X-Git-Url: https://www.tinc-vpn.org/git/browse?p=tinc;a=blobdiff_plain;f=src%2Fprotocol.c;h=a8860fb2929c473d90c69f2e547478db68021189;hp=be3b5d1ce14e41f538a5563f55d9a5b4dbf61123;hb=6365d0627b9b1e9a31371ec891db0d2cfb4d6ed4;hpb=bfc5d6014e3c1563f7b6a2f10698e9ba23ba3e96 diff --git a/src/protocol.c b/src/protocol.c index be3b5d1c..a8860fb2 100644 --- a/src/protocol.c +++ b/src/protocol.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol.c,v 1.28.4.89 2001/05/24 21:52:26 guus Exp $ + $Id: protocol.c,v 1.28.4.96 2001/07/01 09:21:01 guus Exp $ */ #include "config.h" @@ -106,11 +106,15 @@ cp return -1; } - len++; - if(debug_lvl >= DEBUG_PROTOCOL) - syslog(LOG_DEBUG, _("Sending %s to %s (%s)"), request_name[request], cl->name, cl->hostname); + { + if(debug_lvl >= DEBUG_META) + syslog(LOG_DEBUG, _("Sending %s to %s (%s): %s"), request_name[request], cl->name, cl->hostname, buffer); + else + syslog(LOG_DEBUG, _("Sending %s to %s (%s)"), request_name[request], cl->name, cl->hostname); + } + buffer[len++] = '\n'; cp return send_meta(cl, buffer, len); } @@ -118,20 +122,31 @@ cp int receive_request(connection_t *cl) { int request; -cp +cp if(sscanf(cl->buffer, "%d", &request) == 1) { if((request < 0) || (request >= LAST) || (request_handlers[request] == NULL)) { - syslog(LOG_ERR, _("Unknown request from %s (%s)"), - cl->name, cl->hostname); + if(debug_lvl >= DEBUG_META) + syslog(LOG_DEBUG, _("Unknown request from %s (%s): %s"), + cl->name, cl->hostname, cl->buffer); + else + syslog(LOG_ERR, _("Unknown request from %s (%s)"), + cl->name, cl->hostname); + return -1; } else { if(debug_lvl >= DEBUG_PROTOCOL) - syslog(LOG_DEBUG, _("Got %s from %s (%s)"), - request_name[request], cl->name, cl->hostname); + { + if(debug_lvl >= DEBUG_META) + syslog(LOG_DEBUG, _("Got %s from %s (%s): %s"), + request_name[request], cl->name, cl->hostname, cl->buffer); + else + syslog(LOG_DEBUG, _("Got %s from %s (%s)"), + request_name[request], cl->name, cl->hostname); + } } if((cl->allow_request != ALL) && (cl->allow_request != request)) @@ -158,34 +173,8 @@ cp return 0; } -/* Connection protocol: - - Client Server - send_id(u) - send_challenge(R) - send_chal_reply(H) - send_id(u) - send_challenge(R) - send_chal_reply(H) - --------------------------------------- - send_metakey(R) - send_metakey(R) - --------------------------------------- - send_ack(u) - send_ack(u) - --------------------------------------- - Other requests(E)... - - (u) Unencrypted, - (R) RSA, - (H) SHA1, - (E) Encrypted with symmetric cipher. - - Part of the challenge is directly used to set the symmetric cipher - key and the initial vector. Since a man-in-the-middle cannot - decrypt the RSA challenges, this means that he cannot get or forge - the key for the symmetric cipher. -*/ +/* The authentication protocol is described in detail in doc/SECURITY2, + the rest will be described in doc/PROTOCOL. */ int send_id(connection_t *cl) { @@ -225,6 +214,9 @@ cp /* Copy string to cl */ + if(cl->name) + free(cl->name); + cl->name = xstrdup(name); /* Load information about peer */ @@ -261,8 +253,14 @@ cp node = avl_unlink(connection_tree, cl); cl->port = port; - avl_insert_node(connection_tree, node); - + if(!avl_insert_node(connection_tree, node)) + { + old = avl_search_node(connection_tree, node)->data; + syslog(LOG_ERR, _("%s is listening on %s:%hd, which is already in use by %s!"), + cl->name, cl->hostname, cl->port, old->name); + return -1; + } + /* Read in the public key, so that we can send a metakey */ if(read_rsa_public_key(cl)) @@ -305,6 +303,8 @@ cp if(debug_lvl >= DEBUG_CONNECTIONS) syslog(LOG_NOTICE, _("Connection with %s (%s) activated"), cl->name, cl->hostname); + if(cl->status.outgoing) + seconds_till_retry = 5; /* Reset retry timeout */ cp /* Check some options */ @@ -1068,6 +1068,7 @@ cp cl->last_ping_time = time(NULL); RAND_bytes(salt, SALTLEN); bin2hex(salt, salt, SALTLEN); + salt[SALTLEN*2] = '\0'; cp return send_request(cl, "%d %s", PING, salt); } @@ -1084,6 +1085,7 @@ int send_pong(connection_t *cl) cp RAND_bytes(salt, SALTLEN); bin2hex(salt, salt, SALTLEN); + salt[SALTLEN*2] = '\0'; cp return send_request(cl, "%d %s", PONG, salt); } @@ -1107,17 +1109,16 @@ cp This reduces unnecessary key_changed broadcasts. */ - if(mykeyused) + if(from==myself && !mykeyused) + return 0; + + for(node = connection_tree->head; node; node = node->next) { - for(node = connection_tree->head; node; node = node->next) - { - p = (connection_t *)node->data; - if(p != cl && p->status.meta && p->status.active) - if(!(p->options & OPTION_INDIRECT) || from == myself) - send_request(p, "%d %s", KEY_CHANGED, from->name); - } - mykeyused = 0; - } + p = (connection_t *)node->data; + if(p != cl && p->status.meta && p->status.active) + if(!(p->options & OPTION_INDIRECT) || from == myself) + send_request(p, "%d %s", KEY_CHANGED, from->name); + } cp return 0; } @@ -1285,53 +1286,29 @@ int send_tcppacket(connection_t *cl, vpn_packet_t *packet) { int x; cp + /* Evil hack. */ + x = send_request(cl->nexthop, "%d %hd", PACKET, packet->len); if(x) return x; - - return send_meta(cl->nexthop, packet->data, packet->len); +cp + return send_meta(cl, packet->data, packet->len); } int tcppacket_h(connection_t *cl) { - vpn_packet_t packet; - char *p; - int todo, x; + short int len; cp - if(sscanf(cl->buffer, "%*d %hd", &packet.len) != 1) + if(sscanf(cl->buffer, "%*d %hd", &len) != 1) { syslog(LOG_ERR, _("Got bad PACKET from %s (%s)"), cl->name, cl->hostname); return -1; } - /* Evil hack. */ - - p = packet.data; - todo = packet.len; - - while(todo) - { - x = read(cl->meta_socket, p, todo); - - if(x<=0) - { - if(x==0) - syslog(LOG_NOTICE, _("Connection closed by %s (%s)"), cl->name, cl->hostname); - else - if(errno==EINTR || errno==EAGAIN) /* FIXME: select() or poll() or reimplement this evil hack */ - continue; - else - syslog(LOG_ERR, _("Error during reception of PACKET from %s (%s): %m"), cl->name, cl->hostname); - - return -1; - } - - todo -= x; - p += x; - } + /* Set reqlen to len, this will tell receive_meta() that a tcppacket is coming. */ - receive_packet(cl, &packet); + cl->tcplen = len; cp return 0; }