along with this program; if not, write to the Free Software
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
- $Id: protocol.c,v 1.28.4.48 2000/10/29 00:24:31 guus Exp $
+ $Id: protocol.c,v 1.28.4.52 2000/10/29 22:10:43 guus Exp $
*/
#include "config.h"
#include <openssl/sha.h>
#include <openssl/rand.h>
+#include <openssl/evp.h>
#include "conf.h"
-#include "encr.h"
#include "net.h"
#include "netutl.h"
#include "protocol.h"
request_name[request], cl->name, cl->hostname);
}
+ if((cl->allow_request != ALL) && (cl->allow_request != request))
+ {
+ syslog(LOG_ERR, _("Unauthorized request from %s (%s)"), cl->name, cl->hostname);
+ return -1;
+ }
+
if(request_handlers[request](cl))
/* Something went wrong. Probably scriptkiddies. Terminate. */
{
int send_ack(conn_list_t *cl)
{
cp
- cl->allow_request = ACK;
+ if(cl->status.outgoing)
+ cl->allow_request = ACK;
cp
return send_request(cl, "%d", ACK);
}
cl->allow_request = ALL;
cl->status.active = 1;
cl->nexthop = cl;
+ cl->cipher_pkttype = EVP_bf_cfb();
+ cl->cipher_pktkeylength = cl->cipher_pkttype->key_len + cl->cipher_pkttype->iv_len;
if(debug_lvl >= DEBUG_CONNECTIONS)
syslog(LOG_NOTICE, _("Connection with %s (%s) activated"), cl->name, cl->hostname);
{
char *from_id, *to_id;
conn_list_t *from, *to;
+ char pktkey[129];
cp
if(sscanf(cl->buffer, "%*d %as %as", &from_id, &to_id) != 2)
{
if(!strcmp(to_id, myself->name))
{
- send_ans_key(myself, from, myself->cipher_pktkey);
+ bin2hex(myself->cipher_pktkey, pktkey, myself->cipher_pktkeylength);
+ pktkey[myself->cipher_pktkeylength*2] = '\0';
+ send_ans_key(myself, from, pktkey);
}
else
{
free(from_id); free(to_id);
return -1;
}
- send_req_key(from, to);
+
+ if(to->status.validkey) /* Proxy keys */
+ {
+ bin2hex(to->cipher_pktkey, pktkey, to->cipher_pktkeylength);
+ pktkey[to->cipher_pktkeylength*2] = '\0';
+ send_ans_key(to, from, pktkey);
+ }
+ else
+ send_req_key(from, to);
}
free(from_id); free(to_id);
return -1;
}
- /* Check if this key request is for us */
+ /* Update origin's packet key */
- if(!strcmp(to_id, myself->name))
+ keylength = strlen(pktkey);
+
+ if(keylength != from->cipher_pktkeylength*2)
{
- /* It is for us, convert it to binary and set the key with it. */
+ syslog(LOG_ERR, _("Got bad ANS_KEY from %s (%s) origin %s: invalid key length"),
+ cl->name, cl->hostname, from->name);
+ free(from_id); free(to_id); free(pktkey);
+ return -1;
+ }
- keylength = strlen(pktkey);
+ if(from->cipher_pktkey)
+ free(from->cipher_pktkey);
-/* Don't do this... yet
- if((keylength%2) || (keylength <= 0))
- {
- syslog(LOG_ERR, _("Got bad ANS_KEY from %s (%s) origin %s: invalid key"),
- cl->name, cl->hostname, from->name);
- free(from_id); free(to_id); free(pktkey);
- return -1;
- }
- keylength /= 2;
- hex2bin(pktkey, pktkey, keylength);
- BF_set_key(cl->cipher_pktkey, keylength, pktkey);
-*/
+ keylength /= 2;
+ hex2bin(pktkey, pktkey, keylength);
+ pktkey[keylength] = '\0';
+ from->cipher_pktkey = pktkey;
- from->status.validkey = 1;
- from->status.waitingforkey = 0;
- }
- else
+ from->status.validkey = 1;
+ from->status.waitingforkey = 0;
+
+ if(strcmp(to_id, myself->name))
{
if(!(to = lookup_id(to_id)))
{
syslog(LOG_ERR, _("Got ANS_KEY from %s (%s) destination %s which does not exist in our connection list"),
cl->name, cl->hostname, to_id);
- free(from_id); free(to_id); free(pktkey);
+ free(from_id); free(to_id);
return -1;
}
send_ans_key(from, to, pktkey);
}
- free(from_id); free(to_id); free(pktkey);
+ free(from_id); free(to_id);
cp
return 0;
}
projects / tinc / blobdiff