- Updated authentication scheme.

- Removed all trailing spaces from all lines.
- Added things to add_ and del_subnet_h.
This commit is contained in:
Guus Sliepen 2000-09-17 21:42:05 +00:00
parent 84f210edd9
commit 5d0b3516d5

View file

@ -17,7 +17,7 @@
along with this program; if not, write to the Free Software
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
$Id: protocol.c,v 1.28.4.32 2000/09/15 12:58:40 zarq Exp $
$Id: protocol.c,v 1.28.4.33 2000/09/17 21:42:05 guus Exp $
*/
#include "config.h"
@ -66,26 +66,29 @@ int check_id(char *id)
int send_request(conn_list_t *cl, const char *format, int request, /*args*/ ...)
{
va_list args;
char *buffer = NULL;
char buffer[MAXBUFSIZE+1];
int len;
cp
if(debug_lvl >= DEBUG_PROTOCOL)
syslog(LOG_DEBUG, _("Sending %s to %s (%s)"), request_name[request], cl->name, cl->hostname);
/* Use vsnprintf instead of vasprintf: faster, no memory fragmentation, cleanup is automatic,
and there is a limit on the input buffer anyway */
va_start(args, request);
len = vasprintf(&buffer, format, args);
len = vsnprintf(buffer, MAXBUFSIZE+1, format, args);
va_end(args);
if(len < 0 || !buffer)
if(len < 0 || len > MAXBUFSIZE)
{
syslog(LOG_ERR, _("Error during vasprintf(): %m"));
syslog(LOG_ERR, _("Output buffer overflow while sending %s to %s (%s)"), request_name[request], cl->name, cl->hostname);
return -1;
}
if(debug_lvl >= DEBUG_META)
syslog(LOG_DEBUG, _("Sending meta data to %s (%s): %s"),
syslog(LOG_DEBUG, _("Sending %s to %s (%s): %s"), request_name[request],
cl->name, cl->hostname, buffer);
else if(debug_lvl >= DEBUG_PROTOCOL)
syslog(LOG_DEBUG, _("Sending %s to %s (%s)"), request_name[request], cl->name, cl->hostname);
if(cl->status.encryptin)
{
@ -105,20 +108,27 @@ cp
Client Server
send_id(u)
send_challenge(R)
send_chal_reply(BH)
send_id(B)
send_challenge(BR)
send_chal_reply(BH)
send_ack(B)
send_ack(B)
send_chal_reply(H)
send_id(u)
send_challenge(R)
send_chal_reply(H)
---------------------------------------
Any negotations about the meta protocol
encryption go here(u).
---------------------------------------
send_ack(u)
send_ack(u)
---------------------------------------
Other requests(E)...
(u) Unencrypted,
(R) RSA,
(H) SHA1,
(B) Blowfish.
(E) Encrypted with symmetric cipher.
Part of the challenge is directly used to set the blowfish key and the initial vector.
(Twee vliegen in één klap!)
Part of the challenge is directly used to set the symmetric cipher key and the initial vector.
Since a man-in-the-middle cannot decrypt the RSA challenges, this means that he cannot get or
forge the key for the symmetric cipher.
*/
int send_id(conn_list_t *cl)
@ -427,14 +437,58 @@ cp
int send_add_subnet(conn_list_t *cl, conn_list_t *other, subnet_t *subnet)
{
cp
/* return send_request(cl, "%d %s %d %s", ADD_SUBNET,
other->name, subnet->type, net2str(subnet)); */
return send_request(cl, "%d %s %s", ADD_SUBNET,
other->name, net2str(subnet));
}
int add_subnet_h(conn_list_t *cl)
{
char *subnetstr;
char *name;
conn_list_t *owner;
subnet_t *subnet, *old;
cp
if(sscanf(cl->buffer, "%*d %as %as", &name, &subnetstr) != 3)
{
syslog(LOG_ERR, _("Got bad ADD_SUBNET from %s (%s)"), cl->name, cl->hostname);
return -1;
}
/* Check if owner name is a valid */
if(!check_id(name))
{
syslog(LOG_ERR, _("Got bad ADD_SUBNET from %s (%s): invalid identity name"), cl->name, cl->hostname);
return -1;
}
/* Check if subnet string is valid */
if((subnet = str2net(subnetstr)) == -1)
{
syslog(LOG_ERR, _("Got bad ADD_SUBNET from %s (%s): invalid subnet string"), cl->name, cl->hostname);
return -1;
}
/* Check if somebody tries to add a subnet of ourself */
if(!strcmp(name, myself->name))
{
syslog(LOG_ERR, _("Warning: got ADD_SUBNET from %s (%s) for ourself, restarting"),
cl->name, cl->hostname);
sighup = 1;
return 0;
}
/* Check if the owner of the new subnet is in the connection list */
if(!(owner = lookup_id(name))
{
syslog(LOG_NOTICE, _("Got ADD_SUBNET for %s from %s (%s) which is not in our connection list"),
name, cl->name, cl->hostname);
}
}
int send_del_subnet(conn_list_t *cl, conn_list_t *other, subnet_t *subnet)
@ -445,6 +499,50 @@ cp
int del_subnet_h(conn_list_t *cl)
{
char *subnetstr;
char *name;
conn_list_t *owner;
subnet_t *subnet, *old;
cp
if(sscanf(cl->buffer, "%*d %as %as", &name, &subnetstr) != 3)
{
syslog(LOG_ERR, _("Got bad DEL_SUBNET from %s (%s)"), cl->name, cl->hostname);
return -1;
}
/* Check if owner name is a valid */
if(!check_id(name))
{
syslog(LOG_ERR, _("Got bad DEL_SUBNET from %s (%s): invalid identity name"), cl->name, cl->hostname);
return -1;
}
/* Check if subnet string is valid */
if((subnet = str2net(subnetstr)) == -1)
{
syslog(LOG_ERR, _("Got bad DEL_SUBNET from %s (%s): invalid subnet string"), cl->name, cl->hostname);
return -1;
}
/* Check if somebody tries to delete a subnet of ourself */
if(!strcmp(name, myself->name))
{
syslog(LOG_ERR, _("Warning: got DEL_SUBNET from %s (%s) for ourself, restarting"),
cl->name, cl->hostname);
sighup = 1;
return 0;
}
/* Check if the owner of the new subnet is in the connection list */
if(!(owner = lookup_id(name))
{
syslog(LOG_NOTICE, _("Got DEL_SUBNET for %s from %s (%s) which is not in our connection list"),
name, cl->name, cl->hostname);
}
}
/* New and closed connections notification */