X-Git-Url: https://tinc-vpn.org/git/browse?a=blobdiff_plain;f=src%2Fprotocol_auth.c;h=a40c87f34b85ea96c273b7555de02439a622d94c;hb=8156f3760973c17256a93ab48016b8b84f5444de;hp=eb1754c1cf83e5c4066633836350e9535713699e;hpb=1c475ecb575367a6b3f9328b0f643ad636155341;p=tinc diff --git a/src/protocol_auth.c b/src/protocol_auth.c index eb1754c1..a40c87f3 100644 --- a/src/protocol_auth.c +++ b/src/protocol_auth.c @@ -26,7 +26,6 @@ #include "control_common.h" #include "cipher.h" #include "crypto.h" -#include "device.h" #include "digest.h" #include "ecdsa.h" #include "edge.h" @@ -37,7 +36,6 @@ #include "net.h" #include "netutl.h" #include "node.h" -#include "prf.h" #include "protocol.h" #include "rsa.h" #include "script.h" @@ -46,6 +44,7 @@ #include "xalloc.h" #include "ed25519/sha512.h" +#include "keys.h" int invitation_lifetime; ecdsa_t *invitation_key = NULL; @@ -160,7 +159,7 @@ bool send_id(connection_t *c) { int minor = 0; if(experimental) { - if(c->outgoing && !read_ecdsa_public_key(c)) { + if(c->outgoing && !read_ecdsa_public_key(&c->ecdsa, &c->config_tree, c->name)) { minor = 1; } else { minor = myself->connection->protocol_minor; @@ -214,6 +213,9 @@ static bool finalize_invitation(connection_t *c, const char *data, uint16_t len) environment_add(&env, "REMOTEADDRESS=%s", address); environment_add(&env, "NAME=%s", myself->name); + free(address); + free(port); + execute_script("invitation-accepted", &env); environment_exit(&env); @@ -284,13 +286,16 @@ static bool receive_invitation_sptps(void *handle, uint8_t type, const void *dat } // Read the new node's Name from the file - char buf[1024]; + char buf[1024] = ""; fgets(buf, sizeof(buf), f); + size_t buflen = strlen(buf); - if(*buf) { - buf[strlen(buf) - 1] = 0; + // Strip whitespace at the end + while(buflen && strchr(" \t\r\n", buf[buflen - 1])) { + buf[--buflen] = 0; } + // Split the first line into variable and value len = strcspn(buf, " \t="); char *name = buf + len; name += strspn(name, " \t"); @@ -302,6 +307,7 @@ static bool receive_invitation_sptps(void *handle, uint8_t type, const void *dat buf[len] = 0; + // Check that it is a valid Name if(!*buf || !*name || strcasecmp(buf, "Name") || !check_id(name) || !strcmp(name, myself->name)) { logger(DEBUG_ALWAYS, LOG_ERR, "Invalid invitation file %s\n", cookie); fclose(f); @@ -407,10 +413,7 @@ bool id_h(connection_t *c, const char *request) { return false; } } else { - if(c->name) { - free(c->name); - } - + free(c->name); c->name = xstrdup(name); } @@ -449,7 +452,7 @@ bool id_h(connection_t *c, const char *request) { } if(experimental) { - read_ecdsa_public_key(c); + read_ecdsa_public_key(&c->ecdsa, &c->config_tree, c->name); } /* Ignore failures if no key known yet */ @@ -489,17 +492,14 @@ bool id_h(connection_t *c, const char *request) { } } +#ifndef DISABLE_LEGACY bool send_metakey(connection_t *c) { -#ifdef DISABLE_LEGACY - return false; -#else - if(!myself->connection->rsa) { logger(DEBUG_CONNECTIONS, LOG_ERR, "Peer %s (%s) uses legacy protocol which we don't support", c->name, c->hostname); return false; } - if(!read_rsa_public_key(c)) { + if(!read_rsa_public_key(&c->rsa, c->config_tree, c->name)) { return false; } @@ -583,14 +583,9 @@ bool send_metakey(connection_t *c) { c->status.encryptout = true; return result; -#endif } bool metakey_h(connection_t *c, const char *request) { -#ifdef DISABLE_LEGACY - return false; -#else - if(!myself->connection->rsa) { return false; } @@ -658,13 +653,9 @@ bool metakey_h(connection_t *c, const char *request) { c->allow_request = CHALLENGE; return send_challenge(c); -#endif } bool send_challenge(connection_t *c) { -#ifdef DISABLE_LEGACY - return false; -#else const size_t len = rsa_size(c->rsa); char buffer[len * 2 + 1]; @@ -681,14 +672,9 @@ bool send_challenge(connection_t *c) { /* Send the challenge */ return send_request(c, "%d %s", CHALLENGE, buffer); -#endif } bool challenge_h(connection_t *c, const char *request) { -#ifdef DISABLE_LEGACY - return false; -#else - if(!myself->connection->rsa) { return false; } @@ -723,8 +709,6 @@ bool challenge_h(connection_t *c, const char *request) { } else { return true; } - -#endif } bool send_chal_reply(connection_t *c) { @@ -751,9 +735,6 @@ bool send_chal_reply(connection_t *c) { } bool chal_reply_h(connection_t *c, const char *request) { -#ifdef DISABLE_LEGACY - return false; -#else char hishash[MAX_STRING_SIZE]; if(sscanf(request, "%*d " MAX_STRING, hishash) != 1) { @@ -794,13 +775,9 @@ bool chal_reply_h(connection_t *c, const char *request) { } return send_ack(c); -#endif } static bool send_upgrade(connection_t *c) { -#ifdef DISABLE_LEGACY - return false; -#else /* Special case when protocol_minor is 1: the other end is Ed25519 capable, * but doesn't know our key yet. So send it now. */ @@ -813,8 +790,46 @@ static bool send_upgrade(connection_t *c) { bool result = send_request(c, "%d %s", ACK, pubkey); free(pubkey); return result; -#endif } +#else +bool send_metakey(connection_t *c) { + (void)c; + return false; +} + +bool metakey_h(connection_t *c, const char *request) { + (void)c; + (void)request; + return false; +} + +bool send_challenge(connection_t *c) { + (void)c; + return false; +} + +bool challenge_h(connection_t *c, const char *request) { + (void)c; + (void)request; + return false; +} + +bool send_chal_reply(connection_t *c) { + (void)c; + return false; +} + +bool chal_reply_h(connection_t *c, const char *request) { + (void)c; + (void)request; + return false; +} + +static bool send_upgrade(connection_t *c) { + (void)c; + return false; +} +#endif bool send_ack(connection_t *c) { if(c->protocol_minor == 1) { @@ -901,7 +916,7 @@ static bool upgrade_h(connection_t *c, const char *request) { return false; } - if(ecdsa_active(c->ecdsa) || read_ecdsa_public_key(c)) { + if(ecdsa_active(c->ecdsa) || read_ecdsa_public_key(&c->ecdsa, &c->config_tree, c->name)) { char *knownkey = ecdsa_get_base64_public_key(c->ecdsa); bool different = strcmp(knownkey, pubkey); free(knownkey);