tinc/src/invitation.c
Guus Sliepen 7f96ef081d Fix check for LOCALSTATEDIR accessibility for the CLI.
The CLI does not need write access to the directory where the PID file
is stored, it just needs to be able to read the PID file.
2015-05-20 11:11:12 +02:00

1010 lines
23 KiB
C

/*
invitation.c -- Create and accept invitations
Copyright (C) 2013-2015 Guus Sliepen <guus@tinc-vpn.org>
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License along
with this program; if not, write to the Free Software Foundation, Inc.,
51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
#include "system.h"
#include "control_common.h"
#include "crypto.h"
#include "ecdsa.h"
#include "ecdsagen.h"
#include "invitation.h"
#include "names.h"
#include "netutl.h"
#include "rsagen.h"
#include "script.h"
#include "sptps.h"
#include "tincctl.h"
#include "utils.h"
#include "xalloc.h"
#include "ed25519/sha512.h"
int addressfamily = AF_UNSPEC;
static void scan_for_hostname(const char *filename, char **hostname, char **port) {
if(!filename || (*hostname && *port))
return;
FILE *f = fopen(filename, "r");
if(!f)
return;
while(fgets(line, sizeof line, f)) {
if(!rstrip(line))
continue;
char *p = line, *q;
p += strcspn(p, "\t =");
if(!*p)
continue;
q = p + strspn(p, "\t ");
if(*q == '=')
q += 1 + strspn(q + 1, "\t ");
*p = 0;
p = q + strcspn(q, "\t ");
if(*p)
*p++ = 0;
p += strspn(p, "\t ");
p[strcspn(p, "\t ")] = 0;
if(!*port && !strcasecmp(line, "Port")) {
*port = xstrdup(q);
} else if(!*hostname && !strcasecmp(line, "Address")) {
*hostname = xstrdup(q);
if(*p) {
free(*port);
*port = xstrdup(p);
}
}
if(*hostname && *port)
break;
}
fclose(f);
}
char *get_my_hostname() {
char *hostname = NULL;
char *port = NULL;
char *hostport = NULL;
char *name = get_my_name(false);
char filename[PATH_MAX];
// Use first Address statement in own host config file
if(check_id(name)) {
snprintf(filename, sizeof filename, "%s" SLASH "hosts" SLASH "%s", confbase, name);
scan_for_hostname(filename, &hostname, &port);
scan_for_hostname(tinc_conf, &hostname, &port);
}
if(hostname)
goto done;
// If that doesn't work, guess externally visible hostname
fprintf(stderr, "Trying to discover externally visible hostname...\n");
struct addrinfo *ai = str2addrinfo("tinc-vpn.org", "80", SOCK_STREAM);
struct addrinfo *aip = ai;
static const char request[] = "GET http://tinc-vpn.org/host.cgi HTTP/1.0\r\n\r\n";
while(aip) {
int s = socket(aip->ai_family, aip->ai_socktype, aip->ai_protocol);
if(s >= 0) {
if(connect(s, aip->ai_addr, aip->ai_addrlen)) {
closesocket(s);
s = -1;
}
}
if(s >= 0) {
send(s, request, sizeof request - 1, 0);
int len = recv(s, line, sizeof line - 1, MSG_WAITALL);
if(len > 0) {
line[len] = 0;
if(line[len - 1] == '\n')
line[--len] = 0;
char *p = strrchr(line, '\n');
if(p && p[1])
hostname = xstrdup(p + 1);
}
closesocket(s);
if(hostname)
break;
}
aip = aip->ai_next;
continue;
}
if(ai)
freeaddrinfo(ai);
// Check that the hostname is reasonable
if(hostname) {
for(char *p = hostname; *p; p++) {
if(isalnum(*p) || *p == '-' || *p == '.' || *p == ':')
continue;
// If not, forget it.
