/* Create a listening server */
sock = silc_net_create_server(server->config->server_info->port,
- server->config->server_info->server_ip);
- /* XXX What if I want my errno? Where is my errno?!? -Johnny */
+ server->config->server_info->server_ip);
if (sock < 0) {
SILC_LOG_ERROR(("Could not create server listener: %s on %hu",
server->config->server_info->server_ip,
all connections will have entry in this table (it is a table of
pointers to the actual object that is allocated individually
later). */
- server->sockets = silc_calloc(SILC_SERVER_MAX_CONNECTIONS,
+ server->sockets = silc_calloc(server->config->param.connections_max,
sizeof(*server->sockets));
do {
silc_server_protocols_register();
/* Initialize the scheduler. */
- server->schedule = silc_schedule_init(SILC_SERVER_MAX_CONNECTIONS);
+ server->schedule = silc_schedule_init(server->config->param.connections_max);
if (!server->schedule)
goto err;
/* If server connections has been configured then we must be router as
normal server cannot have server connections, only router connections. */
if (server->config->servers) {
- SilcServerConfigSectionServer *ptr = server->config->servers;
+ SilcServerConfigServer *ptr = server->config->servers;
server->server_type = SILC_ROUTER;
while (ptr) {
SilcSocketConnection newsocket;
SilcProtocol protocol;
SilcServerKEInternalContext *proto_ctx;
+ SilcServerConfigRouter *conn = sconn->conn;
void *context;
/* Cancel any possible retry timeouts */
proto_ctx->rng = server->rng;
proto_ctx->responder = FALSE;
+ /* Set Key Exchange flags from configuration, but fall back to global
+ settings too. */
+ SILC_GET_SKE_FLAGS(conn, proto_ctx);
+ if (server->config->param.key_exchange_pfs)
+ proto_ctx->flags |= SILC_SKE_SP_FLAG_PFS;
+
/* Perform key exchange protocol. silc_server_connect_to_router_second
will be called after the protocol is finished. */
silc_protocol_alloc(SILC_PROTOCOL_SERVER_KEY_EXCHANGE,
proto_ctx->timeout_task =
silc_schedule_task_add(server->schedule, sock,
silc_server_timeout_remote,
- server, 60, 0, /* XXX hardcoded */
+ server, server->config->key_exchange_timeout, 0,
SILC_TASK_TIMEOUT,
SILC_TASK_PRI_LOW);
{
SilcServerConnection sconn = (SilcServerConnection)context;
SilcServer server = sconn->server;
- SilcServerConfigSectionConnectionParam *param;
-
- param = (sconn->param ? sconn->param : &server->config->param);
+ SilcServerConfigConnParams *param =
+ (sconn->param ? sconn->param : &server->config->param);
SILC_LOG_INFO(("Retrying connecting to a router"));
silc_rng_get_rn32(server->rng) % SILC_SERVER_RETRY_RANDOMIZER;
/* If we've reached max retry count, give up. */
- if (sconn->retry_count > param->reconnect_count &&
+ if (sconn->retry_count > param->reconnect_count &&
param->reconnect_keep_trying == FALSE) {
SILC_LOG_ERROR(("Could not connect to router, giving up"));
silc_free(sconn->remote_host);
{
SilcServer server = (SilcServer)context;
SilcServerConnection sconn;
- SilcServerConfigSectionRouter *ptr;
+ SilcServerConfigRouter *ptr;
SILC_LOG_DEBUG(("Connecting to router(s)"));
SilcServerConnection sconn = (SilcServerConnection)ctx->context;
SilcSocketConnection sock = ctx->sock;
SilcServerConnAuthInternalContext *proto_ctx;
- SilcServerConfigSectionRouter *conn = NULL;
+ SilcServerConfigRouter *conn = NULL;
SILC_LOG_DEBUG(("Start"));
conn = sconn->conn;
if (conn) {
- /* Match found. Use the configured authentication method */
+ /* Match found. Use the configured authentication method. Take only
