From 6115f1c713cf00281b37c19d5f38d9fdddf226a1 Mon Sep 17 00:00:00 2001 From: Davide Beatrici Date: Tue, 1 Sep 2020 01:27:01 +0200 Subject: [PATCH] Cedar/Admin: Implement RPC methods to add/delete/list WireGuard keys --- src/Cedar/Admin.c | 202 +++++++++++++++++++++++++++++ src/Cedar/Admin.h | 16 +++ src/Cedar/CedarType.h | 1 + src/bin/hamcore/strtable_cn.stb | 2 + src/bin/hamcore/strtable_en.stb | 2 + src/bin/hamcore/strtable_ja.stb | 2 + src/bin/hamcore/strtable_ko.stb | 2 + src/bin/hamcore/strtable_pt_br.stb | 2 + src/bin/hamcore/strtable_ru.stb | 2 + src/bin/hamcore/strtable_tw.stb | 2 + 10 files changed, 233 insertions(+) diff --git a/src/Cedar/Admin.c b/src/Cedar/Admin.c index 6bfee9a3..65703810 100644 --- a/src/Cedar/Admin.c +++ b/src/Cedar/Admin.c @@ -1509,6 +1509,9 @@ PACK *AdminDispatch(RPC *rpc, char *name, PACK *p) DECLARE_RPC_EX("GetServerCipherList", RPC_STR, StGetServerCipherList, InRpcStr, OutRpcStr, FreeRpcStr) DECLARE_RPC_EX("GetServerCipher", RPC_STR, StGetServerCipher, InRpcStr, OutRpcStr, FreeRpcStr) DECLARE_RPC_EX("SetServerCipher", RPC_STR, StSetServerCipher, InRpcStr, OutRpcStr, FreeRpcStr) + DECLARE_RPC_EX("AddWgk", RPC_WGK, StAddWgk, InRpcWgk, OutRpcWgk, FreeRpcWgk) + DECLARE_RPC_EX("DeleteWgk", RPC_WGK, StDeleteWgk, InRpcWgk, OutRpcWgk, FreeRpcWgk) + DECLARE_RPC_EX("EnumWgk", RPC_WGK, StEnumWgk, InRpcWgk, OutRpcWgk, FreeRpcWgk) DECLARE_RPC("CreateHub", RPC_CREATE_HUB, StCreateHub, InRpcCreateHub, OutRpcCreateHub) DECLARE_RPC("SetHub", RPC_CREATE_HUB, StSetHub, InRpcCreateHub, OutRpcCreateHub) DECLARE_RPC("GetHub", RPC_CREATE_HUB, StGetHub, InRpcCreateHub, OutRpcCreateHub) @@ -1693,6 +1696,9 @@ DECLARE_SC_EX("GetServerCert", RPC_KEY_PAIR, ScGetServerCert, InRpcKeyPair, OutR DECLARE_SC_EX("GetServerCipherList", RPC_STR, ScGetServerCipherList, InRpcStr, OutRpcStr, FreeRpcStr) DECLARE_SC_EX("GetServerCipher", RPC_STR, ScGetServerCipher, InRpcStr, OutRpcStr, FreeRpcStr) DECLARE_SC_EX("SetServerCipher", RPC_STR, ScSetServerCipher, InRpcStr, OutRpcStr, FreeRpcStr) +DECLARE_SC_EX("AddWgk", RPC_WGK, ScAddWgk, InRpcWgk, OutRpcWgk, FreeRpcWgk) +DECLARE_SC_EX("DeleteWgk", RPC_WGK, ScDeleteWgk, InRpcWgk, OutRpcWgk, FreeRpcWgk) +DECLARE_SC_EX("EnumWgk", RPC_WGK, ScEnumWgk, InRpcWgk, OutRpcWgk, FreeRpcWgk) DECLARE_SC("CreateHub", RPC_CREATE_HUB, ScCreateHub, InRpcCreateHub, OutRpcCreateHub) DECLARE_SC("SetHub", RPC_CREATE_HUB, ScSetHub, InRpcCreateHub, OutRpcCreateHub) DECLARE_SC("GetHub", RPC_CREATE_HUB, ScGetHub, InRpcCreateHub, OutRpcCreateHub) @@ -9503,6 +9509,144 @@ UINT StSetServerCert(ADMIN *a, RPC_KEY_PAIR *t) return ERR_NO_ERROR; } +// Add a WireGuard key to the allowed key list +UINT StAddWgk(ADMIN *a, RPC_WGK *t) +{ + UINT ret = ERR_NO_ERROR; + SERVER *s = a->Server; + CEDAR *c = s->Cedar; + LIST *to_add; + + SERVER_ADMIN_ONLY; + + to_add = NewListFast(NULL); + + LockList(c->WgkList); + { + UINT i; + for (i = 0; i < t->Num; ++i) + { + WGK *rpc_wgk = &t->Wgks[i]; + WGK *wgk; + + if (IsEmptyStr(rpc_wgk->Key)) + { + ret = ERR_INVALID_PARAMETER; + break; + } + + if (Search(c->WgkList, rpc_wgk) != NULL) + { + ret = ERR_OBJECT_EXISTS; + break; + } + + wgk = Malloc(sizeof(WGK)); + StrCpy(wgk->Key, sizeof(wgk->Key), rpc_wgk->Key); + StrCpy(wgk->Hub, sizeof(wgk->Hub), rpc_wgk->Hub); + StrCpy(wgk->User, sizeof(wgk->User), rpc_wgk->User); + + Add(to_add, wgk); + } + + for (i = 0; i < LIST_NUM(to_add); ++i) + { + WGK *wgk = LIST_DATA(to_add, i); + ret == ERR_NO_ERROR ? Add(c->WgkList, wgk) : Free(wgk); + } + } + UnlockList(c->WgkList); + + if (ret == ERR_NO_ERROR) + { + ALog(a, NULL, "LA_ADD_WGK", LIST_NUM(to_add)); + IncrementServerConfigRevision(a->Server); + } + + ReleaseList(to_add); + + return ret; +} + +// Delete a WireGuard key from the allowed key list +UINT StDeleteWgk(ADMIN *a, RPC_WGK *t) +{ + UINT ret = ERR_NO_ERROR; + SERVER *s = a->Server; + CEDAR *c = s->Cedar; + LIST *to_delete; + + SERVER_ADMIN_ONLY; + + to_delete = NewListFast(NULL); + + LockList(c->WgkList); + { + UINT i; + for (i = 0; i < t->Num; ++i) + { + WGK *wgk = Search(c->WgkList, &t->Wgks[i]); + if (wgk == NULL) + { + ret = ERR_OBJECT_NOT_FOUND; + break; + } + + Add(to_delete, wgk); + } + + if (ret == ERR_NO_ERROR) + { + for (i = 0; i < LIST_NUM(to_delete); ++i) + { + WGK *wgk = LIST_DATA(to_delete, i); + Delete(c->WgkList, wgk); + Free(wgk); + } + } + } + UnlockList(c->WgkList); + + if (ret == ERR_NO_ERROR) + { + ALog(a, NULL, "LA_DELETE_WGK", LIST_NUM(to_delete)); + IncrementServerConfigRevision(a->Server); + } + + ReleaseList(to_delete); + + return ret; +} + +// List the allowed WireGuard keys +UINT StEnumWgk(ADMIN *a, RPC_WGK *t) +{ + SERVER *s = a->Server; + CEDAR *c = s->Cedar; + + SERVER_ADMIN_ONLY; + + LockList(c->WgkList); + { + UINT i; + t->Num = LIST_NUM(c->WgkList); + t->Wgks = Malloc(sizeof(WGK) * t->Num); + + for (i = 0; i < t->Num; ++i) + { + WGK *wgk = LIST_DATA(c->WgkList, i); + WGK *rpc_wgk = &t->Wgks[i]; + + StrCpy(rpc_wgk->Key, sizeof(rpc_wgk->Key), wgk->Key); + StrCpy(rpc_wgk->Hub, sizeof(rpc_wgk->Hub), wgk->Hub); + StrCpy(rpc_wgk->User, sizeof(rpc_wgk->User), wgk->User); + } + } + UnlockList(c->WgkList); + + return ERR_NO_ERROR; +} + // Get status of connection to cluster controller UINT StGetFarmConnectionStatus(ADMIN *a, RPC_FARM_CONNECTION_STATUS *t) { @@ -14465,6 +14609,64 @@ void