X-Git-Url: https://www.tinc-vpn.org/git/browse?p=tinc;a=blobdiff_plain;f=src%2Fprotocol_key.c;h=f0fe316b2f65f5496b7acf829f6a25a9b5682e98;hp=421e2a30c52818dda4387febb3f8d51e00a578d4;hb=e9576632dc4b780b867044269d06cc50f76d8c05;hpb=5cb147135184e3748c6f5e6e6203d22ab9f904f8 diff --git a/src/protocol_key.c b/src/protocol_key.c index 421e2a30..f0fe316b 100644 --- a/src/protocol_key.c +++ b/src/protocol_key.c @@ -1,7 +1,7 @@ /* protocol_key.c -- handle the meta-protocol, key exchange - Copyright (C) 1999-2003 Ivo Timmermans , - 2000-2003 Guus Sliepen + Copyright (C) 1999-2005 Ivo Timmermans, + 2000-2008 Guus Sliepen This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -17,11 +17,14 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol_key.c,v 1.1.4.21 2003/07/23 22:17:31 guus Exp $ + $Id$ */ #include "system.h" +#include +#include + #include "avl_tree.h" #include "connection.h" #include "logger.h" @@ -34,7 +37,7 @@ bool mykeyused = false; -bool send_key_changed(connection_t *c, node_t *n) +bool send_key_changed(connection_t *c, const node_t *n) { cp(); @@ -77,12 +80,13 @@ bool key_changed_h(connection_t *c) /* Tell the others */ - forward_request(c); + if(!tunnelserver) + forward_request(c); return true; } -bool send_req_key(connection_t *c, node_t *from, node_t *to) +bool send_req_key(connection_t *c, const node_t *from, const node_t *to) { cp(); @@ -127,18 +131,28 @@ bool req_key_h(connection_t *c) memset(from->late, 0, sizeof(from->late)); send_ans_key(c, myself, from); } else { + if(tunnelserver) + return false; + + if(!to->status.reachable) { + logger(LOG_WARNING, _("Got %s from %s (%s) destination %s which is not reachable"), + "REQ_KEY", c->name, c->hostname, to_name); + return true; + } + send_req_key(to->nexthop->connection, from, to); } return true; } -bool send_ans_key(connection_t *c, node_t *from, node_t *to) +bool send_ans_key(connection_t *c, const node_t *from, const node_t *to) { - char key[MAX_STRING_SIZE]; + char *key; cp(); + key = alloca(2 * from->keylength + 1); bin2hex(from->key, key, from->keylength); key[from->keylength * 2] = '\0'; @@ -186,6 +200,15 @@ bool ans_key_h(connection_t *c) /* Forward it if necessary */ if(to != myself) { + if(tunnelserver) + return false; + + if(!to->status.reachable) { + logger(LOG_WARNING, _("Got %s from %s (%s) destination %s which is not reachable"), + "ANS_KEY", c->name, c->hostname, to_name); + return true; + } + return send_request(to->nexthop->connection, "%s", c->buffer); } @@ -251,7 +274,14 @@ bool ans_key_h(connection_t *c) from->compression = compression; if(from->cipher) - EVP_EncryptInit_ex(&from->packet_ctx, from->cipher, NULL, from->key, from->key + from->cipher->key_len); + if(!EVP_EncryptInit_ex(&from->packet_ctx, from->cipher, NULL, (unsigned char *)from->key, (unsigned char *)from->key + from->cipher->key_len)) { + logger(LOG_ERR, _("Error during initialisation of key from %s (%s): %s"), + from->name, from->hostname, ERR_error_string(ERR_get_error(), NULL)); + return false; + } + + if(from->options & OPTION_PMTU_DISCOVERY && !from->mtuprobes) + send_mtu_probe(from); flush_queue(from);