+Fri Mar 16 15:52:49 EET 2001 Pekka Riikonen <priikone@poseidon.pspt.fi>
+
+ * Implemented OPER and SILCOPER commands into the server and
+ the client library.
+
+ * Added silc_auth_verify and silc_auth_verify_data to verify
+ the authentication directly from the authentication payload.
+ It supports verifying both passphrase and public key based
+ authentication. Affected file lib/silccore/silcauth.[ch].
+
+ * Added `hash' field to the SilcIDListData structure. It is the
+ hash negotiated in the SKE protocol. Affected file is
+ silcd/idlist.[ch].
+
+ * Slight redesigning of the SilcAuthPayload handling routines.
+ Do not send SilcPKCS but SilcPublicKey as argument.
+
+ * Implemented the public key authentication support to the
+ serverconfig. The public key is loaded fromthe provided path
+ and saved as authentication data to void * pointer. Thus,
+ changed the unsigned char *auth_data to void *auth_data;
+
+ * Fixed SHUTDOWN command to send the reply before the server
+ is shutdown. :) Affected file silcd/command.c.
+
+ * Fixed fatal bug in CONNECT command. The hostname was invalid
+ memory and server crashed. Affected file silcd/command.c.
+
+ * Fixed fatal bug in CLOSE command. The server_entry became
+ invalid but was referenced later in the command. Affected file
+ silcd/command.c.
+
Thu Mar 15 12:46:58 EET 2001 Pekka Riikonen <priikone@poseidon.pspt.fi>
* Fixed fatal bug in failure packet handling. Server ignored
Shows client version.
+ /OPER <username> [<public key>]
+
+ Obtains server operator privileges.
+
+ /SILCOPER <username> [<public key>]
+
+ Obtains router operator privileges.
+
/CONNECT <server> [<port>]
Connects to server the remote <server>. You must be
server operator to be able to do this.
- /CLOSE <server> [<port>]
+ /CLOSE
<server> [<port>]
Closes connection to the <server>. You must be server
operator to be able to do this.
silc_server_command_free(cmd);
}
+/* Server side of OPER command. Client uses this comand to obtain server
+ operator privileges to this server/router. */
+
SILC_SERVER_CMD_FUNC(oper)
{
+ SilcServerCommandContext cmd = (SilcServerCommandContext)context;
+ SilcServer server = cmd->server;
+ SilcClientEntry client = (SilcClientEntry)cmd->sock->user_data;
+ unsigned char *username, *auth;
+ unsigned int tmp_len;
+ SilcServerConfigSectionAdminConnection *admin;
+ SilcIDListData idata = (SilcIDListData)client;
+
+ SILC_SERVER_COMMAND_CHECK_ARGC(SILC_COMMAND_OPER, cmd, 1, 2);
+
+ if (!client || cmd->sock->type != SILC_SOCKET_TYPE_CLIENT)
+ goto out;
+
+ /* Get the username */
+ username = silc_argument_get_arg_type(cmd->args, 1, &tmp_len);
+ if (!username) {
+ silc_server_command_send_status_reply(cmd, SILC_COMMAND_OPER,
+ SILC_STATUS_ERR_NOT_ENOUGH_PARAMS);
+ goto out;
+ }
+
+ /* Get the admin configuration */
+ admin = silc_server_config_find_admin(server->config, cmd->sock->ip,
+ username, client->nickname);
+ if (!admin) {
+ admin = silc_server_config_find_admin(server->config, cmd->sock->hostname,
+ username, client->nickname);
+ if (!admin) {
+ silc_server_command_send_status_reply(cmd, SILC_COMMAND_OPER,
+ SILC_STATUS_ERR_AUTH_FAILED);
+ goto out;
+ }
+ }
+
+ /* Get the authentication payload */
+ auth = silc_argument_get_arg_type(cmd->args, 2, &tmp_len);
+ if (!auth) {
+ silc_server_command_send_status_reply(cmd, SILC_COMMAND_OPER,
+ SILC_STATUS_ERR_NOT_ENOUGH_PARAMS);
+ goto out;
+ }
+
+ /* Verify the authentication data */
+ if (!silc_auth_verify_data(auth, tmp_len, admin->auth_meth,
+ admin->auth_data, admin->auth_data_len,
+ idata->hash, client->id, SILC_ID_CLIENT)) {
+ silc_server_command_send_status_reply(cmd, SILC_COMMAND_OPER,
+ SILC_STATUS_ERR_AUTH_FAILED);
+ goto out;
+ }
+
+ /* Client is now server operator */
