Add ability to use proxies to connect to hostnames when there is no nameserver.

[tinc] / src / protocol_auth.c

diff --git a/src/protocol_auth.c b/src/protocol_auth.c
index 5ae99e8..e54fe23 100644 (file)
--- a/src/protocol_auth.c
+++ b/src/protocol_auth.c
@@ -1,7 +1,7 @@
 /*
     protocol_auth.c -- handle the meta-protocol, authentication
     Copyright (C) 1999-2005 Ivo Timmermans,
-                  2000-2012 Guus Sliepen <guus@tinc-vpn.org>
+                  2000-2014 Guus Sliepen <guus@tinc-vpn.org>
 
     This program is free software; you can redistribute it and/or modify
     it under the terms of the GNU General Public License as published by
@@ -36,95 +36,10 @@
 #include "netutl.h"
 #include "node.h"
 #include "protocol.h"
+#include "proxy.h"
 #include "utils.h"
 #include "xalloc.h"
 
-static bool send_proxyrequest(connection_t *c) {
-       switch(proxytype) {
-               case PROXY_HTTP: {
-                       char *host;
-                       char *port;
-
-                       sockaddr2str(&c->address, &host, &port);
-                       send_request(c, "CONNECT %s:%s HTTP/1.1\r\n\r", host, port);
-                       free(host);
-                       free(port);
-                       return true;
-               }
-               case PROXY_SOCKS4: {
-                       if(c->address.sa.sa_family != AF_INET) {
-                               logger(LOG_ERR, "Cannot connect to an IPv6 host through a SOCKS 4 proxy!");
-                               return false;
-                       }
-                       char s4req[9 + (proxyuser ? strlen(proxyuser) : 0)];
-                       s4req[0] = 4;
-                       s4req[1] = 1;
-                       memcpy(s4req + 2, &c->address.in.sin_port, 2);
-                       memcpy(s4req + 4, &c->address.in.sin_addr, 4);
-                       if(proxyuser)
-                               strcpy(s4req + 8, proxyuser);
-                       s4req[sizeof s4req - 1] = 0;
-                       c->tcplen = 8;
-                       return send_meta(c, s4req, sizeof s4req);
-               }
-               case PROXY_SOCKS5: {
-                       int len = 3 + 6 + (c->address.sa.sa_family == AF_INET ? 4 : 16);
-                       c->tcplen = 2;
-                       if(proxypass)
-                               len += 3 + strlen(proxyuser) + strlen(proxypass);
-                       char s5req[len];
-                       int i = 0;
-                       s5req[i++] = 5;
-                       s5req[i++] = 1;
-                       if(proxypass) {
-                               s5req[i++] = 2;
-                               s5req[i++] = 1;
-                               s5req[i++] = strlen(proxyuser);
-                               strcpy(s5req + i, proxyuser);
-                               i += strlen(proxyuser);
-                               s5req[i++] = strlen(proxypass);
-                               strcpy(s5req + i, proxypass);
-                               i += strlen(proxypass);
-                               c->tcplen += 2;
-                       } else {
-                               s5req[i++] = 0;
-                       }
-                       s5req[i++] = 5;
-                       s5req[i++] = 1;
-                       s5req[i++] = 0;
-                       if(c->address.sa.sa_family == AF_INET) {
-                               s5req[i++] = 1;
-                               memcpy(s5req + i, &c->address.in.sin_addr, 4);
-                               i += 4;
-                               memcpy(s5req + i, &c->address.in.sin_port, 2);
-                               i += 2;
-                               c->tcplen += 10;
-                       } else if(c->address.sa.sa_family == AF_INET6) {
-                               s5req[i++] = 3;
-                               memcpy(s5req + i, &c->address.in6.sin6_addr, 16);
-                               i += 16;
-                               memcpy(s5req + i, &c->address.in6.sin6_port, 2);
-                               i += 2;
-                               c->tcplen += 22;
-                       } else {
-                               logger(LOG_ERR, "Address family %hx not supported for SOCKS 5 proxies!", c->address.sa.sa_family);
-                               return false;
-                       }
-                       if(i > len)
-                               abort();
-                       return send_meta(c, s5req, sizeof s5req);
-               }
-               case PROXY_SOCKS4A:
-                       logger(LOG_ERR, "Proxy type not implemented yet");
-                       return false;
-               case PROXY_EXEC:
-                       return true;
-               default:
-                       logger(LOG_ERR, "Unknown proxy type");
-                       return false;
-       }
-}
-
 bool send_id(connection_t *c) {
        if(proxytype && c->outgoing)
                if(!send_proxyrequest(c))
@@ -215,7 +130,12 @@ bool send_metakey(connection_t *c) {
 
        /* Copy random data to the buffer */
 
-       RAND_pseudo_bytes((unsigned char *)c->outkey, len);
+       if (1 != RAND_bytes((unsigned char *)c->outkey, len)) {
+               int err = ERR_get_error();
+               logger(LOG_ERR, "Failed to generate meta key (%s)", ERR_error_string(err, NULL));
+               return false;
+       }
+
 
        /* The message we send must be smaller than the modulus of the RSA key.
           By definition, for a key of k bits, the following formula holds:
@@ -391,7 +311,11 @@ bool send_challenge(connection_t *c) {
 
        /* Copy random data to the buffer */
 
-       RAND_pseudo_bytes((unsigned char *)c->hischallenge, len);
+       if (1 != RAND_bytes((unsigned char *)c->hischallenge, len)) {
+               int err = ERR_get_error();
+               logger(LOG_ERR, "Failed to generate challenge (%s)", ERR_error_string(err, NULL));
+               return false; // Do not send predictable challenges, let connection attempt fail.
+       }
 
        /* Convert to hex */