBin.length()); |
|
|
|
|
gd.append(_downloadHashPrefix.data,16); |
|
|
|
|
gd.append((uint32_t)_download.length()); |
|
|
|
|
_node.sendUserMessage(ZT_SOFTWARE_UPDATE_SERVICE,ZT_SOFTWARE_UPDATE_USER_MESSAGE_TYPE,gd.data(),gd.size()); |
|
|
|
|
printf(">> GET_DATA @%u\n",(unsigned int)_latestBin.length()); |
|
|
|
|
//printf(">> GET_DATA @%u\n",(unsigned int)_download.length());
|
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
@ -493,7 +334,32 @@ bool SoftwareUpdater::check(const uint64_t now)
|
|
|
|
|
|
|
|
|
|
void SoftwareUpdater::apply() |
|
|
|
|
{ |
|
|
|
|
if ((_latestBin.length() > 0)&&(_latestBinValid)) { |
|
|
|
|
std::string updatePath(_homePath + ZT_PATH_SEPARATOR_S ZT_SOFTWARE_UPDATE_BIN_FILENAME); |
|
|
|
|
if ((_latestMeta.is_object())&&(_latestValid)&&(OSUtils::fileExists(updatePath.c_str(),false))) { |
|
|
|
|
#ifdef __WINDOWS__ |
|
|
|
|
std::string cmdArgs(OSUtils::jsonString(_latestMeta[ZT_SOFTWARE_UPDATE_JSON_UPDATE_EXEC_ARGS],"")); |
|
|
|
|
if (cmdArgs.length() > 0) { |
|
|
|
|
updatePath.push_back(' '); |
|
|
|
|
updatePath.append(cmdArgs); |
|
|
|
|
} |
|
|
|
|
STARTUPINFOA si; |
|
|
|
|
PROCESS_INFORMATION pi; |
|
|
|
|
memset(&si,0,sizeof(si)); |
|
|
|
|
memset(&pi,0,sizeof(pi)); |
|
|
|
|
CreateProcessA(NULL,updatePath.c_str(),NULL,NULL,FALSE,CREATE_NO_WINDOW|CREATE_NEW_PROCESS_GROUP,NULL,NULL,&si,&pi); |
|
|
|
|
#else |
|
|
|
|
char *argv[256]; |
|
|
|
|
unsigned long ac = 0; |
|
|
|
|
argv[ac++] = const_cast<char *>(updatePath.c_str()); |
|
|
|
|
std::vector<std::string> argsSplit(OSUtils::split(OSUtils::jsonString(_latestMeta[ZT_SOFTWARE_UPDATE_JSON_UPDATE_EXEC_ARGS],"").c_str()," ","\\","\"")); |
|
|
|
|
for(std::vector<std::string>::iterator a(argsSplit.begin());a!=argsSplit.end();++a) { |
|
|
|
|
argv[ac] = const_cast<char *>(a->c_str()); |
|
|
|
|
if (++ac == 255) break; |
|
|
|
|
} |
|
|
|
|
argv[ac] = (char *)0; |
|
|
|
|
chmod(updatePath.c_str(),0700); |
|
|
|
|
execv(updatePath.c_str(),argv); |
|
|
|
|
#endif |
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
Grant Limberg
9 years ago