j3d1/tinc
1
0
Fork 0
Code Issues 1 Pull requests Releases Wiki Activity

First round of needed fixes after the overhaul

Browse source
This commit is contained in:
Ivo Timmermans 2000-09-14 21:51:21 +00:00
parent 296171d115
commit ed397b6ac6
4 changed files with 187 additions and 119 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

99
src/net.c
View file

@ -17,7 +17,7 @@
along with this program; if not, write to the Free Software
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
$Id: net.c,v 1.35.4.28 2000/09/14 11:54:50 guus Exp $
$Id: net.c,v 1.35.4.29 2000/09/14 21:51:19 zarq Exp $
*/
#include "config.h"
@ -103,7 +103,8 @@ cp
rp.len = htons(rp.len);
if(debug_lvl > 3)
syslog(LOG_ERR, _("Sending packet of %d bytes to %s (%s)"), ntohs(rp.len), cl->id, cl->hostname);
syslog(LOG_ERR, _("Sending packet of %d bytes to %s (%s)"),
ntohs(rp.len), cl->name, cl->hostname);
total_socket_out += ntohs(rp.len);
@ -114,7 +115,8 @@ cp
if((send(cl->socket, (char*)&rp, ntohs(rp.len), 0)) < 0)
{
syslog(LOG_ERR, _("Error sending packet to %s (%s): %m"), cl->id, cl->hostname);
syslog(LOG_ERR, _("Error sending packet to %s (%s): %m"),
cl->name, cl->hostname);
return -1;
}
cp
@ -130,7 +132,8 @@ cp
add_mac_addresses(&vp);
if(debug_lvl > 3)
syslog(LOG_ERR, _("Receiving packet of %d bytes from %s (%s)"), ((real_packet_t*)packet)->len, cl->id, cl->hostname);
syslog(LOG_ERR, _("Receiving packet of %d bytes from %s (%s)"),
((real_packet_t*)packet)->len, cl->name, cl->hostname);
if((lenin = write(tap_fd, &vp, vp.len + sizeof(vp.len))) < 0)
syslog(LOG_ERR, _("Can't write to tap device: %m"));
@ -251,14 +254,16 @@ cp
if(cl->sq)
{
if(debug_lvl > 3)
syslog(LOG_DEBUG, _("Flushing send queue for %s (%s)"), cl->id, cl->hostname);
syslog(LOG_DEBUG, _("Flushing send queue for %s (%s)"),
cl->name, cl->hostname);
flush_queue(cl, &(cl->sq), xsend);
}
if(cl->rq)
{
if(debug_lvl > 3)
syslog(LOG_DEBUG, _("Flushing receive queue for %s (%s)"), cl->id, cl->hostname);
syslog(LOG_DEBUG, _("Flushing receive queue for %s (%s)"),
cl->name, cl->hostname);
flush_queue(cl, &(cl->rq), xrecv);
}
cp
@ -308,7 +313,8 @@ cp
if(cl->flags & INDIRECTDATA)
{
if(debug_lvl > 3)
syslog(LOG_NOTICE, _("Indirect packet to %s via %s"), cl->id, cl->hostname);
syslog(LOG_NOTICE, _("Indirect packet to %s via %s"),
cl->name, cl->hostname);
if((cl = lookup_conn(cl->real_ip)) == NULL)
{
if(debug_lvl > 3)
@ -332,14 +338,16 @@ cp
if(!cl->status.dataopen)
if(setup_vpn_connection(cl) < 0)
{
syslog(LOG_ERR, _("Could not open UDP connection to %s (%s)"), cl->id, cl->hostname);
syslog(LOG_ERR, _("Could not open UDP connection to %s (%s)"),
cl->name, cl->hostname);
return -1;
}
if(!cl->status.validkey)
{
if(debug_lvl > 3)
syslog(LOG_INFO, _("%s (%s) has no valid key, queueing packet"), cl->id, cl->hostname);
syslog(LOG_INFO, _("%s (%s) has no valid key, queueing packet"),
cl->name, cl->hostname);
add_queue(&(cl->sq), packet, packet->len + 2);