+ client->mode |= SILC_UMODE_SERVER_OPERATOR;
+
+ /* Send reply to the sender */
+ silc_server_command_send_status_reply(cmd, SILC_COMMAND_OPER,
+ SILC_STATUS_OK);
+
+ out:
+ silc_server_command_free(cmd);
}
+/* Server side of SILCOPER command. Client uses this comand to obtain router
+ operator privileges to this router. */
+
SILC_SERVER_CMD_FUNC(silcoper)
{
+ SilcServerCommandContext cmd = (SilcServerCommandContext)context;
+ SilcServer server = cmd->server;
+ SilcClientEntry client = (SilcClientEntry)cmd->sock->user_data;
+ unsigned char *username, *auth;
+ unsigned int tmp_len;
+ SilcServerConfigSectionAdminConnection *admin;
+ SilcIDListData idata = (SilcIDListData)client;
+
+ SILC_SERVER_COMMAND_CHECK_ARGC(SILC_COMMAND_SILCOPER, cmd, 1, 2);
+
+ if (!client || cmd->sock->type != SILC_SOCKET_TYPE_CLIENT)
+ goto out;
+
+ /* Get the username */
+ username = silc_argument_get_arg_type(cmd->args, 1, &tmp_len);
+ if (!username) {
+ silc_server_command_send_status_reply(cmd, SILC_COMMAND_SILCOPER,
+ SILC_STATUS_ERR_NOT_ENOUGH_PARAMS);
+ goto out;
+ }
+
+ /* Get the admin configuration */
+ admin = silc_server_config_find_admin(server->config, cmd->sock->ip,
+ username, client->nickname);
+ if (!admin) {
+ admin = silc_server_config_find_admin(server->config, cmd->sock->hostname,
+ username, client->nickname);
+ if (!admin) {
+ silc_server_command_send_status_reply(cmd, SILC_COMMAND_SILCOPER,
+ SILC_STATUS_ERR_AUTH_FAILED);
+ goto out;
+ }
+ }
+
+ /* Get the authentication payload */
+ auth = silc_argument_get_arg_type(cmd->args, 2, &tmp_len);
+ if (!auth) {
+ silc_server_command_send_status_reply(cmd, SILC_COMMAND_SILCOPER,
+ SILC_STATUS_ERR_NOT_ENOUGH_PARAMS);
+ goto out;
+ }
+
+ /* Verify the authentication data */
+ if (!silc_auth_verify_data(auth, tmp_len, admin->auth_meth,
+ admin->auth_data, admin->auth_data_len,
+ idata->hash, client->id, SILC_ID_CLIENT)) {
+ silc_server_command_send_status_reply(cmd, SILC_COMMAND_SILCOPER,
+ SILC_STATUS_ERR_AUTH_FAILED);
+ goto out;
+ }
+
+ /* Client is now router operator */
+ client->mode |= SILC_UMODE_ROUTER_OPERATOR;
+
+ /* Send reply to the sender */
+ silc_server_command_send_status_reply(cmd, SILC_COMMAND_SILCOPER,
+ SILC_STATUS_OK);
+
+ out:
+ silc_server_command_free(cmd);
}
/* Server side command of CONNECT. Connects us to the specified remote
SilcServerCommandContext cmd = (SilcServerCommandContext)context;
SilcServer server = cmd->server;
SilcClientEntry client = (SilcClientEntry)cmd->sock->user_data;
- unsigned char *tmp;
+ unsigned char *tmp, *host;
unsigned int tmp_len;
unsigned int port = SILC_PORT;
}
/* Get the remote server */
- tmp = silc_argument_get_arg_type(cmd->args, 1, &tmp_len);
- if (!tmp) {
+ host = silc_argument_get_arg_type(cmd->args, 1, &tmp_len);
+ if (!host) {
silc_server_command_send_status_reply(cmd, SILC_COMMAND_CONNECT,
SILC_STATUS_ERR_NOT_ENOUGH_PARAMS);
goto out;
SILC_GET32_MSB(port, tmp);
/* Create the connection. It is done with timeout and is async. */
- silc_server_create_connection(server, tmp, port);
+ silc_server_create_connection(server, host, port);
/* Send reply to the sender */
silc_server_command_send_status_reply(cmd, SILC_COMMAND_CONNECT,
SilcServer server = cmd->server;
SilcClientEntry client = (SilcClientEntry)cmd->sock->user_data;
SilcServerEntry server_entry;
+ SilcSocketConnection sock;
unsigned char *tmp;
unsigned int tmp_len;
unsigned char *name;
goto out;
}
- /* Close the connection to the server */
- silc_server_free_sock_user_data(server, server_entry->connection);
- silc_server_disconnect_remote(server, server_entry->connection,
- "Server closed connection: "
- "Closed by operator");
-
/* Send reply to the sender */
