Home Explore Help
Register Sign In
OWEALs
/
tinc
mirror of https://tinc-vpn.org/git/tinc
2
0
Fork 0
Files Issues 0 Wiki
Branch: master
Branches Tags
tinc
/
src
/
meta.c

meta.c 6.7 KB
Permalink History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258 
  1. /*
    2. 

  2.     meta.c -- handle the meta communication
    3. 

  3.     Copyright (C) 2000-2017 Guus Sliepen <guus@tinc-vpn.org>,
    4. 

  4.                   2000-2005 Ivo Timmermans
    5. 

  5.                   2006      Scott Lamb <slamb@slamb.org>
    6. 

  6. 

  7.     This program is free software; you can redistribute it and/or modify
    8. 

  8.     it under the terms of the GNU General Public License as published by
    9. 

  9.     the Free Software Foundation; either version 2 of the License, or
    10. 

  10.     (at your option) any later version.
    11. 

  11. 

  12.     This program is distributed in the hope that it will be useful,
    13. 

  13.     but WITHOUT ANY WARRANTY; without even the implied warranty of
    14. 

  14.     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    15. 

  15.     GNU General Public License for more details.
    16. 

  16. 

  17.     You should have received a copy of the GNU General Public License along
    18. 

  18.     with this program; if not, write to the Free Software Foundation, Inc.,
    19. 

  19.     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
    20. 

  20. */
    21. 

  21. 

  22. #include "system.h"
    23. 

  23. 

  24. #include <openssl/err.h>
    25. 

  25. #include <openssl/evp.h>
    26. 

  26. 

  27. #include "avl_tree.h"
    28. 

  28. #include "connection.h"
    29. 

  29. #include "logger.h"
    30. 

  30. #include "meta.h"
    31. 

  31. #include "net.h"
    32. 

  32. #include "protocol.h"
    33. 

  33. #include "proxy.h"
    34. 

  34. #include "utils.h"
    35. 

  35. #include "xalloc.h"
    36. 

  36. 

  37. bool send_meta(connection_t *c, const char *buffer, int length) {
    38. 

  38. 	int outlen;
    39. 

  39. 	int result;
    40. 

  40. 

  41. 	ifdebug(META) logger(LOG_DEBUG, "Sending %d bytes of metadata to %s (%s)", length,
    42. 

  42. 	                     c->name, c->hostname);
    43. 

  43. 

  44. 	if(!c->outbuflen) {
    45. 

  45. 		c->last_flushed_time = now;
    46. 

  46. 	}
    47. 

  47. 

  48. 	/* Find room in connection's buffer */
    49. 

  49. 	if(length + c->outbuflen > c->outbufsize) {
    50. 

  50. 		c->outbufsize = length + c->outbuflen;
    51. 

  51. 		c->outbuf = xrealloc(c->outbuf, c->outbufsize);
    52. 

  52. 	}
    53. 

  53. 

  54. 	if(length + c->outbuflen + c->outbufstart > c->outbufsize) {
    55. 

  55. 		memmove(c->outbuf, c->outbuf + c->outbufstart, c->outbuflen);
    56. 

  56. 		c->outbufstart = 0;
    57. 

  57. 	}
    58. 

  58. 

  59. 	/* Add our data to buffer */
    60. 

  60. 	if(c->status.encryptout) {
    61. 

  61. 		/* Check encryption limits */
    62. 

  62. 		if((uint64_t)length > c->outbudget) {
    63. 

  63. 			ifdebug(META) logger(LOG_ERR, "Byte limit exceeded for encryption to %s (%s)", c->name, c->hostname);
    64. 

  64. 			return false;
    65. 

  65. 		} else {
    66. 

  66. 			c->outbudget -= length;
    67. 

  67. 		}
    68. 

  68. 

  69. 		result = EVP_EncryptUpdate(c->outctx, (unsigned char *)c->outbuf + c->outbufstart + c->outbuflen,
    70. 

  70. 		                           &outlen, (unsigned char *)buffer, length);
    71. 

  71. 

  72. 		if(!result || outlen < length) {
    73. 

  73. 			logger(LOG_ERR, "Error while encrypting metadata to %s (%s): %s",
    74. 

  74. 			       c->name, c->hostname, ERR_error_string(ERR_get_error(), NULL));
    75. 

  75. 			return false;
    76. 

  76. 		} else if(outlen > length) {
    77. 

  77. 			logger(LOG_EMERG, "Encrypted data too long! Heap corrupted!");
    78. 

