From ddb4831f065b6e539d33051fb4c94711e06ed72f Mon Sep 17 00:00:00 2001 From: Matthias Schiffer Date: Wed, 27 Feb 2013 04:42:50 +0100 Subject: Don't set the peer address for temporary peers before the session is actually established Doing so could lead to duplicate address entries in different peers, causing very strange behaviour. Add additional parameters for the local and the peer address to fastd_shell_exec() to allow the on-verify script to use this information nevertheless. --- src/fastd.c | 4 ++-- src/fastd.h | 2 +- src/peer.c | 16 +++++++--------- src/peer.h | 4 ++-- src/protocol_ec25519_fhmqvc.c | 4 ++-- src/shell.c | 22 +++++++++++----------- 6 files changed, 25 insertions(+), 27 deletions(-) diff --git a/src/fastd.c b/src/fastd.c index 89125a9..5b0316f 100644 --- a/src/fastd.c +++ b/src/fastd.c @@ -567,14 +567,14 @@ static inline void on_up(fastd_context_t *ctx) { if (!ctx->conf->on_up) return; - fastd_shell_exec(ctx, NULL, ctx->conf->on_up, ctx->conf->on_up_dir, NULL); + fastd_shell_exec(ctx, ctx->conf->on_up, ctx->conf->on_up_dir, NULL, NULL, NULL, NULL); } static inline void on_down(fastd_context_t *ctx) { if (!ctx->conf->on_down) return; - fastd_shell_exec(ctx, NULL, ctx->conf->on_down, ctx->conf->on_down_dir, NULL); + fastd_shell_exec(ctx, ctx->conf->on_down, ctx->conf->on_down_dir, NULL, NULL, NULL, NULL); } static fastd_peer_group_t* init_peer_group(const fastd_peer_group_config_t *config, fastd_peer_group_t *parent) { diff --git a/src/fastd.h b/src/fastd.h index 3ee445f..391b47a 100644 --- a/src/fastd.h +++ b/src/fastd.h @@ -332,7 +332,7 @@ void fastd_reconfigure(fastd_context_t *ctx, fastd_config_t *conf); void fastd_cap_init(fastd_context_t *ctx); void fastd_cap_drop(fastd_context_t *ctx); -bool fastd_shell_exec(fastd_context_t *ctx, const fastd_peer_t *peer, const char *command, const char *dir, int *ret); +bool fastd_shell_exec(fastd_context_t *ctx, const char *command, const char *dir, const fastd_peer_t *peer, const fastd_peer_address_t *local_addr, const fastd_peer_address_t *peer_addr, int *ret); void fastd_random_bytes(fastd_context_t *ctx, void *buffer, size_t len, bool secure); diff --git a/src/peer.c b/src/peer.c index e713cbe..a20e0c8 100644 --- a/src/peer.c +++ b/src/peer.c @@ -36,14 +36,14 @@ static inline void on_establish(fastd_context_t *ctx, const fastd_peer_t *peer) if (!ctx->conf->on_establish) return; - fastd_shell_exec(ctx, peer, ctx->conf->on_establish, ctx->conf->on_establish_dir, NULL); + fastd_shell_exec(ctx, ctx->conf->on_establish, ctx->conf->on_establish_dir, peer, &peer->sock->addr->addr, &peer->address, NULL); } static inline void on_disestablish(fastd_context_t *ctx, const fastd_peer_t *peer) { if (!ctx->conf->on_disestablish) return; - fastd_shell_exec(ctx, peer, ctx->conf->on_disestablish, ctx->conf->on_disestablish_dir, NULL); + fastd_shell_exec(ctx, ctx->conf->on_disestablish, ctx->conf->on_disestablish_dir, peer, &peer->sock->addr->addr, &peer->address, NULL); } static