silc_server_command_send_status_reply(cmd, SILC_COMMAND_CLOSE,
SILC_STATUS_OK);
+ /* Close the connection to the server */
+ sock = (SilcSocketConnection)server_entry->connection;
+ silc_server_free_sock_user_data(server, sock);
+ silc_server_close_connection(server, sock);
+
out:
silc_server_command_free(cmd);
}
goto out;
}
- /* Then, gracefully, or not, bring the server down. */
- silc_server_stop(server);
-
/* Send reply to the sender */
silc_server_command_send_status_reply(cmd, SILC_COMMAND_SHUTDOWN,
SILC_STATUS_OK);
+ /* Then, gracefully, or not, bring the server down. */
+ silc_server_stop(server);
+ exit(0);
+
out:
silc_server_command_free(cmd);
}
SilcIDListData data = (SilcIDListData)entry;
data->send_key = idata->send_key;
data->receive_key = idata->receive_key;
+ data->hash = idata->hash;
data->hmac = idata->hmac;
data->hmac_key = idata->hmac_key;
data->hmac_key_len = idata->hmac_key_len;
server = (SilcServerEntry)id_cache->context;
sock = (SilcSocketConnection)server->connection;
- if (sock && (!strcmp(sock->hostname, hostname) ||
- !strcmp(sock->ip, hostname)) && sock->port == port)
+ if (sock && ((sock->hostname && !strcmp(sock->hostname, hostname)) ||
+ (sock->ip && !strcmp(sock->ip, hostname)))
+ && sock->port == port)
break;
id_cache = NULL;
SilcCipher send_key;
SilcCipher receive_key;
+ /* Hash selected in the SKE protocol, NULL if not needed at all */
+ SilcHash hash;
+
/* HMAC and raw key data */
SilcHmac hmac;
unsigned char *hmac_key;
ske->ke2_payload->pk_len);
#endif
+ /* Save the hash */
+ if (!silc_hash_alloc(hash->hash->name, &idata->hash)) {
+ silc_cipher_free(idata->send_key);
+ silc_cipher_free(idata->receive_key);
+ silc_free(conn_data);
+ return FALSE;
+ }
+
/* Save HMAC key to be used in the communication. */
if (!silc_hmac_alloc(hmac->hmac->name, NULL, &idata->hmac)) {
silc_cipher_free(idata->send_key);
silc_cipher_free(idata->receive_key);
+ silc_hash_free(idata->hash);
silc_free(conn_data);
return FALSE;
}
}
/* Get authentication data */
- ret = silc_config_get_token(line, &config->clients->auth_data);
+ ret = silc_config_get_token(line, (char **)&config->clients->auth_data);
if (ret < 0)
break;
- if (ret == 0)
- /* Any host */
- config->clients->host = strdup("*");
+
+ if (config->clients->auth_meth == SILC_AUTH_PASSWORD) {
+ config->clients->auth_data_len = strlen(config->clients->auth_data);
+ } else if (config->clients->auth_meth == SILC_AUTH_PUBLIC_KEY) {
+ /* Get the public key */
+ SilcPublicKey public_key;
+
+ if (!silc_pkcs_load_public_key(config->clients->auth_data,
+ &public_key, SILC_PKCS_FILE_PEM))
+ if (!silc_pkcs_load_public_key(config->clients->auth_data,
+ &public_key, SILC_PKCS_FILE_BIN)) {
+ fprintf(stderr, "%s:%d: Could not load public key file `%s'\n",
+ config->filename, pc->linenum,
+ (char *)config->clients->auth_data);
+ break;
+ }
+
+ silc_free(config->clients->auth_data);
+ config->clients->auth_data = (void *)public_key;
+ config->clients->auth_data_len = 0;
+ }
/* Get port */
ret = silc_config_get_token(line, &tmp);
}
/* Get authentication data */
- ret = silc_config_get_token(line, &config->servers->auth_data);
+ ret = silc_config_get_token(line, (char **)&config->servers->auth_data);
if (ret < 0)
break;
+ if (config->servers->auth_meth == SILC_AUTH_PASSWORD) {
+ config->servers->auth_data_len = strlen(config->servers->auth_data);
+ } else if (config->servers->auth_meth == SILC_AUTH_PUBLIC_KEY) {
+ /* Get the public key */
+ SilcPublicKey public_key;
+
+ if (!silc_pkcs_load_public_key(config->servers->auth_data,
+ &public_key, SILC_PKCS_FILE_PEM))
+ if (!silc_pkcs_load_public_key(config->servers->auth_data,
+ &public_key, SILC_PKCS_FILE_BIN)) {
+ fprintf(stderr, "%s:%d: Could not load public key file `%s'\n",
