Author: Pekka Riikonen <priikone@silcnet.org>
- Copyright (C) 2006 Pekka Riikonen
+ Copyright (C) 2006 - 2007 Pekka Riikonen
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
conn->remote_host,
silc_ske_map_status(status));
+ conn->callback(client, conn, SILC_CLIENT_CONN_ERROR_KE, 0, NULL,
+ conn->callback_context);
+
silc_ske_free_rekey_material(rekey);
silc_fsm_next(fsm, silc_client_st_connect_error);
/* Callback called by application to return authentication data */
-static void silc_client_connect_auth_method(SilcBool success,
- SilcAuthMethod auth_meth,
+static void silc_client_connect_auth_method(SilcAuthMethod auth_meth,
void *auth, SilcUInt32 auth_len,
void *context)
{
SilcFSMThread fsm = context;
SilcClientConnection conn = silc_fsm_get_context(fsm);
- conn->internal->params.auth_method = SILC_AUTH_NONE;
-
- if (success) {
- conn->internal->params.auth_method = auth_meth;
- conn->internal->params.auth = auth;
- conn->internal->params.auth_len = auth_len;
- }
+ conn->internal->params.auth_method = auth_meth;
+ conn->internal->params.auth = auth;
+ conn->internal->params.auth_len = auth_len;
SILC_FSM_CALL_CONTINUE(fsm);
}
SILC_FSM_CALL_CONTINUE(fsm);
}
+/********************** CONNECTION_AUTH_REQUEST packet **********************/
+
+/* Received connection authentication request packet. We get the
+ required authentication method here. */
+
+SILC_FSM_STATE(silc_client_connect_auth_request)
+{
+ SilcClientConnection conn = fsm_context;
+ SilcPacket packet = state_context;
+ SilcUInt16 conn_type, auth_meth;
+
+ if (!conn->internal->auth_request) {
+ silc_packet_free(packet);
+ return SILC_FSM_FINISH;
+ }
+
+ /* Parse the payload */
+ if (silc_buffer_unformat(&packet->buffer,
+ SILC_STR_UI_SHORT(&conn_type),
+ SILC_STR_UI_SHORT(&auth_meth),
+ SILC_STR_END) < 0)
+ auth_meth = SILC_AUTH_NONE;
+
+ silc_packet_free(packet);
+
+ SILC_LOG_DEBUG(("Resolved authentication method: %s",
+ (auth_meth == SILC_AUTH_NONE ? "none" :
+ auth_meth == SILC_AUTH_PASSWORD ? "passphrase" :
+ "public key")));
+ conn->internal->params.auth_method = auth_meth;
+
+ /* Continue authentication */
+ silc_fsm_continue_sync(&conn->internal->event_thread);
+ return SILC_FSM_FINISH;
+}
+
/*************************** Connect remote host ****************************/
/* Connection timeout callback */
/* Set up key exchange parameters */
params.version = client->internal->silc_client_version;
+ params.timeout_secs = conn->internal->params.timeout_secs;
params.flags = SILC_SKE_SP_FLAG_MUTUAL;
if (conn->internal->params.pfs)
params.flags |= SILC_SKE_SP_FLAG_PFS;
silc_fsm_next(fsm, silc_client_st_connect_setup_udp);
else
/** Run key exchange (TCP) */
- silc_fsm_next(fsm, silc_client_st_connect_auth);
+ silc_fsm_next(fsm, silc_client_st_connect_auth_resolve);
SILC_FSM_CALL(conn->internal->op = silc_ske_initiator(conn->internal->ske,
conn->stream,
/* Set the new stream to packet stream */
old = silc_packet_stream_get_stream(conn->stream);
- silc_packet_stream_set_stream(conn->stream, stream,
- conn->internal->schedule);
+ silc_packet_stream_set_stream(conn->stream, stream);
silc_packet_stream_set_iv_included(conn->stream);
silc_packet_set_sid(conn->stream, 0);
silc_stream_destroy(old);
/** Start authentication */
