X-Git-Url: https://tinc-vpn.org/git/browse?p=tinc;a=blobdiff_plain;f=src%2Fmeta.c;h=260cb005051ff9cf6ab33473fe22d1e5a5308552;hp=e286aea96a577dc12bfc6ba61d9e34459d93dc5f;hb=d4410d0cce40929db9a0ce7042ef962f1867234d;hpb=1d9dacb1f26971e19463b5501c2410c57f780ecb

diff --git a/src/meta.c b/src/meta.c
index e286aea9..260cb005 100644
--- a/src/meta.c
+++ b/src/meta.c
@@ -1,6 +1,6 @@
 /*
     meta.c -- handle the meta communication
-    Copyright (C) 2000-2009 Guus Sliepen <guus@tinc-vpn.org>,
+    Copyright (C) 2000-2014 Guus Sliepen <guus@tinc-vpn.org>,
                   2000-2005 Ivo Timmermans
                   2006      Scott Lamb <slamb@slamb.org>
 
@@ -21,7 +21,6 @@
 
 #include "system.h"
 
-#include "splay_tree.h"
 #include "cipher.h"
 #include "connection.h"
 #include "logger.h"
@@ -31,7 +30,11 @@
 #include "utils.h"
 #include "xalloc.h"
 
-bool send_meta_sptps(void *handle, const char *buffer, size_t length) {
+#ifndef MIN
+#define MIN(x, y) (((x)<(y))?(x):(y))
+#endif
+
+bool send_meta_sptps(void *handle, uint8_t type, const void *buffer, size_t length) {
 	connection_t *c = handle;
 
 	if(!c) {
@@ -39,10 +42,8 @@ bool send_meta_sptps(void *handle, const char *buffer, size_t length) {
 		abort();
 	}
 
-	logger(DEBUG_ALWAYS, LOG_DEBUG, "send_meta_sptps(%s, %p, %zu)", c->name, buffer, length);
-
 	buffer_add(&c->outbuf, buffer, length);
-	event_add(&c->outevent, NULL);
+	io_set(&c->io, IO_READ | IO_WRITE);
 
 	return true;
 }
@@ -61,36 +62,48 @@ bool send_meta(connection_t *c, const char *buffer, int length) {
 
 	/* Add our data to buffer */
 	if(c->status.encryptout) {
+#ifdef DISABLE_LEGACY
+		return false;
+#else
 		size_t outlen = length;
 
-		if(!cipher_encrypt(&c->outcipher, buffer, length, buffer_prepare(&c->outbuf, length), &outlen, false) || outlen != length) {
+		if(!cipher_encrypt(c->outcipher, buffer, length, buffer_prepare(&c->outbuf, length), &outlen, false) || outlen != length) {
 			logger(DEBUG_ALWAYS, LOG_ERR, "Error while encrypting metadata to %s (%s)",
 					c->name, c->hostname);
 			return false;
 		}
-
+#endif
 	} else {
 		buffer_add(&c->outbuf, buffer, length);
 	}
 
-	event_add(&c->outevent, NULL);
+	io_set(&c->io, IO_READ | IO_WRITE);
 
 	return true;
 }
 
-void broadcast_meta(connection_t *from, const char *buffer, int length) {
-	splay_node_t *node;
-	connection_t *c;
+void send_meta_raw(connection_t *c, const char *buffer, int length) {
+	if(!c) {
+		logger(DEBUG_ALWAYS, LOG_ERR, "send_meta() called with NULL pointer!");
+		abort();
+	}
+
+	logger(DEBUG_META, LOG_DEBUG, "Sending %d bytes of raw metadata to %s (%s)", length,
+			   c->name, c->hostname);
+
+	buffer_add(&c->outbuf, buffer, length);
 
-	for(node = connection_tree->head; node; node = node->next) {
-		c = node->data;
+	io_set(&c->io, IO_READ | IO_WRITE);
+}
 
-		if(c != from && c->status.active)
+void broadcast_meta(connection_t *from, const char *buffer, int length) {
+	for list_each(connection_t, c, connection_list)
+		if(c != from && c->edge)
 			send_meta(c, buffer, length);
-	}
 }
 
-bool receive_meta_sptps(void *handle, uint8_t type, const char *data, uint16_t length) {
+bool receive_meta_sptps(void *handle, uint8_t type, const void *vdata, uint16_t length) {
+	const char *data = vdata;
 	connection_t *c = handle;
 
 	if(!c) {
@@ -98,8 +111,6 @@ bool receive_meta_sptps(void *handle, uint8_t type, const char *data, uint16_t l
 		abort();
 	}
 
-	logger(DEBUG_ALWAYS, LOG_DEBUG, "receive_meta_sptps(%s, %d, %p, %hu)", c->name, type, data, length);
-
 	if(type == SPTPS_HANDSHAKE) {
 		if(c->allow_request == ACK)
 			return send_ack(c);
@@ -120,6 +131,11 @@ bool receive_meta_sptps(void *handle, uint8_t type, const char *data, uint16_t l
 		return true;
 	}
 
