5 Author: Pekka Riikonen <priikone@silcnet.org>
7 Copyright (C) 1997 - 2005 Pekka Riikonen
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; version 2 of the License.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
21 #include "silcserver.h"
22 #include "server_internal.h"
24 /************************ Static utility functions **************************/
26 /* SKE public key verification callback */
29 silc_server_accept_verify_key(SilcSKE ske,
30 const unsigned char *pk_data,
32 SilcSKEPKType pk_type,
34 SilcSKEVerifyCbCompletion completion,
35 void *completion_context)
37 SilcServerAccept ac = context;
39 SILC_LOG_DEBUG(("Verifying public key"));
41 if (pk_type != SILC_SKE_PK_TYPE_SILC) {
42 SILC_LOG_WARNING(("We don't support %s (%s) port %d public key type %d",
43 ac->hostname, ac->ip, ac->port, pk_type));
44 completion(ac->data.ske, SILC_SKE_STATUS_UNSUPPORTED_PUBLIC_KEY,
49 /* We accept all keys without explicit verification */
50 completion(ac->data.ske, SILC_SKE_STATUS_OK, completion_context);
53 /* SKE completion callback */
56 silc_server_accept_completed(SilcSKE ske, SilcSKEStatus status,
57 SilcSKESecurityProperties prop,
58 SilcSKEKeyMaterial keymat,
59 SilcSKERekeyMaterial rekey,
62 SilcServerAccept ac = context;
69 /* Continue synchronously to take keys into use immediately */
70 SILC_FSM_CALL_CONTINUE_SYNC(ac->t);
73 /* Authentication data callback */
76 silc_server_accept_get_auth(SilcConnAuth connauth,
77 SilcConnectionType conn_type,
78 unsigned char **passphrase,
79 SilcUInt32 *passphrase_len,
83 SilcServerAccept ac = context;
85 SILC_LOG_DEBUG(("Remote connection type %d", conn_type));
87 /* Remote end is client */
88 if (conn_type == SILC_CONN_CLIENT) {
92 *passphrase = ac->cconfig->passphrase;
93 *passphrase_len = ac->cconfig->passphrase_len;
94 if (ac->cconfig->pubkey_auth)
95 *repository = ac->thread->server->repository;
98 /* Remote end is server */
99 if (conn_type == SILC_CONN_SERVER) {
103 *passphrase = ac->sconfig->passphrase;
104 *passphrase_len = ac->sconfig->passphrase_len;
105 if (ac->sconfig->pubkey_auth)
106 *repository = ac->thread->server->repository;
109 /* Remote end is router */
110 if (conn_type == SILC_CONN_ROUTER) {
114 *passphrase = ac->rconfig->passphrase;
115 *passphrase_len = ac->rconfig->passphrase_len;
116 if (ac->rconfig->pubkey_auth)
117 *repository = ac->thread->server->repository;
120 ac->data.type = conn_type;
125 /* Authentication completion callback */
128 silc_server_accept_auth_compl(SilcConnAuth connauth, SilcBool success,
131 SilcServerAccept ac = context;
132 ac->auth_success = success;
133 SILC_FSM_CALL_CONTINUE(ac->t);
138 static void silc_server_accept_free(SilcServerAccept ac)
141 silc_connauth_free(ac->connauth);
142 silc_free(ac->error_string);
146 void silc_server_accept_connection_dest(SilcFSM fsm, void *fsm_context,
147 void *destructor_context)
149 SilcServerAccept ac = fsm_context;
151 silc_server_accept_free(ac);
155 /********************* Accepting new connection thread **********************/
157 SILC_FSM_STATE(silc_server_st_accept_connection)
159 SilcServerAccept ac = fsm_context;
160 SilcServer server = ac->thread->server;
161 SilcServerParamDeny deny;
162 SilcSKESecurityPropertyFlag flags = 0;
164 SILC_LOG_DEBUG(("Accepting new connection"));
166 /* Create packet stream */
167 ac->packet_stream = silc_packet_stream_create(ac->thread->packet_engine,
168 silc_fsm_get_schedule(fsm),
