/*
protocol.c -- handle the meta-protocol
- Copyright (C) 1999,2000 Ivo Timmermans <itimmermans@bigfoot.com>,
- 2000 Guus Sliepen <guus@sliepen.warande.net>
+ Copyright (C) 1999-2001 Ivo Timmermans <itimmermans@bigfoot.com>,
+ 2000,2001 Guus Sliepen <guus@sliepen.warande.net>
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
along with this program; if not, write to the Free Software
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
- $Id: protocol.c,v 1.28.4.64 2000/11/22 19:55:50 guus Exp $
+ $Id: protocol.c,v 1.28.4.74 2001/01/07 17:09:02 guus Exp $
*/
#include "config.h"
#include <utils.h>
#include <xalloc.h>
+#include <avl_tree.h>
+#include <list.h>
#include <netinet/in.h>
for (i = 0; i < strlen(id); i++)
if(!isalnum(id[i]) && id[i] != '_')
return -1;
-
+
return 0;
}
-/* Generic request routines - takes care of logging and error detection as well */
+/* Generic request routines - takes care of logging and error
+ detection as well */
int send_request(connection_t *cl, const char *format, ...)
{
int len, request;
cp
- /* Use vsnprintf instead of vasprintf: faster, no memory fragmentation, cleanup is automatic,
- and there is a limit on the input buffer anyway */
+ /* Use vsnprintf instead of vasprintf: faster, no memory
+ fragmentation, cleanup is automatic, and there is a limit on the
+ input buffer anyway */
va_start(args, format);
len = vsnprintf(buffer, MAXBUFSIZE, format, args);
(H) SHA1,
(E) Encrypted with symmetric cipher.
- Part of the challenge is directly used to set the symmetric cipher key and the initial vector.
- Since a man-in-the-middle cannot decrypt the RSA challenges, this means that he cannot get or
- forge the key for the symmetric cipher.
+ Part of the challenge is directly used to set the symmetric cipher
+ key and the initial vector. Since a man-in-the-middle cannot
+ decrypt the RSA challenges, this means that he cannot get or forge
+ the key for the symmetric cipher.
*/
int send_id(connection_t *cl)
int id_h(connection_t *cl)
{
connection_t *old;
- config_t const *cfg;
+ unsigned short int port;
char name[MAX_STRING_SIZE];
+ avl_node_t *node;
cp
- if(sscanf(cl->buffer, "%*d "MAX_STRING" %d %lx %hd", name, &cl->protocol_version, &cl->options, &cl->port) != 4)
+ if(sscanf(cl->buffer, "%*d "MAX_STRING" %d %lx %hd", name, &cl->protocol_version, &cl->options, &port) != 4)
{
syslog(LOG_ERR, _("Got bad ID from %s"), cl->hostname);
return -1;
id_add(cl);
+ /* And uhr... cl->port just changed so we have to unlink it from the connection tree and re-insert... */
+
+ node = avl_unlink(connection_tree, cl);
+ cl->port = port;
+ avl_insert_node(connection_tree, node);
+
/* Read in the public key, so that we can send a challenge */
- if((cfg = get_config_val(cl->config, config_publickey)))
- {
- cl->rsa_key = RSA_new();
- BN_hex2bn(&cl->rsa_key->n, cfg->data.ptr);
- BN_hex2bn(&cl->rsa_key->e, "FFFF");
- }
- else
- {
- syslog(LOG_ERR, _("No public key known for %s (%s)"), cl->name, cl->hostname);
- return -1;
- }
+ if(read_rsa_public_key(cl))
+ return -1;
+
cp
return send_challenge(cl);
}
RAND_bytes(cl->hischallenge, len);
cl->hischallenge[0] &= 0x7F; /* Somehow if the first byte is more than 0xD0 or something like that, decryption fails... */
-
+cp
if(debug_lvl >= DEBUG_SCARY_THINGS)
{
bin2hex(cl->hischallenge, buffer, len);
}
/* Encrypt the random data */
-
+
if(RSA_public_encrypt(len, cl->hischallenge, buffer, cl->rsa_key, RSA_NO_PADDING) != len) /* NO_PADDING because the message size equals the RSA key size and it is totally random */
{
syslog(LOG_ERR, _("Error during encryption of challenge for %s (%s)"), cl->name, cl->hostname);
bin2hex(buffer, buffer, len);
buffer[len*2] = '\0';
-
+cp
/* Send the challenge */
cl->allow_request = CHAL_REPLY;
if(cl->status.outgoing)
cl->allow_request = ACK;
- setup_vpn_connection(cl);
-
x = send_request(cl, "%d", ACK);
cl->status.encryptout = 1;
cp
{
connection_t *old, *p;
subnet_t *subnet;
- rbl_t *rbl, *rbl2;