if(!cl->status.waitingforkey)
send_key_request(cl->vpn_ip); /* Keys should be sent to the host running the tincd */
@ -349,7 +357,8 @@ cp
if(!cl->status.active)
{
if(debug_lvl > 3)
syslog(LOG_INFO, _("%s (%s) is not ready, queueing packet"), cl->id, cl->hostname);
syslog(LOG_INFO, _("%s (%s) is not ready, queueing packet"),
cl->name, cl->hostname);
add_queue(&(cl->sq), packet, packet->len + 2);
return 0; /* We don't want to mess up, do we? */
}
@ -600,11 +609,15 @@ cp
}
myself->vpn_ip = cfg->data.ip->ip;
myself->vpn_hostname = hostlookup(htonl(myself->vpn_ip));
myself->hostname = hostlookup(htonl(myself->vpn_ip));
myself->vpn_mask = cfg->data.ip->mask;
myself->flags = 0;
if(!(cfg = get_config_val(tincname)))
asprintf(&(myself->name), IP_ADDR_S, IP_ADDR_V(myself->vpn_ip));
else
myself->name = (char*)cfg->data.val;
if(!(cfg = get_config_val(listenport)))
myself->port = 655;
else
@ -773,7 +786,8 @@ cp
flags = fcntl(nfd, F_GETFL);
if(fcntl(nfd, F_SETFL, flags | O_NONBLOCK) < 0)
{
syslog(LOG_ERR, _("This is a bug: %s:%d: %d:%m %s (%s)"), __FILE__, __LINE__, nfd, cl->id, cl->hostname);
syslog(LOG_ERR, _("This is a bug: %s:%d: %d:%m %s (%s)"), __FILE__, __LINE__, nfd,
cl->name, cl->hostname);
return -1;
}
@ -859,12 +873,15 @@ int handle_incoming_vpn_data(conn_list_t *cl)
cp
if(getsockopt(cl->socket, SOL_SOCKET, SO_ERROR, &x, &l) < 0)
{
syslog(LOG_ERR, _("This is a bug: %s:%d: %d:%m %s (%s)"), __FILE__, __LINE__, cl->socket, cl->id, cl->hostname);
syslog(LOG_ERR, _("This is a bug: %s:%d: %d:%m %s (%s)"),
__FILE__, __LINE__, cl->socket,
cl->name, cl->hostname);
return -1;
}
if(x)
{
syslog(LOG_ERR, _("Incoming data socket error for %s (%s): %s"), cl->id, cl->hostname, strerror(x));
syslog(LOG_ERR, _("Incoming data socket error for %s (%s): %s"),
cl->name, cl->hostname, strerror(x));
return -1;
}
@ -872,7 +889,8 @@ cp
lenin = recvfrom(cl->socket, &rp, MTU, 0, NULL, NULL);
if(lenin <= 0)
{
syslog(LOG_ERR, _("Receiving packet from %s (%s) failed: %m"), cl->id, cl->hostname);
syslog(LOG_ERR, _("Receiving packet from %s (%s) failed: %m"),
cl->name, cl->hostname);
return -1;
}
total_socket_in += lenin;
@ -886,7 +904,8 @@ cp
f = lookup_conn(rp.from);
if(!f)
{
syslog(LOG_ERR, _("Got packet from %s (%s) with unknown origin %d.%d.%d.%d?"), cl->id, cl->hostname, IP_ADDR_V(rp.from));
syslog(LOG_ERR, _("Got packet from %s (%s) with unknown origin %d.%d.%d.%d?"),
cl->name, cl->hostname, IP_ADDR_V(rp.from));
return -1;
}
@ -919,7 +938,8 @@ cp
return;
if(debug_lvl > 0)
syslog(LOG_NOTICE, _("Closing connection with %s (%s)"), cl->id, cl->hostname);
syslog(LOG_NOTICE, _("Closing connection with %s (%s)"),
cl->name, cl->hostname);
if(cl->status.timeout)
send_timeout(cl);
@ -992,7 +1012,8 @@ cp
if(p->status.pinged && !p->status.got_pong)
{
if(debug_lvl > 1)
syslog(LOG_INFO, _("%s (%s) didn't respond to PING"), cl->id, cl->hostname);
