/*
protocol_auth.c -- handle the meta-protocol, authentication
Copyright (C) 1999-2005 Ivo Timmermans,
- 2000-2016 Guus Sliepen <guus@tinc-vpn.org>
+ 2000-2017 Guus Sliepen <guus@tinc-vpn.org>
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
#include "ed25519/sha512.h"
+int invitation_lifetime;
ecdsa_t *invitation_key = NULL;
static bool send_proxyrequest(connection_t *c) {
logger(DEBUG_CONNECTIONS, LOG_INFO, "Key succesfully received from %s (%s)", c->name, c->hostname);
// Call invitation-accepted script
- char *envp[7] = {NULL};
+ environment_t env;
char *address, *port;
- xasprintf(&envp[0], "NETNAME=%s", netname ? : "");
- xasprintf(&envp[1], "DEVICE=%s", device ? : "");
- xasprintf(&envp[2], "INTERFACE=%s", iface ? : "");
- xasprintf(&envp[3], "NODE=%s", c->name);
+ environment_init(&env);
+ environment_add(&env, "NODE=%s", c->name);
sockaddr2str(&c->address, &address, &port);
- xasprintf(&envp[4], "REMOTEADDRESS=%s", address);
- xasprintf(&envp[5], "NAME=%s", myself->name);
+ environment_add(&env, "REMOTEADDRESS=%s", address);
+ environment_add(&env, "NAME=%s", myself->name);
- execute_script("invitation-accepted", envp);
+ execute_script("invitation-accepted", &env);
- for(int i = 0; envp[i] && i < 7; i++)
- free(envp[i]);
+ environment_exit(&env);
sptps_send_record(&c->sptps, 2, data, 0);
return true;
return false;
}
+ // Check the timestamp of the invitation
+ struct stat st;
+ if(stat(usedname, &st)) {
+ logger(DEBUG_ALWAYS, LOG_ERR, "Could not stat %s", usedname);
+ return false;
+ }
+
+ if(st.st_mtime + invitation_lifetime < now.tv_sec) {
+ logger(DEBUG_ALWAYS, LOG_ERR, "Peer %s tried to use expired invitation %s", c->hostname, cookie);
+ return false;
+ }
+
// Open the renamed file
FILE *f = fopen(usedname, "r");
if(!f) {
bool id_h(connection_t *c, const char *request) {
char name[MAX_STRING_SIZE];
- if(sscanf(request, "%*d " MAX_STRING " %d.%d", name, &c->protocol_major, &c->protocol_minor) < 2) {
+ if(sscanf(request, "%*d " MAX_STRING " %2d.%3d", name, &c->protocol_major, &c->protocol_minor) < 2) {
logger(DEBUG_ALWAYS, LOG_ERR, "Got bad %s from %s (%s)", "ID", c->name,
c->hostname);
return false;