free(hostname);
hostname = NULL;
break;
}
}
if(!tty) {
if(!hostname) {
fprintf(stderr, "Could not determine the external address or hostname. Please set Address manually.\n");
return NULL;
}
goto save;
}
again:
fprintf(stderr, "Please enter your host's external address or hostname");
if(hostname)
fprintf(stderr, " [%s]", hostname);
fprintf(stderr, ": ");
if(!fgets(line, sizeof line, stdin)) {
fprintf(stderr, "Error while reading stdin: %s\n", strerror(errno));
free(hostname);
return NULL;
}
if(!rstrip(line)) {
if(hostname)
goto save;
else
goto again;
}
for(char *p = line; *p; p++) {
if(isalnum(*p) || *p == '-' || *p == '.')
continue;
fprintf(stderr, "Invalid address or hostname.\n");
goto again;
}
free(hostname);
hostname = xstrdup(line);
save:
if(filename) {
FILE *f = fopen(filename, "a");
if(f) {
fprintf(f, "\nAddress = %s\n", hostname);
fclose(f);
} else {
fprintf(stderr, "Could not append Address to %s: %s\n", filename, strerror(errno));
}
}
done:
if(port) {
if(strchr(hostname, ':'))
xasprintf(&hostport, "[%s]:%s", hostname, port);
else
xasprintf(&hostport, "%s:%s", hostname, port);
} else {
if(strchr(hostname, ':'))
xasprintf(&hostport, "[%s]", hostname);
else
hostport = xstrdup(hostname);
}
free(hostname);
free(port);
return hostport;
}
static bool fcopy(FILE *out, const char *filename) {
FILE *in = fopen(filename, "r");
if(!in) {
fprintf(stderr, "Could not open %s: %s\n", filename, strerror(errno));
return false;
}
char buf[1024];
size_t len;
while((len = fread(buf, 1, sizeof buf, in)))
fwrite(buf, len, 1, out);
fclose(in);
return true;
}
int cmd_invite(int argc, char *argv[]) {
if(argc < 2) {
fprintf(stderr, "Not enough arguments!\n");
return 1;
}
// Check validity of the new node's name
if(!check_id(argv[1])) {
fprintf(stderr, "Invalid name for node.\n");
return 1;
}
char *myname = get_my_name(true);
if(!myname)
return 1;
// Ensure no host configuration file with that name exists
char filename[PATH_MAX];
snprintf(filename, sizeof filename, "%s" SLASH "hosts" SLASH "%s", confbase, argv[1]);
if(!access(filename, F_OK)) {
fprintf(stderr, "A host config file for %s already exists!\n", argv[1]);
return 1;
}
// If a daemon is running, ensure no other nodes know about this name
bool found = false;
if(connect_tincd(false)) {
sendline(fd, "%d %d", CONTROL, REQ_DUMP_NODES);
while(recvline(fd, line, sizeof line)) {
char node[4096];
int code, req;
if(sscanf(line, "%d %d %s", &code, &req, node) != 3)
break;
if(!strcmp(node, argv[1]))
found = true;
}
if(found) {
fprintf(stderr, "A node with name %s is already known!\n", argv[1]);
return 1;
}
}
snprintf(filename, sizeof filename, "%s" SLASH "invitations", confbase);
if(mkdir(filename, 0700) && errno != EEXIST) {
fprintf(stderr, "Could not create directory %s: %s\n", filename, strerror(errno));
return 1;
}
// Count the number of valid invitations, clean up old ones
DIR *dir = opendir(filename);
if(!dir) {
fprintf(stderr, "Could not read directory %s: %s\n", filename, strerror(errno));
return 1;
}
errno = 0;
int count = 0;
struct dirent *ent;
time_t deadline = time(NULL) - 604800; // 1 week in the past
while((ent = readdir(dir))) {
if(strlen(ent->d_name) != 24)
continue;
char invname[PATH_MAX];
struct stat st;
snprintf(invname, sizeof invname, "%s" SLASH "%s", filename, ent->d_name);
if(!stat(invname, &st)) {
if(deadline < st.st_mtime)
count++;
else
unlink(invname);
} else {
fprintf(stderr, "Could not stat %s: %s\n", invname, strerror(errno));
errno = 0;
}
}
closedir(dir);
if(errno) {
fprintf(stderr, "Error while reading directory %s: %s\n", filename, strerror(errno));
return 1;
}
ecdsa_t *key;
snprintf(filename, sizeof filename, "%s" SLASH "invitations" SLASH "ed25519_key.priv", confbase);
// Remove the key if there are no outstanding invitations.