inline void free_socket(fastd_context_t *ctx, fastd_peer_t *peer) { @@ -411,7 +411,7 @@ fastd_peer_t* fastd_peer_add(fastd_context_t *ctx, fastd_peer_config_t *peer_con return peer; } -fastd_peer_t* fastd_peer_add_temporary(fastd_context_t *ctx, fastd_socket_t *sock, const fastd_peer_address_t *addr) { +fastd_peer_t* fastd_peer_add_temporary(fastd_context_t *ctx) { if (!ctx->conf->on_verify) exit_bug(ctx, "tried to add temporary peer without on-verify command"); @@ -423,23 +423,21 @@ fastd_peer_t* fastd_peer_add_temporary(fastd_context_t *ctx, fastd_socket_t *soc peer->config = NULL; peer->group = ctx->peer_group; peer->protocol_state = NULL; - peer->sock = sock; + peer->sock = NULL; peer->seen = ctx->now; setup_peer(ctx, peer); - peer->address = *addr; - - pr_debug(ctx, "adding temporary peer for %I", addr); + pr_debug(ctx, "adding temporary peer"); return peer; } -bool fastd_peer_verify_temporary(fastd_context_t *ctx, fastd_peer_t *peer) { +bool fastd_peer_verify_temporary(fastd_context_t *ctx, fastd_peer_t *peer, const fastd_peer_address_t *local_addr, const fastd_peer_address_t *peer_addr) { if (!ctx->conf->on_verify) exit_bug(ctx, "tried to verify temporary peer without on-verify command"); int ret; - if (!fastd_shell_exec(ctx, peer, ctx->conf->on_verify, ctx->conf->on_verify_dir, &ret)) + if (!fastd_shell_exec(ctx, ctx->conf->on_verify, ctx->conf->on_verify_dir, peer, local_addr, peer_addr, &ret)) return false; if (WIFSIGNALED(ret)) { diff --git a/src/peer.h b/src/peer.h index eb72435..dde19dd 100644 --- a/src/peer.h +++ b/src/peer.h @@ -91,8 +91,8 @@ bool fastd_peer_config_equal(const fastd_peer_config_t *peer1, const fastd_peer_ void fastd_peer_reset(fastd_context_t *ctx, fastd_peer_t *peer); void fastd_peer_delete(fastd_context_t *ctx, fastd_peer_t *peer); fastd_peer_t* fastd_peer_add(fastd_context_t *ctx, fastd_peer_config_t *conf); -fastd_peer_t* fastd_peer_add_temporary(fastd_context_t *ctx, fastd_socket_t *sock, const fastd_peer_address_t *addr); -bool fastd_peer_verify_temporary(fastd_context_t *ctx, fastd_peer_t *peer); +fastd_peer_t* fastd_peer_add_temporary(fastd_context_t *ctx); +bool fastd_peer_verify_temporary(fastd_context_t *ctx, fastd_peer_t *peer, const fastd_peer_address_t *local_addr, const fastd_peer_address_t *peer_addr); void fastd_peer_enable_temporary(fastd_context_t *ctx, fastd_peer_t *peer); void fastd_peer_set_established(fastd_context_t *ctx, fastd_peer_t *peer); bool fastd_peer_may_connect(fastd_context_t *ctx, fastd_peer_t *peer); diff --git a/src/protocol_ec25519_fhmqvc.c b/src/protocol_ec25519_fhmqvc.c index 4b0e997..061726f 100644 --- a/src/protocol_ec25519_fhmqvc.c +++ b/src/protocol_ec25519_fhmqvc.c @@ -568,7 +568,7 @@ static inline fastd_peer_t* add_temporary(fastd_context_t *ctx, fastd_socket_t * return NULL; } - fastd_peer_t *peer = fastd_peer_add_temporary(ctx, sock, address); + fastd_peer_t *peer = fastd_peer_add_temporary(ctx); peer->protocol_config = malloc(sizeof(fastd_protocol_peer_config_t)); memcpy(peer->protocol_config->public_key.p, key, PUBLICKEYBYTES); @@ -576,7 +576,7 @@ static inline fastd_peer_t* add_temporary(fastd_context_t *ctx, fastd_socket_t * /* Ugly hack */ peer->protocol_state->last_serial--; - if (!fastd_peer_verify_temporary(ctx, peer)) { + if (!fastd_peer_verify_temporary(ctx, peer, &sock->addr->addr, address)) { fastd_peer_delete(ctx, peer); return NULL; } diff --git a/src/shell.c b/src/shell.c index 93a07d6..80f925e 100644 --- a/src/shell.c +++ b/src/shell.c @@ -31,7 +31,7 @@ #include -bool fastd_shell_exec(fastd_context_t *ctx, const fastd_peer_t *peer, const char *command, const char *dir, int *ret) { +bool fastd_shell_exec(fastd_context_t *ctx, const char *command, const char *dir, const fastd_peer_t *peer, const fastd_peer_address_t *local_addr, const fastd_peer_address_t *peer_addr, int *ret) { int result = -1; bool ok = false; char *cwd = get_current_dir_name(); @@ -52,21 +52,21 @@ bool fastd_shell_exec(fastd_context_t *ctx, const fastd_peer_t *peer, const char else unsetenv("PEER_NAME"); - switch((peer && peer->sock) ? peer->sock->addr->addr.sa.sa_family : AF_UNSPEC) { + switch(local_addr ? local_addr->sa.sa_family : AF_UNSPEC) { case AF_INET: - inet_ntop(AF_INET, &peer->sock->addr->addr.in.sin_addr, buf, sizeof(buf)); + inet_ntop(AF_INET, &local_addr->in.sin_addr, buf, sizeof(buf)); setenv("LOCAL_ADDRESS", buf, 1); - snprintf(buf, sizeof(buf), "%u", ntohs(peer->sock->addr->addr.in.sin_port)); + snprintf(buf, sizeof(buf), "%u", ntohs(local_addr->in.sin_port)); setenv("LOCAL_PORT", buf, 1); break; case AF_INET6: - inet_ntop(AF_INET6, &peer->sock->addr->addr.in6.sin6_addr, buf, sizeof(buf)); + inet_ntop(AF_INET6, &local_addr->in6.sin6_addr, buf, sizeof(buf)); setenv("LOCAL_ADDRESS", buf, 1); - snprintf(buf, sizeof(buf), "%u", ntohs(peer->sock->addr->addr.in6.sin6_port)); + snprintf(buf, sizeof(buf), "%u", ntohs(local_addr->in6.sin6_port)); setenv("LOCAL_PORT", buf, 1); break; @@ -76,21 +76,21 @@ bool fastd_shell_exec(fastd_context_t *ctx, const fastd_peer_t *peer, const char unsetenv("LOCAL_PORT"); } - switch(peer ? peer->address.sa.sa_family : AF_UNSPEC) { + switch(peer_addr ? peer_addr->sa.sa_family : AF_UNSPEC) { case AF_INET: - inet_ntop(AF_INET, &peer->address.in.sin_addr, buf, sizeof(buf)); + inet_ntop(AF_INET, &peer_addr->in.sin_addr, buf, sizeof(buf)); setenv("PEER_ADDRESS", buf, 1); - snprintf(buf, sizeof(buf), "%u", ntohs(peer->address.in.sin_port)); + snprintf(buf, sizeof(buf), "%u", ntohs(peer_addr->in.sin_port)); setenv("PEER_PORT", buf, 1); break; case AF_INET6: - inet_ntop(AF_INET6, &peer->address.in6.sin6_addr, buf, sizeof(buf)); + inet_ntop(AF_INET6, &peer_addr->in6.sin6_addr, buf, sizeof(buf)); setenv("PEER_ADDRESS", buf, 1); - snprintf(buf, sizeof(buf), "%u", ntohs(peer->address.in6.sin6_port)); + snprintf(buf, sizeof(buf), "%u", ntohs(peer_addr->in6.sin6_port)); setenv("PEER_PORT", buf, 1); break; -- cgit v1.2.3