170 if (!ac->packet_stream) {
171 /** Cannot create packet stream */
172 ac->error = SILC_STATUS_ERR_RESOURCE_LIMIT;
173 silc_fsm_next(fsm, silc_server_st_accept_error);
174 return SILC_FSM_CONTINUE;
177 silc_packet_set_context(ac->packet_stream, ac);
179 /* Set source ID to packet stream */
180 if (!silc_packet_set_ids(ac->packet_stream, SILC_ID_SERVER, &server->id,
183 ac->error = SILC_STATUS_ERR_RESOURCE_LIMIT;
184 silc_fsm_next(fsm, silc_server_st_accept_error);
185 return SILC_FSM_CONTINUE;
188 if (!silc_socket_stream_get_info(ac->stream, NULL, &ac->hostname,
189 &ac->ip, &ac->port)) {
190 /** Bad socket stream */
191 ac->error = SILC_STATUS_ERR_RESOURCE_LIMIT;
192 silc_fsm_next(fsm, silc_server_st_accept_error);
193 return SILC_FSM_CONTINUE;
196 /* Check whether this connection is denied to connect to us. */
197 deny = silc_server_params_find_denied(server, ac->ip, ac->hostname);
199 /** Connection is denied */
200 SILC_LOG_INFO(("Connection %s (%s) is denied", ac->hostname, ac->ip));
201 ac->error = SILC_STATUS_ERR_BANNED_FROM_SERVER;
202 silc_fsm_next(fsm, silc_server_st_accept_error);
203 return SILC_FSM_CONTINUE;
206 server->params->refcnt++;
208 /* Check whether we have configured this sort of connection at all. We
209 have to check all configurations since we don't know what type of
210 connection this is. */
211 ac->cconfig = silc_server_params_find_client(server, ac->ip, ac->hostname);
212 ac->sconfig = silc_server_params_find_server(server, ac->ip, ac->hostname);
213 if (server->server_type == SILC_ROUTER)
214 ac->rconfig = silc_server_params_find_router(server, ac->ip,
215 ac->hostname, ac->port);
216 if (!ac->cconfig && !ac->sconfig && !ac->rconfig) {
217 /** Connection not configured */
218 SILC_LOG_INFO(("Connection %s (%s) not configured", ac->hostname,
220 ac->error = SILC_STATUS_ERR_BANNED_FROM_SERVER;
221 silc_fsm_next(fsm, silc_server_st_accept_error);
222 return SILC_FSM_CONTINUE;
225 SILC_LOG_INFO(("Incoming connection %s (%s)", ac->hostname, ac->ip));
227 /* Take flags for key exchange. Since we do not know what type of connection
228 this is, we go through all found configurations and use the global ones
229 as well. This will result always into strictest key exchange flags. */
230 SILC_GET_SKE_FLAGS(ac->cconfig, flags);
231 SILC_GET_SKE_FLAGS(ac->sconfig, flags);
232 SILC_GET_SKE_FLAGS(ac->rconfig, flags);
233 if (server->params->param.key_exchange_pfs)
234 flags |= SILC_SKE_SP_FLAG_PFS;
236 server->stat.conn_attempts++;
238 /* Start SILC Key Exchange protocol */
239 SILC_LOG_DEBUG(("Starting key exchange protocol"));
240 ac->data.ske = silc_ske_alloc(server->rng, silc_fsm_get_schedule(fsm),
241 server->public_key, server->private_key, ac);
244 ac->error = SILC_STATUS_ERR_RESOURCE_LIMIT;
245 silc_fsm_next(fsm, silc_server_st_accept_error);
246 return SILC_FSM_CONTINUE;
248 silc_ske_set_callbacks(ac->data.ske, silc_server_accept_verify_key,
249 silc_server_accept_completed, ac);
251 /** Waiting for SKE completion */
252 silc_fsm_next(fsm, silc_server_st_accept_set_keys);
253 SILC_FSM_CALL((ac->op = silc_ske_responder(ac->data.ske, ac->packet_stream,
254 silc_version_string, flags)));
257 SILC_FSM_STATE(silc_server_st_accept_set_keys)
259 SilcServerAccept ac = fsm_context;
260 SilcServer server = ac->thread->server;
261 SilcCipher send_key, receive_key;
262 SilcHmac hmac_send, hmac_receive;
264 if (ac->status != SILC_SKE_STATUS_OK) {
