- Updated authentication scheme.
- Removed all trailing spaces from all lines. - Added things to add_ and del_subnet_h.
This commit is contained in:
parent
84f210edd9
commit
5d0b3516d5
1 changed files with 199 additions and 101 deletions
136
src/protocol.c
136
src/protocol.c
|
@ -17,7 +17,7 @@
|
||||||
along with this program; if not, write to the Free Software
|
along with this program; if not, write to the Free Software
|
||||||
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
|
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
|
||||||
|
|
||||||
$Id: protocol.c,v 1.28.4.32 2000/09/15 12:58:40 zarq Exp $
|
$Id: protocol.c,v 1.28.4.33 2000/09/17 21:42:05 guus Exp $
|
||||||
*/
|
*/
|
||||||
|
|
||||||
#include "config.h"
|
#include "config.h"
|
||||||
|
@ -66,26 +66,29 @@ int check_id(char *id)
|
||||||
int send_request(conn_list_t *cl, const char *format, int request, /*args*/ ...)
|
int send_request(conn_list_t *cl, const char *format, int request, /*args*/ ...)
|
||||||
{
|
{
|
||||||
va_list args;
|
va_list args;
|
||||||
char *buffer = NULL;
|
char buffer[MAXBUFSIZE+1];
|
||||||
int len;
|
int len;
|
||||||
|
|
||||||
cp
|
cp
|
||||||
if(debug_lvl >= DEBUG_PROTOCOL)
|
/* Use vsnprintf instead of vasprintf: faster, no memory fragmentation, cleanup is automatic,
|
||||||
syslog(LOG_DEBUG, _("Sending %s to %s (%s)"), request_name[request], cl->name, cl->hostname);
|
and there is a limit on the input buffer anyway */
|
||||||
|
|
||||||
va_start(args, request);
|
va_start(args, request);
|
||||||
len = vasprintf(&buffer, format, args);
|
len = vsnprintf(buffer, MAXBUFSIZE+1, format, args);
|
||||||
va_end(args);
|
va_end(args);
|
||||||
|
|
||||||
if(len < 0 || !buffer)
|
if(len < 0 || len > MAXBUFSIZE)
|
||||||
{
|
{
|
||||||
syslog(LOG_ERR, _("Error during vasprintf(): %m"));
|
syslog(LOG_ERR, _("Output buffer overflow while sending %s to %s (%s)"), request_name[request], cl->name, cl->hostname);
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
if(debug_lvl >= DEBUG_META)
|
if(debug_lvl >= DEBUG_META)
|
||||||
syslog(LOG_DEBUG, _("Sending meta data to %s (%s): %s"),
|
syslog(LOG_DEBUG, _("Sending %s to %s (%s): %s"), request_name[request],
|
||||||
cl->name, cl->hostname, buffer);
|
cl->name, cl->hostname, buffer);
|
||||||
|
else if(debug_lvl >= DEBUG_PROTOCOL)
|
||||||
|
syslog(LOG_DEBUG, _("Sending %s to %s (%s)"), request_name[request], cl->name, cl->hostname);
|
||||||
|
|
||||||
|
|
||||||
if(cl->status.encryptin)
|
if(cl->status.encryptin)
|
||||||
{
|
{
|
||||||
|
@ -105,20 +108,27 @@ cp
|
||||||
Client Server
|
Client Server
|
||||||
send_id(u)
|
send_id(u)
|
||||||
send_challenge(R)
|
send_challenge(R)
|
||||||
send_chal_reply(BH)
|
send_chal_reply(H)
|
||||||
send_id(B)
|
send_id(u)
|
||||||
send_challenge(BR)
|
send_challenge(R)
|
||||||
send_chal_reply(BH)
|
send_chal_reply(H)
|
||||||
send_ack(B)
|
---------------------------------------
|
||||||
send_ack(B)
|
Any negotations about the meta protocol
|
||||||
|
encryption go here(u).
|
||||||
|
---------------------------------------
|
||||||
|
send_ack(u)
|
||||||
|
send_ack(u)
|
||||||
|
---------------------------------------
|
||||||
|
Other requests(E)...
|
||||||
|
|
||||||
(u) Unencrypted,
|
(u) Unencrypted,
|
||||||
(R) RSA,
|
(R) RSA,
|
||||||
(H) SHA1,
|
(H) SHA1,
|
||||||
(B) Blowfish.
|
(E) Encrypted with symmetric cipher.
|
||||||
|
|
||||||
Part of the challenge is directly used to set the blowfish key and the initial vector.
|
Part of the challenge is directly used to set the symmetric cipher key and the initial vector.
|
||||||
(Twee vliegen in één klap!)
|
Since a man-in-the-middle cannot decrypt the RSA challenges, this means that he cannot get or
|
||||||
|
forge the key for the symmetric cipher.
