X-Git-Url: https://tinc-vpn.org/git/browse?a=blobdiff_plain;f=src%2Finvitation.c;h=46891a3cf5730835debfcb61f07ffbd9854b596d;hb=4c6a9a9611442f958c3049a566ac4369653978e9;hp=cff9e7270c4606447d83c02af3423ce5068d700c;hpb=0289162552cd85375605044c696e2a3294e7aa9a;p=tinc diff --git a/src/invitation.c b/src/invitation.c index cff9e727..46891a3c 100644 --- a/src/invitation.c +++ b/src/invitation.c @@ -36,6 +36,7 @@ #include "xalloc.h" #include "random.h" #include "pidfile.h" +#include "fs.h" #include "ed25519/sha512.h" @@ -314,6 +315,7 @@ static bool copy_config_replacing_port(FILE *out, const char *filename, const ch } } + memzero(line, sizeof(line)); fclose(in); return true; } @@ -332,6 +334,11 @@ int cmd_invite(int argc, char *argv[]) { return 1; } + if(argc > 2) { + fprintf(stderr, "Too many arguments!\n"); + return 1; + } + // Check validity of the new node's name if(!check_id(argv[1])) { fprintf(stderr, "Invalid name for node.\n"); @@ -378,13 +385,12 @@ int cmd_invite(int argc, char *argv[]) { } } - snprintf(filename, sizeof(filename), "%s" SLASH "invitations", confbase); - - if(mkdir(filename, 0700) && errno != EEXIST) { - fprintf(stderr, "Could not create directory %s: %s\n", filename, strerror(errno)); - return 1; + if(!makedirs(DIR_INVITATIONS)) { + return false; } + snprintf(filename, sizeof(filename), "%s" SLASH "invitations", confbase); + // Count the number of valid invitations, clean up old ones DIR *dir = opendir(filename); @@ -521,6 +527,7 @@ int cmd_invite(int argc, char *argv[]) { int ifd = open(filename, O_RDWR | O_CREAT | O_EXCL, 0600); if(!ifd) { + memzero(cookie, sizeof(cookie)); fprintf(stderr, "Could not create invitation file %s: %s\n", filename, strerror(errno)); return 1; } @@ -536,9 +543,17 @@ int cmd_invite(int argc, char *argv[]) { char *port = NULL; if(!get_my_hostname(&address, &port)) { + memzero(cookie, sizeof(cookie)); return 1; } + // Create an URL from the local address, key hash and cookie + char *url; + xasprintf(&url, "%s/%s%s", address, hash, cookie); + + memzero(cookie, sizeof(cookie)); + free(address); + // Fill in the details. fprintf(f, "Name = %s\n", argv[1]); @@ -577,14 +592,10 @@ int cmd_invite(int argc, char *argv[]) { if(!appended) { fprintf(stderr, "Could not append my config to invitation file: %s.\n", strerror(errno)); - free(address); + free_string(url); return 1; } - // Create an URL from the local address, key hash and cookie - char *url; - xasprintf(&url, "%s/%s%s", address, hash, cookie); - // Call the inviation-created script environment_t env; environment_init(&env); @@ -595,8 +606,7 @@ int cmd_invite(int argc, char *argv[]) { environment_exit(&env); puts(url); - free(url); - free(address); + free_string(url); return 0; } @@ -668,7 +678,7 @@ static char *get_value(const char *data, const char *var) { } static char *grep(const char *data, const char *var) { - static char value[1024]; + char value[1024]; const char *p = data; size_t varlen = strlen(var); @@ -708,7 +718,7 @@ static char *grep(const char *data, const char *var) { memcpy(value, p, e - p); value[e - p] = 0; - return value; + return xstrdup(value); } static bool finalize_join(void) { @@ -725,10 +735,10 @@ static bool finalize_join(void) { } if(!netname) { - const char *net = grep(data, "NetName"); + char *net = grep(data, "NetName"); if(net) { - netname = xstrdup(net); + netname = net; if(!check_netname(netname, true)) { fprintf(stderr, "Unsafe NetName found in invitation!