syncthing/lib/relay/client/methods.go

// Copyright (C) 2015 Audrius Butkevicius and Contributors (see the CONTRIBUTORS file).

package client

import (
	"context"
	"crypto/tls"
	"errors"
	"fmt"
	"net"
	"net/url"
	"strconv"
	"time"

	"github.com/syncthing/syncthing/lib/dialer"
	syncthingprotocol "github.com/syncthing/syncthing/lib/protocol"
	"github.com/syncthing/syncthing/lib/relay/protocol"
)

type incorrectResponseCodeErr struct {
	code int32
	msg  string
}

func (e incorrectResponseCodeErr) Error() string {
	return fmt.Sprintf("incorrect response code %d: %s", e.code, e.msg)
}

func GetInvitationFromRelay(ctx context.Context, uri *url.URL, id syncthingprotocol.DeviceID, certs []tls.Certificate, timeout time.Duration) (protocol.SessionInvitation, error) {
	if uri.Scheme != "relay" {
		return protocol.SessionInvitation{}, fmt.Errorf("unsupported relay scheme: %v", uri.Scheme)
	}

	ctx, cancel := context.WithTimeout(ctx, timeout)
	defer cancel()
	rconn, err := dialer.DialContext(ctx, "tcp", uri.Host)
	if err != nil {
		return protocol.SessionInvitation{}, err
	}

	conn := tls.Client(rconn, configForCerts(certs))
	conn.SetDeadline(time.Now().Add(timeout))

	if err := performHandshakeAndValidation(conn, uri); err != nil {
		return protocol.SessionInvitation{}, err
	}

	defer conn.Close()

	request := protocol.ConnectRequest{
		ID: id[:],
	}

	if err := protocol.WriteMessage(conn, request); err != nil {
		return protocol.SessionInvitation{}, err
	}

	message, err := protocol.ReadMessage(conn)
	if err != nil {
		return protocol.SessionInvitation{}, err
	}

	switch msg := message.(type) {
	case protocol.Response:
		return protocol.SessionInvitation{}, incorrectResponseCodeErr{msg.Code, msg.Message}
	case protocol.SessionInvitation:
		l.Debugln("Received invitation", msg, "via", conn.LocalAddr())
		ip := net.IP(msg.Address)
		if len(ip) == 0 || ip.IsUnspecified() {
			msg.Address = remoteIPBytes(conn)
		}
		return msg, nil
	default:
		return protocol.SessionInvitation{}, fmt.Errorf("protocol error: unexpected message %v", msg)
	}
}

func JoinSession(ctx context.Context, invitation protocol.SessionInvitation) (net.Conn, error) {
	addr := net.JoinHostPort(net.IP(invitation.Address).String(), strconv.Itoa(int(invitation.Port)))

	ctx, cancel := context.WithTimeout(ctx, 10*time.Second)
	defer cancel()
	conn, err := dialer.DialContext(ctx, "tcp", addr)
	if err != nil {
		return nil, err
	}

	request := protocol.JoinSessionRequest{
		Key: invitation.Key,
	}

	conn.SetDeadline(time.Now().Add(10 * time.Second))
	err = protocol.WriteMessage(conn, request)
	if err != nil {
		return nil, err
	}

	message, err := protocol.ReadMessage(conn)
	if err != nil {
		return nil, err
	}

	conn.SetDeadline(time.Time{})

	switch msg := message.(type) {
	case protocol.Response:
		if msg.Code != 0 {
			return nil, fmt.Errorf("incorrect response code %d: %s", msg.Code, msg.Message)
		}
		return conn, nil
	default:
		return nil, fmt.Errorf("protocol error: expecting response got %v", msg)
	}
}

func TestRelay(ctx context.Context, uri *url.URL, certs []tls.Certificate, sleep, timeout time.Duration, times int) error {
	id := syncthingprotocol.NewDeviceID(certs[0].Certificate[0])
	invs := make(chan protocol.SessionInvitation, 1)
	c, err := NewClient(uri, certs, invs, timeout)
	if err != nil {
		close(invs)
		return fmt.Errorf("creating client: %w", err)
	}
	go c.Serve()
	defer func() {
		c.Stop()
		close(invs)
	}()