+ the passphrase, since for public key auth we automatically use
+ our local key pair. */
if (conn->passphrase) {
- if (conn->publickey && !server->config->prefer_passphrase_auth) {
- proto_ctx->auth_data = conn->publickey;
- proto_ctx->auth_data_len = 0;
+ if (conn->publickeys && !server->config->prefer_passphrase_auth) {
proto_ctx->auth_meth = SILC_AUTH_PUBLIC_KEY;
} else {
proto_ctx->auth_data = strdup(conn->passphrase);
proto_ctx->auth_data_len = strlen(conn->passphrase);
proto_ctx->auth_meth = SILC_AUTH_PASSWORD;
}
- } else if (conn->publickey) {
- proto_ctx->auth_data = conn->publickey;
- proto_ctx->auth_data_len = 0;
+ } else if (conn->publickeys) {
proto_ctx->auth_meth = SILC_AUTH_PUBLIC_KEY;
} else {
proto_ctx->auth_meth = SILC_AUTH_NONE;
proto_ctx->timeout_task =
silc_schedule_task_add(server->schedule, sock->sock,
silc_server_timeout_remote,
- (void *)server, 15, 0, /* XXX hardcoded */
+ (void *)server,
+ server->config->conn_auth_timeout, 0,
SILC_TASK_TIMEOUT,
SILC_TASK_PRI_LOW);
SilcBuffer packet;
SilcServerHBContext hb_context;
unsigned char *id_string;
- uint32 id_len;
+ SilcUInt32 id_len;
SilcIDListData idata;
- SilcServerConfigSectionConnectionParam *param;
+ SilcServerConfigConnParams *param;
SILC_LOG_DEBUG(("Start"));
SILC_ROUTER, ctx->dest_id, NULL, sock);
if (!id_entry) {
silc_free(ctx->dest_id);
+ SILC_LOG_ERROR(("Cannot add new server entry to cache"));
silc_server_disconnect_remote(server, sock, "Server closed connection: "
"Authentication failed");
goto out;
param = (sconn->param ? sconn->param : &server->config->param);
/* Perform keepalive. The `hb_context' will be freed automatically
- when finally calling the silc_socket_free function. XXX hardcoded
- timeout!! */
+ when finally calling the silc_socket_free function. */
hb_context = silc_calloc(1, sizeof(*hb_context));
hb_context->server = server;
silc_socket_set_heartbeat(sock, param->keepalive_secs, hb_context,
server->schedule);
/* Register re-key timeout */
- idata->rekey->timeout = 3600; /* XXX hardcoded */
+ idata->rekey->timeout = param->key_exchange_rekey;
idata->rekey->context = (void *)server;
silc_schedule_task_add(server->schedule, sock->sock,
silc_server_rekey_callback,
{
SilcServer server = (SilcServer)context;
SilcServerKEInternalContext *proto_ctx;
- void *cconfig, *sconfig, *rconfig;
- SilcServerConfigSectionDeny *deny;
+ SilcServerConfigClient *cconfig = NULL;
+ SilcServerConfigServer *sconfig = NULL;
+ SilcServerConfigRouter *rconfig = NULL;
+ SilcServerConfigDeny *deny;
int port;
SILC_LOG_DEBUG(("Start"));
later when outgoing data is available. */
SILC_REGISTER_CONNECTION_FOR_IO(sock->sock);
- SILC_LOG_INFO(("Incoming connection from %s (%s)", sock->hostname,
+ SILC_LOG_INFO(("Incoming connection %s (%s)", sock->hostname,
sock->ip));
port = server->sockets[server->sock]->port; /* Listenning port */
/* Check whether this connection is denied to connect to us. */
- deny = silc_server_config_find_denied(server, sock->ip, port);
+ deny = silc_server_config_find_denied(server, sock->ip);
if (!deny)
- deny = silc_server_config_find_denied(server, sock->hostname, port);
+ deny = silc_server_config_find_denied(server, sock->hostname);
if (deny) {
/* The connection is denied */
SILC_LOG_INFO(("Connection %s (%s) is denied",
/* Check whether we have configred this sort of connection at all. We
have to check all configurations since we don't know what type of
connection this is. */
- if (!(cconfig = silc_server_config_find_client(server, sock->ip, port)))