266 SILC_LOG_ERROR(("Error (%s) during Key Exchange protocol with %s (%s)",
267 silc_ske_map_status(ac->status), ac->hostname, ac->ip));
268 ac->error = SILC_STATUS_ERR_KEY_EXCHANGE_FAILED;
269 silc_fsm_next(fsm, silc_server_st_accept_error);
270 return SILC_FSM_CONTINUE;
273 SILC_LOG_DEBUG(("Setting keys into use"));
275 /* Set the keys into use. The data will be encrypted after this. */
276 if (!silc_ske_set_keys(ac->data.ske, ac->keymat, ac->prop, &send_key,
277 &receive_key, &hmac_send, &hmac_receive,
279 /** Error setting keys */
280 ac->error = SILC_STATUS_ERR_KEY_EXCHANGE_FAILED;
281 silc_fsm_next(fsm, silc_server_st_accept_error);
282 return SILC_FSM_CONTINUE;
284 silc_packet_set_ciphers(ac->packet_stream, send_key, receive_key);
285 silc_packet_set_hmacs(ac->packet_stream, hmac_send, hmac_receive);
287 SILC_LOG_DEBUG(("Starting connection authentication"));
288 server->stat.auth_attempts++;
290 ac->connauth = silc_connauth_alloc(silc_fsm_get_schedule(fsm), ac->data.ske,
291 server->params->conn_auth_timeout);
293 /** Error allocating auth protocol */
294 ac->error = SILC_STATUS_ERR_RESOURCE_LIMIT;
295 silc_fsm_next(fsm, silc_server_st_accept_error);
296 return SILC_FSM_CONTINUE;
299 /** Waiting authentication completion */
300 silc_fsm_next(fsm, silc_server_st_accept_authenticated);
301 SILC_FSM_CALL((ac->op = silc_connauth_responder(
303 silc_server_accept_get_auth,
304 silc_server_accept_auth_compl,
308 SILC_FSM_STATE(silc_server_st_accept_authenticated)
310 SilcServerAccept ac = fsm_context;
311 SilcServer server = ac->thread->server;
312 SilcUInt32 conn_number, num_sockets, max_hosts, max_per_host;
313 SilcUInt32 r_protocol_version, l_protocol_version;
314 SilcUInt32 r_software_version, l_software_version;
315 char *r_vendor_version = NULL, *l_vendor_version;
316 SilcServerParamConnParams params, global;
317 SilcBool backup_router = FALSE;
319 if (ac->auth_success == FALSE) {
320 /** Authentication failed */
321 SILC_LOG_INFO(("Authentication failed for %s (%s) [%s]",
322 ac->hostname, ac->ip,
323 SILC_CONNTYPE_STRING(ac->data.type)));
324 ac->error = SILC_STATUS_ERR_AUTH_FAILED;
325 silc_fsm_next(fsm, silc_server_st_accept_error);
326 return SILC_FSM_CONTINUE;
329 SILC_LOG_DEBUG(("Checking whether connection is allowed"));
331 global = &server->params->param;
333 if (ac->data.type == SILC_CONN_CLIENT) {
334 /** Accept client connection */
335 silc_fsm_next(fsm, silc_server_st_accept_client);
336 params = ac->cconfig->param;
337 conn_number = server->stat.my_clients;
338 } else if (ac->data.type == SILC_CONN_SERVER) {
339 /** Accept server connection */
340 silc_fsm_next(fsm, silc_server_st_accept_server);
341 params = ac->sconfig->param;
342 backup_router = ac->sconfig->backup_router;
343 conn_number = server->stat.my_servers;
345 /** Accept router connection */
346 silc_fsm_next(fsm, silc_server_st_accept_server);
347 params = ac->rconfig->param;
348 backup_router = ac->rconfig->backup_router;
349 conn_number = server->stat.my_routers;
352 silc_fsm_sema_init(&ac->wait_register, silc_fsm_get_machine(fsm), 0);
355 l_protocol_version = silc_version_to_num(params && params->version_protocol ?
356 params->version_protocol :
357 global->version_protocol);
358 l_software_version = silc_version_to_num(params && params->version_software ?
359 params->version_software :
360 global->version_software);
361 l_vendor_version = (params && params->version_software_vendor ?
