- Fixed all debug levels.
- Seed PRNG before generating a challenge - Strange thing in challenge decryption: it fails if first bit is set!?
This commit is contained in:
		
							parent
							
								
									73f7efddd7
								
							
						
					
					
						commit
						52b842f807
					
				
					 5 changed files with 74 additions and 43 deletions
				
			
		
							
								
								
									
										14
									
								
								lib/utils.h
									
										
									
									
									
								
							
							
						
						
									
										14
									
								
								lib/utils.h
									
										
									
									
									
								
							|  | @ -24,11 +24,15 @@ | |||
| #include <ctype.h> | ||||
| 
 | ||||
| enum { | ||||
|   DEBUG_CONNECTIONS = 0, | ||||
|   DEBUG_PROTOCOL, | ||||
|   DEBUG_STATUS, | ||||
|   DEBUG_ERROR, | ||||
|   DEBUG_META | ||||
|   DEBUG_NOTHING = 0,		/* Quiet mode, only show starting/stopping of the daemon */ | ||||
|   DEBUG_CONNECTIONS = 1,	/* Show (dis)connects of other tinc daemons via TCP */ | ||||
|   DEBUG_ERROR = 2,		/* Show error messages received from other hosts */ | ||||
|   DEBUG_STATUS = 2,		/* Show status messages received from other hosts */ | ||||
|   DEBUG_PROTOCOL = 3,		/* Show the requests that are sent/received */ | ||||
|   DEBUG_META = 4,		/* Show contents of every request that is sent/received */ | ||||
|   DEBUG_TRAFFIC = 5,		/* Show network traffic information */ | ||||
|   DEBUG_PACKET = 6,		/* Show contents of each packet that is being sent/received */ | ||||
|   DEBUG_SCARY_THINGS = 10	/* You have been warned */ | ||||
| }; | ||||
| 
 | ||||
| #define min(a,b) (((a)<(b))?(a):(b)) | ||||
|  |  | |||
|  | @ -17,7 +17,7 @@ | |||
|     along with this program; if not, write to the Free Software | ||||
|     Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. | ||||
| 
 | ||||
|     $Id: meta.c,v 1.1.2.4 2000/10/15 00:59:34 guus Exp $ | ||||
|     $Id: meta.c,v 1.1.2.5 2000/10/21 11:52:06 guus Exp $ | ||||
| */ | ||||
| 
 | ||||
| #include "config.h" | ||||
|  | @ -106,7 +106,7 @@ cp | |||
|         return 0;       | ||||
|       if(errno==0) | ||||
|         { | ||||
|           if(debug_lvl>DEBUG_CONNECTIONS) | ||||
|           if(debug_lvl >= DEBUG_CONNECTIONS) | ||||
|             syslog(LOG_NOTICE, _("Connection closed by %s (%s)"), | ||||
|                 cl->name, cl->hostname); | ||||
|         } | ||||
|  | @ -140,7 +140,7 @@ cp | |||
| 
 | ||||
|       if(cl->reqlen) | ||||
|         { | ||||
|           if(debug_lvl > DEBUG_META) | ||||
|           if(debug_lvl >= DEBUG_PROTOCOL) | ||||
|             syslog(LOG_DEBUG, _("Got request from %s (%s): %s"), | ||||
| 	           cl->name, cl->hostname, cl->buffer); | ||||
| 
 | ||||
|  |  | |||
							
								
								
									
										34
									
								
								src/net.c
									
										
									
									
									
								
							
							
						
						
									
										34
									
								
								src/net.c
									
										
									
