(a12) directory server sandbox rework

(incomplete) - dump while moving computers around.

src/a12/a12.c

@@ -147,10 +147,9 @@ struct appl_meta* a12int_get_directory(struct a12_state* S, uint64_t* clk)
 void a12int_set_directory(struct a12_state* S, struct appl_meta* M)
 {
 	struct appl_meta* C = S->directory;
+
 	while (C){
 		struct appl_meta* old = C;
-		if (C->handle)
-			fclose(C->handle);
 		free(C->buf);
 
 		C = C->next;
@@ -1553,7 +1552,6 @@ static void hello_auth_server_hello(struct a12_state* S)
 /* and done, mark latched so a12_unpack saves buffer and returns */
 	S->authentic = AUTH_FULL_PK;
 	S->auth_latched = true;
-	S->state_access = res.state_access;
 
 	if (S->on_auth)
 		S->on_auth(S, S->auth_tag);
@@ -1814,7 +1812,6 @@ static void add_dirent(struct a12_state* S)
 	memcpy(new->applname, &S->decode[36], 18);
 	memcpy(new->short_descr, &S->decode[55], 69);
 	new->update_ts = arcan_timemillis();
-	new->remote = true;
 
 	if (!S->directory){
 		S->directory = new;
@@ -1826,7 +1823,7 @@ static void add_dirent(struct a12_state* S)
 
 	while (cur){
 /* override / update? */
-		if (cur->identifier == new->identifier && cur->remote){
+		if (cur->identifier == new->identifier){
 			new->next = cur->next;
 			if (prev)
 				prev->next = new;
@@ -2042,7 +2039,7 @@ static void process_blob(struct a12_state* S)
 
 		if (!buf){
 			a12int_trace(A12_TRACE_ALLOC,
-				"kind=zstd_buffer_fail:size=%zu", content_sz);
+				"kind=zstd_buffer_fail:size=%zu", (size_t) content_sz);
 			a12_stream_cancel(S, S->in_channel);
 			reset_state(S);
 			return;
@@ -2651,7 +2648,7 @@ static bool flush_compressed(
 	if (node->left){
 		a12int_trace(A12_TRACE_BTRANSFER, "kind=compressed_block:"
 			"stream=%"PRIu64":ch=%d:size=%zu:base=%zu:left=%zu",
-			(size_t)node->streamid, (int) node->chid, out, nts, node->left
+			(uint64_t)node->streamid, (int) node->chid, out, nts, node->left
 		);
 		node->left -= nts;
 		return node->left != 0;
@@ -3178,13 +3175,3 @@ int a12_remote_mode(struct a12_state* S)
 {
 	return S->remote_mode;
 }
-
-int a12_access_state(
-	struct a12_state* S, const char* id, const char* mode, size_t sz)
-{
-	if (!S || !S->state_access)
-		return -1;
-
-	return S->state_access(S->keys.remote_pub, id, sz, mode);
-}
-

src/a12/a12.h

@@ -559,13 +559,6 @@ enum stream_cancel {
 };
 void a12_vstream_cancel(struct a12_state* S, uint8_t chid, int reason);
 
-/*
- * Return a descriptor to a state store for the a12 context+id pair
- * with the desired access mode (r, w+) and (for w+) size boundary
- */
-int a12_access_state(
-	struct a12_state* s, const char* id, const char* mode, size_t sz);
-
 struct a12_iostat {
 	size_t b_in;
 	size_t b_out;

src/a12/a12_int.h

@@ -306,10 +306,6 @@ struct a12_state {
 		uint8_t remote_pub[32];
 	} keys;
 
-/* pk_lookup provided state accessor */
-	int (*state_access)(const uint8_t pub[static 32],
-		const char* name, size_t sz, const char* mode);
-
 /* client side needs to send the first packet with MAC+nonce, server side
  * needs to interpret first packet with MAC+nonce */
 	bool server;
@@ -343,9 +339,13 @@ void a12int_append_out(
 void a12int_step_vstream(struct a12_state* S, uint32_t id);
 
 struct appl_meta {
+
+/* These are used for local caching of contents, an update on the directory
+ * bound to the context or freeing the a12 state machine will free them. */
 	FILE* handle;
 	char* buf;
 	uint64_t buf_sz;
+
 	struct appl_meta* next;
 
