Commit graph

1667 commits

Author SHA1 Message Date
Guus Sliepen
551cd19406 Move RSA key generation into the wrappers. 2008-12-14 12:47:26 +00:00
Guus Sliepen
911c05f873 Make sure IPv6 sockets are IPv6 only. 2008-12-11 20:49:14 +00:00
Guus Sliepen
6e80da3370 Use Dijkstra's algorithm. Based on patches from Max Rijevskiy. 2008-12-11 18:07:26 +00:00
Guus Sliepen
26a228e302 Remove wrong checks. 2008-12-11 18:05:59 +00:00
Guus Sliepen
636200d1a2 Remove unnecessary parentheses from sizeof, apply sizeof to variables instead of types whereever possible. 2008-12-11 15:56:18 +00:00
Guus Sliepen
a9bdfb424e Fix compiler warnings. 2008-12-11 15:42:46 +00:00
Guus Sliepen
76165488f8 Backport fixes from trunk since revision 1555. 2008-12-11 15:21:40 +00:00
Guus Sliepen
046158a216 Use the crypto wrappers again instead of calling OpenSSL directly.
This theoretically allows other cryptographic libraries to be used,
and it improves the readability of the code.
2008-12-11 14:44:44 +00:00
Guus Sliepen
8c69f42d7d Move AC_GNU_SOURCE up to make autoconf happy.
Also bump libgcrypt dependency to 1.4.0, because that version supports the OFB cipher mode.
2008-12-11 14:43:13 +00:00
Guus Sliepen
8e8fe805c8 Only show meta connection related debug messages when debug level >= 4 2008-12-11 14:03:52 +00:00
Guus Sliepen
40bebbb19f Look in the configured sbin directory for the tincd binary. 2008-12-11 13:59:46 +00:00
Guus Sliepen
38c2d6c1da Correct debug message. 2008-12-05 14:17:39 +00:00
Guus Sliepen
a36259435c Prevent freeing a NULL pointer when a hostname is unresolvable. 2008-11-18 15:11:27 +00:00
Guus Sliepen
4a1740ede7 Do not try to send REQ_KEY or ANS_KEY requests to unreachable nodes. 2008-10-25 19:54:00 +00:00
Guus Sliepen
cb52aa0683 Fix reading configuration files that do not end with a newline. 2008-10-25 18:10:08 +00:00
Guus Sliepen
b2cee41b18 Make sure the prefixlength of subnets is sane.
Thanks to Sven-Haegar Koch for spotting the bug and providing a fix.
2007-12-14 21:17:08 +00:00
Scott Lamb
fe2f1fceb5 Use a control socket directory to restrict access
This provides reasonable security even on Solaris. The sysadmin is
responsible for securing the control socket's ancestors from the
grandparent on.

We could add a cryptographic handshake later if desired.
2007-11-08 19:18:44 +00:00
Scott Lamb
b1f8c65a2c Coding style corrections 2007-11-07 06:45:28 +00:00
Scott Lamb
d82fcc88f3 Reload configuration through control socket
I also kept the SIGHUP handler, which many people will expect to see.
The control socket is better, though - it will tell you if there is a
problem.
2007-11-07 02:51:24 +00:00
Scott Lamb
f0a57eab4c Retry connections through control socket 2007-11-07 02:50:58 +00:00
Scott Lamb
a62a6825a8 Alter debugging levels through control socket 2007-11-07 02:50:27 +00:00
Scott Lamb
1065879c8c Purge through the control socket 2007-11-07 02:49:57 +00:00
Scott Lamb
6eaefb4dbc Dump through control socket
Note this removes SIGUSR1, SIGUSR2, and the graph dumping config option.
It seems cleaner to do everything through the control socket.
2007-11-07 02:49:25 +00:00
Scott Lamb
50ad3f2a89 Fancier protocol for control socket
* pass error status back
* pass message boundaries
2007-11-07 02:48:33 +00:00
Scott Lamb
b0b5299184 Fix reload crash
sighup_handler was expecting the connection_tree to stay the same across
terminate_connection(), which hasn't been true since r1539.
2007-11-07 02:48:15 +00:00
Scott Lamb
da81da064a Update documentation to match tincctl changes
(Most of this was done in r1559, but it looks like tincctl.8.in got missed.)
2007-11-07 02:48:00 +00:00
Scott Lamb
40731d030f Temporarily revert to old crypto code
(The new code is still segfaulting for me, and I'd like to proceed with other
work.)