+	/* Change newline to null byte, just like non-SPTPS requests */
+
+	if(data[length - 1] == '\n')
+		((char *)data)[length - 1] = 0;
+
 	/* Otherwise we are waiting for a request */
 
 	return receive_request(c, data);
@@ -149,7 +165,7 @@ bool receive_meta(connection_t *c) {
 	inlen = recv(c->socket, inbuf, sizeof inbuf - c->inbuf.len, 0);
 
 	if(inlen <= 0) {
-		if(!inlen || !errno) {
+		if(!inlen || !sockerrno) {
 			logger(DEBUG_CONNECTIONS, LOG_NOTICE, "Connection closed by %s (%s)",
 					   c->name, c->hostname);
 		} else if(sockwouldblock(sockerrno))
@@ -161,9 +177,32 @@ bool receive_meta(connection_t *c) {
 	}
 
 	do {
+		/* Are we receiving a SPTPS packet? */
+
+		if(c->sptpslen) {
+			int len = MIN(inlen, c->sptpslen - c->inbuf.len);
+			buffer_add(&c->inbuf, bufp, len);
+
+			char *sptpspacket = buffer_read(&c->inbuf, c->sptpslen);
+			if(!sptpspacket)
+				return true;
+
+			if(!receive_tcppacket_sptps(c, sptpspacket, c->sptpslen))
+				return false;
+			c->sptpslen = 0;
+
+			bufp += len;
+			inlen -= len;
+			continue;
+		}
+
 		if(c->protocol_minor >= 2) {
-			logger(DEBUG_ALWAYS, LOG_DEBUG, "Receiving %d bytes of SPTPS data", inlen);
-			return sptps_receive_data(&c->sptps, bufp, inlen);
+			int len = sptps_receive_data(&c->sptps, bufp, inlen);
+			if(!len)
+				return false;
+			bufp += len;
+			inlen -= len;
+			continue;
 		}
 
 		if(!c->status.decryptin) {
@@ -178,16 +217,19 @@ bool receive_meta(connection_t *c) {
 			inlen -= endp - bufp;
 			bufp = endp;
 		} else {
+#ifdef DISABLE_LEGACY
+			return false;
+#else
 			size_t outlen = inlen;
-			logger(DEBUG_META, LOG_DEBUG, "Received encrypted %d bytes", inlen);
 
-			if(!cipher_decrypt(&c->incipher, bufp, inlen, buffer_prepare(&c->inbuf, inlen), &outlen, false) || inlen != outlen) {
+			if(!cipher_decrypt(c->incipher, bufp, inlen, buffer_prepare(&c->inbuf, inlen), &outlen, false) || inlen != outlen) {
 				logger(DEBUG_ALWAYS, LOG_ERR, "Error while decrypting metadata from %s (%s)",
 					   c->name, c->hostname);
 				return false;
 			}
 
 			inlen = 0;
+#endif
 		}
 
 		while(c->inbuf.len) {
@@ -195,13 +237,50 @@ bool receive_meta(connection_t *c) {
 
 			if(c->tcplen) {
 				char *tcpbuffer = buffer_read(&c->inbuf, c->tcplen);
-				if(tcpbuffer) {
-					receive_tcppacket(c, tcpbuffer, c->tcplen);
-					c->tcplen = 0;
-					continue;
-				} else {
+				if(!tcpbuffer)
 					break;
+
+				if(!c->node) {
+					if(c->outgoing && proxytype == PROXY_SOCKS4 && c->allow_request == ID) {
+						if(tcpbuffer[0] == 0 && tcpbuffer[1] == 0x5a) {
+							logger(DEBUG_CONNECTIONS, LOG_DEBUG, "Proxy request granted");
+						} else {
+							logger(DEBUG_CONNECTIONS, LOG_ERR, "Proxy request rejected");
+							return false;
+						}
+					} else if(c->outgoing && proxytype == PROXY_SOCKS5 && c->allow_request == ID) {
+						if(tcpbuffer[0] != 5) {
+							logger(DEBUG_CONNECTIONS, LOG_ERR, "Invalid response from proxy server");
+							return false;
+						}
+						if(tcpbuffer[1] == (char)0xff) {
+							logger(DEBUG_CONNECTIONS, LOG_ERR, "Proxy request rejected: unsuitable authentication method");
+							return false;
+						}
+						if(tcpbuffer[2] != 5) {
+							logger(DEBUG_CONNECTIONS, LOG_ERR, "Invalid response from proxy server");
+							return false;
+						}
+						if(tcpbuffer[3] == 0) {
+							logger(DEBUG_CONNECTIONS, LOG_DEBUG, "Proxy request granted");
+						} else {
+							logger(DEBUG_CONNECTIONS, LOG_DEBUG, "Proxy request rejected");
+							return false;
+						}
+					} else {
+						logger(DEBUG_CONNECTIONS, LOG_ERR, "c->tcplen set but c->node is NULL!");
+						abort();
+					}
+				} else {
+					if(c->allow_request == ALL) {
+						receive_tcppacket(c, tcpbuffer, c->tcplen);
+					} else {
+						logger(DEBUG_CONNECTIONS, LOG_ERR, "Got unauthorized TCP packet from %s (%s)", c->name, c->hostname);
+						return false;
+					}
 				}
+
+				c->tcplen = 0;
 			}
 
 			/* Otherwise we are waiting for a request */