diff options
| author | pacien | 2020-12-08 16:16:08 +0100 |
|---|---|---|
| committer | pacien | 2020-12-08 16:16:08 +0100 |
| commit | 20ecd9840f1e237dba79674b71e49b43b074902e (patch) | |
| tree | 4594947f1faf96e9851d95c9cfc7bfad0c9ff923 /app/src/main/java/org/pacien/tincapp/service/ConfigurationFtpService.kt | |
| parent | b1f98caca2f6960f7abb3ef7f7c27b903e1ef929 (diff) | |
| download | tincapp-20ecd9840f1e237dba79674b71e49b43b074902e.tar.gz | |
app: add configuration FTP server
This is a ridiculous workaround to make the configuration (and other files) accessible to the user
necessary after the new storage access restriction enforced in Android 11 which prevent other
applications from accessing the supposedly public application's directory.
The app's internal private storage directory is now exposed to the user through an embedded FTP
server that the user can turn on and off from the configuration activity. The user can then play
with the configuration and retrieve logs through a remote or local FTP client application of their
choice.
GitHub: closes #103
Diffstat (limited to 'app/src/main/java/org/pacien/tincapp/service/ConfigurationFtpService.kt')
| -rw-r--r-- | app/src/main/java/org/pacien/tincapp/service/ConfigurationFtpService.kt | 128 |
1 files changed, 128 insertions, 0 deletions
diff --git a/app/src/main/java/org/pacien/tincapp/service/ConfigurationFtpService.kt b/app/src/main/java/org/pacien/tincapp/service/ConfigurationFtpService.kt new file mode 100644 index 0000000..c562768 --- /dev/null +++ b/app/src/main/java/org/pacien/tincapp/service/ConfigurationFtpService.kt | |||
| @@ -0,0 +1,128 @@ | |||
| 1 | /* | ||
| 2 | * Tinc App, an Android binding and user interface for the tinc mesh VPN daemon | ||
| 3 | * Copyright (C) 2017-2020 Pacien TRAN-GIRARD | ||
| 4 | * | ||
| 5 | * This program is free software: you can redistribute it and/or modify | ||
| 6 | * it under the terms of the GNU General Public License as published by | ||
| 7 | * the Free Software Foundation, either version 3 of the License, or | ||
| 8 | * (at your option) any later version. | ||
| 9 | * | ||
| 10 | * This program is distributed in the hope that it will be useful, | ||
| 11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | ||
| 12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | ||
| 13 | * GNU General Public License for more details. | ||
| 14 | * | ||
| 15 | * You should have received a copy of the GNU General Public License | ||
| 16 | * along with this program. If not, see <https://www.gnu.org/licenses/>. | ||
| 17 | */ | ||
| 18 | |||
| 19 | package org.pacien.tincapp.service | ||
| 20 | |||
| 21 | import android.app.Service | ||
| 22 | import android.content.Intent | ||
| 23 | import android.os.IBinder | ||
| 24 | import androidx.databinding.ObservableBoolean | ||
| 25 | import org.apache.ftpserver.FtpServer | ||
| 26 | import org.apache.ftpserver.FtpServerFactory | ||
| 27 | import org.apache.ftpserver.ftplet.* | ||
| 28 | import org.apache.ftpserver.listener.ListenerFactory | ||
| 29 | import org.apache.ftpserver.usermanager.UsernamePasswordAuthentication | ||
| 30 | import org.apache.ftpserver.usermanager.impl.WritePermission | ||
| 31 | import org.pacien.tincapp.R | ||
| 32 | import org.pacien.tincapp.context.App | ||
| 33 | import org.pacien.tincapp.extensions.Java.defaultMessage | ||
| 34 | import org.slf4j.LoggerFactory | ||
| 35 | import java.io.IOException | ||
| 36 | |||
| 37 | /** | ||
| 38 | * FTP server service allowing a remote and local user to access and modify configuration files in | ||
| 39 | * the application's context. | ||
| 40 | * | ||
| 41 | * @author pacien | ||
| 42 | */ | ||
| 43 | class ConfigurationFtpService : Service() { | ||
| 44 | companion object { | ||
| 45 | const val FTP_PORT = 65521 // tinc port `concat` FTP port | ||
| 46 | const val FTP_USERNAME = "tincapp" | ||
| 47 | val FTP_HOME_DIR = App.getContext().applicationInfo.dataDir!! | ||
| 48 | val FTP_PASSWORD = generateRandomString(8) | ||
| 49 | |||
