X-Git-Url: https://www.tinc-vpn.org/git/browse?p=tinc;a=blobdiff_plain;f=src%2Fprotocol_auth.c;h=8fe8b38bf84d4b55a9f819ef81d950d00146cade;hp=92e076a85783127d5a784d02446f61c15c69970a;hb=5fc1ed17f41f0c535cf57a4b7e00cd6d45759503;hpb=52e7699273a3009fe4d91e608522401076922785 diff --git a/src/protocol_auth.c b/src/protocol_auth.c index 92e076a8..8fe8b38b 100644 --- a/src/protocol_auth.c +++ b/src/protocol_auth.c @@ -1,7 +1,7 @@ /* protocol_auth.c -- handle the meta-protocol, authentication - Copyright (C) 1999-2002 Ivo Timmermans , - 2000-2002 Guus Sliepen + Copyright (C) 1999-2002 Ivo Timmermans , + 2000-2002 Guus Sliepen This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol_auth.c,v 1.1.4.4 2002/03/22 11:43:48 guus Exp $ + $Id: protocol_auth.c,v 1.1.4.15 2002/09/09 19:39:59 guus Exp $ */ #include "config.h" @@ -55,7 +55,7 @@ int send_id(connection_t *c) { -cp + cp(); return send_request(c, "%d %s %d", ID, myself->connection->name, myself->connection->protocol_version); } @@ -63,7 +63,7 @@ int id_h(connection_t *c) { char name[MAX_STRING_SIZE]; int bla; -cp + cp(); if(sscanf(c->buffer, "%*d "MAX_STRING" %d", name, &c->protocol_version) != 2) { syslog(LOG_ERR, _("Got bad %s from %s (%s)"), "ID", c->name, c->hostname); @@ -112,7 +112,9 @@ cp { init_configuration(&c->config_tree); - if((bla = read_connection_config(c))) + bla = read_connection_config(c); + + if(bla) { syslog(LOG_ERR, _("Peer %s had unknown identity (%s)"), c->hostname, c->name); return -1; @@ -133,7 +135,7 @@ cp c->options |= OPTION_TCPONLY | OPTION_INDIRECT; c->allow_request = METAKEY; -cp + cp(); return send_metakey(c); } @@ -141,7 +143,7 @@ int send_metakey(connection_t *c) { char buffer[MAX_STRING_SIZE]; int len, x; -cp + cp(); len = RSA_size(c->rsa_key); /* Allocate buffers for the meta key */ @@ -151,7 +153,7 @@ cp if(!c->outctx) c->outctx = xmalloc(sizeof(*c->outctx)); -cp + cp(); /* Copy random data to the buffer */ RAND_bytes(c->outkey, len); @@ -187,7 +189,7 @@ cp syslog(LOG_ERR, _("Error during encryption of meta key for %s (%s)"), c->name, c->hostname); return -1; } -cp + cp(); /* Convert the encrypted random data to a hexadecimal formatted string */ bin2hex(buffer, buffer, len); @@ -209,7 +211,7 @@ cp c->status.encryptout = 1; } -cp + cp(); return x; } @@ -218,13 +220,13 @@ int metakey_h(connection_t *c) char buffer[MAX_STRING_SIZE]; int cipher, digest, maclength, compression; int len; -cp + cp(); if(sscanf(c->buffer, "%*d %d %d %d %d "MAX_STRING, &cipher, &digest, &maclength, &compression, buffer) != 5) { syslog(LOG_ERR, _("Got bad %s from %s (%s)"), "METAKEY", c->name, c->hostname); return -1; } -cp + cp(); len = RSA_size(myself->connection->rsa_key); /* Check if the length of the meta key is all right */ @@ -236,7 +238,7 @@ cp } /* Allocate buffers for the meta key */ -cp + cp(); if(!c->inkey) c->inkey = xmalloc(len); @@ -244,11 +246,11 @@ cp c->inctx = xmalloc(sizeof(*c->inctx)); /* Convert the challenge from hexadecimal back to binary */ -cp + cp(); hex2bin(buffer,buffer,len); /* Decrypt the meta key */ -cp + cp(); if(RSA_private_decrypt(len, buffer, c->inkey, myself->connection->rsa_key, RSA_NO_PADDING) != len) /* See challenge() */ { syslog(LOG_ERR, _("Error during encryption of meta key for %s (%s)"), c->name, c->hostname); @@ -263,7 +265,7 @@ cp } /* All incoming requests will now be encrypted. */ -cp + cp(); /* Check and lookup cipher and digest algorithms */ if(cipher) @@ -311,7 +313,7 @@ cp c->incompression = compression; c->allow_request = CHALLENGE; -cp + cp(); return send_challenge(c); } @@ -319,7 +321,7 @@ int send_challenge(connection_t *c) { char buffer[MAX_STRING_SIZE]; int len, x; -cp + cp(); /* CHECKME: what is most reasonable value for len? */ len = RSA_size(c->rsa_key); @@ -328,22 +330,22 @@ cp if(!c->hischallenge) c->hischallenge = xmalloc(len); -cp + cp(); /* Copy random data to the buffer */ RAND_bytes(c->hischallenge, len); -cp + cp(); /* Convert to hex */ bin2hex(c->hischallenge, buffer, len); buffer[len*2] = '\0'; -cp + cp(); /* Send the challenge */ x = send_request(c, "%d %s", CHALLENGE, buffer); -cp + cp(); return x; } @@ -351,7 +353,7 @@ int challenge_h(connection_t *c) { char buffer[MAX_STRING_SIZE]; int len; -cp + cp(); if(sscanf(c->buffer, "%*d "MAX_STRING, buffer) != 1) { syslog(LOG_ERR, _("Got bad %s from %s (%s)"), "CHALLENGE", c->name, c->hostname); @@ -380,7 +382,7 @@ cp c->allow_request = CHAL_REPLY; /* Rest is done by send_chal_reply() */ -cp + cp(); return send_chal_reply(c); } @@ -388,7 +390,7 @@ int send_chal_reply(connection_t *c) { char hash[EVP_MAX_MD_SIZE*2+1]; EVP_MD_CTX ctx; -cp + cp(); /* Calculate the hash from the challenge we received */ EVP_DigestInit(&ctx, c->indigest); @@ -402,7 +404,7 @@ cp /* Send the reply */ -cp + cp(); return send_request(c, "%d %s", CHAL_REPLY, hash); } @@ -411,7 +413,7 @@ int chal_reply_h(connection_t *c) char hishash[MAX_STRING_SIZE]; char myhash[EVP_MAX_MD_SIZE]; EVP_MD_CTX ctx; -cp + cp(); if(sscanf(c->buffer, "%*d "MAX_STRING, hishash) != 1) { syslog(LOG_ERR, _("Got bad %s from %s (%s)"), "CHAL_REPLY", c->name, c->hostname); @@ -455,7 +457,7 @@ cp */ c->allow_request = ACK; -cp + cp(); return send_ack(c); } @@ -465,18 +467,14 @@ int send_ack(connection_t *c) to create node_t and edge_t structures. */ int x; - char *address, *port; struct timeval now; -cp + cp(); /* Estimate weight */ gettimeofday(&now, NULL); c->estimated_weight = (now.tv_sec - c->start.tv_sec) * 1000 + (now.tv_usec - c->start.tv_usec) / 1000; - sockaddr2str(&c->address, &address, &port); - x = send_request(c, "%d %s %s %s %d %d", ACK, myport, address, port, c->estimated_weight, c->options); - free(address); - free(port); -cp + x = send_request(c, "%d %s %d %lx", ACK, myport, c->estimated_weight, c->options); + cp(); return x; } @@ -487,7 +485,7 @@ void send_everything(connection_t *c) subnet_t *s; edge_t *e; - /* Send all known subnets */ + /* Send all known subnets and edges */ for(node = node_tree->head; node; node = node->next) { @@ -498,33 +496,24 @@ void send_everything(connection_t *c) s = (subnet_t *)node2->data; send_add_subnet(c, s); } - } - - /* Send all known edges */ - - for(node = edge_tree->head; node; node = node->next) - { - e = (edge_t *)node->data; - if(e == c->edge) - continue; - - send_add_edge(c, e); + for(node2 = n->edge_tree->head; node2; node2 = node2->next) + { + e = (edge_t *)node2->data; + send_add_edge(c, e); + } } } int ack_h(connection_t *c) { - char myaddress[MAX_STRING_SIZE]; char hisport[MAX_STRING_SIZE]; char *hisaddress, *dummy; int weight; - int options; + long int options; node_t *n; - connection_t *other; - avl_node_t *node; -cp - if(sscanf(c->buffer, "%*d "MAX_STRING" "MAX_STRING" %d %d", hisport, myaddress, &weight, &options) != 4) + cp(); + if(sscanf(c->buffer, "%*d "MAX_STRING" %d %lx", hisport, &weight, &options) != 3) { syslog(LOG_ERR, _("Got bad %s from %s (%s)"), "ACK", c->name, c->hostname); return -1; @@ -549,33 +538,12 @@ cp syslog(LOG_DEBUG, _("Established a second connection with %s (%s), closing old connection"), n->name, n->hostname); terminate_connection(n->connection, 0); } - - /* FIXME: check if information in existing node matches that of the other end of this connection */ } n->connection = c; c->node = n; c->options |= options; - /* Create an edge_t for this connection */ - - c->edge = new_edge(); -cp - c->edge->from.node = myself; -// c->edge->from.tcpaddress = str2sockaddr(address, port); - c->edge->from.udpaddress = str2sockaddr(myaddress, myport); - c->edge->to.node = n; -// c->edge->to.tcpaddress = c->address; - sockaddr2str(&c->address, &hisaddress, &dummy); - c->edge->to.udpaddress = str2sockaddr(hisaddress, hisport); - free(hisaddress); - free(dummy); - c->edge->weight = (weight + c->estimated_weight) / 2; - c->edge->connection = c; - c->edge->options = c->options; -cp - edge_add(c->edge); - /* Activate this connection */ c->allow_request = ALL; @@ -584,29 +552,34 @@ cp if(debug_lvl >= DEBUG_CONNECTIONS) syslog(LOG_NOTICE, _("Connection with %s (%s) activated"), c->name, c->hostname); -cp /* Send him everything we know */ send_everything(c); - /* Notify others of this connection */ + /* Create an edge_t for this connection */ - for(node = connection_tree->head; node; node = node->next) - { - other = (connection_t *)node->data; + c->edge = new_edge(); + cp(); + c->edge->from = myself; + c->edge->to = n; + sockaddr2str(&c->address, &hisaddress, &dummy); + c->edge->address = str2sockaddr(hisaddress, hisport); + free(hisaddress); + free(dummy); + c->edge->weight = (weight + c->estimated_weight) / 2; + c->edge->connection = c; + c->edge->options = c->options; + cp(); + edge_add(c->edge); - if(other->status.active && other != c) - send_add_edge(other, c->edge); - } + cp(); + /* Notify everyone of the new edge */ + + send_add_edge(broadcast, c->edge); /* Run MST and SSSP algorithms */ graph(); - - /* Succesful connection, reset timeout if this is an outgoing connection. */ - - if(c->outgoing) - c->outgoing->timeout = 0; -cp + cp(); return 0; }