X-Git-Url: https://tinc-vpn.org/git/browse?a=blobdiff_plain;ds=sidebyside;f=src%2Fprotocol_auth.c;h=49dfd2817d3ebd9e19e017ef8235dc8c9e962ef6;hb=40731d030fef793c6b6405efd9b3e64c26c00045;hp=8d4b03290b9ecda546bf461dbb8d12d2a705c0cf;hpb=df3220a1549f992cbf4a9b6e67c1e67b69896c7d;p=tinc diff --git a/src/protocol_auth.c b/src/protocol_auth.c index 8d4b0329..49dfd281 100644 --- a/src/protocol_auth.c +++ b/src/protocol_auth.c @@ -1,7 +1,7 @@ /* protocol_auth.c -- handle the meta-protocol, authentication - Copyright (C) 1999-2005 Ivo Timmermans , - 2000-2005 Guus Sliepen + Copyright (C) 1999-2005 Ivo Timmermans, + 2000-2007 Guus Sliepen This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -27,7 +27,7 @@ #include #include -#include "avl_tree.h" +#include "splay_tree.h" #include "conf.h" #include "connection.h" #include "edge.h" @@ -40,21 +40,21 @@ #include "utils.h" #include "xalloc.h" -bool send_id(connection_t *c) -{ +bool send_id(connection_t *c) { cp(); + gettimeofday(&c->start, NULL); + return send_request(c, "%d %s %d", ID, myself->connection->name, myself->connection->protocol_version); } -bool id_h(connection_t *c) -{ +bool id_h(connection_t *c, char *request) { char name[MAX_STRING_SIZE]; cp(); - if(sscanf(c->buffer, "%*d " MAX_STRING " %d", name, &c->protocol_version) != 2) { + if(sscanf(request, "%*d " MAX_STRING " %d", name, &c->protocol_version) != 2) { logger(LOG_ERR, _("Got bad %s from %s (%s)"), "ID", c->name, c->hostname); return false; @@ -68,9 +68,9 @@ bool id_h(connection_t *c) return false; } - /* If we set c->name in advance, make sure we are connected to the right host */ + /* If this is an outgoing connection, make sure we are connected to the right host */ - if(c->name) { + if(c->outgoing) { if(strcmp(c->name, name)) { logger(LOG_ERR, _("Peer %s is %s instead of %s"), c->hostname, name, c->name); @@ -116,9 +116,8 @@ bool id_h(connection_t *c) return send_metakey(c); } -bool send_metakey(connection_t *c) -{ - char buffer[MAX_STRING_SIZE]; +bool send_metakey(connection_t *c) { + char *buffer; int len; bool x; @@ -128,6 +127,8 @@ bool send_metakey(connection_t *c) /* Allocate buffers for the meta key */ + buffer = alloca(2 * len + 1); + if(!c->outkey) c->outkey = xmalloc(len); @@ -136,7 +137,7 @@ bool send_metakey(connection_t *c) cp(); /* Copy random data to the buffer */ - RAND_pseudo_bytes(c->outkey, len); + RAND_pseudo_bytes((unsigned char *)c->outkey, len); /* The message we send must be smaller than the modulus of the RSA key. By definition, for a key of k bits, the following formula holds: @@ -164,7 +165,7 @@ bool send_metakey(connection_t *c) with a length equal to that of the modulus of the RSA key. */ - if(RSA_public_encrypt(len, c->outkey, buffer, c->rsa_key, RSA_NO_PADDING) != len) { + if(RSA_public_encrypt(len, (unsigned char *)c->outkey, (unsigned char *)buffer, c->rsa_key, RSA_NO_PADDING) != len) { logger(LOG_ERR, _("Error during encryption of meta key for %s (%s)"), c->name, c->hostname); return false; @@ -186,8 +187,8 @@ bool send_metakey(connection_t *c) if(c->outcipher) { if(!EVP_EncryptInit(c->outctx, c->outcipher, - c->outkey + len - c->outcipher->key_len, - c->outkey + len - c->outcipher->key_len - + (unsigned char *)c->outkey + len - c->outcipher->key_len, + (unsigned char *)c->outkey + len - c->outcipher->key_len - c->outcipher->iv_len)) { logger(LOG_ERR, _("Error during initialisation of cipher for %s (%s): %s"), c->name, c->hostname, ERR_error_string(ERR_get_error(), NULL)); @@ -200,15 +201,14 @@ bool send_metakey(connection_t *c) return x; } -bool metakey_h(connection_t *c) -{ +bool metakey_h(connection_t *c, char *request) { char buffer[MAX_STRING_SIZE]; int cipher, digest, maclength, compression; int len; cp(); - if(sscanf(c->buffer, "%*d %d %d %d %d " MAX_STRING, &cipher, &digest, &maclength, &compression, buffer) != 5) { + if(sscanf(request, "%*d %d %d %d %d " MAX_STRING, &cipher, &digest, &maclength, &compression, buffer) != 5) { logger(LOG_ERR, _("Got bad %s from %s (%s)"), "METAKEY", c->name, c->hostname); return false; @@ -237,7 +237,7 @@ bool metakey_h(connection_t *c) /* Decrypt the meta key */ - if(RSA_private_decrypt(len, buffer, c->inkey, myself->connection->rsa_key, RSA_NO_PADDING) != len) { /* See challenge() */ + if(RSA_private_decrypt(len, (unsigned char *)buffer, (unsigned char *)c->inkey, myself->connection->rsa_key, RSA_NO_PADDING) != len) { /* See challenge() */ logger(LOG_ERR, _("Error during encryption of meta key for %s (%s)"), c->name, c->hostname); return false; @@ -262,8 +262,8 @@ bool metakey_h(connection_t *c) } if(!EVP_DecryptInit(c->inctx, c->incipher, - c->inkey + len - c->incipher->key_len, - c->inkey + len - c->incipher->key_len - + (unsigned char *)c->inkey + len - c->incipher->key_len, + (unsigned char *)c->inkey + len - c->incipher->key_len - c->incipher->iv_len)) { logger(LOG_ERR, _("Error during initialisation of cipher from %s (%s): %s"), c->name, c->hostname, ERR_error_string(ERR_get_error(), NULL)); @@ -300,9 +300,8 @@ bool metakey_h(connection_t *c) return send_challenge(c); } -bool send_challenge(connection_t *c) -{ - char buffer[MAX_STRING_SIZE]; +bool send_challenge(connection_t *c) { + char *buffer; int len; cp(); @@ -313,12 +312,14 @@ bool send_challenge(connection_t *c) /* Allocate buffers for the challenge */ + buffer = alloca(2 * len + 1); + if(!c->hischallenge) c->hischallenge = xmalloc(len); /* Copy random data to the buffer */ - RAND_pseudo_bytes(c->hischallenge, len); + RAND_pseudo_bytes((unsigned char *)c->hischallenge, len); /* Convert to hex */ @@ -330,14 +331,13 @@ bool send_challenge(connection_t *c) return send_request(c, "%d %s", CHALLENGE, buffer); } -bool challenge_h(connection_t *c) -{ +bool challenge_h(connection_t *c, char *request) { char buffer[MAX_STRING_SIZE]; int len; cp(); - if(sscanf(c->buffer, "%*d " MAX_STRING, buffer) != 1) { + if(sscanf(request, "%*d " MAX_STRING, buffer) != 1) { logger(LOG_ERR, _("Got bad %s from %s (%s)"), "CHALLENGE", c->name, c->hostname); return false; @@ -369,8 +369,7 @@ bool challenge_h(connection_t *c) return send_chal_reply(c); } -bool send_chal_reply(connection_t *c) -{ +bool send_chal_reply(connection_t *c) { char hash[EVP_MAX_MD_SIZE * 2 + 1]; EVP_MD_CTX ctx; @@ -380,7 +379,7 @@ bool send_chal_reply(connection_t *c) if(!EVP_DigestInit(&ctx, c->indigest) || !EVP_DigestUpdate(&ctx, c->mychallenge, RSA_size(myself->connection->rsa_key)) - || !EVP_DigestFinal(&ctx, hash, NULL)) { + || !EVP_DigestFinal(&ctx, (unsigned char *)hash, NULL)) { logger(LOG_ERR, _("Error during calculation of response for %s (%s): %s"), c->name, c->hostname, ERR_error_string(ERR_get_error(), NULL)); return false; @@ -396,15 +395,14 @@ bool send_chal_reply(connection_t *c) return send_request(c, "%d %s", CHAL_REPLY, hash); } -bool chal_reply_h(connection_t *c) -{ +bool chal_reply_h(connection_t *c, char *request) { char hishash[MAX_STRING_SIZE]; char myhash[EVP_MAX_MD_SIZE]; EVP_MD_CTX ctx; cp(); - if(sscanf(c->buffer, "%*d " MAX_STRING, hishash) != 1) { + if(sscanf(request, "%*d " MAX_STRING, hishash) != 1) { logger(LOG_ERR, _("Got bad %s from %s (%s)"), "CHAL_REPLY", c->name, c->hostname); return false; @@ -426,7 +424,7 @@ bool chal_reply_h(connection_t *c) if(!EVP_DigestInit(&ctx, c->outdigest) || !EVP_DigestUpdate(&ctx, c->hischallenge, RSA_size(c->rsa_key)) - || !EVP_DigestFinal(&ctx, myhash, NULL)) { + || !EVP_DigestFinal(&ctx, (unsigned char *)myhash, NULL)) { logger(LOG_ERR, _("Error during calculation of response from %s (%s): %s"), c->name, c->hostname, ERR_error_string(ERR_get_error(), NULL)); return false; @@ -456,8 +454,7 @@ bool chal_reply_h(connection_t *c) return send_ack(c); } -bool send_ack(connection_t *c) -{ +bool send_ack(connection_t *c) { /* ACK message contains rest of the information the other end needs to create node_t and edge_t structures. */ @@ -487,9 +484,8 @@ bool send_ack(connection_t *c) return send_request(c, "%d %s %d %lx", ACK, myport, c->estimated_weight, c->options); } -static void send_everything(connection_t *c) -{ - avl_node_t *node, *node2; +static void send_everything(connection_t *c) { + splay_node_t *node, *node2; node_t *n; subnet_t *s; edge_t *e; @@ -520,8 +516,7 @@ static void send_everything(connection_t *c) } } -bool ack_h(connection_t *c) -{ +bool ack_h(connection_t *c, char *request) { char hisport[MAX_STRING_SIZE]; char *hisaddress, *dummy; int weight, mtu; @@ -530,7 +525,7 @@ bool ack_h(connection_t *c) cp(); - if(sscanf(c->buffer, "%*d " MAX_STRING " %d %lx", hisport, &weight, &options) != 3) { + if(sscanf(request, "%*d " MAX_STRING " %d %lx", hisport, &weight, &options) != 3) { logger(LOG_ERR, _("Got bad %s from %s (%s)"), "ACK", c->name, c->hostname); return false; @@ -547,8 +542,17 @@ bool ack_h(connection_t *c) } else { if(n->connection) { /* Oh dear, we already have a connection to this node. */ - ifdebug(CONNECTIONS) logger(LOG_DEBUG, _("Established a second connection with %s (%s), closing old connection"), - n->name, n->hostname); + ifdebug(CONNECTIONS) logger(LOG_DEBUG, _("Established a second connection with %s (%s), closing old connection"), n->connection->name, n->connection->hostname); + + if(n->connection->outgoing) { + if(c->outgoing) + logger(LOG_WARNING, _("Two outgoing connections to the same node!")); + else + c->outgoing = n->connection->outgoing; + + n->connection->outgoing = NULL; + } + terminate_connection(n->connection, false); /* Run graph algorithm to purge key and make sure up/down scripts are rerun with new IP addresses and stuff */ graph();