Initial commit. It's far from finished.

agent/LSBs

@@ -0,0 +1,26 @@
+###### UBUNTU ######
+ 127 « smirky » ~ » cat /etc/os-release 
+NAME="Ubuntu"
+VERSION="14.04.2 LTS, Trusty Tahr"
+ID=ubuntu
+ID_LIKE=debian
+PRETTY_NAME="Ubuntu 14.04.2 LTS"
+VERSION_ID="14.04"
+HOME_URL="http://www.ubuntu.com/"
+SUPPORT_URL="http://help.ubuntu.com/"
+BUG_REPORT_URL="http://bugs.launchpad.net/ubuntu/"
+ 0 « smirky » ~ » cat /etc/lsb-release 
+DISTRIB_ID=Ubuntu
+DISTRIB_RELEASE=14.04
+DISTRIB_CODENAME=trusty
+DISTRIB_DESCRIPTION="Ubuntu 14.04.2 LTS"
+
+
+###### DEBIAN ######
+PRETTY_NAME="Debian GNU/Linux stretch/sid"
+NAME="Debian GNU/Linux"
+ID=debian
+HOME_URL="https://www.debian.org/"
+SUPPORT_URL="https://www.debian.org/support"
+BUG_REPORT_URL="https://bugs.debian.org/"
+

agent/Makefile

@@ -0,0 +1,35 @@
+CC		?= cc
+CCFLAGS		?= -O2
+CCFLAGS		+= -Wall			\
+		   -Wextra			\
+		   -pipe			\
+		   -Wmissing-declarations	\
+		   -pedantic			\
+		   -fstack-protector-strong
+	
+LDFLAGS		= -O1, -lcrypto -lssl -lpthread
+LDFLAGS		+= -Wl,-z,relro,-z,now
+
+SOURCES		= agent.c \
+		  agent_ssl.c \
+		  job.c
+
+OBJECTS		= $(SOURCES:.c=.o)
+EXECUTABLE	= agent
+
+all: $(SOURCES) $(EXECUTABLE)
+
+$(EXECUTABLE): $(OBJECTS)
+	@echo '  LD  $@'
+	@$(CC) $(LDFLAGS) $(OBJECTS) -o $@
+
+.c.o:
+	@echo '  CC  $@'
+	@$(CC) $(CCFLAGS) -c $< -o $@
+
+clean:
+	rm -rf $(OBJECTS) $(EXECUTABLE)
+
+distclean:
+	rm -rf $(OBJECTS)
+