syslog(LOG_INFO, _("%s (%s) didn't respond to PING"),
p->name, p->hostname);
p->status.timeout = 1;
terminate_connection(p);
}
@ -1052,12 +1073,14 @@ int handle_incoming_meta_data(conn_list_t *cl)
cp
if(getsockopt(cl->meta_socket, SOL_SOCKET, SO_ERROR, &x, &l) < 0)
{
syslog(LOG_ERR, _("This is a bug: %s:%d: %d:%m %s (%s)"), __FILE__, __LINE__, cl->meta_socket, cl->id, cl->hostname);
syslog(LOG_ERR, _("This is a bug: %s:%d: %d:%m %s (%s)"), __FILE__, __LINE__, cl->meta_socket,
cl->name, cl->hostname);
return -1;
}
if(x)
{
syslog(LOG_ERR, _("Metadata socket error for %s (%s): %s"), cl->id, cl->hostname, strerror(x));
syslog(LOG_ERR, _("Metadata socket error for %s (%s): %s"),
cl->name, cl->hostname, strerror(x));
return -1;
}
@ -1070,14 +1093,16 @@ cp
if(errno==0)
{
if(debug_lvl>DEBUG_CONNECTIONS)
syslog(LOG_NOTICE, _("Connection closed by %s (%s)"), cl->id, cl->hostname);
syslog(LOG_NOTICE, _("Connection closed by %s (%s)"),
cl->name, cl->hostname);
}
else
syslog(LOG_ERR, _("Metadata socket read error for %s (%s): %m"), cl->id, cl->hostname);
syslog(LOG_ERR, _("Metadata socket read error for %s (%s): %m"),
cl->name, cl->hostname);
return -1;
}
if(cl->status.encrypted)
if(cl->status.encryptin)
{
/* FIXME: do decryption. */
}
@ -1102,28 +1127,34 @@ cp
if(cl->reqlen)
{
if(debug_lvl > DEBUG_PROTOCOL)
syslog(LOG_DEBUG, _("Got request from %s (%s): %s"), cl->id, cl->hostname, cl->buffer);
syslog(LOG_DEBUG, _("Got request from %s (%s): %s"),
cl->name, cl->hostname, cl->buffer);
if(sscanf(cl->buffer, "%d", &request) == 1)
{
if((request < 0) || (request > 255) || (request_handlers[request] == NULL))
{
syslog(LOG_ERR, _("Unknown request from %s (%s)"), cl->id, cl->hostname);
syslog(LOG_ERR, _("Unknown request from %s (%s)"),
cl->name, cl->hostname);
return -1;
}
else
{
if(debug_lvl > DEBUG_PROTOCOL)
syslog(LOG_DEBUG, _("Got %s from %s (%s)"), request_name[request], cl->id, cl->hostname);
if(request_handlers[request](cl)) /* Something went wrong. Probably scriptkiddies. Terminate. */
syslog(LOG_DEBUG, _("Got %s from %s (%s)"),
request_name[request], cl->name, cl->hostname);
}
if(request_handlers[request](cl))
/* Something went wrong. Probably scriptkiddies. Terminate. */
{
syslog(LOG_ERR, _("Error while processing %s from %s (%s)"), request_name[request], cl->id, cl->hostname);
syslog(LOG_ERR, _("Error while processing %s from %s (%s)"),
request_name[request], cl->name, cl->hostname);
return -1;
}
}
else
{
syslog(LOG_ERR, _("Bogus data received from %s (%s)"), cl->id, cl->hostname);
syslog(LOG_ERR, _("Bogus data received from %s (%s)"),
cl->name, cl->hostname);
return -1;
}
@ -1139,7 +1170,8 @@ cp
if(cl->buflen >= MAXBUFSIZE)
{
syslog(LOG_ERR, _("Metadata read buffer overflow for %s (%s)"), cl->id, cl->hostname);
syslog(LOG_ERR, _("Metadata read buffer overflow for %s (%s)"),
cl->name, cl->hostname);
return -1;
}
@ -1173,7 +1205,8 @@ cp
I've once got here when it said `No route to host'.
