5 Author: Pekka Riikonen <priikone@poseidon.pspt.fi>
7 Copyright (C) 1997 - 2001 Pekka Riikonen
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 2 of the License, or
12 (at your option) any later version.
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
21 * Server side of the protocols.
25 #include "serverincludes.h"
26 #include "server_internal.h"
28 SILC_TASK_CALLBACK(silc_server_protocol_connection_auth);
29 SILC_TASK_CALLBACK(silc_server_protocol_key_exchange);
31 extern char *silc_version_string;
34 * Key Exhange protocol functions
37 /* Packet sending callback. This function is provided as packet sending
38 routine to the Key Exchange functions. */
40 static void silc_server_protocol_ke_send_packet(SilcSKE ske,
45 SilcProtocol protocol = (SilcProtocol)context;
46 SilcServerKEInternalContext *ctx =
47 (SilcServerKEInternalContext *)protocol->context;
48 SilcServer server = (SilcServer)ctx->server;
50 /* Send the packet immediately */
51 silc_server_packet_send(server, ske->sock,
52 type, 0, packet->data, packet->len, TRUE);
55 /* Sets the negotiated key material into use for particular connection. */
57 int silc_server_protocol_ke_set_keys(SilcSKE ske,
58 SilcSocketConnection sock,
59 SilcSKEKeyMaterial *keymat,
66 SilcUnknownEntry conn_data;
69 SILC_LOG_DEBUG(("Setting new key into use"));
71 conn_data = silc_calloc(1, sizeof(*conn_data));
72 idata = (SilcIDListData)conn_data;
74 /* Allocate cipher to be used in the communication */
75 if (!silc_cipher_alloc(cipher->cipher->name, &idata->send_key)) {
79 if (!silc_cipher_alloc(cipher->cipher->name, &idata->receive_key)) {
84 if (is_responder == TRUE) {
85 idata->send_key->cipher->set_key(idata->send_key->context,
86 keymat->receive_enc_key,
88 idata->send_key->set_iv(idata->send_key, keymat->receive_iv);
89 idata->receive_key->cipher->set_key(idata->receive_key->context,
92 idata->receive_key->set_iv(idata->receive_key, keymat->send_iv);
95 idata->send_key->cipher->set_key(idata->send_key->context,
98 idata->send_key->set_iv(idata->send_key, keymat->send_iv);
99 idata->receive_key->cipher->set_key(idata->receive_key->context,
100 keymat->receive_enc_key,
101 keymat->enc_key_len);
102 idata->receive_key->set_iv(idata->receive_key, keymat->receive_iv);
105 /* Allocate PKCS to be used */
107 /* XXX Do we ever need to allocate PKCS for the connection??
108 If yes, we need to change KE protocol to get the initiators
110 silc_pkcs_alloc(pkcs->pkcs->name, &idata->pkcs);
111 idata->public_key = silc_pkcs_public_key_alloc(XXX);
112 silc_pkcs_set_public_key(idata->pkcs, ske->ke2_payload->pk_data,
113 ske->ke2_payload->pk_len);
117 if (!silc_hash_alloc(hash->hash->name, &idata->hash)) {
118 silc_cipher_free(idata->send_key);
119 silc_cipher_free(idata->receive_key);
120 silc_free(conn_data);
124 /* Save HMAC key to be used in the communication. */
125 if (!silc_hmac_alloc(hmac->hmac->name, NULL, &idata->hmac)) {
126 silc_cipher_free(idata->send_key);
127 silc_cipher_free(idata->receive_key);
128 silc_hash_free(idata->hash);
129 silc_free(conn_data);
132 silc_hmac_set_key(idata->hmac, keymat->hmac_key, keymat->hmac_key_len);
134 sock->user_data = (void *)conn_data;
139 /* Check remote host version string */
141 SilcSKEStatus silc_ske_check_version(SilcSKE ske, unsigned char *version,
144 SilcSKEStatus status = SILC_SKE_STATUS_OK;
146 /* Check for initial version string */
147 if (!strstr(version, "SILC-1.0-"))
148 status = SILC_SKE_STATUS_BAD_VERSION;
150 /* Check software version */
152 if (len < strlen(silc_version_string))