agent/agent.c

@@ -0,0 +1,203 @@
+#include <fcntl.h>
+#include <unistd.h>
+#include <pthread.h>
+#include "job.h"
+#include "../protocol.h"
+#include "agent_ssl.h"
+
+#define FAIL -1
+
+static struct job_args *args;
+static pthread_t *job_thread;
+
+static short get_job_slot();
+
+static short get_job_slot()
+{
+	unsigned short i;
+	for (i = 0; i < MAX_AGENT_JOBS; i++)
+		if (args[i].slot != FULL)
+			return i;
+	return -1;
+}
+
+static short find_job(unsigned id)
+{
+	unsigned short i;
+	for (i = 0; i < MAX_AGENT_JOBS; i++)
+		if (args[i].buf.meta.id == id)
+			return i;
+	return -1;
+}
+
+int main(int count, char *strings[])
+{   
+	SSL_CTX *ctx;
+	int server;
+	SSL *ssl;
+	int bytes, i;
+	char *hostname, *portnum;
+    
+	if (count != 6) {
+		printf("usage: %s <hostname> <portnum> <key> <cert> <CA>\n", strings[0]);
+		_exit(EXIT_SUCCESS);
+	}
+	hostname=strings[1];
+	portnum=strings[2];
+	if ((ctx = init_ctx()) == NULL)
+		_exit(EXIT_FAILURE);
+	server = connect_to_rmps(hostname, atoi(portnum));
+	if (!server) {
+		fprintf(stderr, "Failed to connect to RMPS: %s:%d\n", hostname, atoi(portnum));
+		_exit(EXIT_FAILURE);
+	}
+	load_certs(ctx, strings[3], strings[4], strings[5]);
+	ssl = SSL_new(ctx);		/* create new SSL connection state */
+	SSL_set_fd(ssl, server);	/* attach the socket descriptor */
+    
+	if (SSL_connect(ssl) == FAIL) {	/* perform the connection */
+		ERR_print_errors_fp(stderr);
+		close(server);
+		SSL_CTX_free(ctx);
+		_exit(EXIT_FAILURE);
+	}
+	printf("Connected with %s encryption\n", SSL_get_cipher(ssl));
+	show_certs(ssl);
+	if (!(args = (struct job_args*)calloc(1, sizeof(struct job_args) * MAX_AGENT_JOBS))) {
+		fprintf( stderr,
+			 "Failed to calloc() %d bytes for job_args! Exiting...\n",
+			 (int)sizeof(struct job_args) * MAX_AGENT_JOBS );
+		SSL_shutdown(ssl);
+		SSL_free(ssl);
+		close(server);
+		SSL_CTX_free(ctx);
+		_exit(EXIT_FAILURE);
+	}
+	if (!(job_thread = (pthread_t*)calloc(1, sizeof(pthread_t) * MAX_AGENT_JOBS))) {
+		fprintf( stderr,
+			 "Failed to calloc() %d bytes for job_threads! Exiting...\n",
+			 (int)sizeof(pthread_t) * MAX_AGENT_JOBS );
+		SSL_shutdown(ssl);
+		SSL_free(ssl);
+		close(server);
+		SSL_CTX_free(ctx);
+		free(args);
+		_exit(EXIT_FAILURE);
+	}
+	for (i = 0; i < MAX_AGENT_JOBS; i++) {
+		args[i].slot = FREE;
+		args[i].ssl = ssl;
+	}
+
+	do {
+		struct msg buf;
+		memset(&buf, 0, sizeof(struct msg));
+		bytes = SSL_read(ssl, &buf, sizeof(struct msg));
+		if (bytes > 0) {
+			short index;
+			if (bytes != sizeof(struct msg)) {
+				fprintf( stderr,
+					 "Received non-standard data from server!\n" );
