5 Author: Pekka Riikonen <priikone@poseidon.pspt.fi>
7 Copyright (C) 1997 - 2000 Pekka Riikonen
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 2 of the License, or
12 (at your option) any later version.
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
21 * Server side of the protocols.
26 * Revision 1.9 2000/07/20 10:17:25 priikone
27 * Added dynamic protocol registering/unregistering support. The
28 * patch was provided by cras.
30 * Revision 1.8 2000/07/19 07:08:09 priikone
31 * Added version detection support to SKE.
33 * Revision 1.7 2000/07/14 06:14:20 priikone
34 * Put the HMAC keys into the HMAC object instead of having them
35 * saved elsewhere; now we can use silc_hmac_make insteaad of
36 * silc_hmac_make_with_key.
38 * Revision 1.6 2000/07/12 05:59:41 priikone
39 * Major rewrite of ID Cache system. Support added for the new
40 * ID cache system. Major rewrite of ID List stuff on server. All
41 * SilcXXXList's are now called SilcXXXEntry's and they are pointers
42 * by default. A lot rewritten ID list functions.
44 * Revision 1.5 2000/07/10 05:42:14 priikone
45 * Support for public key encoding functions added.
47 * Revision 1.4 2000/07/07 06:55:59 priikone
48 * Added SILC style public key support and made server to use
51 * Revision 1.3 2000/07/06 07:15:31 priikone
52 * Cleaner code fro password and public key authentication.
53 * Deprecated old `channel_auth' protocol.
55 * Revision 1.2 2000/07/05 06:13:04 priikone
56 * Support for SILC style public keys added.
58 * Revision 1.1.1.1 2000/06/27 11:36:56 priikone
59 * Imported from internal CVS/Added Log headers.
64 #include "serverincludes.h"
65 #include "server_internal.h"
67 SILC_TASK_CALLBACK(silc_server_protocol_connection_auth);
68 SILC_TASK_CALLBACK(silc_server_protocol_key_exchange);
70 extern char *silc_version_string;
73 * Key Exhange protocol functions
76 /* Packet sending callback. This function is provided as packet sending
77 routine to the Key Exchange functions. */
79 static void silc_server_protocol_ke_send_packet(SilcSKE ske,
84 SilcProtocol protocol = (SilcProtocol)context;
85 SilcServerKEInternalContext *ctx =
86 (SilcServerKEInternalContext *)protocol->context;
87 SilcServer server = (SilcServer)ctx->server;
89 /* Send the packet immediately */
90 silc_server_packet_send(server, ske->sock,
91 type, 0, packet->data, packet->len, TRUE);
94 /* Sets the negotiated key material into use for particular connection. */
96 static void silc_server_protocol_ke_set_keys(SilcSKE ske,
97 SilcSocketConnection sock,
98 SilcSKEKeyMaterial *keymat,
104 SilcUnknownEntry conn_data;
107 SILC_LOG_DEBUG(("Setting new key into use"));
109 conn_data = silc_calloc(1, sizeof(*conn_data));
111 /* Allocate cipher to be used in the communication */
112 silc_cipher_alloc(cipher->cipher->name, &conn_data->send_key);
113 silc_cipher_alloc(cipher->cipher->name, &conn_data->receive_key);
115 if (is_responder == TRUE) {
116 conn_data->send_key->cipher->set_key(conn_data->send_key->context,
117 keymat->receive_enc_key,
118 keymat->enc_key_len);
119 conn_data->send_key->set_iv(conn_data->send_key, keymat->receive_iv);
120 conn_data->receive_key->cipher->set_key(conn_data->receive_key->context,
121 keymat->send_enc_key,
122 keymat->enc_key_len);
123 conn_data->receive_key->set_iv(conn_data->receive_key, keymat->send_iv);
126 conn_data->send_key->cipher->set_key(conn_data->send_key->context,
127 keymat->send_enc_key,
128 keymat->enc_key_len);
129 conn_data->send_key->set_iv(conn_data->send_key, keymat->send_iv);
130 conn_data->receive_key->cipher->set_key(conn_data->receive_key->context,
131 keymat->receive_enc_key,
132 keymat->enc_key_len);
133 conn_data->receive_key->set_iv(conn_data->receive_key, keymat->receive_iv);
136 /* Allocate PKCS to be used */
138 /* XXX Do we ever need to allocate PKCS for the connection??
