X-Git-Url: http://git.silcnet.org/gitweb/?a=blobdiff_plain;f=lib%2Fsilcske%2Fsilcconnauth.c;h=c3799a8187ead72e327813bf6c7e6b76fb8bf84b;hb=52e57c880aba9c5e89f59d962eb9af75670b76e0;hp=e47be82b56fcf9206098f5bb9b2f5604d055451c;hpb=dde13efb21eaa69bcdce446856fa2417640294ba;p=silc.git diff --git a/lib/silcske/silcconnauth.c b/lib/silcske/silcconnauth.c index e47be82b..c3799a81 100644 --- a/lib/silcske/silcconnauth.c +++ b/lib/silcske/silcconnauth.c @@ -4,7 +4,7 @@ Author: Pekka Riikonen - Copyright (C) 2005 Pekka Riikonen + Copyright (C) 2005 - 2007 Pekka Riikonen This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -32,6 +32,7 @@ static SilcBool silc_connauth_packet_receive(SilcPacketEngine engine, struct SilcConnAuthStruct { SilcSKE ske; SilcFSM fsm; + SilcAsyncOperationStruct op; SilcConnectionType conn_type; SilcAuthMethod auth_method; void *auth_data; @@ -116,7 +117,7 @@ static SilcBool silc_connauth_get_signature(SilcConnAuth connauth, /* Compute signature */ if (!silc_pkcs_sign(private_key, auth->data, silc_buffer_len(auth), - *auth_data, len, auth_data_len, ske->prop->hash)) { + *auth_data, len, auth_data_len, TRUE, ske->prop->hash)) { silc_free(*auth_data); silc_buffer_free(auth); return FALSE; @@ -226,6 +227,7 @@ SilcConnAuth silc_connauth_alloc(SilcSchedule schedule, connauth->timeout_secs = timeout_secs; connauth->ske = ske; + ske->refcnt++; return connauth; } @@ -236,6 +238,10 @@ void silc_connauth_free(SilcConnAuth connauth) { if (connauth->public_keys) silc_dlist_uninit(connauth->public_keys); + + /* Free reference */ + silc_ske_free(connauth->ske); + silc_free(connauth); } @@ -260,6 +266,7 @@ SILC_FSM_STATE(silc_connauth_st_initiator_start) int payload_len = 0; unsigned char *auth_data = NULL; SilcUInt32 auth_data_len = 0; + SilcPacketFlags flags = 0; SILC_LOG_DEBUG(("Start")); @@ -288,6 +295,7 @@ SILC_FSM_STATE(silc_connauth_st_initiator_start) return SILC_FSM_CONTINUE; } auth_data_len = connauth->auth_data_len; + flags = SILC_PACKET_FLAG_LONG_PAD; break; case SILC_AUTH_PUBLIC_KEY: @@ -314,8 +322,8 @@ SILC_FSM_STATE(silc_connauth_st_initiator_start) SILC_STR_END); /* Send the packet */ - if (!silc_packet_send(connauth->ske->stream, SILC_PACKET_CONNECTION_AUTH, 0, - packet->data, silc_buffer_len(packet))) { + if (!silc_packet_send(connauth->ske->stream, SILC_PACKET_CONNECTION_AUTH, + flags, packet->data, silc_buffer_len(packet))) { /** Error sending packet */ silc_fsm_next(fsm, silc_connauth_st_initiator_failure); return SILC_FSM_CONTINUE; @@ -349,7 +357,8 @@ SILC_FSM_STATE(silc_connauth_st_initiator_result) SILC_LOG_DEBUG(("Authentication successful")); connauth->success = TRUE; } else { - SILC_LOG_DEBUG(("Authentication failed")); + SILC_LOG_DEBUG(("Authentication failed, packet %s received", + silc_get_packet_name(connauth->packet->type))); connauth->success = FALSE; } silc_packet_free(connauth->packet); @@ -371,12 +380,19 @@ SILC_FSM_STATE(silc_connauth_st_initiator_failure) SILC_LOG_DEBUG(("Start")); - /* Send FAILURE packet */ - SILC_PUT32_MSB(SILC_AUTH_FAILED, error); - silc_packet_send(connauth->ske->stream, SILC_PACKET_FAILURE, 0, error, 4); + if (!connauth->aborted) { + /* Send FAILURE packet */ + SILC_PUT32_MSB(SILC_AUTH_FAILED, error); + silc_packet_send(connauth->ske->stream, SILC_PACKET_FAILURE, 0, error, 4); - /* Call completion callback */ - connauth->completion(connauth, FALSE, connauth->context); + silc_packet_stream_unlink(connauth->ske->stream, + &silc_connauth_stream_cbs, connauth); + silc_schedule_task_del_by_context(silc_fsm_get_schedule(fsm), connauth); + + /* Call completion callback */ + connauth->completion(connauth, FALSE, connauth->context); + return SILC_FSM_FINISH; + } silc_packet_stream_unlink(connauth->ske->stream, &silc_connauth_stream_cbs, connauth); @@ -393,8 +409,6 @@ silc_connauth_initiator(SilcConnAuth connauth, SilcConnAuthCompletion completion, void *context) { - SilcAsyncOperation op; - SILC_LOG_DEBUG(("Connection authentication as initiator")); if (auth_method == SILC_AUTH_PASSWORD && !auth_data) { @@ -421,10 +435,10 @@ silc_connauth_initiator(SilcConnAuth connauth, SILC_PACKET_FAILURE, -1); /* Start the protocol */ - op = silc_async_alloc(silc_connauth_abort, NULL, connauth); + silc_async_init(&connauth->op, silc_connauth_abort, NULL, connauth); silc_fsm_start(connauth->fsm, silc_connauth_st_initiator_start); - return op; + return &connauth->op; } @@ -473,7 +487,8 @@ SILC_FSM_STATE(silc_connauth_st_responder_authenticate) if (connauth->aborted) { /** Aborted */ - silc_packet_free(connauth->packet); + if (connauth->packet) + silc_packet_free(connauth->packet); silc_fsm_next(fsm, silc_connauth_st_responder_failure); return SILC_FSM_CONTINUE; } @@ -552,7 +567,8 @@ SILC_FSM_STATE(silc_connauth_st_responder_authenticate) /* Passphrase authentication */ if (passphrase && passphrase_len) { SILC_LOG_DEBUG(("Passphrase authentication")); - if (!memcmp(auth_data, passphrase, passphrase_len)) { + if (!auth_data || payload_len != passphrase_len || + memcmp(auth_data, passphrase, passphrase_len)) { /** Authentication failed */ silc_fsm_next(fsm, silc_connauth_st_responder_failure); return SILC_FSM_CONTINUE; @@ -563,6 +579,12 @@ SILC_FSM_STATE(silc_connauth_st_responder_authenticate) SILC_LOG_DEBUG(("Digital signature authentication")); + if (!auth_data) { + /** Authentication failed */ + silc_fsm_next(fsm, silc_connauth_st_responder_failure); + return SILC_FSM_CONTINUE; + } + connauth->auth_data = silc_memdup(auth_data, payload_len); connauth->auth_data_len = payload_len; @@ -582,7 +604,8 @@ SILC_FSM_STATE(silc_connauth_st_responder_authenticate) /** Find public key */ silc_fsm_next(fsm, silc_connauth_st_responder_authenticate_pk); - SILC_FSM_CALL(silc_skr_find(repository, find, silc_connauth_skr_callback, + SILC_FSM_CALL(silc_skr_find(repository, silc_fsm_get_schedule(fsm), + find, silc_connauth_skr_callback, connauth)); /* NOT REACHED */ } @@ -645,13 +668,13 @@ SILC_FSM_STATE(silc_connauth_st_responder_success) SILC_PUT32_MSB(SILC_AUTH_OK, tmp); silc_packet_send(connauth->ske->stream, SILC_PACKET_SUCCESS, 0, tmp, 4); - /* Call completion callback */ - connauth->completion(connauth, TRUE, connauth->context); - silc_packet_stream_unlink(connauth->ske->stream, &silc_connauth_stream_cbs, connauth); silc_schedule_task_del_by_context(silc_fsm_get_schedule(fsm), connauth); + /* Call completion callback */ + connauth->completion(connauth, TRUE, connauth->context); + return SILC_FSM_FINISH; } @@ -662,12 +685,20 @@ SILC_FSM_STATE(silc_connauth_st_responder_failure) SILC_LOG_ERROR(("Authentication failed")); - /* Send FAILURE packet */ - SILC_PUT32_MSB(SILC_AUTH_FAILED, error); - silc_packet_send(connauth->ske->stream, SILC_PACKET_FAILURE, 0, error, 4); + if (!connauth->aborted) { + /* Send FAILURE packet */ + SILC_PUT32_MSB(SILC_AUTH_FAILED, error); + silc_packet_send(connauth->ske->stream, SILC_PACKET_FAILURE, 0, error, 4); - /* Call completion callback */ - connauth->completion(connauth, FALSE, connauth->context); + silc_packet_stream_unlink(connauth->ske->stream, + &silc_connauth_stream_cbs, connauth); + silc_schedule_task_del_by_context(silc_fsm_get_schedule(fsm), connauth); + + /* Call completion callback */ + connauth->completion(connauth, FALSE, connauth->context); + + return SILC_FSM_FINISH; + } silc_packet_stream_unlink(connauth->ske->stream, &silc_connauth_stream_cbs, connauth); @@ -682,8 +713,6 @@ silc_connauth_responder(SilcConnAuth connauth, SilcConnAuthCompletion completion, void *context) { - SilcAsyncOperation op; - SILC_LOG_DEBUG(("Connection authentication as responder")); connauth->get_auth_data = get_auth_data; @@ -697,8 +726,8 @@ silc_connauth_responder(SilcConnAuth connauth, SILC_PACKET_FAILURE, -1); /* Start the protocol */ - op = silc_async_alloc(silc_connauth_abort, NULL, connauth); + silc_async_init(&connauth->op, silc_connauth_abort, NULL, connauth); silc_fsm_start(connauth->fsm, silc_connauth_st_responder_start); - return op; + return &connauth->op; }