+ avl_node_t *node, *node2;
cp
/* Okay, before we active the connection, we check if there is another entry
in the connection list with the same name. If so, it presumably is an
/* Send him our subnets */
- RBL_FOREACH(myself->subnet_tree, rbl)
+ for(node = myself->subnet_tree->head; node; node = node->next)
{
- subnet = (subnet_t *)rbl->data;
+ subnet = (subnet_t *)node->data;
send_add_subnet(cl, subnet);
}
/* And send him all the hosts and their subnets we know... */
- RBL_FOREACH(connection_tree, rbl)
+ for(node = connection_tree->head; node; node = node->next)
{
- p = (connection_t *)rbl->data;
+ p = (connection_t *)node->data;
if(p != cl && p->status.active)
{
send_add_host(cl, p);
- RBL_FOREACH(p->subnet_tree, rbl2)
+ for(node2 = p->subnet_tree->head; node2; node2 = node2->next)
{
- subnet = (subnet_t *)rbl2->data;
+ subnet = (subnet_t *)node2->data;
send_add_subnet(cl, subnet);
}
}
char name[MAX_STRING_SIZE];
connection_t *owner, *p;
subnet_t *subnet;
- rbl_t *rbl;
+ avl_node_t *node;
cp
if(sscanf(cl->buffer, "%*d "MAX_STRING" "MAX_STRING, name, subnetstr) != 2)
{
/* Tell the rest */
- RBL_FOREACH(connection_tree, rbl)
+ for(node = connection_tree->head; node; node = node->next)
{
- p = (connection_t *)rbl->data;
+ p = (connection_t *)node->data;
if(p->status.meta && p->status.active && p!= cl)
send_add_subnet(p, subnet);
}
char name[MAX_STRING_SIZE];
connection_t *owner, *p;
subnet_t *subnet;
- rbl_t *rbl;
+ avl_node_t *node;
cp
if(sscanf(cl->buffer, "%*d "MAX_STRING" "MAX_STRING, name, subnetstr) != 3)
{
/* Tell the rest */
- RBL_FOREACH(connection_tree, rbl)
+ for(node = connection_tree->head; node; node = node->next)
{
- p = (connection_t *)rbl->data;
+ p = (connection_t *)node->data;
if(p->status.meta && p->status.active && p!= cl)
send_del_subnet(p, subnet);
}
{
connection_t *old, *new, *p;
char name[MAX_STRING_SIZE];
- rbl_t *rbl;
+ avl_node_t *node;
cp
new = new_connection();
/* Check if somebody tries to add ourself */
- if(!strcmp(new->name, myself->name))
+ if(!strcmp(name, myself->name))
{
syslog(LOG_ERR, _("Warning: got ADD_HOST from %s (%s) for ourself, restarting"), cl->name, cl->hostname);
sighup = 1;
/* Tell the rest about the new host */
- RBL_FOREACH(connection_tree, rbl)
+ for(node = connection_tree->head; node; node = node->next)
{
- p = (connection_t *)rbl->data;
+ p = (connection_t *)node->data;
if(p->status.meta && p->status.active && p!=cl)
send_add_host(p, new);
}
new->status.active = 1;
new->cipher_pkttype = EVP_bf_cfb();
new->cipher_pktkeylength = cl->cipher_pkttype->key_len + cl->cipher_pkttype->iv_len;
-
- /* Okay this is a bit ugly... it would be better to setup UDP sockets dynamically, or
- * perhaps just one UDP socket... but then again, this has benefits too...
- */
-
- setup_vpn_connection(new);
cp
return 0;
}
port_t port;
long int options;
connection_t *old, *p;
- rbl_t *rbl;
+ avl_node_t *node;
cp
if(sscanf(cl->buffer, "%*d "MAX_STRING" %lx:%d %lx", name, &address, &port, &options) != 4)
{
/* Tell the rest about the new host */
- RBL_FOREACH(connection_tree, rbl)
+ for(node = connection_tree->head; node; node = node->next)
{
- p = (connection_t *)rbl->data;
+ p = (connection_t *)node->data;
if(p->status.meta && p->status.active && p!=cl)
send_del_host(p, old);
}
int send_key_changed(connection_t *from, connection_t *cl)
{
connection_t *p;
- rbl_t *rbl;
+ avl_node_t *node;
cp
- RBL_FOREACH(connection_tree, rbl)
+ for(node = connection_tree->head; node; node = node->next)
{
- p = (connection_t *)rbl->data;
+ p = (connection_t *)node->data;
if(p != cl && p->status.meta && p->status.active)
send_request(p, "%d %s", KEY_CHANGED, from->name);
}
from->cipher_pktkey = xstrdup(pktkey);
keylength /= 2;
- hex2bin(pktkey, pktkey, keylength);
- pktkey[keylength] = '\0';
+ hex2bin(from->cipher_pktkey, from->cipher_pktkey, keylength);
+ from->cipher_pktkey[keylength] = '\0';
from->status.validkey = 1;
from->status.waitingforkey = 0;
+
+ flush_queue(from);
cp
return 0;
}