projects
/
tinc
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Fix warnings for functions marked __attribute((warn_unused_result)).
[tinc]
/
src
/
protocol_auth.c
diff --git
a/src/protocol_auth.c
b/src/protocol_auth.c
index
88c6255
..
a4e3b24
100644
(file)
--- a/
src/protocol_auth.c
+++ b/
src/protocol_auth.c
@@
-1,7
+1,7
@@
/*
protocol_auth.c -- handle the meta-protocol, authentication
Copyright (C) 1999-2005 Ivo Timmermans,
/*
protocol_auth.c -- handle the meta-protocol, authentication
Copyright (C) 1999-2005 Ivo Timmermans,
- 2000-201
2
Guus Sliepen <guus@tinc-vpn.org>
+ 2000-201
3
Guus Sliepen <guus@tinc-vpn.org>
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@@
-20,7
+20,6
@@
#include "system.h"
#include "system.h"
-#include "splay_tree.h"
#include "conf.h"
#include "connection.h"
#include "control.h"
#include "conf.h"
#include "connection.h"
#include "control.h"
@@
-140,7
+139,7
@@
bool send_id(connection_t *c) {
minor = myself->connection->protocol_minor;
}
minor = myself->connection->protocol_minor;
}
- if(proxytype)
+ if(proxytype
&& c->outgoing
)
if(!send_proxyrequest(c))
return false;
if(!send_proxyrequest(c))
return false;
@@
-161,10
+160,10
@@
bool id_h(connection_t *c, const char *request) {
if(name[0] == '^' && !strcmp(name + 1, controlcookie)) {
c->status.control = true;
c->allow_request = CONTROL;
if(name[0] == '^' && !strcmp(name + 1, controlcookie)) {
c->status.control = true;
c->allow_request = CONTROL;
- c->last_ping_time =
time(NULL)
+ 3600;
+ c->last_ping_time =
now.tv_sec
+ 3600;
- free(c->name);
-
c->name = xstrdup("<control>");
+ free(c->name);
+ c->name = xstrdup("<control>");
return send_request(c, "%d %d %d", ACK, TINC_CTL_VERSION_CURRENT, getpid());
}
return send_request(c, "%d %d %d", ACK, TINC_CTL_VERSION_CURRENT, getpid());
}
@@
-212,9
+211,8
@@
bool id_h(connection_t *c, const char *request) {
if(!c->config_tree) {
init_configuration(&c->config_tree);
if(!c->config_tree) {
init_configuration(&c->config_tree);
- if(!read_connection_config(c)) {
- logger(DEBUG_ALWAYS, LOG_ERR, "Peer %s had unknown identity (%s)", c->hostname,
- c->name);
+ if(!read_host_config(c->config_tree, c->name)) {
+ logger(DEBUG_ALWAYS, LOG_ERR, "Peer %s had unknown identity (%s)", c->hostname, c->name);
return false;
}
return false;
}
@@
-223,7
+221,7
@@
bool id_h(connection_t *c, const char *request) {
return false;
}
} else {
return false;
}
} else {
- if(c->protocol_minor && !ecdsa_active(
&
c->ecdsa))
+ if(c->protocol_minor && !ecdsa_active(c->ecdsa))
c->protocol_minor = 1;
}
c->protocol_minor = 1;
}
@@
-248,13
+246,13
@@
bool send_metakey(connection_t *c) {
if(!read_rsa_public_key(c))
return false;
if(!read_rsa_public_key(c))
return false;
- if(!
cipher_open_blowfish_ofb(&c->outcipher
))
+ if(!
(c->outcipher = cipher_open_blowfish_ofb()
))
return false;
return false;
-
- if(!
digest_open_sha1(&c->outdigest, -1
))
+
+ if(!
(c->outdigest = digest_open_sha1(-1)
))
return false;
return false;
- size_t len = rsa_size(
&
c->rsa);
+ size_t len = rsa_size(c->rsa);
char key[len];
char enckey[len];
char hexkey[2 * len + 1];
char key[len];
char enckey[len];
char hexkey[2 * len + 1];
@@
-275,7
+273,8
@@
bool send_metakey(connection_t *c) {
key[0] &= 0x7F;
key[0] &= 0x7F;
- cipher_set_key_from_rsa(&c->outcipher, key, len, true);
+ if(!cipher_set_key_from_rsa(c->outcipher, key, len, true))
+ return false;
if(debug_level >= DEBUG_SCARY_THINGS) {
bin2hex(key, hexkey, len);
if(debug_level >= DEBUG_SCARY_THINGS) {
bin2hex(key, hexkey, len);
@@
-289,7
+288,7
@@
bool send_metakey(connection_t *c) {
with a length equal to that of the modulus of the RSA key.
*/
with a length equal to that of the modulus of the RSA key.