if(!count)
unlink(filename);
// Create a new key if necessary.
FILE *f = fopen(filename, "r");
if(!f) {
if(errno != ENOENT) {
fprintf(stderr, "Could not read %s: %s\n", filename, strerror(errno));
return 1;
}
key = ecdsa_generate();
if(!key)
return 1;
f = fopen(filename, "w");
if(!f) {
fprintf(stderr, "Could not write %s: %s\n", filename, strerror(errno));
return 1;
}
chmod(filename, 0600);
ecdsa_write_pem_private_key(key, f);
fclose(f);
if(connect_tincd(false))
sendline(fd, "%d %d", CONTROL, REQ_RELOAD);
} else {
key = ecdsa_read_pem_private_key(f);
fclose(f);
if(!key)
fprintf(stderr, "Could not read private key from %s\n", filename);
}
if(!key)
return 1;
// Create a hash of the key.
char hash[64];
char *fingerprint = ecdsa_get_base64_public_key(key);
sha512(fingerprint, strlen(fingerprint), hash);
b64encode_urlsafe(hash, hash, 18);
// Create a random cookie for this invitation.
char cookie[25];
randomize(cookie, 18);
// Create a filename that doesn't reveal the cookie itself
char buf[18 + strlen(fingerprint)];
char cookiehash[64];
memcpy(buf, cookie, 18);
memcpy(buf + 18, fingerprint, sizeof buf - 18);
sha512(buf, sizeof buf, cookiehash);
b64encode_urlsafe(cookiehash, cookiehash, 18);
b64encode_urlsafe(cookie, cookie, 18);
// Create a file containing the details of the invitation.
snprintf(filename, sizeof filename, "%s" SLASH "invitations" SLASH "%s", confbase, cookiehash);
int ifd = open(filename, O_RDWR | O_CREAT | O_EXCL, 0600);
if(!ifd) {
fprintf(stderr, "Could not create invitation file %s: %s\n", filename, strerror(errno));
return 1;
}
f = fdopen(ifd, "w");
if(!f)
abort();
// Get the local address
char *address = get_my_hostname();
// Fill in the details.
fprintf(f, "Name = %s\n", argv[1]);
if(netname)
fprintf(f, "NetName = %s\n", netname);
fprintf(f, "ConnectTo = %s\n", myname);
// Copy Broadcast and Mode
FILE *tc = fopen(tinc_conf, "r");
if(tc) {
char buf[1024];
while(fgets(buf, sizeof buf, tc)) {
if((!strncasecmp(buf, "Mode", 4) && strchr(" \t=", buf[4]))
|| (!strncasecmp(buf, "Broadcast", 9) && strchr(" \t=", buf[9]))) {
fputs(buf, f);
// Make sure there is a newline character.