| 50 | val runningState = ObservableBoolean(false) | ||
| 51 | |||
| 52 | private fun generateRandomString(length: Int): String { | ||
| 53 | val alphabet = ('a'..'z') + ('A'..'Z') + ('0'..'9') | ||
| 54 | return List(length) { alphabet.random() }.joinToString("") | ||
| 55 | } | ||
| 56 | } | ||
| 57 | |||
| 58 | private val log by lazy { LoggerFactory.getLogger(this.javaClass)!! } | ||
| 59 | private var sftpServer: FtpServer? = null | ||
| 60 | |||
| 61 | override fun onBind(intent: Intent): IBinder? = null // non-bindable service | ||
| 62 | |||
| 63 | override fun onDestroy() { | ||
| 64 | sftpServer?.stop() | ||
| 65 | sftpServer = null | ||
| 66 | runningState.set(false) | ||
| 67 | log.info("Stopped FTP server") | ||
| 68 | super.onDestroy() | ||
| 69 | } | ||
| 70 | |||
| 71 | override fun onStartCommand(intent: Intent, flags: Int, startId: Int): Int { | ||
| 72 | val ftpUser = StaticFtpUser(FTP_USERNAME, FTP_PASSWORD, FTP_HOME_DIR, listOf(WritePermission())) | ||
| 73 | sftpServer = setupSingleUserServer(ftpUser).also { | ||
| 74 | try { | ||
| 75 | it.start() | ||
| 76 | runningState.set(true) | ||
| 77 | log.info("Started FTP server on port {}", FTP_PORT) | ||
| 78 | } catch (e: IOException) { | ||
| 79 | log.error("Could not start FTP server", e) | ||
| 80 | App.alert(R.string.notification_error_title_unable_to_start_ftp_server, e.defaultMessage()) | ||
| 81 | } | ||
| 82 | } | ||
| 83 | |||
| 84 | return START_NOT_STICKY | ||
| 85 | } | ||
| 86 | |||
| 87 | private fun setupSingleUserServer(ftpUser: User): FtpServer { | ||
| 88 | return FtpServerFactory() | ||
| 89 | .apply { addListener("default", ListenerFactory().apply { port = FTP_PORT }.createListener()) } | ||
| 90 | .apply { userManager = StaticFtpUserManager(listOf(ftpUser)) } | ||
| 91 | .createServer() | ||
| 92 | } | ||
| 93 | |||
| 94 | private class StaticFtpUserManager(users: List<User>) : UserManager { | ||
| 95 | private val userMap: Map<String, User> = users.map { it.name to it }.toMap() | ||
| 96 | override fun getUserByName(username: String?): User? = userMap[username] | ||
| 97 | override fun getAllUserNames(): Array<String> = userMap.keys.toTypedArray() | ||
| 98 | override fun doesExist(username: String?): Boolean = username in userMap | ||
| 99 | override fun delete(username: String?) = throw UnsupportedOperationException() | ||
| 100 | override fun save(user: User?) = throw UnsupportedOperationException() | ||
| 101 | override fun getAdminName(): String = throw UnsupportedOperationException() | ||
| 102 | override fun isAdmin(username: String?): Boolean = throw UnsupportedOperationException() | ||
| 103 | override fun authenticate(authentication: Authentication?): User = when (authentication) { | ||
| 104 | is UsernamePasswordAuthentication -> getUserByName(authentication.username).let { | ||
| 105 | if (it != null && authentication.password == it.password) it | ||
| 106 | else throw AuthenticationFailedException() | ||
| 107 | } | ||
| 108 | else -> throw IllegalArgumentException() | ||
| 109 | } | ||
| 110 | } | ||
| 111 | |||
| 112 | private data class StaticFtpUser( | ||
| 113 | private val name: String, | ||
| 114 | private val password: String, | ||
| 115 | private val homeDirectory: String, | ||
| 116 | private val authorities: List<Authority> | ||
| 117 | ) : User { | ||
| 118 | override fun getName(): String = name | ||
| 119 | override fun getPassword(): String = password | ||
| 120 | override fun getAuthorities(): List<Authority> = authorities | ||
| 121 | override fun getAuthorities(clazz: Class<out Authority>): List<Authority> = authorities.filter(clazz::isInstance) | ||
| 122 | override fun getMaxIdleTime(): Int = 0 // unlimited | ||
| 123 | override fun getEnabled(): Boolean = true | ||
| 124 | override fun getHomeDirectory(): String = homeDirectory | ||
| 125 | override fun authorize(request: AuthorizationRequest?): AuthorizationRequest? = | ||
| 126 | authorities.filter { it.canAuthorize(request) }.fold(request) { req, auth -> auth.authorize(req) } | ||
| 127 | } | ||
| 128 | } | ||