139 If yes, we need to change KE protocol to get the initiators
141 silc_pkcs_alloc(pkcs->pkcs->name, &conn_data->pkcs);
142 conn_data->public_key = silc_pkcs_public_key_alloc(XXX);
143 silc_pkcs_set_public_key(conn_data->pkcs, ske->ke2_payload->pk_data,
144 ske->ke2_payload->pk_len);
147 /* Save HMAC key to be used in the communication. */
148 silc_hash_alloc(hash->hash->name, &nhash);
149 silc_hmac_alloc(nhash, &conn_data->hmac);
150 silc_hmac_set_key(conn_data->hmac, keymat->hmac_key, keymat->hmac_key_len);
152 sock->user_data = (void *)conn_data;
155 /* Performs key exchange protocol. This is used for both initiator
156 and responder key exchange. This is performed always when accepting
157 new connection to the server. This may be called recursively. */
159 SILC_TASK_CALLBACK(silc_server_protocol_key_exchange)
161 SilcProtocol protocol = (SilcProtocol)context;
162 SilcServerKEInternalContext *ctx =
163 (SilcServerKEInternalContext *)protocol->context;
164 SilcServer server = (SilcServer)ctx->server;
165 SilcSKEStatus status = 0;
167 SILC_LOG_DEBUG(("Start"));
169 if (protocol->state == SILC_PROTOCOL_STATE_UNKNOWN)
170 protocol->state = SILC_PROTOCOL_STATE_START;
172 SILC_LOG_DEBUG(("State=%d", protocol->state));
174 switch(protocol->state) {
175 case SILC_PROTOCOL_STATE_START:
182 /* Allocate Key Exchange object */
183 ske = silc_ske_alloc();
186 if (ctx->responder == TRUE) {
187 /* Start the key exchange by processing the received security
188 properties packet from initiator. */
189 status = silc_ske_responder_start(ske, ctx->rng, ctx->sock,
191 ctx->packet, NULL, NULL);
193 SilcSKEStartPayload *start_payload;
195 /* Assemble security properties. */
196 silc_ske_assemble_security_properties(ske, silc_version_string,
199 /* Start the key exchange by sending our security properties
200 to the remote end. */
201 status = silc_ske_initiator_start(ske, ctx->rng, ctx->sock,
203 silc_server_protocol_ke_send_packet,
207 if (status != SILC_SKE_STATUS_OK) {
208 SILC_LOG_WARNING(("Error (type %d) during Key Exchange protocol",
210 SILC_LOG_DEBUG(("Error (type %d) during Key Exchange protocol",
213 protocol->state = SILC_PROTOCOL_STATE_ERROR;
214 protocol->execute(server->timeout_queue, 0, protocol, fd, 0, 300000);
218 /* Advance protocol state and call the next state if we are responder */
220 if (ctx->responder == TRUE)
221 protocol->execute(server->timeout_queue, 0, protocol, fd, 0, 100000);
229 if (ctx->responder == TRUE) {
230 /* Sends the selected security properties to the initiator. */
232 silc_ske_responder_phase_1(ctx->ske,
233 ctx->ske->start_payload,
234 silc_server_protocol_ke_send_packet,
237 /* Call Phase-1 function. This processes the Key Exchange Start
238 paylaod reply we just got from the responder. The callback
239 function will receive the processed payload where we will
242 silc_ske_initiator_phase_1(ctx->ske,
247 if (status != SILC_SKE_STATUS_OK) {
248 SILC_LOG_WARNING(("Error (type %d) during Key Exchange protocol",
250 SILC_LOG_DEBUG(("Error (type %d) during Key Exchange protocol",
253 protocol->state = SILC_PROTOCOL_STATE_ERROR;
254 protocol->execute(server->timeout_queue, 0, protocol, fd, 0, 300000);
258 /* Advance protocol state and call next state if we are initiator */
260 if (ctx->responder == FALSE)