									
									
								
							|  | @ -17,7 +17,7 @@ | |||
|     along with this program; if not, write to the Free Software | ||||
|     Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. | ||||
| 
 | ||||
|     $Id: net.c,v 1.35.4.42 2000/10/20 19:46:57 guus Exp $ | ||||
|     $Id: net.c,v 1.35.4.43 2000/10/21 11:52:06 guus Exp $ | ||||
| */ | ||||
| 
 | ||||
| #include "config.h" | ||||
|  | @ -104,7 +104,7 @@ cp | |||
|   EVP_EncryptFinal(cl->cipher_pktctx, outpkt.data + outlen, &outpad); | ||||
|   outlen += outpad; | ||||
|    | ||||
|   if(debug_lvl > 3) | ||||
|   if(debug_lvl >= DEBUG_TRAFFIC) | ||||
|     syslog(LOG_ERR, _("Sending packet of %d bytes to %s (%s)"), | ||||
|            outlen, cl->name, cl->hostname); | ||||
| 
 | ||||
|  | @ -127,7 +127,7 @@ int xrecv(vpn_packet_t *inpkt) | |||
|   vpn_packet_t outpkt; | ||||
|   int outlen, outpad; | ||||
| cp | ||||
|   if(debug_lvl > 3) | ||||
|   if(debug_lvl > DEBUG_TRAFFIC) | ||||
|     syslog(LOG_ERR, _("Receiving packet of %d bytes"), | ||||
|            inpkt->len); | ||||
| 
 | ||||
|  | @ -240,7 +240,7 @@ cp | |||
|       p = next; | ||||
|     } | ||||
| 
 | ||||
|   if(debug_lvl > 3) | ||||
|   if(debug_lvl >= DEBUG_TRAFFIC) | ||||
|     syslog(LOG_DEBUG, _("Queue flushed")); | ||||
| cp | ||||
| } | ||||
|  | @ -255,7 +255,7 @@ void flush_queues(conn_list_t *cl) | |||
| cp | ||||
|   if(cl->sq) | ||||
|     { | ||||
|       if(debug_lvl > 3) | ||||
|       if(debug_lvl >= DEBUG_TRAFFIC) | ||||
| 	syslog(LOG_DEBUG, _("Flushing send queue for %s (%s)"), | ||||
| 	       cl->name, cl->hostname); | ||||
|       flush_queue(cl, &(cl->sq), xsend); | ||||
|  | @ -263,7 +263,7 @@ cp | |||
| 
 | ||||
|   if(cl->rq) | ||||
|     { | ||||
|       if(debug_lvl > 3) | ||||
|       if(debug_lvl >=  DEBUG_TRAFFIC) | ||||
| 	syslog(LOG_DEBUG, _("Flushing receive queue for %s (%s)"), | ||||
| 	       cl->name, cl->hostname); | ||||
|       flush_queue(cl, &(cl->rq), xrecv); | ||||
|  | @ -280,7 +280,7 @@ int send_packet(ip_t to, vpn_packet_t *packet) | |||
| cp | ||||
|   if((cl = lookup_conn_list_ipv4(to)) == NULL) | ||||
|     { | ||||
|       if(debug_lvl > 3) | ||||
|       if(debug_lvl >= DEBUG_TRAFFIC) | ||||
|         { | ||||
|           syslog(LOG_NOTICE, _("Trying to look up %d.%d.%d.%d in connection list failed!"), | ||||
| 	         IP_ADDR_V(to)); | ||||
|  | @ -303,7 +303,7 @@ cp | |||
|        | ||||
|   if(!cl->status.validkey) | ||||
|     { | ||||
|       if(debug_lvl > 3) | ||||
|       if(debug_lvl >= DEBUG_TRAFFIC) | ||||
| 	syslog(LOG_INFO, _("No valid key known yet for %s (%s), queueing packet"), | ||||
| 	       cl->name, cl->hostname); | ||||
|       add_queue(&(cl->sq), packet, packet->len + 2); | ||||
|  | @ -314,7 +314,7 @@ cp | |||
| 
 | ||||
|   if(!cl->status.active) | ||||
|     { | ||||
|       if(debug_lvl > 3) | ||||