- cconfig = silc_server_config_find_client(server, sock->hostname, port);
+ if (!(cconfig = silc_server_config_find_client(server, sock->ip)))
+ cconfig = silc_server_config_find_client(server, sock->hostname);
if (!(sconfig = silc_server_config_find_server_conn(server, sock->ip)))
sconfig = silc_server_config_find_server_conn(server, sock->hostname);
- if (!(rconfig = silc_server_config_find_router_conn(server, sock->ip, port)))
- rconfig = silc_server_config_find_router_conn(server, sock->hostname,
- sock->port);
+ if (server->server_type == SILC_ROUTER) {
+ if (!(rconfig = silc_server_config_find_router_conn(server,
+ sock->ip, port)))
+ rconfig = silc_server_config_find_router_conn(server, sock->hostname,
+ sock->port);
+ }
if (!cconfig && !sconfig && !rconfig) {
SILC_LOG_INFO(("Connection %s (%s) is not allowed", sock->hostname,
sock->ip));
proto_ctx->sconfig = sconfig;
proto_ctx->rconfig = rconfig;
+ /* Take flags for key exchange. Since we do not know what type of connection
+ this is, we go through all found configuratios and use the global ones
+ as well. This will result always into strictest key exchange flags. */
+ SILC_GET_SKE_FLAGS(cconfig, proto_ctx);
+ SILC_GET_SKE_FLAGS(sconfig, proto_ctx);
+ SILC_GET_SKE_FLAGS(rconfig, proto_ctx);
+ if (server->config->param.key_exchange_pfs)
+ proto_ctx->flags |= SILC_SKE_SP_FLAG_PFS;
+
/* Prepare the connection for key exchange protocol. We allocate the
protocol but will not start it yet. The connector will be the
initiator of the protocol thus we will wait for initiation from
silc_server_accept_new_connection_second);
/* Register a timeout task that will be executed if the connector
- will not start the key exchange protocol within 60 seconds. For
- now, this is a hard coded limit. After the timeout the connection will
- be closed if the key exchange protocol has not been started. */
+ will not start the key exchange protocol within specified timeout
+ and the connection will be closed. */
proto_ctx->timeout_task =
silc_schedule_task_add(server->schedule, sock->sock,
silc_server_timeout_remote,
- context, 60, 0, /* XXX hardcoded */
+ context, server->config->key_exchange_timeout, 0,
SILC_TASK_TIMEOUT,
SILC_TASK_PRI_LOW);
}
return;
}
- /* Check max connections */
- if (sock > SILC_SERVER_MAX_CONNECTIONS) {
- SILC_LOG_ERROR(("Refusing connection, server is full"));
+ /* Check for maximum allowed connections */
+ if (sock > server->config->param.connections_max) {
+ SILC_LOG_ERROR(("Refusing connection, server is full, try again later"));
server->stat.conn_failures++;
return;
- }
+ }
/* Set socket options */
silc_net_set_socket_nonblock(sock);
proto_ctx->timeout_task =
silc_schedule_task_add(server->schedule, sock->sock,
silc_server_timeout_remote,
- (void *)server, 60, 0, /* XXX hardcoded */
+ (void *)server,
+ server->config->conn_auth_timeout, 0,
SILC_TASK_TIMEOUT,
SILC_TASK_PRI_LOW);
}
SilcServerHBContext hb_context;
SilcUnknownEntry entry = (SilcUnknownEntry)sock->user_data;
void *id_entry;
- uint32 hearbeat_timeout = SILC_SERVER_KEEPALIVE;
+ SilcUInt32 hearbeat_timeout = server->config->param.keepalive_secs;
+ SilcUInt32 num_sockets;
SILC_LOG_DEBUG(("Start"));
entry->data.last_receive = time(NULL);
+ num_sockets = silc_server_num_sockets_by_ip(server, sock->ip,
+ ctx->conn_type);
+
switch (ctx->conn_type) {
case SILC_SOCKET_TYPE_CLIENT:
{
SilcClientEntry client;
- SilcServerConfigSectionClient *conn = ctx->cconfig;
+ SilcServerConfigClient *conn = ctx->cconfig;
