X-Git-Url: https://www.tinc-vpn.org/git/browse?p=tinc;a=blobdiff_plain;f=src%2Fprotocol.c;h=b19e572596c40a2d8b25c73730c04e918416e3cd;hp=3c596398e91013716a4f963e46cceebabc33ad38;hb=52b842f8076d507d3a6ea07045d085ae21d1aa10;hpb=73f7efddd723b25c1477ec1139dc7211307ff660 diff --git a/src/protocol.c b/src/protocol.c index 3c596398..b19e5725 100644 --- a/src/protocol.c +++ b/src/protocol.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol.c,v 1.28.4.43 2000/10/20 15:34:37 guus Exp $ + $Id: protocol.c,v 1.28.4.44 2000/10/21 11:52:07 guus Exp $ */ #include "config.h" @@ -104,7 +104,7 @@ cp } else { - if(debug_lvl > DEBUG_PROTOCOL) + if(debug_lvl >= DEBUG_PROTOCOL) syslog(LOG_DEBUG, _("Got %s from %s (%s)"), request_name[request], cl->name, cl->hostname); } @@ -205,7 +205,7 @@ cp { if((old = lookup_id(cl->name))) { - if(debug_lvl > DEBUG_CONNECTIONS) + if(debug_lvl >= DEBUG_CONNECTIONS) syslog(LOG_NOTICE, _("Uplink %s (%s) is already in our connection list"), cl->name, cl->hostname); cl->status.outgoing = 0; old->status.outgoing = 1; @@ -247,10 +247,23 @@ cp cl->hischallenge = xmalloc(len); cp + /* Seed the PRNG with urandom (can't afford to block) */ + + RAND_load_file("/dev/urandom", 1024); + /* Copy random data to the buffer */ RAND_bytes(cl->hischallenge, len); + cl->hischallenge[0] &= 0x7F; /* Somehow if the first byte is more than 0xD0 or something like that, decryption fails... */ + + if(debug_lvl >= DEBUG_SCARY_THINGS) + { + bin2hex(cl->hischallenge, buffer, len); + buffer[len*2] = '\0'; + syslog(LOG_DEBUG, _("Generated random challenge (unencrypted): %s"), buffer); + } + /* Encrypt the random data */ if(RSA_public_encrypt(len, cl->hischallenge, buffer, cl->rsa_key, RSA_NO_PADDING) != len) /* NO_PADDING because the message size equals the RSA key size and it is totally random */ @@ -314,6 +327,13 @@ cp return -1; } + if(debug_lvl >= DEBUG_SCARY_THINGS) + { + bin2hex(cl->mychallenge, buffer, len); + buffer[len*2] = '\0'; + syslog(LOG_DEBUG, _("Received random challenge (unencrypted): %s"), buffer); + } + free(buffer); /* Rest is done by send_chal_reply() */ @@ -385,10 +405,17 @@ cp if(memcmp(hishash, myhash, SHA_DIGEST_LENGTH)) { syslog(LOG_ERR, _("Intruder: wrong challenge reply from %s (%s)"), cl->name, cl->hostname); + if(debug_lvl >= DEBUG_SCARY_THINGS) + { + bin2hex(myhash, hishash, SHA_DIGEST_LENGTH); + hishash[SHA_DIGEST_LENGTH*2] = '\0'; + syslog(LOG_DEBUG, _("Expected challenge reply: %s"), hishash); + } free(hishash); return -1; } + free(hishash); /* Identity has now been positively verified. @@ -421,7 +448,7 @@ cp while((old = lookup_id(cl->name))) { - if(debug_lvl > DEBUG_CONNECTIONS) + if(debug_lvl >= DEBUG_CONNECTIONS) syslog(LOG_NOTICE, _("Removing old entry for %s at %s in favour of new connection from %s"), cl->name, old->hostname, cl->hostname); old->status.active = 0; @@ -433,7 +460,7 @@ cp cl->allow_request = ALL; cl->status.active = 1; - if(debug_lvl > DEBUG_CONNECTIONS) + if(debug_lvl >= DEBUG_CONNECTIONS) syslog(LOG_NOTICE, _("Connection with %s (%s) activated"), cl->name, cl->hostname); /* Exchange information about other tinc daemons */ @@ -668,14 +695,14 @@ cp { if((new->address == old->address) && (new->port == old->port)) { - if(debug_lvl > DEBUG_CONNECTIONS) + if(debug_lvl >= DEBUG_CONNECTIONS) syslog(LOG_NOTICE, _("Got duplicate ADD_HOST for %s (%s) from %s (%s)"), old->name, old->hostname, new->name, new->hostname); return 0; } else { - if(debug_lvl > DEBUG_CONNECTIONS) + if(debug_lvl >= DEBUG_CONNECTIONS) syslog(LOG_NOTICE, _("Removing old entry for %s (%s)"), old->name, old->hostname); old->status.active = 0; @@ -817,7 +844,7 @@ cp return -1; } - if(debug_lvl > DEBUG_STATUS) + if(debug_lvl >= DEBUG_STATUS) { syslog(LOG_NOTICE, _("Status message from %s (%s): %s: %s"), cl->name, cl->hostname, status_text[statusno], statusstring); @@ -848,7 +875,7 @@ cp return -1; } - if(debug_lvl > DEBUG_ERROR) + if(debug_lvl >= DEBUG_ERROR) { syslog(LOG_NOTICE, _("Error message from %s (%s): %s: %s"), cl->name, cl->hostname, strerror(errno), errorstring);