153 status = SILC_SKE_STATUS_BAD_VERSION;
155 /* XXX for now there is no other tests due to the abnormal version
156 string that is used */
161 /* Performs key exchange protocol. This is used for both initiator
162 and responder key exchange. This is performed always when accepting
163 new connection to the server. This may be called recursively. */
165 SILC_TASK_CALLBACK(silc_server_protocol_key_exchange)
167 SilcProtocol protocol = (SilcProtocol)context;
168 SilcServerKEInternalContext *ctx =
169 (SilcServerKEInternalContext *)protocol->context;
170 SilcServer server = (SilcServer)ctx->server;
171 SilcSKEStatus status = 0;
173 SILC_LOG_DEBUG(("Start"));
175 if (protocol->state == SILC_PROTOCOL_STATE_UNKNOWN)
176 protocol->state = SILC_PROTOCOL_STATE_START;
178 SILC_LOG_DEBUG(("State=%d", protocol->state));
180 switch(protocol->state) {
181 case SILC_PROTOCOL_STATE_START:
188 /* Allocate Key Exchange object */
189 ske = silc_ske_alloc();
191 ske->rng = server->rng;
193 if (ctx->responder == TRUE) {
194 /* Start the key exchange by processing the received security
195 properties packet from initiator. */
196 status = silc_ske_responder_start(ske, ctx->rng, ctx->sock,
198 ctx->packet->buffer, NULL, NULL);
200 SilcSKEStartPayload *start_payload;
202 /* Assemble security properties. */
203 silc_ske_assemble_security_properties(ske, SILC_SKE_SP_FLAG_NONE,
207 /* Start the key exchange by sending our security properties
208 to the remote end. */
209 status = silc_ske_initiator_start(ske, ctx->rng, ctx->sock,
211 silc_server_protocol_ke_send_packet,
215 if (status != SILC_SKE_STATUS_OK) {
216 SILC_LOG_WARNING(("Error (type %d) during Key Exchange protocol",
218 SILC_LOG_DEBUG(("Error (type %d) during Key Exchange protocol",
221 protocol->state = SILC_PROTOCOL_STATE_ERROR;
222 protocol->execute(server->timeout_queue, 0, protocol, fd, 0, 300000);
226 /* Advance protocol state and call the next state if we are responder */
228 if (ctx->responder == TRUE)
229 protocol->execute(server->timeout_queue, 0, protocol, fd, 0, 100000);
237 if (ctx->responder == TRUE) {
238 /* Sends the selected security properties to the initiator. */
240 silc_ske_responder_phase_1(ctx->ske,
241 ctx->ske->start_payload,
242 silc_server_protocol_ke_send_packet,
245 /* Call Phase-1 function. This processes the Key Exchange Start
246 paylaod reply we just got from the responder. The callback
247 function will receive the processed payload where we will
249 status = silc_ske_initiator_phase_1(ctx->ske, ctx->packet->buffer,
253 if (status != SILC_SKE_STATUS_OK) {
254 SILC_LOG_WARNING(("Error (type %d) during Key Exchange protocol",
256 SILC_LOG_DEBUG(("Error (type %d) during Key Exchange protocol",
259 protocol->state = SILC_PROTOCOL_STATE_ERROR;
260 protocol->execute(server->timeout_queue, 0, protocol, fd, 0, 300000);
264 /* Advance protocol state and call next state if we are initiator */
266 if (ctx->responder == FALSE)
267 protocol->execute(server->timeout_queue, 0, protocol, fd, 0, 100000);
275 if (ctx->responder == TRUE) {
276 /* Process the received Key Exchange 1 Payload packet from
277 the initiator. This also creates our parts of the Diffie
278 Hellman algorithm. */
279 status = silc_ske_responder_phase_2(ctx->ske, ctx->packet->buffer,
282 /* Call the Phase-2 function. This creates Diffie Hellman
283 key exchange parameters and sends our public part inside
284 Key Exhange 1 Payload to the responder. */
286 silc_ske_initiator_phase_2(ctx->ske,
288 silc_server_protocol_ke_send_packet,
292 if (status != SILC_SKE_STATUS_OK) {