|       if(debug_lvl >= DEBUG_TRAFFIC) | ||||
| 	syslog(LOG_INFO, _("%s (%s) is not ready, queueing packet"), | ||||
| 	       cl->name, cl->hostname); | ||||
|       add_queue(&(cl->sq), packet, packet->len + 2); | ||||
|  | @ -511,7 +511,7 @@ int setup_outgoing_meta_socket(conn_list_t *cl) | |||
|   struct sockaddr_in a; | ||||
|   config_t const *cfg; | ||||
| cp | ||||
|   if(debug_lvl > 0) | ||||
|   if(debug_lvl >= DEBUG_CONNECTIONS) | ||||
|     syslog(LOG_INFO, _("Trying to connect to %s"), cl->hostname); | ||||
| 
 | ||||
|   if((cfg = get_config_val(cl->config, port)) == NULL) | ||||
|  | @ -545,7 +545,7 @@ cp | |||
|       return -1; | ||||
|     } | ||||
| 
 | ||||
|   if(debug_lvl > 0) | ||||
|   if(debug_lvl >= DEBUG_CONNECTIONS) | ||||
|     syslog(LOG_INFO, _("Connected to %s port %hd"), | ||||
|          cl->hostname, cl->port); | ||||
| 
 | ||||
|  | @ -865,7 +865,7 @@ int setup_vpn_connection(conn_list_t *cl) | |||
|   int nfd, flags; | ||||
|   struct sockaddr_in a; | ||||
| cp | ||||
|   if(debug_lvl > 0) | ||||
|   if(debug_lvl >= DEBUG_TRAFFIC) | ||||
|     syslog(LOG_DEBUG, _("Opening UDP socket to %s"), cl->hostname); | ||||
| 
 | ||||
|   nfd = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP); | ||||
|  | @ -928,7 +928,7 @@ cp | |||
|   p->last_ping_time = time(NULL); | ||||
|   p->want_ping = 0; | ||||
|    | ||||
|   if(debug_lvl > 0) | ||||
|   if(debug_lvl >= DEBUG_CONNECTIONS) | ||||
|     syslog(LOG_NOTICE, _("Connection from %s port %d"), | ||||
|          p->hostname, htons(ci.sin_port)); | ||||
| 
 | ||||
|  | @ -1005,7 +1005,7 @@ cp | |||
|   if(cl->status.remove) | ||||
|     return; | ||||
| 
 | ||||
|   if(debug_lvl > 0) | ||||
|   if(debug_lvl >= DEBUG_CONNECTIONS) | ||||
|     syslog(LOG_NOTICE, _("Closing connection with %s (%s)"), | ||||
|            cl->name, cl->hostname); | ||||
|   | ||||
|  | @ -1078,7 +1078,7 @@ cp | |||
|             { | ||||
|               if(p->status.pinged && !p->status.got_pong) | ||||
|                 { | ||||
|                   if(debug_lvl > 1) | ||||
|                   if(debug_lvl >= DEBUG_PROTOCOL) | ||||
|   	            syslog(LOG_INFO, _("%s (%s) didn't respond to PING"), | ||||
| 		           p->name, p->hostname); | ||||
| 	          p->status.timeout = 1; | ||||
|  | @ -1212,14 +1212,14 @@ cp | |||
|   ether_type = ntohs(*((unsigned short*)(&vp.data[12]))); | ||||
|   if(ether_type != 0x0800) | ||||
|     { | ||||
|       if(debug_lvl > 3) | ||||
|       if(debug_lvl >= DEBUG_TRAFFIC) | ||||
| 	syslog(LOG_INFO, _("Non-IP ethernet frame %04x from %02x:%02x:%02x:%02x:%02x:%02x"), ether_type, MAC_ADDR_V(vp.data[6])); | ||||
|       return; | ||||
|     } | ||||
|    | ||||
|   if(lenin < 32) | ||||
|     { | ||||
|       if(debug_lvl > 3) | ||||
|       if(debug_lvl >= DEBUG_TRAFFIC) | ||||