+				continue;
+			}
+			if (buf.chunk.id == 0) {
+				if ((index = get_job_slot()) == FAIL) {
+					buf.chunk.id = -1; /* ID -1 means reject (full) */
+					sprintf((char*)buf.chunk.data, "The agent's queue is full!");
+					SSL_write(ssl, &buf, sizeof(struct msg));
+					continue;
+				}
+				args[index].slot = FULL;
+				memcpy(&args[index].buf, &buf, sizeof(struct msg));
+				switch (args[index].buf.meta.type) {
+				case UNIX:
+					pthread_create( &job_thread[index],
+							NULL,
+							exec_unix,
+							&args[index] );
+					continue;
+				case INSTALL_PKG:
+					pthread_create( &job_thread[index],
+							NULL,
+							install_pkg,
+							&args[index] );
+					continue;
+				case QUERY_PKG:
+					pthread_create( &job_thread[index],
+							NULL,
+							query_pkg,
+							&args[index] );
+					continue;
+				case DELETE_PKG:
+					pthread_create( &job_thread[index],
+							NULL,
+							delete_pkg,
+							&args[index] );
+					continue;
+				case LIST_PKGS:
+					pthread_create( &job_thread[index],
+							NULL,
+							list_pkgs,
+							&args[index] );
+					continue;
+				case UPDATE_PKG:
+					pthread_create( &job_thread[index],
+							NULL,
+							update_pkg,
+							&args[index] );
+					continue;
+				case UPDATE_PKGS:
+					pthread_create( &job_thread[index],
+							NULL,
+							update_pkgs,
+							&args[index] );
+					continue;
+				case GET_OS:
+					pthread_create( &job_thread[index],
+							NULL,
+							get_os,
+							&args[index] );
+					continue;
+				case GET_KERNEL:
+					pthread_create( &job_thread[index],
+							NULL,
+							get_kernel,
+							&args[index] );
+					continue;
+				case GET_UPTIME:
+					pthread_create( &job_thread[index],
+							NULL,
+							get_uptime,
+							&args[index] );
+					continue;
+				case GET_MEMORY:
+					pthread_create( &job_thread[index],
+							NULL,
+							get_memory,
+							&args[index] );
+					continue;
+				default:
+					buf.chunk.id = -1;
+					sprintf( (char*)buf.chunk.data,
+						 "Unsupported job type with ID: %d",
+						 buf.meta.type );
+					SSL_write(ssl, &buf, sizeof(struct msg));
+					continue;
+				}
+			} else {
+				index = find_job(buf.meta.id);
+				if (index == FAIL) {
+					sprintf( (char*)buf.chunk.data,
+						 "Data was sent for an invalid job ID" );
+					SSL_write(ssl, &buf, sizeof(struct msg));
+				} else
+					memcpy(&args[index].buf, &buf, sizeof(struct msg));
+			}
+		}
+		
+		SSL_shutdown(ssl);
+		SSL_free(ssl);		/* release connection state */
+	} while (bytes);
+	close(server);			/* close socket */
+	SSL_CTX_free(ctx);		/* release context */
+}

