- Updated authentication scheme.
- Removed all trailing spaces from all lines. - Added things to add_ and del_subnet_h.
This commit is contained in:
parent
84f210edd9
commit
5d0b3516d5
1 changed files with 199 additions and 101 deletions
136
src/protocol.c
136
src/protocol.c
|
@ -17,7 +17,7 @@
|
|||
along with this program; if not, write to the Free Software
|
||||
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
|
||||
|
||||
$Id: protocol.c,v 1.28.4.32 2000/09/15 12:58:40 zarq Exp $
|
||||
$Id: protocol.c,v 1.28.4.33 2000/09/17 21:42:05 guus Exp $
|
||||
*/
|
||||
|
||||
#include "config.h"
|
||||
|
@ -66,26 +66,29 @@ int check_id(char *id)
|
|||
int send_request(conn_list_t *cl, const char *format, int request, /*args*/ ...)
|
||||
{
|
||||
va_list args;
|
||||
char *buffer = NULL;
|
||||
char buffer[MAXBUFSIZE+1];
|
||||
int len;
|
||||
|
||||
cp
|
||||
if(debug_lvl >= DEBUG_PROTOCOL)
|
||||
syslog(LOG_DEBUG, _("Sending %s to %s (%s)"), request_name[request], cl->name, cl->hostname);
|
||||
/* Use vsnprintf instead of vasprintf: faster, no memory fragmentation, cleanup is automatic,
|
||||
and there is a limit on the input buffer anyway */
|
||||
|
||||
va_start(args, request);
|
||||
len = vasprintf(&buffer, format, args);
|
||||
len = vsnprintf(buffer, MAXBUFSIZE+1, format, args);
|
||||
va_end(args);
|
||||
|
||||
if(len < 0 || !buffer)
|
||||
if(len < 0 || len > MAXBUFSIZE)
|
||||
{
|
||||
syslog(LOG_ERR, _("Error during vasprintf(): %m"));
|
||||
syslog(LOG_ERR, _("Output buffer overflow while sending %s to %s (%s)"), request_name[request], cl->name, cl->hostname);
|
||||
return -1;
|
||||
}
|
||||
|
||||
if(debug_lvl >= DEBUG_META)
|
||||
syslog(LOG_DEBUG, _("Sending meta data to %s (%s): %s"),
|
||||
syslog(LOG_DEBUG, _("Sending %s to %s (%s): %s"), request_name[request],
|
||||
cl->name, cl->hostname, buffer);
|
||||
else if(debug_lvl >= DEBUG_PROTOCOL)
|
||||
syslog(LOG_DEBUG, _("Sending %s to %s (%s)"), request_name[request], cl->name, cl->hostname);
|
||||
|
||||
|
||||
if(cl->status.encryptin)
|
||||
{
|
||||
|
@ -105,20 +108,27 @@ cp
|
|||
Client Server
|
||||
send_id(u)
|
||||
send_challenge(R)
|
||||
send_chal_reply(BH)
|
||||
send_id(B)
|
||||
send_challenge(BR)
|
||||
send_chal_reply(BH)
|
||||
send_ack(B)
|
||||
send_ack(B)
|
||||
send_chal_reply(H)
|
||||
send_id(u)
|
||||
send_challenge(R)
|
||||
send_chal_reply(H)
|
||||
---------------------------------------
|
||||
Any negotations about the meta protocol
|
||||
encryption go here(u).
|
||||
---------------------------------------
|
||||
send_ack(u)
|
||||
send_ack(u)
|
||||
---------------------------------------
|
||||
Other requests(E)...
|
||||
|
||||
(u) Unencrypted,
|
||||
(R) RSA,
|
||||
(H) SHA1,
|
||||
(B) Blowfish.
|
||||
(E) Encrypted with symmetric cipher.
|
||||
|
||||
Part of the challenge is directly used to set the blowfish key and the initial vector.
|
||||
(Twee vliegen in één klap!)
|
||||
Part of the challenge is directly used to set the symmetric cipher key and the initial vector.
|
||||
Since a man-in-the-middle cannot decrypt the RSA challenges, this means that he cannot get or
|
||||
forge the key for the symmetric cipher.
