X-Git-Url: https://www.tinc-vpn.org/git/browse?p=tinc;a=blobdiff_plain;f=src%2Fprotocol.c;h=50889b9172b110ecf7f27b0e4eb458fec89934e6;hp=1bb37346318535acdb46ce44196e13ba97f604f3;hb=8fa9bc017d89b53798903df3fa98311067d4de90;hpb=7398002ade1397bd857953f009f4aed65ffc9218 diff --git a/src/protocol.c b/src/protocol.c index 1bb37346..50889b91 100644 --- a/src/protocol.c +++ b/src/protocol.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol.c,v 1.28.4.48 2000/10/29 00:24:31 guus Exp $ + $Id: protocol.c,v 1.28.4.50 2000/10/29 09:19:25 guus Exp $ */ #include "config.h" @@ -40,7 +40,6 @@ #include #include "conf.h" -#include "encr.h" #include "net.h" #include "netutl.h" #include "protocol.h" @@ -111,6 +110,12 @@ cp request_name[request], cl->name, cl->hostname); } + if((cl->allow_request != ALL) && (cl->allow_request != request)) + { + syslog(LOG_ERR, _("Unauthorized request from %s (%s)"), cl->name, cl->hostname); + return -1; + } + if(request_handlers[request](cl)) /* Something went wrong. Probably scriptkiddies. Terminate. */ { @@ -435,7 +440,8 @@ cp int send_ack(conn_list_t *cl) { cp - cl->allow_request = ACK; + if(cl->status.outgoing) + cl->allow_request = ACK; cp return send_request(cl, "%d", ACK); } @@ -1061,18 +1067,21 @@ cp keylength = strlen(pktkey); -/* Don't do this... yet - if((keylength%2) || (keylength <= 0)) + if((keylength%2)!=0 || (keylength <= 0)) { syslog(LOG_ERR, _("Got bad ANS_KEY from %s (%s) origin %s: invalid key"), cl->name, cl->hostname, from->name); free(from_id); free(to_id); free(pktkey); return -1; } + + if(from->cipher_pktkey) + free(from->cipher_pktkey); + keylength /= 2; hex2bin(pktkey, pktkey, keylength); - BF_set_key(cl->cipher_pktkey, keylength, pktkey); -*/ + pktkey[keylength] = '\0'; + from->cipher_pktkey = pktkey; from->status.validkey = 1; from->status.waitingforkey = 0;