github.com/iDigitalFlame/xmt@v0.5.4/c2/channel.go (about) 1 //go:build !implant || !noproxy 2 // +build !implant !noproxy 3 4 // Copyright (C) 2020 - 2023 iDigitalFlame 5 // 6 // This program is free software: you can redistribute it and/or modify 7 // it under the terms of the GNU General Public License as published by 8 // the Free Software Foundation, either version 3 of the License, or 9 // any later version. 10 // 11 // This program is distributed in the hope that it will be useful, 12 // but WITHOUT ANY WARRANTY; without even the implied warranty of 13 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 // GNU General Public License for more details. 15 // 16 // You should have received a copy of the GNU General Public License 17 // along with this program. If not, see <https://www.gnu.org/licenses/>. 18 // 19 20 package c2 21 22 import ( 23 "net" 24 "sync/atomic" 25 "time" 26 27 "github.com/iDigitalFlame/xmt/c2/cfg" 28 "github.com/iDigitalFlame/xmt/c2/cout" 29 "github.com/iDigitalFlame/xmt/com" 30 "github.com/iDigitalFlame/xmt/data" 31 "github.com/iDigitalFlame/xmt/device" 32 "github.com/iDigitalFlame/xmt/util/bugtrack" 33 "github.com/iDigitalFlame/xmt/util/xerr" 34 ) 35 36 // ErrMalformedPacket is an error returned by various Packet reading 37 // functions when a Packet is attempted to be passed that is nil or invalid. 38 // 39 // Invalid Packets are packets that do not have a proper ID value or contain 40 // an empty device ID. 41 var ErrMalformedPacket = xerr.Sub("empty or nil Packet", 0x46) 42 43 var ( 44 empty time.Time 45 _ connHost = (*Session)(nil) 46 ) 47 48 type conn struct { 49 host connHost 50 next *com.Packet 51 subs map[uint32]bool 52 add []*com.Packet 53 lock uint32 54 keys data.KeyPair 55 } 56 type connHost interface { 57 chanWake() 58 name() string 59 update(string) 60 chanWakeClear() 61 chanStop() bool 62 stateSet(uint32) 63 keyCheckRevert() 64 chanStart() bool 65 stateUnset(uint32) 66 chanRunning() bool 67 clientID() device.ID 68 keyCheckSync() error 69 next(bool) *com.Packet 70 keyValue() data.KeyPair 71 deadlineRead() time.Time 72 deadlineWrite() time.Time 73 sender() chan *com.Packet 74 } 75 type connServer interface { 76 clientLock() 77 clientUnlock() 78 prefix() string 79 clientClear(uint32) 80 wrapper() cfg.Wrapper 81 keyValue() data.KeyPair 82 transform() cfg.Transform 83 clientGet(uint32) (connHost, bool) 84 clientSet(uint32, chan *com.Packet) 85 notify(connHost, *com.Packet) error 86 talk(string, *com.Packet) (*conn, bool, error) 87 talkSub(string, *com.Packet, bool) (connHost, uint32, *com.Packet, error) 88 } 89 90 func (c *conn) close() { 91 if c.next != nil { 92 c.next.Clear() 93 } 94 c.add, c.next, c.subs = nil, nil, nil 95 } 96 func (s *Session) chanWake() { 97 if s.state.WakeClosed() || len(s.wake) >= cap(s.wake) { 98 return 99 } 100 select { 101 case s.wake <- wake: 102 default: 103 } 104 } 105 func (s *Session) chanWakeClear() { 106 if s.state.WakeClosed() { 107 return 108 } 109 for len(s.wake) > 0 { 110 <-s.wake 111 } 112 } 113 func (s *Session) chanStop() bool { 114 return s.state.ChannelCanStop() 115 } 116 func (s *Session) update(a string) { 117 