| 	syslog(LOG_INFO, _("Dropping short packet from %02x:%02x:%02x:%02x:%02x:%02x"), MAC_ADDR_V(vp.data[6])); | ||||
|       return; | ||||
|     } | ||||
|  |  | |||
|  | @ -17,7 +17,7 @@ | |||
|     along with this program; if not, write to the Free Software | ||||
|     Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. | ||||
| 
 | ||||
|     $Id: protocol.c,v 1.28.4.43 2000/10/20 15:34:37 guus Exp $ | ||||
|     $Id: protocol.c,v 1.28.4.44 2000/10/21 11:52:07 guus Exp $ | ||||
| */ | ||||
| 
 | ||||
| #include "config.h" | ||||
|  | @ -104,7 +104,7 @@ cp | |||
|         } | ||||
|       else | ||||
|         { | ||||
|           if(debug_lvl > DEBUG_PROTOCOL) | ||||
|           if(debug_lvl >= DEBUG_PROTOCOL) | ||||
|             syslog(LOG_DEBUG, _("Got %s from %s (%s)"), | ||||
| 		   request_name[request], cl->name, cl->hostname); | ||||
| 	} | ||||
|  | @ -205,7 +205,7 @@ cp | |||
|     { | ||||
|       if((old = lookup_id(cl->name))) | ||||
|         { | ||||
|           if(debug_lvl > DEBUG_CONNECTIONS) | ||||
|           if(debug_lvl >= DEBUG_CONNECTIONS) | ||||
|             syslog(LOG_NOTICE, _("Uplink %s (%s) is already in our connection list"), cl->name, cl->hostname); | ||||
|           cl->status.outgoing = 0; | ||||
|           old->status.outgoing = 1; | ||||
|  | @ -247,10 +247,23 @@ cp | |||
|      | ||||
|   cl->hischallenge = xmalloc(len); | ||||
| cp | ||||
|   /* Seed the PRNG with urandom (can't afford to block) */ | ||||
| 
 | ||||
|   RAND_load_file("/dev/urandom", 1024); | ||||
| 
 | ||||
|   /* Copy random data to the buffer */ | ||||
| 
 | ||||
|   RAND_bytes(cl->hischallenge, len); | ||||
| 
 | ||||
|   cl->hischallenge[0] &= 0x7F;	/* Somehow if the first byte is more than 0xD0 or something like that, decryption fails... */ | ||||
| 
 | ||||
|   if(debug_lvl >= DEBUG_SCARY_THINGS) | ||||
|     { | ||||
|       bin2hex(cl->hischallenge, buffer, len); | ||||
|       buffer[len*2] = '\0'; | ||||
|       syslog(LOG_DEBUG, _("Generated random challenge (unencrypted): %s"), buffer); | ||||
|     } | ||||
| 
 | ||||
|   /* Encrypt the random data */ | ||||
|    | ||||
|   if(RSA_public_encrypt(len, cl->hischallenge, buffer, cl->rsa_key, RSA_NO_PADDING) != len)	/* NO_PADDING because the message size equals the RSA key size and it is totally random */ | ||||
|  | @ -314,6 +327,13 @@ cp | |||
|       return -1; | ||||
|     } | ||||
| 
 | ||||
|   if(debug_lvl >= DEBUG_SCARY_THINGS) | ||||
|     { | ||||
|       bin2hex(cl->mychallenge, buffer, len); | ||||
|       buffer[len*2] = '\0'; | ||||
|       syslog(LOG_DEBUG, _("Received random challenge (unencrypted): %s"), buffer); | ||||
|     } | ||||
| 
 | ||||
|   free(buffer); | ||||
|      | ||||
|   /* Rest is done by send_chal_reply() */ | ||||
|  | @ -385,10 +405,17 @@ cp | |||
|   if(memcmp(hishash, myhash, SHA_DIGEST_LENGTH)) | ||||
|     { | ||||