261 protocol->execute(server->timeout_queue, 0, protocol, fd, 0, 100000);
269 if (ctx->responder == TRUE) {
270 /* Process the received Key Exchange 1 Payload packet from
271 the initiator. This also creates our parts of the Diffie
272 Hellman algorithm. */
274 silc_ske_responder_phase_2(ctx->ske, ctx->packet, NULL, NULL);
276 /* Call the Phase-2 function. This creates Diffie Hellman
277 key exchange parameters and sends our public part inside
278 Key Exhange 1 Payload to the responder. */
280 silc_ske_initiator_phase_2(ctx->ske,
282 silc_server_protocol_ke_send_packet,
286 if (status != SILC_SKE_STATUS_OK) {
287 SILC_LOG_WARNING(("Error (type %d) during Key Exchange protocol",
289 SILC_LOG_DEBUG(("Error (type %d) during Key Exchange protocol",
292 protocol->state = SILC_PROTOCOL_STATE_ERROR;
293 protocol->execute(server->timeout_queue, 0, protocol, fd, 0, 300000);
297 /* Advance protocol state and call the next state if we are responder */
299 if (ctx->responder == TRUE)
300 protocol->execute(server->timeout_queue, 0, protocol, fd, 0, 100000);
308 if (ctx->responder == TRUE) {
309 /* This creates the key exchange material and sends our
310 public parts to the initiator inside Key Exchange 2 Payload. */
312 silc_ske_responder_finish(ctx->ske,
313 server->public_key, server->private_key,
314 SILC_SKE_PK_TYPE_SILC,
315 silc_server_protocol_ke_send_packet,
318 /* Finish the protocol. This verifies the Key Exchange 2 payload
319 sent by responder. */
321 silc_ske_initiator_finish(ctx->ske,
322 ctx->packet, NULL, NULL, NULL, NULL);
325 if (status != SILC_SKE_STATUS_OK) {
326 SILC_LOG_WARNING(("Error (type %d) during Key Exchange protocol",
328 SILC_LOG_DEBUG(("Error (type %d) during Key Exchange protocol",
331 protocol->state = SILC_PROTOCOL_STATE_ERROR;
332 protocol->execute(server->timeout_queue, 0, protocol, fd, 0, 300000);
336 /* Send Ok to the other end. We will end the protocol as responder
337 sends Ok to us when we will take the new keys into use. */
338 if (ctx->responder == FALSE)
339 silc_ske_end(ctx->ske, silc_server_protocol_ke_send_packet, context);
341 /* End the protocol on the next round */
342 protocol->state = SILC_PROTOCOL_STATE_END;
345 case SILC_PROTOCOL_STATE_END:
350 SilcSKEKeyMaterial *keymat;
352 /* Send Ok to the other end if we are responder. If we are
353 initiator we have sent this already. */
354 if (ctx->responder == TRUE)
355 silc_ske_end(ctx->ske, silc_server_protocol_ke_send_packet, context);
357 /* Process the key material */
358 keymat = silc_calloc(1, sizeof(*keymat));
359 silc_ske_process_key_material(ctx->ske, 16, (16 * 8), 16, keymat);
361 /* Take the new keys into use. */
362 silc_server_protocol_ke_set_keys(ctx->ske, ctx->sock, keymat,
363 ctx->ske->prop->cipher,
364 ctx->ske->prop->pkcs,
365 ctx->ske->prop->hash,
368 /* Unregister the timeout task since the protocol has ended.
369 This was the timeout task to be executed if the protocol is
370 not completed fast enough. */
371 if (ctx->timeout_task)
372 silc_task_unregister(server->timeout_queue, ctx->timeout_task);
374 /* Call the final callback */
375 if (protocol->final_callback)
376 protocol->execute_final(server->timeout_queue, 0, protocol, fd);
378 silc_protocol_free(protocol);
381 case SILC_PROTOCOL_STATE_ERROR:
386 /* Unregister the timeout task since the protocol has ended.