agent/agent_ssl.c

@@ -0,0 +1,126 @@
+#include <unistd.h>
+#include <sys/socket.h>
+#include <netdb.h>
+#include "agent_ssl.h"
+
+#define FAIL    -1
+
+/*---------------------------------------------------------------------*/
+/*--- OpenConnection - create socket and connect to server.         ---*/
+/*---------------------------------------------------------------------*/
+
+
+int connect_to_rmps(const char *hostname, int port)
+{
+     	int sd;
+    	struct hostent *host;
+    	struct sockaddr_in addr;
+
+    	if ((host = gethostbyname(hostname)) == NULL) {
+		perror(hostname);
+		return 0;
+    	}
+    	sd = socket(PF_INET, SOCK_STREAM, 0);
+    	bzero(&addr, sizeof(addr));
+    	addr.sin_family = AF_INET;
+    	addr.sin_port = htons(port);
+    	addr.sin_addr.s_addr = *(long*)(host->h_addr);
+    	if (connect(sd, (struct sockaddr*)&addr, sizeof(addr)) == FAIL) {
+		close(sd);
+		perror(hostname);
+		return 0;
+    	}
+    	return sd;
+}
+
+/*----------------------------------*/
+/*--- Initialize the SSL engine. ---*/
+/*----------------------------------*/
+SSL_CTX* init_ctx(void)
+{
+	SSL_CTX *ctx;
+	char ciphers[2048];
+    
+	//OpenSSL_add_all_algorithms();		/* Load cryptos, et.al. */
+	//OpenSSL_add_all_ciphers();		/* Load cryptos, et.al. */
+	SSL_load_error_strings();		/* Bring in and register error messages */
+	SSL_library_init();
+	ctx = SSL_CTX_new(TLSv1_2_method());	/* Create new context */
+	ciphers[0] = 0;
+	SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT, verify_callback);
+	strcat(ciphers, "-ALL");
+	if (!SSL_CTX_set_cipher_list(ctx, "ECDHE-RSA-AES128-SHA256:AES256-SHA")) {
+		fprintf(stderr, "Failed to set the cipher list. Exiting...\n");
+		return NULL;
+	}
+	if (ctx == NULL) {
+		ERR_print_errors_fp(stderr);
+		return NULL;
+	}
+	return ctx;
+}
+
+int verify_callback (int ok, X509_STORE_CTX *store)
+{
+	char data[256];
+	if (!ok) {
+		X509 *cert = X509_STORE_CTX_get_current_cert(store);
+		int depth = X509_STORE_CTX_get_error_depth(store);
+		int err = X509_STORE_CTX_get_error(store);
+		fprintf(stderr, "-Error with certificate at depth: %i\n", depth);
+		X509_NAME_oneline(X509_get_issuer_name(cert), data, 256); 
+		fprintf(stderr, " issuer = %s\n", data);
+		X509_NAME_oneline(X509_get_subject_name(cert), data, 256);
+		fprintf(stderr, " subject = %s\n", data);
+		fprintf(stderr, " err %i:%s\n", err, X509_verify_cert_error_string(err) );
+	}
+	return ok;
+} 
+
+/*-----------------------------------*/
+/*--- Print out the certificates. ---*/
+/*-----------------------------------*/
+void show_certs(SSL* ssl)
+{   
+	X509 *cert;
+    	char *line;
+    	char *cipher;
+    	int index = 0;
+
+    	cert = SSL_get_peer_certificate(ssl);	/* get the server's certificate */
+
+    	if (cert != NULL) {
+		printf("Server certificates:\n");
+		line = X509_NAME_oneline(X509_get_subject_name(cert), 0, 0);
+		printf("Subject: %s\n", line);
+		free(line);							/* free the malloc'ed string */
+		line = X509_NAME_oneline(X509_get_issuer_name(cert), 0, 0);
+		printf("Issuer: %s\n", line);
+		free(line);							/* free the malloc'ed string */
+		X509_free(cert);						/* free the malloc'ed certificate copy */
+    	} else
+		printf("No certificates.\n");
+    	
+	do {
+    		cipher = (char*)SSL_get_cipher_list(ssl, index);
+    		if (cipher) {
+			printf("Cipher = %s\n", cipher);
+			index++;
+		}
+	} while (cipher);
+}
+
+void load_certs(SSL_CTX *ctx, char *key, char *cert, char *ca)
+{
+	SSL_CTX_use_certificate_file(ctx, cert, SSL_FILETYPE_PEM);
+	SSL_CTX_use_PrivateKey_file(ctx, key, SSL_FILETYPE_PEM);
+	if (!SSL_CTX_check_private_key(ctx)) {
+		fprintf(stderr, "Private key doesn't match the cert!\n");
+		exit(EXIT_FAILURE);
+	}
+	SSL_CTX_set_client_CA_list(ctx, SSL_load_client_CA_file(ca));
+	SSL_CTX_load_verify_locations(ctx, ca, NULL);
+	if (SSL_CTX_get_client_CA_list(ctx) == NULL) {
+		fprintf(stderr, "Could not set client CA list from %s\n", ca);
+	}
+}

agent/agent_ssl.h

@@ -0,0 +1,13 @@
+#ifndef AGENT_SSL
+#define AGENT_SSL
+
+#include <openssl/ssl.h>
+#include <openssl/err.h>
+
+int connect_to_rmps(const char *hostname, int port);
+SSL_CTX* init_ctx();
+int verify_callback (int ok, X509_STORE_CTX *store);
+void show_certs(SSL* ssl);
+void load_certs(SSL_CTX *ctx, char *key, char *cert, char *ca);
+
+#endif /* AGENT_SSL */