362 params->version_software_vendor :
363 global->version_software_vendor);
365 silc_ske_parse_version(ac->data.ske, &r_protocol_version, NULL,
366 &r_software_version, NULL, &r_vendor_version);
368 /* Match protocol version */
369 if (l_protocol_version && r_protocol_version &&
370 r_protocol_version < l_protocol_version) {
371 /** Protocol version mismatch */
372 SILC_LOG_INFO(("Connection %s (%s) is too old version", ac->hostname,
374 ac->error = SILC_STATUS_ERR_BAD_VERSION;
375 ac->error_string = strdup("You support too old protocol version");
376 silc_fsm_next(fsm, silc_server_st_accept_error);
377 return SILC_FSM_CONTINUE;
380 /* Match software version */
381 if (l_software_version && r_software_version &&
382 r_software_version < l_software_version) {
383 /** Software version mismatch */
384 SILC_LOG_INFO(("Connection %s (%s) is too old version", ac->hostname,
386 ac->error = SILC_STATUS_ERR_BAD_VERSION;
387 ac->error_string = strdup("You support too old software version");
388 silc_fsm_next(fsm, silc_server_st_accept_error);
389 return SILC_FSM_CONTINUE;
392 /* Regex match vendor version */
393 if (l_vendor_version && r_vendor_version &&
394 !silc_string_match(l_vendor_version, r_vendor_version)) {
395 /** Vendor version mismatch */
396 SILC_LOG_INFO(("Connection %s (%s) is unsupported version", ac->hostname,
398 ac->error = SILC_STATUS_ERR_BAD_VERSION;
399 ac->error_string = strdup("Your software is not supported");
400 silc_fsm_next(fsm, silc_server_st_accept_error);
401 return SILC_FSM_CONTINUE;
403 silc_free(r_vendor_version);
405 /* Check for maximum connections limit */
406 // num_sockets = silc_server_num_sockets_by_ip(server, sock->ip, type);
407 max_hosts = (params ? params->connections_max : global->connections_max);
408 max_per_host = (params ? params->connections_max_per_host :
409 global->connections_max_per_host);
411 if (max_hosts && conn_number >= max_hosts) {
412 /** Server is full */
413 SILC_LOG_INFO(("Server is full, closing %s (%s) connection", ac->hostname,
415 ac->error = SILC_STATUS_ERR_RESOURCE_LIMIT;
416 ac->error_string = strdup("Server is full, try again later");
417 silc_fsm_next(fsm, silc_server_st_accept_error);
418 return SILC_FSM_CONTINUE;
423 if (num_sockets >= max_per_host) {
424 /** Too many connections */
425 SILC_LOG_INFO(("Too many connections from %s (%s), closing connection",
426 ac->hostname, ac->ip));
427 ac->error = SILC_STATUS_ERR_RESOURCE_LIMIT;
428 ac->error_string = strdup("Too many connections from your host");
429 silc_fsm_next(fsm, silc_server_st_accept_error);
430 return SILC_FSM_CONTINUE;
433 /* If we are waiting backup router connection, do not accept any other
435 if (server->wait_backup && !backup_router) {
436 /** No backup established */
437 SILC_LOG_INFO(("Will not accept connections because we do "
438 "not have backup router connection established"));
439 ac->error = SILC_STATUS_ERR_PERM_DENIED;
440 ac->error_string = strdup("We do not have connection to backup router "
441 "established, try later");
442 silc_fsm_next(fsm, silc_server_st_accept_error);
443 return SILC_FSM_CONTINUE;
446 /* If we are backup router and this is incoming server connection
447 and we do not have connection to primary router, do not allow
449 if (server->server_type == SILC_BACKUP_ROUTER &&
450 ac->data.type == SILC_CONN_SERVER &&
451 !SILC_PRIMARY_ROUTE(server)) {
452 /** No primary established */
453 SILC_LOG_INFO(("Will not accept server connection because we do "
454 "not have primary router connection established"));
455 ac->error = SILC_STATUS_ERR_PERM_DENIED;
456 ac->error_string = strdup("We do not have connection to primary router "
457 "established, try later");
458 silc_fsm_next(fsm, silc_server_st_accept_error);
459 return SILC_FSM_CONTINUE;
462 return SILC_FSM_CONTINUE;
465 SILC_FSM_STATE(silc_server_st_accept_client)
467 SilcServerAccept ac = fsm_context;
468 SilcServer server = ac->thread->server;
469 SilcServerParamClient conn = ac->cconfig;
470 SilcServerParamConnParams param = &server->params->param;
471 SilcClientEntry client;
472 SilcClientID client_id;
474 char *username = NULL, *realname = NULL;
475 SilcUInt16 username_len;
476 SilcUInt32 id_len, mode = 0;
477 char n[128], u[384], h[256];
480 /* Wait here for the NEW_CLIENT or RESUME_CLIENT packet */
