X-Git-Url: https://tinc-vpn.org/git/browse?p=tinc;a=blobdiff_plain;f=src%2Fprotocol.c;h=46c4c7b8f46d6f51fe5b83c161d7d8dbac701e91;hp=1a791a717316ba82503997c4b0dca8c635ae2ffe;hb=d3f889c8076dff9c00ebfe1459cb36425f8da41d;hpb=a07602c4fddfca9894f1d738959ae359695f5bf9 diff --git a/src/protocol.c b/src/protocol.c index 1a791a71..46c4c7b8 100644 --- a/src/protocol.c +++ b/src/protocol.c @@ -1,7 +1,7 @@ /* protocol.c -- handle the meta-protocol - Copyright (C) 1999,2000 Ivo Timmermans , - 2000 Guus Sliepen + Copyright (C) 1999-2001 Ivo Timmermans , + 2000,2001 Guus Sliepen This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol.c,v 1.28.4.64 2000/11/22 19:55:50 guus Exp $ + $Id: protocol.c,v 1.28.4.74 2001/01/07 17:09:02 guus Exp $ */ #include "config.h" @@ -34,6 +34,8 @@ #include #include +#include +#include #include @@ -72,11 +74,12 @@ int check_id(char *id) for (i = 0; i < strlen(id); i++) if(!isalnum(id[i]) && id[i] != '_') return -1; - + return 0; } -/* Generic request routines - takes care of logging and error detection as well */ +/* Generic request routines - takes care of logging and error + detection as well */ int send_request(connection_t *cl, const char *format, ...) { @@ -85,8 +88,9 @@ int send_request(connection_t *cl, const char *format, ...) int len, request; cp - /* Use vsnprintf instead of vasprintf: faster, no memory fragmentation, cleanup is automatic, - and there is a limit on the input buffer anyway */ + /* Use vsnprintf instead of vasprintf: faster, no memory + fragmentation, cleanup is automatic, and there is a limit on the + input buffer anyway */ va_start(args, format); len = vsnprintf(buffer, MAXBUFSIZE, format, args); @@ -174,9 +178,10 @@ cp (H) SHA1, (E) Encrypted with symmetric cipher. - Part of the challenge is directly used to set the symmetric cipher key and the initial vector. - Since a man-in-the-middle cannot decrypt the RSA challenges, this means that he cannot get or - forge the key for the symmetric cipher. + Part of the challenge is directly used to set the symmetric cipher + key and the initial vector. Since a man-in-the-middle cannot + decrypt the RSA challenges, this means that he cannot get or forge + the key for the symmetric cipher. */ int send_id(connection_t *cl) @@ -190,10 +195,11 @@ cp int id_h(connection_t *cl) { connection_t *old; - config_t const *cfg; + unsigned short int port; char name[MAX_STRING_SIZE]; + avl_node_t *node; cp - if(sscanf(cl->buffer, "%*d "MAX_STRING" %d %lx %hd", name, &cl->protocol_version, &cl->options, &cl->port) != 4) + if(sscanf(cl->buffer, "%*d "MAX_STRING" %d %lx %hd", name, &cl->protocol_version, &cl->options, &port) != 4) { syslog(LOG_ERR, _("Got bad ID from %s"), cl->hostname); return -1; @@ -250,19 +256,17 @@ cp id_add(cl); + /* And uhr... cl->port just changed so we have to unlink it from the connection tree and re-insert... */ + + node = avl_unlink(connection_tree, cl); + cl->port = port; + avl_insert_node(connection_tree, node); + /* Read in the public key, so that we can send a challenge */ - if((cfg = get_config_val(cl->config, config_publickey))) - { - cl->rsa_key = RSA_new(); - BN_hex2bn(&cl->rsa_key->n, cfg->data.ptr); - BN_hex2bn(&cl->rsa_key->e, "FFFF"); - } - else - { - syslog(LOG_ERR, _("No public key known for %s (%s)"), cl->name, cl->hostname); - return -1; - } + if(read_rsa_public_key(cl)) + return -1; + cp return send_challenge(cl); } @@ -288,7 +292,7 @@ cp RAND_bytes(cl->hischallenge, len); cl->hischallenge[0] &= 0x7F; /* Somehow if the first byte is more than 0xD0 or something like that, decryption fails... */ - +cp if(debug_lvl >= DEBUG_SCARY_THINGS) { bin2hex(cl->hischallenge, buffer, len); @@ -297,7 +301,7 @@ cp } /* Encrypt the random data */ - + if(RSA_public_encrypt(len, cl->hischallenge, buffer, cl->rsa_key, RSA_NO_PADDING) != len) /* NO_PADDING because the message size equals the RSA key size and it is totally random */ { syslog(LOG_ERR, _("Error during encryption of challenge for %s (%s)"), cl->name, cl->hostname); @@ -309,7 +313,7 @@ cp bin2hex(buffer, buffer, len); buffer[len*2] = '\0'; - +cp /* Send the challenge */ cl->allow_request = CHAL_REPLY; @@ -575,8 +579,6 @@ cp if(cl->status.outgoing) cl->allow_request = ACK; - setup_vpn_connection(cl); - x = send_request(cl, "%d", ACK); cl->status.encryptout = 1; cp @@ -587,7 +589,7 @@ int ack_h(connection_t *cl) { connection_t *old, *p; subnet_t *subnet; - rbl_t *rbl, *rbl2; + avl_node_t *node, *node2; cp /* Okay, before we active the connection, we check if there is another entry in the connection list with the same name. If so, it presumably is an @@ -621,16 +623,16 @@ cp /* Send him our subnets */ - RBL_FOREACH(myself->subnet_tree, rbl) + for(node = myself->subnet_tree->head; node; node = node->next) { - subnet = (subnet_t *)rbl->data; + subnet = (subnet_t *)node->data; send_add_subnet(cl, subnet); } /* And send him all the hosts and their subnets we know... */ - RBL_FOREACH(connection_tree, rbl) + for(node = connection_tree->head; node; node = node->next) { - p = (connection_t *)rbl->data; + p = (connection_t *)node->data; if(p != cl && p->status.active) { @@ -643,9 +645,9 @@ cp send_add_host(cl, p); - RBL_FOREACH(p->subnet_tree, rbl2) + for(node2 = p->subnet_tree->head; node2; node2 = node2->next) { - subnet = (subnet_t *)rbl2->data; + subnet = (subnet_t *)node2->data; send_add_subnet(cl, subnet); } } @@ -674,7 +676,7 @@ int add_subnet_h(connection_t *cl) char name[MAX_STRING_SIZE]; connection_t *owner, *p; subnet_t *subnet; - rbl_t *rbl; + avl_node_t *node; cp if(sscanf(cl->buffer, "%*d "MAX_STRING" "MAX_STRING, name, subnetstr) != 2) { @@ -723,9 +725,9 @@ cp /* Tell the rest */ - RBL_FOREACH(connection_tree, rbl) + for(node = connection_tree->head; node; node = node->next) { - p = (connection_t *)rbl->data; + p = (connection_t *)node->data; if(p->status.meta && p->status.active && p!= cl) send_add_subnet(p, subnet); } @@ -751,7 +753,7 @@ int del_subnet_h(connection_t *cl) char name[MAX_STRING_SIZE]; connection_t *owner, *p; subnet_t *subnet; - rbl_t *rbl; + avl_node_t *node; cp if(sscanf(cl->buffer, "%*d "MAX_STRING" "MAX_STRING, name, subnetstr) != 3) { @@ -802,9 +804,9 @@ cp /* Tell the rest */ - RBL_FOREACH(connection_tree, rbl) + for(node = connection_tree->head; node; node = node->next) { - p = (connection_t *)rbl->data; + p = (connection_t *)node->data; if(p->status.meta && p->status.active && p!= cl) send_del_subnet(p, subnet); } @@ -825,7 +827,7 @@ int add_host_h(connection_t *cl) { connection_t *old, *new, *p; char name[MAX_STRING_SIZE]; - rbl_t *rbl; + avl_node_t *node; cp new = new_connection(); @@ -846,7 +848,7 @@ cp /* Check if somebody tries to add ourself */ - if(!strcmp(new->name, myself->name)) + if(!strcmp(name, myself->name)) { syslog(LOG_ERR, _("Warning: got ADD_HOST from %s (%s) for ourself, restarting"), cl->name, cl->hostname); sighup = 1; @@ -888,9 +890,9 @@ cp /* Tell the rest about the new host */ - RBL_FOREACH(connection_tree, rbl) + for(node = connection_tree->head; node; node = node->next) { - p = (connection_t *)rbl->data; + p = (connection_t *)node->data; if(p->status.meta && p->status.active && p!=cl) send_add_host(p, new); } @@ -901,12 +903,6 @@ cp new->status.active = 1; new->cipher_pkttype = EVP_bf_cfb(); new->cipher_pktkeylength = cl->cipher_pkttype->key_len + cl->cipher_pkttype->iv_len; - - /* Okay this is a bit ugly... it would be better to setup UDP sockets dynamically, or - * perhaps just one UDP socket... but then again, this has benefits too... - */ - - setup_vpn_connection(new); cp return 0; } @@ -925,7 +921,7 @@ int del_host_h(connection_t *cl) port_t port; long int options; connection_t *old, *p; - rbl_t *rbl; + avl_node_t *node; cp if(sscanf(cl->buffer, "%*d "MAX_STRING" %lx:%d %lx", name, &address, &port, &options) != 4) { @@ -976,9 +972,9 @@ cp /* Tell the rest about the new host */ - RBL_FOREACH(connection_tree, rbl) + for(node = connection_tree->head; node; node = node->next) { - p = (connection_t *)rbl->data; + p = (connection_t *)node->data; if(p->status.meta && p->status.active && p!=cl) send_del_host(p, old); } @@ -1100,11 +1096,11 @@ cp int send_key_changed(connection_t *from, connection_t *cl) { connection_t *p; - rbl_t *rbl; + avl_node_t *node; cp - RBL_FOREACH(connection_tree, rbl) + for(node = connection_tree->head; node; node = node->next) { - p = (connection_t *)rbl->data; + p = (connection_t *)node->data; if(p != cl && p->status.meta && p->status.active) send_request(p, "%d %s", KEY_CHANGED, from->name); } @@ -1258,11 +1254,13 @@ cp from->cipher_pktkey = xstrdup(pktkey); keylength /= 2; - hex2bin(pktkey, pktkey, keylength); - pktkey[keylength] = '\0'; + hex2bin(from->cipher_pktkey, from->cipher_pktkey, keylength); + from->cipher_pktkey[keylength] = '\0'; from->status.validkey = 1; from->status.waitingforkey = 0; + + flush_queue(from); cp return 0; }