projects
/
tinc
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Use xrealloc instead of if(ptr) ptr = xmalloc().
[tinc]
/
src
/
protocol_auth.c
diff --git
a/src/protocol_auth.c
b/src/protocol_auth.c
index
920324f
..
4816610
100644
(file)
--- a/
src/protocol_auth.c
+++ b/
src/protocol_auth.c
@@
-1,7
+1,7
@@
/*
protocol_auth.c -- handle the meta-protocol, authentication
/*
protocol_auth.c -- handle the meta-protocol, authentication
- Copyright (C) 1999-200
3 Ivo Timmermans <ivo@o2w.nl>
,
- 2000-200
3 Guus Sliepen <guus@sliepen.eu
.org>
+ Copyright (C) 1999-200
5 Ivo Timmermans
,
+ 2000-200
9 Guus Sliepen <guus@tinc-vpn
.org>
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@@
-17,7
+17,7
@@
along with this program; if not, write to the Free Software
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
along with this program; if not, write to the Free Software
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
- $Id
: protocol_auth.c,v 1.1.4.29 2003/11/10 22:31:53 guus Exp
$
+ $Id$
*/
#include "system.h"
*/
#include "system.h"
@@
-68,16
+68,19
@@
bool id_h(connection_t *c)
return false;
}
return false;
}
- /* If
we set c->name in advance
, make sure we are connected to the right host */
+ /* If
this is an outgoing connection
, make sure we are connected to the right host */
- if(c->
name
) {
+ if(c->
outgoing
) {
if(strcmp(c->name, name)) {
logger(LOG_ERR, _("Peer %s is %s instead of %s"), c->hostname, name,
c->name);
return false;
}
if(strcmp(c->name, name)) {
logger(LOG_ERR, _("Peer %s is %s instead of %s"), c->hostname, name,
c->name);
return false;
}
- } else
+ } else {
+ if(c->name)
+ free(c->name);
c->name = xstrdup(name);
c->name = xstrdup(name);
+ }
/* Check if version matches */
/* Check if version matches */
@@
-115,7
+118,7
@@
bool id_h(connection_t *c)
bool send_metakey(connection_t *c)
{
bool send_metakey(connection_t *c)
{
- char
buffer[MAX_STRING_SIZE]
;
+ char
*buffer
;
int len;
bool x;
int len;
bool x;
@@
-125,15
+128,16
@@
bool send_metakey(connection_t *c)
/* Allocate buffers for the meta key */
/* Allocate buffers for the meta key */
- if(!c->outkey)
- c->outkey = xmalloc(len);
+ buffer = alloca(2 * len + 1);
+
+ c->outkey = xrealloc(c->outkey, len);
if(!c->outctx)
c->outctx = xmalloc_and_zero(sizeof(*c->outctx));
cp();
/* Copy random data to the buffer */
if(!c->outctx)
c->outctx = xmalloc_and_zero(sizeof(*c->outctx));
cp();
/* Copy random data to the buffer */
- RAND_pseudo_bytes(c->outkey, len);
+ RAND_pseudo_bytes(
(unsigned char *)
c->outkey, len);
/* The message we send must be smaller than the modulus of the RSA key.
By definition, for a key of k bits, the following formula holds:
/* The message we send must be smaller than the modulus of the RSA key.
By definition, for a key of k bits, the following formula holds:
@@
-161,7
+165,7
@@
bool send_metakey(connection_t *c)
with a length equal to that of the modulus of the RSA key.
*/
with a length equal to that of the modulus of the RSA key.