*/
- if(!rsa_public_encrypt(
&
c->rsa, key, len, enckey)) {
+ if(!rsa_public_encrypt(c->rsa, key, len, enckey)) {
logger(DEBUG_ALWAYS, LOG_ERR, "Error during encryption of meta key for %s (%s)", c->name, c->hostname);
return false;
}
logger(DEBUG_ALWAYS, LOG_ERR, "Error during encryption of meta key for %s (%s)", c->name, c->hostname);
return false;
}
@@
-301,10
+300,10
@@
bool send_metakey(connection_t *c) {
/* Send the meta key */
bool result = send_request(c, "%d %d %d %d %d %s", METAKEY,
/* Send the meta key */
bool result = send_request(c, "%d %d %d %d %d %s", METAKEY,
- cipher_get_nid(
&
c->outcipher),
- digest_get_nid(
&
c->outdigest), c->outmaclength,
+ cipher_get_nid(c->outcipher),
+ digest_get_nid(c->outdigest), c->outmaclength,
c->outcompression, hexkey);
c->outcompression, hexkey);
-
+
c->status.encryptout = true;
return result;
}
c->status.encryptout = true;
return result;
}
@@
-312,7
+311,7
@@
bool send_metakey(connection_t *c) {
bool metakey_h(connection_t *c, const char *request) {
char hexkey[MAX_STRING_SIZE];
int cipher, digest, maclength, compression;
bool metakey_h(connection_t *c, const char *request) {
char hexkey[MAX_STRING_SIZE];
int cipher, digest, maclength, compression;
- size_t len = rsa_size(
&
myself->connection->rsa);
+ size_t len = rsa_size(myself->connection->rsa);
char enckey[len];
char key[len];
char enckey[len];
char key[len];
@@
-334,7
+333,7
@@
bool metakey_h(connection_t *c, const char *request) {
/* Decrypt the meta key */
/* Decrypt the meta key */
- if(!rsa_private_decrypt(
&
myself->connection->rsa, enckey, len, key)) {
+ if(!rsa_private_decrypt(myself->connection->rsa, enckey, len, key)) {
logger(DEBUG_ALWAYS, LOG_ERR, "Error during decryption of meta key for %s (%s)", c->name, c->hostname);
return false;
}
logger(DEBUG_ALWAYS, LOG_ERR, "Error during decryption of meta key for %s (%s)", c->name, c->hostname);
return false;
}
@@
-346,12
+345,12
@@
bool metakey_h(connection_t *c, const char *request) {
/* Check and lookup cipher and digest algorithms */
/* Check and lookup cipher and digest algorithms */
- if(!
cipher_open_by_nid(&c->incipher, cipher) || !cipher_set_key_from_rsa(&
c->incipher, key, len, false)) {
+ if(!
(c->incipher = cipher_open_by_nid(cipher)) || !cipher_set_key_from_rsa(
c->incipher, key, len, false)) {
logger(DEBUG_ALWAYS, LOG_ERR, "Error during initialisation of cipher from %s (%s)", c->name, c->hostname);
return false;
}
logger(DEBUG_ALWAYS, LOG_ERR, "Error during initialisation of cipher from %s (%s)", c->name, c->hostname);
return false;
}
- if(!
digest_open_by_nid(&c->indigest, digest, -1
)) {
+ if(!
(c->indigest = digest_open_by_nid(digest, -1)
)) {
logger(DEBUG_ALWAYS, LOG_ERR, "Error during initialisation of digest from %s (%s)", c->name, c->hostname);
return false;
}
logger(DEBUG_ALWAYS, LOG_ERR, "Error during initialisation of digest from %s (%s)", c->name, c->hostname);
return false;
}
@@
-364,7
+363,7
@@
bool metakey_h(connection_t *c, const char *request) {
}
bool send_challenge(connection_t *c) {
}
bool send_challenge(connection_t *c) {
- size_t len = rsa_size(
&
c->rsa);
+ size_t len = rsa_size(c->rsa);
char buffer[len * 2 + 1];
if(!c->hischallenge)
char buffer[len * 2 + 1];
if(!c->hischallenge)
@@
-385,8
+384,8
@@
bool send_challenge(connection_t *c) {
bool challenge_h(connection_t *c, const char *request) {
char buffer[MAX_STRING_SIZE];
bool challenge_h(connection_t *c, const char *request) {
char buffer[MAX_STRING_SIZE];
- size_t len = rsa_size(
&
myself->connection->rsa);
- size_t digestlen = digest_length(
&
c->indigest);
+ size_t len = rsa_size(myself->connection->rsa);
+ size_t digestlen = digest_length(c->indigest);
char digest[digestlen];
if(sscanf(request, "%*d " MAX_STRING, buffer) != 1) {
char digest[digestlen];
if(sscanf(request, "%*d " MAX_STRING, buffer) != 1) {
@@
-405,11
+404,10
@@
bool challenge_h(connection_t *c, const char *request) {
return false;
}
return false;
}
- c->allow_request = CHAL_REPLY;