|       syslog(LOG_ERR, _("Intruder: wrong challenge reply from %s (%s)"), cl->name, cl->hostname); | ||||
|       if(debug_lvl >= DEBUG_SCARY_THINGS) | ||||
|         { | ||||
|           bin2hex(myhash, hishash, SHA_DIGEST_LENGTH); | ||||
|           hishash[SHA_DIGEST_LENGTH*2] = '\0'; | ||||
|           syslog(LOG_DEBUG, _("Expected challenge reply: %s"), hishash); | ||||
|         } | ||||
|       free(hishash); | ||||
|       return -1; | ||||
|     } | ||||
| 
 | ||||
| 
 | ||||
|   free(hishash); | ||||
| 
 | ||||
|   /* Identity has now been positively verified.
 | ||||
|  | @ -421,7 +448,7 @@ cp | |||
| 
 | ||||
|   while((old = lookup_id(cl->name))) | ||||
|     { | ||||
|       if(debug_lvl > DEBUG_CONNECTIONS) | ||||
|       if(debug_lvl >= DEBUG_CONNECTIONS) | ||||
|         syslog(LOG_NOTICE, _("Removing old entry for %s at %s in favour of new connection from %s"), | ||||
|         cl->name, old->hostname, cl->hostname); | ||||
|       old->status.active = 0; | ||||
|  | @ -433,7 +460,7 @@ cp | |||
|   cl->allow_request = ALL; | ||||
|   cl->status.active = 1; | ||||
| 
 | ||||
|   if(debug_lvl > DEBUG_CONNECTIONS) | ||||
|   if(debug_lvl >= DEBUG_CONNECTIONS) | ||||
|     syslog(LOG_NOTICE, _("Connection with %s (%s) activated"), cl->name, cl->hostname); | ||||
| 
 | ||||
|   /* Exchange information about other tinc daemons */ | ||||
|  | @ -668,14 +695,14 @@ cp | |||
|     { | ||||
|       if((new->address == old->address) && (new->port == old->port)) | ||||
|         { | ||||
|           if(debug_lvl > DEBUG_CONNECTIONS) | ||||
|           if(debug_lvl >= DEBUG_CONNECTIONS) | ||||
|             syslog(LOG_NOTICE, _("Got duplicate ADD_HOST for %s (%s) from %s (%s)"), | ||||
|                    old->name, old->hostname, new->name, new->hostname); | ||||
|           return 0; | ||||
|         } | ||||
|       else | ||||
|         { | ||||
|           if(debug_lvl > DEBUG_CONNECTIONS) | ||||
|           if(debug_lvl >= DEBUG_CONNECTIONS) | ||||
|             syslog(LOG_NOTICE, _("Removing old entry for %s (%s)"), | ||||
|                    old->name, old->hostname); | ||||
|           old->status.active = 0; | ||||
|  | @ -817,7 +844,7 @@ cp | |||
|        return -1; | ||||
|     } | ||||
| 
 | ||||
|   if(debug_lvl > DEBUG_STATUS) | ||||
|   if(debug_lvl >= DEBUG_STATUS) | ||||
|     { | ||||
|       syslog(LOG_NOTICE, _("Status message from %s (%s): %s: %s"), | ||||
|              cl->name, cl->hostname, status_text[statusno], statusstring); | ||||
|  | @ -848,7 +875,7 @@ cp | |||
|        return -1; | ||||
|     } | ||||
| 
 | ||||
|   if(debug_lvl > DEBUG_ERROR) | ||||
|   if(debug_lvl >= DEBUG_ERROR) | ||||
|     { | ||||
|       syslog(LOG_NOTICE, _("Error message from %s (%s): %s: %s"), | ||||
|              cl->name, cl->hostname, strerror(errno), errorstring); | ||||
|  |  | |||
							
