- Removed old encr stuff

[tinc] / src / protocol.c

diff --git a/src/protocol.c b/src/protocol.c
index 1bb3734..50889b9 100644 (file)
--- a/src/protocol.c
+++ b/src/protocol.c
@@ -17,7 +17,7 @@
     along with this program; if not, write to the Free Software
     Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
 
-    $Id: protocol.c,v 1.28.4.48 2000/10/29 00:24:31 guus Exp $
+    $Id: protocol.c,v 1.28.4.50 2000/10/29 09:19:25 guus Exp $
 */
 
 #include "config.h"
@@ -40,7 +40,6 @@
 #include <openssl/rand.h>
 
 #include "conf.h"
-#include "encr.h"
 #include "net.h"
 #include "netutl.h"
 #include "protocol.h"
@@ -111,6 +110,12 @@ cp
                   request_name[request], cl->name, cl->hostname);
        }
 
+      if((cl->allow_request != ALL) && (cl->allow_request != request))
+        {
+          syslog(LOG_ERR, _("Unauthorized request from %s (%s)"), cl->name, cl->hostname);
+          return -1;
+        }
+
       if(request_handlers[request](cl))
        /* Something went wrong. Probably scriptkiddies. Terminate. */
         {
@@ -435,7 +440,8 @@ cp
 int send_ack(conn_list_t *cl)
 {
 cp
-  cl->allow_request = ACK;
+  if(cl->status.outgoing)
+    cl->allow_request = ACK;
 cp
   return send_request(cl, "%d", ACK);
 }
@@ -1061,18 +1067,21 @@ cp
 
       keylength = strlen(pktkey);
 
-/* Don't do this... yet
-      if((keylength%2) || (keylength <= 0))
+      if((keylength%2)!=0 || (keylength <= 0))
         {
           syslog(LOG_ERR, _("Got bad ANS_KEY from %s (%s) origin %s: invalid key"),
                  cl->name, cl->hostname, from->name);
           free(from_id); free(to_id); free(pktkey);
           return -1;
         }
+
+      if(from->cipher_pktkey)
+        free(from->cipher_pktkey);
+
       keylength /= 2;
       hex2bin(pktkey, pktkey, keylength);
-      BF_set_key(cl->cipher_pktkey, keylength, pktkey);
-*/
+      pktkey[keylength] = '\0';
+      from->cipher_pktkey = pktkey;
 
       from->status.validkey = 1;
       from->status.waitingforkey = 0;