4ee66ae3c7
Begin implementing user privileges.
2023-04-16 17:51:03 +00:00
6ca1265076
Begin working on User-Interactive authentication fallback.
2023-04-15 02:36:28 +00:00
e882693c78
Add route for requestToken endpoints.
2023-04-14 23:59:40 +00:00
b21d018daa
Move router building function into a more sensible location.
2023-04-14 21:37:00 +00:00
83971dfaff
Refactor routing system to use HttpRouter.
2023-04-14 21:20:56 +00:00
a90f7c4b9e
Apply #69
2023-04-14 17:50:14 +00:00
1f8df737da
Add HttpRouter API; still have to convert the code to use it.
2023-04-06 01:48:32 +00:00
7c865d06fd
Format code.
2023-04-01 02:46:59 +00:00
e0c8530b12
Clean up http client enough to replace curl in send-patch.
2023-04-01 02:46:07 +00:00
e592840c99
Clean up some HTTP client stuff.
2023-04-01 02:13:41 +00:00
7b3d537175
Remove UtilStreamCopy()
2023-04-01 00:20:18 +00:00
f341fd2b6e
Fix OpenSSL server accept call.
...
Apparently it can EAGAIN on non-blocking connections... I don't think
LibreSSL's TLS library does this, but something to keep in mind if it
doesn't work for somebody.
2023-03-31 23:10:52 +00:00
eef615fc9a
Fix warnings in RouteChangePwd.c
2023-03-28 02:28:58 +00:00
9b21e2460a
Accept #67 : Add the password modification endpoint.
2023-03-28 01:17:47 +00:00
c6f4a4a546
Fix leak of StreamStdout() when logging to a file.
2023-03-27 17:56:45 +00:00
c37d3801b2
Fix warning about uninitialized variable.
2023-03-25 00:00:53 +00:00
a24c27bf4f
Fix leak in TlsOpenSSL.
2023-03-24 17:37:44 +00:00
af776c64a7
Remove duplicate return line.
2023-03-24 14:18:29 +00:00
a25573063f
Fix up TlsOpenSSL a little bit.
...
Server is still broken...
2023-03-24 03:05:12 +00:00
aeb49f80e5
Add support for OpenSSL. This is a good demo of how easy it is to support TLS libraries.
2023-03-24 02:41:01 +00:00
fe32c652cd
Fix bug in HttpClient where it wouldn't retry on EAGAIN.
2023-03-24 00:23:49 +00:00
20d41d794b
Fix compile error. I had this in here at some point, not sure where it went.
2023-03-23 17:41:02 +00:00
e13442c122
Fix strange behavior in TlsLibreSSL.
...
tls_read() and tls_write() may return TLS_WANT_POLLIN or TLS_WANT_POLLOUT
if data isn't ready to be read or written yet. We have to account for this
by converting it to EAGAIN, which is how a typical read() or write()
function should behave.
Also installed a SIGPIPE handler; we do not want to be terminated by
SIGPIPE, and it's safe to ignore this signal because it should be
handled thoroughly in the code.
2023-03-23 16:39:15 +00:00
2441f07848
Add support for spinning up multiple HTTP servers.
...
This is useful for having a TLS and a non-TLS version port, like Synapse.
I verified that the multiple-servers does in fact work as intended,
although the TLS server part is broken; I must be doing something
incorrectly with LibreSSL in setting up the server.
2023-03-23 02:12:45 +00:00
2fab7b55fe
Remove obsolete warning about setting root directory.
...
We don't use chroot() anymore.
2023-03-22 18:30:30 +00:00
089d8d4d94
Only install the memory hook if -v is given.
...
This way, we can still set the debug level in the configuration, and not
see the log just absolutely flooded with memory allocations and whatnot.
This is helpful because I want debug messages to show up in development,
but not in production, but having all the memory logging makes it
almost impossible to pick anything else out of the log. I want the
feature available, just not on by default because it's useful in limited
circumstances.
2023-03-22 18:29:05 +00:00
9ec330f40a
Log once we get the response status, not right when we get the request.
2023-03-22 18:13:59 +00:00
8faf6f2126
Delete TelodendriaConfig.c
2023-03-22 17:20:53 +00:00
fc975e6a93
TelodendriaConfig -> Config
2023-03-22 17:17:30 +00:00
413c7ad803
Start building support for running multiple HTTP servers.
