X-Git-Url: https://www.tinc-vpn.org/git/browse?p=tinc;a=blobdiff_plain;f=src%2Fprotocol.c;h=fe0d180e20fa56a3b186db2fd647828ebe70a613;hp=3c596398e91013716a4f963e46cceebabc33ad38;hb=9c2f805255fa36b05e8fe9391f639581d938b653;hpb=9f64499e40a95a8c05c82924219517aa017fc411 diff --git a/src/protocol.c b/src/protocol.c index 3c596398..fe0d180e 100644 --- a/src/protocol.c +++ b/src/protocol.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol.c,v 1.28.4.43 2000/10/20 15:34:37 guus Exp $ + $Id: protocol.c,v 1.28.4.45 2000/10/24 15:46:17 guus Exp $ */ #include "config.h" @@ -104,7 +104,7 @@ cp } else { - if(debug_lvl > DEBUG_PROTOCOL) + if(debug_lvl >= DEBUG_PROTOCOL) syslog(LOG_DEBUG, _("Got %s from %s (%s)"), request_name[request], cl->name, cl->hostname); } @@ -205,7 +205,7 @@ cp { if((old = lookup_id(cl->name))) { - if(debug_lvl > DEBUG_CONNECTIONS) + if(debug_lvl >= DEBUG_CONNECTIONS) syslog(LOG_NOTICE, _("Uplink %s (%s) is already in our connection list"), cl->name, cl->hostname); cl->status.outgoing = 0; old->status.outgoing = 1; @@ -247,10 +247,23 @@ cp cl->hischallenge = xmalloc(len); cp + /* Seed the PRNG with urandom (can't afford to block) */ + + RAND_load_file("/dev/urandom", 1024); + /* Copy random data to the buffer */ RAND_bytes(cl->hischallenge, len); + cl->hischallenge[0] &= 0x7F; /* Somehow if the first byte is more than 0xD0 or something like that, decryption fails... */ + + if(debug_lvl >= DEBUG_SCARY_THINGS) + { + bin2hex(cl->hischallenge, buffer, len); + buffer[len*2] = '\0'; + syslog(LOG_DEBUG, _("Generated random challenge (unencrypted): %s"), buffer); + } + /* Encrypt the random data */ if(RSA_public_encrypt(len, cl->hischallenge, buffer, cl->rsa_key, RSA_NO_PADDING) != len) /* NO_PADDING because the message size equals the RSA key size and it is totally random */ @@ -314,6 +327,13 @@ cp return -1; } + if(debug_lvl >= DEBUG_SCARY_THINGS) + { + bin2hex(cl->mychallenge, buffer, len); + buffer[len*2] = '\0'; + syslog(LOG_DEBUG, _("Received random challenge (unencrypted): %s"), buffer); + } + free(buffer); /* Rest is done by send_chal_reply() */ @@ -385,10 +405,17 @@ cp if(memcmp(hishash, myhash, SHA_DIGEST_LENGTH)) { syslog(LOG_ERR, _("Intruder: wrong challenge reply from %s (%s)"), cl->name, cl->hostname); + if(debug_lvl >= DEBUG_SCARY_THINGS) + { + bin2hex(myhash, hishash, SHA_DIGEST_LENGTH); + hishash[SHA_DIGEST_LENGTH*2] = '\0'; + syslog(LOG_DEBUG, _("Expected challenge reply: %s"), hishash); + } free(hishash); return -1; } + free(hishash); /* Identity has now been positively verified. @@ -421,7 +448,7 @@ cp while((old = lookup_id(cl->name))) { - if(debug_lvl > DEBUG_CONNECTIONS) + if(debug_lvl >= DEBUG_CONNECTIONS) syslog(LOG_NOTICE, _("Removing old entry for %s at %s in favour of new connection from %s"), cl->name, old->hostname, cl->hostname); old->status.active = 0; @@ -433,7 +460,7 @@ cp cl->allow_request = ALL; cl->status.active = 1; - if(debug_lvl > DEBUG_CONNECTIONS) + if(debug_lvl >= DEBUG_CONNECTIONS) syslog(LOG_NOTICE, _("Connection with %s (%s) activated"), cl->name, cl->hostname); /* Exchange information about other tinc daemons */ @@ -442,7 +469,6 @@ cp notify_others(cl, NULL, send_add_host); notify_one(cl); */ - upstreamindex = 0; cp if(cl->status.outgoing) @@ -668,14 +694,14 @@ cp { if((new->address == old->address) && (new->port == old->port)) { - if(debug_lvl > DEBUG_CONNECTIONS) + if(debug_lvl >= DEBUG_CONNECTIONS) syslog(LOG_NOTICE, _("Got duplicate ADD_HOST for %s (%s) from %s (%s)"), old->name, old->hostname, new->name, new->hostname); return 0; } else { - if(debug_lvl > DEBUG_CONNECTIONS) + if(debug_lvl >= DEBUG_CONNECTIONS) syslog(LOG_NOTICE, _("Removing old entry for %s (%s)"), old->name, old->hostname); old->status.active = 0; @@ -817,7 +843,7 @@ cp return -1; } - if(debug_lvl > DEBUG_STATUS) + if(debug_lvl >= DEBUG_STATUS) { syslog(LOG_NOTICE, _("Status message from %s (%s): %s: %s"), cl->name, cl->hostname, status_text[statusno], statusstring); @@ -848,7 +874,7 @@ cp return -1; } - if(debug_lvl > DEBUG_ERROR) + if(debug_lvl >= DEBUG_ERROR) { syslog(LOG_NOTICE, _("Error message from %s (%s): %s: %s"), cl->name, cl->hostname, strerror(errno), errorstring);