if(!strchr(buf, '\n'))
fputc('\n', f);
}
}
fclose(tc);
}
fprintf(f, "#---------------------------------------------------------------#\n");
fprintf(f, "Name = %s\n", myname);
char filename2[PATH_MAX];
snprintf(filename2, sizeof filename2, "%s" SLASH "hosts" SLASH "%s", confbase, myname);
fcopy(f, filename2);
fclose(f);
// Create an URL from the local address, key hash and cookie
char *url;
xasprintf(&url, "%s/%s%s", address, hash, cookie);
// Call the inviation-created script
char *envp[6] = {};
xasprintf(&envp[0], "NAME=%s", myname);
xasprintf(&envp[1], "NETNAME=%s", netname);
xasprintf(&envp[2], "NODE=%s", argv[1]);
xasprintf(&envp[3], "INVITATION_FILE=%s", filename);
xasprintf(&envp[4], "INVITATION_URL=%s", url);
execute_script("invitation-created", envp);
for(int i = 0; i < 6 && envp[i]; i++)
free(envp[i]);
puts(url);
free(url);
free(address);
return 0;
}
static int sock;
static char cookie[18];
static sptps_t sptps;
static char *data;
static size_t datalen;
static bool success = false;
static char cookie[18], hash[18];
static char *get_line(const char **data) {
if(!data || !*data)
return NULL;
if(!**data) {
*data = NULL;
return NULL;
}
static char line[1024];
const char *end = strchr(*data, '\n');
size_t len = end ? end - *data : strlen(*data);
if(len >= sizeof line) {
fprintf(stderr, "Maximum line length exceeded!\n");
return NULL;
}
if(len && !isprint(**data))
abort();
memcpy(line, *data, len);
line[len] = 0;
if(end)
*data = end + 1;
else
*data = NULL;
return line;
}
static char *get_value(const char *data, const char *var) {
char *line = get_line(&data);
if(!line)
return NULL;
char *sep = line + strcspn(line, " \t=");
char *val = sep + strspn(sep, " \t");
if(*val == '=')
val += 1 + strspn(val + 1, " \t");
*sep = 0;
if(strcasecmp(line, var))
return NULL;
return val;
}
static char *grep(const char *data, const char *var) {
static char value[1024];
const char *p = data;
int varlen = strlen(var);
// Skip all lines not starting with var
while(strncasecmp(p, var, varlen) || !strchr(" \t=", p[varlen])) {
p = strchr(p, '\n');
if(!p)
break;
else
p++;
}
if(!p)
return NULL;
p += varlen;
p += strspn(p, " \t");
if(*p == '=')
p += 1 + strspn(p + 1, " \t");
const char *e = strchr(p, '\n');
if(!e)
return xstrdup(p);
if(e - p >= sizeof value) {
fprintf(stderr, "Maximum line length exceeded!\n");
return NULL;
}
memcpy(value, p, e - p);
value[e - p] = 0;
return value;
}
static bool finalize_join(void) {
char *name = xstrdup(get_value(data, "Name"));
if(!name) {
fprintf(stderr, "No Name found in invitation!\n");
return false;
}
if(!check_id(name)) {
fprintf(stderr, "Invalid Name found in invitation: %s!\n", name);
return false;
}
if(!netname)
netname = grep(data, "NetName");
bool ask_netname = false;
char temp_netname[32];
make_names:
if(!confbasegiven) {
free(confbase);
confbase = NULL;
}
make_names(false);
free(tinc_conf);
free(hosts_dir);
xasprintf(&tinc_conf, "%s" SLASH "tinc.conf", confbase);
xasprintf(&hosts_dir, "%s" SLASH "hosts", confbase);
if(!access(tinc_conf, F_OK)) {
fprintf(stderr, "Configuration file %s already exists!\n", tinc_conf);
if(confbasegiven)
return false;
// Generate a random netname, ask for a better one later.