	for i := 0; i < times; i++ {
		_, err = GetInvitationFromRelay(ctx, uri, id, certs, timeout)
		if err == nil {
			return nil
		}
		if !errors.As(err, &incorrectResponseCodeErr{}) {
			return fmt.Errorf("getting invitation: %w", err)
		}
		time.Sleep(sleep)
	}

	return fmt.Errorf("getting invitation: %w", err) // last of the above errors
}

func configForCerts(certs []tls.Certificate) *tls.Config {
	return &tls.Config{
		Certificates:           certs,
		NextProtos:             []string{protocol.ProtocolName},
		ClientAuth:             tls.RequestClientCert,
		SessionTicketsDisabled: true,
		InsecureSkipVerify:     true,
		MinVersion:             tls.VersionTLS12,
		CipherSuites: []uint16{
			tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
			tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
			tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
			tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
			tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
			tls.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
		},
	}
}

func remoteIPBytes(conn net.Conn) []byte {
	addr := conn.RemoteAddr().String()
	if host, _, err := net.SplitHostPort(addr); err == nil {
		addr = host
	}
	return net.ParseIP(addr)[:]
}
Progress 2015-06-28 00:52:01 +00:00			`// Copyright (C) 2015 Audrius Butkevicius and Contributors (see the CONTRIBUTORS file).`

			`package client`

			`import (`
all: Use context in lib/dialer (#6177) * all: Use context in lib/dialer * a bit slimmer * https://github.com/syncthing/syncthing/pull/5753 * bot * missed adding debug.go * errors.Cause * simultaneous dialing * anti-leak 2019-11-26 07:39:51 +00:00			`"context"`
Progress 2015-06-28 00:52:01 +00:00			`"crypto/tls"`
cmd/strelaypoolsrv: Expose check error to client, fix incorrect response code handling 2020-04-04 07:21:52 +00:00			`"errors"`
Progress 2015-06-28 00:52:01 +00:00			`"fmt"`
			`"net"`
			`"net/url"`
			`"strconv"`
			`"time"`

Add proxy support (fixes #271) 2015-10-12 18:30:14 +00:00			`"github.com/syncthing/syncthing/lib/dialer"`
Fix import paths 2015-09-22 17:38:46 +00:00			`syncthingprotocol "github.com/syncthing/syncthing/lib/protocol"`
			`"github.com/syncthing/syncthing/lib/relay/protocol"`
Progress 2015-06-28 00:52:01 +00:00			`)`

cmd/strelaypoolsrv: Expose check error to client, fix incorrect response code handling 2020-04-04 07:21:52 +00:00			`type incorrectResponseCodeErr struct {`
			`code int32`
			`msg string`
			`}`

			`func (e incorrectResponseCodeErr) Error() string {`
			`return fmt.Sprintf("incorrect response code %d: %s", e.code, e.msg)`
			`}`

all: Use context in lib/dialer (#6177) * all: Use context in lib/dialer * a bit slimmer * https://github.com/syncthing/syncthing/pull/5753 * bot * missed adding debug.go * errors.Cause * simultaneous dialing * anti-leak 2019-11-26 07:39:51 +00:00			`func GetInvitationFromRelay(ctx context.Context, uri *url.URL, id syncthingprotocol.DeviceID, certs []tls.Certificate, timeout time.Duration) (protocol.SessionInvitation, error) {`
Do scheme validation in the client 2015-06-28 19:34:28 +00:00			`if uri.Scheme != "relay" {`
all: Tweak error creation (#6391) - In the few places where we wrap errors, use the new Go 1.13 "%w" construction instead of %s or %v. - Where we create errors with constant strings, consistently use errors.New and not fmt.Errorf. - Remove capitalization from errors in the few places where we had that. 2020-03-03 21:40:00 +00:00			`return protocol.SessionInvitation{}, fmt.Errorf("unsupported relay scheme: %v", uri.Scheme)`
Do scheme validation in the client 2015-06-28 19:34:28 +00:00			`}`