387 This was the timeout task to be executed if the protocol is
388 not completed fast enough. */
389 if (ctx->timeout_task)
390 silc_task_unregister(server->timeout_queue, ctx->timeout_task);
392 /* On error the final callback is always called. */
393 if (protocol->final_callback)
394 protocol->execute_final(server->timeout_queue, 0, protocol, fd);
396 silc_protocol_free(protocol);
398 case SILC_PROTOCOL_STATE_UNKNOWN:
404 * Connection Authentication protocol functions
407 /* XXX move these to somehwere else */
409 int silc_server_password_authentication(SilcServer server, char *auth1,
412 if (!auth1 || !auth2)
415 if (!memcmp(auth1, auth2, strlen(auth1)))
421 int silc_server_public_key_authentication(SilcServer server,
424 unsigned int sign_len,
427 SilcPublicKey pub_key;
432 if (!pkfile || !sign)
435 /* Load public key from file */
436 if (!silc_pkcs_load_public_key(pkfile, &pub_key, SILC_PKCS_FILE_PEM))
437 if (!silc_pkcs_load_public_key(pkfile, &pub_key, SILC_PKCS_FILE_BIN))
440 silc_pkcs_alloc(pub_key->name, &pkcs);
441 if (!silc_pkcs_public_key_set(pkcs, pub_key)) {
442 silc_pkcs_free(pkcs);
446 /* Make the authentication data. Protocol says it is HASH plus
448 len = ske->hash_len + ske->start_payload_copy->len;
449 auth = silc_buffer_alloc(len);
450 silc_buffer_pull_tail(auth, len);
451 silc_buffer_format(auth,
452 SILC_STR_UI_XNSTRING(ske->hash, ske->hash_len),
453 SILC_STR_UI_XNSTRING(ske->start_payload_copy->data,
454 ske->start_payload_copy->len),
457 /* Verify signature */
458 if (pkcs->pkcs->verify(pkcs->context, sign, sign_len,
459 auth->data, auth->len))
461 silc_pkcs_free(pkcs);
462 silc_pkcs_public_key_free(pub_key);
463 silc_buffer_free(auth);
467 silc_pkcs_free(pkcs);
468 silc_pkcs_public_key_free(pub_key);
469 silc_buffer_free(auth);
473 /* Performs connection authentication protocol. If responder, we
474 authenticate the remote data received. If initiator, we will send
475 authentication data to the remote end. */
477 SILC_TASK_CALLBACK(silc_server_protocol_connection_auth)
479 SilcProtocol protocol = (SilcProtocol)context;
480 SilcServerConnAuthInternalContext *ctx =
481 (SilcServerConnAuthInternalContext *)protocol->context;
482 SilcServer server = (SilcServer)ctx->server;
484 SILC_LOG_DEBUG(("Start"));
486 if (protocol->state == SILC_PROTOCOL_STATE_UNKNOWN)
487 protocol->state = SILC_PROTOCOL_STATE_START;
489 SILC_LOG_DEBUG(("State=%d", protocol->state));
491 switch(protocol->state) {
492 case SILC_PROTOCOL_STATE_START:
498 if (ctx->responder == TRUE) {
500 * We are receiving party
503 unsigned short payload_len;
504 unsigned short conn_type;
505 unsigned char *auth_data;
507 SILC_LOG_INFO(("Performing authentication protocol for %s",
508 ctx->sock->hostname ? ctx->sock->hostname :
511 /* Parse the received authentication data packet. The received
512 payload is Connection Auth Payload. */
513 silc_buffer_unformat(ctx->packet,
514 SILC_STR_UI_SHORT(&payload_len),
515 SILC_STR_UI_SHORT(&conn_type),
518 if (payload_len != ctx->packet->len) {
519 SILC_LOG_ERROR(("Bad payload in authentication packet"));
520 SILC_LOG_DEBUG(("Bad payload in authentication packet"));
521 protocol->state = SILC_PROTOCOL_STATE_ERROR;
522 protocol->execute(server->timeout_queue, 0, protocol, fd, 0, 300000);
528 if (conn_type < SILC_SOCKET_TYPE_CLIENT ||
529 conn_type > SILC_SOCKET_TYPE_ROUTER) {
530 SILC_LOG_ERROR(("Bad connection type %d", conn_type));
531 SILC_LOG_DEBUG(("Bad connection type %d", conn_type));
532 protocol->state = SILC_PROTOCOL_STATE_ERROR;
533 protocol->execute(server->timeout_queue, 0, protocol, fd, 0, 300000);
537 if (payload_len > 0) {
538 /* Get authentication data */
539 silc_buffer_pull(ctx->packet, 4);
540 silc_buffer_unformat(ctx->packet,
541 SILC_STR_UI_XNSTRING_ALLOC(&auth_data,
549 * Check the remote connection type and make sure that we have
550 * configured this connection. If we haven't allowed this connection
551 * the authentication must be failed.