|
||||||
*/
|
*/
|
||||||
|
|
||||||
int send_id(conn_list_t *cl)
|
int send_id(conn_list_t *cl)
|
||||||
|
@ -427,14 +437,58 @@ cp
|
||||||
int send_add_subnet(conn_list_t *cl, conn_list_t *other, subnet_t *subnet)
|
int send_add_subnet(conn_list_t *cl, conn_list_t *other, subnet_t *subnet)
|
||||||
{
|
{
|
||||||
cp
|
cp
|
||||||
/* return send_request(cl, "%d %s %d %s", ADD_SUBNET,
|
|
||||||
other->name, subnet->type, net2str(subnet)); */
|
|
||||||
return send_request(cl, "%d %s %s", ADD_SUBNET,
|
return send_request(cl, "%d %s %s", ADD_SUBNET,
|
||||||
other->name, net2str(subnet));
|
other->name, net2str(subnet));
|
||||||
}
|
}
|
||||||
|
|
||||||
int add_subnet_h(conn_list_t *cl)
|
int add_subnet_h(conn_list_t *cl)
|
||||||
{
|
{
|
||||||
|
char *subnetstr;
|
||||||
|
char *name;
|
||||||
|
conn_list_t *owner;
|
||||||
|
subnet_t *subnet, *old;
|
||||||
|
cp
|
||||||
|
if(sscanf(cl->buffer, "%*d %as %as", &name, &subnetstr) != 3)
|
||||||
|
{
|
||||||
|
syslog(LOG_ERR, _("Got bad ADD_SUBNET from %s (%s)"), cl->name, cl->hostname);
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Check if owner name is a valid */
|
||||||
|
|
||||||
|
if(!check_id(name))
|
||||||
|
{
|
||||||
|
syslog(LOG_ERR, _("Got bad ADD_SUBNET from %s (%s): invalid identity name"), cl->name, cl->hostname);
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Check if subnet string is valid */
|
||||||
|
|
||||||
|
if((subnet = str2net(subnetstr)) == -1)
|
||||||
|
{
|
||||||
|
syslog(LOG_ERR, _("Got bad ADD_SUBNET from %s (%s): invalid subnet string"), cl->name, cl->hostname);
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Check if somebody tries to add a subnet of ourself */
|
||||||
|
|
||||||
|
if(!strcmp(name, myself->name))
|
||||||
|
{
|
||||||
|
syslog(LOG_ERR, _("Warning: got ADD_SUBNET from %s (%s) for ourself, restarting"),
|
||||||
|
cl->name, cl->hostname);
|
||||||
|
sighup = 1;
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Check if the owner of the new subnet is in the connection list */
|
||||||
|
|
||||||
|
if(!(owner = lookup_id(name))
|
||||||
|
{
|
||||||
|
syslog(LOG_NOTICE, _("Got ADD_SUBNET for %s from %s (%s) which is not in our connection list"),
|
||||||
|
name, cl->name, cl->hostname);
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
int send_del_subnet(conn_list_t *cl, conn_list_t *other, subnet_t *subnet)
|
int send_del_subnet(conn_list_t *cl, conn_list_t *other, subnet_t *subnet)
|
||||||
|
@ -445,6 +499,50 @@ cp
|
||||||
|
|
||||||
int del_subnet_h(conn_list_t *cl)
|
int del_subnet_h(conn_list_t *cl)
|
||||||
{
|
{
|
||||||
|
char *subnetstr;
|
||||||
|
char *name;
|
||||||
|
conn_list_t *owner;
|
||||||
|
subnet_t *subnet, *old;
|
||||||
|
cp
|
||||||
|
if(sscanf(cl->buffer, "%*d %as %as", &name, &subnetstr) != 3)
|
||||||
|
{
|
||||||
|
syslog(LOG_ERR, _("Got bad DEL_SUBNET from %s (%s)"), cl->name, cl->hostname);
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Check if owner name is a valid */
|
||||||
|
|
||||||
|
if(!check_id(name))
|
||||||
|
{
|
||||||
|
syslog(LOG_ERR, _("Got bad DEL_SUBNET from %s (%s): invalid identity name"), cl->name, cl->hostname);
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Check if subnet string is valid */
|
||||||
|
|
||||||
|
if((subnet = str2net(subnetstr)) == -1)
|
||||||
|
{
|
||||||
|
syslog(LOG_ERR, _("Got bad DEL_SUBNET from %s (%s): invalid subnet string"), cl->name, cl->hostname);
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Check if somebody tries to delete a subnet of ourself */
|
||||||
|
|
||||||
|
if(!strcmp(name, myself->name))
|
||||||
|
{
|
||||||
|
syslog(LOG_ERR, _("Warning: got DEL_SUBNET from %s (%s) for ourself, restarting"),
|
||||||
|
cl->name, cl->hostname);
|
||||||
|
sighup = 1;
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Check if the owner of the new subnet is in the connection list */
|
||||||
|
|
||||||
|
if(!(owner = lookup_id(name))
|
||||||
|
{
|
||||||
|
syslog(LOG_NOTICE, _("Got DEL_SUBNET for %s from %s (%s) which is not in our connection list"),
|
||||||
|
name, cl->name, cl->hostname);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/* New and closed connections notification */
|
/* New and closed connections notification */
|
||||||
|
|
Loading…
Reference in a new issue