- Enforce correct order of authentication requests

author Guus Sliepen <guus@tinc-vpn.org>

Sun, 29 Oct 2000 01:08:09 +0000 (01:08 +0000)

committer Guus Sliepen <guus@tinc-vpn.org>

Sun, 29 Oct 2000 01:08:09 +0000 (01:08 +0000)
author Guus Sliepen <guus@tinc-vpn.org>
Sun, 29 Oct 2000 01:08:09 +0000 (01:08 +0000)
committer Guus Sliepen <guus@tinc-vpn.org>
Sun, 29 Oct 2000 01:08:09 +0000 (01:08 +0000)
diff --git a/src/protocol.c b/src/protocol.c

index 1bb37346318535acdb46ce44196e13ba97f604f3..89e89fa9ef4ef6151b8af35b1e0d2f117902c4e3 100644 (file)
--- a/src/protocol.c
+++ b/src/protocol.c
@@ -17,7 +17,7 @@
      along with this program; if not, write to the Free Software
      Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
  
-    $Id: protocol.c,v 1.28.4.48 2000/10/29 00:24:31 guus Exp $
+    $Id: protocol.c,v 1.28.4.49 2000/10/29 01:08:09 guus Exp $
  */
  
  #include "config.h"
@@ -111,6 +111,12 @@ cp
                    request_name[request], cl->name, cl->hostname);
         }
  
+      if((cl->allow_request != ALL) && (cl->allow_request != request))
+        {
+          syslog(LOG_ERR, _("Unauthorized request from %s (%s)"), cl->name, cl->hostname);
+          return -1;
+        }
+
        if(request_handlers[request](cl))
         /* Something went wrong. Probably scriptkiddies. Terminate. */
          {
@@ -435,7 +441,8 @@ cp
  int send_ack(conn_list_t *cl)
  {
  cp
-  cl->allow_request = ACK;
+  if(cl->status.outgoing)
+    cl->allow_request = ACK;
  cp
    return send_request(cl, "%d", ACK);
  }
author	Guus Sliepen <guus@tinc-vpn.org>
	Sun, 29 Oct 2000 01:08:09 +0000 (01:08 +0000)
committer	Guus Sliepen <guus@tinc-vpn.org>
	Sun, 29 Oct 2000 01:08:09 +0000 (01:08 +0000)