all: Use context in lib/dialer (#6177) * all: Use context in lib/dialer * a bit slimmer * https://github.com/syncthing/syncthing/pull/5753 * bot * missed adding debug.go * errors.Cause * simultaneous dialing * anti-leak 2019-11-26 07:39:51 +00:00			`ctx, cancel := context.WithTimeout(ctx, timeout)`
			`defer cancel()`
			`rconn, err := dialer.DialContext(ctx, "tcp", uri.Host)`
Progress 2015-06-28 00:52:01 +00:00			`if err != nil {`
			`return protocol.SessionInvitation{}, err`
			`}`
Add proxy support (fixes #271) 2015-10-12 18:30:14 +00:00
			`conn := tls.Client(rconn, configForCerts(certs))`
all: Revert the underscore sillyness 2019-02-02 11:16:27 +00:00			`conn.SetDeadline(time.Now().Add(timeout))`
Progress 2015-06-28 00:52:01 +00:00
			`if err := performHandshakeAndValidation(conn, uri); err != nil {`
			`return protocol.SessionInvitation{}, err`
			`}`

			`defer conn.Close()`

			`request := protocol.ConnectRequest{`
			`ID: id[:],`
			`}`

			`if err := protocol.WriteMessage(conn, request); err != nil {`
			`return protocol.SessionInvitation{}, err`
			`}`

			`message, err := protocol.ReadMessage(conn)`
			`if err != nil {`
			`return protocol.SessionInvitation{}, err`
			`}`

			`switch msg := message.(type) {`
			`case protocol.Response:`
cmd/strelaypoolsrv: Expose check error to client, fix incorrect response code handling 2020-04-04 07:21:52 +00:00			`return protocol.SessionInvitation{}, incorrectResponseCodeErr{msg.Code, msg.Message}`
Progress 2015-06-28 00:52:01 +00:00			`case protocol.SessionInvitation:`
Implement facility based logger, debugging via REST API This implements a new debug/trace infrastructure based on a slightly hacked up logger. Instead of the traditional "if debug { ... }" I've rewritten the logger to have no-op Debugln and Debugf, unless debugging has been enabled for a given "facility". The "facility" is just a string, typically a package name. This will be slightly slower than before; but not that much as it's mostly a function call that returns immediately. For the cases where it matters (the Debugln takes a hex.Dump() of something for example, and it's not in a very occasional "if err != nil" branch) there is an l.ShouldDebug(facility) that is fast enough to be used like the old "if debug". The point of all this is that we can now toggle debugging for the various packages on and off at runtime. There's a new method /rest/system/debug that can be POSTed a set of facilities to enable and disable debug for, or GET from to get a list of facilities with descriptions and their current debug status. Similarly a /rest/system/log?since=... can grab the latest log entries, up to 250 of them (hardcoded constant in main.go) plus the initial few. Not implemented in this commit (but planned) is a simple debug GUI available on /debug that shows the current log in an easily pasteable format and has checkboxes to enable the various debug facilities. The debug instructions to a user then becomes "visit this URL, check these boxes, reproduce your problem, copy and paste the log". The actual log viewer on the hypothetical /debug URL can poll regularly for new log entries and this bypass the 250 line limit. The existing STTRACE=foo variable is still obeyed and just sets the start state of the system. 2015-10-03 15:25:21 +00:00			`l.Debugln("Received invitation", msg, "via", conn.LocalAddr())`
Progress 2015-06-28 00:52:01 +00:00			`ip := net.IP(msg.Address)`
			`if len(ip) == 0 \|\| ip.IsUnspecified() {`
lib/relay: Correctly get IP from remote addr via proxy (fixes #3223) Correctly handles addresses, and fixes one more panicing place. GitHub-Pull-Request: https://github.com/syncthing/syncthing/pull/3230 2016-05-31 14:42:10 +00:00			`msg.Address = remoteIPBytes(conn)`
Progress 2015-06-28 00:52:01 +00:00			`}`
			`return msg, nil`
			`default:`
			`return protocol.SessionInvitation{}, fmt.Errorf("protocol error: unexpected message %v", msg)`
			`}`
			`}`