...
The standard use case for this is going to be running a TLS and a non-TLS
HTTP server. I can't see a need for *more* than two, but it is theoretically
possible.
We shouldn't have to change anything with the database or anything; it
should suffice to simply spin up more HTTP servers, and they should
interact with each other the same way a single HTTP server with multiple
threads will.
2023-03-22 17:00:48 +00:00
e30fa3ee33
Remove remnants of non-global LogConfig from TelodendriaConfig
2023-03-22 16:31:24 +00:00
e6f3dfad18
Add an ArraySet() method for replacing entries in an array.
...
This is much more efficient than using ArrayDelete() and ArrayInsert(),
and will serve us well in the future.
2023-03-22 16:31:06 +00:00
f3c4c0ac65
Add a global log configuration.
...
This is the easiest and cleanest way to get logging into some of the
fundamental APIs, such as the database and TLS APIs. We don't want to
have to pass logging functions to those, but they can safely use the
global logging configuration.
2023-03-22 14:52:04 +00:00
8782aa046d
Fix compile error in Tls, work on getting certs and keys into HttpServer.
2023-03-22 02:18:31 +00:00
bdaea9872e
Format source code.
2023-03-22 01:46:45 +00:00
b58ca7d22e
Start working on adding TLS support to HttpServer.
2023-03-22 01:46:24 +00:00
6561b5bae1
Add TLS build support to td.
2023-03-22 01:17:42 +00:00
996356832e
Define TLS API, update HttpClient to support optional TLS.
...
Also added a LibreSSL TLS implementation. Client is verified to work;
server has not been tested yet.
2023-03-22 00:41:21 +00:00
2a92d0de7e
Fix bit flag check.
2023-03-22 00:11:24 +00:00
4a27f50538
Remove calls to pledge(), unveil(), and chroot().
...
Not only does this make us more POSIX, it actually makes things a lot
easier because TLS implementations will need to be able to access the
trusted certificates file, which most likely will not live in the
data directory.
2023-03-20 19:23:37 +00:00
6c9e939b9f
Fix broken IoVprintf().
...
You can't call vsnprintf() on the same va_list more than once! I learned
this the hard way with StreamVprintf().
2023-03-18 14:55:04 +00:00
5289c16e2b
Convert all code to new Stream API.
...
Also made a number of improvmements to tt, making it compatible with more
shells.
2023-03-18 14:32:09 +00:00
a97a593f21
Format code.
2023-03-16 16:53:18 +00:00
27b3b6cdc6
Add StreamPuts(), don't make StreamVprintf() defer to IoVprintf().
2023-03-16 16:51:41 +00:00
8539a03d5b
Add StreamFile() convenience method.
2023-03-16 16:25:24 +00:00
e0a3760a37
Don't buffer in IoWrite(), indicate that fwrite() returns size_t, not ssize_t.
2023-03-16 14:17:04 +00:00
6ee1857f5f
Format source code.
2023-03-16 12:29:38 +00:00
7d9770fc12
Add some convenience functions for working with Io and Stream.
...
Also broke out IoFd into it's own file, and did the same with IoFile.
2023-03-16 12:28:55 +00:00
65f4c90df3
Rename HttpStream() to HttpServerStream() to match HttpClientStream()
2023-03-16 02:17:48 +00:00
ab4755240a
Add IoCopy() and StreamCopy()
...
Both do buffered reads and writes, but IoCopy() uses IoRead() and
IoWrite() directly, whereas StreamCopy() relies on StreamGetc() and
StreamPutc(), which manipulate the stream buffers.
2023-03-15 17:14:16 +00:00
92da3542a6
Move low-level fopencookie()/funopen() functionality to Io API.
...
The Stream API now provides the buffered I/O functionality analogous to
the C standard library.
2023-03-15 16:47:34 +00:00
5dbaf3c223
Apply #65 , remove printf() in Db, and make tt show login messages.
2023-03-15 13:36:49 +00:00
afc7667737
Begin prototyping Stream API.
2023-03-15 02:40:23 +00:00
ae97d8116c
Apply #64 : Registration tokens.
2023-03-14 00:37:24 +00:00
76bfa120ee
Fix CPU pin if clients don't shutdown() their socket properly.