+ config->filename, pc->linenum,
+ (char *)config->servers->auth_data);
+ break;
+ }
+
+ silc_free(config->servers->auth_data);
+ config->servers->auth_data = (void *)public_key;
+ config->servers->auth_data_len = 0;
+ }
+
/* Get port */
ret = silc_config_get_token(line, &tmp);
if (ret < 0)
}
/* Get authentication data */
- ret = silc_config_get_token(line, &config->routers->auth_data);
+ ret = silc_config_get_token(line, (char **)&config->routers->auth_data);
if (ret < 0)
break;
+ if (config->routers->auth_meth == SILC_AUTH_PASSWORD) {
+ config->routers->auth_data_len = strlen(config->routers->auth_data);
+ } else if (config->routers->auth_meth == SILC_AUTH_PUBLIC_KEY) {
+ /* Get the public key */
+ SilcPublicKey public_key;
+
+ if (!silc_pkcs_load_public_key(config->routers->auth_data,
+ &public_key, SILC_PKCS_FILE_PEM))
+ if (!silc_pkcs_load_public_key(config->routers->auth_data,
+ &public_key, SILC_PKCS_FILE_BIN)) {
+ fprintf(stderr, "%s:%d: Could not load public key file `%s'\n",
+ config->filename, pc->linenum,
+ (char *)config->routers->auth_data);
+ break;
+ }
+
+ silc_free(config->routers->auth_data);
+ config->routers->auth_data = (void *)public_key;
+ config->routers->auth_data_len = 0;
+ }
+
/* Get port */
ret = silc_config_get_token(line, &tmp);
if (ret < 0)
}
/* Get authentication data */
- ret = silc_config_get_token(line, &config->admins->auth_data);
+ ret = silc_config_get_token(line, (char **)&config->admins->auth_data);
if (ret < 0)
break;
+ if (config->admins->auth_meth == SILC_AUTH_PASSWORD) {
+ config->admins->auth_data_len = strlen(config->admins->auth_data);
+ } else if (config->admins->auth_meth == SILC_AUTH_PUBLIC_KEY) {
+ /* Get the public key */
+ SilcPublicKey public_key;
+
+ if (!silc_pkcs_load_public_key(config->admins->auth_data,
+ &public_key, SILC_PKCS_FILE_PEM))
+ if (!silc_pkcs_load_public_key(config->admins->auth_data,
+ &public_key, SILC_PKCS_FILE_BIN)) {
+ fprintf(stderr, "%s:%d: Could not load public key file `%s'\n",
+ config->filename, pc->linenum,
+ (char *)config->admins->auth_data);
+ break;
+ }
+
+ silc_free(config->admins->auth_data);
+ config->admins->auth_data = (void *)public_key;
+ config->admins->auth_data_len = 0;
+ }
+
check = TRUE;
checkmask |= (1L << pc->section->type);
break;
host = "*";
if (!username)
username = "*";
- if (nickname)
+ if (!nickname)
nickname = "*";
admin = config->admins;
/* Holds all client authentication data from config file */
typedef struct SilcServerConfigSectionClientConnectionStruct {
char *host;
- int auth_meth;
- char *auth_data;
+ SilcAuthMethod auth_meth;
+ void *auth_data;
+ unsigned int auth_data_len;
unsigned short port;
unsigned int class;
struct SilcServerConfigSectionClientConnectionStruct *next;
char *host;
char *username;
char *nickname;
- int auth_meth;
- char *auth_data;
+ SilcAuthMethod auth_meth;
+ void *auth_data;
+ unsigned int auth_data_len;
struct SilcServerConfigSectionAdminConnectionStruct *next;
struct SilcServerConfigSectionAdminConnectionStruct *prev;
} SilcServerConfigSectionAdminConnection;
/* Holds all configured server/router connections from config file */
typedef struct SilcServerConfigSectionServerConnectionStruct {
char *host;
- int auth_meth;
- char *auth_data;
+ SilcAuthMethod auth_meth;
+ void *auth_data;
+ unsigned int auth_data_len;
unsigned short port;
char *version;
unsigned int class;
13 SILC_COMMAND_OPER
Max Arguments: 2
- Arguments: (1) <username> (2) <authentication data>
+ Arguments: (1) <username> (2) <authentication payload>
This command is used by normal client to obtain server operator
privileges on some server or router. Note that router operator
must use SILCOPER command to obtain router level privileges.
