X-Git-Url: https://tinc-vpn.org/git/browse?p=tinc;a=blobdiff_plain;f=src%2Fmeta.c;h=0b8a379b2b70bc87c8e527aa8d249dbfe8005dfe;hp=a56f46187ac9f30687aaa4b71af82ad0285b1a19;hb=a0c544df5d882bea812fb0ef648cdee98939e89c;hpb=4c85542894f7fca823b119b05e07179deb24229a

diff --git a/src/meta.c b/src/meta.c
index a56f4618..0b8a379b 100644
--- a/src/meta.c
+++ b/src/meta.c
@@ -1,7 +1,8 @@
 /*
     meta.c -- handle the meta communication
-    Copyright (C) 2000-2009 Guus Sliepen <guus@tinc-vpn.org>,
+    Copyright (C) 2000-2013 Guus Sliepen <guus@tinc-vpn.org>,
                   2000-2005 Ivo Timmermans
+                  2006      Scott Lamb <slamb@slamb.org>
 
     This program is free software; you can redistribute it and/or modify
     it under the terms of the GNU General Public License as published by
@@ -93,15 +94,13 @@ bool flush_meta(connection_t *c) {
 						   c->name, c->hostname);
 			} else if(errno == EINTR) {
 				continue;
-#ifdef EWOULDBLOCK
-			} else if(errno == EWOULDBLOCK) {
+			} else if(sockwouldblock(sockerrno)) {
 				ifdebug(CONNECTIONS) logger(LOG_DEBUG, "Flushing %d bytes to %s (%s) would block",
 						c->outbuflen, c->name, c->hostname);
 				return true;
-#endif
 			} else {
 				logger(LOG_ERR, "Flushing meta data to %s (%s) failed: %s", c->name,
-					   c->hostname, strerror(errno));
+					   c->hostname, sockstrerror(sockerrno));
 			}
 
 			return false;
@@ -148,11 +147,11 @@ bool receive_meta(connection_t *c) {
 		if(!lenin || !errno) {
 			ifdebug(CONNECTIONS) logger(LOG_NOTICE, "Connection closed by %s (%s)",
 					   c->name, c->hostname);
-		} else if(errno == EINTR)
+		} else if(sockwouldblock(sockerrno))
 			return true;
 		else
 			logger(LOG_ERR, "Metadata socket read error for %s (%s): %s",
-				   c->name, c->hostname, strerror(errno));
+				   c->name, c->hostname, sockstrerror(sockerrno));
 
 		return false;
 	}
@@ -178,7 +177,45 @@ bool receive_meta(connection_t *c) {
 
 		if(c->tcplen) {
 			if(c->tcplen <= c->buflen) {
-				receive_tcppacket(c, c->buffer, c->tcplen);
+				if(!c->node) {
+					if(c->outgoing && proxytype == PROXY_SOCKS4 && c->allow_request == ID) {
+						if(c->buffer[0] == 0 && c->buffer[1] == 0x5a) {
+							ifdebug(CONNECTIONS) logger(LOG_DEBUG, "Proxy request granted");
+						} else {
+							logger(LOG_ERR, "Proxy request rejected");
+							return false;
+						}
+					} else if(c->outgoing && proxytype == PROXY_SOCKS5 && c->allow_request == ID) {
+						if(c->buffer[0] != 5) {
+							logger(LOG_ERR, "Invalid response from proxy server");
+							return false;
+						}
+						if(c->buffer[1] == (char)0xff) {
+							logger(LOG_ERR, "Proxy request rejected: unsuitable authentication method");
+							return false;
+						}
+						if(c->buffer[2] != 5) {
+							logger(LOG_ERR, "Invalid response from proxy server");
+							return false;
+						}
+						if(c->buffer[3] == 0) {
+							ifdebug(CONNECTIONS) logger(LOG_DEBUG, "Proxy request granted");
+						} else {
+							logger(LOG_ERR, "Proxy request rejected");
+							return false;
+						}
+					} else {
+						logger(LOG_ERR, "c->tcplen set but c->node is NULL!");
+						abort();
+					}
+				} else {
+					if(c->allow_request == ALL) {
+						receive_tcppacket(c, c->buffer, c->tcplen);
+					} else {
+						logger(LOG_ERR, "Got unauthorized TCP packet from %s (%s)", c->name, c->hostname);
+						return false;
+					}
+				}
 
 				c->buflen -= c->tcplen;
 				lenin -= c->tcplen - oldlen;
@@ -224,7 +261,5 @@ bool receive_meta(connection_t *c) {
 		return false;
 	}
 
-	c->last_ping_time = now;
-
 	return true;
 }