s.Last = time.Now() 118 s.host.Set(a) 119 } 120 func (s *Session) chanStart() bool { 121 return !s.isMoving() && s.state.ChannelCanStart() 122 } 123 func (s *Session) stateSet(v uint32) { 124 s.state.Set(v) 125 } 126 func (s *Session) chanRunning() bool { 127 return s.state.Channel() 128 } 129 func (s *Session) stateUnset(v uint32) { 130 s.state.Unset(v) 131 } 132 func (s *Session) clientID() device.ID { 133 return s.ID 134 } 135 func (s *Session) keyValue() data.KeyPair { 136 return s.keys 137 } 138 func (*Session) deadlineWrite() time.Time { 139 return empty 140 } 141 func (s *Session) deadlineRead() time.Time { 142 if s.sleep > 0 { 143 return time.Now().Add(s.sleep * sleepMod) 144 } 145 return empty 146 } 147 func (s *Session) sender() chan *com.Packet { 148 return s.send 149 } 150 func (c *conn) stop(h connServer, x net.Conn) { 151 switch i := atomic.LoadUint32(&c.lock); i { 152 case 0: 153 case 1: 154 atomic.AddUint32(&c.lock, 1) 155 c.host = nil 156 return 157 default: 158 return 159 } 160 x.SetDeadline(time.Now().Add(-time.Second)) 161 x.Close() 162 atomic.AddUint32(&c.lock, 1) 163 c.host.stateUnset(stateChannel) 164 c.host.chanWake() 165 h.clientLock() 166 for i := range c.subs { 167 h.clientClear(i) 168 } 169 h.clientUnlock() 170 } 171 func keyHostSync(h connServer, n *com.Packet) *com.Packet { 172 var ( 173 v = &com.Packet{ID: SvComplete, Device: n.Device, Job: n.Job, Flags: com.FlagCrypt} 174 k = h.keyValue() 175 ) 176 k.Write(v) 177 return v 178 } 179 func handle(l cout.Log, c net.Conn, h connServer, a string) { 180 if bugtrack.Enabled { 181 defer bugtrack.Recover("c2.handle()") 182 bugtrack.Track("c2.handle(): a=%s, h=%T, attempting to read a Packet.", a, h) 183 } 184 n, err := readPacket(c, h.wrapper(), h.transform()) 185 if err != nil { 186 if c.Close(); cout.Enabled { 187 l.Error("[%s] %s: Error reading Packet: %s!", h.prefix(), a, err.Error()) 188 } 189 return 190 } 191 if n.Flags&com.FlagOneshot != 0 { 192 if cout.Enabled { 193 l.Debug("[%s:%s] %s: Received an Oneshot Packet.", h.prefix(), n.Device, a) 194 } 195 // KeyCrypt: Should NOT be encrypted here. 196 if err = h.notify(nil, n); err != nil { 197 if cout.Enabled { 198 l.Error("[%s:%s] %s: Error processing Oneshot: %s!", h.prefix(), n.Device, a, err.Error()) 199 } 200 } 201 return 202 } 203 if cout.Enabled { 204 l.Trace(`[%s:%s] %s: Received Packet "%s" (non-channel).`, h.prefix(), n.Device, a, n) 205 } 206 // KeyCrypt: Packet 'n' is decrypted here. 207 v, e, err := h.talk(a, n) 208 if err != nil { 209 if c.Close(); cout.Enabled { 210 l.Error("[%s:%s] %s: Error processing Packet: %s!", h.prefix(), n.Device, a, err.Error()) 211 } 212 return 213 } 214 // KeyCrypt: Crypt next outgoing Packet only if the Session is NOT new. 215 if e { 216 v.next.KeyCrypt(v.keys) 217 } 218 // TODO(dij): The server writes the initial Packet here, should we add a JobID 219 // callback to signal errors? When errors occur, they are usually 220 // on the "client side" so the server might not see them? 221 if err := writePacket(c, h.wrapper(), h.transform(), v.next); err != nil { 222 if c.Close(); cout.Enabled { 223 l.Error("[%s:%s] %s: Error writing