481 SILC_FSM_SEMA_TIMEDWAIT(&ac->wait_register, 20, 0, &timedout);
483 if (!ac->register_packet || timedout) {
484 /** Client did not register */
485 SILC_LOG_INFO(("Client connection %s (%s) did not register",
486 ac->hostname, ac->ip));
487 ac->error = SILC_STATUS_ERR_NOT_REGISTERED;
488 silc_fsm_next(fsm, silc_server_st_accept_error);
489 return SILC_FSM_CONTINUE;
492 SILC_LOG_DEBUG(("Connection %s (%s) is client", ac->hostname, ac->ip));
493 SILC_LOG_INFO(("Connection %s (%s) is client", ac->hostname, ac->ip));
495 /* Handle resuming separately */
496 if (ac->register_packet->type == SILC_PACKET_RESUME_CLIENT) {
497 /** Resume client connection */
498 silc_fsm_next(fsm, silc_server_st_accept_resume_client);
499 return SILC_FSM_CONTINUE;
502 /* Get connection parameters */
506 if (!param->keepalive_secs)
507 param->keepalive_secs = server->params->param.keepalive_secs;
509 if (!param->qos && server->params->param.qos) {
510 param->qos = server->params->param.qos;
511 param->qos_rate_limit = server->params->param.qos_rate_limit;
512 param->qos_bytes_limit = server->params->param.qos_bytes_limit;
513 param->qos_limit_sec = server->params->param.qos_limit_sec;
514 param->qos_limit_usec = server->params->param.qos_limit_usec;
517 /* Check if to be anonymous connection */
518 if (param->anonymous)
519 mode |= SILC_UMODE_ANONYMOUS;
522 /* Parse NEW_CLIENT packet */
523 ret = silc_buffer_unformat(&ac->register_packet->buffer,
524 SILC_STR_UI16_NSTRING(&username,
526 SILC_STR_UI16_STRING(&realname),
529 /** Bad NEW_CLIENT packet */
530 SILC_LOG_ERROR(("Client %s (%s) sent incomplete information",
531 ac->hostname, ac->ip));
532 ac->error = SILC_STATUS_ERR_INCOMPLETE_INFORMATION;
533 ac->error_string = strdup("Bad NEW_CLIENT packet");
534 silc_fsm_next(fsm, silc_server_st_accept_error);
535 return SILC_FSM_CONTINUE;
539 /** Client did not send username */
540 SILC_LOG_ERROR(("Client %s (%s) did not send its username",
541 ac->hostname, ac->ip));
542 ac->error = SILC_STATUS_ERR_INCOMPLETE_INFORMATION;
543 ac->error_string = strdup("You did not send username");
544 silc_fsm_next(fsm, silc_server_st_accept_error);
545 return SILC_FSM_CONTINUE;
548 if (username_len > 128) {
550 username[username_len - 1] = '\0';
553 memset(n, 0, sizeof(n));
554 memset(u, 0, sizeof(u));
555 memset(h, 0, sizeof(h));
557 ret = silc_parse_userfqdn(username, u, 128, h, sizeof(h));
559 /* Hostname not present, add it */
560 snprintf(n, sizeof(n), "%s", u);
561 snprintf(u, sizeof(u) - 1, "%s@%s", n, ac->hostname);
563 /* Verify that hostname is same than resolved hostname */
564 if (strcmp(ac->hostname, h)) {
565 /** Wrong hostname string */
566 SILC_LOG_ERROR(("Client %s (%s) sent wrong hostname string",
567 ac->hostname, ac->ip));
568 ac->error = SILC_STATUS_ERR_INCOMPLETE_INFORMATION;
569 ac->error_string = strdup("You sent wrong hostname string");
570 silc_fsm_next(fsm, silc_server_st_accept_error);
571 return SILC_FSM_CONTINUE;
573 snprintf(n, sizeof(n), "%s", u);
574 snprintf(u, sizeof(u) - 1, "%s@%s", n, h);
577 /* If configured as anonymous, scramble the username and hostname */
578 if (mode & SILC_UMODE_ANONYMOUS) {
581 u[0] = silc_rng_get_byte_fast(server->rng);
582 u[1] = silc_rng_get_byte_fast(server->rng);
583 u[2] = silc_rng_get_byte_fast(server->rng);
584 u[3] = silc_rng_get_byte_fast(server->rng);
586 scramble = silc_hash_babbleprint(server->sha1hash, u, strlen(u));
589 ac->error = SILC_STATUS_ERR_RESOURCE_LIMIT;
590 silc_fsm_next(fsm, silc_server_st_accept_error);
591 return SILC_FSM_CONTINUE;
594 username_len = strlen(scramble);
595 memset(u, 0, username_len);
596 memcpy(u, scramble, username_len);
599 memcpy(&u[16], ".silc", 5);
602 /* Get nickname from scrambled username */
603 silc_parse_userfqdn(u, n, sizeof(n), NULL, 0);
607 /* Create Client ID */
608 if (!silc_server_create_client_id(server, n, &client_id)) {
609 /** Could not create Client ID */
610 SILC_LOG_ERROR(("Client %s (%s) sent bad nickname string",
611 ac->hostname, ac->ip));
612 ac->error = SILC_STATUS_ERR_BAD_NICKNAME;
613 ac->error_string = strdup("Bad nickname");
614 silc_fsm_next(fsm, silc_server_st_accept_error);
615 return SILC_FSM_CONTINUE;
618 /* Create client entry */
619 client = silc_server_add_client(server, n, u, realname, &client_id,
620 mode, ac->packet_stream);