ask_netname = true;
snprintf(temp_netname, sizeof temp_netname, "join_%x", rand());
netname = temp_netname;
goto make_names;
}
if(mkdir(confbase, 0777) && errno != EEXIST) {
fprintf(stderr, "Could not create directory %s: %s\n", confbase, strerror(errno));
return false;
}
if(mkdir(hosts_dir, 0777) && errno != EEXIST) {
fprintf(stderr, "Could not create directory %s: %s\n", hosts_dir, strerror(errno));
return false;
}
FILE *f = fopen(tinc_conf, "w");
if(!f) {
fprintf(stderr, "Could not create file %s: %s\n", tinc_conf, strerror(errno));
return false;
}
fprintf(f, "Name = %s\n", name);
char filename[PATH_MAX];
snprintf(filename, sizeof filename, "%s" SLASH "%s", hosts_dir, name);
FILE *fh = fopen(filename, "w");
if(!fh) {
fprintf(stderr, "Could not create file %s: %s\n", filename, strerror(errno));
fclose(f);
return false;
}
// Filter first chunk on approved keywords, split between tinc.conf and hosts/Name
// Other chunks go unfiltered to their respective host config files
const char *p = data;
char *l, *value;
while((l = get_line(&p))) {
// Ignore comments
if(*l == '#')
continue;
// Split line into variable and value
int len = strcspn(l, "\t =");
value = l + len;
value += strspn(value, "\t ");
if(*value == '=') {
value++;
value += strspn(value, "\t ");
}
l[len] = 0;
// Is it a Name?
if(!strcasecmp(l, "Name"))
if(strcmp(value, name))
break;
else
continue;
else if(!strcasecmp(l, "NetName"))
continue;
// Check the list of known variables
bool found = false;
int i;
for(i = 0; variables[i].name; i++) {
if(strcasecmp(l, variables[i].name))
continue;
found = true;
break;
}
// Ignore unknown and unsafe variables
if(!found) {
fprintf(stderr, "Ignoring unknown variable '%s' in invitation.\n", l);
continue;
} else if(!(variables[i].type & VAR_SAFE)) {
fprintf(stderr, "Ignoring unsafe variable '%s' in invitation.\n", l);
continue;
}
// Copy the safe variable to the right config file
fprintf(variables[i].type & VAR_HOST ? fh : f, "%s = %s\n", l, value);
}
fclose(f);
while(l && !strcasecmp(l, "Name")) {
if(!check_id(value)) {
fprintf(stderr, "Invalid Name found in invitation.\n");
return false;
}
if(!strcmp(value, name)) {
fprintf(stderr, "Secondary chunk would overwrite our own host config file.\n");
return false;
}
snprintf(filename, sizeof filename, "%s" SLASH "%s", hosts_dir, value);
f = fopen(filename, "w");
if(!f) {
fprintf(stderr, "Could not create file %s: %s\n", filename, strerror(errno));
return false;
}
while((l = get_line(&p))) {
if(!strcmp(l, "#---------------------------------------------------------------#"))
continue;
int len = strcspn(l, "\t =");
if(len == 4 && !strncasecmp(l, "Name", 4)) {
value = l + len;
value += strspn(value, "\t ");
if(*value == '=') {
value++;
value += strspn(value, "\t ");
}
l[len] = 0;
break;
}
fputs(l, f);
fputc('\n', f);
}
fclose(f);
}
// Generate our key and send a copy to the server
ecdsa_t *key = ecdsa_generate();
if(!key)
return false;
char *b64key = ecdsa_get_base64_public_key(key);
if(!b64key)
return false;
snprintf(filename, sizeof filename, "%s" SLASH "ed25519_key.priv", confbase);
f = fopenmask(filename, "w", 0600);
if(!ecdsa_write_pem_private_key(key, f)) {
fprintf(stderr, "Error writing private key!\n");
ecdsa_free(key);
fclose(f);
return false;
}
fclose(f);
fprintf(fh, "Ed25519PublicKey = %s\n", b64key);
sptps_send_record(&sptps, 1, b64key, strlen(b64key));
free(b64key);
ecdsa_free(key);
#ifndef DISABLE_LEGACY
rsa_t *rsa = rsa_generate(2048, 0x1001);
