X-Git-Url: https://www.tinc-vpn.org/git/browse?a=blobdiff_plain;f=src%2Fmeta.c;h=4282a4e6bd7a63d25b42b3cade4cb1d2eb37b433;hb=refs%2Fheads%2F1.1;hp=73769d9a21438aef8e50be6fa53aa5ca54d40b02;hpb=266afc6c63d3d02584feb24b69063f97057daac8;p=tinc

diff --git a/src/meta.c b/src/meta.c
index 73769d9a..e3f29998 100644
--- a/src/meta.c
+++ b/src/meta.c
@@ -1,6 +1,6 @@
 /*
     meta.c -- handle the meta communication
-    Copyright (C) 2000-2014 Guus Sliepen <guus@tinc-vpn.org>,
+    Copyright (C) 2000-2018 Guus Sliepen <guus@tinc-vpn.org>,
                   2000-2005 Ivo Timmermans
                   2006      Scott Lamb <slamb@slamb.org>
 
@@ -21,6 +21,8 @@
 
 #include "system.h"
 
+#include <assert.h>
+
 #include "cipher.h"
 #include "connection.h"
 #include "logger.h"
@@ -28,9 +30,16 @@
 #include "net.h"
 #include "protocol.h"
 #include "utils.h"
-#include "xalloc.h"
+#include "proxy.h"
+
+#ifndef MIN
+static ssize_t MIN(ssize_t x, ssize_t y) {
+	return x < y ? x : y;
+}
+#endif
 
 bool send_meta_sptps(void *handle, uint8_t type, const void *buffer, size_t length) {
+	(void)type;
 	connection_t *c = handle;
 
 	if(!c) {
@@ -44,27 +53,40 @@ bool send_meta_sptps(void *handle, uint8_t type, const void *buffer, size_t leng
 	return true;
 }
 
-bool send_meta(connection_t *c, const char *buffer, int length) {
+bool send_meta(connection_t *c, const void *buffer, size_t length) {
 	if(!c) {
 		logger(DEBUG_ALWAYS, LOG_ERR, "send_meta() called with NULL pointer!");
 		abort();
 	}
 
-	logger(DEBUG_META, LOG_DEBUG, "Sending %d bytes of metadata to %s (%s)", length,
-			   c->name, c->hostname);
+	logger(DEBUG_META, LOG_DEBUG, "Sending %lu bytes of metadata to %s (%s)",
+	       (unsigned long)length, c->name, c->hostname);
 
-	if(c->protocol_minor >= 2)
+	if(c->protocol_minor >= 2) {
 		return sptps_send_record(&c->sptps, 0, buffer, length);
+	}
 
 	/* Add our data to buffer */
 	if(c->status.encryptout) {
+#ifdef DISABLE_LEGACY
+		return false;
+#else
+		assert(c->legacy);
+
+		if(!decrease_budget(&c->legacy->out, length)) {
+			logger(DEBUG_META, LOG_ERR, "Byte limit exceeded for encryption to %s (%s)", c->name, c->hostname);
+			return false;
+		}
+
 		size_t outlen = length;
 
-		if(!cipher_encrypt(c->outcipher, buffer, length, buffer_prepare(&c->outbuf, length), &outlen, false) || outlen != length) {
+		if(!cipher_encrypt(&c->legacy->out.cipher, buffer, length, buffer_prepare(&c->outbuf, length), &outlen, false) || outlen != length) {
 			logger(DEBUG_ALWAYS, LOG_ERR, "Error while encrypting metadata to %s (%s)",
-					c->name, c->hostname);
+			       c->name, c->hostname);
 			return false;
 		}
+
+#endif
 	} else {
 		buffer_add(&c->outbuf, buffer, length);
 	}
@@ -74,10 +96,25 @@ bool send_meta(connection_t *c, const char *buffer, int length) {
 	return true;
 }
 