FreeRpcKeyPair(RPC_KEY_PAIR *t) FreeK(t->Key); } +// RPC_WGK +void InRpcWgk(RPC_WGK *t, PACK *p) +{ + UINT i; + // Validate arguments + if (t == NULL || p == NULL) + { + return; + } + + Zero(t, sizeof(RPC_WGK)); + + t->Num = PackGetIndexCount(p, "Key"); + if (t->Num == 0) + { + return; + } + + t->Wgks = ZeroMalloc(sizeof(WGK) * t->Num); + + for (i = 0; i < t->Num; ++i) + { + WGK *wgk = &t->Wgks[i]; + + PackGetStrEx(p, "Key", wgk->Key, sizeof(wgk->Key), i); + PackGetStrEx(p, "Hub", wgk->Hub, sizeof(wgk->Hub), i); + PackGetStrEx(p, "User", wgk->User, sizeof(wgk->User), i); + } +} +void OutRpcWgk(PACK *p, RPC_WGK *t) +{ + UINT i; + // Validate arguments + if (t == NULL || p == NULL) + { + return; + } + + for (i = 0; i < t->Num; ++i) + { + WGK *wgk = &t->Wgks[i]; + + PackAddStrEx(p, "Key", wgk->Key, i, t->Num); + PackAddStrEx(p, "Hub", wgk->Hub, i, t->Num); + PackAddStrEx(p, "User", wgk->User, i, t->Num); + } +} +void FreeRpcWgk(RPC_WGK *t) +{ + // Validate arguments + if (t == NULL) + { + return; + } + + Free(t->Wgks); +} + // NODE_INFO void InRpcNodeInfo(NODE_INFO *t, PACK *p) { diff --git a/src/Cedar/Admin.h b/src/Cedar/Admin.h index 8eceb14a..8663f74b 100644 --- a/src/Cedar/Admin.h +++ b/src/Cedar/Admin.h @@ -226,6 +226,13 @@ struct RPC_KEY_PAIR UINT Flag1; // Flag1 }; +// WireGuard keys +struct RPC_WGK +{ + UINT Num; // Number of keys + WGK *Wgks; // Keys +}; + // HUB option struct RPC_HUB_OPTION { @@ -989,6 +996,9 @@ UINT StGetServerCert(ADMIN *a, RPC_KEY_PAIR *t); UINT StGetServerCipherList(ADMIN *a, RPC_STR *t); UINT StGetServerCipher(ADMIN *a, RPC_STR *t); UINT StSetServerCipher(ADMIN *a, RPC_STR *t); +UINT StAddWgk(ADMIN *a, RPC_WGK *t); +UINT StDeleteWgk(ADMIN *a, RPC_WGK *t); +UINT StEnumWgk(ADMIN *a, RPC_WGK *t); UINT StCreateHub(ADMIN *a, RPC_CREATE_HUB *t); UINT StSetHub(ADMIN *a, RPC_CREATE_HUB *t); UINT StGetHub(ADMIN *a, RPC_CREATE_HUB *t); @@ -1137,6 +1147,9 @@ UINT ScGetServerCert(RPC *r, RPC_KEY_PAIR *t); UINT ScGetServerCipherList(RPC *r, RPC_STR *t); UINT ScGetServerCipher(RPC *r, RPC_STR *t); UINT ScSetServerCipher(RPC *r, RPC_STR *t); +UINT ScAddWgk(RPC *r, RPC_WGK *t); +UINT ScDeleteWgk(RPC *r, RPC_WGK *t); +UINT ScEnumWgk(RPC *r, RPC_WGK *t); UINT ScCreateHub(RPC *r, RPC_CREATE_HUB *t); UINT ScSetHub(RPC *r, RPC_CREATE_HUB *t); UINT ScGetHub(RPC *r, RPC_CREATE_HUB *t); @@ -1394,6 +1407,9 @@ void OutRpcMemInfo(PACK *p, MEMINFO *t); void InRpcKeyPair(RPC_KEY_PAIR *t, PACK *p); void OutRpcKeyPair(PACK *p, RPC_KEY_PAIR *t); void FreeRpcKeyPair(RPC_KEY_PAIR *t); +void InRpcWgk(RPC_WGK *t, PACK *p); +void OutRpcWgk(PACK *p, RPC_WGK *t); +void FreeRpcWgk(RPC_WGK *t); void