X-Git-Url: https://www.tinc-vpn.org/git/browse?a=blobdiff_plain;f=src%2Fprotocol_auth.c;h=6059096191101936a668274d0a92a39eabaf543f;hb=a22041922f160667573e9a5ae3f4195e1668906a;hp=cb3d8e580474cb12b9a9cac55e19ea42c164532d;hpb=7ea85043ac1fb2096baea44f6b0af27ac0d0b2cf;p=tinc diff --git a/src/protocol_auth.c b/src/protocol_auth.c index cb3d8e58..60590961 100644 --- a/src/protocol_auth.c +++ b/src/protocol_auth.c @@ -1,7 +1,7 @@ /* protocol_auth.c -- handle the meta-protocol, authentication Copyright (C) 1999-2005 Ivo Timmermans, - 2000-2009 Guus Sliepen + 2000-2010 Guus Sliepen This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -23,6 +23,8 @@ #include "splay_tree.h" #include "conf.h" #include "connection.h" +#include "control.h" +#include "control_common.h" #include "crypto.h" #include "edge.h" #include "graph.h" @@ -51,6 +53,15 @@ bool id_h(connection_t *c, char *request) { return false; } + /* Check if this is a control connection */ + + if(name[0] == '^' && !strcmp(name + 1, controlcookie)) { + c->status.control = true; + c->allow_request = CONTROL; + c->last_ping_time = time(NULL) + 3600; + return send_request(c, "%d %d %d", ACK, TINC_CTL_VERSION_CURRENT, getpid()); + } + /* Check if identity is a valid name */ if(!check_id(name)) { @@ -250,7 +261,7 @@ bool send_challenge(connection_t *c) { bool challenge_h(connection_t *c, char *request) { char buffer[MAX_STRING_SIZE]; size_t len = rsa_size(&myself->connection->rsa); - size_t digestlen = digest_length(&c->outdigest); + size_t digestlen = digest_length(&c->indigest); char digest[digestlen]; if(sscanf(request, "%*d " MAX_STRING, buffer) != 1) { @@ -297,7 +308,7 @@ bool chal_reply_h(connection_t *c, char *request) { /* Check if the length of the hash is all right */ if(strlen(hishash) != digest_length(&c->outdigest) * 2) { - logger(LOG_ERR, "Possible intruder %s (%s): %s", c->name, c->hostname, _("wrong challenge reply length")); + logger(LOG_ERR, "Possible intruder %s (%s): %s", c->name, c->hostname, "wrong challenge reply length"); return false; } @@ -308,7 +319,7 @@ bool chal_reply_h(connection_t *c, char *request) { /* Verify the hash */ if(!digest_verify(&c->outdigest, c->hischallenge, rsa_size(&c->rsa), hishash)) { - logger(LOG_ERR, "Possible intruder %s (%s): %s", c->name, c->hostname, _("wrong challenge reply")); + logger(LOG_ERR, "Possible intruder %s (%s): %s", c->name, c->hostname, "wrong challenge reply"); return false; } @@ -346,9 +357,14 @@ bool send_ack(connection_t *c) { if(myself->options & OPTION_PMTU_DISCOVERY) c->options |= OPTION_PMTU_DISCOVERY; + choice = myself->options & OPTION_CLAMP_MSS; + get_config_bool(lookup_config(c->config_tree, "ClampMSS"), &choice); + if(choice) + c->options |= OPTION_CLAMP_MSS; + get_config_int(lookup_config(c->config_tree, "Weight"), &c->estimated_weight); - return send_request(c, "%d %s %d %lx", ACK, myport, c->estimated_weight, c->options); + return send_request(c, "%d %s %d %x", ACK, myport, c->estimated_weight, c->options); } static void send_everything(connection_t *c) { @@ -385,12 +401,13 @@ static void send_everything(connection_t *c) { bool ack_h(connection_t *c, char *request) { char hisport[MAX_STRING_SIZE]; - char *hisaddress, *dummy; + char *hisaddress; int weight, mtu; - long int options; + uint32_t options; node_t *n; + bool choice; - if(sscanf(request, "%*d " MAX_STRING " %d %lx", hisport, &weight, &options) != 3) { + if(sscanf(request, "%*d " MAX_STRING " %d %x", hisport, &weight, &options) != 3) { logger(LOG_ERR, "Got bad %s from %s (%s)", "ACK", c->name, c->hostname); return false; @@ -435,9 +452,16 @@ bool ack_h(connection_t *c, char *request) { if(get_config_int(lookup_config(c->config_tree, "PMTU"), &mtu) && mtu < n->mtu) n->mtu = mtu; - if(get_config_int(lookup_config(myself->connection->config_tree, "PMTU"), &mtu) && mtu < n->mtu) + if(get_config_int(lookup_config(config_tree, "PMTU"), &mtu) && mtu < n->mtu) n->mtu = mtu; + if(get_config_bool(lookup_config(c->config_tree, "ClampMSS"), &choice)) { + if(choice) + c->options |= OPTION_CLAMP_MSS; + else + c->options &= ~OPTION_CLAMP_MSS; + } + /* Activate this connection */ c->allow_request = ALL; @@ -455,10 +479,9 @@ bool ack_h(connection_t *c, char *request) { c->edge = new_edge(); c->edge->from = myself; c->edge->to = n; - sockaddr2str(&c->address, &hisaddress, &dummy); + sockaddr2str(&c->address, &hisaddress, NULL); c->edge->address = str2sockaddr(hisaddress, hisport); free(hisaddress); - free(dummy); c->edge->weight = (weight + c->estimated_weight) / 2; c->edge->connection = c; c->edge->options = c->options;