554 SILC_LOG_DEBUG(("Remote connection type %d", conn_type));
556 /* Remote end is client */
557 if (conn_type == SILC_SOCKET_TYPE_CLIENT) {
558 SilcConfigServerSectionClientConnection *client = NULL;
560 silc_config_server_find_client_conn(server->config,
565 silc_config_server_find_client_conn(server->config,
570 switch(client->auth_meth) {
571 case SILC_PROTOCOL_CONN_AUTH_NONE:
572 /* No authentication required */
573 SILC_LOG_DEBUG(("No authentication required"));
576 case SILC_PROTOCOL_CONN_AUTH_PASSWORD:
577 /* Password authentication */
578 SILC_LOG_DEBUG(("Password authentication"));
579 ret = silc_server_password_authentication(server, auth_data,
583 memset(auth_data, 0, payload_len);
584 silc_free(auth_data);
589 /* Authentication failed */
590 SILC_LOG_ERROR(("Authentication failed"));
591 SILC_LOG_DEBUG(("Authentication failed"));
592 protocol->state = SILC_PROTOCOL_STATE_ERROR;
593 protocol->execute(server->timeout_queue, 0,
594 protocol, fd, 0, 300000);
598 case SILC_PROTOCOL_CONN_AUTH_PUBLIC_KEY:
599 /* Public key authentication */
600 SILC_LOG_DEBUG(("Public key authentication"));
601 ret = silc_server_public_key_authentication(server,
608 memset(auth_data, 0, payload_len);
609 silc_free(auth_data);
614 SILC_LOG_ERROR(("Authentication failed"));
615 SILC_LOG_DEBUG(("Authentication failed"));
616 protocol->state = SILC_PROTOCOL_STATE_ERROR;
617 protocol->execute(server->timeout_queue, 0,
618 protocol, fd, 0, 300000);
622 SILC_LOG_DEBUG(("No configuration for remote connection"));
623 SILC_LOG_ERROR(("Remote connection not configured"));
624 SILC_LOG_ERROR(("Authentication failed"));
625 memset(auth_data, 0, payload_len);
626 silc_free(auth_data);
628 protocol->state = SILC_PROTOCOL_STATE_ERROR;
629 protocol->execute(server->timeout_queue, 0,
630 protocol, fd, 0, 300000);
635 /* Remote end is server */
636 if (conn_type == SILC_SOCKET_TYPE_SERVER) {
637 SilcConfigServerSectionServerConnection *serv = NULL;
639 silc_config_server_find_server_conn(server->config,
644 silc_config_server_find_server_conn(server->config,
649 switch(serv->auth_meth) {
650 case SILC_PROTOCOL_CONN_AUTH_NONE:
651 /* No authentication required */
652 SILC_LOG_DEBUG(("No authentication required"));
655 case SILC_PROTOCOL_CONN_AUTH_PASSWORD:
656 /* Password authentication */
657 SILC_LOG_DEBUG(("Password authentication"));
658 ret = silc_server_password_authentication(server, auth_data,
662 memset(auth_data, 0, payload_len);
663 silc_free(auth_data);
668 /* Authentication failed */
669 SILC_LOG_ERROR(("Authentication failed"));
670 SILC_LOG_DEBUG(("Authentication failed"));
671 protocol->state = SILC_PROTOCOL_STATE_ERROR;
672 protocol->execute(server->timeout_queue, 0,
673 protocol, fd, 0, 300000);
677 case SILC_PROTOCOL_CONN_AUTH_PUBLIC_KEY:
678 /* Public key authentication */
679 SILC_LOG_DEBUG(("Public key authentication"));
680 ret = silc_server_public_key_authentication(server,