622 /** Could not create client entry */
623 SILC_LOG_ERROR(("Could not create new client entry"));
624 ac->error = SILC_STATUS_ERR_RESOURCE_LIMIT;
625 silc_fsm_next(fsm, silc_server_st_accept_error);
626 return SILC_FSM_CONTINUE;
629 /* Save entry data */
630 client->data = ac->data;
631 client->data.registered = TRUE;
632 client->data.local = TRUE;
633 silc_packet_set_context(ac->packet_stream, client);
635 /* Set destination ID to packet stream */
636 if (!silc_packet_set_ids(client->stream, 0, NULL, SILC_ID_CLIENT,
639 ac->error = SILC_STATUS_ERR_RESOURCE_LIMIT;
640 silc_fsm_next(fsm, silc_server_st_accept_error);
641 return SILC_FSM_CONTINUE;
644 /* Send the new client ID to the client. */
645 silc_server_send_new_id(ac->packet_stream, FALSE, &client->id,
648 /* Send nice welcome to the client */
649 silc_server_send_welcome(ac, client);
651 /* Notify our router about new client on the SILC network */
652 silc_server_send_new_id(SILC_PRIMARY_ROUTE(server), SILC_BROADCAST(server),
653 &client->id, SILC_ID_CLIENT);
656 /* Distribute to backup routers */
657 if (server->server_type == SILC_ROUTER) {
658 SilcBuffer idp = silc_id_payload_encode(client->id, SILC_ID_CLIENT);
659 silc_server_backup_send(server, sock->user_data, SILC_PACKET_NEW_ID, 0,
660 idp->data, idp->len, FALSE, TRUE);
661 silc_buffer_free(idp);
665 /* Check if anyone is watching this nickname */
666 if (server->server_type == SILC_ROUTER)
667 silc_server_check_watcher_list(server, client, NULL, 0);
672 silc_packet_free(ac->register_packet);
674 /** Connection accepted */
675 silc_fsm_next(fsm, silc_server_st_accept_finish);
676 return SILC_FSM_CONTINUE;
679 SILC_FSM_STATE(silc_server_st_accept_resume_client)
682 /** Connection accepted */
683 silc_fsm_next(fsm, silc_server_st_accept_finish);
684 return SILC_FSM_CONTINUE;
687 SILC_FSM_STATE(silc_server_st_accept_server)
689 SilcServerAccept ac = fsm_context;
690 SilcServer server = ac->thread->server;
691 SilcBool initiator = FALSE;
692 SilcBool backup_local = FALSE;
693 SilcBool backup_router = FALSE;
694 char *backup_replace_ip = NULL;
695 SilcUInt16 backup_replace_port = 0;
696 SilcServerParamServer sconn = ac->sconfig;
697 SilcServerParamRouter rconn = ac->rconfig;
698 SilcServerEntry server_entry;
699 SilcServerID server_id;
701 unsigned char *server_name, *server_namec, *id_string;
702 SilcUInt16 id_len, name_len;
707 /* Wait here for the NEW_SERVER packet */
708 SILC_FSM_SEMA_TIMEDWAIT(&ac->wait_register, 20, 0, &timedout);
710 if (!ac->register_packet || timedout) {
711 /** Server did not register */
712 SILC_LOG_INFO(("%s connection %s (%s) did not register",
713 SILC_CONNTYPE_STRING(ac->data.type),
714 ac->hostname, ac->ip));
715 ac->error = SILC_STATUS_ERR_NOT_REGISTERED;
716 silc_fsm_next(fsm, silc_server_st_accept_error);
717 return SILC_FSM_CONTINUE;
720 /* Get connection parameters */
721 if (ac->data.type == SILC_CONN_ROUTER) {
724 param = rconn->param;
726 if (!param->keepalive_secs)
727 param->keepalive_secs = server->params->param.keepalive_secs;
729 if (!param->qos && server->params->param.qos) {
730 param->qos = server->params->param.qos;
731 param->qos_rate_limit = server->params->param.qos_rate_limit;
732 param->qos_bytes_limit = server->params->param.qos_bytes_limit;
733 param->qos_limit_sec = server->params->param.qos_limit_sec;
734 param->qos_limit_usec = server->params->param.qos_limit_usec;
738 initiator = rconn->initiator;
739 backup_local = rconn->backup_local;
740 backup_router = rconn->backup_router;
741 backup_replace_ip = rconn->backup_replace_ip;
742 backup_replace_port = rconn->backup_replace_port;
744 } else if (ac->data.type == SILC_CONN_SERVER) {
747 param = sconn->param;
749 if (!param->keepalive_secs)
750 param->keepalive_secs = server->params->param.keepalive_secs;
752 if (!param->qos && server->params->param.qos) {
753 param->qos = server->params->param.qos;
754 param->qos_rate_limit = server->params->param.qos_rate_limit;
755 param->qos_bytes_limit = server->params->param.qos_bytes_limit;
756 param->qos_limit_sec = server->params->param.qos_limit_sec;
757 param->qos_limit_usec = server->params->param.qos_limit_usec;
761 backup_router = sconn->backup_router;
765 SILC_LOG_DEBUG(("Connection %s (%s) is %s", sock->hostname,
766 sock->ip, ac->data.type == SILC_CONN_SERVER ?