  78. 			abort();
    79. 

  79. 		}
    80. 

  80. 

  81. 		c->outbuflen += outlen;
    82. 

  82. 	} else {
    83. 

  83. 		memcpy(c->outbuf + c->outbufstart + c->outbuflen, buffer, length);
    84. 

  84. 		c->outbuflen += length;
    85. 

  85. 	}
    86. 

  86. 

  87. 	return true;
    88. 

  88. }
    89. 

  89. 

  90. bool flush_meta(connection_t *c) {
    91. 

  91. 	int result;
    92. 

  92. 

  93. 	ifdebug(META) logger(LOG_DEBUG, "Flushing %d bytes to %s (%s)",
    94. 

  94. 	                     c->outbuflen, c->name, c->hostname);
    95. 

  95. 

  96. 	while(c->outbuflen) {
    97. 

  97. 		result = send(c->socket, c->outbuf + c->outbufstart, c->outbuflen, 0);
    98. 

  98. 

  99. 		if(result <= 0) {
    100. 

  100. 			if(!errno || errno == EPIPE) {
    101. 

  101. 				ifdebug(CONNECTIONS) logger(LOG_NOTICE, "Connection closed by %s (%s)",
    102. 

  102. 				                            c->name, c->hostname);
    103. 

  103. 			} else if(errno == EINTR) {
    104. 

  104. 				continue;
    105. 

  105. 			} else if(sockwouldblock(sockerrno)) {
    106. 

  106. 				ifdebug(META) logger(LOG_DEBUG, "Flushing %d bytes to %s (%s) would block",
    107. 

  107. 				                     c->outbuflen, c->name, c->hostname);
    108. 

  108. 				return true;
    109. 

  109. 			} else {
    110. 

  110. 				logger(LOG_ERR, "Flushing meta data to %s (%s) failed: %s", c->name,
    111. 

  111. 				       c->hostname, sockstrerror(sockerrno));
    112. 

  112. 			}
    113. 

  113. 

  114. 			return false;
    115. 

  115. 		}
    116. 

  116. 

  117. 		c->outbufstart += result;
    118. 

  118. 		c->outbuflen -= result;
    119. 

  119. 	}
    120. 

  120. 

  121. 	c->outbufstart = 0; /* avoid unnecessary memmoves */
    122. 

  122. 	return true;
    123. 

  123. }
    124. 

  124. 

  125. void broadcast_meta(connection_t *from, const char *buffer, int length) {
    126. 

  126. 	avl_node_t *node;
    127. 

  127. 	connection_t *c;
    128. 

  128. 

  129. 	for(node = connection_tree->head; node; node = node->next) {
    130. 

  130. 		c = node->data;
    131. 

  131. 

  132. 		if(c != from && c->status.active) {
    133. 

  133. 			send_meta(c, buffer, length);
    134. 

  134. 		}
    135. 

  135. 	}
    136. 

  136. }
    137. 

  137. 

  138. bool receive_meta(connection_t *c) {
    139. 

  139. 	int oldlen, i, result;
    140. 

  140. 	int lenin, lenout, reqlen;
    141. 

  141. 	bool decrypted = false;
    142. 

  142. 	char inbuf[MAXBUFSIZE];
    143. 

  143. 

  144. 	/* Strategy:
    145. 

  145. 	   - Read as much as possible from the TCP socket in one go.
    146. 

  146. 	   - Decrypt it.
    147. 

  147. 	   - Check if a full request is in the input buffer.
    148. 

  148. 	   - If yes, process request and remove it from the buffer,
    149. 

  149. 	   then check again.
    150. 

  150. 	   - If not, keep stuff in buffer and exit.
    151. 

  151. 	 */
    152. 

  152. 

  153. 	lenin = recv(c->socket, c->buffer + c->buflen, MAXBUFSIZE - c->buflen, 0);
    154. 

  154. 

  155. 	if(lenin <= 0) {
    156. 

  156. 		if(!lenin || !errno) {
    157. 

  157. 			ifdebug(CONNECTIONS) logger(LOG_NOTICE, "Connection closed by %s (%s)",
    158. 

  158. 			                            c->name, c->hostname);
    159. 

  159. 		} else if(sockwouldblock(sockerrno)) {
    160. 

  160. 			return true;
    161. 

  161. 		} else
    162. 

  162. 			logger(LOG_ERR, "Metadata socket read error for %s (%s): %s",
    163. 

  163. 			       c->name, c->hostname, sockstrerror(sockerrno));
    164. 

