X-Git-Url: https://www.tinc-vpn.org/git/browse?p=tinc;a=blobdiff_plain;f=src%2Fprotocol_auth.c;h=134e0f06b66b2d716423c9e0b010234db384d89a;hp=fc0c3aae2bc7a2a9eed94d84461a41050e86ee10;hb=c08858baa91a00e38c0f5482dbb0817dbd0361f1;hpb=f75dcef72a81a337e847adf0bae54198894f65b9 diff --git a/src/protocol_auth.c b/src/protocol_auth.c index fc0c3aae..134e0f06 100644 --- a/src/protocol_auth.c +++ b/src/protocol_auth.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol_auth.c,v 1.1.4.16 2002/09/09 21:24:45 guus Exp $ + $Id: protocol_auth.c,v 1.1.4.19 2003/01/17 00:37:20 guus Exp $ */ #include "config.h" @@ -53,7 +53,7 @@ #include "system.h" -int send_id(connection_t * c) +int send_id(connection_t *c) { cp(); @@ -61,7 +61,7 @@ int send_id(connection_t * c) myself->connection->protocol_version); } -int id_h(connection_t * c) +int id_h(connection_t *c) { char name[MAX_STRING_SIZE]; int bla; @@ -137,7 +137,7 @@ int id_h(connection_t * c) return send_metakey(c); } -int send_metakey(connection_t * c) +int send_metakey(connection_t *c) { char buffer[MAX_STRING_SIZE]; int len, x; @@ -152,7 +152,7 @@ int send_metakey(connection_t * c) c->outkey = xmalloc(len); if(!c->outctx) - c->outctx = xmalloc(sizeof(*c->outctx)); + c->outctx = xmalloc_and_zero(sizeof(*c->outctx)); cp(); /* Copy random data to the buffer */ @@ -216,7 +216,7 @@ int send_metakey(connection_t * c) return x; } -int metakey_h(connection_t * c) +int metakey_h(connection_t *c) { char buffer[MAX_STRING_SIZE]; int cipher, digest, maclength, compression; @@ -224,9 +224,7 @@ int metakey_h(connection_t * c) cp(); - if(sscanf - (c->buffer, "%*d %d %d %d %d " MAX_STRING, &cipher, &digest, &maclength, - &compression, buffer) != 5) { + if(sscanf(c->buffer, "%*d %d %d %d %d " MAX_STRING, &cipher, &digest, &maclength, &compression, buffer) != 5) { syslog(LOG_ERR, _("Got bad %s from %s (%s)"), "METAKEY", c->name, c->hostname); return -1; @@ -237,8 +235,7 @@ int metakey_h(connection_t * c) /* Check if the length of the meta key is all right */ if(strlen(buffer) != len * 2) { - syslog(LOG_ERR, _("Possible intruder %s (%s): %s"), c->name, - c->hostname, "wrong keylength"); + syslog(LOG_ERR, _("Possible intruder %s (%s): %s"), c->name, c->hostname, "wrong keylength"); return -1; } @@ -248,7 +245,7 @@ int metakey_h(connection_t * c) c->inkey = xmalloc(len); if(!c->inctx) - c->inctx = xmalloc(sizeof(*c->inctx)); + c->inctx = xmalloc_and_zero(sizeof(*c->inctx)); /* Convert the challenge from hexadecimal back to binary */ @@ -265,8 +262,7 @@ int metakey_h(connection_t * c) if(debug_lvl >= DEBUG_SCARY_THINGS) { bin2hex(c->inkey, buffer, len); buffer[len * 2] = '\0'; - syslog(LOG_DEBUG, _("Received random meta key (unencrypted): %s"), - buffer); + syslog(LOG_DEBUG, _("Received random meta key (unencrypted): %s"), buffer); } /* All incoming requests will now be encrypted. */ @@ -275,10 +271,9 @@ int metakey_h(connection_t * c) if(cipher) { c->incipher = EVP_get_cipherbynid(cipher); - + if(!c->incipher) { - syslog(LOG_ERR, _("%s (%s) uses unknown cipher!"), c->name, - c->hostname); + syslog(LOG_ERR, _("%s (%s) uses unknown cipher!"), c->name, c->hostname); return -1; } @@ -298,14 +293,12 @@ int metakey_h(connection_t * c) c->indigest = EVP_get_digestbynid(digest); if(!c->indigest) { - syslog(LOG_ERR, _("Node %s (%s) uses unknown digest!"), c->name, - c->hostname); + syslog(LOG_ERR, _("Node %s (%s) uses unknown digest!"), c->name, c->hostname); return -1; } if(c->inmaclength > c->indigest->md_size || c->inmaclength < 0) { - syslog(LOG_ERR, _("%s (%s) uses bogus MAC length!"), c->name, - c->hostname); + syslog(LOG_ERR, _("%s (%s) uses bogus MAC length!"), c->name, c->hostname); return -1; } } else { @@ -319,7 +312,7 @@ int metakey_h(connection_t * c) return send_challenge(c); } -int send_challenge(connection_t * c) +int send_challenge(connection_t *c) { char buffer[MAX_STRING_SIZE]; int len, x; @@ -351,7 +344,7 @@ int send_challenge(connection_t * c) return x; } -int challenge_h(connection_t * c) +int challenge_h(connection_t *c) { char buffer[MAX_STRING_SIZE]; int len; @@ -390,7 +383,7 @@ int challenge_h(connection_t * c) return send_chal_reply(c); } -int send_chal_reply(connection_t * c) +int send_chal_reply(connection_t *c) { char hash[EVP_MAX_MD_SIZE * 2 + 1]; EVP_MD_CTX ctx; @@ -414,7 +407,7 @@ int send_chal_reply(connection_t * c) return send_request(c, "%d %s", CHAL_REPLY, hash); } -int chal_reply_h(connection_t * c) +int chal_reply_h(connection_t *c) { char hishash[MAX_STRING_SIZE]; char myhash[EVP_MAX_MD_SIZE]; @@ -470,7 +463,7 @@ int chal_reply_h(connection_t * c) return send_ack(c); } -int send_ack(connection_t * c) +int send_ack(connection_t *c) { /* ACK message contains rest of the information the other end needs to create node_t and edge_t structures. */ @@ -492,7 +485,7 @@ int send_ack(connection_t * c) return x; } -void send_everything(connection_t * c) +void send_everything(connection_t *c) { avl_node_t *node, *node2; node_t *n; @@ -516,7 +509,7 @@ void send_everything(connection_t * c) } } -int ack_h(connection_t * c) +int ack_h(connection_t *c) { char hisport[MAX_STRING_SIZE]; char *hisaddress, *dummy; @@ -548,6 +541,8 @@ int ack_h(connection_t * c) syslog(LOG_DEBUG, _("Established a second connection with %s (%s), closing old connection"), n->name, n->hostname); terminate_connection(n->connection, 0); + /* Run graph algorithm to purge key and make sure up/down scripts are rerun with new IP addresses and stuff */ + graph(); } }