Packet: %s!", h.prefix(), v.next.Device, a, err.Error()) 224 } 225 return 226 } 227 switch v.next.Clear(); { 228 case n.Flags&com.FlagChannel != 0 || v.next.Flags&com.FlagChannel != 0: 229 case v.host == nil: 230 fallthrough 231 case !v.host.chanStart(): 232 c.Close() 233 v.close() 234 v = nil 235 return 236 } 237 v.next.Clear() 238 v.next = nil 239 v.start(l, h, c, a) 240 c.Close() 241 v.close() 242 v = nil 243 } 244 func (c *conn) start(l cout.Log, h connServer, x net.Conn, a string) { 245 h.clientLock() 246 for i := range c.subs { 247 h.clientSet(i, c.host.sender()) 248 } 249 h.clientUnlock() 250 c.host.stateSet(stateChannel) 251 c.host.chanWakeClear() 252 go c.channelRead(l, h, a, x) 253 c.channelWrite(l, h, a, x) 254 c.stop(h, x) 255 } 256 func (c *conn) channelRead(l cout.Log, h connServer, a string, x net.Conn) { 257 if bugtrack.Enabled { 258 defer bugtrack.Recover("c2.conn.channelRead()") 259 } 260 if cout.Enabled { 261 l.Debug("[%s:%s:S->C:R] %s: Started Channel reader.", h.prefix(), c.host.name(), a) 262 } 263 for x.SetReadDeadline(c.host.deadlineRead()); c.host.chanRunning(); x.SetReadDeadline(c.host.deadlineRead()) { 264 n, err := readPacket(x, h.wrapper(), h.transform()) 265 if err != nil { 266 if cout.Enabled { 267 if isClosedError(err) { 268 l.Debug("[%s:%s:S->C:R] %s: Read channel socket closed.", h.prefix(), c.host.name(), a) 269 } else { 270 l.Error("[%s:%s:S->C:R] %s: Error reading next wire Packet: %s!", h.prefix(), c.host.name(), a, err.Error()) 271 } 272 } 273 break 274 } 275 // KeyCrypt: Decrypt incoming Packet here. 276 if n.KeyCrypt(c.keys); cout.Enabled { 277 l.Trace(`[%s:%s:S->C:R] %s: Received a Packet "%s".`, h.prefix(), c.host.name(), a, n) 278 } 279 if err = c.resolve(l, c.host, h, a, n.Tags, true); err != nil { 280 if cout.Enabled { 281 l.Error("[%s:%s:S->C:R] %s: Error processing Packet data: %s!", h.prefix(), c.host.name(), a, err.Error()) 282 } 283 break 284 } 285 if err = c.process(l, h, a, n, true); err != nil { 286 if cout.Enabled { 287 l.Error("[%s:%s:S->C:R] %s: Error processing Packet data: %s!", h.prefix(), c.host.name(), a, err.Error()) 288 } 289 break 290 } 291 if !c.host.chanRunning() { 292 if cout.Enabled { 293 l.Info("[%s:%s:S->C:R] Session/Packet indicated channel close!", h.prefix(), c.host.name()) 294 } 295 break 296 } 297 if c.host.update(a); n.Flags&com.FlagChannelEnd != 0 || c.host.chanStop() { 298 if cout.Enabled { 299 l.Info("[%s:%s:S->C:R] Session/Packet indicated channel close!", h.prefix(), c.host.name()) 300 } 301 break 302 } 303 } 304 if cout.Enabled { 305 l.Debug("[%s:%s:S->C:R] Closed Channel reader.", h.prefix(), c.host.name()) 306 } 307 c.stop(h, x) 308 } 309 func (c *conn) channelWrite(l cout.Log, h connServer, a string, x net.Conn) { 310 if cout.Enabled { 311 l.Debug("[%s:%s:S->C:W] %s: Started Channel writer.", h.prefix(), c.host.name(), a) 312 } 313 for x.SetReadDeadline(c.host.deadlineWrite()); c.host.chanRunning(); x.SetReadDeadline(c.host.deadlineWrite()) { 314 n := c.host.next(false) 315 if n == nil { 316 if cout.Enabled { 317 l.Debug("[%s:%s:S->C:W] Session indicated channel close!", h.prefix(), c.host.name()) 318 } 319 break 320 } 321 if c.host.chanStop() { 322 n.Flags |= com.FlagChannelEnd 323 } 324 // KeyCrypt: Encrypt outgoing Packet. 