X-Git-Url: https://www.tinc-vpn.org/git/browse?a=blobdiff_plain;f=src%2Fprotocol_auth.c;h=a270ffcdbd3f7b1ffa3f421e8bd09140fec8e472;hb=f8190b7233871b5b47c3fc8846731d1bbdef78a5;hp=9d61ab8fc7826b8d431f95cae3291f9bbf64436e;hpb=46f3eba7755089ff68fdc137b0754cae2fa523eb;p=tinc diff --git a/src/protocol_auth.c b/src/protocol_auth.c index 9d61ab8f..a270ffcd 100644 --- a/src/protocol_auth.c +++ b/src/protocol_auth.c @@ -176,6 +176,8 @@ bool send_id(connection_t *c) { } static bool finalize_invitation(connection_t *c, const char *data, uint16_t len) { + (void)len; + if(strchr(data, '\n')) { logger(DEBUG_ALWAYS, LOG_ERR, "Received invalid key from invited node %s (%s)!\n", c->name, c->hostname); return false; @@ -282,13 +284,16 @@ static bool receive_invitation_sptps(void *handle, uint8_t type, const void *dat } // Read the new node's Name from the file - char buf[1024]; + char buf[1024] = ""; fgets(buf, sizeof(buf), f); + size_t buflen = strlen(buf); - if(*buf) { - buf[strlen(buf) - 1] = 0; + // Strip whitespace at the end + while(buflen && strchr(" \t\r\n", buf[buflen - 1])) { + buf[--buflen] = 0; } + // Split the first line into variable and value len = strcspn(buf, " \t="); char *name = buf + len; name += strspn(name, " \t"); @@ -300,6 +305,7 @@ static bool receive_invitation_sptps(void *handle, uint8_t type, const void *dat buf[len] = 0; + // Check that it is a valid Name if(!*buf || !*name || strcasecmp(buf, "Name") || !check_id(name) || !strcmp(name, myself->name)) { logger(DEBUG_ALWAYS, LOG_ERR, "Invalid invitation file %s\n", cookie); fclose(f); @@ -405,10 +411,7 @@ bool id_h(connection_t *c, const char *request) { return false; } } else { - if(c->name) { - free(c->name); - } - + free(c->name); c->name = xstrdup(name); } @@ -487,11 +490,8 @@ bool id_h(connection_t *c, const char *request) { } } +#ifndef DISABLE_LEGACY bool send_metakey(connection_t *c) { -#ifdef DISABLE_LEGACY - return false; -#else - if(!myself->connection->rsa) { logger(DEBUG_CONNECTIONS, LOG_ERR, "Peer %s (%s) uses legacy protocol which we don't support", c->name, c->hostname); return false; @@ -581,14 +581,9 @@ bool send_metakey(connection_t *c) { c->status.encryptout = true; return result; -#endif } bool metakey_h(connection_t *c, const char *request) { -#ifdef DISABLE_LEGACY - return false; -#else - if(!myself->connection->rsa) { return false; } @@ -606,7 +601,7 @@ bool metakey_h(connection_t *c, const char *request) { /* Convert the challenge from hexadecimal back to binary */ - int inlen = hex2bin(hexkey, enckey, sizeof(enckey)); + size_t inlen = hex2bin(hexkey, enckey, sizeof(enckey)); /* Check if the length of the meta key is all right */ @@ -656,13 +651,9 @@ bool metakey_h(connection_t *c, const char *request) { c->allow_request = CHALLENGE; return send_challenge(c); -#endif } bool send_challenge(connection_t *c) { -#ifdef DISABLE_LEGACY - return false; -#else const size_t len = rsa_size(c->rsa); char buffer[len * 2 + 1]; @@ -679,14 +670,9 @@ bool send_challenge(connection_t *c) { /* Send the challenge */ return send_request(c, "%d %s", CHALLENGE, buffer); -#endif } bool challenge_h(connection_t *c, const char *request) { -#ifdef DISABLE_LEGACY - return false; -#else - if(!myself->connection->rsa) { return false; } @@ -721,8 +707,6 @@ bool challenge_h(connection_t *c, const char *request) { } else { return true; } - -#endif } bool send_chal_reply(connection_t *c) { @@ -749,9 +733,6 @@ bool send_chal_reply(connection_t *c) { } bool chal_reply_h(connection_t *c, const char *request) { -#ifdef DISABLE_LEGACY - return false; -#else char hishash[MAX_STRING_SIZE]; if(sscanf(request, "%*d " MAX_STRING, hishash) != 1) { @@ -762,7 +743,7 @@ bool chal_reply_h(connection_t *c, const char *request) { /* Convert the hash to binary format */ - int inlen = hex2bin(hishash, hishash, sizeof(hishash)); + size_t inlen = hex2bin(hishash, hishash, sizeof(hishash)); /* Check if the length of the hash is all right */ @@ -792,13 +773,9 @@ bool chal_reply_h(connection_t *c, const char *request) { } return send_ack(c); -#endif } static bool send_upgrade(connection_t *c) { -#ifdef DISABLE_LEGACY - return false; -#else /* Special case when protocol_minor is 1: the other end is Ed25519 capable, * but doesn't know our key yet. So send it now. */ @@ -811,8 +788,46 @@ static bool send_upgrade(connection_t *c) { bool result = send_request(c, "%d %s", ACK, pubkey); free(pubkey); return result; -#endif } +#else +bool send_metakey(connection_t *c) { + (void)c; + return false; +} + +bool metakey_h(connection_t *c, const char *request) { + (void)c; + (void)request; + return false; +} + +bool send_challenge(connection_t *c) { + (void)c; + return false; +} + +bool challenge_h(connection_t *c, const char *request) { + (void)c; + (void)request; + return false; +} + +bool send_chal_reply(connection_t *c) { + (void)c; + return false; +} + +bool chal_reply_h(connection_t *c, const char *request) { + (void)c; + (void)request; + return false; +} + +static bool send_upgrade(connection_t *c) { + (void)c; + return false; +} +#endif bool send_ack(connection_t *c) { if(c->protocol_minor == 1) {