The <username> is the username set in the server configurations
- as operator. The <authentication data> is the data that the
+ as operator. The <authentication payload> is the data that the
client is authenticated against. It may be passphrase prompted
- for user on client's screen or it may be public key
- authentication data (data signed with private key), or
- certificate.
+ for user on client's screen or it may be public key or certificate
+ authentication data (data signed with private key).
Reply messages to the command:
SILC_STATUS_ERR_NOT_ENOUGH_PARAMS
SILC_STATUS_ERR_TOO_MANY_PARAMS
SILC_STATUS_ERR_NOT_REGISTERED
- SILC_STATUS_ERR_BAD_PASSWORD
SILC_STATUS_ERR_AUTH_FAILED
23 SILC_COMMAND_SILCOPER
Max Arguments: 2
- Arguments: (1) <username> (2) <authentication data>
+ Arguments: (1) <username> (2) <authentication payload>
This command is used by normal client to obtain router operator
privileges (also known as SILC operator) on some router. Note
server operator privileges.
The <username> is the username set in the server configurations
- as operator. The <authentication data> is the data that the
+ as operator. The <authentication payload> is the data that the
client is authenticated against. It may be passphrase prompted
for user on client's screen or it may be public key
authentication data (data signed with private key), or
SILC_STATUS_ERR_NOT_ENOUGH_PARAMS
SILC_STATUS_ERR_TOO_MANY_PARAMS
SILC_STATUS_ERR_NOT_REGISTERED
- SILC_STATUS_ERR_BAD_PASSWORD
SILC_STATUS_ERR_AUTH_FAILED
SILC_CLIENT_CMD(invite, INVITE, "INVITE", SILC_CF_LAG | SILC_CF_REG, 3),
SILC_CLIENT_CMD(quit, QUIT, "QUIT", SILC_CF_LAG | SILC_CF_REG, 2),
SILC_CLIENT_CMD(kill, KILL, "KILL",
- SILC_CF_LAG | SILC_CF_REG | SILC_CF_OPER, 2),
+ SILC_CF_LAG | SILC_CF_REG | SILC_CF_OPER, 3),
SILC_CLIENT_CMD(info, INFO, "INFO", SILC_CF_LAG | SILC_CF_REG, 2),
SILC_CLIENT_CMD(connect, CONNECT, "CONNECT",
SILC_CF_LAG | SILC_CF_REG | SILC_CF_OPER, 3),
SILC_CLIENT_CMD(restart, RESTART, "RESTART",
SILC_CF_LAG | SILC_CF_REG | SILC_CF_OPER, 2),
SILC_CLIENT_CMD(close, CLOSE, "CLOSE",
- SILC_CF_LAG | SILC_CF_REG | SILC_CF_OPER, 2),
+ SILC_CF_LAG | SILC_CF_REG | SILC_CF_OPER, 3),
SILC_CLIENT_CMD(shutdown, SHUTDOWN, "SHUTDOWN",
SILC_CF_LAG | SILC_CF_REG | SILC_CF_OPER, 1),
SILC_CLIENT_CMD(silcoper, SILCOPER, "SILOPER",
- SILC_CF_LAG | SILC_CF_REG | SILC_CF_SILC_OPER, 2),
+ SILC_CF_LAG | SILC_CF_REG | SILC_CF_SILC_OPER, 3),
SILC_CLIENT_CMD(leave, LEAVE, "LEAVE", SILC_CF_LAG | SILC_CF_REG, 2),
SILC_CLIENT_CMD(users, USERS, "USERS", SILC_CF_LAG | SILC_CF_REG, 2),
silc_client_command_free(cmd);
}
-SILC_CLIENT_CMD_FUNC(silcoper)
+/* OPER command. Used to obtain server operator privileges. */
+
+SILC_CLIENT_CMD_FUNC(oper)
{
+ SilcClientCommandContext cmd = (SilcClientCommandContext)context;
+ SilcClientConnection conn = cmd->conn;
+ SilcBuffer buffer;
+ unsigned char *auth_data;
+ SilcBuffer auth;
+
+ if (!cmd->conn) {
+ SILC_NOT_CONNECTED(cmd->client, cmd->conn);
+ COMMAND_ERROR;
+ goto out;
+ }
+
+ if (cmd->argc < 2) {
+ cmd->client->ops->say(cmd->client, conn,
+ "Usage: /OPER <username> [<public key>]");
+ COMMAND_ERROR;
+ goto out;
+ }
+
+ if (cmd->argc == 3) {
+ /* XXX Get public key */
+ auth_data = NULL;
+ COMMAND_ERROR;
+ goto out;
+ } else {
+ /* Get passphrase */
+
+ auth_data = cmd->client->ops->ask_passphrase(cmd->client, conn);
+ if (!auth_data) {
+ COMMAND_ERROR;
+ goto out;
+ }
+