325 if n.KeyCrypt(c.keys); cout.Enabled { 326 l.Trace(`[%s:%s:S->C:W] %s: Sending Packet "%s".`, h.prefix(), c.host.name(), a, n) 327 } 328 if err := writePacket(x, h.wrapper(), h.transform(), n); err != nil { 329 if n.Clear(); cout.Enabled { 330 if isClosedError(err) { 331 l.Debug("[%s:%s:S->C:W] %s: Write channel socket closed.", h.prefix(), c.host.name(), a) 332 } else { 333 l.Error("[%s:%s:S->C:W] %s: Error attempting to write Packet: %s!", h.prefix(), c.host.name(), a, err.Error()) 334 } 335 } 336 // KeyCrypt: Revert key exchange as send failed. 337 c.host.keyCheckRevert() 338 break 339 } 340 // KeyCrypt: "next" was called, check for a Key Swap. 341 c.host.keyCheckSync() 342 if n.Clear(); n.Flags&com.FlagChannelEnd != 0 || c.host.chanStop() { 343 if cout.Enabled { 344 l.Debug("[%s:%s:S->C:W] Session/Packet indicated channel close!", h.prefix(), c.host.name()) 345 } 346 break 347 } 348 } 349 if cout.Enabled { 350 l.Debug("[%s:%s:S->C:W] Closed Channel writer.", h.prefix(), c.host.name()) 351 } 352 } 353 func (c *conn) process(l cout.Log, h connServer, a string, n *com.Packet, o bool) error { 354 if n.Flags&com.FlagMultiDevice != 0 { 355 if err := c.processMultiple(l, h, a, n, o); err != nil { 356 return err 357 } 358 } else { 359 if err := c.processSingle(l, h, a, n, o); err != nil { 360 return err 361 } 362 } 363 if o { 364 if c.host.chanStop() || n.Flags&com.FlagChannelEnd != 0 { 365 if c.host.stateUnset(stateChannel); cout.Enabled { 366 l.Debug("[%s:%s] %s: Breaking Channel on next send..", h.prefix(), c.host.name(), a) 367 } 368 } 369 return nil 370 } 371 if c.next == nil { 372 if len(c.add) > 0 { 373 c.next = &com.Packet{Flags: com.FlagMulti | com.FlagMultiDevice, Device: c.host.clientID()} 374 } else { 375 c.next = &com.Packet{Device: c.host.clientID()} 376 } 377 } 378 if cout.Enabled { 379 l.Trace(`[%s:%s] %s: Queuing result "%s".`, h.prefix(), c.host.name(), a, c.next) 380 } 381 if len(c.add) > 0 { 382 if cout.Enabled { 383 l.Trace("[%s:%s] %s: Resolved Tags added %d Packets!", h.prefix(), c.host.name(), a, len(c.add)) 384 } 385 for i := range c.add { 386 if c.add[i].Device.Empty() { 387 c.next.Clear() 388 return ErrMalformedPacket 389 } 390 if err := writeUnpack(c.next, c.add[i], true, true); err != nil { 391 if c.add[i].Clear(); cout.Enabled { 392 l.Warning("[%s:%s] %s: Ignoring an invalid Multi Packet: %s!", h.prefix(), c.host.name(), a, err.Error()) 393 } 394 c.next.Clear() 395 return err 396 } 397 c.add[i] = nil 398 } 399 c.add = nil 400 } 401 if (c.next.Flags&com.FlagMulti != 0 || c.next.Flags&com.FlagFrag != 0) && c.next.Flags.Len() == 0 { 402 c.next.ID, c.next.Flags = 0, 0 403 } 404 if !c.host.chanRunning() && (c.host.chanStart() || n.Flags&com.FlagChannel != 0) { 405 if c.next.Flags |= com.FlagChannel; cout.Enabled { 406 l.Debug(`[%s:%s] %s: Setting Channel flag on next Packet "%s".