all: Use context in lib/dialer (#6177) * all: Use context in lib/dialer * a bit slimmer * https://github.com/syncthing/syncthing/pull/5753 * bot * missed adding debug.go * errors.Cause * simultaneous dialing * anti-leak 2019-11-26 07:39:51 +00:00			`func JoinSession(ctx context.Context, invitation protocol.SessionInvitation) (net.Conn, error) {`
Progress 2015-06-28 00:52:01 +00:00			`addr := net.JoinHostPort(net.IP(invitation.Address).String(), strconv.Itoa(int(invitation.Port)))`

all: Use context in lib/dialer (#6177) * all: Use context in lib/dialer * a bit slimmer * https://github.com/syncthing/syncthing/pull/5753 * bot * missed adding debug.go * errors.Cause * simultaneous dialing * anti-leak 2019-11-26 07:39:51 +00:00			`ctx, cancel := context.WithTimeout(ctx, 10*time.Second)`
			`defer cancel()`
			`conn, err := dialer.DialContext(ctx, "tcp", addr)`
Progress 2015-06-28 00:52:01 +00:00			`if err != nil {`
			`return nil, err`
			`}`

			`request := protocol.JoinSessionRequest{`
			`Key: invitation.Key,`
			`}`

all: Revert the underscore sillyness 2019-02-02 11:16:27 +00:00			`conn.SetDeadline(time.Now().Add(10 * time.Second))`
Progress 2015-06-28 00:52:01 +00:00			`err = protocol.WriteMessage(conn, request)`
			`if err != nil {`
			`return nil, err`
			`}`

			`message, err := protocol.ReadMessage(conn)`
			`if err != nil {`
			`return nil, err`
			`}`

all: Revert the underscore sillyness 2019-02-02 11:16:27 +00:00			`conn.SetDeadline(time.Time{})`
Progress 2015-06-28 00:52:01 +00:00
			`switch msg := message.(type) {`
			`case protocol.Response:`
			`if msg.Code != 0 {`
all: Tweak error creation (#6391) - In the few places where we wrap errors, use the new Go 1.13 "%w" construction instead of %s or %v. - Where we create errors with constant strings, consistently use errors.New and not fmt.Errorf. - Remove capitalization from errors in the few places where we had that. 2020-03-03 21:40:00 +00:00			`return nil, fmt.Errorf("incorrect response code %d: %s", msg.Code, msg.Message)`
Progress 2015-06-28 00:52:01 +00:00			`}`
			`return conn, nil`
			`default:`
			`return nil, fmt.Errorf("protocol error: expecting response got %v", msg)`
			`}`
			`}`

