Guus Sliepen
551cd19406
Move RSA key generation into the wrappers.
2008-12-14 12:47:26 +00:00
Guus Sliepen
911c05f873
Make sure IPv6 sockets are IPv6 only.
2008-12-11 20:49:14 +00:00
Guus Sliepen
6e80da3370
Use Dijkstra's algorithm. Based on patches from Max Rijevskiy.
2008-12-11 18:07:26 +00:00
Guus Sliepen
26a228e302
Remove wrong checks.
2008-12-11 18:05:59 +00:00
Guus Sliepen
636200d1a2
Remove unnecessary parentheses from sizeof, apply sizeof to variables instead of types whereever possible.
2008-12-11 15:56:18 +00:00
Guus Sliepen
a9bdfb424e
Fix compiler warnings.
2008-12-11 15:42:46 +00:00
Guus Sliepen
76165488f8
Backport fixes from trunk since revision 1555.
2008-12-11 15:21:40 +00:00
Guus Sliepen
046158a216
Use the crypto wrappers again instead of calling OpenSSL directly.
...
This theoretically allows other cryptographic libraries to be used,
and it improves the readability of the code.
2008-12-11 14:44:44 +00:00
Guus Sliepen
8c69f42d7d
Move AC_GNU_SOURCE up to make autoconf happy.
...
Also bump libgcrypt dependency to 1.4.0, because that version supports the OFB cipher mode.
2008-12-11 14:43:13 +00:00
Guus Sliepen
8e8fe805c8
Only show meta connection related debug messages when debug level >= 4
2008-12-11 14:03:52 +00:00
Guus Sliepen
40bebbb19f
Look in the configured sbin directory for the tincd binary.
2008-12-11 13:59:46 +00:00
Guus Sliepen
38c2d6c1da
Correct debug message.
2008-12-05 14:17:39 +00:00
Guus Sliepen
a36259435c
Prevent freeing a NULL pointer when a hostname is unresolvable.
2008-11-18 15:11:27 +00:00
Guus Sliepen
4a1740ede7
Do not try to send REQ_KEY or ANS_KEY requests to unreachable nodes.
2008-10-25 19:54:00 +00:00
Guus Sliepen
cb52aa0683
Fix reading configuration files that do not end with a newline.
2008-10-25 18:10:08 +00:00
Guus Sliepen
b2cee41b18
Make sure the prefixlength of subnets is sane.
...
Thanks to Sven-Haegar Koch for spotting the bug and providing a fix.
2007-12-14 21:17:08 +00:00
Scott Lamb
fe2f1fceb5
Use a control socket directory to restrict access
...
This provides reasonable security even on Solaris. The sysadmin is
responsible for securing the control socket's ancestors from the
grandparent on.
We could add a cryptographic handshake later if desired.
2007-11-08 19:18:44 +00:00
Scott Lamb
b1f8c65a2c
Coding style corrections
2007-11-07 06:45:28 +00:00
Scott Lamb
d82fcc88f3
Reload configuration through control socket
...
I also kept the SIGHUP handler, which many people will expect to see.
The control socket is better, though - it will tell you if there is a
problem.
2007-11-07 02:51:24 +00:00
Scott Lamb
f0a57eab4c
Retry connections through control socket
2007-11-07 02:50:58 +00:00
Scott Lamb
a62a6825a8
Alter debugging levels through control socket
2007-11-07 02:50:27 +00:00
Scott Lamb
1065879c8c
Purge through the control socket
2007-11-07 02:49:57 +00:00
Scott Lamb
6eaefb4dbc
Dump through control socket
...
Note this removes SIGUSR1, SIGUSR2, and the graph dumping config option.
It seems cleaner to do everything through the control socket.
2007-11-07 02:49:25 +00:00
Scott Lamb
50ad3f2a89
Fancier protocol for control socket
...
* pass error status back
* pass message boundaries
2007-11-07 02:48:33 +00:00
Scott Lamb
b0b5299184
Fix reload crash
...
sighup_handler was expecting the connection_tree to stay the same across
terminate_connection(), which hasn't been true since r1539.
2007-11-07 02:48:15 +00:00
Scott Lamb
da81da064a
Update documentation to match tincctl changes
...
(Most of this was done in r1559, but it looks like tincctl.8.in got missed.)