snprintf(filename, sizeof filename, "%s" SLASH "rsa_key.priv", confbase);
f = fopenmask(filename, "w", 0600);
rsa_write_pem_private_key(rsa, f);
fclose(f);
rsa_write_pem_public_key(rsa, fh);
fclose(fh);
rsa_free(rsa);
#endif
check_port(name);
ask_netname:
if(ask_netname && tty) {
fprintf(stderr, "Enter a new netname: ");
if(!fgets(line, sizeof line, stdin)) {
fprintf(stderr, "Error while reading stdin: %s\n", strerror(errno));
return false;
}
if(!*line || *line == '\n')
goto ask_netname;
line[strlen(line) - 1] = 0;
char newbase[PATH_MAX];
snprintf(newbase, sizeof newbase, CONFDIR SLASH "tinc" SLASH "%s", line);
if(rename(confbase, newbase)) {
fprintf(stderr, "Error trying to rename %s to %s: %s\n", confbase, newbase, strerror(errno));
goto ask_netname;
}
netname = line;
make_names(false);
}
fprintf(stderr, "Configuration stored in: %s\n", confbase);
return true;
}
static bool invitation_send(void *handle, uint8_t type, const void *data, size_t len) {
while(len) {
int result = send(sock, data, len, 0);
if(result == -1 && errno == EINTR)
continue;
else if(result <= 0)
return false;
data += result;
len -= result;
}
return true;
}
static bool invitation_receive(void *handle, uint8_t type, const void *msg, uint16_t len) {
switch(type) {
case SPTPS_HANDSHAKE:
return sptps_send_record(&sptps, 0, cookie, sizeof cookie);
case 0:
data = xrealloc(data, datalen + len + 1);
memcpy(data + datalen, msg, len);
datalen += len;
data[datalen] = 0;
break;
case 1:
return finalize_join();
case 2:
fprintf(stderr, "Invitation succesfully accepted.\n");
shutdown(sock, SHUT_RDWR);
success = true;
break;
default:
return false;
}
return true;
}
int cmd_join(int argc, char *argv[]) {
free(data);
data = NULL;
datalen = 0;
if(argc > 2) {
fprintf(stderr, "Too many arguments!\n");
return 1;
}
// Make sure confbase exists and is accessible.
if(!confbase_given && mkdir(confdir, 0755) && errno != EEXIST) {
fprintf(stderr, "Could not create directory %s: %s\n", confdir, strerror(errno));
return 1;
}
if(mkdir(confbase, 0777) && errno != EEXIST) {
fprintf(stderr, "Could not create directory %s: %s\n", confbase, strerror(errno));
return 1;
}
if(access(confbase, R_OK | W_OK | X_OK)) {
fprintf(stderr, "No permission to write in directory %s: %s\n", confbase, strerror(errno));
return 1;
}
// If a netname or explicit configuration directory is specified, check for an existing tinc.conf.
if((netname || confbasegiven) && !access(tinc_conf, F_OK)) {
fprintf(stderr, "Configuration file %s already exists!\n", tinc_conf);
return 1;
}
// Either read the invitation from the command line or from stdin.
char *invitation;
if(argc > 1) {
invitation = argv[1];
} else {
if(tty)
fprintf(stderr, "Enter invitation URL: ");
errno = EPIPE;
if(!fgets(line, sizeof line, stdin)) {
fprintf(stderr, "Error while reading stdin: %s\n", strerror(errno));
return false;
}
invitation = line;
}
// Parse the invitation URL.
rstrip(line);
char *slash = strchr(invitation, '/');
if(!slash)
goto invalid;
*slash++ = 0;
if(strlen(slash) != 48)
goto invalid;
char *address = invitation;
char *port = NULL;
if(*address == '[') {
address++;
char *bracket = strchr(address, ']');
if(!bracket)
goto invalid;
*bracket = 0;
if(bracket[1] == ':')
port = bracket + 2;
} else {
port = strchr(address, ':');
if(port)
*port++ = 0;
}
if(!port || !*port)
port = "655";
if(!b64decode(slash, hash, 24) || !b64decode(slash + 24, cookie, 24))
goto invalid;
// Generate a throw-away key for the invitation.