293 SILC_LOG_WARNING(("Error (type %d) during Key Exchange protocol",
295 SILC_LOG_DEBUG(("Error (type %d) during Key Exchange protocol",
298 protocol->state = SILC_PROTOCOL_STATE_ERROR;
299 protocol->execute(server->timeout_queue, 0, protocol, fd, 0, 300000);
303 /* Advance protocol state and call the next state if we are responder */
305 if (ctx->responder == TRUE)
306 protocol->execute(server->timeout_queue, 0, protocol, fd, 0, 100000);
314 if (ctx->responder == TRUE) {
315 /* This creates the key exchange material and sends our
316 public parts to the initiator inside Key Exchange 2 Payload. */
318 silc_ske_responder_finish(ctx->ske,
319 server->public_key, server->private_key,
320 SILC_SKE_PK_TYPE_SILC,
321 silc_server_protocol_ke_send_packet,
324 /* Finish the protocol. This verifies the Key Exchange 2 payload
325 sent by responder. */
326 status = silc_ske_initiator_finish(ctx->ske, ctx->packet->buffer,
327 NULL, NULL, NULL, NULL);
330 if (status != SILC_SKE_STATUS_OK) {
331 SILC_LOG_WARNING(("Error (type %d) during Key Exchange protocol",
333 SILC_LOG_DEBUG(("Error (type %d) during Key Exchange protocol",
336 protocol->state = SILC_PROTOCOL_STATE_ERROR;
337 protocol->execute(server->timeout_queue, 0, protocol, fd, 0, 300000);
341 /* Send Ok to the other end. We will end the protocol as responder
342 sends Ok to us when we will take the new keys into use. */
343 if (ctx->responder == FALSE)
344 silc_ske_end(ctx->ske, silc_server_protocol_ke_send_packet, context);
346 /* End the protocol on the next round */
347 protocol->state = SILC_PROTOCOL_STATE_END;
351 case SILC_PROTOCOL_STATE_END:
356 SilcSKEKeyMaterial *keymat;
357 int key_len = silc_cipher_get_key_len(ctx->ske->prop->cipher);
358 int hash_len = ctx->ske->prop->hash->hash->hash_len;
360 /* Process the key material */
361 keymat = silc_calloc(1, sizeof(*keymat));
362 status = silc_ske_process_key_material(ctx->ske, 16, key_len, hash_len,
364 if (status != SILC_SKE_STATUS_OK) {
365 protocol->state = SILC_PROTOCOL_STATE_ERROR;
366 protocol->execute(server->timeout_queue, 0, protocol, fd, 0, 300000);
367 silc_ske_free_key_material(keymat);
370 ctx->keymat = keymat;
372 /* Send Ok to the other end if we are responder. If we are initiator
373 we have sent this already. */
374 if (ctx->responder == TRUE)
375 silc_ske_end(ctx->ske, silc_server_protocol_ke_send_packet, context);
377 /* Unregister the timeout task since the protocol has ended.
378 This was the timeout task to be executed if the protocol is
379 not completed fast enough. */
380 if (ctx->timeout_task)
381 silc_task_unregister(server->timeout_queue, ctx->timeout_task);
383 /* Call the final callback */
384 if (protocol->final_callback)
385 protocol->execute_final(server->timeout_queue, 0, protocol, fd);
387 silc_protocol_free(protocol);
391 case SILC_PROTOCOL_STATE_ERROR:
396 /* Send abort notification */
397 silc_ske_abort(ctx->ske, ctx->ske->status,
398 silc_server_protocol_ke_send_packet,
401 /* Unregister the timeout task since the protocol has ended.
402 This was the timeout task to be executed if the protocol is
403 not completed fast enough. */
404 if (ctx->timeout_task)
405 silc_task_unregister(server->timeout_queue, ctx->timeout_task);
407 /* On error the final callback is always called. */
408 if (protocol->final_callback)
409 protocol->execute_final(server->timeout_queue, 0, protocol, fd);
411 silc_protocol_free(protocol);
414 case SILC_PROTOCOL_STATE_FAILURE:
416 * We have received failure from remote
419 /* Unregister the timeout task since the protocol has ended.