*/
getsockopt(p->socket, SOL_SOCKET, SO_ERROR, &x, &l);
syslog(LOG_ERR, _("Outgoing data socket error for %s (%s): %s"), cl->id, cl->hostname, strerror(x));
syslog(LOG_ERR, _("Outgoing data socket error for %s (%s): %s"),
p->name, p->hostname, strerror(x));
terminate_connection(p);
return;
}
@ -1272,6 +1305,8 @@ cp
if(sighup)
{
sighup = 0;
if(debug_lvl > 1)
syslog(LOG_INFO, _("Rereading configuration file"));
close_network_connections();
clear_config();
if(read_config_file(configfilename))

13
src/net.h
View file

@ -16,7 +16,7 @@
along with this program; if not, write to the Free Software
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
$Id: net.h,v 1.9.4.10 2000/09/14 14:32:34 zarq Exp $
$Id: net.h,v 1.9.4.11 2000/09/14 21:51:20 zarq Exp $
*/
#ifndef __TINC_NET_H__
@ -53,6 +53,7 @@
#define TCPONLY 0x0004 /* Tells sender to send packets over TCP instead of UDP (for firewalls) */
typedef unsigned long ip_t;
typedef unsigned short port_t;
typedef short length_t;
struct conn_list_t;
@ -95,9 +96,14 @@ typedef struct status_bits_t {
int dataopen:1; /* 1 if we have a valid UDP connection open */
int encryptout:1; /* 1 if we can encrypt outgoing traffic */
int encryptin:1; /* 1 if we have to decrypt incoming traffic */
int unused:19;
int encrypted:1;
int unused:18;
} status_bits_t;
typedef struct option_bits_t {
int unused:32;
} option_bits_t;
typedef struct queue_element_t {
void *packet;
struct queue_element_t *prev;
@ -127,6 +133,7 @@ typedef struct conn_list_t {
int meta_socket; /* our tcp meta socket */
int protocol_version; /* used protocol */
status_bits_t status; /* status info */
option_bits_t options; /* options turned on for this connection */
passphrase_t *pp; /* encoded passphrase */
packet_queue_t *sq; /* pending outgoing packets */
packet_queue_t *rq; /* pending incoming packets (they have no
@ -141,7 +148,7 @@ typedef struct conn_list_t {
int want_ping; /* 0 if there's no need to check for activity */
int allow_request; /* defined if there's only one request possible */
char *chal_answer; /* answer to the given challenge */
enc_key_t *metakey;
enc_key_t *rsakey;
struct conn_list_t *nexthop; /* nearest meta-hop in this direction */
struct conn_list_t *next; /* after all, it's a list of connections */
} conn_list_t;

12
src/netutl.c
View file

@ -16,7 +16,7 @@
along with this program; if not, write to the Free Software
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
$Id: netutl.c,v 1.12.4.8 2000/09/06 11:49:05 guus Exp $
$Id: netutl.c,v 1.12.4.9 2000/09/14 21:51:20 zarq Exp $
*/
#include "config.h"
@ -90,10 +90,10 @@ cp
destroy_queue(p->sq);
if(p->rq)
destroy_queue(p->rq);
if(p->vpn_hostname)
free(p->vpn_hostname);
if(p->real_hostname)
free(p->real_hostname);
if(p->name)
free(p->name);
if(p->hostname)
free(p->hostname);
free_key(p->public_key);
free_key(p->key);
free(p);
@ -247,7 +247,7 @@ cp
for(p = conn_list; p != NULL; p = p->next)
{
syslog(LOG_DEBUG, _("%s netmask %d.%d.%d.%d at %s port %hd flags %d sockets %d, %d status %04x"),
p->vpn_hostname, IP_ADDR_V(p->vpn_mask), p->real_hostname, p->port, p->flags,
p->name, IP_ADDR_V(p->vpn_mask), p->hostname, p->port, p->flags,
p->socket, p->meta_socket, p->status);
}
cp

182
src/protocol.c
View file

@ -17,7 +17,7 @@
along with this program; if not, write to the Free Software
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
$Id: protocol.c,v 1.28.4.30 2000/09/14 11:54:51 guus Exp $
$Id: protocol.c,v 1.28.4.31 2000/09/14 21:51:21 zarq Exp $
*/
#include "config.h"
@ -36,6 +36,8 @@
#include <netinet/in.h>
#include <openssl/sha.h>
#include "conf.h"
#include "encr.h"
#include "net.h"
@ -50,11 +52,13 @@ int send_request(conn_list_t *cl, const char *format, int request, /*args*/ ...)