*/
- if(RSA_public_encrypt(len,
c->outkey,
buffer, c->rsa_key, RSA_NO_PADDING) != len) {
+ if(RSA_public_encrypt(len,
(unsigned char *)c->outkey, (unsigned char *)
buffer, c->rsa_key, RSA_NO_PADDING) != len) {
logger(LOG_ERR, _("Error during encryption of meta key for %s (%s)"),
c->name, c->hostname);
return false;
logger(LOG_ERR, _("Error during encryption of meta key for %s (%s)"),
c->name, c->hostname);
return false;
@@
-183,8
+187,8
@@
bool send_metakey(connection_t *c)
if(c->outcipher) {
if(!EVP_EncryptInit(c->outctx, c->outcipher,
if(c->outcipher) {
if(!EVP_EncryptInit(c->outctx, c->outcipher,
- c->outkey + len - c->outcipher->key_len,
- c->outkey + len - c->outcipher->key_len -
+
(unsigned char *)
c->outkey + len - c->outcipher->key_len,
+
(unsigned char *)
c->outkey + len - c->outcipher->key_len -
c->outcipher->iv_len)) {
logger(LOG_ERR, _("Error during initialisation of cipher for %s (%s): %s"),
c->name, c->hostname, ERR_error_string(ERR_get_error(), NULL));
c->outcipher->iv_len)) {
logger(LOG_ERR, _("Error during initialisation of cipher for %s (%s): %s"),
c->name, c->hostname, ERR_error_string(ERR_get_error(), NULL));
@@
-222,8
+226,7
@@
bool metakey_h(connection_t *c)
/* Allocate buffers for the meta key */
/* Allocate buffers for the meta key */
- if(!c->inkey)
- c->inkey = xmalloc(len);
+ c->inkey = xrealloc(c->inkey, len);
if(!c->inctx)
c->inctx = xmalloc_and_zero(sizeof(*c->inctx));
if(!c->inctx)
c->inctx = xmalloc_and_zero(sizeof(*c->inctx));
@@
-234,8
+237,8
@@
bool metakey_h(connection_t *c)
/* Decrypt the meta key */
/* Decrypt the meta key */
- if(RSA_private_decrypt(len,
buffer, c->inkey, myself->connection->rsa_key, RSA_NO_PADDING) != len) {
/* See challenge() */
- logger(LOG_ERR, _("Error during
en
cryption of meta key for %s (%s)"),
+ if(RSA_private_decrypt(len,
(unsigned char *)buffer, (unsigned char *)c->inkey, myself->connection->rsa_key, RSA_NO_PADDING) != len) {
/* See challenge() */
+ logger(LOG_ERR, _("Error during
de
cryption of meta key for %s (%s)"),
c->name, c->hostname);
return false;
}
c->name, c->hostname);
return false;
}
@@
-259,8
+262,8
@@
bool metakey_h(connection_t *c)
}
if(!EVP_DecryptInit(c->inctx, c->incipher,
}
if(!EVP_DecryptInit(c->inctx, c->incipher,
- c->inkey + len - c->incipher->key_len,
- c->inkey + len - c->incipher->key_len -
+
(unsigned char *)
c->inkey + len - c->incipher->key_len,
+
(unsigned char *)
c->inkey + len - c->incipher->key_len -
c->incipher->iv_len)) {
logger(LOG_ERR, _("Error during initialisation of cipher from %s (%s): %s"),
c->name, c->hostname, ERR_error_string(ERR_get_error(), NULL));
c->incipher->iv_len)) {
logger(LOG_ERR, _("Error during initialisation of cipher from %s (%s): %s"),
c->name, c->hostname, ERR_error_string(ERR_get_error(), NULL));
@@
-299,7
+302,7
@@
bool metakey_h(connection_t *c)
bool send_challenge(connection_t *c)
{
bool send_challenge(connection_t *c)
{
- char
buffer[MAX_STRING_SIZE]
;
+ char
*buffer
;
int len;
cp();
int len;
cp();
@@
-310,12
+313,13
@@
bool send_challenge(connection_t *c)
/* Allocate buffers for the challenge */
/* Allocate buffers for the challenge */
- if(!c->hischallenge)
- c->hischallenge = xmalloc(len);
+ buffer = alloca(2 * len + 1);
+
+ c->hischallenge = xrealloc(c->hischallenge, len);
/* Copy random data to the buffer */
/* Copy random data to the buffer */
- RAND_pseudo_bytes(c->hischallenge, len);
+ RAND_pseudo_bytes(
(unsigned char *)
c->hischallenge, len);
/* Convert to hex */
/* Convert to hex */
@@
-352,8
+356,7
@@
bool challenge_h(connection_t *c)
/* Allocate buffers for the challenge */
/* Allocate buffers for the challenge */
- if(!c->mychallenge)
- c->mychallenge = xmalloc(len);
+ c->mychallenge = xrealloc(c->mychallenge, len);
/* Convert the challenge from hexadecimal back to binary */
/* Convert the challenge from hexadecimal back to binary */
@@
-377,7
+380,7
@@
bool send_chal_reply(connection_t *c)
if(!EVP_DigestInit(&ctx, c->indigest)
|| !EVP_DigestUpdate(&ctx, c->mychallenge, RSA_size(myself->connection->rsa_key))
if(!EVP_DigestInit(&ctx, c->indigest)
|| !EVP_DigestUpdate(&ctx, c->mychallenge, RSA_size(myself->connection->rsa_key))
- || !EVP_DigestFinal(&ctx, hash, NULL)) {