InRpcAddAccess(RPC_ADD_ACCESS *t, PACK *p); void OutRpcAddAccess(PACK *p, RPC_ADD_ACCESS *t); void InRpcDeleteAccess(RPC_DELETE_ACCESS *t, PACK *p); diff --git a/src/Cedar/CedarType.h b/src/Cedar/CedarType.h index c65208b4..f7aeaa7a 100644 --- a/src/Cedar/CedarType.h +++ b/src/Cedar/CedarType.h @@ -300,6 +300,7 @@ typedef struct RPC_ENUM_FARM_ITEM RPC_ENUM_FARM_ITEM; typedef struct RPC_ENUM_FARM RPC_ENUM_FARM; typedef struct RPC_FARM_CONNECTION_STATUS RPC_FARM_CONNECTION_STATUS; typedef struct RPC_KEY_PAIR RPC_KEY_PAIR; +typedef struct RPC_WGK RPC_WGK; typedef struct RPC_HUB_OPTION RPC_HUB_OPTION; typedef struct RPC_RADIUS RPC_RADIUS; typedef struct RPC_HUB RPC_HUB; diff --git a/src/bin/hamcore/strtable_cn.stb b/src/bin/hamcore/strtable_cn.stb index 31af8dda..a268802f 100644 --- a/src/bin/hamcore/strtable_cn.stb +++ b/src/bin/hamcore/strtable_cn.stb @@ -2028,6 +2028,8 @@ LA_SET_FARM_SETTING 群集设置变更完成。 LA_SET_SERVER_CERT 服务端证书设定完成。 LA_REGENERATE_SERVER_CERT 服务器证书再次生成。新 CN:"%S" LA_SET_SERVER_CIPHER 服务端的新加密算法名设定完成。新加密算法为 "%S"。 +LA_ADD_WGK Added %u WireGuard key(s). +LA_DELETE_WGK Deleted %u WireGuard key(s). LA_CREATE_HUB 已创建新虚拟 HUB "%S"。 LA_SET_HUB 已变更虚拟 HUB 设置。 LA_DELETE_HUB 已删除虚拟 HUB "%S"。 diff --git a/src/bin/hamcore/strtable_en.stb b/src/bin/hamcore/strtable_en.stb index ad0986bd..9d906f21 100644 --- a/src/bin/hamcore/strtable_en.stb +++ b/src/bin/hamcore/strtable_en.stb @@ -2011,6 +2011,8 @@ LA_SET_FARM_SETTING The clustering setting has been changed. LA_SET_SERVER_CERT The server certificates have been set. LA_REGENERATE_SERVER_CERT The server certificate has been re-generated. The new CN: "%S" LA_SET_SERVER_CIPHER A new encryption algorithm name for the server has been set. The new encryption algorithm name is "%S". +LA_ADD_WGK Added %u WireGuard key(s). +LA_DELETE_WGK Deleted %u WireGuard key(s). LA_CREATE_HUB A new Virtual Hub "%S" has been created. LA_SET_HUB The Virtual Hub setting has been changed. LA_DELETE_HUB The Virtual Hub "%S" has been deleted. diff --git a/src/bin/hamcore/strtable_ja.stb b/src/bin/hamcore/strtable_ja.stb index c03eecd8..3ca04b70 100644 --- a/src/bin/hamcore/strtable_ja.stb +++ b/src/bin/hamcore/strtable_ja.stb @@ -2015,6 +2015,8 @@ LA_SET_FARM_SETTING クラスタリング設定を変更しました。 LA_SET_SERVER_CERT サーバー証明書を設定しました。 LA_REGENERATE_SERVER_CERT サーバー証明書を再生成しました。新しい CN: "%S" LA_SET_SERVER_CIPHER サーバーの新しい暗号化アルゴリズム名を設定しました。新しい暗号化アルゴリズム名は "%S" です。 +LA_ADD_WGK Added %u WireGuard key(s). +LA_DELETE_WGK Deleted %u WireGuard key(s). LA_CREATE_HUB 新しい仮想 HUB "%S" を作成しました。 LA_SET_HUB 仮想 HUB の設定を変更しました。 LA_DELETE_HUB 仮想 HUB "%S" を削除しました。 