{
va_list args;
char *buffer = NULL;
int len;
cp
if(debug_lvl >= DEBUG_PROTOCOL)
syslog(LOG_DEBUG, _("Sending %s to %s (%s)"), requestname[request], cl->id, cl->hostname);
syslog(LOG_DEBUG, _("Sending %s to %s (%s)"), request_name[request], cl->name, cl->hostname);
va_start(args, format);
va_start(args, request);
len = vasprintf(&buffer, format, args);
va_end(args);
@ -65,14 +69,15 @@ cp
}
if(debug_lvl >= DEBUG_META)
syslog(LOG_DEBUG, _("Sending meta data to %s (%s): %s"), cl->id, cl->hostname, buffer);
syslog(LOG_DEBUG, _("Sending meta data to %s (%s): %s"),
cl->name, cl->hostname, buffer);
if(cl->status.encrypted)
if(cl->status.encryptin)
{
/* FIXME: Do encryption */
}
if((write(cl->meta_socket, buffer, buflen)) < 0)
if((write(cl->meta_socket, buffer, len)) < 0)
{
syslog(LOG_ERR, _("Sending meta data failed: %m"));
return -1;
@ -104,7 +109,8 @@ cp
int send_id(conn_list_t *cl)
{
cp
return send_request(cl, "%d %s %d %s", ID, myself->id, myself->version, opt2str(myself->options));
return send_request(cl, "%d %s %d %s", ID,
myself->name, myself->protocol_version, opt2str(myself->options));
}
int id_h(conn_list_t *cl)
@ -112,7 +118,7 @@ int id_h(conn_list_t *cl)
conn_list_t *old;
char *options;
cp
if(sscanf(cl->buffer, "%*d %as %d %as", &cl->id, &cl->version, &options) != 3)
if(sscanf(cl->buffer, "%*d %as %d %as", &cl->name, &cl->protocol_version, &options) != 3)
{
syslog(LOG_ERR, _("Got bad ID from %s"), cl->hostname);
return -1;
@ -120,9 +126,10 @@ cp
/* Check if version matches */
if(cl->version != myself->version)
if(cl->protocol_version != myself->protocol_version)
{
syslog(LOG_ERR, _("Peer %s uses incompatible version %d"), cl->hostname, cl->min_version, cl->max_version);
syslog(LOG_ERR, _("Peer %s (%s) uses incompatible version %d"),
cl->name, cl->hostname, cl->protocol_version);
return -1;
}
@ -136,7 +143,7 @@ cp
/* Check if identity is a valid name */
if(!check_id(cl->id))
if(!check_id(cl->name))
{
syslog(LOG_ERR, _("Peer %s uses invalid identity name"), cl->hostname);
return -1;
@ -146,7 +153,7 @@ cp
if(!read_id(cl))
{
syslog(LOG_ERR, _("Peer %s had unknown identity (%s)"), cl->hostname, cl->id);
syslog(LOG_ERR, _("Peer %s had unknown identity (%s)"), cl->hostname, cl->name);
return -1;
}
@ -158,10 +165,10 @@ cp
if(cl->status.outgoing)
{
if((old=lookup_id(cl->id)))
if((old = lookup_id(cl->name)))
{
if(debug_lvl > DEBUG_CONNECTIONS)
syslog(LOG_NOTICE, _("Uplink %s (%s) is already in our connection list"), cl->id, cl->hostname);
syslog(LOG_NOTICE, _("Uplink %s (%s) is already in our connection list"), cl->name, cl->hostname);
cl->status.outgoing = 0;
old->status.outgoing = 1;
terminate_connection(cl);
@ -182,30 +189,30 @@ int send_challenge(conn_list_t *cl)
int keylength;
int x;
cp
if(cl->chal_hash)
free(cl->chal_hash);
if(cl->chal_answer)
free(cl->chal_answer);
/* Allocate buffers for the challenge and the hash */
cl->chal_hash = xmalloc(SHA_DIGEST_LEN);
keylength = BN_num_bytes(cl->rsakey.n);
cl->chal_answer = xmalloc(SHA_DIGEST_LENGTH);
keylength = BN_num_bytes(cl->rsakey->length);
buffer = xmalloc(keylength*2);
/* Copy random data and the public key to the buffer */
RAND_bytes(buffer, keylength);
BN_bn2bin(cl->rsakey.n, buffer+keylength);
BN_bn2bin(cl->rsakey->length, buffer+keylength);
/* If we don't have a blowfish key set yet, use the random data from the challenge to do so. */
if(!cl->status.encrypted)
if(!cl->status.encryptin)
{
set_metakey(cl, buffer, keylength);
}
/* Calculate the hash from that */
SHA1(buffer, keylength*2, cl->chal_hash);