420 This was the timeout task to be executed if the protocol is
421 not completed fast enough. */
422 if (ctx->timeout_task)
423 silc_task_unregister(server->timeout_queue, ctx->timeout_task);
425 /* On error the final callback is always called. */
426 if (protocol->final_callback)
427 protocol->execute_final(server->timeout_queue, 0, protocol, fd);
429 silc_protocol_free(protocol);
432 case SILC_PROTOCOL_STATE_UNKNOWN:
438 * Connection Authentication protocol functions
441 /* XXX move these to somehwere else */
443 int silc_server_password_authentication(SilcServer server, char *auth1,
446 if (!auth1 || !auth2)
449 if (!memcmp(auth1, auth2, strlen(auth1)))
455 int silc_server_public_key_authentication(SilcServer server,
458 unsigned int sign_len,
461 SilcPublicKey pub_key;
466 if (!pkfile || !sign)
469 /* Load public key from file */
470 if (!silc_pkcs_load_public_key(pkfile, &pub_key, SILC_PKCS_FILE_PEM))
471 if (!silc_pkcs_load_public_key(pkfile, &pub_key, SILC_PKCS_FILE_BIN))
474 silc_pkcs_alloc(pub_key->name, &pkcs);
475 if (!silc_pkcs_public_key_set(pkcs, pub_key)) {
476 silc_pkcs_free(pkcs);
480 /* Make the authentication data. Protocol says it is HASH plus
482 len = ske->hash_len + ske->start_payload_copy->len;
483 auth = silc_buffer_alloc(len);
484 silc_buffer_pull_tail(auth, len);
485 silc_buffer_format(auth,
486 SILC_STR_UI_XNSTRING(ske->hash, ske->hash_len),
487 SILC_STR_UI_XNSTRING(ske->start_payload_copy->data,
488 ske->start_payload_copy->len),
491 /* Verify signature */
492 if (pkcs->pkcs->verify(pkcs->context, sign, sign_len,
493 auth->data, auth->len))
495 silc_pkcs_free(pkcs);
496 silc_pkcs_public_key_free(pub_key);
497 silc_buffer_free(auth);
501 silc_pkcs_free(pkcs);
502 silc_pkcs_public_key_free(pub_key);
503 silc_buffer_free(auth);
507 /* Performs connection authentication protocol. If responder, we
508 authenticate the remote data received. If initiator, we will send
509 authentication data to the remote end. */
511 SILC_TASK_CALLBACK(silc_server_protocol_connection_auth)
513 SilcProtocol protocol = (SilcProtocol)context;
514 SilcServerConnAuthInternalContext *ctx =
515 (SilcServerConnAuthInternalContext *)protocol->context;
516 SilcServer server = (SilcServer)ctx->server;
518 SILC_LOG_DEBUG(("Start"));
520 if (protocol->state == SILC_PROTOCOL_STATE_UNKNOWN)
521 protocol->state = SILC_PROTOCOL_STATE_START;
523 SILC_LOG_DEBUG(("State=%d", protocol->state));
525 switch(protocol->state) {
526 case SILC_PROTOCOL_STATE_START:
532 if (ctx->responder == TRUE) {
534 * We are receiving party
537 unsigned short payload_len;
538 unsigned short conn_type;
539 unsigned char *auth_data;
541 SILC_LOG_INFO(("Performing authentication protocol for %s (%s)",
542 ctx->sock->hostname, ctx->sock->ip));
544 /* Parse the received authentication data packet. The received
545 payload is Connection Auth Payload. */
546 ret = silc_buffer_unformat(ctx->packet->buffer,
547 SILC_STR_UI_SHORT(&payload_len),
548 SILC_STR_UI_SHORT(&conn_type),
551 SILC_LOG_DEBUG(("Bad payload in authentication packet"));
552 protocol->state = SILC_PROTOCOL_STATE_ERROR;
553 protocol->execute(server->timeout_queue, 0, protocol, fd, 0, 300000);
557 if (payload_len != ctx->packet->buffer->len) {
558 SILC_LOG_DEBUG(("Bad payload in authentication packet"));
559 protocol->state = SILC_PROTOCOL_STATE_ERROR;
560 protocol->execute(server->timeout_queue, 0, protocol, fd, 0, 300000);
566 if (conn_type < SILC_SOCKET_TYPE_CLIENT ||
567 conn_type > SILC_SOCKET_TYPE_ROUTER) {
568 SILC_LOG_ERROR(("Bad connection type %d", conn_type));
569 protocol->state = SILC_PROTOCOL_STATE_ERROR;
570 protocol->execute(server->timeout_queue, 0, protocol, fd, 0, 300000);
574 if (payload_len > 0) {
575 /* Get authentication data */
576 silc_buffer_pull(ctx->packet->buffer, 4);
577 ret = silc_buffer_unformat(ctx->packet->buffer,
578 SILC_STR_UI_XNSTRING_ALLOC(&auth_data,
582 SILC_LOG_DEBUG(("Bad payload in authentication packet"));
583 protocol->state = SILC_PROTOCOL_STATE_ERROR;
584 protocol->execute(server->timeout_queue, 0,
585 protocol, fd, 0, 300000);
593 * Check the remote connection type and make sure that we have
594 * configured this connection. If we haven't allowed this connection
595 * the authentication must be failed.