+ /* Encode the authentication payload */
+ auth = silc_auth_payload_encode(SILC_AUTH_PASSWORD, NULL, 0,
+ auth_data, strlen(auth_data));
+ }
+
+ buffer = silc_command_payload_encode_va(SILC_COMMAND_OPER, 0, 2,
+ 1, cmd->argv[1],
+ strlen(cmd->argv[1]),
+ 2, auth->data, auth->len);
+ silc_client_packet_send(cmd->client, conn->sock, SILC_PACKET_COMMAND, NULL,
+ 0, NULL, NULL, buffer->data, buffer->len, TRUE);
+
+ silc_buffer_free(buffer);
+ silc_buffer_free(auth);
+ memset(auth_data, 0, strlen(auth_data));
+ silc_free(auth_data);
+
+ /* Notify application */
+ COMMAND;
+
+ out:
+ silc_client_command_free(cmd);
}
-SILC_CLIENT_CMD_FUNC(oper)
+/* SILCOPER command. Used to obtain router operator privileges. */
+
+SILC_CLIENT_CMD_FUNC(silcoper)
{
+ SilcClientCommandContext cmd = (SilcClientCommandContext)context;
+ SilcClientConnection conn = cmd->conn;
+ SilcBuffer buffer;
+ unsigned char *auth_data;
+ SilcBuffer auth;
+
+ if (!cmd->conn) {
+ SILC_NOT_CONNECTED(cmd->client, cmd->conn);
+ COMMAND_ERROR;
+ goto out;
+ }
+
+ if (cmd->argc < 2) {
+ cmd->client->ops->say(cmd->client, conn,
+ "Usage: /SILCOPER <username> [<public key>]");
+ COMMAND_ERROR;
+ goto out;
+ }
+
+ if (cmd->argc == 3) {
+ /* XXX Get public key */
+ auth_data = NULL;
+ COMMAND_ERROR;
+ goto out;
+ } else {
+ /* Get passphrase */
+
+ auth_data = cmd->client->ops->ask_passphrase(cmd->client, conn);
+ if (!auth_data) {
+ COMMAND_ERROR;
+ goto out;
+ }
+
+ /* Encode the authentication payload */
+ auth = silc_auth_payload_encode(SILC_AUTH_PASSWORD, NULL, 0,
+ auth_data, strlen(auth_data));
+ }
+
+ buffer = silc_command_payload_encode_va(SILC_COMMAND_SILCOPER, 0, 2,
+ 1, cmd->argv[1],
+ strlen(cmd->argv[1]),
+ 2, auth->data, auth->len);
+ silc_client_packet_send(cmd->client, conn->sock, SILC_PACKET_COMMAND, NULL,
+ 0, NULL, NULL, buffer->data, buffer->len, TRUE);
+
+ silc_buffer_free(buffer);
+ silc_buffer_free(auth);
+ memset(auth_data, 0, strlen(auth_data));
+ silc_free(auth_data);
+
+ /* Notify application */
+ COMMAND;
+
+ out:
+ silc_client_command_free(cmd);
}
/* CONNECT command. Connects the server to another server. */
SILC_CLIENT_CMD_REPLY_FUNC(silcoper)
{
+ SilcClientCommandReplyContext cmd = (SilcClientCommandReplyContext)context;
+ SilcClientConnection conn = (SilcClientConnection)cmd->sock->user_data;
+ SilcCommandStatus status;
+ unsigned char *tmp;
+
+ tmp = silc_argument_get_arg_type(cmd->args, 1, NULL);
+ SILC_GET16_MSB(status, tmp);
+ if (status != SILC_STATUS_OK) {
+ cmd->client->ops->say(cmd->client, conn,
+ "%s", silc_client_command_status_message(status));
+ COMMAND_REPLY_ERROR;
+ goto out;
+ }
+
+ /* Notify application */
+ COMMAND_REPLY((ARGS));
+
+ /* Execute any pending command callbacks */
+ SILC_CLIENT_PENDING_EXEC(cmd, SILC_COMMAND_SILCOPER);
+
+ out:
+ SILC_CLIENT_PENDING_DESTRUCTOR(cmd, SILC_COMMAND_SILCOPER);
+ silc_client_command_reply_free(cmd);
}
SILC_CLIENT_CMD_REPLY_FUNC(oper)
{
+ SilcClientCommandReplyContext cmd = (SilcClientCommandReplyContext)context;
+ SilcClientConnection conn = (SilcClientConnection)cmd->sock->user_data;
+ SilcCommandStatus status;
+ unsigned char *tmp;
+
+ tmp = silc_argument_get_arg_type(cmd->args, 1, NULL);
+ SILC_GET16_MSB(status, tmp);
+ if (status != SILC_STATUS_OK) {
+ cmd->client->ops->say(cmd->client, conn,
+ "%s", silc_client_command_status_message(status));
+ COMMAND_REPLY_ERROR;
+ goto out;
+ }
+
+ /* Notify application */
+ COMMAND_REPLY((ARGS));