SHA1(buffer, keylength*2, cl->chal_answer);
/* Convert the random data to a hexadecimal formatted string */
@ -217,7 +224,7 @@ cp
cl->allow_request = CHAL_REPLY;
x = send_request(cl, "%d %s", CHALLENGE, buffer);
free(buffer);
cl->status.encrypted = 1;
cl->status.encryptout = 1;
cp
return x;
}
@ -225,10 +232,12 @@ cp
int challenge_h(conn_list_t *cl)
{
char *challenge;
int x;
cp
if(sscanf(cl->buffer, "%*d %as", &cl->id, &challenge) != 1)
if(sscanf(cl->buffer, "%*d %as", &cl->name, &challenge) != 1)
{
syslog(LOG_ERR, _("Got bad CHALLENGE from %s (%s)"), cl->id, cl->hostname);
syslog(LOG_ERR, _("Got bad CHALLENGE from %s (%s)"), cl->name, cl->hostname);
return -1;
}
@ -246,26 +255,27 @@ int send_chal_reply(conn_list_t *cl, char *challenge)
int keylength;
char *hash;
int x;
cp
keylength = BN_num_bytes(myself->rsakey.n);
keylength = BN_num_bytes(myself->rsakey->length);
/* Check if the length of the challenge is all right */
if(strlen(challenge) != keylength*2)
{
syslog(LOG_ERROR, _("Intruder: wrong challenge length from %s (%s)"), cl->id, cl->hostname);
syslog(LOG_ERR, _("Intruder: wrong challenge length from %s (%s)"), cl->name, cl->hostname);
return -1;
}
/* Allocate buffers for the challenge and the hash */
buffer = xmalloc(keylength*2);
hash = xmalloc(SHA_DIGEST_LEN*2+1);
hash = xmalloc(SHA_DIGEST_LENGTH*2+1);
/* Copy the incoming random data and our public key to the buffer */
hex2bin(challenge, buffer, keylength);
BN_bn2bin(myself->rsakey.n, buffer+keylength);
BN_bn2bin(myself->rsakey->length, buffer+keylength);
/* Calculate the hash from that */
@ -283,13 +293,13 @@ cp
/* Convert the hash to a hexadecimal formatted string */
bin2hex(hash,hash,SHA_DIGEST_LEN);
hash[SHA_DIGEST_LEN*2] = '\0';
bin2hex(hash,hash,SHA_DIGEST_LENGTH);
hash[SHA_DIGEST_LENGTH*2] = '\0';
/* Send the reply */
if(cl->status.outgoing)
cl->allow_resuest = ID;
cl->allow_request = ID;
else
cl->allow_request = ACK;
@ -303,29 +313,29 @@ int chal_reply_h(conn_list_t *cl)
{
char *hash;
cp
if(sscanf(cl->buffer, "%*d %as", &cl->id, &hash) != 2)
if(sscanf(cl->buffer, "%*d %as", &cl->name, &hash) != 2)
{
syslog(LOG_ERR, _("Got bad CHAL_REPLY from %s (%s)"), cl->id, cl->hostname);
syslog(LOG_ERR, _("Got bad CHAL_REPLY from %s (%s)"), cl->name, cl->hostname);
return -1;
}
/* Check if the length of the hash is all right */
if(strlen(hash) != SHA_DIGEST_LEN*2)
if(strlen(hash) != SHA_DIGEST_LENGTH*2)
{
syslog(LOG_ERROR, _("Intruder: wrong challenge reply length from %s (%s)"), cl->id, cl->hostname);
syslog(LOG_ERR, _("Intruder: wrong challenge reply length from %s (%s)"), cl->name, cl->hostname);
return -1;
}
/* Convert the hash to binary format */
hex2bin(hash, hash, SHA_DIGEST_LEN);
hex2bin(hash, hash, SHA_DIGEST_LENGTH);
/* Verify the incoming hash with the calculated hash */
if{!memcmp(hash, cl->chal_hash, SHA_DIGEST_LEN)}
if(!memcmp(hash, cl->chal_answer, SHA_DIGEST_LENGTH))
{
syslog(LOG_ERROR, _("Intruder: wrong challenge reply from %s (%s)"), cl->id, cl->hostname);
syslog(LOG_ERR, _("Intruder: wrong challenge reply from %s (%s)"), cl->name, cl->hostname);
return -1;
}
@ -335,7 +345,7 @@ cp
*/
free(hash);
free(cl->chal_hash);
free(cl->chal_answer);
cp
if(cl->status.outgoing)
@ -358,18 +368,19 @@ cp
int ack_h(conn_list_t *cl)
{
conn_list_t old;
conn_list_t *old;
cp
/* Okay, before we active the connection, we check if there is another entry
in the connection list with the same vpn_ip. If so, it presumably is an
old connection that has timed out but we don't know it yet.