+ SilcUInt32 max_per_host = server->config->param.connections_max_per_host;
+
+ /* Check for maximum connections limit */
+ if (conn->param) {
+ if (conn->param->connections_max &&
+ server->stat.my_clients >= conn->param->connections_max) {
+ SILC_LOG_INFO(("Server is full, closing %s (%s) connection",
+ sock->hostname, sock->ip));
+ silc_server_disconnect_remote(server, sock,
+ "Server closed connection: "
+ "Server is full, try again later");
+ server->stat.auth_failures++;
+ goto out;
+ }
+
+ max_per_host = conn->param->connections_max_per_host;
+ }
+
+ if (num_sockets >= max_per_host) {
+ SILC_LOG_INFO(("Too many connections from %s (%s), closing connection",
+ sock->hostname, sock->ip));
+ silc_server_disconnect_remote(server, sock,
+ "Server closed connection: "
+ "Too many connections from your host");
+ server->stat.auth_failures++;
+ goto out;
+ }
SILC_LOG_DEBUG(("Remote host is client"));
- SILC_LOG_INFO(("Connection from %s (%s) is client", sock->hostname,
+ SILC_LOG_INFO(("Connection %s (%s) is client", sock->hostname,
sock->ip));
/* Add the client to the client ID cache. The nickname and Client ID
bool backup_local = FALSE;
bool backup_router = FALSE;
char *backup_replace_ip = NULL;
- uint16 backup_replace_port = 0;
- SilcServerConfigSectionServer *sconn = ctx->sconfig;
- SilcServerConfigSectionRouter *rconn = ctx->rconfig;
+ SilcUInt16 backup_replace_port = 0;
+ SilcServerConfigServer *sconn = ctx->sconfig;
+ SilcServerConfigRouter *rconn = ctx->rconfig;
+ SilcUInt32 max_per_host = server->config->param.connections_max_per_host;
if (ctx->conn_type == SILC_SOCKET_TYPE_ROUTER && rconn) {
+ if (rconn->param) {
+ /* Check for maximum connections limit */
+ if (rconn->param->connections_max &&
+ server->stat.my_routers >= rconn->param->connections_max) {
+ silc_server_disconnect_remote(server, sock,
+ "Server closed connection: "
+ "Server is full, try again later");
+ server->stat.auth_failures++;
+ goto out;
+ }
+ max_per_host = rconn->param->connections_max_per_host;
+
+ if (rconn->param->keepalive_secs)
+ hearbeat_timeout = rconn->param->keepalive_secs;
+ }
+
initiator = rconn->initiator;
backup_local = rconn->backup_local;
backup_router = rconn->backup_router;
backup_replace_ip = rconn->backup_replace_ip;
backup_replace_port = rconn->backup_replace_port;
-
- if (rconn->param) {
- if (rconn->param->keepalive_secs)
- hearbeat_timeout = rconn->param->keepalive_secs;
- }
}
if (ctx->conn_type == SILC_SOCKET_TYPE_SERVER && sconn) {
- backup_router = sconn->backup_router;
-
if (sconn->param) {
+ /* Check for maximum connections limit */
+ if (sconn->param->connections_max &&
+ server->stat.my_servers >= sconn->param->connections_max) {
+ SILC_LOG_INFO(("Server is full, closing %s (%s) connection",
+ sock->hostname, sock->ip));
+ silc_server_disconnect_remote(server, sock,
+ "Server closed connection: "
+ "Server is full, try again later");
+ server->stat.auth_failures++;
+ goto out;
+ }
+ max_per_host = sconn->param->connections_max_per_host;
+
if (sconn->param->keepalive_secs)
hearbeat_timeout = sconn->param->keepalive_secs;
}
+
+ backup_router = sconn->backup_router;
+ }
+
+ if (num_sockets >= max_per_host) {
+ SILC_LOG_INFO(("Too many connections from %s (%s), closing connection",
+ sock->hostname, sock->ip));
+ silc_server_disconnect_remote(server, sock,
+ "Server closed connection: "
+ "Too many connections from your host");
+ server->stat.auth_failures++;
+ goto out;
}
SILC_LOG_DEBUG(("Remote host is %s",
ctx->conn_type == SILC_SOCKET_TYPE_SERVER ?
