X-Git-Url: http://git.silcnet.org/gitweb/?a=blobdiff_plain;f=apps%2Fsilcd%2Fserver.c;h=7d5ce4edb2a1fd4c925d638aa73ea537b3513066;hb=8b11d3c1627f1dc3c7966bb51901bcdcf1f8a9fb;hp=2680fc7783cf10ec246c923a89134464df4669a0;hpb=63bb287938298ab6fa5bfe3c5f7888c47240b51f;p=runtime.git diff --git a/apps/silcd/server.c b/apps/silcd/server.c index 2680fc77..7d5ce4ed 100644 --- a/apps/silcd/server.c +++ b/apps/silcd/server.c @@ -103,12 +103,13 @@ static SilcBool silc_server_packet_receive(SilcPacketEngine engine, !(idata->status & SILC_IDLIST_STATUS_REGISTERED)) && packet->type != SILC_PACKET_NEW_CLIENT && packet->type != SILC_PACKET_NEW_SERVER && + packet->type != SILC_PACKET_RESUME_CLIENT && packet->type != SILC_PACKET_CONNECTION_AUTH_REQUEST && packet->type != SILC_PACKET_DISCONNECT) return FALSE; - /* NEW_CLIENT and NEW_SERVER are accepted only without source ID - and for unregistered connection. */ + /* NEW_CLIENT and NEW_SERVER are accepted only without source ID and + for unregistered connection. */ if (packet->src_id && (packet->type == SILC_PACKET_NEW_CLIENT || packet->type == SILC_PACKET_NEW_SERVER) && (idata->status & SILC_IDLIST_STATUS_REGISTERED)) @@ -201,6 +202,7 @@ static void silc_server_packet_eos(SilcPacketEngine engine, if (server->router_conn && server->router_conn->sock == stream && !server->router && server->standalone) { silc_server_create_connections(server); + silc_server_free_sock_user_data(server, stream, NULL); } else { /* If backup disconnected then mark that resuming will not be allowed */ if (server->server_type == SILC_ROUTER && !server->backup_router && @@ -267,6 +269,9 @@ static void silc_server_packet_error(SilcPacketEngine engine, SILC_CONNTYPE_STRING(idata->conn_type), silc_packet_error_string(error))); + if (!silc_packet_stream_is_valid(stream)) + return; + silc_schedule_task_add_timeout(server->schedule, silc_server_packet_error_timeout, stream, 0, 0); @@ -1340,9 +1345,9 @@ silc_server_ke_auth_compl(SilcConnAuth connauth, SilcBool success, SilcID remote_id; const char *ip; - SILC_LOG_DEBUG(("Connection authentication completed")); + SILC_LOG_DEBUG(("Connection %p authentication completed", sconn)); - sconn->op = NULL; + entry->op = NULL; if (success == FALSE) { /* Authentication failed */ @@ -1582,7 +1587,9 @@ static void silc_server_ke_completed(SilcSKE ske, SilcSKEStatus status, SilcHmac hmac_send, hmac_receive; SilcHash hash; - sconn->op = NULL; + SILC_LOG_DEBUG(("Connection %p, SKE completed", sconn)); + + entry->op = NULL; if (status != SILC_SKE_STATUS_OK) { /* SKE failed */ @@ -1656,7 +1663,7 @@ static void silc_server_ke_completed(SilcSKE ske, SilcSKEStatus status, entry->data.rekey = rekey; /* Start connection authentication */ - sconn->op = + entry->op = silc_connauth_initiator(connauth, server->server_type == SILC_SERVER ? SILC_CONN_SERVER : SILC_CONN_ROUTER, auth_meth, auth_data, auth_data_len, @@ -1719,7 +1726,7 @@ void silc_server_start_key_exchange(SilcServerConnection sconn) params.flags |= SILC_SKE_SP_FLAG_PFS; /* Start SILC Key Exchange protocol */ - SILC_LOG_DEBUG(("Starting key exchange protocol")); + SILC_LOG_DEBUG(("Starting key exchange protocol, connection %p", sconn)); ske = silc_ske_alloc(server->rng, server->schedule, server->repository, server->public_key, server->private_key, sconn); if (!ske) { @@ -1736,7 +1743,7 @@ void silc_server_start_key_exchange(SilcServerConnection sconn) /* Start key exchange protocol */ params.version = silc_version_string; params.timeout_secs = server->config->key_exchange_timeout; - sconn->op = silc_ske_initiator(ske, sconn->sock, ¶ms, NULL); + entry->op = silc_ske_initiator(ske, sconn->sock, ¶ms, NULL); } /* Timeout callback that will be called to retry connecting to remote @@ -1803,7 +1810,7 @@ static void silc_server_connection_established(SilcNetStatus status, switch (status) { case SILC_NET_OK: - SILC_LOG_DEBUG(("Connection to %s:%d established", + SILC_LOG_DEBUG(("Connection %p to %s:%d established", sconn, sconn->remote_host, sconn->remote_port)); /* Continue with key exchange protocol */ @@ -2043,7 +2050,16 @@ silc_server_accept_get_auth(SilcConnAuth connauth, if (cconfig->publickeys) *repository = server->repository; - entry->data.conn_type = conn_type; + if (cconfig->publickeys) { + if (server->config->prefer_passphrase_auth) { + *repository = NULL; + } else { + *passphrase = NULL; + *passphrase_len = 0; + } + } + + entry->conn_type = conn_type; return TRUE; } @@ -2064,7 +2080,16 @@ silc_server_accept_get_auth(SilcConnAuth connauth, if (sconfig->publickeys) *repository = server->repository; - entry->data.conn_type = conn_type; + if (sconfig->publickeys) { + if (server->config->prefer_passphrase_auth) { + *repository = NULL; + } else { + *passphrase = NULL; + *passphrase_len = 0; + } + } + + entry->conn_type = conn_type; return TRUE; } @@ -2079,7 +2104,16 @@ silc_server_accept_get_auth(SilcConnAuth connauth, if (rconfig->publickeys) *repository = server->repository; - entry->data.conn_type = conn_type; + if (rconfig->publickeys) { + if (server->config->prefer_passphrase_auth) { + *repository = NULL; + } else { + *passphrase = NULL; + *passphrase_len = 0; + } + } + + entry->conn_type = conn_type; return TRUE; } @@ -2118,14 +2152,14 @@ silc_server_accept_auth_compl(SilcConnAuth connauth, SilcBool success, SILC_LOG_DEBUG(("Checking whether connection is allowed")); - switch (entry->data.conn_type) { + switch (entry->conn_type) { case SILC_CONN_CLIENT: { SilcClientEntry client; SilcServerConfigClient *conn = entry->cconfig.ref_ptr; /* Verify whether this connection is after all allowed to connect */ - if (!silc_server_connection_allowed(server, sock, entry->data.conn_type, + if (!silc_server_connection_allowed(server, sock, entry->conn_type, &server->config->param, conn->param, silc_connauth_get_ske(connauth))) { @@ -2178,6 +2212,7 @@ silc_server_accept_auth_compl(SilcConnAuth connauth, SilcBool success, goto out; } entry->data.status |= SILC_IDLIST_STATUS_LOCAL; + entry->data.conn_type = SILC_CONN_CLIENT; /* Statistics */ server->stat.my_clients++; @@ -2205,6 +2240,7 @@ silc_server_accept_auth_compl(SilcConnAuth connauth, SilcBool success, } /* Add public key to repository */ + SILC_LOG_DEBUG(("Add client public key to repository")); if (!silc_server_get_public_key_by_client(server, client, NULL)) silc_skr_add_public_key_simple(server->repository, entry->data.public_key, @@ -2231,7 +2267,7 @@ silc_server_accept_auth_compl(SilcConnAuth connauth, SilcBool success, and we do not have connection to primary router, do not allow the connection. */ if (server->server_type == SILC_BACKUP_ROUTER && - entry->data.conn_type == SILC_CONN_SERVER && + entry->conn_type == SILC_CONN_SERVER && !SILC_PRIMARY_ROUTE(server)) { SILC_LOG_INFO(("Will not accept server connection because we do " "not have primary router connection established")); @@ -2243,10 +2279,10 @@ silc_server_accept_auth_compl(SilcConnAuth connauth, SilcBool success, goto out; } - if (entry->data.conn_type == SILC_CONN_ROUTER) { + if (entry->conn_type == SILC_CONN_ROUTER) { /* Verify whether this connection is after all allowed to connect */ if (!silc_server_connection_allowed(server, sock, - entry->data.conn_type, + entry->conn_type, &server->config->param, rconn ? rconn->param : NULL, silc_connauth_get_ske(connauth))) { @@ -2278,10 +2314,10 @@ silc_server_accept_auth_compl(SilcConnAuth connauth, SilcBool success, } } - if (entry->data.conn_type == SILC_CONN_SERVER) { + if (entry->conn_type == SILC_CONN_SERVER) { /* Verify whether this connection is after all allowed to connect */ if (!silc_server_connection_allowed(server, sock, - entry->data.conn_type, + entry->conn_type, &server->config->param, srvconn ? srvconn->param : NULL, silc_connauth_get_ske(connauth))) { @@ -2337,11 +2373,11 @@ silc_server_accept_auth_compl(SilcConnAuth connauth, SilcBool success, } SILC_LOG_DEBUG(("Remote host is %s", - entry->data.conn_type == SILC_CONN_SERVER ? + entry->conn_type == SILC_CONN_SERVER ? "server" : (backup_router ? "backup router" : "router"))); SILC_LOG_INFO(("Connection %s (%s) is %s", entry->hostname, - entry->ip, entry->data.conn_type == SILC_CONN_SERVER ? + entry->ip, entry->conn_type == SILC_CONN_SERVER ? "server" : (backup_router ? "backup router" : "router"))); @@ -2350,15 +2386,15 @@ silc_server_accept_auth_compl(SilcConnAuth connauth, SilcBool success, server. We mark ourselves as router for this server if we really are router. */ new_server = - silc_idlist_add_server((entry->data.conn_type == SILC_CONN_SERVER ? + silc_idlist_add_server((entry->conn_type == SILC_CONN_SERVER ? server->local_list : (backup_router ? server->local_list : server->global_list)), NULL, - (entry->data.conn_type == SILC_CONN_SERVER ? + (entry->conn_type == SILC_CONN_SERVER ? SILC_SERVER : SILC_ROUTER), NULL, - (entry->data.conn_type == SILC_CONN_SERVER ? + (entry->conn_type == SILC_CONN_SERVER ? server->id_entry : (backup_router ? server->id_entry : NULL)), sock); @@ -2370,6 +2406,7 @@ silc_server_accept_auth_compl(SilcConnAuth connauth, SilcBool success, goto out; } entry->data.status |= SILC_IDLIST_STATUS_LOCAL; + entry->data.conn_type = entry->conn_type; id_entry = (void *)new_server; @@ -2510,6 +2547,8 @@ silc_server_accept_completed(SilcSKE ske, SilcSKEStatus status, pk = silc_pkcs_public_key_encode(idata->public_key, &pk_len); silc_hash_make(server->sha1hash, pk, pk_len, idata->fingerprint); + silc_hash_alloc(silc_hash_get_name(prop->hash), &idata->hash); + SILC_LOG_DEBUG(("Starting connection authentication")); server->stat.auth_attempts++; @@ -2809,7 +2848,7 @@ static void silc_server_rekey(SilcServer server, SilcPacketStream sock, SILC_TASK_CALLBACK(silc_server_close_connection_final) { - silc_packet_stream_destroy(context); + silc_packet_stream_unref(context); } /* Closes connection to socket connection */ @@ -2822,6 +2861,9 @@ void silc_server_close_connection(SilcServer server, const char *hostname; SilcUInt16 port; + if (!silc_packet_stream_is_valid(sock)) + return; + memset(tmp, 0, sizeof(tmp)); // silc_socket_get_error(sock, tmp, sizeof(tmp)); silc_socket_stream_get_info(silc_packet_stream_get_stream(sock), @@ -2837,6 +2879,11 @@ void silc_server_close_connection(SilcServer server, idata->sconn = NULL; } + /* Take a reference and then destroy the stream. The last reference + is released later in a timeout callback. */ + silc_packet_stream_ref(sock); + silc_packet_stream_destroy(sock); + /* Close connection with timeout */ server->stat.conn_num--; silc_schedule_task_del_by_all(server->schedule, 0,