`, h.prefix(), c.host.name(), a, c.next) 407 } 408 } 409 return nil 410 } 411 func (c *conn) processSingle(l cout.Log, h connServer, a string, n *com.Packet, o bool) error { 412 if err := h.notify(c.host, n); err != nil { 413 if cout.Enabled { 414 l.Error("[%s:%s] %s: Error processing Packet: %s!", h.prefix(), c.host.name(), a, err.Error()) 415 } 416 return err 417 } 418 if o { 419 return nil 420 } 421 v := c.host.next(false) 422 if len(c.add) > 0 { 423 c.next = &com.Packet{Flags: com.FlagMulti | com.FlagMultiDevice, Device: c.host.clientID()} 424 if v != nil { 425 // KeyCrypt: Encrypt packet before packing. 426 v.KeyCrypt(c.keys) 427 err := writeUnpack(c.next, v, true, true) 428 if v = nil; err != nil { 429 if cout.Enabled { 430 l.Error("[%s:%s] %s: Error packing Packet response: %s!", h.prefix(), c.host.name(), a, err.Error()) 431 } 432 } 433 // KeyCrypt: "next" was called (result was non-nil), check for a Key Swap. 434 c.host.keyCheckSync() 435 return err 436 } 437 return nil 438 } 439 c.next = v 440 return nil 441 } 442 func (c *conn) processMultiple(l cout.Log, h connServer, a string, n *com.Packet, o bool) error { 443 x := n.Flags.Len() 444 if x == 0 { 445 if n.Clear(); cout.Enabled { 446 l.Error("[%s:%s/M] %s: Received an invalid Multi Packet!", h.prefix(), c.host.name(), a) 447 } 448 return ErrInvalidPacketCount 449 } 450 if c.subs == nil { 451 c.subs = make(map[uint32]bool) 452 } 453 c.next = &com.Packet{Flags: com.FlagMulti | com.FlagMultiDevice, Device: c.host.clientID()} 454 for ; x > 0; x-- { 455 var v com.Packet 456 if err := v.UnmarshalStream(n); err != nil { 457 n.Clear() 458 if c.next.Clear(); cout.Enabled { 459 l.Error("[%s:%s/M] %s: Error reading a lower level Packet: %s!", h.prefix(), c.host.name(), a, err.Error()) 460 } 461 return err 462 } 463 if v.Device.Empty() { 464 n.Clear() 465 if c.next.Clear(); cout.Enabled { 466 l.Error("[%s:%s/M] %s: Received a malformed Packet from a Multi Packet!", h.prefix(), c.host.name(), a) 467 } 468 return ErrMalformedPacket 469 } 470 if cout.Enabled { 471 l.Trace(`[%s:%s/M] %s: Unpacked a Packet "%s".`, h.prefix(), c.host.name(), a, v.String()) 472 } 473 if len(v.Tags) > 0 { 474 if v.Tags = nil; cout.Enabled { 475 l.Warning("[%s:%s/M] %s: Received a non-top level Packet with Tags, clearing them!", h.prefix(), v.Device, a) 476 } 477 } 478 if v.Flags&com.FlagMulti != 0 || v.Flags&com.FlagMultiDevice != 0 { 479 if v.Clear(); cout.Enabled { 480 l.Warning("[%s:%s/M] %s: Ignoring a Multi Packet inside a Multi Packet!", h.prefix(), v.Device, a) 481 } 482 continue 483 } 484 if v.Flags&com.FlagOneshot != 0 { 485 if cout.Enabled { 486 l.Debug(`[%s:%s/M] %s: Received an Oneshot Packet "%s".`, h.prefix(), v.Device, a, v) 487 } 488 if err := h.notify(c.host, &v); err != nil { 489 if cout.Enabled { 490 l.Error("[%s:%s/M] %s: Error processing Oneshot Packet: %s!", h.prefix(), v.Device, a, err.Error()) 491 } 492 } 493 continue 494 } 495 if c.host.clientID() == v.Device { 496 // KeyCrypt: Decrypt packet for us here. 497 v.KeyCrypt(c.keys) 498 if err := h.notify(c.host, &v); err != nil { 499 if cout.Enabled { 500 l.Error("[%s:%s/M] %s: Error processing Packet: %s!", h.prefix(), v.Device, a, err.Error()) 501 } 502 } 503 if o { 504 continue 505 } 506 // KeyCrypt: Don't call next until the end of the loop, as there may 507 // be packets encrypted with the old key still in queue. 