X-Git-Url: http://git.silcnet.org/gitweb/?a=blobdiff_plain;f=lib%2Fsilcske%2Fsilcconnauth.c;h=c3799a8187ead72e327813bf6c7e6b76fb8bf84b;hb=52e57c880aba9c5e89f59d962eb9af75670b76e0;hp=368b2aa75b1ff8e608298a3209e58804595806dc;hpb=e3a774cff248c8300c32ce4f6d0a41be15a4ed5e;p=silc.git diff --git a/lib/silcske/silcconnauth.c b/lib/silcske/silcconnauth.c index 368b2aa7..c3799a81 100644 --- a/lib/silcske/silcconnauth.c +++ b/lib/silcske/silcconnauth.c @@ -4,7 +4,7 @@ Author: Pekka Riikonen - Copyright (C) 2005 Pekka Riikonen + Copyright (C) 2005 - 2007 Pekka Riikonen This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -31,7 +31,8 @@ static SilcBool silc_connauth_packet_receive(SilcPacketEngine engine, /* Connection authentication context */ struct SilcConnAuthStruct { SilcSKE ske; - SilcFSMStruct fsm; + SilcFSM fsm; + SilcAsyncOperationStruct op; SilcConnectionType conn_type; SilcAuthMethod auth_method; void *auth_data; @@ -66,7 +67,7 @@ static SilcBool silc_connauth_packet_receive(SilcPacketEngine engine, { SilcConnAuth connauth = callback_context; connauth->packet = packet; - silc_fsm_continue(&connauth->fsm); + silc_fsm_continue(connauth->fsm); return TRUE; } @@ -116,7 +117,7 @@ static SilcBool silc_connauth_get_signature(SilcConnAuth connauth, /* Compute signature */ if (!silc_pkcs_sign(private_key, auth->data, silc_buffer_len(auth), - *auth_data, len, auth_data_len, ske->prop->hash)) { + *auth_data, len, auth_data_len, TRUE, ske->prop->hash)) { silc_free(*auth_data); silc_buffer_free(auth); return FALSE; @@ -172,7 +173,7 @@ SILC_TASK_CALLBACK(silc_connauth_timeout) SilcConnAuth connauth = context; SILC_LOG_DEBUG(("Protocol timeout")); connauth->aborted = TRUE; - silc_fsm_continue_sync(&connauth->fsm); + silc_fsm_continue_sync(connauth->fsm); } /* SKR callback */ @@ -188,7 +189,15 @@ static void silc_connauth_skr_callback(SilcSKR skr, SilcSKRFind find, connauth->public_keys = results; connauth->skr_status = status; - SILC_FSM_CALL_CONTINUE(&connauth->fsm); + SILC_FSM_CALL_CONTINUE(connauth->fsm); +} + +/* FSM destructor */ + +static void silc_connauth_fsm_destructor(SilcFSM fsm, void *fsm_context, + void *destructor_context) +{ + silc_fsm_free(fsm); } @@ -209,13 +218,16 @@ SilcConnAuth silc_connauth_alloc(SilcSchedule schedule, if (!connauth) return NULL; - if (!silc_fsm_init(&connauth->fsm, connauth, NULL, NULL, schedule)) { + connauth->fsm = silc_fsm_alloc(connauth, silc_connauth_fsm_destructor, + NULL, schedule); + if (!connauth->fsm) { silc_connauth_free(connauth); return NULL; } connauth->timeout_secs = timeout_secs; connauth->ske = ske; + ske->refcnt++; return connauth; } @@ -226,6 +238,10 @@ void silc_connauth_free(SilcConnAuth connauth) { if (connauth->public_keys) silc_dlist_uninit(connauth->public_keys); + + /* Free reference */ + silc_ske_free(connauth->ske); + silc_free(connauth); } @@ -250,6 +266,7 @@ SILC_FSM_STATE(silc_connauth_st_initiator_start) int payload_len = 0; unsigned char *auth_data = NULL; SilcUInt32 auth_data_len = 0; + SilcPacketFlags flags = 0; SILC_LOG_DEBUG(("Start")); @@ -278,6 +295,7 @@ SILC_FSM_STATE(silc_connauth_st_initiator_start) return SILC_FSM_CONTINUE; } auth_data_len = connauth->auth_data_len; + flags = SILC_PACKET_FLAG_LONG_PAD; break; case