598 SILC_LOG_DEBUG(("Remote connection type %d", conn_type));
600 /* Remote end is client */
601 if (conn_type == SILC_SOCKET_TYPE_CLIENT) {
602 SilcServerConfigSectionClientConnection *client = NULL;
604 silc_server_config_find_client_conn(server->config,
609 silc_server_config_find_client_conn(server->config,
614 switch(client->auth_meth) {
616 /* No authentication required */
617 SILC_LOG_DEBUG(("No authentication required"));
620 case SILC_AUTH_PASSWORD:
621 /* Password authentication */
622 SILC_LOG_DEBUG(("Password authentication"));
623 ret = silc_server_password_authentication(server, auth_data,
627 memset(auth_data, 0, payload_len);
628 silc_free(auth_data);
633 /* Authentication failed */
634 SILC_LOG_ERROR(("Authentication failed"));
635 SILC_LOG_DEBUG(("Authentication failed"));
636 protocol->state = SILC_PROTOCOL_STATE_ERROR;
637 protocol->execute(server->timeout_queue, 0,
638 protocol, fd, 0, 300000);
642 case SILC_AUTH_PUBLIC_KEY:
643 /* Public key authentication */
644 SILC_LOG_DEBUG(("Public key authentication"));
645 ret = silc_server_public_key_authentication(server,
652 memset(auth_data, 0, payload_len);
653 silc_free(auth_data);
658 SILC_LOG_ERROR(("Authentication failed"));
659 SILC_LOG_DEBUG(("Authentication failed"));
660 protocol->state = SILC_PROTOCOL_STATE_ERROR;
661 protocol->execute(server->timeout_queue, 0,
662 protocol, fd, 0, 300000);
666 SILC_LOG_DEBUG(("No configuration for remote connection"));
667 SILC_LOG_ERROR(("Remote connection not configured"));
668 SILC_LOG_ERROR(("Authentication failed"));
669 memset(auth_data, 0, payload_len);
670 silc_free(auth_data);
672 protocol->state = SILC_PROTOCOL_STATE_ERROR;
673 protocol->execute(server->timeout_queue, 0,
674 protocol, fd, 0, 300000);
679 /* Remote end is server */
680 if (conn_type == SILC_SOCKET_TYPE_SERVER) {
681 SilcServerConfigSectionServerConnection *serv = NULL;
683 silc_server_config_find_server_conn(server->config,
688 silc_server_config_find_server_conn(server->config,
693 switch(serv->auth_meth) {
695 /* No authentication required */
696 SILC_LOG_DEBUG(("No authentication required"));
699 case SILC_AUTH_PASSWORD:
700 /* Password authentication */
701 SILC_LOG_DEBUG(("Password authentication"));
702 ret = silc_server_password_authentication(server, auth_data,
706 memset(auth_data, 0, payload_len);
707 silc_free(auth_data);
712 /* Authentication failed */
713 SILC_LOG_ERROR(("Authentication failed"));
714 SILC_LOG_DEBUG(("Authentication failed"));
715 protocol->state = SILC_PROTOCOL_STATE_ERROR;
716 protocol->execute(server->timeout_queue, 0,
717 protocol, fd, 0, 300000);
721 case SILC_AUTH_PUBLIC_KEY:
722 /* Public key authentication */
723 SILC_LOG_DEBUG(("Public key authentication"));
724 ret = silc_server_public_key_authentication(server,