...
If we haven't read any bytes yet, then we try a few times a few ms apart
to see if we get anything. If not, treat it as an EOF. Otherwise, read
bytes until we get an EOF or EAGAIN. EAGAIN after a consistent read of
bytes is treaded as an EOF immediately.
2023-03-12 15:08:50 +00:00
62cd1cdc98
Misc changes.
2023-03-12 03:37:57 +00:00
7fa982a16f
Fix bug in Uia
2023-03-12 03:36:40 +00:00
3037f12907
Add tt and http-debug-server tools.
2023-03-10 18:48:52 +00:00
2d9b706f38
Fix I/O in JsonConsumeWhitespace() and UtilStreamCopy().
...
These functions previously operated on the assumption that fgetc() would
block; however it will not block on HttpServer streams because those are
non-blocking. They now check error conditions properly before failing
prematurely.
2023-03-10 18:46:03 +00:00
8ead9cc93a
Apply #63 , make some general bug fixes.
2023-03-10 03:24:04 +00:00
3af2d3d12b
Format code, update TODO items.
2023-03-09 03:35:40 +00:00
ca053a12b1
Break out main() into Main.c, fix some compile warnings on Cygwin.
2023-03-09 02:46:04 +00:00
76413f834e
Make json use ^ for removing fields, instead of !
...
Room IDs start with '!', we want to be able to access these.
2023-03-08 22:47:07 +00:00
7b22fb02a2
Implement pretty-printing option in Json.
...
Telodendria itself doesn't use it, but the json CLI tool does.
2023-03-08 17:15:43 +00:00
8d75d8a023
Add simple HTTP CLI tool that uses the HttpClient API.
...
You might be asking why I would just write a simple curl replacement
when curl does the job just fine. Well, the most immediate reason is
to test the HttpClient API, but since Telodendria's goal is to not
be dependent on any third-party code if at all possible, it makes
sense to have a simple HTTP client to use not only for testing
Telodendria, but also for configuring it. When we move the
configuration to the database, we'll ship a script that uses this
tool to allow admins to easily submit API requests.
Do not be concerned that HttpClient does not support TLS yet. TLS
support is necessary for federation to work, so it is coming
eventually.
2023-03-08 03:30:36 +00:00
7e144ae488
Clean up a few bugs in HttpClient and Uri
2023-03-08 02:53:47 +00:00
3e42da279c
Make improvements to HttpClient, add Uri
2023-03-08 01:54:33 +00:00
313f0e2e73
Add HttpClient API
2023-03-07 23:10:06 +00:00
04bf8ca1a1
Document Uia API.
2023-03-07 00:28:52 +00:00
f1e565ef7b
Update Json man page.
2023-03-06 22:21:56 +00:00
0ac21d430a
Document User API
2023-03-06 22:09:57 +00:00
0cbdb5f615
Multi-stage flows should theoretically work now.
2023-03-04 01:53:33 +00:00
e4ec250d8f
Apply modified #57 : Implement logout all.
2023-03-03 22:49:37 +00:00
5d590df83d
Remove DB_MIN_CACHE because that's dumb.
...
You should be able to totally disable the cache if you so please. This
should ensure Telodendria uses less memory on constrained systems.
2023-03-03 14:26:10 +00:00
1770789333
Fix leak in DbList()
2023-03-03 03:11:49 +00:00
676d6f4c61
Basic formatting.
2023-03-02 22:32:47 +00:00
d899a836b6
Apply #54
2023-03-02 22:06:33 +00:00
f4838f8211
Remove non-standard use of d_type
2023-03-02 02:53:43 +00:00
d6f96757bc
Apply #52 : d_namlen is non-standard.
2023-03-01 21:39:22 +00:00
7a951c980f
Cleanup old user interactive auth sessions.
2023-03-01 19:52:44 +00:00
8c4e6aa594
Implement DbList()
2023-03-01 19:33:25 +00:00
ce6d483135
Implement static login page.
2023-03-01 19:03:42 +00:00
e7d1c0d951
Cross-platform code improvements.
2023-03-01 01:55:26 +00:00
334a711b02
Fix compile error.