\n"); @@ -769,13 +779,7 @@ make_names: goto make_names; } - if(mkdir(confbase, 0777) && errno != EEXIST) { - fprintf(stderr, "Could not create directory %s: %s\n", confbase, strerror(errno)); - return false; - } - - if(mkdir(hosts_dir, 0777) && errno != EEXIST) { - fprintf(stderr, "Could not create directory %s: %s\n", hosts_dir, strerror(errno)); + if(!makedirs(DIR_HOSTS | DIR_CONFBASE | DIR_CACHE)) { return false; } @@ -972,9 +976,9 @@ make_names: return false; } - char *b64key = ecdsa_get_base64_public_key(key); + char *b64_pubkey = ecdsa_get_base64_public_key(key); - if(!b64key) { + if(!b64_pubkey) { return false; } @@ -994,10 +998,10 @@ make_names: fclose(f); - fprintf(fh, "Ed25519PublicKey = %s\n", b64key); + fprintf(fh, "Ed25519PublicKey = %s\n", b64_pubkey); - sptps_send_record(&sptps, 1, b64key, strlen(b64key)); - free(b64key); + sptps_send_record(&sptps, 1, b64_pubkey, strlen(b64_pubkey)); + free(b64_pubkey); ecdsa_free(key); #ifndef DISABLE_LEGACY @@ -1192,6 +1196,21 @@ static bool invitation_receive(void *handle, uint8_t type, const void *msg, uint return true; } +bool wait_socket_recv(int fd) { + fd_set fds; + FD_ZERO(&fds); + FD_SET(fd, &fds); + + struct timeval tv = {.tv_sec = 5}; + + if(select(fd + 1, &fds, NULL, NULL, &tv) != 1) { + fprintf(stderr, "Timed out waiting for the server to reply.\n"); + return false; + } + + return true; +} + int cmd_join(int argc, char *argv[]) { free(data); data = NULL; @@ -1203,14 +1222,8 @@ int cmd_join(int argc, char *argv[]) { } // Make sure confbase exists and is accessible. - if(!confbase_given && mkdir(confdir, 0755) && errno != EEXIST) { - fprintf(stderr, "Could not create directory %s: %s\n", confdir, strerror(errno)); - return 1; - } - - if(mkdir(confbase, 0777) && errno != EEXIST) { - fprintf(stderr, "Could not create directory %s: %s\n", confbase, strerror(errno)); - return 1; + if(!makedirs(DIR_CONFDIR | DIR_CONFBASE)) { + return false; } if(access(confbase, R_OK | W_OK | X_OK)) { @@ -1238,7 +1251,7 @@ int cmd_join(int argc, char *argv[]) { if(!fgets(line, sizeof(line), stdin)) { fprintf(stderr, "Error while reading stdin: %s\n", strerror(errno)); - return false; + return 1; } invitation = line; @@ -1299,13 +1312,13 @@ int cmd_join(int argc, char *argv[]) { return 1; } - char *b64key = ecdsa_get_base64_public_key(key); + char *b64_pubkey = ecdsa_get_base64_public_key(key); // Connect to the tinc daemon mentioned in the URL. struct addrinfo *ai = str2addrinfo(address, port, SOCK_STREAM); if(!ai) { - free(b64key); + free(b64_pubkey); ecdsa_free(key); return 1; } @@ -1320,8 +1333,9 @@ next: if(!aip) { freeaddrinfo(ai); - free(b64key); + free(b64_pubkey); ecdsa_free(key); + fprintf(stderr, "Could not connect to inviter. Please make sure the URL you entered is valid.\n"); return 1; } } @@ -1346,13 +1360,13 @@ next: fprintf(stderr, "Connected to %s port %s...\n", address, port); // Tell him we have an invitation, and give him our throw-away key. - ssize_t len = snprintf(line, sizeof(line), "0 ?%s %d.%d\n", b64key, PROT_MAJOR, PROT_MINOR); + ssize_t len = snprintf(line, sizeof(line), "0 ?%s %d.%d\n", b64_pubkey, PROT_MAJOR, PROT_MINOR); if(len <= 0 || (size_t)len >= sizeof(line)) { abort(); } - if(!sendline(sock, "0 ?%s %d.%d", b64key, PROT_MAJOR, 1)) { + if(!sendline(sock, "0 ?%s %d.%d", b64_pubkey, PROT_MAJOR, 1)) { fprintf(stderr, "Error sending request to %s port %s: %s\n", address, port, strerror(errno)); closesocket(sock); goto next; @@ -1371,8 +1385,8 @@ next: ai = NULL; aip = NULL; - free(b64key); - b64key = NULL; + free(b64_pubkey); + b64_pubkey = NULL; // Check if the hash of the key he gave us matches the hash in the URL. char *fingerprint = line + 2; @@ -1385,7 +1399,7 @@ next: } if(memcmp(hishash, hash, 18)) { - fprintf(stderr, "Peer has an invalid key!\n%s\n", line + 2); + fprintf(stderr, "Peer has an invalid key. Please make sure you're using the correct URL.\n%s\n", line + 2); ecdsa_free(key); return 1; @@ -1411,7 +1425,7 @@ next: goto exit; } - while((len = recv(sock, line, sizeof(line), 0))) { + while(wait_socket_recv(sock) && (len = recv(sock, line, sizeof(line), 0))) { if(len < 0) { if(sockwouldblock(sockerrno)) { continue; @@ -1454,7 +1468,7 @@ exit: closesocket(sock); if(!success) { - fprintf(stderr, "Invitation cancelled.\n"); + fprintf(stderr, "Invitation cancelled. Please try again and contact the inviter for assistance if this error persists.\n"); return 1; }