767 "server" : (backup_router ? "backup router" : "router")));
768 SILC_LOG_INFO(("Connection %s (%s) is %s", sock->hostname,
769 sock->ip, ac->data.type == SILC_CONN_SERVER ?
770 "server" : (backup_router ? "backup router" : "router")));
772 /* Parse NEW_SERVER packet */
773 ret = silc_buffer_unformat(buffer,
774 SILC_STR_UI16_NSTRING(&id_string, &id_len),
775 SILC_STR_UI16_NSTRING(&server_name, &name_len),
778 /** Bad NEW_SERVER packet */
779 SILC_LOG_ERROR(("%s %s (%s) sent incomplete information",
780 SILC_CONNTYPE_STRING(ac->data.type),
781 ac->hostname, ac->ip));
782 ac->error = SILC_STATUS_ERR_INCOMPLETE_INFORMATION;
783 ac->error_string = strdup("Bad NEW_SERVER packet");
784 silc_fsm_next(fsm, silc_server_st_accept_error);
785 return SILC_FSM_CONTINUE;
788 if (name_len > 256) {
790 server_name[name_len - 1] = '\0';
794 if (!silc_id_str2id(id_string, id_len, SILC_ID_SERVER, &server_id,
795 sizeof(server_id))) {
797 SILC_LOG_ERROR(("%s %s (%s) sent incomplete information",
798 SILC_CONNTYPE_STRING(ac->data.type),
799 ac->hostname, ac->ip));
800 ac->error = SILC_STATUS_ERR_INCOMPLETE_INFORMATION;
801 ac->error_string = strdup("Bad Server ID");
802 silc_fsm_next(fsm, silc_server_st_accept_error);
803 return SILC_FSM_CONTINUE;
806 /* Check for valid server ID */
807 if (!silc_server_check_server_id(ac->ip, &server_id)) {
808 /** Invalid Server ID */
809 SILC_LOG_ERROR(("%s %s (%s) sent incomplete information",
810 SILC_CONNTYPE_STRING(ac->data.type),
811 ac->hostname, ac->ip));
812 ac->error = SILC_STATUS_ERR_INCOMPLETE_INFORMATION;
813 ac->error_string = strdup("Your Server ID is not based on your real "
814 "IP address. Check your configuration.");
815 silc_fsm_next(fsm, silc_server_st_accept_error);
816 return SILC_FSM_CONTINUE;
819 /* Create server entry */
821 silc_server_add_server(server, server_name,
822 (ac->data.type == SILC_CONN_SERVER ?
823 SILC_SERVER : SILC_ROUTER), &server_id,
826 /** Could not create server entry */
827 SILC_LOG_ERROR(("Could not create new server entry"));
828 ac->error = SILC_STATUS_ERR_RESOURCE_LIMIT;
829 silc_fsm_next(fsm, silc_server_st_accept_error);
830 return SILC_FSM_CONTINUE;
833 /* Save entry data */
834 server_entry->data = ac->data;
835 server_entry->data.registered = TRUE;
836 server_entry->data.local = TRUE;
837 silc_packet_set_context(ac->packet_stream, server_entry);
839 /* Set source ID to packet stream */
840 if (!silc_packet_set_ids(server_entry->stream, 0, NULL, SILC_ID_SERVER,
841 &server_entry->id)) {
843 ac->error = SILC_STATUS_ERR_RESOURCE_LIMIT;
844 silc_fsm_next(fsm, silc_server_st_accept_error);
845 return SILC_FSM_CONTINUE;
848 /* If the incoming connection is router and marked as backup router
849 then add it to be one of our backups */
850 if (ac->data.type == SILC_CONN_ROUTER && backup_router) {
851 /* Change it back to SERVER type since that's what it really is. */
853 server->data.type = SILC_CONN_SERVER;
854 server_entry->thread->server_type = SILC_BACKUP_ROUTER;
856 SILC_SERVER_SEND_OPERS(server, FALSE, TRUE, SILC_NOTIFY_TYPE_NONE,
857 ("Backup router %s is now online",
861 /* Check whether this connection is to be our primary router connection
862 if we do not already have the primary route. */
863 if (!backup_router && server->standalone &&
864 server_entry->data.type == SILC_CONN_ROUTER) {
865 if (silc_server_config_is_primary_route(server) && !initiator)
868 SILC_LOG_DEBUG(("We are not standalone server anymore"));
869 server->standalone = FALSE;
870 if (!server->id_entry->router) {
871 server->id_entry->router = id_entry;
872 server->router = id_entry;
878 /* Distribute the information about new server in the SILC network