687 memset(auth_data, 0, payload_len);
688 silc_free(auth_data);
693 SILC_LOG_ERROR(("Authentication failed"));
694 SILC_LOG_DEBUG(("Authentication failed"));
695 protocol->state = SILC_PROTOCOL_STATE_ERROR;
696 protocol->execute(server->timeout_queue, 0,
697 protocol, fd, 0, 300000);
701 SILC_LOG_DEBUG(("No configuration for remote connection"));
702 SILC_LOG_ERROR(("Remote connection not configured"));
703 SILC_LOG_ERROR(("Authentication failed"));
704 memset(auth_data, 0, payload_len);
705 silc_free(auth_data);
707 protocol->state = SILC_PROTOCOL_STATE_ERROR;
708 protocol->execute(server->timeout_queue, 0,
709 protocol, fd, 0, 300000);
714 /* Remote end is router */
715 if (conn_type == SILC_SOCKET_TYPE_ROUTER) {
716 SilcConfigServerSectionServerConnection *serv = NULL;
718 silc_config_server_find_router_conn(server->config,
723 silc_config_server_find_router_conn(server->config,
728 switch(serv->auth_meth) {
729 case SILC_PROTOCOL_CONN_AUTH_NONE:
730 /* No authentication required */
731 SILC_LOG_DEBUG(("No authentication required"));
734 case SILC_PROTOCOL_CONN_AUTH_PASSWORD:
735 /* Password authentication */
736 SILC_LOG_DEBUG(("Password authentication"));
737 ret = silc_server_password_authentication(server, auth_data,
741 memset(auth_data, 0, payload_len);
742 silc_free(auth_data);
747 /* Authentication failed */
748 SILC_LOG_ERROR(("Authentication failed"));
749 SILC_LOG_DEBUG(("Authentication failed"));
750 protocol->state = SILC_PROTOCOL_STATE_ERROR;
751 protocol->execute(server->timeout_queue, 0,
752 protocol, fd, 0, 300000);
756 case SILC_PROTOCOL_CONN_AUTH_PUBLIC_KEY:
757 /* Public key authentication */
758 SILC_LOG_DEBUG(("Public key authentication"));
759 ret = silc_server_public_key_authentication(server,
766 memset(auth_data, 0, payload_len);
767 silc_free(auth_data);
772 SILC_LOG_ERROR(("Authentication failed"));
773 SILC_LOG_DEBUG(("Authentication failed"));
774 protocol->state = SILC_PROTOCOL_STATE_ERROR;
775 protocol->execute(server->timeout_queue, 0,
776 protocol, fd, 0, 300000);
780 SILC_LOG_DEBUG(("No configuration for remote connection"));
781 SILC_LOG_ERROR(("Remote connection not configured"));
782 SILC_LOG_ERROR(("Authentication failed"));
783 memset(auth_data, 0, payload_len);
784 silc_free(auth_data);
786 protocol->state = SILC_PROTOCOL_STATE_ERROR;
787 protocol->execute(server->timeout_queue, 0,
788 protocol, fd, 0, 300000);
794 memset(auth_data, 0, payload_len);
795 silc_free(auth_data);
798 /* Save connection type. This is later used to create the
799 ID for the connection. */
800 ctx->conn_type = conn_type;
802 /* Advance protocol state. */
803 protocol->state = SILC_PROTOCOL_STATE_END;
804 protocol->execute(server->timeout_queue, 0, protocol, fd, 0, 0);
808 * We are initiator. We are authenticating ourselves to a
809 * remote server. We will send the authentication data to the
810 * other end for verify.
