git.tinc-vpn.org Git - tinc/blob - src/meta.c

   1 /*
   2     meta.c -- handle the meta communication
   3     Copyright (C) 2000-2014 Guus Sliepen <guus@tinc-vpn.org>,
   4                   2000-2005 Ivo Timmermans
   5                   2006      Scott Lamb <slamb@slamb.org>
   6
   7     This program is free software; you can redistribute it and/or modify
   8     it under the terms of the GNU General Public License as published by
   9     the Free Software Foundation; either version 2 of the License, or
  10     (at your option) any later version.
  11
  12     This program is distributed in the hope that it will be useful,
  13     but WITHOUT ANY WARRANTY; without even the implied warranty of
  14     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  15     GNU General Public License for more details.
  16
  17     You should have received a copy of the GNU General Public License along
  18     with this program; if not, write to the Free Software Foundation, Inc.,
  19     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
  20 */
  21
  22 #include "system.h"
  23
  24 #include "cipher.h"
  25 #include "connection.h"
  26 #include "logger.h"
  27 #include "meta.h"
  28 #include "net.h"
  29 #include "protocol.h"
  30 #include "utils.h"
  31 #include "xalloc.h"
  32
  33 #ifndef MIN
  34 #define MIN(x, y) (((x)<(y))?(x):(y))
  35 #endif
  36
  37 bool send_meta_sptps(void *handle, uint8_t type, const void *buffer, size_t length) {
  38         connection_t *c = handle;
  39
  40         if(!c) {
  41                 logger(DEBUG_ALWAYS, LOG_ERR, "send_meta_sptps() called with NULL pointer!");
  42                 abort();
  43         }
  44
  45         buffer_add(&c->outbuf, buffer, length);
  46         io_set(&c->io, IO_READ | IO_WRITE);
  47
  48         return true;
  49 }
  50
  51 bool send_meta(connection_t *c, const char *buffer, int length) {
  52         if(!c) {
  53                 logger(DEBUG_ALWAYS, LOG_ERR, "send_meta() called with NULL pointer!");
  54                 abort();
  55         }
  56
  57         logger(DEBUG_META, LOG_DEBUG, "Sending %d bytes of metadata to %s (%s)", length,
  58                            c->name, c->hostname);
  59
  60         if(c->protocol_minor >= 2)
  61                 return sptps_send_record(&c->sptps, 0, buffer, length);
  62
  63         /* Add our data to buffer */
  64         if(c->status.encryptout) {
  65 #ifdef DISABLE_LEGACY
  66                 return false;
  67 #else
  68                 size_t outlen = length;
  69
  70                 if(!cipher_encrypt(c->outcipher, buffer, length, buffer_prepare(&c->outbuf, length), &outlen, false) || outlen != length) {
  71                         logger(DEBUG_ALWAYS, LOG_ERR, "Error while encrypting metadata to %s (%s)",
  72                                         c->name, c->hostname);
  73                         return false;
  74                 }
  75 #endif
  76         } else {
  77                 buffer_add(&c->outbuf, buffer, length);
  78         }
  79
  80         io_set(&c->io, IO_READ | IO_WRITE);
  81
  82         return true;
  83 }
  84
  85 void send_meta_raw(connection_t *c, const char *buffer, int length) {
  86         if(!c) {
  87                 logger(DEBUG_ALWAYS, LOG_ERR, "send_meta() called with NULL pointer!");
  88                 abort();
  89         }
  90
  91         logger(DEBUG_META, LOG_DEBUG, "Sending %d bytes of raw metadata to %s (%s)", length,
  92                            c->name, c->hostname);
  93
  94         buffer_add(&c->outbuf, buffer, length);
  95
  96         io_set(&c->io, IO_READ | IO_WRITE);
  97 }
  98
  99 void broadcast_meta(connection_t *from, const char *buffer, int length) {
 100         for list_each(connection_t, c, connection_list)
 101                 if(c != from && c->edge)
 102                         send_meta(c, buffer, length);
 103 }
 104
 105 bool receive_meta_sptps(void *handle, uint8_t type, const void *vdata, uint16_t length) {
 106         const char *data = vdata;
 107         connection_t *c = handle;
 108
 109         if(!c) {
 110                 logger(DEBUG_ALWAYS, LOG_ERR, "receive_meta_sptps() called with NULL pointer!");
 111                 abort();
 112         }
 113
 114         if(type == SPTPS_HANDSHAKE) {
 115                 if(c->allow_request == ACK)
 116                         return send_ack(c);
 117                 else