"server" : (backup_router ?
"backup router" : "router")));
- SILC_LOG_INFO(("Connection from %s (%s) is %s", sock->hostname,
+ SILC_LOG_INFO(("Connection s (%s) is %s", sock->hostname,
sock->ip, ctx->conn_type == SILC_SOCKET_TYPE_SERVER ?
"server" : (backup_router ?
"backup router" : "router")));
SilcIDListData idata;
SilcCipher cipher = NULL;
SilcHmac hmac = NULL;
- uint32 sequence = 0;
+ SilcUInt32 sequence = 0;
int ret;
if (!sock)
/* If connection is disconnecting or disconnected we will ignore
what we read. */
if (SILC_IS_DISCONNECTING(sock) || SILC_IS_DISCONNECTED(sock)) {
- SILC_LOG_DEBUG(("Ignoring read data from disonnected connection"));
+ SILC_LOG_DEBUG(("Ignoring read data from disconnected connection"));
return;
}
/* Creates connection to a remote router. */
void silc_server_create_connection(SilcServer server,
- const char *remote_host, uint32 port)
+ const char *remote_host, SilcUInt32 port)
{
SilcServerConnection sconn;
/* Remove client from channel's client list */
silc_hash_table_del(channel->user_list, chl->client);
+ channel->user_count--;
/* If there is no global users on the channel anymore mark the channel
as local channel. Do not check if the removed client is local client. */
while (silc_hash_table_get(&htl2, NULL, (void *)&chl2)) {
silc_hash_table_del(chl2->client->channels, channel);
silc_hash_table_del(channel->user_list, chl2->client);
+ channel->user_count--;
silc_free(chl2);
}
silc_hash_table_list_reset(&htl2);
/* Remove client from channel's client list */
silc_hash_table_del(channel->user_list, chl->client);
+ channel->user_count--;
/* If there is no global users on the channel anymore mark the channel
as local channel. Do not check if the client is local client. */
while (silc_hash_table_get(&htl2, NULL, (void *)&chl2)) {
silc_hash_table_del(chl2->client->channels, channel);
silc_hash_table_del(channel->user_list, chl2->client);
+ channel->user_count--;
silc_free(chl2);
}
silc_hash_table_list_reset(&htl2);
if (!sock)
return;
+ SILC_LOG_ERROR(("No response from %s (%s), Connection timeout",
+ sock->hostname, sock->ip));
+
/* If we have protocol active we must assure that we call the protocol's
final callback so that all the memory is freed. */
if (sock->protocol) {
bool silc_server_create_channel_key(SilcServer server,
SilcChannelEntry channel,
- uint32 key_len)
+ SilcUInt32 key_len)
{
int i;
unsigned char channel_key[32], hash[32];
- uint32 len;
+ SilcUInt32 len;
SILC_LOG_DEBUG(("Generating channel key"));
/* Save the key */
channel->key_len = len * 8;
- channel->key = silc_calloc(len, sizeof(*channel->key));
- memcpy(channel->key, channel_key, len);
+ channel->key = silc_memdup(channel_key, len);
memset(channel_key, 0, sizeof(channel_key));
/* Generate HMAC key from the channel key data and set it */
channel->rekey->task =
silc_schedule_task_add(server->schedule, 0,
silc_server_channel_key_rekey,
- (void *)channel->rekey, 3600, 0,
+ (void *)channel->rekey,
+ server->config->channel_rekey_secs, 0,
SILC_TASK_TIMEOUT,
SILC_TASK_PRI_NORMAL);
}
SilcChannelKeyPayload payload = NULL;
SilcChannelID *id = NULL;
unsigned char *tmp, hash[32];
- uint32 tmp_len;
+ SilcUInt32 tmp_len;
char *cipher;
SILC_LOG_DEBUG(("Start"));
/* Save the key */
channel->key_len = tmp_len * 8;
- channel->key = silc_calloc(tmp_len, sizeof(unsigned char));
- memcpy(channel->key, tmp, tmp_len);
+ channel->key = silc_memdup(tmp, tmp_len);
silc_cipher_set_key(channel->channel_key, tmp, channel->key_len);
/* Generate HMAC key from the channel key data and set it */
channel->rekey->task =
silc_schedule_task_add(server->schedule, 0,
silc_server_channel_key_rekey,
- (void *)channel->rekey, 3600, 0,
+ (void *)channel->rekey,
+ server->config->channel_rekey_secs, 0,
SILC_TASK_TIMEOUT,
SILC_TASK_PRI_NORMAL);
}
}
static SilcBuffer
-silc_server_announce_encode_notify(SilcNotifyType notify, uint32 argc, ...)
