X-Git-Url: https://tinc-vpn.org/git/browse?a=blobdiff_plain;f=src%2Fprotocol_auth.c;h=962f68113f667eba33b99b51ec5d335aa63387d5;hb=868104703003605711582c984b57f8933bf361ee;hp=fc0c3aae2bc7a2a9eed94d84461a41050e86ee10;hpb=f75dcef72a81a337e847adf0bae54198894f65b9;p=tinc diff --git a/src/protocol_auth.c b/src/protocol_auth.c index fc0c3aae..962f6811 100644 --- a/src/protocol_auth.c +++ b/src/protocol_auth.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol_auth.c,v 1.1.4.16 2002/09/09 21:24:45 guus Exp $ + $Id: protocol_auth.c,v 1.1.4.20 2003/07/06 17:15:25 guus Exp $ */ #include "config.h" @@ -37,10 +37,6 @@ #include #include -#ifndef HAVE_RAND_PSEUDO_BYTES -#define RAND_pseudo_bytes RAND_bytes -#endif - #include "conf.h" #include "net.h" #include "netutl.h" @@ -53,7 +49,7 @@ #include "system.h" -int send_id(connection_t * c) +int send_id(connection_t *c) { cp(); @@ -61,7 +57,7 @@ int send_id(connection_t * c) myself->connection->protocol_version); } -int id_h(connection_t * c) +int id_h(connection_t *c) { char name[MAX_STRING_SIZE]; int bla; @@ -137,7 +133,7 @@ int id_h(connection_t * c) return send_metakey(c); } -int send_metakey(connection_t * c) +int send_metakey(connection_t *c) { char buffer[MAX_STRING_SIZE]; int len, x; @@ -152,7 +148,7 @@ int send_metakey(connection_t * c) c->outkey = xmalloc(len); if(!c->outctx) - c->outctx = xmalloc(sizeof(*c->outctx)); + c->outctx = xmalloc_and_zero(sizeof(*c->outctx)); cp(); /* Copy random data to the buffer */ @@ -216,7 +212,7 @@ int send_metakey(connection_t * c) return x; } -int metakey_h(connection_t * c) +int metakey_h(connection_t *c) { char buffer[MAX_STRING_SIZE]; int cipher, digest, maclength, compression; @@ -224,9 +220,7 @@ int metakey_h(connection_t * c) cp(); - if(sscanf - (c->buffer, "%*d %d %d %d %d " MAX_STRING, &cipher, &digest, &maclength, - &compression, buffer) != 5) { + if(sscanf(c->buffer, "%*d %d %d %d %d " MAX_STRING, &cipher, &digest, &maclength, &compression, buffer) != 5) { syslog(LOG_ERR, _("Got bad %s from %s (%s)"), "METAKEY", c->name, c->hostname); return -1; @@ -237,8 +231,7 @@ int metakey_h(connection_t * c) /* Check if the length of the meta key is all right */ if(strlen(buffer) != len * 2) { - syslog(LOG_ERR, _("Possible intruder %s (%s): %s"), c->name, - c->hostname, "wrong keylength"); + syslog(LOG_ERR, _("Possible intruder %s (%s): %s"), c->name, c->hostname, "wrong keylength"); return -1; } @@ -248,7 +241,7 @@ int metakey_h(connection_t * c) c->inkey = xmalloc(len); if(!c->inctx) - c->inctx = xmalloc(sizeof(*c->inctx)); + c->inctx = xmalloc_and_zero(sizeof(*c->inctx)); /* Convert the challenge from hexadecimal back to binary */ @@ -265,8 +258,7 @@ int metakey_h(connection_t * c) if(debug_lvl >= DEBUG_SCARY_THINGS) { bin2hex(c->inkey, buffer, len); buffer[len * 2] = '\0'; - syslog(LOG_DEBUG, _("Received random meta key (unencrypted): %s"), - buffer); + syslog(LOG_DEBUG, _("Received random meta key (unencrypted): %s"), buffer); } /* All incoming requests will now be encrypted. */ @@ -275,10 +267,9 @@ int metakey_h(connection_t * c) if(cipher) { c->incipher = EVP_get_cipherbynid(cipher); - + if(!c->incipher) { - syslog(LOG_ERR, _("%s (%s) uses unknown cipher!"), c->name, - c->hostname); + syslog(LOG_ERR, _("%s (%s) uses unknown cipher!"), c->name, c->hostname); return -1; } @@ -298,14 +289,12 @@ int metakey_h(connection_t * c) c->indigest = EVP_get_digestbynid(digest); if(!c->indigest) { - syslog(LOG_ERR, _("Node %s (%s) uses unknown digest!"), c->name, - c->hostname); + syslog(LOG_ERR, _("Node %s (%s) uses unknown digest!"), c->name, c->hostname); return -1; } if(c->inmaclength > c->indigest->md_size || c->inmaclength < 0) { - syslog(LOG_ERR, _("%s (%s) uses bogus MAC length!"), c->name, - c->hostname); + syslog(LOG_ERR, _("%s (%s) uses bogus MAC length!"), c->name, c->hostname); return -1; } } else { @@ -319,7 +308,7 @@ int metakey_h(connection_t * c) return send_challenge(c); } -int send_challenge(connection_t * c) +int send_challenge(connection_t *c) { char buffer[MAX_STRING_SIZE]; int len, x; @@ -351,7 +340,7 @@ int send_challenge(connection_t * c) return x; } -int challenge_h(connection_t * c) +int challenge_h(connection_t *c) { char buffer[MAX_STRING_SIZE]; int len; @@ -390,7 +379,7 @@ int challenge_h(connection_t * c) return send_chal_reply(c); } -int send_chal_reply(connection_t * c) +int send_chal_reply(connection_t *c) { char hash[EVP_MAX_MD_SIZE * 2 + 1]; EVP_MD_CTX ctx; @@ -414,7 +403,7 @@ int send_chal_reply(connection_t * c) return send_request(c, "%d %s", CHAL_REPLY, hash); } -int chal_reply_h(connection_t * c) +int chal_reply_h(connection_t *c) { char hishash[MAX_STRING_SIZE]; char myhash[EVP_MAX_MD_SIZE]; @@ -470,7 +459,7 @@ int chal_reply_h(connection_t * c) return send_ack(c); } -int send_ack(connection_t * c) +int send_ack(connection_t *c) { /* ACK message contains rest of the information the other end needs to create node_t and edge_t structures. */ @@ -492,7 +481,7 @@ int send_ack(connection_t * c) return x; } -void send_everything(connection_t * c) +void send_everything(connection_t *c) { avl_node_t *node, *node2; node_t *n; @@ -516,7 +505,7 @@ void send_everything(connection_t * c) } } -int ack_h(connection_t * c) +int ack_h(connection_t *c) { char hisport[MAX_STRING_SIZE]; char *hisaddress, *dummy; @@ -548,6 +537,8 @@ int ack_h(connection_t * c) syslog(LOG_DEBUG, _("Established a second connection with %s (%s), closing old connection"), n->name, n->hostname); terminate_connection(n->connection, 0); + /* Run graph algorithm to purge key and make sure up/down scripts are rerun with new IP addresses and stuff */ + graph(); } }