SILC_AUTH_PUBLIC_KEY: @@ -304,8 +322,8 @@ SILC_FSM_STATE(silc_connauth_st_initiator_start) SILC_STR_END); /* Send the packet */ - if (!silc_packet_send(connauth->ske->stream, SILC_PACKET_CONNECTION_AUTH, 0, - packet->data, silc_buffer_len(packet))) { + if (!silc_packet_send(connauth->ske->stream, SILC_PACKET_CONNECTION_AUTH, + flags, packet->data, silc_buffer_len(packet))) { /** Error sending packet */ silc_fsm_next(fsm, silc_connauth_st_initiator_failure); return SILC_FSM_CONTINUE; @@ -339,18 +357,19 @@ SILC_FSM_STATE(silc_connauth_st_initiator_result) SILC_LOG_DEBUG(("Authentication successful")); connauth->success = TRUE; } else { - SILC_LOG_DEBUG(("Authentication failed")); + SILC_LOG_DEBUG(("Authentication failed, packet %s received", + silc_get_packet_name(connauth->packet->type))); connauth->success = FALSE; } silc_packet_free(connauth->packet); - /* Call completion callback */ - connauth->completion(connauth, connauth->success, connauth->context); - silc_packet_stream_unlink(connauth->ske->stream, &silc_connauth_stream_cbs, connauth); silc_schedule_task_del_by_context(silc_fsm_get_schedule(fsm), connauth); + /* Call completion callback */ + connauth->completion(connauth, connauth->success, connauth->context); + return SILC_FSM_FINISH; } @@ -361,12 +380,19 @@ SILC_FSM_STATE(silc_connauth_st_initiator_failure) SILC_LOG_DEBUG(("Start")); - /* Send FAILURE packet */ - SILC_PUT32_MSB(SILC_AUTH_FAILED, error); - silc_packet_send(connauth->ske->stream, SILC_PACKET_FAILURE, 0, error, 4); + if (!connauth->aborted) { + /* Send FAILURE packet */ + SILC_PUT32_MSB(SILC_AUTH_FAILED, error); + silc_packet_send(connauth->ske->stream, SILC_PACKET_FAILURE, 0, error, 4); - /* Call completion callback */ - connauth->completion(connauth, FALSE, connauth->context); + silc_packet_stream_unlink(connauth->ske->stream, + &silc_connauth_stream_cbs, connauth); + silc_schedule_task_del_by_context(silc_fsm_get_schedule(fsm), connauth); + + /* Call completion callback */ + connauth->completion(connauth, FALSE, connauth->context); + return SILC_FSM_FINISH; + } silc_packet_stream_unlink(connauth->ske->stream, &silc_connauth_stream_cbs, connauth); @@ -383,8 +409,6 @@ silc_connauth_initiator(SilcConnAuth connauth, SilcConnAuthCompletion completion, void *context) { - SilcAsyncOperation op; - SILC_LOG_DEBUG(("Connection authentication as initiator")); if (auth_method == SILC_AUTH_PASSWORD && !auth_data) { @@ -411,10 +435,10 @@ silc_connauth_initiator(SilcConnAuth connauth, SILC_PACKET_FAILURE, -1); /* Start the protocol */ - op = silc_async_alloc(silc_connauth_abort, NULL, connauth); - silc_fsm_start(&connauth->fsm, silc_connauth_st_initiator_start); + silc_async_init(&connauth->op, silc_connauth_abort, NULL, connauth); + silc_fsm_start(connauth->fsm, silc_connauth_st_initiator_start); - return op; + return &connauth->op; } @@ -463,7 +487,8 @@ SILC_FSM_STATE(silc_connauth_st_responder_authenticate) if (connauth->aborted) { /** Aborted */ - silc_packet_free(connauth->packet); + if (connauth->packet) + silc_packet_free(connauth->packet); silc_fsm_next(fsm, silc_connauth_st_responder_failure); return SILC_FSM_CONTINUE; } @@ -542,7 +567,8 @@ SILC_FSM_STATE(silc_connauth_st_responder_authenticate) /* Passphrase authentication */ if (passphrase && passphrase_len) { SILC_LOG_DEBUG(("Passphrase authentication")); - if (!memcmp(auth_data, passphrase, passphrase_len)) { + if (!auth_data || payload_len != passphrase_len || + memcmp(auth_data, passphrase, passphrase_len)) { /** Authentication failed */ silc_fsm_next(fsm, silc_connauth_st_responder_failure); return SILC_FSM_CONTINUE; @@ -553,6 +579,12 @@ SILC_FSM_STATE(silc_connauth_st_responder_authenticate) SILC_LOG_DEBUG(("Digital signature authentication")); + if (!auth_data) { + /** Authentication failed */ + silc_fsm_next(fsm, silc_connauth_st_responder_failure); + return SILC_FSM_CONTINUE; + } + connauth->auth_data = silc_memdup(auth_data, payload_len); connauth->auth_data_len = payload_len; @@ -572,7 +604,8 @@ SILC_FSM_STATE(silc_connauth_st_responder_authenticate) /** Find public key */ silc_fsm_next(fsm, silc_connauth_st_responder_authenticate_pk); - SILC_FSM_CALL(silc_skr_find(repository, find, silc_connauth_skr_callback, + SILC_FSM_CALL(silc_skr_find(repository, silc_fsm_get_schedule(fsm), + find, silc_connauth_skr_callback, connauth)); /* NOT REACHED */ } @@ -635,13 +668,13 @@ SILC_FSM_STATE(silc_connauth_st_responder_success) SILC_PUT32_MSB(SILC_AUTH_OK, tmp); silc_packet_send(connauth->ske->stream, SILC_PACKET_SUCCESS, 0, tmp, 4); - /* Call completion callback */ - connauth->completion(connauth, TRUE, connauth->context); - silc_packet_stream_unlink(connauth->ske->stream, &silc_connauth_stream_cbs, connauth); silc_schedule_task_del_by_context(silc_fsm_get_schedule(fsm), connauth); + /* Call completion callback */ + connauth->completion(connauth, TRUE, connauth->context); + return SILC_FSM_FINISH; } @@ -652,12 +685,20 @@ SILC_FSM_STATE(silc_connauth_st_responder_failure) SILC_LOG_ERROR(("Authentication failed")); - /* Send FAILURE packet */ - SILC_PUT32_MSB(SILC_AUTH_FAILED, error); - silc_packet_send(connauth->ske->stream, SILC_PACKET_FAILURE, 0, error, 4); + if (!connauth->aborted) { + /* Send FAILURE packet */ + SILC_PUT32_MSB(SILC_AUTH_FAILED, error); + silc_packet_send(connauth->ske->stream, SILC_PACKET_FAILURE, 0, error, 4); - /* Call completion callback */ - connauth->completion(connauth, FALSE, connauth->context); + silc_packet_stream_unlink(connauth->ske->stream, + &silc_connauth_stream_cbs, connauth); + silc_schedule_task_del_by_context(silc_fsm_get_schedule(fsm), connauth); + + /* Call completion callback */ + connauth->completion(connauth, FALSE, connauth->context); + + return SILC_FSM_FINISH; + } silc_packet_stream_unlink(connauth->ske->stream, &silc_connauth_stream_cbs, connauth); @@ -672,8 +713,6 @@ silc_connauth_responder(SilcConnAuth connauth, SilcConnAuthCompletion completion, void *context) { - SilcAsyncOperation op; - SILC_LOG_DEBUG(("Connection authentication as responder")); connauth->get_auth_data = get_auth_data; @@ -687,8 +726,8 @@ silc_connauth_responder(SilcConnAuth connauth, SILC_PACKET_FAILURE, -1); /* Start the protocol */ - op = silc_async_alloc(silc_connauth_abort, NULL, connauth); - silc_fsm_start(&connauth->fsm, silc_connauth_st_responder_start); + silc_async_init(&connauth->op, silc_connauth_abort, NULL, connauth); + silc_fsm_start(connauth->fsm, silc_connauth_st_responder_start); - return op; + return &connauth->op; }