ecdsa_t *key = ecdsa_generate();
if(!key)
return 1;
char *b64key = ecdsa_get_base64_public_key(key);
// Connect to the tinc daemon mentioned in the URL.
struct addrinfo *ai = str2addrinfo(address, port, SOCK_STREAM);
if(!ai)
return 1;
struct addrinfo *aip = NULL;
next:
if(!aip)
aip = ai;
else {
aip = aip->ai_next;
if(!aip)
return 1;
}
sock = socket(aip->ai_family, aip->ai_socktype, aip->ai_protocol);
if(sock <= 0) {
fprintf(stderr, "Could not open socket: %s\n", strerror(errno));
goto next;
}
if(connect(sock, aip->ai_addr, aip->ai_addrlen)) {
char *addrstr, *portstr;
sockaddr2str((sockaddr_t *)aip->ai_addr, &addrstr, &portstr);
fprintf(stderr, "Could not connect to %s port %s: %s\n", addrstr, portstr, strerror(errno));
free(addrstr);
free(portstr);
closesocket(sock);
goto next;
}
fprintf(stderr, "Connected to %s port %s...\n", address, port);
// Tell him we have an invitation, and give him our throw-away key.
int len = snprintf(line, sizeof line, "0 ?%s %d.%d\n", b64key, PROT_MAJOR, PROT_MINOR);
if(len <= 0 || len >= sizeof line)
abort();
if(!sendline(sock, "0 ?%s %d.%d", b64key, PROT_MAJOR, 1)) {
fprintf(stderr, "Error sending request to %s port %s: %s\n", address, port, strerror(errno));
closesocket(sock);
goto next;
}
char hisname[4096] = "";
int code, hismajor, hisminor = 0;
if(!recvline(sock, line, sizeof line) || sscanf(line, "%d %s %d.%d", &code, hisname, &hismajor, &hisminor) < 3 || code != 0 || hismajor != PROT_MAJOR || !check_id(hisname) || !recvline(sock, line, sizeof line) || !rstrip(line) || sscanf(line, "%d ", &code) != 1 || code != ACK || strlen(line) < 3) {
fprintf(stderr, "Cannot read greeting from peer\n");
closesocket(sock);
goto next;
}
// Check if the hash of the key he gave us matches the hash in the URL.
char *fingerprint = line + 2;
char hishash[64];
if(sha512(fingerprint, strlen(fingerprint), hishash)) {
fprintf(stderr, "Could not create digest\n%s\n", line + 2);
return 1;
}
if(memcmp(hishash, hash, 18)) {
fprintf(stderr, "Peer has an invalid key!\n%s\n", line + 2);
return 1;
}
ecdsa_t *hiskey = ecdsa_set_base64_public_key(fingerprint);
if(!hiskey)
return 1;
// Start an SPTPS session
if(!sptps_start(&sptps, NULL, true, false, key, hiskey, "tinc invitation", 15, invitation_send, invitation_receive))
return 1;
// Feed rest of input buffer to SPTPS
if(!sptps_receive_data(&sptps, buffer, blen))
return 1;
while((len = recv(sock, line, sizeof line, 0))) {
if(len < 0) {
if(errno == EINTR)
continue;
fprintf(stderr, "Error reading data from %s port %s: %s\n", address, port, strerror(errno));
return 1;
}
char *p = line;
while(len) {
int done = sptps_receive_data(&sptps, p, len);
if(!done)
return 1;
len -= done;
p += done;
}
}
sptps_stop(&sptps);
ecdsa_free(hiskey);
ecdsa_free(key);
closesocket(sock);
if(!success) {
fprintf(stderr, "Connection closed by peer, invitation cancelled.\n");
return 1;
}
return 0;
invalid:
fprintf(stderr, "Invalid invitation URL.\n");
return 1;
}