731 memset(auth_data, 0, payload_len);
732 silc_free(auth_data);
737 SILC_LOG_ERROR(("Authentication failed"));
738 SILC_LOG_DEBUG(("Authentication failed"));
739 protocol->state = SILC_PROTOCOL_STATE_ERROR;
740 protocol->execute(server->timeout_queue, 0,
741 protocol, fd, 0, 300000);
745 SILC_LOG_DEBUG(("No configuration for remote connection"));
746 SILC_LOG_ERROR(("Remote connection not configured"));
747 SILC_LOG_ERROR(("Authentication failed"));
748 memset(auth_data, 0, payload_len);
749 silc_free(auth_data);
751 protocol->state = SILC_PROTOCOL_STATE_ERROR;
752 protocol->execute(server->timeout_queue, 0,
753 protocol, fd, 0, 300000);
758 /* Remote end is router */
759 if (conn_type == SILC_SOCKET_TYPE_ROUTER) {
760 SilcServerConfigSectionServerConnection *serv = NULL;
762 silc_server_config_find_router_conn(server->config,
767 silc_server_config_find_router_conn(server->config,
772 switch(serv->auth_meth) {
774 /* No authentication required */
775 SILC_LOG_DEBUG(("No authentication required"));
778 case SILC_AUTH_PASSWORD:
779 /* Password authentication */
780 SILC_LOG_DEBUG(("Password authentication"));
781 ret = silc_server_password_authentication(server, auth_data,
785 memset(auth_data, 0, payload_len);
786 silc_free(auth_data);
791 /* Authentication failed */
792 SILC_LOG_ERROR(("Authentication failed"));
793 SILC_LOG_DEBUG(("Authentication failed"));
794 protocol->state = SILC_PROTOCOL_STATE_ERROR;
795 protocol->execute(server->timeout_queue, 0,
796 protocol, fd, 0, 300000);
800 case SILC_AUTH_PUBLIC_KEY:
801 /* Public key authentication */
802 SILC_LOG_DEBUG(("Public key authentication"));
803 ret = silc_server_public_key_authentication(server,
810 memset(auth_data, 0, payload_len);
811 silc_free(auth_data);
816 SILC_LOG_ERROR(("Authentication failed"));
817 SILC_LOG_DEBUG(("Authentication failed"));
818 protocol->state = SILC_PROTOCOL_STATE_ERROR;
819 protocol->execute(server->timeout_queue, 0,
820 protocol, fd, 0, 300000);
824 SILC_LOG_DEBUG(("No configuration for remote connection"));
825 SILC_LOG_ERROR(("Remote connection not configured"));
826 SILC_LOG_ERROR(("Authentication failed"));
827 memset(auth_data, 0, payload_len);
828 silc_free(auth_data);
830 protocol->state = SILC_PROTOCOL_STATE_ERROR;
831 protocol->execute(server->timeout_queue, 0,
832 protocol, fd, 0, 300000);
838 memset(auth_data, 0, payload_len);
839 silc_free(auth_data);
842 /* Save connection type. This is later used to create the
843 ID for the connection. */
844 ctx->conn_type = conn_type;
846 /* Advance protocol state. */
847 protocol->state = SILC_PROTOCOL_STATE_END;
848 protocol->execute(server->timeout_queue, 0, protocol, fd, 0, 0);
852 * We are initiator. We are authenticating ourselves to a
853 * remote server. We will send the authentication data to the
854 * other end for verify.