cmd/strelaypoolsrv: Expose check error to client, fix incorrect response code handling 2020-04-04 07:21:52 +00:00			`func TestRelay(ctx context.Context, uri *url.URL, certs []tls.Certificate, sleep, timeout time.Duration, times int) error {`
Add a test method, fix nil pointer panic 2015-09-06 17:35:38 +00:00			`id := syncthingprotocol.NewDeviceID(certs[0].Certificate[0])`
Receive the invite, otherwise stop blocks, add extra arguments 2015-09-06 19:25:53 +00:00			`invs := make(chan protocol.SessionInvitation, 1)`
Add timeouts to relay methods 2015-11-23 21:14:46 +00:00			`c, err := NewClient(uri, certs, invs, timeout)`
Add separate client for dynamic relays (fixes #2368) Did some manual tests in the playground, such as kicking off two clients in parallel, first connecting, second one getting a message about already being connected, falling back to the second address. 2015-10-16 22:59:24 +00:00			`if err != nil {`
			`close(invs)`
cmd/strelaypoolsrv: Expose check error to client, fix incorrect response code handling 2020-04-04 07:21:52 +00:00			`return fmt.Errorf("creating client: %w", err)`
Add separate client for dynamic relays (fixes #2368) Did some manual tests in the playground, such as kicking off two clients in parallel, first connecting, second one getting a message about already being connected, falling back to the second address. 2015-10-16 22:59:24 +00:00			`}`
Add a test method, fix nil pointer panic 2015-09-06 17:35:38 +00:00			`go c.Serve()`
Receive the invite, otherwise stop blocks, add extra arguments 2015-09-06 19:25:53 +00:00			`defer func() {`
			`c.Stop()`
Close channel after the client is stopped 2015-10-22 22:09:02 +00:00			`close(invs)`
Receive the invite, otherwise stop blocks, add extra arguments 2015-09-06 19:25:53 +00:00			`}()`
Add a test method, fix nil pointer panic 2015-09-06 17:35:38 +00:00
Receive the invite, otherwise stop blocks, add extra arguments 2015-09-06 19:25:53 +00:00			`for i := 0; i < times; i++ {`
cmd/strelaypoolsrv: Expose check error to client, fix incorrect response code handling 2020-04-04 07:21:52 +00:00			`_, err = GetInvitationFromRelay(ctx, uri, id, certs, timeout)`
Add a test method, fix nil pointer panic 2015-09-06 17:35:38 +00:00			`if err == nil {`
cmd/strelaypoolsrv: Expose check error to client, fix incorrect response code handling 2020-04-04 07:21:52 +00:00			`return nil`
Add a test method, fix nil pointer panic 2015-09-06 17:35:38 +00:00			`}`
cmd/strelaypoolsrv: Expose check error to client, fix incorrect response code handling 2020-04-04 07:21:52 +00:00			`if !errors.As(err, &incorrectResponseCodeErr{}) {`
			`return fmt.Errorf("getting invitation: %w", err)`
Add a test method, fix nil pointer panic 2015-09-06 17:35:38 +00:00			`}`
Receive the invite, otherwise stop blocks, add extra arguments 2015-09-06 19:25:53 +00:00			`time.Sleep(sleep)`
Add a test method, fix nil pointer panic 2015-09-06 17:35:38 +00:00			`}`
cmd/strelaypoolsrv: Expose check error to client, fix incorrect response code handling 2020-04-04 07:21:52 +00:00
			`return fmt.Errorf("getting invitation: %w", err) // last of the above errors`
Add a test method, fix nil pointer panic 2015-09-06 17:35:38 +00:00			`}`

Progress 2015-06-28 00:52:01 +00:00			`func configForCerts(certs []tls.Certificate) *tls.Config {`
			`return &tls.Config{`
			`Certificates: certs,`
			`NextProtos: []string{protocol.ProtocolName},`
			`ClientAuth: tls.RequestClientCert,`
			`SessionTicketsDisabled: true,`
			`InsecureSkipVerify: true,`
			`MinVersion: tls.VersionTLS12,`
			`CipherSuites: []uint16{`
			`tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,`
			`tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,`
			`tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,`
			`tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,`
			`tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,`
			`tls.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,`
			`},`
			`}`
			`}`
lib/relay: Correctly get IP from remote addr via proxy (fixes #3223) Correctly handles addresses, and fixes one more panicing place. GitHub-Pull-Request: https://github.com/syncthing/syncthing/pull/3230 2016-05-31 14:42:10 +00:00
			`func remoteIPBytes(conn net.Conn) []byte {`
			`addr := conn.RemoteAddr().String()`
			`if host, _, err := net.SplitHostPort(addr); err == nil {`
			`addr = host`
			`}`
			`return net.ParseIP(addr)[:]`
			`}`