-void broadcast_meta(connection_t *from, const char *buffer, int length) {
-	for list_each(connection_t, c, connection_list)
-		if(c != from && c->edge)
+void send_meta_raw(connection_t *c, const void *buffer, size_t length) {
+	if(!c) {
+		logger(DEBUG_ALWAYS, LOG_ERR, "send_meta() called with NULL pointer!");
+		abort();
+	}
+
+	logger(DEBUG_META, LOG_DEBUG, "Sending %lu bytes of raw metadata to %s (%s)",
+	       (unsigned long)length, c->name, c->hostname);
+
+	buffer_add(&c->outbuf, buffer, length);
+
+	io_set(&c->io, IO_READ | IO_WRITE);
+}
+
+void broadcast_meta(connection_t *from, const char *buffer, size_t length) {
+	for list_each(connection_t, c, &connection_list)
+		if(c != from && c->edge) {
 			send_meta(c, buffer, length);
+		}
 }
 
 bool receive_meta_sptps(void *handle, uint8_t type, const void *vdata, uint16_t length) {
@@ -90,20 +127,24 @@ bool receive_meta_sptps(void *handle, uint8_t type, const void *vdata, uint16_t
 	}
 
 	if(type == SPTPS_HANDSHAKE) {
-		if(c->allow_request == ACK)
+		if(c->allow_request == ACK) {
 			return send_ack(c);
-		else
+		} else {
 			return true;
+		}
 	}
 
-	if(!data)
+	if(!data) {
 		return true;
+	}
 
 	/* Are we receiving a TCPpacket? */
 
 	if(c->tcplen) {
-		if(length != c->tcplen)
+		if(length != c->tcplen) {
 			return false;
+		}
+
 		receive_tcppacket(c, data, length);
 		c->tcplen = 0;
 		return true;
@@ -111,8 +152,9 @@ bool receive_meta_sptps(void *handle, uint8_t type, const void *vdata, uint16_t
 
 	/* Change newline to null byte, just like non-SPTPS requests */
 
-	if(data[length - 1] == '\n')
+	if(data[length - 1] == '\n') {
 		((char *)data)[length - 1] = 0;
+	}
 
 	/* Otherwise we are waiting for a request */
 
@@ -120,7 +162,7 @@ bool receive_meta_sptps(void *handle, uint8_t type, const void *vdata, uint16_t
 }
 
 bool receive_meta(connection_t *c) {
-	int inlen;
+	ssize_t inlen;
 	char inbuf[MAXBUFSIZE];
 	char *bufp = inbuf, *endp;
 
@@ -135,50 +177,96 @@ bool receive_meta(connection_t *c) {
 
 	buffer_compact(&c->inbuf, MAXBUFSIZE);
 
-	if(sizeof inbuf <= c->inbuf.len) {
+	if(sizeof(inbuf) <= c->inbuf.len) {
 		logger(DEBUG_ALWAYS, LOG_ERR, "Input buffer full for %s (%s)", c->name, c->hostname);
 		return false;
 	}
 
-	inlen = recv(c->socket, inbuf, sizeof inbuf - c->inbuf.len, 0);
+	inlen = recv(c->socket, inbuf, sizeof(inbuf) - c->inbuf.len, 0);
 
 	if(inlen <= 0) {
 		if(!inlen || !sockerrno) {
 			logger(DEBUG_CONNECTIONS, LOG_NOTICE, "Connection closed by %s (%s)",
-					   c->name, c->hostname);
-		} else if(sockwouldblock(sockerrno))
+			       c->name, c->hostname);
+		} else if(sockwouldblock(sockerrno)) {
 			return true;
-		else
+		} else
 			logger(DEBUG_ALWAYS, LOG_ERR, "Metadata socket read error for %s (%s): %s",
-				   c->name, c->hostname, sockstrerror(sockerrno));
+			       c->name, c->hostname, sockstrerror(sockerrno));
+
 		return false;
 	}
 
 	do {
-		if(c->protocol_minor >= 2)
-			return sptps_receive_data(&c->sptps, bufp, inlen);
+		/* Are we receiving a SPTPS packet? */
+
+		if(c->sptpslen) {
+			ssize_t len = MIN(inlen, c->sptpslen - c->inbuf.len);
+			buffer_add(&c->inbuf, bufp, len);
+
+			char *sptpspacket = buffer_read(&c->inbuf, c->sptpslen);
+
+			if(!sptpspacket) {
+				return true;
+			}
+
+			if(!receive_tcppacket_sptps(c, sptpspacket, c->sptpslen)) {
+				return false;
+			}
+
+			c->sptpslen = 0;
+
+			bufp += len;
+			inlen -= len;
+			continue;
+		}
+
+		if(c->protocol_minor >= 2) {
+			size_t len = sptps_receive_data(&c->sptps, bufp, inlen);
+
+			if(!len) {
+				return false;
+			}
+
+			bufp += len;
+			inlen -= (ssize_t)len;
+			continue;
+		}
 