858 unsigned char *auth_data = NULL;
859 unsigned int auth_data_len = 0;
861 switch(ctx->auth_meth) {
863 /* No authentication required */
866 case SILC_AUTH_PASSWORD:
867 /* Password authentication */
868 if (ctx->auth_data && ctx->auth_data_len) {
869 auth_data = ctx->auth_data;
870 auth_data_len = ctx->auth_data_len;
874 /* No authentication data exits. Ask interactively from user. */
879 case SILC_AUTH_PUBLIC_KEY:
880 /* Public key authentication */
885 payload_len = 4 + auth_data_len;
886 packet = silc_buffer_alloc(payload_len);
887 silc_buffer_pull_tail(packet, SILC_BUFFER_END(packet));
888 silc_buffer_format(packet,
889 SILC_STR_UI_SHORT(payload_len),
890 SILC_STR_UI_SHORT(server->server_type
892 SILC_SOCKET_TYPE_SERVER :
893 SILC_SOCKET_TYPE_ROUTER),
894 SILC_STR_UI_XNSTRING(auth_data, auth_data_len),
897 /* Send the packet to server */
898 silc_server_packet_send(server, ctx->sock,
899 SILC_PACKET_CONNECTION_AUTH, 0,
900 packet->data, packet->len, TRUE);
903 memset(auth_data, 0, auth_data_len);
904 silc_free(auth_data);
906 silc_buffer_free(packet);
908 /* Next state is end of protocol */
909 protocol->state = SILC_PROTOCOL_STATE_END;
914 case SILC_PROTOCOL_STATE_END:
921 SILC_PUT32_MSB(SILC_AUTH_OK, ok);
923 /* Authentication failed */
924 silc_server_packet_send(server, ctx->sock, SILC_PACKET_SUCCESS,
927 /* Unregister the timeout task since the protocol has ended.
928 This was the timeout task to be executed if the protocol is
929 not completed fast enough. */
930 if (ctx->timeout_task)
931 silc_task_unregister(server->timeout_queue, ctx->timeout_task);
933 /* Protocol has ended, call the final callback */
934 if (protocol->final_callback)
935 protocol->execute_final(server->timeout_queue, 0, protocol, fd);
937 silc_protocol_free(protocol);
940 case SILC_PROTOCOL_STATE_ERROR:
943 * Error. Send notify to remote.
945 unsigned char error[4];
947 SILC_PUT32_MSB(SILC_AUTH_FAILED, error);
949 /* Authentication failed */
950 silc_server_packet_send(server, ctx->sock, SILC_PACKET_FAILURE,
953 /* Unregister the timeout task since the protocol has ended.
954 This was the timeout task to be executed if the protocol is
955 not completed fast enough. */
956 if (ctx->timeout_task)
957 silc_task_unregister(server->timeout_queue, ctx->timeout_task);
959 /* On error the final callback is always called. */
960 if (protocol->final_callback)
961 protocol->execute_final(server->timeout_queue, 0, protocol, fd);
963 silc_protocol_free(protocol);
967 case SILC_PROTOCOL_STATE_FAILURE:
969 * We have received failure from remote
972 /* Unregister the timeout task since the protocol has ended.
973 This was the timeout task to be executed if the protocol is
974 not completed fast enough. */
975 if (ctx->timeout_task)
976 silc_task_unregister(server->timeout_queue, ctx->timeout_task);
978 /* On error the final callback is always called. */
979 if (protocol->final_callback)
980 protocol->execute_final(server->timeout_queue, 0, protocol, fd);
982 silc_protocol_free(protocol);
985 case SILC_PROTOCOL_STATE_UNKNOWN:
990 /* Registers protocols used in server. */
992 void silc_server_protocols_register(void)
994 silc_protocol_register(SILC_PROTOCOL_SERVER_CONNECTION_AUTH,
995 silc_server_protocol_connection_auth);
996 silc_protocol_register(SILC_PROTOCOL_SERVER_KEY_EXCHANGE,
997 silc_server_protocol_key_exchange);
1000 /* Unregisters protocols */
1002 void silc_server_protocols_unregister(void)
1004 silc_protocol_unregister(SILC_PROTOCOL_SERVER_CONNECTION_AUTH,
1005 silc_server_protocol_connection_auth);
1006 silc_protocol_unregister(SILC_PROTOCOL_SERVER_KEY_EXCHANGE,
1007 silc_server_protocol_key_exchange);