|
||||
*/
|
||||
|
||||
int send_id(conn_list_t *cl)
|
||||
|
@ -427,14 +437,58 @@ cp
|
|||
int send_add_subnet(conn_list_t *cl, conn_list_t *other, subnet_t *subnet)
|
||||
{
|
||||
cp
|
||||
/* return send_request(cl, "%d %s %d %s", ADD_SUBNET,
|
||||
other->name, subnet->type, net2str(subnet)); */
|
||||
return send_request(cl, "%d %s %s", ADD_SUBNET,
|
||||
other->name, net2str(subnet));
|
||||
}
|
||||
|
||||
int add_subnet_h(conn_list_t *cl)
|
||||
{
|
||||
char *subnetstr;
|
||||
char *name;
|
||||
conn_list_t *owner;
|
||||
subnet_t *subnet, *old;
|
||||
cp
|
||||
if(sscanf(cl->buffer, "%*d %as %as", &name, &subnetstr) != 3)
|
||||
{
|
||||
syslog(LOG_ERR, _("Got bad ADD_SUBNET from %s (%s)"), cl->name, cl->hostname);
|
||||
return -1;
|
||||
}
|
||||
|
||||
/* Check if owner name is a valid */
|
||||
|
||||
if(!check_id(name))
|
||||
{
|
||||
syslog(LOG_ERR, _("Got bad ADD_SUBNET from %s (%s): invalid identity name"), cl->name, cl->hostname);
|
||||
return -1;
|
||||
}
|
||||
|
||||
/* Check if subnet string is valid */
|
||||
|
||||
if((subnet = str2net(subnetstr)) == -1)
|
||||
{
|
||||
syslog(LOG_ERR, _("Got bad ADD_SUBNET from %s (%s): invalid subnet string"), cl->name, cl->hostname);
|
||||
return -1;
|
||||
}
|
||||
|
||||
/* Check if somebody tries to add a subnet of ourself */
|
||||
|
||||
if(!strcmp(name, myself->name))
|
||||
{
|
||||
syslog(LOG_ERR, _("Warning: got ADD_SUBNET from %s (%s) for ourself, restarting"),
|
||||
cl->name, cl->hostname);
|
||||
sighup = 1;
|
||||
return 0;
|
||||
}
|
||||
|
||||
/* Check if the owner of the new subnet is in the connection list */
|
||||
|
||||
if(!(owner = lookup_id(name))
|
||||
{
|
||||
syslog(LOG_NOTICE, _("Got ADD_SUBNET for %s from %s (%s) which is not in our connection list"),
|
||||
name, cl->name, cl->hostname);
|
||||
}
|
||||
|
||||
|
||||
}
|
||||
|
||||
int send_del_subnet(conn_list_t *cl, conn_list_t *other, subnet_t *subnet)
|
||||
|
@ -445,6 +499,50 @@ cp
|
|||
|
||||
int del_subnet_h(conn_list_t *cl)
|
||||
{
|
||||
char *subnetstr;
|
||||
char *name;
|
||||
conn_list_t *owner;
|
||||
subnet_t *subnet, *old;
|
||||
cp
|
||||
if(sscanf(cl->buffer, "%*d %as %as", &name, &subnetstr) != 3)
|
||||
{
|
||||
syslog(LOG_ERR, _("Got bad DEL_SUBNET from %s (%s)"), cl->name, cl->hostname);
|
||||
return -1;
|
||||
}
|
||||
|
||||
/* Check if owner name is a valid */
|
||||
|
||||
if(!check_id(name))
|
||||
{
|
||||
syslog(LOG_ERR, _("Got bad DEL_SUBNET from %s (%s): invalid identity name"), cl->name, cl->hostname);
|
||||
return -1;
|
||||
}
|
||||
|
||||
/* Check if subnet string is valid */
|
||||
|
||||
if((subnet = str2net(subnetstr)) == -1)
|
||||
{
|
||||
syslog(LOG_ERR, _("Got bad DEL_SUBNET from %s (%s): invalid subnet string"), cl->name, cl->hostname);
|
||||
return -1;
|
||||
}
|
||||
|
||||
/* Check if somebody tries to delete a subnet of ourself */
|
||||
|
||||
if(!strcmp(name, myself->name))
|
||||
{
|
||||
syslog(LOG_ERR, _("Warning: got DEL_SUBNET from %s (%s) for ourself, restarting"),
|
||||
cl->name, cl->hostname);
|
||||
sighup = 1;
|
||||
return 0;
|
||||
}
|
||||
|
||||
/* Check if the owner of the new subnet is in the connection list */
|
||||
|
||||
if(!(owner = lookup_id(name))
|
||||
{
|
||||
syslog(LOG_NOTICE, _("Got DEL_SUBNET for %s from %s (%s) which is not in our connection list"),
|
||||
name, cl->name, cl->hostname);
|
||||
}
|
||||
}
|
||||
|
||||
/* New and closed connections notification */
|
||||
|
|
Loading…
Reference in a new issue