- silc_fsm_next(fsm, silc_client_st_connect_auth);
+ silc_fsm_next(fsm, silc_client_st_connect_auth_resolve);
return SILC_FSM_CONTINUE;
}
-/* Get authentication method to be used in authentication protocol */
+/* Resolved authentication method to be used in authentication protocol */
+
+SILC_FSM_STATE(silc_client_st_connect_auth_resolve)
+{
+ SilcClientConnection conn = fsm_context;
+
+ SILC_LOG_DEBUG(("Resolve authentication method"));
+
+ if (conn->internal->disconnected) {
+ /** Disconnected */
+ silc_fsm_next(fsm, silc_client_st_connect_error);
+ return SILC_FSM_CONTINUE;
+ }
+
+ /* If authentication method and data is set, use them */
+ if (conn->internal->params.auth_set) {
+ /** Got authentication data */
+ silc_fsm_next(fsm, silc_client_st_connect_auth_start);
+ return SILC_FSM_CONTINUE;
+ }
+
+ /* Send connection authentication request packet */
+ silc_packet_send_va(conn->stream,
+ SILC_PACKET_CONNECTION_AUTH_REQUEST, 0,
+ SILC_STR_UI_SHORT(SILC_CONN_CLIENT),
+ SILC_STR_UI_SHORT(SILC_AUTH_NONE),
+ SILC_STR_END);
+
+ /** Wait for authentication method */
+ conn->internal->auth_request = TRUE;
+ conn->internal->params.auth_method = SILC_AUTH_NONE;
+ silc_fsm_next_later(fsm, silc_client_st_connect_auth_data, 2, 0);
+ return SILC_FSM_WAIT;
+}
+
+/* Get authentication data to be used in authentication protocol */
-SILC_FSM_STATE(silc_client_st_connect_auth)
+SILC_FSM_STATE(silc_client_st_connect_auth_data)
{
SilcClientConnection conn = fsm_context;
SilcClient client = conn->client;
return SILC_FSM_CONTINUE;
}
- silc_fsm_next(fsm, silc_client_st_connect_auth_start);
+ conn->internal->auth_request = FALSE;
- /* If authentication data not provided, ask from application */
- if (!conn->internal->params.auth_set)
- SILC_FSM_CALL(client->internal->ops->get_auth_method(
+ /** Get authentication data */
+ silc_fsm_next(fsm, silc_client_st_connect_auth_start);
+ SILC_FSM_CALL(client->internal->ops->get_auth_method(
client, conn,
conn->remote_host,
conn->remote_port,
+ conn->internal->params.auth_method,
silc_client_connect_auth_method, fsm));
-
- if (conn->internal->params.auth_method == SILC_AUTH_PUBLIC_KEY)
- conn->internal->params.auth = conn->private_key;
-
- /* We have authentication data */
- return SILC_FSM_CONTINUE;
}
/* Start connection authentication with remote host */
return SILC_FSM_CONTINUE;
}
+ /* We always use the same key for connection authentication and SKE */
+ if (conn->internal->params.auth_method == SILC_AUTH_PUBLIC_KEY)
+ conn->internal->params.auth = conn->private_key;
+
/* Allocate connection authentication protocol */
connauth = silc_connauth_alloc(conn->internal->schedule,
conn->internal->ske,
/* Signal to close connection */
if (!conn->internal->disconnected) {
conn->internal->disconnected = TRUE;
- SILC_FSM_SEMA_POST(&conn->internal->wait_event);
+ SILC_FSM_EVENT_SIGNAL(&conn->internal->wait_event);
}
silc_schedule_task_del_by_all(conn->internal->schedule, 0,
/* Signal to start rekey */
conn->internal->rekey_responder = FALSE;
conn->internal->rekeying = TRUE;
- SILC_FSM_SEMA_POST(&conn->internal->wait_event);
+ SILC_FSM_EVENT_SIGNAL(&conn->internal->wait_event);
/* Reinstall rekey timer */
silc_schedule_task_add_timeout(conn->internal->schedule,
projects / silc.git / blobdiff