2007-11-07 02:48:00 +00:00
Scott Lamb
40731d030f
Temporarily revert to old crypto code
...
(The new code is still segfaulting for me, and I'd like to proceed with other
work.)
This largely rolls back to the revision 1545 state of the existing code
(new crypto layer is still there with no callers), though I reintroduced
the segfault fix of revision 1562.
2007-11-07 02:47:05 +00:00
Guus Sliepen
269892f70b
Prevent double free() of a used challenge nonce.
2007-10-20 11:21:44 +00:00
Guus Sliepen
b0709d2649
Fix meta data segfault when receiving a partial command.
2007-10-19 19:07:30 +00:00
Guus Sliepen
67d9a72ea2
Use a dummy function as the read callback for connection bufferevents. Should not be triggered.
2007-10-19 18:54:43 +00:00
Guus Sliepen
54892b2e3e
Fix connection weight estimation.
2007-10-19 18:53:48 +00:00
Guus Sliepen
6c453769fd
Apply patch from Scott Lamb: Update documentation to match tincctl changes
2007-09-04 15:06:35 +00:00
Guus Sliepen
86358fabfe
Small fixes to make gcrypt routines compile.
2007-09-04 14:58:52 +00:00
Guus Sliepen
f8733d1935
Fix formatting of --help output.
2007-09-04 14:58:11 +00:00
Guus Sliepen
65375289df
Only check for libgcrypt if --with-gcrypt is used.
2007-09-04 14:57:37 +00:00
Guus Sliepen
d7ca0300a3
Handle SERVICE_CONTROL_INTERROGATE requests. Thanks to Carsten Ralle for noticing this.
2007-08-17 22:09:00 +00:00
Scott Lamb
1fd1d5bd93
const correctness
...
cipher_encrypt and cipher_decrypt should take "const void *" data
2007-07-20 20:10:46 +00:00
Scott Lamb
35d865a634
Updated svn:ignores list for new symlinked sources and tincctl.
2007-07-18 16:44:05 +00:00
Scott Lamb
dd299c06dc
Refresh po/POTFILES.in.
...
In particular, remove lib/pidfile.c which was causing failures. Also sort
for diffability with "find . -type f -name '*.c' | cut -c3- | sort" output.
2007-07-18 16:40:41 +00:00
Scott Lamb
46018a1a16
Revert to only requiring autoconf 2.59.
...
The new autoconf macros introduced at the same time (AC_GNU_SOURCE,
AC_FUNC_MALLOC, AC_FUNC_REALLOC) exist in the autoconf 2.59 documentation,
and autoconf 2.59 appears to still work. This is more convenient, as RHEL 5
ships with autoconf 2.59.
2007-07-18 16:40:29 +00:00
Guus Sliepen
1b8f891836
Finish crypto wrapping. Also provide wrappers for OpenSSL.
...
Disable libgcrypt by default. Since it doesn't support the OFB cipher mode,
we can't use it in a backwards compatible way.
2007-05-23 13:45:49 +00:00
Guus Sliepen
f42e57f663
Some more crypto wrapper functions are needed.
2007-05-22 23:41:22 +00:00
Guus Sliepen
19413a8048
Make sure the crypto wrapper functions can actually be compiled.
2007-05-22 21:44:17 +00:00
Guus Sliepen
e8689a4753
Create wrappers for the cryptographic operations used in tinc.
...
Implement them using libgcrypt.
2007-05-22 21:32:48 +00:00
Guus Sliepen
465837dd7f
Parse PEM RSA keys ourself, and use libgcrypt to do RSA encryption and decryption.
2007-05-20 22:28:49 +00:00
Guus Sliepen
fbf305c09d
Use libevent for meta socket input/output buffering.
2007-05-19 22:23:02 +00:00
Guus Sliepen
59108e4e4f
Use bufferevents to handle control socket buffering.
2007-05-19 16:21:52 +00:00
Guus Sliepen
8c6131deda
Implement "stop" command, and allow tincctl to retrieve a running tincd's PID.
2007-05-19 15:21:26 +00:00
Guus Sliepen
e9043e17c7
Move key generation to tincctl.
2007-05-19 14:55:35 +00:00
Guus Sliepen
bf8e3ce13d
Remove pidfile in favour of control socket.
2007-05-19 14:13:21 +00:00