agent/detect-unix.sh

@@ -0,0 +1,33 @@
+#!/bin/sh
+# Detects which OS and if it is Linux then it will detect which Linux Distribution.
+
+OS=$(uname -s)
+MARCH=$(uname -m)
+
+if [ "${OS}" = "SunOS" ] ; then
+	OS=Solaris
+	ARCH=$(uname -p)
+	OSSTR="${OS} ${REV}(${ARCH} $(uname -v))"
+elif [ "${OS}" = "AIX" ] ; then
+	OSSTR="${OS} $(oslevel) ($(oslevel -r))"
+elif [ "${OS}" = "Linux" ] ; then
+	KERNEL=$(uname -r)
+	if [ -f /etc/redhat-release ] ; then
+		DIST="$(cat /etc/redhat-release)"
+	elif [ -f /etc/SuSE-release ] ; then
+		DIST=$(tr "\n" ' ' < /etc/SuSE-release | sed s/VERSION.*//)
+	elif [ -f /etc/debian_version ] ; then
+		DIST="Debian $(cat /etc/debian_version)"
+	elif [ -f /etc/slackware-version ] ; then
+		DIST="$(cat /etc/slackware-version)"
+	elif [ -f /etc/os-release ] ; then
+		DIST=$(grep PRETTY_NAME /etc/os-release | tr -d '"=' | sed 's/PRETTY_NAME//')
+	else
+		DIST="$OS $MARCH"
+	fi
+	
+	OSSTR="${DIST}"
+fi
+
+
+printf "%s" "${OSSTR}"

agent/job.c

@@ -0,0 +1,152 @@
+#include <stdio.h>
+#include <stdlib.h>
+#include <unistd.h>
+#include <fcntl.h>
+#include "job.h"
+#include <sys/utsname.h>
+#include <sys/sysinfo.h>
+
+struct job_t {
+	long id;
+	long parent_id;
+	int type;
+	char code[8192];
+	char std_out[8192];
+	char std_err[8192];
+	short ret_code;
+};
+
+static void gen_fname_hash(char *s, const int len)
+{
+        static const char alphanum[] =
+                "0123456789"
+                "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
+                "abcdefghijklmnopqrstuvwxyz";
+        int i;
+        for (i = 0; i < len; ++i)
+                s[i] = alphanum[rand() % (sizeof(alphanum) - 1)];
+        s[len] = 0;
+}
+
+void* exec_unix(void *args)
+{
+	struct job_args *job = args;
+	return 0;
+}
+
+void* install_pkg(void *args)
+{
+	struct job_args *job = args;
+	return 0;
+}
+
+void* query_pkg(void *args)
+{
+	struct job_args *job = args;
+	return 0;
+}
+
+void* delete_pkg(void *args)
+{
+	struct job_args *job = args;
+	return 0;
+}
+
+void* list_pkgs(void *args)
+{
+	struct job_args *job = args;
+	return 0;
+}
+
+void* update_pkg(void *args)
+{
+	struct job_args *job = args;
+	return 0;
+}
+
+void* update_pkgs(void *args)
+{
+	struct job_args *job = args;
+	return 0;
+}
+
+void* get_os(void *args)
+{
+	struct job_args *job = args;
+	char cmd[40], dump_path[14];
+	int fd;
+	sprintf(dump_path, "/tmp/");
+	gen_fname_hash(&dump_path[5], 8);
+	sprintf(cmd, "sh detect-unix.sh > %s", dump_path);
+	system(cmd); /* TODO: set proper path */
+	if ((fd = open(dump_path, O_RDONLY)) == -1) {
+		fprintf(stderr, "Cannot open file: %s\n", dump_path);
+		job->buf.meta.len = sprintf((char*)job->buf.chunk.data, "Unknown");
+		SSL_write(job->ssl, &job->buf, sizeof(struct msg));
+	} else {
+		job->buf.meta.len = read(fd, job->buf.chunk.data, sizeof(job->buf.chunk.data));
+		if ((signed)job->buf.meta.len == -1) {
+			perror("Failed to read from file: ");
+		}
+		close(fd);
+		SSL_write(job->ssl, &job->buf, sizeof(struct msg));
+		job->slot = FREE;
+	}
+	unlink(dump_path);
+	return 0;
+}
+
+void* get_kernel(void *args)
+{
+	struct utsname name;
+	struct job_args *job = args;
+	if (uname(&name) == -1) {
+		job->buf.meta.len = sprintf((char*)job->buf.chunk.data, "Unknown");
+		SSL_write(job->ssl, &job->buf, sizeof(struct msg));
+	} else {
+		job->buf.meta.len = sprintf( (char*)job->buf.chunk.data,
+			"%s %s %s %s %s",
+			name.sysname,
+			name.nodename,
+			name.release,
+			name.version,
+			name.machine );
+		SSL_write(job->ssl, &job->buf, sizeof(struct msg));
+	}
+	job->slot = FREE;
+	return 0;
+}
+
+void* get_uptime(void *args)
+{
+	struct job_args *job = args;
+	struct sysinfo sys;
+	
+	if (sysinfo(&sys) != 0) {
+		job->buf.meta.len = sprintf((char*)job->buf.chunk.data, "Unknown");
+		SSL_write(job->ssl, &job->buf, sizeof(struct msg));
+	} else {
+		memcpy(&job->buf.chunk.data, &sys.uptime, sizeof(long));
+		//sprintf((char*)&job->buf.chunk.data, "%ld", sys.uptime);
+		SSL_write(job->ssl, &job->buf, sizeof(struct msg));
+	}
+	job->slot = FREE;
+	return 0;
+}
+
+void* get_memory(void *args)
+{
+	long pages, pagesize, freepages;
+	struct job_args *job = args;
+
+	pages = sysconf(_SC_PHYS_PAGES);
+	pagesize = sysconf (_SC_PAGESIZE);
+	freepages = sysconf(_SC_AVPHYS_PAGES);
+	job->buf.meta.len = sprintf( (char*)job->buf.chunk.data,
+		 "%ld / %ld (MB)",
+		 (freepages * pagesize) / 1048576 /* 1024*1024 */,
+		 (pages * pagesize) / 1048576 );
+	SSL_write(job->ssl, &job->buf, sizeof(struct msg));
+	job->slot = FREE;
+	return 0;
+}

