other_mirrors/ iodine
1
0
Fork 0
mirror of https://github.com/yarrick/iodine.git synced 2024-11-22 16:19:20 +02:00
Code Issues Packages Projects Releases Wiki Activity

Refuse attempts to set options after option negotiation has completed.

This commit is contained in:
Masaq- 2016-10-22 04:46:48 +00:00
parent 8e15a73a77
commit a96e2e7a69
3 changed files with 20 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
src/iodined.c
View File

@ -263,6 +263,19 @@ check_authenticated_user_and_ip(int userid, struct query *q)
return 0; return 0;
} }
static int
check_authenticated_user_and_ip_and_options(int userid, struct query *q)
{
int res = check_authenticated_user_and_ip(userid, q);
if (res || check_ip)
return res;
if (users[userid].options_locked)
return 1;
return 0;
}
static void static void
send_raw(int fd, char *buf, int buflen, int user, int cmd, struct query *q) send_raw(int fd, char *buf, int buflen, int user, int cmd, struct query *q)
{ {
@ -973,7 +986,7 @@ handle_null_request(int tun_fd, int dns_fd, struct dnsfd *dns_fds, struct query
userid = b32_8to5(in[1]); userid = b32_8to5(in[1]);
if (check_authenticated_user_and_ip(userid, q) != 0) { if (check_authenticated_user_and_ip_and_options(userid, q) != 0) {
write_dns(dns_fd, q, "BADIP", 5, 'T'); write_dns(dns_fd, q, "BADIP", 5, 'T');
return; /* illegal id */ return; /* illegal id */
} }
@ -1014,7 +1027,7 @@ handle_null_request(int tun_fd, int dns_fd, struct dnsfd *dns_fds, struct query
userid = b32_8to5(in[1]); userid = b32_8to5(in[1]);
if (check_authenticated_user_and_ip(userid, q) != 0) { if (check_authenticated_user_and_ip_and_options(userid, q) != 0) {
write_dns(dns_fd, q, "BADIP", 5, 'T'); write_dns(dns_fd, q, "BADIP", 5, 'T');
return; /* illegal id */ return; /* illegal id */
} }
@ -1177,7 +1190,7 @@ handle_null_request(int tun_fd, int dns_fd, struct dnsfd *dns_fds, struct query
/* Downstream fragsize packet */ /* Downstream fragsize packet */
userid = unpacked[0]; userid = unpacked[0];
if (check_authenticated_user_and_ip(userid, q) != 0) { if (check_authenticated_user_and_ip_and_options(userid, q) != 0) {
write_dns(dns_fd, q, "BADIP", 5, 'T'); write_dns(dns_fd, q, "BADIP", 5, 'T');
return; /* illegal id */ return; /* illegal id */
} }
@ -1187,6 +1200,7 @@ handle_null_request(int tun_fd, int dns_fd, struct dnsfd *dns_fds, struct query
write_dns(dns_fd, q, "BADFRAG", 7, users[userid].downenc); write_dns(dns_fd, q, "BADFRAG", 7, users[userid].downenc);
} else { } else {
users[userid].fragsize = max_frag_size; users[userid].fragsize = max_frag_size;
users[userid].options_locked = 1;
write_dns(dns_fd, q, &unpacked[1], 2, users[userid].downenc); write_dns(dns_fd, q, &unpacked[1], 2, users[userid].downenc);
} }
return; return;

2
src/user.c
View File

@ -77,6 +77,7 @@ init_users(in_addr_t my_ip, int netbits)
users[i].disabled = 0; users[i].disabled = 0;
users[i].authenticated = 0; users[i].authenticated = 0;
users[i].authenticated_raw = 0; users[i].authenticated_raw = 0;
users[i].options_locked = 0;
users[i].active = 0; users[i].active = 0;
/* Rest is reset on login ('V' packet) */ /* Rest is reset on login ('V' packet) */
} }
@ -156,6 +157,7 @@ find_available_user()
users[i].active = 1; users[i].active = 1;
users[i].authenticated = 0; users[i].authenticated = 0;
users[i].authenticated_raw = 0; users[i].authenticated_raw = 0;
users[i].options_locked = 0;
users[i].last_pkt = time(NULL); users[i].last_pkt = time(NULL);
users[i].fragsize = 4096; users[i].fragsize = 4096;
users[i].conn = CONN_DNS_NULL; users[i].conn = CONN_DNS_NULL;

1
src/user.h
View File

@ -39,6 +39,7 @@ struct tun_user {
int active; int active;
int authenticated; int authenticated;
int authenticated_raw; int authenticated_raw;
int options_locked;
int disabled; int disabled;
time_t last_pkt; time_t last_pkt;
int seed; int seed;