508 z := c.host.next(false) 509 // KeyCrypt: Encrypt next Packet. If this happens to be a re-key, 510 // it will pass before and affect all after with the new key 511 // This seems really buggy, but since it happens ONLY on the 512 // Server/Proxy end, it should be ok. BUG(dij): for marking 513 // just in case ^_^. 514 z.KeyCrypt(c.keys) 515 err := writeUnpack(c.next, z, true, true) 516 if z = nil; err != nil { 517 if c.next.Clear(); cout.Enabled { 518 l.Error("[%s:%s/M] %s: Error packing Packet response: %s!", h.prefix(), v.Device, a, err.Error()) 519 } 520 } 521 continue 522 } 523 // KeyCrypt: Packet "r" is already encrypted here. 524 k, q, r, err := h.talkSub(a, &v, o) 525 if err != nil { 526 if c.next.Clear(); cout.Enabled { 527 l.Error("[%s:%s/M] %s: Error reading Session Packet: %s!", h.prefix(), v.Device, a, err.Error()) 528 } 529 return err 530 } 531 if k != nil { 532 c.subs[q] = true 533 } 534 if o || r == nil { 535 continue 536 } 537 err = writeUnpack(c.next, r, true, true) 538 if r.Clear(); err != nil { 539 if c.next.Clear(); cout.Enabled { 540 l.Error("[%s:%s/M] %s: Error packing Packet response: %s!", h.prefix(), v.Device, a, err.Error()) 541 } 542 return err 543 } 544 } 545 // KeyCrypt: "next" was called, check for a Key Swap. 546 c.host.keyCheckSync() 547 n.Clear() 548 return nil 549 } 550 func (c *conn) resolve(l cout.Log, s connHost, h connServer, a string, t []uint32, o bool) error { 551 if h.clientLock(); c.subs == nil { 552 c.subs = make(map[uint32]bool, len(t)) 553 } else { 554 for i := range c.subs { 555 c.subs[i] = false 556 } 557 } 558 for i := range t { 559 if t[i] == 0 { 560 h.clientUnlock() 561 return com.ErrMalformedTag 562 } 563 if i > com.PacketMaxTags { 564 if cout.Enabled { 565 l.Warning("[%s:%s] %s: Hit tag max limit (%d) while processing tags!", h.prefix(), s.name(), a, com.PacketMaxTags) 566 } 567 break 568 } 569 if d, ok := c.subs[t[i]]; ok && d { 570 if cout.Enabled { 571 l.Warning("[%s:%s] %s: Skipping a duplicate Tag %d:0x%X!", h.prefix(), s.name(), a, i, t[i]) 572 } 573 continue 574 } 575 if cout.Enabled { 576 l.Trace("[%s:%s] %s: Received a Tag %d:0x%X..", h.prefix(), s.name(), a, i, t[i]) 577 } 578 v, ok := h.clientGet(t[i]) 579 if !ok { 580 if cout.Enabled { 581 l.Warning("[%s:%s] %s: Received an invalid Tag %d:0x%X!", h.prefix(), s.name(), a, i, t[i]) 582 } 583 continue 584 } 585 if v.clientID() == s.clientID() { 586 continue 587 } 588 v.update(a) 589 if c.subs[t[i]] = true; o { 590 continue 591 } 592 if n := v.next(true); n != nil { 593 // KeyCrypt: Encrypt this new Packet. 594 n.KeyCrypt(v.keyValue()) 595 c.add = append(c.add, n) 596 // KeyCrypt: "next" was called, check for a Key Swap. 597 // This is a tag, which is server side only, so I doubt 598 // a swap will happen here. BUG(dij): Tag in case also ^_^. 599 v.keyCheckSync() 600 } 601 } 602 if !o { 603 h.clientUnlock() 604 return nil 605 } 606 for i := range c.subs { 607 if !c.subs[i] { 608 h.clientClear(i) 609 delete(c.subs, i) 610 } 611 } 612 for i := range c.subs { 613 h.clientSet(i, c.host.sender()) 614 } 615 h.clientUnlock() 616 return nil 617 }