+
+ /* Execute any pending command callbacks */
+ SILC_CLIENT_PENDING_EXEC(cmd, SILC_COMMAND_OPER);
+
+ out:
+ SILC_CLIENT_PENDING_DESTRUCTOR(cmd, SILC_COMMAND_OPER);
+ silc_client_command_reply_free(cmd);
}
SILC_CLIENT_CMD_REPLY_FUNC(connect)
dictates. */
static unsigned char *
-silc_auth_public_key_encode_data(SilcPKCS pkcs, unsigned char *random,
+silc_auth_public_key_encode_data(SilcPublicKey public_key,
+ unsigned char *random,
unsigned int random_len, void *id,
SilcIdType type, unsigned int *ret_len)
{
unsigned char *pk, *id_data, *ret;
unsigned int pk_len, id_len;
- pk = silc_pkcs_get_public_key(pkcs, &pk_len);
+ pk = silc_pkcs_public_key_encode(public_key, &pk_len);
if (!pk)
return NULL;
to do public key based authentication. This generates the random data
and the actual authentication data. Returns NULL on error. */
-SilcBuffer silc_auth_public_key_auth_generate(SilcPKCS pkcs,
+SilcBuffer silc_auth_public_key_auth_generate(SilcPublicKey public_key,
SilcHash hash,
void *id, SilcIdType type)
{
unsigned char *tmp;
unsigned int tmp_len;
SilcBuffer buf;
+ SilcPKCS pkcs;
SILC_LOG_DEBUG(("Generating Authentication Payload with data"));
return NULL;
/* Encode the auth data */
- tmp = silc_auth_public_key_encode_data(pkcs, random, 256, id, type,
+ tmp = silc_auth_public_key_encode_data(public_key, random, 256, id, type,
&tmp_len);
if (!tmp)
return NULL;
+ /* Allocate PKCS object */
+ if (!silc_pkcs_alloc(public_key->name, &pkcs)) {
+ memset(tmp, 0, tmp_len);
+ silc_free(tmp);
+ return NULL;
+ }
+
/* Compute the hash and the signature. */
if (!silc_pkcs_sign_with_hash(pkcs, hash, tmp, tmp_len, auth_data,
&auth_len)) {
memset(tmp, 0, tmp_len);
silc_free(tmp);
silc_free(random);
+ silc_pkcs_free(pkcs);
return NULL;
}
memset(random, 0, 256);
silc_free(tmp);
silc_free(random);
+ silc_pkcs_free(pkcs);
return buf;
}
successfull. */
int silc_auth_public_key_auth_verify(SilcAuthPayload payload,
- SilcPKCS pkcs, SilcHash hash,
+ SilcPublicKey public_key, SilcHash hash,
void *id, SilcIdType type)
{
unsigned char *tmp;
unsigned int tmp_len;
+ SilcPKCS pkcs;
SILC_LOG_DEBUG(("Verifying authentication data"));
/* Encode auth data */
- tmp = silc_auth_public_key_encode_data(pkcs, payload->random_data,
+ tmp = silc_auth_public_key_encode_data(public_key, payload->random_data,
payload->random_len,
id, type, &tmp_len);
if (!tmp) {
return FALSE;
}
+ /* Allocate PKCS object */
+ if (!silc_pkcs_alloc(public_key->name, &pkcs)) {
+ memset(tmp, 0, tmp_len);
+ silc_free(tmp);
+ return FALSE;
+ }
+
/* Verify the authentication data */
if (!silc_pkcs_verify_with_hash(pkcs, hash, payload->auth_data,
payload->auth_len, tmp, tmp_len)) {
memset(tmp, 0, tmp_len);
silc_free(tmp);
+ silc_pkcs_free(pkcs);
SILC_LOG_DEBUG(("Authentication failed"));
return FALSE;
}
memset(tmp, 0, tmp_len);
silc_free(tmp);
+ silc_pkcs_free(pkcs);
SILC_LOG_DEBUG(("Authentication successfull"));
/* Same as above but the payload is not parsed yet. This will parse it. */
int silc_auth_public_key_auth_verify_data(SilcBuffer payload,
- SilcPKCS pkcs, SilcHash hash,
+ SilcPublicKey public_key,
+ SilcHash hash,
void *id, SilcIdType type)
{
SilcAuthPayload auth_payload;
return FALSE;
}
- ret = silc_auth_public_key_auth_verify(auth_payload, pkcs, hash,
+ ret = silc_auth_public_key_auth_verify(auth_payload, public_key, hash,
id, type);
silc_auth_payload_free(auth_payload);
return ret;
}