 	uint16_t identifier;
@@ -355,7 +355,8 @@ struct appl_meta {
 
 	char applname[18];
 	char short_descr[69];
-	bool remote;
+
+	int role;
 	uint64_t update_ts;
 };
 

src/a12/net/CMakeLists.txt

@@ -8,6 +8,7 @@ set(SOURCES
 	net.c
 	dir_cl.c
 	dir_srv.c
+	dir_srv_worker.c
 	dir_supp.c
 	${ARCAN_SRC}/frameserver/util/anet_helper.c
 	${ARCAN_SRC}/frameserver/util/anet_keystore_naive.c

src/a12/net/HACKING.md

@@ -334,6 +334,7 @@ interleaving.
 - [20]      Mode          : uint8
 - [21+ 32]  x25519 Pk     : blob
 - [54]      Primary flow  : uint8
+- [55+ 16]  Petname       : UTF-8
 
 The hello message contains key-material for normal x25519, according to
 the Mode byte [20].
@@ -357,6 +358,9 @@ that is configured to push (x11-style forwarding) want to act as a source and
 would send 1 in its first HELLO, otherwise 2 (sink). If this does not match the
 configuration/expectations of the other end, the connection MUST be terminated.
 
+The petname in the direct HELLO state is treated as a suggested (valid utf-8)
+visible simplified user presentable handle.
+
 ### command = 1, shutdown
 - [18..n] : last\_words : UTF-8
 
@@ -504,18 +508,43 @@ directory-list commands.
 
 This is sent as a reply to the directory list command and is used to notify
 about the update, removal, creation or presence of a retrievable application.
-An empty identifier terminates. The applname can be used as the extension
-field of a BCHUNKSTATE event to initiate the actual transfer.
+An empty identifier terminates. The applname or server-identifier can be used
+as the extension field of a BCHUNKSTATE event to initiate the actual transfer.
 
 ### command - 11, directory-discover
 - [18.. 19] role    : uint8 (0) source, (1) sink, (2) directory
 - [20     ] state   : uint8, (0) added, (1) lost
-- [21.. 36] petname : (+16) utf-8 server-generated identifier / user-provided
-- [37.. 52] id      : (+16) Kpub (x25519)
-
-This is provided when a new source or sink has flagged for availability or been
-disconnected. The petname is chosen by hashing into a server-local dictionary
-and allocated on first-use or provided on initial HELLO.
+- [21.. 36] id      : (+16) Kpub (x25519)
+- [37  +16] petname : UTF-8 identifier
+
+This is provided when a new source or sink has flagged for availability
+(state=0) or been disconnected (state=1). The petname is provided on initial
+source/sink/directory HELLO or chosen by the directory server due to local
+policy or name collision.
+
+### command - 12, directory-open
+- [18    ] Mode    : (0: direct, 1: tunnel)
+- [19..34] Kpub    : (+16) Kpub (x25519)
+- [35..50] petname : UTF-8 identifier
+
+This is used to request a connection / connection request to the provided
+petname. Kpub is the public key that will be used in the HELLO to the target.
+This can be the same Kpub used to make the connection to the directory server,
+but might also be a different one in order to differentiate between trust
+domains. It will be forwarded to the source/sink/directory in question.
+
+If mode is set to tunnnel:ed, the active connection will be used to route
+traffic to/from the nested connection. This is a workthrough for cases where
+a direct connection cannot be established, corresponding carriers for NAT
+traversal (UDP blocked, misconfigured routers) and might not be permitted
+by the server connection.
+
+A client is intended to first try to establish a direct connection, and after a
+failed attempt, try the tunnel route.
+
+### command - 14, directory-opened
+- [18    ] Status  : (0 failed, 1 direct ok, 2 tunnel ok)
+- [19 +16] Address : Status = 1, IPv6 address to the host, Status = 2, tunnel ID.
 
 ##  Event (2), fixed length
 - [0..7] sequence number : uint64

src/a12/net/dir_cl.c

@@ -580,6 +580,10 @@ void anet_directory_cl(
 
 	sigaction(SIGPIPE,&(struct sigaction){.sa_handler = SIG_IGN}, 0);
 
+	if (opts.source_argv){
+		return;
+	}
+
 /* always request dirlist so we can resolve applname against the server-local
  * ID as that might change */
 	a12int_request_dirlist(S, false);