diff --git a/src/server.c b/src/server.c index a00ef0e..a4040c9 100644 --- a/src/server.c +++ b/src/server.c @@ -828,7 +828,7 @@ handle_raw_login(uint8_t *packet, size_t len, struct query *q, int fd, int useri } if (userid < 0 || userid >= created_users || - check_authenticated_user_and_ip(userid, q) != 0) { + check_authenticated_user_and_ip(userid, q, server.check_ip) != 0) { DEBUG(2, "User %d not authenticated, ignoring raw login!", userid); return; } @@ -857,7 +857,7 @@ handle_raw_login(uint8_t *packet, size_t len, struct query *q, int fd, int useri static void handle_raw_data(uint8_t *packet, size_t len, struct query *q, int userid) { - if (check_authenticated_user_and_ip(userid, q) != 0) { + if (check_authenticated_user_and_ip(userid, q, server.check_ip) != 0) { return; } if (!users[userid].authenticated_raw) return; @@ -875,7 +875,7 @@ handle_raw_data(uint8_t *packet, size_t len, struct query *q, int userid) static void handle_raw_ping(struct query *q, int dns_fd, int userid) { - if (check_authenticated_user_and_ip(userid, q) != 0) { + if (check_authenticated_user_and_ip(userid, q, server.check_ip) != 0) { return; } if (!users[userid].authenticated_raw) return; @@ -1218,7 +1218,7 @@ handle_null_request(int dns_fd, struct query *q, int domain_len) userid = unpacked[0]; DEBUG(2, "Received login request for user %d from %s.", userid, format_addr(&q->from, q->fromlen)); - if (check_user_and_ip(userid, q) != 0) { + if (check_user_and_ip(userid, q, server.check_ip) != 0) { write_dns(dns_fd, q, "BADIP", 5, 'T'); syslog(LOG_WARNING, "dropped login request from user #%d from %s; expected source %s", userid, format_addr(&q->from, q->fromlen), format_addr(&users[userid].host, users[userid].hostlen)); @@ -1257,7 +1257,7 @@ handle_null_request(int dns_fd, struct query *q, int domain_len) int length; userid = b32_8to5(in[1]); - if (check_authenticated_user_and_ip(userid, q) != 0) { + if (check_authenticated_user_and_ip(userid, q, server.check_ip) != 0) { write_dns(dns_fd, q, "BADIP", 5, 'T'); return; /* illegal id */ } @@ -1297,7 +1297,7 @@ handle_null_request(int dns_fd, struct query *q, int domain_len) userid = b32_8to5(in[1]); - if (check_authenticated_user_and_ip(userid, q) != 0) { + if (check_authenticated_user_and_ip(userid, q, server.check_ip) != 0) { write_dns(dns_fd, q, "BADIP", 5, 'T'); return; /* illegal id */ } @@ -1343,7 +1343,7 @@ handle_null_request(int dns_fd, struct query *q, int domain_len) userid = b32_8to5(in[1]); - if (check_authenticated_user_and_ip(userid, q) != 0) { + if (check_authenticated_user_and_ip(userid, q, server.check_ip) != 0) { write_dns(dns_fd, q, "BADIP", 5, 'T'); return; /* illegal id */ } @@ -1482,7 +1482,7 @@ handle_null_request(int dns_fd, struct query *q, int domain_len) read = unpack_data(unpacked, sizeof(unpacked), in + 1, 5, b32); userid = unpacked[0]; - if (check_authenticated_user_and_ip(userid, q) != 0) { + if (check_authenticated_user_and_ip(userid, q, server.check_ip) != 0) { write_dns(dns_fd, q, "BADIP", 5, 'T'); return; /* illegal id */ } @@ -1519,7 +1519,7 @@ handle_null_request(int dns_fd, struct query *q, int domain_len) /* Downstream fragsize packet */ userid = unpacked[0]; - if (check_authenticated_user_and_ip(userid, q) != 0) { + if (check_authenticated_user_and_ip(userid, q, server.check_ip) != 0) { write_dns(dns_fd, q, "BADIP", 5, 'T'); return; /* illegal id */ } @@ -1550,7 +1550,7 @@ handle_null_request(int dns_fd, struct query *q, int domain_len) /* Check userid */ userid = unpacked[0]; - if (check_authenticated_user_and_ip(userid, q) != 0) { + if (check_authenticated_user_and_ip(userid, q, server.check_ip) != 0) { write_dns(dns_fd, q, "BADIP", 5, 'T'); return; /* illegal id */ } @@ -1628,7 +1628,7 @@ handle_null_request(int dns_fd, struct query *q, int domain_len) userid = code; /* Check user and sending IP address */ - if (check_authenticated_user_and_ip(userid, q) != 0) { + if (check_authenticated_user_and_ip(userid, q, server.check_ip) != 0) { write_dns(dns_fd, q, "BADIP", 5, 'T'); return; /* illegal IP */ } diff --git a/src/user.c b/src/user.c index 98aca0a..972abc9 100644 --- a/src/user.c +++ b/src/user.c @@ -35,7 +35,6 @@ #include "encoding.h" #include "user.h" #include "window.h" -#include "server.h" struct tun_user *users; unsigned usercount; @@ -78,11 +77,6 @@ init_users(in_addr_t my_ip, int netbits) snprintf(newip, sizeof(newip), "0.0.0.%d", i + skip + 1); ip = ipstart.s_addr + inet_addr(newip); } - if (server.debug >= 2) { - struct in_addr IP; - IP.s_addr = ip; - DEBUG(2, "User %d: IP %s", i, inet_ntoa(IP)); - } users[i].tun_ip = ip; net.s_addr = ip; @@ -191,7 +185,7 @@ user_set_conn_type(int userid, enum connection c) /* This will not check that user has passed login challenge */ int -check_user_and_ip(int userid, struct query *q) +check_user_and_ip(int userid, struct query *q, int check_ip) { /* Note: duplicate in handle_raw_login() except IP-address check */ @@ -201,7 +195,7 @@ check_user_and_ip(int userid, struct query *q) if (!user_active(userid)) return 1; /* return early if IP checking is disabled */ - if (!server.check_ip) { + if (!check_ip) { return 0; } @@ -229,11 +223,11 @@ check_user_and_ip(int userid, struct query *q) } int -check_authenticated_user_and_ip(int userid, struct query *q) +check_authenticated_user_and_ip(int userid, struct query *q, int check_ip) /* This checks that user has passed normal (non-raw) login challenge * Returns 0 on success, 1 if user is not authenticated/IP is wrong */ { - int res = check_user_and_ip(userid, q); + int res = check_user_and_ip(userid, q, check_ip); if (res) return res; diff --git a/src/user.h b/src/user.h index 1b19f38..f59f79c 100644 --- a/src/user.h +++ b/src/user.h @@ -54,8 +54,8 @@ extern int created_users; int user_sending(int user); int all_users_waiting_to_send(); int user_active(int i); -int check_authenticated_user_and_ip(int userid, struct query *q); -int check_user_and_ip(int userid, struct query *q); +int check_authenticated_user_and_ip(int userid, struct query *q, int check_ip); +int check_user_and_ip(int userid, struct query *q, int check_ip); int init_users(in_addr_t, int); const char* users_get_first_ip(); diff --git a/tests/Makefile b/tests/Makefile index 6d35a7a..7977947 100644 --- a/tests/Makefile +++ b/tests/Makefile @@ -1,6 +1,6 @@ TEST = test OBJS = test.o base32.o base64.o common.o read.o dns.o encoding.o login.o user.o fw_query.o window.o -SRCOBJS = ../src/base32.o ../src/base64.o ../src/window.o ../src/common.o ../src/read.o ../src/dns.o ../src/encoding.o ../src/login.o ../src/md5.o ../src/user.o ../src/fw_query.o +SRCOBJS = ../src/base32.o ../src/base64.o ../src/window.o ../src/common.o ../src/read.o ../src/dns.o ../src/encoding.o ../src/login.o ../src/md5.o ../src/user.o ../src/fw_query.o ../src/util.o OS = `uname | tr "a-z" "A-Z"`