+/* Verifies the authentication data directly from the Authentication
+ Payload. Supports all authentication methods. If the authentication
+ method is passphrase based then the `auth_data' and `auth_data_len'
+ are the passphrase and its length. If the method is public key
+ authentication then the `auth_data' is the SilcPublicKey and the
+ `auth_data_len' is ignored. */
+
+int silc_auth_verify(SilcAuthPayload payload, SilcAuthMethod auth_method,
+ void *auth_data, unsigned int auth_data_len,
+ SilcHash hash, void *id, SilcIdType type)
+{
+ SILC_LOG_DEBUG(("Verifying authentication"));
+
+ if (auth_method != payload->auth_method)
+ return FALSE;
+
+ switch (payload->auth_method) {
+ case SILC_AUTH_NONE:
+ /* No authentication */
+ SILC_LOG_DEBUG(("No authentication required"));
+ return TRUE;
+
+ case SILC_AUTH_PASSWORD:
+ /* Passphrase based authentication. The `pkcs', `hash', `id' and `type'
+ arguments are not needed. */
+ if (!memcmp(payload->auth_data, auth_data, payload->auth_len)) {
+ SILC_LOG_DEBUG(("Authentication successfull"));
+ return TRUE;
+ }
+ break;
+
+ case SILC_AUTH_PUBLIC_KEY:
+ /* Public key based authentication */
+ return silc_auth_public_key_auth_verify(payload, (SilcPublicKey)auth_data,
+ hash, id, type);
+ break;
+
+ default:
+ break;
+ }
+
+ SILC_LOG_DEBUG(("Authentication failed"));
+
+ return FALSE;
+}
+
+/* Same as above but parses the authentication payload before verify. */
+
+int silc_auth_verify_data(unsigned char *payload, unsigned int payload_len,
+ SilcAuthMethod auth_method, void *auth_data,
+ unsigned int auth_data_len, SilcHash hash,
+ void *id, SilcIdType type)
+{
+ SilcAuthPayload auth_payload;
+ SilcBuffer buffer;
+ int ret;
+
+ buffer = silc_buffer_alloc(payload_len);
+ silc_buffer_pull_tail(buffer, SILC_BUFFER_END(buffer));
+ silc_buffer_put(buffer, payload, payload_len);
+ auth_payload = silc_auth_payload_parse(buffer);
+ if (!auth_payload) {
+ silc_buffer_free(buffer);
+ return FALSE;
+ }
+
+ ret = silc_auth_verify(auth_payload, auth_method, auth_data, auth_data_len,
+ hash, id, type);
+
+ silc_auth_payload_free(auth_payload);
+ silc_buffer_free(buffer);
+
+ return ret;
+}
+
/******************************************************************************
Key Agreement Payload
unsigned char *auth_data,
unsigned short auth_len);
void silc_auth_payload_free(SilcAuthPayload payload);
-SilcBuffer silc_auth_public_key_auth_generate(SilcPKCS pkcs,
+SilcBuffer silc_auth_public_key_auth_generate(SilcPublicKey public_key,
SilcHash hash,
void *id, SilcIdType type);
int silc_auth_public_key_auth_verify(SilcAuthPayload payload,
- SilcPKCS pkcs, SilcHash hash,
+ SilcPublicKey public_key, SilcHash hash,
void *id, SilcIdType type);
int silc_auth_public_key_auth_verify_data(SilcBuffer payload,
- SilcPKCS pkcs, SilcHash hash,
+ SilcPublicKey public_key,
+ SilcHash hash,
void *id, SilcIdType type);
+int silc_auth_verify(SilcAuthPayload payload, SilcAuthMethod auth_method,
+ void *auth_data, unsigned int auth_data_len,
+ SilcHash hash, void *id, SilcIdType type);
+int silc_auth_verify_data(unsigned char *payload, unsigned int payload_len,
+ SilcAuthMethod auth_method, void *auth_data,
+ unsigned int auth_data_len, SilcHash hash,
+ void *id, SilcIdType type);
SilcKeyAgreementPayload silc_key_agreement_payload_parse(SilcBuffer buffer);
SilcBuffer silc_key_agreement_payload_encode(char *hostname,
unsigned int port);
projects / runtime.git / commitdiff