+ || !EVP_DigestFinal(&ctx,
(unsigned char *)
hash, NULL)) {
logger(LOG_ERR, _("Error during calculation of response for %s (%s): %s"),
c->name, c->hostname, ERR_error_string(ERR_get_error(), NULL));
return false;
logger(LOG_ERR, _("Error during calculation of response for %s (%s): %s"),
c->name, c->hostname, ERR_error_string(ERR_get_error(), NULL));
return false;
@@
-423,7
+426,7
@@
bool chal_reply_h(connection_t *c)
if(!EVP_DigestInit(&ctx, c->outdigest)
|| !EVP_DigestUpdate(&ctx, c->hischallenge, RSA_size(c->rsa_key))
if(!EVP_DigestInit(&ctx, c->outdigest)
|| !EVP_DigestUpdate(&ctx, c->hischallenge, RSA_size(c->rsa_key))
- || !EVP_DigestFinal(&ctx, myhash, NULL)) {
+ || !EVP_DigestFinal(&ctx,
(unsigned char *)
myhash, NULL)) {
logger(LOG_ERR, _("Error during calculation of response from %s (%s): %s"),
c->name, c->hostname, ERR_error_string(ERR_get_error(), NULL));
return false;
logger(LOG_ERR, _("Error during calculation of response from %s (%s): %s"),
c->name, c->hostname, ERR_error_string(ERR_get_error(), NULL));
return false;
@@
-476,18
+479,10
@@
bool send_ack(connection_t *c)
if((get_config_bool(lookup_config(c->config_tree, "TCPOnly"), &choice) && choice) || myself->options & OPTION_TCPONLY)
c->options |= OPTION_TCPONLY | OPTION_INDIRECT;
if((get_config_bool(lookup_config(c->config_tree, "TCPOnly"), &choice) && choice) || myself->options & OPTION_TCPONLY)
c->options |= OPTION_TCPONLY | OPTION_INDIRECT;
- choice = false;
- get_config_bool(lookup_config(config_tree, "Opaque"), &choice);
- get_config_bool(lookup_config(c->config_tree, "Opaque"), &choice);
- c->status.opaque = choice;
-
- if(c->status.opaque)
- c->options |= OPTION_INDIRECT;
+ if(myself->options & OPTION_PMTU_DISCOVERY)
+ c->options |= OPTION_PMTU_DISCOVERY;
- choice = false;
- get_config_bool(lookup_config(config_tree, "Strict"), &choice);
- get_config_bool(lookup_config(c->config_tree, "Strict"), &choice);
- c->status.strict = choice;
+ get_config_int(lookup_config(c->config_tree, "Weight"), &c->estimated_weight);
return send_request(c, "%d %s %d %lx", ACK, myport, c->estimated_weight, c->options);
}
return send_request(c, "%d %s %d %lx", ACK, myport, c->estimated_weight, c->options);
}
@@
-501,6
+496,15
@@
static void send_everything(connection_t *c)
/* Send all known subnets and edges */
/* Send all known subnets and edges */
+ if(tunnelserver) {
+ for(node = myself->subnet_tree->head; node; node = node->next) {
+ s = node->data;
+ send_add_subnet(c, s);
+ }
+
+ return;
+ }
+
for(node = node_tree->head; node; node = node->next) {
n = node->data;
for(node = node_tree->head; node; node = node->next) {
n = node->data;
@@
-520,7
+524,7
@@
bool ack_h(connection_t *c)
{
char hisport[MAX_STRING_SIZE];
char *hisaddress, *dummy;
{
char hisport[MAX_STRING_SIZE];
char *hisaddress, *dummy;
- int weight;
+ int weight
, mtu
;
long int options;
node_t *n;
long int options;
node_t *n;
@@
-553,8
+557,18
@@
bool ack_h(connection_t *c)
n->connection = c;
c->node = n;
n->connection = c;
c->node = n;
+ if(!(c->options & options & OPTION_PMTU_DISCOVERY)) {
+ c->options &= ~OPTION_PMTU_DISCOVERY;
+ options &= ~OPTION_PMTU_DISCOVERY;
+ }
c->options |= options;
c->options |= options;
+ if(get_config_int(lookup_config(c->config_tree, "PMTU"), &mtu) && mtu < n->mtu)
+ n->mtu = mtu;
+
+ if(get_config_int(lookup_config(myself->connection->config_tree, "PMTU"), &mtu) && mtu < n->mtu)
+ n->mtu = mtu;
+
/* Activate this connection */
c->allow_request = ALL;
/* Activate this connection */
c->allow_request = ALL;
@@
-565,8
+579,7
@@
bool ack_h(connection_t *c)
/* Send him everything we know */
/* Send him everything we know */
- if(!c->status.opaque)
- send_everything(c);
+ send_everything(c);
/* Create an edge_t for this connection */
/* Create an edge_t for this connection */
@@
-586,10
+599,10
@@
bool ack_h(connection_t *c)
/* Notify everyone of the new edge */
/* Notify everyone of the new edge */
- if(c->status.opaque)
- send_add_edge(broadcast, c->edge);
- else
+ if(tunnelserver)
send_add_edge(c, c->edge);
send_add_edge(c, c->edge);
+ else
+ send_add_edge(broadcast, c->edge);
/* Run MST and SSSP algorithms */
/* Run MST and SSSP algorithms */