Remove support for calling external scripts.

[meshlink] / src / protocol_auth.c

diff --git a/src/protocol_auth.c b/src/protocol_auth.c
index f8a3cc3b3d2d3e5464263567189aab2b3beb8768..703b670adbbc8d73e7514bd0a86f303e318017c5 100644 (file)
--- a/src/protocol_auth.c
+++ b/src/protocol_auth.c
@@ -1,7 +1,7 @@
 /*
     protocol_auth.c -- handle the meta-protocol, authentication
     Copyright (C) 1999-2005 Ivo Timmermans,
-                  2000-2013 Guus Sliepen <guus@tinc-vpn.org>
+                  2000-2014 Guus Sliepen <guus@tinc-vpn.org>
 
     This program is free software; you can redistribute it and/or modify
     it under the terms of the GNU General Public License as published by
@@ -174,6 +174,10 @@ static bool finalize_invitation(connection_t *c, const char *data, uint16_t len)
        fclose(f);
 
        logger(DEBUG_CONNECTIONS, LOG_INFO, "Key succesfully received from %s (%s)", c->name, c->hostname);
+
+       //TODO: callback to application to inform of an accepted invitation
+
+       sptps_send_record(&c->sptps, 2, data, 0);
        return true;
 }
 
@@ -189,8 +193,19 @@ static bool receive_invitation_sptps(void *handle, uint8_t type, const char *dat
        if(type != 0 || len != 18 || c->status.invitation_used)
                return false;
 
+       // Recover the filename from the cookie and the key
+       digest_t *digest = digest_open_by_name("sha256", 18);
+       if(!digest)
+               abort();
+       char *fingerprint = ecdsa_get_base64_public_key(invitation_key);
+       char hashbuf[18 + strlen(fingerprint)];
        char cookie[25];
-       b64encode_urlsafe(data, cookie, 18);
+       memcpy(hashbuf, data, 18);
+       memcpy(hashbuf + 18, fingerprint, sizeof hashbuf - 18);
+       digest_create(digest, hashbuf, sizeof hashbuf, cookie);
+       b64encode_urlsafe(cookie, cookie, 18);
+       digest_close(digest);
+       free(fingerprint);
 
        char filename[PATH_MAX], usedname[PATH_MAX];
        snprintf(filename, sizeof filename, "%s" SLASH "invitations" SLASH "%s", confbase, cookie);
@@ -640,7 +655,8 @@ bool send_ack(connection_t *c) {
        if(choice)
                c->options |= OPTION_CLAMP_MSS;
 
-       get_config_int(lookup_config(c->config_tree, "Weight"), &c->estimated_weight);
+       if(!get_config_int(lookup_config(c->config_tree, "Weight"), &c->estimated_weight))
+               get_config_int(lookup_config(config_tree, "Weight"), &c->estimated_weight);
 
        return send_request(c, "%d %s %d %x", ACK, myport, c->estimated_weight, (c->options & 0xffffff) | (experimental ? (PROT_MINOR << 24) : 0));
 }
@@ -648,6 +664,7 @@ bool send_ack(connection_t *c) {
 static void send_everything(connection_t *c) {
        /* Send all known subnets and edges */
 
+       // TODO: remove this
        if(disablebuggypeers) {
                static struct {
                        vpn_packet_t pkt;
@@ -659,17 +676,7 @@ static void send_everything(connection_t *c) {
                send_tcppacket(c, &zeropkt.pkt);
        }
 
-       if(tunnelserver) {
-               for splay_each(subnet_t, s, myself->subnet_tree)
-                       send_add_subnet(c, s);
-
-               return;
-       }
-
        for splay_each(node_t, n, node_tree) {
-               for splay_each(subnet_t, s, n->subnet_tree)
-                       send_add_subnet(c, s);
-
                for splay_each(edge_t, e, n->edge_tree)
                        send_add_edge(c, e);
        }
@@ -734,7 +741,7 @@ bool ack_h(connection_t *c, const char *request) {
                        }
 
                        terminate_connection(n->connection, false);
-                       /* Run graph algorithm to purge key and make sure up/down scripts are rerun with new IP addresses and stuff */
+                       /* Run graph algorithm to keep things in sync */
                        graph();
                }
        }