+silc_server_announce_encode_notify(SilcNotifyType notify, SilcUInt32 argc, ...)
{
va_list ap;
SilcBuffer p;
SilcBuffer *channels,
SilcBuffer *channel_users,
SilcBuffer **channel_users_modes,
- uint32 *channel_users_modes_c,
+ SilcUInt32 *channel_users_modes_c,
SilcBuffer **channel_topics,
SilcChannelID ***channel_ids,
unsigned long creation_time)
SilcIDCacheEntry id_cache;
SilcChannelEntry channel;
unsigned char *cid;
- uint32 id_len;
- uint16 name_len;
+ SilcUInt32 id_len;
+ SilcUInt16 name_len;
int len;
int i = *channel_users_modes_c;
bool announce;
SilcBuffer channels = NULL, channel_users = NULL;
SilcBuffer *channel_users_modes = NULL;
SilcBuffer *channel_topics = NULL;
- uint32 channel_users_modes_c = 0;
+ SilcUInt32 channel_users_modes_c = 0;
SilcChannelID **channel_ids = NULL;
SILC_LOG_DEBUG(("Announcing channels and channel users"));
SilcChannelEntry channel,
SilcBuffer *user_list,
SilcBuffer *mode_list,
- uint32 *user_count)
+ SilcUInt32 *user_count)
{
SilcChannelClientEntry chl;
SilcHashTableList htl;
SilcBuffer client_id_list;
SilcBuffer client_mode_list;
SilcBuffer idp;
- uint32 list_count = 0, len = 0;
+ SilcUInt32 list_count = 0, len = 0;
silc_hash_table_list(channel->user_list, &htl);
while (silc_hash_table_get(&htl, NULL, (void *)&chl))
SilcClientID *noadd,
SilcBuffer user_list,
SilcBuffer mode_list,
- uint32 user_count)
+ SilcUInt32 user_count)
{
int i;
- uint16 idp_len;
- uint32 mode;
+ SilcUInt16 idp_len;
+ SilcUInt32 mode;
SilcClientID *client_id;
SilcClientEntry client;
SilcIDCacheEntry cache;
chl->channel = channel;
silc_hash_table_add(channel->user_list, chl->client, chl);
silc_hash_table_add(client->channels, chl->channel, chl);
+ channel->user_count++;
}
}
}
SilcSocketConnection silc_server_get_client_route(SilcServer server,
unsigned char *id_data,
- uint32 id_len,
+ SilcUInt32 id_len,
SilcClientID *client_id,
SilcIDListData *idata)
{
SilcChannelClientEntry chl;
SilcHashTableList htl;
unsigned char *cid;
- uint32 id_len;
- uint16 name_len;
+ SilcUInt32 id_len;
+ SilcUInt16 name_len;
int len;
silc_hash_table_list(client->channels, &htl);