*/
while((old = lookup_id(cl->id)))
while((old = lookup_id(cl->name)))
{
if(debug_lvl > DEBUG_CONNECTIONS)
syslog(LOG_NOTICE, _("Removing old entry for %s at %s in favour of new connection from %s"),
cl->id, old->hostname, cl->hostname);
cl->name, old->hostname, cl->hostname);
old->status.active = 0;
terminate_connection(old);
}
@ -380,7 +391,7 @@ cp
cl->status.active = 1;
if(debug_lvl > DEBUG_CONNECTIONS)
syslog(LOG_NOTICE, _("Connection with %s (%s) activated"), cl->id, cl->hostname);
syslog(LOG_NOTICE, _("Connection with %s (%s) activated"), cl->name, cl->hostname);
/* Exchange information about other tinc daemons */
@ -401,7 +412,10 @@ cp
int send_add_subnet(conn_list_t *cl, conn_list_t *other, subnet_t *subnet)
{
cp
return send_request(cl, "%d %s %d %s", ADD_SUBNET, other->id, subnet->type, net2str(subnet));
/* return send_request(cl, "%d %s %d %s", ADD_SUBNET,
other->name, subnet->type, net2str(subnet)); */
return send_request(cl, "%d %s %s", ADD_SUBNET,
other->name, net2str(subnet));
}
int add_subnet_h(conn_list_t *cl)
@ -411,7 +425,7 @@ int add_subnet_h(conn_list_t *cl)
int send_del_subnet(conn_list_t *cl, conn_list_t *other, subnet_t *subnet)
{
cp
return send_request(cl, "%d %s %d %s", DEL_SUBNET, other->id, subnet->type, net2str(subnet));
return send_request(cl, "%d %s %s", DEL_SUBNET, other->name, net2str(subnet));
}
int del_subnet_h(conn_list_t *cl)
@ -423,7 +437,7 @@ int del_subnet_h(conn_list_t *cl)
int send_add_host(conn_list_t *cl, conn_list_t *other)
{
cp
return send_request(cl, "%d %s %lx:%d %s", ADD_HOST, other->id, other->address, other->port, opt2str(other->options));
return send_request(cl, "%d %s %lx:%d %s", ADD_HOST, other->name, other->real_ip, other->port, opt2str(other->options));
}
int add_host_h(conn_list_t *cl)
@ -433,55 +447,57 @@ int add_host_h(conn_list_t *cl)
cp
new = new_conn_list();
if(sscanf(cl->buffer, "%*d %as %lx:%d %as", &new->id, &new->address, &new->port, &options) != 4)
if(sscanf(cl->buffer, "%*d %as %lx:%d %as", &new->name, &new->real_ip, &new->port, &options) != 4)
{
syslog(LOG_ERR, _("Got bad ADD_HOST from %s (%s)"), cl->id, cl->hostname);
syslog(LOG_ERR, _("Got bad ADD_HOST from %s (%s)"), cl->name, cl->hostname);
return -1;
}
/* Check if option string is valid */
if((new->options = str2opt(options) == -1)
if((new->options = str2opt(options)) == -1)
{
syslog(LOG_ERR, _("Got bad ADD_HOST from %s (%s): invalid option string"), cl->hostname);
syslog(LOG_ERR, _("Got bad ADD_HOST from %s (%s): invalid option string"), cl->name, cl->hostname);
return -1;
}
/* Check if identity is a valid name */
if(!check_id(new->id))
if(!check_id(new->name))
{
syslog(LOG_ERR, _("Got bad ADD_HOST from %s (%s): invalid identity name"), cl->id, cl->hostname);
syslog(LOG_ERR, _("Got bad ADD_HOST from %s (%s): invalid identity name"), cl->name, cl->hostname);
return -1;
}
/* Check if somebody tries to add ourself */
if(!strcmp(new->id, myself->id))
if(!strcmp(new->name, myself->name))
{
syslog(LOG_ERR, _("Warning: got ADD_HOST from %s (%s) for ourself, restarting"), cl->id, cl->hostname);
syslog(LOG_ERR, _("Warning: got ADD_HOST from %s (%s) for ourself, restarting"), cl->name, cl->hostname);
sighup = 1;
return 0;
}
/* Fill in more of the new conn_list structure */
new->hostname = hostlookup(htonl(new->address));
new->hostname = hostlookup(htonl(new->real_ip));
/* Check if the new host already exists in the connnection list */
if((old = lookup_id(id))
if((old = lookup_id(new->name)))
{
if((new->address == old->address) && (new->port == old->port))
if((new->real_ip == old->real_ip) && (new->port == old->port))
{
if(debug_lvl > DEBUG_CONNECTIONS)
syslog(LOG_NOTICE, _("Got duplicate ADD_HOST for %s (%s) from %s (%s)"), old->id, old->hostname, new->id, new->hostname);