 		if(!c->status.decryptin) {
 			endp = memchr(bufp, '\n', inlen);
-			if(endp)
+
+			if(endp) {
 				endp++;
-			else
+			} else {
 				endp = bufp + inlen;
+			}
 
 			buffer_add(&c->inbuf, bufp, endp - bufp);
 
 			inlen -= endp - bufp;
 			bufp = endp;
 		} else {
+#ifdef DISABLE_LEGACY
+			return false;
+#else
+			assert(c->legacy);
+
+			if(!decrease_budget(&c->legacy->in, (size_t) inlen)) {
+				logger(DEBUG_META, LOG_ERR, "Byte limit exceeded for decryption from %s (%s)", c->name, c->hostname);
+				return false;
+			}
+
 			size_t outlen = inlen;
 
-			if(!cipher_decrypt(c->incipher, bufp, inlen, buffer_prepare(&c->inbuf, inlen), &outlen, false) || inlen != outlen) {
+			if(!cipher_decrypt(&c->legacy->in.cipher, bufp, inlen, buffer_prepare(&c->inbuf, inlen), &outlen, false) || (size_t)inlen != outlen) {
 				logger(DEBUG_ALWAYS, LOG_ERR, "Error while decrypting metadata from %s (%s)",
-					   c->name, c->hostname);
+				       c->name, c->hostname);
 				return false;
 			}
 
 			inlen = 0;
+#endif
 		}
 
 		while(c->inbuf.len) {
@@ -186,34 +274,14 @@ bool receive_meta(connection_t *c) {
 
 			if(c->tcplen) {
 				char *tcpbuffer = buffer_read(&c->inbuf, c->tcplen);
-				if(!tcpbuffer)
+
+				if(!tcpbuffer) {
 					break;
+				}
 
 				if(!c->node) {
-					if(c->outgoing && proxytype == PROXY_SOCKS4 && c->allow_request == ID) {
-						if(tcpbuffer[0] == 0 && tcpbuffer[1] == 0x5a) {
-							logger(DEBUG_CONNECTIONS, LOG_DEBUG, "Proxy request granted");
-						} else {
-							logger(DEBUG_CONNECTIONS, LOG_ERR, "Proxy request rejected");
-							return false;
-						}
-					} else if(c->outgoing && proxytype == PROXY_SOCKS5 && c->allow_request == ID) {
-						if(tcpbuffer[0] != 5) {
-							logger(DEBUG_CONNECTIONS, LOG_ERR, "Invalid response from proxy server");
-							return false;
-						}
-						if(tcpbuffer[1] == (char)0xff) {
-							logger(DEBUG_CONNECTIONS, LOG_ERR, "Proxy request rejected: unsuitable authentication method");
-							return false;
-						}
-						if(tcpbuffer[2] != 5) {
-							logger(DEBUG_CONNECTIONS, LOG_ERR, "Invalid response from proxy server");
-							return false;
-						}
-						if(tcpbuffer[3] == 0) {
-							logger(DEBUG_CONNECTIONS, LOG_DEBUG, "Proxy request granted");
-						} else {
-							logger(DEBUG_CONNECTIONS, LOG_DEBUG, "Proxy request rejected");
+					if(c->outgoing && c->allow_request == ID && (proxytype == PROXY_SOCKS4 || proxytype == PROXY_SOCKS5)) {
+						if(!check_socks_resp(proxytype, tcpbuffer, c->tcplen)) {
 							return false;
 						}
 					} else {
@@ -235,10 +303,14 @@ bool receive_meta(connection_t *c) {
 			/* Otherwise we are waiting for a request */
 
 			char *request = buffer_readline(&c->inbuf);
+
 			if(request) {
 				bool result = receive_request(c, request);
-				if(!result)
+
+				if(!result) {
 					return false;
+				}
+
 				continue;
 			} else {
 				break;