-
/* Calculate the hash from the challenge we received */
/* Calculate the hash from the challenge we received */
- digest_create(&c->indigest, buffer, len, digest);
+ if(!digest_create(c->indigest, buffer, len, digest))
+ return false;
/* Convert the hash to a hexadecimal formatted string */
/* Convert the hash to a hexadecimal formatted string */
@@
-417,6
+415,8
@@
bool challenge_h(connection_t *c, const char *request) {
/* Send the reply */
/* Send the reply */
+ c->allow_request = CHAL_REPLY;
+
return send_request(c, "%d %s", CHAL_REPLY, buffer);
}
return send_request(c, "%d %s", CHAL_REPLY, buffer);
}
@@
-435,7
+435,7
@@
bool chal_reply_h(connection_t *c, const char *request) {
/* Check if the length of the hash is all right */
/* Check if the length of the hash is all right */
- if(inlen != digest_length(
&
c->outdigest)) {
+ if(inlen != digest_length(c->outdigest)) {
logger(DEBUG_ALWAYS, LOG_ERR, "Possible intruder %s (%s): %s", c->name, c->hostname, "wrong challenge reply length");
return false;
}
logger(DEBUG_ALWAYS, LOG_ERR, "Possible intruder %s (%s): %s", c->name, c->hostname, "wrong challenge reply length");
return false;
}
@@
-443,7
+443,7
@@
bool chal_reply_h(connection_t *c, const char *request) {
/* Verify the hash */
/* Verify the hash */
- if(!digest_verify(
&c->outdigest, c->hischallenge, rsa_size(&
c->rsa), hishash)) {
+ if(!digest_verify(
c->outdigest, c->hischallenge, rsa_size(
c->rsa), hishash)) {
logger(DEBUG_ALWAYS, LOG_ERR, "Possible intruder %s (%s): %s", c->name, c->hostname, "wrong challenge reply");
return false;
}
logger(DEBUG_ALWAYS, LOG_ERR, "Possible intruder %s (%s): %s", c->name, c->hostname, "wrong challenge reply");
return false;
}
@@
-463,7
+463,7
@@
static bool send_upgrade(connection_t *c) {
/* Special case when protocol_minor is 1: the other end is ECDSA capable,
* but doesn't know our key yet. So send it now. */
/* Special case when protocol_minor is 1: the other end is ECDSA capable,
* but doesn't know our key yet. So send it now. */
- char *pubkey = ecdsa_get_base64_public_key(
&
myself->connection->ecdsa);
+ char *pubkey = ecdsa_get_base64_public_key(myself->connection->ecdsa);
if(!pubkey)
return false;
if(!pubkey)
return false;
@@
-510,34
+510,32
@@
bool send_ack(connection_t *c) {
}
static void send_everything(connection_t *c) {
}
static void send_everything(connection_t *c) {
- splay_node_t *node, *node2;
- node_t *n;
- subnet_t *s;
- edge_t *e;
-
/* Send all known subnets and edges */
/* Send all known subnets and edges */
+ if(disablebuggypeers) {
+ static struct {
+ vpn_packet_t pkt;
+ char pad[MAXBUFSIZE - MAXSIZE];
+ } zeropkt;
+
+ memset(&zeropkt, 0, sizeof zeropkt);
+ zeropkt.pkt.len = MAXBUFSIZE;
+ send_tcppacket(c, &zeropkt.pkt);
+ }
+
if(tunnelserver) {
if(tunnelserver) {
- for(node = myself->subnet_tree->head; node; node = node->next) {
- s = node->data;
+ for splay_each(subnet_t, s, myself->subnet_tree)
send_add_subnet(c, s);
send_add_subnet(c, s);
- }
return;
}
return;
}
- for(node = node_tree->head; node; node = node->next) {
- n = node->data;
-
- for(node2 = n->subnet_tree->head; node2; node2 = node2->next) {
- s = node2->data;
+ for splay_each(node_t, n, node_tree) {
+ for splay_each(subnet_t, s, n->subnet_tree)
send_add_subnet(c, s);
send_add_subnet(c, s);
- }
- for(node2 = n->edge_tree->head; node2; node2 = node2->next) {
- e = node2->data;
+ for splay_each(edge_t, e, n->edge_tree)
send_add_edge(c, e);
send_add_edge(c, e);
- }
}
}
}
}
@@
-549,7
+547,7
@@
static bool upgrade_h(connection_t *c, const char *request) {
return false;
}
return false;
}
- if(ecdsa_active(
&
c->ecdsa) || read_ecdsa_public_key(c)) {
+ if(ecdsa_active(c->ecdsa) || read_ecdsa_public_key(c)) {
logger(DEBUG_ALWAYS, LOG_INFO, "Already have ECDSA public key from %s (%s), not upgrading.", c->name, c->hostname);
return false;
}
logger(DEBUG_ALWAYS, LOG_INFO, "Already have ECDSA public key from %s (%s), not upgrading.", c->name, c->hostname);
return false;
}