814 unsigned char *auth_data = NULL;
815 unsigned int auth_data_len = 0;
817 switch(ctx->auth_meth) {
818 case SILC_PROTOCOL_CONN_AUTH_NONE:
819 /* No authentication required */
822 case SILC_PROTOCOL_CONN_AUTH_PASSWORD:
823 /* Password authentication */
824 if (ctx->auth_data && ctx->auth_data_len) {
825 auth_data = ctx->auth_data;
826 auth_data_len = ctx->auth_data_len;
830 /* No authentication data exits. Ask interactively from user. */
835 case SILC_PROTOCOL_CONN_AUTH_PUBLIC_KEY:
836 /* Public key authentication */
841 payload_len = 4 + auth_data_len;
842 packet = silc_buffer_alloc(payload_len);
843 silc_buffer_pull_tail(packet, SILC_BUFFER_END(packet));
844 silc_buffer_format(packet,
845 SILC_STR_UI_SHORT(payload_len),
846 SILC_STR_UI_SHORT(server->server_type
848 SILC_SOCKET_TYPE_SERVER :
849 SILC_SOCKET_TYPE_ROUTER),
850 SILC_STR_UI_XNSTRING(auth_data, auth_data_len),
853 /* Send the packet to server */
854 silc_server_packet_send(server, ctx->sock,
855 SILC_PACKET_CONNECTION_AUTH, 0,
856 packet->data, packet->len, TRUE);
859 memset(auth_data, 0, auth_data_len);
860 silc_free(auth_data);
862 silc_buffer_free(packet);
864 /* Next state is end of protocol */
865 protocol->state = SILC_PROTOCOL_STATE_END;
870 case SILC_PROTOCOL_STATE_END:
876 /* Succesfully authenticated */
877 silc_server_packet_send(server, ctx->sock, SILC_PACKET_SUCCESS,
880 /* Unregister the timeout task since the protocol has ended.
881 This was the timeout task to be executed if the protocol is
882 not completed fast enough. */
883 if (ctx->timeout_task)
884 silc_task_unregister(server->timeout_queue, ctx->timeout_task);
886 /* Protocol has ended, call the final callback */
887 if (protocol->final_callback)
888 protocol->execute_final(server->timeout_queue, 0, protocol, fd);
890 silc_protocol_free(protocol);
893 case SILC_PROTOCOL_STATE_ERROR:
899 /* Authentication failed */
900 silc_server_packet_send(server, ctx->sock, SILC_PACKET_FAILURE,
903 /* Unregister the timeout task since the protocol has ended.
904 This was the timeout task to be executed if the protocol is
905 not completed fast enough. */
906 if (ctx->timeout_task)
907 silc_task_unregister(server->timeout_queue, ctx->timeout_task);
909 /* On error the final callback is always called. */
910 if (protocol->final_callback)
911 protocol->execute_final(server->timeout_queue, 0, protocol, fd);
913 silc_protocol_free(protocol);
916 case SILC_PROTOCOL_STATE_UNKNOWN:
921 /* Registers protocols used in server. */
923 void silc_server_protocols_register(void)
925 silc_protocol_register(SILC_PROTOCOL_SERVER_CONNECTION_AUTH,
926 silc_server_protocol_connection_auth);
927 silc_protocol_register(SILC_PROTOCOL_SERVER_KEY_EXCHANGE,
928 silc_server_protocol_key_exchange);
931 /* Unregisters protocols */
933 void silc_server_protocols_unregister(void)
935 silc_protocol_unregister(SILC_PROTOCOL_SERVER_CONNECTION_AUTH,
936 silc_server_protocol_connection_auth);
937 silc_protocol_unregister(SILC_PROTOCOL_SERVER_KEY_EXCHANGE,
938 silc_server_protocol_key_exchange);