  164. 

  165. 		return false;
    166. 

  166. 	}
    167. 

  167. 

  168. 	oldlen = c->buflen;
    169. 

  169. 	c->buflen += lenin;
    170. 

  170. 

  171. 	while(lenin > 0) {
    172. 

  172. 		reqlen = 0;
    173. 

  173. 

  174. 		/* Is it proxy metadata? */
    175. 

  175. 

  176. 		if(c->allow_request == PROXY) {
    177. 

  177. 			reqlen = receive_proxy_meta(c);
    178. 

  178. 

  179. 			if(reqlen < 0) {
    180. 

  180. 				return false;
    181. 

  181. 			}
    182. 

  182. 

  183. 			goto consume;
    184. 

  184. 		}
    185. 

  185. 

  186. 		/* Decrypt */
    187. 

  187. 

  188. 		if(c->status.decryptin && !decrypted) {
    189. 

  189. 			/* Check decryption limits */
    190. 

  190. 			if((uint64_t)lenin > c->inbudget) {
    191. 

  191. 				ifdebug(META) logger(LOG_ERR, "Byte limit exceeded for decryption from %s (%s)", c->name, c->hostname);
    192. 

  192. 				return false;
    193. 

  193. 			} else {
    194. 

  194. 				c->inbudget -= lenin;
    195. 

  195. 			}
    196. 

  196. 

  197. 			result = EVP_DecryptUpdate(c->inctx, (unsigned char *)inbuf, &lenout, (unsigned char *)c->buffer + oldlen, lenin);
    198. 

  198. 

  199. 			if(!result || lenout != lenin) {
    200. 

  200. 				logger(LOG_ERR, "Error while decrypting metadata from %s (%s): %s",
    201. 

  201. 				       c->name, c->hostname, ERR_error_string(ERR_get_error(), NULL));
    202. 

  202. 				return false;
    203. 

  203. 			}
    204. 

  204. 

  205. 			memcpy(c->buffer + oldlen, inbuf, lenin);
    206. 

  206. 			decrypted = true;
    207. 

  207. 		}
    208. 

  208. 

  209. 		/* Are we receiving a TCPpacket? */
    210. 

  210. 

  211. 		if(c->tcplen) {
    212. 

  212. 			if(c->tcplen <= c->buflen) {
    213. 

  213. 				if(c->allow_request != ALL) {
    214. 

  214. 					logger(LOG_ERR, "Got unauthorized TCP packet from %s (%s)", c->name, c->hostname);
    215. 

  215. 					return false;
    216. 

  216. 				}
    217. 

  217. 

  218. 				receive_tcppacket(c, c->buffer, c->tcplen);
    219. 

  219. 				reqlen = c->tcplen;
    220. 

  220. 				c->tcplen = 0;
    221. 

  221. 			}
    222. 

  222. 		} else {
    223. 

  223. 			/* Otherwise we are waiting for a request */
    224. 

  224. 

  225. 			for(i = oldlen; i < c->buflen; i++) {
    226. 

  226. 				if(c->buffer[i] == '\n') {
    227. 

  227. 					c->buffer[i] = '\0';    /* replace end-of-line by end-of-string so we can use sscanf */
    228. 

  228. 					c->reqlen = reqlen = i + 1;
    229. 

  229. 					break;
    230. 

  230. 				}
    231. 

  231. 			}
    232. 

  232. 

  233. 			if(reqlen && !receive_request(c)) {
    234. 

  234. 				return false;
    235. 

  235. 			}
    236. 

  236. 		}
    237. 

  237. 

  238. consume:
    239. 

  239. 

  240. 		if(reqlen) {
    241. 

  241. 			c->buflen -= reqlen;
    242. 

  242. 			lenin -= reqlen - oldlen;
    243. 

  243. 			memmove(c->buffer, c->buffer + reqlen, c->buflen);
    244. 

  244. 			oldlen = 0;
    245. 

  245. 			continue;
    246. 

  246. 		} else {
    247. 

  247. 			break;
    248. 

  248. 		}
    249. 

  249. 	}
    250. 

  250. 

  251. 	if(c->buflen >= MAXBUFSIZE) {
    252. 

  252. 		logger(LOG_ERR, "Metadata read buffer overflow for %s (%s)",
    253. 

  253. 		       c->name, c->hostname);
    254. 

  254. 		return false;
    255. 

  255. 	}
    256. 

  256. 

  257. 	return true;
    258. 

  258. }
    259.