diff --git a/src/bin/hamcore/strtable_ko.stb b/src/bin/hamcore/strtable_ko.stb index 9af7ceb0..1e949fef 100644 --- a/src/bin/hamcore/strtable_ko.stb +++ b/src/bin/hamcore/strtable_ko.stb @@ -1993,6 +1993,8 @@ LA_SET_FARM_SETTING 클러스터링 설정을 변경했습니다. LA_SET_SERVER_CERT 서버 인증서를 설정했습니다. LA_REGENERATE_SERVER_CERT 서버 인증서를 다시 생성했습니다. 새로운 CN:"%S" LA_SET_SERVER_CIPHER 서버의 새로운 암호화 알고리즘 명을 설정했습니다. 새로운 암호화 알고리즘 명은 "%S"입니다. +LA_ADD_WGK Added %u WireGuard key(s). +LA_DELETE_WGK Deleted %u WireGuard key(s). LA_CREATE_HUB 새로운 가상 HUB "%S"를 만들었습니다. LA_SET_HUB 가상 HUB의 설정을 변경했습니다. LA_DELETE_HUB 가상 HUB "%S"를 삭제했습니다. diff --git a/src/bin/hamcore/strtable_pt_br.stb b/src/bin/hamcore/strtable_pt_br.stb index 968a03fc..ba42086b 100644 --- a/src/bin/hamcore/strtable_pt_br.stb +++ b/src/bin/hamcore/strtable_pt_br.stb @@ -2011,6 +2011,8 @@ LA_SET_FARM_SETTING The clustering setting has been changed. LA_SET_SERVER_CERT The server certificates have been set. LA_REGENERATE_SERVER_CERT The server certificate has been re-generated. The new CN: "%S" LA_SET_SERVER_CIPHER A new encryption algorithm name for the server has been set. The new encryption algorithm name is "%S". +LA_ADD_WGK Added %u WireGuard key(s). +LA_DELETE_WGK Deleted %u WireGuard key(s). LA_CREATE_HUB A new Virtual Hub "%S" has been created. LA_SET_HUB The Virtual Hub setting has been changed. LA_DELETE_HUB The Virtual Hub "%S" has been deleted. diff --git a/src/bin/hamcore/strtable_ru.stb b/src/bin/hamcore/strtable_ru.stb index d973d2b9..903b93c3 100644 --- a/src/bin/hamcore/strtable_ru.stb +++ b/src/bin/hamcore/strtable_ru.stb @@ -2011,6 +2011,8 @@ LA_SET_FARM_SETTING The clustering setting has been changed. LA_SET_SERVER_CERT The server certificates have been set. LA_REGENERATE_SERVER_CERT The server certificate has been re-generated. The new CN: "%S" LA_SET_SERVER_CIPHER A new encryption algorithm name for the server has been set. The new encryption algorithm name is "%S". +LA_ADD_WGK Added %u WireGuard key(s). +LA_DELETE_WGK Deleted %u WireGuard key(s). LA_CREATE_HUB A new Virtual Hub "%S" has been created. LA_SET_HUB The Virtual Hub setting has been changed. LA_DELETE_HUB The Virtual Hub "%S" has been deleted. diff --git a/src/bin/hamcore/strtable_tw.stb b/src/bin/hamcore/strtable_tw.stb index 2457a008..9ae104fb 100644 --- a/src/bin/hamcore/strtable_tw.stb +++ b/src/bin/hamcore/strtable_tw.stb @@ -2031,6 +2031,8 @@ LA_SET_FARM_SETTING 群集設置變更完成。 LA_SET_SERVER_CERT 服務端證書設定完成。 LA_REGENERATE_SERVER_CERT 伺服器憑證再次生成。新 CN:"%S" LA_SET_SERVER_CIPHER 服務端的新加密演算法名設定完成。新加密演算法為 "%S"。 +LA_ADD_WGK Added %u WireGuard key(s). +LA_DELETE_WGK Deleted %u WireGuard key(s). LA_CREATE_HUB 已創建新虛擬 HUB "%S"。 LA_SET_HUB 已變更虛擬 HUB 設置。 LA_DELETE_HUB 已刪除虛擬 HUB "%S"。