2023-03-01 01:23:52 +00:00
2747660473
Add a TODO in Uia
2023-02-28 18:48:43 +00:00
63634407d4
Update TODO.txt, add stub functions in Db.
2023-02-28 18:44:02 +00:00
16c31b63d7
Begin work on static login page.
2023-02-28 17:52:09 +00:00
36169181dd
Build basic framework for creating static pages.
...
The login fallback, as well as the user-interactive authentication
fallbacks, are static HTML pages.
2023-02-28 16:51:40 +00:00
fae9eb4473
Implement password-based user interactive authentication.
2023-02-28 15:17:11 +00:00
e2806bc810
Add UserIdParse() and UserIdFree() functions.
...
The spec says that a username can be either just the localpart, or a
localpart and a server. This commit now ensures that the login endpoint
actually handles usernames properly by calling the proper parsing
functions.
2023-02-28 13:44:34 +00:00
6ce6cb4525
Implement flow handling in Uia API.
...
This commit should fix user interactive authentication for dummy flows,
but I still have to implement a few more flows, including passwords and
refresh token. I also have to fix the cleanup logic: when do we purge
UIA sessions?
2023-02-27 15:39:12 +00:00
7703405c70
Fix bugs in Json API.
2023-02-26 15:07:46 +00:00
adea499813
Add UiaFlowsFree() function, and clean up some memory issues.
2023-02-24 14:40:21 +00:00
d517b66316
Also delete refrsh token if present for device.
2023-02-24 01:06:02 +00:00
b60cac53e5
Make JsonValueString() call StrDuplicate(); refactor code to behave properly.
2023-02-24 00:17:56 +00:00
8c96fd8d7d
Begin the great StrDuplicate() refactor.
2023-02-23 23:19:23 +00:00
b99e8bd1cd
Apply modified #50 and fix some misc. bugs.
2023-02-23 15:13:39 +00:00
9e9b5c9cda
Fix a write-out-of-bounds error in Json.
2023-02-23 03:46:05 +00:00
3bbff5379f
[WIP] Replace UserInteractiveAuth with a new Uia API.
...
Uia is a lot less characters to type. Do note that this API is far from
complete and this commit breaks user interactive authentication entirely.
2023-02-19 14:58:56 +00:00
fa88fc3323
Format source code.
2023-02-17 03:23:25 +00:00
ff879e715f
Finish implementing token refresh.
...
This implementation just keeps the refresh token and only updates the
access token. The spec says that this is allowed. There's really no
reason to do this, other than the fact that it's easier.
2023-02-17 03:20:49 +00:00
4b336de171
Build out the User API a bit more.
2023-02-17 03:18:24 +00:00
46fe667988
Add HashMapGetKey() so we can free bucket keys before deleting them.
2023-02-17 03:14:43 +00:00
feb11de6b0
Fix some compile warnings. I'll get back to this eventually.
2023-02-16 18:51:10 +00:00
72405a94f6
Add JsonGet(), JsonSet(), and JsonCreate() for convenience.
2023-02-16 18:49:19 +00:00
d255ce1a21
Begin working on refresh route.
2023-02-16 17:22:59 +00:00
c78dc3bd31
Fix a memory bug in StrRandom() with RandIntN().
...
We're storing integers in this buffer, so we have to allocate enough
memory for them. An integer is usually more than one byte.
2023-02-16 13:10:09 +00:00
38438c297e
Looks like Matrix v1.6 is out.
2023-02-16 02:09:57 +00:00
85380efa3c
[ #48 ] Fix bug in MatrixGetAccessToken()
2023-02-16 01:33:46 +00:00
6a593ab8a0
[ #48 ] Add Rand API and make StrRandom() use it.
2023-02-16 00:31:13 +00:00
f7d581538d
Begin documenting Str.
2023-02-14 11:56:22 +00:00
5fef788053
Begin documenting User API
2023-02-12 02:31:14 +00:00
2443c91bba
Fix bug in HashMap that would allow iterating over deleted values.
2023-02-11 00:15:49 +00:00
8b8873103d
Handle standard library quirks of non-conforming systems and compilers.
2023-02-05 14:20:12 +00:00
dc972385ea
Don't shadow variables.
2023-02-05 14:19:07 +00:00
5b77236e82
Fix -v option
2023-01-17 21:38:39 +00:00
e0f7c133d1
Add a non-JSON landing page. This is the basis for other HTML pages.