 118                         return true;
 119         }
 120
 121         if(!data)
 122                 return true;
 123
 124         /* Are we receiving a TCPpacket? */
 125
 126         if(c->tcplen) {
 127                 if(length != c->tcplen)
 128                         return false;
 129                 receive_tcppacket(c, data, length);
 130                 c->tcplen = 0;
 131                 return true;
 132         }
 133
 134         /* Change newline to null byte, just like non-SPTPS requests */
 135
 136         if(data[length - 1] == '\n')
 137                 ((char *)data)[length - 1] = 0;
 138
 139         /* Otherwise we are waiting for a request */
 140
 141         return receive_request(c, data);
 142 }
 143
 144 bool receive_meta(connection_t *c) {
 145         int inlen;
 146         char inbuf[MAXBUFSIZE];
 147         char *bufp = inbuf, *endp;
 148
 149         /* Strategy:
 150            - Read as much as possible from the TCP socket in one go.
 151            - Decrypt it.
 152            - Check if a full request is in the input buffer.
 153            - If yes, process request and remove it from the buffer,
 154            then check again.
 155            - If not, keep stuff in buffer and exit.
 156          */
 157
 158         buffer_compact(&c->inbuf, MAXBUFSIZE);
 159
 160         if(sizeof inbuf <= c->inbuf.len) {
 161                 logger(DEBUG_ALWAYS, LOG_ERR, "Input buffer full for %s (%s)", c->name, c->hostname);
 162                 return false;
 163         }
 164
 165         inlen = recv(c->socket, inbuf, sizeof inbuf - c->inbuf.len, 0);
 166
 167         if(inlen <= 0) {
 168                 if(!inlen || !sockerrno) {
 169                         logger(DEBUG_CONNECTIONS, LOG_NOTICE, "Connection closed by %s (%s)",
 170                                            c->name, c->hostname);
 171                 } else if(sockwouldblock(sockerrno))
 172                         return true;
 173                 else
 174                         logger(DEBUG_ALWAYS, LOG_ERR, "Metadata socket read error for %s (%s): %s",
 175                                    c->name, c->hostname, sockstrerror(sockerrno));
 176                 return false;
 177         }
 178
 179         do {
 180                 /* Are we receiving a SPTPS packet? */
 181
 182                 if(c->sptpslen) {
 183                         int len = MIN(inlen, c->sptpslen - c->inbuf.len);
 184                         buffer_add(&c->inbuf, bufp, len);
 185
 186                         char *sptpspacket = buffer_read(&c->inbuf, c->sptpslen);
 187                         if(!sptpspacket)
 188                                 return true;
 189
 190                         if(!receive_tcppacket_sptps(c, sptpspacket, c->sptpslen))
 191                                 return false;
 192                         c->sptpslen = 0;
 193
 194                         bufp += len;
 195                         inlen -= len;
 196                         continue;
 197                 }
 198
 199                 if(c->protocol_minor >= 2) {
 200                         int len = sptps_receive_data(&c->sptps, bufp, inlen);
 201                         if(!len)
 202                                 return false;
 203                         bufp += len;
 204                         inlen -= len;
 205                         continue;
 206                 }
 207
 208                 if(!c->status.decryptin) {
 209                         endp = memchr(bufp, '\n', inlen);
 210                         if(endp)
 211                                 endp++;
 212                         else
 213                                 endp = bufp + inlen;
 214
 215                         buffer_add(&c->inbuf, bufp, endp - bufp);
 216
 217                         inlen -= endp - bufp;
 218                         bufp = endp;
 219                 } else {
 220 #ifdef DISABLE_LEGACY
 221                         return false;
 222 #else
 223                         size_t outlen = inlen;
 224
 225                         if(!cipher_decrypt(c->incipher, bufp, inlen, buffer_prepare(&c->inbuf, inlen), &outlen, false) || inlen != outlen) {
 226                                 logger(DEBUG_ALWAYS, LOG_ERR, "Error while decrypting metadata from %s (%s)",
 227                                            c->name, c->hostname);
 228                                 return false;
 229                         }
