Add Abuhops authentication mechanism.

AltSysrq · Dec 9, 2012 · 10a9aff · 10a9aff
1 parent 174d124
commit 10a9aff
Show file tree

Hide file tree

Showing 2 changed files with 45 additions and 18 deletions.
diff --git a/abserver.tcl b/abserver.tcl
@@ -281,8 +281,29 @@ proc pwhash {user passwd} {
   sha2::sha256 $user$passwd
 }
 
+# The socket given us by inetd never expires. If the remote host falls off the
+# face of the earth, the program will never terminate.
+# Create an after script which runs every 15 minutes and exits if the read loop
+# has not iterated theresince.
+set timeoutFlag 1
+proc die-if-flag-not-set {} {
+  if {!$::timeoutFlag} {
+    log error "Connection timed out"
+    foreach script $exitHooks {
+      if {[catch {eval $script} err]} {
+        log error "Exit hook: $err"
+      }
+    }
+    exit
+  }
+
+  set ::timeoutFlag 0
+  after 900000 die-if-flag-not-set
+}
+
 proc main {} {
   global exitHooks isRunning logOutput userid lastLoginPing hasLoginExpired
+  die-if-flag-not-set
   log info "Greetings"
   if {[catch {
     while {$isRunning} {
@@ -306,6 +327,8 @@ proc main {} {
       if {$isRunning} {
         execmsg {*}$line
       }
+
+      set ::timeoutFlag 1
     }
   } err erropts]} {
     log error "Unspecified: $err"
@@ -1174,6 +1197,22 @@ proc message-top-ai-report-2 {species generation cortex
   ($::userid, $species, $generation, $cortex, $instance, $score, $comptime)
 }
 
+proc message-top-abuhops-auth {} {
+  log info "Requesting authentication for abuhops."
+  if {[catch {
+    set f [open /usr/local/etc/abuhops/shared_secret rb]
+    set secret [read $f]
+    close $f
+    set timestamp [clock seconds]
+    set hmac [::sha2::hmac -hex -key $secret \
+                  [binary format iia* $::userid $timestamp \
+                       [encoding convertto utf-8 $::username]]]
+    wl [list abuhops-auth  $::userid $::username $timestamp $hmac]
+  } err]} {
+    log error $err
+  }
+}
+
 proc message-job-done {args} {
   disable job-done job-failed
   set jobid $::jobid

diff --git a/abserver.txt b/abserver.txt
@@ -304,24 +304,12 @@ top-ai-report-2 species generation cortex instance score comptime
   score:        float, score of the quadruple
   comptime:     number of milliseconds since last report
 
-top-internet-info ipv laddr lport
-  Sent by the client. Prepares Internet connectivity with the given Internet
-  protocol (4 or 6), given what the client sees as its IP address and port
-  number.
-
-internet-ready iaddr iport vnum
-  Sent by the server in response to top-internet-info. Informs the client of its
-  Internet address and port in the protocol specified in top-internet-info, and
-  provides the validation number for the hole-punching service.
-
-  IPv4 connections support NAT with the following rules:
-    If two clients have the same Internet address, they connect to each other
-    via their reported local addresses.
-    If a client's "Internet" address is 192.168.*, that address is replaced by
-    the IP address of abendstern.servegame.com, and its port replaced by a hard-
-    wired table of port-forwarding values.
-    Other clients use each others' Internet addresses.
-  IPv6 connections assume the absense of NAT.
+top-abuhops-auth
+  Sent by the client. Requests credentials for connecting to Abuhops.
+
+abuhops-auth id name timestamp hmac
+  Sent by the server. Indicates the credentials the client can use to connect
+  to Abuhops.
 
 job type ...
   Sent by the server. Requests the client perform the job specified by