								
								
									
										18
									
								
								src/tincd.c
									
										
									
									
									
								
							
							
						
						
									
										18
									
								
								src/tincd.c
									
										
									
									
									
								
							|  | @ -17,7 +17,7 @@ | |||
|     along with this program; if not, write to the Free Software | ||||
|     Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. | ||||
| 
 | ||||
|     $Id: tincd.c,v 1.10.4.14 2000/10/20 19:46:58 guus Exp $ | ||||
|     $Id: tincd.c,v 1.10.4.15 2000/10/21 11:52:08 guus Exp $ | ||||
| */ | ||||
| 
 | ||||
| #include "config.h" | ||||
|  | @ -281,11 +281,11 @@ int detach(void) | |||
| 
 | ||||
|   openlog(identname, LOG_CONS | LOG_PID, LOG_DAEMON); | ||||
| 
 | ||||
|   if(debug_lvl > 0) | ||||
|   if(debug_lvl > DEBUG_NOTHING) | ||||
|     syslog(LOG_NOTICE, _("tincd %s (%s %s) starting, debug level %d"), | ||||
| 	   VERSION, __DATE__, __TIME__, debug_lvl); | ||||
|   else | ||||
|     syslog(LOG_NOTICE, _("tincd %s starting"), VERSION, debug_lvl); | ||||
|     syslog(LOG_NOTICE, _("tincd %s starting"), VERSION); | ||||
| 
 | ||||
|   xalloc_fail_func = memory_full; | ||||
| 
 | ||||
|  | @ -299,7 +299,7 @@ void cleanup_and_exit(int c) | |||
| { | ||||
|   close_network_connections(); | ||||
| 
 | ||||
|   if(debug_lvl > 0) | ||||
|   if(debug_lvl > DEBUG_NOTHING) | ||||
|     syslog(LOG_INFO, _("Total bytes written: tap %d, socket %d; bytes read: tap %d, socket %d"), | ||||
| 	   total_tap_out, total_socket_out, total_tap_in, total_socket_in); | ||||
| 
 | ||||
|  | @ -467,7 +467,7 @@ main(int argc, char **argv, char **envp) | |||
| RETSIGTYPE | ||||
| sigterm_handler(int a) | ||||
| { | ||||
|   if(debug_lvl > 0) | ||||
|   if(debug_lvl > DEBUG_NOTHING) | ||||
|     syslog(LOG_NOTICE, _("Got TERM signal")); | ||||
|   cleanup_and_exit(0); | ||||
| } | ||||
|  | @ -475,7 +475,7 @@ sigterm_handler(int a) | |||
| RETSIGTYPE | ||||
| sigquit_handler(int a) | ||||
| { | ||||
|   if(debug_lvl > 0) | ||||
|   if(debug_lvl > DEBUG_NOTHING) | ||||
|     syslog(LOG_NOTICE, _("Got QUIT signal")); | ||||
|   cleanup_and_exit(0); | ||||
| } | ||||
|  | @ -512,7 +512,7 @@ sigsegv_handler(int a) | |||
| RETSIGTYPE | ||||
| sighup_handler(int a) | ||||
| { | ||||
|   if(debug_lvl > 0) | ||||
|   if(debug_lvl > DEBUG_NOTHING) | ||||
|     syslog(LOG_NOTICE, _("Got HUP signal, rereading configuration and restarting")); | ||||
|   sighup = 1; | ||||
| } | ||||
|  | @ -520,7 +520,7 @@ sighup_handler(int a) | |||
| RETSIGTYPE | ||||
| sigint_handler(int a) | ||||
| { | ||||
|   if(debug_lvl > 0) | ||||
|   if(debug_lvl > DEBUG_NOTHING) | ||||
|     syslog(LOG_NOTICE, _("Got INT signal, exiting")); | ||||
|   cleanup_and_exit(0); | ||||
| } | ||||
|  | @ -534,7 +534,7 @@ sigusr1_handler(int a) | |||
| RETSIGTYPE | ||||
| sigusr2_handler(int a) | ||||
| { | ||||
|   if(debug_lvl > 1) | ||||
|   if(debug_lvl > DEBUG_NOTHING) | ||||
|     syslog(LOG_NOTICE, _("Got USR2 signal, forcing new key generation")); | ||||
| /* FIXME: reprogram this.
 | ||||
|   regenerate_keys(); | ||||
|  |  | |||
		Loading…
	
	Add table
		Add a link
		
	
		Reference in a new issue