syslog(LOG_NOTICE, _("Got duplicate ADD_HOST for %s (%s) from %s (%s)"),
old->name, old->hostname, new->name, new->hostname);
return 0;
}
else
{
if(debug_lvl > DEBUG_CONNECTIONS)
syslog(LOG_NOTICE, _("Removing old entry for %s (%s)"), old->id, old->hostname);
syslog(LOG_NOTICE, _("Removing old entry for %s (%s)"),
old->name, old->hostname);
old->status.active = 0;
terminate_connection(old);
}
@ -507,7 +523,8 @@ cp
int send_del_host(conn_list_t *cl, conn_list_t *other)
{
cp
return send_request(cl, "%d %s %lx:%d", DEL_HOST, other->id, other->address, other->port);
return send_request(cl, "%d %s %lx:%d", DEL_HOST,
other->name, other->real_ip, other->port);
}
int del_host_h(conn_list_t *cl)
@ -516,34 +533,37 @@ int del_host_h(conn_list_t *cl)
ip_t address;
port_t port;
conn_list_t *old;
cp
if(sscanf(cl->buffer, "%*d %as %lx:%d", &id, &address, &port) != 3)
{
syslog(LOG_ERR, _("Got bad DEL_HOST from %s (%s)"), cl->id, cl->hostname);
return -1;
syslog(LOG_ERR, _("Got bad DEL_HOST from %s (%s)"),
cl->name, cl->hostname);
return -1;
}
/* Check if somebody tries to delete ourself */
if(!strcmp(id, myself->id))
if(!strcmp(id, myself->name))
{
syslog(LOG_ERR, _("Warning: got DEL_HOST from %s (%s) for ourself, restarting"), cl->id, cl->hostname);
syslog(LOG_ERR, _("Warning: got DEL_HOST from %s (%s) for ourself, restarting"),
cl->name, cl->hostname);
sighup = 1;
return 0;
}
/* Check if the new host already exists in the connnection list */
if((old = lookup_id(id))
if((old = lookup_id(id)))
{
if((address == old->address) && (port == old->port))
if((address == old->real_ip) && (port == old->port))
{
notify_others(old, cl, send_del_host);
fw->status.termreq = 1;
fw->status.active = 0;
old->status.termreq = 1;
old->status.active = 0;
terminate_connection(fw);
terminate_connection(old);
cp
return 0;
}
@ -551,7 +571,8 @@ cp
if(debug_lvl > DEBUG_CONNECTIONS)
{
syslog(LOG_NOTICE, _("Got DEL_HOST for %s from %s (%s) which is not in our connection list"), id, cl->id, cl->hostname);
syslog(LOG_NOTICE, _("Got DEL_HOST for %s from %s (%s) which is not in our connection list"),
id, cl->name, cl->hostname);
}
cp
return 0;
@ -581,7 +602,8 @@ cp
if(debug_lvl > DEBUG_STATUS)
{
syslog(LOG_NOTICE, _("Status message from %s (%s): %s: %s"), cl->id, cl->hostname, status_text[statusno], statusstring);
syslog(LOG_NOTICE, _("Status message from %s (%s): %s: %s"),
cl->name, cl->hostname, status_text[statusno], statusstring);
}
cp
@ -592,8 +614,8 @@ cp
int send_error(conn_list_t *cl, int errno, char *errstring)
{
cp
if(!errorstring)
errorstring = error_text[errno];
if(!errstring)
errstring = error_text[errno];
return send_request(cl, "%d %d %s", ERROR, errno, errstring);
}
@ -604,13 +626,15 @@ int error_h(conn_list_t *cl)
cp
if(sscanf(cl->buffer, "%*d %d %as", &errno, &errorstring) != 2)
{
syslog(LOG_ERR, _("Got bad error from %s (%s)"), cl->id, cl->hostname);
syslog(LOG_ERR, _("Got bad error from %s (%s)"),
cl->name, cl->hostname);
return -1;
}
if(debug_lvl > DEBUG_error)
{
syslog(LOG_NOTICE, _("Error message from %s (%s): %s: %s"), cl->id, cl->hostname, error_text[errno], errorstring);
syslog(LOG_NOTICE, _("Error message from %s (%s): %s: %s"),
cl->name, cl->hostname, error_text[errno], errorstring);
}
free(errorstring);
@ -673,7 +697,8 @@ cp
for(p = conn_list; p != NULL; p = p->next)
{
if(p!=cl && p->status.meta && p->status.active)
send_request(p, "%d %s", KEY_CHANGED, from->id);
send_request(p, "%d %s", KEY_CHANGED,
from->name);
}
cp
return 0;
@ -686,8 +711,9 @@ int key_changed_h(conn_list_t *cl)
cp
if(sscanf(cl->buffer, "%*d %as", &from_id) != 1)
{
syslog(LOG_ERR, _("Got bad KEY_CHANGED from %s (%s)"), cl->id, cl->hostname);
return -1;
syslog(LOG_ERR, _("Got bad KEY_CHANGED from %s (%s)"),
cl->name, cl->hostname);
return -1;
}
if(!(from = lookup_id(from_id)))