 230
 231                         inlen = 0;
 232 #endif
 233                 }
 234
 235                 while(c->inbuf.len) {
 236                         /* Are we receiving a TCPpacket? */
 237
 238                         if(c->tcplen) {
 239                                 char *tcpbuffer = buffer_read(&c->inbuf, c->tcplen);
 240                                 if(!tcpbuffer)
 241                                         break;
 242
 243                                 if(!c->node) {
 244                                         if(c->outgoing && proxytype == PROXY_SOCKS4 && c->allow_request == ID) {
 245                                                 if(tcpbuffer[0] == 0 && tcpbuffer[1] == 0x5a) {
 246                                                         logger(DEBUG_CONNECTIONS, LOG_DEBUG, "Proxy request granted");
 247                                                 } else {
 248                                                         logger(DEBUG_CONNECTIONS, LOG_ERR, "Proxy request rejected");
 249                                                         return false;
 250                                                 }
 251                                         } else if(c->outgoing && proxytype == PROXY_SOCKS5 && c->allow_request == ID) {
 252                                                 if(tcpbuffer[0] != 5) {
 253                                                         logger(DEBUG_CONNECTIONS, LOG_ERR, "Invalid response from proxy server");
 254                                                         return false;
 255                                                 }
 256                                                 if(tcpbuffer[1] == (char)0xff) {
 257                                                         logger(DEBUG_CONNECTIONS, LOG_ERR, "Proxy request rejected: unsuitable authentication method");
 258                                                         return false;
 259                                                 }
 260                                                 if(tcpbuffer[2] != 5) {
 261                                                         logger(DEBUG_CONNECTIONS, LOG_ERR, "Invalid response from proxy server");
 262                                                         return false;
 263                                                 }
 264                                                 if(tcpbuffer[3] == 0) {
 265                                                         logger(DEBUG_CONNECTIONS, LOG_DEBUG, "Proxy request granted");
 266                                                 } else {
 267                                                         logger(DEBUG_CONNECTIONS, LOG_DEBUG, "Proxy request rejected");
 268                                                         return false;
 269                                                 }
 270                                         } else {
 271                                                 logger(DEBUG_CONNECTIONS, LOG_ERR, "c->tcplen set but c->node is NULL!");
 272                                                 abort();
 273                                         }
 274                                 } else {
 275                                         if(c->allow_request == ALL) {
 276                                                 receive_tcppacket(c, tcpbuffer, c->tcplen);
 277                                         } else {
 278                                                 logger(DEBUG_CONNECTIONS, LOG_ERR, "Got unauthorized TCP packet from %s (%s)", c->name, c->hostname);
 279                                                 return false;
 280                                         }
 281                                 }
 282
 283                                 c->tcplen = 0;
 284                         }
 285
 286                         /* Otherwise we are waiting for a request */
 287
 288                         char *request = buffer_readline(&c->inbuf);
 289                         if(request) {
 290                                 bool result = receive_request(c, request);
 291                                 if(!result)
 292                                         return false;
 293                                 continue;
 294                         } else {
 295                                 break;
 296                         }
 297                 }
 298         } while(inlen);
 299
 300         return true;
 301 }