X-Git-Url: https://tinc-vpn.org/git/browse?a=blobdiff_plain;ds=inline;f=src%2Fprotocol_auth.c;h=fc39b64e0dc0d9b03a9147b56a774c8ba416abc3;hb=7208397398f7e08d741bfa83594a88e5d01b6220;hp=9d61ab8fc7826b8d431f95cae3291f9bbf64436e;hpb=46f3eba7755089ff68fdc137b0754cae2fa523eb;p=tinc diff --git a/src/protocol_auth.c b/src/protocol_auth.c index 9d61ab8f..fc39b64e 100644 --- a/src/protocol_auth.c +++ b/src/protocol_auth.c @@ -46,6 +46,7 @@ #include "xalloc.h" #include "ed25519/sha512.h" +#include "keys.h" int invitation_lifetime; ecdsa_t *invitation_key = NULL; @@ -160,7 +161,7 @@ bool send_id(connection_t *c) { int minor = 0; if(experimental) { - if(c->outgoing && !read_ecdsa_public_key(c)) { + if(c->outgoing && !read_ecdsa_public_key(&c->ecdsa, &c->config_tree, c->name)) { minor = 1; } else { minor = myself->connection->protocol_minor; @@ -176,6 +177,8 @@ bool send_id(connection_t *c) { } static bool finalize_invitation(connection_t *c, const char *data, uint16_t len) { + (void)len; + if(strchr(data, '\n')) { logger(DEBUG_ALWAYS, LOG_ERR, "Received invalid key from invited node %s (%s)!\n", c->name, c->hostname); return false; @@ -212,6 +215,9 @@ static bool finalize_invitation(connection_t *c, const char *data, uint16_t len) environment_add(&env, "REMOTEADDRESS=%s", address); environment_add(&env, "NAME=%s", myself->name); + free(address); + free(port); + execute_script("invitation-accepted", &env); environment_exit(&env); @@ -282,13 +288,16 @@ static bool receive_invitation_sptps(void *handle, uint8_t type, const void *dat } // Read the new node's Name from the file - char buf[1024]; + char buf[1024] = ""; fgets(buf, sizeof(buf), f); + size_t buflen = strlen(buf); - if(*buf) { - buf[strlen(buf) - 1] = 0; + // Strip whitespace at the end + while(buflen && strchr(" \t\r\n", buf[buflen - 1])) { + buf[--buflen] = 0; } + // Split the first line into variable and value len = strcspn(buf, " \t="); char *name = buf + len; name += strspn(name, " \t"); @@ -300,6 +309,7 @@ static bool receive_invitation_sptps(void *handle, uint8_t type, const void *dat buf[len] = 0; + // Check that it is a valid Name if(!*buf || !*name || strcasecmp(buf, "Name") || !check_id(name) || !strcmp(name, myself->name)) { logger(DEBUG_ALWAYS, LOG_ERR, "Invalid invitation file %s\n", cookie); fclose(f); @@ -405,10 +415,7 @@ bool id_h(connection_t *c, const char *request) { return false; } } else { - if(c->name) { - free(c->name); - } - + free(c->name); c->name = xstrdup(name); } @@ -447,7 +454,7 @@ bool id_h(connection_t *c, const char *request) { } if(experimental) { - read_ecdsa_public_key(c); + read_ecdsa_public_key(&c->ecdsa, &c->config_tree, c->name); } /* Ignore failures if no key known yet */ @@ -487,17 +494,14 @@ bool id_h(connection_t *c, const char *request) { } } +#ifndef DISABLE_LEGACY bool send_metakey(connection_t *c) { -#ifdef DISABLE_LEGACY - return false; -#else - if(!myself->connection->rsa) { logger(DEBUG_CONNECTIONS, LOG_ERR, "Peer %s (%s) uses legacy protocol which we don't support", c->name, c->hostname); return false; } - if(!read_rsa_public_key(c)) { + if(!read_rsa_public_key(&c->rsa, c->config_tree, c->name)) { return false; } @@ -581,14 +585,9 @@ bool send_metakey(connection_t *c) { c->status.encryptout = true; return result; -#endif } bool metakey_h(connection_t *c, const char *request) { -#ifdef DISABLE_LEGACY - return false; -#else - if(!myself->connection->rsa) { return false; } @@ -606,7 +605,7 @@ bool metakey_h(connection_t *c, const char *request) { /* Convert the challenge from hexadecimal back to binary */ - int inlen = hex2bin(hexkey, enckey, sizeof(enckey)); + size_t inlen = hex2bin(hexkey, enckey, sizeof(enckey)); /* Check if the length of the meta key is all right */ @@ -656,13 +655,9 @@ bool metakey_h(connection_t *c, const char *request) { c->allow_request = CHALLENGE; return send_challenge(c); -#endif } bool send_challenge(connection_t *c) { -#ifdef DISABLE_LEGACY - return false; -#else const size_t len = rsa_size(c->rsa); char buffer[len * 2 + 1]; @@ -679,14 +674,9 @@ bool send_challenge(connection_t *c) { /* Send the challenge */ return send_request(c, "%d %s", CHALLENGE, buffer); -#endif } bool challenge_h(connection_t *c, const char *request) { -#ifdef DISABLE_LEGACY - return false; -#else - if(!myself->connection->rsa) { return false; } @@ -721,8 +711,6 @@ bool challenge_h(connection_t *c, const char *request) { } else { return true; } - -#endif } bool send_chal_reply(connection_t *c) { @@ -749,9 +737,6 @@ bool send_chal_reply(connection_t *c) { } bool chal_reply_h(connection_t *c, const char *request) { -#ifdef DISABLE_LEGACY - return false; -#else char hishash[MAX_STRING_SIZE]; if(sscanf(request, "%*d " MAX_STRING, hishash) != 1) { @@ -762,7 +747,7 @@ bool chal_reply_h(connection_t *c, const char *request) { /* Convert the hash to binary format */ - int inlen = hex2bin(hishash, hishash, sizeof(hishash)); + size_t inlen = hex2bin(hishash, hishash, sizeof(hishash)); /* Check if the length of the hash is all right */ @@ -792,13 +777,9 @@ bool chal_reply_h(connection_t *c, const char *request) { } return send_ack(c); -#endif } static bool send_upgrade(connection_t *c) { -#ifdef DISABLE_LEGACY - return false; -#else /* Special case when protocol_minor is 1: the other end is Ed25519 capable, * but doesn't know our key yet. So send it now. */ @@ -811,8 +792,46 @@ static bool send_upgrade(connection_t *c) { bool result = send_request(c, "%d %s", ACK, pubkey); free(pubkey); return result; -#endif } +#else +bool send_metakey(connection_t *c) { + (void)c; + return false; +} + +bool metakey_h(connection_t *c, const char *request) { + (void)c; + (void)request; + return false; +} + +bool send_challenge(connection_t *c) { + (void)c; + return false; +} + +bool challenge_h(connection_t *c, const char *request) { + (void)c; + (void)request; + return false; +} + +bool send_chal_reply(connection_t *c) { + (void)c; + return false; +} + +bool chal_reply_h(connection_t *c, const char *request) { + (void)c; + (void)request; + return false; +} + +static bool send_upgrade(connection_t *c) { + (void)c; + return false; +} +#endif bool send_ack(connection_t *c) { if(c->protocol_minor == 1) { @@ -899,7 +918,7 @@ static bool upgrade_h(connection_t *c, const char *request) { return false; } - if(ecdsa_active(c->ecdsa) || read_ecdsa_public_key(c)) { + if(ecdsa_active(c->ecdsa) || read_ecdsa_public_key(&c->ecdsa, &c->config_tree, c->name)) { char *knownkey = ecdsa_get_base64_public_key(c->ecdsa); bool different = strcmp(knownkey, pubkey); free(knownkey);