agent/job.h

@@ -0,0 +1,30 @@
+#ifndef JOB_H
+#define JOB_H
+
+#include "agent_ssl.h"
+#include "../protocol.h"
+
+enum pthread_state { WAIT, WORK };
+enum job_slot_state { FREE, FULL };
+
+struct job_args {
+	struct msg buf;
+	unsigned short slot;
+	SSL *ssl;
+};
+
+void* exec_unix(void *args);
+void* install_pkg(void *args);
+void* query_pkg(void *args);
+void* delete_pkg(void *args);
+void* list_pkgs(void *args);
+void* update_pkg(void *args);
+void* update_pkgs(void *args);
+void* get_os(void *args);
+void* get_kernel(void *args);
+void* get_uptime(void *args);
+void* get_memory(void *args);
+
+#define MAX_AGENT_JOBS 10
+
+#endif /* JOB_H */

agent/pkgctl.sh

@@ -0,0 +1,27 @@
+#!/bin/bash
+
+OS=`sh detect-unix.sh`
+
+# Determine task
+#case $1 in
+#	install)
+#	remove)
+#	update)
+#	query)
+#esac
+
+# Determine package manager
+case "$OS" in
+	"Arch Linux") PM="pacman" ;;
+	"Fedora") PM="yum" ;;
+	"Red Hat") PM="yum" ;;
+	"CentOS") PM="yum" ;;
+	"SUSE") PM="yum" ;;
+	"Ubuntu") PM="apt" ;;
+	"Debian") PM="apt" ;;
+esac
+
+#if [ "$OS" = "Arch Linux" ] ; then
+#	PM="pacman"
+#fi
+echo $PM

agent/runme.sh

@@ -0,0 +1,2 @@
+#!/bin/bash
+./agent localhost 7000 /etc/rmps/certs/client_1/client.key /etc/rmps/certs/client_1/client.crt /etc/rmps/certs/ca.pem