2023-01-17 20:29:16 +00:00
b0b2f11158
Refactor endpoint authentication flow.
...
Instead of one MatrixAuthenticate() function, we'll do
MatrixGetAccessToken(), and then UserAuthenticate(). This allows us to
give different error messages depending on what the user provided and what
the server state is.
2023-01-17 01:36:22 +00:00
1e02971a7e
Implement login route.
2023-01-17 00:02:50 +00:00
cc95c10f44
Move client well-known generation to MatrixClientWellKnown() function.
...
We'll be using this for client login.
2023-01-16 22:02:08 +00:00
121682c006
Implement user login.
2023-01-16 21:17:44 +00:00
bd88c01c26
Don't read the timestamp after it's freed.
2023-01-16 03:57:01 +00:00
c0309c1ea8
Fix memory leak when log timestamp is not set in the config.
2023-01-16 03:21:59 +00:00
a4364dbb68
Fix use after free.
2023-01-10 00:38:47 +00:00
599fa1a740
Document MemoryHexDump() and DbExists()
2023-01-09 21:39:59 +00:00
b8ce4c9239
Lock database in DbExists() to prevent race conditions.
2023-01-09 19:25:49 +00:00
c5bce0b14f
Apply #43 with modifications.
2023-01-09 19:22:09 +00:00
1421c478fd
Fix bug where malformed requests cause Db locks that are never unlocked.
2023-01-09 19:16:12 +00:00
90a74c3b0a
Don't accept connections if the connection queue is full.
2023-01-09 17:44:12 +00:00
1d9ed5dcbf
Fix invalid read in HttpParamDecode().
2023-01-09 15:48:56 +00:00
9358264add
Fix some invalid write errors.
2023-01-09 15:18:59 +00:00
30c3690287
Renamed String.h to Str.h because Windows is dumb.
2023-01-08 04:38:06 +00:00
56105c8a61
Fix logic error
2023-01-07 18:24:16 +00:00
f365f94389
Define User struct.
2023-01-07 16:15:11 +00:00
08b36c071c
Begin prototyping User.h
2023-01-07 15:51:56 +00:00
0f661f435f
Whoops, forgot to update the header.
2023-01-07 04:40:12 +00:00
0a29aa7f5a
Move string related functions to a new String API.
...
I think we have accumulated enough string functions that they should
have their own API. This shortens the function names a bit too.
2023-01-07 04:33:32 +00:00
2ce09f8632
Convert UtilStringConcat() into a varargs function.
...
This allows us to concatenate an arbitrary amount of strings without
having to maintain a bunch of pointers or leak memory when nesting calls.
2023-01-07 03:17:06 +00:00
8323eb38c9
Make UtilRandomString() more secure.
...
Two ways this is more secure:
1. The seed is only generated once, not every time the function is called.
2. All threads share the same seed, which means timing attacks aren't
possible.
Because we are using a mutex, performance may suffer slightly.
2023-01-07 00:18:44 +00:00
ea1828e95e
Fix warning in RouteRegister.c
2023-01-06 21:54:33 +00:00
7bda319f39
Format code
2023-01-06 21:18:44 +00:00
1282371680
Fix "bad pointer" warnings.
2023-01-06 18:50:31 +00:00
8e2399e648
Fix bug on some platforms that use unsigned characters.
2023-01-02 18:22:04 +00:00
d969f4d053
Fix visual bugs in MemoryHexDump()
2023-01-02 04:12:12 +00:00
5c5aab71d8
Fix bug in UserInteractiveAuth()
2023-01-02 03:56:27 +00:00
e9aebab221
Move hex dump logic to Memory API.
2023-01-01 22:10:23 +00:00
d9d88eb028
Periodically purge old user interactive auth sessions.
...
Keeping them around is going to take up a lot of storage. If it takes more
than a half hour for a client to complete the auth, make him start over.
2022-12-28 15:52:19 +00:00
fbd7bf5944
Fix memory leak in DbDelete()
2022-12-28 15:44:21 +00:00
1a43ea6470
Fix bugs in Cron
2022-12-26 16:28:58 +00:00
3c8d89a52e
Update copyright year
2022-12-26 15:52:52 +00:00