This largely rolls back to the revision 1545 state of the existing code
(new crypto layer is still there with no callers), though I reintroduced
the segfault fix of revision 1562.
2007-11-07 02:47:05 +00:00
Guus Sliepen
269892f70b Prevent double free() of a used challenge nonce. 2007-10-20 11:21:44 +00:00
Guus Sliepen
b0709d2649 Fix meta data segfault when receiving a partial command. 2007-10-19 19:07:30 +00:00
Guus Sliepen
67d9a72ea2 Use a dummy function as the read callback for connection bufferevents. Should not be triggered. 2007-10-19 18:54:43 +00:00
Guus Sliepen
54892b2e3e Fix connection weight estimation. 2007-10-19 18:53:48 +00:00
Guus Sliepen
6c453769fd Apply patch from Scott Lamb: Update documentation to match tincctl changes 2007-09-04 15:06:35 +00:00
Guus Sliepen
86358fabfe Small fixes to make gcrypt routines compile. 2007-09-04 14:58:52 +00:00
Guus Sliepen
f8733d1935 Fix formatting of --help output. 2007-09-04 14:58:11 +00:00
Guus Sliepen
65375289df Only check for libgcrypt if --with-gcrypt is used. 2007-09-04 14:57:37 +00:00
Guus Sliepen
d7ca0300a3 Handle SERVICE_CONTROL_INTERROGATE requests. Thanks to Carsten Ralle for noticing this. 2007-08-17 22:09:00 +00:00
Scott Lamb
1fd1d5bd93 const correctness
cipher_encrypt and cipher_decrypt should take "const void *" data
2007-07-20 20:10:46 +00:00
Scott Lamb
35d865a634 Updated svn:ignores list for new symlinked sources and tincctl. 2007-07-18 16:44:05 +00:00
Scott Lamb
dd299c06dc Refresh po/POTFILES.in.
In particular, remove lib/pidfile.c which was causing failures. Also sort
for diffability with "find . -type f -name '*.c' | cut -c3- | sort" output.
2007-07-18 16:40:41 +00:00
Scott Lamb
46018a1a16 Revert to only requiring autoconf 2.59.
The new autoconf macros introduced at the same time (AC_GNU_SOURCE,
AC_FUNC_MALLOC, AC_FUNC_REALLOC) exist in the autoconf 2.59 documentation,
and autoconf 2.59 appears to still work. This is more convenient, as RHEL 5
ships with autoconf 2.59.
2007-07-18 16:40:29 +00:00
Guus Sliepen
1b8f891836 Finish crypto wrapping. Also provide wrappers for OpenSSL.
Disable libgcrypt by default. Since it doesn't support the OFB cipher mode,
we can't use it in a backwards compatible way.
2007-05-23 13:45:49 +00:00
Guus Sliepen
f42e57f663 Some more crypto wrapper functions are needed. 2007-05-22 23:41:22 +00:00
Guus Sliepen
19413a8048 Make sure the crypto wrapper functions can actually be compiled. 2007-05-22 21:44:17 +00:00
Guus Sliepen
e8689a4753 Create wrappers for the cryptographic operations used in tinc.
Implement them using libgcrypt.
2007-05-22 21:32:48 +00:00
Guus Sliepen
465837dd7f Parse PEM RSA keys ourself, and use libgcrypt to do RSA encryption and decryption. 2007-05-20 22:28:49 +00:00
Guus Sliepen
fbf305c09d Use libevent for meta socket input/output buffering. 2007-05-19 22:23:02 +00:00
Guus Sliepen
59108e4e4f Use bufferevents to handle control socket buffering. 2007-05-19 16:21:52 +00:00
Guus Sliepen
8c6131deda Implement "stop" command, and allow tincctl to retrieve a running tincd's PID. 2007-05-19 15:21:26 +00:00
Guus Sliepen
e9043e17c7 Move key generation to tincctl. 2007-05-19 14:55:35 +00:00
Guus Sliepen
bf8e3ce13d Remove pidfile in favour of control socket. 2007-05-19 14:13:21 +00:00