879 to our router. If we are normal server we won't send anything
880 since this connection must be our router connection. */
881 if (server->server_type == SILC_ROUTER && !server->standalone &&
882 SILC_PRIMARY_ROUTE(server) != sock)
883 silc_server_send_new_id(server, SILC_PRIMARY_ROUTE(server),
884 TRUE, new_server->id, SILC_ID_SERVER,
885 silc_id_get_len(server_id, SILC_ID_SERVER));
887 if (server->server_type == SILC_ROUTER) {
888 /* Distribute to backup routers */
889 SilcBuffer idp = silc_id_payload_encode(new_server->id, SILC_ID_SERVER);
890 silc_server_backup_send(server, sock->user_data, SILC_PACKET_NEW_ID, 0,
891 idp->data, idp->len, FALSE, TRUE);
892 silc_buffer_free(idp);
895 /* Check whether this router connection has been replaced by an
896 backup router. If it has been then we'll disable the server and will
897 ignore everything it will send until the backup router resuming
898 protocol has been completed. */
899 if (sock->type == SILC_SOCKET_TYPE_ROUTER &&
900 silc_server_backup_replaced_get(server, server_id, NULL)) {
901 /* Send packet to the router indicating that it cannot use this
902 connection as it has been replaced by backup router. */
903 SILC_LOG_DEBUG(("Remote router has been replaced by backup router, "
904 "disabling its connection"));
906 silc_server_backup_send_replaced(server, sock);
908 /* Mark the router disabled. The data sent earlier will go but nothing
909 after this goes to this connection. */
910 idata->status |= SILC_IDLIST_STATUS_DISABLED;
912 /* If it is router announce our stuff to it. */
913 if (sock->type == SILC_SOCKET_TYPE_ROUTER &&
914 server->server_type == SILC_ROUTER) {
915 silc_server_announce_servers(server, FALSE, 0, sock);
916 silc_server_announce_clients(server, 0, sock);
917 silc_server_announce_channels(server, 0, sock);
920 /* Announce our information to backup router */
921 if (new_server->thread->server_type == SILC_BACKUP_ROUTER &&
922 sock->type == SILC_SOCKET_TYPE_SERVER &&
923 server->thread->server_type == SILC_ROUTER) {
924 silc_server_announce_servers(server, TRUE, 0, sock);
925 silc_server_announce_clients(server, 0, sock);
926 silc_server_announce_channels(server, 0, sock);
929 /* If backup router, mark it as one of ours. This server is considered
930 to be backup router after this setting. */
931 if (new_server->thread->server_type == SILC_BACKUP_ROUTER) {
932 SilcServerParamRouter backup;
933 backup = silc_server_params_find_backup(server, sock->ip,
936 /* Add as our backup router */
937 silc_server_backup_add(server, new_server, backup->backup_replace_ip,
938 backup->backup_replace_port,
939 backup->backup_local);
943 /* By default the servers connected to backup router are disabled
944 until backup router has become the primary */
945 if (server->thread->server_type == SILC_BACKUP_ROUTER &&
946 server_entry->data.type == SILC_CONN_SERVER)
947 server_entry->data.disabled = TRUE;
953 silc_packet_free(ac->register_packet);
956 /** Connection accepted */
957 silc_fsm_next(fsm, silc_server_st_accept_finish);
958 return SILC_FSM_CONTINUE;
961 SILC_FSM_STATE(silc_server_st_accept_finish)
963 SilcServerAccept ac = fsm_context;
964 SilcServer server = ac->thread->server;
966 SILC_LOG_DEBUG(("New connection accepted"));
968 return SILC_FSM_FINISH;
971 SILC_FSM_STATE(silc_server_st_accept_error)
973 SilcServerAccept ac = fsm_context;
974 SilcServer server = ac->thread->server;
976 SILC_LOG_DEBUG(("Error accepting new connection"));
978 /* Disconnect remote connection */
979 if (ac->packet_stream)
980 silc_server_disconnect(server, ac->packet_stream, ac->error,
983 silc_stream_destroy(ac->stream);
986 server->stat.conn_failures++;
988 server->stat.auth_failures++;
990 return SILC_FSM_FINISH;